Minimal 2-node OpenStack setup with virtual machines (KVM-based) ================================================================ This document attempts to describe how to attempt to configure and set up a minimal (Keystone, Neutron, Nova, Glance) OpenStack IceHouse RDO setup in two Fedora-20 virtual machines, and resulting Nova instances will be nested-KVM guests. Create two pristine virtual machines ------------------------------------ Install a pristine (and update it) Fedora 20 virtual machines for Controller node (keep the note of root password from stderr):: $ mkdir ~/images && cd images $ virt-builder fedora-20 --update --selinux-relabel \ --format qcow2 --size 40G -o node1.qcow2 Repeat again for Compute node (increment the disk image size by 2 GB more):: $ virt-builder fedora-20 --update --selinux-relabel \ --format qcow2 --size 42G -o node2.qcow2 NOTE: Ensure you have ample memory (north of 15G) to ensure you can afford to run Controller and Compute nodes as guests, and still be able to invoke 3 to 4 Nova guests. Create a new libvirt network for OpenStack nodes ------------------------------------------------ Refer -- http://kashyapc.fedorapeople.org/virt/create-a-new-libvirt-bridge.txt Import the disk images into libvirt ----------------------------------- Import both the disk images into libvirt with appropriate memory. Two things: (1) provide exutable bit so QEMU can access the disk images (2) change the root password from a random string to something familir to you (3) Ensure to provide the network name as openstackvms:: $ sudo -i $ chmod -R o+x /home/kashyapc/ $ virt-install --name node1 --ram 10480 --disk \ path=/home/kashyapc/images/node1.qcow2 --import \ --network network:openstackvms $ virt-install --name node2 --ram 20480 --disk \ path=/home/kashyapc/images/node2.qcow2 --import \ --network network:openstackvms Configure nested virtualization ------------------------------- Refer -- https://kashyapc.fedorapeople.org/virt/procedure-to-enable-nested-virt-on-intel-machines.txt OpenStack setup description --------------------------- It's a two node OpenStack RDO set-up configured manually on two Fedora 20 VMs: - AMQP -- RabbitMQ - Controller node: Nova, Keystone (PKI), Glance, Neutron (using Open vSwitch plugin and GRE tunneling). - Compute node: Nova (nova-compute), Neutron (openvswitch-agent) Package installation -------------------- On Controller (node1): 192.169.142.97:: $ yum install -y openstack-keystone openstack-utils \ dnsmasq-utils openstack-glance openstack-neutron openstack-neutron-openvswitch openstack-nova --enablerepo=rawhide On Compute (node2): 192.169.142.168:: $ yum install openstack-neutron openstack-neutron-openvswitch \ openstack-nova bridge-utils -y iptables (on both Controller & Compute nodes) --------------------------------------------- Disable firewalld and enable iptables:: $ systemctl stop firewalld $ systemctl disable firewalld $ yum install iptables-services # Create this below file, otherwise starting iptables will fail $ touch /etc/sysconfig/iptables $ systemctl enable iptables && systemctl start iptables Configure Keystone ------------------ (192.169.142.97) Configure Keystone:: $ openstack-db --init --service keystone $ export SERVICE_TOKEN=$(openssl rand -hex 10) $ echo $SERVICE_TOKEN 3f6022dc51b86426e759 $ export SERVICE_ENDPOINT=http://192.169.142.97:35357/v2.0 $ echo $SERVICE_TOKEN > /tmp/ks_admin_token $ openstack-config --set /etc/keystone/keystone.conf \ > DEFAULT admin_token $SERVICE_TOKEN $ keystone-manage pki_setup --keystone-user keystone \ > --keystone-group keystone Generating RSA private key, 2048 bit long modulus ...............................................................................................................+++ ......................................................................+++ e is 65537 (0x10001) Generating RSA private key, 2048 bit long modulus .+++ .....+++ e is 65537 (0x10001) Using configuration from /etc/keystone/ssl/certs/openssl.conf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :ASN.1 12:'Unset' localityName :ASN.1 12:'Unset' organizationName :ASN.1 12:'Unset' commonName :ASN.1 12:'www.example.com' Certificate is to be certified until Apr 20 17:20:44 2024 GMT (3650 days) Write out database with 1 new entries Data Base Updated $ chown -R keystone:keystone /etc/keystone/ssl $ for i in start enable status; \ do systemctl $i openstack-keystone; done $ keystone service-create --name keystone --type identity \ --description "Keystone Identity Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Keystone Identity Service | | enabled | True | | id | 87bff5bf23ce4601bebbf2b81ddb20ef | | name | keystone | | type | identity | +-------------+----------------------------------+ $ keystone endpoint-create --service_id 87bff5bf23ce4601bebbf2b81ddb20ef \ --publicurl 'http://192.169.142.97:5000/v2.0' \ --adminurl 'http://192.169.142.97:35357/v2.0' \ --internalurl 'http://192.169.142.97:5000/v2.0' +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://192.169.142.97:35357/v2.0 | | id | 6fc0caec84be4fd39fa596134fd0612c | | internalurl | http://192.169.142.97:5000/v2.0 | | publicurl | http://192.169.142.97:5000/v2.0 | | region | regionOne | | service_id | 87bff5bf23ce4601bebbf2b81ddb20ef | +-------------+----------------------------------+ $ keystone user-create --name admin --pass fedora +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 4a95a1ebee3f45efbd56fac516b0eb6c | | name | admin | | username | admin | +----------+----------------------------------+ $ keystone role-create --name admin +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | id | 7af86dfc24074fe59768367af5a463ba | | name | admin | +----------+----------------------------------+ $ keystone tenant-create --name admin +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | 94befff9ca894575b7865cd28952d8b5 | | name | admin | +-------------+----------------------------------+ $ keystone user-role-add --user admin \ --role admin --tenant admin $ cat >> ~/keystonerc_admin < --role user --tenant ostenant WARNING: Bypassing authentication using a token & endpoint (authentication credentials are being ignored). $ cat >> ~/keystonerc_kashyap < "Glance Image Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Glance Image Service | | enabled | True | | id | ab5f94adcef84436a36f74185555f6a1 | | name | glance | | type | image | +-------------+----------------------------------+ $ keystone endpoint-create --service_id ab5f94adcef84436a36f74185555f6a1 \ > --publicurl http://192.169.142.97:9292 \ > --adminurl http://192.169.142.97:9292 \ > --internalurl http://192.169.142.97:9292 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://192.169.142.97:9292 | | id | d2421e20d9874638b535be284b8d3f9a | | internalurl | http://192.169.142.97:9292 | | publicurl | http://192.169.142.97:9292 | | region | regionOne | | service_id | ab5f94adcef84436a36f74185555f6a1 | +-------------+----------------------------------+ $ glance image-list +----+------+-------------+------------------+------+--------+ | ID | Name | Disk Format | Container Format | Size | Status | +----+------+-------------+------------------+------+--------+ +----+------+-------------+------------------+------+--------+ Neutron on Controller node -------------------------- Create Neutron databases:: $ mysql -u root -pfedora Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 46 Server version: 5.5.36-MariaDB MariaDB Server Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ -> IDENTIFIED BY 'fedora'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ -> IDENTIFIED BY 'fedora'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ -> IDENTIFIED BY 'ovs_neutron'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> quit; Bye --- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.169.142.97' IDENTIFIED BY 'NEUTRON_DBPASS' --- Start, enable OpenvSwitch service, create an integration bridge:: $ for i in start enable status; \ do systemctl $i openvswitch; done $ ovs-vsctl add-br br-int $ ovs-vsctl show c993ff93-7d03-42e2-8566-331d10442686 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.0.1" $ cat < /etc/sysconfig/network-scripts/ifcfg-ens2 DEVICE=ens2 BOOTPROTO=static NM_CONTROLLED=no ONBOOT=yes TYPE=Ethernet EOF $ cat < /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex BOOTPROTO=static ONBOOT=yes IPADDR=192.169.142.97 NETMASK=255.255.255.0 GATEWAY=192.169.142.1 EOF $ ovs-vsctl add-br br-ex $ ovs-vsctl add-port br-ex ens2 $ ovs-vsctl show c993ff93-7d03-42e2-8566-331d10442686 Bridge br-int Port br-int Interface br-int type: internal Bridge br-ex Port "ens2" Interface "ens2" Port br-ex Interface br-ex type: internal ovs_version: "2.0.1" Disable NetworkManager, and enable classic network:: $ systemctl stop NetworkManager $ systemctl disable NetworkManager $ systemctl restart network $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.169.142.1 0.0.0.0 UG 0 0 0 br-ex 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens2 169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 br-ex 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 192.169.142.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex Create Identity service credentials for Networking:: $ keystone user-create --name=neutron --pass=fedora +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 813fd937f0624540b4c9675d47e2b82f | | name | neutron | | username | neutron | +----------+----------------------------------+ $ keystone user-role-add --user neutron --role admin \ --tenant services $ keystone service-create --name neutron --type network \ --description "Neutron Network Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Neutron Network Service | | enabled | True | | id | 07b430bf22584da39bd8e17fd006c8f4 | | name | neutron | | type | network | +-------------+----------------------------------+ $ keystone service-list +----------------------------------+----------+----------+---------------------------+ | id | name | type | description | +----------------------------------+----------+----------+---------------------------+ | ab5f94adcef84436a36f74185555f6a1 | glance | image | Glance Image Service | | 87bff5bf23ce4601bebbf2b81ddb20ef | keystone | identity | Keystone Identity Service | | 07b430bf22584da39bd8e17fd006c8f4 | neutron | network | Neutron Network Service | +----------------------------------+----------+----------+---------------------------+ $ keystone endpoint-create \ --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://192.169.142.97:9696 \ --adminurl http://192.169.142.97:9696 \ --internalurl http://192.169.142.97:9696 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://192.169.142.97:9696 | | id | 91875f6f6533494b93f7b0fcdc4a515f | | internalurl | http://192.169.142.97:9696 | | publicurl | http://192.169.142.97:9696 | | region | regionOne | | service_id | 07b430bf22584da39bd8e17fd006c8f4 | +-------------+----------------------------------+ Configure Neutron server ~~~~~~~~~~~~~~~~~~~~~~~~ Configure Neutron to use the database:: $ openstack-config --set /etc/neutron/neutron.conf database connection \ mysql://neutron:fedora@node1/neutron Configure Neutron to use Identity service for authentication:: $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ auth_strategy keystone $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_uri http://node1:5000 $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_host node1 $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_protocol http $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_port 35357 $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_tenant_name services $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_user neutron $ openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_password fedora Update the 'guest' password of RabbitMQ:: $ rabbitmqctl change_password guest fedora Changing password for user "guest" ... ...done. $ rabbitmqctl list_users Listing users ... guest [administrator] ...done. Configure Networking to use the message broker:: $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_kombu $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_host node1 $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_userid guest $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_password fedora Configure Neutron to notify Compute about network topology changes:: $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ notify_nova_on_port_status_changes True $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ notify_nova_on_port_data_changes True $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_url http://node1:8774/v2 $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_username nova $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_tenant_id $(keystone tenant-list | awk '/ services / { print $2 }') $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_password fedora $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_auth_url http://node1:35357/v2.0 Configure Neutron to use the Modular Layer 2 (ML2) plug-in and associated services:: $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ core_plugin ml2 $ openstack-config --set /etc/neutron/neutron.conf DEFAULT \ service_plugins router Configure ML2 plug-in ~~~~~~~~~~~~~~~~~~~~~ The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances:: $ openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini \ ml2 type_drivers gre $ openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini \ ml2 tenant_network_types gre $ openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini \ ml2 mechanism_drivers openvswitch $ openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini \ ml2_type_gre tunnel_id_ranges 1:1000 $ openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini \ securitygroup \ firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver $ openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini \ securitygroup enable_security_group True Configure Compute service to use Neutron ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To configure Compute to use Neutron:: $ openstack-config --set /etc/nova/nova.conf DEFAULT \ network_api_class nova.network.neutronv2.api.API $ openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_url http://node1:9696 $ openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_auth_strategy keystone $ openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_tenant_name services $ openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_username neutron $ openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_password fedora $ openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_auth_url http://node1:35357/v2.0 $ openstack-config --set /etc/nova/nova.conf DEFAULT \ linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver $ openstack-config --set /etc/nova/nova.conf DEFAULT \ firewall_driver nova.virt.firewall.NoopFirewallDriver $ openstack-config --set /etc/nova/nova.conf DEFAULT \ security_group_api neutron Create a symlink /etc/neutron/plugin.ini pointing to /etc/neutron/plugins/ml2/ml2_conf.ini:: $ ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini Also, add a dnsmasq.conf file with the below details:: $ cat /etc/neutron/dnsmasq.conf | grep -v ^$ | grep -v ^# log-facility = /var/log/neutron/dnsmasq.log log-dhcp Start Neutron services:: $ for i in start enable status; \ do systemctl $i neutron-server; done $ for i in start enable status; \ do systemctl $i neutron-l3-agent; done $ for i in start enable status; \ do systemctl $i neutron-dhcp-agent; done $ for i in start enable status; \ do systemctl $i neutron-openvswitch-agent; done $ for i in start enable status; \ do systemctl $i neutron-ovs-cleanup; done Check status:: $ systemctl | grep neutron neutron-dhcp-agent.service loaded active running OpenStack Neutron DHCP Agent neutron-l3-agent.service loaded active running OpenStack Neutron Layer 3 Agent neutron-openvswitch-agent.service loaded active running OpenStack Neutron Open vSwitch Agent neutron-server.service loaded active running OpenStack Neutron Server Neutron on Compute node ----------------------- Add the below lines to /etc/sysctl.conf:: net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 Apply it:: $ sysctl -p Ensure to have latest Neutron packages:: $ yum install openstack-neutron-ml2 openstack-neutron-openvswitch -y --enablerepo=rawhide Copy the Neutron configs from Control node:: $ scp neutron.conf plugin.root@node2:/etc/neutron $ scp plugins/ml2_conf.ini root@node2:/etc/neutron/plugins/ml2_conf.ini Enable OpenvSwitch:: $ for i in start enable status; \ do systemctl $i openvswitch; done $ ovs-vsctl add-br br-int $ ovs-vsctl show df92d38f-7e81-47a9-9f0c-8b9370976c61 Bridge br-int Port br-int Interface br-int type: internal ovs_version: "2.0.1" Create a symlink /etc/neutron/plugin.ini pointing to /etc/neutron/plugins/ml2/ml2_conf.ini:: $ ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini Nova on Controller node ----------------------- Initiate the database:: $ openstack-db --init --service nova Please enter the password for the 'root' MySQL user: Verified connectivity to MySQL. Creating 'nova' database. Initializing the nova database, please wait... Complete! Create the Compute service tables:: $ su -s /bin/sh -c "nova-manage db sync" nova Set these configuration keys to configure Compute to use the RabbitMQ message broker:: $ openstack-config --set /etc/nova/nova.conf \ DEFAULT rpc_backend nova.rpc.impl_kombu $ openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host node1 $ openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_userid guest $ openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password \ fedora Create a nova user that Compute uses to authenticate with the Identity Service. Use the service tenant and give the user the admin role:: $ keystone user-create --name nova --pass fedora +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | | | enabled | True | | id | 1091688333664f0caffb1c0fc9979eeb | | name | nova | | username | nova | +----------+----------------------------------+ $ keystone user-role-add --user nova \ --role admin --tenant services Configure nova.conf with these values:: $ cat /etc/nova/nova.conf | grep -v ^$ | grep -v ^# [DEFAULT] logdir = /var/log/nova state_path = /var/lib/nova lock_path = /var/lib/nova/tmp volumes_dir = /etc/nova/volumes dhcpbridge = /usr/bin/nova-dhcpbridge dhcpbridge_flagfile = /etc/nova/nova.conf force_dhcp_release = True injected_network_template = /usr/share/nova/interfaces.template libvirt_nonblocking = True libvirt_inject_partition = -1 libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver iscsi_helper = tgtadm sql_connection = mysql://nova:nova@192.169.142.97/nova compute_driver = libvirt.LibvirtDriver libvirt_type=qemu rootwrap_config = /etc/nova/rootwrap.conf auth_strategy = keystone firewall_driver=nova.virt.firewall.NoopFirewallDriver enabled_apis = ec2,osapi_compute,metadata my_ip=192.169.142.97 network_api_class = nova.network.neutronv2.api.API neutron_url = http://192.169.142.97:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = services neutron_admin_username = neutron neutron_admin_password = fedora neutron_admin_auth_url = http://192.169.142.97:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutron rpc_backend = nova.rpc.impl_kombu rabbit_host = 192.169.142.97 rabbit_userid = guest rabbit_port=5672 rabbit_password = fedora glance_host = 192.169.142.97 [keystone_authtoken] auth_uri = http://192.169.142.97:5000 admin_tenant_name = services admin_user = nova admin_password = fedora auth_host = 192.169.142.97 auth_port = 35357 auth_protocol = http signing_dirname = /tmp/keystone-signing-nova Register Nova service with Keystone:: $ keystone service-create --name nova --type compute \ --description "Nova Compute Service" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Nova Compute Service | | enabled | True | | id | ac506af3d17442cfbe3386d4594c211d | | name | nova | | type | compute | +-------------+----------------------------------+ $ keystone endpoint-create \ --service-id=$(keystone service-list | awk '/ compute / {print $2}') \ --publicurl=http://192.169.142.97:8774/v2/%\(tenant_id\)s \ --internalurl=http://192.169.142.97:8774/v2/%\(tenant_id\)s \ --adminurl=http://192.169.142.97:8774/v2/%\(tenant_id\)s +-------------+---------------------------------------------+ | Property | Value | +-------------+---------------------------------------------+ | adminurl | http://192.169.142.97:8774/v2/%(tenant_id)s | | id | 3321335bc42546ff8845227e1509557d | | internalurl | http://192.169.142.97:8774/v2/%(tenant_id)s | | publicurl | http://192.169.142.97:8774/v2/%(tenant_id)s | | region | regionOne | | service_id | ac506af3d17442cfbe3386d4594c211d | +-------------+---------------------------------------------+ Start, enable nova-{api,scheduler,conductor} services:: $ for i in start enable status; \ do systemctl $i openstack-nova-api; done $ for i in start enable status; \ do systemctl $i openstack-nova-scheduler; done $ for i in start enable status; \ do systemctl $i openstack-nova-conductor; done Nova on Compute node -------------------- Enable libvirtd:: $ for i in start enable status; \ do systemctl $i libvirtd; done Get nova.conf from Controller node:: $ scp nova.conf root@192.169.142.168:/etc/nova/ Replace the my_ip in nova.conf with Compute node's IP:: $ sed -i 's/my_ip=.*/my_ip=192.169.142.168/g' /etc/nova/nova.conf Enable/Start Nova Compute service:: $ for i in start enable status; \ do systemctl $i openstack-nova-compute; done Invoke `nova-manage` on Compute host:: [root@node2 ~(keystone_admin)]$ nova-manage service list Binary Host Zone Status State Updated_At nova-scheduler node1 internal enabled :-) 2014-05-12 16:11:42 nova-conductor node1 internal enabled :-) 2014-05-12 16:11:42 nova-compute node2 nova enabled :-) 2014-05-12 16:11:38 Create Neutron networks ----------------------- Create external network, and its associated subnet:: $ . keystonerc_admin $ keystone tenant-list | grep services | awk '{print $2;}' 3e112abc4c4b4214b8efbd627a32f75e $ neutron net-create --tenant-id 3e112abc4c4b4214b8efbd627a32f75e \ ext --router:external=True Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 976a9bb7-f01a-4ccc-8eba-0329212fc868 | | name | ext | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 1 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 3e112abc4c4b4214b8efbd627a32f75e | +---------------------------+--------------------------------------+ $ neutron subnet-create --tenant-id 3e112abc4c4b4214b8efbd627a32f75e \ ext 192.169.142.0/24 --enable_dhcp=False --allocation-pool \ start=192.169.142.10,end=192.169.142.200 --gateway-ip \ 192.169.142.1 Created a new subnet: +------------------+-------------------------------------------------------+ | Field | Value | +------------------+-------------------------------------------------------+ | allocation_pools | {"start": "192.169.142.10", "end": "192.169.142.200"} | | cidr | 192.169.142.0/24 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 192.169.142.1 | | host_routes | | | id | 49b174e5-fce2-490d-ac75-3c75a7b13e24 | | ip_version | 4 | | name | | | network_id | 976a9bb7-f01a-4ccc-8eba-0329212fc868 | | tenant_id | 3e112abc4c4b4214b8efbd627a32f75e | +------------------+-------------------------------------------------------+ List the external network and its subnet:: $ neutron net-list +--------------------------------------+------+-------------------------------------------------------+ | id | name | subnets | +--------------------------------------+------+-------------------------------------------------------+ | 976a9bb7-f01a-4ccc-8eba-0329212fc868 | ext | 49b174e5-fce2-490d-ac75-3c75a7b13e24 192.169.142.0/24 | +--------------------------------------+------+-------------------------------------------------------+ $ neutron subnet-list +--------------------------------------+------+------------------+-------------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+------+------------------+-------------------------------------------------------+ | 49b174e5-fce2-490d-ac75-3c75a7b13e24 | | 192.169.142.0/24 | {"start": "192.169.142.10", "end": "192.169.142.200"} | +--------------------------------------+------+------------------+-------------------------------------------------------+ $ neutron net-show ext +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 976a9bb7-f01a-4ccc-8eba-0329212fc868 | | name | ext | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 1 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | 49b174e5-fce2-490d-ac75-3c75a7b13e24 | | tenant_id | 3e112abc4c4b4214b8efbd627a32f75e | +---------------------------+--------------------------------------+ Next, let's create an internal network under a tenant network (ostenant). Source the keystone user's credentials:: $ . keystonerc_kashyap $ neutron net-create int Created a new network: +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | admin_state_up | True | | id | f5af9fff-5d8a-420e-8a88-b3aae38ab5a4 | | name | int | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 0a6eb2259ca142e7a80541db10835e71 | +----------------+--------------------------------------+ $ neutron subnet-create int 30.0.0.0/24 \ --dns_nameservers list=true 192.169.142.1 \ --name intsubnet1 Created a new subnet: +------------------+--------------------------------------------+ | Field | Value | +------------------+--------------------------------------------+ | allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} | | cidr | 30.0.0.0/24 | | dns_nameservers | 192.169.142.1 | | enable_dhcp | True | | gateway_ip | 30.0.0.1 | | host_routes | | | id | 4ba033fa-19d3-429d-8c52-51f6f7147fd0 | | ip_version | 4 | | name | intsubnet1 | | network_id | f5af9fff-5d8a-420e-8a88-b3aae38ab5a4 | | tenant_id | 0a6eb2259ca142e7a80541db10835e71 | +------------------+--------------------------------------------+ Create a router:: $ neutron router-create router1 Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 2c7ba7dc-0101-417a-b76d-1cae17ae654e | | name | router1 | | status | ACTIVE | | tenant_id | 0a6eb2259ca142e7a80541db10835e71 | +-----------------------+--------------------------------------+ Get the external network ID, internal network ID, and router ID:: $ neutron net-list | grep ext | awk '{print $2;}' 976a9bb7-f01a-4ccc-8eba-0329212fc868 $ neutron subnet-list | grep intsubnet1 | awk '{print $2;}' 4ba033fa-19d3-429d-8c52-51f6f7147fd0 $ neutron router-list | grep router1 | awk '{print $2;}' 2c7ba7dc-0101-417a-b76d-1cae17ae654e Associate the router to the external network by setting its gateway:: $ neutron router-gateway-set 2c7ba7dc-0101-417a-b76d-1cae17ae654e \ 976a9bb7-f01a-4ccc-8eba-0329212fc868 Set gateway for router 2c7ba7dc-0101-417a-b76d-1cae17ae654e $ neutron router-interface-add 2c7ba7dc-0101-417a-b76d-1cae17ae654e \ 4ba033fa-19d3-429d-8c52-51f6f7147fd0 Added interface f0ea1594-3fda-4420-8a3c-011be8441bda to router 2c7ba7dc-0101-417a-b76d-1cae17ae654e. Add Neutron security groups for this test tenant:: $ neutron security-group-rule-create \ --protocol icmp \ --direction ingress \ --remote-ip-prefix 0.0.0.0/0 \ default $ neutron security-group-rule-create \ --protocol tcp \ --port-range-min 22 \ --port-range-max 22 \ --direction ingress \ --remote-ip-prefix 0.0.0.0/0 \ default Test ----