From 17fc8c8a8b829cab8c64470d3058137a102ed315 Mon Sep 17 00:00:00 2001 From: Matt Kassawara Date: Thu, 10 Apr 2014 19:18:20 -0600 Subject: [PATCH] Release candidate updates for Networking chapter As part of the installation guide improvement project, I performed the following operations on the Networking chapter: 1) Moved Neutron ML2 sections before OVS sections and updated associated notes to steer users toward ML2. 2) Removed database population steps because Neutron populates the database at first run. 3) Moved 'enable_security_group' key to [securitygroup] section. 4) Removed extraneous colons from procedure titles. 5) Added command output to Neutron initial networks section. 6) Added command output to Nova initial networks section. Change-Id: Ie677d199d2c64ef2a564eaa551295e1a321db02c Partial-Bug: #1291071 Implements: blueprint networking-install-guide-improvements --- doc/install-guide/ch_networking.xml | 32 +++--- .../section_neutron-initial-networks.xml | 103 +++++++++++++++--- .../section_neutron-ml2-compute-node.xml | 32 +++--- .../section_neutron-ml2-controller-node.xml | 40 +++---- .../section_neutron-ml2-network-node.xml | 36 +++--- ...l => section_neutron-ovs-compute-node.xml} | 0 ...> section_neutron-ovs-controller-node.xml} | 0 ...l => section_neutron-ovs-network-node.xml} | 0 .../section_nova-networking-compute-node.xml | 2 +- ...ection_nova-networking-initial-network.xml | 14 ++- 10 files changed, 164 insertions(+), 95 deletions(-) rename doc/install-guide/{section_neutron-compute-node.xml => section_neutron-ovs-compute-node.xml} (100%) rename doc/install-guide/{section_neutron-controller-node.xml => section_neutron-ovs-controller-node.xml} (100%) rename doc/install-guide/{section_neutron-network-node.xml => section_neutron-ovs-network-node.xml} (100%) diff --git a/doc/install-guide/ch_networking.xml b/doc/install-guide/ch_networking.xml index d52880f8c4..5f9f985657 100644 --- a/doc/install-guide/ch_networking.xml +++ b/doc/install-guide/ch_networking.xml @@ -19,7 +19,7 @@ Configuring networking in OpenStack can be a bewildering experience. This guide provides step-by-step instructions for both - OpenStack Networking (neutron) and the legacy (nova) networking + OpenStack Networking (neutron) and the legacy networking (nova-network) service. If you are unsure which to use, we recommend trying OpenStack Networking because it offers a considerable number of features and flexibility including Networking (neutron) -
- Open vSwitch (OVS) plug-in - - We recommend using the Open vSwitch (OVS) plug-in until we - complete documentation for the Modular Layer 2 (ML2) plug-in. - - - - -
Modular Layer 2 (ML2) plug-in - - We are adding this documentation for Icehouse. Until complete, - we recommend using the Open vSwitch (OVS) plug-in. - + + We primarily tested the Modular Layer 2 (ML2) plug-in on + Icehouse and suggest that you implement it instead of the + traditional Open vSwitch (OVS) plug-in. +
+
+ Open vSwitch (OVS) plug-in + + We suggest that you implement the Modular Layer 2 (ML2) plug-in + on Icehouse until we completely test the traditional Open vSwitch + (OVS) plug-in. + + + + +
diff --git a/doc/install-guide/section_neutron-initial-networks.xml b/doc/install-guide/section_neutron-initial-networks.xml index 9a5b3b2dba..12ebd089c3 100644 --- a/doc/install-guide/section_neutron-initial-networks.xml +++ b/doc/install-guide/section_neutron-initial-networks.xml @@ -42,14 +42,30 @@ Perform these commands on the controller node. - To create the external network: + To create the external network Source the admin tenant credentials: $ source admin-openrc.sh Create the network: - $ neutron net-create ext-net --shared --router:external=True + $ neutron net-create ext-net --shared --router:external=True +Created a new network: ++---------------------------+--------------------------------------+ +| Field | Value | ++---------------------------+--------------------------------------+ +| admin_state_up | True | +| id | 893aebb9-1c1e-48be-8908-6b947f3237b3 | +| name | ext-net | +| provider:network_type | gre | +| provider:physical_network | | +| provider:segmentation_id | 1 | +| router:external | True | +| shared | True | +| status | ACTIVE | +| subnets | | +| tenant_id | 54cd044c64d5408b83f843d63624e0d8 | ++---------------------------+--------------------------------------+ Like a physical network, a virtual network requires a @@ -70,7 +86,7 @@ instances do not connect directly to the external network and floating IP addresses require manual assignment. - To create a subnet on the external network: + To create a subnet on the external network Create the subnet: $ neutron subnet-create ext-net --name ext-subnet \ @@ -81,7 +97,25 @@ 203.0.113.200: $ neutron subnet-create ext-net --name ext-subnet \ --allocation-pool start=203.0.113.101,end=203.0.113.200 \ - --disable-dhcp --gateway 203.0.113.1 203.0.113.0/24 + --disable-dhcp --gateway 203.0.113.1 203.0.113.0/24 +Created a new subnet: ++-------------------+------------------------------------------------------+ +| Field | Value | ++-------------------+------------------------------------------------------+ +| allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.200"} | +| cidr | 203.0.113.0/24 | +| dns_nameservers | | +| enable_dhcp | False | +| gateway_ip | 203.0.113.1 | +| host_routes | | +| id | 9159f0dc-2b63-41cf-bd7a-289309da1391 | +| ip_version | 4 | +| ipv6_address_mode | | +| ipv6_ra_mode | | +| name | ext-subnet | +| network_id | 893aebb9-1c1e-48be-8908-6b947f3237b3 | +| tenant_id | 54cd044c64d5408b83f843d63624e0d8 | ++-------------------+------------------------------------------------------+
@@ -95,14 +129,26 @@ Perform these commands on the controller node. - To create the tenant network: + To create the tenant network Source the demo tenant credentials: $ source demo-openrc.sh Create the network: - $ neutron net-create demo-net + $ neutron net-create demo-net +Created a new network: ++----------------+--------------------------------------+ +| Field | Value | ++----------------+--------------------------------------+ +| admin_state_up | True | +| id | ac108952-6096-4243-adf4-bb6615b3de28 | +| name | demo-net | +| shared | False | +| status | ACTIVE | +| subnets | | +| tenant_id | cdef0071a0194d19ac6bb63802dc9bae | ++----------------+--------------------------------------+ Like the external network, your tenant network also requires @@ -115,14 +161,32 @@ default, this subnet will use DHCP so your instances can obtain IP addresses. - To create a subnet on the tenant network: + To create a subnet on the tenant network Create the subnet: $ neutron subnet-create demo-net --name demo-subnet \ --gateway TENANT_NETWORK_GATEWAY TENANT_NETWORK_CIDR Example using 192.168.1.0/24: $ neutron subnet-create demo-net --name demo-subnet \ - --gateway 192.168.1.1 192.168.1.0/24 + --gateway 192.168.1.1 192.168.1.0/24 +Created a new subnet: ++-------------------+------------------------------------------------------+ +| Field | Value | ++-------------------+------------------------------------------------------+ +| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} | +| cidr | 192.168.1.0/24 | +| dns_nameservers | | +| enable_dhcp | True | +| gateway_ip | 192.168.1.1 | +| host_routes | | +| id | 69d38773-794a-4e49-b887-6de6734e792d | +| ip_version | 4 | +| ipv6_address_mode | | +| ipv6_ra_mode | | +| name | demo-subnet | +| network_id | ac108952-6096-4243-adf4-bb6615b3de28 | +| tenant_id | cdef0071a0194d19ac6bb63802dc9bae | ++-------------------+------------------------------------------------------+ A virtual router passes network traffic between two or more virtual @@ -132,20 +196,33 @@ a router and attach your tenant and external networks to it. To create a router on the tenant network and attach the external - and tenant networks to it: + and tenant networks to it Create the router: - $ neutron router-create demo-router + $ neutron router-create demo-router +Created a new router: ++-----------------------+--------------------------------------+ +| Field | Value | ++-----------------------+--------------------------------------+ +| admin_state_up | True | +| external_gateway_info | | +| id | 635660ae-a254-4feb-8993-295aa9ec6418 | +| name | demo-router | +| status | ACTIVE | +| tenant_id | cdef0071a0194d19ac6bb63802dc9bae | ++-----------------------+--------------------------------------+ Attach the router to the demo tenant subnet: - $ neutron router-interface-add demo-router demo-subnet + $ neutron router-interface-add demo-router demo-subnet +Added interface b1a894fd-aee8-475c-9262-4342afdc1b58 to router demo-router. Attach the router to the external network by setting it as the gateway: - $ neutron router-gateway-set demo-router ext-net + $ neutron router-gateway-set demo-router ext-net +Set gateway for router demo-router @@ -165,7 +242,7 @@ external network. - To verify network connectivity: + To verify network connectivity Ping the tenant router gateway: $ ping -c 4 203.0.113.101 diff --git a/doc/install-guide/section_neutron-ml2-compute-node.xml b/doc/install-guide/section_neutron-ml2-compute-node.xml index a485294f9d..2e0f8ef5e8 100644 --- a/doc/install-guide/section_neutron-ml2-compute-node.xml +++ b/doc/install-guide/section_neutron-ml2-compute-node.xml @@ -22,7 +22,7 @@ net.ipv4.conf.default.rp_filter=0 - To install the Networking components: + To install the Networking components # apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ openvswitch-datapath-dkms @@ -39,9 +39,9 @@ net.ipv4.conf.default.rp_filter=0 - To configure the Networking common components: + To configure the Networking common components The Networking common component configuration includes the - authentication mechanism, messaging service, and plug-in. + authentication mechanism, message broker, and plug-in. Respond to prompts for database management, @@ -49,7 +49,7 @@ net.ipv4.conf.default.rp_filter=0 credentials, service endpoint registration, and - messaging service + message broker credentials. @@ -104,7 +104,7 @@ admin_password = NEUTRON_PASS - Configure Networking to use the messaging service: + Configure Networking to use the message broker: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. @@ -118,7 +118,7 @@ admin_password = NEUTRON_PASS rabbit_password RABBIT_PASS - Configure Networking to use the messaging service: + Configure Networking to use the message broker: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ @@ -131,7 +131,7 @@ admin_password = NEUTRON_PASS qpid_password guest - Configure Networking to use the messaging service: + Configure Networking to use the message broker: Edit the /etc/neutron/neutron.conf file @@ -152,9 +152,9 @@ rabbit_password = RABBIT_PASS Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ - core_plugin neutron.plugins.ml2.plugin.Ml2Plugin + core_plugin ml2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ - service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin + service_plugins router You must comment out any lines in the [service_providers] section. @@ -194,7 +194,7 @@ allow_overlapping_ips = True - To configure the Modular Layer 2 (ML2) plug-in: + To configure the Modular Layer 2 (ML2) plug-in The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. @@ -253,16 +253,12 @@ enable_tunneling = True following keys to it: [securitygroup] ... -firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - Add the following key to the - [securitygroup] section: - [securitygroup] -... +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True - To configure the Open vSwitch (OVS) service: + To configure the Open vSwitch (OVS) service The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS. @@ -292,7 +288,7 @@ enable_security_group = True - To configure Compute to use Networking: + To configure Compute to use Networking By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through OpenStack Networking. @@ -357,7 +353,7 @@ security_group_api = neutron - To finalize the installation: + To finalize the installation The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the diff --git a/doc/install-guide/section_neutron-ml2-controller-node.xml b/doc/install-guide/section_neutron-ml2-controller-node.xml index 67f9e87ada..4ef4d4ac64 100644 --- a/doc/install-guide/section_neutron-ml2-controller-node.xml +++ b/doc/install-guide/section_neutron-ml2-controller-node.xml @@ -59,7 +59,7 @@ IDENTIFIED BY 'NEUTRON_DBPASS'; - To install the Networking components: + To install the Networking components # apt-get install neutron-server neutron-plugin-ml2 # yum install openstack-neutron openstack-neutron-ml2 @@ -70,9 +70,9 @@ IDENTIFIED BY 'NEUTRON_DBPASS'; - To configure the Networking server component: + To configure the Networking server component The Networking server component configuration includes the database, - authentication mechanism, messaging service, topology change notifier, + authentication mechanism, message broker, topology change notifier, and plug-in. Respond to prompts for @@ -81,7 +81,7 @@ IDENTIFIED BY 'NEUTRON_DBPASS'; credentials, service endpoint registration, and - messaging service + message broker credentials. @@ -158,7 +158,7 @@ admin_password = NEUTRON_PASS - Configure Networking to use the messaging service: + Configure Networking to use the message broker: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. @@ -172,7 +172,7 @@ admin_password = NEUTRON_PASS rabbit_password RABBIT_PASS - Configure Networking to use the messaging service: + Configure Networking to use the message broker: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ @@ -185,7 +185,7 @@ admin_password = NEUTRON_PASS qpid_password guest - Configure Networking to use the messaging service: + Configure Networking to use the message broker: Edit the /etc/neutron/neutron.conf file @@ -282,9 +282,9 @@ nova_admin_auth_url = http://controller:35357/v2.0

Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ - core_plugin neutron.plugins.ml2.plugin.Ml2Plugin + core_plugin ml2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ - service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin + service_plugins router You must comment out any lines in the [service_providers] section. @@ -324,7 +324,7 @@ allow_overlapping_ips = True - To configure the Modular Layer 2 (ML2) plug-in: + To configure the Modular Layer 2 (ML2) plug-in The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. However, the controller node does not need the OVS agent or service because it @@ -364,16 +364,12 @@ tunnel_id_ranges = 1:1000 following keys to it: [securitygroup] ... -firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - Add the following key to the - [security_group] section: - [security_group] -... +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True - To configure Compute to use Networking: + To configure Compute to use Networking By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through OpenStack Networking. @@ -438,7 +434,7 @@ security_group_api = neutron - To finalize installation: + To finalize installation The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the @@ -460,16 +456,6 @@ security_group_api = neutron following: NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" - - Populate the Networking database: - Replace NEUTRON_DBPASS with the - password you chose for the database. - # openstack-db --init --service neutron --password NEUTRON_DBPASS - - Restart the Compute services: # service openstack-nova-api restart diff --git a/doc/install-guide/section_neutron-ml2-network-node.xml b/doc/install-guide/section_neutron-ml2-network-node.xml index f40a15444c..046591ac16 100644 --- a/doc/install-guide/section_neutron-ml2-network-node.xml +++ b/doc/install-guide/section_neutron-ml2-network-node.xml @@ -23,7 +23,7 @@ net.ipv4.conf.default.rp_filter=0 - To install the Networking components: + To install the Networking components # apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent openvswitch-datapath-dkms \ neutron-l3-agent neutron-dhcp-agent @@ -41,9 +41,9 @@ net.ipv4.conf.default.rp_filter=0 - To configure the Networking common components: + To configure the Networking common components The Networking common component configuration includes the - authentication mechanism, messaging service, and plug-in. + authentication mechanism, message broker, and plug-in. Respond to prompts for database management, @@ -51,7 +51,7 @@ net.ipv4.conf.default.rp_filter=0 credentials, service endpoint registration, and - messaging service + message broker credentials. @@ -106,7 +106,7 @@ admin_password = NEUTRON_PASS - Configure Networking to use the messaging service: + Configure Networking to use the message broker: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. @@ -120,7 +120,7 @@ admin_password = NEUTRON_PASS rabbit_password RABBIT_PASS - Configure Networking to use the messaging service: + Configure Networking to use the message broker: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ @@ -133,7 +133,7 @@ admin_password = NEUTRON_PASS qpid_password guest - Configure Networking to use the messaging service: + Configure Networking to use the message broker: Edit the /etc/neutron/neutron.conf file @@ -154,9 +154,9 @@ rabbit_password = RABBIT_PASS Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ - core_plugin neutron.plugins.ml2.plugin.Ml2Plugin + core_plugin ml2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ - service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin + service_plugins router You must comment any lines in the [service_providers] section. @@ -196,7 +196,7 @@ allow_overlapping_ips = True - To configure the Layer-3 (L3) agent: + To configure the Layer-3 (L3) agent The Layer-3 (L3) agent provides routing services for instance virtual networks. @@ -229,7 +229,7 @@ use_namespaces = True - To configure the DHCP agent: + To configure the DHCP agent The DHCP agent provides DHCP services for instance virtual networks. @@ -266,7 +266,7 @@ use_namespaces = True - To configure the metadata agent: + To configure the metadata agent The metadata agent provides configuration information such as credentials for remote access to instances. @@ -353,7 +353,7 @@ neutron_metadata_proxy_shared_secret = METADATA_SECRET - To configure the Modular Layer 2 (ML2) plug-in: + To configure the Modular Layer 2 (ML2) plug-in The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build virtual networking framework for instances. @@ -412,16 +412,12 @@ enable_tunneling = True following keys to it: [securitygroup] ... -firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - Add the following key to the - [securitygroup] section: - [security_group] -... +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True - To configure the Open vSwitch (OVS) service: + To configure the Open vSwitch (OVS) service The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS. The external bridge @@ -474,7 +470,7 @@ enable_security_group = True - To finalize the installation: + To finalize the installation The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the diff --git a/doc/install-guide/section_neutron-compute-node.xml b/doc/install-guide/section_neutron-ovs-compute-node.xml similarity index 100% rename from doc/install-guide/section_neutron-compute-node.xml rename to doc/install-guide/section_neutron-ovs-compute-node.xml diff --git a/doc/install-guide/section_neutron-controller-node.xml b/doc/install-guide/section_neutron-ovs-controller-node.xml similarity index 100% rename from doc/install-guide/section_neutron-controller-node.xml rename to doc/install-guide/section_neutron-ovs-controller-node.xml diff --git a/doc/install-guide/section_neutron-network-node.xml b/doc/install-guide/section_neutron-ovs-network-node.xml similarity index 100% rename from doc/install-guide/section_neutron-network-node.xml rename to doc/install-guide/section_neutron-ovs-network-node.xml diff --git a/doc/install-guide/section_nova-networking-compute-node.xml b/doc/install-guide/section_nova-networking-compute-node.xml index 96c64494e2..2571a9516e 100644 --- a/doc/install-guide/section_nova-networking-compute-node.xml +++ b/doc/install-guide/section_nova-networking-compute-node.xml @@ -10,7 +10,7 @@ multi-host feature provides redundancy by spreading network functions across compute nodes. - To use legacy networking: + To use legacy networking Install the packages: # apt-get install nova-network nova-api-metadata diff --git a/doc/install-guide/section_nova-networking-initial-network.xml b/doc/install-guide/section_nova-networking-initial-network.xml index f240d5fe08..59c6f47142 100644 --- a/doc/install-guide/section_nova-networking-initial-network.xml +++ b/doc/install-guide/section_nova-networking-initial-network.xml @@ -21,7 +21,7 @@ Perform these commands on the controller node. - To create the network: + To create the network Source the admin tenant credentials: $ source admin-openrc.sh @@ -38,6 +38,18 @@ $ nova network-create demo-net --bridge br100 --multi-host T \ --fixed-range-v4 203.0.113.24/29 + + This command provides no output. + + + + Verify creation of the network: + $ nova net-list ++--------------------------------------+----------+------------------+ +| ID | Label | CIDR | ++--------------------------------------+----------+------------------+ +| 84b34a65-a762-44d6-8b5e-3b461a53f513 | demo-net | 203.0.113.24/29 | ++--------------------------------------+----------+------------------+