458 lines
25 KiB
XML
458 lines
25 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="neutron-network-node">
|
|
<title>Configure network node</title>
|
|
<note>
|
|
<para>Before you start, set up a machine as a dedicated network
|
|
node. Dedicated network nodes have a
|
|
<replaceable>MGMT_INTERFACE</replaceable> NIC, a
|
|
<replaceable>DATA_INTERFACE</replaceable> NIC, and an
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable> NIC.</para>
|
|
<para>The management network handles communication among nodes.
|
|
The data network handles communication coming to and from VMs.
|
|
The external NIC connects the network node, and optionally to
|
|
the controller node, so your VMs can connect to the outside
|
|
world.</para>
|
|
</note>
|
|
<warning os="rhel;centos">
|
|
<para>By default, the <literal>system-config-firewall</literal> automated
|
|
firewall configuration tool is in place on RHEL. This graphical interface
|
|
(and a curses-style interface with <literal>-tui</literal> on the end of
|
|
the name) enables you to configure IP tables as a basic firewall. You
|
|
should disable it when you work with Networking unless you are familiar
|
|
with the underlying network technologies. By default, it blocks various
|
|
types of network traffic that are important to Networking. To disable it,
|
|
simply launch the program and clear the <guilabel>Enabled</guilabel> check
|
|
box.</para>
|
|
<para>After you successfully set up OpenStack Networking, you
|
|
can re-enable and configure the tool. However, during
|
|
Networking set up, disable the tool to make it easier to debug
|
|
network issues.</para>
|
|
</warning>
|
|
<procedure>
|
|
<title>Install agents and configure common components</title>
|
|
<step>
|
|
<para>Install the Networking packages and any dependencies.
|
|
</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-dhcp-agent neutron-l3-agent</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron openstack-neutron-l3-agent \
|
|
openstack-neutron-dhcp-agent openstack-neutron-metadata-agent</userinput></screen>
|
|
</step>
|
|
<step os="debian">
|
|
<para>Respond to prompts for <link
|
|
linkend="debconf-dbconfig-common">database
|
|
management</link>, <link
|
|
linkend="debconf-keystone_authtoken"
|
|
><literal>[keystone_authtoken]</literal>
|
|
settings</link>, <link linkend="debconf-rabbitmq">RabbitMQ
|
|
credentials</link> and <link
|
|
linkend="debconf-api-endpoints">API endpoint</link>
|
|
registration.</para>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Configure Networking agents to start at boot time:</para>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>for s in neutron-{dhcp,metadata,l3}-agent; do chkconfig $s on; done</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>for s in openstack-neutron-{dhcp,metadata,l3}-agent; do chkconfig $s on; done</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Enable packet forwarding and disable packet destination
|
|
filtering so that the network node can coordinate traffic
|
|
for the VMs. Edit the <filename>/etc/sysctl.conf</filename>
|
|
file, as follows:</para>
|
|
<programlisting language="ini">net.ipv4.ip_forward=1
|
|
net.ipv4.conf.all.rp_filter=0
|
|
net.ipv4.conf.default.rp_filter=0</programlisting>
|
|
<para>Use the <command>sysctl</command> command to ensure the
|
|
changes made to the <filename>/etc/sysctl.conf</filename>
|
|
file take effect:</para>
|
|
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
|
|
<note>
|
|
<para>It is recommended that the networking service is
|
|
restarted after changing values related to the networking
|
|
configuration. This ensures that all modified values take
|
|
effect immediately:</para>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>service networking restart</userinput></screen>
|
|
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service network restart</userinput></screen>
|
|
</note>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles">
|
|
<para>Configure Networking to use <systemitem class="service">keystone</systemitem> for authentication:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Set the <literal>auth_strategy</literal>
|
|
configuration key to <literal>keystone</literal> in the
|
|
<literal>DEFAULT</literal> section of the file:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Set the
|
|
<systemitem class="service">neutron</systemitem>
|
|
configuration for
|
|
<systemitem class="service">keystone</systemitem>
|
|
authentication:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_host <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_protocol http</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
auth_port 35357</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
admin_tenant_name service</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
admin_user neutron</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
|
|
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
|
|
</step></substeps>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>To configure <systemitem class="service">neutron</systemitem>
|
|
to use <systemitem class="service">keystone</systemitem>
|
|
for authentication, edit the
|
|
<filename>/etc/neutron/neutron.conf</filename> file.</para>
|
|
<substeps>
|
|
<step>
|
|
<para>Set the <literal>auth_strategy</literal>
|
|
configuration key to <literal>keystone</literal> in the
|
|
<literal>DEFAULT</literal> section of the file:</para>
|
|
<programlisting language="ini">auth_strategy = keystone</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Add these lines to the
|
|
<literal>[keystone_authtoken]</literal> section of the
|
|
file:</para>
|
|
<programlisting language="ini">[keystone_authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000
|
|
auth_host = <replaceable>controller</replaceable>
|
|
auth_port = 35357
|
|
auth_protocol = http
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
<step os="opensuse;sles;rhel;centos;fedora">
|
|
<para>Configure access to the <application>RabbitMQ</application> service:</para>
|
|
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rabbit_host <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rabbit_userid guest</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
|
|
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
|
|
</step>
|
|
<step os="ubuntu">
|
|
<para>Configure the <application>RabbitMQ</application> access.
|
|
Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
|
to modify the following parameters in the
|
|
<literal>DEFAULT</literal> section.</para>
|
|
<programlisting language="ini">rabbit_host = <replaceable>controller</replaceable>
|
|
rabbit_userid = guest
|
|
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>Install and configure the Open vSwitch (OVS) plug-in</title>
|
|
<para>OpenStack Networking supports a variety of plug-ins. For
|
|
simplicity, we chose to cover the most common plug-in, Open
|
|
vSwitch, and configure it to use basic GRE tunnels for tenant
|
|
network traffic.</para>
|
|
<step>
|
|
<para>Install the Open vSwitch plug-in and its
|
|
dependencies:</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Start Open vSwitch:</para>
|
|
<screen os="debian;rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
|
|
<para os="rhel;fedora;centos;opensuse;sles">And configure
|
|
it to start when the system boots:</para>
|
|
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
|
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>No matter which networking technology you use, you must add the
|
|
<literal>br-ex</literal> external bridge, which
|
|
connects to the outside world.</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-ex</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Add a <glossterm>port</glossterm> (connection) from
|
|
the <replaceable>EXTERNAL_INTERFACE</replaceable>
|
|
interface to <literal>br-ex</literal> interface:</para>
|
|
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-port br-ex <replaceable>EXTERNAL_INTERFACE</replaceable></userinput></screen>
|
|
<warning>
|
|
<para>The host must have an IP address associated
|
|
with an interface other than
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable>,
|
|
and your remote terminal session must be associated with
|
|
this other IP address.</para>
|
|
<para>If you associate an IP address with
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable>,
|
|
that IP address stops working after you issue the
|
|
<command>ovs-vsctl add-port br-ex <replaceable>EXTERNAL_INTERFACE</replaceable></command>
|
|
command. If you associate a remote terminal session with that
|
|
IP address, you lose connectivity with the host.</para>
|
|
<para>For more details about this behavior, see the
|
|
<emphasis>Configuration Problems</emphasis> section of the
|
|
<link xlink:href="http://git.openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=blob_plain;f=FAQ;hb=HEAD">Open vSwitch FAQ</link>.</para>
|
|
</warning>
|
|
</step>
|
|
<step>
|
|
<para>Configure the
|
|
<replaceable>EXTERNAL_INTERFACE</replaceable> without
|
|
an IP address and in promiscuous mode. Additionally, you
|
|
must set the newly created <literal>br-ex</literal>
|
|
interface to have the IP address that formerly belonged
|
|
to <replaceable>EXTERNAL_INTERFACE</replaceable>.</para>
|
|
<warning os="ubuntu">
|
|
<para>Generic Receive Offload (GRO) should not be
|
|
enabled on this interface as it can cause severe
|
|
performance problems. It can be disabled with the
|
|
ethtool utility.</para>
|
|
</warning>
|
|
<para os="rhel;fedora;centos">Edit the
|
|
<filename>/etc/sysconfig/network-scripts/ifcfg-EXTERNAL_INTERFACE</filename>
|
|
file:</para>
|
|
<programlisting language="ini" os="rhel;fedora;centos">DEVICE_INFO_HERE
|
|
ONBOOT=yes
|
|
BOOTPROTO=none
|
|
PROMISC=yes</programlisting>
|
|
</step>
|
|
<step os="rhel;fedora;centos">
|
|
<para>Create and edit the
|
|
<filename>/etc/sysconfig/network-scripts/ifcfg-br-ex</filename>
|
|
file:</para>
|
|
<programlisting language="ini">DEVICE=br-ex
|
|
TYPE=Bridge
|
|
ONBOOT=no
|
|
BOOTPROTO=none
|
|
IPADDR=EXTERNAL_INTERFACE_IP
|
|
NETMASK=EXTERNAL_INTERFACE_NETMASK
|
|
GATEWAY=EXTERNAL_INTERFACE_GATEWAY</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>You must set some common configuration options no
|
|
matter which networking technology you choose to use
|
|
with Open vSwitch. Configure the L3 and DHCP agents to
|
|
use <acronym>OVS</acronym> and namespaces. Edit the
|
|
<filename>/etc/neutron/l3_agent.ini</filename> and
|
|
<filename>/etc/neutron/dhcp_agent.ini</filename>
|
|
files, respectively:</para>
|
|
<programlisting language="ini">interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
|
|
use_namespaces = True</programlisting>
|
|
<note>
|
|
<para>While the examples in this guide enable network
|
|
namespaces by default, you can disable them if issues
|
|
occur or your kernel does not support them. Edit the
|
|
<filename>/etc/neutron/l3_agent.ini</filename> and
|
|
<filename>/etc/neutron/dhcp_agent.ini</filename>
|
|
files, respectively:</para>
|
|
<programlisting language="ini">use_namespaces = False</programlisting>
|
|
<para>Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
|
to disable overlapping IP addresses:</para>
|
|
<programlisting language="ini">allow_overlapping_ips = False</programlisting>
|
|
<para>Note that when network namespaces are disabled,
|
|
you can have only one router for each network node and
|
|
overlapping IP addresses are not supported.</para>
|
|
<para>You must complete additional steps after you
|
|
create the initial Neutron virtual networks and
|
|
router.</para>
|
|
</note>
|
|
</step>
|
|
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
|
|
<para>Similarly, you must also tell Neutron core to use
|
|
<acronym>OVS</acronym>. Edit the
|
|
<filename>/etc/neutron/neutron.conf</filename>
|
|
file:</para>
|
|
<programlisting language="ini">core_plugin = openvswitch</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Configure a firewall plug-in. If you do not wish to
|
|
enforce firewall rules, called <glossterm
|
|
baseform="security group">security groups</glossterm>
|
|
by OpenStack, you can use
|
|
<literal>neutron.agent.firewall.NoopFirewall</literal>.
|
|
Otherwise, you can choose one of the Networking firewall
|
|
plug-ins. The most common choice is the Hybrid
|
|
OVS-IPTables driver, but you can also use the
|
|
Firewall-as-a-Service driver. Edit the
|
|
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
|
file:</para>
|
|
<programlisting language="ini">[securitygroup]
|
|
# Firewall driver for realizing neutron security group function.
|
|
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
|
<warning>
|
|
<para>You must use at least the No-Op firewall.
|
|
Otherwise, Horizon and other OpenStack services cannot
|
|
get and set required VM boot options.</para>
|
|
</warning>
|
|
</step>
|
|
<step os="rhel;centos;fedora;sles;opensuse">
|
|
<para>Configure the <acronym>OVS</acronym> plug-in to start
|
|
on boot.</para>
|
|
<screen os="fedora;centos;rhel"><prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Configure the <acronym>OVS</acronym> plug-in to
|
|
use GRE tunneling, the <literal>br-int</literal>
|
|
integration bridge, the <literal>br-tun</literal>
|
|
tunneling bridge, and a local IP for the
|
|
<replaceable>DATA_INTERFACE</replaceable> tunnel IP.
|
|
Edit the
|
|
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
|
|
file:</para>
|
|
<programlisting language="ini">[ovs]
|
|
...
|
|
tenant_network_type = gre
|
|
tunnel_id_ranges = 1:1000
|
|
enable_tunneling = True
|
|
integration_bridge = br-int
|
|
tunnel_bridge = br-tun
|
|
local_ip = DATA_INTERFACE_IP</programlisting>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>Configure the agents</title>
|
|
<step>
|
|
<para>To perform DHCP on the software-defined networks,
|
|
Networking supports several different plug-ins. However, in
|
|
general, you use the <application>dnsmasq</application> plug-in.</para>
|
|
<para>Configure the
|
|
<filename>/etc/neutron/dhcp_agent.ini</filename> file:</para>
|
|
<programlisting language="ini" os="ubuntu;debian">dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq</programlisting>
|
|
<screen os="rhel;centos;fedora;opensuse;sles">
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT \
|
|
dhcp_driver neutron.agent.linux.dhcp.Dnsmasq</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>To allow virtual machines to access the Compute metadata
|
|
information, the Networking metadata agent must be enabled
|
|
and configured. The agent will act as a proxy for the
|
|
Compute metadata service.</para>
|
|
<para>On the controller, edit the
|
|
<filename>/etc/nova/nova.conf</filename> file to define a
|
|
secret key that will be shared between the Compute service
|
|
and the Networking metadata agent.</para>
|
|
<para os="debian;ubuntu">Add to the
|
|
<literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting os="ubuntu;debian" language="ini">[DEFAULT]
|
|
...
|
|
neutron_metadata_proxy_shared_secret = <replaceable>METADATA_PASS</replaceable>
|
|
service_neutron_metadata_proxy = true</programlisting>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Set the
|
|
<literal>neutron_metadata_proxy_shared_secret</literal>
|
|
key:</para>
|
|
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
|
neutron_metadata_proxy_shared_secret <replaceable>METADATA_PASS</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
|
|
service_neutron_metadata_proxy true</userinput></screen>
|
|
<para>Restart the
|
|
<systemitem class="service">nova-api</systemitem> service:</para>
|
|
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service nova-api restart</userinput></screen>
|
|
<screen os="centos;rhel;fedora;opensuse;sles"><prompt>#</prompt> <userinput>service openstack-nova-api restart</userinput></screen>
|
|
<para>On the network node, modify the metadata agent
|
|
configuration.</para>
|
|
<para os="debian;ubuntu">Edit the
|
|
<filename>/etc/neutron/metadata_agent.ini</filename> file
|
|
and modify the <literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting os="debian;ubuntu" language="ini">[DEFAULT]
|
|
...
|
|
auth_url = http://<replaceable>controller</replaceable>:5000/v2.0
|
|
auth_region = regionOne
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable>
|
|
nova_metadata_ip = <replaceable>controller</replaceable>
|
|
metadata_proxy_shared_secret = <replaceable>METADATA_PASS</replaceable></programlisting>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Set the required
|
|
keys:</para>
|
|
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
auth_url http://<replaceable>controller</replaceable>:5000/v2.0</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
auth_region regionOne</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
admin_tenant_name service</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
admin_user neutron</userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
nova_metadata_ip <replaceable>controller</replaceable></userinput>
|
|
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT \
|
|
metadata_proxy_shared_secret <replaceable>METADATA_PASS</replaceable></userinput></screen>
|
|
<note>
|
|
<para>The value of <literal>auth_region</literal> is
|
|
case-sensitive and must match the endpoint region defined
|
|
in Keystone.</para>
|
|
</note>
|
|
<note>
|
|
<para>If you serve the OpenStack Networking API over HTTPS with
|
|
self-signed certificates, you must perform additional configuration
|
|
for the metadata agent because Networking cannot validate the SSL
|
|
certificates from the service catalog.</para>
|
|
<para os="debian;ubuntu">Add this statement to the
|
|
<literal>[DEFAULT]</literal> section:</para>
|
|
<programlisting os="debian;ubuntu" language="ini">
|
|
neutron_insecure = True</programlisting>
|
|
<para os="opensuse;sles;rhel;centos;fedora">Set the required keys:</para>
|
|
<screen os="opensuse;sles;rhel;centos;fedora"><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT neutron_insecure True</userinput></screen>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>Finalize installation</title>
|
|
<step os="rhel;centos;fedora">
|
|
<para>The <systemitem class="service">neutron-server</systemitem>
|
|
initialization script expects a symbolic link
|
|
<filename>/etc/neutron/plugin.ini</filename> pointing to the
|
|
configuration file associated with your chosen plug-in. Using
|
|
Open vSwitch, for example, the symbolic link must point to
|
|
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.
|
|
If this symbolic link does not exist, create it using the
|
|
following commands:</para>
|
|
<screen><prompt>#</prompt> <userinput>cd /etc/neutron</userinput>
|
|
<prompt>#</prompt> <userinput>ln -s plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini</userinput></screen>
|
|
</step>
|
|
<step os="sles;opensuse">
|
|
<para>The <systemitem class="service">openstack-neutron</systemitem>
|
|
initialization script expects the variable
|
|
<literal>NEUTRON_PLUGIN_CONF</literal> in file
|
|
<filename>/etc/sysconfig/neutron</filename> to reference the
|
|
configuration file associated with your chosen plug-in. Using
|
|
Open vSwitch, for example, edit the
|
|
<filename>/etc/sysconfig/neutron</filename> file and add the
|
|
following:</para>
|
|
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Restart Networking services.</para>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-metadata-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-l3-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-metadata-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-dhcp-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-l3-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-metadata-agent restart</userinput>
|
|
<prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|