Atom feed of this document
  
 

 Configure compute node

 

Prerequisites

Before you configure OpenStack Networking, you must enable certain kernel networking functions.

  1. Edit /etc/sysctl.conf to contain the following:

    net.ipv4.conf.all.rp_filter=0
    net.ipv4.conf.default.rp_filter=0
  2. Implement the changes:

    # sysctl -p
 

To install the Networking components

  • # zypper install openstack-neutron-openvswitch-agent
    [Note]Note

    SUSE does not use a separate ML2 plug-in package.

 

To configure the Networking common components

The Networking common component configuration includes the authentication mechanism, message broker, and plug-in.

  1. Configure Networking to use the Identity service for authentication:

    Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      auth_strategy keystone
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      auth_uri http://controller:5000
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      auth_host controller
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      auth_protocol http
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      auth_port 35357
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      admin_tenant_name service
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      admin_user neutron
    # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
      admin_password NEUTRON_PASS
  2. Configure Networking to use the message broker:

    Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ.

    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      rpc_backend neutron.openstack.common.rpc.impl_kombu
    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      rabbit_host controller
    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      rabbit_userid guest
    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      rabbit_password RABBIT_PASS
  3. Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services:

    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      core_plugin ml2
    # openstack-config --set /etc/neutron/neutron.conf DEFAULT \
      service_plugins router
    [Note]Note

    We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting.

  4. Comment out any lines in the [service_providers] section.

 

To configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances.

  • Run the following commands:

    Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node. This guide uses 10.0.1.31 for the IP address of the instance tunnels network interface on the first compute node.

    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
      type_drivers gre
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
      tenant_network_types gre
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
      mechanism_drivers openvswitch
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
      tunnel_id_ranges 1:1000
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
      local_ip INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
      tunnel_type gre
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
      enable_tunneling True
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
      firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
    # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
      enable_security_group True
 

To configure the Open vSwitch (OVS) service

The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS.

  1. Start the OVS service and configure it to start when the system boots:

    # service openvswitch-switch start
    # chkconfig openvswitch-switch on
  2. Add the integration bridge:

    # ovs-vsctl add-br br-int
 

To configure Compute to use Networking

By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.

  • Run the following commands:

    Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      network_api_class nova.network.neutronv2.api.API
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      neutron_url http://controller:9696
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      neutron_auth_strategy keystone
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      neutron_admin_tenant_name service
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      neutron_admin_username neutron
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      neutron_admin_password NEUTRON_PASS
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      neutron_admin_auth_url http://controller:35357/v2.0
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      firewall_driver nova.virt.firewall.NoopFirewallDriver
    # openstack-config --set /etc/nova/nova.conf DEFAULT \
      security_group_api neutron
    [Note]Note

    By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.

 

To finalize the installation

  1. The Networking service initialization scripts expect the variable NEUTRON_PLUGIN_CONF in the /etc/sysconfig/neutron file to reference the configuration file associated with your chosen plug-in. Using ML2, for example, edit the /etc/sysconfig/neutron file and add the following:

    NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
  2. Restart the Compute service:

    # service openstack-nova-compute restart
  3. Start the Open vSwitch (OVS) agent and configure it to start when the system boots:

    # service openstack-neutron-openvswitch-agent start
    # chkconfig openstack-neutron-openvswitch-agent on
Questions? Discuss on ask.openstack.org
Found an error? Report a bug against this page

loading table of contents...