Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Installing and Configuring Neutron (Self Service-LinuxBridge)

There are many OpenStack network modes. The provider mode or self-service mode can be used. The deployment mode can be LinuxBridge or OVS. In actual deployment, you only need to select one mode from provider+LinuxBridge, provider+OVS, self-service+LinuxBridge and self-service+OVS.

Controller Node

Perform the following operations on the controller node of the self service-LinuxBridge network type.

  1. Install components.
    1
    		 
    yum -y install openstack-neutron openstack-neutron-ml2 ebtables
  2. Edit the /etc/neutron/neutron.conf file.
    1. Open the file.
      vi /etc/neutron/neutron.conf
    2. Press i to enter the insert mode and perform the following configurations.
      1. Configure database access. 
        1
2
        		 
        [database] 
connection = mysql+pymysql://neutron:PASSWORD@controller/neutron

        Replace PASSWORD with the password of the neutron user described in Creating the Neutron Database.

      2. Modify the content under [DEFAULT]. 
        1
2
3
4
5
6
7
8
        		 
        [DEFAULT] 
core_plugin = ml2 
service_plugins = router
transport_url = rabbit://openstack:PASSWORD@controller 
auth_strategy = keystone 
notify_nova_on_port_status_changes = true 
notify_nova_on_port_data_changes = true 
allow_overlapping_ips = true

        Replace PASSWORD with the password of the openstack user described in Installing RabbitMQ.

      3. Configure Identity service access. 
         1
 2
 3
 4
 5
 6
 7
 8
 9
10
        		 
        [keystone_authtoken] 
www_authenticate_uri = http://controller:5000 
auth_url = http://controller:5000 
memcached_servers = controller:11211 
auth_type = password 
project_domain_name = default 
user_domain_name = default 
project_name = service 
username = neutron 
password = PASSWORD

        Replace PASSWORD with the password of the neutron user described in Creating the Neutron Database.

      4. Configure parameters in the [nova] section. 
        1
2
3
4
5
6
7
8
9
        		 
        [nova] 
auth_url = http://controller:5000 
auth_type = password 
project_domain_name = default 
user_domain_name = default 
region_name = RegionOne 
project_name = service 
username = nova 
password = PASSWORD
        • By default, the configuration file does not contain this section. You need to add it.
        • Replace PASSWORD with the password of the nova user described in Creating the Nova Database.
      5. Configure the lock path. 
        1
2
        		 
        [oslo_concurrency] 
lock_path = /var/lib/neutron/tmp
    3. Press Esc, type :wq!, and press Enter to save the file and exit.
  3. Edit the ML2 plugin /etc/neutron/plugins/ml2/ml2_conf.ini.
    1. Open the file.
      vi /etc/neutron/plugins/ml2/ml2_conf.ini
    2. Press i to enter the insert mode and add the following content to create [ml2], [ml2_type_flat], [ml2_type_vlan], and [securitygroup] and enable the flat, VLAN and VXLAN networks: 
       1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
      		 
      [ml2] 
type_drivers = flat,vlan,vxlan 
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population 
extension_drivers = port_security 
[ml2_type_flat] 
flat_networks = provider-arm,provider-x86 
[ml2_type_vlan] 
network_vlan_ranges = provider-arm,provider-x86 
[ml2_type_vxlan] 
vni_ranges = 1:1000 
[securitygroup] 
enable_ipset = true
    3. Press Esc, type :wq!, and press Enter to save the file and exit.
  4. Check that the Linux OS kernel supports bridge filters.
    1. Open the /etc/sysctl.conf file.
      vi /etc/sysctl.conf
    2. Press i to enter the insert mode and add the following content: 
      1
2
      		 
      net.bridge.bridge-nf-call-iptables = 1 
net.bridge.bridge-nf-call-ip6tables = 1

    3. Press Esc, type :wq!, and press Enter to save the file and exit.
  5. Add the network bridge filter.
    1
2
3
    		 
    modprobe br_netfilter
sysctl -p
sed -i '$amodprobe br_netfilter' /etc/rc.local
  6. Initialize the network.
    1
    		 
    ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  7. Populate the database.
    1
2
    		 
    su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  8. Enable the network service and configure it to start as the system boots.
    1
2
    		 
    systemctl enable neutron-server.service
systemctl start neutron-server.service

Network Nodes

Perform the following operations on the network nodes (x86-compute and arm-compute) of the self service-LinuxBridge network type.

  1. Install components.
    1
    		 
    yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
  2. Configure common components.
    1. Open the /etc/neutron/neutron.conf file.
      vi /etc/neutron/neutron.conf
    2. Press i to enter the insert mode and perform the following configurations.
      1. Use RabbitMQ as the connection information of the message queue. 
        1
2
        		 
        [DEFAULT] 
transport_url = rabbit://openstack:PASSWORD@controller

        Replace PASSWORD with the password of the openstack user described in Installing RabbitMQ.

      2. Configure Identity service access. 
         1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
        		 
        [DEFAULT] 
auth_strategy = keystone 
[keystone_authtoken] 
www_authenticate_uri = http://controller:5000 
auth_url = http://controller:5000 
memcached_servers = controller:11211 
auth_type = password 
project_domain_name = default 
user_domain_name = default 
project_name = service 
username = neutron 
password = PASSWORD

        Replace PASSWORD with the password of the neutron user described in Creating the Neutron Database.

      3. Configure the lock path. 
        1
2
        		 
        [oslo_concurrency] 
lock_path = /var/lib/neutron/tmp
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  3. Configure the DHCP agent.
    1. Open the /etc/neutron/dhcp_agent.ini file.
      vi /etc/neutron/dhcp_agent.ini
    2. Press i to enter the insert mode and perform the following configurations.
      • For the x86 network nodes, which are az-x86 nodes, add the following configuration: 
        1
2
3
4
5
6
        		 
        [DEFAULT]
interface_driver = linuxbridge 
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 
enable_isolated_metadata = true 
[AGENT] 
availability_zone = az-x86
      • For the Arm network nodes, which are az-arm nodes, add the following configuration: 
        1
2
3
4
5
6
        		 
        [DEFAULT]
interface_driver = linuxbridge 
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq 
enable_isolated_metadata = true 
[AGENT] 
availability_zone = az-arm
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  4. Configure the metadata agent.
    1. Open the /etc/neutron/metadata_agent.ini file.
      vi /etc/neutron/metadata_agent.ini
    2. Press i to enter the insert mode, and configure the metadata host and shared key: 
      1
2
3
      		 
      [DEFAULT] 
nova_metadata_host = controller 
metadata_proxy_shared_secret = PASSWORD

      Replace PASSWORD with the password of the user neutron described in section Creating the Neutron Database.

    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  5. Configure the L3 agent.
    1. Open the /etc/neutron/l3_agent.ini file.
      vi /etc/neutron/l3_agent.ini
    2. Press i to enter the insert mode and perform the following configurations.
      • For the x86 network nodes, which are az-x86 nodes, add the following configuration, save it, and exit: 
        1
2
3
4
        		 
        [DEFAULT]
interface_driver = linuxbridge
[AGENT] 
availability_zone = az-x86
      • For the Arm network nodes, which are az-arm nodes, add the following configuration, save it, and exit: 
        1
2
3
4
        		 
        [DEFAULT]
interface_driver = linuxbridge
[AGENT] 
availability_zone = az-arm
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  6. Configure the Linux bridge agent.
    1. Open the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file.
      vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
    2. Press i to enter the insert mode and map the provider virtual network to the physical network.
      1. For the x86 network nodes, which are az-x86 nodes, configure provider-x86: 
        1
2
        		 
        [linux_bridge] 
physical_interface_mappings = provider-x86:enp64s0
        For the Arm network nodes, which are az-arm nodes, configure provider-arm: 
        1
2
        		 
        [linux_bridge] 
physical_interface_mappings = provider-arm:enp64s0

        In this example, the provider network uses the enp64s0 network port. Set the network port based on actual requirements. The physical NIC is configured for the service network, not for the management network. See Cluster Environment.

      2. Enable the VXLAN network. 
        1
2
3
4
        		 
        [vxlan] 
enable_vxlan = true 
local_ip = 192.168.100.121 
l2_population = true

        local_ip indicates the management IP address of the current network node.

      3. Enable the security group and configure the iptables firewall driver for the Linux bridge. 
        1
2
3
        		 
        [securitygroup] 
enable_security_group = true 
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  7. Check that the Linux OS kernel supports bridge filters.
    1. Open the /etc/sysctl.conf file.
      vi /etc/sysctl.conf
    2. Press i to enter the insert mode and add the following content to the file: 
      1
2
      		 
      net.bridge.bridge-nf-call-iptables = 1 
net.bridge.bridge-nf-call-ip6tables = 1

    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  8. Add a network bridge filter.
    1
2
3
    		 
    modprobe br_netfilter
sysctl -p
sed -i '$amodprobe br_netfilter' /etc/rc.local
  9. Enable the network service and configure it to start as the system boots.
    1
2
3
4
    		 
    systemctl enable neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service
systemctl start neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service

Compute Nodes

Perform the following operations on the compute nodes (x86-compute and arm-compute) of the self service-LinuxBridge network type. Because the network node and compute node are deployed on the same node, skip the repeated configurations if there are any.

  1. Install components.
    1
    		 
    yum -y install openstack-neutron-linuxbridge ebtables ipset
  2. Configure common components.
    1. Open the /etc/neutron/neutron.conf file.
      vi /etc/neutron/neutron.conf
    2. Press i to enter the insert mode and perform the following configurations.
      1. Configure RabbitMQ message queue access. 
        1
2
        		 
        [DEFAULT] 
transport_url = rabbit://openstack:PASSWORD@controller

        Replace PASSWORD with the password of the openstack user described in Installing RabbitMQ.

      2. Configure Identity service access. 
         1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
        		 
        [DEFAULT] 
auth_strategy = keystone 
[keystone_authtoken] 
www_authenticate_uri = http://controller:5000 
auth_url = http://controller:5000 
memcached_servers = controller:11211 
auth_type = password 
project_domain_name = default 
user_domain_name = default 
project_name = service 
username = neutron 
password = PASSWORD

        Replace PASSWORD with the password of the neutron user described in Creating the Neutron Database.

      3. Configure the lock path. 
        1
2
        		 
        [oslo_concurrency] 
lock_path = /var/lib/neutron/tmp
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  3. Configure the Linux bridge agent.
    1. Open the /etc/neutron/plugins/ml2/linuxbridge_agent.ini file.
      vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
    2. Press i to enter the insert mode and add the following configurations:
      1. Map the provider virtual network to the provider physical network port.
        • For the x86 compute nodes, which are az-x86 nodes, configure provider-x86: 
          1
2
          		 
          [linux_bridge] 
physical_interface_mappings = provider-x86:enp64s0
        • For the Arm compute nodes, which are az-arm nodes, configure provider-arm: 
          1
2
          		 
          [linux_bridge] 
physical_interface_mappings = provider-arm:enp64s0

        In this example, the provider network uses the enp64s0 network port. Set the network port based on actual requirements. The physical NIC is configured for the service network, not for the management network. See Cluster Environment.

      2. Enable the VXLAN network. 
        1
2
3
4
        		 
        [vxlan] 
enable_vxlan = true 
local_ip = 192.168.100.121 
l2_population = true

        local_ip indicates the management IP address of the compute node.

      3. Enable the security group and configure the iptables firewall driver for the Linux bridge. 
        1
2
3
4
        		 
        [securitygroup] 
enable_security_group = true 
firewall_driver = 
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  4. Check that the Linux OS kernel supports bridge filters.
    1. Open the /etc/sysctl.conf file.
      vi /etc/sysctl.conf
    2. Add the following information to the file: 
      1
2
      		 
      net.bridge.bridge-nf-call-iptables = 1 
net.bridge.bridge-nf-call-ip6tables = 1

    3. Press Esc to exit the insert mode. Type :wq! and press Enter to save the file and exit.
  5. Add the network bridge filter.
    1
2
3
    		 
    modprobe br_netfilter
sysctl -p
sed -i '$amodprobe br_netfilter' /etc/rc.local
  6. Enable the Linux bridge agent and configure it to start as the system boots.
    1
2
    		 
    systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service