Introduction This document is for installation of Openstack(Havana) on Ubuntu.

As we wanted to have a dedicated node for network, we are using nodes(!ontroller, !ompute and "etwork) and each node has Ubuntu #$.%&.% 'inimum ()stem !onfiguration for each node is & core processor and * +, -A' and $ ".! . .n our environment we have used below configuration / Controller Compute Networking 0rocesser 1 0rocesser 1 0rocesser 1 & core & core $ core 'emor) 1 & 'emor) 1 * 'emor) 1 & +, +, +, 2isk 1 %% 2isk 1 2isk 1 +, %%+, %%+, ,elow are few ke)words which we will be using inside this document Controller Node: "ode responsible for most of the service related openstack and can be defined as nerve center. All re3uests are routed thru this one. Compute Node: -esponsible for managing virtual machine. H)pervisor is running on this node Network Node: This node is responsible for all network related service like dhcp,routing,bridging etc. Nova : !ompute service which provisions and manages virtual machines on
demand

Neutron : "etworking service which is responsible for network connectivity Glance: 0rovides a registr) of virtual machine images. !ompute uses it to provision instances Keystone: .dentit) service responsible for authentication and authori4ation Cinder:0rovides persistent block storage Horizon:2ashboard or a +U. for users to interact with all services related to openstack ,elow list shows services running on each node / Controller Compute Networking ')(3l 2, nova/ "eutron services 5 compute (dhcp,l ,metadata) -abbit'6(6ueuing) neutron/ plugin/ openvswitch/ agent

7e)stone(Authenticatio n +lance(.mage) nova/api,nova/ cert,nova/ consoleauth,nova/ scheduler,nova/ conductor,nova/ novncpro8) !inder(,lock (torage) 2ashboard(Hori4on) "eutron/server "eutron openvswitch plugin

Installing Controller
This (ection e8plains about installation of various service9component on !ontroller node. :or this we assume )ou have a freshl) installed Ubuntu/ #$.%&. machine with $ ".! and a spare disk or at least one unused partition.

Basic Configuration Configuring NIC

;dit network config files for internal and e8ternal network <vim 9etc9network9interfaces Add below lines 1 < .nternal "etwork auto eth% iface eth% inet static address #%.#%.#%.#% netmask $==.$==.$==.% < ;8ternal "etwork auto eth# iface eth# inet static address #>$.#?*.#.#% netmask $==.$==.$==.% gatewa) #>$.#?*.#.# dns/nameservers *.*.*.*

-estart network service to reflect necessar) changes < service networking restart

Adding Host Entry

< vim 9etc9hosts #%.#%.#%.> network #%.#%.#%.#% controller #%.#%.#%.## compute

Changing hostname
<hostname controller 'ake it permanent b) adding it in 9etc9hostname < vim 9etc9hostname

Update the system

< apt/get update @@ apt/get dist/upgrade

Configuring NTP
< apt/get install ntp

Installing and configuring MySql and other ! components

< apt/get install p)thon/m)s3ldb m)s3l/server (et ')s3l admin(root) password during package installation < m)s3lAsecureAinstallation ;dit 9etc9m)s3l9m).cnf and set the bind/address %.%.%.% , to allow access from outside the controller node bind/address B %.%.%.%C or < sed /i Ds9#$E.%.%.#9%.%.%.%9gF 9etc9m)s3l9m).cnf

Installing all required pac"age

< add/apt/repositor) cloud/archive5havana < apt/get install p)thon/software/properties rabbitm3/server

Creating required databases for all services

Gogin to m)s3l as root user and make necessar) 2, changes < m)s3l /u root /p HH;O: !-;AT; 2ATA,A(; novaI +-A"T AGG 0-.J.G;+;( O" nova.K TO DnovaFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" nova.K TO DnovaFLMOF .2;"T.:.;2 ,N

DpasswordFI !-;AT; 2ATA,A(; cinderI +-A"T AGG 0-.J.G;+;( O" cinder.K TO DcinderFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" cinder.K TO DcinderFLMOF .2;"T.:.;2 ,N DpasswordFI !-;AT; 2ATA,A(; glanceI +-A"T AGG 0-.J.G;+;( O" glance.K TO DglanceFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" glance.K TO DglanceFLMOF .2;"T.:.;2 ,N DpasswordFI !-;AT; 2ATA,A(; neutronI +-A"T AGG 0-.J.G;+;( O" neutron.K TO DneutronFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" neutron.K TO DneutronFLMOF .2;"T.:.;2 ,N DpasswordFI !-;AT; 2ATA,A(; ke)stoneI +-A"T AGG 0-.J.G;+;( O" ke)stone.K TO Dke)stoneFLMlocalhostF .2;"T.:.;2 ,N DpasswordFI +-A"T AGG 0-.J.G;+;( O" ke)stone.K TO Dke)stoneFLMOF .2;"T.:.;2 ,N DpasswordFI :GU(H 0-.J.G;+;(I ;O:

Configuring Identity(Keystone) Service Install "eystone related Pac"ages

< apt/get install ke)stone p)thon/ke)stone p)thon/ke)stoneclient

Ma"ing necessary changes in #eystone config$ file

;dit 9etc9ke)stone9ke)stone.conf and add below line P2;:AUGTQ adminAtoken B password Ps3lQ connection B m)s3l599ke)stone5passwordLcontroller9ke)stone

Create necessary ta%les for "eystone

< ke)stone/manage dbAs)nc -estart 7e)stone service < service ke)stone restart

Setting "eystone details as en&ironment &aria%le

!reate a file openrc and specif) all re3uired env. Jariables < vim openrc e8port O(AU(;-"A';Badmin e8port O(A0A((RO-2Bpassword e8port O(AT;"A"TA"A';Badmin e8port O(AAUTHAU-GBhttp599controller5 = =E9v$.% (ource the credentials into )our environment5 < source S9openrc !onfigure the ,ash shell to load these credentials upon each login5 < echo Tsource S9openrcC UU S9.bashrc

Populate #eystone 'ith initial data

Re need to provide some initial data as below in ke)stone 0roVects5 admin and services -oles5 admin, 'ember Users5 admin, nova, glance, 3uantum, and cinder (ervices5 compute, volume, image, identit), ec$, and network :or this we have a created a bash shell script for the same. !ontent of the script is / #!/bin/bash # Modify these variables as needed ADMIN_PASSWORD= !ADMIN_PASSWORD"#$ass%ord& S'R(I)'_PASSWORD= !S'R(I)'_PASSWORD"# ADMIN_PASSWORD& e*$ort OS_S'R(I)'_+O,'N=-$ass%orde*$ort OS_S'R(I)'_'NDPOIN+=-htt$"//.ontroller"/0/01/v2345 S'R(I)'_+'NAN+_NAM'= !S'R(I)'_+'NAN+_NAM'"#servi.e& # M6S78_9S'R=:eystone M6S78_DA+A;AS'=:eystone M6S78_<OS+=lo.alhost M6S78_PASSWORD=$ass%ord # ,'6S+ON'_R'=ION=Re>ionOne ,'6S+ON'_<OS+=.ontroller # Short.?t f?n.tion to >et a ne%ly >enerated ID f?n.tion >et_field@A ! %hile read dataB do

if C D ED #lt 4 FB then field=-@G @NH EAAelse field=-G @@ E I EAAfi e.ho J data- K a%: #HLC GtFMGGKC GtFML J!$rint field&done & # +enants ADMIN_+'NAN+= @:eystone tenant#.reate NnaOe=adOin K >re$ - id - K >et_field 2A S'R(I)'_+'NAN+= @:eystone tenant#.reate N naOe= S'R(I)'_+'NAN+_NAM' K >re$ - id - K >et_field 2A # 9sers ADMIN_9S'R= @:eystone ?ser#.reate NnaOe=adOin N $ass=- ADMIN_PASSWORD- NeOail=adOinPdoOain3.oO K >re$ - id - K >et_field 2A NO(A_9S'R= @:eystone ?ser#.reate NnaOe=nova N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=novaPdoOain3.oO K >re$ - id - K >et_field 2A =8AN)'_9S'R= @:eystone ?ser#.reate NnaOe=>lan.e N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=>lan.ePdoOain3.oO K >re$ - id - K >et_field 2A 79AN+9M_9S'R= @:eystone ?ser#.reate NnaOe=ne?tron N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=ne?tronPdoOain3.oO K >re$ - id - K >et_field 2A )IND'R_9S'R= @:eystone ?ser#.reate NnaOe=.inder N $ass=- S'R(I)'_PASSWORD- Ntenant#id S'R(I)'_+'NAN+ N eOail=.inderPdoOain3.oO K >re$ - id - K >et_field 2A # Roles ADMIN_RO8'= @:eystone role#.reate NnaOe=adOin K >re$ - id - K >et_field 2A M'M;'R_RO8'= @:eystone role#.reate NnaOe=MeOber K >re$ - id - K >et_field 2A # Add Roles to 9sers in +enants :eystone ?ser#role#add N?ser#id ADMIN_9S'R Nrole#id ADMIN_RO8' N tenant#id ADMIN_+'NAN+ :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id

NO(A_9S'R Nrole#id ADMIN_RO8' :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id =8AN)'_9S'R Nrole#id ADMIN_RO8' :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id 79AN+9M_9S'R Nrole#id ADMIN_RO8' :eystone ?ser#role#add Ntenant#id S'R(I)'_+'NAN+ N?ser#id )IND'R_9S'R Nrole#id ADMIN_RO8' # )reate servi.es )OMP9+'_S'R(I)'= @:eystone servi.e#.reate NnaOe nova Nty$e .oO$?te Ndes.ri$tion QO$enSta.: )oO$?te Servi.eL K >re$ - id - K >et_field 2A (O89M'_S'R(I)'= @:eystone servi.e#.reate NnaOe .inder Nty$e vol?Oe Ndes.ri$tion QO$enSta.: (ol?Oe Servi.eL K >re$ - id - K >et_field 2A IMA='_S'R(I)'= @:eystone servi.e#.reate NnaOe >lan.e Nty$e iOa>e N des.ri$tion QO$enSta.: IOa>e Servi.eL K >re$ - id - K >et_field 2A ID'N+I+6_S'R(I)'= @:eystone servi.e#.reate NnaOe :eystone Nty$e identity Ndes.ri$tion QO$enSta.: IdentityL K >re$ - id - K >et_field 2A ')2_S'R(I)'= @:eystone servi.e#.reate NnaOe e.2 Nty$e e.2 N des.ri$tion QO$enSta.: ')2 servi.eL K >re$ - id - K >et_field 2A N'+WOR,_S'R(I)'= @:eystone servi.e#.reate NnaOe ne?tron Nty$e net%or: Ndes.ri$tion QO$enSta.: Net%or:in> servi.eL K >re$ - id - K >et_field 2A # )reate end$oints :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id )OMP9+'_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11S/v2/ @tenant_idAsL NadOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11S/v2/ @tenant_idAsL Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11S/v2/ @tenant_idAsL :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id (O89M'_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11T/vE/ @tenant_idAsL NadOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11T/vE/ @tenant_idAsL Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11T/vE/ @tenant_idAsL :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id IMA='_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"U2U2V N adOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"U2U2V Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"U2U2 :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id ID'N+I+6_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"0444/v234V N adOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"/0/01/v234V Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"0444/v234V

:eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id ')2_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11//servi.es/)lo?dL NadOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11//servi.es/AdOinL Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"R11//servi.es/)lo?dL :eystone end$oint#.reate Nre>ion ,'6S+ON'_R'=ION Nservi.e#id N'+WOR,_S'R(I)' N$?bli.?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"UTUT/L N adOin?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"UTUT/L Ninternal?rl Qhtt$"//L- ,'6S+ON'_<OS+-Q"UTUT/L -un the script <chmod W8 populate.sh <.9 populate.sh Note : If you will get any error in script t e Clic! ere populate to download To list the users in ke)stone 5 < ke)stone user/list WXXXXXXXXXXX/WXXXWXXXWXXXXXX1W Y id Y name Y enabled Y email Y WXXXXXXXXXXX/WXXXWXXXWXXXXXX1W Y b$E%>b$$ a#&&$&daaEf f>$%$=>#=bE Y admin Y True Y adminLdomain.com Y Y ?d&&cfdcdca?&?b$>=debbEab#>* c%# Y cinder Y True Y cinderLdomain.com Y Y =$##&==EE*&a&a%?>$&eEea>acd>#d* Y glance Y True Y glanceLdomain.com Y Y dec%#&ed>$fE&>#e>?=$% &#*f#b# EE Y neutron Y True Y neutronLdomain.com Y Y E#>>E%*?b?E&&$*#>?a# #b=%aE%*?a% Y nova Y True Y novaLdomain.com Y WXXXXXXXXXXX/WXXXWXXXWXXXXXX1W

Configuring t e I"age(#lance) Service Install glance pac"age

< apt/get install glance

Pro&iding data%ase detail

;dit 9etc9glance9glance/api.conf and 9etc9glance9glance/registr).conf and change the P2;:AUGTQ section. s3lAconnection B m)s3l599glance5passwordLcontroller9glance

Create required ta%les

< glance/manage dbAs)nc Adding credentials in all configuration files ;dit 9etc9glance9glance/api.conf and 9etc9glance9glance/registr).conf and add below lines under ke)stoneAauthtoken section Pke)stoneAauthtokenQ authAhost B controller authAport B = =E authAprotocol B http adminAtenantAname B service adminAuser B glance adminApassword B password Add below lines under Pfilter5authtokenQ section of 9etc9glance9glance/api/ paste.ini Pfilter5authtokenQ paste.filterAfactor)Bke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller adminAuserBglance adminAtenantAnameBservice adminApasswordBpassword -estart the glance service with its new settings. < service glance/registr) restart < service glance/api restart

Create a sample image

2ownload a sample image < curl /O http599cdn.download.cirros/cloud.net9%. .#9cirros/%. .#/8*?A?&/ disk.img !reate an image < glance i"age$create %na"e&'Cirr(S )*+*,- %dis!$for"at&qcow. %container$ for"at&bare %is$public&true / cirros$)*+*,$012324$dis!*i"g !heck the newl) created image < glance image/list

Installing Cinder(bloc! storage) service Install the appropriate pac"ages

< apt/get install cinder/api cinder/scheduler cinder/volume lvm$

Configure the !loc" Storage Ser&ice

;dit 9etc9cinder9cinder.conf and change the PdatabaseQ section. connection B m)s3l599cinder5passwordLcontroller9cinder

Create the required ta%les in !

< cinder/manage db s)nc Adding credentials in all configuration files Add the credentials as in 9etc9cinder9api/paste.ini under filter5authtoken section Pfilter5authtokenQ paste.filterAfactor)Bke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller authAport B = =E authAprotocol B http adminAtenantAnameBservice adminAuserBcinder adminApasswordBpassword -estart the cinder service with its new settings. < service cinder/scheduler restart < service cinder/api restart

Configure cinder ser&ice to use the (a%%itM)

;dit 9etc9cinder9cinder.conf file and set the following configuration ke)s under 2;:AUGT section rpcAbackend B cinder.openstack.common.rpc.implAkombu rabbitAhost B controller rabbitAport B =?E$

Configure required Physical and Logical Volume

As mentioned earlier, we assume a spare disk 9dev9sdb is available and can be used for this purpose. < pvcreate 9dev9sdb < vgcreate cinder/volumes 9dev9sdb -estart the cinder service with its new settings. < service cinder/volume restart < service tgt restart

Installing t e Nova Controller Services Installing all pac"ages related to No&a

< apt/get install nova/novncpro8) novnc nova/api nova/aVa8/console/pro8) nova/cert Z nova/conductor nova/consoleauth nova/doc nova/scheduler p)thon/ novaclient

Ma"ing necessary changes in no&a config file

'odif) below parameters under default section in 9etc9nova9 nova.conf under default section P2;:AUGTQ [ authAstrateg)Bke)stone m)AipB#%.#%.#%.#% rpcAbackend B nova.rpc.implAkombu rabbitAhost B controller <networking networkAapiAclassBnova.network.neutronv$.api.A0. neutronAurlBhttp599controller5>?>? neutronAauthAstrateg)Bke)stone neutronAadminAtenantAnameBservice neutronAadminAusernameBneutron neutronAadminApasswordBpassword neutronAadminAauthAurlBhttp599controller5 = =E9v$.% libvirtAvifAdriverBnova.virt.libvirt.vif.GibvirtH)bridOJ(,ridge2river linu8netAinterfaceAdriverBnova.network.linu8Anet.Ginu8OJ(.nterface2river firewallAdriverBnova.virt.firewall."oop:irewall2river securit)AgroupAapiBneutron < 'etadata neutronAmetadataApro8)AsharedAsecretBpassword serviceAneutronAmetadataApro8)Btrue metadataAlisten B #%.#%.#%.#% metadataAlistenAport B *EE= < !inder volumeAapiAclassBnova.volume.cinder.A0. < +lance glanceAapiAserversB#%.#%.#%.#%5>$>$ imageAserviceBnova.image.glance.+lance.mage(ervice < novnc novncpro8)AportB?%*% novncAenabledBtrue novncpro8)AbaseAurlBhttp599#>$.#?*.#.#%5?%*%9vncAauto.html vncserverApro8)clientAaddressB#%.#%.#%.## ncserverAlistenB#%.#%.#%.#% 0rovide the database detail in database section of nova config file PdatabaseQ connection B m)s3l599nova5passwordLcontroller9nova

Create the required ta%les for the no&a ser&ice$

< nova/manage db s)nc

Pro&iding controller details in no&a api file

Add the credentials in 9etc9nova9api/paste.ini Pfilter5authtokenQ paste.filterAfactor)Bke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller authAport B = =E authAprotocol B http adminAtenantAnameBservice adminAuserBnova adminApasswordBpassword

(estart all ser&ice related to No&a

< service nova/api restart < service nova/cert restart < service nova/consoleauth restart < service nova/scheduler restart < service nova/conductor restart < service nova/novncpro8) restart or, < cd 9etc9init.d9Ifor i in \(ls nova/K)Ido service \i restartIdone

*erify the no&a configuration

< nova image/list <glance image/list

Install Neutron(Networ!) service Install network and openvswitch plugins

<apt/get install neutron/server neutron/plugin/openvswitch/agent openvswitch/datapath/dkms openvswitch/switch

Ma"ing necessary changes in neutron config files

;dit 9etc9neutron9neutron.conf and make below changes in respective sections. PdefaultQ verbose B True bindAhost B %.%.%.% bindAport B >?>? apiApasteAconfig B api/paste.ini

controlAe8change B neutron defaultAnotificationAlevel B .":O Pke)stoneAauthtokenQ authAhost B controller authAport B = =E authAprotocol B http adminAtenantAname B service adminAuser B neutron adminApassword B password signingAdir B \stateApath9ke)stone/signing Add below lines in 9etc9neutron9api/paste.ini under Pfilter5authtokenQ section adminAtenantAname B service adminAuser B neutron adminApassword B password

Configuring +pen&s'itch
;dit 9etc9neutron9plugins9openvswitch9ovsAneutronAplugin.ini as mentioned below POJ(Q tenantAnetworkAt)pe B gre tunnelAidAranges B #5#%%% enableAtunneling B True localAip B #%.#%.#%.#% Psecurit)groupQ firewallAdriver B neutron.agent.linu8.iptablesAfirewall.OJ(H)brid.ptables:irewall2river PdatabaseQ connection B m)s3l599neutron5passwordLcontroller9neutron -estart "eutron and openvswitch service 9etc9init.d9neutron/server restart 9etc9init.d9neutron/plugin/openvswitch/agent restart

Create an net'or" %ridge for internal communication

< ovs/vsctl add/br br/int

Installing 5as board(6ori7on) Install pac"ages related to dash%oard

< apt/get install memcached libapache$/mod/wsgi openstack/dashboard

(emo&e openstac",dash%oard,u%untu,theme pac"age

< apt/get remove 1purge openstack/dashboard/ubuntu/theme

Installing Networ! Node

Basic Configuration Configuring NIC
;dit network config files for internal and e8ternal network <vim 9etc9network9interfaces Add below lines 1 < .nternal "etwork auto eth% iface eth% inet static address #%.#%.#%.> netmask $==.$==.$==.% < ;8ternal "etwork auto eth# iface eth# inet static address #>$.#?*.#.> netmask $==.$==.$==.% gatewa) #>$.#?*.#.# dns/nameservers *.*.*.* -estart network service to reflect necessar) changes < service networking restart

Upgrade the system

< apt/get update @@ apt/get dist/upgrade

Adding Host Entry

< vim 9etc9hosts #%.#%.#%.> network #%.#%.#%.#% controller #%.#%.#%.## compute

Changing hostname
<hostname network 'ake the changes the permanentl) b) adding below line in 9etc9hostname network

Configuring NTP
< apt/get install ntp

Install required pac"ages

< apt/get install p)thon/software/properties p)thon/m)s3ldb < add/apt/repositor) cloud/archive5havana

< apt/get install neutron/dhcp/agent neutron/plugin/openvswitch/agent neutron/l /agent openvswitch/datapath/dkms

Configuring Neutron Ma"ing necessary "ernel parameter changes$

;nable packet forwarding and disable packet destination filtering so that the network node can coordinate traffic for the J's. ;dit the 9etc9s)sctl.conf file, as follows5 net.ipv&.ipAforwardB# net.ipv&.conf.all.rpAfilterB% net.ipv&.conf.default.rpAfilterB% <s)sctl 1w 0lease verif) the kernel parameters <s)sctl 1p

Changing Neutron configuration

;dit the 9etc9neutron9neutron.conf file and add these lines to the default and ke)stoneAauthtoken section5 PdefaultQ rabbitAhost B controller rabbitAuserid B guest rabbitApassword B guest rabbitAport B =?E$ Pke)stoneAauthtokenQ authAhost B controller authAport B = =E authAprotocol B http adminAtenantAname B service adminAuser B neutron adminApassword B password !omment database section in neutron.conf ;dit the 9etc9neutron9api/paste.ini file and add these lines to the Pfilter5authtokenQ section Pfilter5authtokenQ paste.filterAfactor) B ke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller authAport B = =E authAprotocol B http adminAuserBneutron

adminAtenantAnameBservice adminApasswordBpassword

Configure networ!ing plug$in* Creating %ridge for %oth e-ternal and internal traffic
0lease login using internal .0 #%.#%.#%.> thru controller and make below changes Add the br/int integration bridge, which connects to the J's, and the br/e8 e8ternal bridge, which connects to the outside < ovs/vsctl add/br br/int < ovs/vsctl add/br br/e8 Add a port (connection) from the ;]T;-"AGA."T;-:A!; interface to br/e8 interface5 < ovs/vsctl add/port br/e8 eth#

Configuring bridge
!onfigure the eth# without an .0 address and in promiscuous mode and assign the old .0 of eth# to newl) created br/e8 interface !hange the eth# entr) in 9etc9network9interfaces, as follows5 auto eth# iface eth# inet manual up ip address add %9% dev \.:A!; up ip link set \.:A!; up down ip link set \.:A!; down Add br/e8 to 9etc9network9interfaces, as follows5 auto br/e8 iface br/e8 inet static address #>$.#?*.#.> netmask $==.$==.$==.% gatewa) #>$.#?*.#.# dns/nameservers *.*.*.* -emove the .0 address from eth# add it to br/e8, as follows5 < ip addr del #>$.#?*.#.>9$& dev eth# < ip addr add #>$.#?*.#.>9$& dev br/e8 -estart networking, as follows5 < service networking restart

Configure l. agent
;dit 9etc9neutron9l Aagent.ini and add below lines interfaceAdriver B neutron.agent.linu8.interface.OJ(.nterface2river

useAnamespaces B True metadataAport B >?>E e8ternalAnetworkAbridge B br/e8

Configure HCP for internal net'or"

;dit 9etc9neutron9dhcpAagent.ini and add below lines enableAisolatedAmetadata B True enableAmetadataAnetwork B True dhcpAdriver B neutron.agent.linu8.dhcp.2nsmas3 interfaceAdriver B neutron.agent.linu8.interface.OJ(.nterface2river useAnamespaces B True

Configure Metadata agent

;dit 9etc9neutron9metadataAagent.ini and add below lines authAurl B http599controller5=%%%9v$.% authAregion B -egionOne adminAtenantAname B service adminAuser B neutron adminApassword B password novaAmetadataAip B #%.#%.#%.#% novaAmetadataAport B *EE= metadataApro8)AsharedAsecret B password

Configure /(E tunneling

;dit 9etc9neutron9plugins9openvswitch9ovsAneutronAplugin.ini as mentioned below PovsQ tenantAnetworkAt)pe B gre tunnelAidAranges B #5#%%% enableAtunneling B True integrationAbridge B br/int tunnelAbridge B br/tun localAip B #%.#%.#%.> PagentQ pollingAinterval B $ Psecurit)groupQ firewallAdriver B neutron.agent.linu8.iptablesAfirewall.OJ(H)brid.ptables:irewall2river PdatabaseQ s3lAconnection B m)s3l599neutron5passwordLcontroller9neutron

(estart the required ser&ice

9etc9init.d9neutron/plugin/openvswitch/agent restart 9etc9init.d9neutron/metadata/agent restart 9etc9init.d9neutron/l /agent restart 9etc9init.d9neutron/dhcp/agent restart

Installing Co"pute Node

Basic Configuration Configuring NIC
;dit network config files for internal and e8ternal network <vim 9etc9network9interfaces Add below lines 1 < .nternal "etwork auto eth% iface eth% inet static address #%.#%.#%.## netmask $==.$==.$==.% < ;8ternal "etwork auto eth# iface eth# inet static address #>$.#?*.#.## netmask $==.$==.$==.% gatewa) #>$.#?*.#.# dns/nameservers *.*.*.* -estart network service to reflect necessar) changes < service networking restart

Upgrade the system

< apt/get update @@ apt/get dist/upgrade

Adding Host Entry

< vim 9etc9hosts #%.#%.#%.> network #%.#%.#%.#% controller #%.#%.#%.## compute

Changing hostname
<hostname network 'aking the changes the permanentl) b) adding below line in 9etc9hostname network

Configuring NTP
< apt/get install ntp

Install the appropriate pac"ages

< apt/get install p)thon/m)s3ldb p)thon/software/properties < add/apt/repositor) cloud/archive5havana < apt/get install nova/compute/kvm p)thon/novaclient p)thon/guestfs (elect TNesC when asked to create a supermin appliance during install. < chmod %?&& 9boot9vmlinu4K

(emo&e the S)0ite ata%ase created %y the pac"ages

< rm 9var9lib9nova9nova.s3lite

Configuring Co"pute Node Ma"ing necessary changes in no&a configuration

;dit 9etc9nova9nova.conf and add to the P2;:AUGTQ section. P2;:AUGTQ 8 authAstrateg)Bke)stone ec$AhostBcontroller ec$AurlBhttp599controller5*EE 9services9!loud rpcAbackend B nova.rpc.implAkombu rabbitAhost B controller rabbitAport B =?E$ rabbitApasswordBguest m)AipB#%.#%.#%.## <vncserverAlistenB%.%.%.% <vncserverApro8)clientAaddressB#%.#%.#%.## glanceAhostBcontroller glanceAapiAserversBcontroller5>$>$ imageAserviceBnova.image.glance.+lance.mage(ervice <networking libvirtAuseAvirtioAforAbridgesBTrue networkAapiAclassBnova.network.neutronv$.api.A0. neutronAurlBhttp599controller5>?>? neutronAauthAstrateg)Bke)stone neutronAadminAtenantAnameBservice neutronAadminAusernameBneutron neutronAadminApasswordBpassword neutronAadminAauthAurlBhttp599controller5 = =E9v$.%

firewallAdriverBnova.virt.firewall."oop:irewall2river securit)AgroupAapiBneutron < !ompute computeAdriverBlibvirt.Gibvirt2river connectionAt)peBlibvirt < !inder volumeAapiAclassBnova.volume.cinder.A0. < novnc vncAenabledBtrue novncpro8)AbaseAurlBhttp599#>$.#?*.#.#%5?%*%9vncAauto.html novncpro8)AportB?%*% vncserverApro8)clientAaddressB#%.#%.#%.## vncserverAlistenB#%.#%.#%.#% PdatabaseQ connection B m)s3l599nova5passwordLcontroller9nova

Pro&iding controller authentication detail

!op) the file 9etc9nova9api/paste.ini from the controller node, or edit the file to add the credentials in the Pfilter5authtokenQ section Pfilter5authtokenQ paste.filterAfactor)Bke)stoneclient.middleware.authAtoken5filterAfactor) authAhostBcontroller authAport B = =E authAprotocol B http adminAuserBnova adminAtenantAnameBservice adminApasswordBpassword -estart the !ompute service. < service nova/compute restart

Configuring Networ! service Installing all pac"ages related to &S'itch

< apt/get install neutron/plugin/openvswitch/agent openvswitch/switch openvswitch/datapath/dkms

Create a %ridge for internal communication

< ovs/vsctl add/br br/int

Configuring &S'itch
;dit 9etc9neutron9plugins9openvswitch9ovsAneutronAplugin.ini file PovsQ

tenantAnetworkAt)pe B gre tunnelAidAranges B #5#%%% enableAtunneling B True integrationAbridge B br/int tunnelAbridge B br/tun localAip B #%.#%.#%.## Psecurit)groupQ firewallAdriver B neutron.agent.linu8.iptablesAfirewall.OJ(H)brid.ptables:irewall2river Add below line in 9etc9neutron9neutron.conf rabbitAhost B controller neutron.openstack.common.rpc.implAkombu -estart openvswitch service < service openvswitch/switch restart