Install and configure controller node ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This section describes how to install and configure the Compute service, code-named nova, on the controller node. Prerequisites ------------- Before you install and configure the Compute service, you must create databases, service credentials, and API endpoints. #. To create the databases, complete these steps: .. only:: ubuntu * Use the database access client to connect to the database server as the ``root`` user: .. code-block:: console # mysql .. end .. endonly .. only:: rdo or debian or obs * Use the database access client to connect to the database server as the ``root`` user: .. code-block:: console $ mysql -u root -p .. end .. endonly * Create the ``nova_api`` and ``nova`` databases: .. code-block:: console MariaDB [(none)] CREATE DATABASE nova_api; MariaDB [(none)] CREATE DATABASE nova; .. end * Grant proper access to the databases: .. code-block:: console MariaDB [(none)] GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)] GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)] GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)] GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; .. end Replace ``NOVA_DBPASS`` with a suitable password. * Exit the database access client. #. Source the ``admin`` credentials to gain access to admin-only CLI commands: .. code-block:: console $ . admin-openrc .. end #. To create the service credentials, complete these steps: * Create the ``nova`` user: .. code-block:: console $ openstack user create --domain default \ --password-prompt nova User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 8a7dbf5279404537b1c7b86c033620fe | | name | nova | | password_expires_at | None | +---------------------+----------------------------------+ .. end * Add the ``admin`` role to the ``nova`` user: .. code-block:: console $ openstack role add --project service --user nova admin .. end .. note:: This command provides no output. * Create the ``nova`` service entity: .. code-block:: console $ openstack service create --name nova \ --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 060d59eac51b4594815603d75a00aba2 | | name | nova | | type | compute | +-------------+----------------------------------+ .. end #. Create the Compute service API endpoints: .. code-block:: console $ openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 3c1caa473bfe4390a11e7177894bcc7b | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 060d59eac51b4594815603d75a00aba2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ $ openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | e3c918de680746a586eac1f2d9bc10ab | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 060d59eac51b4594815603d75a00aba2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ $ openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 38f7af91666a47cfb97b4dc790b94424 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 060d59eac51b4594815603d75a00aba2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ .. end Install and configure components -------------------------------- .. include:: shared/note_configuration_vary_by_distribution.rst .. only:: obs #. Install the packages: .. code-block:: console # zypper install openstack-nova-api openstack-nova-scheduler \ openstack-nova-conductor openstack-nova-consoleauth \ openstack-nova-novncproxy iptables .. end .. endonly .. only:: rdo #. Install the packages: .. code-block:: console # yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler .. end .. endonly .. only:: ubuntu #. Install the packages: .. code-block:: console # apt install nova-api nova-conductor nova-consoleauth \ nova-novncproxy nova-scheduler .. end .. endonly .. only:: debian #. Install the packages: .. code-block:: console # apt install nova-api nova-conductor nova-consoleauth \ nova-consoleproxy nova-scheduler .. end .. note:: ``nova-api-metadata`` is included in the ``nova-api`` package, and can be selected through debconf. .. note:: A unique ``nova-consoleproxy`` package provides the ``nova-novncproxy``, ``nova-spicehtml5proxy``, and ``nova-xvpvncproxy`` packages. To select packages, edit the ``/etc/default/nova-consoleproxy`` file or use the debconf interface. You can also manually edit the ``/etc/default/nova-consoleproxy`` file, and stop and start the console daemons. .. endonly 2. Edit the ``/etc/nova/nova.conf`` file and complete the following actions: .. only:: rdo or obs * In the ``[DEFAULT]`` section, enable only the compute and metadata APIs: .. path /etc/nova/nova.conf .. code-block:: ini [DEFAULT] # ... enabled_apis = osapi_compute,metadata .. end .. endonly * In the ``[api_database]`` and ``[database]`` sections, configure database access: .. path /etc/nova/nova.conf .. code-block:: ini [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova .. end Replace ``NOVA_DBPASS`` with the password you chose for the Compute databases. * In the ``[DEFAULT]`` section, configure ``RabbitMQ`` message queue access: .. path /etc/nova/nova.conf .. code-block:: ini [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller .. end Replace ``RABBIT_PASS`` with the password you chose for the ``openstack`` account in ``RabbitMQ``. * In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure Identity service access: .. path /etc/nova/nova.conf .. code-block:: ini [DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS .. end Replace ``NOVA_PASS`` with the password you chose for the ``nova`` user in the Identity service. .. note:: Comment out or remove any other options in the ``[keystone_authtoken]`` section. * In the ``[DEFAULT]`` section, configure the ``my_ip`` option to use the management interface IP address of the controller node: .. path /etc/nova/nova.conf .. code-block:: ini [DEFAULT] # ... my_ip = 10.0.0.11 .. end .. only:: obs or rdo or ubuntu * In the ``[DEFAULT]`` section, enable support for the Networking service: .. path /etc/nova/nova.conf .. code-block:: ini [DEFAULT] # ... use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver .. end .. note:: By default, Compute uses an internal firewall driver. Since the Networking service includes a firewall driver, you must disable the Compute firewall driver by using the ``nova.virt.firewall.NoopFirewallDriver`` firewall driver. .. endonly * In the ``[vnc]`` section, configure the VNC proxy to use the management interface IP address of the controller node: .. path /etc/nova/nova.conf .. code-block:: ini [vnc] enabled = true # ... vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip .. end .. only:: debian * In the ``[spice]`` section, disable spice: .. path /etc/nova/nova.conf .. code-block:: ini [spice] enabled = false .. end .. endonly * In the ``[glance]`` section, configure the location of the Image service API: .. path /etc/nova/nova.conf .. code-block:: ini [glance] # ... api_servers = http://controller:9292 .. end .. only:: obs * In the ``[oslo_concurrency]`` section, configure the lock path: .. path /etc/nova/nova.conf .. code-block:: ini [oslo_concurrency] # ... lock_path = /var/run/nova .. end .. endonly .. only:: rdo * In the ``[oslo_concurrency]`` section, configure the lock path: .. path /etc/nova/nova.conf .. code-block:: ini [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp .. end .. endonly .. only:: ubuntu * In the ``[oslo_concurrency]`` section, configure the lock path: .. path /etc/nova/nova.conf .. code-block:: ini [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp .. end .. endonly .. only:: ubuntu .. todo: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1506667 * Due to a packaging bug, remove the ``logdir`` option from the ``[DEFAULT]`` section. .. endonly .. only:: rdo or ubuntu or debian 3. Populate the Compute databases: .. code-block:: console # su -s /bin/sh -c "nova-manage api_db sync" nova # su -s /bin/sh -c "nova-manage db sync" nova .. end .. note:: Ignore any deprecation messages in this output. .. endonly Finalize installation --------------------- .. only:: obs * Start the Compute services and configure them to start when the system boots: .. code-block:: console # systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service # systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service .. end .. endonly .. only:: rdo * Start the Compute services and configure them to start when the system boots: .. code-block:: console # systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service # systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service .. end .. endonly .. only:: debian * Shutdown ``nova-spicehtml5proxy``: .. code-block:: console # service nova-spicehtml5proxy stop .. end * Select novnc startup in ``/etc/default/nova-consoleproxy``: .. path /etc/default/nova-consoleproxy .. code-block:: ini NOVA_CONSOLE_PROXY_TYPE=novnc .. end * Add a systemd service file for nova-novncproxy in ``/lib/systemd/system/nova-novncproxy.service``: .. path /lib/systemd/system/nova-novncproxy.service: .. code-block:: ini [Unit] Description=OpenStack Compute NoVNC proxy After=postgresql.service mysql.service keystone.service rabbitmq-server.service ntp.service Documentation=man:nova-novncproxy(1) [Service] User=nova Group=nova Type=simple WorkingDirectory=/var/lib/nova PermissionsStartOnly=true ExecStartPre=/bin/mkdir -p /var/lock/nova /var/log/nova /var/lib/nova ExecStartPre=/bin/chown nova:nova /var/lock/nova /var/lib/nova ExecStartPre=/bin/chown nova:adm /var/log/nova ExecStart=/etc/init.d/nova-novncproxy systemd-start Restart=on-failure LimitNOFILE=65535 TimeoutStopSec=65 [Install] WantedBy=multi-user.target .. end * Start the noVNC proxy: .. code-block:: console # systemctl daemon-reload # systemctl enable nova-novncproxy # service start nova-novncproxy .. end * Restart the other Compute services: .. code-block:: console # service nova-api restart # service nova-consoleauth restart # service nova-scheduler restart # service nova-conductor restart .. end .. endonly .. only:: ubuntu or debian * Restart the Compute services: .. code-block:: console # service nova-api restart # service nova-consoleauth restart # service nova-scheduler restart # service nova-conductor restart # service nova-novncproxy restart .. end .. endonly