The neutron-server service exposes the Neutron API to users and passes all calls to the configured Neutron plugins for processing. By default, Neutron is configured to listen for API calls on all configured addresses, as seen by the default bind_hosts option in the Neutron configuration file:
bind_host = 0.0.0.0
As an additional security measure, it is possible to expose the API on the management or API network. To change the default value, update the bind_host value in the [DEFAULT] section of the Neutron configuration located at /etc/neutron/neutron.conf with the management address of the controller node. The deployment explained in this book will retain the default value.
Other configuration options that may require tweaking include the following:
- core_plugin
- service_plugins
- dhcp_lease_duration
- dns_domain
Some of these settings apply to all nodes, while others only apply to the network or controller node. The core_plugin configuration option instructs Neutron to use the specified networking plugin. Beginning with the Icehouse release, the ML2 plugin supersedes both the Linux bridge and Open vSwitch monolithic plugins.
On all nodes, update the core_plugin value in the [DEFAULT] section of the Neutron configuration file located at /etc/neutron/neutron.conf and specify the ML2 plugin:
[DEFAULT]
...
core_plugin = ml2
The service_plugins configuration option is used to define plugins that are loaded by Neutron for additional functionality. Examples of plugins include router, firewall, lbaas, vpnaas and metering. This option should only be configured on the controller node or any other node running the neutron-server service. Service plugins will be defined in later chapters.
The dhcp_lease_duration configuration option specifies the duration of an IP address lease by an instance. The default value is 86,400 seconds, or 24 hours. If the value is set too low, the network may be flooded with traffic due to short leases and frequent renewal attempts. The DHCP client on the instance itself is responsible for renewing the lease, and the frequency of this operation varies between operating systems. It is not uncommon for instances to attempt to renew their lease well before exceeding the lease duration. The value set for dhcp_lease_duration does not dictate how long an IP address stays associated with an instance, however. Once an IP address has been allocated to a port by Neutron, it remains associated with the port until the port or related instance is deleted.
The dns_domain configuration option specifies the DNS search domain that is provided to instances via DHCP when they obtain a lease. The default value is openstacklocal. This can be changed to whatever fits your organization. For the purpose of this installation, change the value from openstacklocal to learningneutron.com. On the controller node, update the dns_domain option in the Neutron configuration file located at /etc/neutron/neutron.conf to learningneutron.com:
[DEFAULT]
...
dns_domain = learningneutron.com
When instances obtain their address from the DHCP server, the domain is appended to the hostname, resulting in a fully-qualified domain name. Neutron does not support multiple domain names by default, instead relying on the project known as Designate to extend support for this functionality. More information on Designate can be found at the following URL: https://docs.openstack.org/designate/latest/.