For OpenStack multi-node network interface ==> http://docs.openstack.org/security-guide/networking/architecture.html
If your instance do not have an IP address run command
dhclientCheck locale
python -c 'import locale; print(locale.getdefaultlocale());'In case of an error and depending on wheather you have a .bashrc run below command else replace .bashrc in it with .bash_profile
printf "LANG=en_US.UTF-8\nLC_ALL=en_US.UTF-8"| tee -a ~/.bashrc | source ~/.bashrcTo sync time
apt-get install ntpapt-get install software-properties-commonadd-apt-repository cloud-archive:mitakaapt-get update && apt-get dist-upgradeReboot if the update process has a new kernel
reboot apt-get install python-openstackclient shutdown now ip a | less dhclient hostname control hostname network hostname computeOn all the nodes add these host file entries, for example
vi /etc/hosts10.10.10.2 control
10.10.10.3 network
10.10.10.4 compute
apt-get install mariadb-server python-mysqldb vi /etc/mysql/conf.d/mysqld_openstack.cnf[mysqld]
bind-address = 10.10.10.2
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
service mysql restart apt-get install rabbitmq-server rabbitmqctl add_user openstack password rabbitmqctl set_permissions openstack ".*" ".*" ".*"Below is optional
apt-get install memcached python-memcache vim /etc/memcached.conf-l 10.10.10.2
service memcached restart mysql –u root –pCREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';exit;echo "manual" > /etc/init/keystone.override apt-get install keystone apt-get install apache2 libapache2-mod-wsgi vi /etc/keystone/keystone.conf[default]
...
admin_token = password
[database]
...
connection = mysql+pymysql://keystone:password@control/keystone
[memcache]
...
localhost:11211
[token]
...
provider = fernet
#driver = memcache //need to see if this is still relevent in Mitaka
su -s /bin/sh -c "keystone-manage db_sync" keystoneInitializing the fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone vi /etc/apache2/apache2.confServerName control
vi /etc/apache2/sites-available/wsgi-keystone.confListen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/apache2/keystone.log
CustomLog /var/log/apache2/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled service apache2 restart export OS_TOKEN=password
export OS_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3 tail -f /var/log/apache2/keystone.log openstack service create \
--name keystone \
--description "OpenStack Identity" identity openstack endpoint create \
--region RegionOne \
identity public http://control:5000/v3 openstack endpoint create \
--region RegionOne \
identity internal http://control:5000/v3 openstack endpoint create \
--region RegionOne \
identity admin http://control:35357/v3openstack domain create \
--description "Default Domain" default openstack project create \
--domain default \
--description "Admin Project" admin openstack user create --domain default \
--password-prompt admin openstack role create admin openstack role add --project admin --user admin adminopenstack project create --domain default \
--description "Service Project" service vi /etc/keystone/policy.json unset OS_TOKEN OS_URL vi admin.opensrc.sh export OS_AUTH_URL=http://control:35357/v3
export OS_PROJECT_DOMAIN_NAME=default
export OS_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_IMAGE_API_VERSION=2
export OS_USER_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
source admin.opensrc.sh openstack token issue mysql -u root -p CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
exit; source admin.opensrc.sh
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance adminopenstack service create --name glance --description "OpenStack Image service" imageopenstack endpoint create --region RegionOne image public http://control:9292openstack endpoint create --region RegionOne image internal http://control:9292openstack endpoint create --region RegionOne image admin http://control:9292 apt-get install glance vi /etc/glance/glance-api.conf[database]
...
connection = mysql+pymysql://glance:password@control/glance
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = password
#Adding the below line to [keystone_authtoken] is optional if you have installed memcached
memcached_servers = control:11211
[paste_deploy]
...
flavor = keystone
[glance_store]
...
default_store = file
stores = file,http
filesystem_store_datadir = /var/lib/glance/images/
vi /etc/glance/glance-registry.conf[database]
...
connection = mysql+pymysql://glance:password@control/glance
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = password
#adding the below line to [keystone_authtoken] is optional if you have installed memcached
memcached_servers = control:11211
[paste_deploy]
...
flavor = keystone
su -s /bin/sh -c "glance-manage db_sync" glance service glance-registry restart
service glance-api restart echo "export OS_IMAGE_API_VERSION=2" | tee -a admin.opensrc.sh source admin.opensrc.sh wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public openstack image-list mysql -u root -pCREATE DATABASE nova_api;
CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password'; exit; source admin.opensrc.sh openstack user create --domain default --password-prompt nova openstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://control:8774/v2.1/%\(tenant_id\)s openstack endpoint create --region RegionOne compute internal http://control:8774/v2.1/%\(tenant_id\)sopenstack endpoint create --region RegionOne compute admin http://control:8774/v2.1/%\(tenant_id\)s apt-get install nova-api nova-cert nova-conductor nova-consoleauth nova-novncproxy nova-scheduler vi /etc/nova/nova.conf [DEFAULT]
...
my_ip = 10.10.10.2
enabled_apis=osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[database]
...
connection = mysql+pymysql://nova:password@control/nova
[api_database]
...
connection = mysql+pymysql://nova:password@control/nova_api
[oslo_messaging_rabbit]
...
rabbit_host = control
rabbit_userid = openstack
rabbit_password = password
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = password
#Adding the below line to [keystone_authtoken] is optional if you have installed memcached
memcached_servers = control:11211
[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
...
api_servers = http://control:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova for service in api cert consoleauth conductor scheduler novncproxy; do
service nova-$service restart
done ip a
hostname compute
vi /etc/hosts
apt-get install nova-compute
vi /etc/nova/nova.conf[DEFAULT]
...
my_ip = 10.10.10.4
rpc_backend = rabbit
auth_strategy = keystone
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit]
...
rabbit_host = control
rabbit_userid = openstack
rabbit_password = password
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = password
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://control:6080/vnc_auto.html
[glance]
...
api_servers = http://control:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
egrep -c '(vmx|svm)' /proc/cpuinfoIf the above returns zero
vi /etc/nova/nova-compute.conf[libvirt]
...
virt_type = qemu
service nova-compute restartNow on control
source admin.opensrc.sh openstack compute service listhttps://wiki.openstack.org/wiki/Neutron/PNI-VNI-Pluggable-Framework
On The control node
mysql -u root -pCREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';exit;source admin.opensrc.shopenstack user create --domain default --password-prompt neutronopenstack role add --project service --user neutron adminopenstack service create --name neutron --description "OpenStack Networking" networkopenstack endpoint create --region RegionOne network public http://control:9696openstack endpoint create --region RegionOne network internal http://control:9696openstack endpoint create --region RegionOne network admin http://control:9696 apt-get install neutron-server neutron-plugin-ml2cat /etc/neutron/neutron.conf | grep "^[^#$]" > neutron.conf.bkpvi /etc/neutron/neutron.conf[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
...
[database]
connection = mysql+pymysql://neutron:password@control/neutron
...
[oslo_messaging_rabbit]
rabbit_host = control
rabbit_userid = openstack
rabbit_password = password
...
[keystone_authtoken]
auth_uri = http://control:5000
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = password
...
Optional
memcached_servers = control:11211
[nova]
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = password
cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep "^[^#$]"> ml2_conf.ini.bkp
vi /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vlan, vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
...
[ml2_type_flat]
flat_networks = external
...
[ml2_type_vlan]
network_vlan_ranges = external,vlan:1000:2999
...
[ml2_type_vxlan]
vni_ranges = 1:1000
...
[securitygroup]
enable_ipset = True
...
cat /etc/nova/nova.conf | grep "^[^#$]"> nova.conf.bkp2
vi /etc/nova/nova.conf[DEFAULT]
network_api_class=nova.network.neutronv2.api.API
security_group_api=neutron
...
[neutron]
...
url = http://control:9696
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = password
service_metadata_proxy = True
metadata_proxy_shared_secret = password
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutronservice neutron-server restart service nova-api restart On Network node from here
Refer to this link if you would need any more information http://docs.openstack.org/mitaka/config-reference/tables/conf-changes/nova.html
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.rp_filter=0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.rp_filter=0' >> /etc/sysctl.conf
sysctl -papt-get install neutron-plugin-ml2 neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agentcat /etc/neutron/plugins/ml2/linuxbridge_agent.ini | grep "^[^#$]" > linuxbridge_agent.ini.bkp
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]
physical_interface_mappings = vlan:eth1,external:eth2
[agent]
prevent_arp_spoofing = True
[vxlan]
enable_vxlan = True
local_ip = 10.10.10.3
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
...
[agent]
prevent_arp_spoofing = True
cat /etc/neutron/l3_agent.ini | grep "^[^#$]" > l3_agent.ini.bkp
vi /etc/neutron/l3_agent.ini[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
...
cat /etc/neutron/dhcp_agent.ini | grep "^[^#$]" > dhcp_agent.ini.bkp
vi /etc/neutron/dhcp_agent.ini[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
...
cat /etc/neutron/metadata_agent.ini | grep "^[^#$]" > metadata_agent.ini.bkp
vi /etc/neutron/metadata_agent.ini[DEFAULT]
nova_metadata_ip = control
metadata_proxy_shared_secret = password
...
cat /etc/neutron/neutron.conf | grep "^[^#$]" > neutron.conf.bkp
vi /etc/neutron/neutron.conf[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
...
[oslo_messaging_rabbit]
rabbit_host = control
rabbit_userid = openstack
rabbit_password = password
...
[keystone_authtoken]
auth_uri = http://control:5000
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = password
...
for service in linuxbridge-agent dhcp-agent metadata-agent l3-agent; do
service neutron-$service restart
done for service in linuxbridge-agent dhcp-agent metadata-agent l3-agent; do
service neutron-$service status
done On compute node
echo 'net.ipv4.conf.default.rp_filter=0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.all.rp_filter=0' >> /etc/sysctl.conf
sysctl -p apt-get install neutron-linuxbridge-agentvi /etc/neutron/neutron.conf[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
...
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = password
[oslo_messaging_rabbit]
rabbit_host = control
rabbit_userid = openstack
rabbit_password = password
...
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]
physical_interface_mappings = vlan:eth1
[vxlan]
enable_vxlan = True
local_ip = 10.10.10.4
l2_population = True
[agent]
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True
vi /etc/nova/nova.conf[neutron]
url = http://control:9696
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = password
service_metadata_proxy = True
metadata_proxy_shared_secret = password
service nova-compute restart
service neutron-linuxbridge-agent restartneutron ext-listneutron agent-list apt-get install openstack-dashboard vi /etc/openstack-dashboard/local_settings.pyOPENSTACK_HOST = "control"
ALLOWED_HOSTS = ['*', ]
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE
This is optionsl for memcached session storage. (Comment out anything else)
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
service apache2 reload