Merge "Remove deprecated neutron OVS plug-in content"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
0a5fc388ab
@ -1,326 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
version="5.0"
|
||||
xml:id="neutron-compute-node">
|
||||
<title>Configure compute node</title>
|
||||
<note>
|
||||
<para>This section details set up for any node that runs the
|
||||
<literal>nova-compute</literal> component but does not run
|
||||
the full network stack.</para>
|
||||
</note>
|
||||
<warning os="rhel;centos">
|
||||
<para>By default, the <literal>system-config-firewall</literal> automated
|
||||
firewall configuration tool is in place on RHEL. This graphical interface
|
||||
(and a curses-style interface with <literal>-tui</literal> on the end of
|
||||
the name) enables you to configure IP tables as a basic firewall. You
|
||||
should disable it when you work with OpenStack Networking unless you are
|
||||
familiar with the underlying network technologies, as, by default, it
|
||||
blocks various types of network traffic that are important to neutron
|
||||
services. To disable it, launch the program and clear the
|
||||
<guilabel>Enabled</guilabel> check box.</para>
|
||||
<para>After you successfully set up OpenStack Networking with Neutron, you
|
||||
can re-enable and configure the tool. However, during OpenStack
|
||||
Networking setup, disable the tool to make it easier to debug network
|
||||
issues.</para>
|
||||
</warning>
|
||||
<procedure>
|
||||
<title>Prerequisites</title>
|
||||
<step>
|
||||
<para>Disable packet destination filtering (route
|
||||
verification) to let the networking services route traffic
|
||||
to the VMs. Edit the <filename>/etc/sysctl.conf</filename>
|
||||
file and run the following command to activate
|
||||
changes:</para>
|
||||
<programlisting language="ini">net.ipv4.conf.all.rp_filter=0
|
||||
net.ipv4.conf.default.rp_filter=0</programlisting>
|
||||
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Install Open vSwitch plug-in</title>
|
||||
<para>OpenStack Networking supports a variety of plug-ins. For
|
||||
simplicity, we chose to cover the most common plug-in, Open
|
||||
vSwitch, and configure it to use basic GRE tunnels for tenant
|
||||
network traffic.</para>
|
||||
<step>
|
||||
<para>Install the Open vSwitch plug-in and its
|
||||
dependencies:</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
|
||||
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
||||
</step>
|
||||
<step os="ubuntu;debian">
|
||||
<para>Restart Open vSwitch:</para>
|
||||
<screen><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
|
||||
</step>
|
||||
<step os="rhel;fedora;centos;opensuse;sles">
|
||||
<para>Start Open vSwitch and configure it to start when
|
||||
the system boots:</para>
|
||||
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
|
||||
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
|
||||
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
||||
<para>You must set some common configuration options. You
|
||||
must configure Networking core to use
|
||||
<acronym>OVS</acronym>. Edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini" os="ubuntu;opensuse;sles">core_plugin = openvswitch</programlisting>
|
||||
<programlisting language="ini" os="rhel;centos;fedora">core_plugin = openvswitch</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>You must configure a firewall as well. You should
|
||||
use the same firewall plug-in that you chose to use when
|
||||
you set up the network node. To do this, edit
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file and set the <literal>firewall_driver</literal>
|
||||
value under the <literal>securitygroup</literal> to the
|
||||
same value used on the network node. For instance, if
|
||||
you chose to use the Hybrid OVS-IPTables plug-in, your
|
||||
configuration looks like this:</para>
|
||||
<programlisting language="ini">[securitygroup]
|
||||
# Firewall driver for realizing neutron security group function.
|
||||
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
||||
<warning>
|
||||
<para>You must use at least the No-Op firewall.
|
||||
Otherwise, Horizon and other OpenStack services cannot
|
||||
get and set required VM boot options.</para>
|
||||
</warning>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;sles;opensuse">
|
||||
<para>Configure the <acronym>OVS</acronym> plug-in to start
|
||||
on boot.</para>
|
||||
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
|
||||
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Tell the <acronym>OVS</acronym> plug-in to use GRE
|
||||
tunneling with a <literal>br-int</literal> integration
|
||||
bridge, a <literal>br-tun</literal> tunneling bridge,
|
||||
and a local IP for the tunnel of
|
||||
<replaceable>DATA_INTERFACE</replaceable>'s IP Edit
|
||||
the
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">[ovs]
|
||||
...
|
||||
tenant_network_type = gre
|
||||
tunnel_id_ranges = 1:1000
|
||||
enable_tunneling = True
|
||||
integration_bridge = br-int
|
||||
tunnel_bridge = br-tun
|
||||
local_ip = <replaceable>DATA_INTERFACE_IP</replaceable></programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure os="rhel;centos;fedora;sles;opensuse;ubuntu">
|
||||
<title>Configure common components</title>
|
||||
<step os="rhel;centos;fedora;opensuse;sles">
|
||||
<para>Configure Networking to use <systemitem class="service">keystone</systemitem> for authentication:</para>
|
||||
<substeps>
|
||||
<step>
|
||||
<para>Set the <literal>auth_strategy</literal>
|
||||
configuration key to <literal>keystone</literal> in the
|
||||
<literal>[DEFAULT]</literal> section of the file:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Set the <systemitem class="service">neutron</systemitem>
|
||||
configuration for
|
||||
<systemitem class="service">keystone</systemitem>
|
||||
authentication:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_host <replaceable>controller</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_protocol http</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_port 35357</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_tenant_name service</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_user neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
|
||||
</step>
|
||||
</substeps>
|
||||
</step>
|
||||
<step os="ubuntu">
|
||||
<para>To configure <systemitem class="service">neutron</systemitem>
|
||||
to use <systemitem class="service">keystone</systemitem>
|
||||
for authentication, edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename> file.</para>
|
||||
<substeps>
|
||||
<step>
|
||||
<para>Set the <literal>auth_strategy</literal>
|
||||
configuration key to <literal>keystone</literal> in the
|
||||
<literal>[DEFAULT]</literal> section of the file:</para>
|
||||
<programlisting language="ini">[DEFAULT]
|
||||
...
|
||||
auth_strategy = keystone</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>Add these lines to the
|
||||
<literal>[keystone_authtoken]</literal> section of the
|
||||
file:</para>
|
||||
<programlisting language="ini">[keystone_authtoken]
|
||||
...
|
||||
auth_uri = http://<replaceable>controller</replaceable>:5000
|
||||
auth_host = <replaceable>controller</replaceable>
|
||||
auth_protocol = http
|
||||
auth_port = 35357
|
||||
admin_tenant_name = service
|
||||
admin_user = neutron
|
||||
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
||||
</step>
|
||||
</substeps>
|
||||
</step>
|
||||
<step os="opensuse;sles;rhel;centos;fedora">
|
||||
<para>Configure access to the <application>RabbitMQ</application> service:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_host <replaceable>controller</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_userid guest</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
|
||||
</step>
|
||||
<step os="ubuntu">
|
||||
<para>Configure the <application>RabbitMQ</application> access.
|
||||
Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
||||
to modify the following parameters in the
|
||||
<literal>[DEFAULT]</literal> section.</para>
|
||||
<programlisting language="ini">rabbit_host = <replaceable>controller</replaceable>
|
||||
rabbit_userid = guest
|
||||
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Configure Compute services for Networking</title>
|
||||
<step>
|
||||
<para os="rhel;centos;fedora;opensuse;sles">Configure OpenStack Compute to use OpenStack Networking
|
||||
services. Configure the <filename>/etc/nova/nova.conf</filename>
|
||||
file as per instructions below:</para>
|
||||
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
network_api_class nova.network.neutronv2.api.API</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_url http://<replaceable>controller</replaceable>:9696</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_auth_strategy keystone</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_tenant_name service</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_username neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_auth_url http://<replaceable>controller</replaceable>:35357/v2.0</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
firewall_driver nova.virt.firewall.NoopFirewallDriver</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
security_group_api neutron</userinput></screen>
|
||||
<para os="ubuntu;debian">Configure OpenStack Compute to use OpenStack Networking
|
||||
services. Edit the <filename>/etc/nova/nova.conf</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini" os="ubuntu;debian">network_api_class=nova.network.neutronv2.api.API
|
||||
neutron_url=http://<replaceable>controller</replaceable>:9696
|
||||
neutron_auth_strategy=keystone
|
||||
neutron_admin_tenant_name=service
|
||||
neutron_admin_username=neutron
|
||||
neutron_admin_password=<replaceable>NEUTRON_PASS</replaceable>
|
||||
neutron_admin_auth_url=http://<replaceable>controller</replaceable>:35357/v2.0
|
||||
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
|
||||
firewall_driver=nova.virt.firewall.NoopFirewallDriver
|
||||
security_group_api=neutron</programlisting>
|
||||
<note>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>No matter which firewall driver you chose when you
|
||||
configured the network and compute nodes, you must
|
||||
edit the <filename>/etc/nova/nova.conf</filename> file
|
||||
to set the firewall driver to
|
||||
<literal>nova.virt.firewall.NoopFirewallDriver</literal>.
|
||||
Because OpenStack Networking handles the firewall,
|
||||
this statement instructs Compute to not use a
|
||||
firewall.</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>If you want Networking to handle the firewall,
|
||||
edit the
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file to set the <code>firewall_driver</code> option to
|
||||
the firewall for the plug-in. For example, with
|
||||
<acronym>OVS</acronym>, edit the file as
|
||||
follows:</para>
|
||||
<programlisting language="ini" os="ubuntu;debian">[securitygroup]
|
||||
# Firewall driver for realizing neutron security group function.
|
||||
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
||||
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set \
|
||||
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini securitygroup firewall_driver \
|
||||
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</userinput></screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>If you do not want to use a firewall in Compute or
|
||||
Networking, edit both configuration files and set
|
||||
<code>firewall_driver=nova.virt.firewall.NoopFirewallDriver</code>.
|
||||
Also, edit the
|
||||
<filename>/etc/nova/nova.conf</filename> file and
|
||||
comment out or remove the
|
||||
<code>security_group_api=neutron</code>
|
||||
statement.</para>
|
||||
<para>Otherwise, when you issue <command>nova
|
||||
list</command> commands, the <errortext>ERROR: The
|
||||
server has either erred or is incapable of
|
||||
performing the requested operation. (HTTP
|
||||
500)</errortext> error might be returned.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Finalize installation</title>
|
||||
<step os="rhel;centos;fedora">
|
||||
<para>The <systemitem class="service">neutron-server</systemitem>
|
||||
initialization script expects a symbolic link
|
||||
<filename>/etc/neutron/plugin.ini</filename> pointing to the
|
||||
configuration file associated with your chosen plug-in. Using
|
||||
Open vSwitch, for example, the symbolic link must point to
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.
|
||||
If this symbolic link does not exist, create it using the
|
||||
following commands:</para>
|
||||
<screen><prompt>#</prompt> <userinput>cd /etc/neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>ln -s plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini</userinput></screen>
|
||||
</step>
|
||||
<step os="sles;opensuse">
|
||||
<para>The <systemitem class="service">openstack-neutron</systemitem>
|
||||
initialization script expects the variable
|
||||
<literal>NEUTRON_PLUGIN_CONF</literal> in file
|
||||
<filename>/etc/sysconfig/neutron</filename> to reference the
|
||||
configuration file associated with your chosen plug-in. Using
|
||||
Open vSwitch, for example, edit the
|
||||
<filename>/etc/sysconfig/neutron</filename> file and add the
|
||||
following:</para>
|
||||
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>Restart Networking services.</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
||||
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput></screen>
|
||||
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Restart the Compute service.</para>
|
||||
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service nova-compute restart</userinput></screen>
|
||||
<screen os="centos;rhel;fedora"><prompt>#</prompt> <userinput>service openstack-nova-compute restart</userinput></screen>
|
||||
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-nova-compute restart</userinput></screen>
|
||||
</step>
|
||||
</procedure>
|
||||
</section>
|
||||
@ -1,332 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
version="5.0"
|
||||
xml:id="neutron-controller-node">
|
||||
<title>Configure controller node</title>
|
||||
<warning os="rhel;centos">
|
||||
<para>By default, the <literal>system-config-firewall</literal>
|
||||
automated firewall configuration tool is in place on RHEL.
|
||||
This graphical interface (and a curses-style interface with
|
||||
<literal>-tui</literal> on the end of the name) enables you
|
||||
to configure IP tables as a basic firewall. You should disable
|
||||
it when you work with Neutron unless you are familiar with the
|
||||
underlying network technologies, as, by default, it blocks
|
||||
various types of network traffic that are important to
|
||||
Neutron. To disable it, simple launch the program and clear
|
||||
the <guilabel>Enabled</guilabel> check box.</para>
|
||||
<para>After you successfully set up OpenStack with Neutron, you
|
||||
can re-enable and configure the tool. However, during Neutron
|
||||
set up, disable the tool to make it easier to debug network
|
||||
issues.</para>
|
||||
</warning>
|
||||
<procedure os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
||||
<title>Prerequisites</title>
|
||||
<para os="rhel;centos;fedora;opensuse;sles;ubuntu">Before you
|
||||
configure individual nodes for Networking, you must create the
|
||||
required OpenStack components: user, service, database, and one or
|
||||
more endpoints. After you complete these steps on the controller
|
||||
node, follow the instructions in this guide to set up OpenStack
|
||||
Networking nodes.</para>
|
||||
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
||||
<para>Connect to the MySQL database as the root user, create the
|
||||
<literal>neutron</literal> database, and grant the proper
|
||||
access to it:</para>
|
||||
<screen><prompt>$</prompt> <userinput>mysql -u root -p</userinput>
|
||||
<prompt>mysql></prompt> <userinput>CREATE DATABASE neutron;</userinput>
|
||||
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
|
||||
IDENTIFIED BY '<replaceable>NEUTRON_DBPASS</replaceable>';</userinput>
|
||||
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
|
||||
IDENTIFIED BY '<replaceable>NEUTRON_DBPASS</replaceable>';</userinput></screen>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
||||
<para>Create the required user, service, and endpoint so that
|
||||
Networking can interface with the Identity Service.</para>
|
||||
<para>Create a <literal>neutron</literal> user:</para>
|
||||
<screen><prompt>$</prompt> <userinput>keystone user-create --name=neutron --pass=<replaceable>NEUTRON_PASS</replaceable> --email=<replaceable>neutron@example.com</replaceable></userinput></screen>
|
||||
<para>Add the user role to the neutron user:</para>
|
||||
<screen><prompt>$</prompt> <userinput>keystone user-role-add --user=neutron --tenant=service --role=admin</userinput></screen>
|
||||
<para>Create the neutron service:</para>
|
||||
<screen><prompt>$</prompt> <userinput>keystone service-create --name=neutron --type=network \
|
||||
--description="OpenStack Networking"</userinput></screen>
|
||||
<para>Create a Networking endpoint:</para>
|
||||
<screen><prompt>$</prompt> <userinput>keystone endpoint-create \
|
||||
--service-id $(keystone service-list | awk '/ network / {print $2}') \
|
||||
--publicurl http://<replaceable>controller</replaceable>:9696 \
|
||||
--adminurl http://<replaceable>controller</replaceable>:9696 \
|
||||
--internalurl http://<replaceable>controller</replaceable>:9696</userinput></screen>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Install and configure server component</title>
|
||||
<step>
|
||||
<para>Install the server component of Networking and any dependencies.</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-server</userinput></screen>
|
||||
<screen os="fedora;rhel;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron python-neutron python-neutronclient</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron python-neutron python-neutronclient</userinput></screen>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles">
|
||||
<para>Configure Networking to connect to the database:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf database connection \
|
||||
mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@controller/neutron</userinput></screen>
|
||||
</step>
|
||||
<step os="ubuntu;debian">
|
||||
<para>Configure Networking to use your MySQL database. Edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename> file and add the
|
||||
following key under the <literal>[database]</literal> section.
|
||||
Replace <replaceable>NEUTRON_DBPASS</replaceable> with the password
|
||||
you chose for the Neutron database.</para>
|
||||
<programlisting language="ini">[database]
|
||||
...
|
||||
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles">
|
||||
<para>Configure Networking to use
|
||||
<systemitem class="service">keystone</systemitem> as the Identity
|
||||
Service for authentication:</para>
|
||||
<substeps>
|
||||
<step>
|
||||
<para>Set the <literal>auth_strategy</literal>
|
||||
configuration key to <literal>keystone</literal> in the
|
||||
<literal>DEFAULT</literal> section of the file:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Set the <systemitem class="service">neutron</systemitem> configuration for
|
||||
<systemitem class="service">keystone</systemitem> authentication:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_host <replaceable>controller</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_protocol http</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_port 35357</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_tenant_name service</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_user neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
|
||||
</step>
|
||||
</substeps>
|
||||
</step>
|
||||
<step os="ubuntu;debian">
|
||||
<para>Configure Networking to use
|
||||
<systemitem class="service">keystone</systemitem> as the Identity
|
||||
Service for authentication.</para>
|
||||
<substeps>
|
||||
<step>
|
||||
<para>Edit the <filename>/etc/neutron/neutron.conf</filename>
|
||||
file and add the
|
||||
file and add the following key under the
|
||||
<literal>[DEFAULT]</literal> section.</para>
|
||||
<programlisting language="ini">[DEFAULT]
|
||||
...
|
||||
auth_strategy = keystone</programlisting>
|
||||
<para>Add the following keys under the
|
||||
<literal>[keystone_authtoken]</literal> section. Replace
|
||||
<replaceable>NEUTRON_PASS</replaceable> with the password you
|
||||
chose for the Neutron user in Keystone.</para>
|
||||
<programlisting language="ini">[keystone_authtoken]
|
||||
...
|
||||
auth_uri = http://<replaceable>controller</replaceable>:5000
|
||||
auth_host = <replaceable>controller</replaceable>
|
||||
auth_protocol = http
|
||||
auth_port = 35357
|
||||
admin_tenant_name = service
|
||||
admin_user = neutron
|
||||
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
||||
</step>
|
||||
</substeps>
|
||||
</step>
|
||||
<step os="opensuse;sles;rhel;centos;fedora">
|
||||
<para>Configure access to the <application>RabbitMQ</application>
|
||||
service:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_host controller</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_userid guest</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
|
||||
</step>
|
||||
<step os="ubuntu;debian">
|
||||
<para>Configure Networking to use your message broker. Edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename> file and add
|
||||
the following keys under the <literal>[DEFAULT]</literal>
|
||||
section.</para>
|
||||
<para>Replace <replaceable>RABBIT_PASS</replaceable> with the
|
||||
password you chose for RabbitMQ.</para>
|
||||
<programlisting language="ini">[DEFAULT]
|
||||
...
|
||||
rpc_backend = neutron.openstack.common.rpc.impl_kombu
|
||||
rabbit_host = <replaceable>controller</replaceable>
|
||||
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Install and configure Open vSwitch (OVS) plug-in</title>
|
||||
<para>OpenStack Networking supports a variety of plug-ins. For
|
||||
simplicity, we chose to cover the most common plug-in, Open
|
||||
vSwitch, and configure it to use basic GRE tunnels for tenant
|
||||
network traffic.</para>
|
||||
<step>
|
||||
<para>Install the Open vSwitch plug-in:</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch</userinput></screen>
|
||||
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>You must set some common configuration options no
|
||||
matter which networking technology you choose to use
|
||||
with Open vSwitch. You must configure Networking core to
|
||||
use <acronym>OVS</acronym>. Edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">core_plugin = openvswitch</programlisting>
|
||||
<note>
|
||||
<para>The dedicated controller node does not need to run
|
||||
Open vSwitch or the Open vSwitch agent.</para>
|
||||
</note>
|
||||
</step>
|
||||
<step>
|
||||
<para>Configure the <acronym>OVS</acronym> plug-in to use GRE
|
||||
tunneling. Edit the
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">[ovs]
|
||||
tenant_network_type = gre
|
||||
tunnel_id_ranges = 1:1000
|
||||
enable_tunneling = True</programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Configure Compute services for Networking</title>
|
||||
<step>
|
||||
<para os="rhel;centos;fedora;opensuse;sles">Configure Compute to use
|
||||
OpenStack Networking services. Configure the
|
||||
<filename>/etc/nova/nova.conf</filename> file as per instructions
|
||||
below:</para>
|
||||
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
network_api_class nova.network.neutronv2.api.API</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_url http://<replaceable>controller</replaceable>:9696</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_auth_strategy keystone</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_tenant_name service</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_username neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_admin_auth_url http://<replaceable>controller</replaceable>:35357/v2.0</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
firewall_driver nova.virt.firewall.NoopFirewallDriver</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
security_group_api neutron</userinput></screen>
|
||||
<para os="ubuntu;debian">Configure Compute to use OpenStack Networking
|
||||
services. Edit the <filename>/etc/nova/nova.conf</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini" os="ubuntu;debian">network_api_class=nova.network.neutronv2.api.API
|
||||
neutron_url=http://<replaceable>controller</replaceable>:9696
|
||||
neutron_auth_strategy=keystone
|
||||
neutron_admin_tenant_name=service
|
||||
neutron_admin_username=neutron
|
||||
neutron_admin_password=<replaceable>NEUTRON_PASS</replaceable>
|
||||
neutron_admin_auth_url=http://<replaceable>controller</replaceable>:35357/v2.0
|
||||
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
|
||||
firewall_driver=nova.virt.firewall.NoopFirewallDriver
|
||||
security_group_api=neutron</programlisting>
|
||||
<note>
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Regardless of which firewall driver you chose when you
|
||||
configured the network and compute nodes, set this driver
|
||||
as the No-Op firewall. This firewall is a
|
||||
<systemitem class="service">nova</systemitem> firewall,
|
||||
and because <systemitem class="service">neutron</systemitem>
|
||||
handles the Firewall, you must tell
|
||||
<systemitem class="service">nova</systemitem> not to use one.</para>
|
||||
<para>When Networking handles the firewall, the option
|
||||
<code>firewall_driver</code> should be set according to
|
||||
the specified plug-in. For example with
|
||||
<acronym>OVS</acronym>, edit the
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini" os="ubuntu;debian">[securitygroup]
|
||||
# Firewall driver for realizing neutron security group function.
|
||||
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
||||
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set \
|
||||
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini securitygroup firewall_driver \
|
||||
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</userinput></screen>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>If you do not want to use a firewall in Compute or
|
||||
Networking, set
|
||||
<code>firewall_driver=nova.virt.firewall.NoopFirewallDriver</code>
|
||||
in both config files, and comment out or remove
|
||||
<code>security_group_api=neutron</code> in the
|
||||
<filename>/etc/nova/nova.conf</filename> file, otherwise
|
||||
you may encounter <errortext>ERROR: The server has either
|
||||
erred or is incapable of performing the requested
|
||||
operation. (HTTP 500)</errortext> when issuing
|
||||
<command>nova list</command> commands.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</note>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora">
|
||||
<para>The <systemitem class="service">neutron-server</systemitem>
|
||||
initialization script expects a symbolic link
|
||||
<filename>/etc/neutron/plugin.ini</filename> pointing to the
|
||||
configuration file associated with your chosen plug-in. Using
|
||||
Open vSwitch, for example, the symbolic link must point to
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.
|
||||
If this symbolic link does not exist, create it using the
|
||||
following commands:</para>
|
||||
<screen><prompt>#</prompt> <userinput>cd /etc/neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>ln -s plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini</userinput></screen>
|
||||
</step>
|
||||
<step os="sles;opensuse">
|
||||
<para>The <systemitem class="service">openstack-neutron</systemitem>
|
||||
initialization script expects the variable
|
||||
<literal>NEUTRON_PLUGIN_CONF</literal> in file
|
||||
<filename>/etc/sysconfig/neutron</filename> to reference the
|
||||
configuration file associated with your chosen plug-in. Using
|
||||
Open vSwitch, for example, edit the
|
||||
<filename>/etc/sysconfig/neutron</filename> file and add the
|
||||
following:</para>
|
||||
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"</programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Finalize installation</title>
|
||||
<step os="ubuntu;debian">
|
||||
<para>Restart the Compute and Networking services:</para>
|
||||
<screen><prompt>#</prompt> <userinput>service nova-api restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service nova-scheduler restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service nova-conductor restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-server restart</userinput></screen>
|
||||
</step>
|
||||
<step os="fedora;rhel;centos;opensuse;sles">
|
||||
<para>Restart the Compute services:</para>
|
||||
<screen><prompt>#</prompt> <userinput>service openstack-nova-api restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service openstack-nova-scheduler restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service openstack-nova-conductor restart</userinput></screen>
|
||||
</step>
|
||||
<step os="fedora;rhel;centos;opensuse;sles">
|
||||
<para>Start the Networking service and configure it to start when the
|
||||
system boots:</para>
|
||||
<screen os="fedora;rhel;centos"><prompt>#</prompt> <userinput>service neutron-server start</userinput>
|
||||
<prompt>#</prompt> <userinput>chkconfig neutron-server on</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron start</userinput>
|
||||
<prompt>#</prompt> <userinput>chkconfig openstack-neutron on</userinput></screen>
|
||||
</step>
|
||||
</procedure>
|
||||
</section>
|
||||
@ -1,457 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<section xmlns="http://docbook.org/ns/docbook"
|
||||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||
version="5.0"
|
||||
xml:id="neutron-network-node">
|
||||
<title>Configure network node</title>
|
||||
<note>
|
||||
<para>Before you start, set up a machine as a dedicated network
|
||||
node. Dedicated network nodes have a
|
||||
<replaceable>MGMT_INTERFACE</replaceable> NIC, a
|
||||
<replaceable>DATA_INTERFACE</replaceable> NIC, and an
|
||||
<replaceable>EXTERNAL_INTERFACE</replaceable> NIC.</para>
|
||||
<para>The management network handles communication among nodes.
|
||||
The data network handles communication coming to and from VMs.
|
||||
The external NIC connects the network node, and optionally to
|
||||
the controller node, so your VMs can connect to the outside
|
||||
world.</para>
|
||||
</note>
|
||||
<warning os="rhel;centos">
|
||||
<para>By default, the <literal>system-config-firewall</literal> automated
|
||||
firewall configuration tool is in place on RHEL. This graphical interface
|
||||
(and a curses-style interface with <literal>-tui</literal> on the end of
|
||||
the name) enables you to configure IP tables as a basic firewall. You
|
||||
should disable it when you work with Networking unless you are familiar
|
||||
with the underlying network technologies. By default, it blocks various
|
||||
types of network traffic that are important to Networking. To disable it,
|
||||
simply launch the program and clear the <guilabel>Enabled</guilabel> check
|
||||
box.</para>
|
||||
<para>After you successfully set up OpenStack Networking, you
|
||||
can re-enable and configure the tool. However, during
|
||||
Networking set up, disable the tool to make it easier to debug
|
||||
network issues.</para>
|
||||
</warning>
|
||||
<procedure>
|
||||
<title>Install agents and configure common components</title>
|
||||
<step>
|
||||
<para>Install the Networking packages and any dependencies.
|
||||
</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-dhcp-agent neutron-l3-agent</userinput></screen>
|
||||
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron openstack-neutron-l3-agent \
|
||||
openstack-neutron-dhcp-agent openstack-neutron-metadata-agent</userinput></screen>
|
||||
</step>
|
||||
<step os="debian">
|
||||
<para>Respond to prompts for <link
|
||||
linkend="debconf-dbconfig-common">database
|
||||
management</link>, <link
|
||||
linkend="debconf-keystone_authtoken"
|
||||
><literal>[keystone_authtoken]</literal>
|
||||
settings</link>, <link linkend="debconf-rabbitmq">RabbitMQ
|
||||
credentials</link> and <link
|
||||
linkend="debconf-api-endpoints">API endpoint</link>
|
||||
registration.</para>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles">
|
||||
<para>Configure Networking agents to start at boot time:</para>
|
||||
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>for s in neutron-{dhcp,metadata,l3}-agent; do chkconfig $s on; done</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>for s in openstack-neutron-{dhcp,metadata,l3}-agent; do chkconfig $s on; done</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Enable packet forwarding and disable packet destination
|
||||
filtering so that the network node can coordinate traffic
|
||||
for the VMs. Edit the <filename>/etc/sysctl.conf</filename>
|
||||
file, as follows:</para>
|
||||
<programlisting language="ini">net.ipv4.ip_forward=1
|
||||
net.ipv4.conf.all.rp_filter=0
|
||||
net.ipv4.conf.default.rp_filter=0</programlisting>
|
||||
<para>Use the <command>sysctl</command> command to ensure the
|
||||
changes made to the <filename>/etc/sysctl.conf</filename>
|
||||
file take effect:</para>
|
||||
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
|
||||
<note>
|
||||
<para>It is recommended that the networking service is
|
||||
restarted after changing values related to the networking
|
||||
configuration. This ensures that all modified values take
|
||||
effect immediately:</para>
|
||||
<screen os="ubuntu"><prompt>#</prompt> <userinput>service networking restart</userinput></screen>
|
||||
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service network restart</userinput></screen>
|
||||
</note>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles">
|
||||
<para>Configure Networking to use <systemitem class="service">keystone</systemitem> for authentication:</para>
|
||||
<substeps>
|
||||
<step>
|
||||
<para>Set the <literal>auth_strategy</literal>
|
||||
configuration key to <literal>keystone</literal> in the
|
||||
<literal>DEFAULT</literal> section of the file:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Set the
|
||||
<systemitem class="service">neutron</systemitem>
|
||||
configuration for
|
||||
<systemitem class="service">keystone</systemitem>
|
||||
authentication:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_host <replaceable>controller</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_protocol http</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
auth_port 35357</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_tenant_name service</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_user neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
||||
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
|
||||
</step></substeps>
|
||||
</step>
|
||||
<step os="ubuntu">
|
||||
<para>To configure <systemitem class="service">neutron</systemitem>
|
||||
to use <systemitem class="service">keystone</systemitem>
|
||||
for authentication, edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename> file.</para>
|
||||
<substeps>
|
||||
<step>
|
||||
<para>Set the <literal>auth_strategy</literal>
|
||||
configuration key to <literal>keystone</literal> in the
|
||||
<literal>DEFAULT</literal> section of the file:</para>
|
||||
<programlisting language="ini">auth_strategy = keystone</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>Add these lines to the
|
||||
<literal>[keystone_authtoken]</literal> section of the
|
||||
file:</para>
|
||||
<programlisting language="ini">[keystone_authtoken]
|
||||
...
|
||||
auth_uri = http://<replaceable>controller</replaceable>:5000
|
||||
auth_host = <replaceable>controller</replaceable>
|
||||
auth_port = 35357
|
||||
auth_protocol = http
|
||||
admin_tenant_name = service
|
||||
admin_user = neutron
|
||||
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
||||
</step>
|
||||
</substeps>
|
||||
</step>
|
||||
<step os="opensuse;sles;rhel;centos;fedora">
|
||||
<para>Configure access to the <application>RabbitMQ</application> service:</para>
|
||||
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_host <replaceable>controller</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_userid guest</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
||||
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
|
||||
</step>
|
||||
<step os="ubuntu">
|
||||
<para>Configure the <application>RabbitMQ</application> access.
|
||||
Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
||||
to modify the following parameters in the
|
||||
<literal>DEFAULT</literal> section.</para>
|
||||
<programlisting language="ini">rabbit_host = <replaceable>controller</replaceable>
|
||||
rabbit_userid = guest
|
||||
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Install and configure the Open vSwitch (OVS) plug-in</title>
|
||||
<para>OpenStack Networking supports a variety of plug-ins. For
|
||||
simplicity, we chose to cover the most common plug-in, Open
|
||||
vSwitch, and configure it to use basic GRE tunnels for tenant
|
||||
network traffic.</para>
|
||||
<step>
|
||||
<para>Install the Open vSwitch plug-in and its
|
||||
dependencies:</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
|
||||
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Start Open vSwitch:</para>
|
||||
<screen os="debian;rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
|
||||
<screen os="ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
|
||||
<para os="rhel;fedora;centos;opensuse;sles">And configure
|
||||
it to start when the system boots:</para>
|
||||
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
||||
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>No matter which networking technology you use, you must add the
|
||||
<literal>br-ex</literal> external bridge, which
|
||||
connects to the outside world.</para>
|
||||
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Add a <glossterm>port</glossterm> (connection) from
|
||||
the <replaceable>EXTERNAL_INTERFACE</replaceable>
|
||||
interface to <literal>br-ex</literal> interface:</para>
|
||||
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex <replaceable>EXTERNAL_INTERFACE</replaceable></userinput></screen>
|
||||
<warning>
|
||||
<para>The host must have an IP address associated
|
||||
with an interface other than
|
||||
<replaceable>EXTERNAL_INTERFACE</replaceable>,
|
||||
and your remote terminal session must be associated with
|
||||
this other IP address.</para>
|
||||
<para>If you associate an IP address with
|
||||
<replaceable>EXTERNAL_INTERFACE</replaceable>,
|
||||
that IP address stops working after you issue the
|
||||
<command>ovs-vsctl add-port br-ex <replaceable>EXTERNAL_INTERFACE</replaceable></command>
|
||||
command. If you associate a remote terminal session with that
|
||||
IP address, you lose connectivity with the host.</para>
|
||||
<para>For more details about this behavior, see the
|
||||
<emphasis>Configuration Problems</emphasis> section of the
|
||||
<link xlink:href="http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD">Open vSwitch FAQ</link>.</para>
|
||||
</warning>
|
||||
</step>
|
||||
<step>
|
||||
<para>Configure the
|
||||
<replaceable>EXTERNAL_INTERFACE</replaceable> without
|
||||
an IP address and in promiscuous mode. Additionally, you
|
||||
must set the newly created <literal>br-ex</literal>
|
||||
interface to have the IP address that formerly belonged
|
||||
to <replaceable>EXTERNAL_INTERFACE</replaceable>.</para>
|
||||
<warning os="ubuntu">
|
||||
<para>Generic Receive Offload (GRO) should not be
|
||||
enabled on this interface as it can cause severe
|
||||
performance problems. It can be disabled with the
|
||||
ethtool utility.</para>
|
||||
</warning>
|
||||
<para os="rhel;fedora;centos">Edit the
|
||||
<filename>/etc/sysconfig/network-scripts/ifcfg-EXTERNAL_INTERFACE</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini" os="rhel;fedora;centos">DEVICE_INFO_HERE
|
||||
ONBOOT=yes
|
||||
BOOTPROTO=none
|
||||
PROMISC=yes</programlisting>
|
||||
</step>
|
||||
<step os="rhel;fedora;centos">
|
||||
<para>Create and edit the
|
||||
<filename>/etc/sysconfig/network-scripts/ifcfg-br-ex</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">DEVICE=br-ex
|
||||
TYPE=Bridge
|
||||
ONBOOT=no
|
||||
BOOTPROTO=none
|
||||
IPADDR=EXTERNAL_INTERFACE_IP
|
||||
NETMASK=EXTERNAL_INTERFACE_NETMASK
|
||||
GATEWAY=EXTERNAL_INTERFACE_GATEWAY</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>You must set some common configuration options no
|
||||
matter which networking technology you choose to use
|
||||
with Open vSwitch. Configure the L3 and DHCP agents to
|
||||
use <acronym>OVS</acronym> and namespaces. Edit the
|
||||
<filename>/etc/neutron/l3_agent.ini</filename> and
|
||||
<filename>/etc/neutron/dhcp_agent.ini</filename>
|
||||
files, respectively:</para>
|
||||
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
|
||||
use_namespaces = True</programlisting>
|
||||
<note>
|
||||
<para>While the examples in this guide enable network
|
||||
namespaces by default, you can disable them if issues
|
||||
occur or your kernel does not support them. Edit the
|
||||
<filename>/etc/neutron/l3_agent.ini</filename> and
|
||||
<filename>/etc/neutron/dhcp_agent.ini</filename>
|
||||
files, respectively:</para>
|
||||
<programlisting language="ini">use_namespaces = False</programlisting>
|
||||
<para>Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
||||
to disable overlapping IP addresses:</para>
|
||||
<programlisting language="ini">allow_overlapping_ips = False</programlisting>
|
||||
<para>Note that when network namespaces are disabled,
|
||||
you can have only one router for each network node and
|
||||
overlapping IP addresses are not supported.</para>
|
||||
<para>You must complete additional steps after you
|
||||
create the initial Neutron virtual networks and
|
||||
router.</para>
|
||||
</note>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
||||
<para>Similarly, you must also tell Neutron core to use
|
||||
<acronym>OVS</acronym>. Edit the
|
||||
<filename>/etc/neutron/neutron.conf</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">core_plugin = openvswitch</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>Configure a firewall plug-in. If you do not wish to
|
||||
enforce firewall rules, called <glossterm
|
||||
baseform="security group">security groups</glossterm>
|
||||
by OpenStack, you can use
|
||||
<literal>neutron.agent.firewall.NoopFirewall</literal>.
|
||||
Otherwise, you can choose one of the Networking firewall
|
||||
plug-ins. The most common choice is the Hybrid
|
||||
OVS-IPTables driver, but you can also use the
|
||||
Firewall-as-a-Service driver. Edit the
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">[securitygroup]
|
||||
# Firewall driver for realizing neutron security group function.
|
||||
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
||||
<warning>
|
||||
<para>You must use at least the No-Op firewall.
|
||||
Otherwise, Horizon and other OpenStack services cannot
|
||||
get and set required VM boot options.</para>
|
||||
</warning>
|
||||
</step>
|
||||
<step os="rhel;centos;fedora;sles;opensuse">
|
||||
<para>Configure the <acronym>OVS</acronym> plug-in to start
|
||||
on boot.</para>
|
||||
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
|
||||
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>Configure the <acronym>OVS</acronym> plug-in to
|
||||
use GRE tunneling, the <literal>br-int</literal>
|
||||
integration bridge, the <literal>br-tun</literal>
|
||||
tunneling bridge, and a local IP for the
|
||||
<replaceable>DATA_INTERFACE</replaceable> tunnel IP.
|
||||
Edit the
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
||||
file:</para>
|
||||
<programlisting language="ini">[ovs]
|
||||
...
|
||||
tenant_network_type = gre
|
||||
tunnel_id_ranges = 1:1000
|
||||
enable_tunneling = True
|
||||
integration_bridge = br-int
|
||||
tunnel_bridge = br-tun
|
||||
local_ip = DATA_INTERFACE_IP</programlisting>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Configure the agents</title>
|
||||
<step>
|
||||
<para>To perform DHCP on the software-defined networks,
|
||||
Networking supports several different plug-ins. However, in
|
||||
general, you use the <application>dnsmasq</application> plug-in.</para>
|
||||
<para>Configure the
|
||||
<filename>/etc/neutron/dhcp_agent.ini</filename> file:</para>
|
||||
<programlisting language="ini" os="ubuntu;debian">dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq</programlisting>
|
||||
<screen os="rhel;centos;fedora;opensuse;sles">
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
|
||||
dhcp_driver neutron.agent.linux.dhcp.Dnsmasq</userinput></screen>
|
||||
</step>
|
||||
<step>
|
||||
<para>To allow virtual machines to access the Compute metadata
|
||||
information, the Networking metadata agent must be enabled
|
||||
and configured. The agent will act as a proxy for the
|
||||
Compute metadata service.</para>
|
||||
<para>On the controller, edit the
|
||||
<filename>/etc/nova/nova.conf</filename> file to define a
|
||||
secret key that will be shared between the Compute service
|
||||
and the Networking metadata agent.</para>
|
||||
<para os="debian;ubuntu">Add to the
|
||||
<literal>[DEFAULT]</literal> section:</para>
|
||||
<programlisting os="ubuntu;debian" language="ini">[DEFAULT]
|
||||
...
|
||||
neutron_metadata_proxy_shared_secret = <replaceable>METADATA_PASS</replaceable>
|
||||
service_neutron_metadata_proxy = true</programlisting>
|
||||
<para os="opensuse;sles;rhel;centos;fedora">Set the
|
||||
<literal>neutron_metadata_proxy_shared_secret</literal>
|
||||
key:</para>
|
||||
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
neutron_metadata_proxy_shared_secret <replaceable>METADATA_PASS</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
||||
service_neutron_metadata_proxy true</userinput></screen>
|
||||
<para>Restart the
|
||||
<systemitem class="service">nova-api</systemitem> service:</para>
|
||||
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service nova-api restart</userinput></screen>
|
||||
<screen os="centos;rhel;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-nova-api restart</userinput></screen>
|
||||
<para>On the network node, modify the metadata agent
|
||||
configuration.</para>
|
||||
<para os="debian;ubuntu">Edit the
|
||||
<filename>/etc/neutron/metadata_agent.ini</filename> file
|
||||
and modify the <literal>[DEFAULT]</literal> section:</para>
|
||||
<programlisting os="debian;ubuntu" language="ini">[DEFAULT]
|
||||
...
|
||||
auth_url = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||
auth_region = regionOne
|
||||
admin_tenant_name = service
|
||||
admin_user = neutron
|
||||
admin_password = <replaceable>NEUTRON_PASS</replaceable>
|
||||
nova_metadata_ip = <replaceable>controller</replaceable>
|
||||
metadata_proxy_shared_secret = <replaceable>METADATA_PASS</replaceable></programlisting>
|
||||
<para os="opensuse;sles;rhel;centos;fedora">Set the required
|
||||
keys:</para>
|
||||
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
auth_url http://<replaceable>controller</replaceable>:5000/v2.0</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
auth_region regionOne</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
admin_tenant_name service</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
admin_user neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
nova_metadata_ip <replaceable>controller</replaceable></userinput>
|
||||
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
||||
metadata_proxy_shared_secret <replaceable>METADATA_PASS</replaceable></userinput></screen>
|
||||
<note>
|
||||
<para>The value of <literal>auth_region</literal> is
|
||||
case-sensitive and must match the endpoint region defined
|
||||
in Keystone.</para>
|
||||
</note>
|
||||
<note>
|
||||
<para>If you serve the OpenStack Networking API over HTTPS with
|
||||
self-signed certificates, you must perform additional configuration
|
||||
for the metadata agent because Networking cannot validate the SSL
|
||||
certificates from the service catalog.</para>
|
||||
<para os="debian;ubuntu">Add this statement to the
|
||||
<literal>[DEFAULT]</literal> section:</para>
|
||||
<programlisting os="debian;ubuntu" language="ini">
|
||||
neutron_insecure = True</programlisting>
|
||||
<para os="opensuse;sles;rhel;centos;fedora">Set the required keys:</para>
|
||||
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT neutron_insecure True</userinput></screen>
|
||||
</note>
|
||||
</step>
|
||||
</procedure>
|
||||
<procedure>
|
||||
<title>Finalize installation</title>
|
||||
<step os="rhel;centos;fedora">
|
||||
<para>The <systemitem class="service">neutron-server</systemitem>
|
||||
initialization script expects a symbolic link
|
||||
<filename>/etc/neutron/plugin.ini</filename> pointing to the
|
||||
configuration file associated with your chosen plug-in. Using
|
||||
Open vSwitch, for example, the symbolic link must point to
|
||||
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.
|
||||
If this symbolic link does not exist, create it using the
|
||||
following commands:</para>
|
||||
<screen><prompt>#</prompt> <userinput>cd /etc/neutron</userinput>
|
||||
<prompt>#</prompt> <userinput>ln -s plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini</userinput></screen>
|
||||
</step>
|
||||
<step os="sles;opensuse">
|
||||
<para>The <systemitem class="service">openstack-neutron</systemitem>
|
||||
initialization script expects the variable
|
||||
<literal>NEUTRON_PLUGIN_CONF</literal> in file
|
||||
<filename>/etc/sysconfig/neutron</filename> to reference the
|
||||
configuration file associated with your chosen plug-in. Using
|
||||
Open vSwitch, for example, edit the
|
||||
<filename>/etc/sysconfig/neutron</filename> file and add the
|
||||
following:</para>
|
||||
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"</programlisting>
|
||||
</step>
|
||||
<step>
|
||||
<para>Restart Networking services.</para>
|
||||
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-metadata-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
||||
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-metadata-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput></screen>
|
||||
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-dhcp-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service openstack-neutron-l3-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service openstack-neutron-metadata-agent restart</userinput>
|
||||
<prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput></screen>
|
||||
</step>
|
||||
</procedure>
|
||||
</section>
|
||||
Loading…
x
Reference in New Issue
Block a user