OpenStack Grizzly Setup ======================= This is a two node setup hand-configured. Controller node: 192.168.122.218 -- fedora-ostk Compute node : 192.168.122.46 -- meadow-compute Keystone -------- $ yum install openstack-keystone \ openstack-utils dnsmasq-utils -y $ openstack-db --init --service keystone $ export SERVICE_TOKEN=$(openssl rand -hex 10) $ export SERVICE_ENDPOINT=http://192.168.122.218:35357/v2.0 $ echo $SERVICE_TOKEN > /tmp/ks_admin_token $ cat /tmp/ks_admin_token $ openstack-config --set /etc/keystone/keystone.conf \ DEFAULT admin_token $SERVICE_TOKEN $ keystone-manage pki_setup --keystone-user keystone \ --keystone-group keystone $ chown -R keystone:keystone /etc/keystone/ssl $ systemctl start openstack-keystone.service $ systemctl status openstack-keystone.service $ systemctl enable openstack-keystone.service $ keystone service-create --name keystone --type identity \ --description "Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | id | 229848275be9490b9d993a0fc6b9c89b | | name | keystone | | type | identity | +-------------+----------------------------------+ $ keystone endpoint-create --service_id 229848275be9490b9d993a0fc6b9c89b \ --publicurl 'http://192.168.122.218:5000/v2.0' \ --adminurl 'http://192.168.122.218:35357/v2.0' \ --internalurl 'http://192.168.122.218:5000/v2.0' +-------------+-----------------------------------+ | Property | Value | +-------------+-----------------------------------+ | adminurl | http://192.168.122.218:35357/v2.0 | | id | dd74580e26424d839737e758013d6752 | | internalurl | http://192.168.122.218:5000/v2.0 | | publicurl | http://192.168.122.218:5000/v2.0 | | region | regionOne | | service_id | 229848275be9490b9d993a0fc6b9c89b | +-------------+-----------------------------------+ $ keystone user-create --name admin --pass redhat $ keystone role-create --name admin $ keystone tenant-create --name admin $ keystone user-role-add --user admin \ --role admin --tenant admin $ cat >> ~/keystonerc_admin <> ~/keystonerc_kashyap <> /etc/tgt/targets.conf $ systemctl start tgtd.service $ systemctl status tgtd.service $ systemctl enable tgtd.service # Start Cinder services $ systemctl start openstack-cinder-api.service $ systemctl status openstack-cinder-api.service $ systemctl start openstack-cinder-scheduler.service $ systemctl status openstack-cinder-scheduler.service $ systemctl start openstack-cinder-volume.service $ systemctl status openstack-cinder-volume.service # Enable the services $ systemctl enable openstack-cinder-api.service $ systemctl enable openstack-cinder-scheduler.service $ systemctl enable openstack-cinder-volume.service $ keystone service-create --name cinder \ > --type volume --description "Cinder Volume Service" WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Cinder Volume Service | | id | 3ece9c3601b44daba263662f404e98bf | | name | cinder | | type | volume | +-------------+----------------------------------+ $ keystone endpoint-create --service_id 3ece9c3601b44daba263662f404e98bf \ --publicurl "http://192.168.122.218:8776/v1/\$(tenant_id)s" \ --adminurl "http://192.168.122.218:8776/v1/\$(tenant_id)s" \ --internalurl "http://192.168.122.218:8776/v1/\$(tenant_id)s" WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------------------+ | Property | Value | +-------------+----------------------------------------------+ | adminurl | http://192.168.122.218:8776/v1/$(tenant_id)s | | id | fa1773afbf0d43f5ae0458c2712d5a38 | | internalurl | http://192.168.122.218:8776/v1/$(tenant_id)s | | publicurl | http://192.168.122.218:8776/v1/$(tenant_id)s | | region | regionOne | | service_id | 3ece9c3601b44daba263662f404e98bf | +-------------+----------------------------------------------+ # Test $ cinder create --display-name testvol2 1 $ cinder list $ lvs Quantum ------- Quantum on Controller node ~~~~~~~~~~~~~~~~~~~~~~~~~~ $ yum install openstack-quantum openstack-quantum-openvswitch -y $ systemctl start openvswitch.service $ systemctl enable openvswitch.service $ systemctl enable quantum-ovs-cleanup.service $ ovs-vsctl add-br br-int $ ovs-vsctl show 36e012ac-87ec-4225-867a-538d937a26f4 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "1.10.0" $ cat < /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet EOF $ ifup eth1 $ ovs-vsctl add-br br-eth1 $ ovs-vsctl show 36e012ac-87ec-4225-867a-538d937a26f4 Bridge br-int Port br-int Interface br-int type: internal Bridge "br-eth1" Port "br-eth1" Interface "br-eth1" type: internal ovs_version: "1.10.0" $ ovs-vsctl add-port br-eth1 eth1 $ ovs-vsctl show 36e012ac-87ec-4225-867a-538d937a26f4 Bridge br-int Port br-int Interface br-int type: internal Bridge "br-eth1" Port "br-eth1" Interface "br-eth1" type: internal Port "eth1" Interface "eth1" ovs_version: "1.10.0" $ cat < /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex BOOTPROTO=static ONBOOT=yes IPADDR=192.168.122.218 NETMASK=255.255.255.0 GATEWAY=192.168.122.1 EOF # Take backup $ cp /etc/sysconfig/network-scripts/ifcfg-eth0 \ /root/ifcfg-eth0-backup # Unconfigure eth0 $ cat < /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 TYPE=Ethernet ONBOOT="yes" NM_CONTROLLED=no BOOTPROTO=static EOF # Create an external bridge and attach it to eth0: # NOTE: Do this from a serial console. Network connectivity # will be lost. $ ovs-vsctl add-br br-ex $ ovs-vsctl add-port br-ex eth0 $ ovs-vsctl show 36e012ac-87ec-4225-867a-538d937a26f4 Bridge br-ex Port "eth0" Interface "eth0" Port br-ex Interface br-ex type: internal Bridge br-int Port br-int Interface br-int type: internal Bridge "br-eth1" Port "br-eth1" Interface "br-eth1" type: internal Port "eth1" Interface "eth1" ovs_version: "1.10.0" # Restart Networking $ systemctl stop NetworkManager $ systemctl restart network $ systemctl status network # Note adjust $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 br-ex 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1007 0 0 br-ex 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex $ ifconfig br-eth1: flags=67 mtu 1500 inet6 fe80::28c2:63ff:fe40:19d prefixlen 64 scopeid 0x20 ether 26:cd:69:ef:22:4a txqueuelen 0 (Ethernet) RX packets 838 bytes 43226 (42.2 KiB) RX errors 0 dropped 725 overruns 0 frame 0 TX packets 6 bytes 468 (468.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-ex: flags=67 mtu 1500 inet 192.168.122.218 netmask 255.255.255.0 broadcast 192.168.122.255 inet6 fe80::96:1ff:fe1c:9945 prefixlen 64 scopeid 0x20 ether 02:96:01:1c:99:45 txqueuelen 0 (Ethernet) RX packets 687 bytes 38612 (37.7 KiB) RX errors 0 dropped 577 overruns 0 frame 0 TX packets 62 bytes 5268 (5.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-int: flags=67 mtu 1500 inet6 fe80::5001:60ff:fec2:8ac1 prefixlen 64 scopeid 0x20 ether da:e4:70:a6:89:40 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 6 bytes 468 (468.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163 mtu 1500 inet6 fe80::5054:ff:fe96:b257 prefixlen 64 scopeid 0x20 ether 52:54:00:96:b2:57 txqueuelen 1000 (Ethernet) RX packets 142891 bytes 353343376 (336.9 MiB) RX errors 0 dropped 39 overruns 0 frame 0 TX packets 48961 bytes 5815689 (5.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163 mtu 1500 inet6 fe80::5054:ff:fe4e:726e prefixlen 64 scopeid 0x20 ether 52:54:00:4e:72:6e txqueuelen 1000 (Ethernet) RX packets 2073 bytes 108936 (106.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 115 bytes 8549 (8.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 21414 bytes 240104968 (228.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 21414 bytes 240104968 (228.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 # HACK $ vi /usr/bin/quantum-server-setup # # Setup Quantum $ /usr/bin/quantum-server-setup Please select a plugin from: linuxbridge openvswitch Choice: openvswitch Quantum plugin: openvswitch Plugin: openvswitch => Database: ovs_quantum Redirecting to /bin/systemctl status mysqld.service Please enter the password for the 'root' MySQL user: Verified connectivity to MySQL. Would you like to update the nova configuration files? (y/n): y Please install OpenStack compute and then set the values in /etc/nova/nova.conf DEFAULT section network_api_classi=nova.network.quantumv2.api.API quantum_admin_username=admin quantum_admin_password=redhat quantum_admin_auth_url=http://192.168.122.218:35357/v2.0/ quantum_auth_strategy=keystone quantum_admin_tenant_name=admin quantum_url=http://localhost:9696/ firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=quantum Configuration updates complete! # Config $ openstack-config --set /etc/quantum/quantum.conf DEFAULT \ core_plugin quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2 $ openstack-config --set /etc/quantum/quantum.conf DEFAULT \ ovs_use_veth True $ openstack-config --set /etc/quantum/quantum.conf DEFAULT \ allow_overlapping_ips True $ openstack-config --set /etc/quantum/quantum.conf DEFAULT \ rpc_backend quantum.openstack.common.rpc.impl_qpid $ openstack-config --set /etc/quantum/quantum.conf DEFAULT \ qpid_hostname 192.168.122.218 $ openstack-config --set /etc/quantum/quantum.conf DEFAULT \ qpid_port 5672 # Make Quantum Keystone entries $ openstack-config --set /etc/quantum/quantum.conf \ DEFAULT auth_strategy keystone $ openstack-config --set /etc/quantum/quantum.conf \ keystone_authtoken auth_host 192.168.122.218 $ openstack-config --set /etc/quantum/quantum.conf \ keystone_authtoken admin_tenant_name services $ openstack-config --set /etc/quantum/quantum.conf \ keystone_authtoken admin_user quantum $ openstack-config --set /etc/quantum/quantum.conf \ keystone_authtoken admin_password redhat # Configure the plugin $ ll /etc/quantum/plugin.ini $ openstack-config --set /etc/quantum/plugin.ini DATABASE \ sql_connection mysql://quantum:quantum@192.168.122.218/ovs_quantum # Configure OVS to use VLAN $ openstack-config --set /etc/quantum/plugin.ini \ OVS tenant_network_type vlan $ openstack-config --set /etc/quantum/plugin.ini \ OVS network_vlan_ranges physnet1:1000:2999 $ openstack-config --set /etc/quantum/plugin.ini \ OVS bridge_mappings physnet1:br-eth1 # Set firewall options $ openstack-config --set /etc/quantum/plugin.ini \ SECURITYGROUP firewall_driver \ quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # Configure DHCP agent to use OVS $ openstack-config --set /etc/quantum/dhcp_agent.ini \ DEFAULT interface_driver quantum.agent.linux.interface.OVSInterfaceDriver # Handle routes $ openstack-config --set /etc/quantum/dhcp_agent.ini \ DEFAULT handle_internal_only_routers True # Handle external bridge network $ openstack-config --set /etc/quantum/dhcp_agent.ini \ DEFAULT handle_internal_only_routers True # Use network namespaces $ openstack-config --set /etc/quantum/dhcp_agent.ini \ DEFAULT use_namespaces True # Take backup of l3-agent.ini $ cp /etc/quantum/l3_agent.ini ~/l3-agent.ini.back # Copy dhcp_agent to l3 agent $ cp /etc/quantum/dhcp_agent.ini /etc/quantum/l3_agent.ini # Keystone config $ keystone user-create --name quantum --pass redhat WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 4ad28c5c0816476c9875b413074e3f7c | | name | quantum | | tenantId | | +----------+----------------------------------+ $ keystone user-role-add --user quantum --role admin \ --tenant services $ keystone service-create --name quantum --type network \ --description "Quantum Network Service" $ keystone service-create --name quantum --type network \ --description "Quantum Network Service" WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Quantum Network Service | | id | ad6a3215c7234718bc7ee6c1dcaa62d8 | | name | quantum | | type | network | +-------------+----------------------------------+ $ keystone endpoint-create --service_id ad6a3215c7234718bc7ee6c1dcaa62d8 \ --publicurl "http://192.168.122.218:9696" \ --adminurl "http://192.168.122.218:9696" \ --internalurl "http://192.168.122.218:9696" # Start, enable and check the status of all the Quantum services $ for i in start enable status; \ do systemctl $i openvswitch; done $ for i in start enable status; \ do systemctl $i quantum-server; done $ for i in start enable status; \ do systemctl $i quantum-l3-agent; done $ for i in start enable status; \ do systemctl $i quantum-dhcp-agent; done $ for i in start enable status; \ do systemctl $i quantum-openvswitch-agent; done $ for i in start enable status; \ do systemctl $i quantum-ovs-cleanup; done Quantum on Compute node ~~~~~~~~~~~~~~~~~~~~~~~ $ yum install openstack-quantum openstack-quantum-openvswitch \ bridge-utils -y $ scp root@192.168.122.218:/etc/quantum/quantum.conf \ /etc/quantum/quantum.conf $ scp root@192.168.122.218:/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini \ /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini $ ln -s /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini \ /etc/quantum/plugin.ini # Create bridges: $ cat < /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=eth1 BOOTPROTO=static NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet EOF $ ifup eth1 $ systemctl start openvswitch $ systemctl status openvswitch $ systemctl enable openvswitch $ ovs-vsctl add-br br-int $ ovs-vsctl add-br br-eth1 $ ovs-vsctl add-port br-eth1 eth1 $ ovs-vsctl show 06644e89-d687-443e-b3f7-b11bcae2414a Bridge br-int Port br-int Interface br-int type: internal Bridge "br-eth1" Port "eth1" Interface "eth1" Port "br-eth1" Interface "br-eth1" type: internal ovs_version: "1.10.0" # Start the L2 agent, and OVS Cleanup $ for i in enable start status; \ do systemctl $i quantum-openvswitch-agent; done $ for i in enable start status; \ do systemctl $i quantum-ovs-cleanup; done Nova ---- Nova on Controller node ~~~~~~~~~~~~~~~~~~~~~~~ $ yum install openstack-nova -y $ openstack-db --init --service nova $ keystone user-create --name nova --pass redhat $ keystone user-role-add --user nova \ --role admin --tenant services $ /etc/nova/nova.conf [DEFAULT] logdir = /var/log/nova state_path = /var/lib/nova lock_path = /var/lib/nova/tmp volumes_dir = /etc/nova/volumes dhcpbridge = /usr/bin/nova-dhcpbridge dhcpbridge_flagfile = /etc/nova/nova.conf force_dhcp_release = True injected_network_template = /usr/share/nova/interfaces.template libvirt_nonblocking = True libvirt_inject_partition = -1 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver iscsi_helper = tgtadm sql_connection = mysql://nova:nova@192.168.122.218/nova compute_driver = libvirt.LibvirtDriver libvirt_type=qemu rpc_backend = nova.openstack.common.rpc.impl_qpid rootwrap_config = /etc/nova/rootwrap.conf auth_strategy = keystone firewall_driver=nova.virt.firewall.NoopFirewallDriver volume_api_class = nova.volume.cinder.API enabled_apis = ec2,osapi_compute,metadata my_ip=192.168.122.218 qpid_hostname=192.168.122.218 qpid_port=5672 glance_host=192.168.122.218 network_api_class = nova.network.quantumv2.api.API quantum_admin_username = quantum quantum_admin_password = redhat quantum_admin_auth_url = http://192.168.122.218:35357/v2.0/ quantum_auth_strategy = keystone quantum_admin_tenant_name = services quantum_url = http://192.168.122.218:9696/ security_group_api = quantum [keystone_authtoken] admin_tenant_name = services admin_user = nova admin_password = redhat auth_host = 192.168.122.218 auth_port = 35357 auth_protocol = http signing_dirname = /tmp/keystone-signing-nova $ chown root:nova /etc/nova/nova.conf $ restorecon /etc/nova/nova.conf $ chmod 640 /etc/nova/nova.conf # Start the api, scheduler, conductor services $ for i in start enable status; \ do systemctl $i openstack-nova-api; done $ for i in start enable status; \ do systemctl $i openstack-nova-scheduler; done $ for i in start enable status; \ do systemctl $i openstack-nova-conductor; done # Set the editor $ export EDITOR=$(which vi) Nova on Compute note ~~~~~~~~~~~~~~~~~~~~ $ yum install openstack-nova-compute python-cinderclient \ libvirt -y $ for i in start enable status; \ do systemctl $i libvirtd; done $ scp root@192.168.122.218:/etc/nova/nova.conf /etc/nova/nova.conf $ chown root:nova /etc/nova/nova.conf $ restorecon /etc/nova/nova.conf $ chmod 640 /etc/nova/nova.conf $ sed -i 's/my_ip=.*/my_ip=192.168.122.46/g' /etc/nova/nova.conf $ grep 46 /etc/nova/nova.conf my_ip=192.168.122.46 $ for i in start enable status; \ do systemctl $i openstack-nova-compute; done Create service endpoints on Controller ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ keystone service-create --name nova --type compute \ --description "Nova Compute Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Compute Service | | id | a07060a1fc154732846696f63574e235 | | name | nova | | type | compute | +-------------+----------------------------------+ $ keystone endpoint-create --service_id \ a07060a1fc154732846696f63574e235 \ --publicurl "http://192.168.122.218:8774/v1.1/\$(tenant_id)s" \ --adminurl "http://192.168.122.218:8774/v1.1/\$(tenant_id)s" \ --internalurl "http://192.168.122.218:8774/v1.1/\$(tenant_id)s" +-------------+------------------------------------------------+ | Property | Value | +-------------+------------------------------------------------+ | adminurl | http://192.168.122.218:8774/v1.1/$(tenant_id)s | | id | 8ac9739ed35943889547371a533e1d00 | | internalurl | http://192.168.122.218:8774/v1.1/$(tenant_id)s | | publicurl | http://192.168.122.218:8774/v1.1/$(tenant_id)s | | region | regionOne | | service_id | a07060a1fc154732846696f63574e235 | +-------------+------------------------------------------------+ $ nova-manage service list Binary Host Zone Status State Updated_At nova-scheduler fedora-ostk internal enabled :-) 2013-07-31 12:06:36 nova-conductor fedora-ostk internal enabled :-) 2013-07-31 12:06:38 nova-compute meadow-compute nova enabled :-) 2013-07-31 12:06:40 # Test nova $ nova image-list +--------------------------------------+----------+--------+--------+ | ID | Name | Status | Server | +--------------------------------------+----------+--------+--------+ | 3c2ac273-a68a-4f96-a5b4-fc8eec82a282 | fedora19 | ACTIVE | | +--------------------------------------+----------+--------+--------+ # Test Cinder $ cinder create --display-name Test3 1 $ cinder list $ nova volume-list Configure networks ~~~~~~~~~~~~~~~~~~ $ keystone tenant-list | grep services | awk '{print $2;}' 9273791aaffb4df9927bc058622c5029 # Create a network $ quantum net-create --tenant-id 9273791aaffb4df9927bc058622c5029 ext --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 63d13db7-500d-4593-a6f9-c6d3df58d56f | | name | ext | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1000 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 9273791aaffb4df9927bc058622c5029 | +---------------------------+--------------------------------------+ # Create a subnet $ quantum subnet-create --tenant-id 9273791aaffb4df9927bc058622c5029 \ ext 192.168.122.0/24 --enable_dhcp=False --allocation-pool \ start=192.168.122.10,end=192.168.122.200 --gateway-ip \ 192.168.122.1 Created a new subnet: +------------------+-------------------------------------------------------+ | Field | Value | +------------------+-------------------------------------------------------+ | allocation_pools | {"start": "192.168.122.10", "end": "192.168.122.200"} | | cidr | 192.168.122.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 192.168.122.1 | | host_routes | | | id | 6bd72750-dbb6-45ad-a355-70fbc8f804df | | ip_version | 4 | | name | | | network_id | 63d13db7-500d-4593-a6f9-c6d3df58d56f | | tenant_id | 9273791aaffb4df9927bc058622c5029 | +------------------+-------------------------------------------------------+ # List the netowrks $ quantum net-list +--------------------------------------+------+-------------------------------------------------------+ | id | name | subnets | +--------------------------------------+------+-------------------------------------------------------+ | 63d13db7-500d-4593-a6f9-c6d3df58d56f | ext | 6bd72750-dbb6-45ad-a355-70fbc8f804df 192.168.122.0/24 | +--------------------------------------+------+-------------------------------------------------------+ # List the subnets $ quantum subnet-list +--------------------------------------+------+------------------+-------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+------+------------------+-------------------------------------------------------+ | 6bd72750-dbb6-45ad-a355-70fbc8f804df | | 192.168.122.0/24 | {"start": "192.168.122.10", "end": "192.168.122.200"} | +--------------------------------------+------+------------------+-------------------------------------------------------+ # Get details of a network: $ quantum net-show ext +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 63d13db7-500d-4593-a6f9-c6d3df58d56f | | name | ext | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 1000 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | 6bd72750-dbb6-45ad-a355-70fbc8f804df | | tenant_id | 9273791aaffb4df9927bc058622c5029 | +---------------------------+--------------------------------------+ Horizon (FIXME) --------------- $ yum install openstack-dashboard -y $ setsebool -P httpd_can_network_connect on $ for i in start enable status; \ do systemctl $i httpd; done Deploy Instances ---------------- $ source keystonerc_kashyap $ quantum net-create int Created a new network: +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | 4a04382f-03bf-49a9-9d4a-35ab9ffc22ad | | name | int | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | deee85c26f34453c9172b47850bbd4b6 | +-----------------+--------------------------------------+ # Create a subnet: $ $ quantum subnet-create int 30.0.0.0/24 --dns_nameservers list=true 192.168.122.1 Created a new subnet: +------------------+--------------------------------------------+ | Field | Value | +------------------+--------------------------------------------+ | allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} | | cidr | 30.0.0.0/24 | | dns_nameservers | 192.168.122.1 | | enable_dhcp | True | | gateway_ip | 30.0.0.1 | | host_routes | | | id | e41bc2d1-76dd-4395-a5d4-87763f369129 | | ip_version | 4 | | name | | | network_id | 4a04382f-03bf-49a9-9d4a-35ab9ffc22ad | | tenant_id | deee85c26f34453c9172b47850bbd4b6 | +------------------+--------------------------------------------+ # Create a router $ quantum router-create router1 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 1fabd5f0-f80b-468d-b733-1b80d0c3e80f | | name | router1 | | status | ACTIVE | | tenant_id | deee85c26f34453c9172b47850bbd4b6 | +-----------------------+--------------------------------------+ # Connect the gateway to the external network $ quantum router-gateway-set router1 ext # List the subnet, note the subnet ID # to which we're linking the router to $ quantum subnet-list +--------------------------------------+------+-------------+--------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+------+-------------+--------------------------------------------+ | e41bc2d1-76dd-4395-a5d4-87763f369129 | | 30.0.0.0/24 | {"start": "30.0.0.2", "end": "30.0.0.254"} | +--------------------------------------+------+-------------+--------------------------------------------+ # Add the router interface to the above subnet $ quantum router-interface-add router1 e41bc2d1-76dd-4395-a5d4-87763f369129 # Start instances $ source keystonerc_kashyap $ nova flavor-list $ nova image-list # Boot the instance $ nova boot --flavor 1 --image \ 3c2ac273-a68a-4f96-a5b4-fc8eec82a282 f19test1 # List and ensure the guest is Active $ nova list Creating Floating IP Addresses ------------------------------ # Source the user credentials $ source keystonerc_kashyap # Create a floating IP for the tenant (in our case, this is 'ostenant') $ quantum floatingip-create ext Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | | | floating_ip_address | 192.168.122.11 | | floating_network_id | 63d13db7-500d-4593-a6f9-c6d3df58d56f | | id | 9a902657-bff6-4b77-b193-08f46e0165b5 | | port_id | | | router_id | | | tenant_id | deee85c26f34453c9172b47850bbd4b6 | +---------------------+--------------------------------------+ Associate a Floating IP Address ------------------------------- # List the instances $ nova list +--------------------------------------+----------+--------+--------------+ | ID | Name | Status | Networks | +--------------------------------------+----------+--------+--------------+ | 71783b03-0e8b-4967-8f89-08bee00b42c0 | f19test2 | ACTIVE | int=30.0.0.2 | | 5b451cd5-4d89-490f-b29b-224ad1bbecc4 | f19test3 | ACTIVE | int=30.0.0.4 | +--------------------------------------+----------+--------+--------------+ # Get the Floating IP list $ quantum floatingip-list +--------------------------------------+------------------+---------------------+---------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+---------+ | 9a902657-bff6-4b77-b193-08f46e0165b5 | | 192.168.122.11 | | +--------------------------------------+------------------+---------------------+---------+ # List the ports ID of the assigned IP address for the current tenant (ostenant) $ quantum port-list | grep 30.0.0.2 | 913a45d7-caf8-4e42-81cf-52835f983357 | | fa:16:3e:b9:ba:3c | {"subnet_id": "e41bc2d1-76dd-4395-a5d4-87763f369129", "ip_address": "30.0.0.2"} | # Associate the floating ip and fixed ip $ quantum floatingip-associate 9a902657-bff6-4b77-b193-08f46e0165b5 913a45d7-caf8-4e42-81cf-52835f983357 Associated floatingip 9a902657-bff6-4b77-b193-08f46e0165b5 # List the floating IPs $ quantum floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 9a902657-bff6-4b77-b193-08f46e0165b5 | 30.0.0.2 | 192.168.122.11 | 913a45d7-caf8-4e42-81cf-52835f983357 | +--------------------------------------+------------------+---------------------+--------------------------------------+ Check network namespaces ------------------------ $ ip netns list qdhcp-4a04382f-03bf-49a9-9d4a-35ab9ffc22ad qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: qg-a591a701-ad: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:d1:c4:60 brd ff:ff:ff:ff:ff:ff inet 192.168.122.10/24 brd 192.168.122.255 scope global qg-a591a701-ad valid_lft forever preferred_lft forever inet 192.168.122.11/32 brd 192.168.122.11 scope global qg-a591a701-ad valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fed1:c460/64 scope link valid_lft forever preferred_lft forever 3: qr-13613ac1-d4: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:f1:ff:8b brd ff:ff:ff:ff:ff:ff inet 30.0.0.1/24 brd 30.0.0.255 scope global qr-13613ac1-d4 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fef1:ff8b/64 scope link valid_lft forever preferred_lft forever NOTE: From the above, the router is listening on 192.168.122.10 is the OpenVSwitch gateway to the external network. And, the Floating IP 192.168.122.11 Security Groups --------------- # Enable ICMP $ quantum security-group-rule-create --protocol icmp \ > --remote-ip-prefix 0.0.0.0/0 default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 79e8b8e5-1dff-49b7-9a7b-faa45824922d | | port_range_max | | | port_range_min | | | protocol | icmp | | remote_group_id | | | remote_ip_prefix | 0.0.0.0/0 | | security_group_id | 11677503-c1d2-4b51-b1df-aa752000d60f | | tenant_id | deee85c26f34453c9172b47850bbd4b6 | +-------------------+--------------------------------------+ $ quantum security-group-rule-create --protocol tcp --port-range-min 22 \ > --port-range-max 22 --remote-ip-prefix 0.0.0.0/0 default Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 9152a415-5138-4f9f-b695-45cfab2bb1c3 | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | 0.0.0.0/0 | | security_group_id | 11677503-c1d2-4b51-b1df-aa752000d60f | | tenant_id | deee85c26f34453c9172b47850bbd4b6 | +-------------------+--------------------------------------+ # List the nova network $ nova list +--------------------------------------+----------+--------+------------------------------+ | ID | Name | Status | Networks | +--------------------------------------+----------+--------+------------------------------+ | 71783b03-0e8b-4967-8f89-08bee00b42c0 | f19test2 | ACTIVE | int=30.0.0.2, 192.168.122.11 | | 5b451cd5-4d89-490f-b29b-224ad1bbecc4 | f19test3 | ACTIVE | int=30.0.0.4 | +--------------------------------------+----------+--------+------------------------------+ Namespaces commands ------------------- $ ip netns $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ip a $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ route $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ifconfig $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ iptables-save $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ Neutron commands ---------------- $ quantum router-show router1 $ quantum net-list $ quantum subnet-list $ quantum security-group-rule-list Set the ip/route manually for the nova instance ----------------------------------------------- # From your laptop $ ssh root@10.65.213.250 -L 5900:192.168.122.46:5904 # From a different terminal, explicitly access the VNC, assoicate the IP $ vncviwer localhost # Now, in the nova instance (via VNC port forwarding) # explicity add the private IP to the interface, and then, add route $ ifconfig eth0 30.0.0.7 netmask 255.255.255.0 $ route add default gw 30.0.0.1 eth0 SSH into the nova instance -------------------------- # On controller node $ ip netns exec qdhcp-4a04382f-03bf-49a9-9d4a-35ab9ffc22ad ssh cirros@30.0.0.7 cirros@30.0.0.7's password: $ ifconfig eth0 Link encap:Ethernet HWaddr FA:16:3E:2E:B6:E9 inet addr:30.0.0.7 Bcast:30.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe2e:b6e9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:282 errors:0 dropped:0 overruns:0 frame:0 TX packets:181 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:35700 (34.8 KiB) TX bytes:25882 (25.2 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1020 (1020.0 B) TX bytes:1020 (1020.0 B) $ ip a 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether fa:16:3e:2e:b6:e9 brd ff:ff:ff:ff:ff:ff inet 30.0.0.7/24 brd 30.0.0.255 scope global eth0 inet6 fe80::f816:3eff:fe2e:b6e9/64 scope link valid_lft forever preferred_lft forever Diagnostic Operations --------------------- # List the namespaces $ ip netns qdhcp-4a04382f-03bf-49a9-9d4a-35ab9ffc22ad qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f # Show all interfaces inside the namespace $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ip a # Check routing table inside the router namespace $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ip r # IP config inside the router namesapce $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ifconfig # IP configu inside the dhcp namesace $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ifconfig # Ping the private IP (of the cirros guest) $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ping -c2 30.0.0.7 $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ ping -c2 192.168.122.14 # ssh into cirros guest $ ip netns exec qdhcp-4a04382f-03bf-49a9-9d4a-35ab9ffc22ad ssh \ cirros@30.0.0.7 tcpdump examples ---------------- $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f \ tcpdump -nn -i qr-13613ac1-d4 icmp $ ip netns exec qrouter-1fabd5f0-f80b-468d-b733-1b80d0c3e80f tcpdump -nn -i qg-a591a701-ad icmp OVS & route info on controller node ----------------------------------- $ ovs-vsctl show 36e012ac-87ec-4225-867a-538d937a26f4 Bridge br-ex Port "eth0" Interface "eth0" Port "tapa591a701-ad" Interface "tapa591a701-ad" Port br-ex Interface br-ex type: internal Bridge br-int Port "tap77ee7ea5-61" tag: 1 Interface "tap77ee7ea5-61" Port "tap13613ac1-d4" tag: 1 Interface "tap13613ac1-d4" Port br-int Interface br-int type: internal Port "int-br-eth1" Interface "int-br-eth1" Bridge "br-eth1" Port "br-eth1" Interface "br-eth1" type: internal Port "phy-br-eth1" Interface "phy-br-eth1" Port "eth1" Interface "eth1" ovs_version: "1.10.0" $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 br-ex 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1007 0 0 br-ex 169.254.0.0 0.0.0.0 255.255.0.0 U 1013 0 0 eth1.200 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex OVS and route info on compute node ---------------------------------- $ ovs-vsctl show 06644e89-d687-443e-b3f7-b11bcae2414a Bridge br-int Port "qvo913a45d7-ca" tag: 1 Interface "qvo913a45d7-ca" Port "qvobab0fd4c-1c" tag: 1 Interface "qvobab0fd4c-1c" Port "qvo7e000d0a-45" tag: 1 Interface "qvo7e000d0a-45" Port "qvof4c468c5-2e" tag: 1 Interface "qvof4c468c5-2e" Port "int-br-eth1" Interface "int-br-eth1" Port "qvo3ce3dcfa-44" tag: 1 Interface "qvo3ce3dcfa-44" Port br-int Interface br-int type: internal Bridge "br-eth1" Port "phy-br-eth1" Interface "phy-br-eth1" Port "eth1" Interface "eth1" Port "br-eth1" Interface "br-eth1" type: internal ovs_version: "1.10.0" $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.122.1 0.0.0.0 UG 0 0 0 eth0 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 1065 0 0 eth1.200 192.168.122.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0 192.169.122.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1