A Step-by-Step Cloud Setup Guide

Enabling Asynchronous Routing

A very annoying default setting in Ubuntu 12.04 sometimes causes problems, especially in setups with OpenStack Quantum. Out of the box, Ubuntu sets the value for the rp_filter sys control variable to 1. This means a reply packet for a network request can only enter the system using exactly the interface on which the original request left the system. However, in Quantum setups, it is quite possible for packets to leave via a different interface than the response uses to come into the system. It is therefore advisable to allow asynchronous routing across the board on Ubuntu. The following two entries in /etc/sysctl.conf take care of this:

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

Of course, you also need to enable packet forwarding:

net.ipv4.ip_forward=1

Then, reboot to ensure that the new configuration is active.

iptables and Masquerading

Finally, you need to look at the firewall configuration on the host side. The iptables rules should never prevent traffic on the individual interfaces. If, as in the example, you have a gateway for the external network that is not a separately controlled router from the provider but a local computer instead, you need to configure rules for DNAT and SNAT on this machine to match your setup.

NTP, RabbitMQ, and MySQL

The good news here is that NTP and RabbitMQ require no changes after the installation on Alice; both services work immediately after the install using the default values.

However, the situation is a little different for MySQL: The OpenStack services need their own database in MySQL, and you have to create it manually. Listing 1 gives you the necessary commands. The example assumes that no password is set for the root user in MySQL. If your local setup is different, you need to add the -p parameter to each MySQL call so that the MySQL client prompts for the database password each time. Also, MySQL must be configured to listen on all interfaces – not only on the localhost address 127.0.0.1. To do this, change the value of bind_address = to 0.0.0.0 in /etc/mysql/my.cnf.

01 mysql -u root <<EOF
02 CREATE DATABASE nova;
03 GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%'
04   IDENTIFIED BY 'dieD9Mie';
05 EOF
06 mysql -u root <<EOF
07 CREATE DATABASE glance;
08 GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%'
09   IDENTIFIED BY 'ohC3teiv';
10 EOF
11 mysql -u root <<EOF
12 CREATE DATABASE keystone;
13 GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%'
14   IDENTIFIED BY 'Ue0Ud7ra';
15 EOF
16 mysql -u root <<EOF
17 CREATE DATABASE quantum;
18 GRANT ALL PRIVILEGES ON quantum.* TO 'quantumdbadmin'@'%'
19   IDENTIFIED BY 'wozohB8g';
20 EOF
21 mysql -u root <<EOF
22 CREATE DATABASE cinder;
23 GRANT ALL PRIVILEGES ON cinder.* TO 'cinderdbadmin'@'%'
24   IDENTIFIED BY 'ceeShi4O';
25 EOF

After you have created the databases and changed the IP address appropriately, you can now start with the actual OpenStack components. The commands shown in Listing 1 create the required MySQL databases.