Intro ===== We will be following the basic install guide at http://docs.openstack.org/trunk/basic-install/. Layout ====== We have three networks: * vmnet10 (NAT, 192.168.0.x) -- management network * vmnet11 (host-only, 10.10.10.x) -- data network * vmnet12 (NAT, 192.168.230.x) -- "external"/API network All networks have x.x.x.1 assigned as the host's IP, and NAT networks have x.x.x.2 set as the default gateway/NAT box. For this reason, we will start all IPs at x.x.x.3 instead of x.x.x.1 (just add 2 to every IP in the guide) controller.rdo-test ------------------- * eth0: 192.168.0.3 (mgmt) * eth1: 129.168.230.7 (ext) compute.rdo-test ---------------- * eth0: 192.168.0.5 (mgmt) * eth1: 10.10.10.4 (data) network.rdo-test ---------------- * eth0: 192.168.0.4 (mgmt) * eth1: 10.10.10.3 (data) * eth2: 192.168.230.8 (ext) Setup ===== NOTE: make sure that the outside network is reachable (for example, in our VMWare setup, add `DNS1=192.168.0.2` and `GATEWAY=192.168.0.2` to /etc/sysconfig/network-scripts/ifcfg-eth0) Controller Node (controller.rdo-test) ------------------------------------- 1. Add the repositories: 1. `yum-config-manager --add-repo http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo` (RDO) 2. `yum install -y http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm` (EPEL) 2. Update to grab the new kernel, and reboot to use it `yum -y update && shutdown -r now` 3. Edit the network scripts to contain the correct lines: `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth{0,1}` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix) 4. `BOOTPROTO=none` 5. `IPADDR=[SEE LAYOUT SECTION]` 4. Edit sysctl.conf to disable route verification `$EDITOR /etc/sysctl.conf` 1. `net.ipv4.conf.all.rp_filter = 0` 2. `et.ipv4.conf.default.rp_filter = 0` 5. restart networking `service network restart` 6. Edit hosts file to contain other hosts `$EDITOR /etc/hosts` 1. `192.168.0.3 controller controller.rdo-test` 2. `192.168.0.5 compute compute.rdo-test` 3. `192.168.0.4 network network.rdo-test` 7. Install NTP and configure (?) (skipped for now) `yum -y install ntp` 8. Install MySQL `yum -y install mysql-server python-mysqldb` 9. Allow connections from anywhere on the network (not needed on RHEL 6.4) `sed -i 's/127.0.0.1/0.0.0.0/g' /etc/my.cnf` 10. Run the setup for MySQL `/usr/bin/mysql_secure_installation` (set root pw to something (we will use 'mysqlpw`), allow root access from non-localhost) 10. Create the DBs, users, and rights: 1. `mysql -u root --password=mysqlpw` 2. `CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.0.3' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.0.4' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.0.5' \ IDENTIFIED BY 'password'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ IDENTIFIED BY 'password'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'password'; CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'password'; CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.168.0.4' \ IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.168.0.5' \ IDENTIFIED BY 'password'; FLUSH PRIVILEGES; exit;` 11. Install Qpid `yum install -y qpid-cpp-{client,server} python-qpid` 12. Disable auth in Qpid `$EDITOR /etc/qpidd.conf` 1. `auth=no` 13. Restart Qpid `service qpidd restart` 14. Install Keystone `yum install -y openstack-keystone python-keystone python-keystoneclient` 15. Configure Keystone `$EDITOR /etc/keystone/keystone.conf` 1. `admin_token = password` 2. `bind_host = 0.0.0.0` 3. `public_port = 5000` 4. `admin_port = 35357` 5. `compute_port = 8774` 6. `verbose = True` 7. `debug = True` 8. `log_file = keystone.log` 9. `log_dir = /var/log/keystone` 10. `log_config = /etc/keystone/logging.conf` 11. `connection = mysql://keystone:password@localhost/keystone` 16. Create the SSL key `keystone-manage pki_setup && chown -R keystone:keystone /etc/keystone/*` 17. (Re)start keystone and create the databases `service openstack-keystone restart && keystone-manage db_sync` 18. Create novarc and source it `$EDITOR ~/novarc && source novarc` `export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password export OS_AUTH_URL="http://192.168.0.3:5000/v2.0/" export SERVICE_ENDPOINT="http://192.168.0.3:35357/v2.0" export SERVICE TOKEN=password` 19. Create keystone users and tennants NOTE: it is reccomended to use the following code to extract ids: `get_id () { echo `$@ | awk '/ id / { print $4 }'`; }`, so the commands can be run as `ENV_VAR=$(get_id command)` 1. (admin tenant) `keystone tenant-create --name admin` 2. (admin user) `keystone user-create --name admin --pass password --email admin@example.com` 3. (admin role) `keystone role-create --name admin` 4. (all together now) `keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $ADMIN_TENANT` 5. (service tenant) `keystone tenant-create --name service` 6. (member role) `keystone role-create --name=Member` 7. (demo tenant) `keystone tenant-create --name=demo` 8. (demo user) `keystone user-create --name demo --pass password --email demo@example.com` 9. (all together now) `keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT` 10. (all together now) `keystone user-role-add --user_id $ADMIN_USER --role_id $ADMIN_ROLE --tenant_id $DEMO_TENANT` 11. (service roles) `SVC=(nova glanc swift neutron cinder); for svc in ${SVC[@]}; do export ${svc}_USER=$(get_id keystone user-create --name=$svc --pass=password --tenant-id $SERVICE_TENANT --email=${svc}@example.com); keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $(eval "echo \$${svc}_USER") --role-id $ADMIN_ROLE; done` 12. (reseller role) `keystone role-create --name=ResellerAdmin` 13. (all together now) `keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $nova_USER --role-id $RESELLER_ROLE` 20. Create the keystone services NOTE: descriptions can be added if desired with `--description` NOTE: ec2 was skipped, but can be added with a name and type of 'ec2' NOTE: get_id should again be used here 1. (nova) `keystone service-create --name nova --type compute` 2. (cinder) `keystone service-create --name cinder --type volume` 3. (glance) `keystone service-create --name glance --type image` 4. (swift) `keystone service-create --name swift --type object-store` 5. (keystone) `keystone service-create --name keystone --type identity` 6. (neutron) `keystone service-create --name neutron --type network` 21. Create keystone endpoints NOTE: ec2 was skipped here 1. `create_endpoint() { eval "keystone endpoint-create --region RegionOne --service-id \$${1}_SERVICE --publicurl '$2' --adminurl '${3:-$2}' --internalurl '${4:-$2}'"; }` 1. (nova) `create_endpoint NOVA 'http://192.168.0.3:8774/v2/$(tenant_id)s'` 2. (cinder) `create_endpoint CINDER 'http://192.168.0.3:8776/v1/$(tenant_id)s'` 3. (glance) `create_endpoint GLANCE 'http://192.168.0.3:9292/v2'` 4. (swift) `create_endpoint SWIFT 'http://192.168.0.3:8080/v1/AUTH_$(tenant_ids)' 'http://192.168.0.3:8080/v1'` 5. (keystone) `create_endpoint KEYSTONE 'http://192.168.0.3:5000/v2.0' 'http://192.168.0.3:35357/v2.0'` 6. (neutron) `create_endpoint NEUTRON 'http://192.168.0.3:9696'` 22. Install Glance `yum install -y openstack-glance python-glanceclient` 23. Configure Glance 1. `$EDITOR /etc/glance/glance-api.conf` 1. `sql_connection = mysql://glance:password@localhost/glance` 2. `admin_tenant_name = service` 3. `admin_user = glance` 4. `admin_password = password` 5. `notifier_strategy = qpid` 2. `$EDITOR /etc/glance/glance-registry.conf` 1. `sql_connection = mysql://glance:password@localhost/glance` 2. `admin_tenant_name = service` 3. `admin_user = glance` 4. `admin_password = password` 24. Restart Glance `service openstack-glance-api restart && service openstack-glance-registry restart` NOTE: this may complain about cinder being missing. Simply install the cinder packages now to fix this problem. 25. Install Glance dbs `glance-manage db_sync` NOTE: this may complain about not being able to import the correct exception. This is due to an issue in the version of migrate that it requests. Modify the file `glance/db/sqlalchemy/migration.py` to say `from migrate.versioning import exceptions as versioning_exceptions` (the modified part is the `.versioning` part) 26. Install Nova `yum install -y openstack-nova openstack-nova-{api,cert,common,conductor,scheduler} python-nova python-novaclient python-nova-adminclient` 27. Configure Nova 1. `$EDITOR /etc/nova/api-paste.ini` (under `filter:authtoken`) 1. `admin_tenant_name = service` 2. `admin_user = nova` 3. `admin_password = password` 2. `$EDITOR /etc/nova/nova.conf` 1. `sql_connection = mysql://nova:password@192.168.0.3/nova` 2. `admin_tenant_name = service` 3. `admin_user = nova` 4. `admin_password = password` and insert (under DEFAULT) 5. `verbose = True scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # nova-api # cc_host=192.168.0.3 auth_strategy=keystone nova_url=http://192.168.0.1:8774/v1.1/ api_paste_config=/etc/nova/api-paste.ini allow_admin_api=true dmz_cidr=169.254.169.254/32 metadata_host=192.168.0.3 metadata_listen=0.0.0.0 enabled_apis=osapi_compute,metadata # Networking # network_api_class=nova.network.neutronv2.api.API neutron_url=http://192.168.0.3:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_admin_username=neutron neutron_admin_password=password neutron_admin_auth_url=http://192.168.0.3:35357/v2.0 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=neutron # Cinder # volume_api_class=nova.volume.cinder.API # Glance # glance_api_servers=192.168.0.3:9292 image_service=nova.image.glance.GlanceImageService # novnc # novnc_enable=true novncproxy_base_url=http://192.168.230.7:6080/vnc_auto.html vncserver_proxyclient_address=192.168.0.3 vncserver_listen=0.0.0.0` 28. Create the Nova DBs `nova-manage db sync` 29. Restart Nova Services `for s in openstack-nova-{api,cert,consoleauth,scheduler,conductor}; do service $s restart; service $s status; done` 30. Install Cinder `yum install -y openstack-cinder python-cinderclient python-cinder` 31. Start iSCSI `service iscsid start && service iscsi start` 32. Configure Cinder 1. `$EDITOR /etc/cinder/cinder.conf` 1. `sql_connection = mysql://cinder:password@localhost/cinder` 2. `admin_tenant_name = service` 3. `admin_user = cinder` 4. `admin_password = password` 5. `auth_strategy = keystone` (under the default section) 2. `$EDITOR /etc/cinder/api-paste.ini` (under filter:authtoken) 1. `admin_tenant_name = service` 2. `admin_user = cinder` 3. `admin_password = password` 33. Create Cinder Volumes 1. `fdisk /dev/sdb` 2. `pvcreate /dev/sdb1` 3. `vgcreate cinder-volumes /dev/sdb1` 34. Restart Cinder services `for s in openstack-cinder-{api,scheduler,volume}; do service $s restart; service $s status; done` 35. Install Neutron `yum install -y openstack-neutron python-neutron python-neutronclient openstack-neutron-openvswitch` 36. Configure Neutron 1. `$EDITOR /etc/neutron/neutron.conf` 1. `core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2` 2. `auth_strategy = keystone` 3. `rpc_backend=neutron.openstack.common.rpc.impl_qpid` 4. `qpid_hostname = localhost` 5. `qpid_port = 5672` 2. `$EDITOR /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini` 1. `[database] connection = mysql://neutron:password@localhost/ovs_neutron` 2. `[OVS] tenant_network_type = gre tunnel_id_ranges = 1:1000 enable_tunneling = True` 3. `$EDITOR /etc/neutron/api-paste.ini` 1. `admin_tenant_name = service` 2. `admin_user = neutron` 3. `admin_password = password` 32. Link `plugin.ini` to `plugins/openvswitch/ovs_neutron_plugin.ini` `ln -s /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini` 33. Start Neutron Server `service neutron-server start` 34. Install Horizon `yum install -y openstack-dashboard memcached python-memcached` 35. Start httpd `service httpd start` NOTE: horizon seems to have an auth error here TODO(sross): iptables seems to block outside connections. Figure out why this is TODO(sross): debug auth error 36. Set Qpid as the default messaging system (and restart services after) `$EDITOR /etc/{nova,neutron,...}` 1. `rpc_backend=nova.rpc.impl_qpid` 2. `qpid_hostname=controller` Network Node (network.rdo-test) ------------------------------- NOTE: remember that eth1 is the external network, NOT eth2 (unlike the basic install guide) 1. Add the repositories: 1. `yum-config-manager --add-repo http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo` (RDO) 2. `yum install -y http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm` (EPEL) 2. Update to grab the new kernel, and reboot to use it `yum -y update && shutdown -r now` 3. Edit the network scripts to contain the correct lines: 1. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth0` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix) 4. `BOOTPROTO=none` 5. `IPADDR=[SEE LAYOUT SECTION]` 6. `DNS1=x.x.x.2` 2. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth1` 1. `ONBOOT=yes` 2. `BOOTPROTO=none` 3. `IPADDR=0.0.0.0` 4. `ETHTOOL_OPTS="promisc"` 3. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth2` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 4. `BOOTPROTO=none` 5. `IPADDR=[SEE LAYOUT SE 4. Edit `/etc/sysctl.conf` `$EDITOR /etc/sysctl.conf` 1. `net.ipv4.ip_forward=1` 2. `net.ipv4.conf.all.rp_filter = 0` 3. `net.ipv4.conf.default.rp_filter = 0` 5. Restart networking `service network restart` 6. Edit hosts file to contain other hosts `$EDITOR /etc/hosts` 1. `192.168.0.3 controller controller.rdo-test` 2. `192.168.0.5 compute compute.rdo-test` 3. `192.168.0.4 network network.rdo-test` 7. Install and configure NTP (skipped for now) 8. Install Open-vSwitch `yum install -y openstack-neutron openstack-neutron-openvswitch` 9. Start Open vSwitch `service openvswitch start` 10. Create Virtual Bridging 1. `ovs-vsctl add-br br-int` 2. `ovs-vsctl add-br br-ex` 3. `ovs-vsctl add-port br-ex eth1` 4. `ip link set up br-ex` 11. Set external bridge IP to whatever eth1's IP was supposed to be 1. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-br-ex` `DEVICE=br-ex TYPE=Bridge ONBOOT=no NM_CONTROLLED=no BOOTPROTO=none IPADDR=192.168.230.8 NETMASK=255.255.255.0 DNS1=192.168.230.2 GATEWAY=192.168.230.2` 2. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth1` 1. `BRIDGE=br-ex` 2. remove the `IPADDR` line 12. Restart networking `service network restart` ??. do the ENABLE A SIMPLE NAT step? 13. Configure Neutron 1. `$EDITOR /etc/neutron/l3_agent.ini` 1. `use_namespaces = False` 2. `debug = True` 3. `interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver` 2. `$EDITOR /etc/neutron/neutron.conf` 1. `auth_host = 192.168.0.3` 2. `admin_tenant_name = service` 3. `admin_user = neutron` 4. `admin_password = password` 5. `auth_url = http://192.168.0.3:35357/v2.0` 6. `auth_strategy = keystone` 7. `core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2` 8. `verbose = True` 9. `rpc_backend = neutron.openstack.common.rpc.impl_qpid 10. `qpid_hostname = 192.168.0.3` 3. `$EDITOR /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini` 1. `[database] sql_connection = mysql://neutron:password@10.10.10.10/neutron` 2. `[ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 enable_tunneling = True integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.10.10.3 firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver` 4. `$EDITOR /etc/neutron/dhcp_agent.ini` 1. `use_namespaces = False` 2. `interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver` 3. `dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq` 14. Restart the Neutron services `for s in neutron-{openvswitch-agent,dhcp-agent,l3-agent}; do service $s restart; service $s status; done` 15. Copy the 'novarc' file from above and source it `scp root@192.168.0.3:~/novarc . && source novarc` 16. Initialize the networks and routers NOTE: once again, `get_id` may be useful here NOTE: you may wish to install `python-keystoneclient` to make getting IDs easier 1. (create the internal network) `neutron net-create --tenant-id $DEMO_TENANT demo-net --provider:network_type gre --provider:segmentation_id 1` 2. (create the internal network's subnet) `neutron subnet-create --tenant-id $DEMO_TENANT --ip_version 4 --name demo-subnet $TENANT_NET_ID 10.5.5.0/24 --gateway 10.5.5.1 --dns_nameservers list=true 192.168.230.2` 3. (create the router) `neutron router-create --tenant-id $DEMO_TENANT demo-router` 4. (attach the internal network's subnet to the router) `neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID` 5. (create the external network) `neutron net-create ext-net -- --router:external=True --provider:network_type gre --provider:segmentation_id 2` 6. (create the external network's subnet) `neutron subnet-create --ip_version 4 --allocation-pool start=192.168.230.100,end=192.168.230.200 --gateway=192.168.230.2 $EXT_NET_ID 192.168.230.0/24 -- --enable_dhcp=False` 7. (connect the router to the external network) `neutron router-gateway-set $ROUTER_ID $EXT_NET_ID` 8. flush ip addr for ext bridge and add ip with mask of 24? 17. Configure Neutron L3 `$EDITOR /etc/neutron/l3_agent.ini` 1. `gateway_external_network_id = [value of $EXT_NET_ID]` 2. `router_id = [value of $ROUTER_ID]` 18. Restart Neutron L3 `service neutron-l3-agent restart` Compute Node (compute.rdo-test) ------------------------------- NOTE: remember that eth1 is the external network, NOT eth2 (unlike the basic install guide) 1. Add the repositories: 1. `yum-config-manager --add-repo http://repos.fedorapeople.org/repos/openstack/openstack-trunk/el6-openstack-trunk.repo` (RDO) 2. `yum install -y http://dl.fedoraproject.org/pub/epel/6Server/x86_64/epel-release-6-8.noarch.rpm` (EPEL) 2. Update to grab the new kernel, and reboot to use it `yum -y update && shutdown -r now` 3. Edit the network scripts to contain the correct lines: 1. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth0` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 3. `GATEWAY=x.x.x.2` (replace the `x.x.x` with the appropriate prefix) 4. `BOOTPROTO=none` 5. `IPADDR=192.168.0.5` 2. `$EDITOR /etc/sysconfig/network-scripts/ifcfg-eth1` 1. `ONBOOT=yes` 2. `NETMASK=255.255.255.0` 4. `BOOTPROTO=none` 5. `IPADDR=10.10.10.4` 4. Edit sysctl.conf to disable route verification `$EDITOR /etc/sysctl.conf` 1. `net.ipv4.conf.all.rp_filter = 0` 2. `net.ipv4.conf.default.rp_filter = 0` 5. Restart networking `service network restart` 6. Edit hosts file to contain other hosts `$EDITOR /etc/hosts` 1. `192.168.0.3 controller controller.rdo-test` 2. `192.168.0.5 compute compute.rdo-test` 3. `192.168.0.4 network network.rdo-test` 7. Install and configure NTP (skipped) 8. Install Nova NOTE: this also installs libvirt if you don't already have it, as well as kvm/qemu `yum install -y openstack-nova python-novaclient` 9. Configure Nova 1. `$EDITOR /etc/nova/api-paste.ini` 1. `auth_host = 192.168.0.3` 2. `admin_tenant_name = service` 3. `admin_user = nova` 4. `admin_password = password` 2. `$EDITOR /etc/nova/nova.conf` 1. `verbose = True` 2. `qpid_hostname = 192.168.0.3` 4. `rpc_backend = qpid` 5. `auth_strategy = keystone` 7. `auth_host = 192.168.0.3` 8. `admin_tenant_name = service` 9. `admin_user = nova` 10. `admin_password = password` 11. `sql_connection = mysql://nova:password@192.168.0.3/nova1 (just follow the guide for the rest of the conf, substituting in 192.168.0.3 or 192.168.230.7 as necessary, instead of 10.x.x.x) 10. Restart Nova and Libvirt `service libvirtd restart && service openstack-nova-compute restart` 11. Install Openvswitch and Neutron `yum install -y openvswitch openstack-neutron openstack-neutron-openvswitch` 12. Start Open vSwitch and Add the internal bridge `service openvswitch start && ovs-vsctl add-br br-int` 13. Configure Neutron 1. `$EDITOR /etc/neutron/neutron.conf` 1. `debug = True` 2. `verbose = True` 3. `rpc_backend = neutron.openstack.common.rpc.impl_qpid` 4. `qpid_hostname = 192.168.0.3` 5. `core_plugin = core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2` 6. `auth_strategy = keystone` 7. `auth_host = 192.168.0.3` 8. `admin_tenant_name = service` 9. `admin_user = neutron` 10. `admin_password = password` 2. `$EDITOR /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini` 1. `[database] sql_connection = mysql://neutron:password@192.1680.3/neutron` 2. `[ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 local_ip = 10.10.10.4 integration_bridge = br-int tunnel_bridge = br-tun enable_tunneling = True 14. (Re)start Neutron `service neutron-openvswitch-agent restart` Notes ===== Swift's endpoint caused some issues. It was not found in the basic-install/yum version of the guide should we use `openstack-db --init --service keystone` instead of the `[service]-manage` executables? If you have issues with the repos not being found, try `yum clean all` first WebSocketProxy may complain about an unknown option 'no_parent'. Simply update python-websockify to solve this issue Notes: the compute node needs this `iptables -I INPUT 10 -p tcp -m multiport --dports 5900:5999 -j ACCEPT` for vnc to work (check correct rule number -- `iptables -nvL` and look for the REJECT rule that rejects everything) (assuming you are using the IPTables firewall -- packstack actually inserts this line itself, it would seem) Note: iptables on the network node don't like gre tunnels, and thus block gre packets. As you may surmise, this is not particularly useful. TODO: figure out why Neutron doesn't automatically unblock GRE packets in iptables. For now simply disabling iptables seems to work fine, but this is not a good long-term solution neutron dhcp agent dies after launch, [-may need to chown -R neutron:neutron /var/lib/neutron-] need iptables for snat, but can disable firewall by setting firewall to Noop in both neutron. in order to get snat working, need to delete the first line of neutron-l3-agent-postrouting?