Installing, configuring, and running DevStack from 'A' to 'Z'
DevStack Description
The purpose of DevStack is to provide a set of tools used to install the main OpenStack services from the sources needed for development and testing. DevStack also shows and describes examples of configurations and service launches, as well as using the command line client (CLI).
wiki.openstack.org/wiki/DevStack
Dictionary:
Instance (instance) - a virtual machine created using the DevStack tools.
')
Preparing to install
To install DevStack, it is advisable to first create a user with root rights:
sudo useradd -G sudo -m -U -s /bin/bash -p stack stack Now we switch to the newly created user and download DevStack from the repository:
su stack cd ~ git clone https://github.com/openstack-dev/devstack.git If Git is not installed yet, set it as a command.
sudo apt-get install git -y A little about the versions of DevStack. In total, at the time of this writing, four stable releases were available for download:
- -b stable / kilo
- -b stable / liberty
- -b stable / mitaka
- master
The most recent of which are master and mitaka. However, if you do not specify the downloadable brunch, then the latest version of DevStack from the repository (HEAD) will be downloaded, which may contain errors.
Installation
After the selected version has been downloaded to disk, the devstack directory will appear in the root directory of the stack user:
stack@host:$ls devstack Go to the new directory and create the local.conf file in it:
stack@host:$cd devstack touch local.conf This file will contain the configuration that allows us to work with DevStack. All configuration parameters should be described in the [[local | localrc]] section:
nano local.conf [[local|localrc]] In order not to enter passwords (and not forget what you entered) during the installation process, set passwords for the used services:
############################################################ # Customize the following HOST_IP based on your installation ############################################################ ADMIN_PASSWORD=admin # Horizon & Keystone MYSQL_PASSWORD=admin RABBIT_PASSWORD=admin SERVICE_PASSWORD=admin SERVICE_TOKEN=admin and the IP address of the machine on which DevStack will be installed:
HOST_IP=10.0.2.15 In general, DevStack uses two types of networks: PUBLIC and PRIVATE, which use different types of addresses (floating and fixed, respectively). In short, Floating addresses are used to access the created instance from an external network. At the same time, the instance itself does not know anything about it, and all traffic routing is done by means of DevStack. Fixed addresses are used to work within the virtual network (more details here ).
So, first add a section responsible for the allocation of floating-addresses:
#PUBLIC NETWORK CONFIGURATION Q_USE_PROVIDERNET_FOR_PUBLIC=False FLOATING_RANGE=10.0.2.0/24 Q_FLOATING_ALLOCATION_POOL="start=10.0.2.150,end=10.0.2.201" PUBLIC_NETWORK_NAME=external PUBLIC_NETWORK_GATEWAY=10.0.2.1 PUBLIC_PHYSICAL_NETWORK=public # Required for l3-agent to connect to external-network-bridge PUBLIC_BRIDGE=br-ext And the section for fixed addresses:
#PRIVATE NETWORK CONFIGURATION NETWORK_GATEWAY=${NETWORK_GATEWAY:-15.0.0.1} FIXED_RANGE=${FIXED_RANGE:-15.0.0.0/24} Save the local.conf file and run DevStack:
./stack.sh If everything is done correctly, then as a result we will see the following picture:
This is your host IP address: 10.0.2.15 This is your host IPv6 address: ::1 Horizon is now available at http://10.0.2.15/dashboard Keystone is serving at http://10.0.2.15/identity/ The default users are: admin and demo The password: admin DevStack Setup
DevStack provides a number of tools that allow you to view and configure the system in the widest ranges. Already, you can go to the HORIZON WEB-server, and, using a graphical interface, run the instance in the desired configuration. At the same time, only one CirrOS operating system will be available for launch in the minimum amount.
If you want to run something more substantial, you will need more fine-tuning, which is described below. To work with DevStack, you must enter the command:
. openrc admin admin Network configuration
In order to view the available network configurations, do the following:
stack@host:~/devstack$ nova secgroup-list +----+---------+-------------+ | Id | Name | Description | +----+---------+-------------+ | 1 | default | default | +----+---------+-------------+ Nova is a virtual machine manager who is also responsible for the performance of the virtual network. In general, in DevStack you can get the same (or rather, different levels of detail) information from various services, which will be shown below.
In this case, we got a list of available groups consisting of just one element. In the future, we will work with this element, since Some tools, for example, Rally, work only with default profiles.
Each network group consists of rules that define the behavior of this group. To see which rules are set in the default group, enter the secgroup-list-rules command:
stack@host:~/devstack$ nova secgroup-list-rules default +-------------+-----------+---------+----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+----------+--------------+ +-------------+-----------+---------+----------+--------------+ As you can see, at the moment the list of rules is empty. In this form, our instances will not be able to communicate with the outside world. In order to correct the situation, you need to add a few rules, namely:
- Rule for SSH access
- The rule for the ICMP protocol (ensures the operation of the ping command)
- The rule for accessing Internet traffic via the http protocol
- The rule for accessing Internet traffic via https
Rules are added by pattern: secgroup-add-rule <group_name> <procol_name> <port_from> <port_to>.
stack@host:~/devstack$ nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ stack@host:~/devstack$ nova secgroup-add-rule default icmp -1 255 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | 255 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ stack@host:~/devstack$ nova secgroup-add-rule default tcp 80 80 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 80 | 80 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ stack@host:~/devstack$ nova secgroup-add-rule default tcp 443 443 0.0.0.0/0 +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 443 | 443 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ Check what happened:
nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | tcp | 22 | 22 | 0.0.0.0/0 | | | icmp | -1 | 255 | 0.0.0.0/0 | | | tcp | 80 | 80 | 0.0.0.0/0 | | | tcp | 443 | 443 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+ Creating an SSH key
To work with operating systems other than CirrOS, we need an SSH encryption key. Especially for these purposes, DevStack provides all the necessary functionality. If we enter the keypair-list command, we will see a table of all the keys available to us:
stack@host:~/devstack$ nova keypair-list +-------+------+-------------------------------------------------+ | Name | Type | Fingerprint | +-------+------+-------------------------------------------------+ +-------+------+-------------------------------------------------+ We can generate the key we need with the ssh-keygen command:
$ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/stack/.ssh/id_rsa): cloud.key After creating the key, we will have two files in the current directory: cloud.key and cloud.key.pub. For the cloud.key file, you must immediately set the correct rights:
$sudo chmod 600 cloud.key Now you need to add the generated key to the list of available:
stack@host:~/devstack$ nova keypair-add --pub-key cloud.key.pub cloud stack@host:~/devstack$ nova keypair-list +-------+------+-------------------------------------------------+ | Name | Type | Fingerprint | +-------+------+-------------------------------------------------+ | cloud | ssh | 6f:a7:c2:11:f0:e9:9c:77:43:fc:61:37:b4:e5:f9:b2 | +-------+------+-------------------------------------------------+ Adding an OS image via glance
Now it's time to see which operating systems are available to us in the default installation. This can be done using the image-list command:
$nova image-list +--------------------------------------+---------------------------------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+---------------------------------+--------+--------+ | cc5fedc0-8331-4cfe-b2f0-27f264a81dde | cirros-0.3.4-x86_64-uec | ACTIVE | | | bc0d3c78-d48b-4b41-872d-5106e3392a3c | cirros-0.3.4-x86_64-uec-kernel | ACTIVE | | | 26bfbc17-1ea9-4a50-9075-5064a2b3d0ad | cirros-0.3.4-x86_64-uec-ramdisk | ACTIVE | | +--------------------------------------+---------------------------------+--------+--------+ As mentioned above, by default only one operating system is available to us. A separate glance tool is responsible for managing the available images:
$glance image-list +--------------------------------------+---------------------------------+ | ID | Name | +--------------------------------------+---------------------------------+ | cc5fedc0-8331-4cfe-b2f0-27f264a81dde | cirros-0.3.4-x86_64-uec | | bc0d3c78-d48b-4b41-872d-5106e3392a3c | cirros-0.3.4-x86_64-uec-kernel | | 26bfbc17-1ea9-4a50-9075-5064a2b3d0ad | cirros-0.3.4-x86_64-uec-ramdisk | +--------------------------------------+---------------------------------+ As you can see, the conclusions of the image-list command are almost identical for both glance and nova, with the exception that nova provides additional information.
As a working OS, we will use Ubuntu 15.10, which can be taken from cloud-images.ubuntu.com/vivid/current . A complete list of supported OS can be found here: docs.openstack.org/image-guide/obtain-images.html . It also says that in some (specifically in our) case, we will need an SSH key in order to login to the created instance.
First you need to download the disk image from the network:
stack@host:~/devstack$ wget https://cloud-images.ubuntu.com/vivid/current/vivid-server-cloudimg-amd64-disk1.img Then you can upload a new image to the glance server:
stack@host:~/devstack$ glance image-create --name ubuntu_vivid --visibility public --container-format ami --file vivid-server-cloudimg-amd64-disk1.img --disk-format ami Where name is the image name in the database, which will be displayed using the commands nova image-list or glance image-list.
Instance running
Now everything is ready to launch our first instance. To do this, use the openstack server create command:
stack@host:~/devstack$ openstack server create srv1 --flavor=m1.small --image=ubuntu --key-name=cloud +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | instance-00000001 | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | SJZYQRUgoo3k | | config_drive | | | created | 2016-06-06T06:50:41Z | | flavor | m1.small (2) | | hostId | | | id | 706e906a-eb62-4927-afdf-e9a30b29c17f | | image | ubuntu (beb392b7-de7f-4fef-9afa-2cc5c2a38a13) | | key_name | cloud | | name | srv1 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 7784247e5055485bb43c9f3311332d9a | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2016-06-06T06:50:41Z | | user_id | e54b731c7e1f40f4a5ad16d64be383bd | +--------------------------------------+-----------------------------------------------+ Where srv1 is the name of the new instance, m1.small is the H / W configuration of the instance, ubuntu is the name of the image, and cloud is the name of the SSH key pair in the internal table DevStack.
Since we try to run a full-fledged OS, then we need to allocate appropriate resources for it, so the m1.small configuration is minimal. For an instance with CirrOS, configuration m1.tiny is sufficient. The difference in configurations can be viewed with the flavor-list command:
stack@host:~/devstack$ nova flavor-list +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ | 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True | | 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True | | 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True | | 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True | +----+-----------+-----------+------+-----------+------+-------+-------------+-----------+ If you installed DevStack from HEAD, additional configurations may be available. Our instance will be ready to work when its status changes from a BUILD state to ACTIVE:
stack@host:~/devstack$ nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 706e906a-eb62-4927-afdf-e9a30b29c17f | srv1 | ACTIVE | - | Running | private=15.0.0.2 | +--------------------------------------+------+--------+------------+-------------+------------------+ As you can see, now our instance has only an IP address from the fixed address range. However, if everything is done correctly, we can execute the ping command:
stack@host:~/devstack$ ping 15.0.0.2 PING 15.0.0.2 (15.0.0.2) 56(84) bytes of data. 64 bytes from 15.0.0.2: icmp_seq=1 ttl=64 time=5.31 ms 64 bytes from 15.0.0.2: icmp_seq=2 ttl=64 time=0.470 ms 64 bytes from 15.0.0.2: icmp_seq=3 ttl=64 time=0.409 ms And try to log in via SSH, using ubuntu as the username (why - it is written here ):
stack@host:~/devstack$ ssh ubuntu@15.0.0.2 The authenticity of host '15.0.0.2 (15.0.0.2)' can't be established. ED25519 key fingerprint is 0e:56:2d:b0:d7:5f:27:bc:cd:39:ff:85:e6:84:a4:ef. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '15.0.0.2' (ED25519) to the list of known hosts. Permission denied (publickey). Confirming the creation of a key, we get access denied. The same will happen if the --key-name parameter is not specified when creating an instance. In order to still get to our instance, use the key created earlier:
stack@host:~/devstack$ ssh -i cloud.key ubuntu@15.0.0.2 Welcome to Ubuntu 15.04 (GNU/Linux 4.2.0-36-generic x86_64) … ubuntu@srv1:~$ pwd /home/ubuntu Add Floating IP
You can view all currently available floating addresses like this:
stack@host:~/devstack$ nova floating-ip-list +----+----+-----------+----------+------+ | Id | IP | Server Id | Fixed IP | Pool | +----+----+-----------+----------+------+ +----+----+-----------+----------+------+ As expected, it is empty. Create a couple of addresses:
stack@astarove-VirtualBox:~/devstack$ nova floating-ip-create +----+----------+-----------+----------+----------+ | Id | IP | Server Id | Fixed IP | Pool | +----+----------+-----------+----------+----------+ | 1 | 10.0.2.1 | - | - | external | +----+----------+-----------+----------+----------+ stack@host:~/devstack$ nova floating-ip-create +----+----------+-----------+----------+----------+ | Id | IP | Server Id | Fixed IP | Pool | +----+----------+-----------+----------+----------+ | 2 | 10.0.2.2 | - | - | external | +----+----------+-----------+----------+----------+ stack@host:~/devstack$ nova floating-ip-list +----+----------+-----------+----------+----------+ | Id | IP | Server Id | Fixed IP | Pool | +----+----------+-----------+----------+----------+ | 1 | 10.0.2.1 | - | - | external | | 2 | 10.0.2.2 | - | - | external | +----+----------+-----------+----------+----------+ And add one of these addresses to our server:
stack@host:~/devstack$ nova add-floating-ip srv1 10.0.2.1 stack@host:~/devstack$ nova list +--------------------------------------+------+--------+------------+-------------+----------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+----------------------------+ | 706e906a-eb62-4927-afdf-e9a30b29c17f | srv1 | ACTIVE | - | Running | private=15.0.0.2, 10.0.2.1 | +--------------------------------------+------+--------+------------+-------------+----------------------------+ As you can see, the srv1 instance has an additional address where you can also execute ping and ssh commands (for a new IP you will need to create a new key):
stack@host:~/devstack$ ping 10.0.2.1 PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data. 64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=1.86 ms 64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.410 ms ^C --- 10.0.2.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.410/1.136/1.863/0.727 ms stack@host:~/devstack$ ssh -i cloud.key ubuntu@10.0.2.1 The authenticity of host '10.0.2.1 (10.0.2.1)' can't be established. ED25519 key fingerprint is 0e:56:2d:b0:d7:5f:27:bc:cd:39:ff:85:e6:84:a4:ef. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.2.1' (ED25519) to the list of known hosts. … ubuntu@srv1:~$ To remove a floating-ip from an instance, you must execute the remove-floating-ip command (while the IP itself remains in the list of available floating-addresses):
stack@host:~/devstack$ nova remove-floating-ip srv1 10.0.2.1 stack@host:~/devstack$ nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 706e906a-eb62-4927-afdf-e9a30b29c17f | srv1 | ACTIVE | - | Running | private=15.0.0.2 | +--------------------------------------+------+--------+------------+-------------+------------------+ Conclusion
The article describes in detail the process of installing, configuring and running virtual machines (instances) using the DevStack virtualization package. The main commands used when working with the DevStack from the CLI were reviewed. It is worth saying that almost all the steps described in the article can be performed through a graphical interface called neutron. Thanks for the comments and good luck!
On a note
Restarting DevStack after rebooting the system. First, delete everything related to the previous session:
stack@host:~/devstack$ ./unstack.sh stack@host:~/devstack$ ./clean.sh including what is not usually removed:
stack@host:~/devstack$ sudo rm -rf /opt/stack/* Then restart DevStack:
stack@host:~/devstack$ ./stack.sh Possible problems
Symptom
When you try to run a command from under sudo, a message appears:
sudo: unable to resolve host
Possible Solution
Run the command:
cat /etc/hostname Copy the result to the / etc / hosts file in the first line:
nano /etc/hosts Deleting Saved Keys
Symptom
stack@host:~/devstack$ ssh -i cloud.key ubuntu@15.0.0.3 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is c9:8e:70:27:1d:3b:c8:9c:b3:db:df:c2:a4:07:92:a1. Please contact your system administrator. Add correct host key in /home/stack/.ssh/known_hosts to get rid of this message. Offending ED25519 key in /home/stack/.ssh/known_hosts:2 remove with: ssh-keygen -f "/home/stack/.ssh/known_hosts" -R 15.0.0.3 ED25519 host key for 15.0.0.3 has changed and you have requested strict checking. Host key verification failed. Possible Solution
As an option to delete the file /home/stack/.ssh/known_hosts:
stack@host:~/devstack$ sudo rm /home/stack/.ssh/known_hosts Source: https://habr.com/ru/post/302780/
All Articles