Configuring the Networking service (neutron) (optional)

The OpenStack Networking service (neutron) includes the following services:

Firewall as a Service (FWaaS)
Provides a software-based firewall that filters traffic from the router.
Load Balancer as a Service (LBaaS)
Provides load balancers that direct traffic to OpenStack instances or other servers outside the OpenStack deployment.
VPN as a Service (VPNaaS)
Provides a method for extending a private network across a public network.
BGP Dynamic Routing service
Provides a means for advertising self-service (private) network prefixes to physical network devices that support BGP.

Firewall service (optional)

The following procedure describes how to modify the /etc/openstack_deploy/user_variables.yml file to enable FWaaS.

  1. Override the default list of neutron plugins to include firewall:

    neutron_plugin_base:
  - firewall
  - ...

  2. neutron_plugin_base is as follows:

    neutron_plugin_base:
   - router
   - firewall
   - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
   - vpnaas
   - metering
   - qos

  3. Execute the neutron install playbook in order to update the configuration:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml

  4. Execute the horizon install playbook to show the FWaaS panels:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-horizon-install.yml

The FWaaS default configuration options may be changed through the conf override mechanism using the neutron_neutron_conf_overrides dict.

Load balancing service (optional)

The neutron-lbaas plugin for neutron provides a software load balancer service and can direct traffic to multiple servers. The service runs as an agent and it manages HAProxy configuration files and daemons.

The Newton release contains only the LBaaS v2 API. For more details about transitioning from LBaaS v1 to v2, review the Special notes about LBaaS section below.

Deployers can make changes to the LBaaS default configuration options via the neutron_lbaas_agent_ini_overrides dictionary. Review the documentation on the conf override mechanism for more details.

Deploying LBaaS v2

  1. Add the LBaaS v2 plugin to the neutron_plugin_base variable in /etc/openstack_deploy/user_variables.yml:

    neutron_plugin_base:
  - router
  - metering
  - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2

    Ensure that neutron_plugin_base includes all of the plugins that you want to deploy with neutron in addition to the LBaaS plugin.

    Adding the LBaaS v2 plugin to neutron_plugin_base automatically enables the Dashboard panels for LBaaS v2 when the os_horizon role is redeployed (see the following step).

  2. Run the neutron playbook to deploy the LBaaS v2 agent and enable the Dashboard panels for LBaaSv2:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml
# openstack-ansible os-horizon-install.yml

Special notes about LBaaS

LBaaS v1 was deprecated in the Mitaka release and is not available in the Newton release.

LBaaS v1 and v2 agents are unable to run at the same time. If you switch LBaaS v1 to v2, the v2 agent is the only agent running. The LBaaS v1 agent stops along with any load balancers provisioned under the v1 agent.

Load balancers are not migrated between LBaaS v1 and v2 automatically. Each implementation has different code paths and database tables. You need to manually delete load balancers, pools, and members before switching LBaaS versions. Recreate these objects afterwards.

Virtual private network service (optional)

The following procedure describes how to modify the /etc/openstack_deploy/user_variables.yml file to enable VPNaaS.

  1. Override the default list of neutron plugins to include vpnaas:

    neutron_plugin_base:
  - router
  - metering

  2. neutron_plugin_base is as follows:

    neutron_plugin_base:
   - router
   - metering
   - vpnaas

  3. Override the default list of specific kernel modules in order to include the necessary modules to run ipsec:

    openstack_host_specific_kernel_modules:
   - { name: "ebtables", pattern: "CONFIG_BRIDGE_NF_EBTABLES=", group: "network_hosts" }
   - { name: "af_key", pattern: "CONFIG_NET_KEY=", group: "network_hosts" }
   - { name: "ah4", pattern: "CONFIG_INET_AH=", group: "network_hosts" }
   - { name: "ipcomp", pattern: "CONFIG_INET_IPCOMP=", group: "network_hosts" }

  4. Execute the openstack hosts setup in order to load the kernel modules at boot and runtime in the network hosts

    # openstack-ansible openstack-hosts-setup.yml --limit network_hosts\
--tags "openstack_hosts-config"

  5. Execute the neutron install playbook in order to update the configuration:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml

  6. Execute the horizon install playbook to show the VPNaaS panels:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-horizon-install.yml

The VPNaaS default configuration options are changed through the conf override mechanism using the neutron_neutron_conf_overrides dict.

BGP Dynamic Routing service (optional)

The BGP Dynamic Routing plugin for neutron provides BGP speakers which can advertise OpenStack project network prefixes to external network devices, such as routers. This is especially useful when coupled with the subnet pools feature, which enables neutron to be configured in such a way as to allow users to create self-service segmented IPv6 subnets.

The following procedure describes how to modify the /etc/openstack_deploy/user_variables.yml file to enable the BGP Dynamic Routing plugin.

  1. Add the BGP plugin to the neutron_plugin_base variable in /etc/openstack_deploy/user_variables.yml:

    neutron_plugin_base:
  - ...
  - neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin

    Ensure that neutron_plugin_base includes all of the plugins that you want to deploy with neutron in addition to the BGP plugin.

  2. Execute the neutron install playbook in order to update the configuration:

    # cd /opt/openstack-ansible/playbooks
# openstack-ansible os-neutron-install.yml

Table Of Contents

Previous topic

Neutron role for OpenStack-Ansible

Next topic

Scenario - Using Open vSwitch

Project Source

This Page

Navigation

© Copyright 2014-2016, OpenStack-Ansible Contributors. Last updated on 2017-01-25 12:17. Created using Sphinx 1.2.3.