Browse Source

Merge "Add firewall driver selection"

Jenkins 2 years ago
parent
commit
97ecb6a21c
1 changed files with 19 additions and 9 deletions
  1. 19
    9
      userdocs/fuel-user-guide/configure-environment/settings.rst

+ 19
- 9
userdocs/fuel-user-guide/configure-environment/settings.rst View File

@@ -37,9 +37,8 @@ by editing the corresponding configuration files.
37 37
            kernel parameters for the Fuel Master node or for nodes that have
38 38
            already been deployed.
39 39
 
40
-          The :guilabel:`Kernel parameters` for OpenStack and Fuel include:
41
-
42
-          ``ttys0=<speed>``
40
+      * - **General settings: Kernel parameters**
41
+        - ``ttys0=<speed>``
43 42
            Enables serial console for videoless servers.
44 43
           ``console=ttyS0,9600``
45 44
            Enables serial console.
@@ -65,10 +64,9 @@ by editing the corresponding configuration files.
65 64
            setting this kernel parameter may enable the system to boot.
66 65
            However, if no backward compatibility is provided, the system
67 66
            may panic or fail in other ways even with this parameter set.
68
-      * - **Security settings**
69
-        - The :guilabel:`Public TLS` configuration includes:
70 67
 
71
-          TLS for OpenStack public endpoints
68
+      * - **Security settings: Public TLS**
69
+        - TLS for OpenStack public endpoints
72 70
            Enables TLS termination on HAProxy for OpenStack services.
73 71
           HTTPS for Horizon
74 72
            Secures access to Horizon enabling HTTPS instead of HTTP.
@@ -90,9 +88,8 @@ by editing the corresponding configuration files.
90 88
            to this name. Self-signed certificates also use this hostname.
91 89
            The default value is ``public.fuel.local``.
92 90
 
93
-          The :guilabel:`SSH security` configuration includes:
94
-
95
-          Restrict SSH service on network
91
+      * - **Security settings: SSH security**
92
+        - Restrict SSH service on network
96 93
            When enabled, provide at least one working IP address
97 94
            (the Fuel Master node IP is already added).
98 95
            Add new addresses instead of replacing the provided
@@ -104,6 +101,16 @@ by editing the corresponding configuration files.
104 101
           Brute force protection
105 102
            Grants access from all networks (except the provided ones),
106 103
            but Fuel checks the networks against the brute force attack.
104
+
105
+      * - **Security settings: Security groups**
106
+        - Open vSwitch Firewall Driver
107
+           Select the Open vSwitch Firewall Driver if you use OVS Bridges
108
+           for networking.
109
+          IPtables-based Firewall Driver
110
+           Select the IPtables-based Firewall Driver if you use Linux
111
+           Bridges for networking. Do not select this option if you have
112
+           DPDK enabled as this results in not having a firewall at all.
113
+
107 114
       * - **Compute settings**
108 115
         - Hypervisor
109 116
            Enables you to modify the previously selected option.
@@ -112,6 +119,7 @@ by editing the corresponding configuration files.
112 119
           Resume guests state on host boot
113 120
            Controls whether to preserve the state of virtual instances
114 121
            across reboots.
122
+
115 123
       * - **Storage settings**
116 124
         - Use qcow format for images
117 125
            If you select this option, ephemeral volumes will be created as a
@@ -131,6 +139,7 @@ by editing the corresponding configuration files.
131 139
            Determines the minimum number of Ceph OSD nodes that Fuel must
132 140
            deploy. For a production environment, deploy at least three Ceph
133 141
            OSD nodes.
142
+
134 143
       * - **Logging settings**
135 144
         - Configure the Puppet and OpenStack debug logging and syslog
136 145
           settings.
@@ -147,6 +156,7 @@ by editing the corresponding configuration files.
147 156
            environment. If you want to use an external server for
148 157
            ``rsyslog``, specify an IP address and port number of the server
149 158
            in the :guilabel:`Syslog` field.
159
+
150 160
       * - **OpenStack services**
151 161
         - Select additional OpenStack services to deploy. Some OpenStack
152 162
           services may have additional network and storage requirements.

Loading…
Cancel
Save