From 29effc3e852df4870fcf035a1709cbcbe7da209a Mon Sep 17 00:00:00 2001 From: Francisco Redondo Marchena Date: Tue, 27 Jan 2015 12:45:08 +0000 Subject: Fix neutron, nova and glance configuration --- clusters/openstack-cluster.morph | 7 +++-- openstack-keystone.configure | 1 + openstack-neutron.configure | 2 ++ openstack-nova.configure | 1 + openstack-rabbitmq.configure | 1 + openstack/etc/glance/glance-api.conf | 40 +++++++++++++------------- openstack/etc/glance/glance-registry-paste.ini | 2 +- openstack/etc/neutron/dhcp_agent.ini | 7 +++-- openstack/etc/neutron/l3_agent.ini | 5 ++-- openstack/etc/neutron/metadata_agent.ini | 15 +++++----- openstack/etc/neutron/neutron.conf | 4 +-- openstack/etc/neutron/plugins/ml2/ml2_conf.ini | 7 ++++- openstack/etc/nova/api-paste.ini | 2 +- openstack/etc/nova/nova.conf | 6 ++-- openstack/etc/nova/nova.conf.example | 2 +- openstack/etc/sysctl.conf | 3 ++ openstack/manifest | 1 + 17 files changed, 62 insertions(+), 44 deletions(-) create mode 100644 openstack/etc/sysctl.conf diff --git a/clusters/openstack-cluster.morph b/clusters/openstack-cluster.morph index 2d0e02ee..b9b25cfa 100644 --- a/clusters/openstack-cluster.morph +++ b/clusters/openstack-cluster.morph @@ -60,6 +60,7 @@ systems: NEUTRON_SERVICE_PASSWORD: veryinsecure NEUTRON_DB_USER: neutronDB NEUTRON_DB_PASSWORD: veryinsecure - NEUTRON_PUBLIC_URL: \"http:\/\/127.0.0.1:9696" - NEUTRON_INTERNAL_URL: \"http:\/\/127.0.0.1:9696" - NEUTRON_ADMIN_URL: \"http:\/\/127.0.0.1:9696" + NEUTRON_PUBLIC_URL: http:\/\/127.0.0.1:9696 + NEUTRON_INTERNAL_URL: http:\/\/127.0.0.1:9696 + NEUTRON_ADMIN_URL: http:\/\/127.0.0.1:9696 + METADATA_PROXY_SHARED_SECRET: novaneutronmetasecret diff --git a/openstack-keystone.configure b/openstack-keystone.configure index 0e7aa2cb..d2d1171e 100644 --- a/openstack-keystone.configure +++ b/openstack-keystone.configure @@ -43,6 +43,7 @@ sed -f "$ROOT"/etc/openstack-keystone-setup.sed -i \ "$ROOT"/etc/nova/nova.conf \ "$ROOT"/etc/cinder/cinder.conf \ "$ROOT"/etc/neutron/neutron.conf \ + "$ROOT"/etc/neutron/metadata_agent.ini \ "$ROOT"/usr/share/openstack/openstack-keystone-setup \ "$ROOT"/usr/share/openstack/openstack-glance-setup \ "$ROOT"/usr/share/openstack/openstack-nova-setup \ diff --git a/openstack-neutron.configure b/openstack-neutron.configure index 0e4c1bf5..2da43cb6 100644 --- a/openstack-neutron.configure +++ b/openstack-neutron.configure @@ -31,10 +31,12 @@ s/##NEUTRON_DB_PASSWORD##/$NEUTRON_DB_PASSWORD/g s/##NEUTRON_PUBLIC_URL##/$NEUTRON_PUBLIC_URL/g s/##NEUTRON_INTERNAL_URL##/$NEUTRON_INTERNAL_URL/g s/##NEUTRON_ADMIN_URL##/$NEUTRON_ADMIN_URL/g +s/##METADATA_PROXY_SHARED_SECRET##/$METADATA_PROXY_SHARED_SECRET/g EOF sed -f "$ROOT"/etc/openstack-neutron-setup.sed -i \ "$ROOT"/etc/neutron/neutron.conf \ + "$ROOT"/etc/neutron/metadata_agent.ini \ "$ROOT"/etc/nova/nova.conf \ "$ROOT"/usr/share/openstack/openstack-neutron-setup diff --git a/openstack-nova.configure b/openstack-nova.configure index 83a9d401..efa6eb11 100644 --- a/openstack-nova.configure +++ b/openstack-nova.configure @@ -39,6 +39,7 @@ EOF sed -f "$ROOT"/etc/openstack-nova-setup.sed -i \ "$ROOT"/etc/nova/nova.conf \ "$ROOT"/etc/neutron/neutron.conf \ + "$ROOT"/etc/neutron/metadata_agent.ini \ "$ROOT"/usr/share/openstack/openstack-nova-setup ########################################################################## diff --git a/openstack-rabbitmq.configure b/openstack-rabbitmq.configure index f59c63c9..40c37698 100644 --- a/openstack-rabbitmq.configure +++ b/openstack-rabbitmq.configure @@ -35,6 +35,7 @@ sed -f "$ROOT"/etc/openstack-rabbitmq-setup.sed -i \ "$ROOT"/etc/nova/nova.conf \ "$ROOT"/etc/cinder/cinder.conf \ "$ROOT"/etc/neutron/neutron.conf \ + "$ROOT"/etc/glance/glance-api.conf \ "$ROOT"/usr/share/openstack/openstack-rabbitmq-setup ########################################################################## diff --git a/openstack/etc/glance/glance-api.conf b/openstack/etc/glance/glance-api.conf index f53b1bb8..c866f675 100644 --- a/openstack/etc/glance/glance-api.conf +++ b/openstack/etc/glance/glance-api.conf @@ -234,15 +234,15 @@ registry_client_protocol = http # default_publisher_id = image.127.0.0.1 # Messaging driver used for 'messaging' notifications driver -# rpc_backend = 'rabbit' +rpc_backend=rabbit # Configuration options if sending notifications via rabbitmq (these are # the defaults) -rabbit_host = 127.0.0.1 -rabbit_port = 5672 +rabbit_host = ##RABBITMQ_HOST## +rabbit_port = ##RABBITMQ_PORT## rabbit_use_ssl = false -rabbit_userid = guest -rabbit_password = guest +rabbit_userid = ##RABBITMQ_USER## +rabbit_password = ##RABBITMQ_PASSWORD## rabbit_virtual_host = / rabbit_notification_exchange = glance rabbit_notification_topic = notifications @@ -250,22 +250,22 @@ rabbit_durable_queues = False # Configuration options if sending notifications via Qpid (these are # the defaults) -qpid_notification_exchange = glance -qpid_notification_topic = notifications -qpid_hostname = 127.0.0.1 -qpid_port = 5672 -qpid_username = -qpid_password = -qpid_sasl_mechanisms = -qpid_reconnect_timeout = 0 -qpid_reconnect_limit = 0 -qpid_reconnect_interval_min = 0 -qpid_reconnect_interval_max = 0 -qpid_reconnect_interval = 0 -qpid_heartbeat = 5 +#qpid_notification_exchange = glance +#qpid_notification_topic = notifications +#qpid_hostname = 127.0.0.1 +#qpid_port = 5672 +#qpid_username = +#qpid_password = +#qpid_sasl_mechanisms = +#qpid_reconnect_timeout = 0 +#qpid_reconnect_limit = 0 +#qpid_reconnect_interval_min = 0 +#qpid_reconnect_interval_max = 0 +#qpid_reconnect_interval = 0 +#qpid_heartbeat = 5 # Set to 'ssl' to enable SSL -qpid_protocol = tcp -qpid_tcp_nodelay = True +#qpid_protocol = tcp +#qpid_tcp_nodelay = True # ============ Filesystem Store Options ======================== diff --git a/openstack/etc/glance/glance-registry-paste.ini b/openstack/etc/glance/glance-registry-paste.ini index d9f6eb35..ab8c2856 100644 --- a/openstack/etc/glance/glance-registry-paste.ini +++ b/openstack/etc/glance/glance-registry-paste.ini @@ -22,4 +22,4 @@ paste.filter_factory = glance.api.middleware.context:ContextMiddleware.factory paste.filter_factory = glance.api.middleware.context:UnauthenticatedContextMiddleware.factory [filter:authtoken] -paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/openstack/etc/neutron/dhcp_agent.ini b/openstack/etc/neutron/dhcp_agent.ini index 72f5ed14..edb539bc 100644 --- a/openstack/etc/neutron/dhcp_agent.ini +++ b/openstack/etc/neutron/dhcp_agent.ini @@ -1,6 +1,7 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) -# debug = False +debug = True +verbose = True # The DHCP agent will resync its state with Neutron to recover from any # transient notification or rpc errors. The interval is number of @@ -28,11 +29,11 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # The agent can use other DHCP drivers. Dnsmasq is the simplest and requires # no additional setup of the DHCP server. -# dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). -# use_namespaces = True +use_namespaces = True # The DHCP server can assist with providing metadata support on isolated # networks. Setting this value to True will cause the DHCP server to append diff --git a/openstack/etc/neutron/l3_agent.ini b/openstack/etc/neutron/l3_agent.ini index 6953b7cd..e29c88c4 100644 --- a/openstack/etc/neutron/l3_agent.ini +++ b/openstack/etc/neutron/l3_agent.ini @@ -1,6 +1,7 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) -# debug = False +debug = True +verbose = True # L3 requires that an interface driver be set. Choose the one that best # matches your plugin. @@ -20,7 +21,7 @@ interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver # Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and # iproute2 package that supports namespaces). -# use_namespaces = True +use_namespaces = True # If use_namespaces is set as False then the agent can only configure one router. diff --git a/openstack/etc/neutron/metadata_agent.ini b/openstack/etc/neutron/metadata_agent.ini index fb5ebffb..6a3d0102 100644 --- a/openstack/etc/neutron/metadata_agent.ini +++ b/openstack/etc/neutron/metadata_agent.ini @@ -1,23 +1,24 @@ [DEFAULT] # Show debugging output in log (sets DEBUG log level output) -# debug = True +debug = True +verbose = True # The Neutron user information for accessing the Neutron API. -auth_url = http://127.0.0.1:5000/v2.0 +auth_url = ##KEYSTONE_INTERNAL_URL## auth_region = RegionOne # Turn off verification of the certificate for ssl # auth_insecure = False # Certificate Authority public key (CA cert) file for ssl # auth_ca_cert = -admin_tenant_name = %SERVICE_TENANT_NAME% -admin_user = %SERVICE_USER% -admin_password = %SERVICE_PASSWORD% +admin_tenant_name = service +admin_user = ##NEUTRON_SERVICE_USER## +admin_password = ##NEUTRON_SERVICE_PASSWORD## # Network service endpoint type to pull from the keystone catalog # endpoint_type = adminURL # IP address used by Nova metadata server -# nova_metadata_ip = 127.0.0.1 +nova_metadata_ip = ##NOVA_HOST## # TCP Port used by Nova metadata server # nova_metadata_port = 8775 @@ -40,7 +41,7 @@ admin_password = %SERVICE_PASSWORD% # shared secret to prevent spoofing. You may select any string for a secret, # but it must match here and in the configuration used by the Nova Metadata # Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret -# metadata_proxy_shared_secret = +metadata_proxy_shared_secret = ##METADATA_PROXY_SHARED_SECRET## # Location of Metadata Proxy UNIX domain socket # metadata_proxy_socket = $state_path/metadata_proxy diff --git a/openstack/etc/neutron/neutron.conf b/openstack/etc/neutron/neutron.conf index 1c66e080..e85cc9ab 100644 --- a/openstack/etc/neutron/neutron.conf +++ b/openstack/etc/neutron/neutron.conf @@ -246,7 +246,7 @@ notify_nova_on_port_data_changes = True nova_url = http://127.0.0.1:8774/v2 # Name of nova region to use. Useful if keystone manages more than one region -# nova_region_name = +nova_region_name = ##NOVA_REGION## # Username for connection to nova in admin context nova_admin_username = ##NOVA_SERVICE_USER## @@ -445,7 +445,7 @@ notification_driver=neutron.openstack.common.notifier.rpc_notifier # The messaging driver to use, defaults to rabbit. Other # drivers include qpid and zmq. (string value) rpc_backend=rabbit - + # The default exchange under which topics are scoped. May be # overridden by an exchange name specified in the # transport_url option. (string value) diff --git a/openstack/etc/neutron/plugins/ml2/ml2_conf.ini b/openstack/etc/neutron/plugins/ml2/ml2_conf.ini index c493a7bb..fb4d7a9f 100644 --- a/openstack/etc/neutron/plugins/ml2/ml2_conf.ini +++ b/openstack/etc/neutron/plugins/ml2/ml2_conf.ini @@ -67,7 +67,7 @@ tunnel_id_ranges = 1:1000 # Example: vxlan_group = 239.1.1.1 [securitygroup] -firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. enable_security_group = True @@ -77,4 +77,9 @@ enable_security_group = True enable_ipset = True [ovs] +local_ip = 127.0.0.1 +enable_tunneling = True bridge_mappings=External:br-ex,Physnet1:br-eth1 + +[agent] +tunnel_types = gre diff --git a/openstack/etc/nova/api-paste.ini b/openstack/etc/nova/api-paste.ini index 5f50e8a6..2a825a5b 100644 --- a/openstack/etc/nova/api-paste.ini +++ b/openstack/etc/nova/api-paste.ini @@ -115,4 +115,4 @@ paste.app_factory = nova.api.openstack.compute.versions:Versions.factory paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory [filter:authtoken] -paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/openstack/etc/nova/nova.conf b/openstack/etc/nova/nova.conf index 35d103ef..b66a5115 100644 --- a/openstack/etc/nova/nova.conf +++ b/openstack/etc/nova/nova.conf @@ -186,7 +186,7 @@ rabbit_host = ##RABBITMQ_HOST## #rabbit_virtual_host=/ rabbit_userid = ##RABBITMQ_USER## rabbit_password = ##RABBITMQ_PASSWORD## -rabbit_port=5672 +rabbit_port = ##RABBITMQ_PORT## rabbit_use_ssl=false #rabbit_retry_interval=1 # The messaging module to use, defaults to kombu (works for rabbit). @@ -295,12 +295,12 @@ neutron_admin_auth_url=##KEYSTONE_ADMIN_URL## # and resolve instance ids. This is needed to use neutron-metadata-agent # (instead of the metadata server of nova-api, # which doesn't work with neutron) (boolean value) -#service_neutron_metadata_proxy=True +service_neutron_metadata_proxy=True # Shared secret to validate proxies Neutron metadata requests # This password should match what is in /etc/neutron/metadata_agent.ini # (string value) -#neutron_metadata_proxy_shared_secret= +neutron_metadata_proxy_shared_secret= ##METADATA_PROXY_SHARED_SECRET## ################# # NOVNC CONSOLE # diff --git a/openstack/etc/nova/nova.conf.example b/openstack/etc/nova/nova.conf.example index 6b35ba91..999574ca 100644 --- a/openstack/etc/nova/nova.conf.example +++ b/openstack/etc/nova/nova.conf.example @@ -2677,7 +2677,7 @@ [keystone_authtoken] # -# Options defined in keystoneclient.middleware.auth_token +# Options defined in keystonemiddleware.auth_token # # Prefix to prepend at the beginning of the path (string diff --git a/openstack/etc/sysctl.conf b/openstack/etc/sysctl.conf new file mode 100644 index 00000000..a4417acc --- /dev/null +++ b/openstack/etc/sysctl.conf @@ -0,0 +1,3 @@ +net.ipv4.ip_forward=1 +net.ipv4.conf.all.rp_filter=0 +net.ipv4.conf.default.rp_filter=0 diff --git a/openstack/manifest b/openstack/manifest index a666ea8d..03f1779f 100644 --- a/openstack/manifest +++ b/openstack/manifest @@ -181,3 +181,4 @@ 0100755 0 0 /usr/share/openstack/openstack-horizon-setup 0100644 0 0 /etc/horizon/apache-horizon.conf 0100644 0 0 /etc/horizon/openstack_dashboard/local_settings.py +0100644 0 0 /etc/sysctl.conf -- cgit v1.2.1