Note : This post is just a compilation of steps I had followed to configure a 3 compute nodes and one controller node Openstack setup. Had followed instructions from internet and validated the steps by trying again from scratch using this set of notes.
There could be simpler to achive the same, but I had preferred this step by step way – Choice of OS again only a personal choice.
In all nodes
Install CentOS-8 Minimal (server). Performed 'dnf -y update'.
Automatic updates were disabled (the package was not installed) – nothing to do.
# rpm -qi dnf-automatic package dnf-automatic is not installed #
Apart from the management interface, configured during installation, configure a second interface so that it can be used for provider network. Cofniguration of primary interface :
TYPE="Ethernet" PROXY_METHOD="none" BROWSER_ONLY="no" BOOTPROTO="none" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" IPV6_ADDR_GEN_MODE="stable-privacy" NAME="eno1" UUID="e52d9ce4-5cea-4d05-8b0f-485573e5049b" DEVICE="eno1" ONBOOT="yes" IPADDR="10.x.x.x" PREFIX="24" GATEWAY="10.1.1.1" DNS1="18.104.22.168" IPV6_PRIVACY="no"
Configuration of second interface (/etc/sysconfig/network-scripts/ifcfg-eno2) that will be used for provider network (had to edit BOOTPROTO and ONBOOT values)
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=eno2 UUID=a2a44777-e842-4086-a91b-bbb0fc3a883d DEVICE=eno2 ONBOOT=yes
Network reachability between nodes should be ensured and also ping should be possible with hostname. In my case DNS service was in place and all the nodes had proper FQDN configured in DNS and hence update of /etc/hosts was not required.
To ensure we do not hit the too many files open, added the following at the end of /etc/security/limits.conf
* hard nofile 65535 * soft nofile 65535 * hard nproc 65535 * soft nproc 65535
Disable firewalld (we can enable later after knowing all the ports that needs to be open for Openstack.
# systemctl stop firewalld # systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. # systemctl mask --now firewalld Created symlink /etc/systemd/system/firewalld.service → /dev/null. #
Time synchronization is required between the nodes. With server installation chrony gets installed in CentOS . Also the public NTP time server was configured in all the nodes. Lets just edit the compute nodes configuration to synch with controller. Edit /etc/chrony.conf
In controller comment the pool configuration and add server configuration as follows (/etc/chrony.conf – chrony was installed as part of OS installation)
#pool 2.centos.pool.ntp.org server time.google.com iburst
Also allow other nodes to synch with controller node time
#Allow NTP client access from local network. allow 10.1.0.0/16
On other nodes commented the pool configuration and set the server configuration to be that of controller
#pool 2.centos.pool.ntp.org server controller iburst
Start the chronyd service in all nodes and also enable (start on boot).
systemctl start chronyd systemctl enable chronyd
Finally check if time synch is working
#-- Controller # chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample ^* time3.google.com 1 6 7 2 +37us[ +462ms] +/- 49ms #-- Other nodes # chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample ^* controller 2 6 7 55 +19us[-1084ms] +/- 48ms #
Enabled the PowerTools repository and install release specific openstack packages (all nodes)
dnf config-manager --set-enabled PowerTools dnf install -y centos-release-openstack-train dnf upgrade
We need to ensure operating system kernel supports network bridge filters. With server installation from minimal iso image, found that it was not enabled (output was empty)
# lsmod |grep br_netfilter
echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
Edit the file as shown below (it will be created)
# nano /etc/sysctl.d/bridge.conf # cat /etc/sysctl.d/bridge.conf net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1 #
We can use sysctl -p to apply the configuration, I preferred to reboot the system to check if it gets applied – so after reboot
# lsmod |grep br_netfilter br_netfilter 24576 0 bridge 192512 1 br_netfilter # cat /proc/sys/net/bridge/bridge-nf-call-iptables 1 # cat /proc/sys/net/bridge/bridge-nf-call-ip6tables 1 #
Install the Openstack client
dnf install -y python3-openstackclient
Install openstack-selinux to manage required security policies for Openstack services
dnf install -y openstack-selinux