Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 2. Prerequisites
This chapter outlines how to configure all nodes to use
iptables to provide firewall capabilities. It also explains how to install the database service and message broker used by all components in the Red Hat OpenStack Platform environment. The MariaDB database service provides the tools to create and access the databases required for each component. The RabbitMQ message broker allows internal communication between the components. Messages can be sent from and received by any component that is configured to use the message broker.
Note
Prior to deploying Red Hat OpenStack Platform, it is important to consider the characteristics of the available deployment methods. For more information, refer to the Installing and Managing Red Hat OpenStack Platform.
2.1. Configure the Firewall
Copiar o linkLink copiado para a área de transferência!
Configure the server or servers hosting each component to use
iptables. This involves disabling the Network Manager service, and configuring the server to use the firewall capabilities provided by iptables instead of those provided by firewalld. All further firewall configuration in this document uses iptables.
2.1.1. Disable Network Manager
Copiar o linkLink copiado para a área de transferência!
OpenStack Networking does not work on systems that have the Network Manager service enabled. All steps in this procedure must be performed on each server in the environment that will handle network traffic, while logged in as the
root user. This includes the server that will host OpenStack Networking, all network nodes, and all Compute nodes.
Procedure 2.1. Disabling the Network Manager Service
- Verify whether Network Manager is currently enabled:
systemctl status NetworkManager.service | grep Active:
# systemctl status NetworkManager.service | grep Active:Copy to Clipboard Copied! Toggle word wrap Toggle overflow - The system displays an error if the Network Manager service is not currently installed. If this error is displayed, no further action is required to disable the Network Manager service.
- The system displays
Active: active (running)if Network Manager is running, orActive: inactive (dead)if it is not. If Network Manager is inactive, no further action is required.
- If Network Manager is running, stop it and then disable it:
systemctl stop NetworkManager.service systemctl disable NetworkManager.service
# systemctl stop NetworkManager.service # systemctl disable NetworkManager.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Open each interface configuration file on the system in a text editor. Interface configuration files are found in the
/etc/sysconfig/network-scripts/directory and have names in the formatifcfg-X, where X is replaced by the name of the interface. Valid interface names includeeth0,p1p5, andem1.To ensure that the standard network service takes control of the interfaces and automatically activates them on boot, confirm that the following keys are set in each interface configuration file, or add them manually:NM_CONTROLLED=no ONBOOT=yes
NM_CONTROLLED=no ONBOOT=yesCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Start the standard network service:
systemctl start network.service
# systemctl start network.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Configure the network service to start at boot time:
systemctl enable network.service
# systemctl enable network.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
2.1.2. Disable the firewalld Service
Copiar o linkLink copiado para a área de transferência!
Disable the
firewalld service for Compute and OpenStack Networking nodes, and enable the iptables service.
Procedure 2.2. Disabling the firewalld Service
- Install the
iptablesservice:yum install iptables-services
# yum install iptables-servicesCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Review the iptables rules defined in
/etc/sysconfig/iptables:Note
You can review your currentfirewalldconfiguration:firewall-cmd --list-all
# firewall-cmd --list-allCopy to Clipboard Copied! Toggle word wrap Toggle overflow - When you are satisfied with the
iptablesrules, disablefirewalld:systemctl disable firewalld.service
# systemctl disable firewalld.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Stop the
firewalldservice and start theiptablesservices:systemctl stop firewalld.service; systemctl start iptables.service; systemctl start ip6tables.service
# systemctl stop firewalld.service; systemctl start iptables.service; systemctl start ip6tables.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Configure the
iptablesservices to start at boot time:systemctl enable iptables.service systemctl enable ip6tables.service
# systemctl enable iptables.service # systemctl enable ip6tables.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}