openstack/openstack-manuals
Code Issues Proposed changes

[install] Liberty updates for neutron

Browse Source 
Update neutron configuration for Liberty and address some
consistency issues.

Changes and testing specific to distribution packages
primarily involve Ubuntu. Other distributions may require
additional patches.

Change-Id: I81b1adef8b0455e4415b1dee0f3b91cbe5f600fa
Closes-Bug: 1502760
Implements: blueprint installguide-liberty
This commit is contained in:
Matthew Kassawara 2015-09-23 18:28:59 -05:00 committed by Tom Fifield
parent 0ca1bd741e
commit 88088445ab
7 changed files with 696 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/install-guide/source/neutron-compute-install-option1.rst
View File

@ -1,7 +1,7 @@
Networking Option 1: Provider networks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install and configure the Networking components on a *compute* node.
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
--------------------------------
@ -10,9 +10,10 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
@ -23,14 +24,22 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, disable VXLAN overlay networks:
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. code-block:: ini
[vxlan]
enable_vxlan = False
#. In the ``[securitygroup]`` section, enable security groups, enable
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
[agent]
...
prevent_arp_spoofing = True
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:

19
doc/install-guide/source/neutron-compute-install-option2.rst
View File

@ -1,7 +1,7 @@
Networking Option 2: Self-service networks
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Install and configure the Networking components on a *compute* node.
Configure the Networking components on a *compute* node.
Configure the Linux bridge agent
--------------------------------
@ -10,9 +10,10 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
@ -23,7 +24,7 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
@ -38,7 +39,15 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
underlying physical network interface that handles overlay networks. The
example architecture uses the management interface.
#. In the ``[securitygroup]`` section, enable security groups, enable
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
[agent]
...
prevent_arp_spoofing = True
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:

68
doc/install-guide/source/neutron-compute-install.rst
View File

@ -10,7 +10,7 @@ Prerequisites
Before you install and configure OpenStack Networking, you must
kernel networking parameters to disable reverse-path filtering:
#. Edit the :file:`/etc/sysctl.conf` file to contain the following parameters:
#. Edit the ``/etc/sysctl.conf`` file to contain the following parameters:
.. code-block:: ini
@ -25,8 +25,8 @@ kernel networking parameters to disable reverse-path filtering:
.. only:: ubuntu or rdo or obs
Install the Networking components
---------------------------------
Install the components
----------------------
.. only:: ubuntu
@ -67,24 +67,25 @@ Install the Networking components
Selecting the ML2 plug-in also populates the ``service_plugins`` and
``allow_overlapping_ips`` options in the
:file:`/etc/neutron/neutron.conf` file with the appropriate values.
``/etc/neutron/neutron.conf`` file with the appropriate values.
.. only:: ubuntu or rdo or obs
To configure the Networking common components
---------------------------------------------
Configure the common component
------------------------------
The Networking common component configuration includes the
authentication mechanism, message queue, and plug-in.
.. include:: shared/note_configuration_vary_by_distribution.rst
Edit the ``/etc/neutron/neutron.conf`` file.
#. Edit the ``/etc/neutron/neutron.conf`` file and complete the following
actions:
#. In the ``[database]`` section, comment out any ``connection`` options
* In the ``[database]`` section, comment out any ``connection`` options
because compute nodes do not directly access the database.
#. In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections, configure
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections, configure
RabbitMQ message queue access:
.. code-block:: ini
@ -102,7 +103,7 @@ Edit the ``/etc/neutron/neutron.conf`` file.
Replace ``RABBIT_PASS`` with the password you chose for the ``openstack``
account in RabbitMQ.
#. In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
* In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
.. code-block:: ini
@ -130,7 +131,7 @@ Edit the ``/etc/neutron/neutron.conf`` file.
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
#. (Optional) To assist with troubleshooting, enable verbose logging in the
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
@ -162,38 +163,23 @@ configure services specific to it.
Configure Compute to use Networking
-----------------------------------
Edit the ``/etc/nova/nova.conf`` file.
#. Edit the ``/etc/nova/nova.conf`` file and complete the following actions:
#. In the ``[DEFAULT]`` section, configure Compute to use the Networking
service:
.. code-block:: ini
[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
.. note::
The ``firewall_driver`` option uses the ``NoopFirewallDriver`` value
because Compute delegates security group (firewall) operation to the
Networking service.
#. In the ``[neutron]`` section, configure access parameters:
* In the ``[neutron]`` section, configure access parameters:
.. code-block:: ini
[neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
@ -204,8 +190,8 @@ Finalize installation
.. only:: rdo
#. The Networking service initialization scripts expect a symbolic link
:file:`/etc/neutron/plugin.ini` pointing to the ML2 plug-in configuration
file, :file:`/etc/neutron/plugins/ml2/ml2_conf.ini`. If this symbolic
``/etc/neutron/plugin.ini`` pointing to the ML2 plug-in configuration
file, ``/etc/neutron/plugins/ml2/ml2_conf.ini``. If this symbolic
link does not exist, create it using the following command:
.. code-block:: console
@ -246,9 +232,9 @@ Finalize installation
.. only:: obs
#. The Networking service initialization scripts expect the variable
``NEUTRON_PLUGIN_CONF`` in the :file:`/etc/sysconfig/neutron` file to
``NEUTRON_PLUGIN_CONF`` in the ``/etc/sysconfig/neutron`` file to
reference the ML2 plug-in configuration file. Edit the
:file:`/etc/sysconfig/neutron` file and add the following:
``/etc/sysconfig/neutron`` file and add the following:
.. code-block:: ini
@ -281,7 +267,7 @@ Finalize installation
agent configuration file. Run the following commands to resolve this
issue:
.. code:: console
.. code-block:: console
# cp /etc/init/neutron-plugin-linuxbridge-agent.conf \
/etc/init/neutron-plugin-linuxbridge-agent.conf.orig

80
doc/install-guide/source/neutron-controller-install-option1.rst
View File

@ -9,7 +9,7 @@ Prerequisites
Before you configure networking option 1, you must configure kernel
parameters to disable reverse-path filtering.
#. Edit the :file:`/etc/sysctl.conf` file to contain the following parameters:
#. Edit the ``/etc/sysctl.conf`` file to contain the following parameters:
.. code-block:: ini
@ -22,12 +22,12 @@ parameters to disable reverse-path filtering.
# sysctl -p
Install the networking components
---------------------------------
Install the components
----------------------
.. only:: ubuntu
.. code:: console
.. code-block:: console
# apt-get install neutron-server neutron-plugin-ml2 \
neutron-plugin-linuxbridge-agent neutron-dhcp-agent \
@ -35,14 +35,14 @@ Install the networking components
.. only:: rdo
.. code:: console
.. code-block:: console
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient
.. only:: obs
.. code:: console
.. code-block:: console
# zypper install --no-recommends openstack-neutron \
openstack-neutron-server openstack-neutron-linuxbridge-agent \
@ -54,7 +54,7 @@ Install the networking components
Install and configure the networking components
-----------------------------------------------
#. .. code:: console
#. .. code-block:: console
# apt-get install neutron-server neutron-plugin-linuxbridge-agent \
neutron-dhcp-agent neutron-metadata-agent
@ -75,12 +75,12 @@ Install the networking components
Selecting the ML2 plug-in also populates the ``service_plugins`` and
``allow_overlapping_ips`` options in the
:file:`/etc/neutron/neutron.conf` file with the appropriate values.
``/etc/neutron/neutron.conf`` file with the appropriate values.
.. only:: ubuntu or rdo or obs
Configure the Networking server component
-----------------------------------------
Configure the server component
------------------------------
The Networking server component configuration includes the database,
authentication mechanism, message queue, topology change notifications,
@ -88,11 +88,12 @@ Install the networking components
.. include:: shared/note_configuration_vary_by_distribution.rst
Edit the ``/etc/neutron/neutron.conf`` file.
#. Edit the ``/etc/neutron/neutron.conf`` file and complete the following
actions:
#. In the ``[database]`` section, configure database access:
* In the ``[database]`` section, configure database access:
.. code:: ini
.. code-block:: ini
[database]
...
@ -101,17 +102,17 @@ Install the networking components
Replace ``NEUTRON_DBPASS`` with the password you chose for the
database.
#. In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
* In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
plug-in and disable additional plug-ins:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
core_plugin = ml2
service_plugins =
#. In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access:
.. code-block:: ini
@ -129,7 +130,7 @@ Install the networking components
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in RabbitMQ.
#. In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
* In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
.. code-block:: ini
@ -157,7 +158,7 @@ Install the networking components
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
#. In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
* In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
notify Compute of network topology changes:
.. code-block:: ini
@ -182,10 +183,10 @@ Install the networking components
Replace ``NOVA_PASS`` with the password you chose for the ``nova``
user in the Identity service.
#. (Optional) To assist with troubleshooting, enable verbose logging in
* (Optional) To assist with troubleshooting, enable verbose logging in
the ``[DEFAULT]`` section:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
@ -197,27 +198,28 @@ Configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Linux bridge mechanism to build layer-2 (bridging
and switching) virtual networking infrastructure for instances.
Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
#. Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file and complete the
following actions:
#. In the ``[ml2]`` section, enable flat and VLAN networks:
* In the ``[ml2]`` section, enable flat and VLAN networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
type_drivers = flat,vlan
#. In the ``[ml2]`` section, disable project (private) networks:
* In the ``[ml2]`` section, disable project (private) networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
tenant_network_types =
#. In the ``[ml2]`` section, enable the Linux bridge mechanism:
* In the ``[ml2]`` section, enable the Linux bridge mechanism:
.. code:: ini
.. code-block:: ini
[ml2]
...
@ -228,15 +230,15 @@ Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
After you configure the ML2 plug-in, removing values in the
``type_drivers`` option can lead to database inconsistency.
#. In the ``[ml2]`` section, enable the port security extension driver:
* In the ``[ml2]`` section, enable the port security extension driver:
.. code:: ini
.. code-block:: ini
[ml2]
...
extension_drivers = port_security
#. In the ``[ml2_type_flat]`` section, configure the public flat provider
* In the ``[ml2_type_flat]`` section, configure the public flat provider
network:
.. code-block:: ini
@ -252,9 +254,10 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
@ -265,14 +268,14 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, disable VXLAN overlay networks:
* In the ``[vxlan]`` section, disable VXLAN overlay networks:
.. code-block:: ini
[vxlan]
enable_vxlan = False
#. In the ``[agent]`` section, enable ARP spoofing protection:
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
@ -280,7 +283,7 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
...
prevent_arp_spoofing = True
#. In the ``[securitygroup]`` section, enable security groups, enable
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
@ -297,9 +300,10 @@ Configure the DHCP agent
The :term:`DHCP agent` provides DHCP services for virtual networks.
Edit the ``/etc/neutron/dhcp_agent.ini`` file.
#. Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
networks can access metadata over the network:
@ -311,7 +315,7 @@ Edit the ``/etc/neutron/dhcp_agent.ini`` file.
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
#. (Optional) To assist with troubleshooting, enable verbose logging in the
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini

111
doc/install-guide/source/neutron-controller-install-option2.rst
View File

@ -10,7 +10,7 @@ Before you configure networking option 2, you must configure kernel
parameters to enable IP forwarding (routing) and disable reverse-path
filtering.
#. Edit the :file:`/etc/sysctl.conf` file to contain the following parameters:
#. Edit the ``/etc/sysctl.conf`` file to contain the following parameters:
.. code-block:: ini
@ -24,12 +24,12 @@ filtering.
# sysctl -p
Install the Networking components
---------------------------------
Install the components
----------------------
.. only:: ubuntu
.. code:: console
.. code-block:: console
# apt-get install neutron-server neutron-plugin-ml2 \
neutron-plugin-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \
@ -37,14 +37,14 @@ Install the Networking components
.. only:: rdo
.. code:: console
.. code-block:: console
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge python-neutronclient
.. only:: obs
.. code:: console
.. code-block:: console
# zypper install --no-recommends openstack-neutron \
openstack-neutron-server openstack-neutron-linuxbridge-agent \
@ -56,7 +56,7 @@ Install the Networking components
Install and configure the Networking components
-----------------------------------------------
#. .. code:: console
#. .. code-block:: console
# apt-get install neutron-server neutron-plugin-linuxbridge-agent \
neutron-dhcp-agent neutron-metadata-agent
@ -77,18 +77,19 @@ Install the Networking components
Selecting the ML2 plug-in also populates the ``service_plugins`` and
``allow_overlapping_ips`` options in the
:file:`/etc/neutron/neutron.conf` file with the appropriate values.
``/etc/neutron/neutron.conf`` file with the appropriate values.
.. only:: ubuntu or rdo or obs
Configure the Networking server component
-----------------------------------------
Configure the server component
------------------------------
Edit the ``/etc/neutron/neutron.conf`` file.
#. Edit the ``/etc/neutron/neutron.conf`` file and complete the following
actions:
#. In the ``[database]`` section, configure database access:
* In the ``[database]`` section, configure database access:
.. code:: ini
.. code-block:: ini
[database]
...
@ -97,10 +98,10 @@ Install the Networking components
Replace ``NEUTRON_DBPASS`` with the password you chose for the
database.
#. In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
* In the ``[DEFAULT]`` section, enable the Modular Layer 2 (ML2)
plug-in, router service, and overlapping IP addresses:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
@ -108,7 +109,7 @@ Install the Networking components
service_plugins = router
allow_overlapping_ips = True
#. In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
* In the ``[DEFAULT]`` and ``[oslo_messaging_rabbit]`` sections,
configure RabbitMQ message queue access:
.. code-block:: ini
@ -126,7 +127,7 @@ Install the Networking components
Replace ``RABBIT_PASS`` with the password you chose for the
``openstack`` account in RabbitMQ.
#. In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
* In the ``[DEFAULT]`` and ``[keystone_authtoken]`` sections, configure
Identity service access:
.. code-block:: ini
@ -154,7 +155,7 @@ Install the Networking components
Comment out or remove any other options in the
``[keystone_authtoken]`` section.
#. In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
* In the ``[DEFAULT]`` and ``[nova]`` sections, configure Networking to
notify Compute of network topology changes:
.. code-block:: ini
@ -179,10 +180,10 @@ Install the Networking components
Replace ``NOVA_PASS`` with the password you chose for the ``nova``
user in the Identity service.
#. (Optional) To assist with troubleshooting, enable verbose logging in
* (Optional) To assist with troubleshooting, enable verbose logging in
the ``[DEFAULT]`` section:
.. code:: ini
.. code-block:: ini
[DEFAULT]
...
@ -194,28 +195,29 @@ Configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Linux bridge mechanism to build layer-2 (bridging
and switching) virtual networking infrastructure for instances.
Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
#. Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file and complete the
following actions:
#. In the ``[ml2]`` section, enable flat, VLAN, and VXLAN networks:
* In the ``[ml2]`` section, enable flat, VLAN, and VXLAN networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
type_drivers = flat,vlan,vxlan
#. In the ``[ml2]`` section, enable VXLAN project (private) networks:
* In the ``[ml2]`` section, enable VXLAN project (private) networks:
.. code:: ini
.. code-block:: ini
[ml2]
...
tenant_network_types = vxlan
#. In the ``[ml2]`` section, enable the Linux bridge and layer-2 population
* In the ``[ml2]`` section, enable the Linux bridge and layer-2 population
mechanisms:
.. code:: ini
.. code-block:: ini
[ml2]
...
@ -230,15 +232,15 @@ Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
The Linux bridge agent only supports VXLAN overlay networks.
#. In the ``[ml2]`` section, enable the port security extension driver:
* In the ``[ml2]`` section, enable the port security extension driver:
.. code:: ini
.. code-block:: ini
[ml2]
...
extension_drivers = port_security
#. In the ``[ml2_type_flat]`` section, configure the public flat provider
* In the ``[ml2_type_flat]`` section, configure the public flat provider
network:
.. code-block:: ini
@ -247,10 +249,10 @@ Edit the ``/etc/neutron/plugins/ml2/ml2_conf.ini`` file.
...
flat_networks = public
#. In the ``[ml2_type_vxlan]`` section, configure the VXLAN network identifier
* In the ``[ml2_type_vxlan]`` section, configure the VXLAN network identifier
range for private networks:
.. code:: ini
.. code-block:: ini
[ml2_type_vxlan]
...
@ -263,9 +265,10 @@ The Linux bridge agent builds layer-2 (bridging and switching) virtual
networking infrastructure for instances including VXLAN tunnels for private
networks and handles security groups.
Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
#. Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file and
complete the following actions:
#. In the ``[linux_bridge]`` section, map the public virtual network to the
* In the ``[linux_bridge]`` section, map the public virtual network to the
public physical network interface:
.. code-block:: ini
@ -276,7 +279,7 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
Replace ``PUBLIC_INTERFACE_NAME`` with the name of the underlying physical
public network interface.
#. In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
* In the ``[vxlan]`` section, enable VXLAN overlay networks, configure the
IP address of the physical network interface that handles overlay
networks, and enable layer-2 population:
@ -291,7 +294,7 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
underlying physical network interface that handles overlay networks. The
example architecture uses the management interface.
#. In the ``[agent]`` section, enable ARP spoofing protection:
* In the ``[agent]`` section, enable ARP spoofing protection:
.. code-block:: ini
@ -299,7 +302,7 @@ Edit the ``/etc/neutron/plugins/ml2/linuxbridge_agent.conf`` file.
...
prevent_arp_spoofing = True
#. In the ``[securitygroup]`` section, enable security groups, enable
* In the ``[securitygroup]`` section, enable security groups, enable
:term:`ipset`, and configure the Linux bridge :term:`iptables` firewall
driver:
@ -317,9 +320,10 @@ Configure the layer-3 agent
The :term:`Layer-3 (L3) agent` provides routing and NAT services for virtual
networks.
Edit the ``/etc/neutron/l3_agent.ini`` file:
#. Edit the ``/etc/neutron/l3_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure the Linux bridge interface driver
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver
and external network bridge:
.. code-block:: ini
@ -334,7 +338,7 @@ Edit the ``/etc/neutron/l3_agent.ini`` file:
The ``external_network_bridge`` option intentionally lacks a value
to enable multiple external networks on a single agent.
#. (Optional) To assist with troubleshooting, enable verbose logging in the
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
@ -348,9 +352,10 @@ Configure the DHCP agent
The :term:`DHCP agent` provides DHCP services for virtual networks.
Edit the ``/etc/neutron/dhcp_agent.ini`` file.
#. Edit the ``/etc/neutron/dhcp_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
* In the ``[DEFAULT]`` section, configure the Linux bridge interface driver,
Dnsmasq DHCP driver, and enable isolated metadata so instances on public
networks can access metadata over the network:
@ -362,6 +367,15 @@ Edit the ``/etc/neutron/dhcp_agent.ini`` file.
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
[DEFAULT]
...
verbose = True
Overlay networks such as VXLAN include additional packet headers that
increase overhead and decrease space available for the payload or user
data. Without knowledge of the virtual network infrastructure, instances
@ -390,7 +404,7 @@ addresses to your instances to also adjust the MTU.
should configure it using metadata, a script, or other suitable
method.
#. In the ``[DEFAULT]`` section, enable the :term:`dnsmasq` configuration
* In the ``[DEFAULT]`` section, enable the :term:`dnsmasq` configuration
file:
.. code-block:: ini
@ -399,22 +413,13 @@ addresses to your instances to also adjust the MTU.
...
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
#. Create and edit the :file:`/etc/neutron/dnsmasq-neutron.conf` file to
* Create and edit the ``/etc/neutron/dnsmasq-neutron.conf`` file to
enable the DHCP MTU option (26) and configure it to 1450 bytes:
.. code-block:: ini
dhcp-option-force=26,1450
#. (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
[DEFAULT]
...
verbose = True
Return to
:ref:`Networking controller node configuration
<neutron-controller-metadata-agent>`.

184
doc/install-guide/source/neutron-controller-install.rst
View File

@ -9,72 +9,70 @@ must create a database, service credentials, and API endpoints.
#. To create the database, complete these steps:
a. Use the database access client to connect to the database server as the
* Use the database access client to connect to the database server as the
``root`` user:
.. code:: console
.. code-block:: console
$ mysql -u root -p
#. Create the ``neutron`` database:
* Create the ``neutron`` database:
.. code:: console
.. code-block:: console
CREATE DATABASE neutron;
#. Grant proper access to the ``neutron`` database, replacing
* Grant proper access to the ``neutron`` database, replacing
``NEUTRON_DBPASS`` with a suitable password:
.. code:: console
.. code-block:: console
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
#. Exit the database access client.
* Exit the database access client.
#. Source the ``admin`` credentials to gain access to admin-only CLI
commands:
.. code:: console
.. code-block:: console
$ source admin-openrc.sh
#. To create the service credentials, complete these steps:
a. Create the ``neutron`` user:
* Create the ``neutron`` user:
.. code:: console
.. code-block:: console
$ openstack user create --password-prompt neutron
$ openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+----------+----------------------------------+
+-----------+----------------------------------+
| Field | Value |
+----------+----------------------------------+
| email | None |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | ab67f043d9304017aaa73d692eeb4945 |
| id | b20a6692f77b4258926881bf831eb683 |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
+-----------+----------------------------------+
#. Add the ``admin`` role to the ``neutron`` user:
.. code:: console
* Add the ``admin`` role to the ``neutron`` user:
.. code-block:: console
$ openstack role add --project service --user neutron admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cd2cb9a39e874ea69e5d4b896eb16128 |
| name | admin |
+-------+----------------------------------+
#. Create the ``neutron`` service entity:
.. note::
.. code:: console
This command provides no output.
* Create the ``neutron`` service entity:
.. code-block:: console
$ openstack service create --name neutron \
--description "OpenStack Networking" network
@ -90,25 +88,54 @@ must create a database, service credentials, and API endpoints.
#. Create the Networking service API endpoints:
.. code:: console
.. code-block:: console
$ openstack endpoint create \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696 \
--region RegionOne \
network
$ openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| adminurl | http://controller:9696 |
| id | 04a7d3c1de784099aaba83a8a74100b3 |
| internalurl | http://controller:9696 |
| publicurl | http://controller:9696 |
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
Configure networking options
@ -137,9 +164,10 @@ Configure the metadata agent
The :term:`metadata agent <Metadata agent>` provides configuration information
such as credentials to instances.
Edit the ``/etc/neutron/metadata_agent.ini`` file.
#. Edit the ``/etc/neutron/metadata_agent.ini`` file and complete the following
actions:
#. In the ``[DEFAULT]`` section, configure access parameters:
* In the ``[DEFAULT]`` section, configure access parameters:
.. code-block:: ini
@ -158,7 +186,7 @@ Edit the ``/etc/neutron/metadata_agent.ini`` file.
Replace ``NEUTRON_PASS`` with the password you chose for the ``neutron``
user in the Identity service.
#. In the ``[DEFAULT]`` section, configure the metadata host:
* In the ``[DEFAULT]`` section, configure the metadata host:
.. code-block:: ini
@ -166,7 +194,7 @@ Edit the ``/etc/neutron/metadata_agent.ini`` file.
...
nova_metadata_ip = controller
#. In the ``[DEFAULT]`` section, configure the metadata proxy shared
* In the ``[DEFAULT]`` section, configure the metadata proxy shared
secret:
.. code-block:: ini
@ -177,7 +205,7 @@ Edit the ``/etc/neutron/metadata_agent.ini`` file.
Replace ``METADATA_SECRET`` with a suitable secret for the metadata proxy.
#. (Optional) To assist with troubleshooting, enable verbose logging in the
* (Optional) To assist with troubleshooting, enable verbose logging in the
``[DEFAULT]`` section:
.. code-block:: ini
@ -189,26 +217,9 @@ Edit the ``/etc/neutron/metadata_agent.ini`` file.
Configure Compute to use Networking
-----------------------------------
Edit the ``/etc/nova/nova.conf`` file:
#. Edit the ``/etc/nova/nova.conf`` file and perform the following actions:
#. In the ``[DEFAULT]`` section, configure Compute to use the Networking
service:
.. code-block:: ini
[DEFAULT]
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
.. note::
The ``firewall_driver`` option uses the ``NoopFirewallDriver`` value
because Compute delegates security group (firewall) operation to the
Networking service.
#. In the ``[neutron]`` section, configure access parameters, enable the
* In the ``[neutron]`` section, configure access parameters, enable the
metadata proxy, and configure the secret:
.. code-block:: ini
@ -216,11 +227,14 @@ Edit the ``/etc/nova/nova.conf`` file:
[neutron]
...
url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = NEUTRON_PASS
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
@ -237,11 +251,11 @@ Finalize installation
.. only:: rdo
#. The Networking service initialization scripts expect a symbolic link
:file:`/etc/neutron/plugin.ini` pointing to the ML2 plug-in configuration
file, :file:`/etc/neutron/plugins/ml2/ml2_conf.ini`. If this symbolic
``/etc/neutron/plugin.ini`` pointing to the ML2 plug-in configuration
file, ``/etc/neutron/plugins/ml2/ml2_conf.ini``. If this symbolic
link does not exist, create it using the following command:
.. code:: console
.. code-block:: console
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
@ -264,7 +278,7 @@ Finalize installation
#. Populate the database:
.. code:: console
.. code-block:: console
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
@ -276,7 +290,7 @@ Finalize installation
#. Restart the Compute services:
.. code:: console
.. code-block:: console
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
openstack-nova-conductor.service
@ -286,7 +300,7 @@ Finalize installation
For both networking options:
.. code:: console
.. code-block:: console
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
@ -297,7 +311,7 @@ Finalize installation
For networking option 2, also enable and start the layer-3 service:
.. code:: console
.. code-block:: console
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
@ -305,17 +319,17 @@ Finalize installation
.. only:: obs
#. The Networking service initialization scripts expect the variable
``NEUTRON_PLUGIN_CONF`` in the :file:`/etc/sysconfig/neutron` file to
``NEUTRON_PLUGIN_CONF`` in the ``/etc/sysconfig/neutron`` file to
reference the ML2 plug-in configuration file. Edit the
:file:`/etc/sysconfig/neutron` file and add the following:
``/etc/sysconfig/neutron`` file and add the following:
.. code:: console
.. code-block:: console
NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
#. Restart the Compute services:
.. code:: console
.. code-block:: console
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
openstack-nova-conductor.service
@ -325,7 +339,7 @@ Finalize installation
For both networking options:
.. code:: console
.. code-block:: console
# systemctl enable openstack-neutron.service \
openstack-neutron-linuxbridge.service \
@ -338,7 +352,7 @@ Finalize installation
For networking option 2, also enable and start the layer-3 service:
.. code:: console
.. code-block:: console
# systemctl enable openstack-neutron-l3-agent.service
# systemctl start openstack-neutron-l3-agent.service
@ -350,7 +364,7 @@ Finalize installation
agent configuration file. Run the following commands to resolve this
issue:
.. code:: console
.. code-block:: console
# cp /etc/init/neutron-plugin-linuxbridge-agent.conf \
/etc/init/neutron-plugin-linuxbridge-agent.conf.orig
@ -359,7 +373,7 @@ Finalize installation
#. Populate the database:
.. code:: console
.. code-block:: console
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
@ -371,7 +385,7 @@ Finalize installation
#. Restart the nova-api service:
.. code:: console
.. code-block:: console
# service nova-api restart
@ -379,7 +393,7 @@ Finalize installation
For both networking options:
.. code:: console
.. code-block:: console
# service neutron-server restart
# service neutron-plugin-linuxbridge-agent restart
@ -388,6 +402,6 @@ Finalize installation
For networking option 2, also restart the layer-3 service:
.. code:: console
.. code-block:: console
# service neutron-l3-agent restart

4
doc/install-guide/source/neutron-verify.rst
View File

@ -4,14 +4,14 @@ Verify operation
#. Source the ``admin`` credentials to gain access to admin-only CLI
commands:
.. code:: console
.. code-block:: console
$ source admin-openrc.sh
#. List loaded extensions to verify successful launch of the
``neutron-server`` process:
.. code:: console
.. code-block:: console
$ neutron ext-list
+-----------------------+-----------------------------------------------+