OpenStack: Install OpenStack Liberty on Centos 7 / OpenHPC

From Define Wiki
Revision as of 10:53, 5 May 2016 by David (talk | contribs) (→‎Setup the Installation Environment)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Pre-install notes

  • selinux disabled
  • firewalld running and allowing internal forwarding of traffic (compute nodes can access repos)
  • headnode /etc/hosts added entry for headnode, make sure the name 'controller' resolves the headnode also
 [root@head ~]# vi /etc/hosts
 [root@head ~]# ping -c 1 controller
  PING head.ohpc.keele.net (10.10.10.1) 56(84) bytes of data.
  64 bytes from head.ohpc.keele.net (10.10.10.1): icmp_seq=1 ttl=64 time=0.082 ms
  • enable ntpd on compute nodes; systemctl enable ntpd ; systemctl start ntpd
  • disable the epel and ohpc repo
  yum-config-manager --disable epel epel-testing OpenHPC_1.0
  [root@node02 yum.repos.d]# grep enable epel* OpenHPC\:1.0.repo
  epel-testing.repo:enabled=0                                                                     
  epel-testing.repo:enabled=0                                                                    
  epel-testing.repo:enabled=0                                              
  epel.repo:enabled=0                                                                              
  epel.repo:enabled=0                                                                              
  epel.repo:enabled=0                                                                              
  OpenHPC:1.0.repo:enabled=0

Setup the Installation Environment

  • To generate a random password, use the following command;
openssl rand -hex 10
  • Parameters used during the install, create the file, edit appropriately and source before running any of the commands below.
[david@head-Boston vscaler]$ cat vscaler-env.sh 
# vars used during the installer 

# password related env vars
VS_PASS=9c64d16e76416ddb7e61
ADMIN_PASS=$VS_PASS
MYSQL_PASS=$VS_PASS
CEILOMETER_DBPASS=$VS_PASS
CEILOMETER_PASS=$VS_PASS
CINDER_DBPASS=$VS_PASS
CINDER_PASS=$VS_PASS
DASH_DBPASS=$VS_PASS
DEMO_PASS=$VS_PASS
GLANCE_DBPASS=$VS_PASS
GLANCE_PASS=$VS_PASS
HEAT_DBPASS=$VS_PASS
HEAT_DOMAIN_PASS=$VS_PASS
HEAT_PASS=$VS_PASS
KEYSTONE_DBPASS=$VS_PASS
NEUTRON_DBPASS=$VS_PASS
NEUTRON_PASS=$VS_PASS
NOVA_DBPASS=$VS_PASS
NOVA_PASS=$VS_PASS
RABBIT_PASS=$VS_PASS
SWIFT_PASS=$VS_PASS

# ip related env vars 
# assuing the interfaces go like this, 1:lo 2:internal 3:external,5:Mellanox 40GB, in the order from 'ip a'
MY_INT_IP=`ip a | grep ^2 -A 2  | grep inet | sed 's/\// /g' | awk '{print $2}'  `
MY_EXT_IP=`ip a | grep ^3 -A 2  | grep inet | sed 's/\// /g' | awk '{print $2}'  `
MY_VXLAN_IP=`ip a | grep ^5 -A 2  | grep inet | sed 's/\// /g' | awk '{print $2}'  `
HOSTNAME=`hostname`

# tokens for admin user
ADMIN_TOKEN=db536bb6358d8c14cec1

# metadata neutron setup 
METADATA_SECRET=09a0a6767fd96975c015

Install the Controller

# source the vscaler installation vars 
. vscaler-env.sh

# disable repos that will muck stuff up
yum-config-manager --disable epel epel-testing OpenHPC_1.0

# add the openstack liberty repo file 
yum -y install centos-release-openstack-liberty

# Setup the openstack client 
yum -y install python-openstackclient

# crudini will be used to update conf files
yum -y install crudini

# install and setup the databases 
yum -y install mariadb mariadb-server MySQL-python
touch /etc/my.cnf.d/mariadb_openstack.cnf
crudini --set /etc/my.cnf.d/mariadb_openstack.cnf mysqld bind-address $MY_INT_IP
crudini --set /etc/my.cnf.d/mariadb_openstack.cnf mysqld default-storage-engine innodb
crudini --set /etc/my.cnf.d/mariadb_openstack.cnf mysqld collation-server utf8_general_ci
crudini --set /etc/my.cnf.d/mariadb_openstack.cnf mysqld init-connect "'SET NAMES utf8'"
crudini --set /etc/my.cnf.d/mariadb_openstack.cnf mysqld character-set-server utf8
sed -i '6 a innodb_file_per_table' /etc/my.cnf.d/mariadb_openstack.cnf
systemctl enable mariadb.service
systemctl start mariadb.service
yum -y install expect

# secure the database - this assumes the db has just been installed and there is no password set. if mysql was already setup this will fail
PASS=$VS_PASS
SECURE_MYSQL=$(expect -c "
set timeout 10
spawn mysql_secure_installation
expect \"Enter current password for root (enter for none):\"
send \"\r\"
expect \"Set the root password?\"
send \"y\r\"
expect \"New password\"
send \"$PASS\r\"
expect \"Re-enter New password\"
send \"$PASS\r\"
expect \"Remove anonymous users?\"
send \"n\r\"
expect \"Disallow root login remotely?\"
send \"n\r\"
expect \"Remove test database and access to it?\"
send \"y\r\"
expect \"Reload privilege tables now?\"
send \"y\r\"
expect eof
")
echo "$SECURE_MYSQL"

# update the openhpc params for the DB access
sed -i "s/database password   =/database password   = $PASS/g" /etc/warewulf/database-root.conf
# verify this after the command! This assumes there is no password set for root! 



# install nosql db for telemetry, mongodb
yum -y install mongodb-server mongodb
sed -i "s/bind_ip = 127.0.0.1/bind_ip = $MY_INT_IP/g" /etc/mongod.conf
sed -i '$ a smallfiles = true' /etc/mongod.conf
systemctl enable mongod.service
systemctl start mongod.service

# setup the message queue (no encryption yet) 
yum -y install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack $RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

# install the identity keystone prerequisites
mysql -u root --password=$VS_PASS <<MYSQL_SCRIPT
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'$HOSTNAME' IDENTIFIED BY '$KEYSTONE_DBPASS';
MYSQL_SCRIPT

yum -y install openstack-keystone httpd mod_wsgi memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
crudini --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN
crudini --set /etc/keystone/keystone.conf DEFAULT verbose True
#crudini --set /etc/keystone/keystone.conf database connection mysql://keystone:$KEYSTONE_DBPASS@localhost/keystone
# should be controller but it wasnt let me through - problem to review; allow remote connections in mysql, with 3rd line of GRANTS above, controller will work
crudini --set /etc/keystone/keystone.conf database connection mysql://keystone:$KEYSTONE_DBPASS@controller/keystone
crudini --set /etc/keystone/keystone.conf memcache servers localhost:11211
crudini --set /etc/keystone/keystone.conf token provider uuid
crudini --set /etc/keystone/keystone.conf token driver memcache
crudini --set /etc/keystone/keystone.conf revoke driver sql
su -s /bin/sh -c "keystone-manage db_sync" keystone

# setup the httpd
sed -i '95 a ServerName controller'  /etc/httpd/conf/httpd.conf
cat << EOF > /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>
EOF

systemctl enable httpd.service
systemctl start httpd.service

# lets setup the services / endpoints for keystone 
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0

# setup projects/users 
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password $ADMIN_PASS admin
openstack role create admin
openstack role add --project admin --user admin admin

openstack project create --domain default --description "Service Project" service

openstack project create --domain default --description "vScaler Project" vscaler
openstack user create --domain default --password $VS_PASS vscaler
openstack role create user
openstack role add --project vscaler --user vscaler user

# verify users
unset OS_TOKEN OS_URL
openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-id default --os-user-domain-id default \
  --os-project-name admin --os-username admin --os-password $ADMIN_PASS\
  token issue
openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-id default --os-user-domain-id default \
  --os-project-name vscaler --os-username vscaler --os-password $VS_PASS \
  token issue

# setup the user environment 
cat <<EOF > ~/admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF

cat <<EOF > ~/vscaler-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=vscaler
export OS_TENANT_NAME=vscaler
export OS_USERNAME=vscaler
export OS_PASSWORD=$VS_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF

source admin-openrc.sh
openstck token issue

#–------------------------------
# setup the glance image service
#-------------------------------
mysql -u root --password=$VS_PASS <<MYSQL_SCRIPT 
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'$HOSTNAME' IDENTIFIED BY '$GLANCE_DBPASS';
MYSQL_SCRIPT
source admin-openrc.sh
#Create the service credentials, complete these steps
openstack user create --domain default --password $GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

yum -y install openstack-glance python-glance python-glanceclient

crudini --set /etc/glance/glance-api.conf database connection mysql://glance:$GLANCE_DBPASS@controller/glance
crudini --del /etc/glance/glance-api.conf keystone_authtoken
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_plugin password
crudini --set /etc/glance/glance-api.conf keystone_authtoken project_domain_id default
crudini --set /etc/glance/glance-api.conf keystone_authtoken user_domain_id default
crudini --set /etc/glance/glance-api.conf keystone_authtoken project_name service
crudini --set /etc/glance/glance-api.conf keystone_authtoken username glance
crudini --set /etc/glance/glance-api.conf keystone_authtoken password $GLANCE_PASS
crudini --set /etc/glance/glance-api.conf paste_deploy flavor keystone
crudini --set /etc/glance/glance-api.conf glance_store default_store file
crudini --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
crudini --set /etc/glance/glance-api.conf DEFAULT notification_driver noop
crudini --set /etc/glance/glance-api.conf DEFAULT verbose True

crudini --set /etc/glance/glance-registry.conf database connection mysql://glance:$GLANCE_DBPASS@controller/glance
crudini --del /etc/glance/glance-registry.conf keystone_authtoken
crudini --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
crudini --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
crudini --set /etc/glance/glance-registry.conf keystone_authtoken auth_plugin password
crudini --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_id default
crudini --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_id default
crudini --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
crudini --set /etc/glance/glance-registry.conf keystone_authtoken username glance
crudini --set /etc/glance/glance-registry.conf keystone_authtoken password $GLANCE_PASS
crudini --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
crudini --set /etc/glance/glance-registry.conf DEFAULT notification_driver noop
crudini --set /etc/glance/glance-registry.conf DEFAULT verbose True


su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

# verify the glance operation 
echo "export OS_IMAGE_API_VERSION=2"  | tee -a ~/admin-openrc.sh ~/vscaler-openrc.sh
source admin-openrc.sh
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" \
  --file cirros-0.3.4-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --visibility public --progress

glance image-list

#-------------------------------------
# setup the nova service on controller 
#-------------------------------------
mysql -u root --password=$VS_PASS <<MYSQL_SCRIPT 
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'$HOSTNAME' IDENTIFIED BY '$NOVA_DBPASS';
MYSQL_SCRIPT
source admin-openrc.sh

#Create the service credentials, complete these steps
openstack user create --domain default --password $NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s

# install the packages for nova service
yum -y install openstack-nova-api openstack-nova-cert \
  openstack-nova-conductor openstack-nova-console \
  openstack-nova-novncproxy openstack-nova-scheduler \
  python-novaclient



# edit the nova.conf files
crudini --set /etc/nova/nova.conf database connection mysql://nova:$NOVA_DBPASS@controller/nova
crudini --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
crudini --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
crudini --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
crudini --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password $RABBIT_PASS
crudini --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
crudini --del /etc/nova/nova.conf keystone_authtoken
crudini --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
crudini --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
crudini --set /etc/nova/nova.conf keystone_authtoken project_name service
crudini --set /etc/nova/nova.conf keystone_authtoken username nova
crudini --set /etc/nova/nova.conf keystone_authtoken password $NOVA_PASS
crudini --set /etc/nova/nova.conf DEFAULT my_ip $MY_INT_IP
crudini --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
crudini --set /etc/nova/nova.conf DEFAULT security_group_api neutron
crudini --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
crudini --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
crudini --set /etc/nova/nova.conf vnc vncserver_listen $MY_INT_IP
crudini --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $MY_INT_IP
crudini --set /etc/nova/nova.conf glance host controller
crudini --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
crudini --set /etc/nova/nova.conf DEFAULT verbose True
# initialise the nova db
su -s /bin/sh -c "nova-manage db sync" nova

# enable and start the compute services 
systemctl enable openstack-nova-api.service \
  openstack-nova-cert.service openstack-nova-consoleauth.service \
  openstack-nova-scheduler.service openstack-nova-conductor.service \
  openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
  openstack-nova-cert.service openstack-nova-consoleauth.service \
  openstack-nova-scheduler.service openstack-nova-conductor.service \
  openstack-nova-novncproxy.service

# verify nova 
source admin-openrc.sh
nova service-list
nova image-list

#-------------------------
# setup neutron networking
#-------------------------

# setup ipforwarding
sysctl -w "net.ipv4.ip_forward=1"
sysctl -w "net.ipv4.conf.default.rp_filter=0"
sysctl -w "net.ipv4.conf.all.rp_filter=0"
sysctl -p


# setup the neutron db
mysql -u root --password=$VS_PASS <<MYSQL_SCRIPT
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'  IDENTIFIED BY '$NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'$HOSTNAME'  IDENTIFIED BY '$NEUTRON_DBPASS';
MYSQL_SCRIPT

# setup the neutron users in keystone
openstack user create --domain default --password $NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

# install packages
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset

# setup the config files 
crudini --set /etc/neutron/neutron.conf database connection mysql://neutron:$NEUTRON_DBPASS@controller/neutron
crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router
crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
crudini --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
crudini --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password $RABBIT_PASS
crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
crudini --del /etc/neutron/neutron.conf keystone_authtoken
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service
crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron
crudini --set /etc/neutron/neutron.conf keystone_authtoken password $NEUTRON_PASS
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
crudini --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
crudini --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
crudini --set /etc/neutron/neutron.conf nova auth_plugin password
crudini --set /etc/neutron/neutron.conf nova project_domain_id default
crudini --set /etc/neutron/neutron.conf nova user_domain_id default
crudini --set /etc/neutron/neutron.conf nova region_name RegionOne
crudini --set /etc/neutron/neutron.conf nova project_name service
crudini --set /etc/neutron/neutron.conf nova username nova
crudini --set /etc/neutron/neutron.conf nova password $NOVA_PASS
crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
crudini --set /etc/neutron/neutron.conf DEFAULT verbose True

# ml2 plugin config, layer 3 and dhcp
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan


# the linux bridge agent only supports vxlan overlay networks.
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

# configure the linux bridge agent
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:eno2
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip $MY_VXLAN_IP
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

# configure the layer-3 agent
crudini --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
crudini --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
crudini --set /etc/neutron/l3_agent.ini DEFAULT verbose True

# configure the dhcp agent
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

# create and set dhcp
touch /etc/neutron/dnsmasq-neutron.conf
echo "dhcp-option-force=26,1450" >> /etc/neutron/dnsmasq-neutron.conf


# config metadata
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
crudini --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
crudini --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
crudini --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
crudini --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
crudini --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
crudini --set /etc/neutron/metadata_agent.ini DEFAULT password $NEUTRON_PASS
crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret $METADATA_SECRET
crudini --set /etc/neutron/metadata_agent.ini DEFAULT verbose True

# configure compute to use the network
crudini --set /etc/nova/nova.conf neutron url http://controller:9696
crudini --set /etc/nova/nova.conf neutron auth_url http://controller:35357
crudini --set /etc/nova/nova.conf neutron auth_plugin password
crudini --set /etc/nova/nova.conf neutron project_domain_id default
crudini --set /etc/nova/nova.conf neutron user_domain_id default
crudini --set /etc/nova/nova.conf neutron region_name RegionOne
crudini --set /etc/nova/nova.conf neutron project_name service
crudini --set /etc/nova/nova.conf neutron username neutron
crudini --set /etc/nova/nova.conf neutron password $NEUTRON_PASS
crudini --set /etc/nova/nova.conf neutron service_metadata_proxy True
crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret $METADATA_SECRET

# setup the plugin 
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# setup the neutron db
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

# setup the neutron services
# on controller
systemctl enable neutron-server.service
systemctl start neutron-server.service

#-------------
# dashboard
#-------------
yum install openstack-dashboard -y
sed -i 's/OPENSTACK_HOST = "127.0.0.1"/OPENSTACK_HOST = "controller"/g' /etc/openstack-dashboard/local_settings
sed -i "s/ALLOWED_HOSTS = \['horizon.example.com', 'localhost'\]/ALLOWED_HOSTS = \['*',\]/g" /etc/openstack-dashboard/local_settings
sed -i "s/'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',/'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', \n\t 'LOCATION': '127.0.0.1:11211', /g" /etc/openstack-dashboard/local_settings
sed -i 's/OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"/OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"/g' /etc/openstack-dashboard/local_settings
sed -i 's/#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False/OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True/g' /etc/openstack-dashboard/local_settings
#sed -i "s/#OPENSTACK_API_VERSIONS = {/OPENSTACK_API_VERSIONS = { \n\t\"identity\": 3, \n\t\"volume\": 2, \n\t } \n/g" /etc/openstack-dashboard/local_settings
# seems a bug with using id v3 so moved to v2 to get passed - it was saying unknown service compute despite being defined with endpoints. might need to review to sort, should be v3, maybe endpoints needs to be defined as v3? check https://wiki.ncsa.illinois.edu/display/ITS/Changing+from+APIv2.0+to+APIv3+in+Keystone+-+Openstack+Juno+on+Ubuntu
sed -i "s/#OPENSTACK_API_VERSIONS = {/OPENSTACK_API_VERSIONS = { \n\t\"identity\": 2, \n\t\"volume\": 2, \n\t } \n/g" /etc/openstack-dashboard/local_settings
systemctl enable httpd.service memcached.service
systemctl restart httpd.service memcached.service


# At this point mysql crapped out due to the max_connections limts 
MariaDB [(none)]> show variables like 'max_connections';
+-----------------+-------+
| Variable_name   | Value |
+-----------------+-------+
| max_connections | 151   |
+-----------------+-------+
1 row in set (0.01 sec)

# lets up that to 512
sed -i '1 a open_files_limit = 8192' /etc/my.cnf
sed -i '2 a max_connections = 1024' /etc/my.cnf
systemctl restart mariadb

# lets check that again 
MariaDB [(none)]> show variables like 'max_connections';
+-----------------+-------+
| Variable_name   | Value |
+-----------------+-------+
| max_connections | 1024  |
+-----------------+-------+
# note - worth looking in to the openstack at scale for parameters like this

Setup the Network Node

Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=OpenStack:_Install_OpenStack_Liberty_on_Centos_7_/_OpenHPC&oldid=13251"