Learn About OpenStack: February 2016

Monday, February 8, 2016

Adding a compute node with Packstack

On compute node:

Stop network Manager.

# systemctl disable NetworkManager.service

#systemctl stop NetworkManager.service

#systemctl start network.service

#systemctl enable network.service

Configure local repo from RHEL7 DVD
Configure RDO repo:

yum install rdo-release-kilo-1.noarch.rpm

Configure epel repo

Yum install epel-release-latest-7.noarch.rpm

Install below required packages which are not present in repository:

dnsmasq-utils-2.66-14.el7_1.x86_64.rpm

python-cheetah-2.4.4-4.el7.x86_64.rpm

python-markdown-2.4.1-1.el7.noarch.rpm

python-pyasn1-modules-0.1.6-2.el7.noarch.rpm

python-pygments-1.4-9.el7.noarch.rpm

python-webob-1.2.3-8.el7.noarch.rpm

python-werkzeug-0.9.1-1.el7.noarch.rpm

#Yum install pkg1 pkg2 etc.

ON CONTROLER NODE:

Add ip of compute server - in my case 192.168.140.134 in answer-file file

CONFIG_COMPUTE_HOSTS=192.168.140.133,192.168.140.134

[root@controller
~]# packstack --answer-file /root/answer.txt

Welcome to the
Packstack setup utility

The
installation log file is available at:
/var/tmp/packstack/20160208-113001-2vehaw/openstack-setup.log

Installing:

Clean Up                                             [
DONE ]

Discovering ip
protocol version                      [
DONE ]

Setting up ssh
keys                                  [
DONE ]

Preparing
servers                                   
[ DONE ]

Pre installing
Puppet and discovering hosts' details [ DONE ]

Adding pre
install manifest entries                 
[ DONE ]

Installing
time synchronization via NTP             
[ DONE ]

Setting up
CACERT                                   
[ DONE ]

Adding AMQP
manifest entries                        
[ DONE ]

Adding MariaDB
manifest entries                      [
DONE ]

Fixing
Keystone LDAP config parameters to be undef if empty[ DONE ]

Adding
Keystone manifest entries                    
[ DONE ]

Adding Glance
Keystone manifest entries              [
DONE ]

Adding Glance
manifest entries                       [
DONE ]

Adding Cinder
Keystone manifest entries              [
DONE ]

Checking if
the Cinder server has a cinder-volumes vg[ DONE ]

Adding Cinder
manifest entries                       [
DONE ]

Adding Nova
API manifest entries                    
[ DONE ]

Adding Nova
Keystone manifest entries               
[ DONE ]

Adding Nova
Cert manifest entries                   
[ DONE ]

Adding Nova
Conductor manifest entries              
[ DONE ]

Creating ssh
keys for Nova migration                 [
DONE ]

Gathering ssh
host keys for Nova migration           [
DONE ]

Adding Nova
Compute manifest entries                
[ DONE ]

Adding Nova
Scheduler manifest entries              
[ DONE ]

Adding Nova
VNC Proxy manifest entries              
[ DONE ]

Adding
OpenStack Network-related Nova manifest entries[ DONE ]

Adding Nova
Common manifest entries                 
[ DONE ]

Adding Neutron
FWaaS Agent manifest entries          [
DONE ]

Adding Neutron
LBaaS Agent manifest entries          [
DONE ]

Adding Neutron
API manifest entries                  [
DONE ]

Adding Neutron
Keystone manifest entries             [
DONE ]

Adding Neutron
L3 manifest entries                   [
DONE ]

Adding Neutron
L2 Agent manifest entries             [
DONE ]

Adding Neutron
DHCP Agent manifest entries           [
DONE ]

Adding Neutron
Metering Agent manifest entries       [
DONE ]

Adding Neutron
Metadata Agent manifest entries       [
DONE ]

Checking if
NetworkManager is enabled and running   
[ DONE ]

Adding
OpenStack Client manifest entries            
[ DONE ]

Adding Horizon
manifest entries                      [
DONE ]

Adding Heat
manifest entries                        
[ DONE ]

Adding Heat
CloudFormation API manifest entries     
[ DONE ]

Adding MongoDB
manifest entries                      [
DONE ]

Adding Redis
manifest entries                        [
DONE ]

Adding
Ceilometer manifest entries                  
[ DONE ]

Adding
Ceilometer Keystone manifest entries         
[ DONE ]

Adding Nagios
server manifest entries                [
DONE ]

Adding Nagios
host manifest entries                  [
DONE ]

Adding post
install manifest entries                
[ DONE ]

Copying Puppet
modules and manifests                 [
DONE ]

Applying
192.168.140.134_prescript.pp

Applying
192.168.140.133_prescript.pp

192.168.140.134_prescript.pp:                        [ DONE ]

192.168.140.133_prescript.pp:                        [ DONE ]

Applying
192.168.140.134_chrony.pp

Applying
192.168.140.133_chrony.pp

192.168.140.134_chrony.pp:                           [ DONE ]

192.168.140.133_chrony.pp:                           [ DONE ]

Applying
192.168.140.133_amqp.pp

Applying
192.168.140.133_mariadb.pp

192.168.140.133_amqp.pp:                             [ DONE ]

192.168.140.133_mariadb.pp:                          [ DONE ]

Applying
192.168.140.133_keystone.pp

Applying
192.168.140.133_glance.pp

Applying
192.168.140.133_cinder.pp

192.168.140.133_keystone.pp:                         [ DONE ]

192.168.140.133_glance.pp:                           [ DONE ]

192.168.140.133_cinder.pp:                           [ DONE ]

Applying
192.168.140.133_api_nova.pp

192.168.140.133_api_nova.pp:                         [ DONE ]

Applying
192.168.140.133_nova.pp

Applying
192.168.140.134_nova.pp

Applying
192.168.140.133_neutron.pp

192.168.140.134_nova.pp:                             [ DONE ]

192.168.140.133_nova.pp:                             [ DONE ]

192.168.140.133_neutron.pp:                          [ DONE ]

Applying
192.168.140.134_neutron.pp

192.168.140.134_neutron.pp:                          [ DONE ]

Applying
192.168.140.133_osclient.pp

Applying
192.168.140.133_horizon.pp

192.168.140.133_osclient.pp:                         [ DONE ]

192.168.140.133_horizon.pp:                          [ DONE ]

Applying
192.168.140.133_heat.pp

Applying
192.168.140.133_heatcnf.pp

192.168.140.133_heat.pp:                             [ DONE ]

192.168.140.133_heatcnf.pp:                          [ DONE ]

Applying
192.168.140.133_mongodb.pp

Applying
192.168.140.133_redis.pp

192.168.140.133_mongodb.pp:                          [ DONE ]

192.168.140.133_redis.pp:                            [ DONE ]

Applying
192.168.140.133_ceilometer.pp

192.168.140.133_ceilometer.pp:                       [ DONE ]

Applying
192.168.140.133_nagios.pp

Applying
192.168.140.134_nagios_nrpe.pp

Applying
192.168.140.133_nagios_nrpe.pp

192.168.140.134_nagios_nrpe.pp:                      [ DONE ]

192.168.140.133_nagios.pp:                           [ DONE ]

192.168.140.133_nagios_nrpe.pp:                      [ DONE ]

Applying
192.168.140.134_postscript.pp

Applying
192.168.140.133_postscript.pp

192.168.140.134_postscript.pp:                       [ DONE ]

192.168.140.133_postscript.pp:                       [ DONE ]

Applying
Puppet manifests                           
[ DONE ]

Finalizing                                           [
DONE ]

 **** Installation completed successfully
******

Additional
information:

 * File /root/keystonerc_admin has been created
on OpenStack client host 192.168.140.133. To use the command line tools you
need to source the file.

 * NOTE : A certificate was generated to be
used for ssl, You should change the ssl certificate configured in
/etc/httpd/conf.d/ssl.conf on 192.168.140.133 to use a CA signed cert.

 * To access the OpenStack Dashboard browse to https://192.168.140.133/dashboard
.

Please, find
your login credentials stored in the keystonerc_admin in your home directory.

 * To use Nagios, browse to http://192.168.140.133/nagios
username: nagiosadmin, password: e365d58566e5482e

 * The installation log file is available at:
/var/tmp/packstack/20160208-113001-2vehaw/openstack-setup.log

 * The generated manifests are available at:
/var/tmp/packstack/20160208-113001-2vehaw/manifests

[root@controller
~]#

On compute node:

[root@computenode
~]# openstack-status

== Nova
services ==

openstack-nova-api:                     inactive  (disabled on boot)

openstack-nova-compute:                 active

openstack-nova-network:                 inactive  (disabled on boot)

openstack-nova-scheduler:               inactive  (disabled on boot)

== neutron
services ==

neutron-server:                         inactive  (disabled on boot)

neutron-dhcp-agent:                     inactive  (disabled on boot)

neutron-l3-agent:                       inactive  (disabled on boot)

neutron-metadata-agent:                 inactive  (disabled on boot)

neutron-lbaas-agent:                    inactive  (disabled on boot)

neutron-openvswitch-agent:              active

== Ceilometer
services ==

openstack-ceilometer-api:               inactive  (disabled on boot)

openstack-ceilometer-central:           inactive  (disabled on boot)

openstack-ceilometer-compute:           active

openstack-ceilometer-collector:         inactive  (disabled on boot)

== Support
services ==

openvswitch:                            active

dbus:                                   active

Warning novarc
not sourced

[root@computenode
~]#

Check in
Dashboard.

Sunday, February 7, 2016

Find out how many Ethernet card installed and setup network in red hat RHEL 7 minimal installation

1. Use "nmcli d" to find out how many network card installed .

2. Use "nmtui" command to configure IP to eth1.

Saturday, February 6, 2016

Packstack deployment - Error message and their solution

1.NTP error:

ERROR : Error appeared during Puppet run: 192.168.140.130_chrony.pp

Error: /usr/sbin/ntpdate 192.168.122.130 returned 1 instead of one of [0] [0m

Solution:

Edit answer file

CONFIG_NTP_SERVERS=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

For more info:

https://bugzilla.redhat.com/show_bug.cgi?id=983771

2.Error in monodb and fix

Actual results:

192.169.142.54_mongodb.pp: [ ERROR ]

Applying Puppet manifests [ ERROR ]

ERROR : Error appeared during Puppet run: 192.169.142.54_mongodb.pp

Error: Unable to connect to mongodb server! (192.169.142.54:27017)

Expected results:

Successful install

Additional info:

Workaround (to bind to host IP, actually binds to 127.0.0.1 )

systemctl stop mongod.service

rm -f /etc/mongodb.conf

ln -s /etc/mongod.conf /etc/mongodb.conf

Rerun packstack

3."packstack --allinone" fails with "Cinder's volume group 'cinder-volumes' could not be created" error message.

Installing dependencies for Cinder... [ DONE ]

Checking if the Cinder server has a cinder-volumes vg...[ ERROR ]

ERROR : Cinder's volume group 'cinder-volumes' could not be created

Workaround:

This happens when packstack tries to create the temporary cinder volume group based on loop device. To circumvent this, we can create it upfront and tell packstack not to create it for us when prompted.

Steps to create temporary volume group.

# mkdir -p /var/lib/cinder

# dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=20G

# losetup --show -f /var/lib/cinder/cinder-volumes

# pvcreate /dev/loopx

Replace loopx with the output from the previous command.

# vgcreate cinder-volumes /dev/loopx

Run "vgs" command and verify that cinder-volumes volume groups exists.

Then run packstack and specify not to create the temporary volume group for you.

More info: https://access.redhat.com/solutions/437963

Deploying OpenStack Liberty with Packstack in CentOS 7

PackStack - A utility which uses Puppet modules to deploy an OpenStack in Red Hat linux or centos.
An answer file can be passed to packstack to configure/customised openstack environment.
Answer file contains variable which is used during openstack installation by packstack.

1.Install centos 7 with minimal install

2 network ----> NAT and host only ---> NAT so that virtual machine can use host compute Internet.
Use Virtual Box or Vmware workstation
RAM =3G, Disk = 20G ,VCPU=2

3.Rename interface to eth0 and eth1 if they are not

Edit /etc/default/grub
At the end of GRUB_CMDLINE_LINUX line append "net.ifnames=0 biosdevname=0"
Save the file
Type "grub2-mkconfig -o /boot/grub2/grub.cfg"
Type "reboot"

4.Openstack is incompatible woth NetworkManage,so disable it before installing openstack
# systemctl disable NetworkManager.service
#systemctl stop NetworkManager.service
#systemctl start network.service
#systemctl enable network.service

5.Disable selinux add hostname in etc/hosts file

[root@openstack-liberty ~]# getenforce
Enforcing
[root@openstack-liberty ~]# setenforce 0
[root@openstack-liberty ~]# getenforce
Permissive
[root@openstack-liberty ~]# echo "192.168.4.101 openstack-liberty.lab.com openstack-liberty" >> /etc/hosts

6.Install RDO liberty release
[root@openstack-liberty ~]# yum install https://repos.fedorapeople.org/repos/openstack/openstack-liberty/rdo-release-liberty-3.noarch.rpm

7.Install Packstack package.
#yum install -y openstack-packstack

8.Generate answerfile
#packstack --gen-answer-file /root/answer.txt

9.Edit Answer file as per your requirement.
#vi /root/answer.txt

[root@openstack-liberty ~]# diff /root/answer.txt /root/answer.txt.org|grep '^<'
< CONFIG_HEAT_INSTALL=y
< CONFIG_NTP_SERVERS=pool.ntp.org
< CONFIG_CINDER_VOLUMES_SIZE=10G
< CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-eth1
< CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
< CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
[root@openstack-liberty ~]#

10.Deploy openstack using answer file.
#packstack --answer-file /root/answer.txt

If any error fix that then rerun packstack

Log:
===============================================================================================================================

login as: root
root@192.168.4.101's password:
Last login: Wed Jun 15 07:10:53 2016 from 192.168.4.1
[root@openstack-liberty ~]#
[root@openstack-liberty ~]#
[root@openstack-liberty ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c9:28:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.4.101/24 brd 192.168.4.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec9:28e3/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:c9:28:ed brd ff:ff:ff:ff:ff:ff
inet 172.16.0.101/24 brd 172.16.0.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fec9:28ed/64 scope link
valid_lft forever preferred_lft forever
[root@openstack-liberty ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@openstack-liberty ~]# getenforce
Enforcing
[root@openstack-liberty ~]# setenforce 0
[root@openstack-liberty ~]# getenforce
Permissive
[root@openstack-liberty ~]# echo "192.168.4.101 openstack-liberty.lab.com openstack-liberty" >> /etc/hosts
[root@openstack-liberty ~]# cat !$
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.4.101 openstack-liberty.lab.com openstack-liberty
[root@openstack-liberty ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* extras: mirror.nbrc.ac.in
* updates: mirror.nbrc.ac.in
repo id repo name status
!base/7/x86_64 CentOS-7 - Base 9,007
!extras/7/x86_64 CentOS-7 - Extras 310
!openstack-liberty/x86_64 OpenStack Liberty Repository 1,316
!updates/7/x86_64 CentOS-7 - Updates 1,687
repolist: 12,320
[root@openstack-liberty ~]# yum install https://repos.fedorapeople.org/repos/openstack/openstack-liberty/rdo-release-liberty-3.noarch.rpm
Loaded plugins: fastestmirror
rdo-release-liberty-3.noarch.rpm | 5.3 kB 00:00:00
Examining /var/tmp/yum-root-sb8CjV/rdo-release-liberty-3.noarch.rpm: rdo-release-liberty-3.noarch
Marking /var/tmp/yum-root-sb8CjV/rdo-release-liberty-3.noarch.rpm as an update to rdo-release-liberty-2.noarch
Resolving Dependencies
--> Running transaction check
---> Package rdo-release.noarch 0:liberty-2 will be updated
---> Package rdo-release.noarch 0:liberty-3 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Updating:
rdo-release noarch liberty-3 /rdo-release-liberty-3.noarch 1.7 k

Transaction Summary
=============================================================================================================================================================
Upgrade 1 Package

Total size: 1.7 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : rdo-release-liberty-3.noarch 1/2
Cleanup : rdo-release-liberty-2.noarch 2/2
Verifying : rdo-release-liberty-3.noarch 1/2
Verifying : rdo-release-liberty-2.noarch 2/2

Updated:
rdo-release.noarch 0:liberty-3

Complete!
[root@openstack-liberty ~]# packstack -h
Usage: packstack [options] [--help]

Options:
--version show program's version number and exit
-h, --help show this help message and exit
--gen-answer-file=GEN_ANSWER_FILE
Generate a template of an answer file.
--answer-file=ANSWER_FILE
Runs the configuration in non-interactive mode,
extracting all information from theconfiguration file.
using this option excludes all other options
--install-hosts=INSTALL_HOSTS
Install on a set of hosts in a single step. The format
should be a comma separated list of hosts, the first
is setup as a controller, and the others are setup as
compute nodes.if only a single host is supplied then
it is setup as an all in one installation. An
answerfile will also be generated and should be used
if Packstack needs to be run a second time
--allinone Shorthand for --install-hosts=<local ipaddr>
--novanetwork-pubif=<dev> --novacompute-privif=lo
--novanetwork-privif=lo --os-swift-install=y --nagios-
install=y , this option can be used to install an all
in one OpenStack on this host
-t TIMEOUT, --timeout=TIMEOUT
The timeout for puppet Exec calls
-o, --options Print details on options available in answer file(rst
format)
-d, --debug Enable debug in logging
-y, --dry-run Don't execute, just generate manifests

Global Options:
--ssh-public-key=SSH_PUBLIC_KEY
Path to a public key to install on servers. If a
usable key has not been installed on the remote
servers, the user is prompted for a password and this
key is installed so the password will not be required
again.

--rh-proxy-user=RH_PROXY_USER
User name to use for Red Hat Subscription Manager's
HTTP proxy.
--rh-proxy-password=RH_PROXY_PASSWORD
Password to use for Red Hat Subscription Manager's
HTTP proxy.

RHN Satellite config:
--rhn-satellite-username=RHN_SATELLITE_USERNAME
User name to authenticate with the RHN Satellite
server; if you intend to use an access key for
Satellite authentication, leave this blank.
--rhn-satellite-password=RHN_SATELLITE_PASSWORD
Password to authenticate with the RHN Satellite
server; if you intend to use an access key for
Satellite authentication, leave this blank.
--rhn-satellite-activation-key=RHN_SATELLITE_ACTIVATION_KEY
Access key for the Satellite server; if you intend to
use a user name and password for Satellite
authentication, leave this blank.
--rhn-satellite-cacert=RHN_SATELLITE_CACERT
Certificate path or URL of the certificate authority
to verify that the connection with the Satellite
server is secure. If you are not using Satellite in
your deployment, leave this blank.
--rhn-satellite-profile=RHN_SATELLITE_PROFILE
Profile name that should be used as an identifier for
the system in RHN Satellite (if required).
--rhn-satellite-flags=RHN_SATELLITE_FLAGS
Comma-separated list of flags passed to the rhnreg_ks
command. Valid flags are: novirtinfo, norhnsd,
nopackages ['novirtinfo', 'norhnsd', 'nopackages']
--rhn-satellite-proxy-host=RHN_SATELLITE_PROXY_HOST
HTTP proxy to use when connecting to the RHN Satellite
server (if required).

RHN Satellite proxy config:
--rhn-satellite-proxy-username=RHN_SATELLITE_PROXY_USERNAME
User name to authenticate with the Satellite-server
HTTP proxy.
--rhn-satellite-proxy-password=RHN_SATELLITE_PROXY_PASSWORD
User password to authenticate with the Satellite-
server HTTP proxy.

SSL Config parameters:
--ssl-cacert-file=SSL_CACERT_FILE
Specify filepath for CA cert file. If
CONFIG_SSL_CACERT_SELFSIGN is set to 'n' it has to be
preexisting file.
--ssl-cacert-key-file=SSL_CACERT_KEY_FILE
Specify filepath for CA cert key file. If
CONFIG_SSL_CACERT_SELFSIGN is set to 'n' it has to be
preexisting file.
--ssl-cert-dir=SSL_CERT_DIR
Enter the path to use to store generated SSL
certificates in.
--ssl-cacert-selfsign=SSL_CACERT_SELFSIGN
Specify 'y' if you want Packstack to pregenerate the
CA Certificate.

SSL selfsigned CAcert Config parameters:
--selfsign-cacert-subject-country=SELFSIGN_CACERT_SUBJECT_COUNTRY
Enter the selfsigned CAcert subject country.
--selfsign-cacert-subject-state=SELFSIGN_CACERT_SUBJECT_STATE
Enter the selfsigned CAcert subject state.
--selfsign-cacert-subject-location=SELFSIGN_CACERT_SUBJECT_LOCATION
Enter the selfsigned CAcert subject location.
--selfsign-cacert-subject-organization=SELFSIGN_CACERT_SUBJECT_ORGANIZATION
Enter the selfsigned CAcert subject organization.
--selfsign-cacert-subject-organizational-unit=SELFSIGN_CACERT_SUBJECT_ORGANIZATIONAL_UNIT
Enter the selfsigned CAcert subject organizational
unit.
--selfsign-cacert-subject-common-name=SELFSIGN_CACERT_SUBJECT_COMMON_NAME
Enter the selfsigned CAcert subject common name.
--selfsign-cacert-subject-email=SELFSIGN_CACERT_SUBJECT_EMAIL

AMQP Config parameters:
--amqp-backend=AMQP_BACKEND
Service to be used as the AMQP broker. Allowed values
are: qpid, rabbitmq ['qpid', 'rabbitmq']
--amqp-host=AMQP_HOST
IP address of the server on which to install the AMQP
service.
--amqp-enable-ssl=AMQP_ENABLE_SSL
Specify 'y' to enable SSL for the AMQP service. ['y',
'n']
--amqp-enable-auth=AMQP_ENABLE_AUTH
Specify 'y' to enable authentication for the AMQP
service. ['y', 'n']

AMQP Config SSL parameters:
--amqp-nss-certdb-pw=AMQP_NSS_CERTDB_PW
Password for the NSS certificate database of the AMQP
service.

AMQP Config Athentication parameters:
--amqp-auth-user=AMQP_AUTH_USER
User for AMQP authentication.
--amqp-auth-password=AMQP_AUTH_PASSWORD
Password for AMQP authentication.

MariaDB Config parameters:
--mariadb-host=MARIADB_HOST
IP address of the server on which to install MariaDB.
If a MariaDB installation was not specified in
CONFIG_MARIADB_INSTALL, specify the IP address of an
existing database server (a MariaDB cluster can also
be specified).
--mariadb-pw=MARIADB_PW
Password for the MariaDB administrative user.

Keystone Config parameters:
--keystone-db-passwd=KEYSTONE_DB_PASSWD
Password to use for the Identity service (keystone) to
access the database.
--keystone-db-purge-enable=KEYSTONE_DB_PURGE_ENABLE
Enter y if cron job for removing soft deleted DB rows
should be created.
--keystone-region=KEYSTONE_REGION
Default region name to use when creating tenants in
the Identity service.
--keystone-admin-email=KEYSTONE_ADMIN_EMAIL
Email address for the Identity service 'admin' user.
Defaults to
--keystone-admin-username=KEYSTONE_ADMIN_USERNAME
User name for the Identity service 'admin' user.
Defaults to 'admin'.
--keystone-admin-passwd=KEYSTONE_ADMIN_PASSWD
Password to use for the Identity service 'admin' user.
--keystone-demo-passwd=KEYSTONE_DEMO_PASSWD
Password to use for the Identity service 'demo' user.
--keystone-service-name=KEYSTONE_SERVICE_NAME
Name of service to use to run the Identity service
(keystone or httpd). ['keystone', 'httpd']
--keystone-identity-backend=KEYSTONE_IDENTITY_BACKEND
Type of Identity service backend (sql or ldap).
['sql', 'ldap']

Keystone LDAP Identity Backend Config parameters:
--keystone-ldap-url=KEYSTONE_LDAP_URL
URL for the Identity service LDAP backend.
--keystone-ldap-user-dn=KEYSTONE_LDAP_USER_DN
User DN for the Identity service LDAP backend. Used
to bind to the LDAP server if the LDAP server does not
allow anonymous authentication.
--keystone-ldap-user-password=KEYSTONE_LDAP_USER_PASSWORD
User DN password for the Identity service LDAP
backend.
--keystone-ldap-suffix=KEYSTONE_LDAP_SUFFIX
Base suffix for the Identity service LDAP backend.
--keystone-ldap-query-scope=KEYSTONE_LDAP_QUERY_SCOPE
Query scope for the Identity service LDAP backend. Use
'one' for onelevel/singleLevel or 'sub' for
subtree/wholeSubtree ('base' is not actually used by
the Identity service and is therefore deprecated).
['base', 'one', 'sub']
--keystone-ldap-page-size=KEYSTONE_LDAP_PAGE_SIZE
Query page size for the Identity service LDAP backend.
--keystone-ldap-user-subtree=KEYSTONE_LDAP_USER_SUBTREE
User subtree for the Identity service LDAP backend.
--keystone-ldap-user-filter=KEYSTONE_LDAP_USER_FILTER
User query filter for the Identity service LDAP
backend.
--keystone-ldap-user-objectclass=KEYSTONE_LDAP_USER_OBJECTCLASS
User object class for the Identity service LDAP
backend.
--keystone-ldap-user-id-attribute=KEYSTONE_LDAP_USER_ID_ATTRIBUTE
User ID attribute for the Identity service LDAP
backend.
--keystone-ldap-user-name-attribute=KEYSTONE_LDAP_USER_NAME_ATTRIBUTE
User name attribute for the Identity service LDAP
backend.
--keystone-ldap-user-mail-attribute=KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE
User email address attribute for the Identity service
LDAP backend.
--keystone-ldap-user-enabled-attribute=KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE
User-enabled attribute for the Identity service LDAP
backend.
--keystone-ldap-user-enabled-mask=KEYSTONE_LDAP_USER_ENABLED_MASK
Bit mask integer applied to user-enabled attribute for
the Identity service LDAP backend. Indicate the bit
that the enabled value is stored in if the LDAP server
represents "enabled" as a bit on an integer rather
than a boolean. A value of "0" indicates the mask is
not used (default). If this is not set to "0", the
typical value is "2", typically used when
"CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE =
userAccountControl".
--keystone-ldap-user-enabled-default=KEYSTONE_LDAP_USER_ENABLED_DEFAULT
Value of enabled attribute which indicates user is
enabled for the Identity service LDAP backend. This
should match an appropriate integer value if the LDAP
server uses non-boolean (bitmask) values to indicate
whether a user is enabled or disabled. If this is not
set as 'y', the typical value is "512". This is
typically used when
"CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE =
userAccountControl".
--keystone-ldap-user-enabled-invert=KEYSTONE_LDAP_USER_ENABLED_INVERT
Specify 'y' if users are disabled (not enabled) in the
Identity service LDAP backend (inverts boolean-enalbed
values). Some LDAP servers use a boolean lock
attribute where "y" means an account is disabled.
Setting this to 'y' allows these lock attributes to be
used. This setting will have no effect if
"CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK" is in use.
['n', 'y']
--keystone-ldap-user-attribute-ignore=KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE
Comma-separated list of attributes stripped from LDAP
user entry upon update.
--keystone-ldap-user-default-project-id-attribute=KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE
Identity service LDAP attribute mapped to
default_project_id for users.
--keystone-ldap-user-allow-create=KEYSTONE_LDAP_USER_ALLOW_CREATE
Specify 'y' if you want to be able to create Identity
service users through the Identity service interface;
specify 'n' if you will create directly in the LDAP
backend. ['n', 'y']
--keystone-ldap-user-allow-update=KEYSTONE_LDAP_USER_ALLOW_UPDATE
Specify 'y' if you want to be able to update Identity
service users through the Identity service interface;
specify 'n' if you will update directly in the LDAP
backend. ['n', 'y']
--keystone-ldap-user-allow-delete=KEYSTONE_LDAP_USER_ALLOW_DELETE
Specify 'y' if you want to be able to delete Identity
service users through the Identity service interface;
specify 'n' if you will delete directly in the LDAP
backend. ['n', 'y']
--keystone-ldap-user-pass-attribute=KEYSTONE_LDAP_USER_PASS_ATTRIBUTE
Identity service LDAP attribute mapped to password.
--keystone-ldap-user-enabled-emulation-dn=KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN
DN of the group entry to hold enabled LDAP users when
using enabled emulation.
--keystone-ldap-user-additional-attribute-mapping=KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING
List of additional LDAP attributes for mapping
additional attribute mappings for users. The
attribute-mapping format is <ldap_attr>:<user_attr>,
where ldap_attr is the attribute in the LDAP entry and
user_attr is the Identity API attribute.
--keystone-ldap-group-subtree=KEYSTONE_LDAP_GROUP_SUBTREE
Group subtree for the Identity service LDAP backend.
--keystone-ldap-group-filter=KEYSTONE_LDAP_GROUP_FILTER
Group query filter for the Identity service LDAP
backend.
--keystone-ldap-group-objectclass=KEYSTONE_LDAP_GROUP_OBJECTCLASS
Group object class for the Identity service LDAP
backend.
--keystone-ldap-group-id-attribute=KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE
Group ID attribute for the Identity service LDAP
backend.
--keystone-ldap-group-name-attribute=KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE
Group name attribute for the Identity service LDAP
backend.
--keystone-ldap-group-member-attribute=KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE
Group member attribute for the Identity service LDAP
backend.
--keystone-ldap-group-desc-attribute=KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE
Group description attribute for the Identity service
LDAP backend.
--keystone-ldap-group-attribute-ignore=KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE
Comma-separated list of attributes stripped from LDAP
group entry upon update.
--keystone-ldap-group-allow-create=KEYSTONE_LDAP_GROUP_ALLOW_CREATE
Specify 'y' if you want to be able to create Identity
service groups through the Identity service interface;
specify 'n' if you will create directly in the LDAP
backend. ['n', 'y']
--keystone-ldap-group-allow-update=KEYSTONE_LDAP_GROUP_ALLOW_UPDATE
Specify 'y' if you want to be able to update Identity
service groups through the Identity service interface;
specify 'n' if you will update directly in the LDAP
backend. ['n', 'y']
--keystone-ldap-group-allow-delete=KEYSTONE_LDAP_GROUP_ALLOW_DELETE
Specify 'y' if you want to be able to delete Identity
service groups through the Identity service interface;
specify 'n' if you will delete directly in the LDAP
backend. ['n', 'y']
--keystone-ldap-group-additional-attribute-mapping=KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING
List of additional LDAP attributes used for mapping
additional attribute mappings for groups. The
attribute=mapping format is <ldap_attr>:<group_attr>,
where ldap_attr is the attribute in the LDAP entry and
group_attr is the Identity API attribute.
--keystone-ldap-use-tls=KEYSTONE_LDAP_USE_TLS
Specify 'y' if the Identity service LDAP backend
should use TLS. ['n', 'y']
--keystone-ldap-tls-cacertdir=KEYSTONE_LDAP_TLS_CACERTDIR
CA certificate directory for Identity service LDAP
backend (if TLS is used).
--keystone-ldap-tls-cacertfile=KEYSTONE_LDAP_TLS_CACERTFILE
CA certificate file for Identity service LDAP backend
(if TLS is used).
--keystone-ldap-tls-req-cert=KEYSTONE_LDAP_TLS_REQ_CERT
Certificate-checking strictness level for Identity
service LDAP backend; valid options are: never, allow,
demand. ['never', 'allow', 'demand']

Glance Config parameters:
--glance-db-passwd=GLANCE_DB_PASSWD
Password to use for the Image service (glance) to
access the database.
--glance-ks-passwd=GLANCE_KS_PASSWD
Password to use for the Image service to authenticate
with the Identity service.
--glance-backend=GLANCE_BACKEND
Storage backend for the Image service (controls how
the Image service stores disk images). Valid options
are: file or swift (Object Storage). The Object
Storage service must be enabled to use it as a working
backend; otherwise, Packstack falls back to 'file'.
['file', 'swift']

Cinder Config parameters:
--cinder-db-passwd=CINDER_DB_PASSWD
Password to use for the Block Storage service (cinder)
to access the database.
--cinder-db-purge-enable=CINDER_DB_PURGE_ENABLE
Enter y if cron job for removing soft deleted DB rows
should be created.

POSTSCRIPT Config parameters:

Puppet Config parameters:
[root@openstack-liberty ~]# diff /root/answer.txt /root/answer.txt.org|grep '^<'
< CONFIG_DEFAULT_PASSWORD=redhat
< CONFIG_HEAT_INSTALL=y
< CONFIG_NTP_SERVERS=pool.ntp.org
< CONFIG_KEYSTONE_ADMIN_PW=redhat
< CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-eth1
< CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
< CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
< CONFIG_HORIZON_SSL=y
< CONFIG_PROVISION_DEMO=n
[root@openstack-liberty ~]# vi /root/answer.txt
[root@openstack-liberty ~]# mv /root/answer.txt /root/answer.txt.jun16
[root@openstack-liberty ~]# cp -p /root/answer.txt.org /root/answer.txt
[root@openstack-liberty ~]# vi /root/answer.txt
[root@openstack-liberty ~]#
[root@openstack-liberty ~]#
[root@openstack-liberty ~]# diff /root/answer.txt /root/answer.txt.org
47c47
< CONFIG_HEAT_INSTALL=y
---
> CONFIG_HEAT_INSTALL=n
62c62
< CONFIG_NTP_SERVERS=pool.ntp.org
---
> CONFIG_NTP_SERVERS=
537c537
< CONFIG_CINDER_VOLUMES_SIZE=10G
---
> CONFIG_CINDER_VOLUMES_SIZE=20G
866c866
< CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-eth1
---
> CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=
877c877
< CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
---
> CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
882c882
< CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
---
> CONFIG_NEUTRON_OVS_TUNNEL_IF=
[root@openstack-liberty ~]# diff /root/answer.txt /root/answer.txt.org|grep '^<'
< CONFIG_HEAT_INSTALL=y
< CONFIG_NTP_SERVERS=pool.ntp.org
< CONFIG_CINDER_VOLUMES_SIZE=10G
< CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-eth1
< CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
< CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
[root@openstack-liberty ~]# packstack --answer-file /root/answer.txt
Welcome to the Packstack setup utility

The installation log file is available at: /var/tmp/packstack/20160615-213018-aoxN7Q/openstack-setup.log

Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Adding pre install manifest entries [ DONE ]
Installing time synchronization via NTP [ DONE ]
Setting up CACERT [ DONE ]
Adding AMQP manifest entries [ DONE ]
Adding MariaDB manifest entries [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Adding Keystone manifest entries [ DONE ]
Adding Glance Keystone manifest entries [ DONE ]
Adding Glance manifest entries [ DONE ]
Adding Cinder Keystone manifest entries [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Adding Cinder manifest entries [ DONE ]
Adding Nova API manifest entries [ DONE ]
Adding Nova Keystone manifest entries [ DONE ]
Adding Nova Cert manifest entries [ DONE ]
Adding Nova Conductor manifest entries [ DONE ]
Creating ssh keys for Nova migration [ DONE ]
Gathering ssh host keys for Nova migration [ DONE ]
Adding Nova Compute manifest entries [ DONE ]
Adding Nova Scheduler manifest entries [ DONE ]
Adding Nova VNC Proxy manifest entries [ DONE ]
Adding OpenStack Network-related Nova manifest entries[ DONE ]
Adding Nova Common manifest entries [ DONE ]
Adding Neutron VPNaaS Agent manifest entries [ DONE ]
Adding Neutron FWaaS Agent manifest entries [ DONE ]
Adding Neutron LBaaS Agent manifest entries [ DONE ]
Adding Neutron API manifest entries [ DONE ]
Adding Neutron Keystone manifest entries [ DONE ]
Adding Neutron L3 manifest entries [ DONE ]
Adding Neutron L2 Agent manifest entries [ DONE ]
Adding Neutron DHCP Agent manifest entries [ DONE ]
Adding Neutron Metering Agent manifest entries [ DONE ]
Adding Neutron Metadata Agent manifest entries [ DONE ]
Adding Neutron SR-IOV Switch Agent manifest entries [ DONE ]
Checking if NetworkManager is enabled and running [ DONE ]
Adding OpenStack Client manifest entries [ DONE ]
Adding Horizon manifest entries [ DONE ]
Adding Swift Keystone manifest entries [ DONE ]
Adding Swift builder manifest entries [ DONE ]
Adding Swift proxy manifest entries [ DONE ]
Adding Swift storage manifest entries [ DONE ]
Adding Swift common manifest entries [ DONE ]
Adding Heat manifest entries [ DONE ]
Adding Provisioning Demo manifest entries [ DONE ]
Adding Provisioning Demo bridge manifest entries [ DONE ]
Adding Provisioning Glance manifest entries [ DONE ]
Adding MongoDB manifest entries [ DONE ]
Adding Redis manifest entries [ DONE ]
Adding Ceilometer manifest entries [ DONE ]
Adding Ceilometer Keystone manifest entries [ DONE ]
Adding Nagios server manifest entries [ DONE ]
Adding Nagios host manifest entries [ DONE ]
Adding post install manifest entries [ DONE ]
Copying Puppet modules and manifests [ DONE ]
Applying 192.168.4.101_prescript.pp
192.168.4.101_prescript.pp: [ DONE ]
Applying 192.168.4.101_chrony.pp
192.168.4.101_chrony.pp: [ DONE ]
Applying 192.168.4.101_amqp.pp
Applying 192.168.4.101_mariadb.pp
192.168.4.101_amqp.pp: [ DONE ]
192.168.4.101_mariadb.pp: [ DONE ]
Applying 192.168.4.101_keystone.pp
Applying 192.168.4.101_glance.pp
Applying 192.168.4.101_cinder.pp
192.168.4.101_keystone.pp: [ DONE ]
192.168.4.101_glance.pp: [ DONE ]
192.168.4.101_cinder.pp: [ DONE ]
Applying 192.168.4.101_api_nova.pp
192.168.4.101_api_nova.pp: [ DONE ]
Applying 192.168.4.101_nova.pp
192.168.4.101_nova.pp: [ DONE ]
Applying 192.168.4.101_neutron.pp
192.168.4.101_neutron.pp: [ DONE ]
Applying 192.168.4.101_osclient.pp
Applying 192.168.4.101_horizon.pp
192.168.4.101_osclient.pp: [ DONE ]
192.168.4.101_horizon.pp: [ DONE ]
Applying 192.168.4.101_ring_swift.pp
192.168.4.101_ring_swift.pp: [ DONE ]
Applying 192.168.4.101_swift.pp
192.168.4.101_swift.pp: [ DONE ]
Applying 192.168.4.101_heat.pp
192.168.4.101_heat.pp: [ DONE ]
Applying 192.168.4.101_provision_demo.pp
192.168.4.101_provision_demo.pp: [ DONE ]
Applying 192.168.4.101_provision_demo_bridge.pp
192.168.4.101_provision_demo_bridge.pp: [ DONE ]
Applying 192.168.4.101_provision_glance
192.168.4.101_provision_glance: [ DONE ]
Applying 192.168.4.101_mongodb.pp
Applying 192.168.4.101_redis.pp
192.168.4.101_mongodb.pp: [ DONE ]
192.168.4.101_redis.pp: [ DONE ]
Applying 192.168.4.101_ceilometer.pp
192.168.4.101_ceilometer.pp: [ DONE ]
Applying 192.168.4.101_nagios.pp
Applying 192.168.4.101_nagios_nrpe.pp
192.168.4.101_nagios.pp: [ DONE ]
192.168.4.101_nagios_nrpe.pp: [ DONE ]
Applying 192.168.4.101_postscript.pp
192.168.4.101_postscript.pp: [ DONE ]
Applying Puppet manifests [ DONE ]
Finalizing [ DONE ]

**** Installation completed successfully ******

Additional information:
* File /root/keystonerc_admin has been created on OpenStack client host 192.168.4.101. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://192.168.4.101/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* To use Nagios, browse to http://192.168.4.101/nagios username: nagiosadmin, password: 9bcbedb4f4294a06
* The installation log file is available at: /var/tmp/packstack/20160615-213018-aoxN7Q/openstack-setup.log
* The generated manifests are available at: /var/tmp/packstack/20160615-213018-aoxN7Q/manifests
[root@openstack-liberty ~]#

[root@openstack-liberty network-scripts(keystone_admin)]# cp -p ifcfg-eth0 ifcfg-br-ex
[root@openstack-liberty network-scripts(keystone_admin)]# vi ifcfg-eth0
[root@openstack-liberty network-scripts(keystone_admin)]# vi ifcfg-br-ex
[root@openstack-liberty network-scripts]# cat ifcfg-br-ex
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
NAME=eth0
ONBOOT=yes
IPADDR=192.168.4.101
PREFIX=24
GATEWAY=192.168.4.2
DEVICE=br-ex
DEVICETYPE=ovs
OVSBOOTPROTO=none
TYPE=OVSBridge
[root@openstack-liberty network-scripts]# cat ifcfg-eth0
DEVICE=eth0
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-ex
ONBOOT=yes
BOOTPROTO=none
[root@openstack-liberty network-scripts]#

[root@openstack-liberty network-scripts(keystone_admin)]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=50.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=18.8 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 18.897/34.934/50.972/16.038 ms
[root@openstack-liberty network-scripts(keystone_admin)]# ping www.google.com
PING www.google.com (74.125.130.103) 56(84) bytes of data.
64 bytes from sb-in-f103.1e100.net (74.125.130.103): icmp_seq=1 ttl=128 time=53.6 ms
^C64 bytes from 74.125.130.103: icmp_seq=2 ttl=128 time=53.1 ms

--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 53.137/53.373/53.609/0.236 ms

Learn About OpenStack