From 766751c6fd1c327d5d7da07da7a689bd46c0e73a Mon Sep 17 00:00:00 2001 From: Kevin Jackson Date: Tue, 22 Apr 2014 20:06:00 +0100 Subject: [PATCH] On the road to Icehouse. Further work needed but nearly there. --- Vagrantfile | 6 +- ceilometer.sh | 1 + common.sh | 12 +- compute.sh | 243 ++++++++++++++++++- controller-gre.sh | 26 +- controller-vlan.sh | 12 +- controller.sh | 586 ++++++++++++++++++++++++++++++++++++++++++++- heat.sh | 2 + keystone.sh | 10 +- network-gre.sh | 4 +- network-vlan.sh | 4 +- network.sh | 131 +++++++++- swift.sh | 2 +- 13 files changed, 1002 insertions(+), 37 deletions(-) mode change 120000 => 100755 compute.sh mode change 120000 => 100755 controller.sh mode change 120000 => 100755 network.sh diff --git a/Vagrantfile b/Vagrantfile index fbf0772..430ef63 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -17,8 +17,8 @@ Vagrant.configure("2") do |config| #config.proxy.no_proxy = "localhost,127.0.0.1" - config.vm.box = "precise64" - config.vm.box_url = "http://files.vagrantup.com/precise64.box" + config.vm.box = "trusty64" + config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box" #Default is 2200..something, but port 2200 is used by forescout NAC agent. config.vm.usable_port_range= 2800..2900 @@ -58,11 +58,13 @@ Vagrant.configure("2") do |config| if prefix == "compute" vbox.customize ["modifyvm", :id, "--memory", 2048] vbox.customize ["modifyvm", :id, "--cpus", 2] + vbox.customize ["modifyvm", :id, "--nicpromisc3", "allow-all"] vbox.customize ["modifyvm", :id, "--nicpromisc4", "allow-all"] elsif prefix == "controller" vbox.customize ["modifyvm", :id, "--memory", 2048] elsif prefix == "network" vbox.customize ["modifyvm", :id, "--memory", 1024] + vbox.customize ["modifyvm", :id, "--nicpromisc3", "allow-all"] vbox.customize ["modifyvm", :id, "--nicpromisc4", "allow-all"] elsif prefix == "proxy" vbox.customize ["modifyvm", :id, "--memory", 512] diff --git a/ceilometer.sh b/ceilometer.sh index c57151e..13b72e8 100755 --- a/ceilometer.sh +++ b/ceilometer.sh @@ -38,6 +38,7 @@ keystone service-create --name=ceilometer --type=metering --description="Ceilome METERING_SERVICE_ID=$(keystone service-list | awk '/\ metering\ / {print $2}') keystone endpoint-create \ + --region regionOne \ --service-id=${METERING_SERVICE_ID} \ --publicurl=http://${CONTROLLER_HOST}:8777 \ --internalurl=http://${CONTROLLER_HOST}:8777 \ diff --git a/common.sh b/common.sh index 90a0bf0..0a160f0 100755 --- a/common.sh +++ b/common.sh @@ -45,12 +45,12 @@ fi sudo apt-get update # Havana Goodness sudo apt-get -y install ubuntu-cloud-keyring -H_SOURCES="/etc/apt/sources.list.d/havana.list" -if [[ ! -f ${H_SOURCES} ]] -then - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main" | sudo tee -a ${H_SOURCES} - echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/havana main" | sudo tee -a ${H_SOURCES} -fi +#H_SOURCES="/etc/apt/sources.list.d/havana.list" +#if [[ ! -f ${H_SOURCES} ]] +#then +# echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/havana main" | sudo tee -a ${H_SOURCES} +# echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/havana main" | sudo tee -a ${H_SOURCES} +#fi sudo apt-get update && apt-get upgrade -y diff --git a/compute.sh b/compute.sh deleted file mode 120000 index 731b627..0000000 --- a/compute.sh +++ /dev/null @@ -1 +0,0 @@ -compute-gre.sh \ No newline at end of file diff --git a/compute.sh b/compute.sh new file mode 100755 index 0000000..5331aeb --- /dev/null +++ b/compute.sh @@ -0,0 +1,242 @@ +#!/bin/bash + +# compute.sh + +# Authors: Kevin Jackson (kevin@linuxservices.co.uk) +# Cody Bunch (bunchc@gmail.com) + +# Vagrant scripts used by the OpenStack Cloud Computing Cookbook, 2nd Edition, October 2013 +# Website: http://www.openstackcookbook.com/ +# Suitable for OpenStack Havana + +# There are lots of bits adapted from: +# https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst + +# Source in common env vars +. /vagrant/common.sh + +# The routeable IP of the node is on our eth1 interface +MY_IP=$(ifconfig eth1 | awk '/inet addr/ {split ($2,A,":"); print A[2]}') +ETH3_IP=$(ifconfig eth3 | awk '/inet addr/ {split ($2,A,":"); print A[2]}') + +# Must define your environment +MYSQL_HOST=${CONTROLLER_HOST} +GLANCE_HOST=${CONTROLLER_HOST} + +nova_compute_install() { + + # Install some packages: + sudo apt-get -y install nova-api-metadata nova-compute nova-compute-qemu nova-doc novnc nova-novncproxy nova-consoleauth + sudo apt-get install -y vlan bridge-utils + sudo apt-get install -y libvirt-bin pm-utils sysfsutils + sudo service ntp restart +} + +nova_configure() { + +# Networking +# ip forwarding +sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf +# To save you from rebooting, perform the following +sysctl net.ipv4.ip_forward=1 +# Kill default bridge +virsh net-destroy default +virsh net-undefine default + +# Enable Live migrate +#sudo sed -i 's/listen_tls = 0//g' /etc/libvirt/libvirt.conf +#listen_tcp = 1 +#auth_tcp = "none"' + +# Enable libvirtd_opts +# env libvirtd_opts="-d -l" +# /etc/default/libvirt-bin +#libvirtd_opts="-d -l" + +# restart libvirt +sudo service libvirt-bin restart + +# OpenVSwitch +sudo apt-get install -y linux-headers-`uname -r` build-essential +sudo apt-get install -y openvswitch-switch openvswitch-datapath-dkms + +# Edit the /etc/network/interfaces file for eth2? +sudo ifconfig eth2 0.0.0.0 up +sudo ip link set eth2 promisc on + +# OpenVSwitch Configuration +#br-int will be used for VM integration +sudo ovs-vsctl add-br br-int + +sudo ovs-vsctl add-br br-ex +sudo ovs-vsctl add-port br-ex eth3 + +# Edit the /etc/network/interfaces file for eth3? +sudo ifconfig eth3 0.0.0.0 up +sudo ip link set eth3 promisc on +# Assign IP to br-ex so it is accessible +sudo ifconfig br-ex $ETH3_IP netmask 255.255.255.0 + +# Quantum +sudo apt-get install -y neutron-plugin-openvswitch-agent python-cinderclient + +# Configure Quantum +# /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +echo " +[DATABASE] +reconnect_interval = 2 +connection=mysql://neutron:openstack@${CONTROLLER_HOST}/neutron +[AGENT] +# Agent's polling interval in seconds +polling_interval = 2 +[OVS] +tenant_network_type=gre +tunnel_id_ranges=1:1000 +integration_bridge=br-int +tunnel_bridge=br-tun +local_ip=${MY_IP} +enable_tunneling=True +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf +[SECURITYGROUP] +# Firewall driver for realizing neutron security group function +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +" | sudo tee -a /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + +# Configure Neutron +sudo sed -i "s/# rabbit_host = localhost/rabbit_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf +sudo sed -i 's/# auth_strategy = keystone/auth_strategy = keystone/g' /etc/neutron/neutron.conf +sudo sed -i "s/auth_host = 127.0.0.1/auth_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf +sudo sed -i 's/admin_tenant_name = %SERVICE_TENANT_NAME%/admin_tenant_name = service/g' /etc/neutron/neutron.conf +sudo sed -i 's/admin_user = %SERVICE_USER%/admin_user = neutron/g' /etc/neutron/neutron.conf +sudo sed -i 's/admin_password = %SERVICE_PASSWORD%/admin_password = neutron/g' /etc/neutron/neutron.conf +sudo sed -i 's/^root_helper.*/root_helper = sudo/g' /etc/neutron/neutron.conf +sudo sed -i 's/# allow_overlapping_ips = False/allow_overlapping_ips = True/g' /etc/neutron/neutron.conf +sudo sed -i "s,^connection.*,connection = mysql://neutron:${MYSQL_NEUTRON_PASS}@${MYSQL_HOST}/neutron," /etc/neutron/neutron.conf + + +echo " +Defaults !requiretty +neutron ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers + +# Restart Quantum Services +service neutron-plugin-openvswitch-agent restart + + +# Clobber the nova.conf file with the following +NOVA_CONF=/etc/nova/nova.conf +NOVA_API_PASTE=/etc/nova/api-paste.ini + +cat > /tmp/nova.conf << EOF +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose=True + +api_paste_config=/etc/nova/api-paste.ini +enabled_apis=ec2,osapi_compute,metadata + +# Libvirt and Virtualization +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +libvirt_type=qemu + +# Database +sql_connection=mysql://nova:openstack@${MYSQL_HOST}/nova + +# Messaging +rabbit_host=${MYSQL_HOST} + +# EC2 API Flags +ec2_host=${MYSQL_HOST} +ec2_dmz_host=${MYSQL_HOST} +ec2_private_dns_show_ip=True + +# Network settings +network_api_class=nova.network.neutronv2.api.API +neutron_url=http://${CONTROLLER_HOST}:9696 +neutron_auth_strategy=keystone +neutron_admin_tenant_name=service +neutron_admin_username=neutron +neutron_admin_password=neutron +neutron_admin_auth_url=http://${CONTROLLER_HOST}:5000/v2.0 +libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver +linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver +security_group_api=neutron + +#Metadata +service_neutron_metadata_proxy = True +neutron_metadata_proxy_shared_secret = foo +#metadata_host = ${MY_IP} +#metadata_listen = 127.0.0.1 +#metadata_listen_port = 8775 + +# Cinder # +volume_driver=nova.volume.driver.ISCSIDriver +enabled_apis=ec2,osapi_compute,metadata +volume_api_class=nova.volume.cinder.API +iscsi_helper=tgtadm +iscsi_ip_address=${CONTROLLER_HOST} + +# Images +image_service=nova.image.glance.GlanceImageService +glance_api_servers=${GLANCE_HOST}:9292 + +# Scheduler +scheduler_default_filters=AllHostsFilter + +# Auth +auth_strategy=keystone +keystone_ec2_url=http://${KEYSTONE_ENDPOINT}:5000/v2.0/ec2tokens + +# NoVNC +novnc_enabled=true +novncproxy_host=${CONTROLLER_HOST} +novncproxy_base_url=http://${CONTROLLER_HOST}:6080/vnc_auto.html +novncproxy_port=6080 + +xvpvncproxy_port=6081 +xvpvncproxy_host=${CONTROLLER_HOST} +xvpvncproxy_base_url=http://${CONTROLLER_HOST}:6081/console + +vncserver_proxyclient_address=${MY_IP} +vncserver_listen=0.0.0.0 + +EOF + + + sudo rm -f $NOVA_CONF + sudo mv /tmp/nova.conf $NOVA_CONF + sudo chmod 0640 $NOVA_CONF + sudo chown nova:nova $NOVA_CONF + + # Paste file + sudo sed -i "s/127.0.0.1/'$KEYSTONE_ENDPOINT'/g" $NOVA_API_PASTE + sudo sed -i "s/%SERVICE_TENANT_NAME%/'service'/g" $NOVA_API_PASTE + sudo sed -i "s/%SERVICE_USER%/nova/g" $NOVA_API_PASTE + sudo sed -i "s/%SERVICE_PASSWORD%/'$SERVICE_PASS'/g" $NOVA_API_PASTE + + sudo nova-manage db sync +} + +nova_ceilometer() { + /vagrant/ceilometer-compute.sh +} + +nova_restart() { + for P in $(ls /etc/init/nova* | cut -d'/' -f4 | cut -d'.' -f1) + do + sudo stop ${P} + sudo start ${P} + done +} + +# Main +nova_compute_install +nova_configure +nova_ceilometer +nova_restart diff --git a/controller-gre.sh b/controller-gre.sh index 1e04aca..d6bf399 100755 --- a/controller-gre.sh +++ b/controller-gre.sh @@ -60,7 +60,7 @@ mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'keystone'@'%' = PASSWORD(' sudo sed -i "s#^connection.*#connection = mysql://keystone:openstack@${MYSQL_HOST}/keystone#" /etc/keystone/keystone.conf -sudo sed -i 's/^# admin_token.*/admin_token = ADMIN/' /etc/keystone/keystone.conf +sudo sed -i 's/^#admin_token.*/admin_token = ADMIN/' /etc/keystone/keystone.conf sudo stop keystone sudo start keystone @@ -132,7 +132,7 @@ PUBLIC="http://$ENDPOINT:8774/v2/\$(tenant_id)s" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $NOVA_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $NOVA_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # OpenStack Compute EC2 API EC2_SERVICE_ID=$(keystone service-list | awk '/\ ec2\ / {print $2}') @@ -141,7 +141,7 @@ PUBLIC="http://$ENDPOINT:8773/services/Cloud" ADMIN="http://$ENDPOINT:8773/services/Admin" INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $EC2_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $EC2_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Glance Image Service GLANCE_SERVICE_ID=$(keystone service-list | awk '/\ glance\ / {print $2}') @@ -150,7 +150,7 @@ PUBLIC="http://$ENDPOINT:9292/v1" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $GLANCE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $GLANCE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Keystone OpenStack Identity Service KEYSTONE_SERVICE_ID=$(keystone service-list | awk '/\ keystone\ / {print $2}') @@ -159,11 +159,10 @@ PUBLIC="http://$ENDPOINT:5000/v2.0" ADMIN="http://$ENDPOINT:35357/v2.0" INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $KEYSTONE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Cinder Block Storage Service CINDER_SERVICE_ID=$(keystone service-list | awk '/\ volume\ / {print $2}') -controller #CINDER_ENDPOINT="172.16.0.211" #Dynamically determine first three octets if user specifies alternative IP ranges. Fourth octet still hardcoded CINDER_ENDPOINT=$(ifconfig eth1 | awk '/inet addr/ {split ($2,A,":"); print A[2]}' | sed 's/\.[0-9]*$/.211/') @@ -171,7 +170,7 @@ PUBLIC="http://$CINDER_ENDPOINT:8776/v1/%(tenant_id)s" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $CINDER_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $CINDER_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Neutron Network Service NEUTRON_SERVICE_ID=$(keystone service-list | awk '/\ network\ / {print $2}') @@ -180,7 +179,7 @@ PUBLIC="http://$ENDPOINT:9696" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $NEUTRON_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $NEUTRON_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Service Tenant keystone tenant-create --name service --description "Service Tenant" --enabled true @@ -248,6 +247,7 @@ mysql -uroot -p$MYSQL_ROOT_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance' mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'glance'@'%' = PASSWORD('$MYSQL_GLANCE_PASS');" # glance-api-paste.ini +cp /etc/glance/glance-api-paste.ini{,.bak} echo "service_protocol = http service_host = ${MY_IP} service_port = 5000 @@ -260,13 +260,13 @@ admin_user = glance admin_password = glance " | sudo tee -a /etc/glance/glance-api-paste.ini +cp /etc/glance/glance-api.conf{,.bak} sudo sed -i 's/^#known_stores.*/known_stores = glance.store.filesystem.Store,\ glance.store.http.Store,\ - glance.store.rbd.Store,\ - glance.store.s3.Store,\ glance.store.swift.Store/' /etc/glance/glance-api.conf # glance-api.conf +cp /etc/glance/glance-api-paste.ini{,.bak} echo "[keystone_authtoken] service_protocol = http service_host = ${MY_IP} @@ -284,6 +284,7 @@ flavor = keystone " | sudo tee -a /etc/glance/glance-api.conf # glance-registry-paste.ini +cp /etc/glance/glance-registry-paste.ini{,.bak} echo "service_protocol = http service_host = ${MY_IP} service_port = 5000 @@ -297,6 +298,7 @@ admin_password = glance " | sudo tee -a /etc/glance/glance-registry-paste.ini # glance-registry.conf +cp /etc/glance/glance-registry.conf{,.bak} echo "[keystone_authtoken] service_protocol = http service_host = ${MY_IP} @@ -374,10 +376,12 @@ keystone user-role-list --tenant-id $SERVICE_TENANT_ID --user-id $NEUTRON_USER_I sudo apt-get -y install neutron-server neutron-plugin-openvswitch # /etc/neutron/api-paste.ini +cp /etc/neutron/api-paste.ini{,.bak} rm -f /etc/neutron/api-paste.ini cp /vagrant/files/neutron/api-paste.ini /etc/neutron/api-paste.ini # /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +cp /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini{,.bak} echo " [DATABASE] connection=mysql://neutron:openstack@${MYSQL_HOST}/neutron @@ -395,6 +399,7 @@ firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewal # Configure Neutron +cp /etc/neutron/neutron.conf{,.bak} sudo sed -i "s/# rabbit_host = localhost/rabbit_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf sudo sed -i 's/# auth_strategy = keystone/auth_strategy = keystone/g' /etc/neutron/neutron.conf sudo sed -i "s/auth_host = 127.0.0.1/auth_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf @@ -518,6 +523,7 @@ vncserver_listen=0.0.0.0 EOF +cp ${NOVA_CONF} ${NOVA_CONF}.bak sudo rm -f $NOVA_CONF sudo mv /tmp/nova.conf $NOVA_CONF sudo chmod 0640 $NOVA_CONF diff --git a/controller-vlan.sh b/controller-vlan.sh index 937da7f..2e04b1c 100755 --- a/controller-vlan.sh +++ b/controller-vlan.sh @@ -128,7 +128,7 @@ PUBLIC="http://$ENDPOINT:8774/v2/\$(tenant_id)s" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $NOVA_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $NOVA_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # OpenStack Compute EC2 API EC2_SERVICE_ID=$(keystone service-list | awk '/\ ec2\ / {print $2}') @@ -137,7 +137,7 @@ PUBLIC="http://$ENDPOINT:8773/services/Cloud" ADMIN="http://$ENDPOINT:8773/services/Admin" INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $EC2_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $EC2_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Glance Image Service GLANCE_SERVICE_ID=$(keystone service-list | awk '/\ glance\ / {print $2}') @@ -146,7 +146,7 @@ PUBLIC="http://$ENDPOINT:9292/v1" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $GLANCE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $GLANCE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Keystone OpenStack Identity Service KEYSTONE_SERVICE_ID=$(keystone service-list | awk '/\ keystone\ / {print $2}') @@ -155,7 +155,7 @@ PUBLIC="http://$ENDPOINT:5000/v2.0" ADMIN="http://$ENDPOINT:35357/v2.0" INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $KEYSTONE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $KEYSTONE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Cinder Block Storage Service CINDER_SERVICE_ID=$(keystone service-list | awk '/\ volume\ / {print $2}') @@ -167,7 +167,7 @@ PUBLIC="http://$CINDER_ENDPOINT:8776/v1/%(tenant_id)s" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $CINDER_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $CINDER_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Quantum Network Service QUANTUM_SERVICE_ID=$(keystone service-list | awk '/\ network\ / {print $2}') @@ -176,7 +176,7 @@ PUBLIC="http://$ENDPOINT:9696/" ADMIN=$PUBLIC INTERNAL=$PUBLIC -keystone endpoint-create --region RegionOne --service_id $QUANTUM_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL +keystone endpoint-create --region regionOne --service_id $QUANTUM_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL # Service Tenant keystone tenant-create --name service --description "Service Tenant" --enabled true diff --git a/controller.sh b/controller.sh deleted file mode 120000 index c360167..0000000 --- a/controller.sh +++ /dev/null @@ -1 +0,0 @@ -controller-gre.sh \ No newline at end of file diff --git a/controller.sh b/controller.sh new file mode 100755 index 0000000..620137b --- /dev/null +++ b/controller.sh @@ -0,0 +1,585 @@ +#!/bin/bash + +# controller.sh + +# Authors: Kevin Jackson (kevin@linuxservices.co.uk) +# Cody Bunch (bunchc@gmail.com) + +# Vagrant scripts used by the OpenStack Cloud Computing Cookbook, 2nd Edition, October 2013 +# Website: http://www.openstackcookbook.com/ +# Suitable for OpenStack Grizzly + +# Source in common env vars +. /vagrant/common.sh + +# The routeable IP of the node is on our eth1 interface +MY_IP=$(ifconfig eth1 | awk '/inet addr/ {split ($2,A,":"); print A[2]}') + +#export LANG=C + +# MySQL +export MYSQL_HOST=$MY_IP +export MYSQL_ROOT_PASS=openstack +export MYSQL_DB_PASS=openstack + +echo "mysql-server-5.5 mysql-server/root_password password $MYSQL_ROOT_PASS" | sudo debconf-set-selections +echo "mysql-server-5.5 mysql-server/root_password_again password $MYSQL_ROOT_PASS" | sudo debconf-set-selections +echo "mysql-server-5.5 mysql-server/root_password seen true" | sudo debconf-set-selections +echo "mysql-server-5.5 mysql-server/root_password_again seen true" | sudo debconf-set-selections + +sudo apt-get -y install mysql-server python-mysqldb + +sudo sed -i "s/^bind\-address.*/bind-address = 0.0.0.0/g" /etc/mysql/my.cnf +sudo sed -i "s/^#max_connections.*/max_connections = 512/g" /etc/mysql/my.cnf + +# Skip Name Resolve +echo "[mysqld] +skip-name-resolve" > /etc/mysql/conf.d/skip-name-resolve.cnf + + +# UTF-8 Stuff +echo "[mysqld] +collation-server = utf8_general_ci +init-connect='SET NAMES utf8' +character-set-server = utf8" > /etc/mysql/conf.d/01-utf8.cnf + +sudo restart mysql + +# Ensure root can do its job +mysql -u root --password=${MYSQL_ROOT_PASS} -h localhost -e "GRANT ALL ON *.* to root@\"localhost\" IDENTIFIED BY \"${MYSQL_ROOT_PASS}\" WITH GRANT OPTION;" +mysql -u root --password=${MYSQL_ROOT_PASS} -h localhost -e "GRANT ALL ON *.* to root@\"${MYSQL_HOST}\" IDENTIFIED BY \"${MYSQL_ROOT_PASS}\" WITH GRANT OPTION;" +mysql -u root --password=${MYSQL_ROOT_PASS} -h localhost -e "GRANT ALL ON *.* to root@\"%\" IDENTIFIED BY \"${MYSQL_ROOT_PASS}\" WITH GRANT OPTION;" + +mysqladmin -uroot -p${MYSQL_ROOT_PASS} flush-privileges + +###################### +# Chapter 1 KEYSTONE # +###################### + +# Create database +sudo apt-get -y install keystone python-keyring + +# Config Files +KEYSTONE_CONF=/etc/keystone/keystone.conf + +MYSQL_ROOT_PASS=openstack +MYSQL_KEYSTONE_PASS=openstack +mysql -uroot -p$MYSQL_ROOT_PASS -e 'CREATE DATABASE keystone;' +mysql -uroot -p$MYSQL_ROOT_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%';" +mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'keystone'@'%' = PASSWORD('$MYSQL_KEYSTONE_PASS');" + +sudo sed -i "s#^connection.*#connection = mysql://keystone:${MYSQL_KEYSTONE_PASS}@${MYSQL_HOST}/keystone#" ${KEYSTONE_CONF} +sudo sed -i 's/^#admin_token.*/admin_token = ADMIN/' ${KEYSTONE_CONF} +sudo sed -i 's,^#log_dir.*,log_dir = /var/log/keystone,' ${KEYSTONE_CONF} + +sudo stop keystone +sudo start keystone + +sudo keystone-manage db_sync + +sudo apt-get -y install python-keystoneclient + +export ENDPOINT=${MY_IP} +export SERVICE_TOKEN=ADMIN +export SERVICE_ENDPOINT=http://${ENDPOINT}:35357/v2.0 +export PASSWORD=openstack + +# admin role +keystone role-create --name admin + +# Member role +keystone role-create --name Member + +keystone tenant-create --name cookbook --description "Default Cookbook Tenant" --enabled true + +TENANT_ID=$(keystone tenant-list | awk '/\ cookbook\ / {print $2}') + +keystone user-create --name admin --tenant_id $TENANT_ID --pass $PASSWORD --email root@localhost --enabled true + +TENANT_ID=$(keystone tenant-list | awk '/\ cookbook\ / {print $2}') + +ROLE_ID=$(keystone role-list | awk '/\ admin\ / {print $2}') + +USER_ID=$(keystone user-list | awk '/\ admin\ / {print $2}') + +keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID + +# Create the user +PASSWORD=openstack +keystone user-create --name demo --tenant_id $TENANT_ID --pass $PASSWORD --email demo@localhost --enabled true + +TENANT_ID=$(keystone tenant-list | awk '/\ cookbook\ / {print $2}') + +ROLE_ID=$(keystone role-list | awk '/\ Member\ / {print $2}') + +USER_ID=$(keystone user-list | awk '/\ demo\ / {print $2}') + +# Assign the Member role to the demo user in cookbook +keystone user-role-add --user $USER_ID --role $ROLE_ID --tenant_id $TENANT_ID + +# OpenStack Compute Nova API Endpoint +keystone service-create --name nova --type compute --description 'OpenStack Compute Service' + +# OpenStack Compute EC2 API Endpoint +keystone service-create --name ec2 --type ec2 --description 'EC2 Service' + +# Glance Image Service Endpoint +keystone service-create --name glance --type image --description 'OpenStack Image Service' + +# Keystone Identity Service Endpoint +keystone service-create --name keystone --type identity --description 'OpenStack Identity Service' + +# Cinder Block Storage Endpoint +keystone service-create --name volume --type volume --description 'Volume Service' + +# Neutron Network Service Endpoint +keystone service-create --name network --type network --description 'Neutron Network Service' + +# OpenStack Compute Nova API +NOVA_SERVICE_ID=$(keystone service-list | awk '/\ nova\ / {print $2}') + +PUBLIC="http://$ENDPOINT:8774/v2/\$(tenant_id)s" +ADMIN=$PUBLIC +INTERNAL=$PUBLIC + +keystone endpoint-create --region regionOne --service_id $NOVA_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL + +# OpenStack Compute EC2 API +EC2_SERVICE_ID=$(keystone service-list | awk '/\ ec2\ / {print $2}') + +PUBLIC="http://$ENDPOINT:8773/services/Cloud" +ADMIN="http://$ENDPOINT:8773/services/Admin" +INTERNAL=$PUBLIC + +keystone endpoint-create --region regionOne --service_id $EC2_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL + +# Glance Image Service +GLANCE_SERVICE_ID=$(keystone service-list | awk '/\ glance\ / {print $2}') + +PUBLIC="http://$ENDPOINT:9292/v2" +ADMIN=$PUBLIC +INTERNAL=$PUBLIC + +keystone endpoint-create --region regionOne --service_id $GLANCE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL + +# Keystone OpenStack Identity Service +KEYSTONE_SERVICE_ID=$(keystone service-list | awk '/\ keystone\ / {print $2}') + +PUBLIC="http://$ENDPOINT:5000/v2.0" +ADMIN="http://$ENDPOINT:35357/v2.0" +INTERNAL=$PUBLIC + +keystone endpoint-create --region regionOne --service_id $KEYSTONE_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL + +# Cinder Block Storage Service +CINDER_SERVICE_ID=$(keystone service-list | awk '/\ volume\ / {print $2}') +#CINDER_ENDPOINT="172.16.0.211" +#Dynamically determine first three octets if user specifies alternative IP ranges. Fourth octet still hardcoded +CINDER_ENDPOINT=$(ifconfig eth1 | awk '/inet addr/ {split ($2,A,":"); print A[2]}' | sed 's/\.[0-9]*$/.211/') +PUBLIC="http://$CINDER_ENDPOINT:8776/v1/%(tenant_id)s" +ADMIN=$PUBLIC +INTERNAL=$PUBLIC + +keystone endpoint-create --region regionOne --service_id $CINDER_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL + +# Neutron Network Service +NEUTRON_SERVICE_ID=$(keystone service-list | awk '/\ network\ / {print $2}') + +PUBLIC="http://$ENDPOINT:9696" +ADMIN=$PUBLIC +INTERNAL=$PUBLIC + +keystone endpoint-create --region regionOne --service_id $NEUTRON_SERVICE_ID --publicurl $PUBLIC --adminurl $ADMIN --internalurl $INTERNAL + +# Service Tenant +keystone tenant-create --name service --description "Service Tenant" --enabled true + +SERVICE_TENANT_ID=$(keystone tenant-list | awk '/\ service\ / {print $2}') + +keystone user-create --name nova --pass nova --tenant_id $SERVICE_TENANT_ID --email nova@localhost --enabled true + +keystone user-create --name glance --pass glance --tenant_id $SERVICE_TENANT_ID --email glance@localhost --enabled true + +keystone user-create --name keystone --pass keystone --tenant_id $SERVICE_TENANT_ID --email keystone@localhost --enabled true + +keystone user-create --name cinder --pass cinder --tenant_id $SERVICE_TENANT_ID --email cinder@localhost --enabled true + +keystone user-create --name neutron --pass neutron --tenant_id $SERVICE_TENANT_ID --email neutron@localhost --enabled true + +# Get the nova user id +NOVA_USER_ID=$(keystone user-list | awk '/\ nova\ / {print $2}') + +# Get the admin role id +ADMIN_ROLE_ID=$(keystone role-list | awk '/\ admin\ / {print $2}') + +# Assign the nova user the admin role in service tenant +keystone user-role-add --user $NOVA_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID + +# Get the glance user id +GLANCE_USER_ID=$(keystone user-list | awk '/\ glance\ / {print $2}') + +# Assign the glance user the admin role in service tenant +keystone user-role-add --user $GLANCE_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID + +# Get the keystone user id +KEYSTONE_USER_ID=$(keystone user-list | awk '/\ keystone\ / {print $2}') + +# Assign the keystone user the admin role in service tenant +keystone user-role-add --user $KEYSTONE_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID + +# Get the cinder user id +CINDER_USER_ID=$(keystone user-list | awk '/\ cinder \ / {print $2}') + +# Assign the cinder user the admin role in service tenant +keystone user-role-add --user $CINDER_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID + +# Create neutron service user in the services tenant +NEUTRON_USER_ID=$(keystone user-list | awk '/\ neutron \ / {print $2}') + +# Grant admin role to neutron service user +keystone user-role-add --user $NEUTRON_USER_ID --role $ADMIN_ROLE_ID --tenant_id $SERVICE_TENANT_ID + + +###################### +# Chapter 2 GLANCE # +###################### + +# Install Service +sudo apt-get update +sudo apt-get -y install glance +sudo apt-get -y install python-glanceclient + +# Config Files +GLANCE_API_CONF=/etc/glance/glance-api.conf +GLANCE_REGISTRY_CONF=/etc/glance/glance-registry.conf + +SERVICE_TENANT=service +GLANCE_SERVICE_USER=glance +GLANCE_SERVICE_PASS=glance + +# Create database +MYSQL_ROOT_PASS=openstack +MYSQL_GLANCE_PASS=openstack +mysql -uroot -p$MYSQL_ROOT_PASS -e 'CREATE DATABASE glance;' +mysql -uroot -p$MYSQL_ROOT_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%';" +mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'glance'@'%' = PASSWORD('$MYSQL_GLANCE_PASS');" + +## /etc/glance/glance-api.conf +sudo cp ${GLANCE_API_CONF}{,.bak} +sudo sed -i 's/^#known_stores.*/known_stores = glance.store.filesystem.Store,\ + glance.store.http.Store,\ + glance.store.swift.Store/' ${GLANCE_API_CONF} + +sudo sed -i "s/127.0.0.1/$KEYSTONE_ENDPOINT/g" $GLANCE_API_CONF +sudo sed -i "s/%SERVICE_TENANT_NAME%/$SERVICE_TENANT/g" $GLANCE_API_CONF +sudo sed -i "s/%SERVICE_USER%/$GLANCE_SERVICE_USER/g" $GLANCE_API_CONF +sudo sed -i "s/%SERVICE_PASSWORD%/$GLANCE_SERVICE_PASS/g" $GLANCE_API_CONF + +sudo sed -i "s,^#connection.*,connection = mysql://glance:${MYSQL_GLANCE_PASS}@${MYSQL_HOST}/glance," ${GLANCE_API_CONF} + +echo " +[paste_deploy] +config_file = /etc/glance/glance-api-paste.ini +flavor = keystone +" | sudo tee -a ${GLANCE_API_CONF} + + +## /etc/glance/glance-registry.conf +sudo cp ${GLANCE_REGISTRY_CONF}{,.bak} +sudo sed -i 's/^#known_stores.*/known_stores = glance.store.filesystem.Store,\ + glance.store.http.Store,\ + glance.store.swift.Store/' ${GLANCE_REGISTRY_CONF} + +sudo sed -i "s/127.0.0.1/$KEYSTONE_ENDPOINT/g" $GLANCE_REGISTRY_CONF +sudo sed -i "s/%SERVICE_TENANT_NAME%/$SERVICE_TENANT/g" $GLANCE_REGISTRY_CONF +sudo sed -i "s/%SERVICE_USER%/$GLANCE_SERVICE_USER/g" $GLANCE_API_CONF +sudo sed -i "s/%SERVICE_PASSWORD%/$GLANCE_SERVICE_PASS/g" $GLANCE_API_CONF + +sudo sed -i "s,^#connection.*,connection = mysql://glance:${MYSQL_GLANCE_PASS}@${MYSQL_HOST}/glance," ${GLANCE_REGISTRY_CONF} + +echo " +[paste_deploy] +config_file = /etc/glance/glance-registry-paste.ini +flavor = keystone +" | sudo tee -a ${GLANCE_REGISTRY_CONF} + +sudo stop glance-registry +sudo start glance-registry +sudo stop glance-api +sudo start glance-api + +sudo glance-manage db_sync + +# Get some images and upload +export OS_TENANT_NAME=cookbook +export OS_USERNAME=admin +export OS_PASSWORD=openstack +export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/ +export OS_NO_CACHE=1 + +#sudo apt-get -y install wget + +# Get the images +# First check host +CIRROS="cirros-0.3.0-x86_64-disk.img" +UBUNTU="precise-server-cloudimg-amd64-disk1.img" + +if [[ ! -f /vagrant/${CIRROS} ]] +then + # Download then store on local host for next time + wget --quiet http://${APT_PROXY}:${APT_PROXY_PORT}/cirros-0.3.0-x86_64-disk.img +else + cp /vagrant/${CIRROS} . +fi + +if [[ ! -f /vagrant/${UBUNTU} ]] +then + # Download then store on local host for next time + wget --quiet http://${APT_PROXY}:${APT_PROXY_PORT}/precise-server-cloudimg-amd64-disk1.img +else + cp /vagrant/${UBUNTU} . +fi + +glance image-create --name='Ubuntu 12.04 x86_64 Server' --disk-format=qcow2 --container-format=bare --public < precise-server-cloudimg-amd64-disk1.img +glance image-create --name='Cirros 0.3' --disk-format=qcow2 --container-format=bare --public < cirros-0.3.0-x86_64-disk.img + +##################### +# Neutron # +##################### + +# Create database +MYSQL_ROOT_PASS=openstack +MYSQL_NEUTRON_PASS=openstack +mysql -uroot -p$MYSQL_ROOT_PASS -e 'CREATE DATABASE neutron;' +mysql -uroot -p$MYSQL_ROOT_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%';" +mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'neutron'@'%' = PASSWORD('$MYSQL_NEUTRON_PASS');" + +# List the new user and role assigment +keystone user-list --tenant-id $SERVICE_TENANT_ID +keystone user-role-list --tenant-id $SERVICE_TENANT_ID --user-id $NEUTRON_USER_ID + +sudo apt-get -y install neutron-server neutron-plugin-openvswitch +# /etc/neutron/api-paste.ini +cp /etc/neutron/api-paste.ini{,.bak} +rm -f /etc/neutron/api-paste.ini +cp /vagrant/files/neutron/api-paste.ini /etc/neutron/api-paste.ini + +# /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini +cp /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini{,.bak} +echo " +[DATABASE] +connection=mysql://neutron:openstack@${MYSQL_HOST}/neutron +[OVS] +tenant_network_type=gre +tunnel_id_ranges=1:1000 +integration_bridge=br-int +tunnel_bridge=br-tun +enable_tunneling=True + +[SECURITYGROUP] +# Firewall driver for realizing neutron security group function +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +" | sudo tee -a /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + + +# Configure Neutron +cp /etc/neutron/neutron.conf{,.bak} +sudo sed -i "s/# rabbit_host = localhost/rabbit_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf +sudo sed -i 's/# auth_strategy = keystone/auth_strategy = keystone/g' /etc/neutron/neutron.conf +sudo sed -i "s/auth_host = 127.0.0.1/auth_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf +sudo sed -i 's/admin_tenant_name = %SERVICE_TENANT_NAME%/admin_tenant_name = service/g' /etc/neutron/neutron.conf +sudo sed -i 's/admin_user = %SERVICE_USER%/admin_user = neutron/g' /etc/neutron/neutron.conf +sudo sed -i 's/admin_password = %SERVICE_PASSWORD%/admin_password = neutron/g' /etc/neutron/neutron.conf +sudo sed -i 's/^root_helper.*/root_helper = sudo/g' /etc/neutron/neutron.conf +sudo sed -i 's/# allow_overlapping_ips = False/allow_overlapping_ips = True/g' /etc/neutron/neutron.conf +sudo sed -i "s,^connection.*,connection = mysql://neutron:${MYSQL_NEUTRON_PASS}@${MYSQL_HOST}/neutron," /etc/neutron/neutron.conf + +echo " +Defaults !requiretty +neutron ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers + +sudo service neutron-server restart + +###################### +# Chapter 3 COMPUTE # +###################### + +# Create database +MYSQL_HOST=${MY_IP} +GLANCE_HOST=${MY_IP} +KEYSTONE_ENDPOINT=${MY_IP} +SERVICE_TENANT=service +NOVA_SERVICE_USER=nova +NOVA_SERVICE_PASS=nova + +MYSQL_ROOT_PASS=openstack +MYSQL_NOVA_PASS=openstack +mysql -uroot -p$MYSQL_ROOT_PASS -e 'CREATE DATABASE nova;' +mysql -uroot -p$MYSQL_ROOT_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'" +mysql -uroot -p$MYSQL_ROOT_PASS -e "SET PASSWORD FOR 'nova'@'%' = PASSWORD('$MYSQL_NOVA_PASS');" + +sudo apt-get -y install rabbitmq-server nova-novncproxy novnc nova-api nova-ajax-console-proxy nova-cert nova-conductor nova-consoleauth nova-doc nova-scheduler python-novaclient dnsmasq nova-objectstore + +# Clobber the nova.conf file with the following +NOVA_CONF=/etc/nova/nova.conf +NOVA_API_PASTE=/etc/nova/api-paste.ini + +cat > /tmp/nova.conf < /vagrant/openrc <> /etc/neutron/dhcp_agent.ini +echo "root_helper = sudo" >> /etc/neutron/dhcp_agent.ini + +sed -i 's/.*OVSInterfaceDriver.*/interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/' /etc/neutron/dhcp_agent.ini + +echo " +Defaults !requiretty +neutron ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers + + +# Configure Neutron +sudo sed -i "s/# rabbit_host = localhost/rabbit_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf +sudo sed -i 's/# auth_strategy = keystone/auth_strategy = keystone/g' /etc/neutron/neutron.conf +sudo sed -i "s/auth_host = 127.0.0.1/auth_host = ${CONTROLLER_HOST}/g" /etc/neutron/neutron.conf +sudo sed -i 's/admin_tenant_name = %SERVICE_TENANT_NAME%/admin_tenant_name = service/g' /etc/neutron/neutron.conf +sudo sed -i 's/admin_user = %SERVICE_USER%/admin_user = neutron/g' /etc/neutron/neutron.conf +sudo sed -i 's/admin_password = %SERVICE_PASSWORD%/admin_password = neutron/g' /etc/neutron/neutron.conf +sudo sed -i 's/^root_helper.*/root_helper = sudo/g' /etc/neutron/neutron.conf +sudo sed -i 's/# allow_overlapping_ips = False/allow_overlapping_ips = True/g' /etc/neutron/neutron.conf +sudo sed -i "s,^connection.*,connection = mysql://neutron:${MYSQL_NEUTRON_PASS}@${MYSQL_HOST}/neutron," /etc/neutron/neutron.conf + + +# Restart Neutron Services +service neutron-plugin-openvswitch-agent restart + + + +# /etc/neutron/l3_agent.ini +echo " +auth_url = http://${KEYSTONE_ENDPOINT}:35357/v2.0 +auth_region = regionOne +admin_tenant_name = service +admin_user = neutron +admin_password = neutron +metadata_ip = ${CONTROLLER_HOST} +metadata_port = 8775 +use_namespaces = True" | tee -a /etc/neutron/l3_agent.ini + +# +sed -i 's/.*OVSInterfaceDriver.*/interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver/' /etc/neutron/l3_agent.ini + +# Metadata Agent +echo "[DEFAULT] +auth_url = http://172.16.0.200:35357/v2.0 +auth_region = regionOne +admin_tenant_name = service +admin_user = neutron +admin_password = neutron +metadata_proxy_shared_secret = foo +nova_metadata_ip = ${CONTROLLER_HOST} +nova_metadata_port = 8775 +" > /etc/neutron/metadata_agent.ini + +sudo service neutron-plugin-openvswitch-agent restart +sudo service neutron-dhcp-agent restart +sudo service neutron-l3-agent restart +sudo service neutron-metadata-agent restart diff --git a/swift.sh b/swift.sh index e7c65a8..4ed2763 100644 --- a/swift.sh +++ b/swift.sh @@ -323,7 +323,7 @@ PUBLIC_URL="http://$SWIFT_PROXY_SERVER:8080/v1/AUTH_\$(tenant_id)s" ADMIN_URL="http://$SWIFT_PROXY_SERVER:8080/v1/" INTERNAL_URL="http://$SWIFT_PROXY_SERVER:8080/v1/AUTH_\$(tenant_id)s" -keystone endpoint-create --region RegionOne --service_id $ID --publicurl $PUBLIC_URL --adminurl $ADMIN_URL --internalurl $INTERNAL_URL +keystone endpoint-create --region regionOne --service_id $ID --publicurl $PUBLIC_URL --adminurl $ADMIN_URL --internalurl $INTERNAL_URL # Get the service tenant ID SERVICE_TENANT_ID=$(keystone tenant-list | awk '/\ service\ / {print $2}')