Configure compute node Prerequisites Before you configure Networking, you must enable certain kernel networking functions. Edit /etc/sysctl.conf to contain the following: net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 Implement the changes: # sysctl -p To install the Networking components: # apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \ openvswitch-datapath-dkms # yum install openstack-neutron-ml2 openstack-neutron-openvswitch # zypper install openstack-neutron-openvswitch-agent Ubuntu installations using Linux kernel version 3.11 or newer do not require the openvswitch-datapath-dkms package. SUSE does not use a separate ML2 plug-in package. To configure the Networking common components: The Networking common component configuration includes the authentication mechanism, messaging service, and plug-in. Respond to prompts for database management, Identity service credentials, service endpoint registration, and messaging service credentials. Configure Networking to use the Identity service for authentication: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ auth_strategy keystone # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_uri http://controller:5000 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_host controller # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_protocol http # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_port 35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_tenant_name service # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_user neutron # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_password NEUTRON_PASS Configure Networking to use the Identity service for authentication: Edit the /etc/neutron/neutron.conf file and add the following key to the [DEFAULT] section: [DEFAULT] ... auth_strategy = keystone Add the following keys to the [keystone_authtoken] section: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. [keystone_authtoken] ... auth_uri = http://controller:5000 auth_host = controller auth_protocol = http auth_port = 35357 admin_tenant_name = service admin_user = neutron admin_password = NEUTRON_PASS Configure Networking to use the messaging service: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_kombu # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_host controller # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_userid guest # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_password RABBIT_PASS Configure Networking to use the messaging service: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ qpid_hostname controller # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ qpid_port 5672 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ qpid_username guest # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ qpid_password guest Configure Networking to use the messaging service: Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. [DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = controller rabbit_password = RABBIT_PASS Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ core_plugin neutron.plugins.ml2.plugin.Ml2Plugin # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPlugin You must comment out any lines in the [service_providers] section. We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting. Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: [DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True You must comment out any lines in the [service_providers] section. We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting. To configure the Modular Layer 2 (ML2) plug-in: The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. Run the following commands: Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node. # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ type_drivers gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ tenant_network_types gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ mechanism_drivers openvswitch # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \ tunnel_id_ranges 1:1000 # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \ local_ip INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \ tunnel_type gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \ enable_tunneling True # openstack-config --set/etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ enable_security_group True Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file: Add the following keys to the [ml2] section: [ml2] ... type_drivers = gre tenant_network_types = gre mechanism_drivers = openvswitch Add the following keys to the [ml2_type_gre] section: [ml2_type_gre] ... tunnel_id_ranges = 1:1000 Add the [ovs] section and the following keys to it: Replace INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS with the IP address of the instance tunnels network interface on your compute node. [ovs] ... local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS tunnel_type = gre enable_tunneling = True Add the [securitygroup] section and the following keys to it: [securitygroup] ... firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver Add the following key to the [securitygroup] section: [securitygroup] ... enable_security_group = True To configure the Open vSwitch (OVS) service: The OVS service provides the underlying virtual networking framework for instances. The integration bridge br-int handles internal instance network traffic within OVS. Start the OVS service and configure it to start when the system boots: # service openvswitch start # chkconfig openvswitch on Start the OVS service and configure it to start when the system boots: # service openvswitch-switch start # chkconfig openvswitch-switch on Restart the OVS service: # service openvswitch-switch restart Restart the OVS service: # service openvswitch restart Add the integration bridge: # ovs-vsctl add-br br-int To configure Compute to use Networking: By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through OpenStack Networking. Run the following commands: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. # openstack-config --set /etc/nova/nova.conf DEFAULT \ network_api_class nova.network.neutronv2.api.API # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_url http://controller:9696 # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_auth_strategy keystone # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_tenant_name service # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_username neutron # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_password NEUTRON_PASS # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_auth_url http://controller:35357/v2.0 # openstack-config --set /etc/nova/nova.conf DEFAULT \ linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver # openstack-config --set /etc/nova/nova.conf DEFAULT \ firewall_driver nova.virt.firewall.NoopFirewallDriver # openstack-config --set /etc/nova/nova.conf DEFAULT \ security_group_api neutron By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver. Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. [DEFAULT] ... network_api_class = nova.network.neutronv2.api.API neutron_url = http://controller:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password = NEUTRON_PASS neutron_admin_auth_url = http://controller:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutron By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver. To finalize the installation: The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the configuration file associated with your chosen plug-in. Using ML2, for example, the symbolic link must point to /etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, create it using the following commands: # cd /etc/neutron # ln -s plugins/ml2/ml2_conf.ini plugin.ini The Networking service initialization scripts expect the variable NEUTRON_PLUGIN_CONF in the /etc/sysconfig/neutron file to reference the configuration file associated with your chosen plug-in. Using ML2, for example, edit the /etc/sysconfig/neutron file and add the following: NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" Restart the Compute service: # service openstack-nova-compute restart # service nova-compute restart Start the Open vSwitch (OVS) agent and configure it to start when the system boots: # service neutron-openvswitch-agent start # chkconfig neutron-openvswitch-agent on # service openstack-neutron-openvswitch-agent start # chkconfig openstack-neutron-openvswitch-agent on Restart the Open vSwitch (OVS) agent: # service neutron-plugin-openvswitch-agent restart