diff --git a/doc/glossary/glossary-terms.xml b/doc/glossary/glossary-terms.xml index f092614100..55e7d6936a 100644 --- a/doc/glossary/glossary-terms.xml +++ b/doc/glossary/glossary-terms.xml @@ -8477,6 +8477,20 @@ + + virtual extensible LAN (VXLAN) + + virtual extensible LAN (VXLAN) + + + + A network virtualization technology that attempts to reduce the + scalability problems associated with large cloud computing + deployments. It uses a VLAN-like encapsulation technique to + encapsulate Ethernet frames within UDP packets. + + + Virtual Hard Disk (VHD) diff --git a/doc/install-guide/section_neutron-compute-node.xml b/doc/install-guide/section_neutron-compute-node.xml index b884aecbfc..e652b0a910 100644 --- a/doc/install-guide/section_neutron-compute-node.xml +++ b/doc/install-guide/section_neutron-compute-node.xml @@ -49,7 +49,7 @@ net.ipv4.conf.default.rp_filter=0 >Identity service credentials, service endpoint registration, and message broker credentials. + >message queue credentials. Select the ML2 plug-in: @@ -74,7 +74,14 @@ net.ipv4.conf.default.rp_filter=0 To configure the Networking common components The Networking common component configuration includes the - authentication mechanism, message broker, and plug-in. + authentication mechanism, message queue, and plug-in. + + Default configuration files vary by distribution. You might need + to add these sections and options rather than modifying existing + sections and options. Also, an ellipsis (...) in the configuration + snippets indicates potential default configuration options that you + should retain. + Edit the /etc/neutron/neutron.conf file and complete the following actions: @@ -85,15 +92,20 @@ net.ipv4.conf.default.rp_filter=0 do not directly access the database. - In the [DEFAULT] section, configure - RabbitMQ message broker access: + In the [DEFAULT] and + [oslo_messaging_rabbit] sections, configure + RabbitMQ message queue access: [DEFAULT] ... rpc_backend = rabbit + +[oslo_messaging_rabbit] +... rabbit_host = controller +rabbit_userid = openstack rabbit_password = RABBIT_PASS Replace RABBIT_PASS with the - password you chose for the guest account in + password you chose for the openstack account in RabbitMQ. @@ -106,19 +118,20 @@ auth_strategy = keystone [keystone_authtoken] ... -auth_uri = http://controller:5000/v2.0 -identity_uri = http://controller:35357 -admin_tenant_name = service -admin_user = neutron -admin_password = NEUTRON_PASS +auth_uri = http://controller:5000 +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = neutron +password = NEUTRON_PASS Replace NEUTRON_PASS with the password you chose or the neutron user in the Identity service. - Comment out any auth_host, - auth_port, and - auth_protocol options because the - identity_uri option replaces them. + Comment out or remove any other options in the + [keystone_authtoken] section. @@ -153,13 +166,15 @@ verbose = True In the [ml2] section, enable the - flat and - generic routing encapsulation (GRE) + flat, + VLAN, + generic routing encapsulation (GRE), and + virtual extensible LAN (VXLAN) network type drivers, GRE tenant networks, and the OVS mechanism driver: [ml2] ... -type_drivers = flat,gre +type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch @@ -186,8 +201,7 @@ firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewal and configure the local tunnel endpoint: [ovs] ... -local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS -enable_tunneling = True +local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface @@ -341,9 +355,16 @@ admin_password = NEUTRON_PASS +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ -... +| 30275801-e17a-41e4-8f53-9db63544f689 | Metadata agent | network | :-) | True | neutron-metadata-agent | +| 4bd8c50e-7bad-4f3b-955d-67658a491a15 | Open vSwitch agent | network | :-) | True | neutron-openvswitch-agent | +| 756e5bba-b70f-4715-b80e-e37f59803d20 | L3 agent | network | :-) | True | neutron-l3-agent | +| 9c45473c-6d6d-4f94-8df1-ebd0b6838d5f | DHCP agent | network | :-) | True | neutron-dhcp-agent | | a5a49051-05eb-4b4f-bfc7-d36235fe9131 | Open vSwitch agent | compute1 | :-) | True | neutron-openvswitch-agent | +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ + + This output should indicate four agents alive on the + network node and one agent alive on the compute node. + diff --git a/doc/install-guide/section_neutron-controller-node.xml b/doc/install-guide/section_neutron-controller-node.xml index 878f7697a9..39934fb889 100644 --- a/doc/install-guide/section_neutron-controller-node.xml +++ b/doc/install-guide/section_neutron-controller-node.xml @@ -47,61 +47,66 @@ Create the neutron user: - $ keystone user-create --name neutron --pass NEUTRON_PASS -+----------+----------------------------------+ -| Property | Value | + $ openstack user create --password-prompt neutron +User Password: +Repeat User Password: +----------+----------------------------------+ -| email | | -| enabled | True | -| id | 7fd67878dcd04d0393469ef825a7e005 | -| name | neutron | -| username | neutron | +| Field | Value | ++----------+----------------------------------+ +| email | None | +| enabled | True | +| id | ab67f043d9304017aaa73d692eeb4945 | +| name | neutron | +| username | neutron | +----------+----------------------------------+ - Replace NEUTRON_PASS with a suitable - password. Add the admin role to the neutron user: - $ keystone user-role-add --user neutron --tenant service --role admin - - This command provides no output. - + $ openstack role add --project service --user neutron admin ++-------+----------------------------------+ +| Field | Value | ++-------+----------------------------------+ +| id | 1169d778631b4fd1aefd9d35314e1c56 | +| name | admin | ++-------+----------------------------------+ Create the neutron service entity: - $ keystone service-create --name neutron --type network \ - --description "OpenStack Networking" + $ openstack service create --type network \ + --description "OpenStack Networking" neutron +-------------+----------------------------------+ -| Property | Value | +| Field | Value | +-------------+----------------------------------+ -| description | OpenStack Networking | -| enabled | True | -| id | 6369ddaf99a447f3a0d41dac5e342161 | -| name | neutron | -| type | network | +| description | OpenStack Networking | +| enabled | True | +| id | f71529314dab4a4d8eca427e701d209e | +| name | neutron | +| type | network | +-------------+----------------------------------+ Create the Networking service API endpoints: - $ keystone endpoint-create \ - --service-id $(keystone service-list | awk '/ network / {print $2}') \ + $ openstack endpoint create \ --publicurl http://controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 \ - --region regionOne -+-------------+----------------------------------+ -| Property | Value | -+-------------+----------------------------------+ -| adminurl | http://controller:9696 | -| id | fa18b41938a94bf6b35e2c152063ee21 | -| internalurl | http://controller:9696 | -| publicurl | http://controller:9696 | -| region | regionOne | -| service_id | 6369ddaf99a447f3a0d41dac5e342161 | -+-------------+----------------------------------+ + --region regionOne + network ++--------------+----------------------------------+ +| Field | Value | ++--------------+----------------------------------+ +| adminurl | http://controller:9696 | +| id | 04a7d3c1de784099aaba83a8a74100b3 | +| internalurl | http://controller:9696 | +| publicurl | http://controller:9696 | +| region | regionOne | +| service_id | f71529314dab4a4d8eca427e701d209e | +| service_name | neutron | +| service_type | network | ++--------------+----------------------------------+ @@ -130,7 +135,7 @@ credentials, service endpoint registration, and - message broker + message queue credentials. @@ -156,8 +161,15 @@ To configure the Networking server component The Networking server component configuration includes the database, - authentication mechanism, message broker, topology change notifications, + authentication mechanism, message queue, topology change notifications, and plug-in. + + Default configuration files vary by distribution. You might need + to add these sections and options rather than modifying existing + sections and options. Also, an ellipsis (...) in the configuration + snippets indicates potential default configuration options that you + should retain. + Edit the /etc/neutron/neutron.conf file and complete the following actions: @@ -172,16 +184,21 @@ connection = mysql://neutron:NEUTRON_DBPASS@ - In the [DEFAULT] section, configure - RabbitMQ message broker access: + In the [DEFAULT] and + [oslo_messaging_rabbit] sections, configure + RabbitMQ message queue access: [DEFAULT] ... rpc_backend = rabbit + +[oslo_messaging_rabbit] +... rabbit_host = controller +rabbit_userid = openstack rabbit_password = RABBIT_PASS Replace RABBIT_PASS with the - password you chose for the guest account in - RabbitMQ. + password you chose for the openstack account + in RabbitMQ. In the [DEFAULT] and @@ -193,19 +210,20 @@ auth_strategy = keystone [keystone_authtoken] ... -auth_uri = http://controller:5000/v2.0 -identity_uri = http://controller:35357 -admin_tenant_name = service -admin_user = neutron -admin_password = NEUTRON_PASS +auth_uri = http://controller:5000 +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = neutron +password = NEUTRON_PASS Replace NEUTRON_PASS with the - password you chose or the neutron user in the + password you chose for the neutron user in the Identity service. - Comment out any auth_host, - auth_port, and - auth_protocol options because the - identity_uri option replaces them. + Comment out or remove any other options in the + [keystone_authtoken] section. @@ -219,37 +237,28 @@ service_plugins = router allow_overlapping_ips = True - In the [DEFAULT] section, configure + In the [DEFAULT] and + [nova] sections, configure Networking to notify Compute of network topology changes: [DEFAULT] ... notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 -nova_admin_auth_url = http://controller:35357/v2.0 -nova_region_name = regionOne -nova_admin_username = nova -nova_admin_tenant_id = SERVICE_TENANT_ID -nova_admin_password = NOVA_PASS - Replace SERVICE_TENANT_ID with the - service tenant identifier (id) in the Identity - service and NOVA_PASS with the password + +[nova] +... +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +region_name = regionOne +project_name = service +username = nova +password = NOVA_PASS + Replace NOVA_PASS with the password you chose for the nova user in the Identity service. - - To obtain the service tenant - identifier (id): - $ source admin-openrc.sh -$ keystone tenant-get service -+-------------+----------------------------------+ -| Property | Value | -+-------------+----------------------------------+ -| description | Service Tenant | -| enabled | True | -| id | f727b5ec2ceb4d71bad86dfc414449bf | -| name | service | -+-------------+----------------------------------+ - (Optional) To assist with troubleshooting, @@ -276,18 +285,20 @@ verbose = True In the [ml2] section, enable the - flat and - generic routing encapsulation (GRE) + flat, + VLAN, + generic routing encapsulation (GRE), and + virtual extensible LAN (VXLAN) network type drivers, GRE tenant networks, and the OVS mechanism driver: [ml2] ... -type_drivers = flat,gre +type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch - Once you configure the ML2 plug-in, be aware that disabling - a network type driver and re-enabling it later can lead to + Once you configure the ML2 plug-in, changing values in + the type_drivers option can lead to database inconsistency. @@ -378,8 +389,10 @@ admin_password = NEUTRON_PASS Populate the database: + # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron Database population occurs later for Networking because the script requires complete server and plug-in configuration @@ -397,9 +410,7 @@ admin_password = NEUTRON_PASS On openSUSE: # systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service - # service nova-api restart -# service nova-scheduler restart -# service nova-conductor restart + # service nova-api restart Start the Networking service and configure it to start when the diff --git a/doc/install-guide/section_neutron-initial-networks.xml b/doc/install-guide/section_neutron-initial-networks.xml index bc90606f60..cdd217c29c 100644 --- a/doc/install-guide/section_neutron-initial-networks.xml +++ b/doc/install-guide/section_neutron-initial-networks.xml @@ -6,7 +6,7 @@ xml:id="neutron-initial-networks"> Create initial networks Before launching your first instance, you must create the - necessary virtual network infrastructure to which the instance will + necessary virtual network infrastructure to which the instances connect, including the external network and @@ -51,7 +51,7 @@ Create the network: - $ neutron net-create ext-net --router:external True \ + $ neutron net-create ext-net --router:external \ --provider:physical_network external --provider:network_type flat Created a new network: +---------------------------+--------------------------------------+ @@ -158,8 +158,8 @@ Like the external network, your tenant network also requires a subnet attached to it. You can specify any valid subnet because the - architecture isolates tenant networks. By default, this subnet will - use DHCP so your instances can obtain IP addresses. + architecture isolates tenant networks. By default, this subnet uses + DHCP so your instances can obtain IP addresses. To create a subnet on the tenant network @@ -196,7 +196,7 @@ A virtual router passes network traffic between two or more virtual networks. Each router requires one or more interfaces and/or gateways - that provide access to specific networks. In this case, you will create + that provide access to specific networks. In this case, you create a router and attach your tenant and external networks to it. To create a router on the tenant network and attach the external @@ -249,7 +249,8 @@ <procedure> <title>To verify network connectivity - Ping the tenant router gateway: + From a host on the the external network, ping the tenant router + gateway: $ ping -c 4 203.0.113.101 PING 203.0.113.101 (203.0.113.101) 56(84) bytes of data. 64 bytes from 203.0.113.101: icmp_req=1 ttl=64 time=0.619 ms diff --git a/doc/install-guide/section_neutron-network-node.xml b/doc/install-guide/section_neutron-network-node.xml index 25b933bb05..9f56931b82 100644 --- a/doc/install-guide/section_neutron-network-node.xml +++ b/doc/install-guide/section_neutron-network-node.xml @@ -27,7 +27,7 @@ net.ipv4.conf.default.rp_filter=0 To install the Networking components # apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ - neutron-l3-agent neutron-dhcp-agent + neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent # yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch # zypper install --no-recommends openstack-neutron-openvswitch-agent openstack-neutron-l3-agent \ openstack-neutron-dhcp-agent openstack-neutron-metadata-agent ipset @@ -52,7 +52,7 @@ net.ipv4.conf.default.rp_filter=0 credentials, service endpoint registration, and - message broker + message queue credentials. @@ -78,7 +78,14 @@ net.ipv4.conf.default.rp_filter=0 To configure the Networking common components The Networking common component configuration includes the - authentication mechanism, message broker, and plug-in. + authentication mechanism, message queue, and plug-in. + + Default configuration files vary by distribution. You might need + to add these sections and options rather than modifying existing + sections and options. Also, an ellipsis (...) in the configuration + snippets indicates potential default configuration options that you + should retain. + Edit the /etc/neutron/neutron.conf file and complete the following actions: @@ -89,16 +96,21 @@ net.ipv4.conf.default.rp_filter=0 do not directly access the database. - In the [DEFAULT] section, configure - RabbitMQ message broker access: + In the [DEFAULT] and + [oslo_messaging_rabbit] sections, configure + RabbitMQ message queue access: [DEFAULT] ... rpc_backend = rabbit + +[oslo_messaging_rabbit] +... rabbit_host = controller +rabbit_userid = openstack rabbit_password = RABBIT_PASS Replace RABBIT_PASS with the - password you chose for the guest account in - RabbitMQ. + password you chose for the openstack account + in RabbitMQ. In the [DEFAULT] and @@ -110,19 +122,20 @@ auth_strategy = keystone [keystone_authtoken] ... -auth_uri = http://controller:5000/v2.0 -identity_uri = http://controller:35357 -admin_tenant_name = service -admin_user = neutron -admin_password = NEUTRON_PASS +auth_uri = http://controller:5000 +auth_url = http://controller:35357 +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = neutron +password = NEUTRON_PASS Replace NEUTRON_PASS with the password you chose or the neutron user in the Identity service. - Comment out any auth_host, - auth_port, and - auth_protocol options because the - identity_uri option replaces them. + Comment out or remove any other options in the + [keystone_authtoken] section. @@ -159,13 +172,15 @@ verbose = True In the [ml2] section, enable the - flat and - generic routing encapsulation (GRE) + flat, + VLAN, + generic routing encapsulation (GRE), and + virtual extensible LAN (VXLAN) network type drivers, GRE tenant networks, and the OVS mechanism driver: [ml2] ... -type_drivers = flat,gre +type_drivers = flat,vlan,gre,vxlan tenant_network_types = gre mechanism_drivers = openvswitch @@ -203,7 +218,6 @@ firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewal [ovs] ... local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS -enable_tunneling = True bridge_mappings = external:br-ex Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS @@ -238,8 +252,13 @@ tunnel_types = gre ... interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver use_namespaces = True -external_network_bridge = br-ex +external_network_bridge = router_delete_namespaces = True + + The external_network_bridge option + intentionally lacks a value to enable multiple external + networks on a single agent. + Due to an issue with old versions of the iproute2 utility, we recommend @@ -375,11 +394,15 @@ dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf access parameters: [DEFAULT] ... -auth_url = http://controller:5000/v2.0 +auth_uri = http://controller:5000 +auth_url = http://controller:35357 auth_region = regionOne -admin_tenant_name = service -admin_user = neutron -admin_password = NEUTRON_PASS +auth_plugin = password +project_domain_id = default +user_domain_id = default +project_name = service +username = neutron +password = NEUTRON_PASS Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.