Chapter 3. Installing and Configuring the Administration Server

Contents

3.1. Operating System Installation
3.2. Post-Installation Configuration

Deploying and installing SUSE Cloud is a multi-step process, starting by deploying a basic SUSE Linux Enterprise Server installation and the SUSE Cloud add-on product to the Administration Server. Now the product and update repositories need to be set up and the SUSE Cloud network needs to be configured. Next the Administration Server setup will be finished. Once the Administration Server is ready, you can start deploying and configuring the OpenStack nodes. The complete node deployment is done automatically via Crowbar and Chef from the Administration Server. All you need to do is to PXE boot the nodes and to deploy the OpenStack services to them.

Procedure 3.1. High Level Overview of the SUSE Cloud Installation

  1. Install SUSE Linux Enterprise Server 11 SP2 on the Administration Server with the Add-On products Subscription Management Tool (optional) and SUSE Cloud. See below.

  2. Once the Administration Server is set up, PXE boot all nodes onto which the OpenStack components should be deployed and allocate them in the Crowbar Web interface to start the automatic SUSE Linux Enterprise Server installation. See Chapter 4, Installing the OpenStack Nodes.

  3. Configure and deploy the OpenStack services via the Crowbar Web interface or command line tools. See Chapter 5, Deploying the OpenStack Services.

  4. When all OpenStack services are up and running, SUSE Cloud is ready. The cloud admin can now upload images to enable users to start deploying instances. See User Guide for Administrators (↑User Guide for Administrators).

In this chapter you will learn how to install and set up the Administration Server from bare metal. As a result, the Administration Server will be ready to deploy OpenStack nodes and services. It will run on SUSE Linux Enterprise Server 11 SP2 and will include the add-on products SUSE Cloud and SMT (optional). Installing the Administration Server involves the following basic steps:

3.1. Operating System Installation

Start the installation by booting from the SUSE Linux Enterprise Server 11 SP2 installation medium.

[Note]Differences from the Default Installation Process

For an overview of a default SUSE Linux Enterprise Server installation, refer to the SUSE Linux Enterprise Server Installation Quick Start. Detailed installation instructions are available in the SUSE Linux Enterprise Server Deployment Guide. Both documents are available at http://www.suse.com/documentation/sles11/.

The following sections will only cover the differences from the default installation process.

3.1.1. Add-On Product Selection

Installing the Add-On products SUSE Cloud and SMT (optional) during the SUSE Linux Enterprise Server installation is recommended. Make sure to be able to access the installation media (DVD or ISO image). Alternatively, install the add-on products after the SUSE Linux Enterprise Server installation.

If you have access to remote update repositories for SUSE Linux Enterprise Server and SUSE Cloud from the cloud's admin network, you may want to skip the SMT Add-On product installation. Please refer to Section 2.2, “Product and Update Repositories” for details.

On the Installation Mode screen, click Include Add-On products from Separate Media. Proceed with Next to the Add-On product installation dialog. If you have direct access to the installation media (for example, via DVD or USB stick), skip the network installation dialog. Otherwise configure the network as described in Section 3.1.7, “Basic Network Configuration”. Add SUSE Cloud and SMT (optional) as add-on products and proceed with the installation. Consult the SUSE Linux Enterprise Server Deployment Guide at http://www.suse.com/documentation/sles11/book_sle_deployment/data/sec_i_yast2_inst_mode.html for detailed instructions.

3.1.2. Partitioning

Currently, Crowbar requires /opt to be writable. Apart from that, SUSE Cloud has no special requirements in regards of partitioning. However, it is recommended to create a separate partition or volume for /srv. /srv will host all update and product repositories for SUSE Linux Enterprise Server and SUSE Cloud. A size of at least 25 GB is required. Help on using the partitioning tool is available at http://www.suse.com/documentation/sles11/book_sle_deployment/data/sec_yast2_i_y2_part_expert.html.

3.1.3. Software Selection

Installing a minimal base system is sufficient to set up the Administration Server. The following patterns are the minimum requirement:

  • Base System

  • Minimal System (Appliances)

  • Subscription Management Tool (optional)

  • SUSE Cloud Admin Node

  • Web and LAMP Server (only needed when installing SMT)

3.1.4. Product Registration

Although you can also register your products at any time after the installation, it is recommended to register SUSE Linux Enterprise Server and SUSE Cloud now, because it will give you immediate access to the update channels. If you have installed the SMT Add-On product, you must register your SUSE Linux Enterprise Server version at the Novell Customer Center now, otherwise you will not be able to configure the SMT server. You have received registration keys with the SUSE Cloud Administration Server subscription. See http://www.suse.com/documentation/sles11/book_sle_deployment/data/sec_i_yast2_conf.html for details on the Novell Customer Center registration.

[Note]SUSE Login Required

In order to register a product, you need to have a SUSE/Novell login. If you do not have such a login, create it at http://www.suse.com/login.

3.1.5. Online Update

A successful product registration will add update repositories for SUSE Linux Enterprise Server and all add-on products. After having successfully registered you will be asked to perform an online update, which will update the system and the add-on products. It is strongly recommended to perform the update at this point in time. If you choose to skip the update now, you must perform it later, before running the Cloud installation script.

3.1.6. CA Setup

In case you have installed SMT you need to provide a certification authority (CA). If you already have a CA certificate in your organization, import it. Otherwise generate all certificates in the Administration Server itself by accepting the YaST proposal. See http://www.suse.com/documentation/sles11/book_security/data/cha_security_yast_ca.html for more information.

If SMT is not installed, click on the CA Management link and choose to not set up a CA.

3.1.7. Basic Network Configuration

Only the first interface (eth0) on the Administration Server needs to be configured during the installation. Other interfaces will be automatically configured by the cloud installation script.

eth0 needs to be given a fixed IP address from the admin network—when sticking with the default network addresses this would be 192.168.124.10. The address you need to enter for the Default Gateway depends on whether you have provided an external gateway for the admin network (use the address of that gateway) or not (use xxx.xxx.xxx.1, e.g. 192.168.124.1). Using a custom IP address or more than one network interfaces requires to adjust the Crowbar configuration in a later step as described in Section 3.1.9, “Crowbar Setup”.

If you allow to access the admin network from another network (via gateway or bastion network), you can also add one or more name servers. The Administration Server's name server will automatically be configured by the cloud installation script to forward requests for non-local records to those server(s).

You also need to assign a hostname and a full qualified domain name (FQDN) such as admin.cloud.example.com to eth0.

Last, the firewall need to be disabled for all interfaces.

[Important]Administration Server Domain Name and Hostname

Setting up the SUSE Cloud will also install a DNS server for all nodes in the cloud. The domainname you specify for the Administration Server will be used for the DNS zone. It is recommended to use a sub-domain such as cloud.example.com.

The hostname and the FQDN need to be resolvable with hostname -f. Double-check whether /etc/hosts contains an appropriate entry for the Administration Server. It should look like the following:

191.168.124.10 admin.cloud.example.com admin

It is not possible to change the Administration Server hostname or the FQDN once the cloud installation script has been run.

3.1.8. SMT Configuration (optional)

Skip this step if you have not installed the SMT add-on product. In case you have installed it, you will be asked to configure it. Configuring the SMT server requires you to have your mirroring credentials and your registration e-mail address at hand. To access them, log in to the Novell Customer Center at http://www.novell.com/center/. Get the mirror credentials by selecting My Products+Mirror Credentials in the left navigation. Obtain your registration e-mail address from My Profile+Login Profile.

Enter this data at the SMT Configuration Wizard Step 1/2 into the fields User, Password, and NCC E-mail Used for Registration. Accept the pre-filled defaults for the other input fields. Make sure to Test the credentials.

In step two of the SMT configuration you need to enter a database password and specify an e-mail address for getting reports. Refer to http://www.suse.com/documentation/smt11/ for the complete SMT for SUSE Linux Enterprise 11 Guide.

3.1.9. Crowbar Setup

This YaST module allows you to basically configure all networks within the cloud and set the network mode for all networks. Furthermore you can also change the username and password for the Crowbar Web interface with which you can manage the OpenStack nodes.

Start YaST and choose Miscellaneous+Crowbar to start the YaST Crowbar module. The Administration Settings tab lets you change the username and password for the Crowbar Web interface.

On the Network Mode tab you can choose between single, dual, and team mode. When choosing team, you also need to set the Bonding Policy. See Section 2.1.2, “Network Modes” for details on SUSE Cloud and network modes. In-depth information about the Bonding Policy (also known as bonding modes) is available at https://www.kernel.org/doc/Documentation/networking/bonding.txt in section 2, Bonding Driver Options, under mode.

If you do not want to use the default IP addresses and the default address allocation, change these settings on the Networks tab. See Section 2.1, “Network” for details on the cloud network. You can also change the Bridge and VLAN allocation on the Networks tab. Only change them if you really know what you require, sticking with the defaults is recommended.

If you want to separate the admin and the BMC network, you must change the settings for the networks bmc and bmc_vlan. The bmc_vlan is used to used to generate a VLAN tagged interface on the Administration Server that can access the bmc network. The bmc_vlan needs to be in the same ranges as bmc, and bmc has to have VLAN enabled.

Table 3.1. Separate BMC Network Example Configuration

bmc

bmc_vlan

Subnet

192.168.126.0

Netmask

255.255.255.0

Router

192.168.126.1

Broadcast

192.168.126.255

Host Range

192.168.126.10 - 192.168.126.100

192.168.126.101 - 192.168.126.101

VLAN

yes

VLAN ID

100

Bridge

no


[Important] No Network Changes after Having Run the Cloud Installation Script

As of SUSE Cloud 1.0 it is not possible to change the network setup after having run the cloud installation script. Allowing such changes is planned for future releases of SUSE Cloud.

[Note]Setting up a Bastion Network

As of SUSE Cloud 1.0 it is not possible to set up a bastion network with YaST Crowbar. It needs to be configured manually—see Section 3.2.3, “Setting Up a Bastion Network”.

Other, more flexible network mode setups can be configured by manually editing the Crowbar network configuration files. See the documentation on the Crowbar wiki (https://github.com/dellcloudedge/crowbar/wiki) for more information. SUSE can assist you in creating a custom setup within the scope of a Level 3 support contract.

3.2. Post-Installation Configuration

After the installation has finished, you need to set up product and update repositories and, optionally, configure the bastion network. Once the Administration Server host is fully configured, start the cloud installation script.

3.2.1. Setting up the SMT Repositories (optional)

Skip this step if you have not installed the SMT add-on product. In case you have installed it, the SMT server was set up to be able to communicate with the Novell Customer Center during the installation. In this step we will add and mirror the update repositories for SUSE Linux Enterprise Server and for SUSE Cloud. They will serve as the update source for the OpenStack nodes. Run the following commands as user root:

for REPO in SLES11-SP{2-Core,2-Updates,1-Updates,1-Pool} SUSE-Cloud-1.0-{Pool,Updates}; do
  smt repos $REPO sle-11-x86_64 -e
done
smt mirror -L /var/log/smt/smt-mirror.log

The smt mirror command will download approximately 14 GB of patches. This process may last up to several hours. A log file is written to /var/log/smt/smt-mirror.log.

3.2.2. Setting Up Local Repositories

In order to deploy the OpenStack nodes and to provide update repositories for them, product and update repositories for SUSE Linux Enterprise Server and SUSE Cloud must be locally available at /srv/tftpboot. The source of the repositories can either be an SMT server installed on the Administration Server or your company's network. Please refer to Section 2.2, “Product and Update Repositories” for details. The following table lists all repositories, their file system location on the SMT server, and the location at which they need to be made available on the Administration Server:

Repository Names and Locations

SLES11-SP1-Pool

SMT dir:  /srv/www/htdocs/repo/$RCE/SLES11-SP1-Pool/slee-11-x86_64

Local dir:  /srv/tftpboot/repos/SLES11-SP1-Pool

SLES11-SP1-Updates

SMT dir:  /srv/www/htdocs/repo/$RCE/SLES11-SP1-Updates/slee-11-x86_64

Local dir:  /srv/tftpboot/repos/SLES11-SP1-Updates

SLES11-SP2-Core

SMT dir:  /srv/www/htdocs/repo/$RCE/SLES11-SP2-Core/slee-11-x86_64

Local dir:  /srv/tftpboot/repos/SLES11-SP2-Core

SLES11-SP2-Updates

SMT dir:  /srv/www/htdocs/repo/$RCE/SLES11-SP2-Updates/slee-11-x86_64

Local dir:  /srv/tftpboot/repos/SLES11-SP2-Updates

SUSE-Cloud-1.0-Pool

SMT dir:  /srv/www/htdocs/repo/$RCE/SUSE-Cloud-1.0-Pool/slee-11-x86_64

Local dir:  /srv/tftpboot/repos/SUSE-Cloud-1.0-Pool

SUSE-Cloud-1.0-Updates

SMT dir:  /srv/www/htdocs/repo/$RCE/SUSE-Cloud-1.0-Updates/slee-11-x86_64

Local dir:  /srv/tftpboot/repos/SUSE-Cloud-1.0-Updates

SUSE Linux Enterprise Server 11 SP2 Product

SMT dir:  n/a

Local dir:  /srv/tftpboot/suse-11.2

3.2.2.1. Update Repositories

The update repositories for SUSE Linux Enterprise Server and SUSE Cloud not only need to be available locally on the Administration Server, they also need to be kept in sync with the official update repositories provided by Novell Customer Center. It is highly recommended to install an SMT server either on the Administration Server or within your company network. An SMT server automatically synchronizes the repositories with the Novell Customer Center. There are several possibilities to make the repositories locally available on the Administration Server.

SMT Server installed on the Administration Server

Link the repositories mirrored by SMT to /srv/tftpboot:

for REPO in SLES11-SP{2-Core,2-Updates,1-Updates,1-Pool} SUSE-Cloud-1.0-{Pool,Updates}; do
  ln -s /srv/www/htdocs/repo/\$RCE/$REPO/sle-11-x86_64 /srv/tftpboot/repos/$REPO
done
SMT Server installed on a Remote Host

If the SMT server is installed on a remote host that can be accessed from the Administration Server you can either mount the update repositories, for example via NFS, or regularly rsync them.

To NFS-mount the repositories from a remote host, either use the YaST NFS Client module or edit /etc/fstab. The local mount point should be /srv/tftpboot/repos/<REPOSITORY_NAME>.

To rsync the repositories from a remote host, create a daily cron job running the following command on the Administration Server. This command will pull the files from a host named SMT.example.com:

for REPO in SLES11-SP{2-Core,2-Updates,1-Updates,1-Pool} SUSE-Cloud-1.0-{Pool,Updates}; do
  rsync -avPz SMT.example.com:/srv/www/htdocs/repo/\\\$RCE/$REPO/sle-11-x86_64/ \
  /srv/tftpboot/repos/$REPO/
done

Alternatively you may set up the cron job on the remote host and push the file to the Administration Server (which has the IP address 192.168.124.10 in the following example):

for REPO in SLES11-SP{2-Core,2-Updates,1-Updates,1-Pool} SUSE-Cloud-1.0-{Pool,Updates}; do
  rsync -avPz /srv/www/htdocs/repo/\\\$RCE/$REPO/sle-11-x86_64/ \
  192.168.124.10:/srv/tftpboot/repos/$REPO/ \
done
[Note]Mind the Trailing Slash

The rsync command must be used with trailing slashes in the directory names as shown above. Otherwise rsync would copy the repositories into the wrong directory.

Sneakernet

If your admin network is isolated from other networks, you need to manually sync the update repositories from removable media. To do so you can either use rsync (see above for an example) or cp -axu.

3.2.2.2. Product Repositories

The files in the product repositories for SUSE Linux Enterprise Server and SUSE Cloud do not change, therefore they do not need to be synced with a remote source. It is sufficient to copy the data once, either from a remote host or directly from the installation media. Alternatively you may mount the product repository from a remote server via NFS. Please note that the data must be directly available from the local directories listed in Repository Names and Locations. It is not possible to use links.

If copying, it is recommended to use rsync. If the installation data is located on a removable device, make sure to mount it first (for example, after inserting the DVD in the Administration Server and waiting for the device to become ready):

mkdir -p /srv/tftpboot/suse-11.2/install/
mount /dev/dvd /mnt
rsync -avP /mnt/ /srv/tftpboot/suse-11.2/install/
umount /mnt

If the installation data is provided by a remote machine, log in to that machine and push the data to the Administration Server (which has the IP address 192.168.124.10 in the following example):

rsync -avPz /data/sles11sp2/ 192.168.124.10:/srv/tftpboot/suse-11.2/install/

Also make the contents of the SUSE Cloud product repository available at /srv/tftpboot/repos/Cloud/ using one of the techniques described in the previous step.

3.2.2.3. Software Repository Sources

Now that the product and update repositories for SUSE Linux Enterprise Server and SUSE Cloud are available locally, the OpenStack nodes can be installed and updated from these sources. However, it also makes sense to use these repositories as resources to install and update packages on the Administration Server as well. Therefore you need to replace the existing remote repositories that have been added automatically during the product registration by the local ones. You can either use zypper or the YaST module Software Repositories to do so.

One way to do so, would be to disable all existing remote services and repositories and to add the local repositories afterwards:

zypper ms -dR --remote
zypper mr -dR --remote
for REPO in SLES11-SP{2-Core,2-Updates,1-Updates,1-Pool} SUSE-Cloud-1.0-{Pool,Updates}; do
  zypper ar -f /srv/tftpboot/repos/$REPO $REPO
done
zypper ar /srv/tftpboot/repos/Cloud "SUSE-Cloud-1.0"
zypper ar /srv/tftpboot/suse-11.2/install/ "SLES 11 SP2"
[Important]Remote Repositories and Services Need to be Disabled

The cloud installation script will refresh all active repositories and services. In case repositories cannot be refreshed, the script will fail. Even if you have a permanent Internet connection on the Administration Server, it may temporarily not be available during the run of the cloud installation script, since this script also reconfigures the network.

Therefore all remote repositories and services need to be disabled prior to running the cloud installation script. This is archived by running the zypper ms and zypper mr commands listed above. In case you need remote repositories (such as the SMT update repositories), re-enable them after the cloud installation script has run.

3.2.3. Setting Up a Bastion Network

As outlined in Section 2.1, “Network”, one way to access the admin network from a defined external network is via a Bastion network and a second network card (as opposed to providing an external gateway).

To set up the Bastion network, you need to have a static IP address for the Administration Server from the external network. You need to adjust the network template file /opt/dell/chef/data_bags/crowbar/bc-template-network.json. The example configuration used below assumes that the external network from which to access the admin network has the following addresses. You need to adjust them according to your needs.

Subnet: 10.10.1.0
Netmask: 255.255.0.0
Broadcast: 10.10.1.255
Gateway: 10.10.1.1
Static Administration Server address: 10.10.1.125

Adjust /opt/dell/chef/data_bags/crowbar/bc-template-network.json according to the following patch (it only directly matches if you have not changed the default network configuration). Once the bastion network configuration has been added to bc-template-network.json, it can be adjusted using the YaST Crowbar module.

--- /opt/dell/chef/data_bags/crowbar/bc-template-network.json
+++ /opt/dell/chef/data_bags/crowbar/bc-template-network.json
@@ -86,6 +86,11 @@
                         "1g1"
                      ]
                   },
+                  "bastion1" : {
+                     "if_list" : [
+                        "1g2"
+                     ]
+                  },
                   "intf1" : {
                      "if_list" : [
                         "1g1"
@@ -209,6 +214,23 @@
                "subnet" : "192.168.122.128",
                "use_vlan" : true
             },
+            "bastion" : {
+               "add_bridge" : false,
+               "vlan" : 50,
+               "router" : "10.10.1.1",
+               "ranges" : {
+                  "admin" : {
+                     "start" : "10.10.1.125",
+                     "end" : "10.10.1.125"
+                  }
+               },
+               "broadcast" : "10.10.1.255",
+               "netmask" : "255.255.255.0",
+               "use_vlan" : false,
+               "conduit" : "bastion1",
+               "subnet" : "10.10.1.0",
+               "router_pref" : 5
+            },
             "public" : {
                "add_bridge" : false,
                "vlan" : 300,

3.2.4. Running the Cloud Installation Script

Before running the cloud installation script to finish the configuration of the Administration Server make sure to double-check the following items.

Final Check Points

Now everything is in place to finally configure the Administration Server. This is done by running the script /opt/dell/bin/install-chef-suse.sh. This command will install and configure Chef, and use it to complete the installation of Crowbar and all required Barclamps. It will take several minutes to complete.

screen /opt/dell/bin/install-chef-suse.sh
[Important] Use a Terminal Multiplexer to run the Cloud Installation Script

Run the installation script install-chef-suse.sh inside of a terminal multiplexer like GNU Screen (provided by the screen package).

During the run of this script the network will be reconfigured. This may result in interrupting the script when being run from a network connection (like SSH). Using screen will continue running the script in a session to which you can reconnect via screen -r if you lose the connection.

install-chef-suse.sh will produce a lot of output that gets written to a log file located at /var/log/chef/install.log. Check this log file in case something goes wrong. You can run install-chef-suse.sh multiple times as long as you have not started to deploy the OpenStack services.

If the script has successfully finished, you will see a message telling you how to log in to the Crowbar Web interface.

[Warning] No Network Changes After Having Run the Cloud Installation Script

Once you have run the cloud installation script, you cannot change the network setup anymore. If doing so, you would have to completely set up the Administration Server again.

3.2.4.1. Activating the Bastion Network

In case you have configured a Bastion Network, you need to activate its network interface by running the following commands:

/opt/dell/bin/crowbar network -U crowbar -P crowbar allocate_ip \
  default $(hostname -f) bastion admin
chef-client

This command needs to be executed directly on the admin server, so you either need direct access to the machine or a serial console.

3.2.4.2. Re-enabling Remote Repositories

Prior to running the cloud installation script, all required update repositories have been made available locally and all remote repositories and services have been disabled (see Section 3.2.2.3, “Software Repository Sources”). In case you still need remote repositories that have been disabled (e.g. SLE11-SMT-SP2-Pool and SLE11-SMT-SP2-Updates if you have installed SMT), you may re-enable them now using YaST or zypper.


SUSE Cloud Deployment Guide 1.0