There are two common components (database and messaging broker) that are used by most of the OpenStack services. We will see how to install and configure them. These are required before we go ahead and install Keystone. Please note that this will be done only once. If deploying in an enterprise production environment, chances are these components may already be present and could be shared with other applications.
For our purpose, we will set up MariaDB as the database of our choice. MariaDB is a community-driven fork from MySQL. This happened just around the time when Oracle took over MySQL.
We will be using MariaDB, but MySQL can be also used with little to no modification and this is true for rest of the topics in the remainder of the book. If you prefer another database, such as PostgreSQL, this can be used too, but then the appropriate drivers need to be installed and configured.
We will need the following information handy when installing MariaDB on our controller node.
|
Name |
Info |
|---|---|
|
Access to the Internet |
Yes |
|
Proxy needed |
No |
|
Proxy IP and port |
Not applicable |
|
Database root password |
|
|
Node name |
|
|
Node IP |
172.22.6.95 |
|
Node OS version |
Ubuntu 14.04.1 LTS |
Please choose the root password in accordance with a password complexity of your choice or the organization's choice.
In the book, we will use dbr00tpassword as our MariaDB root password. If you are planning to use a different password, please substitute it in the relevant places.
Note
Using a proxy server
If you are setting this up in an environment where you need to use a proxy server for Internet access, the following steps need to be taken. Set the http_proxy and https_proxy environment variables as shown here:
export http_proxy=http://proxy_ip_address:proxy_portexport https_proxy=http://proxy_ip_address:proxy_port- Set the aptitude proxy server by modifying the
/etc/apt/apt.conffile (if the line doesn't exist, please add it) Acquire::http::Proxy "http://proxy_ip_address:proxy_port";
Please log in to the controller node using SSH. Ensure you have permissions to install the software:
sudo apt-get install software-properties-common sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
sudo add-apt-repository 'deb http://kartolo.sby.datautama.net.id/mariadb/repo/5.5/ubuntu trusty main'
We first install the software-properties-common package. Chances are you may already have the package. The next step is optional but it is recommended that you do it, as this will allow the public key to be installed so that there is no error during package signing.
The last line is the most important one. However, all it does is add the line in single quotes to the /etc/apt/sources.list file.
Once the preceding code is done we will update aptitude:.
sudo apt-get update
Installing the package requires a single command, as follows:
sudo apt-get install mariadb-server python-mysqldb
This will prompt you to download the files and install them. Once complete, MariaDB is installed and ready for use.
Please ensure that no errors are encountered during this step.
During installation, you will be prompted for the root password, where you will have to enter our database root password. If you have left it blank, we will set this up in the next section.
We will be configuring only the basic settings that are required for OpenStack to run. The following configurations will be made to the database in order for it to be able to work properly with the different services of OpenStack:
- Allow connections from outside the box
This is needed so that the components on other physical boxes can communicate with the database
- Set UTF8 character sets
Edit the /etc/mysql/my.cnf file. Under the [mysqld] header, you will find the bind-address keyword pointing to localhost. Set this to the IP address of the controller node.
Also, add the following lines shown just below the bind-address in order to enable UTF-8 encoding:
[mysqld] bind-address = 172.22.6.95 default-storage-engine = innodb collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8
Once this is done, restart the database service with the following command:
sudo service mysql restart
The database service is now up and ready for the next step.
This is an optional step. It is recommended that you secure the database in production environments. If there are enterprise-specific standards, please follow those. The following command will secure the database:
mysql_secure_installation
On executing the preceding command, you will be prompted for the root password. Enter the root password if you have set it up during the installation; otherwise, if there is no root password, press Enter.
Work through the options; the defaults work well. So leave the defaults in force. You may also choose to change the root password or set one up here.
If you have followed all the previous steps and no errors were thrown along the way, then you have a working installation. Let us log in to MariaDB using the following command (and entering the password):
mysql –u root –p
This shows that the database is active and functional:
In order to test that the database is listening on the IP address and not just localhost, execute the following command:
netstat –ln | grep 3306
This shows the currently listening processes. We grep for 3306 as this is our database port. You should be able to see something similar to what is shown here:
This shows that the server is accepting connections on the IP address and hence listening to the network.
OpenStack needs a messaging system in order to queue requests and communicate among different services.
There are several options such as RabbitMQ, ZeroMQ, and Qpid. We will use RabbitMQ as the AQMP protocol of our choice. As in the case of the database, this system will also be set up only once and in an enterprise environment; this component can be shared.
We will need the following information handy when installing RabbitMQ on our controller node.
|
Name |
Info |
|---|---|
|
Access to the Internet |
Yes |
|
Proxy needed |
No |
|
Proxy IP and port |
Not applicable |
|
Rabbit MQ guest password |
|
|
Node name |
OSControllerNode |
|
Node IP |
172.22.6.95 |
|
Node OS version |
Ubuntu 14.04.1 LTS |
We will set up the Rabbit MQ repository in the same way as we set one up for MariaDB. Execute the following commands:
sudo add-apt-repository 'deb http://www.rabbitmq.com/debian/ testing main' wget https://www.rabbitmq.com/rabbitmq-signing-key-public.asc sudo apt-key add rabbitmq-signing-key-public.asc
There are three commands as you can see. The first one will add the URL to the /etc/apt/sources.list file.
The second one downloads the signing key, and the third command installs the signing key. You can choose to skip the second and the third command, and you will have to just ignore the warnings.
As always, just update the aptitude by using this command:
sudo apt-get update
There are several configurations that are possible such as clustering the RabbitMQ server and setting the queue thresholds. However, we will only perform a few basic configurations:
- Allow the guest account to connect from outside the localhost
The guest account is created by default when Rabbit MQ is installed, but it is restricted only to localhost. We need to open this up so that the other OpenStack components can use the service.
- Set up a password for the RabbitMQ guest user
Since the guest user can now access from outside, we need to set up a password that we can configure in various OpenStack service configurations.
Type the following command:
echo '[{rabbit, [{loopback_users, []}]}].' >> /etc/rabbitmq/rabbitmq.config
This just adds a line in the /etc/rabbitmq/rabbitmq.config file. Please note that, this file is not created by default.
In order to set the guest password, execute the following command:
rabbitmqctl change_password guest rabb1tmqpass
Please use the same password as you have chosen in the preceding table.
Note
In a production environment, we can use different user accounts for different services of OpenStack in RabbitMQ but, for the purpose of this book, we will use the guest account.
In the case of production environments, we can use the following commands to create a RabbitMQ user and disable the guest user. Please note that, if you do follow this, you will have to change the RabbitMQ username and password in the configuration files wherever they occur:
rabbitmqctl delete_user guest rabbitmqctl add_user openstack rabb1tmqpass rabbitmqctl set_user_tags openstack administrator
This will add the user openstack and give them administrator permission. You will then have to change the RabbitMQ section of all the other configuration files.
To restart RabbitMQ server type the following command:
sudo service rabbitmq-server restart
Please ensure the service starts without any errors.
In order to test the installation, we check whether RabbitMQ is listening on the network. This can be tested using our good old netstat command:
netstat –lnp | grep beam
You will see a 5672 or 25672 port listening.
In addition to this, we can use the rabbitmqctl tool:
sudo rabbitmqctl status
This will show you the status of the service. The following diagram shows the kind of output requested:
The status output also shows the version of the RabbitMQ components.
Tip
This book assumes that we are installing on a test bed with no additional firewalls between the different nodes.
In a production environment, however, you may have additional physical firewalls, IP tables, and so on, that may block access to the ports.
Please ensure that you check with your network and system administrator and allow the ports for the various services such as MySQL and RabbitMQ (the port numbers are mentioned in the tables that precede the installation) for the environment to work.