Configuring Neutron on Controller Node
Neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.
The following are the reasons as to why we should use Neutron:
- It gives cloud tenants an API to build rich networking topologies, and configure advanced network policies in the cloud. Example: create multi-tier web application topology
- It enables innovation plugins (open and closed source) that introduce advanced network capabilities. Example: use L2-in-L3 tunneling to avoid VLAN limits, provide end-to-end QoS guarantees, use monitoring protocols like NetFlow.
- Lets anyone build advanced network services (open and closed source) that plug into Openstack tenant networks. Examples: LB-aaS, VPN-aaS, firewall-aaS, IDS-aaS (not implemented), data-center-interconnect-aaS.
- Horizon GUI support for:
- Neutron L2 and L3 network and subnet creation/deletion
- Booting VMs on specific Neutron networks.
- API Extensibility Framework, including extensions for:
- “provider network”, which maps Neutron L2 networks to a specific VLAN in the physical data center
“Let the beauty of what you love be what you do. “
–Rumi
Let us begin installing Neutron on controller node.
Step One: As usual, we have to add Neutron user to keystone just like the rest
[[email protected] ~(keystone)]# openstack user create --domain default --project service --password neutron123 neutron +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | default_project_id | d13375a7f48b4642abc74ad68d6ffe4b | | domain_id | default | | enabled | True | | id | a831dddd9179494b95de64881d3abf79 | | name | neutron | | options | | | password_expires_at | None | +---------------------+----------------------------------+
Step Two: Like we have done before, let us add Neutron to the admin role
[[email protected] ~(keystone)]# openstack role add --project service --user neutron admin
Step Three: Let us add neutron service entry. This is the same as what we have been doing for the other services so far.
[[email protected] ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking service | | enabled | True | | id | 14506b01a57049ff99eb51c4fb852ef5 | | name | neutron | | type | network | +-------------+----------------------------------+ [[email protected] ~(keystone)]# export controller=192.168.122.130
Step Four: Add public, private and admin endpoints for neutron
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network public http://$controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a4fe0901a7894fbd9c6e330be6e34a6d | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 14506b01a57049ff99eb51c4fb852ef5 | | service_name | neutron | | service_type | network | | url | http://192.168.122.130:9696 | +--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network internal http://$controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 84c6e17d4e274b92803f3ce22c68464c | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 14506b01a57049ff99eb51c4fb852ef5 | | service_name | neutron | | service_type | network | | url | http://192.168.122.130:9696 | +--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network admin http://$controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | f889e50e5346473e894e0147577f3cfb | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 14506b01a57049ff99eb51c4fb852ef5 | | service_name | neutron | | service_type | network | | url | http://192.168.122.130:9696 | +--------------+----------------------------------+
Step Five: As you might have guessed, we have to add neutron database and user to MariaDB
[[email protected] ~(keystone)]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 1231 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database neutron_ml2; MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'neutron123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'neutron123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit; Bye
Step Six: Installation of Neutron Server on controller
[[email protected] ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel -y install openstack-neutron openstack-neutron-ml2 Determining fastest mirrors base: mirror.ucu.ac.ug centos-qemu-ev: mirror.ucu.ac.ug extras: mirror.ucu.ac.ug updates: mirror.ucu.ac.ug base | 3.6 kB 00:00:00 centos-ceph-luminous | 2.9 kB 00:00:00 centos-openstack-queens | 2.9 kB 00:00:00 centos-qemu-ev | 2.9 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 updates/7/x86_64/primary_db | 2.5 MB 00:00:02 Resolving Dependencies --> Running transaction check ---> Package openstack-neutron.noarch 1:12.0.5-1.el7 will be installed
Step Seven: Back up neutron file and create a new one with the following configuration
[[email protected] ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak [[email protected] ~(keystone)]# vim /etc/neutron/neutron.conf #New File [DEFAULT] core_plugin = ml2 service_plugins = router auth_strategy = keystone state_path = /var/lib/neutron dhcp_agent_notification = True allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True # RabbitMQ connection info transport_url = rabbit://openstack:[email protected] # Keystone auth info [keystone_authtoken] www_authenticate_uri = http://192.168.122.130:5000 auth_url = http://192.168.122.130:5000 memcached_servers = 192.168.122.130:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron123 # MariaDB connection info [database] connection = mysql+pymysql://neutron:[email protected]/neutron_ml2 # Nova connection info [nova] auth_url = http://192.168.122.130:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = pepe123 [oslo_concurrency] lock_path = $state_path/tmp
Step Eight: Edit /etc/neutron/plugins/ml2/ml2_conf.ini and add the following on the specified lines.
[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini #line 22: uncomment and specify Nova API server nova_metadata_host = 192.168.122.130 #line 34: uncomment and specify any secret key you like. Remember this because we shall need it later metadata_proxy_shared_secret = pepe123 #line 260: uncomment and specify Memcache server memcache_servers = 192.168.122.130:11211
Step Nine: Do the same for the following files
[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,gre,vxlan tenant_network_types = mechanism_drivers = openvswitch,l2population extension_drivers = port_security
Step Ten: Edit nova config file and update as follows
[[email protected] ~(keystone)]# vim /etc/nova/nova.conf use_neutron = True linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver # add the following to the end : The Neutron auth info # the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini [neutron] auth_url = http://192.168.122.130:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron123 ##DO NOT FORGET THIS PASSWORD YOU SET IN NOVA SERVICE service_metadata_proxy = True metadata_proxy_shared_secret = pepe123 ##SAME AS WE USED IN THE /etc/neutron/plugins/ml2/ml2_conf.ini FILE
Step Eleven: Add relevant ports to firewall
[[email protected] ~(keystone)]# firewall-cmd --add-port=9696/tcp --permanent success [[email protected] ~(keystone)]# firewall-cmd --reload success
Step Twelve: Start Neutron Server
[[email protected] ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [[email protected] ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head" INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron … INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qo [[email protected] ~(keystone)]# systemctl start neutron-server neutron-metadata-agent [[email protected] ~(keystone)]# systemctl enable neutron-server neutron-metadata-agent [[email protected] ~(keystone)]# systemctl restart openstack-nova-api
There we go once again guys, Neutron should be okay now on the control node. In the next guide, we will be installing neutron on its on node.
Click on the below links to be directed to previous posts in this sequel.
Installation of Openstack three Node Cluster on CentOS 7 Part One
Installation of Three node OpenStack Queens Cluster – Part Two
Installation of Three node OpenStack Queens Cluster – Part Three
Installation of Three node OpenStack Queens Cluster – Part Four
Installation of Three node OpenStack Queens Cluster – Part Five
Part Seven of this same sequel is found in the below link.
Installation of Three node OpenStack Queens Cluster – Part Seven
