4744c8f987
I updated neutron content in the installation guide for Juno
as follows:
1) Renamed files and IDs since the guide no longer needs to
differentiate between the ML2 and OVS plug-ins.
2) Removed prompts specific to MySQL because most distributions
will use MariaDB.
3) Explicitly created endpoint with 'regionOne' region to avoid
inconsistent defaults.
4) Replaced 'auth_*' options with 'identity_uri' option.
5) Moved neutron configuration options to [neutron] section in
nova.conf.
6) Recommended enabling verbose logging.
7) Removed workarounds for Ubuntu 12.04.
8) Removed note about CirrOS lacking support for the DHCP MTU
option.
9) Explicitly defined flat external network type.
10) Added example command output and updated existing command
output.
11) Added and updated glossary terms.
12) Implemented changes from the improvements blueprint including
structure and phrasing.
Change-Id: I13baa94585bb6e8b22d8d79043fc84cbc2514954
Implements: blueprint installation-guide-improvements
263 lines
15 KiB
XML
263 lines
15 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="neutron-initial-networks">
|
|
<title>Create initial networks</title>
|
|
<para>Before launching your first instance, you must create the
|
|
necessary virtual network infrastructure to which the instance will
|
|
connect, including the
|
|
<link linkend="neutron_initial-external-network">external network</link>
|
|
and
|
|
<link linkend="neutron_initial-tenant-network">tenant network</link>.
|
|
See <xref linkend="neutron_figure-neutron-initial-networks"/>. After
|
|
creating this infrastructure, we recommend that you
|
|
<link linkend="neutron_initial-networks-verify">verify
|
|
connectivity</link> and resolve any issues before proceeding further.
|
|
</para>
|
|
<figure xml:id="neutron_figure-neutron-initial-networks">
|
|
<title>Initial networks</title>
|
|
<mediaobject>
|
|
<imageobject>
|
|
<imagedata scale="50"
|
|
fileref="figures/installguide_neutron-initial-networks.png"/>
|
|
</imageobject>
|
|
</mediaobject>
|
|
</figure>
|
|
<section xml:id="neutron_initial-external-network">
|
|
<title>External network</title>
|
|
<para>The external network typically provides Internet access for
|
|
your instances. By default, this network only allows Internet
|
|
access <emphasis>from</emphasis> instances using
|
|
<glossterm>Network Address Translation (NAT)</glossterm>. You can
|
|
enable Internet access <emphasis>to</emphasis> individual instances
|
|
using a <glossterm>floating IP address</glossterm> and suitable
|
|
<glossterm>security group</glossterm> rules. The <literal>admin</literal>
|
|
tenant owns this network because it provides external network
|
|
access for multiple tenants. You must also enable sharing to allow
|
|
access by those tenants.</para>
|
|
<note>
|
|
<para>Perform these commands on the controller node.</para>
|
|
</note>
|
|
<procedure>
|
|
<title>To create the external network</title>
|
|
<step>
|
|
<para>Source the <literal>admin</literal> credentials to gain access to
|
|
admin-only CLI commands:</para>
|
|
<screen><prompt>$</prompt> <userinput>source admin-openrc.sh</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the network:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron net-create ext-net --shared --router:external True \
|
|
--provider:physical_network external --provider:network_type flat</userinput>
|
|
<computeroutput>Created a new network:
|
|
+---------------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+---------------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| id | 893aebb9-1c1e-48be-8908-6b947f3237b3 |
|
|
| name | ext-net |
|
|
| provider:network_type | flat |
|
|
| provider:physical_network | external |
|
|
| provider:segmentation_id | |
|
|
| router:external | True |
|
|
| shared | True |
|
|
| status | ACTIVE |
|
|
| subnets | |
|
|
| tenant_id | 54cd044c64d5408b83f843d63624e0d8 |
|
|
+---------------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>Like a physical network, a virtual network requires a
|
|
<glossterm>subnet</glossterm> assigned to it. The external network
|
|
shares the same subnet and <glossterm>gateway</glossterm> associated
|
|
with the physical network connected to the external interface on the
|
|
network node. You should specify an exclusive slice of this subnet
|
|
for <glossterm>router</glossterm> and floating IP addresses to prevent
|
|
interference with other devices on the external network.</para>
|
|
<procedure>
|
|
<title>To create a subnet on the external network</title>
|
|
<step>
|
|
<para>Create the subnet:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron subnet-create ext-net --name ext-subnet \
|
|
--allocation-pool start=<replaceable>FLOATING_IP_START</replaceable>,end=<replaceable>FLOATING_IP_END</replaceable> \
|
|
--disable-dhcp --gateway <replaceable>EXTERNAL_NETWORK_GATEWAY</replaceable> <replaceable>EXTERNAL_NETWORK_CIDR</replaceable></userinput></screen>
|
|
<para>Replace <replaceable>FLOATING_IP_START</replaceable> and
|
|
<replaceable>FLOATING_IP_END</replaceable> with the first and last
|
|
IP addresses of the range that you want to allocate for floating IP
|
|
addresses. Replace <replaceable>EXTERNAL_NETWORK_CIDR</replaceable>
|
|
with the subnet associated with the physical network. Replace
|
|
<replaceable>EXTERNAL_NETWORK_GATEWAY</replaceable> with the gateway
|
|
associated with the physical network, typically the ".1" IP address.
|
|
You should disable <glossterm>DHCP</glossterm> on this subnet because
|
|
instances do not connect directly to the external network and
|
|
floating IP addresses require manual assignment.</para>
|
|
<para>For example, using <literal>203.0.113.0/24</literal> with
|
|
floating IP address range <literal>203.0.113.101</literal> to
|
|
<literal>203.0.113.200</literal>:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron subnet-create ext-net --name ext-subnet \
|
|
--allocation-pool start=203.0.113.101,end=203.0.113.200 \
|
|
--disable-dhcp --gateway 203.0.113.1 203.0.113.0/24</userinput>
|
|
<computeroutput>Created a new subnet:
|
|
+-------------------+------------------------------------------------------+
|
|
| Field | Value |
|
|
+-------------------+------------------------------------------------------+
|
|
| allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.200"} |
|
|
| cidr | 203.0.113.0/24 |
|
|
| dns_nameservers | |
|
|
| enable_dhcp | False |
|
|
| gateway_ip | 203.0.113.1 |
|
|
| host_routes | |
|
|
| id | 9159f0dc-2b63-41cf-bd7a-289309da1391 |
|
|
| ip_version | 4 |
|
|
| ipv6_address_mode | |
|
|
| ipv6_ra_mode | |
|
|
| name | ext-subnet |
|
|
| network_id | 893aebb9-1c1e-48be-8908-6b947f3237b3 |
|
|
| tenant_id | 54cd044c64d5408b83f843d63624e0d8 |
|
|
+-------------------+------------------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="neutron_initial-tenant-network">
|
|
<title>Tenant network</title>
|
|
<para>The tenant network provides internal network access for instances.
|
|
The architecture isolates this type of network from other tenants. The
|
|
<literal>demo</literal> tenant owns this network because it only
|
|
provides network access for instances within it.</para>
|
|
<note>
|
|
<para>Perform these commands on the controller node.</para>
|
|
</note>
|
|
<procedure>
|
|
<title>To create the tenant network</title>
|
|
<step>
|
|
<para>Source the <literal>demo</literal> credentials to gain access to
|
|
user-only CLI commands:</para>
|
|
<screen><prompt>$</prompt> <userinput>source demo-openrc.sh</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Create the network:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron net-create demo-net</userinput>
|
|
<computeroutput>Created a new network:
|
|
+----------------+--------------------------------------+
|
|
| Field | Value |
|
|
+----------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| id | ac108952-6096-4243-adf4-bb6615b3de28 |
|
|
| name | demo-net |
|
|
| shared | False |
|
|
| status | ACTIVE |
|
|
| subnets | |
|
|
| tenant_id | cdef0071a0194d19ac6bb63802dc9bae |
|
|
+----------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>Like the external network, your tenant network also requires
|
|
a subnet attached to it. You can specify any valid subnet because the
|
|
architecture isolates tenant networks. By default, this subnet will
|
|
use DHCP so your instances can obtain IP addresses.</para>
|
|
<procedure>
|
|
<title>To create a subnet on the tenant network</title>
|
|
<step>
|
|
<para>Create the subnet:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron subnet-create demo-net --name demo-subnet \
|
|
--gateway <replaceable>TENANT_NETWORK_GATEWAY</replaceable> <replaceable>TENANT_NETWORK_CIDR</replaceable></userinput></screen>
|
|
<para>Replace <replaceable>TENANT_NETWORK_CIDR</replaceable> with the
|
|
subnet you want to associate with the tenant network and
|
|
<replaceable>TENANT_NETWORK_GATEWAY</replaceable> with the gateway
|
|
you want to associate with it, typically the ".1" IP address.</para>
|
|
<para>Example using <literal>192.168.1.0/24</literal>:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron subnet-create demo-net --name demo-subnet \
|
|
--gateway 192.168.1.1 192.168.1.0/24</userinput>
|
|
<computeroutput>Created a new subnet:
|
|
+-------------------+------------------------------------------------------+
|
|
| Field | Value |
|
|
+-------------------+------------------------------------------------------+
|
|
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
|
|
| cidr | 192.168.1.0/24 |
|
|
| dns_nameservers | |
|
|
| enable_dhcp | True |
|
|
| gateway_ip | 192.168.1.1 |
|
|
| host_routes | |
|
|
| id | 69d38773-794a-4e49-b887-6de6734e792d |
|
|
| ip_version | 4 |
|
|
| ipv6_address_mode | |
|
|
| ipv6_ra_mode | |
|
|
| name | demo-subnet |
|
|
| network_id | ac108952-6096-4243-adf4-bb6615b3de28 |
|
|
| tenant_id | cdef0071a0194d19ac6bb63802dc9bae |
|
|
+-------------------+------------------------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
<para>A virtual router passes network traffic between two or more virtual
|
|
networks. Each router requires one or more
|
|
<glossterm baseform="interface">interfaces</glossterm> and/or gateways
|
|
that provide access to specific networks. In this case, you will create
|
|
a router and attach your tenant and external networks to it.</para>
|
|
<procedure>
|
|
<title>To create a router on the tenant network and attach the external
|
|
and tenant networks to it</title>
|
|
<step>
|
|
<para>Create the router:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron router-create demo-router</userinput>
|
|
<computeroutput>Created a new router:
|
|
+-----------------------+--------------------------------------+
|
|
| Field | Value |
|
|
+-----------------------+--------------------------------------+
|
|
| admin_state_up | True |
|
|
| external_gateway_info | |
|
|
| id | 635660ae-a254-4feb-8993-295aa9ec6418 |
|
|
| name | demo-router |
|
|
| status | ACTIVE |
|
|
| tenant_id | cdef0071a0194d19ac6bb63802dc9bae |
|
|
+-----------------------+--------------------------------------+</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Attach the router to the <literal>demo</literal> tenant
|
|
subnet:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron router-interface-add demo-router demo-subnet</userinput>
|
|
<computeroutput>Added interface b1a894fd-aee8-475c-9262-4342afdc1b58 to router demo-router.</computeroutput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Attach the router to the external network by setting it as
|
|
the gateway:</para>
|
|
<screen><prompt>$</prompt> <userinput>neutron router-gateway-set demo-router ext-net</userinput>
|
|
<computeroutput>Set gateway for router demo-router</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
<section xml:id="neutron_initial-networks-verify">
|
|
<title>Verify connectivity</title>
|
|
<para>We recommend that you verify network connectivity and resolve any
|
|
issues before proceeding further. Following the external network
|
|
subnet example using <literal>203.0.113.0/24</literal>, the tenant
|
|
router gateway should occupy the lowest IP address in the floating
|
|
IP address range, <literal>203.0.113.101</literal>. If you configured
|
|
your external physical network and virtual networks correctly, you
|
|
should be able to <command>ping</command> this IP address from any
|
|
host on your external physical network.</para>
|
|
<note>
|
|
<para>If you are building your OpenStack nodes as virtual machines,
|
|
you must configure the hypervisor to permit promiscuous mode on the
|
|
external network.</para>
|
|
</note>
|
|
<procedure>
|
|
<title>To verify network connectivity</title>
|
|
<step>
|
|
<para>Ping the tenant router gateway:</para>
|
|
<screen><prompt>$</prompt> <userinput>ping -c 4 203.0.113.101</userinput>
|
|
<computeroutput>PING 203.0.113.101 (203.0.113.101) 56(84) bytes of data.
|
|
64 bytes from 203.0.113.101: icmp_req=1 ttl=64 time=0.619 ms
|
|
64 bytes from 203.0.113.101: icmp_req=2 ttl=64 time=0.189 ms
|
|
64 bytes from 203.0.113.101: icmp_req=3 ttl=64 time=0.165 ms
|
|
64 bytes from 203.0.113.101: icmp_req=4 ttl=64 time=0.216 ms
|
|
|
|
--- 203.0.113.101 ping statistics ---
|
|
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
|
|
rtt min/avg/max/mdev = 0.165/0.297/0.619/0.187 ms</computeroutput></screen>
|
|
</step>
|
|
</procedure>
|
|
</section>
|
|
</section>
|