Install Networking services on a dedicated network node

Install and configure the Networking plug-ins

Note

	Note
Before you start, set up a machine as a dedicated network node. Dedicated network nodes have a `MGMT_INTERFACE` NIC, a `DATA_INTERFACE` NIC, and a `EXTERNAL_INTERFACE` NIC. The management network handles communication among nodes. The data network handles communication coming to and from VMs. The external NIC connects the network node, and optionally to the controller node, so your VMs can connect to the outside world. All NICs must have static IPs. However, the data and external NICs have a special set up. For details about Networking plug-ins, see the section called “Install and configure the Networking plug-ins”.

Before you start, set up a machine as a dedicated network node. Dedicated network nodes have a MGMT_INTERFACE NIC, a DATA_INTERFACE NIC, and a EXTERNAL_INTERFACE NIC.

The management network handles communication among nodes. The data network handles communication coming to and from VMs. The external NIC connects the network node, and optionally to the controller node, so your VMs can connect to the outside world.

All NICs must have static IPs. However, the data and external NICs have a special set up. For details about Networking plug-ins, see the section called “Install and configure the Networking plug-ins”.

Install the OpenStack Networking service on the network node:

# apt-get install neutron-server neutron-dhcp-agent neutron-plugin-openvswitch-agent neutron-l3-agent

Enable packet forwarding and disable packet destination filtering so that the network node can coordinate traffic for the VMs. Edit the /etc/sysctl.conf file, as follows:

net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

Use the sysctl command to ensure the changes made to the /etc/sysctl.conf file take effect:

# sysctl -p

	Note
It is recommended that the networking service is restarted after changing values related to the networking configuration. This ensures that all modified values take effect immediately: # service networking restart

Note

It is recommended that the networking service is restarted after changing values related to the networking configuration. This ensures that all modified values take effect immediately:

# service networking restart

To configure Neutron to use Keystone for authentication, edit the /etc/neutron/neutron.conf file.
1. Set the auth_strategy configuration key to keystone in the DEFAULT section of the file:
```
auth_strategy = keystone
```
2. Add these lines to the keystone_authtoken section of the file:
```
auth_host = controller
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
```
Configure the RabbitMQ access. Edit the /etc/neutron/neutron.conf file to modify the following parameters in the DEFAULT section.
```
rabbit_host = controller
rabbit_userid = guest
rabbit_password = RABBIT_PASS
```
Configure Networking to connect to the database. Edit the [database] section in the same file, as follows:
```
[database]
connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
```

Edit the /etc/neutron/api-paste.ini file and add these lines to the [filter:authtoken] section:

[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
auth_host = controller
auth_uri = http://controller:5000
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS

	Warning
	`keystoneclient.middleware.auth_token`: You must configure `auth_uri` to point to the public identity endpoint. Otherwise, clients might not be able to authenticate against an admin endpoint.

Install and configure a networking plug-in. OpenStack Networking uses this plug-in to perform software-defined networking. For instructions, see instructions. Then, return here.

Now that you've installed and configured a plug-in (you did do that, right?), it is time to configure the remaining parts of Networking.

To perform DHCP on the software-defined networks, Networking supports several different plug-ins. However, in general, you use the Dnsmasq plug-in. Edit the /etc/neutron/dhcp_agent.ini file:
```
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
```
To allow virtual machines to access the Compute metadata information, the Networking metadata agent must be enabled and configured. The agent will act as a proxy for the Compute metadata service.
On the controller, edit the /etc/nova/nova.conf file to define a secret key that will be shared between the Compute Service and the Networking metadata agent.
Add to the [DEFAULT] section:
```
[DEFAULT]
neutron_metadata_proxy_shared_secret = METADATA_PASS
service_neutron_metadata_proxy = true
```
Restart the nova-api service:
```
# service nova-api restart
```
On the network node, modify the metadata agent configuration.
Edit the /etc/neutron/metadata_agent.ini file and modify the [DEFAULT] section:
```
[DEFAULT]
auth_url = http://controller:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_PASS
```
Note
The value of auth_region is case-sensitive and must match the endpoint region defined in Keystone.

	Note
The value of `auth_region` is case-sensitive and must match the endpoint region defined in Keystone.

Restart Networking services.

# service neutron-server restart
# service neutron-dhcp-agent restart
# service neutron-l3-agent restart
# service neutron-metadata-agent restart

Also restart your chosen Networking plug-in agent, for example, Open vSwitch.

# service neutron-plugin-openvswitch-agent restart

After you configure the compute and controller nodes, configure the base networks.

Log a bug against this page

Legal notices