openstack-manuals/doc/install-guide/source/neutron-controller-node.rst
Andreas Jaeger 25d1b7d617 Remove DocBook XML files for Install Guide
Remove DocBook XML files and rename directory from install-guide-rst to
install-guide.

Adjust everything so that publishing works.
Update README to remove DocBook XML Install Guide specific instructions.

Implements: blueprint installguide-liberty
Change-Id: If723c44c3c0383dc8ab8e53798d82e7f0ee2cc57
2015-08-19 16:35:31 +02:00

16 KiB

Install and configure controller node

To configure prequisites

Before you configure the OpenStack Networking (neutron) service, you must create a database, service credentials, and API endpoint.

  1. To create the database, complete these steps:

    1. Use the database access client to connect to the database server as the root user:

      $ mysql -u root -p
    2. Create the neutron database:

      CREATE DATABASE neutron;
    3. Grant proper access to the neutron database, replacing NEUTRON_DBPASS with a suitable password:

      GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
        IDENTIFIED BY 'NEUTRON_DBPASS';
      GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
        IDENTIFIED BY 'NEUTRON_DBPASS';
    4. Exit the database access client.

  2. Source the admin credentials to gain access to admin-only CLI commands:

    $ source admin-openrc.sh
  3. To create the service credentials, complete these steps:

    1. Create the neutron user:

      $ openstack user create --password-prompt neutron
      User Password:
      Repeat User Password:
      +----------+----------------------------------+
      | Field    | Value                            |
      +----------+----------------------------------+
      | email    | None                             |
      | enabled  | True                             |
      | id       | ab67f043d9304017aaa73d692eeb4945 |
      | name     | neutron                          |
      | username | neutron                          |
      +----------+----------------------------------+
    2. Add the admin role to the neutron user:

      $ openstack role add --project service --user neutron admin
      +-------+----------------------------------+
      | Field | Value                            |
      +-------+----------------------------------+
      | id    | cd2cb9a39e874ea69e5d4b896eb16128 |
      | name  | admin                            |
      +-------+----------------------------------+
    3. Create the neutron service entity:

      $ openstack service create --name neutron \
        --description "OpenStack Networking" network
      
      +-------------+----------------------------------+
      | Field       | Value                            |
      +-------------+----------------------------------+
      | description | OpenStack Networking             |
      | enabled     | True                             |
      | id          | f71529314dab4a4d8eca427e701d209e |
      | name        | neutron                          |
      | type        | network                          |
      +-------------+----------------------------------+
  4. Create the Networking service API endpoint:

    $ openstack endpoint create \
      --publicurl http://controller:9696 \
      --adminurl http://controller:9696 \
      --internalurl http://controller:9696 \
      --region RegionOne \
      network
    +--------------+----------------------------------+
    | Field        | Value                            |
    +--------------+----------------------------------+
    | adminurl     | http://controller:9696           |
    | id           | 04a7d3c1de784099aaba83a8a74100b3 |
    | internalurl  | http://controller:9696           |
    | publicurl    | http://controller:9696           |
    | region       | RegionOne                        |
    | service_id   | f71529314dab4a4d8eca427e701d209e |
    | service_name | neutron                          |
    | service_type | network                          |
    +--------------+----------------------------------+

To install the Networking components

ubuntu

# apt-get install neutron-server neutron-plugin-ml2 python-neutronclient

rdo

# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which

obs

# zypper install openstack-neutron openstack-neutron-server

Note

SUSE does not use a separate ML2 plug-in package.

debian

To install and configure the Networking components

  1. # apt-get install neutron-server

    Note

    Debian does not use a separate ML2 plug-in package.

  2. Respond to prompts for database management, Identity service credentials, service endpoint registration, and message queue credentials.

  3. Select the ML2 plug-in:

    image

    Note

    Selecting the ML2 plug-in also populates the service_plugins and allow_overlapping_ips options in the /etc/neutron/neutron.conf file with the appropriate values.

ubuntu or rdo or obs

To configure the Networking server component

The Networking server component configuration includes the database, authentication mechanism, message queue, topology change notifications, and plug-in.

Note

Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain.

  1. Open the /etc/neutron/neutron.conf file and edit the [database] section to configure database access:

    [database]
    ...
    connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron
    
    Replace ``NEUTRON_DBPASS`` with the password you chose for the
    database.
  2. In the [DEFAULT] and [oslo_messaging_rabbit] sections, configure RabbitMQ message queue access:

    [DEFAULT]
    ...
    rpc_backend = rabbit
    
    [oslo_messaging_rabbit]
    ...
    rabbit_host = controller
    rabbit_userid = openstack
    rabbit_password = RABBIT_PASS
  3. Replace RABBIT_PASS` with the password you chose for theopenstack`` account in RabbitMQ.

  4. In the [DEFAULT] and [keystone_authtoken] sections, configure Identity service access:

    [DEFAULT]
    ...
    auth_strategy = keystone
    
    [keystone_authtoken]
    ...
    auth_uri = http://controller:5000
    auth_url = http://controller:35357
    auth_plugin = password
    project_domain_id = default
    user_domain_id = default
    project_name = service
    username = neutron
    password = NEUTRON_PASS
  5. Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

    Note

    Comment out or remove any other options in the [keystone_authtoken] section.

  6. In the [DEFAULT] section, enable the Modular Layer 2 (ML2) plug-in, router service, and overlapping IP addresses:

    [DEFAULT]
    ...
    core_plugin = ml2
    service_plugins = router
    allow_overlapping_ips = True
  7. In the [DEFAULT] and [nova] sections, configure Networking to notify Compute of network topology changes:

    [DEFAULT]
    ...
    notify_nova_on_port_status_changes = True
    notify_nova_on_port_data_changes = True
    nova_url = http://controller:8774/v2
    
    [nova]
    ...
    auth_url = http://controller:35357
    auth_plugin = password
    project_domain_id = default
    user_domain_id = default
    region_name = RegionOne
    project_name = service
    username = nova
    password = NOVA_PASS
  8. Replace NOVA_PASS with the password you chose for the nova user in the Identity service.

  9. (Optional) To assist with troubleshooting, enable verbose logging in the [DEFAULT] section:

    [DEFAULT]
    ...
    verbose = True

To configure the Modular Layer 2 (ML2) plug-in

The ML2 plug-in uses the Open vSwitch (OVS) mechanism (agent) to build the virtual networking framework for instances. However, the controller node does not need the OVS components because it does not handle instance network traffic.

  1. Open the /etc/neutron/plugins/ml2/ml2_conf.ini file and edit the [ml2] section, to enable the flat, VLAN, generic routing encapsulation (GRE), and virtual extensible LAN (VXLAN) network type drivers, GRE tenant networks, and the OVS mechanism driver:

    [ml2]
    ...
    type_drivers = flat,vlan,gre,vxlan
    tenant_network_types = gre
    mechanism_drivers = openvswitch

    Warning

    After you configure the ML2 plug-in, changing values in the type_drivers option can lead to database inconsistency.

  2. In the [ml2_type_gre] section, configure the tunnel identifier (id) range:

    [ml2_type_gre]
    ...
    tunnel_id_ranges = 1:1000
  3. In the [securitygroup] section, enable security groups, enable ipset, and configure the OVS iptables firewall driver:

    [securitygroup]
    ...
    enable_security_group = True
    enable_ipset = True
    firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

To configure Compute to use Networking

By default, distribution packages configure Compute to use legacy networking. You must reconfigure Compute to manage networks through Networking.

  1. Open the /etc/nova/nova.conf file on the controller node and edit the [DEFAULT] section to configure the APIs and drivers:

    [DEFAULT]
    ...
    network_api_class = nova.network.neutronv2.api.API
    security_group_api = neutron
    linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
    firewall_driver = nova.virt.firewall.NoopFirewallDriver

    Note

    By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriver firewall driver.

  2. In the [neutron] section, configure access parameters:

    [neutron]
    ...
    url = http://controller:9696
    auth_strategy = keystone
    admin_auth_url = http://controller:35357/v2.0
    admin_tenant_name = service
    admin_username = neutron
    admin_password = NEUTRON_PASS

    Replace NEUTRON_PASS with the password you chose for the neutron user in the Identity service.

To finalize installation

rdo

  1. The Networking service initialization scripts expect a symbolic link /etc/neutron/plugin.ini pointing to the ML2 plug-in configuration file, /etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, create it using the following command:

    # ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  2. Populate the database:

    # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade kilo" neutron

    Note

    Database population occurs later for Networking because the script requires complete server and plug-in configuration files.

  3. Restart the Compute services:

    # systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
      openstack-nova-conductor.service
  4. Start the Networking service and configure it to start when the system boots:

    # systemctl enable neutron-server.service
    # systemctl start neutron-server.service

obs

  1. The Networking service initialization scripts expect the variable NEUTRON_PLUGIN_CONF in the /etc/sysconfig/neutron file to reference the ML2 plug-in configuration file. Edit the /etc/sysconfig/neutron file and add the following:

    NEUTRON_PLUGIN_CONF="/etc/neutron/plugins/ml2/ml2_conf.ini"
  2. Restart the Compute services:

    # systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
      openstack-nova-conductor.service
  3. Start the Networking service and configure it to start when the system boots:

    # systemctl enable openstack-neutron.service
    # systemctl start openstack-neutron.service

ubuntu

  1. Populate the database:

    # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade kilo" neutron

    Note

    Database population occurs later for Networking because the script requires complete server and plug-in configuration files.

  2. Restart the nova-api service:

    # service nova-api restart
  3. Restart the Networking service:

    # service neutron-server restart

Verify operation

Perform the following commands on the controller node.

  1. Source the admin credentials to gain access to admin-only CLI commands:

    $ source admin-openrc.sh
  2. List loaded extensions to verify successful launch of the neutron-server process:

    $ neutron ext-list
    +-----------------------+-----------------------------------------------+
    | alias                 | name                                          |
    +-----------------------+-----------------------------------------------+
    | security-group        | security-group                                |
    | l3_agent_scheduler    | L3 Agent Scheduler                            |
    | ext-gw-mode           | Neutron L3 Configurable external gateway mode |
    | binding               | Port Binding                                  |
    | provider              | Provider Network                              |
    | agent                 | agent                                         |
    | quotas                | Quota management support                      |
    | dhcp_agent_scheduler  | DHCP Agent Scheduler                          |
    | l3-ha                 | HA Router extension                           |
    | multi-provider        | Multi Provider Network                        |
    | external-net          | Neutron external network                      |
    | router                | Neutron L3 Router                             |
    | allowed-address-pairs | Allowed Address Pairs                         |
    | extraroute            | Neutron Extra Route                           |
    | extra_dhcp_opt        | Neutron Extra DHCP opts                       |
    | dvr                   | Distributed Virtual Router                    |
    +-----------------------+-----------------------------------------------+