Tuesday, December 08, 2015

DVR_SNAT && DVR on RDO Mitaka M1 (CentOS 7.1)

********************************************************
Setup Delorean Repos for Mitaka M1 on CentOS 7.1
********************************************************
yum -y install yum-plugin-priorities
cd /etc/yum.repos.d/
# for Centos 7 and RHEL 7
wget http://trunk.rdoproject.org/centos7/delorean-deps.repo
wget http://trunk.rdoproject.org/centos7/current-passed-ci/delorean.repo
yum -y install openstack-packstack 

********************************************************************
Before running packstack on RDO Mitaka M1 be aware of
********************************************************************

1.  https://bugzilla.redhat.com/show_bug.cgi?id=1288179
2.  https://bugzilla.redhat.com/show_bug.cgi?id=1285314

[root@ip-192-169-142-127 ~(keystone_admin)]# cat answer3Node.txt
[general]
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
CONFIG_DEFAULT_PASSWORD=
CONFIG_MARIADB_INSTALL=y
CONFIG_GLANCE_INSTALL=y
CONFIG_CINDER_INSTALL=y
CONFIG_NOVA_INSTALL=y
CONFIG_NEUTRON_INSTALL=y
CONFIG_HORIZON_INSTALL=y
CONFIG_SWIFT_INSTALL=y
# For now, just to avoid headaches
CONFIG_CEILOMETER_INSTALL=n
CONFIG_HEAT_INSTALL=n
CONFIG_CLIENT_INSTALL=y
CONFIG_NTP_SERVERS=
CONFIG_NAGIOS_INSTALL=y
EXCLUDE_SERVERS=
CONFIG_DEBUG_MODE=n
CONFIG_CONTROLLER_HOST=192.169.142.127
CONFIG_COMPUTE_HOSTS=192.169.142.137,192.169.142.147
CONFIG_NETWORK_HOSTS=192.169.142.127
CONFIG_VMWARE_BACKEND=n
CONFIG_UNSUPPORTED=n
CONFIG_VCENTER_HOST=
CONFIG_VCENTER_USER=
CONFIG_VCENTER_PASSWORD=
CONFIG_VCENTER_CLUSTER_NAME=
CONFIG_STORAGE_HOST=192.169.142.127
CONFIG_USE_EPEL=y
CONFIG_REPO=
CONFIG_RH_USER=
CONFIG_SATELLITE_URL=
CONFIG_RH_PW=
CONFIG_RH_OPTIONAL=y
CONFIG_RH_PROXY=
CONFIG_RH_PROXY_PORT=
CONFIG_RH_PROXY_USER=
CONFIG_RH_PROXY_PW=
CONFIG_SATELLITE_USER=
CONFIG_SATELLITE_PW=
CONFIG_SATELLITE_AKEY=
CONFIG_SATELLITE_CACERT=
CONFIG_SATELLITE_PROFILE=
CONFIG_SATELLITE_FLAGS=
CONFIG_SATELLITE_PROXY=
CONFIG_SATELLITE_PROXY_USER=
CONFIG_SATELLITE_PROXY_PW=
CONFIG_AMQP_BACKEND=rabbitmq
CONFIG_AMQP_HOST=192.169.142.127
CONFIG_AMQP_ENABLE_SSL=n
CONFIG_AMQP_ENABLE_AUTH=n
CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
CONFIG_AMQP_SSL_PORT=5671
CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/amqp_selfkey.pem
CONFIG_AMQP_SSL_SELF_SIGNED=y
CONFIG_AMQP_AUTH_USER=amqp_user
CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
CONFIG_MARIADB_HOST=192.169.142.127
CONFIG_MARIADB_USER=root
CONFIG_MARIADB_PW=7207ae344ed04957
CONFIG_KEYSTONE_DB_PW=abcae16b785245c3
CONFIG_KEYSTONE_REGION=RegionOne
CONFIG_KEYSTONE_ADMIN_TOKEN=3ad2de159f9649afb0c342ba57e637d9
CONFIG_KEYSTONE_ADMIN_PW=7049f834927e4468
CONFIG_KEYSTONE_DEMO_PW=bf737b785cfa4398
CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
CONFIG_KEYSTONE_SERVICE_NAME=httpd
CONFIG_GLANCE_DB_PW=41264fc52ffd4fe8
CONFIG_GLANCE_KS_PW=f6a9398960534797
CONFIG_GLANCE_BACKEND=file
CONFIG_CINDER_DB_PW=5ac08c6d09ba4b69
CONFIG_CINDER_KS_PW=c8cb1ecb8c2b4f6f
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUMES_SIZE=5G
CONFIG_CINDER_GLUSTER_MOUNTS=
CONFIG_CINDER_NFS_MOUNTS=
CONFIG_CINDER_NETAPP_LOGIN=
CONFIG_CINDER_NETAPP_PASSWORD=
CONFIG_CINDER_NETAPP_HOSTNAME=
CONFIG_CINDER_NETAPP_SERVER_PORT=80
CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=
CONFIG_CINDER_NETAPP_VOLUME_LIST=
CONFIG_CINDER_NETAPP_VFILER=
CONFIG_CINDER_NETAPP_VSERVER=
CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
CONFIG_CINDER_NETAPP_SA_PASSWORD=
CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
CONFIG_CINDER_NETAPP_STORAGE_POOLS=
CONFIG_NOVA_DB_PW=1e1b5aeeeaf342a8
CONFIG_NOVA_KS_PW=d9583177a2444f06
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
CONFIG_NOVA_COMPUTE_PRIVIF=eth1
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=eth1
CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL=nova
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_VLAN_START=100
CONFIG_NOVA_NETWORK_NUMBER=1
CONFIG_NOVA_NETWORK_SIZE=255
CONFIG_NEUTRON_KS_PW=808e36e154bd4cee
CONFIG_NEUTRON_DB_PW=0e2b927a21b44737
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_L2_PLUGIN=ml2
CONFIG_NEUTRON_METADATA_PW=a965cd23ed2f4502
CONFIG_LBAAS_INSTALL=n
CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
CONFIG_NEUTRON_FWAAS=n
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
CONFIG_NEUTRON_ML2_VLAN_RANGES=
CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1001:2000
CONFIG_NEUTRON_ML2_VXLAN_GROUP=239.1.1.2
CONFIG_NEUTRON_ML2_VNI_RANGES=1001:2000
CONFIG_NEUTRON_L2_AGENT=openvswitch
CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE=local
CONFIG_NEUTRON_LB_VLAN_RANGES=
CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=vxlan
CONFIG_NEUTRON_OVS_VLAN_RANGES=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
CONFIG_NEUTRON_OVS_TUNNEL_RANGES=1001:2000
CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
CONFIG_HORIZON_SSL=n
CONFIG_SSL_CERT=
CONFIG_SSL_KEY=
CONFIG_SSL_CACHAIN=
CONFIG_SWIFT_KS_PW=8f75bfd461234c30
CONFIG_SWIFT_STORAGES=
CONFIG_SWIFT_STORAGE_ZONES=1
CONFIG_SWIFT_STORAGE_REPLICAS=1
CONFIG_SWIFT_STORAGE_FSTYPE=ext4
CONFIG_SWIFT_HASH=a60aacbedde7429a
CONFIG_SWIFT_STORAGE_SIZE=2G
CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_TEMPEST=n
CONFIG_PROVISION_TEMPEST_USER=
CONFIG_PROVISION_TEMPEST_USER_PW=44faa4ebc3da4459
CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE=n
CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
CONFIG_HEAT_AUTH_ENC_KEY=fc3fb7fee61e46b0
CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_HEAT_USING_TRUSTS=y
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_DOMAIN=heat
CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
CONFIG_CEILOMETER_SECRET=19ae0e7430174349
CONFIG_CEILOMETER_KS_PW=337b08d4b3a44753
CONFIG_MONGODB_HOST=192.169.142.127
CONFIG_NAGIOS_PW=02f168ee8edd44e4

********************
Then follow :-
********************
RDO Liberty DVR Neutron workflow on CentOS 7.1
http://dbaxps.blogspot.ru/2015/10/rdo-liberty-rc-dvr-deployment.html

[root@ip-192-169-142-127 ~(keystone_admin)]# nova-manage --version
No handlers could be found for logger "oslo_config.cfg"
13.0.0

[root@ip-192-169-142-127 ~(keystone_admin)]# neutron l3-agent-list-hosting-router RouterDMS
+--------------------------------------+----------------------------------------+----------------+-------+----------+
| id                                   | host                                   | admin_state_up | alive | ha_state |
+--------------------------------------+----------------------------------------+----------------+-------+----------+
| 0e5f8de4-bae4-4b92-872c-b4a692ffca2b | ip-192-169-142-147.ip.secureserver.net | True           | :-)   |          |
| a08b319b-ce27-4b7c-8f72-e530c148ab70 | ip-192-169-142-127.ip.secureserver.net | True           | :-)   |          |
| ebab6768-cd2f-4d09-a1ba-a6e3aa6b4751 | ip-192-169-142-137.ip.secureserver.net | True           | :-)   |          |
+--------------------------------------+----------------------------------------+----------------+-------+----------+

[root@ip-192-169-142-127 ~(keystone_admin)]# nova service-list
+----+------------------+----------------------------------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary           | Host                                   | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+----+------------------+----------------------------------------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-consoleauth | ip-192-169-142-127.ip.secureserver.net | internal | enabled | up    | 2015-12-08T15:00:31.000000 | -               |
| 2  | nova-scheduler   | ip-192-169-142-127.ip.secureserver.net | internal | enabled | up    | 2015-12-08T15:00:31.000000 | -               |
| 3  | nova-conductor   | ip-192-169-142-127.ip.secureserver.net | internal | enabled | up    | 2015-12-08T15:00:30.000000 | -               |
| 4  | nova-cert        | ip-192-169-142-127.ip.secureserver.net | internal | enabled | up    | 2015-12-08T15:00:30.000000 | -               |
| 5  | nova-compute     | ip-192-169-142-147.ip.secureserver.net | nova     | enabled | up    | 2015-12-08T15:00:26.000000 | -               |
| 6  | nova-compute     | ip-192-169-142-137.ip.secureserver.net | nova     | enabled | up    | 2015-12-08T15:00:32.000000 | -               |
+----+------------------+----------------------------------------+----------+---------+-------+----------------------------+-----------------+

[root@ip-192-169-142-127 ~(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+----------------------------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host                                   | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+----------------------------------------+-------+----------------+---------------------------+
| 0e5f8de4-bae4-4b92-872c-b4a692ffca2b | L3 agent           | ip-192-169-142-147.ip.secureserver.net | :-)   | True           | neutron-l3-agent          |
| 18f3207c-9cde-441c-bfda-26e35b393b5b | Open vSwitch agent | ip-192-169-142-147.ip.secureserver.net | :-)   | True           | neutron-openvswitch-agent |
| 1d22e3ae-9f27-4cf2-aff7-9febb6745a28 | Open vSwitch agent | ip-192-169-142-127.ip.secureserver.net | :-)   | True           | neutron-openvswitch-agent |
| 39dd0e7b-9359-4ea8-890d-bfe2ebda95b8 | Open vSwitch agent | ip-192-169-142-137.ip.secureserver.net | :-)   | True           | neutron-openvswitch-agent |
| 3fd7c6d3-f2bd-4612-9f88-4e7c01ceb90d | DHCP agent         | ip-192-169-142-127.ip.secureserver.net | :-)   | True           | neutron-dhcp-agent        |
| 55f597f5-0b7a-414a-aae2-1098b79fdec4 | Metadata agent     | ip-192-169-142-137.ip.secureserver.net | :-)   | True           | neutron-metadata-agent    |
| a08b319b-ce27-4b7c-8f72-e530c148ab70 | L3 agent           | ip-192-169-142-127.ip.secureserver.net | :-)   | True           | neutron-l3-agent          |
| d8bed085-b87c-4d7d-be8d-503b9ce60eda | Metadata agent     | ip-192-169-142-127.ip.secureserver.net | :-)   | True           | neutron-metadata-agent    |
| ddf1906c-09bd-4415-ab62-4a8d290f7fe9 | Metadata agent     | ip-192-169-142-147.ip.secureserver.net | :-)   | True           | neutron-metadata-agent    |
| ebab6768-cd2f-4d09-a1ba-a6e3aa6b4751 | L3 agent           | ip-192-169-142-137.ip.secureserver.net | :-)   | True           | neutron-l3-agent          |
+--------------------------------------+-------------------+----------------------------------------+-------+----------------+---------------------------+

  


*******************************
DVR_SNAT Section 
*******************************
Controller :-

  


OVS Flows

[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl show br-int | grep "sg-"
 8(sg-48ec616f-1c): addr:00:00:00:00:00:00

[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int| grep "output:8"
 cookie=0x976c449145b02ae6, duration=4239.096s, table=1, n_packets=1427417, n_bytes=94772642, idle_age=0, priority=4,dl_vlan=1,dl_dst=fa:16:3e:4b:05:09 actions=strip_vlan,mod_dl_src:fa:16:3e:28:0d:19,output:8
[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int| grep "output:8"
 cookie=0x976c449145b02ae6, duration=4241.129s, table=1, n_packets=1429159, n_bytes=94888334, idle_age=0, priority=4,dl_vlan=1,dl_dst=fa:16:3e:4b:05:09 actions=strip_vlan,mod_dl_src:fa:16:3e:28:0d:19,output:8
[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int| grep "output:8"
 cookie=0x976c449145b02ae6, duration=4245.441s, table=1, n_packets=1432026, n_bytes=95078792, idle_age=0, priority=4,dl_vlan=1,dl_dst=fa:16:3e:4b:05:09 actions=strip_vlan,mod_dl_src:fa:16:3e:28:0d:19,output:8
[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int| grep "output:8"
 cookie=0x976c449145b02ae6, duration=4249.608s, table=1, n_packets=1434642, n_bytes=95252072, idle_age=0, priority=4,dl_vlan=1,dl_dst=fa:16:3e:4b:05:09 actions=strip_vlan,mod_dl_src:fa:16:3e:28:0d:19,output:8
[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int| grep "output:8"
 cookie=0x976c449145b02ae6, duration=4256.953s, table=1, n_packets=1439185, n_bytes=95553634, idle_age=0, priority=4,dl_vlan=1,dl_dst=fa:16:3e:4b:05:09 actions=strip_vlan,mod_dl_src:fa:16:3e:28:0d:19,output:8
[root@ip-192-169-142-127 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int| grep "output:8"
 cookie=0x976c449145b02ae6, duration=4262.048s, table=1, n_packets=1442924, n_bytes=95800408, idle_age=0, priority=4,dl_vlan=1,dl_dst=fa:16:3e:4b:05:09 actions=strip_vlan,mod_dl_src:fa:16:3e:28:0d:19,

Thursday, December 03, 2015

Nova and Neutron work-flow && CLI for HAProxy/Keepalived 3 Node Controller RDO Liberty

The correct name of this post is supposed to be "Nova and Neutron workflow && CLI for HAProxy/Keepalived 3 Node Controller RDO Liberty in an appropriate amount of detail". It follows up http://lxer.com/module/newswire/view/222164/index.html . All environment has been built via Nova and Neutron CLI ( no Horizon involvement ).
Neutron work-flow on Controller is described including OVS flow rules on external bridge created by flat external network provider , eth0 external interface as VLAN OVS port of bridge br-eth0 and br-int

First create keystonerc_admin to provide admin ability manage via CLI

[root@hacontroller1 ~(keystone_admin)]# cat keystonerc_admin
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PROJECT_NAME=admin
export OS_REGION_NAME=regionOne
export OS_PASSWORD=keystonetest
export OS_AUTH_URL=http://controller-vip.example.com:35357/v2.0/
export OS_SERVICE_ENDPOINT=http://controller-vip.example.com:35357/v2.0 export OS_SERVICE_TOKEN=$(cat /root/keystone_service_token)
export PS1='[\u@\h \W(keystone_admin)]\$ '
[root@hacontroller1 ~(keystone_admin)]# cat keystonerc_demo
export OS_USERNAME=demo
export OS_TENANT_NAME=demo
export OS_PROJECT_NAME=demo
export OS_REGION_NAME=regionOne
export OS_PASSWORD=redhat
export OS_AUTH_URL=http://controller-vip.example.com:5000/v2.0/
export PS1='[\u@\h \W(keystone_demo)]\$ '

 
[root@hacontroller1 ~(keystone_admin)]#  keystone tenant-list
+----------------------------------+----------+---------+
|                id                |   name   | enabled |
+----------------------------------+----------+---------+
| b2be742697534c3188bdc5ec56038853 |  admin   |   True  |
| efe017b919c1487bab8c58281fcaceeb |   demo   |   True  |
| 4cd322b30ca947eeb86c0a883e549a27 | services |   True  |
+----------------------------------+----------+---------+

****************************************************
Creating HA Neutron router belongs tenant demo
****************************************************

[root@hacontroller1 ~(keystone_admin)]# neutron router-create --ha True \
--tenant-id efe017b919c1487bab8c58281fcaceeb RouterDMS

[root@hacontroller1 ~(keystone_admin)]# neutron l3-agent-list-hosting-router RouterDMS
+--------------------------------------+---------------------------+----------------+-------+----------+
| id                                   | host                      | admin_state_up | alive | ha_state |
+--------------------------------------+---------------------------+----------------+-------+----------+
| 9c83e688-e7b4-4101-97df-844510d0ee52 | hacontroller1.example.com | True           | :-)   | active   |
| a7bdf03e-4550-4f1b-ae6f-25744894086d | hacontroller2.example.com | True           | :-)   | standby  |
+--------------------------------------+---------------------------+----------------+-------+------- 
 
[root@hacontroller1 ~(keystone_admin)]# neutron router-port-list RouterDMS
+--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name                                            | mac_address       | fixed_ips                                                                            |
+--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+
| 013404f6-0bb8-4885-ab64-19e3970d7046 | HA port tenant efe017b919c1487bab8c58281fcaceeb | fa:16:3e:d5:7e:6f | {"subnet_id": "6886d46c-4947-455d-8656-ff0f2a649632", "ip_address": "169.254.192.2"} |
| 4a6bcdf6-7895-45b7-b32b-c63d6e1c6bc5 | HA port tenant efe017b919c1487bab8c58281fcaceeb | fa:16:3e:35:f7:73 | {"subnet_id": "6886d46c-4947-455d-8656-ff0f2a649632", "ip_address": "169.254.192.1"} |
| a37e106e-70a1-47bc-b8de-1153c8cacd2a |                                                 | fa:16:3e:0e:4b:eb | {"subnet_id": "a2c617b1-17cc-4768-b213-9f0795d07b40", "ip_address": "10.10.10.100"}  |
| dd6507fd-73e3-45f6-a935-8bbf29dacbb9 |                                                 | fa:16:3e:26:55:06 | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.1"}      |
+--------------------------------------+-------------------------------------------------+-------------------+------------------------------------------------------------------------------------ 
 
**************************************
Creating private network as demo
**************************************

[root@hacontroller2 ~(keystone_demo)]#  neutron net-create private
[root@hacontroller2 ~(keystone_demo)]#  neutron subnet-create private \
30.0.0.0/24 --dns_nameservers list=true 83.221.202.254

**************************************
Creating public  network as admin
**************************************

[root@hacontroller1 ~(keystone_admin)]# neutron net-create public --shared \
--provider:network_type flat --provider:physical_network physnet1 --router:external

[root@hacontroller1 ~(keystone_admin)]# neutron subnet-create --gateway 10.10.10.1 \
 --allocation-pool start=10.10.10.100,end=10.10.10.150 --disable-dhcp \
--name public_subnet public 10.10.10.0/24 
 
[root@hacontroller1 neutron(keystone_demo)]# cat l3_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = True
send_arp_for_ha = 3
metadata_ip = controller-vip.example.com
external_network_bridge = 
[AGENT] 
 
[root@hacontroller1 ml2(keystone_admin)]# cat ml2_conf.ini|grep -v ^#|grep -v ^$
[ml2]
type_drivers = local,gre,flat,vxlan,vlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = *
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 10:10000
[ml2_type_vxlan]
vni_ranges = 10:10000
vxlan_group = 224.0.0.1
[ml2_type_geneve]
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
 
[root@hacontroller1 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^#|grep -v ^$
[ovs]
local_ip = 192.169.142.221
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
bridge_mappings = physnet1:br-eth0
network_vlan_ranges = physnet1
[agent]
tunnel_types = vxlan
vxlan_udp_port = 4789
l2_population = False
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

When "external_network_bridge = " , Neutron places the external 
interface of the router into the OVS bridge specified by the 
"provider_network" provider attribute in the Neutron network. Traffic is
processed by Open vSwitch flow rules. In this configuration it is 
possible to utilize flat and VLAN provider networks.  
 
[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl show br-eth0
OFPT_FEATURES_REPLY (xid=0x2): dpid:00003e31a75b624a
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(eth0): addr:52:54:00:41:74:39
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(phy-br-eth0): addr:de:0e:37:e4:28:49
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-eth0): addr:3e:31:a7:5b:62:4a
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
 
[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl dump-flows  br-eth0
NXST_FLOW reply (xid=0x4):
 cookie=0x0, duration=6785.707s, table=0, n_packets=18476, n_bytes=1202867, idle_age=3, priority=4,
in_port=2,dl_vlan=3 actions=strip_vlan,NORMAL <==== VLAN tag is striped
 cookie=0x0, duration=6977.001s, table=0, n_packets=13639, n_bytes=766402, idle_age=1, priority=2,in_port=2 actions=drop
 cookie=0x0, duration=6977.041s, table=0, n_packets=11557, n_bytes=10607506, idle_age=1, priority=0 actions=NORMAL
 
[root@hacontroller1 ~(keystone_admin)]# ovs-vsctl show
eae701a9-447e-4b75-98b5-4f7ce026ddbb
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0a98ee0"
            Interface "vxlan-c0a98ee0"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.169.142.221", out_key=flow, remote_ip="192.169.142.224"}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a98ede"
            Interface "vxlan-c0a98ede"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.169.142.221", out_key=flow, remote_ip="192.169.142.222"}
        Port "vxlan-c0a98edf"
            Interface "vxlan-c0a98edf"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.169.142.221", out_key=flow, remote_ip="192.169.142.223"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge "br-eth0"
        Port "br-eth0"
            Interface "br-eth0"
                type: internal
        Port "eth0"
            Interface "eth0"               <=============
        Port "phy-br-eth0"
            Interface "phy-br-eth0"
                type: patch
                options: {peer="int-br-eth0"}
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "ha-013404f6-0b"
            tag: 2
            Interface "ha-013404f6-0b"
                type: internal
        Port "int-br-eth0"
            Interface "int-br-eth0"
                type: patch
                options: {peer="phy-br-eth0"}
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-dd6507fd-73"
            tag: 1
            Interface "qr-dd6507fd-73"
                type: internal
        Port "qg-a37e106e-70"             ===============>
            tag: 3
            Interface "qg-a37e106e-70"
                type: internal
        Port "tap7e8e240c-aa"
            tag: 1
            Interface "tap7e8e240c-aa"
                type: internal
    ovs_version: "2.4.0"

  The packet exits the qg-a37e106e-70 (which is outgoing interface of 
corresponding qrouter-namespace attached to br-int due to external network provider involvment)
interface, where it is assigned the VLAN tag associated with the external network 3.
The packet is delivered to the external bridge, where a flow rule strip the VLAN tag 3.
The packet is sent out the physical interface associated with the bridge.
 

**************************************
Now check OVS flow at br-int
**************************************

[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl show  br-int

OFPT_FEATURES_REPLY (xid=0x2): dpid:0000e6b4e9fe1044
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst

 1(int-br-eth0): addr:d2:35:eb:fc:ba:27
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(patch-tun): addr:1e:95:23:46:9e:a4
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 4(tap73cbf393-29): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 5(ha-013404f6-0b): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 6(qr-dd6507fd-73): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 7(qg-a37e106e-70): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-int): addr:e6:b4:e9:fe:10:44
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl dump-flows  br-int
NXST_FLOW reply (xid=0x4):
 cookie=0x87b766cda5a1f568, duration=5899.822s, table=0, n_packets=14899, n_bytes=18740788, idle_age=1334, priority=3,in_port=1,vlan_tci=0x0000 actions=mod_vlan_vid:3,NORMAL

 cookie=0x87b766cda5a1f568, duration=6141.616s, table=0, n_packets=0, n_bytes=0, idle_age=6141, priority=2,in_port=1 actions=drop
 cookie=0x87b766cda5a1f568, duration=5900.707s, table=0, n_packets=5, n_bytes=390, idle_age=5892, priority=2,in_port=4 actions=drop
 cookie=0x87b766cda5a1f568, duration=6141.675s, table=0, n_packets=59875, n_bytes=21916362, idle_age=0, priority=0 actions=NORMAL
 cookie=0x87b766cda5a1f568, duration=6141.671s, table=23, n_packets=0, n_bytes=0, idle_age=6141, priority=0 actions=drop
 cookie=0x87b766cda5a1f568, duration=6141.667s, table=24, n_packets=0, n_bytes=0, idle_age=6141, priority=0 actions=drop

************************************************************************
Notice that int-br-eth0 and phy-br-eth0 is a veth pair connecting
br-int and br-eth0
************************************************************************
   
[root@hacontroller1 ~(keystone_admin)]# ip netns
qrouter-afe13460-e106-4a0a-abf5-a618f97de6b9
qdhcp-847e5c9c-ce9f-4b2c-86fb-d7597017e8e3

[root@hacontroller1 ~(keystone_admin)]# ip netns exec qrouter-afe13460-e106-4a0a-abf5-a618f97de6b9  ip route
default via 10.10.10.1  dev  qg-a37e106e-70
10.10.10.0/24 qg-a37e106e-70 proto kernel scope link src  10.10.10.100
30.0.0.0/24 qr-dd6507fd-73 proto kernel scope link src 30.0.0.1
169.254.0.0/24 ha-013404f6-0b proto kernel scope link src 169.254.0.1
169.254.192.0/18 dev ha-013404f6-0b proto kernel scope link src 169.254.192.2

 
Per https://github.com/beekhof/osp-ha-deploy/commit/b2e01e86ca93cfad9ad01d533b386b4c9607c60d#diff-ee239d1187adb09f970dc4ddcf0df1c2 
 
Assuming eth0 is your interface attached to the external network, create two files in /etc/sysconfig/network-scripts/ as follows (change MTU if you need):

cat < /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0 
ONBOOT=yes 
DEVICETYPE=ovs 
TYPE=OVSPort 
OVS_BRIDGE=br-eth0 
ONBOOT=yes 
BOOTPROTO=none 
VLAN=yes 
MTU="9000" 
NM_CONTROLLED=no 
EOF 

cat < /etc/sysconfig/network-scripts/ifcfg-br-eth0 
DEVICE=br-eth0 
DEVICETYPE=ovs 
OVSBOOTPROTO=none 
TYPE=OVSBridge 
ONBOOT=yes BOOTPROTO=static 
MTU="9000" 
NM_CONTROLLED=no 
EOF

Restart the network for the changes to take effect

[root@hacontroller1 ~(keystone_admin)]# neutron net-list
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
| id                                   | name                                               | subnets                                               |
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
| b4580386-bc02-4aa7-8792-ea4c40c41573 | public                                             | a2c617b1-17cc-4768-b213-9f0795d07b40 10.10.10.0/24    |
| ab421dc7-27fa-4984-ae21-ba9518887293 | HA network tenant efe017b919c1487bab8c58281fcaceeb | 6886d46c-4947-455d-8656-ff0f2a649632 169.254.192.0/18 |
| 847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 | private                                            | 1c47d964-d7ec-4a72-a5a7-bc390c96359d 30.0.0.0/24      |
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+ 
 
[root@hacontroller1 ~(keystone_admin)]# neutron subnet-list
+--------------------------------------+---------------------------------------------------+------------------+------------------------------------------------------+
| id                                   | name                                              | cidr             | allocation_pools                                     |
+--------------------------------------+---------------------------------------------------+------------------+------------------------------------------------------+
| a2c617b1-17cc-4768-b213-9f0795d07b40 | public_subnet                                     | 10.10.10.0/24    | {"start": "10.10.10.100", "end": "10.10.10.150"}     |
| 6886d46c-4947-455d-8656-ff0f2a649632 | HA subnet tenant efe017b919c1487bab8c58281fcaceeb | 169.254.192.0/18 | {"start": "169.254.192.1", "end": "169.254.255.254"} |
| 1c47d964-d7ec-4a72-a5a7-bc390c96359d |                                                   | 30.0.0.0/24      | {"start": "30.0.0.2", "end": "30.0.0.254"}           |
+--------------------------------------+---------------------------------------------------+------------------+------------------------------------------------------+
  
[root@hacontroller2 ~(keystone_demo)]#  neutron router-gateway-set RouterDMS public
[root@hacontroller2 ~(keystone_demo)]#  neutron router-interface-add RouterDMS \
1c47d964-d7ec-4a72-a5a7-bc390c96359d 

[root@hacontroller2 ~(keystone_demo)]# neutron router-port-list RouterDMS
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                       |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| dd6507fd-73e3-45f6-a935-8bbf29dacbb9 |      | fa:16:3e:26:55:06 | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
[root@hacontroller2 ~(keystone_demo)]# neutron port-show dd6507fd-73e3-45f6-a935-8bbf29dacbb9
+-----------------------+--------------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                            |
+-----------------------+--------------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                             |
| allowed_address_pairs |                                                                                                  |
| binding:vnic_type     | normal                                                                                           |
| device_id             | afe13460-e106-4a0a-abf5-a618f97de6b9                                                             |
| device_owner          | network:router_interface                                                                         |
| dns_assignment        | {"hostname": "host-30-0-0-1", "ip_address": "30.0.0.1", "fqdn": "host-30-0-0-1.openstacklocal."} |
| dns_name              |                                                                                                  |
| extra_dhcp_opts       |                                                                                                  |
| fixed_ips             | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.1"}                  |
| id                    | dd6507fd-73e3-45f6-a935-8bbf29dacbb9                                                             |
| mac_address           | fa:16:3e:26:55:06                                                                                |
| name                  |                                                                                                  |
| network_id            | 847e5c9c-ce9f-4b2c-86fb-d7597017e8e3                                                             |
| security_groups       |                                                                                                  |
| status                | ACTIVE                                                                                           |
| tenant_id             | efe017b919c1487bab8c58281fcaceeb                                                                 |
+-----------------------+--------------------------------------------------------------------------------------------------+

********************************************
Creating security rules for tenant demo
********************************************

[root@hacontroller2 ~(keystone_demo)]#  neutron security-group-rule-create --protocol icmp \
--direction ingress --remote-ip-prefix 0.0.0.0/0 default

[root@hacontroller2 ~(keystone_demo)]#  neutron security-group-rule-create --protocol tcp \
--port-range-min 22 --port-range-max 22   --direction ingress --remote-ip-prefix 0.0.0.0/0 default 
 
********************************************
Creating ssh keypair for tenant demo
********************************************
[root@hacontroller2 ~(keystone_demo)]#  nova keypair-add oskey1 > oskey1.priv
[root@hacontroller2 ~(keystone_demo)]#  chmod 600  oskey1.priv

[root@hacontroller2 ~(keystone_demo)]# neutron net-list
+--------------------------------------+---------+----------------------------------------------------+
| id                                   | name    | subnets                                            |
+--------------------------------------+---------+----------------------------------------------------+
| b4580386-bc02-4aa7-8792-ea4c40c41573 | public  | a2c617b1-17cc-4768-b213-9f0795d07b40 10.10.10.0/24 |
| 847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 | private | 1c47d964-d7ec-4a72-a5a7-bc390c96359d 30.0.0.0/24   |
+--------------------------------------+---------+--------------------------------------------------
[root@hacontroller2 ~(keystone_demo)]# glance image-list
+--------------------------------------+-----------+
| ID                                   | Name      |
+--------------------------------------+-----------+
| 6b4ee270-41ca-4a14-b584-d21f6ff5d6be | cirros    |
| e6945bf1-0a0d-4e99-a1fc-64ca45479095 | VF23Cloud |
+--------------------------------------+-----------+

[root@hacontroller2 ~(keystone_demo)]#  nova boot --flavor 2 --key_name oskey1 --image \
e6945bf1-0a0d-4e99-a1fc-64ca45479095 --nic net-id=847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 VF23Devs05
 +--------------------------------------+--------------------------------------------------+
| Property                             | Value                                            |
+--------------------------------------+--------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                           |
| OS-EXT-AZ:availability_zone          |                                                  |
| OS-EXT-STS:power_state               | 0                                                |
| OS-EXT-STS:task_state                | scheduling                                       |
| OS-EXT-STS:vm_state                  | building                                         |
| OS-SRV-USG:launched_at               | -                                                |
| OS-SRV-USG:terminated_at             | -                                                |
| accessIPv4                           |                                                  |
| accessIPv6                           |                                                  |
| adminPass                            | 8c3HZUTS3jZ3                                     |
| config_drive                         |                                                  |
| created                              | 2015-11-28T17:44:02Z                             |
| flavor                               | m1.small (2)                                     |
| hostId                               |                                                  |
| id                                   | 68db2410-5d7d-42ca-82ab-6000123ab8d2             |
| image                                | VF23Cloud (e6945bf1-0a0d-4e99-a1fc-64ca45479095) |
| key_name                             | oskey1                                           |
| metadata                             | {}                                               |
| name                                 | VF23Devs05                                       |
| os-extended-volumes:volumes_attached | []                                               |
| progress                             | 0                                                |
| security_groups                      | default                                          |
| status                               | BUILD                                            |
| tenant_id                            | efe017b919c1487bab8c58281fcaceeb                 |
| updated                              | 2015-11-28T17:44:03Z                             |
| user_id                              | 426a9a98019f4055a2edb3d145355646                 |
+--------------------------------------+--------------------------------------------------+
[root@hacontroller2 ~(keystone_demo)]# nova list

+--------------------------------------+------------+---------+------------+-------------+--------------------------------+
| ID                                   | Name       | Status  | Task State | Power State | Networks                       |
+--------------------------------------+------------+---------+------------+-------------+--------------------------------+
| 2b0f822f-be17-43c1-b127-f626d5a62823 | CirrOSDevs | SHUTOFF | -          | Shutdown    | private=30.0.0.4, 10.10.10.101 |
| 68db2410-5d7d-42ca-82ab-6000123ab8d2 | VF23Devs05 | BUILD   | spawning   | NOSTATE     |                                |
+--------------------------------------+------------+---------+------------+-------------+--------------------------------+
[root@hacontroller2 ~(keystone_demo)]# nova list
+--------------------------------------+------------+---------+------------+-------------+--------------------------------+
| ID                                   | Name       | Status  | Task State | Power State | Networks                       |
+--------------------------------------+------------+---------+------------+-------------+--------------------------------+
| 2b0f822f-be17-43c1-b127-f626d5a62823 | CirrOSDevs | SHUTOFF | -          | Shutdown    | private=30.0.0.4, 10.10.10.101 |
| 68db2410-5d7d-42ca-82ab-6000123ab8d2 | VF23Devs05 | ACTIVE  | -          | Running     | private=30.0.0.10              |
+--------------------------------------+------------+---------+------------+-------------+--------------------------------+

[root@hacontroller2 ~(keystone_demo)]# neutron port-list --device-id \
68db2410-5d7d-42ca-82ab-6000123ab8d2
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                        |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+
| 879c8ca8-fe8e-42d7-8b6b-34be981d03d0 |      | fa:16:3e:32:47:49 | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.10"} |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+

[root@hacontroller2 ~(keystone_demo)]# neutron floatingip-create public
Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    |                                      |
| floating_ip_address | 10.10.10.102                         |
| floating_network_id | b4580386-bc02-4aa7-8792-ea4c40c41573 |
| id                  | aa48fd10-bb25-46ae-8f76-eb90e343b3f1 |
| port_id             |                                      |
| router_id           |                                      |
| status              | DOWN                                 |
| tenant_id           | efe017b919c1487bab8c58281fcaceeb     |
+---------------------+--------------------------------------+

[root@hacontroller2 ~(keystone_demo)]# neutron floatingip-associate \
aa48fd10-bb25-46ae-8f76-eb90e343b3f1 879c8ca8-fe8e-42d7-8b6b-34be981d03d0
Associated floating IP aa48fd10-bb25-46ae-8f76-eb90e343b3f1

[root@hacontroller2 ~(keystone_demo)]# nova list
+--------------------------------------+------------+---------+------------+-------------+---------------------------------+
| ID                                   | Name       | Status  | Task State | Power State | Networks                        |
+--------------------------------------+------------+---------+------------+-------------+---------------------------------+
| 2b0f822f-be17-43c1-b127-f626d5a62823 | CirrOSDevs | SHUTOFF | -          | Shutdown    | private=30.0.0.4, 10.10.10.101  |
| 68db2410-5d7d-42ca-82ab-6000123ab8d2 | VF23Devs05 | ACTIVE  | -          | Running     | private=30.0.0.10, 10.10.10.102 |
+--------------------------------------+------------+---------+------------+-------------+---------------------------------+
 
[root@hacontroller1 ~(keystone_admin)]# ip netns exec qrouter-afe13460-e106-4a0a-abf5-a618f97de6b9   ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
8: ha-013404f6-0b:  mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:d5:7e:6f brd ff:ff:ff:ff:ff:ff
    inet 169.254.192.2/18 brd 169.254.255.255 scope global ha-013404f6-0b
       valid_lft forever preferred_lft forever
    inet 169.254.0.1/24 scope global ha-013404f6-0b
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fed5:7e6f/64 scope link 
       valid_lft forever preferred_lft forever
9: qr-dd6507fd-73:  mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:26:55:06 brd ff:ff:ff:ff:ff:ff
    inet 30.0.0.1/24 scope global qr-dd6507fd-73
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe26:5506/64 scope link nodad 
       valid_lft forever preferred_lft forever
10: qg-a37e106e-70:  mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:0e:4b:eb brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.100/24 scope global qg-a37e106e-70
       valid_lft forever preferred_lft forever
    inet 10.10.10.101/32 scope global qg-a37e106e-70
       valid_lft forever preferred_lft forever
    inet 10.10.10.102/32 scope global qg-a37e106e-70
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe0e:4beb/64 scope link nodad 
       valid_lft forever preferred_lft forever



  
References
1.http://blog.oddbit.com/2015/08/13/provider-external-networks-details/
2.https://github.com/beekhof/osp-ha-deploy/blob/master/keepalived/neutron-config.md

Thursday, November 05, 2015

Storage Node (LVMiSCSI) deployment for RDO Liberty on CentOS 7.1

Posting bellow via straightforward  RDO Liberty deployment demonstrates
that Storage Node might work as traditional iSCSI Target Server and each
Compute Node is actually iSCSI initiator client. This functionality is provided
by tuning Cinder && Glance Services running on Storage Node. It's also
important to understand that Storage node should be brought up after Controller
to be able connect it's services to AMQP broker running on Controller (rabbitmq-server).

  Following bellow is brief instruction for 4 node deployment test Controller & Network & Compute & Storage  on RDO Liberty (CentOS 7.1), which was performed on Fedora 21 host with KVM/Libvirt Hypervisor  (32 GB RAM, Intel Core i7-4790  Haswell CPU, ASUS Z97-P ) .Four VMs (4 GB RAM, 4 VCPUS)  have been setup.  Controller VM one (management subnet) VNIC, Network Node VM three VNICS (management,vtep's external subnets),  Compute Node VM two VNICS (management,vtep's subnets), Storage Node VM one VNIC (management)
Setup :-

192.169.142.127 - Controller Node
192.169.142.147 - Network Nodes
192.169.142.137 - Compute Node
192.169.142.157 - Storage Node (LVMiSCSI)

*******************************************
Three Libvirt networks created
*******************************************

# cat openstackvms.xml
<network>
   <name>openstackvms</name>
   <uuid>d0e9964a-f91a-40c0-b769-a609aee41bf2</uuid>
   <forward mode='nat'>
     <nat>
       <port start='1024' end='65535'/>
     </nat>
   </forward>
   <bridge name='virbr1' stp='on' delay='0' />
   <mac address='52:54:00:60:f8:6d'/>
   <ip address='192.169.142.1' netmask='255.255.255.0'>
    <dhcp>
       <range start='192.169.142.2' end='192.169.142.254' />
     </dhcp>
   </ip>
 </network>



# cat external.xml
<network>
   <name>external</name>
   <uuid>d0e9965b-f92c-40c1-b749-b609aed42cf2</uuid>
   <forward mode='nat'>
     <nat>
       <port start='1024' end='65535'/>
     </nat>
   </forward>
   <bridge name='virbr2' stp='on' delay='0' />
   <mac address='52:54:00:60:f8:6d'/>
   <ip address='172.24.4.225' netmask='255.255.255.240'>
     <dhcp>
       <range start='172.24.4.226' end='172.24.4.238' />
     </dhcp>
   </ip>
 </network>


# cat vteps.xml
<network>
   <name>vteps</name>
   <uuid>d0e9965b-f92c-40c1-b749-b609aed42cf2</uuid>
   <forward mode='nat'>
     <nat>
      <port start='1024' end='65535'/>
     </nat>
   </forward>
   <bridge name='virbr3' stp='on' delay='0' />
   <mac address='52:54:00:60:f8:6d'/>
   <ip address='10.0.0.1' netmask='255.255.255.0'>
     <dhcp>
       <range start='10.0.0.1' end='10.0.0.254' />
     </dhcp>
   </ip>
 </network>

***************************************************************************
1. First Libvirt subnet "openstackvms"  serves as management network.
All 4 VM are attached to this subnet
***************************************************************************
2. Second Libvirt subnet "external" serves for simulation external network 
Network Nodes attached to "external",latter on "eth2" interfaces (belongs to "external") which are supposed to be converted into OVS ports of br-ex(s) on Network Nodes. This Libvirt subnet via bridge virbr2 172.24.4.25 provides VMs running on Compute Node access to Internet due to match to external network created by packstack installation 172.24.4.224/28.
****************************************************************************
3. Third Libvirt subnet "vteps" serves  for VTEPs endpoint simulation. Network and Compute Nodes are attached to this subnet.
****************************************************************************


***************************************
Answer file (answer4Node.txt)
***************************************
[general]
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
CONFIG_DEFAULT_PASSWORD=
CONFIG_MARIADB_INSTALL=y
CONFIG_GLANCE_INSTALL=y
CONFIG_CINDER_INSTALL=y
CONFIG_MANILA_INSTALL=n
CONFIG_NOVA_INSTALL=y
CONFIG_NEUTRON_INSTALL=y
CONFIG_HORIZON_INSTALL=y
CONFIG_SWIFT_INSTALL=y
CONFIG_CEILOMETER_INSTALL=y
CONFIG_HEAT_INSTALL=n
CONFIG_SAHARA_INSTALL=n
CONFIG_TROVE_INSTALL=n
CONFIG_IRONIC_INSTALL=n
CONFIG_CLIENT_INSTALL=y
CONFIG_NTP_SERVERS=
CONFIG_NAGIOS_INSTALL=y
EXCLUDE_SERVERS=
CONFIG_DEBUG_MODE=n
CONFIG_CONTROLLER_HOST=192.169.142.127
CONFIG_COMPUTE_HOSTS=192.169.142.137
CONFIG_NETWORK_HOSTS=192.169.142.147

CONFIG_VMWARE_BACKEND=n
CONFIG_UNSUPPORTED=y
CONFIG_USE_SUBNETS=n
CONFIG_VCENTER_HOST=
CONFIG_VCENTER_USER=
CONFIG_VCENTER_PASSWORD=
CONFIG_VCENTER_CLUSTER_NAME=
CONFIG_STORAGE_HOST=192.169.142.157
CONFIG_SAHARA_HOST=192.169.142.127
CONFIG_USE_EPEL=y
CONFIG_REPO=
CONFIG_ENABLE_RDO_TESTING=n
CONFIG_RH_USER=
CONFIG_SATELLITE_URL=
CONFIG_RH_PW=
CONFIG_RH_OPTIONAL=y
CONFIG_RH_PROXY=
CONFIG_RH_PROXY_PORT=
CONFIG_RH_PROXY_USER=
CONFIG_RH_PROXY_PW=
CONFIG_SATELLITE_USER=
CONFIG_SATELLITE_PW=
CONFIG_SATELLITE_AKEY=
CONFIG_SATELLITE_CACERT=
CONFIG_SATELLITE_PROFILE=
CONFIG_SATELLITE_FLAGS=
CONFIG_SATELLITE_PROXY=
CONFIG_SATELLITE_PROXY_USER=
CONFIG_SATELLITE_PROXY_PW=
CONFIG_SSL_CACERT_FILE=/etc/pki/tls/certs/selfcert.crt
CONFIG_SSL_CACERT_KEY_FILE=/etc/pki/tls/private/selfkey.key
CONFIG_SSL_CERT_DIR=~/packstackca/
CONFIG_SSL_CACERT_SELFSIGN=y
CONFIG_SELFSIGN_CACERT_SUBJECT_C=--
CONFIG_SELFSIGN_CACERT_SUBJECT_ST=State
CONFIG_SELFSIGN_CACERT_SUBJECT_L=City
CONFIG_SELFSIGN_CACERT_SUBJECT_O=openstack
CONFIG_SELFSIGN_CACERT_SUBJECT_OU=packstack
CONFIG_SELFSIGN_CACERT_SUBJECT_CN=ip-192-169-142-127.ip.secureserver.net
CONFIG_SELFSIGN_CACERT_SUBJECT_MAIL=admin@ip-192-169-142-127.ip.secureserver.net
CONFIG_AMQP_BACKEND=rabbitmq
CONFIG_AMQP_HOST=192.169.142.127
CONFIG_AMQP_ENABLE_SSL=n
CONFIG_AMQP_ENABLE_AUTH=n
CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
CONFIG_AMQP_AUTH_USER=amqp_user
CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
CONFIG_MARIADB_HOST=192.169.142.127
CONFIG_MARIADB_USER=root
CONFIG_MARIADB_PW=7207ae344ed04957
CONFIG_KEYSTONE_DB_PW=abcae16b785245c3
CONFIG_KEYSTONE_DB_PURGE_ENABLE=True
CONFIG_KEYSTONE_REGION=RegionOne
CONFIG_KEYSTONE_ADMIN_TOKEN=3ad2de159f9649afb0c342ba57e637d9
CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
CONFIG_KEYSTONE_ADMIN_USERNAME=admin
CONFIG_KEYSTONE_ADMIN_PW=7049f834927e4468
CONFIG_KEYSTONE_DEMO_PW=bf737b785cfa4398
CONFIG_KEYSTONE_API_VERSION=v2.0
CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
CONFIG_KEYSTONE_SERVICE_NAME=httpd
CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
CONFIG_KEYSTONE_LDAP_URL=ldap://192.169.142.127
CONFIG_KEYSTONE_LDAP_USER_DN=
CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
CONFIG_KEYSTONE_LDAP_SUFFIX=
CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
CONFIG_KEYSTONE_LDAP_USER_FILTER=
CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE=
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
CONFIG_KEYSTONE_LDAP_USE_TLS=n
CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
CONFIG_GLANCE_DB_PW=41264fc52ffd4fe8
CONFIG_GLANCE_KS_PW=f6a9398960534797
CONFIG_GLANCE_BACKEND=file
CONFIG_CINDER_DB_PW=5ac08c6d09ba4b69
CONFIG_CINDER_DB_PURGE_ENABLE=True
CONFIG_CINDER_KS_PW=c8cb1ecb8c2b4f6f
CONFIG_CINDER_BACKEND=lvm
CONFIG_CINDER_VOLUMES_CREATE=y
CONFIG_CINDER_VOLUMES_SIZE=10G
CONFIG_CINDER_GLUSTER_MOUNTS=
CONFIG_CINDER_NFS_MOUNTS=
CONFIG_CINDER_NETAPP_LOGIN=
CONFIG_CINDER_NETAPP_PASSWORD=
CONFIG_CINDER_NETAPP_HOSTNAME=
CONFIG_CINDER_NETAPP_SERVER_PORT=80
CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
CONFIG_CINDER_NETAPP_NFS_SHARES=
CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf
CONFIG_CINDER_NETAPP_VOLUME_LIST=
CONFIG_CINDER_NETAPP_VFILER=
CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
CONFIG_CINDER_NETAPP_VSERVER=
CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
CONFIG_CINDER_NETAPP_SA_PASSWORD=
CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
CONFIG_CINDER_NETAPP_STORAGE_POOLS=
CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
CONFIG_MANILA_BACKEND=generic
CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
CONFIG_MANILA_NETAPP_LOGIN=admin
CONFIG_MANILA_NETAPP_PASSWORD=
CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
CONFIG_MANILA_NETAPP_SERVER_PORT=443
CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
CONFIG_MANILA_NETAPP_VSERVER=
CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
CONFIG_MANILA_NETWORK_TYPE=neutron
CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
CONFIG_MANILA_GLUSTERFS_SERVERS=
CONFIG_MANILA_GLUSTERFS_NATIVE_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_VOLUME_PATTERN=
CONFIG_MANILA_GLUSTERFS_TARGET=
CONFIG_MANILA_GLUSTERFS_MOUNT_POINT_BASE=
CONFIG_MANILA_GLUSTERFS_NFS_SERVER_TYPE=gluster
CONFIG_MANILA_GLUSTERFS_PATH_TO_PRIVATE_KEY=
CONFIG_MANILA_GLUSTERFS_GANESHA_SERVER_IP=
CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
CONFIG_NOVA_DB_PURGE_ENABLE=True
CONFIG_NOVA_DB_PW=1e1b5aeeeaf342a8
CONFIG_NOVA_KS_PW=d9583177a2444f06
CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
CONFIG_VNC_SSL_CERT=
CONFIG_VNC_SSL_KEY=
CONFIG_NOVA_COMPUTE_PRIVIF=
CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
CONFIG_NOVA_NETWORK_PUBIF=eth0
CONFIG_NOVA_NETWORK_PRIVIF=
CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4.0/22
CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP=n
CONFIG_NOVA_NETWORK_VLAN_START=100
CONFIG_NOVA_NETWORK_NUMBER=1
CONFIG_NOVA_NETWORK_SIZE=255
CONFIG_NEUTRON_KS_PW=808e36e154bd4cee
CONFIG_NEUTRON_DB_PW=0e2b927a21b44737
CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
CONFIG_NEUTRON_METADATA_PW=a965cd23ed2f4502
CONFIG_LBAAS_INSTALL=n
CONFIG_NEUTRON_METERING_AGENT_INSTALL=n
CONFIG_NEUTRON_FWAAS=n
CONFIG_NEUTRON_VPNAAS=n
CONFIG_NEUTRON_ML2_TYPE_DRIVERS=vxlan
CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=vxlan
CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS=openvswitch
CONFIG_NEUTRON_ML2_FLAT_NETWORKS=*
CONFIG_NEUTRON_ML2_VLAN_RANGES=
CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES=1001:2000
CONFIG_NEUTRON_ML2_VXLAN_GROUP=239.1.1.2
CONFIG_NEUTRON_ML2_VNI_RANGES=1001:2000
CONFIG_NEUTRON_L2_AGENT=openvswitch
CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
CONFIG_NEUTRON_OVS_TUNNEL_IF=eth1
CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789
CONFIG_HORIZON_SSL=n
CONFIG_HORIZON_SECRET_KEY=33cade531a764c858e4e6c22488f379f
CONFIG_HORIZON_SSL_CERT=
CONFIG_HORIZON_SSL_KEY=
CONFIG_HORIZON_SSL_CACERT=
CONFIG_SWIFT_KS_PW=8f75bfd461234c30
CONFIG_SWIFT_STORAGES=
CONFIG_SWIFT_STORAGE_ZONES=1
CONFIG_SWIFT_STORAGE_REPLICAS=1
CONFIG_SWIFT_STORAGE_FSTYPE=ext4
CONFIG_SWIFT_HASH=a60aacbedde7429a
CONFIG_SWIFT_STORAGE_SIZE=2G
CONFIG_HEAT_DB_PW=PW_PLACEHOLDER
CONFIG_HEAT_AUTH_ENC_KEY=09e304c52d714220
CONFIG_HEAT_KS_PW=PW_PLACEHOLDER
CONFIG_HEAT_CLOUDWATCH_INSTALL=n
CONFIG_HEAT_CFN_INSTALL=n
CONFIG_HEAT_DOMAIN=heat
CONFIG_HEAT_DOMAIN_ADMIN=heat_admin
CONFIG_HEAT_DOMAIN_PASSWORD=PW_PLACEHOLDER
CONFIG_PROVISION_DEMO=y
CONFIG_PROVISION_TEMPEST=n
CONFIG_PROVISION_DEMO_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_IMAGE_NAME=cirros
CONFIG_PROVISION_IMAGE_URL=http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
CONFIG_PROVISION_IMAGE_FORMAT=qcow2
CONFIG_PROVISION_IMAGE_SSH_USER=cirros
CONFIG_PROVISION_TEMPEST_USER=
CONFIG_PROVISION_TEMPEST_USER_PW=PW_PLACEHOLDER
CONFIG_PROVISION_TEMPEST_FLOATRANGE=172.24.4.224/28
CONFIG_PROVISION_TEMPEST_REPO_URI=https://github.com/openstack/tempest.git
CONFIG_PROVISION_TEMPEST_REPO_REVISION=master
CONFIG_PROVISION_OVS_BRIDGE=n
CONFIG_CEILOMETER_SECRET=19ae0e7430174349
CONFIG_CEILOMETER_KS_PW=337b08d4b3a44753
CONFIG_CEILOMETER_COORDINATION_BACKEND=redis
CONFIG_MONGODB_HOST=192.169.142.127
CONFIG_REDIS_MASTER_HOST=192.169.142.127
CONFIG_REDIS_PORT=6379
CONFIG_REDIS_HA=n
CONFIG_REDIS_SLAVE_HOSTS=
CONFIG_REDIS_SENTINEL_HOSTS=
CONFIG_REDIS_SENTINEL_CONTACT_HOST=
CONFIG_REDIS_SENTINEL_PORT=26379
CONFIG_REDIS_SENTINEL_QUORUM=2
CONFIG_REDIS_MASTER_NAME=mymaster
CONFIG_SAHARA_DB_PW=PW_PLACEHOLDER
CONFIG_SAHARA_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_DB_PW=PW_PLACEHOLDER
CONFIG_TROVE_KS_PW=PW_PLACEHOLDER
CONFIG_TROVE_NOVA_USER=trove
CONFIG_TROVE_NOVA_TENANT=services
CONFIG_TROVE_NOVA_PW=PW_PLACEHOLDER
CONFIG_NAGIOS_PW=02f168ee8edd44e4
**************************************
At this point run on Controller:-
**************************************
 # yum -y  install centos-release-openstack-liberty
 # yum -y  install openstack-packstack
 # packstack --answer-file=./answer4Node.txt

During packstack run I was hit by failure :-
192.169.142.157_glance.pp:                        [ ERROR ]           
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run: 192.169.142.157_glance.pp
Error: Execution of '/usr/bin/yum -d 0 -e 0 -y install openstack-glance' returned 1: No Presto metadata available for centos-openstack-liberty

You will find full trace in log /var/tmp/packstack/20151102-123133-fcqwvl/manifests/192.169.142.157_glance.pp.log

Regardless openstack-glance was already installed on 192.169.142.157 ,
I've just restarted packstack , which completed with no problems

***********************************************************
Upon completion on Network node 192.169.142.147
***********************************************************
[root@ip-192-169-142-147 network-scripts]# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="172.24.4.230"
NETMASK="255.255.255.240"
DNS1="83.221.202.254"
BROADCAST="172.24.4.239"
GATEWAY="172.24.4.225"
NM_CONTROLLED="no"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no

[root@ip-192-169-142-147 network-scripts]# cat ifcfg-eth2
DEVICE="eth2"
# HWADDR=00:22:15:63:E4:E2
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no

***************************************************************
When OVS br-ex configuration is done, proceed as follows
***************************************************************
# chkconfig network on
# systemctl stop NetworkManager
# systemctl disable NetworkManager
# reboot

********************************************
Status of Storage Node upon completion
********************************************

[root@ip-192-169-142-157 ~(keystone_admin)]# openstack-status
== Glance services ==
openstack-glance-api:                   active
openstack-glance-registry:           active
== Swift services ==
openstack-swift-proxy:                  active
openstack-swift-account:              active
openstack-swift-container:            active
openstack-swift-object:                 active
== Cinder services ==
openstack-cinder-api:                   active
openstack-cinder-scheduler:        active
openstack-cinder-volume:            active
openstack-cinder-backup:            active
== Support services ==
dbus:                                   active
target:                                 active
memcached:                        active

*****************************************************************************
Next step ( device /dev/vdb 25 GB was precreated during VM setup)
Launch gparted  via EPEL 7 and create unformatted /dev/sdb1 ( 25 GB)
*****************************************************************************
# pvcreate /dev/vdb1
# vgcreate cinder-volumes51  /dev/vdb1

***********************************************************
Update /etc/cinder/cinder.conf
***********************************************************
First entry id [DEFAULT] section

################
enabled_backends=lvm51
################

At the bottom of file add

[lvm51]
iscsi_helper=lioadm
volume_group=cinder-volumes51
volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver
iscsi_ip_address=192.169.142.157
volume_backend_name=LVM_iSCSI51

**********
Then
**********

[root@ip-192-169-142-157 ~(keystone_admin)]# cinder type-create lvms
[root@ip-192-169-142-157 ~(keystone_admin)]# cinder type-key lvms set volume_backend_name=LVM_iSCSI51


Reboot VM and check /var/log/cinder/volume.log for entry


2015-11-02 13:39:09.131 5087 INFO cinder.volume.manager [req-f6ce2cdc-faad-4cf8-9999-6b8c7876bd34 - - - - -] Starting volume driver LVMISCSIDriver (3.0.0)
2015-11-02 13:39:09.136 1058 WARNING oslo_config.cfg [req-bb5acb39-d58d-4999-aea6-96a8fa414c78 - - - - -] Option "amqp_durable_queues" from group "DEFAULT" is deprecated. Use option "amqp_durable_queues" from group "oslo_messaging_rabbit".
2015-11-02 13:39:09.151 1058 WARNING oslo_config.cfg [req-bb5acb39-d58d-4999-aea6-96a8fa414c78 - - - - -] Option "lock_path" from group "DEFAULT" is deprecated. Use option "lock_path" from group "oslo_concurrency".
2015-11-02 13:39:10.032 5087 WARNING oslo_config.cfg [req-f6ce2cdc-faad-4cf8-9999-6b8c7876bd34 - - - - -] Option "amqp_durable_queues" from group "DEFAULT" is deprecated. Use option "amqp_durable_queues" from group "oslo_messaging_rabbit".
2015-11-02 13:39:10.207 5087 INFO oslo.messaging._drivers.impl_rabbit [req-f6ce2cdc-faad-4cf8-9999-6b8c7876bd34 - - - - -] Connecting to AMQP server on 192.169.142.127:5672
2015-11-02 13:39:10.217 5087 INFO oslo.messaging._drivers.impl_rabbit [req-f6ce2cdc-faad-4cf8-9999-6b8c7876bd34 - - - - -] Connected to AMQP server on 192.169.142.127:5672
2015-11-02 13:39:10.297 5087 INFO cinder.volume.manager [req-f6ce2cdc-faad-4cf8-9999-6b8c7876bd34 - - - - -] Driver initialization completed successfully.
2015-11-02 13:39:10.385 5087 INFO oslo.messaging._drivers.impl_rabbit [req-b4c3e107-d745-4d8b-9362-0b490792d699 - - - - -] Connecting to AMQP server on 192.169.142.127:5672
2015-11-02 13:39:10.394 5087 INFO oslo.messaging._drivers.impl_rabbit [req-b4c3e107-d745-4d8b-9362-0b490792d699 - - - - -] Connected to AMQP server on 192.169.142.127:5672

***********************
and make sure that
***********************

[root@ip-192-169-142-157 ~(keystone_admin)]# systemctl status target -l
target.service - Restore LIO kernel target configuration
   Loaded: loaded (/usr/lib/systemd/system/target.service; enabled)
   Active: active (exited) since Mon 2015-11-02 15:07:13 MSK; 1h 55min ago
  Process: 1006 ExecStart=/usr/bin/targetctl restore (code=exited, status=0/SUCCESS)
 Main PID: 1006 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/target.service

Nov 02 15:07:13 ip-192-169-142-157.ip.secureserver.net systemd[1]: Started Restore LIO kernel target configuration.


*******************************************
Status services on Storage Node
*******************************************
 
   192.169.142.157 works as LVMiSCSI Target Server. iSCSI target automatically created via cinder download glance image to mentioned volume group and launching cloud instance attached to this volume.

     
   
    Compute Node (iSCSI initiator  host )
      
 
  
*************************************************
Verfication status of running Cloud VM (L2)
*************************************************
  
 [root@ip-192-169-142-147 ~(keystone_demo)]# nova list
+--------------------------------------+------------+--------+------------+-------------+--------------------------------------+
| ID                                   | Name       | Status | Task State | Power State | Networks                             |
+--------------------------------------+------------+--------+------------+-------------+--------------------------------------+
| fc4ca22d-50e5-41c7-bd97-1b1c1bd1e056 | VF22Devs01 | ACTIVE | -          | Running     | demo_network=50.0.0.11, 172.24.4.228 |
+--------------------------------------+------------+--------+------------+-------------+--------------------------------------+
[root@ip-192-169-142-147 ~(keystone_demo)]# nova show fc4ca22d-50e5-41c7-bd97-1b1c1bd1e056
+--------------------------------------+----------------------------------------------------------+
| Property                             | Value                                                    |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig                    | AUTO                                                     |
| OS-EXT-AZ:availability_zone          | nova                                                     |
| OS-EXT-STS:power_state               | 1                                                        |
| OS-EXT-STS:task_state                | -                                                        |
| OS-EXT-STS:vm_state                  | active                                                   |
| OS-SRV-USG:launched_at               | 2015-11-02T11:11:39.000000                               |
| OS-SRV-USG:terminated_at             | -                                                        |
| accessIPv4                           |                                                          |
| accessIPv6                           |                                                          |
| config_drive                         |                                                          |
| created                              | 2015-11-02T11:11:30Z                                     |
| demo_network network                 | 50.0.0.11, 172.24.4.228                                  |
| flavor                               | m1.small (2)                                             |
| hostId                               | 920c0f6fd9218b6718daf508a4c1be97e2f632d8db16ea8acb008318 |
| id                                   | fc4ca22d-50e5-41c7-bd97-1b1c1bd1e056                     |
| image                                | Attempt to boot from volume - no image supplied          |
| key_name                             | oskeystor                                                |
| metadata                             | {}                                                       |
| name                                 | VF22Devs01                                               |
| os-extended-volumes:volumes_attached | [{"id": "d419e056-262e-46c9-bd04-daa28a7ac04e"}]         |
| progress                             | 0                                                        |
| security_groups                      | default                                                  |
| status                               | ACTIVE                                                   |
| tenant_id                            | 121591a2b3f24be3b462a90041e8bc40                         |
| updated                              | 2015-11-02T12:16:07Z                                     |
| user_id                              | f70cf283ded44d8a80e23df7cf4eb008                         |
+--------------------------------------+----------------------------------------------------------+

[root@ip-192-169-142-157 ~(keystone_admin)]# targetcli
targetcli shell version 2.1.fb37
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ......................................................................................... [...]
  o- backstores .............................................................................. [...]
  | o- block .................................................................. [Storage Objects: 1]
  | | o- iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e  [/dev/cinder-volumes51/volume-d419e056-262e-46c9-bd04-daa28a7ac04e (7.0GiB) write-thru activated]
  | o- fileio ................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................ [Targets: 1]
  | o- iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e ............. [TPGs: 1]
  |   o- tpg1 .......................................................... [no-gen-acls, auth per-acl]
  |     o- acls .......................................................................... [ACLs: 1]
  |     | o- iqn.1994-05.com.redhat:d989f7dce882 ...................... [1-way auth, Mapped LUNs: 1]
  |     |   o- mapped_lun0  [lun0 block/iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e (rw)]
  |     o- luns .......................................................................... [LUNs: 1]
  |     | o- lun0  [block/iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e (/dev/cinder-volumes51/volume-d419e056-262e-46c9-bd04-daa28a7ac04e)]
  |     o- portals .................................................................... [Portals: 1]
  |       o- 192.169.142.157:3260 ............................................................. [OK]
  o- loopback ......................................................................... [Targets: 0]
/>


 
   *************************
   Status on Compute
  *************************
 [root@ip-192-169-142-137 ~]#  iscsiadm -m discovery -t sendtargets -p 192.169.142.157
192.169.142.157:3260,1 iqn.2010-10.org.openstack:volume-9b559332-56c3-417a-958a-2c237e54865a
192.169.142.157:3260,1 iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e

[root@ip-192-169-142-137 ~]#  iscsiadm -m session -P 3
iSCSI Transport Class version 2.0-870
version 6.2.0.873-28
Target: iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e (non-flash)
    Current Portal: 192.169.142.157:3260,1
    Persistent Portal: 192.169.142.157:3260,1
        **********
        Interface:
        **********
        Iface Name: default
        Iface Transport: tcp
        Iface Initiatorname: iqn.1994-05.com.redhat:d989f7dce882
        Iface IPaddress: 192.169.142.137
        Iface HWaddress:
        Iface Netdev:
        SID: 1
        iSCSI Connection State: LOGGED IN
        iSCSI Session State: LOGGED_IN
        Internal iscsid Session State: NO CHANGE
        *********
        Timeouts:
        *********
        Recovery Timeout: 120
        Target Reset Timeout: 30
        LUN Reset Timeout: 30
        Abort Timeout: 15
        *****
        CHAP:
        *****
        username: LAfFkqEJGQrKAv3qPDB5
        password: ********
        username_in:
        password_in: ********
        ************************
        Negotiated iSCSI params:
        ************************
        HeaderDigest: None
        DataDigest: None
        MaxRecvDataSegmentLength: 262144
        MaxXmitDataSegmentLength: 262144
        FirstBurstLength: 65536
        MaxBurstLength: 262144
        ImmediateData: Yes
        InitialR2T: Yes
        MaxOutstandingR2T: 1
        ************************
        Attached SCSI devices:
        ************************
        Host Number: 2    State: running
        scsi2 Channel 00 Id 0 Lun: 0
            Attached scsi disk sda        State: running
Target: iqn.2010-10.org.openstack:volume-9b559332-56c3-417a-958a-2c237e54865a (non-flash)
    Current Portal: 192.169.142.157:3260,1
    Persistent Portal: 192.169.142.157:3260,1
        **********
        Interface:
        **********
        Iface Name: default
        Iface Transport: tcp
        Iface Initiatorname: iqn.1994-05.com.redhat:d989f7dce882
        Iface IPaddress: 192.169.142.137
        Iface HWaddress:
        Iface Netdev:
        SID: 2
        iSCSI Connection State: LOGGED IN
        iSCSI Session State: LOGGED_IN
        Internal iscsid Session State: NO CHANGE
        *********
        Timeouts:
        *********
        Recovery Timeout: 120
        Target Reset Timeout: 30
        LUN Reset Timeout: 30
        Abort Timeout: 15
        *****
        CHAP:
        *****
        username: 7KTQpMhCXhfC3SKfX3aL
        password: ********
        username_in:
        password_in: ********
        ************************
        Negotiated iSCSI params:
        ************************
        HeaderDigest: None
        DataDigest: None
        MaxRecvDataSegmentLength: 262144
        MaxXmitDataSegmentLength: 262144
        FirstBurstLength: 65536
        MaxBurstLength: 262144
        ImmediateData: Yes
        InitialR2T: Yes
        MaxOutstandingR2T: 1
        ************************
        Attached SCSI devices:
        ************************
        Host Number: 3    State: running
        scsi3 Channel 00 Id 0 Lun: 0
            Attached scsi disk sdb        State: running

***********************
Status on Storage
***********************

[root@ip-192-169-142-157 ~(keystone_admin)]# targetcli
targetcli shell version 2.1.fb37
Copyright 2011-2013 by Datera, Inc and others.
For help on commands, type 'help'.

/> ls
o- / ......................................................................................... [...]
  o- backstores .............................................................................. [...]
  | o- block .................................................................. [Storage Objects: 2]
  | | o- iqn.2010-10.org.openstack:volume-9b559332-56c3-417a-958a-2c237e54865a  [/dev/cinder-volumes51/volume-9b559332-56c3-417a-958a-2c237e54865a (5.0GiB) write-thru activated]
  | | o- iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e  [/dev/cinder-volumes51/volume-d419e056-262e-46c9-bd04-daa28a7ac04e (7.0GiB) write-thru activated]

  | o- fileio ................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................ [Targets: 2]
  | o- iqn.2010-10.org.openstack:volume-9b559332-56c3-417a-958a-2c237e54865a ............. [TPGs: 1]
  | | o- tpg1 .......................................................... [no-gen-acls, auth per-acl]
  | |   o- acls .......................................................................... [ACLs: 1]
  | |   | o- iqn.1994-05.com.redhat:d989f7dce882 ...................... [1-way auth, Mapped LUNs: 1]
  | |   |   o- mapped_lun0  [lun0 block/iqn.2010-10.org.openstack:volume-9b559332-56c3-417a-958a-2c237e54865a (rw)]
  | |   o- luns .......................................................................... [LUNs: 1]
  | |   | o- lun0  [block/iqn.2010-10.org.openstack:volume-9b559332-56c3-417a-958a-2c237e54865a (/dev/cinder-volumes51/volume-9b559332-56c3-417a-958a-2c237e54865a)]
  | |   o- portals .................................................................... [Portals: 1]
  | |     o- 192.169.142.157:3260 ............................................................. [OK]
  | o- iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e ............. [TPGs: 1]
  |   o- tpg1 .......................................................... [no-gen-acls, auth per-acl]
  |     o- acls .......................................................................... [ACLs: 1]
  |     | o- iqn.1994-05.com.redhat:d989f7dce882 ...................... [1-way auth, Mapped LUNs: 1]
  |     |   o- mapped_lun0  [lun0 block/iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e (rw)]
  |     o- luns .......................................................................... [LUNs: 1]
  |     | o- lun0  [block/iqn.2010-10.org.openstack:volume-d419e056-262e-46c9-bd04-daa28a7ac04e (/dev/cinder-volumes51/volume-d419e056-262e-46c9-bd04-daa28a7ac04e)]
  |     o- portals .................................................................... [Portals: 1]
  |       o- 192.169.142.157:3260 ............................................................. [OK]
  o- loopback ......................................................................... [Targets: 0]
/> exit
Global pref auto_save_on_exit=true
Last 10 configs saved in /etc/target/backup.
Configuration saved to /etc/target/saveconfig.json