From Fedora Project Wiki

(Drop some completed items)
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== TODO items (anybody feel free to add/delete) ==
== Nova Network Setup ==


* is chrome bug in 'Volumes' still relevant?
Please note in "Nova Network Setup"  if you use a network other than 10.0.0.0/8  You must also add a corresponding "fixed_range" in /etc/nova/nova.conf and restart the nova network service, or reboot.
* do we have a prebuilt image available, what danpb has been doing?
 
** http://berrange.fedorapeople.org/images/2012-02-29/
== cfg-authtoken ==
** if so, move oz/tty images to 'additional functionality'
 
* hint on how to setup sudo? f16 openstack test day page has one
With Folsom RPMs (f18 updates-testing or f17 "preview" http://repos.fedorapeople.org/repos/openstack/openstack-folsom/fedora-openstack-folsom.repo) authtoken middleware can be configured in the application's config file https://review.openstack.org/#/c/10579/
* keystone + dashboard cleanup steps
Steps to remove middleware config from paste-ini:
* keystone should come prepared with nova-volume and glance services out of the box in /etc/keystone/default_catalog.templates . keystone data script probably needs tweaking as well
* Nova
** apevec: I'll propose that upstream, now that catalogs have sql backed: https://github.com/openstack/keystone/commit/37d223ecdb392f3b46079418a7b82398afca2128
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_tenant_name
* I think we can drop the nova auth section from 'Basic Setup'... we still do 'nova-manage network create', but use the 'nova' tool for keypair setup and instance launching. Someone needs to try it though. (crobinso: besides, doing those auth steps on e3 nova gives me an error: https://answers.launchpad.net/nova/+question/146517 Just running nova-api didn't help. Had to cd /var/lib/nova/CA and run ./genrootca.sh)
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_user
** Yes there is a separate cert server that should be started an that runs the genrootca for us. I've updated that in the testday notes, so I'll update here too
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_password
* Setup the equivalent of 'novarc' but with keystone env? Horizon can generate one from the 'settings' panel, including one for use with the ec2 api.
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_host
* is nbd still required or does libguestfs do this for us?
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_port
** NBD is not required but faster. Especially when openstack itself is run within a vm
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_protocol
* crobinso: I already had mysql-server installed with an unknown password, pulled in by random kde stuff. Might want to mention that mysql password can be reset with 'sudo mysqladmin -u root -p password'
sudo openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
* easy command to check that services are running, since systemd seems pretty async: systemctl list-units --full | grep openstack
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
** Probably one for an openstack-common or openstack-fedora package (which would also hold the openstack-db-setup script etc.)
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
* crobinso: Not sure if I did anything wrong, but when I was in the westford office which has host networking on 10.0.0.* subnet, this recommended config killed my host connectivity. maybe we want to recommend a weirder subnet.
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password servicepass
* all the steps outside of 'Basic Setup' need a review
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
* Glance
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http

Latest revision as of 17:50, 10 September 2012

Nova Network Setup

Please note in "Nova Network Setup" if you use a network other than 10.0.0.0/8 You must also add a corresponding "fixed_range" in /etc/nova/nova.conf and restart the nova network service, or reboot.

cfg-authtoken

With Folsom RPMs (f18 updates-testing or f17 "preview" http://repos.fedorapeople.org/repos/openstack/openstack-folsom/fedora-openstack-folsom.repo) authtoken middleware can be configured in the application's config file https://review.openstack.org/#/c/10579/ Steps to remove middleware config from paste-ini:

  • Nova
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/nova/api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
  • Glance
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-api-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http

sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_tenant_name
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_user
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken admin_password
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_host
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_port
sudo openstack-config --del /etc/glance/glance-registry-paste.ini filter:authtoken auth_protocol
sudo openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password servicepass
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host 127.0.0.1
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
sudo openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http