Install networking support on a dedicated controller node

Install and configure the Neutron plug-ins on a dedicated controller node

	Note
	This is for a node which runs the control components of Neutron, but does not run any of the components that provide the underlying functionality (such as the plug-in agent or the L3 agent). If you wish to have a combined controller/compute node follow these instructions, and then those for the compute node.

Install the main Neutron server, Neutron libraries for Python, and the Neutron command-line interface (CLI):
```
# apt-get install neutron-server
```

Configure the core components of Neutron. Edit the /etc/neutron/neutron.conf file:

auth_host = controller
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
auth_url = http://controller:35357/v2.0
auth_strategy = keystone

rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_port = 5672
rabbit_password = RABBIT_PASS

# Change the following settings if you're not using the default RabbitMQ configuration
#rabbit_userid = guest

Edit the database URL under the [database] section in the above file, to tell Neutron how to connect to the database:
```
[database]
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
```

Configure the Neutron copy of the api-paste.ini at /etc/neutron/api-paste.ini file:

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS

Configure the plug-in that is configured on the network node on this node also.
Although this node does not run any agents that provide underlying functionality, the neutron-server service must know which plug-in is running because it interfaces with the plug-in.

Tell Nova about Neutron. Specifically, you must tell Nova that Neutron handles networking and the firewall. Edit the /etc/nova/nova.conf file:

network_api_class=nova.network.neutronv2.api.API
neutron_url=http://controller:9696
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=NEUTRON_PASS
neutron_admin_auth_url=http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.firewall.NoopFirewallDriver
security_group_api=neutron

Note

Regardless of which firewall driver you chose when you configured the network and compute nodes, set this driver as the No-Op firewall. This firewall is a Nova firewall, and because Neutron handles the Firewall, you must tell Nova not to use one.

When Networking handles the firewall, the option firewall_driver should be set according to the specified plug-in. For example with OVS, edit the /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini file:

[securitygroup]
# Firewall driver for realizing neutron security group function.
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

If you do not want to use a firewall in Compute or Networking, set firewall_driver=nova.virt.firewall.NoopFirewallDriver in both config files, and comment out or remove security_group_api=neutron in the /etc/nova/nova.conf file, otherwise you may encounter ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) when issuing nova list commands.

Restart the Compute and Networking services:

# service nova-api restart
# service nova-scheduler restart
# service nova-conductor restart
# service neutron-server restart

Log a bug against this page

Legal notices