firewall
1.安裝fwaas
$yum -y install openstack-neutron-fwaas
2.在neutron裏添加fwaas服務
$vim /etc/neutron/neutron.conf
[DEFAULT]
service_plugins = router,firewall
[service_providers]
service_provider=FIREWALL:Iptables:neutron.agent.Linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default
3.配置fwaas
$vim /etc/neutron/fwaas_driver.ini
[fwaas]
driver=neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True
4.配置dashboard firewall
$vim /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_NEUTRON_NETWORK = {
'enable_firewall': True
}
注意上面的local_setting的路徑可能因系統版本不同而不同。
5.數據庫建表
$neutron-db-manage --subproject neutron-fwaas upgrade head
6.重啓各個服務
$systemctl restart neutron-server httpd.service
Vpnaas
1.安裝vpnaas和libreswan
$yum install -y openstack-neutron-vpnaas libreswan
2.添加vpnaas服務
$vi /etc/neutron/neutron.conf
service_plugins = router,firewall,vpnaas
[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
3.配置vpnaas服務
$vim /etc/neutron/vpn_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver
[ipsec]
ipsec_status_check_interval=60
$vim /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.rp_filter = 0
$sysctl -p
4.添加權限管理文件
$vim /usr/share/neutron/rootwrap/vpnaas.filters
[Filters]
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
openswan: CommandFilter, ipsec, root
libreswan: CommandFilter, certutil, root
5.ipsec驗證
$ipsec verify
6.數據庫建表
$neutron-db-manage --subproject neutron-vpnaas upgrade head
7.dashboard啓用vpnaas
$vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_NEUTRON_NETWORK = {
‘enable_vpn‘: True,
}
8.重啓neutron服務以及VPN服務
$systemctl restart neutron-server neutron-vpn-agent httpd
lbaas v2
1.安裝haproxy和neutron-lbaas(在openstack資源裏)
$yum -y install openstack-neutron-lbaas haproxy
2.編輯配置文件
$vim /etc/neutron/neutron.conf
[DEFAULT]
service_plugins = router, neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
[service_providers]
service_provider=LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
$vim /etc/neutron/lbaas_agent.ini
device_driver=neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
user_group = haproxy
/*
For OpenVSwitch:
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
For linuxbridge:
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
*/
3.數據庫建表
$neutron-db-manage --subproject neutron-lbaas upgrade head
4.安裝界面
$git clone https://git.openstack.org/openstack/neutron-lbaas-dashboard -b stable/newton
$cd neutron-lbaas-dashboard
$python setup.py install
$cp /usr/lib/python2.7/site-packages/neutron_lbaas_dashboard/enabled/_1481_project_ng_loadbalancersv2_panel.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/
4.重啓 服務
$systemctl restart neutron-server neutron-lbaasv2-agent httpd