The Liquidstate Lab Server is an aged Dell PowerEdge 840, which used to run a whitebox version of ESXi 4.  However, times change and I didn't fancy trying to re-do all the driver work to get ESXi 5 (or soon 6) installed.  So, instead, I decided to deploy OpenStack instead.  Installing RedHat's RDO release is remarkable straight-forward if you follow the QuickStart "all-in-one"guide, but it sets everything up on a 172.24.4.224/28 network, meaning that you won't be able to access your virtual machines from your home network.  In this post, I'll talk you through OpenStack RDO installation and network configuration.

The Setup

First, a bit about my set up here.  I have a local area network that uses the 192.168.1.0/24 address range.  My gateway is on 192.168.1.254 and I use google for my DNS (8.8.8.8 and 8.8.4.4).  I've assigned 192.168.1.10 for the OpenShift management interface.  I want OpenShift virtual machines to be connected to a private internal network on 10.0.0.0/24.  I wish to connect those two networks such that I can assign floating IPs to virtual machines, making them accessible on my home network.

Initial OS Installation

Start with a base CentOS 6.x image, making sure its all up to date. Install the RDO yum repository and install the Open vSwitch package, which we'll use later.  Finally, do a quick reboot to ensure we're using the latest kernel.

yum install -y http://rdo.fedorapeople.org/rdo-release.rpm  
yum update  
yum install openvswitch  
reboot  

Configure Networking

Now we want to re-configure our networking such that our primary network interface acts as a bridge into OpenStack's virtual networking.  Define ifcfg-br-ex using the IP address that you would like to use for the management interface for OpenStack.

$ cat /etc/sysconfig/network-scripts/ifcfg-br-ex
DEVICE="br-ex"  
BOOTPROTO="none"  
IPADDR="192.168.1.10"  
NETMASK="255.255.255.0"  
DNS1=“8.8.8.8"  
BROADCAST="192.168.1.255"  
GATEWAY="192.168.1.254"  
NM_CONTROLLED="no"  
DEFROUTE="yes"  
IPV4_FAILURE_FATAL="yes"  
IPV6INIT=no  
ONBOOT="yes"  
TYPE="OVSBridge"  
DEVICETYPE=“ovs"  

Now, re-configure your primary interface (eth0 in my case) to use the new bridge interface:

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"  
ONBOOT="yes"  
TYPE="OVSPort"  
DEVICETYPE="ovs"  
OVS_BRIDGE=br-ex  
NM_CONTROLLED=no  
IPV6INIT=no  

Restart the networking stack, and if everything has gone well, you should still be able to access the server from your local network.

service network restart  

Install RDO OpenStack

Install PackStack (a utility for installing and configuring OpenStack) and run it.  PackStack will install and configure all the various OpenStack components.  It can take quite a long time, depending on your server specification and Internet connection.  For me, it took around 10-15 minutes.  You might want to fetch a nice cold beer ... you might need it for the next bit!

yum install -y openstack-packstack  
packstack —allinone  

There is some minor changes required to OpenStack's configuration to make it work they way we want:

$ for i in /etc/neutron/*.ini
do  
    sed -i "s/^[# ]*ovs_use_veth.*$/ovs_use_veth = True/g" $i
done  
$ sed -i \
    -e "s/^[# ]*enable_isolated_metadata.*$/enable_isolated_metadata = True/g" \
    -e "s/^[# ]*enable_metadata_network.*$/enable_metadata_network = True/g"  \
    /etc/neutron/dhcp_agent.ini

Once the configuration is updated, reboot and let OpenStack start up its various services.

reboot  

Remove Default Network Configuration

After the reboot, you should be able to log in to the OpenStack web interface "Horizon" - for me, at http://192.168.1.10/.   The username is admin and you will find the password in /root/keystonerc_admin.

Once logged in, go to the Routers and Networks sections and remove the default networking configuration.  For me, that included router1, the public network and the demo network.

New Network Configuration

SSH into your OpenStack server as root and load the admin keystone details.  This will configure your environment so that you can re-configure OpenStack from the command line.

$ source /root/keystonerc_admin

Now let's define the default security group to allow pings and SSH.

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0  
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0  

Create a private virtual network for OpenStack to launch VMs on.  I use Google's DNS server (8.8.8.8), but you could replace this with another if you wish.

neutron net-create private  
neutron subnet-create private 10.0.0.0/24 --name private --dns-nameserver 8.8.8.8  

Tell OpenStack about your home network and what IPs you wish to use as floating IPs for virtual machines.  You will need to tailor these settings to your own network.  For me, my router is on 192.168.1.254 and there's nothing currently using 192.168.1.201 - 192.168.1.220, so I've decided to dedicate that to OpenStack.

neutron net-create homelan --router:external=True  
neutron subnet-create homelan 192.168.1.0/24 --name homelan --enable_dhcp False --allocation_pool start=192.168.1.201,end=192.168.1.220 --gateway 192.168.1.254  

Now, create a virtual router in OpenStack to link the private virtual network to your physical homelan network.

HOMELAN_NETWORK_ID=`neutron net-list | grep homelan | awk '{ print $2 }'`  
PRIVATE_SUBNET_ID=`neutron subnet-list | grep private | awk '{ print $2}'`  
ADMIN_TENANT_ID=`keystone tenant-list | grep admin | awk '{ print $2}'`  
neutron router-create --name router --tenant-id $ADMIN_TENANT_ID router  
neutron router-gateway-set router $HOMELAN_NETWORK_ID  
neutron router-interface-add router $PRIVATE_SUBNET_ID  

Finished!

And, that's it!  Now you should be able to spin up new instances on the private 10.0.0.0/24 network and assign floating IPs from the 192.168.1.0/24 network to make them accessible outside OpenStack.  "easy" when you know how, right?