To configure the Networking server component
The Networking server component configuration includes the database, authentication mechanism, message broker, topology change notifier, and plug-in.
Respond to prompts for database management, Identity service credentials, service endpoint registration, and message broker credentials.
Configure Networking to notify Compute about network topology changes:
Replace
SERVICE_TENANT_IDwith theservicetenant identifier (id) in the Identity service andNOVA_PASSwith the password you chose for thenovauser in the Identity service.Edit the
/etc/neutron/neutron.conffile and add the following keys to the[DEFAULT]section:[DEFAULT] ... notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://
controller:8774/v2 nova_admin_username = nova nova_admin_tenant_id =SERVICE_TENANT_IDnova_admin_password =NOVA_PASSnova_admin_auth_url = http://controller:35357/v2.0
![[Note]](../common/images/admon/note.png)
Note To obtain the
servicetenant identifier (id):$ source admin-openrc.sh $ keystone tenant-get service +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | f727b5ec2ceb4d71bad86dfc414449bf | | name | service | +-------------+----------------------------------+
Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:
Edit the
/etc/neutron/neutron.conffile and add the following keys to the[DEFAULT]section:[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
Note We recommend adding
verbose = Trueto the[DEFAULT]section in/etc/neutron/neutron.confto assist with troubleshooting.
Comment out any lines in the
[service_providers]section.
To configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. However, the controller node does not need the OVS agent or service because it does not handle instance network traffic.
Edit the
/etc/neutron/plugins/ml2/ml2_conf.inifile:Add the following keys to the
[ml2]section:[ml2] ... type_drivers = gre tenant_network_types = gre mechanism_drivers = openvswitch
Add the following key to the
[ml2_type_gre]section:[ml2_type_gre] ... tunnel_id_ranges = 1:1000
Add the
[securitygroup]section and the following keys to it:[securitygroup] ... firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True
To configure Compute to use Networking
By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.
Edit the
/etc/nova/nova.confand add the following keys to the[DEFAULT]section:Replace
NEUTRON_PASSwith the password you chose for theneutronuser in the Identity service.[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API neutron_url = http://
controller:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password =NEUTRON_PASSneutron_admin_auth_url = http://controller:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutronNote By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the
nova.virt.firewall.NoopFirewallDriverfirewall driver.
