Switching to Dashboard Spice Console in RDO Kilo on Fedora 22

Published:
This post describes the installation of RDO Kilo on a Fedora 22 server via packstack (officialy unsupported by RedHat) and switching from standard VNC dashborad console to Spice. Some of the content below was posted on the RDO mailing list a couple of weeks ago. Rich Bowen's feedback regarding this topic may be viewed at "RDO Community Newsletter - July 2015" https://www.redhat.com/archives/rdo-list/2015-July/msg00002.html. I also digged a bit deeper into the details of initial RDO Kilo configuration than it is done in https://www.rdoproject.org/Neutron_with_existing_external_network.

Enabling the Spice Console for RDO Kilo on Fedora 22 also allows one to obtain the "video&&sound" and "cut&&paste" features via connection to the console (locally or remotely) through spice-gtk tools like "Spicy" or "Virt-manager" for VMs running in the cloud. In particular, it works for CentOS 7.1 VMs and any recent Fedora releases 22,21 VMs and was tested with an evaluation copy of Windows 2012 Server.

The focus was made on senselessness of editing Openstack Kilo instance libvirt.xml template, which may be updated only via the introduction new classes and methods defined in virt/libvirt/config.py and invoking this methods in virt/libvirt/driver.py. Here I follow original post of Y.Kawada for Openstack IceHouse slightly updating his patches.

To install RDO Kilo on Fedora 22 (as of time of writing) manage it as follows:
 
# dnf install -y https://rdoproject.org/repos/rdo-release.rpm
                      # dnf install -y openstack-packstack  

Open in new window

However, in meantime, the openstack-packstack package coming from RDO QuickStart page won't work for you as expected. The workaround below may be also viewed on RH's RDO blog roundup as of 06/29/2015. The package required for packstack run on F22 is currently (06/26/2015) pushed to Fedora Rawhide.
 
# dnf install fedora-repos-rawhide
                      # dnf --enablerepo=rawhide update openstack-packstack
                      
                      Fedora - Rawhide - Developmental packages for the next Fedora re 1.7 MB/s |  45 MB     00:27
                      
                      Last metadata expiration check performed 0:00:39 ago on Sat Jun 27 13:23:03 2015.
                      Dependencies resolved.
                      ==============================================================
                       Package                       Arch      Version                                Repository  Size
                      ==============================================================
                      Upgrading:
                       openstack-packstack           noarch    2015.1-0.7.dev1577.gc9f8c3c.fc23       rawhide     233 k
                       openstack-packstack-puppet    noarch    2015.1-0.7.dev1577.gc9f8c3c.fc23       rawhide     233 k
                      Transaction Summary
                      ==============================================================
                      Upgrade  2 Packages
                       .  .  .  .  .

Open in new window


# dnf  install python3-pyOpenSSL.noarch 

Open in new window

Now generate the answer file to update CONFIG_KEYSTONE_SERVICE_NAME. My experience with value  "keystone" generated by "packstack --allinone" is negative. Issue this command
 
# packstack --gen-answer-file answer-file-aio.txt

Open in new window

and set
 
CONFIG_KEYSTONE_SERVICE_NAME=httpd

Open in new window

You also need to pre-patch provision_demo.pp (see required patch in http://textuploader.com/yn0v). This step just disables the Neutron setup verification that results in a packstack crash. I also commented out the second line in  /etc/httpd/conf.d/mod_dnssd.conf. At this point run
 
​'packstack --answer-file=./answer-file-aio.txt'

Open in new window

Upon completion you may try follow https://www.rdoproject.org/Neutron_with_existing_external_network

However, I have noticed that in the link above the following actions are simply skipped:
  1. creating new tenant && new user belongs to this tenant
  2. exporting user's credentials to shell
  3. creating new router under new tenant
  4. creating private subnet (belongs to new tenant) with DNS server declared
  5. creating gateway to external_network under new tenant
  6. creating interface to private subnet under new tenant
After creating external_network as admin, manage as follows:

Create new user and new tenant:
 
# source  keystonerc_admin
                      # keystone user-create --name demo --pass fedora
                      # keystone role-create --name user
                      # keystone tenant-create --name ostenant
                      # keystone user-role-add --user demo \
                        --role user --tenant ostenant
                      
                      # cat >> ~/keystonerc_demo << EOF
                        export OS_USERNAME=demo
                        unset OS_SERVICE_TOKEN
                        export OS_TENANT_NAME=ostenant
                        export OS_PASSWORD=fedora
                        export OS_AUTH_URL=http://192.168.1.90:35357/v2.0/
                        export OS_REGION_NAME=RegionOne
                        export PS1='[\u@\h \W(keystone_demo)]\$ '
                        EOF

Open in new window

Switch environment to newly created tenant  -  ostenant. Create Neutron Router && tenant's (private) subnet:
 
# source keystonerc_demo

Open in new window

Create a router attached to the external network. This router routes traffic to the internal subnets:
 
# neutron router-create router1
                        Created a new router:
                        +-----------------------+--------------------------------------+
                        | Field                 | Value                                |
                        +-----------------------+--------------------------------------+
                        | admin_state_up        | True                                 |
                        | external_gateway_info |                                      |
                        | id                    | d72adddf-4c02-4916-ae6d-16bfdaf59d99 |
                        | name                  | router1                              |
                        | status                | ACTIVE                               |
                        | tenant_id             | 2c845a6ad20e45ccb0b045cee27a9661     |
                        +-----------------------+--------------------------------------+

Open in new window

Connect the router to external_network by setting the gateway for the router:
 
# neutron router-gateway-set router1 external_network

Open in new window

 Set gateway for router router1. Create an internal network and its associated subnet:
 
# neutron net-create int
                        Created a new network:
                        +----------------+--------------------------------------+
                        | Field          | Value                                |
                        +----------------+--------------------------------------+
                        | admin_state_up | True                                 |
                        | id             | 1a4157a6-5cf2-46e3-bdea-1533c8f54cdf |
                        | name           | int                                  |
                        | shared         | False                                |
                        | status         | ACTIVE                               |
                        | subnets        |                                      |
                        | tenant_id      | 2c845a6ad20e45ccb0b045cee27a9661     |
                        +----------------+--------------------------------------+

Open in new window

Create private subnet with DHCP enabled and DNS server:
 
# neutron subnet-create int 30.0.0.0/24 --dns_nameservers list=true 8.8.8.8
                        Created a new subnet:
                        +------------------+--------------------------------------------+
                        | Field            | Value                                      |
                        +------------------+--------------------------------------------+
                        | allocation_pools | {"start": "30.0.0.2", "end": "30.0.0.254"} |
                        | cidr             | 30.0.0.0/24                                |
                        | dns_nameservers  | 8.8.8.8                                    |
                        | enable_dhcp      | True                                       |
                        | gateway_ip       | 30.0.0.1                                   |
                        | host_routes      |                                            |
                        | id               | 04b95f13-cc77-4f9a-8206-7f6ed183461d       |
                        | ip_version       | 4                                          |
                        | name             |                                            |
                        | network_id       | 1a4157a6-5cf2-46e3-bdea-1533c8f54cdf       |
                        | tenant_id        | 2c845a6ad20e45ccb0b045cee27a9661           |
                        +------------------+--------------------------------------------+

Open in new window

Connect the above subnet to the router by setting it as a port:
 
# neutron router-interface-add router1   \
                        04b95f13-cc77-4f9a-8206-7f6ed183461d
                      
                      Added interface 63ea2815-b524-4a12-931d-3e7db60ea170 to router router1.

Open in new window

List subnets (as keystonerc_demo):
 
# neutron subnet-list
                        +--------------------------------------+------+-------------+--------------------------------------------+
                        | id                                   | name | cidr        | allocation_pools                           |
                        +--------------------------------------+------+-------------+--------------------------------------------+
                        | 04b95f13-cc77-4f9a-8206-7f6ed183461d |      | 30.0.0.0/24 | {"start": "30.0.0.2", "end": "30.0.0.254"} |
                        +--------------------------------------+------+-------------+--------------------------------------------+

Open in new window

Here we turn back to Fedora 22 tuning:

[root@ServerFedora22 network-scripts(keystone_admin)]# cat ifcfg-br-ex
                      DEVICE="br-ex"
                      BOOTPROTO="static"
                      IPADDR="192.168.1.32"
                      NETMASK="255.255.255.0"
                      DNS1="8.8.8.8"
                      BROADCAST="192.168.1.255"
                      GATEWAY="192.168.1.1"
                      NM_CONTROLLED="no"
                      TYPE="OVSIntPort"
                      OVS_BRIDGE=br-ex
                      DEVICETYPE="ovs"
                      DEFROUTE="yes"
                      IPV4_FAILURE_FATAL="yes"
                      IPV6INIT=no
                      
                      [root@ServerFedora22 network-scripts(keystone_admin)]# cat ifcfg-enp2s0
                      DEVICE="enp2s0"
                      ONBOOT="yes"
                      HWADDR="90:E6:BA:2D:11:EB"
                      TYPE="OVSPort"
                      DEVICETYPE="ovs"
                      OVS_BRIDGE=br-ex
                      NM_CONTROLLED=no
                      IPV6INIT=no

Open in new window


When configuration above is done:

# chkconfig network on
                      # systemctl stop NetworkManager
                      # systemctl disable NetworkManager
                      # reboot

Open in new window

Proceed with switching to Spice Console:
 
# dnf -y install spice-html5
                      # dnf -y install  openstack-nova-spicehtml5proxy
                      # rpm -qa | grep openstack-nova-spicehtml5proxy
                      openstack-nova-spicehtml5proxy-2015.1.0-3.fc23.noarch

Open in new window

Update /etc/nova/nova.conf:
 
[DEFAULT]
                      . . . . .
                      web=/usr/share/spice-html5 
                      . . . . . .
                      spicehtml5proxy_host=0.0.0.0 
                      spicehtml5proxy_port=6082    
                      . . . . . . .
                      # Disable VNC
                      vnc_enabled=false
                      . . . . . . .
                      [spice]
                      # AIO host IP 192.168.1.37
                      
                      html5proxy_base_url=http://192.168.1.37:6082/spice_auto.html
                      server_proxyclient_address=127.0.0.1
                      server_listen=0.0.0.0
                      enabled=true
                      agent_enabled=true
                      keymap=en-us
                      
                      :wq
                      
                      # service httpd restart 
                      # service openstack-nova-compute restart 
                      # service openstack-nova-spicehtml5proxy start
                      # systemctl enable openstack-nova-spicehtml5proxy

Open in new window

Follow http://www.slideshare.net/YukihiroKawada/rdo-spice  with self.type="ich6" for CentOS 7.1 and Fedora 22 cloud instances. Mate Desktop will provide sound on F22 VMs, GNOME Desktop on CentOS 7.1 VMs. VMs Spice console is supposed to be connected via Spicy or Virt-manager.

After recompiling virt/libvirt/config.py and virt/libvirt/driver.py restart the service openstack-nova-compute. The setup above is supposed to work on F22 workstations and similar actions could be undertaken on a F22 Server after install "workstation-product-environment". In the case of the F22 Server /etc/httpd/conf.d/ssl.conf requires minor patching to avoid keystone puppet failure:

LoadModule ssl_module modules/mod_ssl.so <== ADD
                      Listen 443 https
                      
                      ##
                      ##  SSL Global Context
                      ##
                      #   terminal dialog) has to provide the pass phrase on stdout.
                      SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
                      #   Inter-Process Session Cache:
                      #   Configure the SSL Session Cache: First the mechanism
                      #   to use and second the expiring timeout (in seconds).
                      # SSLSessionCache         shmcb:/run/httpd/sslcache(512000) <== Comment out
                      SSLSessionCacheTimeout  300

Open in new window

0
1,676 Views

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.