<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Switching to Dashboard Spice Console in RDO Kilo on Fedora 22

Published on
4,162 Points
1,162 Views
Last Modified:
This post describes the installation of RDO Kilo on a Fedora 22 server via packstack (officialy unsupported by RedHat) and switching from standard VNC dashborad console to Spice. Some of the content below was posted on the RDO mailing list a couple of weeks ago. Rich Bowen's feedback regarding this topic may be viewed at "RDO Community Newsletter - July 2015" https://www.redhat.com/archives/rdo-list/2015-July/msg00002.html. I also digged a bit deeper into the details of initial RDO Kilo configuration than it is done in https://www.rdoproject.org/Neutron_with_existing_external_network.

Enabling the Spice Console for RDO Kilo on Fedora 22 also allows one to obtain the "video&&sound" and "cut&&paste" features via connection to the console (locally or remotely) through spice-gtk tools like "Spicy" or "Virt-manager" for VMs running in the cloud. In particular, it works for CentOS 7.1 VMs and any recent Fedora releases 22,21 VMs and was tested with an evaluation copy of Windows 2012 Server.

The focus was made on senselessness of editing Openstack Kilo instance libvirt.xml template, which may be updated only via the introduction new classes and methods defined in virt/libvirt/config.py and invoking this methods in virt/libvirt/driver.py. Here I follow original post of Y.Kawada for Openstack IceHouse slightly updating his patches.

To install RDO Kilo on Fedora 22 (as of time of writing) manage it as follows:
 
# dnf install -y https://rdoproject.org/repos/rdo-release.rpm
# dnf install -y openstack-packstack  

Open in new window

However, in meantime, the openstack-packstack package coming from RDO QuickStart page won't work for you as expected. The workaround below may be also viewed on RH's RDO blog roundup as of 06/29/2015. The package required for packstack run on F22 is currently (06/26/2015) pushed to Fedora Rawhide.
 
# dnf install fedora-repos-rawhide
# dnf --enablerepo=rawhide update openstack-packstack

Fedora - Rawhide - Developmental packages for the next Fedora re 1.7 MB/s |  45 MB     00:27

Last metadata expiration check performed 0:00:39 ago on Sat Jun 27 13:23:03 2015.
Dependencies resolved.
==============================================================
 Package                       Arch      Version                                Repository  Size
==============================================================
Upgrading:
 openstack-packstack           noarch    2015.1-0.7.dev1577.gc9f8c3c.fc23       rawhide     233 k
 openstack-packstack-puppet    noarch    2015.1-0.7.dev1577.gc9f8c3c.fc23       rawhide     233 k
Transaction Summary
==============================================================
Upgrade  2 Packages
 .  .  .  .  .

Open in new window


# dnf  install python3-pyOpenSSL.noarch 

Open in new window

Now generate the answer file to update CONFIG_KEYSTONE_SERVICE_NAME. My experience with value  "keystone" generated by "packstack --allinone" is negative. Issue this command
 
# packstack --gen-answer-file answer-file-aio.txt

Open in new window

and set
 
CONFIG_KEYSTONE_SERVICE_NAME=httpd

Open in new window

You also need to pre-patch provision_demo.pp (see required patch in http://textuploader.com/yn0v). This step just disables the Neutron setup verification that results in a packstack crash. I also commented out the second line in  /etc/httpd/conf.d/mod_dnssd.conf. At this point run
 
​'packstack --answer-file=./answer-file-aio.txt'

Open in new window

Upon completion you may try follow https://www.rdoproject.org/Neutron_with_existing_external_network

However, I have noticed that in the link above the following actions are simply skipped:
  1. creating new tenant && new user belongs to this tenant
  2. exporting user's credentials to shell
  3. creating new router under new tenant
  4. creating private subnet (belongs to new tenant) with DNS server declared
  5. creating gateway to external_network under new tenant
  6. creating interface to private subnet under new tenant
After creating external_network as admin, manage as follows:

Create new user and new tenant:
 
# source  keystonerc_admin
# keystone user-create --name demo --pass fedora
# keystone role-create --name user
# keystone tenant-create --name ostenant
# keystone user-role-add --user demo \
  --role user --tenant ostenant

# cat >> ~/keystonerc_demo << EOF
  export OS_USERNAME=demo
  unset OS_SERVICE_TOKEN
  export OS_TENANT_NAME=ostenant
  export OS_PASSWORD=fedora
  export OS_AUTH_URL=http://192.168.1.90:35357/v2.0/
  export OS_REGION_NAME=RegionOne
  export PS1='[\u@\h \W(keystone_demo)]\$ '
  EOF

Open in new window

Switch environment to newly created tenant  -  ostenant. Create Neutron Router && tenant's (private) subnet:
 
# source keystonerc_demo

Open in new window

Create a router attached to the external network. This router routes traffic to the internal subnets:
 
# neutron router-create router1
  Created a new router:
  +-----------------------+--------------------------------------+
  | Field                 | Value                                |
  +-----------------------+--------------------------------------+
  | admin_state_up        | True                                 |
  | external_gateway_info |                                      |
  | id                    | d72adddf-4c02-4916-ae6d-16bfdaf59d99 |
  | name                  | router1                              |
  | status                | ACTIVE                               |
  | tenant_id             | 2c845a6ad20e45ccb0b045cee27a9661     |
  +-----------------------+--------------------------------------+

Open in new window

Connect the router to external_network by setting the gateway for the router:
 
# neutron router-gateway-set router1 external_network

Open in new window

 Set gateway for router router1. Create an internal network and its associated subnet:
 
# neutron net-create int
  Created a new network:
  +----------------+--------------------------------------+
  | Field          | Value                                |
  +----------------+--------------------------------------+
  | admin_state_up | True                                 |
  | id             | 1a4157a6-5cf2-46e3-bdea-1533c8f54cdf |
  | name           | int                                  |
  | shared         | False                                |
  | status         | ACTIVE                               |
  | subnets        |                                      |
  | tenant_id      | 2c845a6ad20e45ccb0b045cee27a9661     |
  +----------------+--------------------------------------+

Open in new window

Create private subnet with DHCP enabled and DNS server:
 
# neutron subnet-create int 30.0.0.0/24 --dns_nameservers list=true 8.8.8.8
  Created a new subnet:
  +------------------+--------------------------------------------+
  | Field            | Value                                      |
  +------------------+--------------------------------------------+
  | allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} |
  | cidr             | 30.0.0.0/24                                |
  | dns_nameservers  | 8.8.8.8                                    |
  | enable_dhcp      | True                                       |
  | gateway_ip       | 30.0.0.1                                   |
  | host_routes      |                                            |
  | id               | 04b95f13-cc77-4f9a-8206-7f6ed183461d       |
  | ip_version       | 4                                          |
  | name             |                                            |
  | network_id       | 1a4157a6-5cf2-46e3-bdea-1533c8f54cdf       |
  | tenant_id        | 2c845a6ad20e45ccb0b045cee27a9661           |
  +------------------+--------------------------------------------+

Open in new window

Connect the above subnet to the router by setting it as a port:
 
# neutron router-interface-add router1   \
  04b95f13-cc77-4f9a-8206-7f6ed183461d

Added interface 63ea2815-b524-4a12-931d-3e7db60ea170 to router router1.

Open in new window

List subnets (as keystonerc_demo):
 
# neutron subnet-list
  +--------------------------------------+------+-------------+--------------------------------------------+
  | id                                   | name | cidr        | allocation_pools                           |
  +--------------------------------------+------+-------------+--------------------------------------------+
  | 04b95f13-cc77-4f9a-8206-7f6ed183461d |      | 30.0.0.0/24 | {"start": "30.0.0.2", "end": "30.0.0.254"} |
  +--------------------------------------+------+-------------+--------------------------------------------+

Open in new window

Here we turn back to Fedora 22 tuning:

[root@ServerFedora22 network-scripts(keystone_admin)]# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="192.168.1.32"
NETMASK="255.255.255.0"
DNS1="8.8.8.8"
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.1"
NM_CONTROLLED="no"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no

[root@ServerFedora22 network-scripts(keystone_admin)]# cat ifcfg-enp2s0
DEVICE="enp2s0"
ONBOOT="yes"
HWADDR="90:E6:BA:2D:11:EB"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no

Open in new window


When configuration above is done:

# chkconfig network on
# systemctl stop NetworkManager
# systemctl disable NetworkManager
# reboot

Open in new window

Proceed with switching to Spice Console:
 
# dnf -y install spice-html5
# dnf -y install  openstack-nova-spicehtml5proxy
# rpm -qa | grep openstack-nova-spicehtml5proxy
openstack-nova-spicehtml5proxy-2015.1.0-3.fc23.noarch

Open in new window

Update /etc/nova/nova.conf:
 
[DEFAULT]
. . . . .
web=/usr/share/spice-html5 
. . . . . .
spicehtml5proxy_host=0.0.0.0 
spicehtml5proxy_port=6082    
. . . . . . .
# Disable VNC
vnc_enabled=false
. . . . . . .
[spice]
# AIO host IP 192.168.1.37

html5proxy_base_url=http://192.168.1.37:6082/spice_auto.html
server_proxyclient_address=127.0.0.1
server_listen=0.0.0.0
enabled=true
agent_enabled=true
keymap=en-us

:wq

# service httpd restart 
# service openstack-nova-compute restart 
# service openstack-nova-spicehtml5proxy start
# systemctl enable openstack-nova-spicehtml5proxy

Open in new window

Follow http://www.slideshare.net/YukihiroKawada/rdo-spice  with self.type="ich6" for CentOS 7.1 and Fedora 22 cloud instances. Mate Desktop will provide sound on F22 VMs, GNOME Desktop on CentOS 7.1 VMs. VMs Spice console is supposed to be connected via Spicy or Virt-manager.

After recompiling virt/libvirt/config.py and virt/libvirt/driver.py restart the service openstack-nova-compute. The setup above is supposed to work on F22 workstations and similar actions could be undertaken on a F22 Server after install "workstation-product-environment". In the case of the F22 Server /etc/httpd/conf.d/ssl.conf requires minor patching to avoid keystone puppet failure:

LoadModule ssl_module modules/mod_ssl.so <== ADD
Listen 443 https

##
##  SSL Global Context
##
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
# SSLSessionCache         shmcb:/run/httpd/sslcache(512000) <== Comment out
SSLSessionCacheTimeout  300

Open in new window

0
0 Comments

Featured Post

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month