"Configs on Fedora 20" - Views: 1,547 · Hits: 1,547 - Type: Public

********************************************************
Configs on Controller (/etc/neutron folder)
********************************************************
To be done before setup for root account 

[root@dfw02 neutron]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 101
Server version: 5.5.35-MariaDB MariaDB Server

Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

shell> mysql -u root
mysql> UPDATE mysql.user SET Password = PASSWORD('password')
    ->     WHERE User = 'root';
mysql> FLUSH PRIVILEGES;

MariaDB [(none)]> SELECT User, Host, Password FROM mysql.user;
+----------+-------------------+-------------------------------------------+
| User     | Host              | Password                                  |
+----------+-------------------+-------------------------------------------+
| root     | localhost         | *E0DC09146F1310B49A34199B04274A9EED6F9EC7 |
| root     | dfw02.localdomain | *E0DC09146F1310B49A34199B04274A9EED6F9EC7 |
| root     | 127.0.0.1         | *E0DC09146F1310B49A34199B04274A9EED6F9EC7 |
| root     | ::1               | *E0DC09146F1310B49A34199B04274A9EED6F9EC7 |
| keystone | localhost         | *936E8F7AB2E21B47F6C9A7E5D9FE14DBA2255E5A |
| keystone | %                 | *936E8F7AB2E21B47F6C9A7E5D9FE14DBA2255E5A |
| glance   | localhost         | *CC67CAF178CB9A07D756302E0BBFA3B0165DFD49 |
| glance   | %                 | *CC67CAF178CB9A07D756302E0BBFA3B0165DFD49 |
| cinder   | localhost         | *028F8298C041368BA08A280AA8D1EF895CB68D5C |
| cinder   | %                 | *028F8298C041368BA08A280AA8D1EF895CB68D5C |
| neutron  | localhost         | *4DF421833991170108648F1103CD74FCB66BBE9E |
| neutron  | %                 | *03A31004769F9E4F94ECEEA61AA28D9649084839 |
| nova     | localhost         | *0BE3B501084D35F4C66DD3AC4569EAE5EA738212 |
| nova     | %                 | *0BE3B501084D35F4C66DD3AC4569EAE5EA738212 |
| nova     | dfw02.localdomain | *0BE3B501084D35F4C66DD3AC4569EAE5EA738212 |
+----------+-------------------+-------------------------------------------+

[root@dfw02 neutron]# ls -l
total 68
-rw-r-----. 1 root neutron   884 Jan 23 12:48 api-paste.ini
-rw-r-----. 1 root neutron  2996 Feb 18 22:58 dhcp_agent.ini
-rw-r--r--. 1 root root       53 Jan 23 12:46 dnsmasq.conf
-rw-r-----. 1 root neutron   109 Dec 16 05:36 fwaas_driver.ini
-rw-r-----. 1 root neutron  2520 Feb 18 22:57 l3_agent.ini
-rw-r-----. 1 root neutron  1104 Dec 16 05:36 lbaas_agent.ini
-rw-r-----. 1 root neutron  1084 Jan 23 18:25 metadata_agent.ini
-rw-r--r--. 1 root root      876 Jan 23 12:58 neutron.conf
-rw-r-----. 1 root neutron 13635 Jan 23 11:55 neutron.save
lrwxrwxrwx. 1 root root       55 Jan 23 11:49 plugin.ini -> /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
drwxr-xr-x. 3 root root     4096 Jan 23 11:01 plugins
-rw-r-----. 1 root neutron  5853 Dec 16 05:36 policy.json
-rw-r--r--. 1 root root       79 Dec 18 17:30 release
-rw-r--r--. 1 root root     1214 Dec 16 05:36 rootwrap.conf


[root@dfw02 neutron]# cat neutron.conf | grep -v ^# | grep -v ^$
[DEFAULT]
core_plugin =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
rpc_backend = neutron.openstack.common.rpc.impl_qpid
control_exchange = neutron
qpid_hostname = 192.168.1.127
auth_strategy = keystone
allow_overlapping_ips = True
dhcp_lease_duration = 120
allow_bulk = True
qpid_port = 5672
qpid_heartbeat = 60
qpid_protocol = tcp
qpid_tcp_nodelay = True
qpid_reconnect_limit=0
qpid_reconnect_interval_max=0
qpid_reconnect_timeout=0
qpid_reconnect=True
qpid_reconnect_interval_min=0
qpid_reconnect_interval=0
debug = False
verbose = True
[quotas]
[agent]
[keystone_authtoken]
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
auth_host = 192.168.1.127
auth_port = 35357
auth_protocol = http
auth_uri=http://192.168.1.127:5000/
[database]
[service_providers]
[AGENT]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf

[root@dfw02 neutron]# cat dhcp_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = TRUE
external_network_bridge = br-ex
ovs_use_veth = True
use_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq.conf

[root@dfw02 neutron]# cat l3_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = TRUE
ovs_use_veth = True
use_namespaces = True
metadata_ip = 192.168.1.127
metadata_port = 8700

[root@dfw02 neutron]# cat metadata_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
auth_url = http://192.168.1.127:35357/v2.0/
auth_region = regionOne
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
nova_metadata_ip = 192.168.1.127
nova_metadata_port = 8700
metadata_proxy_shared_secret = fedora

[root@dfw02 neutron]# cat api-paste.ini | grep -v ^# | grep -v ^$
[composite:neutron]
use = egg:Paste#urlmap
/: neutronversions
/v2.0: neutronapi_v2_0
[composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory
noauth = extensions neutronapiapp_v2_0
keystone = authtoken keystonecontext extensions neutronapiapp_v2_0
[filter:keystonecontext]
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
admin_user=neutron
auth_port=35357
admin_password=fedora
auth_protocol=http
auth_uri=http://192.168.1.127:5000/
admin_tenant_name=services
auth_host = 192.168.1.127
[filter:extensions]
paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
[app:neutronversions]
paste.app_factory = neutron.api.versions:Versions.factory
[app:neutronapiapp_v2_0]
paste.app_factory = neutron.api.v2.router:APIRouter.factory

[root@dfw02 neutron]# cat plugin.ini | grep -v ^# | grep -v ^$
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.1.127
[agent]
[securitygroup]
[DATABASE]
sql_connection = mysql://root:[email protected]/ovs_neutron
[SECURITYGROUP]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


[root@dfw02 neutron]# cat  dnsmasq.conf| grep -v ^# | grep -v ^$
log-facility = /var/log/neutron/dnsmasq.log
log-dhcp
# Line added by B.D.
dhcp-option=26,1454

Configs on Compute 

[root@dfw01 neutron]# cat neutron.conf | grep -v ^# | grep -v ^$
[DEFAULT]
core_plugin =neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
rpc_backend = neutron.openstack.common.rpc.impl_qpid
qpid_hostname = 192.168.1.127
auth_strategy = keystone
allow_overlapping_ips = True
qpid_port = 5672
debug = True
verbose = True
[quotas]
[agent]
[keystone_authtoken]
admin_tenant_name = services
admin_user = neutron
admin_password = fedora
auth_host = 192.168.1.127
[database]
[service_providers]
[AGENT]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf

[root@dfw01 neutron]# cat plugin.ini | grep -v ^# | grep -v ^$
[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 192.168.1.137
[agent]
[securitygroup]
[DATABASE]
sql_connection = mysql://root:[email protected]/ovs_neutron
[SECURITYGROUP]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[root@dfw01 neutron]# cat metadata_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
auth_url = http://localhost:5000/v2.0
auth_region = RegionOne
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%

== iptables on Controller & Compute ==

1/ iptables on Controller
------------------
[root@dfw02~ ]# cat /etc/sysconfig/iptables
# Lines  with --reject-with icmp-host-prohibited  commented out by B.D.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3260 -m comment --comment "001 cinder incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 80 -m comment --comment "001 horizon incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 9292 -m comment --comment "001 glance incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 5000,35357 -m comment --comment "001 keystone incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 3306 -m comment --comment "001 mariadb incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 6080 -m comment --comment "001 novncproxy incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 8770:8780 -m comment --comment "001 novaapi incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 9696 -m comment --comment "001 neutron incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 5672 -m comment --comment "001 qpid incoming" -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 8700 -m comment --comment "001 metadata incoming" -j ACCEPT 
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT
#  -A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p gre -j ACCEPT 
-A OUTPUT -p gre -j ACCEPT
#  -A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
------------------

2/ iptables on Compute
------------------
[root@dfw01~ ]$ cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
# Lines  with --reject-with icmp-host-prohibited  commented out by B.D.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5999 -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p gre -j ACCEPT 
#  -A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p gre -j ACCEPT
#  -A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
------------------

Nova on Controller :

[root@dfw02 nova]# cat nova.conf | grep -v ^# | grep -v ^$
[DEFAULT]
logdir = /var/log/nova
state_path = /var/lib/nova
lock_path = /var/lib/nova/tmp
volumes_dir = /etc/nova/volumes
dhcpbridge = /usr/bin/nova-dhcpbridge
dhcpbridge_flagfile = /etc/nova/nova.conf
force_dhcp_release = True
injected_network_template = /usr/share/nova/interfaces.template
libvirt_nonblocking = True
libvirt_inject_partition = -1
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
iscsi_helper = tgtadm
sql_connection = mysql://nova:[email protected]/nova
compute_driver = libvirt.LibvirtDriver
libvirt_type=qemu
rpc_backend = nova.openstack.common.rpc.impl_qpid
rootwrap_config = /etc/nova/rootwrap.conf
auth_strategy = keystone
firewall_driver=nova.virt.firewall.NoopFirewallDriver
volume_api_class = nova.volume.cinder.API
enabled_apis = ec2,osapi_compute,metadata
my_ip=192.168.1.127
qpid_hostname=192.168.1.127
qpid_port=5672
glance_host=192.168.1.127
network_api_class = nova.network.neutronv2.api.API
neutron_admin_username = neutron
neutron_admin_password = fedora
neutron_admin_auth_url = http://192.168.1.127:35357/v2.0/
neutron_auth_strategy = keystone
neutron_admin_tenant_name = services
neutron_url = http://192.168.1.127:9696/
security_group_api = neutron
metadata_host = 192.168.1.127
metadata_listen = 0.0.0.0
metadata_listen_port = 8700
service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = fedora
[keystone_authtoken]
admin_tenant_name = services
admin_user = nova
admin_password = fedora
auth_host = 192.168.1.127
auth_port = 35357
auth_protocol = http
signing_dirname = /tmp/keystone-signing-nova


Nova on Compute :-

[root@dfw01 nova]# cat nova.conf | grep -v ^# | grep -v ^$
[DEFAULT]
logdir = /var/log/nova
state_path = /var/lib/nova
lock_path = /var/lib/nova/tmp
volumes_dir = /etc/nova/volumes
dhcpbridge = /usr/bin/nova-dhcpbridge
dhcpbridge_flagfile = /etc/nova/nova.conf
force_dhcp_release = True
injected_network_template = /usr/share/nova/interfaces.template
libvirt_nonblocking = True
libvirt_inject_partition = -1
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
iscsi_helper = tgtadm
sql_connection = mysql://nova:[email protected]/nova
compute_driver = libvirt.LibvirtDriver
libvirt_type=qemu
rpc_backend = nova.openstack.common.rpc.impl_qpid
rootwrap_config = /etc/nova/rootwrap.conf
auth_strategy = keystone
firewall_driver=nova.virt.firewall.NoopFirewallDriver
volume_api_class = nova.volume.cinder.API
enabled_apis = ec2,osapi_compute,metadata
my_ip=192.168.1.137
qpid_hostname=192.168.1.127
qpid_port=5672
glance_host=192.168.1.127
network_api_class = nova.network.neutronv2.api.API
neutron_admin_username = neutron
neutron_admin_password = fedora
neutron_admin_auth_url = http://192.168.1.127:35357/v2.0/
neutron_auth_strategy = keystone
neutron_admin_tenant_name = services
neutron_url = http://192.168.1.127:9696/
security_group_api = neutron
metadata_host = 192.168.1.127
metadata_listen = 0.0.0.0
metadata_listen_port = 8700
service_neutron_metadata_proxy = True
neutron_metadata_proxy_shared_secret = fedora
[keystone_authtoken]
admin_tenant_name = services
admin_user = nova
admin_password = fedora
auth_host = 192.168.1.127
auth_port = 35357
auth_protocol = http
signing_dirname = /tmp/keystone-signing-nova