From Fedora Project Wiki

No edit summary
 
(5 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== TODO items (anybody feel free to add/delete) ==
== Nova Network Setup ==


* do we have a prebuilt image available, what danpb has been doing?
Please note in "Nova Network Setup"  if you use a network other than 10.0.0.0/8  You must also add a corresponding "fixed_range" in /etc/nova/nova.conf and restart the nova network service, or reboot.
** http://berrange.fedorapeople.org/images/2012-02-29/
 
** if so, move oz/tty images to 'additional functionality'
== cfg-authtoken ==
* hint on how to setup sudo? f16 openstack test day page has one
 
* I think we can drop the nova auth section from 'Basic Setup'... we still do 'nova-manage network create', but use the 'nova' tool for keypair setup and instance launching. Someone needs to try it though. (crobinso: besides, doing those auth steps on e3 nova gives me an error: https://answers.launchpad.net/nova/+question/146517 Just running nova-api didn't help. Had to cd /var/lib/nova/CA and run ./genrootca.sh)
With Folsom RPMs (f18 updates-testing or f17 "preview" http://repos.fedorapeople.org/repos/openstack/openstack-folsom/fedora-openstack-folsom.repo) authtoken middleware can be configured in the application's config file https://review.openstack.org/#/c/10579/
** Yes there is a separate cert server that should be started an that runs the genrootca for us. I've updated that in the testday notes, so I'll update here too
Steps to remove middleware config from paste-ini:
* Setup the equivalent of 'novarc' but with keystone env? Horizon can generate one from the 'settings' panel, including one for use with the ec2 api.
* Nova
* crobinso: I already had mysql-server installed with an unknown password, pulled in by random kde stuff. Might want to mention that mysql password can be reset with 'sudo mysqladmin -u root -p password'
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_tenant_name
* easy command to check that services are running, since systemd seems pretty async: systemctl list-units --full | grep openstack
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_user
** Probably one for an openstack-common or openstack-fedora package (which would also hold the openstack-db-setup script etc.)
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_password
* crobinso: Not sure if I did anything wrong, but when I was in the westford office which has host networking on 10.0.0.* subnet, this recommended config killed my host connectivity. maybe we want to recommend a weirder subnet.
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_host
* all the steps outside of 'Basic Setup' need a review
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
* Glance
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http

Latest revision as of 17:50, 10 September 2012

Nova Network Setup

Please note in "Nova Network Setup" if you use a network other than 10.0.0.0/8 You must also add a corresponding "fixed_range" in /etc/nova/nova.conf and restart the nova network service, or reboot.

cfg-authtoken

With Folsom RPMs (f18 updates-testing or f17 "preview" http://repos.fedorapeople.org/repos/openstack/openstack-folsom/fedora-openstack-folsom.repo) authtoken middleware can be configured in the application's config file https://review.openstack.org/#/c/10579/ Steps to remove middleware config from paste-ini:

  • Nova
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
  • Glance
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http

sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http