book

Production Ready OpenStack - Recipes for Successful Environments

Name: Production Ready OpenStack - Recipes for Successful Environments
Author: Arthur Berezin
ISBN: 9781783986903

by Arthur Berezin

October 2015

Intermediate to advanced

210 pages

4h 23m

English

Packt Publishing

Read now

Unlock full access

Production Ready OpenStack - Recipes for Successful Environments
Table of Contents
Production Ready OpenStack - Recipes for Successful Environments
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
ErrataPiracyQuestions
1. Introduction to OpenStack and its Deployment Using Packages
IntroductionOpenStack projects and componentsCore servicesOptional servicesArchitectural layoutsAll-In-One layoutController-Neutron-computes layoutCustom-distributed layoutChoosing a deployment methodManual deployment from packagesConfiguration management tools (Puppet, Chef, Ansible)PackStackForeman with Staypuft pluginDeploying OpenStack from packagesEnvironment setupEnvironment detailsPhysical network topology
Configuring hosts prerequisites
Getting readyHow to do it...Yum repositoriesFirewall serviceopenstack-utils PackageSELinuxNTP
Installing MariaDB database
How to do it...There's more...
Installing RabbitMQ
How to do it...There's more...
Installing Keystone – Identity service
Getting ReadyCreate Keystone databaseOpen Keystone service firewall portsHow to do it...Install service packagesConfigure database connectionKeystone service basic configurationConfigure administrative token
Generating and configuring tokens PKIs
How to do it…Starting and enabling serviceConfiguring Keystone endpointsKeystone administrator accountKeystone user accountThere's more…Verify successful installation
Installing Glance – images service
Getting readyCreate databaseCreate Glance service credentials and endpoint in KeystoneOpen service firewall portsInstall service packagesService configurationHow to do it...Configure database connectionConfigure Glance serviceThere's more…Verify successful installation
Installing Nova – Compute service
Getting readyCreate databaseCreate Keystone service credentials and endpointOpen service firewall portsInstall service packagesHow to do it...Configure database connectionConfigure message brokerConfigure serviceStart and enable ServiceVerify successful installationConfigure compute nodesInstall service packagesConfigure database connectionConfigure message brokerConfigure serviceStart and enable Service
Installing Neutron – networking service
Getting readyCreate databaseCreate Keystone service credentials and endpointOpen service firewall portsInstall service packagesHow to do it…Configure database connectionConfigure message brokerConfigure Neutron serviceStart and enable service
Configuring Neutron network node
How to do it...Configure message brokerConfigure Neutron serviceStart and enable service
Configuring compute node for Neutron
How to do it...Configure message brokerConfigure Neutron serviceCreating Neutron networks
Installing Horizon – web user interface dashboard
Getting readyHow to do it...How it works...There's more...Verify successful installation
2. Deploying OpenStack Using Staypuft OpenStack Installer
Introduction
Setting up the environment
Getting readyNetworks layoutProvisioning PXE networkThe Tenant networkExternal public networkStaypuft hostHow to do it…Configure Staypuft to serve as an Internet gatewaySetting YUM repositoriesThere's more…
Installing Staypuft packages
Getting readyHow to do it…How it works…There's more…See also…Deploying OpenStack using Staypuft
Discovering hosts for provisioning
Getting readyAccessing the Staypuft web user interfaceHow to do it...
Creating a new OpenStack deployment
How to do it...
Configuring a network
How to do it...Services configurationHow to do it...
Allocating hosts to roles
How to do it...
Configuring host networking
How to do it...
Deploying OpenStack
How to do it...Verifying successful installation
3. Deploying Highly Available OpenStack
Introduction
Installing Pacemaker
Getting readyHow to do it…There's more...
Installing HAProxy
Getting readyHow to do it...
Configuring Galera cluster for MariaDB
Getting readyHow to do it...See also
Installing RabbitMQ with mirrored queues
Getting readyHow to do it...There's more...See also
Configuring highly available OpenStack services
Get readyHow to do it...See also
4. Keystone Identity Service
Introduction
Configuring Keystone with the MariaDB backend
Getting readyCreate Keystone databaseOpen Keystone service Firewall portsHow to do it...Install service packagesConfigure database connectionKeystone service basic configurationConfigure administrative token
Generating and configuring tokens PKIs
How to do it…Start and enable serviceConfiguring Keystone endpointsKeystone administrator accountKeystone user accountThere's more…
Configuring Keystone with Microsoft Active Directory and LDAP
Getting readyHow to do it…See also
Configuring Keystone caching with Memcached
Getting readyHow to do it…There's more…See also
Securing Keystone with SSL
Getting readyHow to do it…There's more…See also
5. Glance Image Service
Introduction
Configuring Glance with the local file backend
Getting readyHow to do it...There's More..Verifying the configuration
Configuring Glance with the NFS backend
Getting readyHow to do it...There's more…
Configuring Glance with the Swift backend
Getting readyHow to do it...There's more…See also…
Configuring Glance with the Ceph backend
Getting readyHow to do it...There's more…See Also…
Configuring Glance image caching
Getting ReadyHow to do it…There's More..See Also
Configuring the Glance image size limit and storage quota
How to do it...There's more…
6. Cinder Block Storage Service
Introduction
Configuring Cinder with the logical volume management backend driver
Getting readyHow to do it…
Configuring Cinder with the Ceph RADOS block device backend driver
Getting readyHow to do it…
Configuring Cinder with the Network File System (NFS) backend driver
Getting readyHow to do it…
Configuring Cinder with the Ceph RBD backup driver
Getting readyHow to do it…
Configuring Cinder with multiple backends
Getting readyHow to do it…
Configuring Cinder scheduler filters and weighers
Getting readyHow to do it…Enabling capacity filter and weigherEnabling VolumeNumberWeigherEnabling and configuring DriverFilter and GoodnessWeigherSee also
7. Neutron Networking Service
Introduction
Configuring Neutron VLAN provider network with ML2 and LinuxBridge
Getting readyHow to do it…Configuring the neutron core ML2 pluginConfiguring the LinuxBridge pluginConfiguring the L3 pluginCopy configuration and start servicesThere's more...
Configuring Neutron VXLAN and GRE tenant networks using Open vSwitch
Getting readyHow to do it…Configuring the neutron core ML2 pluginConfiguring the Open vSwitch pluginCopy configuration and start services:There's more...
Configuring the L3 agent with Open vSwitch
Getting readyHow to do it…There's more...
Configuring the DHCP service agent
How to do it…
Configuring LoadBalancer as a service
Getting readyHow to do it…There's more...
Configuring Firewall as a Service
How to do it…There's more…
8. Nova-Compute Service
IntroductionNova access servicesNova management servicesNova-compute worker serviceNova network services
Configuring Nova Hypervisors
Configuring Nova-compute with KVM Hypervisor
Getting readyHow to do it…
Configuring Nova-compute with a QEMU Hypervisor emulation
How to do it…Configuring Nova scheduling
Configuring Nova scheduler filters
Getting readyHow to do it…Filter operational and enabled hosts by ComputeFilterMultiple scheduling retries with RetryFilterMemory overcommitment with RamFilterCPU overcommitment with CoreFilterEphemeral disk overcommitment with DiskFilterImagePropertiesFilterConfiguring instances affinity group with ServerGroupAffinityFilterConfiguring instances anti-affinity group with ServerGroupAntiAffinityFilter
Configuring Nova host aggregates
Getting readyHow to do it…
Configuring Nova host aggregates filters
How to do it…AggregateCoreFilterAggregateDiskFilterAggregateRamFilterAggregateNumInstancesFilter
Configuring Nova scheduler weights
Getting readyHow to do it…Enabling compute metrics monitoringEnabling and configuring weights scheduling
9. Horizon Dashboard Service
Introduction
Securing Horizon with Secure Socket Layer
Getting readyHow to do it…There's more...
Configuring Horizon caching with memcached
Getting startedHow to do it…
Customizing Horizon dashboard appearance
Changing the OpenStack Horizon landing page logosHow to do it…There's more…
Index

Content preview from Production Ready OpenStack - Recipes for Successful Environments

Generating and configuring tokens PKIs

Keystone uses cryptographically signed tokens with a private key and is matched against x509 certificate with a public key. Chapter 4, Keystone Identity Service discusses more advanced configurations. In this chapter, we use keystone-manage pki_setup command to generate PKI key pairs and to configure Keystone to use it.

How to do it…

Proceed with the following steps:

Generate PKI keys using keystone-manage pki_setup command:
```
[root@controller ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
```
Note
In keystone-manage pki_setup, we use Keystone Linux user and group accounts, which were created when openstack-keystone package was installed.
Change ownership of the generated PKI files: ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781783986903

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Production Ready OpenStack - Recipes for Successful Environments

by Arthur Berezin

Generating and configuring tokens PKIs

How to do it…

Note

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.