Red Hat Bugzilla – Bug 986024
Set up quantum networks/subnets/routers for allinone for parity with Nova Networking
Last modified: 2016-04-26 12:13:05 EDT
The experience with installing via packstack with Quantum/Neutron is poor, compared with installing with Nova networking. This is primarily due to the fact that with Quantum/Neutron it is necessary to manually create networks/subnets/routers to be able to launch a VM. We should implement things in such a way that: $ packstack --allinone with quantum/neutron enabled leaves things in a state that is as close to what a user would get functionality-wise with Nova networking (i.e. the user should be able to follow the instructions at http://openstack.redhat.com/Running_an_instance) with as few changes as possible. (this work is already done, but this bug is to track actually getting everything in the release)
New answer file options: CONFIG_KEYSTONE_DEMO_PW The demo tenant password. Automatically configured/no prompting just like the ADMIN_PW. Only actually used if CONFIG_PROVISION_DEMO=y CONFIG_PROVISION_DEMO Whether to provision demo quantum networks/subnets/routers Requires: CONFIG_QUANTUM_INSTALL=y and CONFIG_QUANTUM_USE_NAMESPACES=y CONFIG_PROVISION_TEMPEST Whether to set up tempest for running tests against the Openstack install Requires: CONFIG_QUANTUM_INSTALL=y and CONFIG_QUANTUM_USE_NAMESPACES=y CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE Whether to set up the L3 external bridge with the appropriate IP address to act as the gateway for VMs. The --allinone option will automatically enable CONFIG_PROVISION_DEMO and CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE if CONFIG_QUANTUM_INSTALL=y (which it is by default). --allinone --os-quantum-install=n still works for installing w/o quantum. Additional changes: 1) A new 'demo' keystone tenant is added along with a keystonerc_demo file which can be sourced like the existing keystonerc_admin. Users should log into horizon using the 'demo' account instead of the 'admin' account due to the ownership of the private and public networks. 2) When launching a VM via horizon, the user will additionally need to go to the "Network" tab and select the "private" network. 3) Current instructions specify creating an security group rule to allow SSH traffic. It might be helpful to have them add an ICMP rule as well (entering -1 for the two fields to allow all ICMP)
Next release is 2013.1.3
# rpm -qa |grep packstack packstack-modules-puppet-2013.1.1-0.27.dev660.el6ost.noarch openstack-packstack-2013.1.1-0.27.dev660.el6ost.noarch packstack --allinone creates demo tenant&user with public and private networks need to add icmp to security-group instances are booted and pinged in private network allocated floating ip and pinged ok # packstack --allinone # quantum security-group-rule-create --protocol icmp --direction ingress 3a0e68a4-7a92-4c16-bbf4-2c509671ea82 # quantum security-group-rule-create 3a0e68a4-7a92-4c16-bbf4-2c509671ea82 --protocol icmp --direction egress # nova boot --flavor 2 test_image --image cirros # ip netns exec qrouter-e0792394-65d0-4a67-8559-bb2bd3930bc4 ping 10.0.0.3 # quantum floatingip-create public # quantum floatingip-associate 9a153f75-28e9-4dad-89ef-0d886edf2c27 bf1b7600-ea29-46aa-be01-0a19a251b729 # ping 172.24.4.227
Needinfo for Terry Wilson: I am writing the Doc Text for bug advisories. As the Doc Text field was blank, I have written the current Doc Text from scratch. Could you please edit it and correct as necessary. Especially the final para: 3) Current instructions specify ... needs some clarification,.e.g. which instructions are referred to, is it step 2 of http://openstack.redhat.com/Running_an_instance ? Is the "it might be helpful to have them add an ICMP rule..." actually a must? And do you know if RDO instructions will be updated?
Bruce Reeler: Doc text mostly looks good. On part 3, there are currently instructions set up for using Quantum/packstack at http://openstack.redhat.com/Neutron-Quickstart. This is an alternative to the "default" quickstart at http://openstack.redhat.com/Quickstart as we wanted to give people a chance to beat on the neutron-based install before recommending it for everyone. The linked instructions include the ICMP security group rule.
Bruce: Works for me. I'd probably leave 3) out alltogether as it is just an update to external documentation that people will get when they reference the documentation at the next line. But, it doesn't hurt to have it in.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1186.html