Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 986024

Summary:	Set up quantum networks/subnets/routers for allinone for parity with Nova Networking
Product:	Red Hat OpenStack	Reporter:	Terry Wilson <twilson>
Component:	openstack-packstack	Assignee:	Terry Wilson <twilson>
Status:	CLOSED ERRATA	QA Contact:	yfried
Severity:	urgent	Docs Contact:	Stephen Gordon <sgordon>
Priority:	urgent
Version:	3.0	CC:	ajeain, aortega, breeler, derekh, mmagr, sclewis, twilson
Target Milestone:	z2	Keywords:	ZStream
Target Release:	3.0
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	openstack-packstack-2013.1.1-0.24.dev651.el6ost	Doc Type:	Bug Fix
Doc Text:	Previously when using Quantum/Neutron with packstack, networks/subnets/routers had to be manually configured, a process that was complex and could lead to errors. The packstack --allinone command has been modified and new answer file options have been added: CONFIG_KEYSTONE_DEMO_PW The demo tenant password. Automatically configured/no prompting just like the ADMIN_PW. Only actually used if CONFIG_PROVISION_DEMO=y CONFIG_PROVISION_DEMO Whether to provision demo quantum networks/subnets/routers Requires: CONFIG_QUANTUM_INSTALL=y and CONFIG_QUANTUM_USE_NAMESPACES=y CONFIG_PROVISION_TEMPEST Whether to set up tempest for running tests against the Openstack install Requires: CONFIG_QUANTUM_INSTALL=y and CONFIG_QUANTUM_USE_NAMESPACES=y CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE Whether to set up the L3 external bridge with the appropriate IP address to act as the gateway for VMs. The --allinone option will automatically enable CONFIG_PROVISION_DEMO and CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE if CONFIG_QUANTUM_INSTALL=y (which it is by default). --allinone --os-quantum-install=n still works for installing without Quantum. Additional changes: 1) A new 'demo' keystone tenant has been added along with a keystonerc_demo file which can be sourced like the existing keystonerc_admin. You should log into Horizon using the 'demo' account instead of the 'admin' account due to the ownership of the private and public networks. 2) When launching a VM via Horizon, you additionally need to go to the "Network" tab and select the "private" network. 3) Current instructions specify creating a security group rule to allow SSH traffic. An ICMP rule has been added as well. Instructions for installing Neutron using PackStack are available at http://openstack.redhat.com/Neutron-Quickstart.	Story Points:	---
Clone Of:
Clones:	986036 (view as bug list)		Environment:
Last Closed:	2013-09-03 19:57:37 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	986036

Description Terry Wilson 2013-07-18 19:26:01 UTC

The experience with installing via packstack with Quantum/Neutron is poor, compared with installing with Nova networking. This is primarily due to the fact that with Quantum/Neutron it is necessary to manually create networks/subnets/routers to be able to launch a VM.

We should implement things in such a way that:

$ packstack --allinone

with quantum/neutron enabled leaves things in a state that is as close to what a user would get functionality-wise with Nova networking (i.e. the user should be able to follow the instructions at http://openstack.redhat.com/Running_an_instance) with as few changes as possible.

(this work is already done, but this bug is to track actually getting everything in the release)

Comment 1 Terry Wilson 2013-07-18 20:11:29 UTC

New answer file options:

CONFIG_KEYSTONE_DEMO_PW
  The demo tenant password. Automatically configured/no prompting just like the ADMIN_PW. Only actually used if CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_DEMO
  Whether to provision demo quantum networks/subnets/routers
  Requires: CONFIG_QUANTUM_INSTALL=y and CONFIG_QUANTUM_USE_NAMESPACES=y
CONFIG_PROVISION_TEMPEST
  Whether to set up tempest for running tests against the Openstack install
  Requires: CONFIG_QUANTUM_INSTALL=y and CONFIG_QUANTUM_USE_NAMESPACES=y
CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE
  Whether to set up the L3 external bridge with the appropriate IP address to act as the gateway for VMs.

The --allinone option will automatically enable CONFIG_PROVISION_DEMO and CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE if CONFIG_QUANTUM_INSTALL=y (which it is by default). --allinone --os-quantum-install=n still works for installing w/o quantum.

Additional changes:
1) A new 'demo' keystone tenant is added along with a keystonerc_demo file which can be sourced like the existing keystonerc_admin. Users should log into horizon using the 'demo' account instead of the 'admin' account due to the ownership of the private and public networks.

2) When launching a VM via horizon, the user will additionally need to go to the "Network" tab and select the "private" network.

3) Current instructions specify creating an security group rule to allow SSH traffic. It might be helpful to have them add an ICMP rule as well (entering -1 for the two fields to allow all ICMP)

Comment 5 Scott Lewis 2013-07-31 18:21:08 UTC

Next release is 2013.1.3

Comment 7 yfried 2013-08-19 14:25:43 UTC

# rpm -qa |grep packstack
packstack-modules-puppet-2013.1.1-0.27.dev660.el6ost.noarch
openstack-packstack-2013.1.1-0.27.dev660.el6ost.noarch


packstack --allinone creates demo tenant&user with public and private networks

need to add icmp to security-group

instances are booted and pinged in private network
allocated floating ip and pinged ok

# packstack --allinone
# quantum security-group-rule-create --protocol icmp --direction ingress 3a0e68a4-7a92-4c16-bbf4-2c509671ea82
# quantum security-group-rule-create 3a0e68a4-7a92-4c16-bbf4-2c509671ea82 --protocol icmp --direction egress
# nova boot --flavor 2 test_image --image cirros
# ip netns exec qrouter-e0792394-65d0-4a67-8559-bb2bd3930bc4 ping 10.0.0.3
# quantum floatingip-create public
# quantum floatingip-associate 9a153f75-28e9-4dad-89ef-0d886edf2c27 bf1b7600-ea29-46aa-be01-0a19a251b729
# ping 172.24.4.227

Comment 8 Bruce Reeler 2013-08-23 03:29:20 UTC

Needinfo for Terry Wilson:
I am writing the Doc Text for bug advisories. As the Doc Text field was blank, I have written the current Doc Text from scratch. Could you please edit it and correct as necessary.

Especially the final para: 3) Current instructions specify ... needs some clarification,.e.g. which instructions are referred to, is it step 2 of http://openstack.redhat.com/Running_an_instance ? Is the "it might be helpful to have them add an ICMP rule..." actually a must? 

And do you know if RDO instructions will be updated?

Comment 9 Terry Wilson 2013-08-23 15:52:36 UTC

Bruce Reeler: Doc text mostly looks good. On part 3, there are currently instructions set up for using Quantum/packstack at http://openstack.redhat.com/Neutron-Quickstart. This is an alternative to the "default" quickstart at http://openstack.redhat.com/Quickstart as we wanted to give people a chance to beat on the neutron-based install before recommending it for everyone. The linked instructions include the ICMP security group rule.

Comment 10 Terry Wilson 2013-08-26 13:26:41 UTC

Bruce: Works for me. I'd probably leave 3) out alltogether as it is just an update to external documentation that people will get when they reference the documentation at the next line. But, it doesn't hurt to have it in.

Comment 12 errata-xmlrpc 2013-09-03 19:57:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1186.html