Merge "Updates to advanced networking chapter"
This commit is contained in:
commit
99ba91d1d8
File diff suppressed because it is too large
Load Diff
450
doc/networking-guide/section_networking_adv_agent.xml
Normal file
450
doc/networking-guide/section_networking_adv_agent.xml
Normal file
@ -0,0 +1,450 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<section xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
|
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
|
||||||
|
xml:id="section_networking-advanced-agent">
|
||||||
|
<title>Advanced agent options</title>
|
||||||
|
<para>This section describes advanced configuration options for server plug-ins and agents.</para>
|
||||||
|
<section xml:id="section_neutron_server">
|
||||||
|
<title>OpenStack Networking server with plug-in</title>
|
||||||
|
<para>This web server runs the OpenStack Networking API Web Server. It loads
|
||||||
|
a plug-in and passes the API calls to the plug-in for processing. The
|
||||||
|
<systemitem class="service">neutron-server</systemitem> service receives one or more configuration files
|
||||||
|
as input. For example:</para>
|
||||||
|
<screen><userinput>neutron-server --config-file <replaceable>NEUTRON_CONFIG_FILE</replaceable> --config-file <replaceable>PLUGIN_CONFIG_FILE</replaceable></userinput></screen>
|
||||||
|
<para>The neutron configuration file contains the common neutron configuration options.</para>
|
||||||
|
<para>The plug-in configuration file contains the plug-in specific options.</para>
|
||||||
|
<para>The plug-in that runs on the service is loaded through the
|
||||||
|
<parameter>core_plugin</parameter> configuration option. In some cases, a plug-in
|
||||||
|
might have an agent that performs the actual networking.</para>
|
||||||
|
<para>Most plug-ins require an SQL database. After you install and start the database
|
||||||
|
server, set a password for the root account and delete the anonymous accounts:</para>
|
||||||
|
<screen><prompt>$</prompt> <userinput>> mysql -u root</userinput>
|
||||||
|
<prompt>mysql></prompt> <userinput>update mysql.user set password = password('iamroot') where user = 'root';</userinput>
|
||||||
|
<prompt>mysql></prompt> <userinput>delete from mysql.user where user = '';</userinput></screen>
|
||||||
|
<para>Create a database and user account specifically for plug-in:</para>
|
||||||
|
<screen><prompt>mysql></prompt> <userinput>create database <replaceable>DATABASE_NAME</replaceable></userinput>
|
||||||
|
<prompt>mysql></prompt> <userinput>create user '<replaceable>USER_NAME</replaceable>'@'localhost' identified by '<replaceable>USER_NAME</replaceable>';</userinput>
|
||||||
|
<prompt>mysql></prompt> <userinput>create user '<replaceable>USER_NAME</replaceable>'@'%' identified by '<replaceable>USER_NAME</replaceable>';</userinput>
|
||||||
|
<prompt>mysql></prompt> <userinput>grant all on <replaceable>DATABASE_NAME</replaceable>.* to '<replaceable>USER_NAME</replaceable>'@'%';</userinput></screen>
|
||||||
|
<para>After this step completes, you can update the settings in the relevant plug-in
|
||||||
|
configuration files. Find the plug-in specific configuration files at
|
||||||
|
<filename>$NEUTRON_CONF_DIR/plugins</filename>.</para>
|
||||||
|
<para>Some plug-ins have an L2 agent that performs the actual networking. That is, the agent
|
||||||
|
attaches the virtual machine NIC to the OpenStack Networking network. Each node should
|
||||||
|
run an L2 agent. Note that the agent receives the following input parameters:</para>
|
||||||
|
<screen><userinput>neutron-plugin-agent --config-file <replaceable>NEUTRON_CONFIG_FILE</replaceable> --config-file <replaceable>PLUGIN_CONFIG_FILE</replaceable></userinput></screen>
|
||||||
|
<para>You must complete these tasks before you can work with the plug-in:</para>
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Ensure that the core plug-in is updated.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>Ensure that the database connection is correctly set.</para>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
<para>The following table shows sample values for the configuration options. Some Linux
|
||||||
|
packages might provide installation utilities that configure these values.</para>
|
||||||
|
<table rules="all">
|
||||||
|
<caption>Settings</caption>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Option</th>
|
||||||
|
<th>Value</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Open vSwitch</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>core_plugin ($NEUTRON_CONF_DIR/neutron.conf)</td>
|
||||||
|
<td>openvswitch</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>connection (in the plugin configuration file, section
|
||||||
|
<code>[database]</code>)</td>
|
||||||
|
<td>mysql://<replaceable>USERNAME</replaceable>:<replaceable>PASSWORD</replaceable>@localhost/ovs_neutron?charset=utf8</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Plug-in Configuration File</td>
|
||||||
|
<td>$NEUTRON_CONF_DIR/plugins/openvswitch/ovs_neutron_plugin.ini</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Agent</td>
|
||||||
|
<td>neutron-openvswitch-agent</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Linux Bridge</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>core_plugin ($NEUTRON_CONF_DIR/neutron.conf)</td>
|
||||||
|
<td>linuxbridge</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>connection (in the plug-in configuration file, section
|
||||||
|
<code>[database]</code>)</td>
|
||||||
|
<td>mysql://<replaceable>USERNAME</replaceable>:<replaceable>PASSWORD</replaceable>@localhost/neutron_linux_bridge?charset=utf8</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Plug-in Configuration File</td>
|
||||||
|
<td>$NEUTRON_CONF_DIR/plugins/linuxbridge/linuxbridge_conf.ini</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>Agent</td>
|
||||||
|
<td>neutron-linuxbridge-agent</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_adv_cfg_dhcp_agent">
|
||||||
|
<title>DHCP agent</title>
|
||||||
|
<para>You can run a DHCP server that allocates IP addresses to virtual machines that run on
|
||||||
|
the network. When a subnet is created, by default, the subnet has DHCP enabled.</para>
|
||||||
|
<para>The node that runs the DHCP agent should run:</para>
|
||||||
|
<screen><userinput>neutron-dhcp-agent --config-file <replaceable>NEUTRON_CONFIG_FILE</replaceable> --config-file <replaceable>DHCP_CONFIG_FILE</replaceable></userinput></screen>
|
||||||
|
<para>Currently the DHCP agent uses <systemitem class="service">dnsmasq</systemitem> to perform that static
|
||||||
|
address assignment.</para>
|
||||||
|
<para>You must configure a driver that matches the plug-in that runs on the service.</para>
|
||||||
|
<table rules="all">
|
||||||
|
<caption>Settings</caption>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Option</th>
|
||||||
|
<th>Value</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Open vSwitch</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>interface_driver ($NEUTRON_CONF_DIR/dhcp_agent.ini)</td>
|
||||||
|
<td>neutron.agent.linux.interface.OVSInterfaceDriver</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Linux Bridge</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>interface_driver ($NEUTRON_CONF_DIR/dhcp_agent.ini)</td>
|
||||||
|
<td>neutron.agent.linux.interface.BridgeInterfaceDriver</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<section xml:id="adv_cfg_dhcp_agent_namespace">
|
||||||
|
<title>Namespace</title>
|
||||||
|
<para>By default, the DHCP agent uses Linux network namespaces to support overlapping IP
|
||||||
|
addresses. For information about network namespaces support, see the <link
|
||||||
|
linkend="section_limitations">Limitations</link> section.</para>
|
||||||
|
<para>If the Linux installation does not support network namespaces, you must disable
|
||||||
|
network namespaces in the DHCP agent configuration file. The default value of
|
||||||
|
<option>use_namespaces</option> is <literal>True</literal>.</para>
|
||||||
|
<programlisting language="ini">use_namespaces = False</programlisting>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_adv_cfg_l3_agent">
|
||||||
|
<title>L3 agent</title>
|
||||||
|
<para>You can run an L3 agent that enables layer 3 forwarding and floating IP support.</para>
|
||||||
|
<para>The node that runs the L3 agent should run:</para>
|
||||||
|
<screen><userinput>neutron-l3-agent --config-file <replaceable>NEUTRON_CONFIG_FILE</replaceable> --config-file <replaceable>L3_CONFIG_FILE</replaceable></userinput></screen>
|
||||||
|
<para>You must configure a driver that matches the plug-in that runs on the service. This
|
||||||
|
driver creates the routing interface.</para>
|
||||||
|
<table rules="all">
|
||||||
|
<caption>Settings</caption>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Option</th>
|
||||||
|
<th>Value</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Open vSwitch</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>interface_driver ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
|
||||||
|
<td>neutron.agent.linux.interface.OVSInterfaceDriver</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>external_network_bridge ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
|
||||||
|
<td>br-ex</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Linux Bridge</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>interface_driver ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
|
||||||
|
<td>neutron.agent.linux.interface.BridgeInterfaceDriver</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>external_network_bridge ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
|
||||||
|
<td>This field must be empty (or the bridge name for the external network).</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<para>The L3 agent communicates with the OpenStack Networking server through the OpenStack
|
||||||
|
Networking API, so the following configuration is required:</para>
|
||||||
|
<orderedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>OpenStack Identity authentication:</para>
|
||||||
|
<programlisting language="ini">auth_url="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"</programlisting>
|
||||||
|
<para>For example:</para>
|
||||||
|
<programlisting language="ini">http://10.56.51.210:5000/v2.0</programlisting>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>Administrative user details:</para>
|
||||||
|
<programlisting language="ini">admin_tenant_name $SERVICE_TENANT_NAME
|
||||||
|
admin_user $Q_ADMIN_USERNAME
|
||||||
|
admin_password $SERVICE_PASSWORD</programlisting>
|
||||||
|
</listitem>
|
||||||
|
</orderedlist>
|
||||||
|
<section xml:id="adv_cfg_l3_agent_namespace">
|
||||||
|
<title>Namespace</title>
|
||||||
|
<para>By default, the L3 agent uses Linux network namespaces to support overlapping IP
|
||||||
|
addresses.</para>
|
||||||
|
<para>For information about network namespaces support, see the <link
|
||||||
|
linkend="section_limitations">Limitation</link> section.</para>
|
||||||
|
<para>If the Linux installation does not support network namespaces, you must disable
|
||||||
|
network namespaces in the L3 agent configuration file. The default value of
|
||||||
|
<option>use_namespaces</option> is <literal>True</literal>.</para>
|
||||||
|
<programlisting language="ini">use_namespaces = False</programlisting>
|
||||||
|
<para>When you set <option>use_namespaces</option> to <literal>False</literal>, only one
|
||||||
|
router ID is supported per node.</para>
|
||||||
|
<para>Use the <option>router_id</option> configuration option to configure the
|
||||||
|
router:</para>
|
||||||
|
<programlisting language="ini"># If use_namespaces is set to False then the agent can only configure one router.
|
||||||
|
# This is done by setting the specific router_id.
|
||||||
|
router_id = 1064ad16-36b7-4c2f-86f0-daa2bcbd6b2a</programlisting>
|
||||||
|
<para>To configure it, you must run the OpenStack Networking service, create a router,
|
||||||
|
and set the router ID value to the <option>router_id</option> value in the L3 agent
|
||||||
|
configuration file.</para>
|
||||||
|
<screen><prompt>$</prompt> <userinput>neutron router-create myrouter1</userinput>
|
||||||
|
<computeroutput>Created a new router:
|
||||||
|
+-----------------------+--------------------------------------+
|
||||||
|
| Field | Value |
|
||||||
|
+-----------------------+--------------------------------------+
|
||||||
|
| admin_state_up | True |
|
||||||
|
| external_gateway_info | |
|
||||||
|
| id | 338d42d7-b22e-42c5-9df6-f3674768fe75 |
|
||||||
|
| name | myrouter1 |
|
||||||
|
| status | ACTIVE |
|
||||||
|
| tenant_id | 0c236f65baa04e6f9b4236b996555d56 |
|
||||||
|
+-----------------------+--------------------------------------+</computeroutput></screen>
|
||||||
|
</section>
|
||||||
|
<section xml:id="adv_cfg_l3_agent_multi_extnet">
|
||||||
|
<title>Multiple external networks</title>
|
||||||
|
<para>Use one of these methods to support multiple external networks:</para>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Assign multiple subnets to an external network.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>Use multiple floating IP pools.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
<para>The following sections describe these options.</para>
|
||||||
|
<section xml:id="adv_cfg_l3_agent_multi_subnet">
|
||||||
|
<title>Assign multiple subnets to an external network</title>
|
||||||
|
<para>This approach leverages the addition of on-link routes, which enables a router
|
||||||
|
to host floating IPs from any subnet on an external network regardless of which
|
||||||
|
subnet the primary router IP address comes from. This method does not require
|
||||||
|
the creation of multiple external networks.</para>
|
||||||
|
<para>To add a subnet to the external network, use the following command
|
||||||
|
template:</para>
|
||||||
|
<screen><prompt>$</prompt> <userinput>neutron subnet-create <replaceable>EXT_NETWORK_NAME</replaceable> <replaceable>CIDR</replaceable></userinput></screen>
|
||||||
|
<para>For example:</para>
|
||||||
|
<screen><prompt>$</prompt> <userinput>neutron subnet-create my-ext_network 10.0.0.0/29</userinput> </screen>
|
||||||
|
</section>
|
||||||
|
<section xml:id="adv_cfg_l3_agent_multi_floatip">
|
||||||
|
<title>Multiple floating IP pools</title>
|
||||||
|
<para>The L3 API in OpenStack Networking supports multiple floating IP pools. In
|
||||||
|
OpenStack Networking, a floating IP pool is represented as an external network
|
||||||
|
and a floating IP is allocated from a subnet associated with the external
|
||||||
|
network. Because you can associate each L3 agent with, at most, one external
|
||||||
|
network, you must invoke multiple L3 agents to define multiple floating IP
|
||||||
|
pools. Use the <option>gateway_external_network_id</option> option in the L3
|
||||||
|
agent configuration file to define the external network that the L3 agent
|
||||||
|
handles. You can run multiple L3 agent instances on one host.</para>
|
||||||
|
<para>In addition, when you run multiple L3 agents, set the
|
||||||
|
<option>handle_internal_only_routers</option> option to
|
||||||
|
<literal>True</literal> for only one L3 agent in an OpenStack Networking
|
||||||
|
deployment and set this option to <literal>False</literal> for all other L3
|
||||||
|
agents. Because the default value of this parameter is <literal>True</literal>,
|
||||||
|
you must configure it carefully.</para>
|
||||||
|
<para>Before starting L3 agents, you must create routers and external networks,
|
||||||
|
update the configuration files with UUID of external networks, and start L3
|
||||||
|
agents.</para>
|
||||||
|
<para>For the first agent, invoke it with the following
|
||||||
|
<filename>l3_agent.ini</filename>, where the
|
||||||
|
<option>handle_internal_only_routers</option> option is set to
|
||||||
|
<literal>True</literal>.</para>
|
||||||
|
<programlisting language="ini">handle_internal_only_routers = True
|
||||||
|
gateway_external_network_id = 2118b11c-011e-4fa5-a6f1-2ca34d372c35
|
||||||
|
external_network_bridge = br-ex</programlisting>
|
||||||
|
<screen><prompt>$</prompt> <userinput>python /opt/stack/neutron/bin/neutron-l3-agent
|
||||||
|
--config-file /etc/neutron/neutron.conf
|
||||||
|
--config-file=/etc/neutron/l3_agent.ini</userinput></screen>
|
||||||
|
<para>For the second (or later) agent, invoke it with the following
|
||||||
|
<filename>l3_agent.ini</filename> where the
|
||||||
|
<option>handle_internal_only_routers</option> option is set to
|
||||||
|
<literal>False</literal>.</para>
|
||||||
|
<programlisting language="ini">handle_internal_only_routers = False
|
||||||
|
gateway_external_network_id = e828e54c-850a-4e74-80a8-8b79c6a285d8
|
||||||
|
external_network_bridge = br-ex-2</programlisting>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_adv_cfg_l3_metering_agent">
|
||||||
|
<title>L3 metering agent</title>
|
||||||
|
<para>You can run an L3 metering agent that enables layer 3 traffic metering. In general,
|
||||||
|
you should launch the metering agent on all nodes that run the L3 agent:</para>
|
||||||
|
<screen><userinput>neutron-metering-agent --config-file <replaceable>NEUTRON_CONFIG_FILE</replaceable> --config-file <replaceable>L3_METERING_CONFIG_FILE</replaceable></userinput></screen>
|
||||||
|
<para>You must configure a driver that matches the plug-in that runs on the service. The
|
||||||
|
driver adds metering to the routing interface.</para>
|
||||||
|
<table rules="all">
|
||||||
|
<caption>Settings</caption>
|
||||||
|
<thead>
|
||||||
|
<tr>
|
||||||
|
<th>Option</th>
|
||||||
|
<th>Value</th>
|
||||||
|
</tr>
|
||||||
|
</thead>
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Open vSwitch</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>interface_driver ($NEUTRON_CONF_DIR/metering_agent.ini)</td>
|
||||||
|
<td>neutron.agent.linux.interface.OVSInterfaceDriver</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td><emphasis role="bold">Linux Bridge</emphasis></td>
|
||||||
|
<td/>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td>interface_driver ($NEUTRON_CONF_DIR/metering_agent.ini)</td>
|
||||||
|
<td>neutron.agent.linux.interface.BridgeInterfaceDriver</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
<section xml:id="adv_cfg_l3_metering_agent_namespace">
|
||||||
|
<title>Namespace</title>
|
||||||
|
<para>The metering agent and the L3 agent must have the same network namespaces
|
||||||
|
configuration.</para>
|
||||||
|
<note>
|
||||||
|
<para>If the Linux installation does not support network namespaces, you must
|
||||||
|
disable network namespaces in the L3 metering configuration file. The default
|
||||||
|
value of the <option>use_namespaces</option> option is <code>True</code>.</para>
|
||||||
|
</note>
|
||||||
|
<para><programlisting language="ini">use_namespaces = False</programlisting></para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="adv_cfg_l3_metering_agent_driver">
|
||||||
|
<title>L3 metering driver</title>
|
||||||
|
<para>You must configure any driver that implements the metering abstraction. Currently
|
||||||
|
the only available implementation uses iptables for metering.</para>
|
||||||
|
<para><programlisting language="ini">driver = neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver</programlisting></para>
|
||||||
|
</section>
|
||||||
|
<section xml:id="adv_cfg_l3_metering_service_driver">
|
||||||
|
<title>L3 metering service driver</title>
|
||||||
|
<para>To enable L3 metering, you must set the following option in the
|
||||||
|
<filename>neutron.conf</filename> file on the host that runs <systemitem
|
||||||
|
class="service">neutron-server</systemitem>:</para>
|
||||||
|
<programlisting language="ini">service_plugins = metering</programlisting>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_limitations">
|
||||||
|
<title>Limitations</title>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis>No equivalent for nova-network <option>--multi_host</option>
|
||||||
|
option</emphasis>. Nova-network has a model where the L3, NAT, and DHCP
|
||||||
|
processing happen on the compute node itself, rather than a dedicated networking
|
||||||
|
node. OpenStack Networking now support running multiple l3-agent and dhcp-agents
|
||||||
|
with load being split across those agents, but the tight coupling of that
|
||||||
|
scheduling with the location of the VM is not supported in Icehouse. The Juno
|
||||||
|
release is expected to include an exact replacement for the
|
||||||
|
<option>--multi_host</option> option in nova-network.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis>Linux network namespace required on nodes running <systemitem
|
||||||
|
class="
|
||||||
|
service">neutron-l3-agent</systemitem>
|
||||||
|
or <systemitem class="
|
||||||
|
service"
|
||||||
|
>neutron-dhcp-agent</systemitem> if overlapping IPs are in
|
||||||
|
use</emphasis>. To support overlapping IP addresses, the OpenStack
|
||||||
|
Networking DHCP and L3 agents use Linux network namespaces by default. The hosts
|
||||||
|
running these processes must support network namespaces. To support network
|
||||||
|
namespaces, the following are required:</para>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Linux kernel 2.6.24 or later (with <literal>CONFIG_NET_NS=y</literal>
|
||||||
|
in kernel configuration)</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>iproute2 utilities ('ip' command) version 3.1.0 (aka 20111117) or
|
||||||
|
later</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
<para>To check whether your host supports namespaces, run these commands as
|
||||||
|
root:</para>
|
||||||
|
<screen><prompt>#</prompt> <userinput>ip netns add test-ns</userinput>
|
||||||
|
<prompt>#</prompt> <userinput>ip netns exec test-ns ifconfig</userinput></screen>
|
||||||
|
<para>If these commands succeed, your platform is likely sufficient to use the
|
||||||
|
dhcp-agent or l3-agent with namespaces. In our experience, Ubuntu 12.04 or later
|
||||||
|
support namespaces as does Fedora 17 and later, but some earlier RHEL platforms
|
||||||
|
do not by default. It might be possible to upgrade the <systemitem
|
||||||
|
class="service">iproute2</systemitem> package on a platform that does not
|
||||||
|
support namespaces by default.</para>
|
||||||
|
<para>If you must disable namespaces, make sure that the
|
||||||
|
<filename>neutron.conf</filename> file that is used by <systemitem class="service">neutron-server</systemitem> has the following
|
||||||
|
setting:</para>
|
||||||
|
<programlisting>allow_overlapping_ips=False</programlisting>
|
||||||
|
<para>Also, ensure that the <filename>dhcp_agent.ini</filename> and
|
||||||
|
<filename>l3_agent.ini</filename> files have the following setting:</para>
|
||||||
|
<programlisting>use_namespaces=False</programlisting>
|
||||||
|
<note>
|
||||||
|
<para>If the host does not support namespaces, the <systemitem class="service"
|
||||||
|
>neutron-l3-agent</systemitem> and <systemitem class="service"
|
||||||
|
>neutron-dhcp-agent</systemitem> should run on different hosts because
|
||||||
|
there is no isolation between the IP addresses created by the L3 agent and
|
||||||
|
by the DHCP agent. By manipulating the routing, the user can ensure that
|
||||||
|
these networks have access to one another.</para>
|
||||||
|
</note>
|
||||||
|
<para>If you run both L3 and DHCP services on the same node, you should enable
|
||||||
|
namespaces to avoid conflicts with routes:</para>
|
||||||
|
<programlisting>use_namespaces=True</programlisting>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis>No IPv6 support for L3 agent</emphasis>. The <systemitem
|
||||||
|
class="
|
||||||
|
service">neutron-l3-agent</systemitem>, used by
|
||||||
|
many plug-ins to implement L3 forwarding, supports only IPv4 forwarding.
|
||||||
|
Currently, there are no errors provided if you configure IPv6 addresses via the
|
||||||
|
API.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis>ZeroMQ support is experimental</emphasis>. Some agents, including
|
||||||
|
<systemitem class="service">neutron-dhcp-agent</systemitem>, <systemitem
|
||||||
|
class="service">neutron-openvswitch-agent</systemitem>, and <systemitem
|
||||||
|
class="service">neutron-linuxbridge-agent</systemitem> use RPC to
|
||||||
|
communicate. ZeroMQ is an available option in the configuration file, but has
|
||||||
|
not been tested and should be considered experimental. In particular, issues
|
||||||
|
might occur with ZeroMQ and the dhcp agent.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para><emphasis>MetaPlugin is experimental</emphasis>. This release includes a
|
||||||
|
MetaPlugin that is intended to support multiple plug-ins at the same time for
|
||||||
|
different API requests, based on the content of those API requests. The core
|
||||||
|
team has not thoroughly reviewed or tested this functionality. Consider this
|
||||||
|
functionality to be experimental until further validation is performed.</para>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
</section>
|
1758
doc/networking-guide/section_networking_adv_features.xml
Normal file
1758
doc/networking-guide/section_networking_adv_features.xml
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,162 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<section xmlns="http://docbook.org/ns/docbook"
|
||||||
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||||||
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||||||
|
version="5.0"
|
||||||
|
xml:id="section_networking-adv-operational_features">
|
||||||
|
<title>Advanced operational features</title>
|
||||||
|
<section xml:id="section_adv_logging">
|
||||||
|
<title>Logging settings</title>
|
||||||
|
<para>Networking components use Python logging module to do
|
||||||
|
logging. Logging configuration can be provided in
|
||||||
|
<filename>neutron.conf</filename> or as command-line
|
||||||
|
options. Command options override ones in
|
||||||
|
<filename>neutron.conf</filename>.</para>
|
||||||
|
<para>To configure logging for Networking components, use one
|
||||||
|
of these methods:</para>
|
||||||
|
<itemizedlist>
|
||||||
|
<listitem>
|
||||||
|
<para>Provide logging settings in a logging
|
||||||
|
configuration file.</para>
|
||||||
|
<para>See <link xlink:href="http://docs.python.org/howto/logging.html">Python
|
||||||
|
logging how-to</link> to learn more about logging.</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>Provide logging setting in
|
||||||
|
<filename>neutron.conf</filename></para>
|
||||||
|
<programlisting language="ini">[DEFAULT]
|
||||||
|
# Default log level is WARNING
|
||||||
|
# Show debugging output in logs (sets DEBUG log level output)
|
||||||
|
# debug = False
|
||||||
|
|
||||||
|
# Show more verbose log output (sets INFO log level output) if debug is False
|
||||||
|
# verbose = False
|
||||||
|
|
||||||
|
# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s
|
||||||
|
# log_date_format = %Y-%m-%d %H:%M:%S
|
||||||
|
|
||||||
|
# use_syslog = False
|
||||||
|
# syslog_log_facility = LOG_USER
|
||||||
|
|
||||||
|
# if use_syslog is False, we can set log_file and log_dir.
|
||||||
|
# if use_syslog is False and we do not set log_file,
|
||||||
|
# the log will be printed to stdout.
|
||||||
|
# log_file =
|
||||||
|
# log_dir =</programlisting>
|
||||||
|
</listitem>
|
||||||
|
</itemizedlist>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_adv_notification">
|
||||||
|
<title>Notifications</title>
|
||||||
|
<para>Notifications can be sent when Networking resources such
|
||||||
|
as network, subnet and port are created, updated or
|
||||||
|
deleted.</para>
|
||||||
|
<section xml:id="section_adv_notification_overview">
|
||||||
|
<title>Notification options</title>
|
||||||
|
<para>To support DHCP agent, rpc_notifier driver must be
|
||||||
|
set. To set up the notification, edit notification
|
||||||
|
options in <filename>neutron.conf</filename>:</para>
|
||||||
|
<programlisting language="ini"># ============ Notification System Options =====================
|
||||||
|
|
||||||
|
# Notifications can be sent when network/subnet/port are create, updated or deleted.
|
||||||
|
# There are three methods of sending notifications: logging (via the
|
||||||
|
# log_file directive), rpc (via a message queue) and
|
||||||
|
# noop (no notifications sent, the default)
|
||||||
|
|
||||||
|
# Notification_driver can be defined multiple times
|
||||||
|
# Do nothing driver
|
||||||
|
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
|
||||||
|
# Logging driver
|
||||||
|
# notification_driver = neutron.openstack.common.notifier.log_notifier
|
||||||
|
# RPC driver
|
||||||
|
notification_driver = neutron.openstack.common.notifier.rpc_notifier
|
||||||
|
|
||||||
|
# default_notification_level is used to form actual topic names or to set logging level
|
||||||
|
# default_notification_level = INFO
|
||||||
|
|
||||||
|
# default_publisher_id is a part of the notification payload
|
||||||
|
# host = myhost.com
|
||||||
|
# default_publisher_id = $host
|
||||||
|
|
||||||
|
# Defined in rpc_notifier for rpc way, can be comma-separated values.
|
||||||
|
# The actual topic names will be %s.%(default_notification_level)s
|
||||||
|
notification_topics = notifications</programlisting>
|
||||||
|
</section>
|
||||||
|
<section xml:id="section_adv_notification_cases">
|
||||||
|
<title>Setting cases</title>
|
||||||
|
<section xml:id="section_adv_notification_cases_log_rpc">
|
||||||
|
<title>Logging and RPC</title>
|
||||||
|
<para>These options configure the Networking
|
||||||
|
server to send notifications through logging and
|
||||||
|
RPC. The logging options are described in
|
||||||
|
<citetitle
|
||||||
|
>OpenStack Configuration Reference</citetitle>
|
||||||
|
. RPC notifications go to 'notifications.info'
|
||||||
|
queue bound to a topic exchange defined by
|
||||||
|
'control_exchange' in
|
||||||
|
<filename>neutron.conf</filename>.</para>
|
||||||
|
<programlisting language="ini"># ============ Notification System Options =====================
|
||||||
|
|
||||||
|
# Notifications can be sent when network/subnet/port are create, updated or deleted.
|
||||||
|
# There are three methods of sending notifications: logging (via the
|
||||||
|
# log_file directive), rpc (via a message queue) and
|
||||||
|
# noop (no notifications sent, the default)
|
||||||
|
|
||||||
|
# Notification_driver can be defined multiple times
|
||||||
|
# Do nothing driver
|
||||||
|
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
|
||||||
|
# Logging driver
|
||||||
|
notification_driver = neutron.openstack.common.notifier.log_notifier
|
||||||
|
# RPC driver
|
||||||
|
notification_driver = neutron.openstack.common.notifier.rpc_notifier
|
||||||
|
|
||||||
|
# default_notification_level is used to form actual topic names or to set logging level
|
||||||
|
default_notification_level = INFO
|
||||||
|
|
||||||
|
# default_publisher_id is a part of the notification payload
|
||||||
|
# host = myhost.com
|
||||||
|
# default_publisher_id = $host
|
||||||
|
|
||||||
|
# Defined in rpc_notifier for rpc way, can be comma-separated values.
|
||||||
|
# The actual topic names will be %s.%(default_notification_level)s
|
||||||
|
notification_topics = notifications</programlisting>
|
||||||
|
</section>
|
||||||
|
<section
|
||||||
|
xml:id="ch_adv_notification_cases_multi_rpc_topics">
|
||||||
|
<title>Multiple RPC topics</title>
|
||||||
|
<para>These options configure the Networking
|
||||||
|
server to send notifications to multiple RPC
|
||||||
|
topics. RPC notifications go to
|
||||||
|
'notifications_one.info' and
|
||||||
|
'notifications_two.info' queues bound to a topic
|
||||||
|
exchange defined by 'control_exchange' in
|
||||||
|
<filename>neutron.conf</filename>.</para>
|
||||||
|
<programlisting language="ini"># ============ Notification System Options =====================
|
||||||
|
|
||||||
|
# Notifications can be sent when network/subnet/port are create, updated or deleted.
|
||||||
|
# There are three methods of sending notifications: logging (via the
|
||||||
|
# log_file directive), rpc (via a message queue) and
|
||||||
|
# noop (no notifications sent, the default)
|
||||||
|
|
||||||
|
# Notification_driver can be defined multiple times
|
||||||
|
# Do nothing driver
|
||||||
|
# notification_driver = neutron.openstack.common.notifier.no_op_notifier
|
||||||
|
# Logging driver
|
||||||
|
# notification_driver = neutron.openstack.common.notifier.log_notifier
|
||||||
|
# RPC driver
|
||||||
|
notification_driver = neutron.openstack.common.notifier.rabbit_notifier
|
||||||
|
|
||||||
|
# default_notification_level is used to form actual topic names or to set logging level
|
||||||
|
default_notification_level = INFO
|
||||||
|
|
||||||
|
# default_publisher_id is a part of the notification payload
|
||||||
|
# host = myhost.com
|
||||||
|
# default_publisher_id = $host
|
||||||
|
|
||||||
|
# Defined in rpc_notifier for rpc way, can be comma-separated values.
|
||||||
|
# The actual topic names will be %s.%(default_notification_level)s
|
||||||
|
notification_topics = notifications_one,notifications_two</programlisting>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
</section>
|
||||||
|
</section>
|
Loading…
x
Reference in New Issue
Block a user