initial commit

18 files changed, 794 insertions, 0 deletions

diff --git a/README b/README
new file mode 100644
index 0000000..41f5038
--- /dev/null
+++ b/README
@@ -0,0 +1,32 @@
+    Copyright (C) 2022  Pasha <pasha@member.fsf.org>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+Debian OpenStack Installer
+
+edit openstack_setup.sh and set the following setting:
+
+OPENSTACK_HOST_IP="192.168.0.155"
+EXTERNAL_BRIDGE_INTERFACE="enp7s0"
+
+chmod +x openstack_setup.sh
+
+# ./openstack_setup.sh &> output.txt
+
+check output from another shell
+# tail -f output.txt
+
+
+done
\ No newline at end of file
diff --git a/configs/99-openstack.cnf b/configs/99-openstack.cnf
new file mode 100644
index 0000000..6aedbcb
--- /dev/null
+++ b/configs/99-openstack.cnf
@@ -0,0 +1,8 @@
+[mysqld]
+bind-address = REPLACE_WITH_OPENSTACK_HOST_IP
+
+default-storage-engine = innodb
+innodb_file_per_table = on
+max_connections = 4096
+collation-server = utf8_general_ci
+character-set-server = utf8
diff --git a/configs/admin-openrc b/configs/admin-openrc
new file mode 100644
index 0000000..edd9a2f
--- /dev/null
+++ b/configs/admin-openrc
@@ -0,0 +1,8 @@
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_USERNAME=admin
+export OS_PASSWORD=ADMIN_PASS
+export OS_AUTH_URL=http://REPLACE_WITH_HOST:5000/v3
+export OS_IDENTITY_API_VERSION=3
+export OS_IMAGE_API_VERSION=2
diff --git a/configs/database.sql b/configs/database.sql
new file mode 100644
index 0000000..faed5fd
--- /dev/null
+++ b/configs/database.sql
@@ -0,0 +1,29 @@
+CREATE DATABASE keystone;
+GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
+GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
+
+CREATE DATABASE glance;
+GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
+GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
+
+CREATE DATABASE placement;
+GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';
+GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';
+
+CREATE DATABASE nova_api;
+GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
+GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
+
+CREATE DATABASE nova;
+GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
+GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
+
+CREATE DATABASE nova_cell0;
+GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
+GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
+
+CREATE DATABASE neutron;
+GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
+GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
+
+FLUSH PRIVILEGES;
diff --git a/configs/demo-openrc b/configs/demo-openrc
new file mode 100644
index 0000000..62f5b61
--- /dev/null
+++ b/configs/demo-openrc
@@ -0,0 +1,8 @@
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=myproject
+export OS_USERNAME=myuser
+export OS_PASSWORD=DEMO_PASS
+export OS_AUTH_URL=http://REPLACE_WITH_HOST:5000/v3
+export OS_IDENTITY_API_VERSION=3
+export OS_IMAGE_API_VERSION=2
diff --git a/configs/dhcp_agent.ini b/configs/dhcp_agent.ini
new file mode 100644
index 0000000..bfc2439
--- /dev/null
+++ b/configs/dhcp_agent.ini
@@ -0,0 +1,4 @@
+[DEFAULT]
+interface_driver = linuxbridge
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+enable_isolated_metadata = true
diff --git a/configs/etcd b/configs/etcd
new file mode 100644
index 0000000..ea463ee
--- /dev/null
+++ b/configs/etcd
@@ -0,0 +1,10 @@
+
+ETCD_NAME="REPLACE_WITH_HOST"
+ETCD_DATA_DIR="/var/lib/etcd"
+ETCD_INITIAL_CLUSTER_STATE="new"
+ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
+ETCD_INITIAL_CLUSTER="controller=http://REPLACE_WITH_OPENSTACK_HOST_IP:2380"
+ETCD_INITIAL_ADVERTISE_PEER_URLS="http://REPLACE_WITH_OPENSTACK_HOST_IP:2380"
+ETCD_ADVERTISE_CLIENT_URLS="http://REPLACE_WITH_OPENSTACK_HOST_IP:2379"
+ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
+ETCD_LISTEN_CLIENT_URLS="http://REPLACE_WITH_OPENSTACK_HOST_IP:2379"
diff --git a/configs/glance-api.conf b/configs/glance-api.conf
new file mode 100644
index 0000000..5df3b61
--- /dev/null
+++ b/configs/glance-api.conf
@@ -0,0 +1,37 @@
+[DEFAULT]
+use_keystone_quotas = True
+transport_url = rabbit://openstack:RABBIT_PASS@REPLACE_WITH_HOST
+
+rootwrap_config = /etc/glance/rootwrap.conf
+
+[database]
+connection = mysql+pymysql://glance:glance@REPLACE_WITH_HOST/glance
+
+[keystone_authtoken]
+www_authenticate_uri = http://REPLACE_WITH_HOST:5000
+auth_url = http://REPLACE_WITH_HOST:5000
+memcached_servers = REPLACE_WITH_HOST:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = glance
+password = glance
+
+[paste_deploy]
+flavor = keystone
+
+[glance_store]
+stores = file,http
+default_store = file
+filesystem_store_datadir = /var/lib/glance/images/
+
+[oslo_limit]
+auth_url = http://REPLACE_WITH_HOST:5000
+auth_type = password
+user_domain_id = default
+username = MY_SERVICE
+system_scope = all
+password = MY_SERVICE
+endpoint_id = ENDPOINT_ID
+region_name = RegionOne
diff --git a/configs/keystone.conf b/configs/keystone.conf
new file mode 100644
index 0000000..7150b0a
--- /dev/null
+++ b/configs/keystone.conf
@@ -0,0 +1,9 @@
+[DEFAULT]
+
+memcache_servers = REPLACE_WITH_HOST:11211
+
+[database]
+connection = mysql+pymysql://keystone:keystone@REPLACE_WITH_HOST/keystone
+
+[token]
+provider = fernet
diff --git a/configs/linuxbridge_agent.ini b/configs/linuxbridge_agent.ini
new file mode 100644
index 0000000..e3e685a
--- /dev/null
+++ b/configs/linuxbridge_agent.ini
@@ -0,0 +1,12 @@
+[DEFAULT]
+#debug = true
+
+[linux_bridge]
+physical_interface_mappings = provider:PROVIDER_INTERFACE
+
+[vxlan]
+enable_vxlan = false
+
+[securitygroup]
+enable_security_group = true
+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
diff --git a/configs/metadata_agent.ini b/configs/metadata_agent.ini
new file mode 100644
index 0000000..0ab00e8
--- /dev/null
+++ b/configs/metadata_agent.ini
@@ -0,0 +1,8 @@
+[DEFAULT]
+metadata_backlog = 4096
+
+# Maximum seconds to wait for a response from an RPC call. (integer value)
+rpc_response_max_timeout = 600
+
+nova_metadata_host = REPLACE_WITH_HOST
+metadata_proxy_shared_secret = METADATA_SECRET
diff --git a/configs/ml2_conf.ini b/configs/ml2_conf.ini
new file mode 100644
index 0000000..e7955b6
--- /dev/null
+++ b/configs/ml2_conf.ini
@@ -0,0 +1,14 @@
+[DEFAULT]
+#debug = true
+
+[ml2]
+type_drivers = flat,vlan
+tenant_network_types =
+mechanism_drivers = linuxbridge
+extension_drivers = port_security
+
+[ml2_type_flat]
+flat_networks = provider
+
+[securitygroup]
+enable_ipset = true
diff --git a/configs/neutron.conf b/configs/neutron.conf
new file mode 100644
index 0000000..d2e72ea
--- /dev/null
+++ b/configs/neutron.conf
@@ -0,0 +1,48 @@
+[DEFAULT]
+core_plugin = ml2
+service_plugins = router
+auth_strategy = keystone
+state_path = /var/lib/neutron
+dhcp_agent_notification = True
+allow_overlapping_ips = True
+notify_nova_on_port_status_changes = True
+notify_nova_on_port_data_changes = True
+
+[agent]
+root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+#base_mac = fa:16:3e:00:00:00
+rpc_response_max_timeout = 600
+rpc_response_timeout = 600
+transport_url = rabbit://openstack:RABBIT_PASS@controller
+
+[database]
+connection = mysql+pymysql://neutron:neutron@REPLACE_WITH_HOST/neutron
+
+[keystone_authtoken]
+www_authenticate_uri = http://REPLACE_WITH_HOST:5000
+auth_url = http://REPLACE_WITH_HOST:5000
+memcached_servers = REPLACE_WITH_HOST:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = neutron
+password = neutron
+
+[nova]
+auth_url = http://REPLACE_WITH_HOST:5000
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+region_name = RegionOne
+project_name = service
+username = nova
+password = nova
+
+[oslo_concurrency]
+lock_path = /var/lib/neutron/tmp
+
+[oslo_messaging_amqp]
+default_reply_timeout = 300
+default_send_timeout = 600
+default_notify_timeout = 300
diff --git a/configs/nova.conf b/configs/nova.conf
new file mode 100644
index 0000000..4f898e8
--- /dev/null
+++ b/configs/nova.conf
@@ -0,0 +1,71 @@
+[DEFAULT]
+state_path=/var/lib/nova
+instances_path=/var/lib/nova/instances
+enabled_apis = osapi_compute,metadata
+rootwrap_config = /etc/nova/rootwrap.conf
+
+use_neutron = True
+vif_plugging_is_fatal = True
+vif_plugging_timeout = 300
+
+transport_url = rabbit://openstack:RABBIT_PASS@REPLACE_WITH_HOST
+
+my_ip = REPLACE_WITH_OPENSTACK_HOST_IP
+
+[api_database]
+connection = mysql+pymysql://nova:nova@REPLACE_WITH_HOST/nova_api
+
+[database]
+connection = mysql+pymysql://nova:nova@REPLACE_WITH_HOST/nova
+
+[api]
+auth_strategy = keystone
+
+[keystone_authtoken]
+www_authenticate_uri = http://REPLACE_WITH_HOST:5000
+auth_url = http://REPLACE_WITH_HOST:5000
+memcached_servers = REPLACE_WITH_HOST:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = nova
+password = nova
+
+[vnc]
+enabled = true
+server_listen = $my_ip
+server_proxyclient_address = $my_ip
+novncproxy_base_url = http://REPLACE_WITH_HOST:6080/vnc_auto.html
+
+[glance]
+api_servers = http://REPLACE_WITH_HOST:9292
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[placement]
+region_name = RegionOne
+project_domain_name = default
+project_name = service
+auth_type = password
+user_domain_name = default
+auth_url = http://REPLACE_WITH_HOST:5000
+username = placement
+password = placement
+
+[wsgi]
+api_paste_config = /etc/nova/api-paste.ini
+
+# uncomment after installing and configure neutron
+#[neutron]
+#auth_url = http://REPLACE_WITH_HOST:5000
+#auth_type = password
+#project_domain_name = default
+#user_domain_name = default
+#region_name = RegionOne
+#project_name = service
+#username = neutron
+#password = neutron
+#service_metadata_proxy = true
+#metadata_proxy_shared_secret = METADATA_SECRET
diff --git a/configs/nova2.conf b/configs/nova2.conf
new file mode 100644
index 0000000..4ce355c
--- /dev/null
+++ b/configs/nova2.conf
@@ -0,0 +1,70 @@
+[DEFAULT]
+state_path=/var/lib/nova
+instances_path=/var/lib/nova/instances
+enabled_apis = osapi_compute,metadata
+rootwrap_config = /etc/nova/rootwrap.conf
+
+use_neutron = True
+vif_plugging_is_fatal = True
+vif_plugging_timeout = 300
+
+transport_url = rabbit://openstack:RABBIT_PASS@REPLACE_WITH_HOST
+
+my_ip = REPLACE_WITH_OPENSTACK_HOST_IP
+
+[api_database]
+connection = mysql+pymysql://nova:nova@REPLACE_WITH_HOST/nova_api
+
+[database]
+connection = mysql+pymysql://nova:nova@REPLACE_WITH_HOST/nova
+
+[api]
+auth_strategy = keystone
+
+[keystone_authtoken]
+www_authenticate_uri = http://REPLACE_WITH_HOST:5000
+auth_url = http://REPLACE_WITH_HOST:5000
+memcached_servers = REPLACE_WITH_HOST:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = nova
+password = nova
+
+[vnc]
+enabled = true
+server_listen = $my_ip
+server_proxyclient_address = $my_ip
+novncproxy_base_url = http://REPLACE_WITH_HOST:6080/vnc_auto.html
+
+[glance]
+api_servers = http://REPLACE_WITH_HOST:9292
+
+[oslo_concurrency]
+lock_path = /var/lib/nova/tmp
+
+[placement]
+region_name = RegionOne
+project_domain_name = default
+project_name = service
+auth_type = password
+user_domain_name = default
+auth_url = http://REPLACE_WITH_HOST:5000
+username = placement
+password = placement
+
+[wsgi]
+api_paste_config = /etc/nova/api-paste.ini
+
+[neutron]
+auth_url = http://REPLACE_WITH_HOST:5000
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+region_name = RegionOne
+project_name = service
+username = neutron
+password = neutron
+service_metadata_proxy = true
+metadata_proxy_shared_secret = METADATA_SECRET
diff --git a/configs/placement.conf b/configs/placement.conf
new file mode 100644
index 0000000..a5261bd
--- /dev/null
+++ b/configs/placement.conf
@@ -0,0 +1,17 @@
+[DEFAULT]
+
+[placement_database]
+connection = mysql+pymysql://placement:placement@REPLACE_WITH_HOST/placement
+
+[api]
+auth_strategy = keystone
+
+[keystone_authtoken]
+auth_url = http://REPLACE_WITH_HOST:5000/
+memcached_servers = REPLACE_WITH_HOST:11211
+auth_type = password
+project_domain_name = default
+user_domain_name = default
+project_name = service
+username = placement
+password = placement
diff --git a/next_steps b/next_steps
new file mode 100644
index 0000000..3660f94
--- /dev/null
+++ b/next_steps
@@ -0,0 +1,62 @@
+Create provider network:
+
+openstack network create  --share --external \
+  --provider-physical-network provider \
+  --provider-network-type flat provider
+
+openstack subnet create --network provider \
+  --allocation-pool start=192.168.122.20,end=192.168.122.200 \
+  --dns-nameserver 192.168.122.1 --gateway 192.168.122.1 \
+  --subnet-range 192.168.122.0/24 provider
+  
+
+openstack security group rule create --proto icmp default
+openstack security group rule create --proto tcp --dst-port 22 default
+
+
+Generate a key pair:
+$ ssh-keygen -q -N ""
+
+cd to your home directory
+$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+
+verify
+$ openstack keypair list
+
+
+openstack flavor create --id 0 --vcpus 2 --ram 1024 --disk 10 m1.nano
+
+Download debian openstack image
+https://cdimage.debian.org/cdimage/openstack/
+ 
+upload it:
+openstack image create \
+  --container-format bare \
+  --disk-format qcow2 \
+  --property hw_disk_bus=scsi \
+  --property hw_scsi_model=virtio-scsi \
+  --property os_type=linux \
+  --property os_distro=debian \
+  --property os_admin_user=debian \
+  --property os_version='10.12.7' \
+  --public \
+  --file debian-10.12.7-20220706-openstack-amd64.qcow2 \
+  debian-10.12.7-openstack-amd64
+
+
+openstack network list
++--------------------------------------+----------+--------------------------------------+
+| ID                                   | Name     | Subnets                              |
++--------------------------------------+----------+--------------------------------------+
+| da5f9aa8-1bac-4aab-9931-0ce4d835783a | provider | eeeb4a46-8bb0-442b-b81c-20103c2d7f80 |
++--------------------------------------+----------+--------------------------------------+
+
+copy ID as net-id while creating server
+
+openstack server create --flavor m1.nano --image debian-10.12.7-openstack-amd64 \
+  --nic net-id=b2d69a6e-3a77-4d55-94fd-308558088a3d --security-group default \
+  --key-name mykey debianinstance
+
+
+verify
+# openstack server list
diff --git a/openstack_setup.sh b/openstack_setup.sh
new file mode 100644
index 0000000..97575b5
--- /dev/null
+++ b/openstack_setup.sh
@@ -0,0 +1,347 @@
+#!/bin/bash
+
+#    Copyright (C) 2022  Pasha <pasha@member.fsf.org>
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+OPENSTACK_HOST_IP="192.168.0.155"
+EXTERNAL_BRIDGE_INTERFACE="enp7s0"
+
+
+if [ -z ${OPENSTACK_HOST_IP} ]; then
+    echo "Please set OpenStack host IP"
+    exit 1
+fi
+
+if [ -z ${EXTERNAL_BRIDGE_INTERFACE} ]; then
+    echo "Please set external bridge interface name"
+    exit 1
+fi
+
+OPENSTACK_HOST=$HOSTNAME
+CONFIG_DIR="configs"
+
+export DEBIAN_FRONTEND=noninteractive
+
+function download_packages() {
+    echo "downloading packages..."
+    apt-get -dy install chrony mariadb-server python3-pymysql rabbitmq-server memcached python3-memcache etcd keystone apache2  python3-openstackclient glance  placement-api libguestfs-tools virt-manager nova-api nova-conductor nova-novncproxy nova-scheduler neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent neutron-plugin-ml2 neutron-openvswitch-agent neutron-l3-agent python3-neutronclient openstack-dashboard
+    apt-get -dy install  nova-compute-qemu
+    echo "done"
+}
+
+function update_hostip() {
+    echo "updating host IP..."
+    sed -i "s/127.0.1.1[[:blank:]]${OPENSTACK_HOST}/#127.0.1.1	${OPENSTACK_HOST}/" /etc/hosts
+    sed -i "/#127.0.1.1/a ${OPENSTACK_HOST_IP}	${OPENSTACK_HOST}" /etc/hosts
+    echo "done"
+}
+
+function setup_chrony() {
+    echo "installing chrony..."
+    apt-get -y install chrony
+    systemctl enable chrony
+    systemctl restart chrony
+    echo "done"
+}
+
+function setup_mariadb() {
+    echo "installing mariadb..."
+    apt-get -y install mariadb-server python3-pymysql
+    sed "s/REPLACE_WITH_OPENSTACK_HOST_IP/${OPENSTACK_HOST_IP}/" ${CONFIG_DIR}/99-openstack.cnf > /etc/mysql/mariadb.conf.d/99-openstack.cnf
+    systemctl restart mariadb
+    echo "done"
+}
+
+function setup_rabbitmq() {
+    echo "installing rabbitmq"
+    apt-get -y install rabbitmq-server
+    export PATH=$PATH:/usr/sbin/:/sbin
+    rabbitmqctl add_user openstack RABBIT_PASS
+    rabbitmqctl set_permissions openstack ".*" ".*" ".*"
+    echo "done"
+}
+
+function setup_memcahed() {
+    echo "installing memcahed"
+    apt-get -y install memcached python3-memcache
+    sed -i "s/-l 127.0.0.1/-l ${OPENSTACK_HOST_IP}/" /etc/memcached.conf
+    systemctl enable memcached
+    systemctl restart memcached
+    echo "done"
+}
+
+function setup_etcd() {
+    echo "installing etcd"
+    apt-get -y install etcd
+    sed "s/REPLACE_WITH_OPENSTACK_HOST_IP/${OPENSTACK_HOST_IP}/" ${CONFIG_DIR}/etcd >> /etc/default/etcd
+    sed -i "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" /etc/default/etcd
+    systemctl enable etcd
+    systemctl restart etcd
+    echo "done"
+}
+
+function setup_database_tables() {
+    echo "creating database tables..."
+    mysql -u root < ${CONFIG_DIR}/database.sql
+    echo "done"
+}
+
+function setup_apache2() {
+    echo "installing apache2..."
+    apt-get -y install apache2
+    # set servername in apache2
+    sed -i "1i ServerName ${OPENSTACK_HOST}" /etc/apache2/apache2.conf
+    systemctl restart apache2
+    echo "done"
+}
+
+
+function setup_keystone() {
+    echo "installing keystone..."
+    apt-get -y install keystone
+    mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.org
+    systemctl stop keystone
+    sed "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" ${CONFIG_DIR}/keystone.conf > /etc/keystone/keystone.conf
+    apt-get -y install python3-openstackclient
+    su -s /bin/sh -c "keystone-manage db_sync" keystone
+    systemctl restart apache2
+    systemctl start keystone
+    echo "done"
+}
+
+function configure_keystone() {
+    echo "configuring keystone..."
+    # keystone-manage
+    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
+    keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
+    keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://${OPENSTACK_HOST}:5000/v3/ --bootstrap-internal-url http://${OPENSTACK_HOST}:5000/v3/ --bootstrap-public-url http://${OPENSTACK_HOST}:5000/v3/ --bootstrap-region-id RegionOne
+    echo "done"
+}
+
+
+function set_auth_variables() {
+    echo "setting auth variables..."
+    sed "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" ${CONFIG_DIR}/admin-openrc > admin-openrc
+    sed "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" ${CONFIG_DIR}/demo-openrc > demo-openrc
+    source admin-openrc
+    echo "done"
+}
+
+function configure_domain_project() {
+    echo "configuring doamin and project..."
+    openstack domain create --description "An Example Domain" example
+    openstack project create --domain default --description "Service Project" service
+    openstack project create --domain default --description "Demo Project" myproject
+    openstack user create --domain default --password myuser myuser
+    openstack role create myrole
+    openstack role add --project myproject --user myuser myrole
+    echo "done"
+}
+
+
+function configure_glance_endpoints() {
+    echo "configuring glance endpoints..."
+    openstack user create --domain default --password glance glance
+    openstack role add --project service --user glance admin
+    openstack service create --name glance --description "OpenStack Image" image
+
+    openstack endpoint create --region RegionOne image public http://${OPENSTACK_HOST}:9292
+    openstack endpoint create --region RegionOne image internal http://${OPENSTACK_HOST}:9292
+    openstack endpoint create --region RegionOne image admin http://${OPENSTACK_HOST}:9292
+
+    openstack user create --domain default --password MY_SERVICE MY_SERVICE
+    openstack role add --user MY_SERVICE --user-domain default --system all reader
+    echo "done"
+}
+
+function setup_glance() {
+    echo "installing glance..."
+    apt-get -y install glance
+    systemctl stop glance-*
+    mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.org
+    sed "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" ${CONFIG_DIR}/glance-api.conf > /etc/glance/glance-api.conf    
+    su -s /bin/sh -c "glance-manage db_sync" glance
+    systemctl start glance-api
+    systemctl restart glance-*
+    #wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
+    #glance image-create --name "cirros" \
+    #	   --file cirros-0.4.0-x86_64-disk.img \
+    #	   --disk-format qcow2 --container-format bare \
+    #	   --visibility=public
+    echo "done"
+}
+
+function configure_placement_endpoints() {
+    echo "configuring placement endpoints..."
+    openstack user create --domain default --password placement placement
+    openstack role add --project service --user placement admin
+    openstack service create --name placement --description "Placement API" placement
+    openstack endpoint create --region RegionOne placement public http://${OPENSTACK_HOST}:8778
+    openstack endpoint create --region RegionOne placement internal http://${OPENSTACK_HOST}:8778
+    openstack endpoint create --region RegionOne placement admin http://${OPENSTACK_HOST}:8778
+    echo "done"
+}
+
+function setup_placement() {
+    echo "installing placement..."
+    apt-get -y install placement-api
+    mv /etc/placement/placement.conf /etc/placement/placement.conf.org
+    sed "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" ${CONFIG_DIR}/placement.conf > /etc/placement/placement.conf   
+    su -s /bin/sh -c "placement-manage db sync" placement
+    systemctl restart placement-api
+    systemctl enable placement-api
+    systemctl restart apache2
+    echo "done"
+}
+
+function configure_nova_endpoints() {
+    echo "configuring nova endpoints..."
+    openstack user create --domain default --password nova nova
+    openstack role add --project service --user nova admin
+    openstack service create --name nova --description "OpenStack Compute" compute
+    openstack endpoint create --region RegionOne compute public http://${OPENSTACK_HOST}:8774/v2.1
+    openstack endpoint create --region RegionOne compute internal http://${OPENSTACK_HOST}:8774/v2.1
+    openstack endpoint create --region RegionOne compute admin http://${OPENSTACK_HOST}:8774/v2.1    
+    echo "done"
+}
+
+function setup_nova() {
+    echo "installing nova..."
+    apt-get -y install libguestfs-tools virt-manager
+    apt-get -y install nova-api nova-conductor nova-novncproxy nova-scheduler
+    systemctl stop nova-*
+    mv /etc/nova/nova.conf /etc/nova/nova.conf.org
+    cp ${CONFIG_DIR}/nova.conf /etc/nova/nova.conf
+
+    sed -i "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" /etc/nova/nova.conf
+    sed -i "s/REPLACE_WITH_OPENSTACK_HOST_IP/${OPENSTACK_HOST_IP}/" /etc/nova/nova.conf
+
+    su -s /bin/sh -c "nova-manage api_db sync" nova
+    su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
+    su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
+    su -s /bin/sh -c "nova-manage db sync" nova
+    apt-get -y install nova-compute
+    apt-get -y install nova-compute-qemu
+    systemctl start nova-api
+    systemctl enable nova-api
+    systemctl enable nova-scheduler
+    systemctl enable nova-conductor
+    systemctl enable nova-novncproxy
+    systemctl enable nova-serialproxy
+    systemctl enable nova-spicehtml5proxy
+    systemctl enable nova-novncproxy
+    systemctl enable nova-compute
+    # find hypervisor
+    su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
+    #systemctl restart nova-*
+    systemctl restart nova-api
+    systemctl restart nova-scheduler
+    systemctl restart nova-conductor
+    systemctl restart nova-novncproxy
+    systemctl restart nova-serialproxy
+    systemctl restart nova-spicehtml5proxy
+    systemctl restart nova-novncproxy
+    systemctl restart nova-compute
+    echo "done"
+}
+
+
+function configure_neutron_endpoints() {
+    echo "configuring neutron endpoints..."
+    openstack user create --domain default --password neutron neutron
+    openstack role add --project service --user neutron admin
+    openstack service create --name neutron --description "OpenStack Networking" network
+    openstack endpoint create --region RegionOne network public http://${OPENSTACK_HOST}:9696
+    openstack endpoint create --region RegionOne network internal http://${OPENSTACK_HOST}:9696
+    openstack endpoint create --region RegionOne network admin http://${OPENSTACK_HOST}:9696
+    echo "done"
+}
+
+
+function setup_neutron() {
+    echo "installing neutron..."
+    apt-get -y install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent
+    systemctl stop neutron-*
+
+    mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.org
+    cp ${CONFIG_DIR}/neutron.conf /etc/neutron/neutron.conf
+    sed -i "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" /etc/neutron/neutron.conf
+
+    mv /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.org
+    cp ${CONFIG_DIR}/metadata_agent.ini /etc/neutron/metadata_agent.ini
+    sed -i "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" /etc/neutron/metadata_agent.ini
+
+    # update for neutron config
+    cp ${CONFIG_DIR}/nova2.conf /etc/nova/nova.conf
+    sed -i "s/REPLACE_WITH_HOST/${OPENSTACK_HOST}/" /etc/nova/nova.conf
+    sed -i "s/REPLACE_WITH_OPENSTACK_HOST_IP/${OPENSTACK_HOST_IP}/" /etc/nova/nova.conf
+
+    mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.org
+    cp ${CONFIG_DIR}/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini
+    mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.org
+    sed 's/PROVIDER_INTERFACE/'$EXTERNAL_BRIDGE_INTERFACE'/' ${CONFIG_DIR}/linuxbridge_agent.ini >  /etc/neutron/plugins/ml2/linuxbridge_agent.ini
+    mv /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.org
+    cp ${CONFIG_DIR}/dhcp_agent.ini /etc/neutron/dhcp_agent.ini
+
+    cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.org
+    sed -i "s/interface_driver = openvswitch/interface_driver = linuxbride/" /etc/neutron/l3_agent.ini
+    
+    systemctl enable neutron-api
+    systemctl enable neutron-rpc-server
+    systemctl enable neutron-metadata-agent
+    systemctl enable neutron-linuxbridge-agent
+    systemctl enable neutron-dhcp-agent
+
+    systemctl restart nova-*
+    systemctl restart neutron-api
+    systemctl restart neutron-rpc-server
+    systemctl restart neutron-metadata-agent
+    systemctl restart neutron-linuxbridge-agent
+    systemctl restart neutron-dhcp-agent
+
+    su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
+
+    echo "done"
+}
+
+function enable_hypervisor() {
+    echo "updating hypervisor"
+    su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
+    echo "done"
+}
+
+download_packages
+update_hostip
+setup_chrony
+setup_mariadb
+setup_rabbitmq
+setup_memcahed
+setup_etcd
+setup_database_tables
+setup_apache2
+setup_keystone
+configure_keystone
+set_auth_variables
+configure_domain_project
+configure_glance_endpoints
+setup_glance
+configure_placement_endpoints
+setup_placement
+configure_nova_endpoints
+setup_nova
+configure_neutron_endpoints
+setup_neutron
+enable_hypervisor