openstack/openstack-ansible
Code Issues Proposed changes
Files
ca73998d4f7de5968bc87cd24a98610182f21341
openstack-ansible/doc/source/install-guide/configure-network-services.rst
Kevin Carter ca73998d4f Add option to auto enable from VPNaaS in Horizon 
This change simple provides an option to inspect the neutron_plugin_base
and enable vpnaas within horizon if the option is found.

Depends-On: I2343f91e5ae1664fc8ab9ba1fbc3196b4d92078c
Depends-On: Ie9f89f7d2a942df40841d72c82f3a34315c6bed9
Change-Id: Ie21eaf940f54a0c2175ab3232d84cd3ea7fd8128
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-04-19 10:00:04 +00:00

5.8 KiB
Raw Blame History

Home OpenStack-Ansible Installation Guide

Configuring the Network Services (Optional)

The OpenStack Networking Service, Neutron, includes the following services:
  • Firewall as a Service (FWaaS) allows for the configuration of a firewall that filters traffic from the router.
  • Load Balancer as a Service (LBaaS) allows for the configuration of a load balancer that directs traffic to the specified instances.
  • VPN as a Service (VPNaaS) allows for the configuration of a virtual private network allowing the extension of the private network across a public network.

Firewall Service (Optional)

The following procedure describes how to modify the /etc/openstack_deploy/user_variables.yml file to enable FWaaS.

  1. Override the default list of Neutron plugins to include firewall:

    neutron_plugin_base:
  - firewall
  - ...

  2. The complete neutron_plugin_base, at the time of this writing, is as follows:

    neutron_plugin_base:
   - router
   - firewall
   - lbaas
   - vpnaas
   - metering
   - qos

  3. Execute the Neutron install playbook in order to update the configuration:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml

  4. Execute the Horizon install playbook in order to update the Horizon configuration to show the FWaaS panels:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-horizon-install.yml

The FWaaS default configuration options may be changed through the conf override mechanism using the neutron_neutron_conf_overrides dict.

Load Balancing Service (Optional)

OpenStack-Ansible currently provides the OpenStack Neutron LBaaS service using HAProxy as the load balancer. LBaaS has two implementations available: v1 and v2.

Both implementations use agents that manage HAProxy daemons. However, LBaaS v1 has a limitation of one port per load balancer. LBaaS v2 allows for multiple ports (called listeners) per load balancer.

Note

Horizon panels for LBaaS v2 are not yet available.

Deploying LBaaS v1

Note

LBaaS v1 was deprecated during the Liberty release and is not recommended for new deployments.

  1. Start by adding the LBaaS v1 plugin to the neutron_plugin_base variable within /etc/openstack_deploy/user_variables.yml.

    neutron_plugin_base:
  - router
  - metering
  - lbaas

    Ensure that neutron_plugin_base includes all of the plugins that you want to deploy with Neutron in addition to the LBaaS plugin.

  2. Run the Neutron and Horizon playbooks to deploy the LBaaS v1 agent and enable the LBaaS panels in Horizon.

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml
# openstack-ansible os-horizon-install.yml

Deploying LBaaS v2

  1. Start by adding the LBaaS v2 plugin to the neutron_plugin_base variable within /etc/openstack_deploy/user_variables.yml.

    neutron_plugin_base:
  - router
  - metering
  - lbaasv2

    Ensure that neutron_plugin_base includes all of the plugins that you want to deploy with Neutron in addition to the LBaaS plugin.

  2. Run the Neutron playbook to deploy the LBaaS v2 agent:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml

Special notes about LBaaS

The LBaaS default configuration options may be changed through the conf override mechanism using the neutron_lbaas_agent_ini_overrides dict.

LBaaS v1 and v2 agents cannot run at the same time. If a deployer switches from LBaaS v1 to v2, the v2 agent will be the only agent running. The LBaaS v1 agent will be stopped along with any load balancers provisioned under the v1 agent. The same is true if a deployer chooses to move from LBaaS v2 to v1.

Load balancers are not migrated between LBaaS v1 and v2 automatically. Each implementation has different code paths and database tables. Deployers will need to manually delete load balancers, pools, and members before switching LBaaS versions. Those objects will need to be re-created afterwards.

Virtual Private Network Service (Optional)

The following procedure describes how to modify the /etc/openstack_deploy/user_variables.yml file to enable VPNaaS.

  1. Override the default list of Neutron plugins to include vpnaas:

    neutron_plugin_base:
  - router
  - metering

  2. The complete neutron_plugin_base, at the time of this writing, is as follows:

    neutron_plugin_base:
   - router
   - metering
   - vpnaas

  3. Execute the Neutron install playbook in order to update the configuration:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml

  4. Execute the Horizon install playbook in order to update the Horizon configuration to show the VPNaaS panels:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-horizon-install.yml

The VPNaaS default configuration options may be changed through the conf override mechanism using the neutron_neutron_conf_overrides dict.