openstack/openstack-manuals
Code Issues Proposed changes
c3e234f2f2
openstack-manuals/doc/install-guide/section_networking-provider-router-with-private_networks.xml
Andreas Jaeger fac23cb047 Fix whitespace problems 
Since we have now a niceness gate, let's remove the known failures.

Change-Id: I01684aee61e18e76f6523a466e28b8252e577f6f
2013-10-08 15:18:31 +02:00

530 lines
28 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
xml:id="section_networking-provider-router_with-provate-networks">
<title>Provider Router with Private Networks</title>
<para>This section describes how to install the OpenStack
Networking service and its components for the "<link
linkend="section_use-cases-single-router">Use Case:
Provider Router with Private Networks.</link></para>
<para>We will follow the <link
xlink:href="http://docs.openstack.org/grizzly/basic-install/content/basic-install_intro.html"
><citetitle>Basic Install Guide</citetitle></link> except for the Neutron,
Open-vSwitch, and Virtual Networking sections on each of the
nodes.</para>
<para>The <citetitle>Basic Install Guide</citetitle> document
uses gre tunnels. This document describes how to use vlans for
separation instead.</para>
<para>The following figure shows the setup:</para>
<note>
<para>Because you run the DHCP agent and L3 agent on one node, you must set
<literal>use_namespaces</literal> to <literal>True</literal> (which is the default)
in both agents' configuration files.</para>
</note>
<informalfigure>
<mediaobject>
<imageobject>
<imagedata
fileref="../common/figures/Neutron-PhysNet-Diagram.png"
contentwidth="6in"/>
</imageobject>
</mediaobject>
</informalfigure>
<para>The following nodes are in the setup:<table rules="all">
<caption>Nodes for Demo</caption>
<thead>
<tr>
<th>Node</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><para>Controller</para></td>
<td><para>Runs the OpenStack Networking service,
OpenStack Identity and all of the
OpenStack Compute services that are
required to deploy a VM.</para>
<para>The service must have at least two
network interfaces. The first should be
connected to the "Management Network" to
communicate with the compute and network
nodes. The second interface should be
connected to the API/public
network.</para></td>
</tr>
<tr>
<td><para>Compute</para></td>
<td><para>Runs OpenStack Compute and the OpenStack
Networking L2 agent.</para>
<para>This node will not have access the
public network.</para>
<para>The node must have at least two network
interfaces. The first is used to
communicate with the controller node,
through the management network. The VM
will receive its IP address from the DHCP
agent on this network.</para></td>
</tr>
<tr>
<td><para>Network</para></td>
<td><para>Runs OpenStack Networking L2 agent, DHCP
agent, and L3 agent.</para>
<para>This node will have access to the public
network. The DHCP agent will allocate IP
addresses to the VMs on the network. The
L3 agent will perform NAT and enable the
VMs to access the public network.</para>
<para>The node must have at least three
network interfaces. The first communicates
with the controller node through the
management network. The second interface
is used for the VM traffic and is on the
data network. The third interface connects
to the external gateway on the network.
</para></td>
</tr>
</tbody>
</table></para>
<section xml:id="demo_installions">
<title>Installations</title>
<section xml:id="controller-install-neutron-server">
<title>Controller</title>
<procedure>
<title>To install and configure the controller
node</title>
<step>
<para>Run the following command:</para>
<screen><prompt>#</prompt> <userinput>apt-get install neutron-server</userinput></screen>
</step>
<step>
<para>Configure Neutron services:</para>
<itemizedlist>
<listitem>
<para>Edit file <filename>/etc/neutron/neutron.conf</filename>
and modify:
<programlisting language="bash">core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2
auth_strategy = keystone
fake_rabbit = False
rabbit_password = password</programlisting>
</para>
</listitem>
<listitem>
<para>Edit file <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>
and modify:</para>
<programlisting language="bash">[database]
sql_connection = mysql://neutron:password@localhost:3306/neutron
[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:100:2999</programlisting>
</listitem>
<listitem>
<para>Edit file <filename>
/etc/neutron/api-paste.ini</filename>
and modify:</para>
<programlisting language="bash">admin_tenant_name = service
admin_user = neutron
admin_password = password</programlisting>
</listitem>
</itemizedlist>
</step>
<step>
<para>Start the services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-server restart</userinput></screen>
</step>
</procedure>
</section>
<section
xml:id="network-node-install-plugin-openvswitch-agent">
<title>Network Node</title>
<procedure>
<title>To install and configure the network
node</title>
<step>
<para>Install the packages:</para>
<screen><prompt>#</prompt> <userinput>apt-get install neutron-plugin-openvswitch-agent \
neutron-dhcp-agent neutron-l3-agent</userinput></screen>
</step>
<step>
<para>Start Open vSwitch:</para>
<screen><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen>
</step>
<step>
<para>Add the integration bridge to the Open
vSwitch:</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen>
</step>
<step>
<para>Update the OpenStack Networking
configuration file, <filename>
/etc/neutron/neutron.conf</filename>:</para>
<programlisting language="bash">rabbit_password = password
rabbit_host = 192.168.0.1</programlisting>
</step>
<step>
<para>Update the plugin configuration file,
<filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
</filename>:</para>
<programlisting language="bash">[database]
sql_connection = mysql://neutron:password@192.168.0.1:3306/neutron
[ovs]
tenant_network_type=vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-eth1</programlisting>
</step>
<step>
<para>Create the network bridge <emphasis
role="bold">br-eth1</emphasis> (All VM
communication between the nodes occurs through
eth1):</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-br br-eth1
<prompt>$</prompt> sudo ovs-vsctl add-port br-eth1 eth1</userinput></screen>
</step>
<step>
<para>Create the external network bridge to the
Open vSwitch:</para>
<screen><prompt>$</prompt> <userinput>sudo ovs-vsctl add-br br-ex
<prompt>$</prompt> sudo ovs-vsctl add-port br-ex eth2</userinput></screen>
</step>
<step>
<para>Edit the file <filename>
/etc/neutron/l3_agent.ini</filename>
and modify:</para>
<programlisting language="bash">[DEFAULT]
auth_url = http://192.168.0.1:35357/v2.0
admin_tenant_name = service
admin_user = neutron
admin_password = password
metadata_ip = 192.168.0.1
use_namespaces = True</programlisting>
</step>
<step>
<para>Edit the file <filename>
/etc/neutron/api-paste.ini</filename>
and modify:</para>
<programlisting language="bash">[DEFAULT]
auth_host = 192.168.0.1
admin_tenant_name = service
admin_user = neutron
admin_password = password</programlisting>
</step>
<step>
<para>Edit the file <filename>
/etc/neutron/dhcp_agent.ini</filename>
and modify:</para>
<programlisting language="bash">use_namespaces = True</programlisting>
</step>
<step>
<para>Restart networking services:</para>
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent start
<prompt>#</prompt> service neutron-dhcp-agent restart
<prompt>#</prompt> service neutron-l3-agent restart</userinput></screen>
</step>
</procedure>
</section>
<section xml:id="compute-node-install-openvswitch">
<title>Compute Node</title>
<procedure>
<title>To install and configure the compute node</title>
<step>
<para>Install the
packages:<screen><prompt>#</prompt> <userinput>apt-get install openvswitch-switch neutron-plugin-openvswitch-agent</userinput></screen></para>
</step>
<step>
<para>Start the OpenvSwitch
service:<screen><prompt>#</prompt> <userinput>service openvswitch-switch start</userinput></screen></para>
</step>
<step>
<para>Create the integration
bridge:<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-int</userinput></screen></para>
</step>
<step>
<para>Create the network bridge <emphasis
role="bold">br-eth1</emphasis> (All VM
communication between the nodes occurs through
eth1):</para>
<screen><prompt>#</prompt> <userinput>ovs-vsctl add-br br-eth1</userinput>
<prompt>#</prompt> <userinput>ovs-vsctl add-port br-eth1 eth1</userinput></screen>
</step>
<step>
<para>Update the OpenStack Networking
configuration file <filename>
/etc/neutron/neutron.conf</filename>:</para>
<programlisting language="bash">rabbit_password = password
rabbit_host = 192.168.0.1</programlisting>
</step>
<step>
<para>Update the file <filename>
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini</filename>:</para>
<programlisting language="bash">[database]
sql_connection = mysql://neutron:password@192.168.0.1:3306/neutron
[ovs]
tenant_network_type = vlan
network_vlan_ranges = physnet1:1:4094
bridge_mappings = physnet1:br-eth1</programlisting>
</step>
<step>
<para>Restart the OpenvSwitch Neutron plugin agent:</para>
<screen><prompt>#</prompt> <userinput>service neutron-plugin-openvswitch-agent restart</userinput></screen>
</step>
</procedure>
</section>
</section>
<section xml:id="demo_logical_network_config">
<title>Logical Network Configuration</title>
<para>You can run the commands in the following procedures on
the network node.</para>
<note>
<para>Ensure that the following environment variables are
set. Various clients use these variables to access
OpenStack Identity.</para>
</note>
<para><itemizedlist>
<listitem>
<para>Create a <filename>novarc</filename> file:
<programlisting language="bash">export OS_TENANT_NAME=provider_tenant
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL="http://192.168.0.1:5000/v2.0/"
export SERVICE_ENDPOINT="http://192.168.0.1:35357/v2.0"
export SERVICE_TOKEN=password</programlisting></para>
</listitem>
</itemizedlist>
</para>
<itemizedlist>
<listitem>
<para>Export the
variables:<screen><prompt>$</prompt> <userinput>source novarc echo "source novarc">>.bashrc</userinput></screen>
</para>
</listitem>
</itemizedlist>
<para>The admin user creates a network and subnet on behalf of
tenant_A. A user from tenant_A can also complete these
steps. <procedure>
<title>To configure internal networking</title>
<step>
<para>Get the tenant ID (Used as $TENANT_ID
later).</para>
<screen><prompt>$</prompt> <userinput>keystone tenant-list</userinput>
<computeroutput>+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| 48fb81ab2f6b409bafac8961a594980f | provider_tenant | True |
| cbb574ac1e654a0a992bfc0554237abf | service | True |
| e371436fe2854ed89cca6c33ae7a83cd | invisible_to_admin | True |
| e40fa60181524f9f9ee7aa1038748f08 | tenant_A | True |
+----------------------------------+--------------------+---------+</computeroutput></screen>
</step>
<step>
<para>Create an internal network named <emphasis
role="bold">net1</emphasis> for tenant_A
($TENANT_ID will be
e40fa60181524f9f9ee7aa1038748f08):</para>
<screen><prompt>$</prompt> <userinput>neutron net-create --tenant-id $TENANT_ID net1</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
| name | net1 |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1024 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create a subnet on the network <emphasis
role="bold">net1</emphasis> (ID field
below is used as $SUBNET_ID later):</para>
<screen><prompt>$</prompt> <userinput>neutron subnet-create --tenant-id $TENANT_ID net1 10.5.5.0/24</userinput>
<computeroutput>+------------------+--------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------+
| allocation_pools | {"start": "10.5.5.2", "end": "10.5.5.254"} |
| cidr | 10.5.5.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 10.5.5.1 |
| host_routes | |
| id | c395cb5d-ba03-41ee-8a12-7e792d51a167 |
| ip_version | 4 |
| name | |
| network_id | e99a361c-0af8-4163-9feb-8554d4c37e4f |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+------------------+--------------------------------------------+</computeroutput></screen>
</step>
</procedure></para>
<para>A user with the admin role must complete the following
steps. In this procedure, the user is admin from provider_tenant.<procedure>
<title>To configure the router and external
networking</title>
<step>
<para>Create a router named <emphasis role="bold"
>router1</emphasis> (ID is used as
$ROUTER_ID later):</para>
<screen><prompt>$</prompt> <userinput>neutron router-create router1</userinput>
<computeroutput>+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
| name | router1 |
| status | ACTIVE |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+-----------------------+--------------------------------------+</computeroutput></screen>
<note>
<para>The <parameter>--tenant-id</parameter>
parameter is not specified, so this router
is assigned to the provider_tenant
tenant.</para>
</note>
</step>
<step>
<para>Add an interface to <emphasis role="bold"
>router1</emphasis> and attach it to the
subnet from <emphasis role="bold"
>net1</emphasis>:</para>
<screen><prompt>$</prompt> <userinput>neutron router-interface-add $ROUTER_ID $SUBNET_ID</userinput>
<computeroutput>Added interface to router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
<note>
<para>You can repeat this step to add more
interfaces for other networks that belong
to other tenants.</para>
</note>
</step>
<step>
<para>Create the external network named <emphasis
role="bold">ext_net</emphasis>:</para>
<screen><prompt>$</prompt> <userinput>neutron net-create ext_net --router:external=True</userinput>
<computeroutput>+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| name | ext_net |
| provider:network_type | vlan |
| provider:physical_network | physnet1 |
| provider:segmentation_id | 1 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+---------------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Create the subnet for floating IPs.</para>
<note>
<para>The DHCP service is disabled for this
subnet.</para>
</note>
<screen><prompt>$</prompt> <userinput>neutron subnet-create ext_net \
--allocation-pool start=7.7.7.130,end=7.7.7.150 \
--gateway 7.7.7.1 7.7.7.0/24 --disable-dhcp</userinput>
<computeroutput>+------------------+--------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "7.7.7.130", "end": "7.7.7.150"} |
| cidr | 7.7.7.0/24 |
| dns_nameservers | |
| enable_dhcp | False |
| gateway_ip | 7.7.7.1 |
| host_routes | |
| id | aef60b55-cbff-405d-a81d-406283ac6cff |
| ip_version | 4 |
| name | |
| network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| tenant_id | 48fb81ab2f6b409bafac8961a594980f |
+------------------+--------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Set the router's gateway to be the external
network:</para>
<screen><prompt>$</prompt> <userinput>neutron router-gateway-set $ROUTER_ID $EXTERNAL_NETWORK_ID</userinput>
<computeroutput>Set gateway for router 685f64e7-a020-4fdf-a8ad-e41194ae124b</computeroutput></screen>
</step>
</procedure></para>
<para>A user from tenant_A completes the following steps, so
the credentials in the environment variables are different
than those in the previous procedure. <procedure>
<title>To allocate floating IP addresses</title>
<step>
<para>A floating IP address can be associated with
a VM after it starts. The ID of the port
($PORT_ID) that was allocated for the VM is
required and can be found as follows:</para>
<screen><prompt>$</prompt> <userinput>nova list</userinput>
<computeroutput>+--------------------------------------+--------+--------+---------------+
| ID | Name | Status | Networks |
+--------------------------------------+--------+--------+---------------+
| 1cdc671d-a296-4476-9a75-f9ca1d92fd26 | testvm | ACTIVE | net1=10.5.5.3 |
+--------------------------------------+--------+--------+---------------+
</computeroutput>
<userinput>neutron port-list -- --device_id 1cdc671d-a296-4476-9a75-f9ca1d92fd26</userinput>
<computeroutput>+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 9aa47099-b87b-488c-8c1d-32f993626a30 | | fa:16:3e:b4:d6:6c | {"subnet_id": "c395cb5d-ba03-41ee-8a12-7e792d51a167", "ip_address": "10.5.5.3"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Allocate a floating IP (Used as
$FLOATING_ID):</para>
<screen><prompt>$</prompt> <userinput>neutron floatingip-create ext_net</userinput>
<computeroutput>+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 7.7.7.131 |
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
| port_id | |
| router_id | |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Associate the floating IP with the VM's
port:</para>
<screen><prompt>$</prompt> <userinput>neutron floatingip-associate $FLOATING_ID $PORT_ID</userinput>
<computeroutput>Associated floatingip 40952c83-2541-4d0c-b58e-812c835079a5</computeroutput></screen>
</step>
<step>
<para>Show the floating IP:</para>
<screen><prompt>$</prompt> <userinput>neutron floatingip-show $FLOATING_ID</userinput>
<computeroutput>+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | 10.5.5.3 |
| floating_ip_address | 7.7.7.131 |
| floating_network_id | 8858732b-0400-41f6-8e5c-25590e67ffeb |
| id | 40952c83-2541-4d0c-b58e-812c835079a5 |
| port_id | 9aa47099-b87b-488c-8c1d-32f993626a30 |
| router_id | 685f64e7-a020-4fdf-a8ad-e41194ae124b |
| tenant_id | e40fa60181524f9f9ee7aa1038748f08 |
+---------------------+--------------------------------------+</computeroutput></screen>
</step>
<step>
<para>Test the floating IP:</para>
<screen><prompt>$</prompt> <userinput>ping 7.7.7.131</userinput>
<computeroutput>PING 7.7.7.131 (7.7.7.131) 56(84) bytes of data.
64 bytes from 7.7.7.131: icmp_req=2 ttl=64 time=0.152 ms
64 bytes from 7.7.7.131: icmp_req=3 ttl=64 time=0.049 ms
</computeroutput></screen>
</step>
</procedure>
</para>
</section>
</section>
View Git Blame Copy Permalink