Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
## TripleO UI setup using TripleO Quickstart from lab machine
# ssh into lab machine
# Install git
yum install -y git
# Create symlink to a place with larger storage capacity (/var is only 50GB)
sudo mkdir -p /home/libvirt/
sudo ln -sf /home/libvirt/ /var/lib/libvirt
# Add default toor user
sudo useradd toor
echo "toor:toor" | chpasswd
echo "toor ALL=(root) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/toor
sudo chmod 0440 /etc/sudoers.d/toor
su - toor
# Generate keys and setup hosts file to point localhost to
# see for more details
mkdir .ssh
ssh-keygen -t rsa -N "" -f .ssh/id_rsa
cat .ssh/ >> .ssh/authorized_keys
sudo bash -c "cat .ssh/ >> /root/.ssh/authorized_keys"
sudo bash -c "echo '' >> /etc/hosts"
# Clone tripleo-quickstart
git clone
# Run
./tripleo-quickstart/ --install-deps --release master-tripleo-ci
./tripleo-quickstart/ --release master-tripleo-ci --no-clone --clean
# After succesful install GUI is available at
# To get instackenv.json and stackrc, ssh to undercloud using
# ssh -F /home/toor/.quickstart/ssh.config.ansible undercloud
# Setup ssh tunnel to Undercloud using apache proxy
sudo ssh -F ~/.quickstart/ssh.config.ansible undercloud -L
# Setup ssh tunnel to Undercloud - add tunnel for each service separately
sudo ssh -F ~/.quickstart/ssh.config.ansible undercloud -L -L
# Update endpoints configuration in tripleo_ui_config
# /var/www/openstack-tripleo-ui/dist/tripleo_ui_config.js:
'keystone': '',
'heat': '',
'ironic': '',
'ironic-inspector': '',
'mistral': '',
'swift': '',
'zaqar-websocket': 'wss://',
# Restart apache
sudo systemctl restart httpd
# Continue the Undercloud setup according to
nova rebuild undercloud CentOS-7-x86_64-GenericCloud
ansible-playbook undercloud-provision.yml undercloud-deploy.yml overcloud-deploy.yml --extra-vars "flavor=centos version=passed-ci overcloud_flavor=centos7 inventory_file_source=nodes.json"
# after running quickstart, ssh into virthost and
sudo ssh -F ~/.quickstart/ssh.config.ansible undercloud -L
# add following to tripleo_ui_config.js (local)
'keystone': '',
'heat': '',
'ironic': '',
'mistral': '',
'swift': '',
'zaqar-websocket': 'wss://',
# Incorrect:
and open relevant ports:
sudo firewall-cmd --zone=public --add-port=13000/tcp --add-port=13004/tcp --add-port=13385/tcp --add-port=13989/tcp --add-port=13808/tcp --add-port=9000/tcp
# then create ssh tunnel from virthos to undercloud (run this from local machine you used to run quickstart)
ssh -F ~/.quickstart/ssh.config.ansible undercloud -N -L -L -L -L -L -L
# lab7
sudo ip route replace $BM_NETWORK_CIDR dev $ROUTE_DEV via $SEED_IP
# laptop to lab
# lab7
export VIRT_IP=
# dell7
export VIRT_IP=
sudo iptables -t nat -A OUTPUT -d $UNDERCLOUD_IP -j DNAT --to-destination
ssh stack@$VIRT_IP -L 8774:$UNDERCLOUD_IP:8774 -L 9292:$UNDERCLOUD_IP:9292 -L 8777:$UNDERCLOUD_IP:8777 -L 9696:$UNDERCLOUD_IP:9696 -L 6385:$UNDERCLOUD_IP:6385 -L 8004:$UNDERCLOUD_IP:8004 -L 5000:$UNDERCLOUD_IP:5000 -L 5001:$UNDERCLOUD_IP:5001 -L 8080:$UNDERCLOUD_IP:8080 -L 8585:$UNDERCLOUD_IP:8585 -L 35357:$UNDERCLOUD_IP:35357 -L 8989:$UNDERCLOUD_IP:8989 -L 5050:$UNDERCLOUD_IP:5050 -L 8888:$UNDERCLOUD_IP:8888 -L 9000:$UNDERCLOUD_IP:9000
# note that those ports need to be enabled in Undercloud VM's iptables
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m tcp --dport 5001 -j ACCEPT
below 8585 rule.
# Tunnel host > undercloud vm when undercloud_public_vip option is used in undercloud.conf
ssh root@ -L -L -L -L -L -L
# Mistral workflows:
sudo rm -Rf /usr/lib/python2.7/site-packages/tripleo_common*
sudo python install
sudo systemctl restart openstack-mistral-executor
sudo systemctl restart openstack-mistral-engine
#sudo systemctl restart httpd
# this loads the actions via entrypoints
sudo mistral-db-manage populate
# make sure the new actions got loaded
mistral action-list | grep tripleo
<rbrady> jtomasek: you'll likely have to run "mistral workbook-create <filename>" for all workbooks where you want to test workflows from
<rbrady> jtomasek: if you update any workflow, run "mistral workflow-update"
<jtomasek> dprince: what is the zaqar status right now, Is it already possible to listen to zaqar queue with current undercloud?
<rbrady> dprince: I'm not getting the value of adding that code for the swift url. I can already get the url by calling self.get_object_client().url. I still have to pass it to the utils method.
<EmilienM> jistr: our CI is currently failing a lot of times, and upgade job is broken, because it takes too much time, we need to do something
<jtomasek> dprince: I see you are using zaqar action here
<dprince> jtomasek: yes. I posted a fix of the weekend to fix an issue with subscribing to a queue though
<dprince> jtomasek:
<jistr> EmilienM: yea i see that but i'm not sure removing step 6 is the way, at least not until we can say "yea we can do overcloud init via puppet even without step 6" /cc jaosorior
<dprince> jtomasek: with that fix it all works for me :)
<jtomasek> dprince: how can I apply that change to my undercloud?
<EmilienM> jistr: at least we can try
* sshnaidm (sshnaidm@nat/redhat/x-fybfvxzaimawzezs) has joined #tripleo
<dprince> jtomasek: edit /etc/zaqar/zaqar.conf directly and restart openstack-zaqar and openstack-zaqar@1
include port 9000 (zaqar ws) in ssh tunel
trigger zaqar message by cli
mistral run-action zaqar.queue_post z.json -s
get list of messages on test_queue:
curl -X GET -H "Content-type: application/json" -H "Accept: application/json" -H "X-Auth-Token: $TOKEN" -H "Client-ID: 123e4567-e89b-12d3-a456-426655440000" --verbose
To be able to access the UI I've configure these three parameters in the undercloud.conf
undercloud_public_vip =
generate_service_certificate = true
certificate_generation_ca = local
You should have 2 intefaces (provisioning and public), so this will set the public endpoint to your public IP. Then, access with https://public_ip
[stack@rdo-ci-fx2-05-s7 ~]$ cat /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

This comment has been minimized.

Copy link

commented May 30, 2017

I have not been able to get this to work w/ 443. I can get it work just fine w/ the non-ssl ports.
Can you please assist w/ and
Thank you


This comment has been minimized.

Copy link

commented Jun 19, 2017


After setting up TripleO on RDO cloud by running tripleo-quickstart from your localhost, do these 2 steps:

  1. Add following to tripleo_ui_config.js (local):
    'keystone': ''

  2. From localhost, run:
    sshuttle -r stack@<undercloud_IP>

You can find the undercloud IP in ~/.quickstart/ssh.config.ansible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.