Tuesday, June 23, 2015

openstack KILO Minimal deployment with neutron on VMs

Controller config:
https://drive.google.com/open?id=0BzMCYv5KIAi-Yko1NURtU0FVcFE&authuser=0

Network config(flat+GRE):
https://drive.google.com/open?id=0BzMCYv5KIAi-eTJqT01TeFkwX1k&authuser=0

Compute config:
https://drive.google.com/open?id=0BzMCYv5KIAi-N2tCb18tV1lQMTA&authuser=0





If you are building your OpenStack nodes as virtual machines, you must configure
the hypervisor to permit promiscuous mode on the external network
auto eth0
iface eth0 inet manual
up ip link set dev $IFACE up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ip link set dev $IFACE down
allow-hotplug br-ex
iface br-ex inet static
        bridge_ports eth0
        address 16.157.134.232
        netmask 255.255.248.0
        gateway 16.157.128.1




soauser ALL=(ALL) NOPASSWD: ALL

By default, the SSH server denies password-based login for root. In /etc/ssh/sshd_config, change:


PermitRootLogin without-password
to
PermitRootLogin yes
And restart SSH:
sudo service ssh restart

rabbitmqctl change_password  openstack admin


apt-get install keystone python-openstackclient apache2 libapache2-mod-wsgi memcached python-memcache

Note: openstack client will not work in proxy envrionment

export no_proxy=localhost,127.0.0.1,controller,nova,neutron

$mysql -u root -p
SET PASSWORD FOR 'keystone'@'localhost' = PASSWORD('admin');
SET PASSWORD FOR 'keystone'@'%' = PASSWORD('admin');


For security reasons, disable the temporary authentication token mechanism:
Edit the /etc/keystone/keystone-paste.ini file and remove
admin_token_auth from the [pipeline:public_api],
[pipeline:admin_api], and [pipeline:api_v3] sections.


The Identity version 3 API adds support for domains that contain projects and users.
Projects and users can use the same names in different domains. Therefore, in order
to use the version 3 API, requests must also explicitly contain at least the default domain
or use IDs. For simplicity, this guide explicitly uses the default domain so examples
can use names instead of IDs.
$ openstack --os-auth-url http://controller:35357 \
--os-project-domain-id default --os-user-domain-id default \
--os-project-name admin --os-username admin --os-auth-type password \



You can store virtual machine images made
available through the Image service in a variety of locations, from simple file systems to object-
storage systems like OpenStack Object Storage.


https://bugs.launchpad.net/openstack-manuals/+bug/1453534(logdir -> log_dir)


Following the external network subnet, the tenant router gateway should occupy the lowest IP address in the floating IP address
range,




/etc/neutron/plugins/ml2/ml2_conf.ini(on every compute to config tunnel network)
In the [ovs] section, enable tunnels and configure the local tunnel endpoint:
[ovs]
...
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of
the instance tunnels network interface on your compute node.
e. In the [agent] section, enable GRE tunnels:
[agent]
...
tunnel_types = gre



sed '/^$/d' neutron.conf >neutron-remove-empty-line.conf
sed '/^#/d' neutron.conf >neutron-remove-line-start-with#.conf

Edit the /etc/neutron/l3_agent.ini file and complete the following actions:

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True
The external_network_bridge option intentionally lacks a value
to enable multiple external networks on a single agent.
b. (Optional) To assist with troubleshooting, enable verbose logging in the

http://bderzhavets.blogspot.com/2014/10/forwarding-packet-from-br-int-to-br-ex.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)