Install: Neutron updates for Mitaka
Update neutron content for Mitaka. 1) Change 'public' to 'provider' and 'private' to 'self-service' to improve distinction between these networks using neutronish terms. 2) Remove explicit installation of some packages due to dependency fixes. 3) Remove explicit configuration of verbosity. 4) Remove explicit configuration of ARP spoofing protection. 5) Remove extraneous configuration for the metadata agent. 6) Remove extraneous configuration for nova-neutron interaction. 7) Reduce discussion of MTU because Mitaka fixes most of the issues, but we still need to explain the most limitation of overlay networks. 8) Generally improve wording. Implements: blueprint installguide-mitaka Change-Id: I3beff125b2eb8d264048530dc3bad7d346d2828b
This commit is contained in:
parent
415af6cd59
commit
117606139c
@ -1,3 +1,5 @@
|
||||
.. _environment-networking:
|
||||
|
||||
Host networking
|
||||
~~~~~~~~~~~~~~~
|
||||
|
||||
|
@ -7,22 +7,22 @@ Configure the Linux bridge agent
|
||||
--------------------------------
|
||||
|
||||
The Linux bridge agent builds layer-2 (bridging and switching) virtual
|
||||
networking infrastructure for instances including VXLAN tunnels for private
|
||||
networks and handles security groups.
|
||||
networking infrastructure for instances and handles security groups.
|
||||
|
||||
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
|
||||
complete the following actions:
|
||||
|
||||
* In the ``[linux_bridge]`` section, map the public virtual network to the
|
||||
public physical network interface:
|
||||
* In the ``[linux_bridge]`` section, map the provider virtual network to the
|
||||
provider physical network interface:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[linux_bridge]
|
||||
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
|
||||
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
|
||||
|
||||
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
|
||||
public network interface.
|
||||
Replace ``PROVIDER_INTERFACE_NAME`` with the name of the underlying
|
||||
provider physical network interface. See :ref:`environment-networking`
|
||||
for more information.
|
||||
|
||||
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
|
||||
|
||||
@ -31,14 +31,6 @@ networks and handles security groups.
|
||||
[vxlan]
|
||||
enable_vxlan = False
|
||||
|
||||
* In the ``[agent]`` section, enable ARP spoofing protection:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[agent]
|
||||
...
|
||||
prevent_arp_spoofing = True
|
||||
|
||||
* In the ``[securitygroup]`` section, enable security groups and
|
||||
configure the Linux bridge :term:`iptables` firewall driver:
|
||||
|
||||
|
@ -7,22 +7,22 @@ Configure the Linux bridge agent
|
||||
--------------------------------
|
||||
|
||||
The Linux bridge agent builds layer-2 (bridging and switching) virtual
|
||||
networking infrastructure for instances including VXLAN tunnels for private
|
||||
networks and handles security groups.
|
||||
networking infrastructure for instances and handles security groups.
|
||||
|
||||
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
|
||||
complete the following actions:
|
||||
|
||||
* In the ``[linux_bridge]`` section, map the public virtual network to the
|
||||
public physical network interface:
|
||||
* In the ``[linux_bridge]`` section, map the provider virtual network to the
|
||||
provider physical network interface:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[linux_bridge]
|
||||
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
|
||||
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
|
||||
|
||||
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
|
||||
public network interface.
|
||||
Replace ``PROVIDER_INTERFACE_NAME`` with the name of the underlying
|
||||
provider physical network interface. See :ref:`environment-networking`
|
||||
for more information.
|
||||
|
||||
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
|
||||
IP address of the physical network interface that handles overlay
|
||||
@ -39,15 +39,8 @@ networks and handles security groups.
|
||||
underlying physical network interface that handles overlay networks. The
|
||||
example architecture uses the management interface to tunnel traffic to
|
||||
the other nodes. Therefore, replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with
|
||||
each node's own management IP address.
|
||||
|
||||
* In the ``[agent]`` section, enable ARP spoofing protection:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[agent]
|
||||
...
|
||||
prevent_arp_spoofing = True
|
||||
the management IP address of the compute node. See
|
||||
:ref:`environment-networking` for more information.
|
||||
|
||||
* In the ``[securitygroup]`` section, enable security groups and
|
||||
configure the Linux bridge :term:`iptables` firewall driver:
|
||||
|
@ -19,13 +19,13 @@ Install the components
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset
|
||||
# yum install openstack-neutron-linuxbridge ebtables
|
||||
|
||||
.. only:: obs
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# zypper install --no-recommends openstack-neutron-linuxbridge-agent ipset
|
||||
# zypper install --no-recommends openstack-neutron-linuxbridge-agent
|
||||
|
||||
.. only:: debian
|
||||
|
||||
@ -123,15 +123,6 @@ authentication mechanism, message queue, and plug-in.
|
||||
...
|
||||
lock_path = /var/lib/neutron/tmp
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in the
|
||||
``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Configure networking options
|
||||
----------------------------
|
||||
|
||||
|
@ -12,7 +12,7 @@ Install the components
|
||||
|
||||
# apt-get install neutron-server neutron-plugin-ml2 \
|
||||
neutron-plugin-linuxbridge-agent neutron-dhcp-agent \
|
||||
neutron-metadata-agent python-neutronclient conntrack
|
||||
neutron-metadata-agent conntrack
|
||||
|
||||
.. only:: debian
|
||||
|
||||
@ -42,7 +42,7 @@ Install the components
|
||||
.. code-block:: console
|
||||
|
||||
# yum install openstack-neutron openstack-neutron-ml2 \
|
||||
openstack-neutron-linuxbridge python-neutronclient ebtables ipset
|
||||
openstack-neutron-linuxbridge ebtables
|
||||
|
||||
.. only:: obs
|
||||
|
||||
@ -50,8 +50,7 @@ Install the components
|
||||
|
||||
# zypper install --no-recommends openstack-neutron \
|
||||
openstack-neutron-server openstack-neutron-linuxbridge-agent \
|
||||
openstack-neutron-dhcp-agent openstack-neutron-metadata-agent \
|
||||
ipset
|
||||
openstack-neutron-dhcp-agent openstack-neutron-metadata-agent
|
||||
|
||||
.. only:: debian
|
||||
|
||||
@ -78,7 +77,6 @@ Install the components
|
||||
...
|
||||
notify_nova_on_port_status_changes = True
|
||||
notify_nova_on_port_data_changes = True
|
||||
nova_url = http://controller:8774/v2
|
||||
|
||||
[nova]
|
||||
...
|
||||
@ -185,7 +183,6 @@ Install the components
|
||||
...
|
||||
notify_nova_on_port_status_changes = True
|
||||
notify_nova_on_port_data_changes = True
|
||||
nova_url = http://controller:8774/v2
|
||||
|
||||
[nova]
|
||||
...
|
||||
@ -211,15 +208,6 @@ Install the components
|
||||
...
|
||||
lock_path = /var/lib/neutron/tmp
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in
|
||||
the ``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Configure the Modular Layer 2 (ML2) plug-in
|
||||
-------------------------------------------
|
||||
|
||||
@ -237,7 +225,7 @@ and switching) virtual networking infrastructure for instances.
|
||||
...
|
||||
type_drivers = flat,vlan
|
||||
|
||||
* In the ``[ml2]`` section, disable project (private) networks:
|
||||
* In the ``[ml2]`` section, disable self-service networks:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
@ -266,14 +254,14 @@ and switching) virtual networking infrastructure for instances.
|
||||
...
|
||||
extension_drivers = port_security
|
||||
|
||||
* In the ``[ml2_type_flat]`` section, configure the public flat provider
|
||||
network:
|
||||
* In the ``[ml2_type_flat]`` section, configure the provider virtual
|
||||
network as a flat network:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[ml2_type_flat]
|
||||
...
|
||||
flat_networks = public
|
||||
flat_networks = provider
|
||||
|
||||
* In the ``[securitygroup]`` section, enable :term:`ipset` to increase
|
||||
efficiency of security group rules:
|
||||
@ -288,22 +276,22 @@ Configure the Linux bridge agent
|
||||
--------------------------------
|
||||
|
||||
The Linux bridge agent builds layer-2 (bridging and switching) virtual
|
||||
networking infrastructure for instances including VXLAN tunnels for private
|
||||
networks and handles security groups.
|
||||
networking infrastructure for instances and handles security groups.
|
||||
|
||||
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
|
||||
complete the following actions:
|
||||
|
||||
* In the ``[linux_bridge]`` section, map the public virtual network to the
|
||||
public physical network interface:
|
||||
* In the ``[linux_bridge]`` section, map the provider virtual network to the
|
||||
provider physical network interface:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[linux_bridge]
|
||||
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
|
||||
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
|
||||
|
||||
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
|
||||
public network interface.
|
||||
Replace ``PROVIDER_INTERFACE_NAME`` with the name of the underlying
|
||||
provider physical network interface. See :ref:`environment-networking`
|
||||
for more information.
|
||||
|
||||
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
|
||||
|
||||
@ -312,14 +300,6 @@ networks and handles security groups.
|
||||
[vxlan]
|
||||
enable_vxlan = False
|
||||
|
||||
* In the ``[agent]`` section, enable ARP spoofing protection:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[agent]
|
||||
...
|
||||
prevent_arp_spoofing = True
|
||||
|
||||
* In the ``[securitygroup]`` section, enable security groups and
|
||||
configure the Linux bridge :term:`iptables` firewall driver:
|
||||
|
||||
@ -339,7 +319,7 @@ The :term:`DHCP agent` provides DHCP services for virtual networks.
|
||||
actions:
|
||||
|
||||
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
|
||||
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
|
||||
Dnsmasq DHCP driver, and enable isolated metadata so instances on provider
|
||||
networks can access metadata over the network:
|
||||
|
||||
.. code-block:: ini
|
||||
@ -350,15 +330,6 @@ The :term:`DHCP agent` provides DHCP services for virtual networks.
|
||||
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
|
||||
enable_isolated_metadata = True
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in the
|
||||
``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Return to
|
||||
:ref:`Networking controller node configuration
|
||||
<neutron-controller-metadata-agent>`.
|
||||
|
@ -12,14 +12,14 @@ Install the components
|
||||
|
||||
# apt-get install neutron-server neutron-plugin-ml2 \
|
||||
neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
|
||||
neutron-metadata-agent python-neutronclient conntrack
|
||||
neutron-metadata-agent conntrack
|
||||
|
||||
.. only:: rdo
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
# yum install openstack-neutron openstack-neutron-ml2 \
|
||||
openstack-neutron-linuxbridge python-neutronclient ebtables ipset
|
||||
openstack-neutron-linuxbridge ebtables
|
||||
|
||||
.. only:: obs
|
||||
|
||||
@ -28,7 +28,7 @@ Install the components
|
||||
# zypper install --no-recommends openstack-neutron \
|
||||
openstack-neutron-server openstack-neutron-linuxbridge-agent \
|
||||
openstack-neutron-l3-agent openstack-neutron-dhcp-agent \
|
||||
openstack-neutron-metadata-agent ipset
|
||||
openstack-neutron-metadata-agent
|
||||
|
||||
.. only:: debian
|
||||
|
||||
@ -144,7 +144,6 @@ Install the components
|
||||
...
|
||||
notify_nova_on_port_status_changes = True
|
||||
notify_nova_on_port_data_changes = True
|
||||
nova_url = http://controller:8774/v2
|
||||
|
||||
[nova]
|
||||
...
|
||||
@ -170,15 +169,6 @@ Install the components
|
||||
...
|
||||
lock_path = /var/lib/neutron/tmp
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in
|
||||
the ``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Configure the Modular Layer 2 (ML2) plug-in
|
||||
-------------------------------------------
|
||||
|
||||
@ -196,7 +186,7 @@ and switching) virtual networking infrastructure for instances.
|
||||
...
|
||||
type_drivers = flat,vlan,vxlan
|
||||
|
||||
* In the ``[ml2]`` section, enable VXLAN project (private) networks:
|
||||
* In the ``[ml2]`` section, enable VXLAN self-service networks:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
@ -230,17 +220,17 @@ and switching) virtual networking infrastructure for instances.
|
||||
...
|
||||
extension_drivers = port_security
|
||||
|
||||
* In the ``[ml2_type_flat]`` section, configure the public flat provider
|
||||
network:
|
||||
* In the ``[ml2_type_flat]`` section, configure the provider virtual
|
||||
network as a flat network:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[ml2_type_flat]
|
||||
...
|
||||
flat_networks = public
|
||||
flat_networks = provider
|
||||
|
||||
* In the ``[ml2_type_vxlan]`` section, configure the VXLAN network identifier
|
||||
range for private networks:
|
||||
range for self-service networks:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
@ -261,22 +251,22 @@ Configure the Linux bridge agent
|
||||
--------------------------------
|
||||
|
||||
The Linux bridge agent builds layer-2 (bridging and switching) virtual
|
||||
networking infrastructure for instances including VXLAN tunnels for private
|
||||
networks and handles security groups.
|
||||
networking infrastructure for instances and handles security groups.
|
||||
|
||||
* Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.ini`` file and
|
||||
complete the following actions:
|
||||
|
||||
* In the ``[linux_bridge]`` section, map the public virtual network to the
|
||||
public physical network interface:
|
||||
* In the ``[linux_bridge]`` section, map the provider virtual network to the
|
||||
provider physical network interface:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[linux_bridge]
|
||||
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
|
||||
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
|
||||
|
||||
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
|
||||
public network interface.
|
||||
Replace ``PROVIDER_INTERFACE_NAME`` with the name of the underlying
|
||||
provider physical network interface. See :ref:`environment-networking`
|
||||
for more information.
|
||||
|
||||
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
|
||||
IP address of the physical network interface that handles overlay
|
||||
@ -293,15 +283,8 @@ networks and handles security groups.
|
||||
underlying physical network interface that handles overlay networks. The
|
||||
example architecture uses the management interface to tunnel traffic to
|
||||
the other nodes. Therefore, replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with
|
||||
each node's own management IP address.
|
||||
|
||||
* In the ``[agent]`` section, enable ARP spoofing protection:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[agent]
|
||||
...
|
||||
prevent_arp_spoofing = True
|
||||
the management IP address of the controller node. See
|
||||
:ref:`environment-networking` for more information.
|
||||
|
||||
* In the ``[securitygroup]`` section, enable security groups and
|
||||
configure the Linux bridge :term:`iptables` firewall driver:
|
||||
@ -316,8 +299,8 @@ networks and handles security groups.
|
||||
Configure the layer-3 agent
|
||||
---------------------------
|
||||
|
||||
The :term:`Layer-3 (L3) agent` provides routing and NAT services for virtual
|
||||
networks.
|
||||
The :term:`Layer-3 (L3) agent` provides routing and NAT services for
|
||||
self-service virtual networks.
|
||||
|
||||
* Edit the ``/etc/neutron/l3_agent.ini`` file and complete the following
|
||||
actions:
|
||||
@ -337,15 +320,6 @@ networks.
|
||||
The ``external_network_bridge`` option intentionally lacks a value
|
||||
to enable multiple external networks on a single agent.
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in the
|
||||
``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Configure the DHCP agent
|
||||
------------------------
|
||||
|
||||
@ -355,7 +329,7 @@ The :term:`DHCP agent` provides DHCP services for virtual networks.
|
||||
actions:
|
||||
|
||||
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
|
||||
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
|
||||
Dnsmasq DHCP driver, and enable isolated metadata so instances on provider
|
||||
networks can access metadata over the network:
|
||||
|
||||
.. code-block:: ini
|
||||
@ -366,59 +340,6 @@ The :term:`DHCP agent` provides DHCP services for virtual networks.
|
||||
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
|
||||
enable_isolated_metadata = True
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in the
|
||||
``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Overlay networks such as VXLAN include additional packet headers that
|
||||
increase overhead and decrease space available for the payload or user
|
||||
data. Without knowledge of the virtual network infrastructure, instances
|
||||
attempt to send packets using the default Ethernet :term:`maximum
|
||||
transmission unit (MTU)` of 1500 bytes. :term:`Internet protocol (IP)`
|
||||
networks contain the :term:`path MTU discovery (PMTUD)` mechanism to detect
|
||||
end-to-end MTU and adjust packet size accordingly. However, some operating
|
||||
systems and networks block or otherwise lack support for PMTUD causing
|
||||
performance degradation or connectivity failure.
|
||||
|
||||
Ideally, you can prevent these problems by enabling :term:`jumbo frames
|
||||
<jumbo frame>` on the physical network that contains your tenant virtual
|
||||
networks. Jumbo frames support MTUs up to approximately 9000 bytes which
|
||||
negates the impact of VXLAN overhead on virtual networks. However, many
|
||||
network devices lack support for jumbo frames and OpenStack administrators
|
||||
often lack control over network infrastructure. Given the latter
|
||||
complications, you can also prevent MTU problems by reducing the
|
||||
instance MTU to account for VXLAN overhead. Determining the proper MTU
|
||||
value often takes experimentation, but 1450 bytes works in most
|
||||
environments. You can configure the DHCP server that assigns IP
|
||||
addresses to your instances to also adjust the MTU.
|
||||
|
||||
.. note::
|
||||
|
||||
Some cloud images ignore the DHCP MTU option in which case you
|
||||
should configure it using metadata, a script, or other suitable
|
||||
method.
|
||||
|
||||
* In the ``[DEFAULT]`` section, enable the :term:`dnsmasq` configuration
|
||||
file:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
|
||||
|
||||
* Create and edit the ``/etc/neutron/dnsmasq-neutron.conf`` file to
|
||||
enable the DHCP MTU option (26) and configure it to 1450 bytes:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
dhcp-option-force=26,1450
|
||||
|
||||
Return to
|
||||
:ref:`Networking controller node configuration
|
||||
<neutron-controller-metadata-agent>`.
|
||||
|
@ -147,20 +147,29 @@ You can deploy the Networking service using one of two architectures
|
||||
represented by options 1 and 2.
|
||||
|
||||
Option 1 deploys the simplest possible architecture that only supports
|
||||
attaching instances to public (provider) networks. No self-service
|
||||
attaching instances to provider (external) networks. No self-service (private)
|
||||
networks, routers, or floating IP addresses. Only the ``admin`` or other
|
||||
privileged user can manage provider networks.
|
||||
|
||||
Option 2 augments option 1 with layer-3 services that support attaching
|
||||
instances to self-service (private) networks. The ``demo`` or other
|
||||
unprivileged user can manage self-service networks including routers that
|
||||
provide connectivity between self-service and provider networks. Additionally,
|
||||
instances to self-service networks. The ``demo`` or other unprivileged
|
||||
user can manage self-service networks including routers that provide
|
||||
connectivity between self-service and provider networks. Additionally,
|
||||
floating IP addresses provide connectivity to instances using self-service
|
||||
networks from external networks such as the Internet.
|
||||
|
||||
Self-service networks typically use overlay networks. Overlay network
|
||||
protocols such as VXLAN include additional headers that increase overhead
|
||||
and decrease space available for the payload or user data. Without knowledge
|
||||
of the virtual network infrastructure, instances attempt to send packets
|
||||
using the default Ethernet :term:`maximum transmission unit (MTU)` of 1500
|
||||
bytes. The Networking service automatically provides the correct MTU value
|
||||
to instances via DHCP. However, some cloud images do not use DHCP or ignore
|
||||
the DHCP MTU option and require configuration using metadata or a script.
|
||||
|
||||
.. note::
|
||||
|
||||
Option 2 also supports attaching instances to public (provider) networks.
|
||||
Option 2 also supports attaching instances to provider networks.
|
||||
|
||||
Choose one of the following networking options to configure services
|
||||
specific to it. Afterwards, return here and proceed to
|
||||
@ -183,53 +192,18 @@ such as credentials to instances.
|
||||
* Edit the ``/etc/neutron/metadata_agent.ini`` file and complete the following
|
||||
actions:
|
||||
|
||||
* In the ``[DEFAULT]`` section, configure access parameters:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
auth_uri = http://controller:5000
|
||||
auth_url = http://controller:35357
|
||||
auth_region = RegionOne
|
||||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = service
|
||||
username = neutron
|
||||
password = NEUTRON_PASS
|
||||
|
||||
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
|
||||
user in the Identity service.
|
||||
|
||||
* In the ``[DEFAULT]`` section, configure the metadata host:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
nova_metadata_ip = controller
|
||||
|
||||
* In the ``[DEFAULT]`` section, configure the metadata proxy shared
|
||||
* In the ``[DEFAULT]`` section, configure the metadata host and shared
|
||||
secret:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
nova_metadata_ip = controller
|
||||
metadata_proxy_shared_secret = METADATA_SECRET
|
||||
|
||||
Replace ``METADATA_SECRET`` with a suitable secret for the metadata proxy.
|
||||
|
||||
* (Optional) To assist with troubleshooting, enable verbose logging in the
|
||||
``[DEFAULT]`` section:
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[DEFAULT]
|
||||
...
|
||||
verbose = True
|
||||
|
||||
Configure Compute to use Networking
|
||||
-----------------------------------
|
||||
|
||||
|
@ -45,6 +45,10 @@ Verify operation
|
||||
| dvr | Distributed Virtual Router |
|
||||
+-----------------------+-----------------------------------------------+
|
||||
|
||||
.. note::
|
||||
|
||||
Actual output may differ slightly from this example.
|
||||
|
||||
Use the verification section for the networking option that you chose to
|
||||
deploy.
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user