openstack/openstack-manuals
Code Issues Proposed changes

Update headings, edits for consistency/clarity/ Install Guide

Browse Source 
Partial-Bug: #1250515

backport: havana

Change-Id: I11117af7e13966f70e0050f96a7b2a1c4bcb59ca
author: diane fleming
This commit is contained in:
Diane Fleming 2013-11-19 09:42:38 -06:00 committed by Andreas Jaeger
parent 55b1ecab73
commit 4247c75744
13 changed files with 499 additions and 591 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
doc/install-guide/ch_basics.xml
View File

@ -45,10 +45,10 @@
by using the <literal>controller</literal> and
<literal>compute1</literal> host names.</para>
<!-- these fedora only paragraphs are confirmed not needed in centos -->
<para os="fedora">Disable the <systemitem role="service"
<para os="fedora">Disable the <systemitem class="service"
>NetworkManager</systemitem> service and enable the
<systemitem role="service">network</systemitem> service. The
<systemitem role="service">network</systemitem> service is
<systemitem class="service">network</systemitem> service. The
<systemitem class="service">network</systemitem> service is
more suitable for the static network configuration done in this
guide.</para>
@ -56,7 +56,6 @@
<prompt>#</prompt> <userinput>service network start</userinput>
<prompt>#</prompt> <userinput>chkconfig NetworkManager off</userinput>
<prompt>#</prompt> <userinput>chkconfig network on</userinput></screen>
<note os="fedora">
<para>Since Fedora 19, <literal>firewalld</literal> replaces
<literal>iptables</literal> as the default firewall
@ -72,13 +71,12 @@
<prompt>#</prompt> <userinput>chkconfig firewalld off</userinput>
<prompt>#</prompt> <userinput>chkconfig iptables on</userinput></screen>
</note>
<para os="opensuse;sles">When you set up your system, use the
traditional network scripts and do not use <systemitem
role="service">NetworkManager</systemitem>. You can change the
settings after installation with the YaST network module:</para>
class="service">NetworkManager</systemitem>. You can change
the settings after installation with the YaST network
module:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>yast2 network</userinput></screen>
<para>Configure both <literal>eth0</literal> and
<literal>eth1</literal>. The examples in this guide use the
<literal>192.168.0.<replaceable>x</replaceable></literal> IP
@ -86,7 +84,6 @@
<literal>10.0.0.<replaceable>x</replaceable></literal> IP
addresses for the external network. Make sure to connect your
network devices to the correct network.</para>
<para>In this guide, the controller node uses the
<literal>192.168.0.10</literal> and
<literal>10.0.0.10</literal> IP addresses. When you create the
@ -103,7 +100,6 @@
</imageobject>
</mediaobject>
</figure>
<example os="fedora">
<title><filename>/etc/sysconfig/network-scripts/ifcfg-eth0</filename></title>
<programlisting language="ini"># Internal Network
@ -115,7 +111,6 @@ NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes</programlisting>
</example>
<example os="fedora">
<title><filename>/etc/sysconfig/network-scripts/ifcfg-eth1</filename></title>
<programlisting language="ini"># External Network
@ -127,7 +122,6 @@ NETMASK=255.255.255.0
DEFROUTE=yes
ONBOOT=yes</programlisting>
</example>
<para os="opensuse;sles">To configure the network interfaces,
start the YaST network module, as follows:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>yast2 network</userinput></screen>
@ -189,72 +183,57 @@ iface eth1 inet static
older versions of Fedora, you set this in the file
<filename>/etc/sysconfig/network</filename>. Change the line
starting with <literal>HOSTNAME=</literal>.</para>
<programlisting language="ini" os="rhel;fedora;centos">HOSTNAME=controller</programlisting>
<para os="fedora">As of Fedora 18, Fedora uses the
<filename>/etc/hostname</filename> file, which contains a
single line with the host name.</para>
<para os="ubuntu;debian">To configure this host name to be
available when the system reboots, you must specify it in the
<filename>/etc/hostname</filename> file, which contains a
single line with the host name.</para>
<para>Finally, ensure that each node can reach the other nodes by
using host names. You must manually edit the
<filename>/etc/hosts</filename> file on each system. For
large-scale deployments, use DNS or a configuration management
system like Puppet.</para>
<programlisting>127.0.0.1 localhost
192.168.0.10 controller
192.168.0.11 compute1</programlisting>
</section>
<section xml:id="basics-ntp">
<title>Network Time Protocol (NTP)</title>
<para>To synchronize services across multiple machines, you must
install NTP. The examples in this guide configure the controller
node as the reference server and any additional nodes to set
their time from the controller node.</para>
<para>Install the <literal>ntp</literal> package on each system
running OpenStack services.</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install ntp</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install ntp</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install ntp</userinput></screen>
<para os="rhel;fedora;centos;opensuse;sles">Set up the NTP server
on your controller node so that it receives data by modifying
the <filename>ntp.conf</filename> file and restarting the
service.</para>
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service ntpd start</userinput>
<prompt>#</prompt> <userinput>chkconfig ntpd on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service ntp start</userinput>
<prompt>#</prompt> <userinput>chkconfig ntp on</userinput></screen>
<para>On additional nodes, it is advised that you configure the
other nodes to synchronize their time from the controller node rather
than from outside of your LAN. To do so, install the ntp daemon as above,
then edit <filename>/etc/ntp.conf</filename> and change the
<code>server</code> directive to use the controller node as internet time
source.</para>
other nodes to synchronize their time from the controller node
rather than from outside of your LAN. To do so, install the ntp
daemon as above, then edit <filename>/etc/ntp.conf</filename>
and change the <code>server</code> directive to use the
controller node as internet time source.</para>
</section>
<section xml:id="basics-database">
<title>MySQL database</title>
<para os="ubuntu;debian;rhel;fedora;centos">Most OpenStack
services require a database to store information. The examples
in this guide use a MySQL database that runs on the controller
node. You must install the MySQL database on the controller
node. You must install MySQL client software on any additional
nodes that access MySQL:</para>
services require a database to store information. These examples
use a MySQL database that runs on the controller node. You must
install the MySQL database on the controller node. You must
install MySQL client software on any additional nodes that
access MySQL.</para>
<para os="opensuse;sles">Most OpenStack services require a
database to store information. This guide uses a MySQL database
on SUSE Linux Enterprise Server and a compatible database on
@ -267,37 +246,36 @@ iface eth1 inet static
<listitem>
<para><phrase os="sles">For SUSE Linux Enterprise Server:
</phrase> On the controller node, install the MySQL client,
the MySQL database, and the MySQL Python library.</para>
database, and Python library.</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install mysql-client mysql python-mysql</userinput></screen>
<para os="opensuse">For openSUSE: On the controller node,
install the MariaDB client, the MariaDB database, and the
MySQL Python library.</para>
install the MariaDB client and database, and the MySQL
Python library.</para>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper install mariadb-client mariadb python-mysql</userinput></screen>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install python-mysqldb mysql-server</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install mysql mysql-server MySQL-python</userinput></screen>
<note os="ubuntu;debian">
<para>When you install the server package, you are prompted
for the root password for the database. Be sure to choose
a strong password and remember it.</para>
for the root password for the database. Choose a strong
password and remember it.</para>
</note>
<para>Edit <filename os="ubuntu;debian"
>/etc/mysql/my.cnf</filename><filename
os="opensuse;sles;rhel;fedora;centos"
>/etc/my.cnf</filename> and set the
<literal>bind-address</literal> to the internal IP address
of the controller, to allow access from outside the
of the controller, to enable access from outside the
controller node.</para>
<programlisting language="ini"># Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 192.168.0.10</programlisting>
<para os="ubuntu;debian">Restart the MySQL service to apply the
changes:</para>
<para os="ubuntu;debian">Restart the MySQL service to apply
the changes:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service mysql restart</userinput></screen>
</listitem>
<listitem>
<para>On any nodes besides the controller node, just install
the <phrase os="ubuntu;debian;rhel;fedora;centos"
<para>On nodes other than the controller node, install the
<phrase os="ubuntu;debian;rhel;fedora;centos"
>MySQL</phrase>
<phrase os="opensuse">MariaDB (on openSUSE)</phrase> client
and the MySQL Python library on any system that does not
@ -319,22 +297,18 @@ bind-address = 192.168.0.10</programlisting>
<prompt>#</prompt> <userinput>chkconfig mysqld on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service mysql start</userinput>
<prompt>#</prompt> <userinput>chkconfig mysql on</userinput></screen>
<para os="rhel;centos;fedora;opensuse;sles">Finally, you should
set a root password for your <phrase os="rhel;fedora;centos"
>MySQL</phrase>
<phrase os="opensuse;sles">MariaDB or MySQL</phrase> database.
The OpenStack programs that set up databases and tables prompt
you for this password if it is set.</para>
<para os="ubuntu;debian;rhel;centos;fedora;opensuse;sles">You must
delete the anonymous users that are created when the database is
first started. Otherwise, database connection problems occur
when you follow the instructions in this guide. To do this, use
the <command>mysql_secure_installation</command> command.</para>
<screen os="ubuntu;debian;rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>mysql_secure_installation</userinput></screen>
<para><phrase os="rhel;centos;fedora;opensuse;sles">If you have
not already set a root database password, press
<keycap>ENTER</keycap> when you are prompted for the
@ -342,26 +316,22 @@ bind-address = 192.168.0.10</programlisting>
for you to secure your database installation. Respond
<userinput>yes</userinput> to all prompts unless you have a
good reason to do otherwise.</para>
</section>
<section xml:id="basics-packages">
<title>OpenStack packages</title>
<para>Distributions might release OpenStack packages as part of
their distribution or through other methods because the
OpenStack and distribution release times are independent of each
other.</para>
<para>This section describes the additional configuration you must
<para>This section describes the configuration you must
complete after you configure machines to install the latest
OpenStack packages.</para>
<para os="fedora;centos;rhel">The examples in this guide use the
OpenStack packages from the RDO repository. These packages work
on Red Hat Enterprise Linux 6, compatible versions of CentOS,
and Fedora 19. To enable the RDO repository, download and
install the <package>rdo-release-havana</package>
package.</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-6.noarch.rpm</userinput></screen>
<para os="fedora;centos;rhel">The EPEL package includes GPG keys
for package signing and repository information. This should only
@ -372,23 +342,20 @@ bind-address = 192.168.0.10</programlisting>
>http://download.fedoraproject.org/pub/epel/6/x86_64/repoview/epel-release.html</link>).
For example:</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm</userinput></screen>
<para os="fedora;centos;rhel">The
<package>openstack-utils</package> package contains utility
programs that make installation and configuration easier. These
programs are used throughout this guide. Install
<package>openstack-utils</package>. This verifies that you can
access the RDO repository.</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>yum install openstack-utils</userinput></screen>
<para os="opensuse;sles">Use the Open Build Service repositories
for Havana based on your openSUSE or SUSE Linux Enterprise
Server version, for example if you run openSUSE 12.3 use:</para>
<screen os="opensuse"><prompt>#</prompt> <userinput>zypper addrepo -f obs://Cloud:OpenStack:Havana/openSUSE_12.3 Havana</userinput></screen>
<para os="sles"> If you use SUSE Linux Enterprise Server 11 SP3,
use:
<screen><prompt>#</prompt> <userinput>zypper addrepo -f obs://Cloud:OpenStack:Havana/SLE_11_SP3 Havana</userinput></screen></para>
use:</para>
<screen os="sles"><prompt>#</prompt> <userinput>zypper addrepo -f obs://Cloud:OpenStack:Havana/SLE_11_SP3 Havana</userinput></screen>
<para os="opensuse">For openSUSE 13.1, nothing needs to be done
because OpenStack Havana packages are part of the distribution
itself.</para>
@ -397,9 +364,7 @@ bind-address = 192.168.0.10</programlisting>
configuration easier. These programs are used throughout this
guide. Install <package>openstack-utils</package>. This verifies
that you can access the Open Build Service repository:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-utils</userinput></screen>
<procedure xml:id="ubuntu-cloud-archive" os="ubuntu">
<title>To use the Ubuntu Cloud Archive for Havana</title>
<para>The <link
@ -417,7 +382,6 @@ bind-address = 192.168.0.10</programlisting>
<screen><prompt>#</prompt> <userinput>apt-get update &amp;&amp; apt-get dist-upgrade</userinput> </screen></para>
</step>
</procedure>
<procedure xml:id="debian-cloud-archive" os="debian">
<title>To use the Debian Wheezy backports archive for
Havana</title>

2
doc/install-guide/ch_horizon.xml
View File

@ -3,7 +3,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="ch_horizon">
<title>Add a dashboard</title>
<title>Add the dashboard</title>
<para>The OpenStack dashboard, also known as <link
xlink:href="https://github.com/openstack/horizon/"
>Horizon</link>, is a Web interface that enables cloud

2
doc/install-guide/ch_neutron.xml
View File

@ -27,7 +27,7 @@
linkend="basics-packages"/>.</para>
<warning>
<para>If you previously set up networking for your compute node by using
<systemitem role="service"
<systemitem class="service"
>nova-network</systemitem>, this configuration
overrides those settings.</para>
</warning>

4
doc/install-guide/ch_overview.xml
View File

@ -45,7 +45,7 @@
</mediaobject>
</figure>
<para>Technical details: Compute with KVM, local ephemeral
storage, <systemitem role="service">nova-network</systemitem> in multi-host flatDHCP mode, MySQL,
storage, <systemitem class="service">nova-network</systemitem> in multi-host flatDHCP mode, MySQL,
nova-api, default scheduler, <phrase os="fedora;rhel;centos"
>Qpid for messaging,</phrase><phrase
os="ubuntu;debian;opensuse">RabbitMQ for
@ -58,7 +58,7 @@
xlink:href="http://docs.openstack.org/trunk/openstack-ops/content/"
><citetitle>OpenStack Operations
Guide</citetitle></link>. Same as the basic architecture
but with the Block Storage Service LVM/iSCSI back end, <systemitem role="service">nova-network</systemitem> in
but with the Block Storage Service LVM/iSCSI back end, <systemitem class="service">nova-network</systemitem> in
multi-host with FlatDHCP, Live Migration back end, shared
storage with NFS, and Object Storage. One controller node
and multiple compute nodes.</para>

10
doc/install-guide/object-storage/section_object-storage-sys-requirements.xml
View File

@ -4,7 +4,6 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0">
<?dbhtml-stop-chunking?>
<title>System requirements</title>
<para><emphasis role="bold">Hardware</emphasis>: OpenStack Object
Storage is designed to run on commodity hardware.</para>
@ -77,14 +76,13 @@
requests.</para>
<para>Optimize your proxy servers for best CPU
performance. The Proxy Services are more CPU
and network I/O intensive. If you are using
10g networking to the proxy, or are
terminating SSL traffic at the proxy, greater
CPU power will be required.</para></td>
and network I/O intensive. If you are using 10
GB networking to the proxy, or are terminating
SSL traffic at the proxy, greater CPU power is
required.</para></td>
</tr>
</tbody>
</table>
<para><emphasis role="bold">Operating system</emphasis>: OpenStack
Object Storage currently runs on Ubuntu, RHEL, CentOS, Fedora,
openSUSE, or SLES.</para>

22
doc/install-guide/section_dashboard-install.xml
View File

@ -43,16 +43,14 @@
</note>
<note os="debian">
<title>Note for Debian users</title>
<para>It is as well possible to install the apache
package:
<screen><prompt>#</prompt> <userinput>apt-get install openstack-dashboard-apache</userinput></screen>
This will install and configure Apache correctly,
provided that the user asks for it during the
debconf prompts. The default SSL certificate is
self-signed, and it is probably wise to have it
signed by a root CA (Certificate
Authority).</para>
<para>To install the Apache package:</para>
<screen><prompt>#</prompt> <userinput>apt-get install openstack-dashboard-apache</userinput></screen>
<para>This command installs and configures Apache
correctly, provided that the user asks for it
during the <package>debconf</package> prompts. The
default SSL certificate is self-signed, and it is
probably wise to have it signed by a root
Certificate Authority (CA).</para>
</note>
</step>
<step>
@ -178,8 +176,8 @@
<prompt>#</prompt> <userinput>service memcached restart</userinput></screen>
</step>
<step>
<para>You can now access the dashboard at <uri
os="ubuntu">http://controller/horizon</uri>
<para>You can now access the dashboard at <uri os="ubuntu"
>http://controller/horizon</uri>
<uri os="debian">https://controller/</uri>
<uri os="centos;fedora;rhel"
>http://controller/dashboard</uri>

25
doc/install-guide/section_glance-install.xml
View File

@ -46,8 +46,8 @@
database. The examples in this guide use the MySQL database
that is used by other OpenStack services.</para>
<para>Configure the location of the database. The Image Service
provides the <systemitem role="service"
>glance-api</systemitem> and <systemitem role="service"
provides the <systemitem class="service"
>glance-api</systemitem> and <systemitem class="service"
>glance-registry</systemitem> services, each with its own
configuration file. You must update both configuration files
throughout this section. Replace
@ -61,25 +61,21 @@
<filename>/etc/glance/glance-api.conf</filename> and
<filename>/etc/glance/glance-registry.conf</filename> and
change the <literal>[DEFAULT]</literal> section.</para>
<programlisting os="ubuntu;debian" language="ini">
...
<programlisting os="ubuntu;debian" language="ini">...
[DEFAULT]
...
# SQLAlchemy connection string for the reference implementation
# registry server. Any valid SQLAlchemy connection string is fine.
# See: http://www.sqlalchemy.org/docs/05/reference/sqlalchemy/connections.html#sqlalchemy.create_engine
sql_connection = mysql://glance:GLANCE_DBPASS@<replaceable>controller</replaceable>/glance
...
</programlisting>
...</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Use the <command>openstack-db</command> command to create
the Image Service database and tables and a
<literal>glance</literal> database user:</para>
<screen><prompt>#</prompt> <userinput>openstack-db --init --service glance --password <replaceable>GLANCE_DBPASS</replaceable></userinput></screen>
</step>
<step os="ubuntu">
<para>By default, the Ubuntu packages create an SQLite database.
Delete the <filename>glance.sqlite</filename> file created in
@ -96,12 +92,10 @@ IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput>
<prompt>mysql></prompt> <userinput>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput></screen>
</step>
<step os="ubuntu">
<para>Create the database tables for the Image Service:</para>
<screen><prompt>#</prompt> <userinput>glance-manage db_sync</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Create a <literal>glance</literal> user that the Image
Service can use to authenticate with the Identity Service.
@ -116,7 +110,6 @@ IDENTIFIED BY '<replaceable>GLANCE_DBPASS</replaceable>';</userinput></screen>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Add the credentials to the Image Service configuration
files:</para>
<screen os="centos;rhel;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
auth_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/glance/glance-api.conf keystone_authtoken \
@ -159,7 +152,6 @@ admin_password = GLANCE_PASS
<prompt>#</prompt> <userinput>cp /usr/share/glance/glance-api-dist-paste.ini /etc/glance/glance-api-paste.ini</userinput>
<prompt>#</prompt> <userinput>cp /usr/share/glance/glance-registry-dist-paste.ini /etc/glance/glance-registry-paste.ini</userinput>
</screen>
<para>Edit each file to set the following options in the
<literal>[filter:authtoken]</literal> section:</para>
<programlisting language="ini">[filter:authtoken]
@ -169,7 +161,6 @@ admin_user=glance
admin_tenant_name=service
admin_password=<replaceable>GLANCE_PASS</replaceable></programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Register the Image Service with the Identity Service so
that other OpenStack services can locate it. Register the
@ -186,17 +177,15 @@ admin_password=<replaceable>GLANCE_PASS</replaceable></programlisting>
--internalurl=http://<replaceable>controller</replaceable>:9292 \
--adminurl=http://<replaceable>controller</replaceable>:9292</userinput></screen>
</step>
<step os="ubuntu">
<para>Restart the <systemitem role="service">glance</systemitem>
<para>Restart the <systemitem class="service">glance</systemitem>
service with its new settings.</para>
<screen><prompt>#</prompt> <userinput>service glance-registry restart</userinput>
<prompt>#</prompt> <userinput>service glance-api restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse;sles">
<para>Start the <systemitem role="service"
>glance-api</systemitem> and <systemitem role="service"
<para>Start the <systemitem class="service"
>glance-api</systemitem> and <systemitem class="service"
>glance-registry</systemitem> services and configure them to
start when the system boots:</para>
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-glance-api start</userinput>

17
doc/install-guide/section_glance-verify.xml
View File

@ -21,8 +21,9 @@
Guide</citetitle></link>.</para>
<procedure>
<step>
<para>Download the image into a dedicated
directory using <command>wget</command> or <command>curl</command>:</para>
<para>Download the image into a dedicated directory using
<command>wget</command> or
<command>curl</command>:</para>
<screen><prompt>$</prompt> <userinput>mkdir images</userinput>
<prompt>$</prompt> <userinput>cd images/</userinput>
<prompt>$</prompt> <userinput>wget http://cdn.download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img</userinput></screen>
@ -36,9 +37,8 @@
<varlistentry>
<term><literal><replaceable>imageLabel</replaceable></literal></term>
<listitem>
<para>Arbitrary label. This is the name by
which users will refer to the
image.</para>
<para>Arbitrary label. The name by which users
refer to the image.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -87,13 +87,12 @@
<listitem>
<para>Specifies image access: <itemizedlist>
<listitem>
<para>true - All users will be able
to view and use the image.</para>
<para>true - All users can view and
use the image.</para>
</listitem>
<listitem>
<para>false - Only administrators
will be able to view and use the
image.</para>
can view and use the image.</para>
</listitem>
</itemizedlist></para>
</listitem>

37
doc/install-guide/section_heat-install.xml
View File

@ -29,8 +29,8 @@
</step>
<step>
<para>In the configuration file, specify the location of the
database where the Orchestration service stores data. The
examples in this guide use a MySQL database with a
database where the Orchestration service stores data. These
examples use a MySQL database with a
<literal>heat</literal> user on the controller node. Replace
<replaceable>HEAT_DBPASS</replaceable> with the password for
the database user:</para>
@ -46,12 +46,12 @@ connection = mysql://heat:<replaceable>HEAT_DBPASS</replaceable>@controller/heat
</step>
<step os="ubuntu">
<para>By default, the Ubuntu packages create an SQLite database.
Delete the <filename>heat.sqlite</filename> file created in
Delete the <filename>heat.sqlite</filename> file that was created in
the <filename>/var/lib/heat/</filename> directory so that it
does not get used by mistake.</para>
</step>
<step>
<para>Use the password you set previously to log in as root and
<para>Use the password that you set previously to log in as <literal>root</literal> and
create a <literal>heat</literal> database user:</para>
<screen><prompt>#</prompt> <userinput>mysql -u root -p</userinput>
<prompt>mysql></prompt> <userinput>CREATE DATABASE heat;</userinput>
@ -83,14 +83,12 @@ verbose = True
log_dir=/var/log/heat</programlisting>
</step>
<step os="opensuse;sles;ubuntu">
<para>Configure the Orchestration Service to use the RabbitMQ message
broker.</para>
<para os="ubuntu">Edit <filename>/etc/heat/heat.conf</filename> and
modify the <literal>[DEFAULT]</literal> section:</para>
<para>Configure the Orchestration Service to use the RabbitMQ
message broker.</para>
<para os="ubuntu">Edit <filename>/etc/heat/heat.conf</filename>
and modify the <literal>[DEFAULT]</literal> section:</para>
<programlisting os="ubuntu" language="ini">rabbit_host = controller
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<para os="opensuse;sles">Run the following commands:</para>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/heat/heat.conf DEFAULT rabbit_host controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/heat/heat.conf DEFAULT rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
@ -104,10 +102,10 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<prompt>#</prompt> <userinput>keystone user-role-add --user=heat --tenant=service --role=admin</userinput></screen>
</step>
<step>
<para>Edit the <filename>/etc/heat/heat.conf</filename> file
and change the <literal>[keystone_authtoken]</literal> and
<literal>[ec2_authtoken]</literal> sections to add credentials
to the Orchestration Service:</para>
<para>Edit the <filename>/etc/heat/heat.conf</filename> file to
change the <literal>[keystone_authtoken]</literal> and
<literal>[ec2_authtoken]</literal> sections to add
credentials to the Orchestration Service:</para>
<programlisting language="ini">[keystone_authtoken]
auth_host = controller
auth_port = 35357
@ -155,12 +153,11 @@ keystone_ec2_uri = http://<replaceable>controller</replaceable>:5000/v2.0/ec2tok
<prompt>#</prompt> <userinput>service heat-engine restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse;sles">
<para>Start the <systemitem role="service"
>heat-api</systemitem>, <systemitem role="service"
class="service">heat-api-cfn</systemitem> and <systemitem
role="service" class="service">heat-engine</systemitem>
services and configure them to start when the system
boots:</para>
<para>Start the <systemitem class="service"
>heat-api</systemitem>, <systemitem class="service"
>heat-api-cfn</systemitem> and <systemitem class="service"
>heat-engine</systemitem> services and configure them to
start when the system boots:</para>
<screen os="rhel;fedora;centos;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-heat-api start</userinput>
<prompt>#</prompt> <userinput>service openstack-heat-api-cfn start</userinput>
<prompt>#</prompt> <userinput>service openstack-heat-engine start</userinput>

72
doc/install-guide/section_keystone-services.xml
View File

@ -1,24 +1,22 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="keystone-services"
os="rhel;centos;fedora;opensuse;sles;ubuntu">
xmlns:xlink="http://www.w3.org/1999/xlink"
xml:id="keystone-services"
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<title>Define services and API endpoints</title>
<para>The Identity Service also tracks what OpenStack services are
installed and where to locate them on the network. For each service
on your OpenStack installation, you must call
<command>keystone service-create</command> to describe the service
and <command>keystone endpoint-create</command> to specify the API
endpoints associated with the service.</para>
<para>For now, create a service for the Identity Service itself.
This will allow you to stop using the authorization token and instead
use normal authentication when using the <command>keystone</command>
command in the future.</para>
<para>First, create a service entry for the Identity Service.</para>
<screen><prompt>#</prompt> <userinput>keystone service-create --name=keystone --type=identity \
installed and where to locate them on the network. For each
service on your OpenStack installation, you must call
<command>keystone service-create</command> to describe the
service and <command>keystone endpoint-create</command> to specify
the API endpoints associated with the service.</para>
<para>For now, create a service for the Identity Service itself that
uses normal authentication instead of the authorization token when
you run the <command>keystone</command> command in the
future.</para>
<procedure>
<step>
<para>Create a service entry for the Identity Service:</para>
<screen><prompt>#</prompt> <userinput>keystone service-create --name=keystone --type=identity \
--description="Keystone Identity Service"</userinput>
<computeroutput>+-------------+----------------------------------+
| Property | Value |
@ -28,17 +26,17 @@
| name | keystone |
| type | identity |
+-------------+----------------------------------+</computeroutput></screen>
<para>The service id is randomly generated, and will be different
from the one shown above when you run the command. Next, specify
an API endpoint for the Identity Service using the service id you
received. When you specify an endpoint, you provide three URLs
for the public API, the internal API, and the admin API. In this
guide, we use the hostname <literal>controller</literal>. Note
that the Identity Service uses a different port for the admin
API.</para>
<screen><prompt>#</prompt> <userinput>keystone endpoint-create \
<para>The service ID is randomly generated and is different from
the one shown here.</para>
</step>
<step>
<para>Specify an API endpoint for the Identity Service by using
the returned service ID. When you specify an endpoint, you
provide URLs for the public API, internal API, and admin API.
In this guide, the <literal>controller</literal> host name is
used. Note that the Identity Service uses a different port for
the admin API.</para>
<screen><prompt>#</prompt> <userinput>keystone endpoint-create \
--service-id=<replaceable>the_service_id_above</replaceable> \
--publicurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
--internalurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
@ -52,12 +50,12 @@
| publicurl | http://controller:5000/v2.0 |
| region | regionOne |
| service_id | 15c11a23667e427e91bc31335b45f4bd |
+-------------+-----------------------------------+
</computeroutput>
</screen>
<para>As you add other services to your OpenStack installation, you
will call these commands again to register those services with the
Identity Service.</para>
+-------------+-----------------------------------+</computeroutput></screen>
</step>
<step>
<para>As you add other services to your OpenStack installation,
call these commands to register the services with the Identity
Service.</para>
</step>
</procedure>
</section>

137
doc/install-guide/section_neutron-install.xml
View File

@ -262,8 +262,9 @@ admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
<step os="opensuse;sles;ubuntu">
<para>Configure the RabbitMQ access. Edit the
<filename>/etc/neutron/neutron.conf</filename> file to modify the
following parameters in the <literal>DEFAULT</literal> section.</para>
<filename>/etc/neutron/neutron.conf</filename> file to
modify the following parameters in the
<literal>DEFAULT</literal> section.</para>
<programlisting language="ini">rabbit_host = controller
rabbit_userid = guest
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
@ -352,7 +353,8 @@ admin_password=<replaceable>NEUTRON_PASS</replaceable></programlisting>
<screen os="debian;rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
<para os="rhel;fedora;centos;opensuse;sles">And configure it to start when the system boots:</para>
<para os="rhel;fedora;centos;opensuse;sles">And configure
it to start when the system boots:</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
@ -401,81 +403,89 @@ GATEWAY=EXTERNAL_INTERFACE_GATEWAY</programlisting>
<!-- TODO(sross): support other distros -->
<step>
<para>You must set some common configuration options no
matter which networking technology you choose to use with
Open vSwitch. Configure the L3 and DHCP agents to use
<acronym>OVS</acronym> and namespaces. Edit the
matter which networking technology you choose to use
with Open vSwitch. Configure the L3 and DHCP agents to
use <acronym>OVS</acronym> and namespaces. Edit the
<filename>/etc/neutron/l3_agent.ini</filename> and
<filename>/etc/neutron/dhcp_agent.ini</filename>
files, respectively:</para>
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True</programlisting>
<para os="rhel;centos">You must enable veth support if you
use certain kernels. Some kernels, such as recent versions
of RHEL (not RHOS) and CentOS, only partially support
namespaces. Edit the previous
files, as follows:</para>
use certain kernels. Some kernels, such as recent
versions of RHEL (not RHOS) and CentOS, only partially
support namespaces. Edit the previous files, as
follows:</para>
<programlisting language="ini" os="rhel;centos">ovs_use_veth = True</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Similarly, you must also tell Neutron core to use
<acronym>OVS</acronym>. Edit the
<filename>/etc/neutron/neutron.conf</filename> file:</para>
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
</step>
<step>
<para>Choose a networking technology to create the virtual networks.
Neutron supports GRE tunneling, VLANs, and VXLANs. This guide
shows how to configure GRE tunneling and VLANs.</para>
<para>Choose a networking technology to create the virtual
networks. Neutron supports GRE tunneling, VLANs, and
VXLANs. This guide shows how to configure GRE tunneling
and VLANs.</para>
<para>
<link linkend="install-neutron.install-plug-in.ovs.gre">GRE
tunneling</link> is simpler to set up because it does not
require any special configuration from any physical network
hardware. However, its protocol makes it difficult to filter
traffic on the physical network. Additionally, this configuration
does not use namespaces. You can have only one router for each
network node. However, you can enable namespacing, and potentially
veth, as described in the section detailing how to use VLANs with
<acronym>OVS</acronym>).</para>
<link linkend="install-neutron.install-plug-in.ovs.gre"
>GRE tunneling</link> is simpler to set up because it
does not require any special configuration from any
physical network hardware. However, its protocol makes
it difficult to filter traffic on the physical network.
Additionally, this configuration does not use
namespaces. You can have only one router for each
network node. However, you can enable namespacing, and
potentially veth, as described in the section detailing
how to use VLANs with <acronym>OVS</acronym>).</para>
<note os="ubuntu">
<para>On Ubuntu 12.04 LTS with GRE you must install
openvswitch-datapath-dkms and restart the service to enable the
GRE flow so that OVS 1.10 and higher is used. Make sure you are
running the OVS 1.10 kernel module in addition to the OVS 1.10
userspace. Both the kernel module and userspace are required for
VXLAN support. The error you see in the
<filename>/var/log/openvswitchovs-vswitchd.log</filename> log
file is "Stderr: 'ovs-ofctl: -1: negative values not supported
for in_port\n'". If you see this error, make sure
<command>modinfo openvswitch</command> shows the right
version. Also check the output from <command>dmesg</command> for
the version of the OVS module being loaded.</para>
openvswitch-datapath-dkms and restart the service to
enable the GRE flow so that OVS 1.10 and higher is
used. Make sure you are running the OVS 1.10 kernel
module in addition to the OVS 1.10 userspace. Both the
kernel module and userspace are required for VXLAN
support. The error you see in the
<filename>/var/log/openvswitchovs-vswitchd.log</filename>
log file is "Stderr: 'ovs-ofctl: -1: negative values
not supported for in_port\n'". If you see this error,
make sure <command>modinfo openvswitch</command> shows
the right version. Also check the output from
<command>dmesg</command> for the version of the OVS
module being loaded.</para>
</note>
<para>On the other hand, <link
linkend="install-neutron.install-plug-in.ovs.vlan">VLAN
tagging</link> modifies the ethernet header of packets. You can
filter packets on the physical network through normal methods.
However, not all NICs handle the increased packet size of
VLAN-tagged packets well, and you might need to complete
additional configuration on physical network hardware to ensure
that your Neutron VLANs do not interfere with any other VLANs on
your network and that any physical network hardware between nodes
does not strip VLAN tags.</para>
linkend="install-neutron.install-plug-in.ovs.vlan"
>VLAN tagging</link> modifies the ethernet header of
packets. You can filter packets on the physical network
through normal methods. However, not all NICs handle the
increased packet size of VLAN-tagged packets well, and
you might need to complete additional configuration on
physical network hardware to ensure that your Neutron
VLANs do not interfere with any other VLANs on your
network and that any physical network hardware between
nodes does not strip VLAN tags.</para>
<note>
<para>While the examples in this guide enable network namespaces
by default, you can disable them if issues occur or your kernel
does not support them. Edit the
<para>While the examples in this guide enable network
namespaces by default, you can disable them if issues
occur or your kernel does not support them. Edit the
<filename>/etc/neutron/l3_agent.ini</filename> and
<filename>/etc/neutron/dhcp_agent.ini</filename> files,
respectively:</para>
<filename>/etc/neutron/dhcp_agent.ini</filename>
files, respectively:</para>
<programlisting language="ini">use_namespaces = False</programlisting>
<para>Edit the <filename>/etc/neutron/neutron.conf</filename> file
<para>Edit the
<filename>/etc/neutron/neutron.conf</filename> file
to disable overlapping IP addresses:</para>
<programlisting language="ini">allow_overlapping_ips = False</programlisting>
<para>Note that when network namespaces are disabled, you can have
only one router for each network node and overlapping IP
addresses are not supported.</para>
<para>You must complete additional steps after you create the
initial Neutron virtual networks and router.</para>
<para>Note that when network namespaces are disabled,
you can have only one router for each network node and
overlapping IP addresses are not supported.</para>
<para>You must complete additional steps after you
create the initial Neutron virtual networks and
router.</para>
</note>
</step>
<!-- TODO(sross): support provider networks? you need to modify things above for this to work -->
@ -762,10 +772,12 @@ router_id = <replaceable>EXT_TO_INT_ID</replaceable></programlisting>
<para>Disable packet destination filtering (route
verification) to let the networking services route traffic
to the VMs. Edit the <filename>/etc/sysctl.conf</filename>
file and run the following command to activate changes:</para>
file and run the following command to activate
changes:</para>
<programlisting language="ini">net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0</programlisting>
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen></step>
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
</step>
<step>
<para>Install and configure your networking plug-in
components. To install and configure the network plug-in
@ -915,8 +927,8 @@ firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewal
<para>After you complete OVS configuration <emphasis>and
the core Neutron configuration after this
section</emphasis>, restart the Neutron Open vSwitch
agent<phrase os="opensuse;sles;fedora;centos;rhel">, and set it
to start at boot</phrase>:</para>
agent<phrase os="opensuse;sles;fedora;centos;rhel">,
and set it to start at boot</phrase>:</para>
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput>
<prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput>
@ -1061,9 +1073,8 @@ admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</step>
<step>
<para>Tell Nova about Neutron. Specifically, you must tell
Nova that Neutron will be handling networking and the
firewall. Edit the <filename>/etc/nova/nova.conf</filename>
file:</para>
Nova that Neutron handles networking and the firewall. Edit
the <filename>/etc/nova/nova.conf</filename> file:</para>
<programlisting language="ini">network_api_class=nova.network.neutronv2.api.API
neutron_url=http://<replaceable>controller</replaceable>:9696
neutron_auth_strategy=keystone
@ -1075,8 +1086,8 @@ firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron</programlisting>
<note>
<para>Regardless of which firewall driver you chose when you
configure the network and compute nodes, set this driver
as the No-Op firewall. The difference is that this is a
configured the network and compute nodes, set this driver
as the No-Op firewall. This firewall is a
<emphasis>Nova</emphasis> firewall, and because Neutron
handles the Firewall, you must tell Nova not to use
one.</para>

624
doc/install-guide/section_neutron-per-tenant-routers-with-private-networks.xml
View File

@ -52,7 +52,7 @@
<literal>True</literal> in the configuration file for
each agent. The default is <literal>True</literal>.</para>
</note>
<para>The following table describes the nodes:</para>
<para>This table describes the nodes:</para>
<informaltable rules="all" width="100%">
<col width="20%"/>
<col width="80%"/>
@ -128,7 +128,8 @@
</listitem>
<listitem>
<para>Glance is installed, configured, and running. In
addition, an image named tty must be present.</para>
addition, an image named <literal>tty</literal> must
be present.</para>
</listitem>
<listitem>
<para>Identity is installed, configured, and running. A
@ -142,45 +143,41 @@
<para>Additional services: <itemizedlist>
<listitem>
<para>RabbitMQ is running with default guest
and its password</para>
and its password.</para>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>MySQL server (user is <emphasis
role="bold">root</emphasis> and
password is <emphasis role="bold"
>root</emphasis>)</para>
>root</emphasis>).</para>
</listitem>
</itemizedlist></para>
</listitem>
</orderedlist>
<para><emphasis role="bold">Compute node</emphasis></para>
<para>Compute is installed and configured.</para>
<para>Install and configure Compute.</para>
<section xml:id="demo_routers_with_private_networks_installions">
<title>Install</title>
<para>
<itemizedlist>
<listitem>
<para><emphasis role="bold">Controller
node—Networking server</emphasis></para>
<orderedlist>
<listitem>
<para>Install the Networking
server.</para>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Create database <emphasis
role="bold"
<itemizedlist>
<listitem>
<para><emphasis role="bold">Controller node—Networking
server</emphasis></para>
<procedure>
<step>
<para>Install the Networking server.</para>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Create database <emphasis role="bold"
>ovs_neutron</emphasis>.</para>
</listitem>
<listitem>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename>,
with plug-in choice and Identity
Service user as necessary:</para>
<programlisting language="ini" os="rhel;centos;fedora;opensuse;sles;ubuntu">[DEFAULT]
</step>
<step>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename>,
with plug-in choice and Identity Service
user as necessary:</para>
<programlisting language="ini" os="rhel;centos;fedora;opensuse;sles;ubuntu">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
@ -193,55 +190,49 @@ connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replacea
[keystone_authtoken]
admin_tenant_name=service
admin_user=neutron
admin_password=<replaceable>NEUTRON_PASS</replaceable>
</programlisting>
<programlisting language="ini" os="debian">[DEFAULT]
admin_password=<replaceable>NEUTRON_PASS</replaceable></programlisting>
<programlisting language="ini" os="debian">[DEFAULT]
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
rabbit_password = <replaceable>RABBIT_PASS</replaceable>
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron
</programlisting>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Update the plug-in configuration
file,
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<programlisting language="ini">[ovs]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Update the plug-in configuration file,
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
</programlisting>
</listitem>
<listitem
os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Start the Networking server</para>
<para>The Networking server can be a
service of the operating system. The
command to start the service depends
on your operating system. The
following command runs the Networking
server directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-server --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
enable_tunneling = True</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Start the Networking server.</para>
<para>The Networking server can be a service
of the operating system. The command to
start the service depends on your
operating system. The following command
runs the Networking server
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-server --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Compute node—Compute </emphasis><orderedlist>
<listitem>
<para>Install Compute services.</para>
</listitem>
<listitem>
<para>Update the Compute <filename>
</step>
</procedure>
</listitem>
<listitem>
<para><emphasis role="bold">Compute node—Compute </emphasis><procedure>
<step>
<para>Install Compute services.</para>
</step>
<step>
<para>Update the Compute <filename>
/etc/nova/nova.conf</filename>
configuration file. Make sure the
following line appears at the end
of this file:</para>
<programlisting language="ini">network_api_class=nova.network.neutronv2.api.API
configuration file. Make sure the
following line appears at the end of
this file:</para>
<programlisting language="ini">network_api_class=nova.network.neutronv2.api.API
neutron_admin_username=neutron
neutron_admin_password=<replaceable>NEUTRON_PASS</replaceable>
@ -250,37 +241,35 @@ neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_url=http://controlnode:9696/
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
</programlisting>
</listitem>
<listitem>
<para>Restart relevant Compute
services.</para>
</listitem>
</orderedlist></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute and Networking
node—L2 agent</emphasis></para>
<orderedlist>
<listitem>
<para>Install and start Open
vSwitch.</para>
</listitem>
<listitem>
<para>Install the L2 agent (Neutron Open
vSwitch agent).</para>
</listitem>
<listitem>
<para>Add the integration bridge to the
Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename>:</para>
<programlisting language="ini">[DEFAULT]
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver</programlisting>
</step>
<step>
<para>Restart relevant Compute
services.</para>
</step>
</procedure></para>
</listitem>
<listitem>
<para><emphasis role="bold">Compute and Networking
node—L2 agent</emphasis></para>
<procedure>
<step>
<para>Install and start Open vSwitch.</para>
</step>
<step>
<para>Install the L2 agent (Neutron Open
vSwitch agent).</para>
</step>
<step>
<para>Add the integration bridge to the Open
vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename>:</para>
<programlisting language="ini">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
@ -289,152 +278,143 @@ notification_driver = neutron.openstack.common.notifier.rabbit_notifier
[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>:3306/neutron</programlisting>
</listitem>
<listitem>
<para>Update the plug-in configuration
file, <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.</para>
<para>Compute node:</para>
<programlisting language="ini">[ovs]
</step>
<step>
<para>Update the plug-in configuration file,
<filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.</para>
<para>Compute node:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 9.181.89.202
</programlisting>
<para>Network node:</para>
<programlisting language="ini">[ovs]
local_ip = 9.181.89.202</programlisting>
<para>Network node:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip = 9.181.89.203
</programlisting>
</listitem>
<listitem>
<para>Create the integration bridge
<emphasis role="bold"
>br-int</emphasis>:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl --may-exist add-br br-int</userinput></screen>
</listitem>
<listitem>
<para>Start the Networking L2 agent</para>
<para>The Networking Open vSwitch L2 agent
can be a service of operating system.
The command to start depends on your
operating systems. The following
command runs the service
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-openvswitch-agent --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
local_ip = 9.181.89.203</programlisting>
</step>
<step>
<para>Create the integration bridge <emphasis
role="bold">br-int</emphasis>:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl --may-exist add-br br-int</userinput></screen>
</step>
<step>
<para>Start the Networking L2 agent</para>
<para>The Networking Open vSwitch L2 agent can
be a service of operating system. The
command to start depends on your operating
systems. The following command runs the
service directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-openvswitch-agent --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini \
--config-file /etc/neutron/neutron.conf</userinput></screen>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Network node—DHCP
agent</emphasis></para>
<orderedlist>
<listitem>
<para>Install the DHCP agent.</para>
</listitem>
<listitem>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting language="ini">[DEFAULT]
</step>
</procedure>
</listitem>
<listitem>
<para><emphasis role="bold">Network node—DHCP
agent</emphasis></para>
<procedure>
<step>
<para>Install the DHCP agent.</para>
</step>
<step>
<para>Update the Networking configuration
file, <filename>
/etc/neutron/neutron.conf</filename></para>
<programlisting language="ini">[DEFAULT]
core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
control_exchange = neutron
rabbit_host = <replaceable>controller</replaceable>
rabbit_password = <replaceable>RABBIT_PASS</replaceable>
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
allow_overlapping_ips = True</programlisting>
<para><emphasis role="bold">Set
<para><emphasis role="bold">Set
<literal>allow_overlapping_ips</literal>
because TenantA and TenantC use
overlapping
subnets.</emphasis></para>
</listitem>
<listitem>
<para>Update the DHCP <filename>
/etc/neutron/dhcp_agent.ini</filename>
configuration file:</para>
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</programlisting>
</listitem>
<listitem>
<para>Start the DHCP agent.</para>
<para>The Networking DHCP agent can be a
service of operating system. The
command to start the service depends
on your operating system. The
following command runs the service
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-dhcp-agent --config-file /etc/neutron/neutron.conf \
because TenantA and TenantC use
overlapping subnets.</emphasis></para>
</step>
<step>
<para>Update the DHCP <filename>
/etc/neutron/dhcp_agent.ini</filename>
configuration file:</para>
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver</programlisting>
</step>
<step>
<para>Start the DHCP agent.</para>
<para>The Networking DHCP agent can be a
service of operating system. The command
to start the service depends on your
operating system. The following command
runs the service directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-dhcp-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/dhcp_agent.ini</userinput></screen>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para><emphasis role="bold">Network node—L3
agent</emphasis></para>
<orderedlist>
<listitem>
<para>Install the L3 agent.</para>
</listitem>
<listitem>
<para>Add the external network
bridge</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
</listitem>
<listitem>
<para>Add the physical interface, for
example eth0, that is connected to the
outside network to this bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth0</userinput></screen>
</listitem>
<listitem>
<para>Update the L3 configuration file
<filename>
/etc/neutron/l3_agent.ini</filename>:</para>
<programlisting language="ini">[DEFAULT]
</step>
</procedure>
</listitem>
<listitem>
<para><emphasis role="bold">Network node—L3
agent</emphasis></para>
<procedure>
<step>
<para>Install the L3 agent.</para>
</step>
<step>
<para>Add the external network bridge</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
</step>
<step>
<para>Add the physical interface, for example
eth0, that is connected to the outside
network to this bridge:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex eth0</userinput></screen>
</step>
<step>
<para>Update the L3 configuration file
<filename>
/etc/neutron/l3_agent.ini</filename>:</para>
<programlisting language="ini">[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces=True</programlisting>
<para><emphasis role="bold">Set the
<para><emphasis role="bold">Set the
<literal>use_namespaces</literal>
option (it is True by default)
because TenantA and TenantC have
overlapping subnets, and the
routers are hosted on one l3 agent
network node.</emphasis></para>
</listitem>
<listitem>
<para>Start the L3 agent</para>
<para>The Networking L3 agent can be a
service of operating system. The
command to start the service depends
on your operating system. The
following command starts the agent
directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-l3-agent --config-file /etc/neutron/neutron.conf \
option (it is True by default) because
TenantA and TenantC have overlapping
subnets, and the routers are hosted on
one l3 agent network
node.</emphasis></para>
</step>
<step>
<para>Start the L3 agent</para>
<para>The Networking L3 agent can be a service
of operating system. The command to start
the service depends on your operating
system. The following command starts the
agent directly:</para>
<screen><prompt>#</prompt> <userinput>neutron-l3-agent --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/l3_agent.ini</userinput></screen>
</listitem>
</orderedlist>
</listitem>
</itemizedlist>
</para>
</step>
</procedure>
</listitem>
</itemizedlist>
</section>
<section xml:id="demo_per_tenant_router_network_config">
<title>Configure logical network</title>
<para>All of the commands below can be executed on the network
node.</para>
<para>You can run these commands on the network node.</para>
<note>
<para>Ensure that the following environment variables are
set. Various clients use these to access the Identity
Service.</para>
</note>
<programlisting language="bash">export OS_USERNAME=admin
<programlisting language="bash">export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
<orderedlist>
<listitem>
</note>
<procedure>
<step>
<para>Get the tenant ID (Used as $TENANT_ID
later):</para>
<screen><prompt>#</prompt> <userinput>keystone tenant-list</userinput>
@ -446,11 +426,10 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| 3719a4940bf24b5a8124b58c9b0a6ee6 | TenantB | True |
| 5fcfbc3283a142a5bb6978b549a511ac | demo | True |
| b7445f221cda4f4a8ac7db6b218b1339 | admin | True |
+----------------------------------+---------+---------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Get the user information:</para>
+----------------------------------+---------+---------+</computeroutput></screen>
</step>
<step>
<para>Get user information:</para>
<screen><prompt>#</prompt> <userinput>keystone user-list</userinput>
<computeroutput>+----------------------------------+-------+---------+-------------------+
| id | name | enabled | email |
@ -460,10 +439,9 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| 8e37cb8193cb4873a35802d257348431 | UserC | True | |
| c11f6b09ed3c45c09c21cbbc23e93066 | UserB | True | |
| ca567c4f6c0942bdac0e011e97bddbe3 | UserA | True | |
+----------------------------------+-------+---------+-------------------+
</computeroutput></screen>
</listitem>
<listitem>
+----------------------------------+-------+---------+-------------------+</computeroutput></screen>
</step>
<step>
<para>Create the external network and its subnet by
admin user:</para>
<screen><prompt>#</prompt> <userinput>neutron net-create Ext-Net --provider:network_type local --router:external true</userinput>
@ -482,8 +460,7 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| status | ACTIVE |
| subnets | |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+---------------------------+--------------------------------------+
</computeroutput></screen>
+---------------------------+--------------------------------------+</computeroutput></screen>
<screen><prompt>#</prompt> <userinput>neutron subnet-create Ext-Net 30.0.0.0/24 --disable-dhcp</userinput>
<computeroutput>Created a new subnet:
@ -501,8 +478,7 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| name | |
| network_id | 2c757c9e-d3d6-4154-9a77-336eb99bd573 |
| tenant_id | b7445f221cda4f4a8ac7db6b218b1339 |
+------------------+--------------------------------------------+
</computeroutput></screen>
+------------------+--------------------------------------------+</computeroutput></screen>
<para><emphasis role="bold">
<literal>provider:network_type local</literal>
means that Networking does not have to realize
@ -511,8 +487,8 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
means that an external network is created
where you can create floating IP and router
gateway port.</emphasis></para>
</listitem>
<listitem>
</step>
<step>
<para>Add an IP on external network to br-ex.</para>
<para>Because br-ex is the external network bridge,
add an IP 30.0.0.100/24 to br-ex and ping the
@ -520,13 +496,13 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
node.</para>
<screen><prompt>#</prompt> <userinput>ip addr add 30.0.0.100/24 dev br-ex</userinput>
<prompt>#</prompt> <userinput>ip link set br-ex up</userinput></screen>
</listitem>
<listitem>
</step>
<step>
<para>Serve TenantA.</para>
<para>For TenantA, create a private network, subnet,
server, router, and floating IP.</para>
<orderedlist>
<listitem>
<substeps>
<step>
<para>Create a network for TenantA:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 net-create TenantA-Net</userinput>
@ -561,17 +537,15 @@ export OS_AUTH_URL=http://127.0.0.1:5000/v2.0/</programlisting>
| status | ACTIVE |
| subnets | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------------+--------------------------------------+
</computeroutput></screen>
+---------------------------+--------------------------------------+</computeroutput></screen>
<para>The network has GRE tunnel ID (for
example, provider:segmentation_id)
1.</para>
</listitem>
<listitem>
</step>
<step>
<para>Create a subnet on the network
TenantA-Net:</para>
<screen><prompt>#</prompt> <userinput>
neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantA-Net 10.0.0.0/24</userinput>
<computeroutput>Created a new subnet:
+------------------+--------------------------------------------+
@ -588,23 +562,20 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
| name | |
| network_id | 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+------------------+--------------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
+------------------+--------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create a server for TenantA:</para>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 TenantA_VM1</userinput></screen>
<screen><prompt>$</prompt> <userinput>nova --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
<computeroutput>
+--------------------------------------+-------------+--------+----------------------+
<computeroutput>+--------------------------------------+-------------+--------+----------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------+--------+----------------------+
| 7c5e6499-7ef7-4e36-8216-62c2941d21ff | TenantA_VM1 | ACTIVE | TenantA-Net=10.0.0.3 |
+--------------------------------------+-------------+--------+----------------------+
</computeroutput></screen>
+--------------------------------------+-------------+--------+----------------------+</computeroutput></screen>
<note>
<para>It is important to understand that
you should not attach the instance to
@ -613,8 +584,8 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
accessible from the external
network.</para>
</note>
</listitem>
<listitem>
</step>
<step>
<para>Create and configure a router for
TenantA:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
@ -629,8 +600,7 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
| name | TenantA-R1 |
| status | ACTIVE |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+-----------------------+--------------------------------------+
</computeroutput></screen>
+-----------------------+--------------------------------------+</computeroutput></screen>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 router-interface-add \
TenantA-R1 51e2c223-0492-4385-b6e9-83d4e6d10657</userinput></screen>
@ -639,11 +609,15 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 \
router-gateway-set TenantA-R1 Ext-Net</userinput></screen>
</listitem>
<listitem>
<para>Associate a floating IP for
TenantA_VM1.</para>
<para>1. Create a floating IP:</para>
</step>
</substeps>
</step>
<step>
<para>Associate a floating IP for TenantA_VM1.</para>
<substeps>
<step>
<para>Create a floating IP:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-create Ext-Net</userinput>
<computeroutput>Created a new floatingip:
@ -657,9 +631,10 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
| port_id | |
| router_id | |
| tenant_id | 247e478c599f45b5bd297e8ddbbc9b6a |
+---------------------+--------------------------------------+
</computeroutput></screen>
<para>2. Get the port ID of the VM with ID
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Get the port ID of the VM with ID
7c5e6499-7ef7-4e36-8216-62c2941d21ff:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 port-list -- \
@ -668,9 +643,10 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 6071d430-c66e-4125-b972-9a937c427520 | | fa:16:3e:a0:73:0d | {"subnet_id": "51e2c223-0492-4385-b6e9-83d4e6d10657", "ip_address": "10.0.0.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
</computeroutput></screen>
<para>3. Associate the floating IP with the VM
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Associate the floating IP with the VM
port:</para>
<screen><prompt>$</prompt> <userinput>neutron --os-tenant-name TenantA --os-username UserA --os-password password \
--os-auth-url=http://localhost:5000/v2.0 floatingip-associate \
@ -684,18 +660,19 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
| 5a1f90ed-aa3c-4df3-82cb-116556e96bf1 | 10.0.0.3 | 30.0.0.2 | 6071d430-c66e-4125-b972-9a937c427520 |
+--------------------------------------+------------------+---------------------+--------------------------------------+
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping the public network from the server
of TenantA.</para>
<para>In my environment, 192.168.1.0/24 is my
public network connected with my physical
router, which also connects to the
external network 30.0.0.0/24. With the
floating IP and virtual router, we can
ping the public network within the server
of tenant A:</para>
<screen><prompt>$</prompt> <userinput>ping 192.168.1.1</userinput>
</step>
</substeps>
</step>
<step>
<para>Ping the public network from the server of
TenantA.</para>
<para>In my environment, 192.168.1.0/24 is my public
network connected with my physical router, which
also connects to the external network 30.0.0.0/24.
With the floating IP and virtual router, you can
ping the public network within the server of
tenant A:</para>
<screen><prompt>$</prompt> <userinput>ping 192.168.1.1</userinput>
<computeroutput>PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_req=1 ttl=64 time=1.74 ms
64 bytes from 192.168.1.1: icmp_req=2 ttl=64 time=1.50 ms
@ -705,11 +682,10 @@ neutron --os-tenant-name TenantA --os-username UserA --os-password password \
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Ping floating IP of the TenantA's
server:</para>
<screen><prompt>$</prompt> <userinput>ping 30.0.0.2</userinput>
</step>
<step>
<para>Ping floating IP of the TenantA's server:</para>
<screen><prompt>$</prompt> <userinput>ping 30.0.0.2</userinput>
<computeroutput>PING 30.0.0.2 (30.0.0.2) 56(84) bytes of data.
64 bytes from 30.0.0.2: icmp_req=1 ttl=63 time=45.0 ms
64 bytes from 30.0.0.2: icmp_req=2 ttl=63 time=0.898 ms
@ -719,22 +695,20 @@ rtt min/avg/max/mdev = 1.234/1.495/1.745/0.211 ms
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
</computeroutput></screen>
</listitem>
<listitem>
<para>Create other servers for TenantA.</para>
<para>We can create more servers for TenantA
and add floating IPs for them.</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
</step>
<step>
<para>Create other servers for TenantA.</para>
<para>You can create more servers for TenantA and add
floating IPs for them.</para>
</step>
<step>
<para>Serve TenantC.</para>
<para>For TenantC, we will create two private networks
<para>For TenantC, you create two private networks
with subnet 10.0.0.0/24 and subnet 10.0.1.0/24,
some servers, one router to connect to these two
subnets and some floating IPs.</para>
<orderedlist>
<listitem>
<substeps>
<step>
<para>Create networks and subnets for
TenantC:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
@ -748,7 +722,7 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
--os-auth-url=http://localhost:5000/v2.0 subnet-create TenantC-Net2 \
10.0.1.0/24 --name TenantC-Subnet2</userinput>
</screen>
<para>After that we can use admin user to
<para>After that you can use admin user to
query the network's provider network
information:</para>
<screen><prompt>#</prompt> <userinput>neutron net-show TenantC-Net1</userinput>
@ -789,22 +763,22 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
also note the network IDs and subnet IDs
because you use them to create VMs and
router.</para>
</listitem>
<listitem>
</step>
<step>
<para>Create a server TenantC-VM1 for TenantC
on TenantC-Net1.</para>
<screen><prompt>#</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=91309738-c317-40a3-81bb-bed7a3917a85 TenantC_VM1</userinput></screen>
</listitem>
<listitem>
</step>
<step>
<para>Create a server TenantC-VM3 for TenantC
on TenantC-Net2.</para>
<screen><prompt>#</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 boot --image tty --flavor 1 \
--nic net-id=5b373ad2-7866-44f4-8087-f87148abd623 TenantC_VM3</userinput></screen>
</listitem>
<listitem>
</step>
<step>
<para>List servers of TenantC.</para>
<screen><prompt>#</prompt> <userinput>nova --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 list</userinput>
@ -816,16 +790,16 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
+--------------------------------------+-------------+--------+-----------------------+</computeroutput></screen>
<para>Note the server IDs because you use them
later.</para>
</listitem>
<listitem>
</step>
<step>
<para>Make sure servers get their IPs.</para>
<para>You can use VNC to log on the VMs to
check if they get IPs. If not, you must
make sure that the Networking components
are running correctly and the GRE tunnels
work.</para>
</listitem>
<listitem>
</step>
<step>
<para>Create and configure a router for
TenantC:</para>
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
@ -839,8 +813,8 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
<screen><prompt>#</prompt> <userinput>neutron --os-tenant-name TenantC --os-username UserC --os-password password \
--os-auth-url=http://localhost:5000/v2.0 \
router-gateway-set TenantC-R1 Ext-Net</userinput></screen>
</listitem>
<listitem>
</step>
<step>
<para>Checkpoint: ping from within TenantC's
servers.</para>
<para>Because a router connects to two
@ -849,8 +823,8 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
the router is set, TenantC's servers can
ping external network IPs, such as
192.168.1.1, 30.0.0.1, and so on.</para>
</listitem>
<listitem>
</step>
<step>
<para>Associate floating IPs for TenantC's
servers.</para>
<para>Because a router connects to two
@ -860,16 +834,16 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
servers can ping external network IPs,
such as 192.168.1.1, 30.0.0.1, and so
on.</para>
</listitem>
<listitem>
</step>
<step>
<para>Associate floating IPs for TenantC's
servers.</para>
<para>You can use similar commands to the ones
used in the section for TenantA.</para>
</listitem>
</orderedlist>
</listitem>
</orderedlist>
</step>
</substeps>
</step>
</procedure>
</section>
<section xml:id="section_use-cases-tenant-router">
<title>Use case: per-tenant routers with private
@ -881,20 +855,18 @@ rtt min/avg/max/mdev = 0.898/15.621/45.027/20.793 ms
networks, potentially uplinking those networks to a
router. This model enables tenant-defined, multi-tier
applications, with each tier being a separate network
behind the router. Since there are multiple routers,
tenant subnets can overlap without conflicting, since
access to external networks all happens via SNAT or
Floating IPs. Each router uplink and floating IP is
behind the router. Because there are multiple routers,
tenant subnets can overlap without conflicting, because
access to external networks all happens through SNAT or
floating IPs. Each router uplink and floating IP is
allocated from the external network subnet.</para>
<para>
<mediaobject>
<imageobject>
<imagedata scale="55"
fileref="../common/figures/UseCase-MultiRouter.png"
align="left"/>
</imageobject>
</mediaobject>
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1mmQc8cBUoTEfEns-ehIyQSTvOrjUdl5xeGDv9suVyAY/edit -->
</para>
<mediaobject>
<imageobject>
<imagedata scale="55"
fileref="../common/figures/UseCase-MultiRouter.png"
align="left"/>
</imageobject>
</mediaobject>
<!--Image source link: https://docs.google.com/a/nicira.com/drawings/d/1mmQc8cBUoTEfEns-ehIyQSTvOrjUdl5xeGDv9suVyAY/edit -->
</section>
</section>

44
doc/install-guide/section_nova-controller.xml
View File

@ -2,8 +2,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="nova-controller">
<title>Install the Compute controller services</title>
<title>Install Compute controller services</title>
<para>Compute is a collection of services that enable you to launch
virtual machine instances. You can configure these services to run
on separate nodes or the same node. In this guide, most services
@ -17,13 +16,10 @@
<package>openstack-nova</package> meta-package, which
installs various Compute packages that are used on the
controller node.</para>
<screen os="fedora;rhel;centos"><prompt>#</prompt> <userinput>yum install openstack-nova python-novaclient</userinput></screen>
<para os="ubuntu;debian;opensuse;sles">Install these Compute
packages, which provide the Compute services that run on the
controller node.</para>
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install nova-novncproxy novnc nova-api \
nova-ajax-console-proxy nova-cert nova-conductor \
nova-consoleauth nova-doc nova-scheduler \
@ -38,7 +34,6 @@
openstack-nova-consoleauth openstack-nova-doc \
openstack-nova-novncproxy python-novaclient</userinput></screen>
</step>
<step os="debian">
<para>Respond to the prompts for <link
linkend="debconf-dbconfig-common">database
@ -49,7 +44,6 @@
>API endpoint</link> registration. The <command>nova-manage
db sync</command> command runs automatically.</para>
</step>
<step>
<para>Compute stores information in a database. The examples in
this guide use the MySQL database that is used by other
@ -59,7 +53,6 @@
service password:</para>
<screen os="fedora;rhel;centos;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf \
database connection mysql://nova:<replaceable>NOVA_DBPASS</replaceable>@controller/nova</userinput></screen>
<para os="ubuntu;debian">Edit the
<filename>/etc/nova/nova.conf</filename> file and add these
lines to the <literal>[database]</literal> section:</para>
@ -67,9 +60,7 @@
[database]
# The SQLAlchemy connection string used to connect to the database
connection = mysql://nova:NOVA_DBPASS@controller/nova</programlisting>
</step>
<step os="fedora;rhel;centos;opensuse;sles">
<para>Run the <command>openstack-db</command> command to create
the Compute service database and tables and a
@ -81,7 +72,7 @@ connection = mysql://nova:NOVA_DBPASS@controller/nova</programlisting>
Delete the <filename>nova.sqlite</filename> file created in
the <filename>/var/lib/nova/</filename> directory so that it
does not get used by mistake.</para>
</step>
</step>
<step os="ubuntu">
<para>Use the password you created previously to log in as root.
Create a <literal>nova</literal> database user:</para>
@ -93,24 +84,22 @@ IDENTIFIED BY '<replaceable>NOVA_DBPASS</replaceable>';</userinput>
IDENTIFIED BY '<replaceable>NOVA_DBPASS</replaceable>';</userinput></screen>
</step>
<step os="ubuntu">
<para>Create the tables for the Compute service:</para>
<para>Create the Compute service tables:</para>
<screen><prompt>#</prompt> <userinput>nova-manage db sync</userinput></screen>
</step>
<step>
<para>Set the <literal>my_ip</literal>,
<literal>vncserver_listen</literal>, and
<literal>vncserver_proxyclient_address</literal>
configuration keys to the internal IP address of the
<para>Set the <option>my_ip</option>,
<option>vncserver_listen</option>, and
<option>vncserver_proxyclient_address</option>
configuration options to the internal IP address of the
controller node:</para>
<screen os="fedora;rhel;centos;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.0.10</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 192.168.0.10</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.0.10</userinput></screen>
<para os="ubuntu">Edit the
<filename>/etc/nova/nova.conf</filename> file and add these
lines to the <literal>[DEFAULT]</literal> section:</para>
<para os="debian">In Debian, the the <package>debconf</package>
<para os="debian">In Debian, the <package>debconf</package>
package automatically sets up <literal>my_ip</literal>
parameter but you must edit the
<filename>/etc/nova/nova.conf</filename> file to configure
@ -129,7 +118,6 @@ vncserver_proxyclient_address=192.168.0.10</programlisting>
authenticate with the Identity Service. Use the
<literal>service</literal> tenant and give the user the
<literal>admin</literal> role:</para>
<screen><prompt>#</prompt> <userinput>keystone user-create --name=nova --pass=<replaceable>NOVA_PASS</replaceable> --email=<replaceable>nova@example.com</replaceable></userinput>
<prompt>#</prompt> <userinput>keystone user-role-add --user=nova --tenant=service --role=admin</userinput></screen>
</step>
@ -150,16 +138,16 @@ vncserver_proxyclient_address=192.168.0.10</programlisting>
...
auth_strategy=keystone</programlisting>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Add the credentials to the
<filename>/etc/nova/api-paste.ini</filename> file. Add these
options to the <literal>[filter:authtoken]</literal>
section:</para>
<note><title>Use of .ini files</title>
<para>Files with the extension <filename>.ini</filename>
sometimes need to be edited during initial setup. However,
they should not be used for general configuration tasks.</para>
<note>
<title>Use of .ini files</title>
<para>You might sometimes have to edit <filename>.ini</filename> files
during initial setup. However,
do not edit these files for general configuration tasks.</para>
</note>
<programlisting language="ini">[filter:authtoken]
paste.filter_factory=keystoneclient.middleware.auth_token:filter_factory
@ -178,7 +166,6 @@ admin_password=<replaceable>NOVA_PASS</replaceable></programlisting>
</note>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>You must register Compute with the Identity Service so
that other OpenStack services can locate it. Register the
service and specify the endpoint:</para>
@ -186,7 +173,6 @@ admin_password=<replaceable>NOVA_PASS</replaceable></programlisting>
<screen><prompt>#</prompt> <userinput>keystone service-create --name=nova --type=compute \
--description="Nova Compute service"</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>Use the <literal>id</literal> property that is returned to
create the endpoint.</para>
@ -195,18 +181,15 @@ admin_password=<replaceable>NOVA_PASS</replaceable></programlisting>
--publicurl=http://<replaceable>controller</replaceable>:8774/v2/%\(tenant_id\)s \
--internalurl=http://<replaceable>controller</replaceable>:8774/v2/%\(tenant_id\)s \
--adminurl=http://<replaceable>controller</replaceable>:8774/v2/%\(tenant_id\)s</userinput></screen>
</step>
<step os="fedora;rhel;centos">
<para>Set these configuration keys to configure Compute to use
the Qpid message broker:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf \
DEFAULT rpc_backend nova.openstack.common.rpc.impl_qpid</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname <replaceable>controller</replaceable></userinput>
</screen>
</step>
<step os="ubuntu">
<para>Set these configuration keys to configure Compute to use
the RabbitMQ message broker. Add them to the
@ -251,7 +234,6 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<step>
<para>To verify your configuration, list available
images:</para>
<screen><prompt>#</prompt> <userinput>nova image-list</userinput>
<computeroutput>+--------------------------------------+-----------------+--------+--------+
| ID | Name | Status | Server |