openstack/openstack-manuals
Code Issues Proposed changes

[install] Liberty updates for neutron

Browse Source 
Update neutron configuration for Liberty and address some
consistency issues.

Changes and testing specific to distribution packages
primarily involve Ubuntu. Other distributions may require
additional patches.

Change-Id: I81b1adef8b0455e4415b1dee0f3b91cbe5f600fa
Closes-Bug: 1502760
Implements: blueprint installguide-liberty
This commit is contained in:
Matthew Kassawara 2015-09-23 18:28:59 -05:00 committed by Tom Fifield
parent 0ca1bd741e
commit 88088445ab
7 changed files with 696 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
doc/install-guide/source/neutron-compute-install-option1.rst
View File

@ -1,7 +1,7 @@
Networking Option 1: Provider networks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install and configure the Networking components on a *compute* node.
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
--------------------------------
@ -10,37 +10,46 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, disable VXLAN overlay networks:
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. code-block:: ini
.. code-block:: ini
[vxlan]
enable_vxlan = False
[vxlan]
enable_vxlan = False
#. In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
.. code-block:: ini
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[agent]
...
prevent_arp_spoofing = True
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
.. code-block:: ini
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Return to
:ref:`Networking compute node configuration <neutron-compute-compute>`.

67
doc/install-guide/source/neutron-compute-install-option2.rst
View File

@ -1,7 +1,7 @@
Networking Option 2: Self-service networks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install and configure the Networking components on a *compute* node.
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
--------------------------------
@ -10,45 +10,54 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
.. code-block:: ini
.. code-block:: ini
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
Replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with the IP address of the
underlying physical network interface that handles overlay networks. The
example architecture uses the management interface.
Replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with the IP address of the
underlying physical network interface that handles overlay networks. The
example architecture uses the management interface.
#. In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
.. code-block:: ini
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[agent]
...
prevent_arp_spoofing = True
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
.. code-block:: ini
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Return to
:ref:`Networking compute node configuration <neutron-compute-compute>`.

156
doc/install-guide/source/neutron-compute-install.rst
View File

@ -10,7 +10,7 @@ Prerequisites
Before you install and configure OpenStack Networking, you must
kernel networking parameters to disable reverse-path filtering:
#. Edit the :file:`/etc/sysctl.conf` file to contain the following parameters:
#. Edit the ``/etc/sysctl.conf`` file to contain the following parameters:
.. code-block:: ini
@ -25,8 +25,8 @@ kernel networking parameters to disable reverse-path filtering:
.. only:: ubuntu or rdo or obs
Install the Networking components
---------------------------------
Install the components
----------------------
.. only:: ubuntu
@ -67,77 +67,78 @@ Install the Networking components
Selecting the ML2 plug-in also populates the ``service_plugins`` and
``allow_overlapping_ips`` options in the
:file:`/etc/neutron/neutron.conf` file with the appropriate values.
``/etc/neutron/neutron.conf`` file with the appropriate values.
.. only:: ubuntu or rdo or obs
To configure the Networking common components
---------------------------------------------
Configure the common component
------------------------------
The Networking common component configuration includes the
authentication mechanism, message queue, and plug-in.
.. include:: shared/note_configuration_vary_by_distribution.rst
Edit the ``/etc/neutron/neutron.conf`` file.
#. Edit the ``/etc/neutron/neutron.conf`` file and complete the following
actions:
#. In the ``[database]`` section, comment out any ``connection`` options
because compute nodes do not directly access the database.
* In the ``[database]`` section, comment out any ``connection`` options
because compute nodes do not directly access the database.
#. In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections, configure
RabbitMQ message queue access:
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections, configure
RabbitMQ message queue access:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
rpc_backend = rabbit
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
Replace ``RABBIT_PASS`` with the password you chose for the ``openstack``
account in RabbitMQ.
Replace ``RABBIT_PASS`` with the password you chose for the ``openstack``
account in RabbitMQ.
#. In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
* In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
auth_strategy = keystone
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
.. note::
.. note::
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
#. (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
[DEFAULT]
...
verbose = True
Configure networking options
----------------------------
@ -162,41 +163,26 @@ configure services specific to it.
Configure Compute to use Networking
-----------------------------------
Edit the ``/etc/nova/nova.conf`` file.
#. Edit the ``/etc/nova/nova.conf`` file and complete the following actions:
#. In the ``[DEFAULT]`` section, configure Compute to use the Networking
service:
* In the ``[neutron]`` section, configure access parameters:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
.. note::
The ``firewall_driver`` option uses the ``NoopFirewallDriver`` value
because Compute delegates security group (firewall) operation to the
Networking service.
#. In the ``[neutron]`` section, configure access parameters:
.. code-block:: ini
[neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Finalize installation
---------------------
@ -204,8 +190,8 @@ Finalize installation
.. only:: rdo
#. The Networking service initialization scripts expect a symbolic link
:file:`/etc/neutron/plugin.ini` pointing to the ML2 plug-in configuration
file, :file:`/etc/neutron/plugins/ml2/ml2_conf.ini`. If this symbolic
``/etc/neutron/plugin.ini`` pointing to the ML2 plug-in configuration
file, ``/etc/neutron/plugins/ml2/ml2_conf.ini``. If this symbolic
link does not exist, create it using the following command:
.. code-block:: console
@ -246,9 +232,9 @@ Finalize installation
.. only:: obs
#. The Networking service initialization scripts expect the variable
``NEUTRON_PLUGIN_CONF`` in the :file:`/etc/sysconfig/neutron` file to
``NEUTRON_PLUGIN_CONF`` in the ``/etc/sysconfig/neutron`` file to
reference the ML2 plug-in configuration file. Edit the
:file:`/etc/sysconfig/neutron` file and add the following:
``/etc/sysconfig/neutron`` file and add the following:
.. code-block:: ini
@ -281,7 +267,7 @@ Finalize installation
agent configuration file. Run the following commands to resolve this
issue:
.. code:: console
.. code-block:: console
# cp /etc/init/neutron-plugin-linuxbridge-agent.conf \
/etc/init/neutron-plugin-linuxbridge-agent.conf.orig

318
doc/install-guide/source/neutron-controller-install-option1.rst
View File

@ -9,7 +9,7 @@ Prerequisites
Before you configure networking option 1, you must configure kernel
parameters to disable reverse-path filtering.
#. Edit the :file:`/etc/sysctl.conf` file to contain the following parameters:
#. Edit the ``/etc/sysctl.conf`` file to contain the following parameters:
.. code-block:: ini
@ -22,12 +22,12 @@ parameters to disable reverse-path filtering.
# sysctl -p
Install the networking components
---------------------------------
Install the components
----------------------
.. only:: ubuntu
.. code:: console
.. code-block:: console
# apt-get install neutron-server neutron-plugin-ml2 \
neutron-plugin-linuxbridge-agent neutron-dhcp-agent \
@ -35,14 +35,14 @@ Install the networking components
.. only:: rdo
.. code:: console
.. code-block:: console
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient
.. only:: obs
.. code:: console
.. code-block:: console
# zypper install --no-recommends openstack-neutron \
openstack-neutron-server openstack-neutron-linuxbridge-agent \
@ -54,7 +54,7 @@ Install the networking components
Install and configure the networking components
-----------------------------------------------
#. .. code:: console
#. .. code-block:: console
# apt-get install neutron-server neutron-plugin-linuxbridge-agent \
neutron-dhcp-agent neutron-metadata-agent
@ -75,12 +75,12 @@ Install the networking components
Selecting the ML2 plug-in also populates the ``service_plugins`` and
``allow_overlapping_ips`` options in the
:file:`/etc/neutron/neutron.conf` file with the appropriate values.
``/etc/neutron/neutron.conf`` file with the appropriate values.
.. only:: ubuntu or rdo or obs
Configure the Networking server component
-----------------------------------------
Configure the server component
------------------------------
The Networking server component configuration includes the database,
authentication mechanism, message queue, topology change notifications,
@ -88,108 +88,109 @@ Install the networking components
.. include:: shared/note_configuration_vary_by_distribution.rst
Edit the ``/etc/neutron/neutron.conf`` file.
#. Edit the ``/etc/neutron/neutron.conf`` file and complete the following
actions:
#. In the ``[database]`` section, configure database access:
* In the ``[database]`` section, configure database access:
.. code:: ini
.. code-block:: ini
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
Replace ``NEUTRON_DBPASS`` with the password you chose for the
database.
Replace ``NEUTRON_DBPASS`` with the password you chose for the
database.
#. In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
plug-in and disable additional plug-ins:
* In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
plug-in and disable additional plug-ins:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
core_plugin = ml2
service_plugins =
[DEFAULT]
...
core_plugin = ml2
service_plugins =
#. In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access:
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
rpc_backend = rabbit
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in RabbitMQ.
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in RabbitMQ.
#. In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
* In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
auth_strategy = keystone
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
.. note::
.. note::
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
#. In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
notify Compute of network topology changes:
* In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
notify Compute of network topology changes:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
[nova]
...
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[nova]
...
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
Replace ``NOVA_PASS`` with the password you chose for the ``nova``
user in the Identity service.
Replace ``NOVA_PASS`` with the password you chose for the ``nova``
user in the Identity service.
#. (Optional) To assist with troubleshooting, enable verbose logging in
the ``[DEFAULT]`` section:
* (Optional) To assist with troubleshooting, enable verbose logging in
the ``[DEFAULT]`` section:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
[DEFAULT]
...
verbose = True
Configure the Modular Layer 2 (ML2) plug-in
-------------------------------------------
@ -197,53 +198,54 @@ Configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Linux bridge mechanism to build layer-2 (bridging
and switching) virtual networking infrastructure for instances.
Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
#. Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file and complete the
following actions:
#. In the ``[ml2]`` section, enable flat and VLAN networks:
* In the ``[ml2]`` section, enable flat and VLAN networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
type_drivers = flat,vlan
[ml2]
...
type_drivers = flat,vlan
#. In the ``[ml2]`` section, disable project (private) networks:
* In the ``[ml2]`` section, disable project (private) networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
tenant_network_types =
[ml2]
...
tenant_network_types =
#. In the ``[ml2]`` section, enable the Linux bridge mechanism:
* In the ``[ml2]`` section, enable the Linux bridge mechanism:
.. code:: ini
.. code-block:: ini
[ml2]
...
mechanism_drivers = linuxbridge
[ml2]
...
mechanism_drivers = linuxbridge
.. warning::
.. warning::
After you configure the ML2 plug-in, removing values in the
``type_drivers`` option can lead to database inconsistency.
After you configure the ML2 plug-in, removing values in the
``type_drivers`` option can lead to database inconsistency.
#. In the ``[ml2]`` section, enable the port security extension driver:
* In the ``[ml2]`` section, enable the port security extension driver:
.. code:: ini
.. code-block:: ini
[ml2]
...
extension_drivers = port_security
[ml2]
...
extension_drivers = port_security
#. In the ``[ml2_type_flat]`` section, configure the public flat provider
network:
* In the ``[ml2_type_flat]`` section, configure the public flat provider
network:
.. code-block:: ini
.. code-block:: ini
[ml2_type_flat]
...
flat_networks = public
[ml2_type_flat]
...
flat_networks = public
Configure the Linux bridge agent
--------------------------------
@ -252,73 +254,75 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, disable VXLAN overlay networks:
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. code-block:: ini
.. code-block:: ini
[vxlan]
enable_vxlan = False
[vxlan]
enable_vxlan = False
#. In the ``[agent]`` section, enable ARP spoofing protection:
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
.. code-block:: ini
[agent]
...
prevent_arp_spoofing = True
[agent]
...
prevent_arp_spoofing = True
#. In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
.. code-block:: ini
.. code-block:: ini
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Configure the DHCP agent
------------------------
The :term:`DHCP agent` provides DHCP services for virtual networks.
Edit the ``/etc/neutron/dhcp_agent.ini`` file.
#. Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
networks can access metadata over the network:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
networks can access metadata over the network:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
#. (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
[DEFAULT]
...
verbose = True
Return to
:ref:`Networking controller node configuration

455
doc/install-guide/source/neutron-controller-install-option2.rst
View File

@ -10,7 +10,7 @@ Before you configure networking option 2, you must configure kernel
parameters to enable IP forwarding (routing) and disable reverse-path
filtering.
#. Edit the :file:`/etc/sysctl.conf` file to contain the following parameters:
#. Edit the ``/etc/sysctl.conf`` file to contain the following parameters:
.. code-block:: ini
@ -24,12 +24,12 @@ filtering.
# sysctl -p
Install the Networking components
---------------------------------
Install the components
----------------------
.. only:: ubuntu
.. code:: console
.. code-block:: console
# apt-get install neutron-server neutron-plugin-ml2 \
neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
@ -37,14 +37,14 @@ Install the Networking components
.. only:: rdo
.. code:: console
.. code-block:: console
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient
.. only:: obs
.. code:: console
.. code-block:: console
# zypper install --no-recommends openstack-neutron \
openstack-neutron-server openstack-neutron-linuxbridge-agent \
@ -56,7 +56,7 @@ Install the Networking components
Install and configure the Networking components
-----------------------------------------------
#. .. code:: console
#. .. code-block:: console
# apt-get install neutron-server neutron-plugin-linuxbridge-agent \
neutron-dhcp-agent neutron-metadata-agent
@ -77,116 +77,117 @@ Install the Networking components
Selecting the ML2 plug-in also populates the ``service_plugins`` and
``allow_overlapping_ips`` options in the
:file:`/etc/neutron/neutron.conf` file with the appropriate values.
``/etc/neutron/neutron.conf`` file with the appropriate values.
.. only:: ubuntu or rdo or obs
Configure the Networking server component
-----------------------------------------
Configure the server component
------------------------------
Edit the ``/etc/neutron/neutron.conf`` file.
#. Edit the ``/etc/neutron/neutron.conf`` file and complete the following
actions:
#. In the ``[database]`` section, configure database access:
* In the ``[database]`` section, configure database access:
.. code:: ini
.. code-block:: ini
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
Replace ``NEUTRON_DBPASS`` with the password you chose for the
database.
Replace ``NEUTRON_DBPASS`` with the password you chose for the
database.
#. In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
plug-in, router service, and overlapping IP addresses:
* In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
plug-in, router service, and overlapping IP addresses:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
#. In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access:
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
rpc_backend = rabbit
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in RabbitMQ.
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in RabbitMQ.
#. In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
* In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
auth_strategy = keystone
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
.. note::
.. note::
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
#. In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
notify Compute of network topology changes:
* In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
notify Compute of network topology changes:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
[nova]
...
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[nova]
...
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
Replace ``NOVA_PASS`` with the password you chose for the ``nova``
user in the Identity service.
Replace ``NOVA_PASS`` with the password you chose for the ``nova``
user in the Identity service.
#. (Optional) To assist with troubleshooting, enable verbose logging in
the ``[DEFAULT]`` section:
* (Optional) To assist with troubleshooting, enable verbose logging in
the ``[DEFAULT]`` section:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
[DEFAULT]
...
verbose = True
Configure the Modular Layer 2 (ML2) plug-in
-------------------------------------------
@ -194,67 +195,68 @@ Configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Linux bridge mechanism to build layer-2 (bridging
and switching) virtual networking infrastructure for instances.
Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
#. Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file and complete the
following actions:
#. In the ``[ml2]`` section, enable flat, VLAN, and VXLAN networks:
* In the ``[ml2]`` section, enable flat, VLAN, and VXLAN networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
type_drivers = flat,vlan,vxlan
[ml2]
...
type_drivers = flat,vlan,vxlan
#. In the ``[ml2]`` section, enable VXLAN project (private) networks:
* In the ``[ml2]`` section, enable VXLAN project (private) networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
tenant_network_types = vxlan
[ml2]
...
tenant_network_types = vxlan
#. In the ``[ml2]`` section, enable the Linux bridge and layer-2 population
mechanisms:
* In the ``[ml2]`` section, enable the Linux bridge and layer-2 population
mechanisms:
.. code:: ini
.. code-block:: ini
[ml2]
...
mechanism_drivers = linuxbridge,l2population
[ml2]
...
mechanism_drivers = linuxbridge,l2population
.. warning::
.. warning::
After you configure the ML2 plug-in, removing values in the
``type_drivers`` option can lead to database inconsistency.
After you configure the ML2 plug-in, removing values in the
``type_drivers`` option can lead to database inconsistency.
.. note::
.. note::
The Linux bridge agent only supports VXLAN overlay networks.
The Linux bridge agent only supports VXLAN overlay networks.
#. In the ``[ml2]`` section, enable the port security extension driver:
* In the ``[ml2]`` section, enable the port security extension driver:
.. code:: ini
.. code-block:: ini
[ml2]
...
extension_drivers = port_security
[ml2]
...
extension_drivers = port_security
#. In the ``[ml2_type_flat]`` section, configure the public flat provider
network:
* In the ``[ml2_type_flat]`` section, configure the public flat provider
network:
.. code-block:: ini
.. code-block:: ini
[ml2_type_flat]
...
flat_networks = public
[ml2_type_flat]
...
flat_networks = public
#. In the ``[ml2_type_vxlan]`` section, configure the VXLAN network identifier
range for private networks:
* In the ``[ml2_type_vxlan]`` section, configure the VXLAN network identifier
range for private networks:
.. code:: ini
.. code-block:: ini
[ml2_type_vxlan]
...
vni_ranges = 1:1000
[ml2_type_vxlan]
...
vni_ranges = 1:1000
Configure the Linux bridge agent
--------------------------------
@ -263,53 +265,54 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
.. code-block:: ini
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
[linux_bridge]
physical_interface_mappings = public:PUBLIC_INTERFACE_NAME
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
.. code-block:: ini
.. code-block:: ini
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
Replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with the IP address of the
underlying physical network interface that handles overlay networks. The
example architecture uses the management interface.
Replace ``OVERLAY_INTERFACE_IP_ADDRESS`` with the IP address of the
underlying physical network interface that handles overlay networks. The
example architecture uses the management interface.
#. In the ``[agent]`` section, enable ARP spoofing protection:
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
.. code-block:: ini
[agent]
...
prevent_arp_spoofing = True
[agent]
...
prevent_arp_spoofing = True
#. In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
.. code-block:: ini
.. code-block:: ini
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
Configure the layer-3 agent
---------------------------
@ -317,103 +320,105 @@ Configure the layer-3 agent
The :term:`Layer-3 (L3) agent` provides routing and NAT services for virtual
networks.
Edit the ``/etc/neutron/l3_agent.ini`` file:
#. Edit the ``/etc/neutron/l3_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure the Linux bridge interface driver
and external network bridge:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver
and external network bridge:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
.. note::
.. note::
The ``external_network_bridge`` option intentionally lacks a value
to enable multiple external networks on a single agent.
The ``external_network_bridge`` option intentionally lacks a value
to enable multiple external networks on a single agent.
#. (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
[DEFAULT]
...
verbose = True
Configure the DHCP agent
------------------------
The :term:`DHCP agent` provides DHCP services for virtual networks.
Edit the ``/etc/neutron/dhcp_agent.ini`` file.
#. Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
networks can access metadata over the network:
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
networks can access metadata over the network:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
Overlay networks such as VXLAN include additional packet headers that
increase overhead and decrease space available for the payload or user
data. Without knowledge of the virtual network infrastructure, instances
attempt to send packets using the default Ethernet :term:`maximum
transmission unit (MTU)` of 1500 bytes. :term:`Internet protocol (IP)`
networks contain the :term:`path MTU discovery (PMTUD)` mechanism to detect
end-to-end MTU and adjust packet size accordingly. However, some operating
systems and networks block or otherwise lack support for PMTUD causing
performance degradation or connectivity failure.
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
Ideally, you can prevent these problems by enabling :term:`jumbo frames
<jumbo frame>` on the physical network that contains your tenant virtual
networks. Jumbo frames support MTUs up to approximately 9000 bytes which
negates the impact of VXLAN overhead on virtual networks. However, many
network devices lack support for jumbo frames and OpenStack administrators
often lack control over network infrastructure. Given the latter
complications, you can also prevent MTU problems by reducing the
instance MTU to account for VXLAN overhead. Determining the proper MTU
value often takes experimentation, but 1450 bytes works in most
environments. You can configure the DHCP server that assigns IP
addresses to your instances to also adjust the MTU.
.. code-block:: ini
.. note::
[DEFAULT]
...
verbose = True
Some cloud images ignore the DHCP MTU option in which case you
should configure it using metadata, a script, or other suitable
method.
Overlay networks such as VXLAN include additional packet headers that
increase overhead and decrease space available for the payload or user
data. Without knowledge of the virtual network infrastructure, instances
attempt to send packets using the default Ethernet :term:`maximum
transmission unit (MTU)` of 1500 bytes. :term:`Internet protocol (IP)`
networks contain the :term:`path MTU discovery (PMTUD)` mechanism to detect
end-to-end MTU and adjust packet size accordingly. However, some operating
systems and networks block or otherwise lack support for PMTUD causing
performance degradation or connectivity failure.
#. In the ``[DEFAULT]`` section, enable the :term:`dnsmasq` configuration
file:
Ideally, you can prevent these problems by enabling :term:`jumbo frames
<jumbo frame>` on the physical network that contains your tenant virtual
networks. Jumbo frames support MTUs up to approximately 9000 bytes which
negates the impact of VXLAN overhead on virtual networks. However, many
network devices lack support for jumbo frames and OpenStack administrators
often lack control over network infrastructure. Given the latter
complications, you can also prevent MTU problems by reducing the
instance MTU to account for VXLAN overhead. Determining the proper MTU
value often takes experimentation, but 1450 bytes works in most
environments. You can configure the DHCP server that assigns IP
addresses to your instances to also adjust the MTU.
.. code-block:: ini
.. note::
[DEFAULT]
...
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
Some cloud images ignore the DHCP MTU option in which case you
should configure it using metadata, a script, or other suitable
method.
#. Create and edit the :file:`/etc/neutron/dnsmasq-neutron.conf` file to
enable the DHCP MTU option (26) and configure it to 1450 bytes:
* In the ``[DEFAULT]`` section, enable the :term:`dnsmasq` configuration
file:
.. code-block:: ini
.. code-block:: ini
dhcp-option-force=26,1450
[DEFAULT]
...
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
#. (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
* Create and edit the ``/etc/neutron/dnsmasq-neutron.conf`` file to
enable the DHCP MTU option (26) and configure it to 1450 bytes:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
dhcp-option-force=26,1450
Return to
:ref:`Networking controller node configuration

312
doc/install-guide/source/neutron-controller-install.rst
View File

@ -9,106 +9,133 @@ must create a database, service credentials, and API endpoints.
#. To create the database, complete these steps:
a. Use the database access client to connect to the database server as the
* Use the database access client to connect to the database server as the
``root`` user:
.. code:: console
.. code-block:: console
$ mysql -u root -p
$ mysql -u root -p
#. Create the ``neutron`` database:
* Create the ``neutron`` database:
.. code:: console
.. code-block:: console
CREATE DATABASE neutron;
CREATE DATABASE neutron;
#. Grant proper access to the ``neutron`` database, replacing
``NEUTRON_DBPASS`` with a suitable password:
* Grant proper access to the ``neutron`` database, replacing
``NEUTRON_DBPASS`` with a suitable password:
.. code:: console
.. code-block:: console
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
#. Exit the database access client.
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to admin-only CLI
commands:
.. code:: console
.. code-block:: console
$ source admin-openrc.sh
#. To create the service credentials, complete these steps:
a. Create the ``neutron`` user:
* Create the ``neutron`` user:
.. code:: console
.. code-block:: console
$ openstack user create --password-prompt neutron
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
| enabled | True |
| id | ab67f043d9304017aaa73d692eeb4945 |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
$ openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | b20a6692f77b4258926881bf831eb683 |
| name | neutron |
+-----------+----------------------------------+
#. Add the ``admin`` role to the ``neutron`` user:
.. code:: console
* Add the ``admin`` role to the ``neutron`` user:
$ openstack role add --project service --user neutron admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+
.. code-block:: console
#. Create the ``neutron`` service entity:
$ openstack role add --project service --user neutron admin
.. code:: console
.. note::
$ openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
This command provides no output.
* Create the ``neutron`` service entity:
.. code-block:: console
$ openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
#. Create the Networking service API endpoints:
.. code:: console
.. code-block:: console
$ openstack endpoint create \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696 \
--region RegionOne \
network
$ openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:9696 |
| id | 04a7d3c1de784099aaba83a8a74100b3 |
| internalurl | http://controller:9696 |
| publicurl | http://controller:9696 |
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
Configure networking options
@ -137,99 +164,86 @@ Configure the metadata agent
The :term:`metadata agent <Metadata agent>` provides configuration information
such as credentials to instances.
Edit the ``/etc/neutron/metadata_agent.ini`` file.
#. Edit the ``/etc/neutron/metadata_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure access parameters:
* In the ``[DEFAULT]`` section, configure access parameters:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
[DEFAULT]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = NEUTRON_PASS
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
#. In the ``[DEFAULT]`` section, configure the metadata host:
* In the ``[DEFAULT]`` section, configure the metadata host:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
nova_metadata_ip = controller
[DEFAULT]
...
nova_metadata_ip = controller
#. In the ``[DEFAULT]`` section, configure the metadata proxy shared
secret:
* In the ``[DEFAULT]`` section, configure the metadata proxy shared
secret:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
metadata_proxy_shared_secret = METADATA_SECRET
[DEFAULT]
...
metadata_proxy_shared_secret = METADATA_SECRET
Replace ``METADATA_SECRET`` with a suitable secret for the metadata proxy.
Replace ``METADATA_SECRET`` with a suitable secret for the metadata proxy.
#. (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
...
verbose = True
[DEFAULT]
...
verbose = True
Configure Compute to use Networking
-----------------------------------
Edit the ``/etc/nova/nova.conf`` file:
#. Edit the ``/etc/nova/nova.conf`` file and perform the following actions:
#. In the ``[DEFAULT]`` section, configure Compute to use the Networking
service:
* In the ``[neutron]`` section, configure access parameters, enable the
metadata proxy, and configure the secret:
.. code-block:: ini
.. code-block:: ini
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
.. note::
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
The ``firewall_driver`` option uses the ``NoopFirewallDriver`` value
because Compute delegates security group (firewall) operation to the
Networking service.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
#. In the ``[neutron]`` section, configure access parameters, enable the
metadata proxy, and configure the secret:
.. code-block:: ini
[neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
Replace ``METADATA_SECRET`` with the secret you chose for the metadata
proxy.
Replace ``METADATA_SECRET`` with the secret you chose for the metadata
proxy.
Finalize installation
---------------------
@ -237,11 +251,11 @@ Finalize installation
.. only:: rdo
#. The Networking service initialization scripts expect a symbolic link
:file:`/etc/neutron/plugin.ini` pointing to the ML2 plug-in configuration
file, :file:`/etc/neutron/plugins/ml2/ml2_conf.ini`. If this symbolic
``/etc/neutron/plugin.ini`` pointing to the ML2 plug-in configuration
file, ``/etc/neutron/plugins/ml2/ml2_conf.ini``. If this symbolic
link does not exist, create it using the following command:
.. code:: console
.. code-block:: console
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
@ -264,7 +278,7 @@ Finalize installation
#. Populate the database:
.. code:: console
.. code-block:: console
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
@ -276,7 +290,7 @@ Finalize installation
#. Restart the Compute services:
.. code:: console
.. code-block:: console
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
openstack-nova-conductor.service
@ -286,7 +300,7 @@ Finalize installation
For both networking options:
.. code:: console
.. code-block:: console
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
@ -297,7 +311,7 @@ Finalize installation
For networking option 2, also enable and start the layer-3 service:
.. code:: console
.. code-block:: console
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
@ -305,17 +319,17 @@ Finalize installation
.. only:: obs
#. The Networking service initialization scripts expect the variable
``NEUTRON_PLUGIN_CONF`` in the :file:`/etc/sysconfig/neutron` file to
``NEUTRON_PLUGIN_CONF`` in the ``/etc/sysconfig/neutron`` file to
reference the ML2 plug-in configuration file. Edit the
:file:`/etc/sysconfig/neutron` file and add the following:
``/etc/sysconfig/neutron`` file and add the following:
.. code:: console
.. code-block:: console
NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
#. Restart the Compute services:
.. code:: console
.. code-block:: console
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
openstack-nova-conductor.service
@ -325,7 +339,7 @@ Finalize installation
For both networking options:
.. code:: console
.. code-block:: console
# systemctl enable openstack-neutron.service \
openstack-neutron-linuxbridge.service \
@ -338,7 +352,7 @@ Finalize installation
For networking option 2, also enable and start the layer-3 service:
.. code:: console
.. code-block:: console
# systemctl enable openstack-neutron-l3-agent.service
# systemctl start openstack-neutron-l3-agent.service
@ -350,7 +364,7 @@ Finalize installation
agent configuration file. Run the following commands to resolve this
issue:
.. code:: console
.. code-block:: console
# cp /etc/init/neutron-plugin-linuxbridge-agent.conf \
/etc/init/neutron-plugin-linuxbridge-agent.conf.orig
@ -359,7 +373,7 @@ Finalize installation
#. Populate the database:
.. code:: console
.. code-block:: console
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
@ -371,7 +385,7 @@ Finalize installation
#. Restart the nova-api service:
.. code:: console
.. code-block:: console
# service nova-api restart
@ -379,7 +393,7 @@ Finalize installation
For both networking options:
.. code:: console
.. code-block:: console
# service neutron-server restart
# service neutron-plugin-linuxbridge-agent restart
@ -388,6 +402,6 @@ Finalize installation
For networking option 2, also restart the layer-3 service:
.. code:: console
.. code-block:: console
# service neutron-l3-agent restart

4
doc/install-guide/source/neutron-verify.rst
View File

@ -4,14 +4,14 @@ Verify operation
#. Source the ``admin`` credentials to gain access to admin-only CLI
commands:
.. code:: console
.. code-block:: console
$ source admin-openrc.sh
#. List loaded extensions to verify successful launch of the
``neutron-server`` process:
.. code:: console
.. code-block:: console
$ neutron ext-list
+-----------------------+-----------------------------------------------+