= Configutation == keystone (identity) * MySQL database exists * MySQL user exists and has proper permissions for keystone database * /etc/keystone/keystone.conf: * contains proper 'connection' setting * 'admin_token' ??? * Keystone certificates exists (what config options control other communication methods?) * /etc/keystone/* has user and group set to keystone user == glance (image) * /var/lib/glance/glance.sqlite * MySQL database exists * MySQL user exists and has proper permissions for glance database * /etc/glance/glance-api.conf: [keystone_authtoken] auth_host = ... auth_port = ... auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = glance [paste_deploy] config_file = /etc/glance/glance-api-paste.ini flavor = keystone * sql_connection = mysql://glance:glance-password@/glance * /etc/glance/glance-registry.conf: [keystone_authtoken] auth_host = ... auth_port = ... auth_protocol = http admin_tenant_name = service admin_user = glance admin_password = glance [paste_deploy] config_file = /etc/glance/glance-registry-paste.ini flavor = keystone * /etc/glance/glance-registry-paste.ini: # Use this pipeline for keystone auth [pipeline:glance-registry-keystone] pipeline = authtoken context registryapp * sql_connection = mysql://glance:glance-password@/glance = nova (compute) * Enabling KVM: /etc/nova/nova.conf: compute_driver = libvirt.LibvirtDriver libvirt_type = kvm * Check for supported CPU features: egrep '(vmx|svm)' --color=always /proc/cpuinfo output: flags : fpu vme de pse tsc msr pae mce ... lsmod | grep kvm * Enabling QEMU /etc/nova/nova.conf: compute_driver=libvirt.LibvirtDriver libvirt_type=qemu * Enabling Xen: /etc/nova/nova.conf: compute_driver=xenapi.XenAPIDriver xenapi_connection_url=http://your_xenapi_management_ip_address xenapi_connection_username=root xenapi_connection_password=your_password or compute_driver=libvirt.LibvirtDriver libvirt_type=xen * Network configuration * Network interface in promiscuous mode ip link set eth0 promisc on * /etc/qppid.conf has "auth=no" * SELinux in permissive mode sudo setenforce permissive * MySQL * Database exists * User exists and has proper permissions to access nova database * PostgreSQL * Database exists * User exists and has proper permissions to access nova database * /etc/nova/nova.conf has sql_connection=postgres://novadbadmin:[[YOUR_NOVADB_PASSWORD]]@127.0.0.1/nova == cinder (block storage) * /etc/cinder/api-paste.ini: [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory service_protocol = http service_host = 10.211.55.20 service_port = 5000 auth_host = 10.211.55.20 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = cinder admin_password = openstack * /etc/cinder/cinder.conf: [DEFAULT] rootwrap_config=/etc/cinder/rootwrap.conf sql_connection = mysql://cinder:openstack@192.168.127.130/cinder api_paste_config = /etc/cinder/api-paste.ini iscsi_helper=tgtadm volume_name_template = volume-%s volume_group = cinder-volumes verbose = True auth_strategy = keystone #osapi_volume_listen_port=5900 * If RabbitMQ: rabbit_host = 10.10.10.10 rabbit_port = 5672 rabbit_userid = rabbit rabbit_password = secure_password rabbit_virtual_host = /nova * If Qpid: qpid_hostname=192.168.206.130 * /etc/nova/nova.conf: volume_api_class=nova.volume.cinder.API (continue from http://docs.openstack.org/grizzly/openstack-compute/install/yum/content/compute-minimum-configuration-settings.html) * Ensure user 'nova' exists, group 'nova' exists, user 'nova' belongs to group 'nova' * Ensure that '/etc/nova' has 'nova:nova' owners. * Ensure that '/etc/nova/nova.conf' has 'root:nova' owners and 0640 permissions. * Minimal /etc/nova/nova.conf: auth_strategy=keystone network_manager=nova.network.manager.FlatDHCPManager fixed_range=192.168.100.0/24 public_interface=eth0 flat_interface=eth0 flat_network_bridge=br100 * Sample /etc/nova/nova.conf: [DEFAULT] # LOGS/STATE verbose=True logdir=/var/log/nova state_path=/var/lib/nova lock_path=/var/lock/nova rootwrap_config=/etc/nova/rootwrap.conf # SCHEDULER compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler # VOLUMES volume_api_class=nova.volume.cinder.API volume_driver=nova.volume.driver.ISCSIDriver volume_group=cinder-volumes volume_name_template=volume-%s iscsi_helper=tgtadm # DATABASE sql_connection=mysql://nova:yourpassword@192.168.206.130/nova # COMPUTE libvirt_type=qemu compute_driver=libvirt.LibvirtDriver instance_name_template=instance-%08x api_paste_config=/etc/nova/api-paste.ini # COMPUTE/APIS: if you have separate configs for separate services # this flag is required for both nova-api and nova-compute allow_resize_to_same_host=True # APIS osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions ec2_dmz_host=192.168.206.130 s3_host=192.168.206.130 enabled_apis=ec2,osapi_compute,metadata # QPID qpid_hostname=192.168.206.130 # GLANCE image_service=nova.image.glance.GlanceImageService glance_api_servers=192.168.206.130:9292 # NETWORK network_manager=nova.network.manager.FlatDHCPManager force_dhcp_release=True dhcpbridge_flagfile=/etc/nova/nova.conf firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver # Change my_ip to match each host my_ip=192.168.206.130 public_interface=eth100 vlan_interface=eth0 flat_network_bridge=br100 flat_interface=eth0 fixed_range=192.168.100.0/24 # NOVNC CONSOLE novncproxy_base_url=http://192.168.206.130:6080/vnc_auto.html # Change vncserver_proxyclient_address and vncserver_listen to match each compute host vncserver_proxyclient_address=192.168.206.130 vncserver_listen=192.168.206.130 # AUTHENTICATION auth_strategy=keystone [keystone_authtoken] auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = nova admin_password = nova signing_dirname = /tmp/keystone-signing-nova * 'nova-manage version' to find out version of nova. The output will be something like '2013.1'.