openstack
/
openstack-manuals
Code Issues Proposed changes

Restructured and updated Neutron compute section 

As part of the installation guide improvement project, I performed
the following operations on the Neutron compute section:

1) Removed modularity since we will only support the ML2 plug-in
   for Icehouse.
2) Added some <procedure> tags to separate content. Future patches
   will add descriptions of each procedure.
3) Unified indentation and spacing.
4) Removed database configuration steps since Icehouse uses AMQP on
   compute nodes.
5) Removed *.ini configuration steps since Icehouse doesn't require
   editing *.ini files.
6) Moved 'auth_uri' key under [keystone_authtoken] section in
   neutron.conf.
7) Removed defunct 'auth_url' key.

This section should continue to work for installations using the Open
vSwitch plug-in for Neutron. Future patches will update the content
to use ML2.

Change-Id: I2c6207b26a8f85078ac680110d3d3244e8affd75
Partial-Bug: #1291071
Implements: blueprint networking-install-guide-improvements
This commit is contained in:
Matt Kassawara 2014-03-13 10:21:04 -06:00
parent 819c44db64
commit 70c905f6a8
2 changed files with 240 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

522
doc/install-guide/section_neutron-compute-node.xml
View File

@ -5,28 +5,29 @@
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:html="http://www.w3.org/1999/xhtml" version="5.0">
<title>Configure compute node with neutron services</title>
<title>Configure compute node</title>
<note>
<para>This section details set up for any node that runs the
<literal>nova-compute</literal> component but does not run
<literal>nova-compute</literal> component but does not run
the full network stack.</para>
</note>
<warning os="rhel;centos">
<para>By default, the <literal>system-config-firewall</literal> automated
firewall configuration tool is in place on RHEL. This graphical interface
(and a curses-style interface with <literal>-tui</literal> on the end of
the name) enables you to configure IP tables as a basic firewall. You
should disable it when you work with OpenStack Networking unless you are
familiar with the underlying network technologies, as, by default, it
blocks various types of network traffic that are important to neutron
services. To disable it, launch the program and clear the
<guilabel>Enabled</guilabel> check box.</para>
<para>By default, the <literal>system-config-firewall</literal> automated
firewall configuration tool is in place on RHEL. This graphical interface
(and a curses-style interface with <literal>-tui</literal> on the end of
the name) enables you to configure IP tables as a basic firewall. You
should disable it when you work with OpenStack Networking unless you are
familiar with the underlying network technologies, as, by default, it
blocks various types of network traffic that are important to neutron
services. To disable it, launch the program and clear the
<guilabel>Enabled</guilabel> check box.</para>
<para>After you successfully set up OpenStack Networking with Neutron, you
can re-enable and configure the tool. However, during OpenStack
Networking setup, disable the tool to make it easier to debug network
issues.</para>
</warning>
<procedure>
<title>Prerequisites</title>
<step>
<para>Disable packet destination filtering (route
verification) to let the networking services route traffic
@ -37,144 +38,216 @@
net.ipv4.conf.default.rp_filter=0</programlisting>
<screen><prompt>#</prompt> <userinput>sysctl -p</userinput></screen>
</step>
</procedure>
<procedure>
<title>Install Open vSwitch plug-in</title>
<para>OpenStack Networking supports a variety of plug-ins. For
simplicity, we chose to cover the most common plug-in, Open
vSwitch, and configure it to use basic GRE tunnels for tenant
network traffic.</para>
<step>
<para>Install and configure your networking plug-in
components. To install and configure the network plug-in
that you chose when you set up your network node, see <xref
linkend="install-neutron.install-plugin-compute"/>.</para>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Configure Networking to use <systemitem class="service">keystone</systemitem> for authentication:</para>
<substeps>
<step>
<para>Set the <literal>auth_strategy</literal>
configuration key to <literal>keystone</literal> in the
<literal>DEFAULT</literal> section of the file:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
</step>
<step>
<para>Set the <systemitem class="service">neutron</systemitem> configuration for
<systemitem class="service">keystone</systemitem> authentication:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_url http://<replaceable>controller</replaceable>:35357/v2.0</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_tenant_name service</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_user neutron</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
</step></substeps>
</step>
<step os="opensuse;sles">
<para>Configure access to the <application>RabbitMQ</application> service:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_host controller</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_userid guest</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
</step>
<step os="rhel;centos;fedora">
<para>Configure access to the <application>Qpid</application> message queue:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rpc_backend neutron.openstack.common.rpc.impl_qpid</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_hostname <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_port 5672</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_username <replaceable>guest</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_password <replaceable>guest</replaceable></userinput></screen>
<para>Install the Open vSwitch plug-in and its
dependencies:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
</step>
<step os="ubuntu;debian">
<para>Configure the core components of Neutron. Edit the
<filename>/etc/neutron/neutron.conf</filename>
<para>Restart Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse;sles">
<para>Start Open vSwitch and configure it to start when
the system boots:</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>You must set some common configuration options no
matter which networking technology you choose to use
with Open vSwitch. You must add the
<literal>br-int</literal> integration bridge, which
connects to the VMs.</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>You must set some common configuration options. You
must configure Networking core to use
<acronym>OVS</acronym>. Edit the
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini">auth_host = <replaceable>controller</replaceable>
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable>
auth_url = http://controller:35357/v2.0
auth_strategy = keystone
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_port = 5672
# Change the following settings if you're not using the default RabbitMQ configuration
#rabbit_userid = guest
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<programlisting language="ini" os="ubuntu;opensuse;sles">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
<programlisting language="ini" os="rhel;centos;fedora">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
</step>
<step os="rhel;centos;fedora">
<para>Set the <literal>root_helper</literal> configuration in the
<literal>[agent]</literal> section of <filename>/etc/neutron/neutron.conf</filename>:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf AGENT \
root_helper "sudo neutron-rootwrap /etc/neutron/rootwrap.conf"</userinput></screen>
<step>
<para>You must configure a firewall as well. You should
use the same firewall plug-in that you chose to use when
you set up the network node. To do this, edit
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and set the <literal>firewall_driver</literal>
value under the <literal>securitygroup</literal> to the
same value used on the network node. For instance, if
you chose to use the Hybrid OVS-IPTables plug-in, your
configuration looks like this:</para>
<programlisting language="ini">[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
<warning>
<para>You must use at least the No-Op firewall.
Otherwise, Horizon and other OpenStack services cannot
get and set required VM boot options.</para>
</warning>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Configure Networking to connect to the database:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf database connection \
mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@controller/neutron</userinput></screen>
<step os="rhel;centos;fedora;sles;opensuse">
<para>Configure the <acronym>OVS</acronym> plug-in to start
on boot.</para>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
</step>
<step>
<para>Tell the <acronym>OVS</acronym> plug-in to use GRE
tunneling with a <literal>br-int</literal> integration
bridge, a <literal>br-tun</literal> tunneling bridge,
and a local IP for the tunnel of
<replaceable>DATA_INTERFACE</replaceable>'s IP Edit
the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
...
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = <replaceable>DATA_INTERFACE_IP</replaceable></programlisting>
</step>
</procedure>
<procedure os="rhel;centos;fedora;sles;opensuse;ubuntu">
<title>Configure common components</title>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Configure Networking to use <systemitem class="service">keystone</systemitem> for authentication:</para>
<substeps>
<step>
<para>Set the <literal>auth_strategy</literal>
configuration key to <literal>keystone</literal> in the
<literal>[DEFAULT]</literal> section of the file:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone</userinput></screen>
</step>
<step>
<para>Set the <systemitem class="service">neutron</systemitem>
configuration for
<systemitem class="service">keystone</systemitem>
authentication:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_uri http://<replaceable>controller</replaceable>:5000</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_protocol http</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_port 35357</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_tenant_name service</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_user neutron</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
</step>
</substeps>
</step>
<step os="ubuntu">
<para>Configure Networking to connect to the database. Edit
the <literal>[database]</literal> section in the same file,
as follows:</para>
<programlisting language="ini">[database]
connection = mysql://neutron:<replaceable>NEUTRON_DBPASS</replaceable>@<replaceable>controller</replaceable>/neutron</programlisting>
</step>
<step os="ubuntu;debian">
<para>Edit the <filename>/etc/neutron/api-paste.ini</filename>
file and add these lines to the
<literal>[filter:authtoken]</literal> section:</para>
<programlisting language="ini">[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
<para>To configure <systemitem class="service">neutron</systemitem>
to use <systemitem class="service">keystone</systemitem>
for authentication, edit the
<filename>/etc/neutron/neutron.conf</filename> file.</para>
<substeps>
<step>
<para>Set the <literal>auth_strategy</literal>
configuration key to <literal>keystone</literal> in the
<literal>[DEFAULT]</literal> section of the file:</para>
<programlisting language="ini">[DEFAULT]
...
auth_strategy = keystone</programlisting>
</step>
<step>
<para>Add these lines to the
<literal>[keystone_authtoken]</literal> section of the
file:</para>
<programlisting language="ini">[keystone_authtoken]
...
auth_uri = http://<replaceable>controller</replaceable>:5000
auth_host = <replaceable>controller</replaceable>
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = <replaceable>NEUTRON_PASS</replaceable></programlisting>
</step>
</substeps>
</step>
<step os="rhel;centos;fedora;opensuse;sles">
<para>Configure the <filename>/etc/neutron/api-paste.ini</filename> file for <systemitem class="service">keystone</systemitem>
authentication:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \
paste.filter_factory keystoneclient.middleware.auth_token:filter_factory</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \
auth_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \
admin_tenant_name service</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \
admin_user neutron</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/api-paste.ini filter:authtoken \
admin_password <replaceable>NEUTRON_PASS</replaceable></userinput></screen>
<step os="opensuse;sles">
<para>Configure access to the <application>RabbitMQ</application> service:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rpc_backend neutron.openstack.common.rpc.impl_kombu</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_host <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_userid guest</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_password <replaceable>RABBIT_PASS</replaceable></userinput></screen>
</step>
<step os="ubuntu">
<para>Configure the <application>RabbitMQ</application> access.
Edit the <filename>/etc/neutron/neutron.conf</filename> file
to modify the following parameters in the
<literal>[DEFAULT]</literal> section.</para>
<programlisting language="ini">rabbit_host = <replaceable>controller</replaceable>
rabbit_userid = guest
rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
</step>
<step os="rhel;centos;fedora">
<para>Configure access to the <application>Qpid</application> message queue:</para>
<screen><prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rpc_backend neutron.openstack.common.rpc.impl_qpid</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_hostname <replaceable>controller</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_port 5672</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_username <replaceable>guest</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_password <replaceable>guest</replaceable></userinput></screen>
</step>
</procedure>
<procedure>
<title>Configure Compute services for Networking</title>
<step>
<para os="rhel;centos;fedora;opensuse;sles">Configure OpenStack Compute to use OpenStack Networking
<para os="rhel;centos;fedora;opensuse;sles">Configure OpenStack Compute to use OpenStack Networking
services. Configure the <filename>/etc/nova/nova.conf</filename>
file as per instructions below:</para>
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
network_api_class nova.network.neutronv2.api.API</userinput>
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
network_api_class nova.network.neutronv2.api.API</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_url http://<replaceable>controller</replaceable>:9696</userinput>
neutron_url http://<replaceable>controller</replaceable>:9696</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_auth_strategy keystone</userinput>
neutron_auth_strategy keystone</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_tenant_name service</userinput>
neutron_admin_tenant_name service</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_username neutron</userinput>
neutron_admin_username neutron</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
neutron_admin_password <replaceable>NEUTRON_PASS</replaceable></userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_auth_url http://<replaceable>controller</replaceable>:35357/v2.0</userinput>
neutron_admin_auth_url http://<replaceable>controller</replaceable>:35357/v2.0</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver</userinput>
linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
firewall_driver nova.virt.firewall.NoopFirewallDriver</userinput>
firewall_driver nova.virt.firewall.NoopFirewallDriver</userinput>
<prompt>#</prompt> <userinput>openstack-config --set /etc/nova/nova.conf DEFAULT \
security_group_api neutron</userinput></screen>
security_group_api neutron</userinput></screen>
<para os="ubuntu;debian">Configure OpenStack Compute to use OpenStack Networking
services. Edit the <filename>/etc/nova/nova.conf</filename>
file:</para>
@ -195,7 +268,7 @@ security_group_api=neutron</programlisting>
configured the network and compute nodes, you must
edit the <filename>/etc/nova/nova.conf</filename> file
to set the firewall driver to
<literal>nova.virt.firewall.NoopFirewallDriver</literal>.
<literal>nova.virt.firewall.NoopFirewallDriver</literal>.
Because OpenStack Networking handles the firewall,
this statement instructs Compute to not use a
firewall.</para>
@ -203,188 +276,73 @@ security_group_api=neutron</programlisting>
<listitem>
<para>If you want Networking to handle the firewall,
edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file to set the <code>firewall_driver</code> option to
the firewall for the plug-in. For example, with
<acronym>OVS</acronym>, edit the file as
<acronym>OVS</acronym>, edit the file as
follows:</para>
<programlisting language="ini" os="ubuntu;debian">[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
<screen os="rhel;centos;fedora;opensuse;sles"><prompt>#</prompt> <userinput>openstack-config --set \
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini securitygroup firewall_driver \
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</userinput></screen>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini securitygroup firewall_driver \
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</userinput></screen>
</listitem>
<listitem>
<para>If you do not want to use a firewall in Compute or
Networking, edit both configuration files and set
<code>firewall_driver=nova.virt.firewall.NoopFirewallDriver</code>.
<code>firewall_driver=nova.virt.firewall.NoopFirewallDriver</code>.
Also, edit the
<filename>/etc/nova/nova.conf</filename> file and
<filename>/etc/nova/nova.conf</filename> file and
comment out or remove the
<code>security_group_api=neutron</code>
<code>security_group_api=neutron</code>
statement.</para>
<para>Otherwise, when you issue <command>nova
list</command> commands, the <errortext>ERROR: The
server has either erred or is incapable of
performing the requested operation. (HTTP
500)</errortext> error might be returned.</para>
list</command> commands, the <errortext>ERROR: The
server has either erred or is incapable of
performing the requested operation. (HTTP
500)</errortext> error might be returned.</para>
</listitem>
</itemizedlist>
</note>
</step>
</procedure>
<procedure>
<title>Finalize installation</title>
<step os="rhel;centos;fedora">
<para>The <systemitem class="service">neutron-server</systemitem>
initialization script expects a symbolic link
<filename>/etc/neutron/plugin.ini</filename> pointing to the
configuration file associated with your chosen plug-in. Using
Open vSwitch, for example, the symbolic link must point to
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>.
If this symbolic link does not exist, create it using the
following commands:</para>
<screen><prompt>#</prompt> <userinput>cd /etc/neutron</userinput>
<prompt>#</prompt> <userinput>ln -s plugins/openvswitch/ovs_neutron_plugin.ini plugin.ini</userinput></screen>
</step>
<step os="sles;opensuse">
<para>The <systemitem class="service">openstack-neutron</systemitem>
initialization script expects the variable
<literal>NEUTRON_PLUGIN_CONF</literal> in file
<filename>/etc/sysconfig/neutron</filename> to reference the
configuration file associated with your chosen plug-in. Using
Open vSwitch, for example, edit the
<filename>/etc/sysconfig/neutron</filename> file and add the
following:</para>
<programlisting>NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"</programlisting>
</step>
<step>
<para>Restart Networking services.</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput></screen>
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput></screen>
</step>
<step>
<para>Restart the Compute service.</para>
<screen os="debian;ubuntu"><prompt>#</prompt> <userinput>service nova-compute restart</userinput></screen>
<screen os="centos;rhel;fedora"><prompt>#</prompt> <userinput>service openstack-nova-compute restart</userinput></screen>
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-nova-compute restart</userinput></screen>
<para>Also restart your chosen Networking plug-in agent, for example, Open vSwitch.</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>service neutron-openvswitch-agent restart</userinput></screen>
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>service openstack-neutron-openvswitch-agent restart</userinput></screen>
</step>
</procedure>
<section xml:id="install-neutron.install-plugin-compute">
<title>Install and configure OpenStack Networking plug-ins on a dedicated
compute node</title>
<section xml:id="install-neutron.install-plugin-compute.ovs">
<title>Install the Open vSwitch (OVS) plug-in on a dedicated
compute node</title>
<procedure>
<step>
<para>Install the Open vSwitch plug-in and its
dependencies:</para>
<screen os="ubuntu;debian"><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent openvswitch-datapath-dkms</userinput></screen>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>yum install openstack-neutron-openvswitch</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-neutron-openvswitch-agent</userinput></screen>
</step>
<step os="ubuntu;debian">
<para>Restart Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>service openvswitch-switch restart</userinput></screen>
</step>
<step os="rhel;fedora;centos;opensuse;sles">
<para>Start Open vSwitch and configure it to start when
the system boots:</para>
<screen os="rhel;fedora;centos"><prompt>#</prompt> <userinput>service openvswitch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch on</userinput></screen>
<screen os="opensuse;sles"><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput>
<prompt>#</prompt> <userinput>chkconfig openvswitch-switch on</userinput></screen>
</step>
<step>
<para>You must set some common configuration options no
matter which networking technology you choose to use
with Open vSwitch. You must add the
<literal>br-int</literal> integration bridge, which
connects to the VMs.</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step os="rhel;centos;fedora;opensuse;sles;ubuntu">
<para>You must set some common configuration options. You
must configure Networking core to use
<acronym>OVS</acronym>. Edit the
<filename>/etc/neutron/neutron.conf</filename>
file:</para>
<programlisting language="ini" os="ubuntu;opensuse;sles">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</programlisting>
<programlisting language="ini">auth_uri = http://<replaceable>controller</replaceable>:5000</programlisting>
<programlisting language="ini" os="rhel;centos;fedora">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
api_paste_config = /etc/neutron/api-paste.ini
rpc_backend = neutron.openstack.common.rpc.impl_qpid</programlisting>
</step>
<step>
<para>Configure the networking type that you chose when
you set up the network node: either <link
linkend="install-neutron.install-plugin-compute.ovs.gre"
>GRE tunneling</link> or <link
linkend="install-neutron.install-plugin-compute.ovs.vlan"
>VLANs</link>.</para>
</step>
<!-- TODO(sross): support provider networks? you need to modify things above for this to work -->
<step>
<para>You must configure a firewall as well. You should
use the same firewall plug-in that you chose to use when
you set up the network node. To do this, edit
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file and set the <literal>firewall_driver</literal>
value under the <literal>securitygroup</literal> to the
same value used on the network node. For instance, if
you chose to use the Hybrid OVS-IPTables plug-in, your
configuration looks like this:</para>
<programlisting language="ini">[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</programlisting>
<warning>
<para>You must use at least the No-Op firewall.
Otherwise, Horizon and other OpenStack services cannot
get and set required VM boot options.</para>
</warning>
</step>
<step os="rhel;centos;fedora;sles;opensuse">
<para>Configure the <acronym>OVS</acronym> plug-in to start
on boot.</para>
<screen os="rhel;centos;fedora"><prompt>#</prompt> <userinput>chkconfig neutron-openvswitch-agent on</userinput></screen>
<screen os="sles;opensuse"><prompt>#</prompt> <userinput>chkconfig openstack-neutron-openvswitch-agent on</userinput></screen>
</step>
<step>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
<section
xml:id="install-neutron.install-plugin-compute.ovs.gre">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for GRE tunneling on a dedicated compute node</title>
<procedure>
<step>
<para>Tell the <acronym>OVS</acronym> plug-in to use GRE
tunneling with a <literal>br-int</literal> integration
bridge, a <literal>br-tun</literal> tunneling bridge,
and a local IP for the tunnel of
<replaceable>DATA_INTERFACE</replaceable>'s IP Edit
the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = <replaceable>DATA_INTERFACE_IP</replaceable></programlisting>
</step>
<step>
<para>Now, return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
<section
xml:id="install-neutron.install-plugin-compute.ovs.vlan">
<title>Configure the Neutron <acronym>OVS</acronym> plug-in
for VLANs on a dedicated compute node</title>
<procedure>
<step>
<para>Tell <acronym>OVS</acronym> to use VLANs. Edit the
<filename>/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
file:</para>
<programlisting language="ini">[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-<replaceable>DATA_INTERFACE</replaceable></programlisting>
</step>
<step>
<para>Create the bridge for the
<replaceable>DATA_INTERFACE</replaceable> and add
<replaceable>DATA_INTERFACE</replaceable> to it, the
same way you did on the network node:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-DATA_INTERFACE</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-DATA_INTERFACE DATA_INTERFACE</userinput></screen>
</step>
<step>
<para>Return to the general <acronym>OVS</acronym>
instructions.</para>
</step>
</procedure>
</section>
</section>
</section>
</section>

7
doc/install-guide/section_neutron-initial-networks.xml
View File

@ -70,11 +70,6 @@
<prompt>#</prompt> <userinput>neutron subnet-create --tenant-id <replaceable>DEMO_TENANT_ID</replaceable> demo-net 10.5.5.0/24 --gateway 10.5.5.1</userinput>
<prompt>#</prompt> <userinput>neutron router-interface-add <replaceable>EXT_TO_INT_ID</replaceable> <replaceable>DEMO_NET_SUBNET_ID</replaceable></userinput></screen>
</step>
<step>
<para>Check the special options page for your plug-in for
remaining steps. Now, return to the general
<acronym>OVS</acronym> instructions.</para>
</step>
</procedure>
<section
xml:id="install-neutron.configure-networks.plug-in-specific">
@ -116,8 +111,6 @@ router_id = <replaceable>EXT_TO_INT_ID</replaceable></programlisting>
increment the segmentation ID and copy the network type
option for any additional networks.</para>
</note>
<para>Now, return to the general <link linkend="install-neutron.install-plugin-compute.ovs"></link><acronym>OVS</acronym>
instructions.</para>
</section>
<section
xml:id="install-neutron.configure-networks.plug-in-specific.ovs.vlan">