Atom feed of this document
  
 

 Configure controller node

 

Prerequisites

Before you configure OpenStack Networking (neutron), you must create a database and Identity service credentials including a user and service.

  1. Connect to the database as the root user, create the neutron database, and grant the proper access to it:

    Replace NEUTRON_DBPASS with a suitable password.

    $ mysql -u root -p
    mysql> CREATE DATABASE neutron;
    mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
    IDENTIFIED BY 'NEUTRON_DBPASS';
    mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
    IDENTIFIED BY 'NEUTRON_DBPASS';
  2. Create Identity service credentials for Networking:

    1. Create the neutron user:

      Replace NEUTRON_PASS with a suitable password and [email protected] with a suitable e-mail address.

      $ keystone user-create --name neutron --pass NEUTRON_PASS --email [email protected]
    2. Link the neutron user to the service tenant and admin role:

      $ keystone user-role-add --user neutron --tenant service --role admin
    3. Create the neutron service:

      $ keystone service-create --name neutron --type network --description "OpenStack Networking"
    4. Create the service endpoint:

      $ keystone endpoint-create \
        --service-id $(keystone service-list | awk '/ network / {print $2}') \
        --publicurl http://controller:9696 \
        --adminurl http://controller:9696 \
        --internalurl http://controller:9696
 

To install the Networking components

  • # apt-get install neutron-server neutron-plugin-ml2
 

To configure the Networking server component

The Networking server component configuration includes the database, authentication mechanism, message broker, topology change notifier, and plug-in.

  1. Configure Networking to use the database:

    1. Edit the /etc/neutron/neutron.conf file and add the following key to the [database] section:

      Replace NEUTRON_DBPASS with the password you chose for the database.

      [database]
      ...
      connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
  2. Configure Networking to use the Identity service for authentication:

    1. Edit the /etc/neutron/neutron.conf file and add the following key to the [DEFAULT] section:

      [DEFAULT]
      ...
      auth_strategy = keystone

      Add the following keys to the [keystone_authtoken] section:

      Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

      [keystone_authtoken]
      ...
      auth_uri = http://controller:5000
      auth_host = controller
      auth_protocol = http
      auth_port = 35357
      admin_tenant_name = service
      admin_user = neutron
      admin_password = NEUTRON_PASS
  3. Configure Networking to use the message broker:

    1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:

      Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ.

      [DEFAULT]
      ...
      rpc_backend = neutron.openstack.common.rpc.impl_kombu
      rabbit_host = controller
      rabbit_password = RABBIT_PASS
  4. Configure Networking to notify Compute about network topology changes:

    Replace SERVICE_TENANT_ID with the service tenant identifier (id) in the Identity service and NOVA_PASS with the password you chose for the nova user in the Identity service.

    1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:

      [DEFAULT]
      ...
      notify_nova_on_port_status_changes = True
      notify_nova_on_port_data_changes = True
      nova_url = http://controller:8774/v2
      nova_admin_username = nova
      nova_admin_tenant_id = SERVICE_TENANT_ID
      nova_admin_password = NOVA_PASS
      nova_admin_auth_url = http://controller:35357/v2.0
    [Note]Note

    To obtain the service tenant identifier (id):

    $ source admin-openrc.sh
    $ keystone tenant-get service
    +-------------+----------------------------------+
    |   Property  |              Value               |
    +-------------+----------------------------------+
    | description |          Service Tenant          |
    |   enabled   |               True               |
    |      id     | f727b5ec2ceb4d71bad86dfc414449bf |
    |     name    |             service              |
    +-------------+----------------------------------+
  5. Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:

    1. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section:

      [DEFAULT]
      ...
      core_plugin = ml2
      service_plugins = router
      allow_overlapping_ips = True
      [Note]Note

      We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting.

  6. Comment out any lines in the [service_providers] section.

 

To configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. However, the controller node does not need the OVS agent or service because it does not handle instance network traffic.

  • Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:

    Add the following keys to the [ml2] section:

    [ml2]
    ...
    type_drivers = gre
    tenant_network_types = gre
    mechanism_drivers = openvswitch

    Add the following key to the [ml2_type_gre] section:

    [ml2_type_gre]
    ...
    tunnel_id_ranges = 1:1000

    Add the [securitygroup] section and the following keys to it:

    [securitygroup]
    ...
    firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
    enable_security_group = True
 

To configure Compute to use Networking

By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.

  • Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section:

    Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

    [DEFAULT]
    ...
    network_api_class = nova.network.neutronv2.api.API
    neutron_url = http://controller:9696
    neutron_auth_strategy = keystone
    neutron_admin_tenant_name = service
    neutron_admin_username = neutron
    neutron_admin_password = NEUTRON_PASS
    neutron_admin_auth_url = http://controller:35357/v2.0
    linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
    firewall_driver = nova.virt.firewall.NoopFirewallDriver
    security_group_api = neutron
    [Note]Note

    By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.

 

To finalize installation

  1. Restart the Compute services:

    # service nova-api restart
    # service nova-scheduler restart
    # service nova-conductor restart
  2. Restart the Networking service:

    # service neutron-server restart
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...