码上快乐

相关内容   简体   繁体

openstack部署fwaas和vpnaas

本文转载自  查看原文  2016-11-24 14:02  2559    openstack

这次在L版上部署了下fwaas和vpnaas,记录下操作步骤

Fwaas

1.安装fwaas
yum -y install openstack-neutron-fwaas

2.添加fwaas服务
vi /etc/neutron/neutron.conf
service_plugins = router,firewall

3.配置fwaas
vi /etc/neutron/fwaas_driver.ini
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

4.dashboard启用fwaas
vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_firewall' = True,
    ...
}

systemctl restart httpd

5.数据库建表
neutron-db-manage --subproject neutron-fwaas upgrade head

6.重启服务
Systemctl restart neutron-server.service
Systemctl restart neutron-l3-agent.service

 



Vpnaas

1.安装vpnaas和libreswan
yum install -y openstack-neutron-vpnaas libreswan

2.添加vpnaas服务
vi /etc/neutron/neutron.conf
service_plugins = router,firewall,vpnaas

3.配置vpnaas服务
vi /etc/neutron/vpn_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver

[ipsec]
ipsec_status_check_interval=60

vi /etc/neutron/neutron_vpnaas.conf
[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

 

vi /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.enp0s3.rp_filter = 0
net.ipv4.conf.enp0s8.rp_filter = 0
net.ipv4.conf.enp0s9.rp_filter = 0
net.ipv4.conf.enp0s10.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.ip_vti0.rp_filter = 0

sysctl -p

 

4.添加权限管理文件
vi /usr/share/neutron/rootwrap/vpnaas.filters
[Filters]
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
ipsec: CommandFilter, ipsec, root
openswan: CommandFilter, ipsec, root
libreswan: CommandFilter, certutil, root


5.ipsec验证
ipsec verify

6.数据库建表
neutron-db-manage --subproject neutron-vpnaas upgrade head

dashboard启用vpnaas
vi /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
        ‘enable_vpn‘: True,
        }

systemctl restart httpd

7.重启neutron服务以及VPN服务
systemctl restart neutron-server
systemctl restart neutron-vpn-agent


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 OpenStack部署 openstack的部署方式 Fuel部署OpenStack packstack快速部署openstack openstack 部署安装 怎样将OpenStack部署到Hadoop openstack基础环境部署以及openstack部署架构图 kolla 多节点部署 openstack 脚本部署OpenStack平台 自动化部署--openstack
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM