Prerequisites
Before you configure OpenStack Networking (neutron), you must create a database and Identity service credentials including a user and service.
Connect to the database as the root user, create the
neutron
database, and grant the proper access to it:Replace
NEUTRON_DBPASS
with a suitable password.$ mysql -u root -p mysql> CREATE DATABASE neutron; mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY '
NEUTRON_DBPASS
'; mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS
';Create Identity service credentials for Networking:
Create the
neutron
user:Replace
NEUTRON_PASS
with a suitable password and[email protected]
with a suitable e-mail address.$ keystone user-create --name neutron --pass
NEUTRON_PASS
--email[email protected]
Link the
neutron
user to theservice
tenant andadmin
role:$ keystone user-role-add --user neutron --tenant service --role admin
Create the
neutron
service:$ keystone service-create --name neutron --type network --description "OpenStack Networking"
Create the service endpoint:
$ keystone endpoint-create \ --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://
controller
:9696 \ --adminurl http://controller
:9696 \ --internalurl http://controller
:9696
To install the Networking components
# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient
To configure the Networking server component
The Networking server component configuration includes the database, authentication mechanism, message broker, topology change notifier, and plug-in.
Configure Networking to use the database:
Replace
NEUTRON_DBPASS
with a suitable password.# openstack-config --set /etc/neutron/neutron.conf database connection \ mysql://neutron:
NEUTRON_DBPASS
@controller
/neutronConfigure Networking to use the Identity service for authentication:
Replace
NEUTRON_PASS
with the password you chose for theneutron
user in the Identity service.# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ auth_strategy keystone # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_uri http://
controller
:5000 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_hostcontroller
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_protocol http # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_port 35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_tenant_name service # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_user neutron # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_passwordNEUTRON_PASS
Configure Networking to use the message broker:
# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ qpid_hostname
controller
Configure Networking to notify Compute about network topology changes:
# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ notify_nova_on_port_status_changes True # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ notify_nova_on_port_data_changes True # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_url http://
controller
:8774/v2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_username nova # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }') # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_passwordNOVA_PASS
# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_auth_url http://controller
:35357/v2.0Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:
# openstack-config --set /etc/neutron/neutron.conf DEFAULT \ core_plugin ml2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ service_plugins router
Note We recommend adding
verbose = True
to the[DEFAULT]
section in/etc/neutron/neutron.conf
to assist with troubleshooting.Comment out any lines in the
[service_providers]
section.
To configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. However, the controller node does not need the OVS agent or service because it does not handle instance network traffic.
Run the following commands:
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ type_drivers gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ tenant_network_types gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ mechanism_drivers openvswitch # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \ tunnel_id_ranges 1:1000 # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ enable_security_group True
To configure Compute to use Networking
By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.
Run the following commands:
Replace
NEUTRON_PASS
with the password you chose for theneutron
user in the Identity service.# openstack-config --set /etc/nova/nova.conf DEFAULT \ network_api_class nova.network.neutronv2.api.API # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_url http://
controller
:9696 # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_auth_strategy keystone # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_tenant_name service # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_username neutron # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_passwordNEUTRON_PASS
# openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_auth_url http://controller
:35357/v2.0 # openstack-config --set /etc/nova/nova.conf DEFAULT \ linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver # openstack-config --set /etc/nova/nova.conf DEFAULT \ firewall_driver nova.virt.firewall.NoopFirewallDriver # openstack-config --set /etc/nova/nova.conf DEFAULT \ security_group_api neutronNote By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the
nova.virt.firewall.NoopFirewallDriver
firewall driver.
To finalize installation
The Networking service initialization scripts expect a symbolic link
/etc/neutron/plugin.ini
pointing to the configuration file associated with your chosen plug-in. Using ML2, for example, the symbolic link must point to/etc/neutron/plugins/ml2/ml2_conf.ini
. If this symbolic link does not exist, create it using the following commands:# ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Restart the Compute services:
# service openstack-nova-api restart # service openstack-nova-scheduler restart # service openstack-nova-conductor restart
Start the Networking service and configure it to start when the system boots:
# service neutron-server start # chkconfig neutron-server on