{"id":82,"date":"2014-08-04T08:11:10","date_gmt":"2014-08-04T08:11:10","guid":{"rendered":"http:\/\/tuxlabs.com\/?p=82"},"modified":"2016-03-01T23:02:47","modified_gmt":"2016-03-01T23:02:47","slug":"how-to-install-openstack-icehouse-on-centos-6-5-using-packstack","status":"publish","type":"post","link":"https:\/\/tuxlabs.com\/?p=82","title":{"rendered":"How To: Install Openstack Icehouse on CentOS 6.5 Using Packstack"},"content":{"rendered":"<h2><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/openstack-software-diagram.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-84\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/openstack-software-diagram.png\" alt=\"openstack-software-diagram\" width=\"748\" height=\"310\" \/><\/a><\/h2>\n<h3>A brief introduction of Openstack + My thoughts<\/h3>\n<p>Openstack is open-source software for building clouds. It was created in 2010 by people from Rackspace &amp; NASA, but is currently managed by the non-profit Openstack Foundation, which includes members from the who&#8217;s who of the technology sector that have joined forces to continue to invest &amp; develop Openstack (written in Python) for fun and profit( well not so much ). It is definitely fun though :-). In fact I have been having nothing, but a blast since the moment I meant Openstack in 2012. However, admittedly the first time I worked on Openstack it was on the Essex release and I felt it had a ways to go before it was ready for prime time. At that time it was not only hard to install, but most of the people around it were hard core Pythonista&#8217;s (Python developers), that were rapidly trying to a mature Openstack &amp; it&#8217;s ecosystem that just wasn&#8217;t production ready yet. And while the latest release of Openstack &#8216;<strong>Icehouse<\/strong>&#8216; (which I am covering in this blog) is leaps and bounds better, it can still be quite a PITA(Pain In The Ass) for first timers. In fact I still struggle with the idea of running Openstack in production because it requires an incredible amount of resources, engineering skill &amp; organizational persistence to do so. Companies willing to embark on this journey thus far have included Mercado Libre, Dell, HP, Redhat, Canonical (the Ubunut guys), eBay, PayPal and Symantec among many others. These companies were required to beef up their engineering staff &amp; allocate large amounts of resources just to take on this challenge. In addition their commitments were probably tested over and over again and their leadership had to respond with tremendous faith when timelines began to slip. However, organizations that complete this journey recognize that the return at the end of the tunnel is a compounding return. For starters you aren&#8217;t locked into to a vendor like VmWare or AWS (Amazon Web Services) who are both incredibly expensive, but the compounding return comes from skills it will build internally and the culture that will be a bi-product.<\/p>\n<p>Coming here to Tuxlabs means you have personally accepted this mission to learn Openstack and you are in need of some guidance don&#8217;t worry you are in good hands. I will show you the light, which can be hard to see through the darkness if you try to take on the documentation all by yourself : <a href=\"http:\/\/docs.openstack.org\/\">http:\/\/docs.openstack.org\/<\/a><\/p>\n<p>So sit back, relax, read, and type exactly as I do. In the end you will have a perfectly functioning Openstack Icehouse cloud and if you decide to bring this into your organization remember with great power comes great responsibility&#8230;<\/p>\n<p>You will change everyone in your organization from a POSA (Plain Old Sys Admin&#8217;s) to Cloud Engineers and Architects jumping into the Openstack Python code base at the sniff of an issue.<\/p>\n<h3>Devstack<\/h3>\n<p>Devstack is a shell script used to quickly and easily deploy an all-in-one install of Openstack on any machine or VM for the purposes of trying, testing, and developing on Openstack. It is extremely easy to install, use and get going, if you have not used Devstack already I recommend trying it first because it is a quick and easy way to get a learning win + it will help you decide what you want to learn more about and whether or not Openstack is what you are looking for. However, you do not want to run Devstack in production for starters because production deployments should be multi-node setup&#8217;s not all Cloud services deployed on one machine like Devstack does.<\/p>\n<h3>The Book<\/h3>\n<p>My favorite Openstack book to date is by far is the <a title=\"Openstack Cloud Computing Cookbook\" href=\"http:\/\/www.amazon.com\/OpenStack-Cloud-Computing-Cookbook-Edition\/dp\/1782167587\">Openstack Cloud Computing Cookbook<\/a> written by <a href=\"https:\/\/twitter.com\/itarchitectkev\">Kevin Jackson. <\/a>This book is so great because gets straight to business giving you the commands &amp; understanding needing to get Openstack up and running quickly unlike most other book that bore you with unnecessary details. The first time I installed Openstack Essex I used this book and it worked like a charm, however, that was on Ubuntu, which this book was written for. If you want to install Openstack on Redhat you can do so from scratch or you can use RDO.<\/p>\n<h3>RDO<\/h3>\n<p>RDO technically doesn&#8217;t stand for anything !\u00a0<a href=\"http:\/\/openstack.redhat.com\/Frequently_Asked_Questions#What_does_RDO_stand_for.3F\">http:\/\/openstack.redhat.com\/Frequently_Asked_Questions#What_does_RDO_stand_for.3F<\/a>, but I don&#8217;t really buy that and have found some people expanding the acronym to the\u00a0<strong>R<\/strong>edhat <strong>D<\/strong>istribution of <strong>O<\/strong>penstack which I think sounds incredibly fitting. RDO has a <a href=\"http:\/\/openstack.redhat.com\">website<\/a> dedicated to a community of people running Openstack on Redhat, CentOS and Fedora. Because Redhat is still the leader in production Linux deployments in the enterprises of the world, I chose to use it in my own lab environment &amp; for the purposes of this tutorial. However, because I cannot afford the license cost of Redhat Enterprise Linux I am using the free community release of RHEL known as CentOS or the Community Enterprise Operating System. For the purposes of this tutorial we will be installing CentOS 6.5 with a minimal install on a bare metal system and then installing Packstack according to the instructions on the RDO website. Then we will go a step further.<\/p>\n<h3>Getting Started<\/h3>\n<p>A production Openstack deployment has a minimum of 3 nodes one for the Controller, Network, and Compute nodes and that would not cover a Highly Available deployment where you would need the capability to failover functions to standby nodes when there was an outage or maintenance needed. However, for the purposes of this article I will be showing you what is called an all-in-one install where the Controller, Network, and Compute functions all live on the same node and in future articles we will expand on this knowledge to build a production capable multi-node deployment of Openstack.<\/p>\n<h4>Before We Begin<\/h4>\n<p>You will need&#8230;<\/p>\n<ol>\n<li>A system that you have root access to, to install Openstack on. I am using an SGI Rackable with 16GB of RAM and 4.5TB of usable disk ( in a hardware RAID 10). Openstack does not require a lot of resources, but if you&#8217;re going to spawn a lot VM&#8217;s you need a lot of Cores (vCPU&#8217;s), Memory and Storage. See this link for more info:\u00a0 <a href=\"http:\/\/docs.openstack.org\/grizzly\/openstack-compute\/install\/yum\/content\/compute-system-requirements.html\">http:\/\/docs.openstack.org\/grizzly\/openstack-compute\/install\/yum\/content\/compute-system-requirements.html<\/a><\/li>\n<li>That system should have dual NIC&#8217;s, although I think it is possible to use virtual interfaces for a lab environment if you have to.<\/li>\n<li>To configure the hostname of your controller in DNS mine is diamond.tuxlabs.com, but most people go with controller.yourdomain.com (if you don&#8217;t have or use DNS, just make sure you configure your hosts file \/etc\/hosts with the information)<\/li>\n<li>The system you use should have CentOS 6.5 installed with a Minimal Install using the defaults no extra&#8217;s.<\/li>\n<li>Your brain, keyboard, fingers and a fresh beer and possibly an ice chest with more beer depending on how far the fridge is.<\/li>\n<\/ol>\n<h3>Assumptions<\/h3>\n<ul>\n<li>Our home network uses 192.168.1.0\/24 and has access to the internet.<\/li>\n<li>It has DHCP enabled, but only for 192.168.1.150-199.<\/li>\n<li>We are not using 10.0.0.0\/24 for anything so we can use it for our private network in Openstack.<\/li>\n<\/ul>\n<p>If these are true we should be able to follow my examples exactly, but if you want to change your networks you will have to substitute them as needed.<\/p>\n<h3>Setting Up Our Initial System<\/h3>\n<p>First become root or login as root, then&#8230;configure the following configuration files to match.<\/p>\n<p><strong>Resolve.conf<\/strong><\/p>\n<p>This assumes our gateway device @ 192.168.1.1 runs DNS (like the Linksys&#8217;s do). If 192.168.1.1 doesn&#8217;t run DNS do not add it to resolve.conf.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat \/etc\/resolv.conf\r\nnameserver 8.8.8.8\r\nnameserver 192.168.1.1\r\n[root@diamond tuxninja]#<\/pre>\n<p><strong>Sudoers<\/strong><\/p>\n<p>Make sure wheel is uncommented.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat \/etc\/sudoers | grep '%wheel' | grep -v '#'\r\n%wheel    ALL=(ALL)    NOPASSWD: ALL\r\n[root@diamond tuxninja]#<\/pre>\n<p><strong>Setup Your Primary Network Interface<br \/>\n<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-eth0\r\nDEVICE=eth0\r\nHWADDR=00:15:17:65:F9:98\r\nTYPE=Ethernet\r\nONBOOT=yes\r\nNM_CONTROLLED=yes\r\nBOOTPROTO=static\r\nIPADDR=192.168.1.10\r\nNETMASK=255.255.255.0\r\nGATEWAY=192.168.1.1\r\nNAMESERVER=192.168.1.1\r\n[root@diamond tuxninja]#<\/pre>\n<p><strong>\u00a0Restart Networking<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">\/etc\/init.d\/network restart<\/pre>\n<p><strong>Next Add A Local User (Cause logging in as root is lame)<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">adduser tuxninja\r\npasswd tuxninja<\/pre>\n<p>Set your password to something good, then <strong>add the user to the wheel group.<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">usermod -G tuxninja,wheel tuxninja<\/pre>\n<h3>Installing Dependencies<\/h3>\n<p>Next we need to install some basic dependencies so things like scp, yum, wget and nslookup work.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">yum install -y openssh-clients\r\nyum install -y yum-utils\r\nyum install -y wget\r\nyum install -y bind-utils<\/pre>\n<h3>Turn Off SELinux<\/h3>\n<p>Yes security is important, but unfortunately to install Openstack without a headache you need to turn off SELinux.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat \/etc\/sysconfig\/selinux  | grep SELINU | grep -v '#'\r\nSELINUX=disabled\r\nSELINUXTYPE=targeted\r\n[root@diamond tuxninja]# reboot<\/pre>\n<p>Don&#8217;t forget to reboot or the setting will not take effect.<\/p>\n<h3>Configuring Networking<\/h3>\n<p>There are many ways to configure <a href=\"http:\/\/docs.openstack.org\/grizzly\/openstack-network\/admin\/content\/\">Openstack networking<\/a> and it can be quite complicated, so we are going to use what I consider the simplest method using Openvswitch.<\/p>\n<p>Before we begin, make sure you can ping yahoo.com before we go mucking with the configs. We are going to change how your primary network interface is configured and then configure two additional interfaces. Do your best to match these configurations exact, making a mistake here might cause Openvswitch to barf on itself and that would not be fun to troubleshoot.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-eth0\r\nDEVICE=eth0\r\nHWADDR=00:15:17:65:F9:98\r\nTYPE=OVSPort\r\nDEVICETYPE=ovs\r\nOVS_BRIDGE=br-ex\r\nONBOOT=yes\r\n[root@diamond tuxninja]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-eth1\r\nDEVICE=eth1\r\nHWADDR=00:15:17:65:F9:99\r\nTYPE=Ethernet\r\nONBOOT=yes\r\nNM_CONTROLLED=no\r\nBOOTPROTO=none\r\nNETWORK=10.0.0.0\r\nIPADDR=10.0.0.1\r\nNETMASK=255.255.255.0\r\n[root@diamond tuxninja]# cat \/etc\/sysconfig\/network-scripts\/ifcfg-br-ex\r\nDEVICE=br-ex\r\nDEVICETYPE=ovs\r\nTYPE=OVSBridge\r\nBOOTPROTO=static\r\nIPADDR=192.168.1.10\r\nNETMASK=255.255.255.0\r\nGATEWAY=192.168.1.1\r\nDNS1=8.8.8.8\r\nDNS2=8.8.4.4\r\nONBOOT=yes\r\n[root@diamond tuxninja]# \/etc\/init.d\/network restart\r\n\r\n<\/pre>\n<p><strong>\u00a0What Is This Doing ?<\/strong><\/p>\n<p>The above configuration(s) is setting eth0 as an OVSPort that is bridged to the interface br-ex. eth1 is configured normally for our private 10 network, and br-ex is configured as a OVSBridge with our actual IP information from \/ for eth0.<\/p>\n<p><strong>After Restarting Networking ifconfig Output Should Look Like This<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# ifconfig eth0\r\neth0      Link encap:Ethernet  HWaddr 00:15:17:65:F9:98 \r\n          inet6 addr: fe80::215:17ff:fe65:f998\/64 Scope:Link\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:322092 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:187420 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1000\r\n          RX bytes:436592198 (416.3 MiB)  TX bytes:15605772 (14.8 MiB)\r\n          Interrupt:18 Memory:b8820000-b8840000\r\n\r\n[root@diamond tuxninja]# ifconfig eth1\r\neth1      Link encap:Ethernet  HWaddr 00:15:17:65:F9:99 \r\n          inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0\r\n          inet6 addr: fe80::215:17ff:fe65:f999\/64 Scope:Link\r\n          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1\r\n          RX packets:0 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:1000\r\n          RX bytes:0 (0.0 b)  TX bytes:552 (552.0 b)\r\n          Interrupt:19 Memory:b8800000-b8820000\r\n\r\n[root@diamond tuxninja]# ifconfig br-ex\r\nbr-ex     Link encap:Ethernet  HWaddr 00:15:17:65:F9:98 \r\n          inet addr:192.168.1.10  Bcast:192.168.1.255  Mask:255.255.255.0\r\n          inet6 addr: fe80::a8db:16ff:fed6:f4c4\/64 Scope:Link\r\n          UP BROADCAST RUNNING  MTU:1500  Metric:1\r\n          RX packets:293 errors:0 dropped:0 overruns:0 frame:0\r\n          TX packets:151 errors:0 dropped:0 overruns:0 carrier:0\r\n          collisions:0 txqueuelen:0\r\n          RX bytes:43799 (42.7 KiB)  TX bytes:15786 (15.4 KiB)\r\n\r\n[root@diamond tuxninja]#<\/pre>\n<p>For more information on Openstack networking here are some references that I used.<\/p>\n<ul>\n<li><span style=\"font: 13.0px Arial; color: #042eee;\"><span style=\"text-decoration: underline;\">https:\/\/www.youtube.com\/watch?v=afImoFeuDnY<\/span><\/span><\/li>\n<li><span style=\"font: 13.0px Arial; color: #042eee;\"><span style=\"text-decoration: underline;\">http:\/\/openstack.redhat.com\/Neutron_with_existing_external_network<\/span><\/span><\/li>\n<li><span style=\"font: 13.0px Arial; color: #042eee;\"><span style=\"text-decoration: underline;\">http:\/\/openstack.redhat.com\/forum\/discussion\/780\/confused-with-neutron-and-external-network-access\/p1<\/span><\/span><\/li>\n<li><span style=\"font: 13.0px Arial; color: #042eee;\"><span style=\"text-decoration: underline;\">http:\/\/openstack.redhat.com\/Networking_in_too_much_detail<\/span><\/span><\/li>\n<li><a href=\"http:\/\/docs.openstack.org\/grizzly\/openstack-network\/admin\/content\/\">http:\/\/docs.openstack.org\/grizzly\/openstack-network\/admin\/content\/<\/a><\/li>\n<\/ul>\n<h3>Update Packages<\/h3>\n<p>Finally since we are running a minimum install, let&#8217;s update all of our packages before continuing.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# sudo yum update -y<\/pre>\n<h3>\u00a0Installing Openstack<\/h3>\n<p>Finally we are ready to install Openstack Using Packstack.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# sudo yum install -y http:\/\/rdo.fedorapeople.org\/rdo-release.rpm\r\n[root@diamond tuxninja]# sudo yum install -y openstack-packstack\r\n[root@diamond tuxninja]# packstack --allinone --provision-all-in-one-ovs-bridge=n --provision-demo=n<\/pre>\n<p>The first command adds the required RDO repo to yum install packstack. The second downloads the openstack-packstack package. And the third and final command is magic. This command installs packstack. We are telling it to install all openstack components to one machine the &#8211;provision-all-in-one-ovs-bridge=n tells packstack we are going to be using a single node (although I am still not entirely sure this flag is absolutely necessary) and the final flag tells packstack not to deploy the demo project, because if you do you have to end up deleting it before you can delete the network information and re-create it correctly.<\/p>\n<p>Packstack will take about 10 minutes to run. It uses puppet to deploy Openstack and it&#8217;s required configurations. In my experience it works pretty well, however if you do need to re-install packstack there isn&#8217;t an automated uninstall script included. So someone created one and <a href=\"https:\/\/github.com\/tuxninja\/openstack-scripts\/blob\/master\/uninstall_packstack.sh\">here it is<\/a> in case you need it.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat packstack_uninstall.sh\r\n#!\/bin\/bash\r\n\r\n# Warning! Dangerous step! Destroys VMs\r\nfor x in $(virsh list --all | grep instance- | awk '{print $2}') ; do\r\n    virsh destroy $x ;\r\n    virsh undefine $x ;\r\ndone ;\r\n\r\n# Warning! Dangerous step! Removes lots of packages\r\nyum remove -y nrpe \"*nagios*\" puppet \"*ntp*\" \"*openstack*\" \\\r\n\"*nova*\" \"*keystone*\" \"*glance*\" \"*cinder*\" \"*swift*\" \\\r\nmysql mysql-server httpd \"*memcache*\" scsi-target-utils \\\r\niscsi-initiator-utils perl-DBI perl-DBD-MySQL ;\r\n\r\n# Warning! Dangerous step! Deletes local application data\r\nrm -rf \/etc\/nagios \/etc\/yum.repos.d\/packstack_* \/root\/.my.cnf \\\r\n\/var\/lib\/mysql\/ \/var\/lib\/glance \/var\/lib\/nova \/etc\/nova \/etc\/swift \\\r\n\/srv\/node\/device*\/* \/var\/lib\/cinder\/ \/etc\/rsync.d\/frag* \\\r\n\/var\/cache\/swift \/var\/log\/keystone \/var\/log\/cinder\/ \/var\/log\/nova\/ \\\r\n\/var\/log\/httpd \/var\/log\/glance\/ \/var\/log\/nagios\/ \/var\/log\/quantum\/ ;\r\n\r\numount \/srv\/node\/device* ;\r\nkillall -9 dnsmasq tgtd httpd ;\r\n\r\nvgremove -f cinder-volumes ;\r\nlosetup -a | sed -e 's\/:.*\/\/g' | xargs losetup -d ;\r\nfind \/etc\/pki\/tls -name \"ssl_ps*\" | xargs rm -rf ;\r\nfor x in $(df | grep \"\/lib\/\" | sed -e 's\/.* \/\/g') ; do\r\n    umount $x ;\r\ndone\r\n<\/pre>\n<p>Don&#8217;t forget to chmod +x to that bad boy to make it executable so you can run it, when you are ready to uninstall.<\/p>\n<p>Now then, getting back to our install. If Packstack was successful you should see something like this.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\"> **** Installation completed successfully ******\r\n\r\n\r\nAdditional information:\r\n * A new answerfile was created in: \/root\/packstack-answers-20140802-125113.txt\r\n * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.\r\n * File \/root\/keystonerc_admin has been created on OpenStack client host 192.168.1.10. To use the command line tools you need to source the file.\r\n * To access the OpenStack Dashboard browse to http:\/\/192.168.1.10\/dashboard .\r\nPlease, find your login credentials stored in the keystonerc_admin in your home directory.\r\n * To use Nagios, browse to http:\/\/192.168.1.10\/nagios username: nagiosadmin, password: 4bf73f1116544975\r\n * The installation log file is available at: \/var\/tmp\/packstack\/20140802-125113-RzCDrE\/openstack-setup.log\r\n * The generated manifests are available at: \/var\/tmp\/packstack\/20140802-125113-RzCDrE\/manifests\r\n[root@diamond tuxninja]#<\/pre>\n<p><strong>Check Out Our Keystonerc_admin File<br \/>\n<\/strong><\/p>\n<p>Just take note of what environment variables it sets. To login to our GUI we need these credentials and to use any command line functionality we have to source this file in our shell.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat ~\/keystonerc_admin\r\nexport OS_USERNAME=admin\r\nexport OS_TENANT_NAME=admin\r\nexport OS_PASSWORD=a57c83f56ccc41f5\r\nexport OS_AUTH_URL=http:\/\/192.168.1.10:5000\/v2.0\/\r\nexport PS1='[\\u@\\h \\W(keystone_admin)]\\$ '\r\n[root@diamond tuxninja]# \r\n<\/pre>\n<h4>\u00a0Configuring Openstack Networking<\/h4>\n<p>Because we did not deploy the demo project, the default network configuration in Openstack should not exist. If it does we can login to our GUI @ http:\/\/diamond.tuxlabs.com\/dashboard by sourcing the credentials above in our keystonerc_admin and delete the network configuration under<\/p>\n<ul>\n<li>admin &#8211;&gt; routers<\/li>\n<li>admin &#8211;&gt; networks<\/li>\n<\/ul>\n<p>Then you are ready to re-create your network. You could use the GUI to do this, which is pretty straight forward&#8230;but since GUI&#8217;s are dirty we are going to use the command line.<\/p>\n<p>In order to use any openstack command line utilities you must first source the keystonerc_admin file so the required environment variables are set in your shell. Like so&#8230;<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond ~]# source keystonerc_admin \r\n[root@diamond ~(keystone_admin)]#<\/pre>\n<p><strong>\u00a0Seeing (keystone_admin) in your prompt means you are ready to run commands and here you go<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">neutron router-create router1\r\nneutron net-create private\r\nneutron subnet-create private 10.0.0.0\/24 --name private_subnet\r\nneutron router-interface-add router1 private_subnet\r\nneutron net-create public --router:external=True\r\nneutron subnet-create public 192.168.1.0\/24 --name public_subnet --enable_dhcp=False --allocation-pool start=192.168.1.51,end=192.168.1.99 --gateway=192.168.1.1\r\nneutron router-gateway-set router1 public\r\n<\/pre>\n<p>Copy &amp; pasting this will spit out a lot of messages showing the result set of each command.<\/p>\n<p>The important thing to realize is that your public network has to be configured with an\u00a0 external router.\u00a0 This effectively <a href=\"http:\/\/www.google.com\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;sqi=2&amp;ved=0CB0QFjAA&amp;url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FNetwork_address_translation&amp;ei=GrvfU4myCOn6iwKo8YCoBA&amp;usg=AFQjCNE3M-Gg7yuoxBh5CKp2LjD13qOywA&amp;sig2=bxbCUkGpT853FoxqC6hB7g&amp;bvm=bv.72197243,d.cGE\">NAT&#8217;s<\/a> the 10 &amp; 192 networks to make internet access available to your VM&#8217;s. When this is configured correctly your Network Topology diagram under the dirty GUI should resemble this.<\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.03.09-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-110\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.03.09-am.png\" alt=\"2014-08-04 12.03.09 am\" width=\"1076\" height=\"864\" \/><\/a><\/p>\n<p>The router_gateway always shows DOWN. No idea why, but someone else said it&#8217;s a bug \ud83d\ude09<\/p>\n<p>Next under your project (the admin project) you have to configure your Security Groups under <strong>Compute&#8212;&gt;Access &amp; Security&#8212;&gt;Security Groups<\/strong>. Once there click Manage Rules for the default security group. Delete what&#8217;s there. <strong>Add Ingress\/Egress for ALL ICMP, ALL TCP, and ALL UDP<\/strong> accepting all other defaults on the form. This will open up your firewall completely.<\/p>\n<h3>Time To Restart Openstack<\/h3>\n<p>Finally we need to restart Openstack, validating that openvswitch-agent starts.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja(keystone_admin)]# \/etc\/init.d\/network restart;openstack-service --full-restart;openstack-status | grep 'openvswitch-agent' \r\nneutron-openvswitch-agent:              active<\/pre>\n<p><strong>Note:<\/strong> You can use openstack-service &#8211;full-restart to restart all openstack services.<\/p>\n<p>If openvswitch-agent does not start run back through the above steps and \/ or consult the references or email me tuxninja [at] tuxlabs.com. This can be a real pain to figure out, but I finally have it down pat.<\/p>\n<p>If openvswitch-agent is active we are good to go. Next we have to create an SSH Key.<\/p>\n<h3>Creating Our Cloud&#8217;s SSH Key<\/h3>\n<p>Our Openstack Cloud has no authentication system for our virtual machines by default. Eventually you could configure an LDAP server, and configure your images or configure in Puppet the required pam configurations to use LDAP for authentication by your VM&#8217;s, but for now Openstack allows for a post configuration step after building VM&#8217;s where it will add your SSH key. It does this by using the metadata service which cloud images will look for, if they can reach the metadata service @ http:\/\/169.254.169.254 then they can copy down the public key and install it on the VM for you allowing you to login to that VM using the VM&#8217;s operating system default account (i.e. ubuntu, fedora). Now before I continue there are alternatives such as using guestfish to modify an image&#8217;s configuration or using a post install cloud-init configuration to specific a password to an account, but the cleanest and simplest way is to use the metadata service after generating &amp; importing the public key into openstack and assigning it to our VM guest.<\/p>\n<p><strong>To create the key&#8230;<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# ssh-keygen -t rsa -f cloud.key\r\nGenerating public\/private rsa key pair.\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in cloud.key.\r\nYour public key has been saved in cloud.key.pub.\r\nThe key fingerprint is:\r\n59:e0:b3:0f:c9:d0:8a:67:ba:86:39:0e:fe:b2:93:ce root@diamond.tuxlabs.com\r\nThe key's randomart image is:\r\n+--[ RSA 2048]----+\r\n|        .        |\r\n|       o .       |\r\n|      . + .      |\r\n|     . + *       |\r\n|    . + S        |\r\n|     +   o       |\r\n|. .o.     .      |\r\n|o=+ ..           |\r\n|.E*+.            |\r\n+-----------------+\r\n[root@diamond tuxninja]#\r\n<\/pre>\n<p>I don&#8217;t enter a password to use password-less SSH, cause again this is a lab environment and typing passwords sucks.<\/p>\n<h3>Launching A VM<\/h3>\n<p>Next you want to launch a VM that we can use to import our SSH key into. Login to the dashboard @ http:\/\/diamond.tuxlabs.com\/dashboard again using the keystonerc_admin credentials provided. Once inside navigate to Project&#8212;&gt;Compute&#8212;&gt;Instances and click the Launch Instance button in the upper right corner. You will be presented with a form. Here are the screenshots to guide you through.<\/p>\n<p><strong>Fill out the details tab&#8230;<\/strong><\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.19.19-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-111\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.19.19-am.png\" alt=\"2014-08-04 12.19.19 am\" width=\"1450\" height=\"1304\" \/><\/a><\/p>\n<p><strong>Click the Access &amp; Security Tab<\/strong>&#8230;<\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.19.44-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-112\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.19.44-am.png\" alt=\"2014-08-04 12.19.44 am\" width=\"1418\" height=\"634\" \/><\/a><\/p>\n<p><strong>Then Click The +<\/strong> &#8230;<\/p>\n<p>Now in order to fill this out we have to copy and paste the contents (bold part) of the public key we created.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cat cloud.key.pub \r\n<strong>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzs46kFxia6q9gfwmmszFHGFSk5UAQFjLhEOE08I\/2F7+Qwh0AFBuO99c\/OCITr2HvVfDc7DF5JlRQGohTA9aowtINWyEUvEKSPG8gEtL95GZ5EZH\/3pqWFaklIfoP3fbgKPrpPSGarYQY5UH+qm419x+A3tAkmumdd3BtQHLRF1qq9Ui69IQ383MctuOu+sF9Ws6+NT1+MbND++Qp2VNli\/+cpZTnv4g9i5C2mXbUQQJghEoUvIXiBh+r27kVOlJ6L3TeT8WIwD1N916ZRgHrfbAEQ+108Zdyc5\/TXYRbbWs4WO9PVcTp+6zcLOXyds0sFMyu53rWOS22iEFL3XGRQ== root@diamond.tuxlabs.com<\/strong>\r\n[root@diamond tuxninja]#<\/pre>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.20.10-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-113\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.20.10-am.png\" alt=\"2014-08-04 12.20.10 am\" width=\"1398\" height=\"1166\" \/><\/a><\/p>\n<p><strong>Then Click Networking and add the private network&#8230;<\/strong><\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.20.43-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-115\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.20.43-am.png\" alt=\"2014-08-04 12.20.43 am\" width=\"1422\" height=\"728\" \/><\/a><\/p>\n<p><strong>Then click launch&#8230;.and you should see something like this&#8230; <\/strong><\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.21.22-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-116\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.21.22-am.png\" alt=\"2014-08-04 12.21.22 am\" width=\"2284\" height=\"192\" \/><\/a><\/p>\n<p>See the status spawning ? When the virtual machine is done being built you will see status changed to &#8216;Running&#8217;, you can watch the machine boot, by clicking the name of the instance and then going to the Log or Console tab.<\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.28.05-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-117\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.28.05-am.png\" alt=\"2014-08-04 12.28.05 am\" width=\"2136\" height=\"212\" \/><\/a><\/p>\n<p>This is great our VM is running and it has an IP address configured ! But that IP address is only used for Openstack communication, so we still need to associate a floating IP to this system so we can SSH to it. Click on the More dropdown and select <strong>Associate Floating IP<\/strong>.<\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.29.52-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-119\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.29.52-am.png\" alt=\"2014-08-04 12.29.52 am\" width=\"1394\" height=\"630\" \/><\/a><\/p>\n<p><strong>Then click the + &#8230;<\/strong><\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.30.08-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-120\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.30.08-am.png\" alt=\"2014-08-04 12.30.08 am\" width=\"1406\" height=\"536\" \/><\/a><\/p>\n<p><strong>Click Allocate IP&#8230;<\/strong><\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.30.25-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-121\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.30.25-am.png\" alt=\"2014-08-04 12.30.25 am\" width=\"1404\" height=\"650\" \/><\/a><\/p>\n<p><strong>And then click associate&#8230;<\/strong><\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.30.40-am.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-122\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/2014-08-04-12.30.40-am.png\" alt=\"2014-08-04 12.30.40 am\" width=\"2164\" height=\"212\" \/><\/a><\/p>\n<p>Now you should see your VM has an internal IP (a 10 dot address) and an External IP on the 192.168.1.0\/24 network. Now we can SSH to our VM.<\/p>\n<p>We didn&#8217;t mention it earlier, but Openstack comes with only one Linux image by default, it&#8217;s called CirrOS and it&#8217;s just a tiny-minimal cloud image for testing. The login to this operating system is cirros \/ cubswin:) &#8230; which is visible from the console log of the machine once fully booted. Now you could SSH into the machine on 192.168.1.54 using that login and password like so&#8230;<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# ssh cirros@192.168.1.54\r\nThe authenticity of host '192.168.1.54 (192.168.1.54)' can't be established.\r\nRSA key fingerprint is d1:19:89:1d:f0:4b:20:27:a3:7c:99:0d:75:fe:d0:35.\r\nAre you sure you want to continue connecting (yes\/no)? yes\r\nWarning: Permanently added '192.168.1.54' (RSA) to the list of known hosts.\r\ncirros@192.168.1.54's password: \r\n$<\/pre>\n<p><strong>\u00a0But that is lame ! We imported our SSH key remember ? So how do we use that ? Like this..<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# ssh -i cloud.key cirros@192.168.1.54\r\n$<\/pre>\n<p><strong>\u00a0Wow, that is cool.<\/strong><\/p>\n<p>Now what ? Let&#8217;s add some more images.<\/p>\n<h3>Installing More Operating System Images<\/h3>\n<p>Ok, Openstack is installed, Networking is working, Metadata service and our keys are working, we are happy campers, but to make this Cloud useful we are going to need some real Linux images. There is two ways to install images using glance (the openstack image service).<\/p>\n<p>In the first method we download the image using wget &amp; then we run the proper glance command. Here is this approach in action.<\/p>\n<p><strong>Don&#8217;t forget to source the rc file if you have not already<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond ~]# source keystonerc_admin\r\n[root@diamond ~(keystone_admin)]# wget http:\/\/download.fedoraproject.org\/pub\/fedora\/linux\/updates\/20\/Images\/x86_64\/Fedora-x86_64-20-20140407-sda.qcow2\r\n[root@diamond ~(keystone_admin)]# glance image-create --name='Fedora 6.4' --is-public=true \\ --container-format=bare --disk-format=qcow2 &lt; Fedora-x86_64-20-20140407-sda.qcow2<\/pre>\n<p><strong>\u00a0Alternatively, we could do the same thing in one command !<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond ~(keystone_admin)]# glance image-create --name ubuntu-server-12.04 --is-public true --container-format bare --disk-format qcow2 --copy-from http:\/\/cloud-images.ubuntu.com\/precise\/current\/precise-server-cloudimg-amd64-disk1.img<\/pre>\n<p>Remember whenever you run openstack commands you are going the status or result set back from the command.<\/p>\n<p>Once you have installed the Fedora and Ubuntu images you should have a real cloud on your hands. Now you can do things like expand your setup for multi-node or get LBaaS working for load balancing requests to your web servers for example. Or if you want to be amazeballs you could install things like <a href=\"http:\/\/puppetlabs.com\/\">Puppet<\/a> inside of <a href=\"https:\/\/www.docker.com\/\">Docker<\/a>, or <a href=\"http:\/\/cloudfoundry.org\">Cloud Foundry<\/a> and build your PaaS (Platform As A Service)!<\/p>\n<h2>Final Comments<\/h2>\n<p>Openstack can be tricky even for an experienced Sys Admin. While learning Openstack I found it difficult to find tutorials on exactly the setup I was looking for mainly in terms of how the network was being configured, and this often made me second guess myself when I would run into an issue as I learned Openstack. I wanted to write this article to give back and help to educate my brothers and students of life long learning as you embark on your Openstack adventure, Godspeed. Here are some commands of note to help you along your way.<\/p>\n<p><strong>How to launch a VM from command line<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond ~(keystone_admin)]# nova boot --flavor m1.small --image 'Fedora 6.4' --security-groups default --key-name openstack --nic net-id=975a58eb-d3cb-4c5b-956b-ed1bdb0820d2 fed1<\/pre>\n<p><strong>\u00a0How to run command on a network namespace (VM Instance)<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# ip netns exec qrouter-71064321-eb87-4d28-85ee-05f6ddc75968 iptables -L -t nat | grep 169\r\nREDIRECT tcp -- anywhere= 169.254.169.254 tcp dpt:http redir ports 9697\r\n[root@diamond tuxninja]# ip netns exec `ip netns list | grep qrouter` netstat -anpt<\/pre>\n<p><strong>How to restart only neutron services<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# cd \/etc\/init.d\/; for i in $(ls -1 neutron-* | cut -d \\. -f 1); do sudo service $i restart; done<\/pre>\n<p><strong>Or a simpler method would be&#8230; <\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true  \">[root@diamond tuxninja]# openstack-service restart neutron\r\nStopping neutron-dhcp-agent: [FAILED]\r\nStarting neutron-dhcp-agent: [  OK  ]\r\nStopping neutron-l3-agent: [  OK  ]\r\nStarting neutron-l3-agent: [  OK  ]\r\nStopping neutron-metadata-agent: [  OK  ]\r\nStarting neutron-metadata-agent: [  OK  ]\r\nStopping neutron-openvswitch-agent: [  OK  ]\r\nStarting neutron-openvswitch-agent: [  OK  ]\r\nStopping neutron: [  OK  ]\r\nStarting neutron: [  OK  ]\r\n[root@diamond tuxninja]#<\/pre>\n<p><strong>How to add an account \/ change a password using cloud-init<br \/>\n<\/strong><\/p>\n<p>Stick this under Post Creation Customized Script to<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">#cloud-config\r\npassword: mysecret\r\nchpasswd: { expire: False }\r\nssh_pwauth: True \r\n<\/pre>\n<p><strong>How to edit the password file of an image<br \/>\n<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true \">[root@diamond tuxninja]# guestfish -a disk.img -i vi \/etc\/passwd<\/pre>\n<p><strong>How to see the status of openstack services<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# openstack-status<\/pre>\n<p><strong>How to check your log files for more clues<\/strong><\/p>\n<p>you can do this for every openstack service, but below I am just showing the two most popular to troubleshoot for getting your cloud up and going, nova and neutron aka controller, compute and networking logs.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond tuxninja]# tail \/var\/log\/nova\/*.log\r\n[root@diamond tuxninja]# tail \/var\/log\/neutron\/*.log \r\n<\/pre>\n<p><strong>Want to change which partition Openstack uses on local disk (ephemeral storage) to deploy VM&#8217;s ?<\/strong><\/p>\n<p>If the majority of your ephemeral (local) disk is under a different partition other than \/var&#8230; For example, mine was under \/home, then you need to change your state path and restart openstack services. Don&#8217;t forget to copy any existing files in \/var\/lib\/nova\/ to the new location.<\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond ~(keystone_admin)]# grep state_path \/etc\/nova\/nova.conf | grep -v '#' | grep -v ^$ \r\nstate_path=\/home\/openstack\/var\/lib\/nova\r\n[root@diamond ~(keystone_admin)]#<\/pre>\n<p><strong>Checking your openvswitch configuration<\/strong><\/p>\n<pre class=\"nums:false wrap:true lang:default decode:true\">[root@diamond ~(keystone_admin)]# ovs-vsctl show\r\nee001583-903b-4397-8805-40c18b528d2c\r\n    Bridge br-int\r\n        Port \"qvo0cadc326-6b\"\r\n            tag: 3\r\n            Interface \"qvo0cadc326-6b\"\r\n        Port \"tap86f8ac73-41\"\r\n            tag: 3\r\n            Interface \"tap86f8ac73-41\"\r\n                type: internal\r\n        Port \"qr-11baa878-fb\"\r\n            tag: 3\r\n            Interface \"qr-11baa878-fb\"\r\n                type: internal\r\n        Port patch-tun\r\n            Interface patch-tun\r\n                type: patch\r\n                options: {peer=patch-int}\r\n        Port br-int\r\n            Interface br-int\r\n                type: internal\r\n        Port \"qvo6673d677-ed\"\r\n            tag: 3\r\n            Interface \"qvo6673d677-ed\"\r\n        Port \"qvoc8a2b994-a1\"\r\n            tag: 3\r\n            Interface \"qvoc8a2b994-a1\"\r\n    Bridge br-ex\r\n        Port br-ex\r\n            Interface br-ex\r\n                type: internal\r\n        Port \"eth0\"\r\n            Interface \"eth0\"\r\n        Port \"qg-82e238cc-3d\"\r\n            Interface \"qg-82e238cc-3d\"\r\n                type: internal\r\n    ovs_version: \"1.11.0\"\r\n[root@diamond ~(keystone_admin)]#<\/pre>\n<h3>The Final Gem<\/h3>\n<p><strong>The Most Popular Issue I ran Into When Installing Openstack<\/strong><\/p>\n<p>Looks like this in the console..<\/p>\n<p><a href=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/novalidhost.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-133\" src=\"http:\/\/tuxlabs.com\/wp-content\/uploads\/2014\/08\/novalidhost.png\" alt=\"novalidhost\" width=\"1141\" height=\"509\" \/><\/a><\/p>\n<p>This is the generic error for I didn&#8217;t have resources to create the VM, which can happen for a multitude of reasons&#8230;Like for example, the Openvswitch-agent not running.<\/p>\n<pre class=\"lang:default decode:true \">[root@diamond metadata]# openstack-status\r\n...\r\nneutron-openvswitch-agent:              dead<\/pre>\n<p><strong>But why is Openvswitch Agent Failing ?\u00a0<\/strong><\/p>\n<pre class=\"lang:default decode:true \">[root@diamond metadata]# tail \/var\/log\/neutron\/openvswitch-agent.log\r\n2014-07-27 12:47:31.072 17288 TRACE neutron   File \"\/usr\/bin\/neutron-openvswitch-agent\", line 10, in &lt;module&gt;\r\n2014-07-27 12:47:31.072 17288 TRACE neutron     sys.exit(main())\r\n2014-07-27 12:47:31.072 17288 TRACE neutron   File \"\/usr\/lib\/python2.6\/site-packages\/neutron\/plugins\/openvswitch\/agent\/ovs_neutron_agent.py\", line 1394, in main\r\n2014-07-27 12:47:31.072 17288 TRACE neutron     agent = OVSNeutronAgent(**agent_config)\r\n2014-07-27 12:47:31.072 17288 TRACE neutron   File \"\/usr\/lib\/python2.6\/site-packages\/neutron\/plugins\/openvswitch\/agent\/ovs_neutron_agent.py\", line 216, in __init__\r\n2014-07-27 12:47:31.072 17288 TRACE neutron     self.setup_tunnel_br(tun_br)\r\n2014-07-27 12:47:31.072 17288 TRACE neutron   File \"\/usr\/lib\/python2.6\/site-packages\/neutron\/plugins\/openvswitch\/agent\/ovs_neutron_agent.py\", line 707, in setup_tunnel_br\r\n2014-07-27 12:47:31.072 17288 TRACE neutron     if int(self.patch_tun_ofport) &lt; 0 or int(self.patch_int_ofport) &lt; 0:\r\n2014-07-27 12:47:31.072 17288 TRACE neutron TypeError: int() argument must be a string or a number, not 'NoneType'\r\n2014-07-27 12:47:31.072 17288 TRACE neutron<\/pre>\n<p><strong>Additionally, I have seen different errors presented referencing vif.py\u00a0<\/strong><\/p>\n<p>The fix for this could be multiple different things. What you should do first is verify your network interfaces are configured 100% correctly. Compare your ovs-vsctl output to mine above&#8230; Look different ? Shorter, stuff is missing ? Ok this error usually means Openstack is having difficulty inserting port&#8217;s into Openvswitch for whatever reason. What I found is the most common error is that you did not restart networking, before restarting openstack networking after making a configuration change to the interfaces. So to resolve this try&#8230;<\/p>\n<pre class=\"lang:default decode:true \">[root@diamond metadata]# \/etc\/init.d\/network restart\r\nShutting down interface br-ex:                             [  OK  ]\r\nShutting down interface br-int:                            [  OK  ]\r\nShutting down interface br-tun:                            [  OK  ]\r\nShutting down interface eth0:                              [  OK  ]\r\nShutting down interface eth1:                              [  OK  ]\r\nShutting down loopback interface:                          [  OK  ]\r\nBringing up loopback interface:                            [  OK  ]\r\nBringing up interface br-ex:  Determining if ip address 192.168.1.10 is already in use for device br-ex...\r\n                                                           [  OK  ]\r\nBringing up interface br-int:                              [  OK  ]\r\nBringing up interface br-tun:                              [  OK  ]\r\nBringing up interface eth0:  RTNETLINK answers: File exists\r\n                                                           [  OK  ]\r\nBringing up interface eth1:  Determining if ip address 10.0.0.1 is already in use for device eth1...\r\n                                                           [  OK  ]\r\n[root@diamond metadata]# openstack-service --full-restart\r\n\r\nStopping openstack-ceilometer-alarm-evaluator:             [  OK  ]\r\nStarting openstack-ceilometer-alarm-evaluator:             [  OK  ]\r\nStopping openstack-ceilometer-alarm-notifier:              [  OK  ]\r\nStarting openstack-ceilometer-alarm-notifier:              [  OK  ]\r\nStopping openstack-ceilometer-api:                         [  OK  ]\r\nStarting openstack-ceilometer-api:                         [  OK  ]\r\nStopping openstack-ceilometer-central:                     [  OK  ]\r\nStarting openstack-ceilometer-central:                     [  OK  ]\r\nStopping openstack-ceilometer-collector:                   [  OK  ]\r\nStarting openstack-ceilometer-collector:                   [  OK  ]\r\nStopping openstack-ceilometer-compute:                     [  OK  ]\r\nStarting openstack-ceilometer-compute:                     [  OK  ]\r\nStopping openstack-ceilometer-agent-notification:          [  OK  ]\r\nStarting openstack-ceilometer-agent-notification:          [  OK  ]\r\nStopping openstack-cinder-api:                             [  OK  ]\r\nStarting openstack-cinder-api:                             [  OK  ]\r\nStopping openstack-cinder-backup:                          [  OK  ]\r\nStarting openstack-cinder-backup:                          [  OK  ]\r\nStopping openstack-cinder-scheduler:                       [  OK  ]\r\nStarting openstack-cinder-scheduler:                       [  OK  ]\r\nStopping openstack-cinder-volume:                          [  OK  ]\r\nStarting openstack-cinder-volume:                          [  OK  ]\r\nStopping openstack-glance-api:                             [  OK  ]\r\nStarting openstack-glance-api:                             [  OK  ]\r\nStopping openstack-glance-registry:                        [  OK  ]\r\nStarting openstack-glance-registry:                        [  OK  ]\r\nStopping openstack-glance-scrubber:                        [  OK  ]\r\nStarting openstack-glance-scrubber:                        [  OK  ]\r\nStopping keystone:                                         [  OK  ]\r\nStarting keystone:                                         [  OK  ]\r\nStopping openstack-nova-api:                               [  OK  ]\r\nStarting openstack-nova-api:                               [  OK  ]\r\nStopping openstack-nova-cert:                              [  OK  ]\r\nStarting openstack-nova-cert:                              [  OK  ]\r\nStopping openstack-nova-compute:                           [  OK  ]\r\nStarting openstack-nova-compute:                           [  OK  ]\r\nStopping openstack-nova-conductor:                         [  OK  ]\r\nStarting openstack-nova-conductor:                         [  OK  ]\r\nStopping openstack-nova-console:                           [  OK  ]\r\nStarting openstack-nova-console:                           [  OK  ]\r\nStopping openstack-nova-consoleauth:                       [  OK  ]\r\nStarting openstack-nova-consoleauth:                       [  OK  ]\r\nStopping openstack-nova-metadata-api:                      [FAILED]\r\nStarting openstack-nova-metadata-api:                      [  OK  ]\r\nStopping openstack-nova-novncproxy:                        [  OK  ]\r\nStarting openstack-nova-novncproxy:                        [  OK  ]\r\nStopping openstack-nova-scheduler:                         [  OK  ]\r\nStarting openstack-nova-scheduler:                         [  OK  ]\r\nStopping openstack-nova-spicehtml5proxy:                   [FAILED]\r\nStarting openstack-nova-spicehtml5proxy:                   [  OK  ]\r\nStopping openstack-nova-xvpvncproxy:                       [  OK  ]\r\nStarting openstack-nova-xvpvncproxy:                       [  OK  ]\r\nStopping openstack-swift-account:                          [  OK  ]\r\nStarting openstack-swift-account:                          [  OK  ]\r\nStopping openstack-swift-account-auditor:                  [  OK  ]\r\nStarting openstack-swift-account-auditor:                  [  OK  ]\r\nStopping openstack-swift-account-reaper:                   [  OK  ]\r\nStarting openstack-swift-account-reaper:                   [  OK  ]\r\nStopping openstack-swift-account-replicator:               [  OK  ]\r\nStarting openstack-swift-account-replicator:               [  OK  ]\r\nStopping openstack-swift-container:                        [  OK  ]\r\nStarting openstack-swift-container:                        [  OK  ]\r\nStopping openstack-swift-container-auditor:                [  OK  ]\r\nStarting openstack-swift-container-auditor:                [  OK  ]\r\nStopping openstack-swift-container-replicator:             [  OK  ]\r\nStarting openstack-swift-container-replicator:             [  OK  ]\r\nStopping openstack-swift-container-updater:                [  OK  ]\r\nStarting openstack-swift-container-updater:                [  OK  ]\r\nStopping openstack-swift-object:                           [  OK  ]\r\nStarting openstack-swift-object:                           [  OK  ]\r\nStopping openstack-swift-object-auditor:                   [  OK  ]\r\nStarting openstack-swift-object-auditor:                   [  OK  ]\r\nStopping openstack-swift-object-expirer:                   [  OK  ]\r\nStarting openstack-swift-object-expirer:                   [  OK  ]\r\nStopping openstack-swift-object-replicator:                [  OK  ]\r\nStarting openstack-swift-object-replicator:                [  OK  ]\r\nStopping openstack-swift-object-updater:                   [  OK  ]\r\nStarting openstack-swift-object-updater:                   [  OK  ]\r\nStopping openstack-swift-proxy:                            [  OK  ]\r\nStarting openstack-swift-proxy:                            [  OK  ]\r\nStopping neutron-dhcp-agent:                               [  OK  ]\r\nStarting neutron-dhcp-agent:                               [  OK  ]\r\nStopping neutron-l3-agent:                                 [  OK  ]\r\nStarting neutron-l3-agent:                                 [  OK  ]\r\nStopping neutron-lbaas-agent:                              [FAILED]\r\nStarting neutron-lbaas-agent:                              [  OK  ]\r\nStopping neutron-metadata-agent:                           [  OK  ]\r\nStarting neutron-metadata-agent:                           [  OK  ]\r\nStopping neutron-openvswitch-agent:                        [FAILED]\r\nStarting neutron-openvswitch-agent:                        [  OK  ]\r\nStopping neutron-openvswitch-agent:                        [  OK  ]\r\nStarting neutron-openvswitch-agent:                        [  OK  ]\r\nStopping neutron:                                          [  OK  ]\r\nStarting neutron:                                          [  OK  ]\r\n[root@diamond metadata]#\r\n<\/pre>\n<p><strong>Now when we run openstack-status the openvswitch-agent should be running !<\/strong><\/p>\n<pre class=\"lang:default decode:true\">[root@diamond metadata]# openstack-status\r\n...\r\nneutron-openvswitch-agent:              active\r\n\r\n\r\n[root@diamond metadata]# tail \/var\/log\/neutron\/openvswitch-agent.log\r\n2014-07-27 12:50:13.793 24985 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-f9d72adc-3043-4c3e-a24c-fc32bfa1d835 None] Agent initialized successfully, now running...\r\n2014-07-27 12:50:13.800 24985 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-f9d72adc-3043-4c3e-a24c-fc32bfa1d835 None] Agent out of sync with plugin!\r\n2014-07-27 12:50:13.801 24985 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-f9d72adc-3043-4c3e-a24c-fc32bfa1d835 None] Agent tunnel out of sync with plugin!\r\n2014-07-27 12:50:13.851 24985 INFO neutron.openstack.common.rpc.common [req-f9d72adc-3043-4c3e-a24c-fc32bfa1d835 None] Connected to AMQP server on 192.168.1.10:5672\r\n2014-07-27 12:50:14.329 24985 INFO neutron.agent.securitygroups_rpc [-] Preparing filters for devices set([u'e44457a8-c88a-4a3a-818a-c96c75e16979'])\r\n2014-07-27 12:50:15.023 24985 WARNING neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Device e44457a8-c88a-4a3a-818a-c96c75e16979 not defined on plugin\r\n2014-07-27 12:50:18.119 24985 INFO neutron.agent.securitygroups_rpc [-] Preparing filters for devices set([u'9cdf8669-9e09-48bb-873e-84cfad27993f'])\r\n2014-07-27 12:50:18.812 24985 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Port 9cdf8669-9e09-48bb-873e-84cfad27993f updated. Details: {u'admin_state_up': True, u'network_id': u'975a58eb-d3cb-4c5b-956b-ed1bdb0820d2', u'segmentation_id': 10, u'physical_network': None, u'device': u'9cdf8669-9e09-48bb-873e-84cfad27993f', u'port_id': u'9cdf8669-9e09-48bb-873e-84cfad27993f', u'network_type': u'vxlan'}\r\n2014-07-27 12:50:18.812 24985 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Assigning 1 as local vlan for net-id=975a58eb-d3cb-4c5b-956b-ed1bdb0820d2\r\n2014-07-27 12:50:19.205 24985 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Configuration for device 9cdf8669-9e09-48bb-873e-84cfad27993f completed.\r\n[root@diamond metadata]#\r\n\r\n<\/pre>\n<p><strong>\u00a0And Healthy ! Awesome. Last, but not least you can find all my blessed configs for this article as well as a script I wrote to snapshot those configs on my <a href=\"https:\/\/github.com\/tuxninja\/openstack-scripts\">github<\/a>. Thanks for learning with me.<br \/>\n<\/strong><\/p>\n<p><span style=\"font: 13.0px Arial;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<a href=\"https:\/\/tuxlabs.com\/?p=82\" rel=\"bookmark\" title=\"Permalink to How To: Install Openstack Icehouse on CentOS 6.5 Using Packstack\"><p>A brief introduction of Openstack + My thoughts Openstack is open-source software for building clouds. It was created in 2010 by people from Rackspace &amp; NASA, but is currently managed by the non-profit Openstack Foundation, which includes members from the who&#8217;s who of the technology sector that have joined forces to continue to invest &amp; [&hellip;]<\/p>\n<\/a>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[130,1,28,12],"tags":[23,15,27,20,14,19,26,18,17,13,16,55,21,25,24,22],"class_list":{"0":"post-82","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-cloud","7":"category-howtos","8":"category-openstack-howtos","9":"category-systems-administration","10":"tag-aws","11":"tag-centos","12":"tag-cinder","13":"tag-glance","14":"tag-icehouse","15":"tag-keystone","16":"tag-metadata-service","17":"tag-neutron","18":"tag-nova","19":"tag-openstack","20":"tag-packstack","21":"tag-python","22":"tag-swift","23":"tag-vif-py","24":"tag-virtualization","25":"tag-vmware","26":"h-entry","27":"hentry"},"_links":{"self":[{"href":"https:\/\/tuxlabs.com\/index.php?rest_route=\/wp\/v2\/posts\/82","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tuxlabs.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tuxlabs.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tuxlabs.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tuxlabs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=82"}],"version-history":[{"count":40,"href":"https:\/\/tuxlabs.com\/index.php?rest_route=\/wp\/v2\/posts\/82\/revisions"}],"predecessor-version":[{"id":138,"href":"https:\/\/tuxlabs.com\/index.php?rest_route=\/wp\/v2\/posts\/82\/revisions\/138"}],"wp:attachment":[{"href":"https:\/\/tuxlabs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=82"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tuxlabs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=82"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tuxlabs.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=82"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}