openstack/openstack-manuals
Code Issues Proposed changes
ddbd734e93
openstack-manuals/doc/admin-guide-network/ch_adv_config.xml
Diane Fleming 64b6c9261e Folder rename, file rename, flattening of directories 
Current folder name	New folder name	        Book title
----------------------------------------------------------
basic-install 	        DELETE
cli-guide	        DELETE
common	                common
NEW	                admin-guide-cloud	Cloud Administrators Guide
docbkx-example	        DELETE
openstack-block-storage-admin 	DELETE
openstack-compute-admin 	DELETE
openstack-config 	config-reference	OpenStack Configuration Reference
openstack-ha 	        high-availability-guide	OpenStack High Availabilty Guide
openstack-image	        image-guide	OpenStack Virtual Machine Image Guide
openstack-install 	install-guide	OpenStack Installation Guide
openstack-network-connectivity-admin 	admin-guide-network 	OpenStack Networking Administration Guide
openstack-object-storage-admin 	DELETE
openstack-security 	security-guide	OpenStack Security Guide
openstack-training 	training-guide	OpenStack Training Guide
openstack-user 	        user-guide	OpenStack End User Guide
openstack-user-admin 	user-guide-admin	OpenStack Admin User Guide
glossary	        NEW        	OpenStack Glossary

bug: #1220407

Change-Id: Id5ffc774b966ba7b9a591743a877aa10ab3094c7
author: diane fleming
2013-09-08 15:15:50 -07:00

294 lines
17 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="ch_adv_config">
<title>Advanced Configuration Options</title>
<para>This section describes advanced configurations options for various system components (i.e.
config options where the default is usually ok, but that the user may want to tweak). After
installing from packages, $NEUTRON_CONF_DIR is <filename>/etc/neutron</filename>.</para>
<section xml:id="neutron_server">
<title>OpenStack Networking Server with Plugin</title>
<para>This is the web server that runs the OpenStack Networking API Web Server. It is
responsible for loading a plugin and passing the API calls to the plugin for processing.
The neutron-server should receive one of more configuration files as it its input, for
example:</para>
<para>
<screen><computeroutput>neutron-server --config-file &lt;neutron config&gt; --config-file &lt;plugin config&gt;</computeroutput></screen>
</para>
<para>The neutron config contains the common neutron configuration parameters. The plugin
config contains the plugin specific flags. The plugin that is run on the service is
loaded via the configuration parameter core_plugin. In some cases a plugin may have an
agent that performs the actual networking. Specific configuration details can be seen in
the Appendix - Configuration File Options.</para>
<para>Most plugins require a SQL database. After installing and starting the database
server, set a password for the root account and delete the anonymous accounts:</para>
<screen><computeroutput>$&gt; mysql -u root
mysql&gt; update mysql.user set password = password('iamroot') where user = 'root';
mysql&gt; delete from mysql.user where user = '';</computeroutput></screen>
<para>Create a database and user account specifically for plugin:</para>
<screen><computeroutput>mysql&gt; create database &lt;database-name&gt;;
mysql&gt; create user '&lt;user-name&gt;'@'localhost' identified by '&lt;user-name&gt;';
mysql&gt; create user '&lt;user-name&gt;'@'%' identified by '&lt;user-name&gt;';
mysql&gt; grant all on &lt;database-name&gt;.* to '&lt;user-name&gt;'@'%';</computeroutput></screen>
<para>Once the above is done you can update the settings in the relevant plugin
configuration files. The plugin specific configuration files can be found at
$NEUTRON_CONF_DIR/plugins.</para>
<para>Some plugins have a L2 agent that performs the actual networking. That is, the agent
will attach the virtual machine NIC to the OpenStack Networking network. Each node should have an
L2 agent running on it. Note that the agent receives the following input
parameters:</para>
<screen><computeroutput>neutron-plugin-agent --config-file &lt;neutron config&gt; --config-file &lt;plugin config&gt;</computeroutput></screen>
<para>Two things need to be done prior to working with the plugin:</para>
<orderedlist>
<listitem>
<para>Ensure that the core plugin is updated.</para>
</listitem>
<listitem>
<para>Ensure that the database connection is correctly set.</para>
</listitem>
</orderedlist>
<para>The table below contains examples for these settings. Some Linux packages may provide
installation utilities that configure these. <table rules="all">
<caption>Settings</caption>
<col width="35%"/>
<col width="65%"/>
<thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td><emphasis role="bold">Open vSwitch</emphasis></td>
<td/>
</tr>
<tr>
<td>core_plugin ($NEUTRON_CONF_DIR/neutron.conf)</td>
<td>neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2</td>
</tr>
<tr>
<td>sql_connection (in the plugin configuration file)</td>
<td>mysql://&lt;username&gt;:&lt;password&gt;@localhost/ovs_neutron?charset=utf8</td>
</tr>
<tr>
<td>Plugin Configuration File</td>
<td>$NEUTRON_CONF_DIR/plugins/openvswitch/ovs_neutron_plugin.ini</td>
</tr>
<tr>
<td>Agent</td>
<td>neutron-openvswitch-agent</td>
</tr>
<tr>
<td><emphasis role="bold">Linux Bridge</emphasis></td>
<td/>
</tr>
<tr>
<td>core_plugin ($NEUTRON_CONF_DIR/neutron.conf)</td>
<td>neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2</td>
</tr>
<tr>
<td>sql_connection (in the plugin configuration file)</td>
<td>mysql://&lt;username&gt;:&lt;password&gt;@localhost/neutron_linux_bridge?charset=utf8</td>
</tr>
<tr>
<td>Plugin Configuration File</td>
<td>$NEUTRON_CONF_DIR/plugins/linuxbridge/linuxbridge_conf.ini</td>
</tr>
<tr>
<td>Agent</td>
<td>neutron-linuxbridge-agent</td>
</tr>
</tbody>
</table></para>
<para>All of the plugin configuration files options can be found in the Appendix -
Configuration File Options.</para>
</section>
<section xml:id="adv_cfg_dhcp_agent">
<title>DHCP Agent</title>
<para>There is an option to run a DHCP server that will allocate IP addresses to virtual
machines running on the network. When a subnet is created, by default, the
subnet has DHCP enabled.</para>
<para>The node that runs the DHCP agent should run:</para>
<screen><computeroutput>neutron-dhcp-agent --config-file &lt;neutron config&gt;
--config-file &lt;dhcp config&gt;</computeroutput></screen>
<para>Currently the DHCP agent uses dnsmasq to perform that static address
assignment.</para>
<para>A driver needs to be configured that matches the plugin running on the service. <table
rules="all">
<caption>Basic settings</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td><emphasis role="bold">Open vSwitch</emphasis></td>
<td/>
</tr>
<tr>
<td>interface_driver ($NEUTRON_CONF_DIR/dhcp_agent.ini)</td>
<td>neutron.agent.linux.interface.OVSInterfaceDriver</td>
</tr>
<tr>
<td><emphasis role="bold">Linux Bridge</emphasis></td>
<td/>
</tr>
<tr>
<td>interface_driver ($NEUTRON_CONF_DIR/dhcp_agent.ini)</td>
<td>neutron.agent.linux.interface.BridgeInterfaceDriver</td>
</tr>
</tbody>
</table></para>
<para>All of the DHCP agent configuration options can be found in the <link
linkend="dhcp_agent_ini"> Appendix - Configuration File Options</link>.</para>
<section xml:id="adv_cfg_dhcp_agent_namespace">
<title>Namespace</title>
<para>By default the DHCP agent makes use of Linux network namespaces in order to
support overlapping IP addresses. Requirements for network namespaces support are
described in the <link linkend="ch_limitations">Limitation</link> section.</para>
<para>
<emphasis role="bold">If the Linux installation does not support network namespace,
you must disable using network namespace in the DHCP agent config
file</emphasis> (The default value of use_namespaces is True).</para>
<screen><computeroutput>use_namespaces = False</computeroutput></screen>
</section>
</section>
<section xml:id="adv_cfg_l3_agent">
<title>L3 Agent</title>
<para>There is an option to run a L3 agent that will give enable layer 3 forwarding and
floating IP support. The node that runs the L3 agent should run:</para>
<screen><computeroutput>neutron-l3-agent --config-file &lt;neutron config&gt;
--config-file &lt;l3 config&gt;</computeroutput></screen>
<para>A driver needs to be configured that matches the plugin running on the service. The
driver is used to create the routing interface. <table rules="all">
<caption>Basic settings</caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<th>Parameter</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr>
<td><emphasis role="bold">Open vSwitch</emphasis></td>
<td/>
</tr>
<tr>
<td>interface_driver ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
<td>neutron.agent.linux.interface.OVSInterfaceDriver</td>
</tr>
<tr>
<td>external_network_bridge ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
<td>br-ex</td>
</tr>
<tr>
<td><emphasis role="bold">Linux Bridge</emphasis></td>
<td/>
</tr>
<tr>
<td>interface_driver ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
<td>neutron.agent.linux.interface.BridgeInterfaceDriver</td>
</tr>
<tr>
<td>external_network_bridge ($NEUTRON_CONF_DIR/l3_agent.ini)</td>
<td>This field must be empty (or the bridge name for the external
network).</td>
</tr>
</tbody>
</table>
</para>
<para>The L3 agent communicates with the OpenStack Networking server via the OpenStack Networking API, so the
following configuration is required: <orderedlist>
<listitem>
<para>OpenStack Identity authentication:</para>
<screen><computeroutput>auth_url="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT/v2.0"</computeroutput></screen>
<para>For example,</para>
<screen><computeroutput>http://10.56.51.210:5000/v2.0</computeroutput></screen>
</listitem>
<listitem>
<para>Admin user details:</para>
<screen><computeroutput>admin_tenant_name $SERVICE_TENANT_NAME
admin_user $Q_ADMIN_USERNAME
admin_password $SERVICE_PASSWORD</computeroutput></screen>
</listitem>
</orderedlist>
</para>
<para>All of the L3 agent configuration options can be found in the <link
linkend="l3_agent"> Appendix - Configuration File Options</link>.</para>
<section xml:id="adv_cfg_l3_agent_namespace">
<title>Namespace</title>
<para>By default the L3 agent makes use of Linux network namespaces in order to support
overlapping IP addresses. Requirements for network namespaces support are described
in the <link linkend="ch_limitations">Limitation</link> section.</para>
<para>
<emphasis role="bold">If the Linux installation does not support network namespace,
you must disable using network namespace in the L3 agent config file</emphasis>
(The default value of use_namespaces is True).</para>
<screen><computeroutput>use_namespaces = False</computeroutput></screen>
<para>When use_namespaces is set to False, only one router ID can be supported per
node. This must be configured via the configuration variable
<emphasis>router_id</emphasis>.</para>
<screen><computeroutput># If use_namespaces is set to False then the agent can only configure one router.
# This is done by setting the specific router_id.
router_id = 1064ad16-36b7-4c2f-86f0-daa2bcbd6b2a</computeroutput></screen>
<para>To configure it, you need to run the OpenStack Networking service and create a router, and
then set an ID of the router created to <emphasis>router_id</emphasis> in the L3
agent configuration file.</para>
<screen><computeroutput>$ neutron router-create myrouter1
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 338d42d7-b22e-42c5-9df6-f3674768fe75 |
| name | myrouter1 |
| status | ACTIVE |
| tenant_id | 0c236f65baa04e6f9b4236b996555d56 |
+-----------------------+--------------------------------------+
</computeroutput></screen>
</section>
<section xml:id="adv_cfg_l3_agent_multi_extnet">
<title>Multiple Floating IP Pools</title>
<para>The L3 API in OpenStack Networking supports
multiple floating IP pools. In OpenStack Networking, a
floating IP pool is represented as an external network
and a floating IP is allocated from a subnet
associated with the external network. Since each L3
agent can be associated with at most one external
network, we need to invoke multiple L3 agent to define
multiple floating IP pools. <emphasis role="bold"
>'gateway_external_network_id'</emphasis> in L3
agent configuration file indicates the external
network that the L3 agent handles. You can run
multiple L3 agent instances on one host.</para>
<para>In addition, when you run multiple L3 agents, make sure that <emphasis
role="bold">handle_internal_only_routers</emphasis> is set to <emphasis
role="bold">True</emphasis> only for one L3 agent in an OpenStack Networking deployment and
set to <emphasis role="bold">False</emphasis> for all other L3 agents. Since the
default value of this parameter is True, you need to configure it carefully.</para>
<para>Before starting L3 agents, you need to create routers and external networks, then
update the configuration files with UUID of external networks and start L3 agents.</para>
<para>For the first agent, invoke it with the following l3_agent.ini where
handle_internal_only_routers is True.</para>
<screen><computeroutput>handle_internal_only_routers = True
gateway_external_network_id = 2118b11c-011e-4fa5-a6f1-2ca34d372c35
external_network_bridge = br-ex</computeroutput></screen>
<screen><computeroutput>python /opt/stack/neutron/bin/neutron-l3-agent
--config-file /etc/neutron/neutron.conf
--config-file=/etc/neutron/l3_agent.ini</computeroutput></screen>
<para>For the second (or later) agent, invoke it with the following l3_agent.ini where
handle_internal_only_routers is False.</para>
<screen><computeroutput>handle_internal_only_routers = False
gateway_external_network_id = e828e54c-850a-4e74-80a8-8b79c6a285d8
external_network_bridge = br-ex-2</computeroutput></screen>
</section>
</section>
</chapter>
View Git Blame Copy Permalink