4744c8f987
I updated neutron content in the installation guide for Juno
as follows:
1) Renamed files and IDs since the guide no longer needs to
differentiate between the ML2 and OVS plug-ins.
2) Removed prompts specific to MySQL because most distributions
will use MariaDB.
3) Explicitly created endpoint with 'regionOne' region to avoid
inconsistent defaults.
4) Replaced 'auth_*' options with 'identity_uri' option.
5) Moved neutron configuration options to [neutron] section in
nova.conf.
6) Recommended enabling verbose logging.
7) Removed workarounds for Ubuntu 12.04.
8) Removed note about CirrOS lacking support for the DHCP MTU
option.
9) Explicitly defined flat external network type.
10) Added example command output and updated existing command
output.
11) Added and updated glossary terms.
12) Implemented changes from the improvements blueprint including
structure and phrasing.
Change-Id: I13baa94585bb6e8b22d8d79043fc84cbc2514954
Implements: blueprint installation-guide-improvements
290 lines
13 KiB
XML
290 lines
13 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="neutron-compute-node">
|
|
<title>Install and configure compute node</title>
|
|
<para>The compute node handles connectivity and
|
|
<glossterm baseform="security group">security groups</glossterm>
|
|
for instances.</para>
|
|
<procedure>
|
|
<title>To configure prerequisites</title>
|
|
<para>Before you install and configure OpenStack Networking, you
|
|
must configure certain kernel networking parameters.</para>
|
|
<step>
|
|
<para>Edit the <filename>/etc/sysctl.conf</filename> file to
|
|
contain the following parameters:</para>
|
|
<programlisting>net.ipv4.conf.all.rp_filter=0
|
|
net.ipv4.conf.default.rp_filter=0</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Implement the changes:</para>
|
|
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure os="ubuntu;rhel;centos;fedora;sles;opensuse">
|
|
<title>To install the Networking components</title>
|
|
<step>
|
|
<screen os="ubuntu"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent</userinput></screen>
|
|
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>yum install openstack-neutron-ml2 openstack-neutron-openvswitch</userinput></screen>
|
|
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
|
|
<note os="sles;opensuse">
|
|
<para>SUSE does not use a separate ML2 plug-in package.</para>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<procedure os="debian">
|
|
<title>To install and configure the Networking components</title>
|
|
<step>
|
|
<screen><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
|
|
<note>
|
|
<para>Debian does not use a separate ML2 plug-in package.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>Respond to prompts for <link
|
|
linkend="debconf-dbconfig-common">database
|
|
management</link>, <link linkend="debconf-keystone_authtoken"
|
|
>Identity service credentials</link>, <link
|
|
linkend="debconf-api-endpoints">service endpoint
|
|
registration</link>, and <link linkend="debconf-rabbitmq"
|
|
>message broker credentials</link>.</para>
|
|
</step>
|
|
<step>
|
|
<para>Select the ML2 plug-in:</para>
|
|
<informalfigure>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata scale="50"
|
|
fileref="figures/debconf-screenshots/neutron_1_plugin_selection.png"
|
|
/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</informalfigure>
|
|
<note>
|
|
<para>Selecting the ML2 plug-in also populates the
|
|
<option>service_plugins</option> and
|
|
<option>allow_overlapping_ips</option> options in the
|
|
<filename>/etc/neutron/neutron.conf</filename> file with the
|
|
appropriate values.</para>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<procedure os="ubuntu;rhel;centos;fedora;sles;opensuse">
|
|
<title>To configure the Networking common components</title>
|
|
<para>The Networking common component configuration includes the
|
|
authentication mechanism, message broker, and plug-in.</para>
|
|
<step>
|
|
<para>Edit the <filename>/etc/neutron/neutron.conf</filename> file
|
|
and complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> section, configure
|
|
<application>RabbitMQ</application> message broker access:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
rpc_backend = rabbit
|
|
rabbit_host = <replaceable>controller</replaceable>
|
|
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
|
<para>Replace <replaceable>RABBIT_PASS</replaceable> with the
|
|
password you chose for the <literal>guest</literal> account in
|
|
<application>RabbitMQ</application>.</para>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[keystone_authtoken]</literal> section,
|
|
configure Identity service access:</para>
|
|
<programlisting language="ini">[keystone_authtoken]
|
|
...
|
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
|
admin_tenant_name = service
|
|
admin_user = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
<para>Replace <replaceable>NEUTRON_PASS</replaceable> with the
|
|
password you chose or the <literal>neutron</literal> user in the
|
|
Identity service.</para>
|
|
<note>
|
|
<para>Comment out any <literal>auth_host</literal>,
|
|
<literal>auth_port</literal>, and
|
|
<literal>auth_protocol</literal> options because the
|
|
<literal>identity_uri</literal> option replaces them.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> section, enable the
|
|
Modular Layer 2 (ML2) plug-in, router service, and overlapping
|
|
IP addresses:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
core_plugin = ml2
|
|
service_plugins = router
|
|
allow_overlapping_ips = True</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>(Optional) To assist with troubleshooting,
|
|
enable verbose logging in the <literal>[DEFAULT]</literal>
|
|
section:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
verbose = True</programlisting>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To configure the Modular Layer 2 (ML2) plug-in</title>
|
|
<para>The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to
|
|
build the virtual networking framework for instances.</para>
|
|
<step>
|
|
<para>Edit the
|
|
<filename>/etc/neutron/plugins/ml2/ml2_conf.ini</filename>
|
|
file and complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[ml2]</literal> section, enable the
|
|
<glossterm baseform="flat network">flat</glossterm> and
|
|
<glossterm>generic routing encapsulation (GRE)</glossterm>
|
|
network type drivers, GRE tenant networks, and the OVS
|
|
mechanism driver:</para>
|
|
<programlisting language="ini">[ml2]
|
|
...
|
|
type_drivers = flat,gre
|
|
tenant_network_types = gre
|
|
mechanism_drivers = openvswitch</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[ml2_type_gre]</literal> section, configure
|
|
the tunnel identifier (id) range:</para>
|
|
<programlisting language="ini">[ml2_type_gre]
|
|
...
|
|
tunnel_id_ranges = 1:1000</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[securitygroup]</literal> section, enable
|
|
security groups and configure the OVS
|
|
<glossterm>iptables</glossterm> firewall driver:</para>
|
|
<programlisting language="ini">[securitygroup]
|
|
...
|
|
enable_security_group = True
|
|
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[ovs]</literal> section, configure the
|
|
<glossterm>Open vSwitch (OVS) agent</glossterm>:</para>
|
|
<programlisting language="ini">[ovs]
|
|
...
|
|
local_ip = <replaceable>INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS</replaceable>
|
|
tunnel_type = gre
|
|
enable_tunneling = True</programlisting>
|
|
<para>Replace
|
|
<replaceable>INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS</replaceable>
|
|
with the IP address of the instance tunnels network interface
|
|
on your compute node.</para>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To configure the Open vSwitch (OVS) service</title>
|
|
<para>The OVS service provides the underlying virtual networking framework
|
|
for instances.</para>
|
|
<step os="rhel;centos;fedora">
|
|
<para>Start the OVS service and configure it to start when the
|
|
system boots:</para>
|
|
<screen><prompt>#</prompt> <userinput>service openvswitch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
|
|
</step>
|
|
<step os="sles;opensuse">
|
|
<para>Start the OVS service and configure it to start when the
|
|
system boots:</para>
|
|
<screen><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
|
|
</step>
|
|
<step os="debian;ubuntu">
|
|
<para>Restart the OVS service:</para>
|
|
<screen><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To configure Compute to use Networking</title>
|
|
<para>By default, distribution packages configure Compute to use
|
|
legacy networking. You must reconfigure Compute to manage
|
|
networks through Networking.</para>
|
|
<step>
|
|
<para>Edit the <filename>/etc/nova/nova.conf</filename> file and
|
|
complete the following actions:</para>
|
|
<substeps>
|
|
<step>
|
|
<para>In the <literal>[DEFAULT]</literal> section, configure
|
|
the <glossterm baseform="API">APIs</glossterm> and drivers:</para>
|
|
<programlisting language="ini">[DEFAULT]
|
|
...
|
|
network_api_class = nova.network.neutronv2.api.API
|
|
security_group_api = neutron
|
|
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
|
|
firewall_driver = nova.virt.firewall.NoopFirewallDriver</programlisting>
|
|
<note>
|
|
<para>By default, Compute uses an internal firewall service.
|
|
Since Networking includes a firewall service, you must
|
|
disable the Compute firewall service by using the
|
|
<literal>nova.virt.firewall.NoopFirewallDriver</literal>
|
|
firewall driver.</para>
|
|
</note>
|
|
</step>
|
|
<step>
|
|
<para>In the <literal>[neutron]</literal> section, configure
|
|
access parameters:</para>
|
|
<programlisting language="ini">[neutron]
|
|
...
|
|
url = http://<replaceable>controller</replaceable>:9696
|
|
auth_strategy = keystone
|
|
admin_auth_url = http://<replaceable>controller</replaceable>:35357/v2.0
|
|
admin_tenant_name = service
|
|
admin_username = neutron
|
|
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
|
|
<para>Replace <replaceable>NEUTRON_PASS</replaceable> with the
|
|
password you chose for the <literal>neutron</literal> user
|
|
in the Identity service.</para>
|
|
</step>
|
|
</substeps>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To finalize the installation</title>
|
|
<step os="rhel;centos;fedora">
|
|
<para>The Networking service initialization scripts expect a
|
|
symbolic link <filename>/etc/neutron/plugin.ini</filename>
|
|
pointing to the ML2 plug-in configuration file,
|
|
<filename>/etc/neutron/plugins/ml2/ml2_conf.ini</filename>.
|
|
If this symbolic link does not exist, create it using the
|
|
following command:</para>
|
|
<screen><prompt>#</prompt> <userinput>ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini</userinput></screen>
|
|
</step>
|
|
<step os="sles;opensuse">
|
|
<para>The Networking service initialization scripts expect the
|
|
variable <literal>NEUTRON_PLUGIN_CONF</literal> in the
|
|
<filename>/etc/sysconfig/neutron</filename> file to
|
|
reference the ML2 plug-in configuration file. Edit the
|
|
<filename>/etc/sysconfig/neutron</filename> file and add the
|
|
following:</para>
|
|
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"</programlisting>
|
|
</step>
|
|
<step>
|
|
<para>Restart the Compute service:</para>
|
|
<screen os="rhel;centos;fedora;sles;opensuse"><prompt>#</prompt> <userinput>service openstack-nova-compute restart</userinput></screen>
|
|
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service nova-compute restart</userinput></screen>
|
|
</step>
|
|
<step os="rhel;centos;fedora;sles;opensuse">
|
|
<para>Start the Open vSwitch (OVS) agent and configure it to
|
|
start when the system boots:</para>
|
|
<screen os="rhel;centos;fedora;sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent start</userinput>
|
|
<prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
|
|
</step>
|
|
<step os="ubuntu;debian">
|
|
<para>Restart the Open vSwitch (OVS) agent:</para>
|
|
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|