Configure compute node

Prerequisites

Before you configure OpenStack Networking, you must enable certain kernel networking functions.

1. Edit /etc/sysctl.conf to contain the following:

   net.ipv4.conf.all.rp_filter=0
   net.ipv4.conf.default.rp_filter=0

2. Implement the changes:

   # sysctl -p

To install the Networking components

• # apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
    openvswitch-datapath-dkms

To configure the Networking common components

The Networking common component configuration includes the authentication mechanism, message broker, and plug-in.

1. Respond to prompts for database management, Identity service credentials, service endpoint registration, and message broker credentials.

2. Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:

   1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:

      [DEFAULT]
      ...
      core_plugin = ml2
      service_plugins = router
      allow_overlapping_ips = True

      	Note
      	We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting.

3. Comment out any lines in the [service_providers] section.

To configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances.

• Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:

  Add the following keys to the [ml2] section:

  [ml2]
  ...
  type_drivers = gre
  tenant_network_types = gre
  mechanism_drivers = openvswitch

  Add the following keys to the [ml2_type_gre] section:

  [ml2_type_gre]
  ...
  tunnel_id_ranges = 1:1000

  Add the [ovs] section and the following keys to it:

  Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node.

  [ovs]
  ...
  local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
  tunnel_type = gre
  enable_tunneling = True

  Add the [securitygroup] section and the following keys to it:

  [securitygroup]
  ...
  firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  enable_security_group = True

To configure the Open vSwitch (OVS) service

The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS.

1. Restart the OVS service:

   # service openvswitch restart

2. Add the integration bridge:

   # ovs-vsctl add-br br-int

To configure Compute to use Networking

By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.

• Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section:

  Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

  [DEFAULT]
  ...
  network_api_class = nova.network.neutronv2.api.API
  neutron_url = http://controller:9696
  neutron_auth_strategy = keystone
  neutron_admin_tenant_name = service
  neutron_admin_username = neutron
  neutron_admin_password = NEUTRON_PASS
  neutron_admin_auth_url = http://controller:35357/v2.0
  linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
  firewall_driver = nova.virt.firewall.NoopFirewallDriver
  security_group_api = neutron

  	Note
  	By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.

To finalize the installation

1. Restart the Compute service:

   # service nova-compute restart

2. Restart the Open vSwitch (OVS) agent:

   # service neutron-plugin-openvswitch-agent restart