From 03cff88d610a9a3bd2a0550b2748784b7be06d25 Mon Sep 17 00:00:00 2001 From: Matt Kassawara Date: Fri, 18 Apr 2014 12:58:17 -0600 Subject: [PATCH] Updated networking content I updated the networking content as follows: 1) Reordered example architectures to place the 3-node neutron architecture before the 2-node nova-network architecture which agrees with the order presented in other portions of the installation guide. 2) Changed network service naming to agree with conventions. 3) Permanently unlinked the Open vSwitch (OVS) plug-in sections from the Networking chapter. However, I will refrain from deleting the associated files in case we need to restore them. 4) Temporarily unlinked the Open vSwitch (OVS) portion of the Neutron concepts section until we can update it to reflect the Modular Layer 2 (ML2) plug-in. 5) Addressed other minor issues. Change-Id: I7c285fcabaab65237477e8241f406dac28190344 Closes-Bug: #1309636 --- doc/install-guide/ch_basics.xml | 4 - doc/install-guide/ch_launch-instance.xml | 6 +- doc/install-guide/ch_networking.xml | 35 +----- doc/install-guide/ch_overview.xml | 103 +++++++++--------- .../section_basics-networking-neutron.xml | 4 +- .../section_basics-networking-nova.xml | 10 +- .../section_basics-networking.xml | 4 +- .../section_launch-instance-neutron.xml | 2 +- .../section_neutron-concepts.xml | 89 ++++----------- .../section_neutron-ml2-compute-node.xml | 6 +- .../section_neutron-ml2-controller-node.xml | 6 +- .../section_neutron-ml2-network-node.xml | 4 +- doc/install-guide/section_nova-compute.xml | 4 +- 13 files changed, 100 insertions(+), 177 deletions(-) diff --git a/doc/install-guide/ch_basics.xml b/doc/install-guide/ch_basics.xml index bfa3f65bf0..1b23770db5 100644 --- a/doc/install-guide/ch_basics.xml +++ b/doc/install-guide/ch_basics.xml @@ -3,10 +3,6 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="ch_basics"> Basic environment configuration - - We are updating this material for Icehouse. You may find structure - and/or content issues during this process. - This chapter explains how to configure each node in the example architectures including the diff --git a/doc/install-guide/ch_launch-instance.xml b/doc/install-guide/ch_launch-instance.xml index 967e9b2581..3aff876481 100644 --- a/doc/install-guide/ch_launch-instance.xml +++ b/doc/install-guide/ch_launch-instance.xml @@ -13,8 +13,10 @@ xlink:href="http://docs.openstack.org/user-guide/content/ch_dashboard.html"> OpenStack User Guide. Launch an instance using - Networking (neutron) or - legacy networking (nova-network). For more + OpenStack Networking (neutron) + or + legacy networking (nova-network) + . For more information, see the diff --git a/doc/install-guide/ch_networking.xml b/doc/install-guide/ch_networking.xml index 7115c80236..c5a8b0665e 100644 --- a/doc/install-guide/ch_networking.xml +++ b/doc/install-guide/ch_networking.xml @@ -4,19 +4,6 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="ch_networking"> Add a networking service - - - We are updating this material for Icehouse. You may find - structure and/or content issues during this process. - Configuring networking in OpenStack can be a bewildering experience. This guide provides step-by-step instructions for both OpenStack Networking (neutron) and the legacy networking (nova-network) @@ -30,34 +17,18 @@ >Networking chapter of the OpenStack Cloud Administrator Guide for more information.
- Networking (neutron) + OpenStack Networking (neutron)
Modular Layer 2 (ML2) plug-in - - We primarily tested the Modular Layer 2 (ML2) plug-in on - Icehouse and suggest that you implement it instead of the - traditional Open vSwitch (OVS) plug-in. - +
-
- Open vSwitch (OVS) plug-in - - We suggest that you implement the Modular Layer 2 (ML2) plug-in - on Icehouse until we completely test the traditional Open vSwitch - (OVS) plug-in. - - - - -
-
- Legacy networking + Legacy networking (nova-network) diff --git a/doc/install-guide/ch_overview.xml b/doc/install-guide/ch_overview.xml index 617cab8a28..e21dc2691d 100644 --- a/doc/install-guide/ch_overview.xml +++ b/doc/install-guide/ch_overview.xml @@ -45,55 +45,6 @@ optional services. This guide uses the following example architectures: - - Two-node architecture with legacy networking. See . - - - The basic - controller node - runs the Identity service, Image Service, management portion of - Compute, and the dashboard necessary to launch a simple instance. - It also includes supporting services such as MySQL, - AMQP, and - NTP. - Optionally, the controller node also runs portions of - Block Storage, Object Storage, Database Service, Orchestration, - and Telemetry. These components provide additional features for - your environment. - - - The basic compute node runs the - hypervisor portion of Compute, - which operates tenant - virtual machines - or instances. By default, Compute uses - KVM - as the hypervisor. Compute also - provisions and operates tenant networks and implements - security groups. - You can run more than one compute node. - Optionally, the compute node also runs the Telemetry - agent. This component provides additional features for - your environment. - - - - When you implement this architecture, skip - in - . To use optional services, you - might need to install additional nodes, as described in - subsequent chapters. - -
- Two-node architecture with legacy networking - - - - - -
- Three-node architecture with OpenStack Networking (neutron). See . @@ -101,7 +52,10 @@ The basic controller node runs the Identity service, Image Service, management portions of Compute and Networking, Networking plug-in, and the dashboard. It also includes - supporting services such as MySQL, AMQP, and NTP. + supporting services such as a database, + message broker, and + Network Time Protocol (NTP). + Optionally, the controller node also runs portions of Block Storage, Object Storage, Database Service, Orchestration, and Telemetry. These components provide additional features for @@ -146,6 +100,55 @@ + + Two-node architecture with legacy networking (nova-network). See + . + + + The basic + controller node + runs the Identity service, Image Service, management portion of + Compute, and the dashboard necessary to launch a simple instance. + It also includes supporting services such as a database, message + broker, and NTP. + Optionally, the controller node also runs portions of + Block Storage, Object Storage, Database Service, Orchestration, + and Telemetry. These components provide additional features for + your environment. + + + The basic compute node runs the + hypervisor portion of Compute, + which operates tenant + virtual machines + or instances. By default, Compute uses + KVM + as the hypervisor. Compute also + provisions and operates tenant networks and implements + security groups. + You can run more than one compute node. + Optionally, the compute node also runs the Telemetry + agent. This component provides additional features for + your environment. + + + + When you implement this architecture, skip + in + . To use optional services, you + might need to install additional nodes, as described in + subsequent chapters. + +
+ Two-node architecture with legacy networking (nova-network) + + + + + +
+
diff --git a/doc/install-guide/section_basics-networking-neutron.xml b/doc/install-guide/section_basics-networking-neutron.xml index 568996232c..a2b6a8f985 100644 --- a/doc/install-guide/section_basics-networking-neutron.xml +++ b/doc/install-guide/section_basics-networking-neutron.xml @@ -3,7 +3,7 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="basics-networking-neutron"> - OpenStack Networking + OpenStack Networking (neutron) The example architecture with OpenStack Networking (neutron) requires one controller node, one network node, and at least one compute node. The controller node contains one network interface on the @@ -14,7 +14,7 @@ one network interface on the management network and one on the instance tunnels network.
- Three-node architecture with OpenStack Networking + Three-node architecture with OpenStack Networking (neutron) - Legacy networking - The example architecture with legacy networking (nova) requires one - controller node and at least one compute node. The controller node - contains one network interface on the + Legacy networking (nova-network) + The example architecture with legacy networking (nova-network) + requires a controller node and at least one compute node. The controller + node contains one network interface on the management network. The compute node contains one network interface on the management network and one on the external network.
- Two-node architecture with legacy networking + Two-node architecture with legacy networking (nova-network) Proceed to network configuration for the example - OpenStack Networking + OpenStack Networking (neutron) or legacy - networking architecture. + networking (nova-network) architecture. diff --git a/doc/install-guide/section_launch-instance-neutron.xml b/doc/install-guide/section_launch-instance-neutron.xml index 5cd4b2595b..36b2476804 100644 --- a/doc/install-guide/section_launch-instance-neutron.xml +++ b/doc/install-guide/section_launch-instance-neutron.xml @@ -3,7 +3,7 @@ xmlns:xi="http://www.w3.org/2001/XInclude" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="launch-instance-neutron"> - Launch an instance with Networking (neutron) + Launch an instance with OpenStack Networking (neutron) To generate a keypair Most cloud images support diff --git a/doc/install-guide/section_neutron-concepts.xml b/doc/install-guide/section_neutron-concepts.xml index a5e00cd2ac..466c5c1acf 100644 --- a/doc/install-guide/section_neutron-concepts.xml +++ b/doc/install-guide/section_neutron-concepts.xml @@ -1,28 +1,33 @@ -
- Neutron concepts - Like Nova Networking, Neutron manages software-defined - networking for your OpenStack installation. However, unlike Nova - Networking, you can configure Neutron for advanced virtual network - topologies, such as per-tenant private networks and more. - Neutron has the following object abstractions: networks, + Networking concepts + OpenStack Networking (neutron) manages all of the networking facets for + the Virtual Networking Infrastructure (VNI) and the access layer aspects + of the Physical Networking Infrastructure (PNI) in your OpenStack + environment. OpenStack Networking allows tenants to create advanced virtual + network topologies including services such as + firewalls, + load balancers, and + + virtual private networks (VPNs). + Networking provides the following object abstractions: networks, subnets, and routers. Each has functionality that mimics its physical counterpart: networks contain subnets, and routers route traffic between different subnet and networks. - Any given Neutron set up has at least one external network. + Any given Networking set up has at least one external network. This network, unlike the other networks, is not merely a virtually defined network. Instead, it represents the view into a slice of the external network that is accessible outside the OpenStack - installation. IP addresses on the Neutron external network are + installation. IP addresses on the Networking external network are accessible by anybody physically on the outside network. Because this network merely represents a slice of the outside network, DHCP is disabled on this network. - In addition to external networks, any Neutron set up has one + In addition to external networks, any Networking set up has one or more internal networks. These software-defined networks connect directly to the VMs. Only the VMs on any given internal network, or those on subnets connected through interfaces to a similar @@ -39,70 +44,16 @@ connected to a subnet, that connection is called a port. You can associate external network IP addresses with ports to VMs. This way, entities on the outside network can access VMs. - Neutron also supports security + Networking also supports security groups. Security groups enable administrators to define firewall rules in groups. A VM can belong to one or more - security groups, and Neutron applies the rules in those security + security groups, and Networking applies the rules in those security groups to block or unblock ports, port ranges, or traffic types for that VM. - Each plug-in that Neutron uses has its own concepts. While not - vital to operating Neutron, understanding these concepts can help - you set up Neutron. All Neutron installations use a core plug-in + Each plug-in that Networking uses has its own concepts. While not + vital to operating Networking, understanding these concepts can help + you set up Networking. All Networking installations use a core plug-in and a security group plug-in (or just the No-Op security group plug-in). Additionally, Firewall-as-a-service (FWaaS) and Load-balancing-as-a-service (LBaaS) plug-ins are available. -
- Open vSwitch concepts - The Open vSwitch plug-in is one of the most popular core - plug-ins. Open vSwitch configurations consists of bridges and - ports. Ports represent connections to other things, such as - physical interfaces and patch cables. Packets from any given - port on a bridge are shared with all other ports on that bridge. - Bridges can be connected through Open vSwitch virtual patch - cables or through Linux virtual Ethernet cables - (veth). Additionally, bridges appear as - network interfaces to Linux, so you can assign IP addresses to - them. - In Neutron, the integration bridge, called - br-int, connects directly to the VMs and - associated services. The external bridge, called - br-ex, connects to the external network. - Finally, the VLAN configuration of the Open vSwitch plug-in uses - bridges associated with each physical network. - In addition to defining bridges, Open vSwitch has OpenFlow, - which enables you to define networking flow rules. Certain - configurations use these rules to transfer packets between - VLANs. - Finally, some configurations of Open vSwitch use network - namespaces that enable Linux to group adapters into unique - namespaces that are not visible to other namespaces, which - allows the same network node to manage multiple Neutron - routers. - With Open vSwitch, you can use two different technologies to - create the virtual networks: GRE or VLANs. - Generic Routing Encapsulation (GRE) is the technology used - in many VPNs. It wraps IP packets to create entirely new packets - with different routing information. When the new packet reaches - its destination, it is unwrapped, and the underlying packet is - routed. To use GRE with Open vSwitch, Neutron creates GRE - tunnels. These tunnels are ports on a bridge and enable bridges - on different systems to act as though they were one bridge, - which allows the compute and network nodes to act as one for the - purposes of routing. - Virtual LANs (VLANs), on the other hand, use a special - modification to the Ethernet header. They add a 4-byte VLAN tag - that ranges from 1 to 4094 (the 0 tag is special, and the 4095 - tag, made of all ones, is equivalent to an untagged packet). - Special NICs, switches, and routers know how to interpret the - VLAN tags, as does Open vSwitch. Packets tagged for one VLAN are - only shared with other devices configured to be on that VLAN, - even though all devices are on the same physical - network. - The most common security group driver used with Open vSwitch - is the Hybrid IPTables/Open vSwitch plug-in. It uses a - combination for IPTables and OpenFlow rules. Use the IPTables - tool to create firewalls and set up NATs on Linux. This tool - uses a complex rule system and chains of rules to accommodate - the complex rules required by Neutron security groups. -
diff --git a/doc/install-guide/section_neutron-ml2-compute-node.xml b/doc/install-guide/section_neutron-ml2-compute-node.xml index 5cb62821a8..feef07ff55 100644 --- a/doc/install-guide/section_neutron-ml2-compute-node.xml +++ b/doc/install-guide/section_neutron-ml2-compute-node.xml @@ -8,8 +8,8 @@ Configure compute node Prerequisites - Before you configure Networking, you must enable certain kernel - networking functions. + Before you configure OpenStack Networking, you must enable certain + kernel networking functions. Edit /etc/sysctl.conf to contain the following: @@ -284,7 +284,7 @@ enable_security_group = True To configure Compute to use Networking By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through - OpenStack Networking. + Networking. Run the following commands: Replace NEUTRON_PASS with the diff --git a/doc/install-guide/section_neutron-ml2-controller-node.xml b/doc/install-guide/section_neutron-ml2-controller-node.xml index ba8aa1bb30..c045d84991 100644 --- a/doc/install-guide/section_neutron-ml2-controller-node.xml +++ b/doc/install-guide/section_neutron-ml2-controller-node.xml @@ -8,8 +8,8 @@ Configure controller node Prerequisites - Before you configure Networking, you must create a - database and Identity service credentials including a user and + Before you configure OpenStack Networking (neutron), you must create + a database and Identity service credentials including a user and service. Connect to the database as the root user, create the @@ -340,7 +340,7 @@ enable_security_group = True To configure Compute to use Networking By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through - OpenStack Networking. + Networking. Run the following commands: Replace NEUTRON_PASS with the diff --git a/doc/install-guide/section_neutron-ml2-network-node.xml b/doc/install-guide/section_neutron-ml2-network-node.xml index a3985a2216..5f8dd7bab5 100644 --- a/doc/install-guide/section_neutron-ml2-network-node.xml +++ b/doc/install-guide/section_neutron-ml2-network-node.xml @@ -8,8 +8,8 @@ Configure network node Prerequisites - Before you configure Networking, you must enable certain kernel - networking functions. + Before you configure OpenStack Networking, you must enable certain + kernel networking functions. Edit /etc/sysctl.conf to contain the following: diff --git a/doc/install-guide/section_nova-compute.xml b/doc/install-guide/section_nova-compute.xml index 1612f87d2f..2f70b923d2 100644 --- a/doc/install-guide/section_nova-compute.xml +++ b/doc/install-guide/section_nova-compute.xml @@ -34,7 +34,7 @@ - If you run legacy networking (nova-compute), do not + If you run legacy networking (nova-network), do not configure eth1 with a static IP address. The networking component of OpenStack assigns and configures an IP address. For details, see the @@ -76,7 +76,7 @@ To use the meta-packages and install other components on - your compute node, such as OVS Networking and Ceilometer + your compute node, such as OpenStack Networking and Ceilometer agents, run this command: # apt-get install openstack-compute-node The controller node has the