Configure controller node

Configure controller node Prerequisites Before you configure OpenStack Networking (neutron), you must create a database and Identity service credentials including a user and service. Connect to the database as the root user, create the neutron database, and grant the proper access to it: Replace NEUTRON_DBPASS with a suitable password. $ mysql -u root -p mysql> CREATE DATABASE neutron; mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS'; Create Identity service credentials for Networking: Create the neutron user: Replace NEUTRON_PASS with a suitable password and neutron@example.com with a suitable e-mail address. $ keystone user-create --name neutron --pass NEUTRON_PASS --email neutron@example.com Link the neutron user to the service tenant and admin role: $ keystone user-role-add --user neutron --tenant service --role admin Create the neutron service: $ keystone service-create --name neutron --type network --description "OpenStack Networking" Create the service endpoint: $ keystone endpoint-create \ --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 To install the Networking components # apt-get install neutron-server neutron-plugin-ml2 # yum install openstack-neutron openstack-neutron-ml2 python-neutronclient # zypper install openstack-neutron openstack-neutron-server SUSE does not use a separate ML2 plug-in package. To configure the Networking server component The Networking server component configuration includes the database, authentication mechanism, message broker, topology change notifier, and plug-in. Respond to prompts for database management, Identity service credentials, service endpoint registration, and message broker credentials. Configure Networking to use the database: Replace NEUTRON_DBPASS with a suitable password. # openstack-config --set /etc/neutron/neutron.conf database connection \ mysql://neutron:NEUTRON_DBPASS@controller/neutron Configure Networking to use the database: Edit the /etc/neutron/neutron.conf file and add the following key to the [database] section: Replace NEUTRON_DBPASS with the password you chose for the database. [database] ... connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron Configure Networking to use the Identity service for authentication: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ auth_strategy keystone # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_uri http://controller:5000 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_host controller # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_protocol http # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ auth_port 35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_tenant_name service # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_user neutron # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \ admin_password NEUTRON_PASS Configure Networking to use the Identity service for authentication: Edit the /etc/neutron/neutron.conf file and add the following key to the [DEFAULT] section: [DEFAULT] ... auth_strategy = keystone Add the following keys to the [keystone_authtoken] section: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. [keystone_authtoken] ... auth_uri = http://controller:5000 auth_host = controller auth_protocol = http auth_port = 35357 admin_tenant_name = service admin_user = neutron admin_password = NEUTRON_PASS Configure Networking to use the message broker: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_kombu # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_host controller # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_userid guest # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rabbit_password RABBIT_PASS Configure Networking to use the message broker: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ rpc_backend neutron.openstack.common.rpc.impl_qpid # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ qpid_hostname controller Configure Networking to use the message broker: Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: Replace RABBIT_PASS with the password you chose for the guest account in RabbitMQ. [DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = controller rabbit_password = RABBIT_PASS Configure Networking to notify Compute about network topology changes: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ notify_nova_on_port_status_changes True # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ notify_nova_on_port_data_changes True # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_url http://controller:8774/v2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_username nova # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }') # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_password NOVA_PASS # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ nova_admin_auth_url http://controller:35357/v2.0 Configure Networking to notify Compute about network topology changes: Replace SERVICE_TENANT_ID with the service tenant identifier (id) in the Identity service and NOVA_PASS with the password you chose for the nova user in the Identity service. Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: [DEFAULT] ... notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 nova_admin_username = nova nova_admin_tenant_id = SERVICE_TENANT_ID nova_admin_password = NOVA_PASS nova_admin_auth_url = http://controller:35357/v2.0 To obtain the service tenant identifier (id): $ source admin-openrc.sh $ keystone tenant-get service +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | f727b5ec2ceb4d71bad86dfc414449bf | | name | service | +-------------+----------------------------------+ Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ core_plugin ml2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT \ service_plugins router We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting. Configure Networking to use the Modular Layer 2 (ML2) plug-in and associated services: Edit the /etc/neutron/neutron.conf file and add the following keys to the [DEFAULT] section: [DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True We recommend adding verbose = True to the [DEFAULT] section in /etc/neutron/neutron.conf to assist with troubleshooting. Comment out any lines in the [service_providers] section. To configure the Modular Layer 2 (ML2) plug-in The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. However, the controller node does not need the OVS agent or service because it does not handle instance network traffic. Run the following commands: # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ type_drivers gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ tenant_network_types gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \ mechanism_drivers openvswitch # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \ tunnel_id_ranges 1:1000 # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \ enable_security_group True Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file: Add the following keys to the [ml2] section: [ml2] ... type_drivers = gre tenant_network_types = gre mechanism_drivers = openvswitch Add the following key to the [ml2_type_gre] section: [ml2_type_gre] ... tunnel_id_ranges = 1:1000 Add the [securitygroup] section and the following keys to it: [securitygroup] ... firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True To configure Compute to use Networking By default, most distributions configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking. Run the following commands: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. # openstack-config --set /etc/nova/nova.conf DEFAULT \ network_api_class nova.network.neutronv2.api.API # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_url http://controller:9696 # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_auth_strategy keystone # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_tenant_name service # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_username neutron # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_password NEUTRON_PASS # openstack-config --set /etc/nova/nova.conf DEFAULT \ neutron_admin_auth_url http://controller:35357/v2.0 # openstack-config --set /etc/nova/nova.conf DEFAULT \ linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver # openstack-config --set /etc/nova/nova.conf DEFAULT \ firewall_driver nova.virt.firewall.NoopFirewallDriver # openstack-config --set /etc/nova/nova.conf DEFAULT \ security_group_api neutron By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver. Edit the /etc/nova/nova.conf and add the following keys to the [DEFAULT] section: Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service. [DEFAULT] ... network_api_class = nova.network.neutronv2.api.API neutron_url = http://controller:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password = NEUTRON_PASS neutron_admin_auth_url = http://controller:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutron By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver. To finalize installation The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the configuration file associated with your chosen plug-in. Using ML2, for example, the symbolic link must point to /etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, create it using the following commands: # ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini The Networking service initialization scripts expect the variable NEUTRON_PLUGIN_CONF in file /etc/sysconfig/neutron to reference the configuration file associated with your chosen plug-in. Using ML2, for example, edit the /etc/sysconfig/neutron file and add the following: NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini" Restart the Compute services: # service openstack-nova-api restart # service openstack-nova-scheduler restart # service openstack-nova-conductor restart # service nova-api restart # service nova-scheduler restart # service nova-conductor restart Start the Networking service and configure it to start when the system boots: # service neutron-server start # chkconfig neutron-server on # service openstack-neutron start # chkconfig openstack-neutron on Restart the Networking service: # service neutron-server restart