碼上歡樂
相關內容    簡體    繁體

openstack部署fwaas和vpnaas

本文轉載自   查看原文   2016-11-24 14:02   2559    openstack

這次在L版上部署了下fwaas和vpnaas,記錄下操作步驟

Fwaas

1.安裝fwaas
yum -y install openstack-neutron-fwaas

2.添加fwaas服務
vi /etc/neutron/neutron.conf
service_plugins = router,firewall

3.配置fwaas
vi /etc/neutron/fwaas_driver.ini
driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
enabled = True

4.dashboard啟用fwaas
vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_firewall' = True,
    ...
}

systemctl restart httpd

5.數據庫建表
neutron-db-manage --subproject neutron-fwaas upgrade head

6.重啟服務
Systemctl restart neutron-server.service
Systemctl restart neutron-l3-agent.service

 



Vpnaas

1.安裝vpnaas和libreswan
yum install -y openstack-neutron-vpnaas libreswan

2.添加vpnaas服務
vi /etc/neutron/neutron.conf
service_plugins = router,firewall,vpnaas

3.配置vpnaas服務
vi /etc/neutron/vpn_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

[vpnagent]
vpn_device_driver=neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver

[ipsec]
ipsec_status_check_interval=60

vi /etc/neutron/neutron_vpnaas.conf
[service_providers]
service_provider=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

 

vi /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.enp0s3.rp_filter = 0
net.ipv4.conf.enp0s8.rp_filter = 0
net.ipv4.conf.enp0s9.rp_filter = 0
net.ipv4.conf.enp0s10.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.ip_vti0.rp_filter = 0

sysctl -p

 

4.添加權限管理文件
vi /usr/share/neutron/rootwrap/vpnaas.filters
[Filters]
ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
ipsec: CommandFilter, ipsec, root
openswan: CommandFilter, ipsec, root
libreswan: CommandFilter, certutil, root


5.ipsec驗證
ipsec verify

6.數據庫建表
neutron-db-manage --subproject neutron-vpnaas upgrade head

dashboard啟用vpnaas
vi /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
        ‘enable_vpn‘: True,
        }

systemctl restart httpd

7.重啟neutron服務以及VPN服務
systemctl restart neutron-server
systemctl restart neutron-vpn-agent


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 OpenStack-Neutron-VPNaaS-配置 實踐 Neutron FWaaS - 每天5分鍾玩轉 OpenStack(118) 理解 Neutron FWaaS - 每天5分鍾玩轉 OpenStack(117) OpenStack部署 OpenStack部署 FWaaS 實踐: 允許 ssh - 每天5分鍾玩轉 OpenStack(119) openstack安裝部署 openstack T版部署 kolla部署openstack openstack queens 部署
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM