Red Hat Enterprise Linux OpenStack Platform 3

Installation and Configuration Guide

Installing and Configuring OpenStack environments manually

Edition 1

Legal Notice

Copyright © 2013 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
OpenStack Compute Configuration originally based on OpenStack Compute Administration Guide (for Grizzly 2013.1) available at, which is copyright 2010, 2011, 2012, 2013 OpenStack Foundation, and licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
OpenStack Dashboard configuration originally based on OpenStack Install and Deploy Manual - Red Hat (for Grizzly 2013.1) available at, which is copyright 2010, 2011, 2012, 2013 OpenStack Foundation, and licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
OpenStack Network configuration originally based on OpenStack Network Administration Guide (for Grizzly 2013.1) available at, which is copyright 2011, 2012, 2013 OpenStack Foundation, and licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
OpenStack Object Storage configuration originally based on OpenStack Object Storage Administration Guide (for Grizzly 2013.1) available at, which is copyright 2010, 2011, 2012, 2013 OpenStack Foundation, and licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
The OpenStack Word Mark and OpenStack Logo are either registered trademarks / service marks or trademarks / service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.

1801 Varsity Drive
RaleighNC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701


Installing and Configuring OpenStack environments with Red Hat Enterprise Linux OpenStack Platform 3 (Grizzly).
1. Document Conventions
1.1. Typographic Conventions
1.2. Pull-quote Conventions
1.3. Notes and Warnings
2. Getting Help and Giving Feedback
I. Introduction
1. Product Introduction
1.1. Overview
1.2. Architecture
1.3. Service Details
1.3.1. Dashboard Service
1.3.2. Identity Service
1.3.3. OpenStack Networking Service
1.3.4. Block Storage Service
1.3.5. Compute Service
1.3.6. Image Service
1.3.7. Object Storage Service
1.3.8. Metering (Technical Preview)
1.3.9. Orchestration (Technical Preview)
2. Prerequisites
2.1. Software Requirements
2.1.1. Operating System Requirements
2.1.2. Software Repository Configuration
2.2. Hardware Requirements
2.2.1. Compute Node Requirements
2.2.2. Network Node Requirements
2.2.3. Block Storage Node Requirements
II. Installing OpenStack
3. Installing the Database Server
3.1. Installing the Packages
3.2. Configuring the Firewall
3.3. Starting the Database Service
3.4. Setting the Database Administrator Password
4. Installing the Message Broker
4.1. Installing the Packages
4.2. Configuring the Message Broker
4.2.1. Simple Authentication and Security Layer - SASL
4.2.2. Configuring TLS/SSL
4.3. Firewall Configuration
4.4. Starting the Messaging Server
5. Installing the OpenStack Identity Service
5.1. Identity Service Requirements
5.2. Installing the Packages
5.3. Creating the Identity Database
5.4. Configuring the Service
5.4.1. Setting the Administration Token
5.4.2. Setting the Database Connection String
5.4.3. Configuring the Public Key Infrastructure
5.4.4. Configuring for an LDAP Backend
5.4.5. Configuring the Firewall
5.4.6. Populating the Identity Service Database
5.5. Starting the Identity Service
5.6. Creating the Identity Service Endpoint
5.7. Creating an Administrator Account
5.8. Creating a Regular User Account
5.9. Creating the Services Tenant
5.10. Validating the Identity Service Installation
6. Installing the OpenStack Object Storage Service
6.1. Services that Make Up the Object Storage Service
6.2. Architecture of the Object Storage Service
6.3. Object Storage Service Requirements
6.4. Installing the Object Storage Service Packages
6.5. Configuring the Object Storage Service
6.5.1. Configuring the Identity Service to work with the Object Storage Service
6.5.2. Configuring the Object Storage Service Storage Nodes
6.5.3. Configuring the Object Storage Service Proxy Service
6.5.4. Object Storage Service Rings
6.5.5. Building Object Storage Service Ring Files
6.6. Validating the Object Storage Service Installation
7. Installing the OpenStack Image Service
7.1. Image Service Requirements
7.2. Installing the Image Service Packages
7.3. Creating the Image Service Database
7.4. Configuring the Image Service
7.4.1. Configuration Overview
7.4.2. Creating the Image Identity Records
7.4.3. Setting the Database Connection String
7.4.4. Configuring the Use of the Identity Service
7.4.5. Using the Object Storage Service for Image Storage
7.4.6. Configuring the Firewall
7.4.7. Populating the Image Service Database
7.5. Starting the Image API and Registry Services
7.6. Validating the Image Service Installation
7.6.1. Obtaining a Test Disk Image
7.6.2. Building a Custom Virtual Machine Image
7.6.3. Uploading a Disk Image
8. Installing OpenStack Block Storage
8.1. Block Storage Installation Overview
8.2. Block Storage Prerequisite Configuration
8.2.1. Creating the Block Storage Database
8.2.2. Creating the Block Storage Identity Records
8.3. Common Block Storage Configuration
8.3.1. Installing the Block Storage Service Packages
8.3.2. Configuring Authentication
8.3.3. Setting the Message Broker
8.3.4. Setting the Database Connection String
8.3.5. Configuring the Firewall
8.3.6. Populating the Block Storage Database
8.4. Volume Service Specific Configuration
8.4.1. Block Storage Driver Support
8.4.2. Configuring for LVM Storage Backend
8.4.3. Configuring for NFS Storage Backend
8.4.4. Configuring for Red Hat Storage Backend
8.4.5. Configuring for Multiple Storage Backends
8.4.6. Configuring tgtd
8.5. Starting the Block Storage Services
8.6. Validating the Block Storage Service Installation
9. Installing the OpenStack Networking Service
9.1. OpenStack Networking Installation Overview
9.1.1. OpenStack Networking Architecture
9.1.2. OpenStack Networking API
9.1.3. OpenStack Networking API Extensions
9.1.4. OpenStack Networking Plug-ins
9.1.5. OpenStack Networking Agents
9.1.6. Recommended Networking Deployment
9.2. Networking Prerequisite Configuration
9.2.1. Creating the OpenStack Networking Database
9.2.2. Creating the OpenStack Networking Identity Records
9.3. Common Networking Configuration
9.3.1. Upgrading the Kernel
9.3.2. Disabling Network Manager
9.3.3. Installing the Packages
9.3.4. Configuring the Firewall
9.4. Configuring the Networking Service
9.5. Configuring the DHCP Agent
9.6. Configuring a Provider Network
9.7. Configuring the Plug-in Agent
9.7.1. Configuring the Open vSwitch Plug-in Agent
9.7.2. Configuring the Linux Bridge Plug-in Agent
9.8. Configuring the L3 Agent
9.9. Validating the OpenStack Networking Installation
10. Installing the OpenStack Compute Service
10.1. Compute Service Requirements
10.1.1. Checking for Hardware Virtualization Support
10.2. Installing a Compute VNC Proxy
10.2.1. Installing the Compute VNC Proxy Packages
10.2.2. Configuring the Firewall
10.2.3. Controlling the VNC Proxy service
10.2.4. Accessing Instances with the Compute VNC Proxy
10.3. Installing a Compute Node
10.3.1. Creating the Compute Service Database
10.3.2. Creating the Compute Identity Records
10.3.3. Installing the Compute Service
10.3.4. Configuring the Compute Service
10.3.5. Populating the Compute Service Database
10.3.6. Starting the Compute Services
11. Installing the Dashboard
11.1. Dashboard Service Requirements
11.2. Installing the Dashboard Packages
11.3. Starting the Apache Web Service
11.4. Configuring the Dashboard
11.4.1. Configuring Connections and Logging
11.4.2. Configuring Secured Deployment (HTTPS)
11.4.3. Creating a Member Role
11.4.4. Configuring SELinux
11.4.5. Configuring the Dashboard Firewall
11.4.6. Session Storage Options
11.5. Validating the Dashboard Installation
III. Validating the Installation
12. Working with Instances
12.1. Uploading a Disk Image
12.2. Creating a Keypair
12.3. Creating a Network
12.4. Launching an Instance
12.5. Creating a Volume
12.6. Attaching a Volume to an Instance
12.7. Creating an Instance Snapshot
12.8. Controlling the State of an Instance (Pause, Suspend, Reboot)
13. Updating the Environment
13.1. Defining a Floating IP-Address Pool
13.2. Creating a Router
13.3. Associating a Floating IP with the Instance
13.4. Adding a Rule to a Security Group
IV. Monitoring the OpenStack Environment
14. Monitoring OpenStack using Nagios
14.1. Installing Nagios
14.1.1. Installing the Nagios Service
14.1.2. Installing the NRPE Addon
14.2. Configuring Nagios
14.2.1. Setting up Nagios
14.2.2. Configuring HTTPD
14.2.3. Configuring OpenStack Services
14.2.4. Configuring NRPE
14.2.5. Creating Host Definitions
14.2.6. Creating Service Definitions
14.2.7. Verifying the Configuration
15. Installing and Configuring Remote Logging
15.1. Introduction to Remote Logging
15.2. Installing rsyslog Server
15.3. Configuring rsyslog on the Centralized Logging Server
15.4. Configuring rsyslog on the Individual Nodes
15.5. Starting rsyslog Server
V. Managing OpenStack Environment Expansion
16. Managing Compute Expansion
16.1. Defining Regions
16.2. Adding Compute Resources
16.3. Safely Removing Compute Resources
16.4. Using Config Drive
16.4.1. Config Drive Overview
16.4.2. Setting Up Config Drive
16.4.3. Accessing Config Drive
16.4.4. Data Formats
17. Managing Quotas
17.1. Viewing and Updating Quotas in the Dashboard
17.2. Updating Compute Service Quotas on the Command Line
17.3. Updating Block Storage Service Quotas on the Command Line
A. Installation Checklist
A.1. Installation Prerequisites Checklists
B. Troubleshooting the OpenStack Environment
B.1. No Networks or Routers Tab Appears in the Dashboard
B.2. Dashboard Reports ERROR When Launching Instances
B.3. Compute Instance Log Shows no Output
B.4. Identity Client (keystone) Reports "Unable to communicate with identity service"
C. Service Log Files
C.1. Block Storage Service Log Files
C.2. Compute Service Log Files
C.3. Dashboard Log Files
C.4. Identity Service Log Files
C.5. Image Service Log Files
C.6. Networking Service Log Files
C.7. Object Storage Service Log Files
D. Example Configuration Files
D.1. Dashboard Service Configuration Files
D.2. Block Storage Service Configuration Files
D.2.1. api-paste.ini
D.2.2. cinder.conf
D.2.3. policy.json
D.2.4. rootwrap.conf
D.3. Compute Service Configuration Files
D.3.1. api-paste.ini
D.3.2. nova.conf
D.3.3. policy.json
D.3.4. rootwrap.conf
D.4. Identity Service Configuration Files
D.4.1. keystone.conf
D.5. Image Service Configuration Files
D.5.1. glance-registry.conf
D.5.2. glance-registry-paste.ini
D.5.3. glance-api.conf
D.5.4. glance-api-paste.ini
D.5.5. glance-scrubber.conf
D.6. Networking Service Configuration Files:
D.6.1. api-paste.ini
D.6.2. dhcp_agent.ini
D.6.3. l3_agent.ini
D.6.4. lbaas_agent.ini
D.6.5. metadata_agent.ini
D.6.6. policy.json
D.6.7. quantum.conf
D.6.8. rootwrap.conf
D.7. Object Storage Service Configuration Files
D.7.1. account-server.conf
D.7.2. container-server.conf
D.7.3. object-server.conf
D.7.4. proxy-server.conf
E. Revision History