Here you go. Keep in mind that I structured them more like their own install guide. Basic tweaks were integrated into the steps, but larger issues are noted at the bottom under the "notes" section.
Best Regards, Solly Ross ----- Original Message ----- From: "Qing He" <qing...@radisys.com> To: "Solly Ross" <sr...@redhat.com> Cc: "OpenStack Development Mailing List" <openstack-dev@lists.openstack.org> Sent: Monday, September 16, 2013 1:37:02 PM Subject: RE: Issues with IPTables Solly, It would be great if you can share the notes. The reason I asked the question is that I'm trying to decide If I need to allocate development time in installation following the installation guide. The usual wisdom is that installation with detailed instruction would "take no time". However, your experience and mine showed the contrary. I have not finished mine following the Ubuntu installation guide. Thus, I was interested in knowing your effort spent on it so that I would know that it was not just me who had issues with the supposedly "plug and play" installation with the packages. Thanks, Qing -----Original Message----- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:24 AM To: Qing He Cc: OpenStack Development Mailing List Subject: Re: Issues with IPTables Quite a while. RDO's documentation for configuring multinode Packstack with Neutron was a bit lacking, so after attempting to get that working for a while, I switched to following the Basic Install Guide (http://docs.openstack.org/trunk/basic-install/content/basic-install_intro.html). I also found the basic install guide catered for Fedora (http://docs.openstack.org/trunk/basic-install/yum/content/basic-install_intro.html), but that is sorely lacking in the actual instruction department, and is missing several steps. If you would like, I can attach the raw draft of my notes. Eventually, some of the changes or clairifications should make their way into the actual OpenStack Docs. Best Regards, Solly Ross ----- Original Message ----- From: "Qing He" <qing...@radisys.com> To: sr...@redhat.com Sent: Monday, September 16, 2013 1:14:42 PM Subject: RE: Issues with IPTables Solly, A side question, how long did this process take you? Thanks, Qing -----Original Message----- From: Solly Ross [mailto:sr...@redhat.com] Sent: Monday, September 16, 2013 10:11 AM To: OpenStack Development Mailing List Subject: [openstack-dev] Issues with IPTables In a enfort to improve/verify the Openstack Documentation with regards to RHEL and Fedora, I've been attempting to follow the basic install guides. I've managed to create a working installation and set of instructions. However, to do so I needed to disable the Neutron IPTables firewall, as it was blocking non-VM traffic. Namely, it was blocking the GRE packets being used by Neutron. Did I miss something, or is this a bug? Best Regards, Solly Ross _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Intro ===== We will be following the basic install guide at http://docs.openstack.org/trunk/basic-install/. Layout ====== We have three networks: * vmnet10 (NAT, 192.168.0.x) -- management network * vmnet11 (host-only, 10.10.10.x) -- data network * vmnet12 (NAT, 192.168.230.x) -- "external"/API network All networks have x.x.x.1 assigned as the host's IP, and NAT networks have x.x.x.2 set as the default gateway/NAT box. For this reason, we will start all IPs at x.x.x.3 instead of x.x.x.1 (just add 2 to every IP in the guide) controller.rdo-test ------------------- * eth0: 192.168.0.3 (mgmt) * eth1: 129.168.230.7 (ext) compute.rdo-test ---------------- * eth0: 192.168.0.5 (mgmt) * eth1: 10.10.10.4 (data) network.rdo-test ---------------- * eth0: 192.168.0.4 (mgmt) * eth1: 10.10.10.3 (data) * eth2: 192.168.230.8 (ext) Setup ===== NOTE: make sure that the outside network is reachable (for example, in our VMWare setup, add `DNS1=192.168.0.2` and `GATEWAY=192.168.0.2` to /etc/sysconfig/network-scripts/ifcfg-eth0) Controller Node (controller.rdo-test) ------------------------------------- 1. Add the repositories: 1. `yum-config-manager --add-repo http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo` (RDO) 2. `yum install -y http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm` (EPEL) 2. Update to grab the new kernel, and reboot to use it `yum -y update && shutdown -r now` 3. Edit the network scripts to contain the correct lines: `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth{0,1}` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix) 4. `BOOTPROTO=none` 5. `IPADDR=[SEE LAYOUT SECTION]` 4. Edit sysctl.conf to disable route verification `$EDITOR /etc/sysctl.conf` 1. `net.ipv4.conf.all.rp_filter = 0` 2. `et.ipv4.conf.default.rp_filter = 0` 5. restart networking `service network restart` 6. Edit hosts file to contain other hosts `$EDITOR /etc/hosts` 1. `192.168.0.3 controller controller.rdo-test` 2. `192.168.0.5 compute compute.rdo-test` 3. `192.168.0.4 network network.rdo-test` 7. Install NTP and configure (?) (skipped for now) `yum -y install ntp` 8. Install MySQL `yum -y install mysql-server python-mysqldb` 9. Allow connections from anywhere on the network (not needed on RHEL 6.4) `sed -i 's/127.0.0.1/0.0.0.0/g' /etc/my.cnf` 10. Run the setup for MySQL `/usr/bin/mysql_secure_installation` (set root pw to something (we will use 'mysqlpw`), allow root access from non-localhost) 10. Create the DBs, users, and rights: 1. `mysql -u root --password=mysqlpw` 2. `CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.0.3' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.0.4' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.0.5' \ IDENTIFIED BY 'password'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ IDENTIFIED BY 'password'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'password'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'password'; CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.168.0.4' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.168.0.5' \ IDENTIFIED BY 'password'; FLUSH PRIVILEGES; exit;` 11. Install Qpid `yum install -y qpid-cpp-{client,server} python-qpid` 12. Disable auth in Qpid `$EDITOR /etc/qpidd.conf` 1. `auth=no` 13. Restart Qpid `service qpidd restart` 14. Install Keystone `yum install -y openstack-keystone python-keystone python-keystoneclient` 15. Configure Keystone `$EDITOR /etc/keystone/keystone.conf` 1. `admin_token = password` 2. `bind_host = 0.0.0.0` 3. `public_port = 5000` 4. `admin_port = 35357` 5. `compute_port = 8774` 6. `verbose = True` 7. `debug = True` 8. `log_file = keystone.log` 9. `log_dir = /var/log/keystone` 10. `log_config = /etc/keystone/logging.conf` 11. `connection = mysql://keystone:password@localhost/keystone` 16. Create the SSL key `keystone-manage pki_setup && chown -R keystone:keystone /etc/keystone/*` 17. (Re)start keystone and create the databases `service openstack-keystone restart && keystone-manage db_sync` 18. Create novarc and source it `$EDITOR ~/novarc && source novarc` `export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password export OS_AUTH_URL="http://192.168.0.3:5000/v2.0/"; export SERVICE_ENDPOINT="http://192.168.0.3:35357/v2.0"; export SERVICE TOKEN=password` 19. Create keystone users and tennants NOTE: it is reccomended to use the following code to extract ids: `get_id () { echo `$@ | awk '/ id / { print $4 }'`; }`, so the commands can be run as `ENV_VAR=$(get_id command)` 1. (admin tenant) `keystone tenant-create --name admin` 2. (admin user) `keystone user-create --name admin --pass password --email ad...@example.com` 3. (admin role) `keystone role-create --name admin` 4. (all together now) `keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $ADMIN_TENANT` 5. (service tenant) `keystone tenant-create --name service` 6. (member role) `keystone role-create --name=Member` 7. (demo tenant) `keystone tenant-create --name=demo` 8. (demo user) `keystone user-create --name demo --pass password --email d...@example.com` 9. (all together now) `keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT` 10. (all together now) `keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $DEMO_TENANT` 11. (service roles) `SVC=(nova glanc swift neutron cinder); for svc in ${SVC[@]}; do export ${svc}_USER=$(get_id keystone user-create --name=$svc --pass=password --tenant-id $SERVICE_TENANT --email=${svc}@example.com); keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $(eval "echo \$${svc}_USER") --role-id $ADMIN_ROLE; done` 12. (reseller role) `keystone role-create --name=ResellerAdmin` 13. (all together now) `keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $nova_USER --role-id $RESELLER_ROLE` 20. Create the keystone services NOTE: descriptions can be added if desired with `--description` NOTE: ec2 was skipped, but can be added with a name and type of 'ec2' NOTE: get_id should again be used here 1. (nova) `keystone service-create --name nova --type compute` 2. (cinder) `keystone service-create --name cinder --type volume` 3. (glance) `keystone service-create --name glance --type image` 4. (swift) `keystone service-create --name swift --type object-store` 5. (keystone) `keystone service-create --name keystone --type identity` 6. (neutron) `keystone service-create --name neutron --type network` 21. Create keystone endpoints NOTE: ec2 was skipped here 1. `create_endpoint() { eval "keystone endpoint-create --region RegionOne --service-id \$${1}_SERVICE --publicurl '$2' --adminurl '${3:-$2}' --internalurl '${4:-$2}'"; }` 1. (nova) `create_endpoint NOVA 'http://192.168.0.3:8774/v2/$(tenant_id)s'` 2. (cinder) `create_endpoint CINDER 'http://192.168.0.3:8776/v1/$(tenant_id)s'` 3. (glance) `create_endpoint GLANCE 'http://192.168.0.3:9292/v2'` 4. (swift) `create_endpoint SWIFT 'http://192.168.0.3:8080/v1/AUTH_$(tenant_ids)' 'http://192.168.0.3:8080/v1'` 5. (keystone) `create_endpoint KEYSTONE 'http://192.168.0.3:5000/v2.0' 'http://192.168.0.3:35357/v2.0'` 6. (neutron) `create_endpoint NEUTRON 'http://192.168.0.3:9696'` 22. Install Glance `yum install -y openstack-glance python-glanceclient` 23. Configure Glance 1. `$EDITOR /etc/glance/glance-api.conf` 1. `sql_connection = mysql://glance:password@localhost/glance` 2. `admin_tenant_name = service` 3. `admin_user = glance` 4. `admin_password = password` 5. `notifier_strategy = qpid` 2. `$EDITOR /etc/glance/glance-registry.conf` 1. `sql_connection = mysql://glance:password@localhost/glance` 2. `admin_tenant_name = service` 3. `admin_user = glance` 4. `admin_password = password` 24. Restart Glance `service openstack-glance-api restart && service openstack-glance-registry restart` NOTE: this may complain about cinder being missing. Simply install the cinder packages now to fix this problem. 25. Install Glance dbs `glance-manage db_sync` NOTE: this may complain about not being able to import the correct exception. This is due to an issue in the version of migrate that it requests. Modify the file `glance/db/sqlalchemy/migration.py` to say `from migrate.versioning import exceptions as versioning_exceptions` (the modified part is the `.versioning` part) 26. Install Nova `yum install -y openstack-nova openstack-nova-{api,cert,common,conductor,scheduler} python-nova python-novaclient python-nova-adminclient` 27. Configure Nova 1. `$EDITOR /etc/nova/api-paste.ini` (under `filter:authtoken`) 1. `admin_tenant_name = service` 2. `admin_user = nova` 3. `admin_password = password` 2. `$EDITOR /etc/nova/nova.conf` 1. `sql_connection = mysql://nova:password@192.168.0.3/nova` 2. `admin_tenant_name = service` 3. `admin_user = nova` 4. `admin_password = password` and insert (under DEFAULT) 5. `verbose = True scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # nova-api # cc_host=192.168.0.3 auth_strategy=keystone nova_url=http://192.168.0.1:8774/v1.1/ api_paste_config=/etc/nova/api-paste.ini allow_admin_api=true dmz_cidr=169.254.169.254/32 metadata_host=192.168.0.3 metadata_listen=0.0.0.0 enabled_apis=osapi_compute,metadata # Networking # network_api_class=nova.network.neutronv2.api.API neutron_url=http://192.168.0.3:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_admin_username=neutron neutron_admin_password=password neutron_admin_auth_url=http://192.168.0.3:35357/v2.0 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=neutron # Cinder # volume_api_class=nova.volume.cinder.API # Glance # glance_api_servers=192.168.0.3:9292 image_service=nova.image.glance.GlanceImageService # novnc # novnc_enable=true novncproxy_base_url=http://192.168.230.7:6080/vnc_auto.html vncserver_proxyclient_address=192.168.0.3 vncserver_listen=0.0.0.0` 28. Create the Nova DBs `nova-manage db sync` 29. Restart Nova Services `for s in openstack-nova-{api,cert,consoleauth,scheduler,conductor}; do service $s restart; service $s status; done` 30. Install Cinder `yum install -y openstack-cinder python-cinderclient python-cinder` 31. Start iSCSI `service iscsid start && service iscsi start` 32. Configure Cinder 1. `$EDITOR /etc/cinder/cinder.conf` 1. `sql_connection = mysql://cinder:password@localhost/cinder` 2. `admin_tenant_name = service` 3. `admin_user = cinder` 4. `admin_password = password` 5. `auth_strategy = keystone` (under the default section) 2. `$EDITOR /etc/cinder/api-paste.ini` (under filter:authtoken) 1. `admin_tenant_name = service` 2. `admin_user = cinder` 3. `admin_password = password` 33. Create Cinder Volumes 1. `fdisk /dev/sdb` 2. `pvcreate /dev/sdb1` 3. `vgcreate cinder-volumes /dev/sdb1` 34. Restart Cinder services `for s in openstack-cinder-{api,scheduler,volume}; do service $s restart; service $s status; done` 35. Install Neutron `yum install -y openstack-neutron python-neutron python-neutronclient openstack-neutron-openvswitch` 36. Configure Neutron 1. `$EDITOR /etc/neutron/neutron.conf` 1. `core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2` 2. `auth_strategy = keystone` 3. `rpc_backend=neutron.openstack.common.rpc.impl_qpid` 4. `qpid_hostname = localhost` 5. `qpid_port = 5672` 2. `$EDITOR /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini` 1. `[database] connection = mysql://neutron:password@localhost/ovs_neutron` 2. `[OVS] tenant_network_type = gre tunnel_id_ranges = 1:1000 enable_tunneling = True` 3. `$EDITOR /etc/neutron/api-paste.ini` 1. `admin_tenant_name = service` 2. `admin_user = neutron` 3. `admin_password = password` 32. Link `plugin.ini` to `plugins/openvswitch/ovs_neutron_plugin.ini` `ln -s /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini` 33. Start Neutron Server `service neutron-server start` 34. Install Horizon `yum install -y openstack-dashboard memcached python-memcached` 35. Start httpd `service httpd start` NOTE: horizon seems to have an auth error here TODO(sross): iptables seems to block outside connections. Figure out why this is TODO(sross): debug auth error 36. Set Qpid as the default messaging system (and restart services after) `$EDITOR /etc/{nova,neutron,...}` 1. `rpc_backend=nova.rpc.impl_qpid` 2. `qpid_hostname=controller` Network Node (network.rdo-test) ------------------------------- NOTE: remember that eth1 is the external network, NOT eth2 (unlike the basic install guide) 1. Add the repositories: 1. `yum-config-manager --add-repo http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo` (RDO) 2. `yum install -y http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm` (EPEL) 2. Update to grab the new kernel, and reboot to use it `yum -y update && shutdown -r now` 3. Edit the network scripts to contain the correct lines: 1. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth0` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix) 4. `BOOTPROTO=none` 5. `IPADDR=[SEE LAYOUT SECTION]` 6. `DNS1=x.x.x.2` 2. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth1` 1. `ONBOOT=yes` 2. `BOOTPROTO=none` 3. `IPADDR=0.0.0.0` 4. `ETHTOOL_OPTS="promisc"` 3. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth2` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 4. `BOOTPROTO=none` 5. `IPADDR=[SEE LAYOUT SE 4. Edit `/etc/sysctl.conf` `$EDITOR /etc/sysctl.conf` 1. `net.ipv4.ip_forward=1` 2. `net.ipv4.conf.all.rp_filter = 0` 3. `net.ipv4.conf.default.rp_filter = 0` 5. Restart networking `service network restart` 6. Edit hosts file to contain other hosts `$EDITOR /etc/hosts` 1. `192.168.0.3 controller controller.rdo-test` 2. `192.168.0.5 compute compute.rdo-test` 3. `192.168.0.4 network network.rdo-test` 7. Install and configure NTP (skipped for now) 8. Install Open-vSwitch `yum install -y openstack-neutron openstack-neutron-openvswitch` 9. Start Open vSwitch `service openvswitch start` 10. Create Virtual Bridging 1. `ovs-vsctl add-br br-int` 2. `ovs-vsctl add-br br-ex` 3. `ovs-vsctl add-port br-ex eth1` 4. `ip link set up br-ex` 11. Set external bridge IP to whatever eth1's IP was supposed to be 1. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-br-ex` `DEVICE=br-ex TYPE=Bridge ONBOOT=no NM_CONTROLLED=no BOOTPROTO=none IPADDR=192.168.230.8 NETMASK=255.255.255.0 DNS1=192.168.230.2 GATEWAY=192.168.230.2` 2. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth1` 1. `BRIDGE=br-ex` 2. remove the `IPADDR` line 12. Restart networking `service network restart` ??. do the ENABLE A SIMPLE NAT step? 13. Configure Neutron 1. `$EDITOR /etc/neutron/l3_agent.ini` 1. `use_namespaces = False` 2. `debug = True` 3. `interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver` 2. `$EDITOR /etc/neutron/neutron.conf` 1. `auth_host = 192.168.0.3` 2. `admin_tenant_name = service` 3. `admin_user = neutron` 4. `admin_password = password` 5. `auth_url = http://192.168.0.3:35357/v2.0` 6. `auth_strategy = keystone` 7. `core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2` 8. `verbose = True` 9. `rpc_backend = neutron.openstack.common.rpc.impl_qpid 10. `qpid_hostname = 192.168.0.3` 3. `$EDITOR /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini` 1. `[database] sql_connection = mysql://neutron:password@10.10.10.10/neutron` 2. `[ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 enable_tunneling = True integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.10.10.3 firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver` 4. `$EDITOR /etc/neutron/dhcp_agent.ini` 1. `use_namespaces = False` 2. `interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver` 3. `dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq` 14. Restart the Neutron services `for s in neutron-{openvswitch-agent,dhcp-agent,l3-agent}; do service $s restart; service $s status; done` 15. Copy the 'novarc' file from above and source it `scp root@192.168.0.3:~/novarc . && source novarc` 16. Initialize the networks and routers NOTE: once again, `get_id` may be useful here NOTE: you may wish to install `python-keystoneclient` to make getting IDs easier 1. (create the internal network) `neutron net-create --tenant-id $DEMO_TENANT demo-net --provider:network_type gre --provider:segmentation_id 1` 2. (create the internal network's subnet) `neutron subnet-create --tenant-id $DEMO_TENANT --ip_version 4 --name demo-subnet $TENANT_NET_ID 10.5.5.0/24 --gateway 10.5.5.1 --dns_nameservers list=true 192.168.230.2` 3. (create the router) `neutron router-create --tenant-id $DEMO_TENANT demo-router` 4. (attach the internal network's subnet to the router) `neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID` 5. (create the external network) `neutron net-create ext-net -- --router:external=True --provider:network_type gre --provider:segmentation_id 2` 6. (create the external network's subnet) `neutron subnet-create --ip_version 4 --allocation-pool start=192.168.230.100,end=192.168.230.200 --gateway=192.168.230.2 $EXT_NET_ID 192.168.230.0/24 -- --enable_dhcp=False` 7. (connect the router to the external network) `neutron router-gateway-set $ROUTER_ID $EXT_NET_ID` 8. flush ip addr for ext bridge and add ip with mask of 24? 17. Configure Neutron L3 `$EDITOR /etc/neutron/l3_agent.ini` 1. `gateway_external_network_id = [value of $EXT_NET_ID]` 2. `router_id = [value of $ROUTER_ID]` 18. Restart Neutron L3 `service neutron-l3-agent restart` Compute Node (compute.rdo-test) ------------------------------- NOTE: remember that eth1 is the external network, NOT eth2 (unlike the basic install guide) 1. Add the repositories: 1. `yum-config-manager --add-repo http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo` (RDO) 2. `yum install -y http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm` (EPEL) 2. Update to grab the new kernel, and reboot to use it `yum -y update && shutdown -r now` 3. Edit the network scripts to contain the correct lines: 1. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth0` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix) 4. `BOOTPROTO=none` 5. `IPADDR=192.168.0.5` 2. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth1` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 4. `BOOTPROTO=none` 5. `IPADDR=10.10.10.4` 4. Edit sysctl.conf to disable route verification `$EDITOR /etc/sysctl.conf` 1. `net.ipv4.conf.all.rp_filter = 0` 2. `net.ipv4.conf.default.rp_filter = 0` 5. Restart networking `service network restart` 6. Edit hosts file to contain other hosts `$EDITOR /etc/hosts` 1. `192.168.0.3 controller controller.rdo-test` 2. `192.168.0.5 compute compute.rdo-test` 3. `192.168.0.4 network network.rdo-test` 7. Install and configure NTP (skipped) 8. Install Nova NOTE: this also installs libvirt if you don't already have it, as well as kvm/qemu `yum install -y openstack-nova python-novaclient` 9. Configure Nova 1. `$EDITOR /etc/nova/api-paste.ini` 1. `auth_host = 192.168.0.3` 2. `admin_tenant_name = service` 3. `admin_user = nova` 4. `admin_password = password` 2. `$EDITOR /etc/nova/nova.conf` 1. `verbose = True` 2. `qpid_hostname = 192.168.0.3` 4. `rpc_backend = qpid` 5. `auth_strategy = keystone` 7. `auth_host = 192.168.0.3` 8. `admin_tenant_name = service` 9. `admin_user = nova` 10. `admin_password = password` 11. `sql_connection = mysql://nova:password@192.168.0.3/nova1 (just follow the guide for the rest of the conf, substituting in 192.168.0.3 or 192.168.230.7 as necessary, instead of 10.x.x.x) 10. Restart Nova and Libvirt `service libvirtd restart && service openstack-nova-compute restart` 11. Install Openvswitch and Neutron `yum install -y openvswitch openstack-neutron openstack-neutron-openvswitch` 12. Start Open vSwitch and Add the internal bridge `service openvswitch start && ovs-vsctl add-br br-int` 13. Configure Neutron 1. `$EDITOR /etc/neutron/neutron.conf` 1. `debug = True` 2. `verbose = True` 3. `rpc_backend = neutron.openstack.common.rpc.impl_qpid` 4. `qpid_hostname = 192.168.0.3` 5. `core_plugin = core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2` 6. `auth_strategy = keystone` 7. `auth_host = 192.168.0.3` 8. `admin_tenant_name = service` 9. `admin_user = neutron` 10. `admin_password = password` 2. `$EDITOR /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini` 1. `[database] sql_connection = mysql://neutron:password@192.1680.3/neutron` 2. `[ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 local_ip = 10.10.10.4 integration_bridge = br-int tunnel_bridge = br-tun enable_tunneling = True 14. (Re)start Neutron `service neutron-openvswitch-agent restart` Notes ===== Swift's endpoint caused some issues. It was not found in the basic-install/yum version of the guide should we use `openstack-db --init --service keystone` instead of the `[service]-manage` executables? If you have issues with the repos not being found, try `yum clean all` first WebSocketProxy may complain about an unknown option 'no_parent'. Simply update python-websockify to solve this issue Notes: the compute node needs this `iptables -I INPUT 10 -p tcp -m multiport --dports 5900:5999 -j ACCEPT` for vnc to work (check correct rule number -- `iptables -nvL` and look for the REJECT rule that rejects everything) (assuming you are using the IPTables firewall -- packstack actually inserts this line itself, it would seem) Note: iptables on the network node don't like gre tunnels, and thus block gre packets. As you may surmise, this is not particularly useful. TODO: figure out why Neutron doesn't automatically unblock GRE packets in iptables. For now simply disabling iptables seems to work fine, but this is not a good long-term solution neutron dhcp agent dies after launch, [-may need to chown -R neutron:neutron /var/lib/neutron-] need iptables for snat, but can disable firewall by setting firewall to Noop in both neutron. in order to get snat working, need to delete the first line of neutron-l3-agent-postrouting?
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
