diff --git a/doc/source/configure-network-services.rst b/doc/source/configure-network-services.rst new file mode 100644 index 00000000..bc6581f0 --- /dev/null +++ b/doc/source/configure-network-services.rst @@ -0,0 +1,190 @@ +======================================================= +Configuring the Networking service (neutron) (optional) +======================================================= + +The OpenStack Networking service (neutron) includes the following services: + +Firewall as a Service (FWaaS) + Provides a software-based firewall that filters traffic from the router. + +Load Balancer as a Service (LBaaS) + Provides load balancers that direct traffic to OpenStack instances or other + servers outside the OpenStack deployment. + +VPN as a Service (VPNaaS) + Provides a method for extending a private network across a public network. + +Firewall service (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following procedure describes how to modify the +``/etc/openstack_deploy/user_variables.yml`` file to enable FWaaS. + +#. Override the default list of neutron plugins to include + ``firewall``: + + .. code-block:: yaml + + neutron_plugin_base: + - firewall + - ... + +#. ``neutron_plugin_base`` is as follows: + + .. code-block:: yaml + + neutron_plugin_base: + - router + - firewall + - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 + - vpnaas + - metering + - qos + +#. Execute the neutron install playbook in order to update the configuration: + + .. code-block:: shell-session + + # cd /opt/openstack-ansible/playbooks + # openstack-ansible os-neutron-install.yml + +#. Execute the horizon install playbook to show the FWaaS panels: + + .. code-block:: shell-session + + # cd /opt/openstack-ansible/playbooks + # openstack-ansible os-horizon-install.yml + +The FWaaS default configuration options may be changed through the +`conf override`_ mechanism using the ``neutron_neutron_conf_overrides`` +dict. + +Load balancing service (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The `neutron-lbaas`_ plugin for neutron provides a software load balancer +service and can direct traffic to multiple servers. The service runs as an +agent and it manages `HAProxy`_ configuration files and daemons. + +The Newton release contains only the LBaaS v2 API. For more details about +transitioning from LBaaS v1 to v2, review the :ref:`lbaas-special-notes` +section below. + +Deployers can make changes to the LBaaS default configuration options via the +``neutron_lbaas_agent_ini_overrides`` dictionary. Review the documentation on +the `conf override`_ mechanism for more details. + +.. _neutron-lbaas: https://wiki.openstack.org/wiki/Neutron/LBaaS +.. _HAProxy: http://www.haproxy.org/ + +Deploying LBaaS v2 +------------------ + +#. Add the LBaaS v2 plugin to the ``neutron_plugin_base`` variable + in ``/etc/openstack_deploy/user_variables.yml``: + + .. code-block:: yaml + + neutron_plugin_base: + - router + - metering + - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 + + Ensure that ``neutron_plugin_base`` includes all of the plugins that you + want to deploy with neutron in addition to the LBaaS plugin. + +#. Run the neutron playbook to deploy and enable the LBaaS v2 agent: + + .. code-block:: console + + # cd /opt/openstack-ansible/playbooks + # openstack-ansible os-neutron-install.yml + +#. Set ``horizon_enable_neutron_lbaas`` to ``True`` in + ``/etc/openstack_deploy/user_variables.yml`` and run the horizon playbook to + enable the LBaaS v2 panels in horizon: + + .. code-block:: console + + # cd /opt/openstack-ansible/playbooks + # openstack-ansible os-horizon-install.yml + +.. _lbaas-special-notes: + +Special notes about LBaaS +------------------------- + +**LBaaS v1 was deprecated in the Mitaka release and is not available in the +Newton release.** + +LBaaS v1 and v2 agents are unable to run at the same time. If you switch +LBaaS v1 to v2, the v2 agent is the only agent running. The LBaaS v1 agent +stops along with any load balancers provisioned under the v1 agent. + +Load balancers are not migrated between LBaaS v1 and v2 automatically. Each +implementation has different code paths and database tables. You need +to manually delete load balancers, pools, and members before switching LBaaS +versions. Recreate these objects afterwards. + +Virtual private network service (optional) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following procedure describes how to modify the +``/etc/openstack_deploy/user_variables.yml`` file to enable VPNaaS. + +#. Override the default list of neutron plugins to include + ``vpnaas``: + + .. code-block:: yaml + + neutron_plugin_base: + - router + - metering + +#. ``neutron_plugin_base`` is as follows: + + .. code-block:: yaml + + neutron_plugin_base: + - router + - metering + - vpnaas + +#. Override the default list of specific kernel modules + in order to include the necessary modules to run ipsec: + + .. code-block:: yaml + + openstack_host_specific_kernel_modules: + - { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES=", group: "network_hosts" } + - { name: "af_key", pattern: "CONFIG_NET_KEY=", group: "network_hosts" } + - { name: "ah4", pattern: "CONFIG_INET_AH=", group: "network_hosts" } + - { name: "ipcomp", pattern: "CONFIG_INET_IPCOMP=", group: "network_hosts" } + +#. Execute the openstack hosts setup in order to load the kernel modules at + boot and runtime in the network hosts + + .. code-block:: shell-session + + # openstack-ansible openstack-hosts-setup.yml --limit network_hosts\ + --tags "openstack_hosts-config" + +#. Execute the neutron install playbook in order to update the configuration: + + .. code-block:: shell-session + + # cd /opt/openstack-ansible/playbooks + # openstack-ansible os-neutron-install.yml + +#. Execute the horizon install playbook to show the VPNaaS panels: + + .. code-block:: shell-session + + # cd /opt/openstack-ansible/playbooks + # openstack-ansible os-horizon-install.yml + +The VPNaaS default configuration options are changed through the +`conf override`_ mechanism using the ``neutron_neutron_conf_overrides`` +dict. + +.. _conf override: http://docs.openstack.org/developer/openstack-ansible/install-guide/configure-openstack.html diff --git a/doc/source/index.rst b/doc/source/index.rst index 06738948..2be5c081 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -5,9 +5,40 @@ Neutron role for OpenStack-Ansible .. toctree:: :maxdepth: 2 - overview.rst + configure-network-services.rst app-nuage.rst app-plumgrid.rst :tags: openstack, neutron, cloud, ansible :category: \*nix + +This role installs the following Upstart services: + + * neutron-server + * neutron-agents + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../defaults/main.yml + :language: yaml + :start-after: under the License. + +Required variables +~~~~~~~~~~~~~~~~~~ + +None. + +Example playbook +~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../examples/playbook.yml + :language: yaml + +Tags +~~~~ + +This role supports two tags: ``neutron-install`` and +``neutron-config``. The ``neutron-install`` tag can be used to install +and upgrade. The ``neutron-config`` tag can be used to maintain the +configuration of the service. diff --git a/doc/source/overview.rst b/doc/source/overview.rst deleted file mode 100644 index 490c5cdf..00000000 --- a/doc/source/overview.rst +++ /dev/null @@ -1,34 +0,0 @@ -======== -Overview -======== - -This role installs the following Upstart services: - - * neutron-server - * neutron-agents - -Default variables -~~~~~~~~~~~~~~~~~ - -.. literalinclude:: ../../defaults/main.yml - :language: yaml - :start-after: under the License. - -Required variables -~~~~~~~~~~~~~~~~~~ - -None. - -Example playbook -~~~~~~~~~~~~~~~~ - -.. literalinclude:: ../../examples/playbook.yml - :language: yaml - -Tags -~~~~ - -This role supports two tags: ``neutron-install`` and -``neutron-config``. The ``neutron-install`` tag can be used to install -and upgrade. The ``neutron-config`` tag can be used to maintain the -configuration of the service.