From 280ae5b74e34aa47ed2d95702d366804a077afc3 Mon Sep 17 00:00:00 2001 From: sukhdev Date: Wed, 30 Oct 2013 15:04:13 -0700 Subject: [PATCH] Add neutron ML2 plugin info to instalation guid fixes bug: 1230276 Change-Id: I57bb01d491a847fbe2de96c43053d5bf11065954 --- ...r-tenant-routers-with-private-networks.xml | 402 +++++++++++------- ...-provider-router-with-private_networks.xml | 21 +- .../section_neutron-single-flat.xml | 45 +- 3 files changed, 286 insertions(+), 182 deletions(-) diff --git a/doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml b/doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml index 99bfb92bef..b88533755c 100644 --- a/doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml +++ b/doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml @@ -4,8 +4,9 @@ xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="section_networking-routers-with-private-networks"> Per-tenant routers with private networks - This section describes how to install the Networking service and its components for a - per-tenant routers with private networks use case. + This section describes how to install the Networking service + and its components for a per-tenant routers with private + networks use case. @@ -64,35 +65,50 @@ Controller Node - Runs the Networking service, Identity, and all of the Compute services that are required to - deploy VMs (nova-api, nova-scheduler, for example). The node must - have at least one network interface, which is connected to the Management - Network. The host name is controlnode, which every other node resolves to - the IP of the controller node. - The nova-network service - should not be running. This is replaced by Networking. + Runs the Networking service, Identity, and + all of the Compute services that are required + to deploy VMs (nova-api, nova-scheduler, for + example). The node must have at least one + network interface, which is connected to the + Management Network. The host name is + controlnode, which every other node resolves + to the IP of the controller node. + The nova-network service + should not be running. This is replaced by + Networking. Compute Node - Runs the Networking L2 agent and the Compute services that run VMs (nova-compute specifically, and optionally other - nova-* services depending on - configuration). The node must have at least two network interfaces. One - interface communicates with the controller node through the management network. - The other node is used for the VM traffic on the data network. The VM receives - its IP address from the DHCP agent on this network. + Runs the Networking L2 agent and the Compute + services that run VMs (nova-compute specifically, and + optionally other nova-* services depending on + configuration). The node must have at least two + network interfaces. One interface communicates + with the controller node through the management + network. The other node is used for the VM traffic + on the data network. The VM receives its IP + address from the DHCP agent on this network. Network Node - Runs Networking L2 agent, DHCP agent and L3 agent. This node has access to the - external network. The DHCP agent allocates IP addresses to the VMs on data - network. (Technically, the addresses are allocated by the Networking server, and - distributed by the dhcp agent.) The node must have at least two network - interfaces. One interface communicates with the controller node through the - management network. The other interface is used as external network. GRE tunnels - are set up as data networks. + Runs Networking L2 agent, DHCP agent and L3 agent. + This node has access to the external network. The + DHCP agent allocates IP addresses to the VMs on + data network. (Technically, the addresses are + allocated by the Networking server, and + distributed by the dhcp agent.) The node must have + at least two network interfaces. One interface + communicates with the controller node through the + management network. The other interface is used as + external network. GRE tunnels are set up as data + networks. Router @@ -106,49 +122,62 @@ Controller node - Relevant Compute services are installed, configured, and running. + Relevant Compute services are installed, configured, + and running. Glance is installed, configured, and running. In addition, an image named tty must be present. - Identity is installed, configured, and running. A Networking user named neutron should be created on tenant service with password NEUTRON_PASS. + Identity is installed, configured, and running. A + Networking user named neutron should be created on tenant + service with + password NEUTRON_PASS. Additional services: - RabbitMQ is running with default guest and its password + RabbitMQ is running with default guest + and its password - - MySQL server (user is root and - password is root) + + MySQL server (user is root and + password is root) Compute node - Compute is installed and configured. + Compute is installed and configured.
Install - Controller node—Networking server + Controller + node—Networking server - Install the Networking server. + Install the Networking + server. - - Create database ovs_neutron. + + Create database ovs_neutron. - Update the Networking configuration file, - /etc/neutron/neutron.conf, with plug-in choice - and Identity Service user as necessary: + Update the Networking + configuration file, + /etc/neutron/neutron.conf, + with plug-in choice and Identity + Service user as necessary: [DEFAULT] core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 control_exchange = neutron @@ -166,24 +195,30 @@ rabbit_host = controller notification_driver = neutron.openstack.common.notifier.rabbit_notifier - - Update the plug-in configuration file, - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini: + + Update the plug-in configuration + file, + /etc/neutron/plugins/ml2/ml2_conf.ini: [database] -connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8 +connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8 [ovs] tenant_network_type = gre +[ml2_type_gre] tunnel_id_ranges = 1:1000 -enable_tunneling = True - - Start the Networking server - The Networking server can be a service of the operating - system. The command to start the service depends on your - operating system. The following command runs the Networking - server directly: + + Start the Networking + server + The Networking server can be a + service of the operating system. + The command to start the service + depends on your operating system. + The following command runs the + Networking server directly: # neutron-server --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \ --config-file /etc/neutron/neutron.conf @@ -195,9 +230,12 @@ enable_tunneling = True Install Compute services. - Update the Compute configuration file, - /etc/nova/nova.conf. Make sure the following line - appears at the end of this file: + Update the Compute configuration + file, + /etc/nova/nova.conf. + Make sure the following line + appears at the end of this + file: network_api_class=nova.network.neutronv2.api.API neutron_admin_username=neutron @@ -211,137 +249,165 @@ libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver - Restart relevant Compute services. + Restart relevant Compute + services. - Compute and Network node—L2 agent + Compute and Network + node—L2 agent - Install and start Open vSwitch. + Install and start Open + vSwitch. - Install the L2 agent (Neutron Open vSwitch agent). + Install the L2 agent (Neutron + Open vSwitch agent). - Add the integration bridge to the Open vSwitch: + Add the integration bridge to + the Open vSwitch: # ovs-vsctl add-br br-int - Update the Networking configuration file, - /etc/neutron/neutron.conf: + Update the Networking + configuration file, + /etc/neutron/neutron.conf: [DEFAULT] -core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 +core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin control_exchange = neutron rabbit_host = controller notification_driver = neutron.openstack.common.notifier.rabbit_notifier - Update the plug-in configuration file, - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini. - Compute node: + Update the plug-in configuration + file, + /etc/neutron/plugins/ml2/ml2_conf.ini. + Compute Node: [database] -connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8 -[ovs] +connection = mysql://root:root@controlnode:3306/neutron_ml2?charset=utf8 +[ml2] tenant_network_type = gre +[ml2_type_gre] tunnel_id_ranges = 1:1000 -enable_tunneling = True +[ovs] local_ip = 9.181.89.202 Network node: [database] -connection = mysql://root:root@controlnode:3306/ovs_neutron?charset=utf8 -[ovs] +connection = mysql://root:root@controlnode:3306/neutron_ml2?charset=utf8 +[ml2] tenant_network_type = gre +[ml2_type_gre] tunnel_id_ranges = 1:1000 -enable_tunneling = True +[ovs] local_ip = 9.181.89.203 - Create the integration bridge br-int: + Create the integration bridge + br-int: # ovs-vsctl --may-exist add-br br-int - Start the Networking L2 agent + Start the Networking L2 + agent The Networking Open vSwitch L2 - agent can be a service of operating - system. The command to start depends - on your operating systems. The following command - runs the service directly: - + agent can be a service of operating + system. The command to start + depends on your operating systems. + The following command runs the + service directly: # neutron-openvswitch-agent --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \ --config-file /etc/neutron/neutron.conf - Network node—DHCP agent + Network node—DHCP + agent Install the DHCP agent. - Update the Networking configuration file, - /etc/neutron/neutron.conf + Update the Networking + configuration file, + /etc/neutron/neutron.conf [DEFAULT] -core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 +core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin control_exchange = neutron rabbit_host = controller notification_driver = neutron.openstack.common.notifier.rabbit_notifier allow_overlapping_ips = True Set - allow_overlapping_ips because TenantA - and TenantC use overlapping subnets. + allow_overlapping_ips + because TenantA and TenantC use + overlapping + subnets. - Update the DHCP configuration file - /etc/neutron/dhcp_agent.ini + Update the DHCP configuration + file + /etc/neutron/dhcp_agent.ini interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver Start the DHCP agent. - The Networking DHCP agent can be a service of operating - system. The command to start the service depends on your - operating system. The following command runs the service - directly: + The Networking DHCP agent can be + a service of operating system. The + command to start the service + depends on your operating system. + The following command runs the + service directly: # neutron-dhcp-agent --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/dhcp_agent.ini - Network node—L3 agent + Network node—L3 + agent Install the L3 agent. - Add the external network bridge + Add the external network + bridge # ovs-vsctl add-br br-ex - Add the physical interface, for example eth0, that is - connected to the outside network to this bridge: + Add the physical interface, for + example eth0, that is connected to + the outside network to this + bridge: # ovs-vsctl add-port br-ex eth0 - Update the L3 configuration file - /etc/neutron/l3_agent.ini: + Update the L3 configuration file + + /etc/neutron/l3_agent.ini: [DEFAULT] interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver use_namespaces=True Set the - use_namespaces option (it is True by - default) because TenantA and TenantC have overlapping - subnets, and the routers are hosted on one l3 agent network - node. + use_namespaces + option (it is True by default) + because TenantA and TenantC have + overlapping subnets, and the + routers are hosted on one l3 agent + network node. Start the L3 agent - The Networking L3 agent can be a service of operating system. - The command to start the service depends on your operating - system. The following command starts the agent directly: + The Networking L3 agent can be a + service of operating system. The + command to start the service + depends on your operating system. + The following command starts the + agent directly: # neutron-l3-agent --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/l3_agent.ini @@ -355,8 +421,9 @@ use_namespaces=True All of the commands below can be executed on the network node. - Ensure that the following environment variables are set. These are used by the - various clients to access the Identity service. + Ensure that the following environment variables are + set. These are used by the various clients to access + the Identity service. export OS_USERNAME=admin @@ -367,7 +434,8 @@ use_namespaces=True - Get the tenant ID (Used as $TENANT_ID later): + Get the tenant ID (Used as $TENANT_ID + later): # keystone tenant-list +----------------------------------+---------+---------+ | id | name | enabled | @@ -435,14 +503,19 @@ use_namespaces=True +------------------+--------------------------------------------+ - provider:network_type local means that Networking - does not have to realize this network through provider network. - router:external true means that an external - network is created where you can create floating IP and router gateway + provider:network_type + local means that Networking + does not have to realize this network + through provider network. + router:external + true means that an external + network is created where you can create + floating IP and router gateway port. - Add an IP on external network to br-ex. + Add an IP on external network to + br-ex. Because br-ex is the external network bridge, add an IP 30.0.0.100/24 to br-ex and ping the floating IP of the VM from our @@ -498,7 +571,8 @@ use_namespaces=True 1. - Create a subnet on the network TenantA-Net: + Create a subnet on the network + TenantA-Net: # neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 subnet-create TenantA-Net 10.0.0.0/24 @@ -563,13 +637,15 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \ # neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-interface-add \ TenantA-R1 51e2c223-0492-4385-b6e9-83d4e6d10657 - Added interface to router TenantA-R1 - # neutron --os-tenant-name TenantA --os-username UserA --os-password password \ + Added interface to router + TenantA-R1 + # neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 \ router-gateway-set TenantA-R1 Ext-Net - - - Associate a floating IP for TenantA_VM1. + + + Associate a floating IP for + TenantA_VM1. 1. Create a floating IP: # neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net @@ -597,7 +673,8 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \ | 6071d430-c66e-4125-b972-9a937c427520 | | fa:16:3e:a0:73:0d | {"subnet_id": "51e2c223-0492-4385-b6e9-83d4e6d10657", "ip_address": "10.0.0.3"} | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ - 3. Associate the floating IP with the VM port: + 3. Associate the floating IP with + the VM port: $ neutron --os-tenant-name TenantA --os-username UserA --os-password password \ --os-auth-url=http://localhost:5000/v2.0 floatingip-associate \ 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 6071d430-c66e-4125-b972-9a937c427520 @@ -612,7 +689,8 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \ - Ping the public network from the server of TenantA. + Ping the public network from the + server of TenantA. In my environment, 192.168.1.0/24 is my public network connected with my physical router, which also connects @@ -632,7 +710,8 @@ rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms - Ping floating IP of the TenantA's server: + Ping floating IP of the TenantA's + server: $ ping 30.0.0.2 PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data. 64 bytes from 30.0.0.2: icmp_req=1 ttl=63 time=45.0 ms @@ -645,7 +724,8 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms - Create other servers for TenantA. + Create other servers for + TenantA. We can create more servers for TenantA and add floating IPs for them. @@ -661,7 +741,8 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms IPs. - Create networks and subnets for TenantC: + Create networks and subnets for + TenantC: # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 net-create TenantC-Net1 # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ @@ -717,13 +798,15 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms them to create VMs and router. - Create a server TenantC-VM1 for TenantC on TenantC-Net1. + Create a server TenantC-VM1 for + TenantC on TenantC-Net1. # nova --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \ --nic net-id=91309738-c317-40a3-81bb-bed7a3917a85 TenantC_VM1 - Create a server TenantC-VM3 for TenantC on TenantC-Net2. + Create a server TenantC-VM3 for + TenantC on TenantC-Net2. # nova --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \ --nic net-id=5b373ad2-7866-44f4-8087-f87148abd623 TenantC_VM3 @@ -744,10 +827,13 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms will use them later. - Make sure servers get their IPs. - We can use VNC to log on the VMs to check if they get IPs. If not, - we have to make sure the Networking components are running right and - the GRE tunnels work. + Make sure servers get their + IPs. + We can use VNC to log on the VMs to + check if they get IPs. If not, we have + to make sure the Networking components + are running right and the GRE tunnels + work. Create and configure a router for @@ -760,17 +846,13 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 router-interface-add \ TenantC-R1 38f0b2f0-9f98-4bf6-9520-f4abede03300 - # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ + # neutron --os-tenant-name TenantC --os-username UserC --os-password password \ --os-auth-url=http://localhost:5000/v2.0 \ router-gateway-set TenantC-R1 Ext-Net - - - Checkpoint: ping from within TenantC's servers. - Since we have a router connecting to two subnets, the VMs on these subnets are able to ping each other. - And since we have set the router's gateway interface, TenantC's servers are able to ping external network IPs, such as 192.168.1.1, 30.0.0.1 etc. - - - Associate floating IPs for TenantC's servers. + + + Checkpoint: ping from within + TenantC's servers. Since we have a router connecting to two subnets, the VMs on these subnets are able to ping each other. And since @@ -780,7 +862,19 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms 192.168.1.1, 30.0.0.1 etc. - Associate floating IPs for TenantC's servers. + Associate floating IPs for TenantC's + servers. + Since we have a router connecting to + two subnets, the VMs on these subnets + are able to ping each other. And since + we have set the router's gateway + interface, TenantC's servers are able + to ping external network IPs, such as + 192.168.1.1, 30.0.0.1 etc. + + + Associate floating IPs for TenantC's + servers. We can use the similar commands as we used in TenantA's section to finish this task. @@ -791,20 +885,26 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
- Use case: per-tenant routers with private networks - This use case represents a more advanced router scenario in which each tenant gets at - least one router, and potentially has access to the Networking API to create additional - routers. The tenant can create their own networks, potentially uplinking those networks - to a router. This model enables tenant-defined, multi-tier applications, with each tier - being a separate network behind the router. Since there are multiple routers, tenant - subnets can overlap without conflicting, since access to external networks all happens - via SNAT or Floating IPs. Each router uplink and floating IP is allocated from the - external network subnet. + Use case: per-tenant routers with private + networks + This use case represents a more advanced router scenario + in which each tenant gets at least one router, and + potentially has access to the Networking API to create + additional routers. The tenant can create their own + networks, potentially uplinking those networks to a + router. This model enables tenant-defined, multi-tier + applications, with each tier being a separate network + behind the router. Since there are multiple routers, + tenant subnets can overlap without conflicting, since + access to external networks all happens via SNAT or + Floating IPs. Each router uplink and floating IP is + allocated from the external network subnet. + fileref="../common/figures/UseCase-MultiRouter.png" + align="left"/> diff --git a/doc/install-guide/section_neutron-provider-router-with-private_networks.xml b/doc/install-guide/section_neutron-provider-router-with-private_networks.xml index 10be3626de..92ea0bc35c 100644 --- a/doc/install-guide/section_neutron-provider-router-with-private_networks.xml +++ b/doc/install-guide/section_neutron-provider-router-with-private_networks.xml @@ -96,7 +96,7 @@ Edit file /etc/neutron/neutron.conf and modify: -core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 +core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin auth_strategy = keystone fake_rabbit = False rabbit_password = guest @@ -104,12 +104,13 @@ rabbit_password = guest Edit file - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini + /etc/neutron/plugins/ml2/ml2_conf.ini and modify: [database] connection = mysql://neutron:NEUTRON_DBPASS@localhost:3306/neutron -[ovs] +[ml2] tenant_network_type = vlan +[ml2_type_vlan] network_vlan_ranges = physnet1:100:2999 @@ -165,13 +166,15 @@ rabbit_host = controller Update the plug-in configuration file, - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini - : + /etc/neutron/plugins/ml2/ml2_conf.ini + : [database] connection = mysql://neutron:NEUTRON_DBPASS@controller:3306/neutron -[ovs] +[ml2] tenant_network_type=vlan +[ml2_type_vlan] network_vlan_ranges = physnet1:1:4094 +[ovs] bridge_mappings = physnet1:br-eth1 @@ -278,12 +281,14 @@ rabbit_host = controller Update the file - /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini: + /etc/neutron/plugins/ml2/ml2_conf.ini: [database] connection = mysql://neutron:NEUTRON_DBPASS@controller:3306/neutron -[ovs] +[ml2] tenant_network_type = vlan +[ml2_type_vlan] network_vlan_ranges = physnet1:1:4094 +[ovs] bridge_mappings = physnet1:br-eth1 diff --git a/doc/install-guide/section_neutron-single-flat.xml b/doc/install-guide/section_neutron-single-flat.xml index fba4ae6469..66623c7bcf 100644 --- a/doc/install-guide/section_neutron-single-flat.xml +++ b/doc/install-guide/section_neutron-single-flat.xml @@ -88,7 +88,7 @@ The demo assumes the following prerequisites: Controller node - + Relevant Compute services are installed, configured, and running. @@ -119,13 +119,13 @@ - + Compute node - + Compute is installed and configured. - +
Install @@ -162,7 +162,6 @@ core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 control_exchange = neutron rabbit_host = controller notification_driver = neutron.openstack.common.notifier.rabbit_notifier - [keystone_authtoken] admin_tenant_name=service admin_user=neutron @@ -177,6 +176,7 @@ admin_password=NEUTRON_PASS connection = mysql://root:root@controller:3306/ovs_neutron?charset=utf8 [ovs] network_vlan_ranges = physnet1 +[ovs] bridge_mappings = physnet1:br-eth0 @@ -200,14 +200,12 @@ bridge_mappings = physnet1:br-eth0 following line is at the end of the file: network_api_class=nova.network.neutronv2.api.API - neutron_admin_username=neutron neutron_admin_password=NEUTRON_PASS neutron_admin_auth_url=http://controller:35357/v2.0/ neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_url=http://controller:9696/ - libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver @@ -250,6 +248,7 @@ notification_driver = neutron.openstack.common.notifier.rabbit_notifier @@ -438,14 +437,14 @@ rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms outside world. For each subnet on an external network, the gateway configuration on the physical router must be manually configured outside of OpenStack. - - - - - - + + + + + +
@@ -454,14 +453,14 @@ rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms network use case, except that tenants can see multiple shared networks via the Networking API and can choose which network (or networks) to plug into. - - - - - - + + + + + +
Use case: mixed flat and private network