Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Prerequisites
This chapter outlines how to configure all nodes to use
iptables to provide firewall capabilities. It also explains how to install the database service and message broker used by all components in the Red Hat OpenStack Platform environment. The MariaDB database service provides the tools to create and access the databases required for each component. The RabbitMQ message broker allows internal communication between the components. Messages can be sent from and received by any component that is configured to use the message broker.
Note
Prior to deploying Red Hat OpenStack Platform, it is important to consider the characteristics of the available deployment methods. For more information, refer to the recommended best practices for installing Red Hat OpenStack Platform.
2.1. Configure the Firewall
Configure the server or servers hosting each component to use
iptables. This involves disabling the Network Manager service, and configuring the server to use the firewall capabilities provided by iptables instead of those provided by firewalld. All further firewall configuration in this document uses iptables.
2.1.1. Disable Network Manager
OpenStack Networking does not work on systems that have the Network Manager service enabled. All steps in this procedure must be performed on each server in the environment that will handle network traffic, while logged in as the
root user. This includes the server that will host OpenStack Networking, all network nodes, and all Compute nodes.
Procedure 2.1. Disabling the Network Manager Service
- Verify whether Network Manager is currently enabled:
#systemctl status NetworkManager.service | grep Active:- The system displays an error if the Network Manager service is not currently installed. If this error is displayed, no further action is required to disable the Network Manager service.
- The system displays
Active: active (running)if Network Manager is running, orActive: inactive (dead)if it is not. If Network Manager is inactive, no further action is required.
- If Network Manager is running, stop it and then disable it:
#systemctl stop NetworkManager.service#systemctl disable NetworkManager.service - Open each interface configuration file on the system in a text editor. Interface configuration files are found in the
/etc/sysconfig/network-scripts/directory and have names in the formatifcfg-X, where X is replaced by the name of the interface. Valid interface names includeeth0,p1p5, andem1.To ensure that the standard network service takes control of the interfaces and automatically activates them on boot, confirm that the following keys are set in each interface configuration file, or add them manually:NM_CONTROLLED=no ONBOOT=yes
- Start the standard network service:
#systemctl start network.service - Configure the network service to start at boot time:
#systemctl enable network.service
2.1.2. Disable the firewalld Service
Disable the
firewalld service for Compute and OpenStack Networking nodes, and enable the iptables service.
Procedure 2.2. Disabling the firewalld Service
- Install the
iptablesservice:#yum install iptables-services - Review the iptables rules defined in
/etc/sysconfig/iptables:Note
You can review your currentfirewalldconfiguration:#firewall-cmd --list-all - When you are satisfied with the
iptablesrules, disablefirewalld:#systemctl disable firewalld.service - Stop the
firewalldservice and start theiptablesservices:#systemctl stop firewalld.service; systemctl start iptables.service; systemctl start ip6tables.service - Configure the
iptablesservices to start at boot time:#systemctl enable iptables.service#systemctl enable ip6tables.service
