17fc8c8a8b
As part of the installation guide improvement project, I performed the following operations on the Networking chapter: 1) Moved Neutron ML2 sections before OVS sections and updated associated notes to steer users toward ML2. 2) Removed database population steps because Neutron populates the database at first run. 3) Moved 'enable_security_group' key to [securitygroup] section. 4) Removed extraneous colons from procedure titles. 5) Added command output to Neutron initial networks section. 6) Added command output to Nova initial networks section. Change-Id: Ie677d199d2c64ef2a564eaa551295e1a321db02c Partial-Bug: #1291071 Implements: blueprint networking-install-guide-improvements
476 lines
26 KiB
XML
476 lines
26 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xml:id="neutron-network-node"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:svg="http://www.w3.org/2000/svg"
|
|
xmlns:html="http://www.w3.org/1999/xhtml" version="5.0">
|
|
<title>Configure network node</title>
|
|
<note>
|
|
<para>Before you start, set up a machine as a dedicated network
|
|
node. Dedicated network nodes have a
|
|
<replaceable>MGMT_INTERFACE</replaceable> NIC, a
|
|
<replaceable>DATA_INTERFACE</replaceable> NIC, and a
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable> NIC.</para>
|
|
<para>The management network handles communication among nodes.
|
|
The data network handles communication coming to and from VMs.
|
|
The external NIC connects the network node, and optionally to
|
|
the controller node, so your VMs can connect to the outside
|
|
world.</para>
|
|
</note>
|
|
<warning os="rhel;centos">
|
|
<para>By default, the <literal>system-config-firewall</literal>
|
|
automated firewall configuration tool is in place on RHEL.
|
|
This graphical interface (and a curses-style interface with
|
|
<literal>-tui</literal> on the end of the name) enables you
|
|
to configure IP tables as a basic firewall. You should disable
|
|
it when you work with Networking unless you are familiar with
|
|
the underlying network technologies, as, by default, it blocks
|
|
various types of network traffic that are important to
|
|
Networking. To disable it, simply launch the program and clear
|
|
the <guilabel>Enabled</guilabel> check box.</para>
|
|
<para>After you successfully set up OpenStack Networking, you
|
|
can re-enable and configure the tool. However, during
|
|
Networking set up, disable the tool to make it easier to debug
|
|
network issues.</para>
|
|
</warning>
|
|
<procedure>
|
|
<title>Install agents and configure common components</title>
|
|
<step>
|
|
<para>Install the Networking packages and any dependencies.
|
|
</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-dhcp-agent neutron-l3-agent</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron openstack-neutron-l3-agent \
|
|
openstack-neutron-dhcp-agent openstack-neutron-metadata-agent</userinput></screen>
|
|
</step>
|
|
<step os="debian">
|
|
<para>Respond to prompts for <link
|
|
linkend="debconf-dbconfig-common">database
|
|
management</link>, <link
|
|
linkend="debconf-keystone_authtoken"
|
|
><literal>[keystone_authtoken]</literal>
|
|
settings</link>, <link linkend="debconf-rabbitqm">RabbitMQ
|
|
credentials</link> and <link
|
|
linkend="debconf-api-endpoints">API endpoint</link>
|
|
registration.</para>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Configure Networking agents to start at boot time:</para>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>for s in neutron-{dhcp,metadata,l3}-agent; do chkconfig $s on; done</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>for s in openstack-neutron-{dhcp,metadata,l3}-agent; do chkconfig $s on; done</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Enable packet forwarding and disable packet destination
|
|
filtering so that the network node can coordinate traffic
|
|
for the VMs. Edit the <filename>/etc/sysctl.conf</filename>
|
|
file, as follows:</para>
|
|
<programlisting language="ini">net.ipv4.ip_forward=1
|
|
net.ipv4.conf.all.rp_filter=0
|
|
net.ipv4.conf.default.rp_filter=0</programlisting>
|
|
<para>Use the <command>sysctl</command> command to ensure the
|
|
changes made to the <filename>/etc/sysctl.conf</filename>
|
|
file take effect:</para>
|
|
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
|
|
<note>
|
|
<para>It is recommended that the networking service is
|
|
restarted after changing values related to the networking
|
|
configuration. This ensures that all modified values take
|
|
effect immediately:</para>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>service networking restart</userinput></screen>
|
|
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service network restart</userinput></screen>
|
|
</note>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Configure Networking to use <systemitem class="service">keystone</systemitem> for authentication:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Set the <literal>auth_strategy</literal>
|
|
configuration key to <literal>keystone</literal> in the
|
|
<literal>DEFAULT</literal> section of the file:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Set the
|
|
<systemitem class="service">neutron</systemitem>
|
|
configuration for
|
|
<systemitem class="service">keystone</systemitem>
|
|
authentication:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_host <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_protocol http</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_port 35357</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
admin_tenant_name service</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
admin_user neutron</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
|
|
</step></substeps>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>To configure <systemitem class="service">neutron</systemitem>
|
|
to use <systemitem class="service">keystone</systemitem>
|
|
for authentication, edit the
|
|
<filename>/etc/neutron/neutron.conf</filename> file.</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Set the <literal>auth_strategy</literal>
|
|
configuration key to <literal>keystone</literal> in the
|
|
<literal>DEFAULT</literal> section of the file:</para>
|
|
<programlisting language="ini">auth_strategy = keystone</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Add these lines to the
|
|
<literal>[keystone_authtoken]</literal> section of the
|
|
file:</para>
|
|
<programlisting language="ini">[keystone_authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000
|
|
auth_host = <replaceable>controller</replaceable>
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step os="opensuse;sles">
|
|
<para>Configure access to the <application>RabbitMQ</application> service:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rabbit_host <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rabbit_userid guest</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>Configure the <application>RabbitMQ</application> access.
|
|
Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
|
to modify the following parameters in the
|
|
<literal>DEFAULT</literal> section.</para>
|
|
<programlisting language="ini">rabbit_host = <replaceable>controller</replaceable>
|
|
rabbit_userid = guest
|
|
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
|
</step>
|
|
<step os="rhel;centos;fedora">
|
|
<para>Configure access to the <application>Qpid</application> message queue:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rpc_backend neutron.openstack.common.rpc.impl_qpid</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
qpid_hostname <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
qpid_port 5672</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
qpid_username <replaceable>guest</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
qpid_password <replaceable>guest</replaceable></userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>Install and configure Open vSwitch (OVS) plug-in</title>
|
|
<para>OpenStack Networking supports a variety of plug-ins. For
|
|
simplicity, we chose to cover the most common plug-in, Open
|
|
vSwitch, and configure it to use basic GRE tunnels for tenant
|
|
network traffic.</para>
|
|
<step>
|
|
<para>Install the Open vSwitch plug-in and its
|
|
dependencies:</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Start Open vSwitch:</para>
|
|
<screen os="debian;rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
|
|
<para os="rhel;fedora;centos;opensuse;sles">And configure
|
|
it to start when the system boots:</para>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>No matter which networking technology you use, you
|
|
must add the <literal>br-int</literal> integration
|
|
bridge, which connects to the VMs, and the
|
|
<literal>br-ex</literal> external bridge, which
|
|
connects to the outside world.</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput>
|
|
<prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add a <glossterm>port</glossterm> (connection) from
|
|
the <replaceable>EXTERNAL_INTERFACE</replaceable>
|
|
interface to <literal>br-ex</literal> interface:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex <replaceable>EXTERNAL_INTERFACE</replaceable></userinput></screen>
|
|
<warning>
|
|
<para>The host must have an IP address associated
|
|
with an interface other than
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable>,
|
|
and your remote terminal session must be associated with
|
|
this other IP address.</para>
|
|
<para>If you associate an IP address with
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable>,
|
|
that IP address stops working after you issue the
|
|
<command>ovs-vsctl add-port br-ex <replaceable>EXTERNAL_INTERFACE</replaceable></command>
|
|
command. If you associate a remote terminal session with that
|
|
IP address, you lose connectivity with the host.</para>
|
|
<para>For more details about this behavior, see the
|
|
<emphasis>Configuration Problems</emphasis> section of the
|
|
<link xlink:href="http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD">Open vSwitch FAQ</link>.</para>
|
|
</warning>
|
|
</step>
|
|
<step>
|
|
<para>Configure the
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable> without
|
|
an IP address and in promiscuous mode. Additionally, you
|
|
must set the newly created <literal>br-ex</literal>
|
|
interface to have the IP address that formerly belonged
|
|
to <replaceable>EXTERNAL_INTERFACE</replaceable>.</para>
|
|
<warning os="ubuntu">
|
|
<para>Generic Receive Offload (GRO) should not be
|
|
enabled on this interface as it can cause severe
|
|
performance problems. It can be disabled with the
|
|
ethtool utility.</para>
|
|
</warning>
|
|
<para os="rhel;fedora;centos">Edit the
|
|
<filename>/etc/sysconfig/network-scripts/ifcfg-EXTERNAL_INTERFACE</filename>
|
|
file:</para>
|
|
<programlisting language="ini" os="rhel;fedora;centos">DEVICE_INFO_HERE
|
|
ONBOOT=yes
|
|
BOOTPROTO=none
|
|
PROMISC=yes</programlisting>
|
|
</step>
|
|
<step os="rhel;fedora;centos">
|
|
<para>Create and edit the
|
|
<filename>/etc/sysconfig/network-scripts/ifcfg-br-ex</filename>
|
|
file:</para>
|
|
<programlisting language="ini">DEVICE=br-ex
|
|
TYPE=Bridge
|
|
ONBOOT=no
|
|
BOOTPROTO=none
|
|
IPADDR=EXTERNAL_INTERFACE_IP
|
|
NETMASK=EXTERNAL_INTERFACE_NETMASK
|
|
GATEWAY=EXTERNAL_INTERFACE_GATEWAY</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>You must set some common configuration options no
|
|
matter which networking technology you choose to use
|
|
with Open vSwitch. Configure the L3 and DHCP agents to
|
|
use <acronym>OVS</acronym> and namespaces. Edit the
|
|
<filename>/etc/neutron/l3_agent.ini</filename> and
|
|
<filename>/etc/neutron/dhcp_agent.ini</filename>
|
|
files, respectively:</para>
|
|
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
|
|
use_namespaces = True</programlisting>
|
|
<note>
|
|
<para>While the examples in this guide enable network
|
|
namespaces by default, you can disable them if issues
|
|
occur or your kernel does not support them. Edit the
|
|
<filename>/etc/neutron/l3_agent.ini</filename> and
|
|
<filename>/etc/neutron/dhcp_agent.ini</filename>
|
|
files, respectively:</para>
|
|
<programlisting language="ini">use_namespaces = False</programlisting>
|
|
<para>Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
|
to disable overlapping IP addresses:</para>
|
|
<programlisting language="ini">allow_overlapping_ips = False</programlisting>
|
|
<para>Note that when network namespaces are disabled,
|
|
you can have only one router for each network node and
|
|
overlapping IP addresses are not supported.</para>
|
|
<para>You must complete additional steps after you
|
|
create the initial Neutron virtual networks and
|
|
router.</para>
|
|
</note>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<para>Similarly, you must also tell Neutron core to use
|
|
<acronym>OVS</acronym>. Edit the
|
|
<filename>/etc/neutron/neutron.conf</filename>
|
|
file:</para>
|
|
<programlisting language="ini">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Configure a firewall plug-in. If you do not wish to
|
|
enforce firewall rules, called <glossterm
|
|
baseform="security group">security groups</glossterm>
|
|
by OpenStack, you can use
|
|
<literal>neutron.agent.firewall.NoopFirewall</literal>.
|
|
Otherwise, you can choose one of the Networking firewall
|
|
plug-ins. The most common choice is the Hybrid
|
|
OVS-IPTables driver, but you can also use the
|
|
Firewall-as-a-Service driver. Edit the
|
|
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
|
file:</para>
|
|
<programlisting language="ini">[securitygroup]
|
|
# Firewall driver for realizing neutron security group function.
|
|
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
|
<warning>
|
|
<para>You must use at least the No-Op firewall.
|
|
Otherwise, Horizon and other OpenStack services cannot
|
|
get and set required VM boot options.</para>
|
|
</warning>
|
|
</step>
|
|
<step os="rhel;centos;fedora;sles;opensuse">
|
|
<para>Configure the <acronym>OVS</acronym> plug-in to start
|
|
on boot.</para>
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Configure the <acronym>OVS</acronym> plug-in to
|
|
use GRE tunneling, the <literal>br-int</literal>
|
|
integration bridge, the <literal>br-tun</literal>
|
|
tunneling bridge, and a local IP for the
|
|
<replaceable>DATA_INTERFACE</replaceable> tunnel IP.
|
|
Edit the
|
|
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
|
file:</para>
|
|
<programlisting language="ini">[ovs]
|
|
...
|
|
tenant_network_type = gre
|
|
tunnel_id_ranges = 1:1000
|
|
enable_tunneling = True
|
|
integration_bridge = br-int
|
|
tunnel_bridge = br-tun
|
|
local_ip = DATA_INTERFACE_IP</programlisting>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>Configure the agents</title>
|
|
<step>
|
|
<para>To perform DHCP on the software-defined networks,
|
|
Networking supports several different plug-ins. However, in
|
|
general, you use the <application>dnsmasq</application> plug-in.</para>
|
|
<para>Configure the
|
|
<filename>/etc/neutron/dhcp_agent.ini</filename> file:</para>
|
|
<programlisting language="ini" os="ubuntu;debian">dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq</programlisting>
|
|
<screen os="rhel;centos;fedora;opensuse;sles">
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
|
|
dhcp_driver neutron.agent.linux.dhcp.Dnsmasq</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>To allow virtual machines to access the Compute metadata
|
|
information, the Networking metadata agent must be enabled
|
|
and configured. The agent will act as a proxy for the
|
|
Compute metadata service.</para>
|
|
<para>On the controller, edit the
|
|
<filename>/etc/nova/nova.conf</filename> file to define a
|
|
secret key that will be shared between the Compute service
|
|
and the Networking metadata agent.</para>
|
|
<para os="debian;ubuntu">Add to the
|
|
<literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting os="ubuntu;debian" language="ini">[DEFAULT]
|
|
...
|
|
neutron_metadata_proxy_shared_secret = <replaceable>METADATA_PASS</replaceable>
|
|
service_neutron_metadata_proxy = true</programlisting>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Set the
|
|
<literal>neutron_metadata_proxy_shared_secret</literal>
|
|
key:</para>
|
|
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
|
neutron_metadata_proxy_shared_secret <replaceable>METADATA_PASS</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
|
service_neutron_metadata_proxy true</userinput></screen>
|
|
<para>Restart the
|
|
<systemitem class="service">nova-api</systemitem> service:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service nova-api restart</userinput></screen>
|
|
<screen os="centos;rhel;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-nova-api restart</userinput></screen>
|
|
<para>On the network node, modify the metadata agent
|
|
configuration.</para>
|
|
<para os="debian;ubuntu">Edit the
|
|
<filename>/etc/neutron/metadata_agent.ini</filename> file
|
|
and modify the <literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting os="debian;ubuntu" language="ini">[DEFAULT]
|
|
...
|
|
auth_url = http://<replaceable>controller</replaceable>:5000/v2.0
|
|
auth_region = regionOne
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable>
|
|
nova_metadata_ip = <replaceable>controller</replaceable>
|
|
metadata_proxy_shared_secret = <replaceable>METADATA_PASS</replaceable></programlisting>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Set the required
|
|
keys:</para>
|
|
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
auth_url http://<replaceable>controller</replaceable>:5000/v2.0</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
auth_region regionOne</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
admin_tenant_name service</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
admin_user neutron</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
nova_metadata_ip <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
metadata_proxy_shared_secret <replaceable>METADATA_PASS</replaceable></userinput></screen>
|
|
<note>
|
|
<para>The value of <literal>auth_region</literal> is
|
|
case-sensitive and must match the endpoint region defined
|
|
in Keystone.</para>
|
|
</note>
|
|
<note>
|
|
<para>If you serve the OpenStack Networking API over HTTPS with
|
|
self-signed certificates, you must perform additional configuration
|
|
for the metadata agent because Networking cannot validate the SSL
|
|
certificates from the service catalog.</para>
|
|
<para os="debian;ubuntu">Add this statement to the
|
|
<literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting os="debian;ubuntu" language="ini">
|
|
neutron_insecure = True</programlisting>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Set the required keys:</para>
|
|
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT neutron_insecure True</userinput></screen>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>Finalize installation</title>
|
|
<step os="rhel;centos;fedora">
|
|
<para>The <systemitem class="service">neutron-server</systemitem>
|
|
initialization script expects a symbolic link
|
|
<filename>/etc/neutron/plugin.ini</filename> pointing to the
|
|
configuration file associated with your chosen plug-in. Using
|
|
Open vSwitch, for example, the symbolic link must point to
|
|
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.
|
|
If this symbolic link does not exist, create it using the
|
|
following commands:</para>
|
|
<screen><prompt>#</prompt> <userinput>cd /etc/neutron</userinput>
|
|
<prompt>#</prompt> <userinput>ln -s plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini</userinput></screen>
|
|
</step>
|
|
<step os="sles;opensuse">
|
|
<para>The <systemitem class="service">openstack-neutron</systemitem>
|
|
initialization script expects the variable
|
|
<literal>NEUTRON_PLUGIN_CONF</literal> in file
|
|
<filename>/etc/sysconfig/neutron</filename> to reference the
|
|
configuration file associated with your chosen plug-in. Using
|
|
Open vSwitch, for example, edit the
|
|
<filename>/etc/sysconfig/neutron</filename> file and add the
|
|
following:</para>
|
|
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Restart Networking services.</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-metadata-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-metadata-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-l3-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-metadata-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|