Tag Archives: vmware

Installing OpenStack on ubutnu

* Preparing Ubuntu

* After you install Ubuntu 12.04 Server 64bit, Go in sudo mode and don’t leave it until the end of this guide

  sudo -i 

* Add Havana repositories to source list

   apt-get install ubuntu-cloud-keyring python-software-properties software-properties-common python-keyring
   echo deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-proposed/havana main >> /etc/apt/sources.list.d/havana.list
   apt-get install python-software-properties
   add-apt-repository cloud-archive:havana

* Update your system

   apt-get -y update && apt-get -y upgrade 

**Note:** Reboot your system in case if you have a kernel upgrade

Configure Network

* Only one NIC should have an internet access, the other is for most Openstack-related operations and configurations

   #For Exposing OpenStack API over the internet
   auto eth0
   iface eth0 inet static
   address 10.9.8.116
   netmask 255.255.255.0
   gateway 10.9.8.249
   dns-nameservers 10.9.8.253

   #Not internet connected(used for OpenStack management)
   auto eth1
   iface eth1 inet static
   address 192.168.1.251
   netmask 255.255.255.0

* Restart the networking service

   service networking restart

Install all the required packages at once or Also can be done individually during installation

   apt-get install -y mysql-server python-mysqldb rabbitmq-server ntp vlan bridge-utils keystone glance openvswitch-controller openvswitch-switch openvswitch-datapath-dkms neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent dnsmasq neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent kvm libvirt-bin pm-utils nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm cinder-api cinder-scheduler cinder-volume openstack-dashboard memcached iscsitarget iscsitarget-dkms

Install and configure MySQL & RabbitMQ

* Install MySQL

   apt-get install -y mysql-server python-mysqldb

* Configure mysql to accept all incoming requests

   sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/my.cnf
   service mysql restart

* Install RabbitMQ

   apt-get install -y rabbitmq-server 

* Install NTP service

   apt-get install -y ntp

* configure Mysql Database

**Note:** Use ‘%’ to get the database access from all the network.

   mysql -u root -p <your_mysql_root_password>
   
   ## For Keystone database 
   CREATE DATABASE keystone;
   GRANT ALL ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON keystone.* TO 'keystone'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON keystone.* TO 'keystone'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user keystone)

   ## For Glance database 
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE glance;
   GRANT ALL ON glance.* TO 'glance'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON glance.* TO 'glance'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON glance.* TO 'glance'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user glance)

   # For Neutron database
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE neutron;
   GRANT ALL ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON neutron.* TO 'neutron'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON neutron.* TO 'neutron'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user neutron)

   # For Nova database
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE nova;
   GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON nova.* TO 'nova'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON nova.* TO 'nova'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user nova)

   # Cinder
   mysql -u root -p your_mysql_root_password
   CREATE DATABASE cinder;
   GRANT ALL ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON cinder.* TO 'cinder'@'10.9.8.116' IDENTIFIED BY 'openstacktest';
   GRANT ALL ON cinder.* TO 'cinder'@'192.168.1.251' IDENTIFIED BY 'openstacktest';
   FLUSH PRIVILEGES;
   quit;
   (test database access and show databases with user cinder)

* Install other services

   apt-get install -y vlan bridge-utils

* Enable IP_Forwarding

   sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf

# To save you from rebooting, perform the following
   sysctl net.ipv4.ip_forward=1

Install and configure Keystone

* Install keystone packages

   apt-get install -y keystone

* Verify your keystone is running

   service keystone status

* Modify the connection attribute in the /etc/keystone/keystone.conf to the new database

# Add the below line to “vi /etc/keystone/keystone.conf”

   connection = mysql://keystone:openstacktest@10.9.8.116/keystone

* Remove Keystone SQLite database

   rm /var/lib/keystone/keystone.db

* Restart the identity service then synchronize the database

   service keystone restart
   keystone-manage db_sync

* Create the basic data and endpoint script with the below

# vi keystone_basic.sh

#!/bin/sh

HOST_IP=10.9.8.116
ADMIN_PASSWORD=${ADMIN_PASSWORD:-openstacktest}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-openstacktest}
export SERVICE_TOKEN=&quot;ADMIN&quot;
export SERVICE_ENDPOINT=&quot;http://${HOST_IP}:35357/v2.0&quot;
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}

get_id () {
    echo <code>$@ | awk '/ id / { print $4 }'</code>
}

# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)


# Users
ADMIN_USER=$(get_id keystone user-create --name=admin --pass=&quot;$ADMIN_PASSWORD&quot; --email=admin@nbostech.com)


# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)

# Add Roles to Users in Tenants
keystone user-role-add --user-id $ADMIN_USER --role-id $ADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONEADMIN_ROLE --tenant-id $ADMIN_TENANT
keystone user-role-add --user-id $ADMIN_USER --role-id $KEYSTONESERVICE_ROLE --tenant-id $ADMIN_TENANT

# The Member role is used by Horizon and Swift
MEMBER_ROLE=$(get_id keystone role-create --name=Member)

# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NOVA_USER --role-id $ADMIN_ROLE

GLANCE_USER=$(get_id keystone user-create --name=glance --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $GLANCE_USER --role-id $ADMIN_ROLE

NEUTRON_USER=$(get_id keystone user-create --name=neutron --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $NEUTRON_USER --role-id $ADMIN_ROLE

CINDER_USER=$(get_id keystone user-create --name=cinder --pass=&quot;$SERVICE_PASSWORD&quot; --tenant-id $SERVICE_TENANT --email=admin@nbostech.com)
keystone user-role-add --tenant-id $SERVICE_TENANT --user-id $CINDER_USER --role-id $ADMIN_ROLE

# vi keystone_endpoints_basic.sh

#!/bin/sh


# Host address
HOST_IP=192.168.1.251
EXT_HOST_IP=10.9.8.116

# MySQL definitions
MYSQL_USER=keystone
MYSQL_DATABASE=keystone
MYSQL_HOST=$HOST_IP
MYSQL_PASSWORD=openstacktest

# Keystone definitions
KEYSTONE_REGION=RegionOne
export SERVICE_TOKEN=ADMIN
export SERVICE_ENDPOINT=&quot;http://${HOST_IP}:35357/v2.0&quot;

while getopts &quot;u:D:p:m:K:R:E:T:vh&quot; opt; do
  case $opt in
    u)
      MYSQL_USER=$OPTARG
      ;;
    D)
      MYSQL_DATABASE=$OPTARG
      ;;
    p)
      MYSQL_PASSWORD=$OPTARG
      ;;
    m)
      MYSQL_HOST=$OPTARG
      ;;
    K)
      MASTER=$OPTARG
      ;;
    R)
      KEYSTONE_REGION=$OPTARG
      ;;
    E)
      export SERVICE_ENDPOINT=$OPTARG
      ;;
    T)
      export SERVICE_TOKEN=$OPTARG
      ;;
    v)
      set -x
      ;;
    h)
      cat &lt;&lt;EOF
Usage: $0 [-m mysql_hostname] [-u mysql_username] [-D mysql_database] [-p mysql_password]
       [-K keystone_master ] [ -R keystone_region ] [ -E keystone_endpoint_url ] 
       [ -T keystone_token ]
          
Add -v for verbose mode, -h to display this message.
EOF
      exit 0
      ;;
    \?)
      echo &quot;Unknown option -$OPTARG&quot; &gt;&amp;2
      exit 1
      ;;
    🙂
      echo &quot;Option -$OPTARG requires an argument&quot; &gt;&amp;2
      exit 1
      ;;
  esac
done  

if [ -z &quot;$KEYSTONE_REGION&quot; ]; then
  echo &quot;Keystone region not set. Please set with -R option or set KEYSTONE_REGION variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -z &quot;$SERVICE_TOKEN&quot; ]; then
  echo &quot;Keystone service token not set. Please set with -T option or set SERVICE_TOKEN variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -z &quot;$SERVICE_ENDPOINT&quot; ]; then
  echo &quot;Keystone service endpoint not set. Please set with -E option or set SERVICE_ENDPOINT variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -z &quot;$MYSQL_PASSWORD&quot; ]; then
  echo &quot;MySQL password not set. Please set with -p option or set MYSQL_PASSWORD variable.&quot; &gt;&amp;2
  missing_args=&quot;true&quot;
fi

if [ -n &quot;$missing_args&quot; ]; then
  exit 1
fi
 
keystone service-create --name nova --type compute --description 'OpenStack Compute Service'
keystone service-create --name cinder --type volume --description 'OpenStack Volume Service'
keystone service-create --name glance --type image --description 'OpenStack Image Service'
keystone service-create --name keystone --type identity --description 'OpenStack Identity'
keystone service-create --name ec2 --type ec2 --description 'OpenStack EC2 service'
keystone service-create --name neutron --type network --description 'OpenStack Networking service'

create_endpoint () {
  case $1 in
    compute)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':8774/v2/$(tenant_id)s' --adminurl 'http://'&quot;$HOST_IP&quot;':8774/v2/$(tenant_id)s' --internalurl 'http://'&quot;$HOST_IP&quot;':8774/v2/$(tenant_id)s'
    ;;
    volume)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':8776/v1/$(tenant_id)s' --adminurl 'http://'&quot;$HOST_IP&quot;':8776/v1/$(tenant_id)s' --internalurl 'http://'&quot;$HOST_IP&quot;':8776/v1/$(tenant_id)s'
    ;;
    image)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':9292/v2' --adminurl 'http://'&quot;$HOST_IP&quot;':9292/v2' --internalurl 'http://'&quot;$HOST_IP&quot;':9292/v2'
    ;;
    identity)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':5000/v2.0' --adminurl 'http://'&quot;$HOST_IP&quot;':35357/v2.0' --internalurl 'http://'&quot;$HOST_IP&quot;':5000/v2.0'
    ;;
    ec2)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':8773/services/Cloud' --adminurl 'http://'&quot;$HOST_IP&quot;':8773/services/Admin' --internalurl 'http://'&quot;$HOST_IP&quot;':8773/services/Cloud'
    ;;
    network)
    keystone endpoint-create --region $KEYSTONE_REGION --service-id $2 --publicurl 'http://'&quot;$EXT_HOST_IP&quot;':9696/' --adminurl 'http://'&quot;$HOST_IP&quot;':9696/' --internalurl 'http://'&quot;$HOST_IP&quot;':9696/'
    ;;
  esac
}

for i in compute volume image object-store identity ec2 network; do
  id=<code>mysql -h &quot;$MYSQL_HOST&quot; -u &quot;$MYSQL_USER&quot; -p&quot;$MYSQL_PASSWORD&quot; &quot;$MYSQL_DATABASE&quot; -ss -e &quot;SELECT id FROM service WHERE type='&quot;$i&quot;';&quot;</code> || exit 1
  create_endpoint $i $id
done

# run both the files

sh keystone_basic.sh
sh keystone_endpoints_basic.sh

* Create a simple credential file and load it

# vi keystone_source

   #Paste the following:
   export OS_TENANT_NAME=admin
   export OS_USERNAME=admin
   export OS_PASSWORD=openstacktest
   export OS_AUTH_URL="http://10.9.8.116:5000/v2.0/"

# Load it:

  
 source keystone_source

* To test Keystone, Run the below command

   keystone user-list

Install and Configure Glance

* Install and verify glance

   apt-get install -y glance
   service glance-api status
   service glance-registry status

* Update glance-api-paste.ini and glance-registry-paste.ini with connection details

# vi /etc/glance/glance-api-paste.ini

   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

# vi /etc/glance/glance-registry-paste.ini

   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

* Update glance-api.conf and glance-registry.conf with the below details

# vi /etc/glance/glance-api.conf

   [DEFAULT]
   sql_connection = mysql://glance:openstacktest@10.9.8.116/glance

   [keystone_authtoken]
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

   [paste_deploy]
   flavor = keystone

# vi /etc/glance/glance-registry.conf

   [DEFAULT]
   sql_connection = mysql://glance:openstacktest@10.9.8.116/glance

   [keystone_authtoken]
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = glance
   admin_password = openstacktest

   [paste_deploy]
   flavor = keystone

* Remove Glance’s SQLite database

   rm /var/lib/glance/glance.sqlite   

* Restart the glance-api and glance-registry services

   service glance-api restart; service glance-registry restart

* Synchronize the glance database

   glance-manage db_sync

* Restart the services again to get the changes updated

   service glance-registry restart; service glance-api restart

* To test Glance, upload the cirros cloud image and Ubuntu cloud image

   glance image-create --name myFirstImage --is-public true --container-format bare --disk-format qcow2 --location https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img

   wget http://cloud-images.ubuntu.com/precise/current/precise-server-cloudimg-amd64-disk1.img

   glance add name="Ubuntu 12.04 cloudimg amd64" is_public=true container_format=ovf disk_format=qcow2 < ./precise-server-cloudimg-amd64-disk1.img

* run the below command to list the VM images list

   glance image-list

Install and Configure Neutron

* Install the openVSwitch

   apt-get install -y openvswitch-controller openvswitch-switch openvswitch-datapath-dkms
   service openvswitch-switch restart

* Run the below commands to create the bridges
**Note:** br-int will be used for VM integration
**br-ex:** is used to make VMs to access the internet

   	
   ovs-vsctl add-br br-int
   ovs-vsctl add-br br-ex

* modify eth0 in vi /etc/network/interfaces like below

   # VM internet Access 
   auto eth0 
   iface eth0 inet manual 
   up ifconfig $IFACE 0.0.0.0 up 
   up ip link set $IFACE promisc on 
   down ip link set $IFACE promisc off 
   down ifconfig $IFACE down 

   auto br-ex
   iface br-ex inet static
   address 10.9.8.166
   netmask 255.255.255.0
   gateway 10.9.8.249
   dns-nameservers 10.9.8.253

* Add the eth0 to the br-ex

   
   ovs-vsctl add-port br-ex eth0

* Rebooot the machine

   reboot
   sudo -i
   source keystone_source (to get your environnment variables back)

**Note to VirtualBox users, you will likely be using host-only adapters for the private networking. You need to provide a route out of the host-only network to contact the outside world; egress is not supported by host-only adapters. This can be done by routing traffic from br-ex to an additional NAT’ed adapter’s. Run these commands (where NAT’ed adapter is eth2)::

   iptables --table nat --append POSTROUTING --out-interface eth2 -j MASQUERADE
   iptables --append FORWARD --in-interface br-ex -j ACCEPT

* Install the Neutron components

   apt-get install -y neutron-server neutron-plugin-openvswitch neutron-plugin-openvswitch-agent dnsmasq neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent

* Verify all Neutron components are running

   cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i status; cd; done

# vi /etc/neutron/api-paste.ini and update the below


   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest

# vi /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini and update the below


   #Under the database section
   [DATABASE]
   sql_connection=mysql://neutron:openstacktest@10.9.8.116/neutron

   #Under the OVS section
   [OVS]
   tenant_network_type = gre
   enable_tunneling = True
   tunnel_id_ranges = 1:1000
   integration_bridge = br-int
   tunnel_bridge = br-tun
   local_ip = 10.9.8.116

   #Firewall driver for realizing neutron security group function
   [SECURITYGROUP]
   firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# vi /etc/neutron/metadata_agent.ini and update the below

   # The Neutron user information for accessing the Neutron API.
   auth_url = http://10.9.8.116:35357/v2.0
   auth_region = RegionOne
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest

   # IP address used by Nova metadata server
   nova_metadata_ip = 10.9.8.116
   

   # TCP Port used by Nova metadata server
   nova_metadata_port = 8775

   metadata_proxy_shared_secret = helloOpenStack

# vi /etc/neutron/neutron.conf and update the below

   #RabbitMQ IP
   rabbit_host = 10.9.8.116

   [keystone_authtoken]
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest
   signing_dir = /var/lib/neutron/keystone-signing
   
   [DATABASE]
   connection = mysql://neutron:openstacktest@10.9.8.116/neutron

# vi /etc/neutron/l3_agent.ini and update the below

   [DEFAULT]
   interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
   use_namespaces = True
   external_network_bridge = br-ex
   signing_dir = /var/cache/neutron
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest
   auth_url = http://10.9.8.116:35357/v2.0
   l3_agent_manager = neutron.agent.l3_agent.L3NATAgentWithStateReport
   root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
   interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

# vi /etc/neutron/dhcp_agent.ini and update the below

   [DEFAULT]
   interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
   dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
   use_namespaces = True
   signing_dir = /var/cache/neutron
   admin_tenant_name = service
   admin_user = neutron
   admin_password = openstacktest
   auth_url = http://10.9.8.116:35357/v2.0
   dhcp_agent_manager = neutron.agent.dhcp_agent.DhcpAgentWithStateReport
   root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
   state_path = /var/lib/neutron

* Remove Neutron’s SQLite database

   rm /var/lib/neutron/neutron.sqlite

* Restart all neutron services and check status


   cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i restart; cd /root/; done
   service dnsmasq restart
   
   cd /etc/init.d/; for i in $( ls neutron-* ); do sudo service $i status; cd /root/; done
   service dnsmasq status

* Check Neutron agents by running below command

   neutron agent-list

**Note:** ‘you should get smiling faces :-)’

Install and Configure Nova

* make sure that your hardware enables virtualization

   apt-get install -y cpu-checker
   kvm-ok

# output should be like below if not try modprobe kvm_intel && kvm-ok

INFO: /dev/kvm exists
KVM acceleration can be used

* Install KVM

   apt-get install -y kvm libvirt-bin pm-utils

# vi /etc/libvirt/qemu.conf and update cgroup_device_acl like below

   cgroup_device_acl = [
   "/dev/null", "/dev/full", "/dev/zero",
   "/dev/random", "/dev/urandom",
   "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
   "/dev/rtc", "/dev/hpet","/dev/net/tun"
   ]

* Delete default virtual bridge

   virsh net-destroy default
   virsh net-undefine default

# vi /etc/libvirt/libvirtd.conf file and update with the below

   listen_tls = 0
   listen_tcp = 1
   auth_tcp = "none"

# vi /etc/init/libvirt-bin.conf file and update with the below

   env libvirtd_opts="-d -l"

# vi /etc/default/libvirt-bin file and update with the below

   libvirtd_opts="-d -l"

* Restart the libvirt service and dbus

   service dbus restart && service libvirt-bin restart
   
   service dbus status && service libvirt-bin status

* Install Nova components


   apt-get install -y nova-api nova-cert novnc nova-consoleauth nova-scheduler nova-novncproxy nova-doc nova-conductor nova-compute-kvm

   # check status 
   cd /etc/init.d/; for i in $( ls nova-* ); do service $i status; cd; done

# vi /etc/nova/api-paste.ini file and update with the below


   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = nova
   admin_password = openstacktest
   signing_dirname = /tmp/keystone-signing-nova
   # Workaround for https://bugs.launchpad.net/nova/+bug/1154809
   auth_version = v2.0

#vi /etc/nova/nova.conf like below


   [DEFAULT]
   logdir=/var/log/nova
   state_path=/var/lib/nova
   lock_path=/run/lock/nova
   verbose=True
   api_paste_config=/etc/nova/api-paste.ini
   compute_scheduler_driver=nova.scheduler.simple.SimpleScheduler
   rabbit_host=10.9.8.116
   nova_url=http://10.9.8.116:8774/v1.1/
   sql_connection=mysql://nova:openstacktest@10.9.8.116/nova
   root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf

   # Auth
   use_deprecated_auth=false
   auth_strategy=keystone

   # Imaging service
   glance_api_servers=10.9.8.116:9292
   image_service=nova.image.glance.GlanceImageService

   # Vnc configuration
   novnc_enabled=true
   novncproxy_base_url=http://192.168.1.251:6080/vnc_auto.html
   novncproxy_port=6080
   vncserver_proxyclient_address=10.9.8.116
   vncserver_listen=0.0.0.0

   # Network settings
   network_api_class=nova.network.neutronv2.api.API
   neutron_url=http://10.9.8.116:9696
   neutron_auth_strategy=keystone
   neutron_admin_tenant_name=service
   neutron_admin_username=neutron
   neutron_admin_password=openstacktest
   neutron_admin_auth_url=http://10.9.8.116:35357/v2.0
   libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
   linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
   #If you want Neutron + Nova Security groups
   #firewall_driver=nova.virt.firewall.NoopFirewallDriver
   #security_group_api=neutron
   #If you want Nova Security groups only, comment the two lines above and uncomment line -1-.
   #-1-firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
   
   #Metadata
   service_neutron_metadata_proxy = True
   neutron_metadata_proxy_shared_secret = helloOpenStack
   metadata_host = 10.9.8.116
   metadata_listen = 0.0.0.0
   metadata_listen_port = 8775
   
   # Compute #
   compute_driver=libvirt.LibvirtDriver
   
   # Cinder #
   volume_api_class=nova.volume.cinder.API
   osapi_volume_listen_port=5900
   cinder_catalog_info=volume:cinder:internalURL

# vi /etc/nova/nova-compute.conf and update with the below

   [DEFAULT]
   libvirt_type=kvm
   libvirt_ovs_bridge=br-int
   libvirt_vif_type=ethernet
   libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
   libvirt_use_virtio_for_bridges=True

* Restart Nova services

   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd /root/;done
   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i status; cd /root/;done

**Note:** No Issues if nova cert is down: still the db has to be built up

* Remove Nova’s SQLite database

   rm /var/lib/nova/nova.sqlite

* Synchronize your database

   nova-manage db sync

* Restart nova-* services

   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i restart; cd /root/;done

   cd /etc/init.d/; for i in $( ls nova-* ); do sudo service $i status; cd /root/;done

Check nova service list

* Hopefully you should enjoy smiling faces on nova-* services to confirm your installation::

   nova-manage service list

**Note:* we should see smiling faces on nova-* services to confirm the installation

Install and Configure Cinder

* Install the required packages

   apt-get install -y cinder-api cinder-scheduler cinder-volume iscsitarget open-iscsi iscsitarget-dkms

* Configure the iscsi services

   sed -i 's/false/true/g' /etc/default/iscsitarget

* Start the services

   
   service iscsitarget start
   service open-iscsi start

# vi /etc/cinder/api-paste.ini and update with the below

   [filter:authtoken]
   paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
   service_protocol = http
   service_host = 192.168.1.251
   service_port = 5000
   auth_host = 10.9.8.116
   auth_port = 35357
   auth_protocol = http
   admin_tenant_name = service
   admin_user = cinder
   admin_password = openstacktest

# vi /etc/cinder/cinder.conf and modify as below

   [DEFAULT]
   rootwrap_config=/etc/cinder/rootwrap.conf
   sql_connection = mysql://cinder:openstacktest@10.9.8.116/cinder
   api_paste_config = /etc/cinder/api-paste.ini
   iscsi_helper=ietadm
   volume_name_template = volume-%s
   volume_group = cinder-volumes
   verbose = True
   auth_strategy = keystone
   #osapi_volume_listen_port=5900

* Remove Cinder’s SQLite database and synchronize

   rm /var/lib/cinder/cinder.sqlite
   cinder-manage db sync

* Create a volumegroup and name it cinder-volumes

   dd if=/dev/zero of=cinder-volumes bs=1 count=0 seek=50G
   losetup /dev/loop2 cinder-volumes
   fdisk /dev/loop2
   #Type in the followings:
   n ( New)
   p ( Primary ) 
   1 ( partition number )
   ENTER
   ENTER
   t
   8e ( Linux LVM) 
   w ( write quit )

* Create the physical volume and volume group

   pvcreate /dev/loop2
   vgcreate cinder-volumes /dev/loop2

* Restart and verify cinder services

   cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i restart; cd /root/; done
   cd /etc/init.d/; for i in $( ls cinder-* ); do sudo service $i status; cd /root/; done

Install and Configure Horizon

* Install horizon

   apt-get -y install openstack-dashboard memcached

* Reload Apache and memcached

   service apache2 restart; service memcached restart

You can now access OpenStack url at http://192.168.1.251/horizon with credentials **admin:openstacktest**.