Installing, Configuring, and Verifying Neutron

Creating the Neutron Database

Perform the following operations on controller nodes.

1. Connect to the MySQL database as the root user.

   1	mysql -u root -p

2. Create a Neutron database.

   1	CREATE DATABASE neutron;

3. Grant a permission for the database, and <PASSWORD> indicates the password for accessing the database.

   1 2 3 4

   GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY '<PASSWORD>'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY '<PASSWORD>';

   

   <PASSWORD> indicates the password for accessing the Neutron database.

4. Exit the database.

   1

   exit

Creating Service Credentials

Perform the following operations on controller nodes.

1. Log in to the OpenStack CLI as the admin user.

   1	source /etc/keystone/admin-openrc

2. Create the neutron user.

   1	openstack user create --domain default --password-prompt neutron

3. Add the admin role to the neutron user.

   1	openstack role add --project service --user neutron admin

4. Create the neutron service entity.

   1	openstack service create --name neutron --description "OpenStack Networking" network

5. Create API endpoints of the network servers.

   1 2 3

   openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696

Installing and Configuring Neutron (Provider-LinuxBridge-Controller Node)

Perform the following operations on Provider-LinuxBridge-controller nodes.

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

2. Edit the /etc/neutron/neutron.conf file.
   1. Configure database access.

      1 2	[database] connection = mysql+pymysql://neutron:<PASSWORD>@controller/neutron

   2. Modify the content in the [DEFAULT] section.

      1 2 3 4 5 6 7

      [DEFAULT] core_plugin = ml2 service_plugins = transport_url = rabbit://openstack:<PASSWORD>@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true

      

      Leave service_plugins blank and set <PASSWORD> to the password of the OpenStack rabbit user.

   3. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10

      [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

   4. Configure parameters in the [nova] section.
      

      By default, the configuration file does not contain the [nova] section. You need to add it.

      1 2 3 4 5 6 7 8 9

      [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = <PASSWORD>

   5. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

3. Edit the ML2 plugin /etc/neutron/plugins/ml2/ml2_conf.ini.
   1. Enable the flat and VLAN networks.

      You need to add [ml2], [ml2_type_flat], and [securitygroup].

      1 2 3 4 5

      [ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security

      

      Leave tenant_network_types unspecified.

   2. Set the flat network type to provider.

      1 2	[ml2_type_flat] flat_networks = provider

   3. Configure the VLAN as a flat network.

      1 2	[ml2_type_vlan] network_vlan_ranges = provider

   4. Enable ipset to improve security.

      1 2	[securitygroup] enable_ipset = true

4. Configure the Linux bridge agent and edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file.
   1. Map the provider virtual network to the physical network.

      1 2	[linux_bridge] physical_interface_mappings = provider:enp3s0

      

      In this example, the provider network uses the enp3s0 network port. Set the network port as required. The physical network adapter is configured for the service network, not for the management network. For details, see Networking.

   2. Disable the VXLAN network.

      1 2	[vxlan] enable_vxlan = false

   3. Enable the security group, configure the iptables firewall driver for the Linux bridge, save the configuration, and exit.

      1 2 3

      [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

   4. Check that the Linux operating system kernel supports bridge filters.

      Add the following to the /etc/sysctl.conf file, save the file, and exit:

      1 2	net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1

      

   5. Add the network bridge filter.

      1 2 3

      modprobe br_netfilter sysctl -p sed -i '$amodprobe br_netfilter' /etc/rc.local

5. Configure the DHCP agent.

   Add the following to the /etc/neutron/dhcp_agent.ini file, save the file, and exit:

   1 2 3 4

   [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true

6. Configure the metadata agent.

   1	vim /etc/neutron/metadata_agent.ini

   Configure the metadata host and shared key.

   1 2 3

   [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = <PASSWORD>

7. Configure the Computer service to use the Networking service.

   1	vim /etc/nova/nova.conf

   Set access parameters, enable the metadata agent, and set the password.

   1 2 3 4 5 6 7 8 9 10 11 12 13

   [neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = <PASSWORD> service_metadata_proxy = true metadata_proxy_shared_secret = <PASSWORD>

   

   Before performing this operation, ensure that Nova has been installed.

8. Perform network initialization.

   1	ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

9. Populate the databases.

   1	su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

10. Enable the network service and configure it to start as the system boots.

    1 2 3

    systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service

Installing and Configuring Neutron (Provider-LinuxBridge-Compute Node)

Perform the following operations on Provider-LinuxBridge-compute nodes.

1. Install components.

   1	yum -y install openstack-neutron-linuxbridge ebtables ipset

2. Edit the /etc/neutron/neutron.conf file to configure public components.
   1. In the [database] section, comment out all connection options (commented out by default), because the compute node does not directly access the database.
   2. Configure RabbitMQ message queue access.

      1 2	[DEFAULT] transport_url = rabbit://openstack:<PASSWORD>@controller

   3. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10 11 12

      [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

   4. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

3. Add the following to the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file to configure the Linux bridge agent:
   1. Map the provider virtual network to the provider physical network port.

      1 2	[linux_bridge] physical_interface_mappings = provider:enp3s0

      

      In this example, the provider network uses the enp3s0 network port. Set the network port as required. The physical network adapter is configured for the service network, not for the management network. For details, see Networking.

   2. Disable the VXLAN network.

      1 2	[vxlan] enable_vxlan = false

   3. Enable the security group and configure the iptables firewall driver for the Linux bridge.

      1 2 3

      [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4. Check that the Linux operating system kernel supports bridge filters.

   Add the following to the /etc/sysctl.conf file:

   1 2	net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1

   :

5. Add the network bridge filter.

   1 2 3

   modprobe br_netfilter sysctl -p sed -i '$amodprobe br_netfilter' /etc/rc.local

6. Enable the Linux bridge agent and configure it to start as the system boots.

   1 2	systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service

Installing and Configuring Neutron (Provider-OVS-Controller Node)

Perform the following operations on Provider-OVS-controller nodes.

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables

2. Modify the /etc/sysctl.conf file.
   1. Add the following to the file:

      1 2 3

      net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

   2. Make the configuration take effect.

      1

      sysctl -p

3. Edit the /etc/neutron/neutron.conf file.
   1. Configure database access.

      1 2	[database] connection = mysql+pymysql://neutron:<PASSWORD>@controller/neutron

   2. Enable the ML2 plugin and disable other plugins.

      1 2 3 4 5 6 7

      [DEFAULT] core_plugin = ml2 service_plugins = transport_url = rabbit://openstack:<PASSWORD>@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true

   3. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10

      [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

   4. Configure Nova parameters.

      The file does not contain the [nova] section. You need to add it.

      1 2 3 4 5 6 7 8 9

      [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = <PASSWORD>

   5. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

4. Edit the ML2 plugin /etc/neutron/plugins/ml2/ml2_conf.ini.
   1. Enable the flat and VLAN networks.

      Add [ml2], [ml2_type_flat], [ml2_type_vlan], and [securitygroup].

      1 2 3 4 5 6 7 8 9 10 11

      [ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = openvswitch extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vlan] network_vlan_ranges = provider [securitygroup] enable_ipset = true

5. Configure the DHCP agent.

   Edit the /etc/neutron/dhcp_agent.ini file.

   1 2 3 4 5

   [DEFAULT] dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true interface_driver = openvswitch force_metadata = true

6. Configure the metadata agent.

   Edit the /etc/neutron/metadata_agent.ini file.

   Configure the metadata host and shared key.

   1 2 3

   [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = <PASSWORD>

   

   <PASSWORD> indicates the password for accessing the Neutron database.

7. Perform network initialization.

   1	ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

8. Populate the databases.

   1 2	su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

9. Enable the network service and configure it to start as the system boots.

   1 2 3 4 5 6

   systemctl enable neutron-server.service \ neutron-openvswitch-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-openvswitch-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service

Installing and Configuring Neutron (Provider-OVS-Compute Node)

Perform the following operations on Provider-OVS-compute nodes.

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables ipset

2. Modify the /etc/sysctl.conf file.
   1. Add the following to the file:

      1 2 3

      net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

   2. Make the configuration take effect.

      1

      sysctl -p

3. Edit the /etc/neutron/neutron.conf file to configure public components.
   1. Configure RabbitMQ message queue access.

      1 2	[DEFAULT] transport_url = rabbit://openstack:<PASSWORD>@controller

      

      <PASSWORD> indicates the password set by the RabbitMQ service for the openstack user.

   2. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10 11 12

      [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

      

      <PASSWORD> indicates the password for accessing the Neutron database.

   3. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

4. In the /etc/neutron/plugins/ml2/openvswitch_agent.ini file, add [linux_openvswitch], [vxlan], [ovs], and [securitygroup] to configure the OpenStack agent.

   1 2 3 4 5 6 7 8 9

   [linux_openvswitch] physical_interface_mappings = provider:enp3s0 [vxlan] enable_vxlan = false [ovs] bridge_mappings = provider:br-provider [securitygroup] enable_security_group=true firewall_driver = iptables_hybrid

5. Edit the /etc/neutron/dhcp_agent.ini file to configure the DHCP agent.

   1 2 3 4

   [DEFAULT] interface_driver = openvswitch enable_isolated_metadata = true force_metadata = true

6. In the /etc/neutron/metadata_agent.ini file, configure the metadata agent.

   1 2 3

   [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = <PASSWORD>

   

   <PASSWORD> indicates the password for accessing the Neutron database.

7. Enable the OVS agent and configure it to start as the system boots.

   1 2 3 4

   systemctl enable neutron-openvswitch-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-openvswitch-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service

8. Create an OVS provider.

   1 2	ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider enp3s0

Installing and Configuring Neutron (Self service-LinuxBridge-Controller Node)

Perform the following operations on the Self service-LinuxBridge-controller nodes:

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 ebtables

2. Edit the /etc/neutron/neutron.conf file.
   1. Configure database access.

      1 2	[database] connection = mysql+pymysql://neutron:<PASSWORD>@controller/neutron

      

      <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

   2. Modify the content in the [DEFAULT] section.

      1 2 3 4 5 6 7 8

      [DEFAULT] core_plugin = ml2 service_plugins = router transport_url = rabbit://openstack:<PASSWORD>@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true allow_overlapping_ips = true

      

      <PASSWORD> indicates the password of the openstack user for installing the message queue.

   3. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10

      [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

      

      <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

   4. Configure parameters in the [nova] section.

      1 2 3 4 5 6 7 8 9

      [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = <PASSWORD>

      

      • By default, the configuration file does not contain this section. You need to add it.
      • <PASSWORD> indicates the password of the nova user for creating the Nova database.
   5. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

3. Edit the ML2 plugin /etc/neutron/plugins/ml2/ml2_conf.ini.

   Enable the Flat, VLAN, and VXLAN networks.

   Add [ml2], [ml2_type_flat], [ml2_type_vlan], and [securitygroup].

   1 2 3 4 5 6 7 8 9 10 11 12 13

   [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vlan] network_vlan_ranges = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true

4. Configure the Computer service to use the Networking service.

   1	vim /etc/nova/nova.conf

   Set access parameters, enable the metadata agent, and set the password.

   1 2 3 4 5 6 7 8 9 10 11 12 13

   [neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = <PASSWORD> service_metadata_proxy = true metadata_proxy_shared_secret = <PASSWORD>

   

   • Before performing this operation, ensure that Nova has been installed.
   • <PASSWORD> indicates the password of the neutron user for creating the Neutron database.
5. Check that the Linux OS kernel supports bridge filters.

   Add the following to the /etc/sysctl.conf file:

   1 2	net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1

   

6. Add the network bridge filter.

   1 2 3

   modprobe br_netfilter sysctl -p sed -i '$amodprobe br_netfilter' /etc/rc.local

7. Perform network initialization.

   1	ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

8. Populate the databases.

   1 2	su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

9. Enable the network service and configure it to start as the system boots.

   1 2	systemctl enable neutron-server.service systemctl start neutron-server.service

Installing and Configuring Neutron (Self service-LinuxBridge-Compute Node)

Perform the following operations on the Self service-LinuxBridge-compute nodes.

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables

2. Edit the /etc/neutron/neutron.conf file to configure public components.
   1. Configure RabbitMQ message queue access.

      1 2	[DEFAULT] transport_url = rabbit://openstack:<PASSWORD>@controller

      

      <PASSWORD> indicates the password set by the RabbitMQ service for the openstack user.

   2. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10 11 12

      [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

      

      <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

   3. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

3. Configure the DHCP agent.
   Edit the /etc/neutron/dhcp_agent.ini file.

   1 2 3 4

   [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true

4. Configure the metadata agent.

   Edit the /etc/neutron/metadata_agent.ini file. Configure the metadata host and shared key.

   1 2 3

   [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = <PASSWORD>

   

   <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

5. Configure the L3 agent.
   Edit the /etc/neutron/l3_agent.ini file.

   1 2	[DEFAULT] interface_driver = linuxbridge

6. Configure the Linux bridge agent and edit the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file.
   1. Map the provider virtual network to the physical network.

      1 2	[linux_bridge] physical_interface_mappings = provider:enp3s0

      

      In this example, the provider network uses the enp3s0 network port. Set the network port as required. The physical network adapter is configured for the service network, not for the management network. For details, see the cluster environment.

   2. Enable VXLAN to cover the network.

      1 2 3 4

      [vxlan] enable_vxlan = true local_ip = 192.168.100.121 l2_population = true

      

      local_ip indicates the management IP address of the current network node.

   3. Enable the security group, configure the iptables firewall driver for the Linux bridge, save the configuration, and exit.

      1 2 3

      [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

7. Check that the Linux OS kernel supports bridge filters.

   Add the following to the /etc/sysctl.conf file:

   1 2	net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1

   

8. Add the network bridge filter.

   1 2 3

   modprobe br_netfilter sysctl -p sed -i '$amodprobe br_netfilter' /etc/rc.local

9. Enable the network service and configure it to start as the system boots.

   1 2 3 4

   systemctl enable neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service neutron-l3-agent.service

Installing and Configuring Neutron (Self service-OVS-Controller Node)

Perform the following operations on Self service-OVS-controller nodes:

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 ebtables

2. Edit the /etc/neutron/neutron.conf file.
   1. Configure database access.

      1 2	[database] connection = mysql+pymysql://neutron:<PASSWORD>@controller/neutron

      

      <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

   2. Enable the ML2 plugin and disable other plugins.

      1 2 3 4 5 6 7 8

      [DEFAULT] core_plugin = ml2 service_plugins = router transport_url = rabbit://openstack:<PASSWORD>@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true allow_overlapping_ips = true

      

      <PASSWORD> indicates the password of the openstack user for installing the message queue.

   3. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10

      [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

      

      <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

   4. Configure parameters in the [nova] section.

      1 2 3 4 5 6 7 8 9

      [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = <PASSWORD>

      

      • By default, the configuration file does not contain this section. You need to add it.
      • <PASSWORD> indicates the password of the nova user for creating the Nova database.
   5. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

3. Edit the ML2 plugin /etc/neutron/plugins/ml2/ml2_conf.ini.
   1. Enable the Flat, VLAN, and VXLAN networks.

      Add [ml2], [ml2_type_flat], [ml2_type_vlan] [ml2_type_vxlan], and [securitygroup].

      1 2 3 4 5 6 7 8 9 10 11 12 13

      [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = openvswitch,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vlan] network_vlan_ranges = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true

4. Configure the Computer service to use the Networking service.

   1	vim /etc/nova/nova.conf

   Set access parameters, enable the metadata agent, and set the password.

   1 2 3 4 5 6 7 8 9 10 11 12 13

   [neutron] # ... url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = <PASSWORD> service_metadata_proxy = true metadata_proxy_shared_secret = <PASSWORD>

   

   • Before performing this operation, ensure that Nova has been installed.
   • <PASSWORD> indicates the password of the neutron user for creating the Neutron database.
5. Modify the /etc/sysctl.conf file.
   1. Add the following to the file:

      1 2 3

      net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

   2. Make the configuration take effect.

      1

      sysctl -p

6. Perform network initialization.

   1	ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

7. Populate the databases.

   1 2	su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

8. Enable the network service and configure it to start as the system boots.

   1 2	systemctl enable neutron-server.service systemctl start neutron-server.service

Installing and Configuring Neutron (Self service-OVS-Compute Node)

1. Install components.

   1	yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables

2. Edit the /etc/neutron/neutron.conf file to configure public components.
   1. Configure RabbitMQ message queue access.

      1 2	[DEFAULT] transport_url = rabbit://openstack:<PASSWORD>@controller

      

      <PASSWORD> indicates the password set by the RabbitMQ service for the openstack user.

   2. Configure Identity service access.

      1 2 3 4 5 6 7 8 9 10 11 12

      [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = <PASSWORD>

      

      <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

   3. Configure the lock path.

      1 2	[oslo_concurrency] lock_path = /var/lib/neutron/tmp

3. Configure the DHCP agent.
   Edit the /etc/neutron/dhcp_agent.ini file.

   1 2 3 4 5

   [DEFAULT] dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true interface_driver = openvswitch force_metadata = true

4. Configure the metadata agent.

   Edit the /etc/neutron/metadata_agent.ini file. Configure the metadata host and shared key.

   1 2 3

   [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = <PASSWORD>

   

   <PASSWORD> indicates the password of the neutron user for creating the Neutron database.

5. Configure the L3 agent.
   Edit the /etc/neutron/l3_agent.ini file.

   1 2	[DEFAULT] interface_driver = openvswitch

6. In the /etc/neutron/plugins/ml2/openvswitch_agent.ini file, add [linux_openvswitch], [vxlan], [ovs], and [securitygroup] to configure the OpenStack agent.

   1 2 3 4 5 6 7 8 9 10 11

   [linux_openvswitch] physical_interface_mappings = provider:enp3s0 [agent] tunnel_types = vxlan l2_population = true [ovs] bridge_mappings = provider:br-provider local_ip = 192.168.100.121 [securitygroup] enable_security_group = true firewall_driver = iptables_hybrid

   

   In this example, the provider network uses the enp3s0 network port. Set the network port as required. The physical network adapter is configured for the service network, not for the management network. For details, see the cluster environment.

7. Modify the /etc/sysctl.conf file.
   1. Add the following to the file:

      1 2 3

      net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0

   2. Make the configuration take effect.

      1

      sysctl -p

8. Enable the network service and configure it to start as the system boots.

   1 2 3 4

   systemctl enable neutron-openvswitch-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service neutron-l3-agent.service systemctl start neutron-openvswitch-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service neutron-l3-agent.service

9. Create an OVS provider.

   1 2	ovs-vsctl add-br br-provider ovs-vsctl add-port br-provider enp3s0

Verifying Neutron

1

openstack network agent list