Configure compute nodePrerequisitesBefore you configure Networking, you must enable certain kernel
networking functions.Edit /etc/sysctl.conf to contain the
following:net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0Implement the changes:#sysctl -pTo install the Networking components:#apt-get install neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent \
openvswitch-datapath-dkms#yum install openstack-neutron-ml2 openstack-neutron-openvswitch#zypper install openstack-neutron-openvswitch-agentUbuntu installations using Linux kernel version 3.11 or newer
do not require the openvswitch-datapath-dkms
package.SUSE does not use a separate ML2 plug-in package.To configure the Networking common components:The Networking common component configuration includes the
authentication mechanism, messaging service, and plug-in.Respond to prompts for
database management,
Identity service
credentials,
service endpoint
registration, and
messaging service
credentials.Configure Networking to use the Identity service for
authentication:Replace NEUTRON_PASS with the
password you chose for the neutron user
in the Identity service.#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
auth_strategy keystone#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_uri http://controller:5000#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_host controller#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_protocol http#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
auth_port 35357#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_tenant_name service#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_user neutron#openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \
admin_password NEUTRON_PASSConfigure Networking to use the Identity service for
authentication:Edit the /etc/neutron/neutron.conf
file and add the following key to the
[DEFAULT] section:[DEFAULT]
...
auth_strategy = keystoneAdd the following keys to the
[keystone_authtoken] section:Replace NEUTRON_PASS with the
password you chose for the neutron user
in the Identity service.[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_host = controller
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASSConfigure Networking to use the messaging service:Replace RABBIT_PASS with the password
you chose for the guest account in
RabbitMQ.#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rpc_backend neutron.openstack.common.rpc.impl_kombu#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_host controller#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_userid guest#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rabbit_password RABBIT_PASSConfigure Networking to use the messaging service:#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
rpc_backend neutron.openstack.common.rpc.impl_qpid#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_hostname controller#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_port 5672#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_username guest#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
qpid_password guestConfigure Networking to use the messaging service:Edit the /etc/neutron/neutron.conf file
and add the following keys to the [DEFAULT]
section:Replace RABBIT_PASS with the
password you chose for the guest account in
RabbitMQ.[DEFAULT]
...
rpc_backend = neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_password = RABBIT_PASSConfigure Networking to use the Modular Layer 2 (ML2) plug-in
and associated services:#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
core_plugin neutron.plugins.ml2.plugin.Ml2Plugin#openstack-config --set /etc/neutron/neutron.conf DEFAULT \
service_plugins neutron.services.l3_router.l3_router_plugin.L3RouterPluginYou must comment out any lines in the
[service_providers] section.We recommend adding verbose = True to
the [DEFAULT] section in
/etc/neutron/neutron.conf to assist with
troubleshooting.Configure Networking to use the Modular Layer 2 (ML2) plug-in
and associated services:Edit the /etc/neutron/neutron.conf file
and add the following keys to the [DEFAULT]
section:[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = TrueYou must comment out any lines in the
[service_providers] section.We recommend adding verbose = True to
the [DEFAULT] section in
/etc/neutron/neutron.conf to assist with
troubleshooting.To configure the Modular Layer 2 (ML2) plug-in:The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to
build the virtual networking framework for instances.Run the following commands:Replace
INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
with the IP address of the instance tunnels network interface on
your compute node.#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
type_drivers gre#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
tenant_network_types gre#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \
mechanism_drivers openvswitch#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \
tunnel_id_ranges 1:1000#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
local_ip INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
tunnel_type gre#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs \
enable_tunneling True#openstack-config --set/etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver#openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \
enable_security_group TrueEdit the
/etc/neutron/plugins/ml2/ml2_conf.ini
file:Add the following keys to the [ml2]
section:[ml2]
...
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitchAdd the following keys to the
[ml2_type_gre] section:[ml2_type_gre]
...
tunnel_id_ranges = 1:1000Add the [ovs] section and the following
keys to it:Replace
INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
with the IP address of the instance tunnels network interface on
your compute node.[ovs]
...
local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
tunnel_type = gre
enable_tunneling = TrueAdd the [securitygroup] section and the
following keys to it:[securitygroup]
...
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriverAdd the following key to the
[securitygroup] section:[securitygroup]
...
enable_security_group = TrueTo configure the Open vSwitch (OVS) service:The OVS service provides the underlying virtual networking framework
for instances. The integration bridge br-int handles
internal instance network traffic within OVS.Start the OVS service and configure it to start when the system
boots:#service openvswitch start#chkconfig openvswitch onStart the OVS service and configure it to start when the system
boots:#service openvswitch-switch start#chkconfig openvswitch-switch onRestart the OVS service:#service openvswitch-switch restartRestart the OVS service:#service openvswitch restartAdd the integration bridge:#ovs-vsctl add-br br-intTo configure Compute to use Networking:By default, most distributions configure Compute to use legacy
networking. You must reconfigure Compute to manage networks through
OpenStack Networking.Run the following commands:Replace NEUTRON_PASS with the
password you chose for the neutron user
in the Identity service.#openstack-config --set /etc/nova/nova.conf DEFAULT \
network_api_class nova.network.neutronv2.api.API#openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_url http://controller:9696#openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_auth_strategy keystone#openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_tenant_name service#openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_username neutron#openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_password NEUTRON_PASS#openstack-config --set /etc/nova/nova.conf DEFAULT \
neutron_admin_auth_url http://controller:35357/v2.0#openstack-config --set /etc/nova/nova.conf DEFAULT \
linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver#openstack-config --set /etc/nova/nova.conf DEFAULT \
firewall_driver nova.virt.firewall.NoopFirewallDriver#openstack-config --set /etc/nova/nova.conf DEFAULT \
security_group_api neutronBy default, Compute uses an internal firewall service. Since
Networking includes a firewall service, you must disable the
Compute firewall service by using the
nova.virt.firewall.NoopFirewallDriver firewall
driver.Edit the /etc/nova/nova.conf and add the
following keys to the [DEFAULT] section:Replace NEUTRON_PASS with the
password you chose for the neutron user
in the Identity service.[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
neutron_url = http://controller:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = NEUTRON_PASS
neutron_admin_auth_url = http://controller:35357/v2.0
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
security_group_api = neutronBy default, Compute uses an internal firewall service. Since
Networking includes a firewall service, you must disable the
Compute firewall service by using the
nova.virt.firewall.NoopFirewallDriver firewall
driver.To finalize the installation:The Networking service initialization scripts expect a symbolic
link /etc/neutron/plugin.ini pointing to the
configuration file associated with your chosen plug-in. Using
ML2, for example, the symbolic link must point to
/etc/neutron/plugins/ml2/ml2_conf.ini.
If this symbolic link does not exist, create it using the
following commands:#cd /etc/neutron#ln -s plugins/ml2/ml2_conf.ini plugin.iniThe Networking service initialization scripts expect the variable
NEUTRON_PLUGIN_CONF in the
/etc/sysconfig/neutron file to reference the
configuration file associated with your chosen plug-in. Using
ML2, for example, edit the
/etc/sysconfig/neutron file and add the
following:NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"Restart the Compute service:#service openstack-nova-compute restart#service nova-compute restartStart the Open vSwitch (OVS) agent and configure it to start when
the system boots:#service neutron-openvswitch-agent start#chkconfig neutron-openvswitch-agent on#service openstack-neutron-openvswitch-agent start#chkconfig openstack-neutron-openvswitch-agent onRestart the Open vSwitch (OVS) agent:#service neutron-plugin-openvswitch-agent restart