Atom feed of this document
  
 

 Configure compute node

 

Prerequisites

Before you configure OpenStack Networking, you must enable certain kernel networking functions.

  1. Edit /etc/sysctl.conf to contain the following:

    net.ipv4.conf.all.rp_filter=0
    net.ipv4.conf.default.rp_filter=0
  2. Implement the changes:

    # sysctl -p
 

To install the Networking components

  • # apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
      openvswitch-datapath-dkms
    [Note]Note

    Ubuntu installations using Linux kernel version 3.11 or newer do not require the openvswitch-datapath-dkms package.

 

To configure the Networking common components

The Networking common component configuration includes the authentication mechanism, message broker, and plug-in.

  1. Configure Networking to use the Identity service for authentication:

    1. Edit the /etc/neutron/neutron.conf file and add the following key to the [DEFAULT] section:

      [DEFAULT]
      ...
      auth_strategy = keystone

      Add the following keys to the [keystone_authtoken] section:

      Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

      [keystone_authtoken]
      ...
      auth_uri = http://controller:5000
      auth_host = controller
      auth_protocol = http
      auth_port = 35357
      admin_tenant_name = service
      admin_user = neutron
      admin_password = NEUTRON_PASS
  2. Configure Networking to use the message broker:

    1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:

      Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ.

      [DEFAULT]
      ...
      rpc_backend = neutron.openstack.common.rpc.impl_kombu
      rabbit_host = controller
      rabbit_password = RABBIT_PASS
  3. Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:

    1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:

      [DEFAULT]
      ...
      core_plugin = ml2
      service_plugins = router
      allow_overlapping_ips = True
      [Note]Note

      We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting.

  4. Comment out any lines in the [service_providers] section.

 

To configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances.

  • Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:

    Add the following keys to the [ml2] section:

    [ml2]
    ...
    type_drivers = gre
    tenant_network_types = gre
    mechanism_drivers = openvswitch

    Add the following keys to the [ml2_type_gre] section:

    [ml2_type_gre]
    ...
    tunnel_id_ranges = 1:1000

    Add the [ovs] section and the following keys to it:

    Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node.

    [ovs]
    ...
    local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
    tunnel_type = gre
    enable_tunneling = True

    Add the [securitygroup] section and the following keys to it:

    [securitygroup]
    ...
    firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
    enable_security_group = True
 

To configure the Open vSwitch (OVS) service

The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS.

  1. Restart the OVS service:

    # service openvswitch-switch restart
  2. Add the integration bridge:

    # ovs-vsctl add-br br-int
 

To configure Compute to use Networking

By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.

  • Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section:

    Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

    [DEFAULT]
    ...
    network_api_class = nova.network.neutronv2.api.API
    neutron_url = http://controller:9696
    neutron_auth_strategy = keystone
    neutron_admin_tenant_name = service
    neutron_admin_username = neutron
    neutron_admin_password = NEUTRON_PASS
    neutron_admin_auth_url = http://controller:35357/v2.0
    linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
    firewall_driver = nova.virt.firewall.NoopFirewallDriver
    security_group_api = neutron
    [Note]Note

    By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.

 

To finalize the installation

  1. Restart the Compute service:

    # service nova-compute restart
  2. Restart the Open vSwitch (OVS) agent:

    # service neutron-plugin-openvswitch-agent restart
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...