How to set DevStack with Neutron

Install DevStack

• Prepare a VM for DevStack deployment

• in this VM install git

  sudo apt-get install git
  

• clone DevStack repo

  git clone https://github.com/openstack-dev/devstack.git
  

• create local.conf file in the devstack folder to enable Neutron and set some passwords (choose your own if you wish)

  [[local|localrc]]
  DATABASE_PASSWORD=password
  RABBIT_PASSWORD=password
  SERVICE_TOKEN=password
  SERVICE_PASSWORD=password
  ADMIN_PASSWORD=password
  disable_service n-net
  enable_service q-svc q-agt q-dhcp q-l3 q-meta neutron
  

  • I have a repo with my DevStack customizations, you might want to check it out.

• install DevStack

  ./stack.sh
  

Now you should have a working DevStack installation. You can login into Horizon, or join the running stack with ./rejoin_stack.sh command and check console outputs of all the running services for debug and error info. There are some networks and routers created by default, so you can start VMs and attach floating IPs to them.

Allow VM Internet connectivity

You might stumble on networking issues concerning outside access, like pinging or accessing Internet resources outside of your DevStack. First you need to change the Security Group settings - the "default" group created by DevStack seems to allow everything but in fact I've always had problems with it, so just create your own security group and assign your VMs to it. Then you need to configure iptables to pass through the traffic:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(after this launchpad question).

Note on unstack.sh and rebooting

As I've found the hard way, if you ever need to reboot your DevStack VM, do not run unstack.sh before that. Simply detach from screen and/or reboot as usual. The unstacking script not only stops the services run in screen, it also alters some configuration options of your system that were introduced by running stack.sh and setting up the DevStack. Mostly it concerns network bridges from what I have seen. So if you run unstack.sh, in order to have a working DevStack installation you have to run stack.sh after it. That has a drawback that all your cloud configuration (e.g. everything stored in DB tables of OpenStack and content of stack-volume-backing-file) will be reset.

Thus, the work flow looks somewhat like this:

1. Start/configure DevStack with stack.sh
2. Join the stack with rejoin_stack.sh
3. Make changes, restarting services affected on per-service basis via screen to put your changes in effect.
4. If in need to reboot the DevStack VM, shut it down the usual way, and upon restart simply run rejoin_stack.sh again, all services will be started in screen again.
5. Only if you need to change the OpenStack/DevStack configuration, then run unstack.sh, make changes in local.conf / wherever you have to and then run stack.sh.

Restore settings after reboot

After reboot of the DevStack VM the following will be lost:

• stack volumes (this includes created storage volumes etc.)
• iptables/NAT setting
• bridges configurations

Here how to restore these settings or make them permanent:

Update

Right now it appears to be so involved to cleanly restore all the settings lost after reboot that a much safer and easier way is to make peace with everything in your OpenStack being lost (all the settings and things you've created inside) and just run stack.sh again (optionally with OFFLINE = True in your local.conf to keep the code exactly as before reboot).

sudo losetup -a
sudo pvs
sudo vgs

losetup /dev/loop0 /opt/stack/data/stack-volumes-backing-file

Sharing files between your physical machine and DevStack host

As I use vim as my Python IDE I personally prefer to work directly in the console of the guest DevStack instance, but if you prefer GUI IDE (like PyCharm) you might want to have access to the code on the DevStack guest right from your host. One rather straightforward possibility is sshfs, but as it is usually pretty slow, you might want to try NFS.

The following is adopted from this post by radix

First, install the nfs-kernel-server package on the host system and then edit /etc/exports to add the following line:

full_path_to_project_on_host    *(rw,async,root_squash,no_subtree_check)

Then in the DevStack guest install nfs-common and add the following line to /etc/fstab:

address_of_host:full_path_to_project_on_host    full_path_to_project_on_guest    nfs

Don't forget to mkdir full_path_to_project_on_guest in the guest. You can then reboot the DevStack guest or just mount full_path_to_project_on_guest.

Problems with receiving IPs for VMs

Some versions of VirtIO network interface seem not to fill in checksums correctly in UDP packets (something called checksum offloading), which interferes with receiving DHCP lease from neutron/nova-network when everything is running on a single host (e.g. DevStack). To fix this add the following rule to iptables:

sudo iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill

Nested KVM

If you run DevStack as a KVM guest, ensure that your host system has nested KVM enabled - that will greatly speed up those VMs you run inside your DevStack guest (of course your CPU has to support virtualization extensions and have them enabled in BIOS).

Check that nested KVM is enabled:

cat /sys/module/kvm_intel/parameters/nested

If it's N then try to load the module with

modprobe kvm_intel nested=1

If it worked (you get Y after checking again) to make it permanent you have to add the following line to some .conf file in /etc/modprobe.d/:

options kvm-intel nested=1

Reboot and check again.