OpenStack workshop, part 2: OpenStack cloud installation
A Step-by-Step Cloud Setup Guide
Enabling Asynchronous Routing
A very annoying default setting in Ubuntu 12.04 sometimes causes problems, especially in setups with OpenStack Quantum. Out of the box, Ubuntu sets the value for the rp_filter
sys control variable to 1
. This means a reply packet for a network request can only enter the system using exactly the interface on which the original request left the system. However, in Quantum setups, it is quite possible for packets to leave via a different interface than the response uses to come into the system. It is therefore advisable to allow asynchronous routing across the board on Ubuntu. The following two entries in /etc/sysctl.conf
take care of this:
net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0
Of course, you also need to enable packet forwarding:
net.ipv4.ip_forward=1
Then, reboot to ensure that the new configuration is active.
iptables and Masquerading
Finally, you need to look at the firewall configuration on the host side. The iptables rules should never prevent traffic on the individual interfaces. If, as in the example, you have a gateway for the external network that is not a separately controlled router from the provider but a local computer instead, you need to configure rules for DNAT and SNAT on this machine to match your setup.
NTP, RabbitMQ, and MySQL
The good news here is that NTP and RabbitMQ require no changes after the installation on Alice; both services work immediately after the install using the default values.
However, the situation is a little different for MySQL: The OpenStack services need their own database in MySQL, and you have to create it manually. Listing 1 gives you the necessary commands. The example assumes that no password is set for the root user in MySQL. If your local setup is different, you need to add the -p
parameter to each MySQL call so that the MySQL client prompts for the database password each time. Also, MySQL must be configured to listen on all interfaces – not only on the localhost address 127.0.0.1. To do this, change the value of bind_address =
to 0.0.0.0
in /etc/mysql/my.cnf
.
Listing 1
Creating Databases
01 mysql -u root <<EOF 02 CREATE DATABASE nova; 03 GRANT ALL PRIVILEGES ON nova.* TO 'novadbadmin'@'%' 04 IDENTIFIED BY 'dieD9Mie'; 05 EOF 06 mysql -u root <<EOF 07 CREATE DATABASE glance; 08 GRANT ALL PRIVILEGES ON glance.* TO 'glancedbadmin'@'%' 09 IDENTIFIED BY 'ohC3teiv'; 10 EOF 11 mysql -u root <<EOF 12 CREATE DATABASE keystone; 13 GRANT ALL PRIVILEGES ON keystone.* TO 'keystonedbadmin'@'%' 14 IDENTIFIED BY 'Ue0Ud7ra'; 15 EOF 16 mysql -u root <<EOF 17 CREATE DATABASE quantum; 18 GRANT ALL PRIVILEGES ON quantum.* TO 'quantumdbadmin'@'%' 19 IDENTIFIED BY 'wozohB8g'; 20 EOF 21 mysql -u root <<EOF 22 CREATE DATABASE cinder; 23 GRANT ALL PRIVILEGES ON cinder.* TO 'cinderdbadmin'@'%' 24 IDENTIFIED BY 'ceeShi4O'; 25 EOF
After you have created the databases and changed the IP address appropriately, you can now start with the actual OpenStack components. The commands shown in Listing 1 create the required MySQL databases.