Install networking support on a dedicated compute node

Install and configure Neutron plug-ins on a dedicated compute node

	Note
	This section details set up for any node that runs the `nova-compute` component but does not run the full network stack.

Disable packet destination filtering (route verification) to let the networking services route traffic to the VMs. Edit the /etc/sysctl.conf file and run the following command to activate changes:
```
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
```
```
# sysctl -p
```
Install and configure your networking plug-in components. To install and configure the network plug-in that you chose when you set up your network node, see the section called “Install and configure Neutron plug-ins on a dedicated compute node”.

Configure the core components of Neutron. Edit the /etc/neutron/neutron.conf file:

auth_host = controller
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
auth_url = http://controller:35357/v2.0
auth_strategy = keystone
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_port = 5672
# Change the following settings if you're not using the default RabbitMQ configuration
#rabbit_userid = guest
rabbit_password = RABBIT_PASS

Edit the database URL under the [database] section in the above file, to tell Neutron how to connect to the database:
```
[database]
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
```

Edit the /etc/neutron/api-paste.ini file and add these lines to the [filter:authtoken] section:

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS

Configure OpenStack Compute to use OpenStack Networking services. Edit the /etc/nova/nova.conf file:

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://controller:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=NEUTRON_PASS
neutron_admin_auth_url=http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron

Note

No matter which firewall driver you chose when you configured the network and compute nodes, you must edit the /etc/nova/nova.conf file to set the firewall driver to nova.virt.firewall.NoopFirewallDriver. Because OpenStack Networking handles the firewall, this statement instructs Compute to not use a firewall.
If you want Networking to handle the firewall, edit the /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini file to set the firewall_driver option to the firewall for the plug-in. For example, with OVS, edit the file as follows:
```
[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
```
If you do not want to use a firewall in Compute or Networking, edit both configuration files and set firewall_driver=nova.virt.firewall.NoopFirewallDriver. Also, edit the /etc/nova/nova.conf file and comment out or remove the security_group_api=neutron statement.
Otherwise, when you issue nova list commands, the ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) error might be returned.

Restart the Compute service.
```
# service nova-compute restart
```
Also restart your chosen Networking plug-in agent, for example, Open vSwitch.
```
# service neutron-plugin-openvswitch-agent restart
```

Log a bug against this page

Legal notices