From 06d96b44c8c93fef9e641d25b73af6f80df27f33 Mon Sep 17 00:00:00 2001 From: Matt Kassawara Date: Thu, 3 Apr 2014 12:22:28 -0600 Subject: [PATCH] Added ML2 compute node section to Neutron chapter As part of the installation guide improvement project, I performed the following operations on the Neutron chapter: 1) Added ML2 plug-in compute node section. 2) Added terms to the glossary as necessary. This patch primarily covers content. Future patches may address structure and/or appearance issues. Change-Id: Ibc3a67dc3e271b61b8debab8c634c32a5be11024 Partial-Bug: #1291071 Implements: blueprint networking-install-guide-improvements --- doc/install-guide/ch_networking.xml | 1 + .../section_neutron-ml2-compute-node.xml | 400 ++++++++++++++++++ 2 files changed, 401 insertions(+) create mode 100644 doc/install-guide/section_neutron-ml2-compute-node.xml diff --git a/doc/install-guide/ch_networking.xml b/doc/install-guide/ch_networking.xml index 0c64440826..d07c871c07 100644 --- a/doc/install-guide/ch_networking.xml +++ b/doc/install-guide/ch_networking.xml @@ -49,6 +49,7 @@ we recommend using the Open vSwitch (OVS) plug-in. + diff --git a/doc/install-guide/section_neutron-ml2-compute-node.xml b/doc/install-guide/section_neutron-ml2-compute-node.xml new file mode 100644 index 0000000000..771e60a11f --- /dev/null +++ b/doc/install-guide/section_neutron-ml2-compute-node.xml @@ -0,0 +1,400 @@ + +
+ Configure compute node + + Prerequisites + Before you configure Networking, you must enable certain kernel + networking functions. + + Edit /etc/sysctl.conf to contain the + following: + net.ipv4.conf.all.rp_filter=0 +net.ipv4.conf.default.rp_filter=0 + + + Implement the changes: + # sysctl -p + + + + To install the Networking components: + + # apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ + openvswitch-datapath-dkms + # yum install openstack-neutron-ml2 openstack-neutron-openvswitch + # zypper install openstack-neutron-openvswitch-agent + + Ubuntu installations using Linux kernel version 3.11 or newer + do not require the openvswitch-datapath-dkms + package. + + + SUSE does not use a separate ML2 plug-in package. + + + + + To configure the Networking common components: + The Networking common component configuration includes the + authentication mechanism, messaging service, and plug-in. + + Respond to prompts for + database management, + Identity service + credentials, + service endpoint + registration, and + messaging service + credentials. + + + Configure Networking to use the Identity service for + authentication: + Replace NEUTRON_PASS with the + password you chose for the neutron user + in the Identity service. + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + auth_strategy keystone +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_uri http://controller:5000 +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_host controller +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_protocol http +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_port 35357 +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_tenant_name service +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_user neutron +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_password NEUTRON_PASS + + + Configure Networking to use the Identity service for + authentication: + + + Edit the /etc/neutron/neutron.conf + file and add the following key to the + [DEFAULT] section: + [DEFAULT] +... +auth_strategy = keystone + Add the following keys to the + [keystone_authtoken] section: + Replace NEUTRON_PASS with the + password you chose for the neutron user + in the Identity service. + [keystone_authtoken] +... +auth_uri = http://controller:5000 +auth_host = controller +auth_protocol = http +auth_port = 35357 +admin_tenant_name = service +admin_user = neutron +admin_password = NEUTRON_PASS + + + + + Configure Networking to use the messaging service: + Replace RABBIT_PASS with the password + you chose for the guest account in + RabbitMQ. + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_kombu +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_host controller +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_userid guest +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_password RABBIT_PASS + + + Configure Networking to use the messaging service: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_qpid +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_hostname controller +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_port 5672 +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_username guest +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_password guest + + + Configure Networking to use the messaging service: + + + Edit the /etc/neutron/neutron.conf file + and add the following keys to the [DEFAULT] + section: + Replace RABBIT_PASS with the + password you chose for the guest account in + RabbitMQ. + [DEFAULT] +... +rpc_backend = neutron.openstack.common.rpc.impl_kombu +rabbit_host = controller +rabbit_password = RABBIT_PASS + + + + + Configure Networking to use the Modular Layer 2 (ML2) plug-in + and associated services: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + core_plugin neutron.plugins.ml2.plugin.Ml2Plugin +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin + + You must comment out any lines in the + [service_providers] section. + + + We recommend adding verbose = True to + the [DEFAULT] section in + /etc/neutron/neutron.conf to assist with + troubleshooting. + + + + Configure Networking to use the Modular Layer 2 (ML2) plug-in + and associated services: + + + Edit the /etc/neutron/neutron.conf file + and add the following keys to the [DEFAULT] + section: + [DEFAULT] +... +core_plugin = ml2 +service_plugins = router +allow_overlapping_ips = True + + + + You must comment out any lines in the + [service_providers] section. + + + We recommend adding verbose = True to + the [DEFAULT] section in + /etc/neutron/neutron.conf to assist with + troubleshooting. + + + + + To configure the Modular Layer 2 (ML2) plug-in: + The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to + build the virtual networking framework for instances. + + Run the following commands: + Replace + INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS + with the IP address of the instance tunnels network interface on + your compute node. + # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ + type_drivers gre +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ + tenant_network_types gre +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ + mechanism_drivers openvswitch +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \ + tunnel_id_ranges 1:1000 +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \ + local_ip INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \ + tunnel_type gre +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \ + enable_tunneling True +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ + firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini security_group \ + enable_security_group True + + + Edit the + /etc/neutron/plugins/ml2/ml2_conf.ini + file: + Add the following keys to the [ml2] + section: + [ml2] +... +type_drivers = gre +tenant_network_types = gre +mechanism_drivers = openvswitch + Add the following keys to the + [ml2_type_gre] section: + [ml2_type_gre] +... +tunnel_id_ranges = 1:1000 + Add the [ovs] section and the following + keys to it: + Replace + INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS + with the IP address of the instance tunnels network interface on + your compute node. + [ovs] +... +local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS +tunnel_type = gre +enable_tunneling = True + Add the [securitygroup] section and the + following keys to it: + [securitygroup] +... +firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + Add the following key to the + [security_group] section: + [security_group] +... +enable_security_group = True + + + + To configure the Open vSwitch (OVS) service: + The OVS service provides the underlying virtual networking framework + for instances. The integration bridge br-int handles + internal instance network traffic within OVS. + + Start the OVS service and configure it to start when the system + boots: + # service openvswitch start +# chkconfig openvswitch on + + + Start the OVS service and configure it to start when the system + boots: + # service openvswitch-switch start +# chkconfig openvswitch-switch on + + + Restart the OVS service: + # service openvswitch-switch restart + + + Restart the OVS service: + # service openvswitch restart + + + Add the integration bridge: + # ovs-vsctl add-br br-int + + + + To configure Compute to use Networking: + By default, most distributions configure Compute to use legacy + networking. You must reconfigure Compute to manage networks through + OpenStack Networking. + + Run the following commands: + Replace NEUTRON_PASS with the + password you chose for the neutron user + in the Identity service. + # openstack-config --set /etc/nova/nova.conf DEFAULT \ + network_api_class nova.network.neutronv2.api.API +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_url http://controller:9696 +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_auth_strategy keystone +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_tenant_name service +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_username neutron +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_password NEUTRON_PASS +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_auth_url http://controller:35357/v2.0 +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + firewall_driver nova.virt.firewall.NoopFirewallDriver +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + security_group_api neutron + + By default, Compute uses an internal firewall service. Since + Networking includes a firewall service, you must disable the + Compute firewall service by using the + nova.virt.firewall.NoopFirewallDriver firewall + driver. + + + + Edit the /etc/nova/nova.conf and add the + following keys to the [DEFAULT] section: + Replace NEUTRON_PASS with the + password you chose for the neutron user + in the Identity service. + [DEFAULT] +... +network_api_class = nova.network.neutronv2.api.API +neutron_url = http://controller:9696 +neutron_auth_strategy = keystone +neutron_admin_tenant_name = service +neutron_admin_username = neutron +neutron_admin_password = NEUTRON_PASS +neutron_admin_auth_url = http://controller:35357/v2.0 +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + + By default, Compute uses an internal firewall service. Since + Networking includes a firewall service, you must disable the + Compute firewall service by using the + nova.virt.firewall.NoopFirewallDriver firewall + driver. + + + + + To finalize the installation: + + The Networking service initialization scripts expect a symbolic + link /etc/neutron/plugin.ini pointing to the + configuration file associated with your chosen plug-in. Using + ML2, for example, the symbolic link must point to + /etc/neutron/plugins/ml2/ml2_conf.ini. + If this symbolic link does not exist, create it using the + following commands: + # cd /etc/neutron +# ln -s plugins/ml2/ml2_conf.ini plugin.ini + + + The Networking service initialization scripts expect the variable + NEUTRON_PLUGIN_CONF in the + /etc/sysconfig/neutron file to reference the + configuration file associated with your chosen plug-in. Using + ML2, for example, edit the + /etc/sysconfig/neutron file and add the + following: + NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" + + + Restart the Compute service: + # service openstack-nova-compute restart + # service nova-compute restart + + + Start the Open vSwitch (OVS) agent and configure it to start when + the system boots: + # service neutron-openvswitch-agent start +# chkconfig neutron-openvswitch-agent on + # service openstack-neutron-openvswitch-agent start +# chkconfig openstack-neutron-openvswitch-agent on + + + Restart the Open vSwitch (OVS) agent: + # service neutron-plugin-openvswitch-agent restart + + +