daz 22c4a92f4e [install-guide] Updates for Ocata

Updated command line outputs and configuration file snippets
for Ocata

Change-Id: I9b9079a1aff5521abd60f36aae3d03131a2960c0

2017-02-10 13:36:04 +11:00

8.1 KiB

Raw Blame History

Networking Option 1: Provider networks

Install and configure the Networking components on the controller node.

Install the components

ubuntu

# apt install neutron-server neutron-plugin-ml2 \
  neutron-linuxbridge-agent neutron-dhcp-agent \
  neutron-metadata-agent

debian

# apt install neutron-server neutron-linuxbridge-agent \
  neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent

rdo

# yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

obs

# zypper install --no-recommends openstack-neutron \
  openstack-neutron-server openstack-neutron-linuxbridge-agent \
  openstack-neutron-dhcp-agent openstack-neutron-metadata-agent \
  bridge-utils

Configure the server component

The Networking server component configuration includes the database, authentication mechanism, message queue, topology change notifications, and plug-in.

Edit the /etc/neutron/neutron.conf file and complete the following actions:
- In the [database] section, configure database access:
```
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
```
  Replace NEUTRON_DBPASS with the password you chose for the database.
  
  Note
  
  Comment out or remove any other connection options in the [database] section.
- In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in and disable additional plug-ins:
```
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
```
- In the [DEFAULT] section, configure RabbitMQ message queue access:
```
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
```
  Replace RABBIT_PASS with the password you chose for the openstack account in RabbitMQ.
- In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:
```
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
```
  Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.
  
  Note
  
  Comment out or remove any other options in the [keystone_authtoken] section.
- In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:
```
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
# ...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
```
  Replace NOVA_PASS with the password you chose for the nova user in the Identity service.
rdo
- In the [oslo_concurrency] section, configure the lock path:
```
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
```

Configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Linux bridge mechanism to build layer-2 (bridging and switching) virtual networking infrastructure for instances.

Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and complete the following actions:
- In the [ml2] section, enable flat and VLAN networks:
```
[ml2]
# ...
type_drivers = flat,vlan
```
- In the [ml2] section, disable self-service networks:
```
[ml2]
# ...
tenant_network_types =
```
- In the [ml2] section, enable the Linux bridge mechanism:
```
[ml2]
# ...
mechanism_drivers = linuxbridge
```
  Warning
  
  After you configure the ML2 plug-in, removing values in the type_drivers option can lead to database inconsistency.
- In the [ml2] section, enable the port security extension driver:
```
[ml2]
# ...
extension_drivers = port_security
```
- In the [ml2_type_flat] section, configure the provider virtual network as a flat network:
```
[ml2_type_flat]
# ...
flat_networks = provider
```
- In the [securitygroup] section, enable ipset to increase efficiency of security group rules:
```
[securitygroup]
# ...
enable_ipset = true
```

Configure the Linux bridge agent

The Linux bridge agent builds layer-2 (bridging and switching) virtual networking infrastructure for instances and handles security groups.

Edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file and complete the following actions:
- In the [linux_bridge] section, map the provider virtual network to the provider physical network interface:
```
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
```
  Replace PROVIDER_INTERFACE_NAME with the name of the underlying provider physical network interface. See environment-networking for more information.
- In the [vxlan] section, disable VXLAN overlay networks:
```
[vxlan]
enable_vxlan = false
```
- In the [securitygroup] section, enable security groups and configure the Linux bridge iptables firewall driver:
```
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
```

Configure the DHCP agent

The DHCP agent provides DHCP services for virtual networks.

Edit the /etc/neutron/dhcp_agent.ini file and complete the following actions:
- In the [DEFAULT] section, configure the Linux bridge interface driver, Dnsmasq DHCP driver, and enable isolated metadata so instances on provider networks can access metadata over the network:
```
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
```

Return to Networking controller node configuration <neutron-controller-metadata-agent>.

8.1 KiB Raw Blame History