Configure compute node

Prerequisites

Before you configure OpenStack Networking, you must enable certain kernel networking functions.

Edit /etc/sysctl.conf to contain the following:

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

Implement the changes:
```
# sysctl -p
```

To install the Networking components

```
# apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
  openvswitch-datapath-dkms
```
Note
Ubuntu installations using Linux kernel version 3.11 or newer do not require the openvswitch-datapath-dkms package.

To configure the Networking common components

The Networking common component configuration includes the authentication mechanism, message broker, and plug-in.

Configure Networking to use the Identity service for authentication:
1. Edit the /etc/neutron/neutron.conf file and add the following key to the [DEFAULT] section:
```
[DEFAULT]
...
auth_strategy = keystone
```
  Add the following keys to the [keystone_authtoken] section:
  Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.
```
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_host = controller
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
```
Configure Networking to use the message broker:
1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:
  Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ.
```
[DEFAULT]
...
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_password = RABBIT_PASS
```
Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:
1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:
```
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
```
  Note
  We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting.
Comment out any lines in the [service_providers] section.

To configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances.

Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:
Add the following keys to the [ml2] section:
```
[ml2]
...
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
```
Add the following keys to the [ml2_type_gre] section:
```
[ml2_type_gre]
...
tunnel_id_ranges = 1:1000
```
Add the [ovs] section and the following keys to it:
Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node.
```
[ovs]
...
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
tunnel_type = gre
enable_tunneling = True
```
Add the [securitygroup] section and the following keys to it:
```
[securitygroup]
...
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
```

To configure the Open vSwitch (OVS) service

The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS.

Restart the OVS service:
```
# service openvswitch-switch restart
```
Add the integration bridge:
```
# ovs-vsctl add-br br-int
```

To configure Compute to use Networking

By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.

Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section:

Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://controller:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = NEUTRON_PASS
neutron_admin_auth_url = http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron

	Note
	By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the `nova.virt.firewall.NoopFirewallDriver` firewall driver.

To finalize the installation

Restart the Compute service:
```
# service nova-compute restart
```

Restart the Open vSwitch (OVS) agent:

# service neutron-plugin-openvswitch-agent restart

Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

Legal notices

	Note
	Ubuntu installations using Linux kernel version 3.11 or newer do not require the openvswitch-datapath-dkms package.

	Note
	We recommend adding `verbose = True` to the `[DEFAULT]` section in `/etc/neutron/neutron.conf` to assist with troubleshooting.