This is a Quick Guide to deploy OpenStack IceHouse on top of Ubuntu 14.04, it is IPv6-Ready!
It is compliant with OpenStack's official documentation (docs.openstack.org).
The tenant's subnets are based on Neutron, with ML2 plugin and Single Flat Network
topology, dual-stacked.
The Single Flat Network
is the simplest network topology supported by OpenStack (I think). So, it is easier to understand and follow.
The IPv6 support in Neutron L3 router isn't ready yet but, things are different when you don't need it. With ML2 (and probably with OVS too), you can have a dual-stacked environment with Single Flat Network
. But, there is no IPv6 auto-configuration yet, so, you'll just need to configure the IPv6 address statically on each Instance. IPv6 Security Groups is working!
Also, basically everything else, including physical servers, basic services (RabbitMQ, MySQL, Apache, SSH), Horizon, APIs, endpoints, SPICE Consoles and etc, are all reachable through IPv6!
Apparently, only Metadata (and GRE / VXLAN subnet) still requires IPv4 (I'm not sure, maybe I am missing something).
This is a "step-by-step", a "cut-and-paste" guide.
This Guide covers:
Single Flat Network
(DHCPv4), Metadata and Security Groups;This Guide does not covers:
http://docs.openstack.org/icehouse/install-guide/install/apt/content/
Single Flat Network
documentation:http://docs.openstack.org/trunk/install-guide/install/apt/content/section_neutron-single-flat.html
http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf
http://openstack-folsom-install-guide.readthedocs.org/en/latest/
The "border gateway / external router" (dual-stacked, default route, for both physical serves and instances) is located outside of the cloud. This means that we're mapping our physical network into OpenStack, using ML2 plugin with Single Flat Network topology.
For tenant's subnet, in the future, the "border gateway / external router" will have the IPv6 Router Advertisement daemon running on it (radvd), so, when OpenStack finishes its IPv6 SLAAC mode from upstream routers ( covered here: https://blueprints.launchpad.net/neutron/+spec/ipv6-provider-nets-slaac ? ), the instances will be able to use it as its own IPv6 default router automatically.
My idea is to move on and forget about IPv4 and NAT tables, so, with IPv6, we don't need NAT anymore. NAT66 is a bad thing (from my point of view), be part of the real Internet with IPv6 address from the subnet 2000::/3! Again, do not use "ip6tables -t nat", unless you want to break your network, and the Internet itself.
One last word about NAT: it breaks the end-to-end Internet connectivity, effectively kicking you out from the real Internet, and it is just a workaround created to deal with the IPv4 exhaustion, so, there is no need for NAT(66) on an IPv6-World, for real...
NOTE #1: The config file examples are supposed to be added to the respective files, it is not a entire config file replacement. Keep the rest of the original files intact when possible (i.e. when not duplicating the entries).
NOTE #2: You might want to replace the domain yourdomain.com
with your own real domain.
This lab have a Ubuntu acting as a firewall, with our WAN ISP attached to it, so, behind it, will sit the entire OpenStack infrastructure.
This Firewall Ubuntu might have the package aiccu installed, so, you'll have at least, one IPv6 /64 block to play with (if you don't have it native from your ISP, get one from SixxS.net and start using it aiccu).
Also, if you go with IPv6, you'll probably need the package radvd installed here, so, you'll be able to advertise your IPv6 blocks within your LAN. And, for the Ubuntu IPv6 clients (including future IPv6-Only Instances), you'll also need the package rdnssd to auto-configure the Instance's /etc/resolv.conf file according.
For IPv6, this Ubuntu gateway will act as the "Provider Networking - upstream SLAAC" router (I'm researching about this), so, we'll be able to start testing (probably) the blueprint called "ipv6-provider-nets-slaac".
Install a Ubuntu 14.04 with at least two network cards (can be a small virtual machine).
Network Topology:
WAN - eth0
IPv6 (If you have native)
IPv4
LAN - eth1
IPv6 (From SixxS.net, for example)
IPv4 (Legacy)
# The loopback network interface
auto lo
iface lo inet loopback
iface lo inet6 loopback
# ETH0 - BEGIN - WAN faced
# The primary network interface connected to your ISP's WAN
auto eth0
# IPv6
#
# If you have native IPv6, configure it here, otherwise, aiccu will create
# a new interface for your IPv6 WAN, called sixxs, tunneled through your
# eth0 IPv4 address.
iface eth0 inet6 static
address 2001:db8:0::2
netmask 64
gateway 2001:db8:0::1
# dns-* options are implemented by the resolvconf package, if installed
dns-search yourdomain.com
dns-domain yourdomain.com
# Google Public DNS
dns-nameservers 2001:4860:4860::8844 2001:4860:4860::8888
# OpenNIC
# dns-nameservers 2001:530::216:3cff:fe8d:e704 2600:3c00::f03c:91ff:fe96:a6ad 2600:3c00::f03c:91ff:fe96:a6ad
# OpenDNS Public Name Servers:
# dns-nameservers 2620:0:ccc::2 2620:0:ccd::2
# IPv4 - Legacy
#
iface eth0 inet static
address 200.10.1.2
netmask 28
gateway 200.10.1.1
# Google Public DNS
# dns-nameservers 8.8.4.4
# OpenDNS
# dns-nameservers 208.67.222.222 208.67.220.220 208.67.222.220 208.67.220.222
# OpenNIC
# dns-nameservers 66.244.95.20 74.207.247.4 216.87.84.211
# ETH0 - END
# ETH1 - BEGIN - LAN faced
auto eth1
# IPv6
#
# Your routed block, SixxS.net or TunnelBroker provides one for you, for free.
# You might want to run "radvd" on eth1 to advertise it to your LAN / Cloud.
#
# OpenStack Management + Instance's gateway
iface eth1 inet6 static
address 2001:db8:1::1
netmask 64
# IPv4 - Legacy
#
# OpenStack Management + Instance's gateway
iface eth1 inet static
address 10.32.14.1
netmask 24
# ETH1 - END
Run the following commands
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sed -i 's/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=1/' /etc/sysctl.conf
sysctl -p
Note: OpenStack isn't compatible with any upstream SLAAC router right now, so, this is optional.
Example of its /etc/radvd.conf file:
# With IPv6, the DHCP(v6) is entirely optional, now, we have the
# Router Advertisement daemon, called radvd. So, we'll not use DHCPv6.
#
# Ubuntu, "Provider Networking - upstream SLAAC" router for Instances.
#
# eth1 - LAN faced:
interface eth1
{
# Enable RA on this gateway:
AdvSendAdvert on;
# Disable clients from getting their IPs from DHCPv6 (no need for it):
AdvManagedFlag off;
# Disable clients from getting other configs from DHCPv6:
AdvOtherConfigFlag off;
# More options:
AdvLinkMTU 1500;
AdvDefaultPreference high;
# Enable RA to the following subnet
prefix 2001:db8:1::/64
{
AdvOnLink on;
# Allow clients to auto-generate their IPv6 address (SLAAC),
# DHCPv6 will not be used here.
AdvAutonomous on;
};
# Ubuntu IPv6 clients requires the package rdnssd to deal with RDNSS:
RDNSS 2001:4860:4860::8844 2001:4860:4860::8888 { };
DNSSL yourdomain.com { };
};
Install the following package (RA Daemon):
sudo apt-get install radvd
Now your entire LAN have IPv6! Have fun!
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
NOTE #1: There is only 1 NAT rule on this environment, which resides on this gateway itself, to do the IPv4 SNAT/DNAT to/from the old Internet infrastructure. There is no IPv4 NAT within this OpenStack environment itself (no Floating IPs, "no multihost=true"). Also, there is no NAT when enjoying the New Internet Powered by IPv6!
NOTE #2: If your have more IPv4 public blocks available (i.e. at your gateway's eth1 interface, your Instances can also have public IPs on it!
The OpenStack Controller Node is powered by Ubuntu 14.04!
Requirements:
IPv6
IPv4 - Legacy
Install Ubuntu 14.04 on the first disk, can be the Minimum Virtual Machine flavor, using Guided LVM Paritioning, leave the second disk untouched for now (it will be used with Cinder).
Login as root and run:
echo controller > /etc/hostname
apt-get update
apt-get dist-upgrade -y
apt-get install vim iptables openvswitch-switch
vi /etc/hosts
Make sure it have the following contents:
127.0.0.1 localhost.localdomain localhost
# IPv6
2001:db8:1::10 controller.yourdomain.com controller
2001:db8:1::20 compute-1.yourdomain.com compute-1
2001:db8:1::30 compute-2.yourdomain.com compute-2
# IPv4 - Not needed:
#10.32.14.10 controller.yourdomain.com controller
#10.32.14.20 compute-1.yourdomain.com compute-1
#10.32.14.30 compute-2.yourdomain.com compute-2
Edit your Controller Node network interfaces file:
vi /etc/network/interfaces
With:
# The primary network interface
# ETH0 - BEGIN
auto eth0
iface eth0 inet manual
up ip link set $IFACE up
up ip address add 0/0 dev $IFACE
down ip link set $IFACE down
# ETH0 - END
# BR-ETH0 - BEGIN
auto br-eth0
# IPv6
#
iface br-eth0 inet6 static
address 2001:db8:1::10
netmask 64
gateway 2001:db8:1::1
# dns-* options are implemented by the resolvconf package, if installed
dns-search yourdomain.com
dns-domain yourdomain.com
# Google Public DNS
dns-nameservers 2001:4860:4860::8844 2001:4860:4860::8888
# OpenNIC
# dns-nameservers 2001:530::216:3cff:fe8d:e704 2600:3c00::f03c:91ff:fe96:a6ad 2600:3c00::f03c:91ff:fe96:a6ad
# OpenDNS Public Name Servers
# dns-nameservers 2620:0:ccc::2 2620:0:ccd::2
# IPv4 - Legacy
#
iface br-eth0 inet static
address 10.32.14.10
netmask 24
gateway 10.32.14.1
# Google Public DNS
dns-nameservers 8.8.4.4
# OpenDNS
# dns-nameservers 208.67.222.222 208.67.220.220 208.67.222.220 208.67.220.222
# OpenNIC
# dns-nameservers 66.244.95.20 74.207.247.4 216.87.84.211
# BR-ETH0 - END
Login as root and run:
ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth0
The next OVS command will kick you out from this server (if connected to it via eth0), that's why we should reboot after running it:
ovs-vsctl add-port br-eth0 eth0 && reboot
apt-get install mysql-server python-mysqldb ntp curl openssl rabbitmq-server python-keyring
Configure it:
Replace RABBIT_PASS with a suitable password.
rabbitmqctl change_password guest guest
Reconfigure MySQL, edit my.cnf:
vi /etc/mysql/my.cnf
With:
[mysqld]
#
# * For OpenStack - Keystone, etc - utf8
#
default-storage-engine = innodb
collation-server = utf8_general_ci
init-connect='SET NAMES utf8'
character-set-server = utf8
innodb_file_per_table
# Bind in a Dual-Stacked fashion
bind-address = ::
Creating the required databases:
service mysql restart
Make your MySQL a bit safer:
mysql_install_db
mysql_secure_installation
Now make the required databases:
mysql -u root -p
Once within MySQL prompt, create the databases:
CREATE DATABASE keystone;
GRANT ALL ON keystone.* TO 'keystoneUser'@'%' IDENTIFIED BY 'keystonePass';
CREATE DATABASE glance;
GRANT ALL ON glance.* TO 'glanceUser'@'%' IDENTIFIED BY 'glancePass';
CREATE DATABASE nova;
GRANT ALL ON nova.* TO 'novaUser'@'%' IDENTIFIED BY 'novaPass';
CREATE DATABASE cinder;
GRANT ALL ON cinder.* TO 'cinderUser'@'%' IDENTIFIED BY 'cinderPass';
CREATE DATABASE neutron;
GRANT ALL ON neutron.* TO 'neutronUser'@'%' IDENTIFIED BY 'neutronPass';
CREATE DATABASE heat;
GRANT ALL ON heat.* TO 'heatUser'@'%' IDENTIFIED BY 'heatPass';
quit;
apt-get install keystone
Edit the keystone.conf and and change it for this:
vi /etc/keystone/keystone.conf
File contents:
[DEFAULT]
admin_token = ADMIN
bind_host = 2001:db8:1::10
[database]
connection = mysql://keystoneUser:keystonePass@controller.yourdomain.com/keystone
Then run:
rm /var/lib/keystone/keystone.db
su -s /bin/sh -c "keystone-manage db_sync" keystone
service keystone restart
Create Keystone basics and endpoints:
cd ~
wget https://gist.githubusercontent.com/tmartinx/7002197/raw/838770e4848c78dcd896fcfb6e4627d754051a72/keystone_basic.sh
wget https://gist.githubusercontent.com/tmartinx/7002255/raw/b13b1a09a675ff8c680545afe83b946cb03a36a5/keystone_endpoints_basic.sh
chmod +x keystone_basic.sh
chmod +x keystone_endpoints_basic.sh
./keystone_basic.sh
./keystone_endpoints_basic.sh
Preliminary Keystone test
curl http://controller.yourdomain.com:35357/v2.0/endpoints -H 'x-auth-token: ADMIN' | python -m json.tool
You might want to cleanup your expired tokens, otherwise, your database will increase in size indefinitely. So, do this:
(crontab -l 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/crontabs/root
Create your NOVA Resource Configuration file:
vi ~/.novarc
With:
# COMMON OPENSTACK ENVS
export SERVICE_TOKEN=ADMIN
export OS_USERNAME=admin
export OS_PASSWORD=admin_pass
export OS_TENANT_NAME=admin
export OS_AUTH_URL="http://controller.yourdomain.com:5000/v2.0/"
export SERVICE_ENDPOINT="http://controller.yourdomain.com:35357/v2.0/"
export OS_AUTH_STRATEGY=keystone
export OS_NO_CACHE=1
# LEGACY NOVA ENVS
export NOVA_USERNAME=${OS_USERNAME}
export NOVA_PROJECT_ID=${OS_TENANT_NAME}
export NOVA_PASSWORD=${OS_PASSWORD}
export NOVA_API_KEY=${OS_PASSWORD}
export NOVA_URL=${OS_AUTH_URL}
export NOVA_VERSION=1.1
export NOVA_REGION_NAME=RegionOne
# EUCA2OOLs ENV VARIABLES
export EC2_ACCESS_KEY=ab2f155901fb4be5bae4ddc78c924665
export EC2_SECRET_KEY=ef89b9562e9b4653a8d68e3117f0ae32
export EC2_URL=http://controller.yourdomain.com:8773/services/Cloud
Append to your bashrc:
vi ~/.bashrc
With:
if [ -f ~/.novarc ]; then
. ~/.novarc
fi
Then, load it:
source ~/.bashrc
Test Keystone with basic option to see if it works:
keystone tenant-list
Lets install Glance
apt-get install glance python-mysqldb
Edit glance-api.conf...
vi /etc/glance/glance-api.conf
With:
[DEFAULT]
bind_host = 2001:db8:1::10
registry_host = controller.yourdomain.com
rabbit_host = controller.yourdomain.com
[database]
connection = mysql://glanceUser:glancePass@controller.yourdomain.com/glance
[keystone_authtoken]
auth_uri = http://controller.yourdomain.com:5000
auth_host = controller.yourdomain.com
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
[paste_deploy]
flavor = keystone
Edit glance-registry.conf...
vi /etc/glance/glance-registry.conf
With:
[DEFAULT]
bind_host = 2001:db8:1::10
[database]
connection = mysql://glanceUser:glancePass@controller.yourdomain.com/glance
[keystone_authtoken]
auth_uri = http://controller.yourdomain.com:5000
auth_host = controller.yourdomain.com
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = glance
admin_password = service_pass
[paste_deploy]
flavor = keystone
Then run:
rm /var/lib/glance/glance.sqlite
su -s /bin/sh -c "glance-manage db_sync" glance
service glance-api restart; service glance-registry restart
Run the following commands to add some O.S. images into your Glance repository.
glance image-create --location http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-i386-disk.img --name "CirrOS 0.3.2 - Minimalist - 32-bit - Cloud Based Image" --is-public true --container-format bare --disk-format qcow2
glance image-create --location http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img --name "CirrOS 0.3.2 - Minimalist - 64-bit - Cloud Based Image" --is-public true --container-format bare --disk-format qcow2
glance image-create --location http://uec-images.ubuntu.com/releases/13.10/release/ubuntu-13.10-server-cloudimg-i386-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 13.10 - Saucy Salamander - 32-bit - Cloud Based Image"
glance image-create --location http://uec-images.ubuntu.com/releases/13.10/release/ubuntu-13.10-server-cloudimg-amd64-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 13.10 - Saucy Salamander - 64-bit - Cloud Based Image"
glance image-create --location http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-cloudimg-i386-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 12.04.4 LTS - Precise Pangolin - 32-bit - Cloud Based Image"
glance image-create --location http://uec-images.ubuntu.com/releases/12.04/release/ubuntu-12.04-server-cloudimg-amd64-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 12.04.4 LTS - Precise Pangolin - 64-bit - Cloud Based Image"
glance image-create --location http://uec-images.ubuntu.com/releases/14.04/release/ubuntu-14.04-server-cloudimg-i386-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 14.04 LTS - Trusty Tahr - 32-bit - Cloud Based Image"
glance image-create --location http://uec-images.ubuntu.com/releases/14.04/release/ubuntu-14.04-server-cloudimg-amd64-disk1.img --is-public true --disk-format qcow2 --container-format bare --name "Ubuntu 14.04 LTS - Trusty Tahr - 64-bit - Cloud Based Image"
Info: https://coreos.com
cd ~
wget http://alpha.release.core-os.net/amd64-usr/current/coreos_production_openstack_image.img.bz2
bunzip2 coreos_production_openstack_image.img.bz2
glance image-create --name "CoreOS 353.0.0 - Linux 3.15.1 - Docker 1.0 - etcd 0.4.3 - fleet 0.5.0" --container-format ovf --disk-format qcow2 --file coreos_production_openstack_image.img --is-public True
If you need to run Windows 2012 in your OpenStack, visit: http://cloudbase.it/ws2012r2 to download the image "windows_server_2012_r2_standard_eval_kvm_20140607.qcow2.gz", then, run:
gunzip /root/windows_server_2012_r2_standard_eval_kvm_20140607.qcow2.gz
glance image-create --name "Windows Server 2012 R2 Standard Eval" --container-format bare --disk-format qcow2 --is-public true < /root/windows_server_2012_r2_standard_eval_kvm_20140607.qcow2
glance image-list
Run:
apt-get install python-novaclient nova-api nova-cert nova-consoleauth nova-scheduler nova-conductor nova-spiceproxy
Run:
cd /etc/nova
mv /etc/nova/nova.conf /etc/nova/nova.conf_Ubuntu
wget https://gist.githubusercontent.com/tmartinx/10784491/raw/384356d1b072d1a65f4c9175a26e4154e4d97079/nova.conf
chown nova: /etc/nova/nova.conf
chmod 640 /etc/nova/nova.conf
NOTE: Edit your nova.conf file, before running "db sync", to reflect your own FQDN (.yourdomain.com), if desired.*
rm /var/lib/nova/nova.sqlite
su -s /bin/sh -c "nova-manage db sync" nova
I figured out that Nova SPICE Proxy doesn't listen on a Dual-Stacked setup, even after configuring it at nova.conf, something is wrong with it (BUG LP #1308418), so, just patch the spicehtml2proxy.py file to force it listen on both IPv4 and IPv6, like this:
sed -i 's/0.0.0.0/::/' /usr/lib/python2.7/dist-packages/nova/cmd/spicehtml5proxy.py
Now, you can restart all Nova services:
cd /etc/init/; for i in $(ls nova-* | cut -d \. -f 1 | xargs); do sudo service $i restart; done
Delete the default examples:
nova flavor-delete 1
nova flavor-delete 2
nova flavor-delete 3
nova flavor-delete 4
nova flavor-delete 5
Create new flavors:
# Standard Flavor
nova flavor-create --ephemeral 0 --swap 128 --rxtx-factor 1.0 --is-public yes m1.micro 1 256 5 1
nova flavor-create --ephemeral 25 --swap 256 --rxtx-factor 1.0 --is-public yes m1.tiny 2 512 10 1
nova flavor-create --ephemeral 50 --swap 512 --rxtx-factor 1.0 --is-public yes m1.small 3 1024 10 1
nova flavor-create --ephemeral 100 --swap 1024 --rxtx-factor 1.0 --is-public yes m1.medium 4 2048 10 2
nova flavor-create --ephemeral 200 --swap 2048 --rxtx-factor 1.0 --is-public yes m1.large 5 4096 10 4
nova flavor-create --ephemeral 400 --swap 4096 --rxtx-factor 1.0 --is-public yes m1.xlarge 6 8192 10 8
# RAM Memory optimized
nova flavor-create --ephemeral 0 --swap 256 --rxtx-factor 1.0 --is-public yes r1.micro 7 512 5 1
nova flavor-create --ephemeral 25 --swap 512 --rxtx-factor 1.0 --is-public yes r1.tiny 8 1024 10 1
nova flavor-create --ephemeral 50 --swap 1024 --rxtx-factor 1.0 --is-public yes r1.small 9 2048 10 1
nova flavor-create --ephemeral 100 --swap 2048 --rxtx-factor 1.0 --is-public yes r1.medium 10 4096 10 2
nova flavor-create --ephemeral 200 --swap 4096 --rxtx-factor 1.0 --is-public yes r1.large 11 8192 10 4
nova flavor-create --ephemeral 400 --swap 8192 --rxtx-factor 1.0 --is-public yes r1.xlarge 12 16384 10 8
# Storage optimized
nova flavor-create --ephemeral 50 --swap 256 --rxtx-factor 1.0 --is-public yes s1.tiny 13 512 10 1
nova flavor-create --ephemeral 100 --swap 512 --rxtx-factor 1.0 --is-public yes s1.small 14 1024 10 1
nova flavor-create --ephemeral 200 --swap 1024 --rxtx-factor 1.0 --is-public yes s1.medium 15 2048 20 2
nova flavor-create --ephemeral 400 --swap 2048 --rxtx-factor 1.0 --is-public yes s1.large 16 4096 40 4
nova flavor-create --ephemeral 800 --swap 4096 --rxtx-factor 1.0 --is-public yes s1.xlarge 17 8192 80 8
# Windows optimized
nova flavor-create --ephemeral 100 --swap 0 --rxtx-factor 1.0 --is-public yes w1.small 18 1024 20 1
nova flavor-create --ephemeral 200 --swap 0 --rxtx-factor 1.0 --is-public yes w1.medium 19 2048 20 2
nova flavor-create --ephemeral 400 --swap 0 --rxtx-factor 1.0 --is-public yes w1.large 20 4096 40 4
nova flavor-create --ephemeral 800 --swap 0 --rxtx-factor 1.0 --is-public yes w1.xlarge 21 8192 40 8
Run:
apt-get install neutron-server neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent
First, take a note of the "Service Tenant ID" with:
keystone tenant-get service
Edit neutron.conf...
vi /etc/neutron/neutron.conf
With:
[DEFAULT]
bind_host = 2001:db8:1::10
auth_strategy = keystone
allow_overlapping_ips = True
rabbit_host = controller.yourdomain.com
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller.yourdomain.com:8774/v2
nova_region_name = RegionOne
nova_admin_username = nova
nova_admin_tenant_id = $SERVICE_TENANT_ID
nova_admin_password = service_pass
nova_admin_auth_url = http://controller.yourdomain.com:35357/v2.0
[keystone_authtoken]
auth_uri = http://controller.yourdomain.com:5000
auth_host = controller.yourdomain.com
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = service_pass
signing_dir = $state_path/keystone-signing
[database]
connection = mysql://neutronUser:neutronPass@controller.yourdomain.com/neutron
Edit ml2_conf.ini...
vi /etc/neutron/plugins/ml2/ml2_conf.ini
With:
[ml2]
type_drivers = local,flat
mechanism_drivers = openvswitch,l2population
[ml2_type_flat]
flat_networks = *
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
enable_tunneling = False
local_ip = 10.32.14.10
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-eth0
Edit metadata_agent.ini...
vi /etc/neutron/metadata_agent.ini
With:
# The Neutron user information for accessing the Neutron API.
auth_url = http://controller.yourdomain.com:5000/v2.0
auth_region = RegionOne
admin_tenant_name = service
admin_user = neutron
admin_password = service_pass
nova_metadata_ip = 10.32.14.10
nova_metadata_port = 8775
metadata_proxy_shared_secret = metasecret13
Edit dhcp_agent.ini...
vi /etc/neutron/dhcp_agent.ini
With:
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
enable_isolated_metadata = True
dhcp_domain = yourdomain.com
Run:
cd /etc/init/; for i in $(ls -1 neutron-* | cut -d \. -f 1); do sudo service $i restart; done
First, get the admin tenant id and note it (like var $ADMIN_TENTANT_ID).
keystone tenant-list
Previous versions of this Quick Guide, had two IPv4 subnets, one for OpenStack Management and Physical Serves (10.32.14.0/24), and another for the Instances (10.33.14.0/24). But now, we have only one IPv4 subnet for everything (which is 10.32.14.0/24), for both Openstack Management and Instances, less subnets to deal with, so, the subdivision of the IP ranges comes now from the neutron "--allocation-pool" option. This way, it will be easier to introduce IPv6.
Mapping the physical network, that one from your "border gateway", into OpenStack Neutron:
neutron net-create --tenant-id $ADMIN_TENTANT_ID sharednet1 --shared --provider:network_type flat --provider:physical_network physnet1
Create an IPv4 subnet on "sharednet1":
neutron subnet-create --ip-version 4 --tenant-id $ADMIN_TENANT_ID sharednet1 10.32.14.0/24 --allocation-pool start=10.32.14.129,end=10.32.14.254 --dns_nameservers list=true 8.8.4.4 8.8.8.8
Create an IPv6 subnet on "sharednet1":
neutron subnet-create --ip-version 6 --disable-dhcp --tenant-id $ADMIN_TENANT_ID sharednet1 2001:db8:1::/64 --allocation-pool start=2001:db8:1::8000,end=2001:db8:1:0:ffff:ffff:ffff:fffe
apt-get install cinder-api cinder-scheduler python-mysqldb
Edit cinder.conf...
vi /etc/cinder/cinder.conf
with:
[DEFAULT]
my_ip = 2001:db8:1::10
glance_host = 2001:db8:1::10
osapi_volume_listen = 2001:db8:1::10
rpc_backend = cinder.openstack.common.rpc.impl_kombu
rabbit_host = controller.yourdomain.com
connection = mysql://cinderUser:cinderPass@controller.yourdomain.com/cinder
[keystone_authtoken]
auth_uri = http://controller.yourdomain.com:5000
auth_host = controller.yourdomain.com
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = cinder
admin_password = service_pass
Run:
su -s /bin/sh -c "cinder-manage db sync" cinder
cd /etc/init/; for i in $(ls cinder-* | cut -d \. -f 1 | xargs); do sudo service $i restart; done
This procedure will make use of the extra Virtual HD of your controller.yourdomain.com (about 100G).
If don't have it, add one: halt VM -> go to "virt-manager" -> Add hardware -> VirtIO Disk / 100G / RAW.
Then start it again and run:
# Create a primary partition on it, type LVM (8e)
cfdisk /dev/vdb
# Create the LVM Physical Volume
pvcreate /dev/vdb1
# Create the LVM Volume Group
vgcreate cinder-volumes /dev/vdb1
Install Cinder Volume:
apt-get install cinder-volume
Run:
apt-get install openstack-dashboard memcached
apt-get purge openstack-dashboard-ubuntu-theme
Edit Dashboard config file:
vi /etc/openstack-dashboard/local_settings.py
With:
OPENSTACK_HOST = "controller.yourdomain.com"
Done! You can try to access the Dashboard to test admin login...
This OpenStack Compute Node is powered by Ubuntu 14.04!
Requirements:1 Physical Server with Virtualization support on CPU, 1 ethernet
IPv6
IPv4 - Legacy
This installation can be the "Minimum Installation" flavor, using `Manual Paritioning', make the following partitions:
Login as root and run:
echo compute-1 > /etc/hostname
apt-get update
apt-get dist-upgrade -y
# If your kernel gets upgraded, do a reboot before running the next command:
apt-get install linux-image-extra-`uname -r` vim iptables ubuntu-virt-server libvirt-bin pm-utils nova-compute-kvm python-guestfs neutron-plugin-openvswitch-agent openvswitch-switch -y
When prompted to create a supermin appliance, respond yes.
make the current kernel readable (BUG LP #759725):
dpkg-statoverride --update --add root root 0644 /boot/vmlinuz-$(uname -r)
virsh net-destroy default
virsh net-undefine default
Run:
# Add vhost_net module to be enabled during server boot:
echo vhost_net >> /etc/modules
# Prepare /etc/libvirt/libvirtd.conf:
sed -i 's/^#listen_tls = 0/listen_tls = 0/' /etc/libvirt/libvirtd.conf
sed -i 's/^#listen_tcp = 1/listen_tcp = 1/' /etc/libvirt/libvirtd.conf
sed -i 's/^#auth_tcp = "sasl"/auth_tcp = "none"/' /etc/libvirt/libvirtd.conf
# Prepare /etc/init/libvirt-bin.conf:
sed -i 's/^env libvirtd_opts="-d"/env libvirtd_opts="-d -l"/' /etc/init/libvirt-bin.conf
# Prepare /etc/default/libvirt-bin:
sed -i 's/^libvirtd_opts="-d"/libvirtd_opts="-d -l"/' /etc/default/libvirt-bin
Edit:
vi /etc/hosts
With:
127.0.0.1 localhost.localdomain localhost
# IPv6
2001:db8:1::10 controller.yourdomain.com controller
2001:db8:1::20 compute-1.yourdomain.com compute-1
2001:db8:1::30 compute-2.yourdomain.com compute-2
# IPv4 - Not needed:
#10.32.14.10 controller.yourdomain.com controller
#10.32.14.20 compute-1.yourdomain.com compute-1
#10.32.14.30 compute-2.yourdomain.com compute-2
Edit:
vi /etc/network/interfaces
With:
# The primary network interface
# ETH0 - BEGIN
auto eth0
iface eth0 inet manual
up ip link set $IFACE up
up ip address add 0/0 dev $IFACE
down ip link set $IFACE down
# ETH0 - END
# BR-ETH0 - BEGIN
auto br-eth0
# IPv6
iface br-eth0 inet6 static
address 2001:db8:1::20
netmask 64
gateway 2001:db8:1::1
# dns-* options are implemented by the resolvconf package, if installed
dns-domain yourdomain.com
dns-search yourdomain.com
# Google Public DNS
dns-nameservers 2001:4860:4860::8844 2001:4860:4860::8888
# OpenNIC
# dns-nameservers 2001:530::216:3cff:fe8d:e704 2600:3c00::f03c:91ff:fe96:a6ad 2600:3c00::f03c:91ff:fe96:a6ad
# OpenDNS Public Name Servers:
# dns-nameservers 2620:0:ccc::2 2620:0:ccd::2
# IPv4 - Legacy
iface br-eth0 inet static
address 10.32.14.20
netmask 24
gateway 10.32.14.1
# Google Public DNS
dns-nameservers 8.8.4.4
# OpenDNS
# dns-nameservers 208.67.222.222 208.67.220.220 208.67.222.220 208.67.220.222
# OpenNIC
# dns-nameservers 66.244.95.20 74.207.247.4 216.87.84.211
# BR-ETH0 - END
Run:
ovs-vsctl add-br br-int
ovs-vsctl add-br br-eth0
The next OVS command will kick you out from this server (if connected to it via eth0), that's why we should reboot after running it:
ovs-vsctl add-port br-eth0 eth0 && reboot
Run:
mv /etc/nova/nova.conf /etc/nova/nova.conf_Ubuntu
cd /etc/nova
wget https://gist.githubusercontent.com/tmartinx/10784896/raw/8088aee54877caca18c3020f91b662cdea627213/nova.conf
chown nova: /etc/nova/nova.conf
chmod 640 /etc/nova/nova.conf
cd /etc/init/; for i in $(ls nova-* | cut -d \. -f 1 | xargs); do sudo service $i restart; done
NOTE: Run this command on compute-1.yourdomain.com, not on controller.yourdomain.com.
Edit:
vi /etc/neutron/neutron.conf
With:
[DEFAULT]
# debug = True
# verbose = True
allow_overlapping_ips = True
rabbit_host = controller.yourdomain.com
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller.yourdomain.com:8774/v2
nova_region_name = RegionOne
nova_admin_username = nova
nova_admin_tenant_id = $SERVICE_TENANT_ID
nova_admin_password = service_pass
nova_admin_auth_url = http://controller.yourdomain.com:35357/v2.0
[keystone_authtoken]
auth_uri = http://controller.yourdomain.com:5000
auth_host = controller.yourdomain.com
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = service_pass
signing_dir = /var/lib/neutron/keystone-signing
[database]
connection = mysql://neutronUser:neutronPass@controller.yourdomain.com/neutron
Edit:
vi /etc/neutron/plugins/ml2/ml2_conf.ini
With:
[ml2]
type_drivers = local,flat
mechanism_drivers = openvswitch,l2population
[ml2_type_flat]
flat_networks = *
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
enable_tunneling = False
local_ip = 10.32.14.20
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-eth0
Run:
service neutron-plugin-openvswitch-agent restart
Now, go back to the node controller.yourdomain.com
and run the following commands as root:
Show the O.S. images to get the IDs:
glance image-list
Boot your Ubuntu 14.04 - 32-bit fits better on m1.micro:
nova boot --image $your_ubuntu_14_04_lts_image_id --key-name my_ssh_key --flavor 1 ubuntu-1
The above command will create your Instance but, the IPv6 address will not be configured automatically within it, so, do the following steps to enable it:
Get Instance's info:
nova list
Something like this will appear:
+--------------------------------------+-------------+--------+------------+-------------+----------------------------------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------------+--------+------------+-------------+----------------------------------------------+
| 0460d770-372a-4549-80db-ccbafddda22c | ubuntu-1 | ACTIVE | - | Running | sharednet1=2001:db8:1::8000, 10.32.14.130 |
+--------------------------------------+-------------+--------+------------+-------------+----------------------------------------------+
Go there and configure the IPv6 statically:
ssh ubuntu@10.32.14.130
sudo ip -6 a a 2001:db8:1::8000/64 dev eth0
sudo ip -6 r a default via 2001:db8:1::1
Verify IPv6 connectivity:
ubuntu@ubuntu-1:~$ ping6 -c1 google.com
PING google.com(2800:3f0:4004:800::1001) 56 data bytes
64 bytes from 2800:3f0:4004:800::1001: icmp_seq=1 ttl=52 time=36.2 ms
Now, to make it persistent across Instance's reboots, do this:
Edit the interfaces configuration file:
vi /etc/network/interfaces.d/eth0.cfg
With:
# The primary network interface
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
address 2001:db8:1::8000
netmask 64
gateway 2001:db8:1::1
NOTE: The IPv6 subnet 2001:db8:1::/64 is ONLY used for documentation purposes, it will not be routed. So, replace it with your own block, for example, the one from SixxS.net.
Point mycloud.yourdomain.com to 2001:db8:1::10 (and/or 10.32.14.10) and open the Horizon Dashboard at:
http://mycloud.yourdomain.com/horizon - user admin, pass admin_pass
Congratulations!!
You have your own Private Cloud Computing Environment up and running! With IPv6!!
Enjoy it!
By Thiago Martins thiagocmartinsc@gmail.com