Installation of Three node OpenStack Queens Cluster – Part Six

Posted on 166 views

Configuring Neutron on Controller Node

Neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.
The following are the reasons as to why we should use Neutron:

  • It gives cloud tenants an API to build rich networking topologies, and configure advanced network policies in the cloud. Example: create multi-tier web application topology
  • It enables innovation plugins (open and closed source) that introduce advanced network capabilities. Example: use L2-in-L3 tunneling to avoid VLAN limits, provide end-to-end QoS guarantees, use monitoring protocols like NetFlow.
  • Lets anyone build advanced network services (open and closed source) that plug into Openstack tenant networks. Examples: LB-aaS, VPN-aaS, firewall-aaS, IDS-aaS (not implemented), data-center-interconnect-aaS.
  • Horizon GUI support for:
  • Neutron L2 and L3 network and subnet creation/deletion
  • Booting VMs on specific Neutron networks.
  • API Extensibility Framework, including extensions for:
  • “provider network”, which maps Neutron L2 networks to a specific VLAN in the physical data center

“Let the beauty of what you love be what you do. “
–Rumi

Let us begin installing Neutron on controller node.
Step One: As usual, we have to add Neutron user to keystone just like the rest

[[email protected] ~(keystone)]# openstack user create --domain default --project service --password neutron123 neutron
 +---------------------+----------------------------------+
 | Field               | Value                            |
 +---------------------+----------------------------------+
 | default_project_id  | d13375a7f48b4642abc74ad68d6ffe4b |
 | domain_id           | default                          |
 | enabled             | True                             |
 | id                  | a831dddd9179494b95de64881d3abf79 |
 | name                | neutron                          |
 | options             |                                |
 | password_expires_at | None                             |
 +---------------------+----------------------------------+

Step Two: Like we have done before, let us add Neutron to the admin role

[[email protected] ~(keystone)]# openstack role add --project service --user neutron admin

Step Three: Let us add neutron service entry. This is the same as what we have been doing for the other services so far.

[[email protected] ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network 
 +-------------+----------------------------------+
 | Field       | Value                            |
 +-------------+----------------------------------+
 | description | OpenStack Networking service     |
 | enabled     | True                             |
 | id          | 14506b01a57049ff99eb51c4fb852ef5 |
 | name        | neutron                          |
 | type        | network                          |
 +-------------+----------------------------------+


[[email protected] ~(keystone)]# export controller=192.168.122.130

Step Four: Add public, private and admin endpoints for neutron

[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network public http://$controller:9696 
 +--------------+----------------------------------+
 | Field        | Value                            |
 +--------------+----------------------------------+
 | enabled      | True                             |
 | id           | a4fe0901a7894fbd9c6e330be6e34a6d |
 | interface    | public                           |
 | region       | RegionOne                        |
 | region_id    | RegionOne                        |
 | service_id   | 14506b01a57049ff99eb51c4fb852ef5 |
 | service_name | neutron                          |
 | service_type | network                          |
 | url          | http://192.168.122.130:9696        |
 +--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network internal http://$controller:9696
 +--------------+----------------------------------+
 | Field        | Value                            |
 +--------------+----------------------------------+
 | enabled      | True                             |
 | id           | 84c6e17d4e274b92803f3ce22c68464c |
 | interface    | internal                         |
 | region       | RegionOne                        |
 | region_id    | RegionOne                        |
 | service_id   | 14506b01a57049ff99eb51c4fb852ef5 |
 | service_name | neutron                          |
 | service_type | network                          |
 | url          | http://192.168.122.130:9696        |
 +--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network admin http://$controller:9696 
 +--------------+----------------------------------+
 | Field        | Value                            |
 +--------------+----------------------------------+
 | enabled      | True                             |
 | id           | f889e50e5346473e894e0147577f3cfb |
 | interface    | admin                            |
 | region       | RegionOne                        |
 | region_id    | RegionOne                        |
 | service_id   | 14506b01a57049ff99eb51c4fb852ef5 |
 | service_name | neutron                          |
 | service_type | network                          |
 | url          | http://192.168.122.130:9696        |
 +--------------+----------------------------------+

Step Five: As you might have guessed, we have to add neutron database and user to MariaDB

[[email protected] ~(keystone)]# mysql -u root -p
 Enter password: 
 Welcome to the MariaDB monitor.  Commands end with ; or \g.
 Your MariaDB connection id is 1231
 Server version: 10.1.20-MariaDB MariaDB Server
 Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 MariaDB [(none)]> create database neutron_ml2;
 MariaDB [(none)]> grant all privileges on neutron_ml2.* to [email protected]'localhost' identified by 'neutron123';
 Query OK, 0 rows affected (0.00 sec)
 MariaDB [(none)]> grant all privileges on neutron_ml2.* to [email protected]'%' identified by 'neutron123';
 Query OK, 0 rows affected (0.00 sec)
 MariaDB [(none)]> flush privileges; 
 Query OK, 0 rows affected (0.00 sec)
 MariaDB [(none)]> exit;
 Bye

Step Six: Installation of Neutron Server on controller

[[email protected] ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel -y install openstack-neutron openstack-neutron-ml2
Determining fastest mirrors
 base: mirror.ucu.ac.ug
 centos-qemu-ev: mirror.ucu.ac.ug
 extras: mirror.ucu.ac.ug
 updates: mirror.ucu.ac.ug
 base                                                                                      | 3.6 kB  00:00:00     
 centos-ceph-luminous                                                                      | 2.9 kB  00:00:00     
 centos-openstack-queens                                                                   | 2.9 kB  00:00:00     
 centos-qemu-ev                                                                            | 2.9 kB  00:00:00     
 extras                                                                                    | 3.4 kB  00:00:00     
 updates                                                                                   | 3.4 kB  00:00:00     
 updates/7/x86_64/primary_db                                                               | 2.5 MB  00:00:02     
 Resolving Dependencies
 --> Running transaction check
 ---> Package openstack-neutron.noarch 1:12.0.5-1.el7 will be installed                                                                         

Step Seven: Back up neutron file and create a new one with the following configuration

[[email protected] ~(keystone)]#  mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

[[email protected] ~(keystone)]# vim /etc/neutron/neutron.conf
#New File
 [DEFAULT]
 core_plugin = ml2
 service_plugins = router
 auth_strategy = keystone
 state_path = /var/lib/neutron
 dhcp_agent_notification = True
 allow_overlapping_ips = True
 notify_nova_on_port_status_changes = True
 notify_nova_on_port_data_changes = True
# RabbitMQ connection info
 transport_url = rabbit://openstack:[email protected]
# Keystone auth info
 [keystone_authtoken]
 www_authenticate_uri = http://192.168.122.130:5000
 auth_url = http://192.168.122.130:5000
 memcached_servers = 192.168.122.130:11211
 auth_type = password
 project_domain_name = default
 user_domain_name = default
 project_name = service
 username = neutron
 password = neutron123
# MariaDB connection info
 [database]
 connection = mysql+pymysql://neutron:[email protected]/neutron_ml2
# Nova connection info
 [nova]
 auth_url = http://192.168.122.130:5000
 auth_type = password
 project_domain_name = default
 user_domain_name = default
 region_name = RegionOne
 project_name = service
 username = nova
 password = pepe123
 [oslo_concurrency]
 lock_path = $state_path/tmp

Step Eight: Edit /etc/neutron/plugins/ml2/ml2_conf.ini and add the following on the specified lines.

[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
 #line 22: uncomment and specify Nova API server
 nova_metadata_host = 192.168.122.130
 #line 34: uncomment and specify any secret key you like. Remember this because we shall need it later
 metadata_proxy_shared_secret = pepe123
 #line 260: uncomment and specify Memcache server
 memcache_servers = 192.168.122.130:11211

Step Nine: Do the same for the following files

[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
  [ml2]
  type_drivers = flat,vlan,gre,vxlan
  tenant_network_types =
  mechanism_drivers = openvswitch,l2population
  extension_drivers = port_security

Step Ten: Edit nova config file and update as follows

[[email protected] ~(keystone)]# vim /etc/nova/nova.conf
 use_neutron = True
 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
 firewall_driver = nova.virt.firewall.NoopFirewallDriver
# add the following to the end : The Neutron auth info
# the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini
 [neutron]
 auth_url = http://192.168.122.130:5000
 auth_type = password
 project_domain_name = default
 user_domain_name = default
 region_name = RegionOne
 project_name = service
 username = neutron
 password = neutron123 ##DO NOT FORGET THIS PASSWORD YOU SET IN NOVA SERVICE 
 service_metadata_proxy = True
 metadata_proxy_shared_secret = pepe123 ##SAME AS WE USED IN THE /etc/neutron/plugins/ml2/ml2_conf.ini FILE

Step Eleven: Add relevant ports to firewall

[[email protected] ~(keystone)]# firewall-cmd --add-port=9696/tcp --permanent 
 success
 [[email protected] ~(keystone)]# firewall-cmd --reload 
 success

Step Twelve: Start Neutron Server

[[email protected] ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 [[email protected] ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"  
         
 INFO  [alembic.runtime.migration] Context impl MySQLImpl.
 INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
   Running upgrade for neutron …
 INFO  [alembic.runtime.migration] Context impl MySQLImpl.
 INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
 INFO  [alembic.runtime.migration] Running upgrade  -> kilo, kilo_initial
 INFO  [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
 INFO  [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
 INFO  [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes
 INFO  [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework
 INFO  [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac
 INFO  [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage
 INFO  [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash
 INFO  [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers
 INFO  [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool
 INFO  [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qo
 [[email protected] ~(keystone)]# systemctl start neutron-server neutron-metadata-agent
 [[email protected] ~(keystone)]# systemctl enable neutron-server neutron-metadata-agent 
 [[email protected] ~(keystone)]# systemctl restart openstack-nova-api

There we go once again guys, Neutron should be okay now on the control node. In the next guide, we will be installing neutron on its on node.

Click on the below links to be directed to previous posts in this sequel.

Installation of Openstack three Node Cluster on CentOS 7 Part One

Installation of Three node OpenStack Queens Cluster – Part Two

Installation of Three node OpenStack Queens Cluster – Part Three

Installation of Three node OpenStack Queens Cluster – Part Four

Installation of Three node OpenStack Queens Cluster – Part Five

Part Seven of this same sequel is found in the below link.

Installation of Three node OpenStack Queens Cluster – Part Seven

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.