summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancisco Redondo Marchena <francisco.marchena@codethink.co.uk>2015-01-27 12:45:08 +0000
committerFrancisco Redondo Marchena <francisco.marchena@codethink.co.uk>2015-02-11 18:30:36 +0000
commit29effc3e852df4870fcf035a1709cbcbe7da209a (patch)
tree5d9f0df079c8aab6620259f19fbab4fa7c87d785
parent54a379aa9dbe6e6c92cf2416602dd6ed77982f1f (diff)
downloaddefinitions-29effc3e852df4870fcf035a1709cbcbe7da209a.tar.gz
Fix neutron, nova and glance configuration
-rw-r--r--clusters/openstack-cluster.morph7
-rw-r--r--openstack-keystone.configure1
-rw-r--r--openstack-neutron.configure2
-rw-r--r--openstack-nova.configure1
-rw-r--r--openstack-rabbitmq.configure1
-rw-r--r--openstack/etc/glance/glance-api.conf40
-rw-r--r--openstack/etc/glance/glance-registry-paste.ini2
-rw-r--r--openstack/etc/neutron/dhcp_agent.ini7
-rw-r--r--openstack/etc/neutron/l3_agent.ini5
-rw-r--r--openstack/etc/neutron/metadata_agent.ini15
-rw-r--r--openstack/etc/neutron/neutron.conf4
-rw-r--r--openstack/etc/neutron/plugins/ml2/ml2_conf.ini7
-rw-r--r--openstack/etc/nova/api-paste.ini2
-rw-r--r--openstack/etc/nova/nova.conf6
-rw-r--r--openstack/etc/nova/nova.conf.example2
-rw-r--r--openstack/etc/sysctl.conf3
-rw-r--r--openstack/manifest1
17 files changed, 62 insertions, 44 deletions
diff --git a/clusters/openstack-cluster.morph b/clusters/openstack-cluster.morph
index 2d0e02ee..b9b25cfa 100644
--- a/clusters/openstack-cluster.morph
+++ b/clusters/openstack-cluster.morph
@@ -60,6 +60,7 @@ systems:
NEUTRON_SERVICE_PASSWORD: veryinsecure
NEUTRON_DB_USER: neutronDB
NEUTRON_DB_PASSWORD: veryinsecure
- NEUTRON_PUBLIC_URL: \"http:\/\/127.0.0.1:9696"
- NEUTRON_INTERNAL_URL: \"http:\/\/127.0.0.1:9696"
- NEUTRON_ADMIN_URL: \"http:\/\/127.0.0.1:9696"
+ NEUTRON_PUBLIC_URL: http:\/\/127.0.0.1:9696
+ NEUTRON_INTERNAL_URL: http:\/\/127.0.0.1:9696
+ NEUTRON_ADMIN_URL: http:\/\/127.0.0.1:9696
+ METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret
diff --git a/openstack-keystone.configure b/openstack-keystone.configure
index 0e7aa2cb..d2d1171e 100644
--- a/openstack-keystone.configure
+++ b/openstack-keystone.configure
@@ -43,6 +43,7 @@ sed -f "$ROOT"/etc/openstack-keystone-setup.sed -i \
"$ROOT"/etc/nova/nova.conf \
"$ROOT"/etc/cinder/cinder.conf \
"$ROOT"/etc/neutron/neutron.conf \
+ "$ROOT"/etc/neutron/metadata_agent.ini \
"$ROOT"/usr/share/openstack/openstack-keystone-setup \
"$ROOT"/usr/share/openstack/openstack-glance-setup \
"$ROOT"/usr/share/openstack/openstack-nova-setup \
diff --git a/openstack-neutron.configure b/openstack-neutron.configure
index 0e4c1bf5..2da43cb6 100644
--- a/openstack-neutron.configure
+++ b/openstack-neutron.configure
@@ -31,10 +31,12 @@ s/##NEUTRON_DB_PASSWORD##/$NEUTRON_DB_PASSWORD/g
s/##NEUTRON_PUBLIC_URL##/$NEUTRON_PUBLIC_URL/g
s/##NEUTRON_INTERNAL_URL##/$NEUTRON_INTERNAL_URL/g
s/##NEUTRON_ADMIN_URL##/$NEUTRON_ADMIN_URL/g
+s/##METADATA_PROXY_SHARED_SECRET##/$METADATA_PROXY_SHARED_SECRET/g
EOF
sed -f "$ROOT"/etc/openstack-neutron-setup.sed -i \
"$ROOT"/etc/neutron/neutron.conf \
+ "$ROOT"/etc/neutron/metadata_agent.ini \
"$ROOT"/etc/nova/nova.conf \
"$ROOT"/usr/share/openstack/openstack-neutron-setup
diff --git a/openstack-nova.configure b/openstack-nova.configure
index 83a9d401..efa6eb11 100644
--- a/openstack-nova.configure
+++ b/openstack-nova.configure
@@ -39,6 +39,7 @@ EOF
sed -f "$ROOT"/etc/openstack-nova-setup.sed -i \
"$ROOT"/etc/nova/nova.conf \
"$ROOT"/etc/neutron/neutron.conf \
+ "$ROOT"/etc/neutron/metadata_agent.ini \
"$ROOT"/usr/share/openstack/openstack-nova-setup
##########################################################################
diff --git a/openstack-rabbitmq.configure b/openstack-rabbitmq.configure
index f59c63c9..40c37698 100644
--- a/openstack-rabbitmq.configure
+++ b/openstack-rabbitmq.configure
@@ -35,6 +35,7 @@ sed -f "$ROOT"/etc/openstack-rabbitmq-setup.sed -i \
"$ROOT"/etc/nova/nova.conf \
"$ROOT"/etc/cinder/cinder.conf \
"$ROOT"/etc/neutron/neutron.conf \
+ "$ROOT"/etc/glance/glance-api.conf \
"$ROOT"/usr/share/openstack/openstack-rabbitmq-setup
##########################################################################
diff --git a/openstack/etc/glance/glance-api.conf b/openstack/etc/glance/glance-api.conf
index f53b1bb8..c866f675 100644
--- a/openstack/etc/glance/glance-api.conf
+++ b/openstack/etc/glance/glance-api.conf
@@ -234,15 +234,15 @@ registry_client_protocol = http
# default_publisher_id = image.127.0.0.1
# Messaging driver used for 'messaging' notifications driver
-# rpc_backend = 'rabbit'
+rpc_backend=rabbit
# Configuration options if sending notifications via rabbitmq (these are
# the defaults)
-rabbit_host = 127.0.0.1
-rabbit_port = 5672
+rabbit_host = ##RABBITMQ_HOST##
+rabbit_port = ##RABBITMQ_PORT##
rabbit_use_ssl = false
-rabbit_userid = guest
-rabbit_password = guest
+rabbit_userid = ##RABBITMQ_USER##
+rabbit_password = ##RABBITMQ_PASSWORD##
rabbit_virtual_host = /
rabbit_notification_exchange = glance
rabbit_notification_topic = notifications
@@ -250,22 +250,22 @@ rabbit_durable_queues = False
# Configuration options if sending notifications via Qpid (these are
# the defaults)
-qpid_notification_exchange = glance
-qpid_notification_topic = notifications
-qpid_hostname = 127.0.0.1
-qpid_port = 5672
-qpid_username =
-qpid_password =
-qpid_sasl_mechanisms =
-qpid_reconnect_timeout = 0
-qpid_reconnect_limit = 0
-qpid_reconnect_interval_min = 0
-qpid_reconnect_interval_max = 0
-qpid_reconnect_interval = 0
-qpid_heartbeat = 5
+#qpid_notification_exchange = glance
+#qpid_notification_topic = notifications
+#qpid_hostname = 127.0.0.1
+#qpid_port = 5672
+#qpid_username =
+#qpid_password =
+#qpid_sasl_mechanisms =
+#qpid_reconnect_timeout = 0
+#qpid_reconnect_limit = 0
+#qpid_reconnect_interval_min = 0
+#qpid_reconnect_interval_max = 0
+#qpid_reconnect_interval = 0
+#qpid_heartbeat = 5
# Set to 'ssl' to enable SSL
-qpid_protocol = tcp
-qpid_tcp_nodelay = True
+#qpid_protocol = tcp
+#qpid_tcp_nodelay = True
# ============ Filesystem Store Options ========================
diff --git a/openstack/etc/glance/glance-registry-paste.ini b/openstack/etc/glance/glance-registry-paste.ini
index d9f6eb35..ab8c2856 100644
--- a/openstack/etc/glance/glance-registry-paste.ini
+++ b/openstack/etc/glance/glance-registry-paste.ini
@@ -22,4 +22,4 @@ paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory
paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory
[filter:authtoken]
-paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
diff --git a/openstack/etc/neutron/dhcp_agent.ini b/openstack/etc/neutron/dhcp_agent.ini
index 72f5ed14..edb539bc 100644
--- a/openstack/etc/neutron/dhcp_agent.ini
+++ b/openstack/etc/neutron/dhcp_agent.ini
@@ -1,6 +1,7 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
-# debug = False
+debug = True
+verbose = True
# The DHCP agent will resync its state with Neutron to recover from any
# transient notification or rpc errors. The interval is number of
@@ -28,11 +29,11 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires
# no additional setup of the DHCP server.
-# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
-# use_namespaces = True
+use_namespaces = True
# The DHCP server can assist with providing metadata support on isolated
# networks. Setting this value to True will cause the DHCP server to append
diff --git a/openstack/etc/neutron/l3_agent.ini b/openstack/etc/neutron/l3_agent.ini
index 6953b7cd..e29c88c4 100644
--- a/openstack/etc/neutron/l3_agent.ini
+++ b/openstack/etc/neutron/l3_agent.ini
@@ -1,6 +1,7 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
-# debug = False
+debug = True
+verbose = True
# L3 requires that an interface driver be set. Choose the one that best
# matches your plugin.
@@ -20,7 +21,7 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and
# iproute2 package that supports namespaces).
-# use_namespaces = True
+use_namespaces = True
# If use_namespaces is set as False then the agent can only configure one router.
diff --git a/openstack/etc/neutron/metadata_agent.ini b/openstack/etc/neutron/metadata_agent.ini
index fb5ebffb..6a3d0102 100644
--- a/openstack/etc/neutron/metadata_agent.ini
+++ b/openstack/etc/neutron/metadata_agent.ini
@@ -1,23 +1,24 @@
[DEFAULT]
# Show debugging output in log (sets DEBUG log level output)
-# debug = True
+debug = True
+verbose = True
# The Neutron user information for accessing the Neutron API.
-auth_url = http://127.0.0.1:5000/v2.0
+auth_url = ##KEYSTONE_INTERNAL_URL##
auth_region = RegionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
-admin_tenant_name = %SERVICE_TENANT_NAME%
-admin_user = %SERVICE_USER%
-admin_password = %SERVICE_PASSWORD%
+admin_tenant_name = service
+admin_user = ##NEUTRON_SERVICE_USER##
+admin_password = ##NEUTRON_SERVICE_PASSWORD##
# Network service endpoint type to pull from the keystone catalog
# endpoint_type = adminURL
# IP address used by Nova metadata server
-# nova_metadata_ip = 127.0.0.1
+nova_metadata_ip = ##NOVA_HOST##
# TCP Port used by Nova metadata server
# nova_metadata_port = 8775
@@ -40,7 +41,7 @@ admin_password = %SERVICE_PASSWORD%
# shared secret to prevent spoofing. You may select any string for a secret,
# but it must match here and in the configuration used by the Nova Metadata
# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret
-# metadata_proxy_shared_secret =
+metadata_proxy_shared_secret = ##METADATA_PROXY_SHARED_SECRET##
# Location of Metadata Proxy UNIX domain socket
# metadata_proxy_socket = $state_path/metadata_proxy
diff --git a/openstack/etc/neutron/neutron.conf b/openstack/etc/neutron/neutron.conf
index 1c66e080..e85cc9ab 100644
--- a/openstack/etc/neutron/neutron.conf
+++ b/openstack/etc/neutron/neutron.conf
@@ -246,7 +246,7 @@ notify_nova_on_port_data_changes = True
nova_url = http://127.0.0.1:8774/v2
# Name of nova region to use. Useful if keystone manages more than one region
-# nova_region_name =
+nova_region_name = ##NOVA_REGION##
# Username for connection to nova in admin context
nova_admin_username = ##NOVA_SERVICE_USER##
@@ -445,7 +445,7 @@ notification_driver=neutron.openstack.common.notifier.rpc_notifier
# The messaging driver to use, defaults to rabbit. Other
# drivers include qpid and zmq. (string value)
rpc_backend=rabbit
-
+
# The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the
# transport_url option. (string value)
diff --git a/openstack/etc/neutron/plugins/ml2/ml2_conf.ini b/openstack/etc/neutron/plugins/ml2/ml2_conf.ini
index c493a7bb..fb4d7a9f 100644
--- a/openstack/etc/neutron/plugins/ml2/ml2_conf.ini
+++ b/openstack/etc/neutron/plugins/ml2/ml2_conf.ini
@@ -67,7 +67,7 @@ tunnel_id_ranges = 1:1000
# Example: vxlan_group = 239.1.1.1
[securitygroup]
-firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
enable_security_group = True
@@ -77,4 +77,9 @@ enable_security_group = True
enable_ipset = True
[ovs]
+local_ip = 127.0.0.1
+enable_tunneling = True
bridge_mappings=External:br-ex,Physnet1:br-eth1
+
+[agent]
+tunnel_types = gre
diff --git a/openstack/etc/nova/api-paste.ini b/openstack/etc/nova/api-paste.ini
index 5f50e8a6..2a825a5b 100644
--- a/openstack/etc/nova/api-paste.ini
+++ b/openstack/etc/nova/api-paste.ini
@@ -115,4 +115,4 @@ paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
[filter:authtoken]
-paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf
index 35d103ef..b66a5115 100644
--- a/openstack/etc/nova/nova.conf
+++ b/openstack/etc/nova/nova.conf
@@ -186,7 +186,7 @@ rabbit_host = ##RABBITMQ_HOST##
#rabbit_virtual_host=/
rabbit_userid = ##RABBITMQ_USER##
rabbit_password = ##RABBITMQ_PASSWORD##
-rabbit_port=5672
+rabbit_port = ##RABBITMQ_PORT##
rabbit_use_ssl=false
#rabbit_retry_interval=1
# The messaging module to use, defaults to kombu (works for rabbit).
@@ -295,12 +295,12 @@ neutron_admin_auth_url=##KEYSTONE_ADMIN_URL##
# and resolve instance ids. This is needed to use neutron-metadata-agent
# (instead of the metadata server of nova-api,
# which doesn't work with neutron) (boolean value)
-#service_neutron_metadata_proxy=True
+service_neutron_metadata_proxy=True
# Shared secret to validate proxies Neutron metadata requests
# This password should match what is in /etc/neutron/metadata_agent.ini
# (string value)
-#neutron_metadata_proxy_shared_secret=
+neutron_metadata_proxy_shared_secret= ##METADATA_PROXY_SHARED_SECRET##
#################
# NOVNC CONSOLE #
diff --git a/openstack/etc/nova/nova.conf.example b/openstack/etc/nova/nova.conf.example
index 6b35ba91..999574ca 100644
--- a/openstack/etc/nova/nova.conf.example
+++ b/openstack/etc/nova/nova.conf.example
@@ -2677,7 +2677,7 @@
[keystone_authtoken]
#
-# Options defined in keystoneclient.middleware.auth_token
+# Options defined in keystonemiddleware.auth_token
#
# Prefix to prepend at the beginning of the path (string
diff --git a/openstack/etc/sysctl.conf b/openstack/etc/sysctl.conf
new file mode 100644
index 00000000..a4417acc
--- /dev/null
+++ b/openstack/etc/sysctl.conf
@@ -0,0 +1,3 @@
+net.ipv4.ip_forward=1
+net.ipv4.conf.all.rp_filter=0
+net.ipv4.conf.default.rp_filter=0
diff --git a/openstack/manifest b/openstack/manifest
index a666ea8d..03f1779f 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -181,3 +181,4 @@
0100755 0 0 /usr/share/openstack/openstack-horizon-setup
0100644 0 0 /etc/horizon/apache-horizon.conf
0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py
+0100644 0 0 /etc/sysctl.conf