diff --git a/doc/install-guide/section_neutron-install.xml b/doc/install-guide/section_neutron-install.xml index 5254f99d8c..1c21a5e226 100644 --- a/doc/install-guide/section_neutron-install.xml +++ b/doc/install-guide/section_neutron-install.xml @@ -303,8 +303,10 @@ admin_password = NEUTRON_PASS Configure access to the RabbitMQ service: - # openstack-config --set /etc/neutron/neutron.conf \ - DEFAULT rabbit_host controller + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_kombu +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_host controller # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_userid guest # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ @@ -320,7 +322,7 @@ rabbit_userid = guest rabbit_password = RABBIT_PASS - Configure access to the Qpid message queue. + Configure access to the Qpid message queue: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ @@ -829,33 +831,53 @@ net.ipv4.conf.default.rp_filter=0 that you chose when you set up your network node, see . - - Configure the core components of Neutron. Edit the - /etc/neutron/neutron.conf - file: - auth_host = controller -admin_tenant_name = service -admin_user = neutron -admin_password = NEUTRON_PASS -auth_url = http://controller:35357/v2.0 -auth_strategy = keystone -rpc_backend = neutron.openstack.common.rpc.impl_qpid -qpid_hostname = controller + + Configure Networking to use keystone for authentication: + + + Set the auth_strategy + configuration key to keystone in the + DEFAULT section of the file: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone + + + Set the neutron configuration for + keystone authentication: + # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_host controller +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_url http://controller:35357/v2.0 +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_tenant_name service +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_user neutron +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_password NEUTRON_PASS + - Configure the core components of Neutron. Edit the - /etc/neutron/neutron.conf - file: - auth_host = controller -admin_tenant_name = service -admin_user = neutron -admin_password = NEUTRON_PASS -auth_url = http://controller:35357/v2.0 -auth_strategy = keystone -rpc_backend = neutron.openstack.common.rpc.impl_kombu -rabbit_host = controller -rabbit_port = 5672 -rabbit_password = RABBIT_PASS + Configure access to the RabbitMQ service: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_kombu +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_host controller +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_userid guest +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_password RABBIT_PASS + + + Configure access to the Qpid message queue: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_qpid +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_hostname controller +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_port 5672 +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_username guest +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_password guest Configure the core components of Neutron. Edit the @@ -875,22 +897,24 @@ rabbit_port = 5672 rabbit_password = RABBIT_PASS - Edit the [agent] section in the - /etc/neutron/neutron.conf file and modify - the root_helper key: - [agent] -... -root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf - + Set the root_helper configuration in the + [agent] section of /etc/neutron/neutron.conf: + # openstack-config --set /etc/neutron/neutron.conf AGENT \ + root_helper sudo neutron-rootwrap /etc/neutron/rootwrap.conf - - Edit the database URL under the - [database] section in the above file, - to tell Neutron how to connect to the database: + + Configure Networking to connect to the database: + # openstack-config --set /etc/neutron/neutron.conf DATABASE sql_connection \ + mysql://neutron:NEUTRON_DBPASS@controller/neutron + + + Configure Networking to connect to the database. Edit + the [database] section in the same file, + as follows: [database] connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron - + Edit the /etc/neutron/api-paste.ini file and add these lines to the [filter:authtoken] section: @@ -900,12 +924,49 @@ auth_host = controller admin_tenant_name = service admin_user = neutron admin_password = NEUTRON_PASS + + + Configure the /etc/neutron/api-paste.ini file for keystone + authentication: + # openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + paste.filter_factory keystoneclient.middleware.auth_token:filter_factory +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + auth_host controller +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + admin_tenant_name service +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + admin_user neutron +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + admin_password NEUTRON_PASS - Configure OpenStack Compute to use OpenStack Networking + Configure OpenStack Compute to use OpenStack Networking + services. Configure the /etc/nova/nova.conf + file as per instructions below: + # openstack-config --set /etc/nova/nova.conf DEFAULT \ + network_api_class nova.network.neutronv2.api.API +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_url http://controller:9696 +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_auth_strategy keystone +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_tenant_name service +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_username neutron +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_password NEUTRON_PASS +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_auth_url http://controller:35357/v2.0 +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + firewall_driver nova.virt.firewall.NoopFirewallDriver +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + security_group_api neutron + Configure OpenStack Compute to use OpenStack Networking services. Edit the /etc/nova/nova.conf file: - network_api_class=nova.network.neutronv2.api.API + network_api_class=nova.network.neutronv2.api.API neutron_url=http://controller:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service @@ -935,9 +996,12 @@ security_group_api=neutron the firewall for the plug-in. For example, with OVS, edit the file as follows: - [securitygroup] + [securitygroup] # Firewall driver for realizing neutron security group function. firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + # openstack-config --set \ + /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini security_group \ + neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver If you do not want to use a firewall in Compute or @@ -1146,7 +1210,12 @@ bridge_mappings = physnet1:br-DATA_INTERFACE# yum install openstack-neutron python-neutron python-neutronclient # zypper install openstack-neutron python-neutron python-neutronclient - + + Configure Networking to connect to the database: + # openstack-config --set /etc/neutron/neutron.conf DATABASE sql_connection \ + mysql://neutron:NEUTRON_DBPASS@controller/neutron + + Configure Networking to use your MySQL database. Edit the /etc/neutron/neutron.conf file and add the following key under the [database] section. Replace @@ -1156,8 +1225,32 @@ bridge_mappings = physnet1:br-DATA_INTERFACENEUTRON_DBPASS@controller/neutron - - Configure Networking to use Keystone as the Identity Service + + Configure Networking to use keystone for authentication: + + + Set the auth_strategy + configuration key to keystone in the + DEFAULT section of the file: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone + + + Set the neutron configuration for + keystone authentication: + # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_host controller +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + auth_url http://controller:35357/v2.0 +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_tenant_name service +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_user neutron +# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ + admin_password NEUTRON_PASS + + + + Configure Networking to use keystone as the Identity Service for authentication. @@ -1199,32 +1292,63 @@ admin_password = NEUTRON_PASS - + + Configure the /etc/neutron/api-paste.ini file for keystone + authentication: + # openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + paste.filter_factory keystoneclient.middleware.auth_token:filter_factory +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + auth_host controller +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + admin_tenant_name service +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + admin_user neutron +# openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \ + admin_password NEUTRON_PASS + + + Configure access to the RabbitMQ service: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_kombu +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_host controller +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_userid guest +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rabbit_password RABBIT_PASS + + + Configure access to the Qpid message queue: + # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + rpc_backend neutron.openstack.common.rpc.impl_qpid +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_hostname controller +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_port 5672 +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_username guest +# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ + qpid_password guest + + Configure Networking to use your message broker. Edit the /etc/neutron/neutron.conf file and add the following keys under the [DEFAULT] section. - Replace + Replace RABBIT_PASS with the password you chose for RabbitMQ. - [DEFAULT] -... -rpc_backend = neutron.openstack.common.rpc.impl_qpid -qpid_hostname = controller - [DEFAULT] + [DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = controller rabbit_password = RABBIT_PASS - Edit the /etc/neutron/neutron.conf file - and modify the following key under the [agent] - section. - [agent] -... -root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf - + Set the root_helper configuration in the + [agent] section of /etc/neutron/neutron.conf: + # openstack-config --set /etc/neutron/neutron.conf AGENT \ + root_helper sudo neutron-rootwrap /etc/neutron/rootwrap.conf Although the controller node does not run any Networking agents, @@ -1235,14 +1359,33 @@ root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf controller node - Configure Compute to use Networking. Edit the - /etc/nova/nova.conf file and add the following - keys under the [DEFAULT] section. Replace - NEUTRON_PASS with the password you chose - for the Neutron user in the Identity Service. - [DEFAULT] -... -network_api_class=nova.network.neutronv2.api.API + Configure OpenStack Compute to use OpenStack Networking + services. Configure the /etc/nova/nova.conf + file as per instructions below: + # openstack-config --set /etc/nova/nova.conf DEFAULT \ + network_api_class nova.network.neutronv2.api.API +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_url http://controller:9696 +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_auth_strategy keystone +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_tenant_name service +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_username neutron +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_password NEUTRON_PASS +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + neutron_admin_auth_url http://controller:35357/v2.0 +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + firewall_driver nova.virt.firewall.NoopFirewallDriver +# openstack-config --set /etc/nova/nova.conf DEFAULT \ + security_group_api neutron + Configure OpenStack Compute to use OpenStack Networking + services. Edit the /etc/nova/nova.conf + file: + network_api_class=nova.network.neutronv2.api.API neutron_url=http://controller:9696 neutron_auth_strategy=keystone neutron_admin_tenant_name=service @@ -1253,31 +1396,41 @@ linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.firewall.NoopFirewallDriver security_group_api=neutron - Regardless of which firewall driver you chose when you - configured the network and compute nodes, set this driver - as the No-Op firewall. This firewall is a - Nova firewall, and because Neutron - handles the Firewall, you must tell Nova not to use - one. - When Networking handles the firewall, the option + + + Regardless of which firewall driver you chose when you + configured the network and compute nodes, set this driver + as the No-Op firewall. This firewall is a + nova firewall, + and because neutron + handles the Firewall, you must tell nova + not to use one. + When Networking handles the firewall, the option firewall_driver should be set according to - the specified plug-in. For example with + the specified plug-in. For example with OVS, edit the /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini - file: - [securitygroup] + file: + [securitygroup] # Firewall driver for realizing neutron security group function. -firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver - If you do not want to use a firewall in Compute or - Networking, set - firewall_driver=nova.virt.firewall.NoopFirewallDriver - in both config files, and comment out or remove - security_group_api=neutron in the - /etc/nova/nova.conf file, otherwise - you may encounter ERROR: The server has either - erred or is incapable of performing the requested - operation. (HTTP 500) when issuing +firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + # openstack-config --set \ + /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini security_group \ + neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + + + If you do not want to use a firewall in Compute or + Networking, set + firewall_driver=nova.virt.firewall.NoopFirewallDriver + in both config files, and comment out or remove + security_group_api=neutron in the + /etc/nova/nova.conf file, otherwise + you may encounter ERROR: The server has either + erred or is incapable of performing the requested + operation. (HTTP 500) when issuing nova list commands. + +