Install Openstack three-node cluster on CentOS 7 part one

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose


So what is Openstack? OpenStack is a set of open source software tools for building and managing cloud computing platforms for public and private clouds. We will try to build a three-node open stack cluster while trying out the tools, and test its powerful functions, creativity and innovation capabilities. There are some guides about openstack freedom on our site, you can find them here. We will continue with this exercise. We will start with the controller node and hope it will be a wonderful experience like you used to.

“Characters cannot be developed easily and quietly. Only through hardships and painful experiences can the soul be strengthened, ambitions inspired and successful.” – Hellen Keller

Server 1

Controller node: MariaDB, RabbitMQ, Memcached, httpd, Keystone, Glance, Nova API, Horizon​​n

Centos 7 with the following network functions:

[[email protected] ~]# ip  link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:15:00:d5 brd ff:ff:ff:ff:ff:ff

Prepare the server

I. Install ntp

Install and configure the network time protocol (ntp) for time synchronization, and configure vim for file editing.

[[email protected] ~]#  yum -y install ntp
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink                                                                      |  59 kB  00:00:00     
 * base:
 * epel:
 * extras:

You can install vim or any other text editor that happens to be a fan of Nano, Emacs, etc.

 [[email protected] ~]# yum install vim

Configure ntp

[[email protected] ~]# vim /etc/ntp.conf

# Use public servers from the project.
# Please consider joining the pool (
#server iburst
#server iburst
#server iburst
#server iburst


Restart the ntp service.

[[email protected] ~]# systemctl start ntpd

Set the service to start at boot.

[[email protected] ~]# systemctl enable ntpd
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/ntpd.service.

Ntp is a protocol that requires us to allow it to provide services through a firewall. We can use firewalld to allow it as follows:

[[email protected] ~]# firewall-cmd --add-service=ntp --permanentsuccess 
[[email protected] ~]# firewall-cmd --reloadsuccess

Now let’s go ahead and add the OpenStack Queens repository to our controller node to be able to retrieve its packages.

sudo yum -y install centos-release-openstack-queens

Edit the repo file and make sure that all are enabled with the “enabled = 1” value, as shown in the following example.

sudo vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo

It should look similar to the following.

[centos-openstack-queens]name=CentOS-7 - OpenStack queensbaseurl=$basearch/openstack-queens/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloudexclude=sip,PyQt4

The next step is to install MariaDB 10.1 and make basic settings. let’s start:

sudo yum --enablerepo=centos-openstack-queens install mariadb-server -y

Configure the database server by editing /etc/my.cnf file.

# Disabling symbolic-links is recommended to prevent assorted security risks
### Within this [mysqld] section add the line below ###

Start and enable the mariadb service.

sudo systemctl enable --now mariadb

Install MariaDB safely.

# mysql_secure_installation

Finally, allow mysql to be on the firewall and reload to apply the changes. Don’t forget to reload.

sudo firewall-cmd --add-service=mysql --permanentsudo firewall-cmd --reload 

After the database is up and running, let’s proceed to install the software package. Let’s install RabbitMQ and Memcahed and add openstack users to Rabbitmq.

sudo yum --enablerepo=epel -y install rabbitmq-server memcached

Start and enable rabbitmq and memcached.

sudo systemctl enable --now rabbitmq-server memcached

Add openstack users. You can use any password as “password”

[[email protected] ~]# rabbitmqctl add_user openstack password Creating user "openstack" … …done. [[email protected] ~]# rabbitmqctl set_permissions openstack "." "." ".*"  Setting permissions for user "openstack" in vhost "/" …

Add the following ports to the firewall

[[email protected] ~]# firewall-cmd --add-port={11211/tcp,5672/tcp} --permanent success [[email protected] ~]# firewall-cmd --reload success

We believe that RabbitMQ and MySQL have been successfully installed. If so, let us continue to install an identity service called Keystone.

Keystone will require a database to store its records, so we will add users and databases to it in the next step before installing the identity service. Keystone is an OpenStack service that can provide API client authentication, service discovery, and distributed multi-tenant authorization by implementing OpenStack’s Identity API.

It requires a database, so let’s create a database for it before installing the database.

[[email protected] ~]# mysql -u root -p
## Enter the root password you set earlier
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

No entry for terminal type "xterm-termite";
using dumb terminal settings.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

## Create database for keystone
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to [email protected]'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;

Now let’s install Keystone:

sudo yum --enablerepo=centos-openstack-queens,epel -y install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi

Keystone correction configuration.Open the keystone correction configuration file and make the following changes

sudo vim vim /etc/keystone/keystone.conf

The settings are as follows.

# oslo_cache.memcache_pool backends only). (list value)memcache_servers = Under database look and edit the connection details as below with your machine details[database]connection = mysql+pymysql://keystone:[email protected]/keystone# Under token add the provider line as shown below and you are good to goprovider = fernet

After that, issue the following commands to synchronize the database, initialize the key and define the host.

[[email protected] ~]#  su -s /bin/bash keystone -c "keystone-manage db_sync"
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# export controller=

Start the keystone correction service as shown below and add port 5000 to the firewall.

[[email protected] ~]# keystone-manage bootstrap --bootstrap-password password --bootstrap-admin-url http://$controller:5000/v3/ --bootstrap-internal-url http://$controller:5000/v3/ --bootstrap-public-url http://$controller:5000/v3/ --bootstrap-region-id RegionOne

[[email protected] ~]# firewall-cmd --add-port=5000/tcp --permanent
[[email protected] ~]# firewall-cmd --reload

Create a soft link for keystone configuration in httpd configuration, and then start httpd service.

 [[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# systemctl start httpd

If httpd fails to start and you receive an error similar to the following error, please check your selinux status

[[email protected] ~]# sestatus

If it is enabled, there are two options; disable or configure it. I permanently disabled it like the following.

Start httpd and check its status

[[email protected] ~]# systemctl enable httpd
[[email protected] ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2018-08-09 11:17:51 EAT; 10min ago
     Docs: man:httpd(8)

We hope everything goes well so far. The next step is to add the Keystone project. A project is an organizational unit in the cloud to which you can assign users. Projects are also called projects or accounts.

Users can be members of one or more projects. Roles define the actions that users can perform. You can assign roles to user project pairs. (, 2018)

To create a project, we must first create environment variables as shown below

[[email protected] ~]# vi ~/keystonerc


export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password ##Set the password that you used when creating the keystone bootstrap.
export OS_AUTH_URL=
export PS1='[[email protected]h W(keystone)]$ '

Congratulations, after that, improve the security of the file by restricting read and write access permissions and then provide the file.

[[email protected] ~]# chmod 600 ~/keystonerc
[[email protected] ~]# source ~/keystonerc   
[[email protected] ~(keystone)] # Your terminal should change as this.
[[email protected] ~(keystone)]#  echo "source ~/keystonerc " >> ~/.bash_profile

Create the first project, you can use any name you like to describe it.

[[email protected] ~]# openstack project create --domain default --description "First Project" service 
| Field       | Value                            |
| description | First Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 76d124ff821e4db5ad792a113b54724e |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |

You can check the user list, role list, etc.

[[email protected] ~(keystone)]# openstack user list
| ID                               | Name  |
| 1f53dd25b3ee44218b36dd821c1d7dd9 | admin |
[[email protected] ~(keystone)]# openstack role list
| ID                               | Name  |
| 3a4ac06a15c64d73bb160de04174efb6 | admin |

I think this session is a good time, we take a break. The next part involves adding the Glance image service to the controller node. Please stay tuned and thank you for your indulgence.

Next: Install a three-node OpenStack Queens cluster-Part 2

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose