253 lines
6.5 KiB
Plaintext
253 lines
6.5 KiB
Plaintext
= Configutation
|
|
== keystone (identity)
|
|
|
|
* MySQL database exists
|
|
* MySQL user exists and has proper permissions for keystone database
|
|
* /etc/keystone/keystone.conf:
|
|
* contains proper 'connection' setting
|
|
* 'admin_token' ???
|
|
* Keystone certificates exists (what config options control other communication methods?)
|
|
* /etc/keystone/* has user and group set to keystone user
|
|
|
|
== glance (image)
|
|
|
|
* /var/lib/glance/glance.sqlite
|
|
* MySQL database exists
|
|
* MySQL user exists and has proper permissions for glance database
|
|
* /etc/glance/glance-api.conf:
|
|
[keystone_authtoken]
|
|
auth_host = ...
|
|
auth_port = ...
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = glance
|
|
admin_password = glance
|
|
|
|
[paste_deploy]
|
|
config_file = /etc/glance/glance-api-paste.ini
|
|
|
|
flavor = keystone
|
|
|
|
* sql_connection = mysql://glance:glance-password@<mysql-ip>/glance
|
|
|
|
* /etc/glance/glance-registry.conf:
|
|
[keystone_authtoken]
|
|
auth_host = ...
|
|
auth_port = ...
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = glance
|
|
admin_password = glance
|
|
|
|
[paste_deploy]
|
|
config_file = /etc/glance/glance-registry-paste.ini
|
|
|
|
flavor = keystone
|
|
|
|
* /etc/glance/glance-registry-paste.ini:
|
|
# Use this pipeline for keystone auth
|
|
[pipeline:glance-registry-keystone]
|
|
pipeline = authtoken context registryapp
|
|
|
|
* sql_connection = mysql://glance:glance-password@<mysql-ip>/glance
|
|
|
|
= nova (compute)
|
|
|
|
* Enabling KVM:
|
|
|
|
/etc/nova/nova.conf:
|
|
|
|
compute_driver = libvirt.LibvirtDriver
|
|
libvirt_type = kvm
|
|
|
|
* Check for supported CPU features:
|
|
|
|
egrep '(vmx|svm)' --color=always /proc/cpuinfo
|
|
|
|
output:
|
|
|
|
flags : fpu vme de pse tsc msr pae mce ...
|
|
|
|
|
|
lsmod | grep kvm
|
|
|
|
* Enabling QEMU
|
|
|
|
/etc/nova/nova.conf:
|
|
|
|
compute_driver=libvirt.LibvirtDriver
|
|
libvirt_type=qemu
|
|
|
|
* Enabling Xen:
|
|
|
|
/etc/nova/nova.conf:
|
|
|
|
compute_driver=xenapi.XenAPIDriver
|
|
xenapi_connection_url=http://your_xenapi_management_ip_address
|
|
xenapi_connection_username=root
|
|
xenapi_connection_password=your_password
|
|
|
|
or
|
|
|
|
compute_driver=libvirt.LibvirtDriver
|
|
libvirt_type=xen
|
|
|
|
* Network configuration
|
|
* Network interface in promiscuous mode
|
|
|
|
ip link set eth0 promisc on
|
|
|
|
* /etc/qppid.conf has "auth=no"
|
|
* SELinux in permissive mode
|
|
|
|
sudo setenforce permissive
|
|
|
|
* MySQL
|
|
* Database exists
|
|
* User exists and has proper permissions to access nova database
|
|
* PostgreSQL
|
|
* Database exists
|
|
* User exists and has proper permissions to access nova database
|
|
* /etc/nova/nova.conf has sql_connection=postgres://novadbadmin:[[YOUR_NOVADB_PASSWORD]]@127.0.0.1/nova
|
|
|
|
== cinder (block storage)
|
|
* /etc/cinder/api-paste.ini:
|
|
|
|
[filter:authtoken]
|
|
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
|
service_protocol = http
|
|
service_host = 10.211.55.20
|
|
service_port = 5000
|
|
auth_host = 10.211.55.20
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = cinder
|
|
admin_password = openstack
|
|
|
|
* /etc/cinder/cinder.conf:
|
|
|
|
[DEFAULT]
|
|
rootwrap_config=/etc/cinder/rootwrap.conf
|
|
sql_connection = mysql://cinder:openstack@192.168.127.130/cinder
|
|
api_paste_config = /etc/cinder/api-paste.ini
|
|
|
|
iscsi_helper=tgtadm
|
|
volume_name_template = volume-%s
|
|
volume_group = cinder-volumes
|
|
verbose = True
|
|
auth_strategy = keystone
|
|
#osapi_volume_listen_port=5900
|
|
|
|
* If RabbitMQ:
|
|
|
|
rabbit_host = 10.10.10.10
|
|
rabbit_port = 5672
|
|
rabbit_userid = rabbit
|
|
rabbit_password = secure_password
|
|
rabbit_virtual_host = /nova
|
|
|
|
* If Qpid:
|
|
|
|
qpid_hostname=192.168.206.130
|
|
|
|
* /etc/nova/nova.conf:
|
|
|
|
volume_api_class=nova.volume.cinder.API
|
|
|
|
|
|
(continue from http://docs.openstack.org/grizzly/openstack-compute/install/yum/content/compute-minimum-configuration-settings.html)
|
|
|
|
* Ensure user 'nova' exists, group 'nova' exists, user 'nova' belongs to group 'nova'
|
|
* Ensure that '/etc/nova' has 'nova:nova' owners.
|
|
* Ensure that '/etc/nova/nova.conf' has 'root:nova' owners and 0640 permissions.
|
|
|
|
* Minimal /etc/nova/nova.conf:
|
|
|
|
auth_strategy=keystone
|
|
network_manager=nova.network.manager.FlatDHCPManager
|
|
fixed_range=192.168.100.0/24
|
|
public_interface=eth0
|
|
flat_interface=eth0
|
|
flat_network_bridge=br100
|
|
|
|
* Sample /etc/nova/nova.conf:
|
|
|
|
[DEFAULT]
|
|
|
|
# LOGS/STATE
|
|
verbose=True
|
|
logdir=/var/log/nova
|
|
state_path=/var/lib/nova
|
|
lock_path=/var/lock/nova
|
|
rootwrap_config=/etc/nova/rootwrap.conf
|
|
|
|
# SCHEDULER
|
|
compute_scheduler_driver=nova.scheduler.filter_scheduler.FilterScheduler
|
|
|
|
# VOLUMES
|
|
volume_api_class=nova.volume.cinder.API
|
|
volume_driver=nova.volume.driver.ISCSIDriver
|
|
volume_group=cinder-volumes
|
|
volume_name_template=volume-%s
|
|
iscsi_helper=tgtadm
|
|
|
|
# DATABASE
|
|
sql_connection=mysql://nova:yourpassword@192.168.206.130/nova
|
|
|
|
# COMPUTE
|
|
libvirt_type=qemu
|
|
compute_driver=libvirt.LibvirtDriver
|
|
instance_name_template=instance-%08x
|
|
api_paste_config=/etc/nova/api-paste.ini
|
|
|
|
# COMPUTE/APIS: if you have separate configs for separate services
|
|
# this flag is required for both nova-api and nova-compute
|
|
allow_resize_to_same_host=True
|
|
|
|
# APIS
|
|
osapi_compute_extension=nova.api.openstack.compute.contrib.standard_extensions
|
|
ec2_dmz_host=192.168.206.130
|
|
s3_host=192.168.206.130
|
|
enabled_apis=ec2,osapi_compute,metadata
|
|
|
|
# QPID
|
|
qpid_hostname=192.168.206.130
|
|
|
|
# GLANCE
|
|
image_service=nova.image.glance.GlanceImageService
|
|
glance_api_servers=192.168.206.130:9292
|
|
|
|
# NETWORK
|
|
network_manager=nova.network.manager.FlatDHCPManager
|
|
force_dhcp_release=True
|
|
dhcpbridge_flagfile=/etc/nova/nova.conf
|
|
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
|
|
# Change my_ip to match each host
|
|
my_ip=192.168.206.130
|
|
public_interface=eth100
|
|
vlan_interface=eth0
|
|
flat_network_bridge=br100
|
|
flat_interface=eth0
|
|
fixed_range=192.168.100.0/24
|
|
|
|
# NOVNC CONSOLE
|
|
novncproxy_base_url=http://192.168.206.130:6080/vnc_auto.html
|
|
# Change vncserver_proxyclient_address and vncserver_listen to match each compute host
|
|
vncserver_proxyclient_address=192.168.206.130
|
|
vncserver_listen=192.168.206.130
|
|
|
|
# AUTHENTICATION
|
|
auth_strategy=keystone
|
|
[keystone_authtoken]
|
|
auth_host = 127.0.0.1
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = nova
|
|
admin_password = nova
|
|
signing_dirname = /tmp/keystone-signing-nova
|
|
|
|
* 'nova-manage version' to find out version of nova. The output will be something like '2013.1'.
|
|
|