Line 167: | Line 167: | ||
== Security Groups == | == Security Groups == | ||
Quantum now has support for | Quantum now has support for security groups. In the case that Quantum supports security groups then the nova configuration file should be updated to support this: | ||
[DEFAULT] | |||
security_group_api quantum | |||
firewall_driver = nova.virt.firewall.NoopFirewallDriver | |||
The table below indicates which plugins support security groups. | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Plugin !! | ! Plugin !! Security Group Support | ||
|- | |- | ||
| [http://wiki.openstack.org/cisco-quantum Cisco] || | | [http://wiki.openstack.org/cisco-quantum Cisco] || {{result|fail}} | ||
|- | |- | ||
| [http://wiki.openstack.org/Quantum-Linux-Bridge-Plugin Linux Bridge] || | | [http://wiki.openstack.org/Quantum-Linux-Bridge-Plugin Linux Bridge] || {{result|pass}} | ||
|- | |- | ||
| [http://nicira.com/en/platform-for-innovation Nicira] || | | [http://nicira.com/en/platform-for-innovation Nicira] || {{result|pass}} | ||
|- | |- | ||
| [http://openvswitch.org/openstack/documentation/ Open vSwitch] || | | [http://openvswitch.org/openstack/documentation/ Open vSwitch] || {{result|pass}} | ||
|- | |- | ||
| [http://www.osrg.net/ryu/index.html RYU] || | | [http://www.osrg.net/ryu/index.html RYU] || {{result|pass}} | ||
|- | |- | ||
| [http://wiki.openstack.org/wiki/Quantum_NEC_OpenFlow_Plugin NEC] || | | [http://wiki.openstack.org/wiki/Quantum_NEC_OpenFlow_Plugin NEC] || {{result|pass}} | ||
|- | |- | ||
| [http://www.openflowhub.org/display/floodlightcontroller/Quantum+REST+Proxy+Plugin BigSwitch] || | | [http://www.openflowhub.org/display/floodlightcontroller/Quantum+REST+Proxy+Plugin BigSwitch] || {{result|fail}} | ||
|- | |- | ||
| [http://www.cloudbase.it/quantum-hyper-v-plugin/ CoudBase Hyper-V] || | | [http://www.cloudbase.it/quantum-hyper-v-plugin/ CoudBase Hyper-V] || {{result|pass}} | ||
|- | |- | ||
| [http://www.midokura.com/ MidoNet] || | | [http://www.midokura.com/ MidoNet] || {{result|fail}} | ||
|- | |- | ||
| [http://www.brocade.com/ brocade] || | | [http://www.brocade.com/ brocade] || {{result|pass}} | ||
|- | |- | ||
| [http://www.plumgrid.com/ PLUMGrid] || | | [http://www.plumgrid.com/ PLUMGrid] || {{result|fail}} | ||
|} | |} | ||
Revision as of 13:20, 24 March 2013
Quantum
The Quantum project provides "network connectivity as a service". This page tracks Fedora Cloud SIG's effort to maintain Quantum in Fedora.
The packaging can be found at:
Quantum Plugins
Quantum supports a number of different backend implementations. These are called "plugins". The plugin used is defined in the quantum configuration file (core_plugin), for example for Open vSwitch:
core_plugin = quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2
Below is a list of the supported plugins. Each plugin may use a different networking technology. Some may be hardware based, others software based.
Plugin | Driver |
---|---|
Cisco | quantum.plugins.cisco.network_plugin.PluginV2 |
Linux Bridge | quantum.plugins.linuxbridge.lb_quantum_plugin.LinuxBridgePluginV2 |
Nicira | quantum.plugins.nicira.nicira_nvp_plugin.QuantumPlugin.NvpPluginV2 |
Open vSwitch | quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2 |
RYU | quantum.plugins.ryu.ryu_quantum_plugin.RyuQuantumPluginV2 |
NEC | quantum.plugins.nec.nec_plugin_base.NECPluginV2Base |
BigSwitch | quantum.plugins.bigswitch.plugin.QuantumRestProxyV2 |
CoudBase Hyper-V | quantum.plugins.hyperv.hyperv_quantum_plugin.HyperVQuantumPlugin |
MidoNet | quantum.plugins.midonet.plugin.MidonetPluginV2 |
brocade | quantum.plugins.brocade.QuantumPlugin.BrocadePluginV2 |
PLUMGrid | quantum.plugins.plumgrid.plumgrid_nos_plugin.plumgrid_plugin.QuantumPluginPLUMgridV2 |
The wiki will describe the installation and configuration of Open vSwitch and Linux Bridge plugins.
Open vSwitch
Quantum Service
The Quantum service is installed as follows:
#> sudo yum install openstack-quantum #> sudo yum install openstack-quantum-openvswitch
The Quantum service is configured as follows:
#> sudo quantum-server-setup
Note the above script will create the database and set the relevant configuration files to work with the open vswitch plugin. The script will also make use of environment variables for keystone configuration. There are: OS_TENANT_NAME, OS_USERNAME and OS_PASSWORD.
Once the service has been configured it can be started as follows:
#> sudo service quantum-server start #> sudo chkconfig quantum-server on
Compute Node
A compute node will need the agent to be configured and run.
#> sudo yum install openstack-quantum-openvswitch
The agent is configured follows:
#> sudo quantum-node-setup
Note the above script will set the relevant configuration files to work with the open vswitch plugin. The script will also make use of environment variables for keystone configuration. There are: OS_TENANT_NAME, OS_USERNAME and OS_PASSWORD.
A integration bridge needs to be created on the openvswitch. The bridge needs to be administratively created prior to running the agent.
#> sudo ovs-vsctl add-br br-int
Ensure that the interfaces are persistent after reboot. This is done by creating an interface file, for example for br-int:
DEVICE=br-int DEVICETYPE=ovs TYPE=OVSBridge ONBOOT=yes BOOTPROTO=none
Once configured it can be started as follows:
#> sudo service quantum-openvswitch-agent start #> sudo chkconfig quantum-openvswitch-agent on
Note if the host is rebooted then the openvswitch will create tap devices that existed on the switch prior to the reboot. This may affect the way in which the various quantum agents function. This is addressed by ensuring that the quantum-ovs-cleanup script is run at boot. This is done as follows:
#> sudo chkconfig quantum-ovs-cleanup on
IPAM
The Quantum DHCP agent enables VM's that are launched on a Quantum network to receive a IP address. The DHCP agent is part of the openstack-quantum package. This is installed as follows:
#> sudo yum install openstack-quantum
The DHCP agent is configured as follows (please select openvswitch for the plugin):
#> sudo quantum-dhcp-setup
Once the agent has been configured it can be started as follows:
#> sudo service quantum-dhcp-agent start #> sudo chkconfig quantum-dhcp-agent on
Note if the DHCP agent is not run on a compute node then the same installation for the compute node need to performed.
Floating IP Support
The Quantum L3 agent provides floating IP support for VM's that are launched. The L3 agent is part of the openstack-quantum package. This is installed as follows:
#> sudo yum install openstack-quantum
The L3 agent is configured as follows (please select openvswitch for the plugin):
#> sudo quantum-l3-setup
A external bridge needs to be created on the openvswitch. The bridge needs to be administratively created prior to running the L3 agent.
#> sudo ovs-vsctl add-br br-ex
Ensure that the interfaces are persistent after reboot. This is done by creating an interface file, for example for br-ex:
DEVICE=br-ex DEVICETYPE=ovs TYPE=OVSBridge ONBOOT=yes BOOTPROTO=none
Once the agent has been configured it can be started as follows:
#> sudo service quantum-l3-agent start #> sudo chkconfig quantum-l3-agent on
In order for the VM to be able communicate with the Nova meta data service then the quantum-metadata-agent needs to be run.
#> sudo service quantum-metadata-agent start #> sudo chkconfig quantum-metadata-agent on
Note if the L3 agent is not run on a compute node then the same installation for the compute node need to performed.
Linux Bridge
Quantum Service
The Quantum service is installed as follows:
#> sudo yum install openstack-quantum #> sudo yum install openstack-quantum-linuxbridge
The Quantum service is configured as follows:
#> sudo quantum-server-setup
Note the above script will create the database and set the relevant configuration files to work with the linux bridge plugin. The script will also make use of environment variables for keystone configuration. There are: OS_TENANT_NAME, OS_USERNAME and OS_PASSWORD.
Once the service has been configured it can be started as follows:
#> sudo service quantum-server start #> sudo chkconfig quantum-server on
Compute Node
A compute node will need the agent to be configured and run.
#> sudo yum install openstack-quantum-linuxbridge
The agent is configured follows:
#> sudo quantum-node-setup
Note the above script will set the relevant configuration files to work with the linux bridge plugin. The script will also make use of environment variables for keystone configuration. There are: OS_TENANT_NAME, OS_USERNAME and OS_PASSWORD.
Once configured it can be started as follows:
#> sudo service quantum-linuxbridge-agent start #> sudo chkconfig quantum-linuxbridge-agent on
IPAM and Floating IP support
This is the same as the openvswitch support. One just needs to select the linux bridge plugin.
Security Groups
Quantum now has support for security groups. In the case that Quantum supports security groups then the nova configuration file should be updated to support this:
[DEFAULT] security_group_api quantum firewall_driver = nova.virt.firewall.NoopFirewallDriver
The table below indicates which plugins support security groups.
Plugin | Security Group Support |
---|---|
Cisco | |
Linux Bridge | |
Nicira | |
Open vSwitch | |
RYU | |
NEC | |
BigSwitch | |
CoudBase Hyper-V | |
MidoNet | |
brocade | |
PLUMGrid |
LBaaS
Nova
Troubleshooting
Quantum Server
- /etc/quantum/plugins.ini contains the specific plugin module. Check that this matches the intended plugin
- /etc/quantum/quantum.conf contains information relevant to the server. Check that the server is running and that the bind_port is indeed up.
- If the Quantum server does not start after reboot, and you are using mysql, then make sure that the Quantum server starts after the mysqld.service.
Quantum Plugin
- /etc/quantum/plugins.ini contains the specific plugin module. Check that this matches the intended plugin
- /etc/quantum/quantum.conf contains the specific plugin module. Check that this matches the intended plugin
- /var/log/messages may contain information regarding the agent
OpenStack
- It may be useful to look for errors in /var/log/nova/network.log and /var/log/nova/nova-dhcpbridge.log
- Common configuration: /etc/nova/nova.conf contains the relevant quantum configuration.
network_manager=nova.network.quantum.manager.QuantumManager quantum_connection_host=localhost quantum_connection_port=9696 quantum_use_dhcp=True