The Neutron service provides an API for our services to access and define our software-defined networking. In our environment, we install the Neutron service on our controller node alongside our other API services such as Glance and Keystone.
Ensure you have a suitable server available for installation of the OpenStack network components. If you are using the accompanying Vagrant environment, this will be the controller node that we will be using.
Ensure you are logged in to the controller node. If you created this node with Vagrant, you can execute the following command:
vagrant ssh controller
Tip
Neutron requires access to a database and message queue. Check that the pre requisites have been installed by following the instructions at http://bit.ly/OpenStackCookbookPreReqs.
To configure our OpenStack Controller node for Neutron, carry out the following steps:
- First update the packages installed on the node:
sudo apt-get update sudo apt-get upgrade
- We are now ready to install the Neutron service and the ML2 plugin using the following commands:
sudo apt-get install neutron-server neutron-plugin-ml2 ntp
- Next we will edit the Neutron configuration files. As we are just providing the Neutron API service, we first need to configure the service in the
/etc/neutron/neutron.conffile. Edit this file to insert the following contents that match the configuration found on our network node:[DEFAULT] verbose = True debug = True state_path = /var/lib/neutron lock_path = $state_path/lock log_dir = /var/log/neutron use_syslog = True syslog_log_facility = LOG_LOCAL0 bind_host = 0.0.0.0 bind_port = 9696 # Plugin core_plugin = ml2 service_plugins = router allow_overlapping_ips = True # auth auth_strategy = keystone # RPC configuration options. Defined in rpc __init__ # The messaging module to use, defaults to kombu. rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = 172.16.0.200 rabbit_password = guest rabbit_port = 5672 rabbit_userid = guest rabbit_virtual_host = / rabbit_ha_queues = false # ===== Notification System Options ========== notification_driver = neutron.openstack.common.notifier.rpc_notifier # ======== neutron nova interactions ========== notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://172.16.0.200:8774/v2 nova_region_name = RegionOne nova_admin_username = nova nova_admin_tenant_name = service nova_admin_password = nova nova_admin_auth_url = https://192.168.100.200:35357/v2.0 nova_ca_certificates_file = /etc/ssl/certs/ca.pem [agent] root_helper = sudo [keystone_authtoken] auth_uri = https://192.168.100.200:35357/v2.0/ identity_uri = https://192.168.100.200:5000 admin_tenant_name = service admin_user = neutron admin_password = neutron insecure = True [database] connection = mysql://neutron:[email protected]/neutron
- We then need to edit the
/etc/neutron/plugins/ml2/ml2_conf.inifile to have the following content that matches the network node's configuration for consistency (except thelocal_ipoption):[ml2] type_drivers = gre,vxlan tenant_network_types = vxlan mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [ml2_type_vxlan] vxlan_group = vni_ranges = 1:1000 [vxlan] enable_vxlan = True vxlan_group = local_ip = [agent] tunnel_types = vxlan vxlan_udp_port = 4789 [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True
- After these files have been configured correctly, we run the following command to ensure our Neutron database is at the correct level for the version of OpenStack we are using:
sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno
- At this stage, we configure Nova to use Neutron. Nova component installation is covered in the next chapter, but it is shown here for your convenience. After the Nova components have been installed, configure the
/etc/nova/nova.conffile to tell the OpenStack Compute components to utilize Neutron. Add the following lines under [Default] in our/etc/nova/nova.conffile:# Network settings network_api_class=nova.network.neutronv2.api.API neutron_url=http://172.16.0.200:9696/ neutron_auth_strategy=keystone neutron_admin_tenant_name=service neutron_admin_username=neutron neutron_admin_password=neutron neutron_admin_auth_url=https://192.168.100.200:35357/v2.0 neutron_ca_certificates_file=/etc/ssl/certs/ca.pem libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver service_neutron_metadata_proxy=true neutron_metadata_proxy_shared_secret=foo
- Using the following command, restart our Neutron services running on this node to pick up the changes:
sudo service neutron-server restart - When Nova has been installed, restart the Nova services running on this node to pick up the changes in the
/etc/nova/nova.conffile:ls /etc/init/nova-* | cut -d '/' -f4 | cut -d '.' -f1 | while read S; do sudo stop $S; sudo start $S; done
Configuring our Neutron API service on the controller node is very straightforward with the right information at hand. We install a couple of required packages.
Use the following commands to install the Neutron package:
neutron-server neutron-plugin-ml2
Once the Neutron package is installed, we configure the /etc/neutron/neutron.conf file that matches our network node config, with only one new section: the neutron nova interaction section. Here, we ensure correct settings to allow nova to interoperate with Neutron. We also configure the ML2 plugin file that also matches our network node, but we can omit the OVS section because it is surplus on our controller node.
We then run a command to ensure that our Neutron database has the correct rows and columns for use with the OpenStack Juno release.
Finally, we configure /etc/nova/nova.conf, which is the most important configuration file for our OpenStack Compute services:
network_api_class=nova.network.neutronv2.api.API: This tells our OpenStack Compute service to use Neutron Networking.neutron_url=http://172.16.0.200:9696/: This is address of our Neutron Server API (running on ourcontrollernode).neutron_auth_strategy=keystone: This tells Neutron to utilize the OpenStack Identity and Authentication service, Keystone.neutron_admin_tenant_name=service: This is the name of the service tenant in Keystone.neutron_admin_username=neutron: This is the username that Neutron uses for authentication in Keystone.neutron_admin_password=neutron: This is the password that Neutron uses to authenticate with in Keystone.neutron_admin_auth_url=https://172.16.0.200:35357/v2.0: This is the address of our Keystone service.neutron_ca_certificates_file = /etc/ssl/certs/ca.pem: This references the Certificate Authority file that we generated in Chapter 1, Keystone – OpenStack Identity Service, to allow our SSL calls to Keystone to work correctly without setting an insecure flag.libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver: This tells Libvirt to use the OVS Bridge driver.linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver: This is the driver used to create Ethernet devices on our Linux hosts.firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver: This is the driver that is used to manage the firewalls.service_neutron_metadata_proxy=true: This allows us to utilize the metadata proxy service that passes requests from Neutron to the Nova API service.foo: This is the random key we set in order to utilize the proxy service. It must match on all nodes running this service to ensure a level of security when passing proxy requests.neutron_metadata_proxy_shared_secret=foo
- Chapter 4, Nova – OpenStack Compute