To configure prerequisites
Before you configure the OpenStack Networking (neutron) service,
you must create a database, service credentials, and API
endpoint.- To create the database, complete these steps:
- Use the database access client to connect to the database
server as the
rootuser:
$ mysql -u root -p
- Create the
neutrondatabase:
CREATE DATABASE neutron;
- Grant proper access to the
neutrondatabase:
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY '
ReplaceNEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';NEUTRON_DBPASSwith a suitable password. - Exit the database access client.
- Use the database access client to connect to the database
server as the
- Source the
admincredentials to gain access to admin-only CLI commands:
$ source admin-openrc.sh
- To create the service credentials, complete these steps:
- Create the
neutronuser:
$ openstack user create --password-prompt neutron User Password: Repeat User Password: +----------+----------------------------------+ | Field | Value | +----------+----------------------------------+ | email | None | | enabled | True | | id | ab67f043d9304017aaa73d692eeb4945 | | name | neutron | | username | neutron | +----------+----------------------------------+
- Add the
adminrole to theneutronuser:
$ openstack role add --project service --user neutron admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | cd2cb9a39e874ea69e5d4b896eb16128 | | name | admin | +-------+----------------------------------+
- Create the
neutronservice entity:
$ openstack service create --name neutron \ --description "OpenStack Networking" network
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | f71529314dab4a4d8eca427e701d209e | | name | neutron | | type | network | +-------------+----------------------------------+
- Create the
- Create the Networking service API endpoint:
$ openstack endpoint create \ --publicurl http://
controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 \ --region RegionOne \ network +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | adminurl | http://controller:9696 | | id | 04a7d3c1de784099aaba83a8a74100b3 | | internalurl | http://controller:9696 | | publicurl | http://controller:9696 | | region | RegionOne | | service_id | f71529314dab4a4d8eca427e701d209e | | service_name | neutron | | service_type | network | +--------------+----------------------------------+
To install the Networking components
# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which
To configure the Networking server component
The Networking server component configuration includes the database,
authentication mechanism, message queue, topology change notifications,
and plug-in.![[Note]](http://docs.openstack.org/kilo/install-guide/install/yum/common/images/admon/note.png) | Note |
|---|---|
| Default configuration files vary by distribution. You might need to add these sections and options rather than modifying existing sections and options. Also, an ellipsis (...) in the configuration snippets indicates potential default configuration options that you should retain. |
- Edit the
/etc/neutron/neutron.conffile and complete the following actions:
- In the
[database]section, configure database access:
Replace
123[database]...connection = mysql://neutron:NEUTRON_DBPASS@controller/neutronNEUTRON_DBPASSwith the password you chose for the database. - In the
[DEFAULT]and[oslo_messaging_rabbit]sections, configure RabbitMQ message queue access:
Replace 123456789[DEFAULT]...rpc_backend = rabbit[oslo_messaging_rabbit]...rabbit_host = controllerrabbit_userid = openstackrabbit_password = RABBIT_PASSRABBIT_PASSwith the password you chose for theopenstackaccount in RabbitMQ. - In the
[DEFAULT]and[keystone_authtoken]sections, configure Identity service access:
Replace 1234567891011121314[DEFAULT]...auth_strategy = keystone[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = neutronpassword = NEUTRON_PASSNEUTRON_PASSwith the password you chose for theneutronuser in the Identity service.
Note Comment out or remove any other options in the [keystone_authtoken]section. - In the
[DEFAULT]section, enable the Modular Layer 2 (ML2) plug-in, router service, and overlapping IP addresses:
12345[DEFAULT]...core_plugin = ml2service_plugins = routerallow_overlapping_ips = True - In the
[DEFAULT]and[nova]sections, configure Networking to notify Compute of network topology changes:
Replace 12345678910111213141516[DEFAULT]...notify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truenova_url = http://controller:8774/v2[nova]...auth_url = http://controller:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = NOVA_PASSNOVA_PASSwith the password you chose for thenovauser in the Identity service. - (Optional) To assist with troubleshooting,
enable verbose logging in the
[DEFAULT]section:
123[DEFAULT]...verbose = True
- In the
To configure the Modular Layer 2 (ML2) plug-in
The ML2 plug-in uses the
Open vSwitch (OVS)
mechanism (agent) to build the virtual networking framework for
instances. However, the controller node does not need the OVS
components because it does not handle instance network traffic.- Edit the
/etc/neutron/plugins/ml2/ml2_conf.inifile and complete the following actions:
- In the
[ml2]section, enable the flat, VLAN, generic routing encapsulation (GRE), and virtual extensible LAN (VXLAN) network type drivers, GRE tenant networks, and the OVS mechanism driver:
12345[ml2]...type_drivers = flat,vlan,gre,vxlantenant_network_types = gremechanism_drivers = openvswitch![[Warning]](http://docs.openstack.org/kilo/install-guide/install/yum/common/images/admon/warning.png)
Warning Once you configure the ML2 plug-in, changing values in the type_driversoption can lead to database inconsistency. - In the
[ml2_type_gre]section, configure the tunnel identifier (id) range:
123[ml2_type_gre]...tunnel_id_ranges = 1:1000 - In the
[securitygroup]section, enable security groups, enable ipset, and configure the OVS iptables firewall driver:
12345[securitygroup]...enable_security_group = Trueenable_ipset = Truefirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
- In the
To configure Compute to use Networking
By default, distribution packages configure Compute to use legacy
networking. You must reconfigure Compute to manage networks through
Networking.- Edit the
/etc/nova/nova.conffile on the controller node and complete the following actions:
- In the
[DEFAULT]section, configure the APIs and drivers:
123456[DEFAULT]...network_api_class = nova.network.neutronv2.api.APIsecurity_group_api = neutronlinuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriverfirewall_driver = nova.virt.firewall.NoopFirewallDriverNote By default, Compute uses an internal firewall service. Since Networking includes a firewall service, you must disable the Compute firewall service by using the nova.virt.firewall.NoopFirewallDriverfirewall driver. - In the
[neutron]section, configure access parameters:
Replace 12345678[neutron]...url = http://controller:9696auth_strategy = keystoneadmin_auth_url = http://controller:35357/v2.0admin_tenant_name = serviceadmin_username = neutronadmin_password = NEUTRON_PASSNEUTRON_PASSwith the password you chose for theneutronuser in the Identity service.
- In the
To finalize installation
- The Networking service initialization scripts expect a
symbolic link
/etc/neutron/plugin.inipointing to the ML2 plug-in configuration file,/etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, create it using the following command:
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- Populate the database:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Note Database population occurs later for Networking because the script requires complete server and plug-in configuration files. - Restart the Compute services:
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service
- Start the Networking service and configure it to start when the
system boots:
# systemctl enable neutron-server.service # systemctl start neutron-server.service
Verify operation
| Note |
|---|---|
| Perform these commands on the controller node. |
- Source the
admincredentials to gain access to admin-only CLI commands:
$ source admin-openrc.sh
- List loaded extensions to verify successful launch of the
neutron-serverprocess:
$ neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | dhcp_agent_scheduler | DHCP Agent Scheduler | | l3-ha | HA Router extension | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+
No comments:
Post a Comment