Openstack provides two options for networking. The default network type is nova-network which enables the basic networking for the instances. Nova-network has limitation and it can support only one network per instance. The advanced networking option can be obtained using Openstack neutron service. It supports plug-ins and provides the different networking equipment and software, providing flexibility to OpenStack architecture and deployment. So that tenant can setup the multi-tier applications within the openstack private cloud.
Neutron includes the following components,
Have a look at the below diagram to know that how the L2 , L3 and Meta Data proxy agents are communicating to the API node (Controller Node).
Let’s configure the Neutron for our environment.
- Install & Configure Neutron Related services on Controller Node (We Are here)
- Install & Configure Neutron Related services for Network Node
- Install & Configure Neutron Related Services for Compute Node
Refer the password Database here before continuing this article.
Neutron Related configuration on Controller Node:
1.Login to the controller node .
2. Create the Database tables for Neutron .
root@OSCTRL-UA:~# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 452 Server version: 5.5.44-0ubuntu0.14.04.1 (Ubuntu) Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> CREATE DATABASE neutron; Query OK, 1 row affected (0.02 sec) mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutrondb123'; Query OK, 0 rows affected (0.08 sec) mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutrondb123'; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye root@OSCTRL-UA:~#
Note: My Neutron Database password has been set as “neutrondb123”.
3. Source the admin.rc file. If you do not have , just create a one like below.
root@OSCTRL-UA:~# cat admin.rc export OS_USERNAME=admin export OS_PASSWORD=admin123 export OS_TENANT_NAME=admin export OS_AUTH_URL=http://OSCTRL-UA:35357/v2.0 root@OSCTRL-UA:~# root@OSCTRL-UA:~# source admin.rc
4. Create the identity service(keystone) credentials for neutron . Create the neutron user with password “neutron123”.
root@OSCTRL-UA:~# keystone user-create --name neutron --pass neutron123 --email neutron@unixarena.com +----------+----------------------------------+ | Property | Value | +----------+----------------------------------+ | email | neutron@unixarena.com | | enabled | True | | id | 4d7251244dfd49c889ee8a634fc83c90 | | name | neutron | | username | neutron | +----------+----------------------------------+ root@OSCTRL-UA:~#
5. Add the neutron user in to the admin role.
root@OSCTRL-UA:~# keystone user-role-add --user neutron --tenant service --role admin root@OSCTRL-UA:~#
6. Create the neutron service in keystone.
root@OSCTRL-UA:~# keystone service-create --name neutron --type network --description "OpenStack Networking" +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 1d40c9c73ee64522a181bd6310efdf0b | | name | neutron | | type | network | +-------------+----------------------------------+ root@OSCTRL-UA:~#
7. Create an endpoint service for neutron.
root@OSCTRL-UA:~# keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://OSCTRL-UA:9696 --adminurl http://OSCTRL-UA:9696 --internalurl http://OSCTRL-UA:9696 +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | adminurl | http://OSCTRL-UA:9696 | | id | 5f0dfb2bdbb7483fa2d6165cf4d86ccc | | internalurl | http://OSCTRL-UA:9696 | | publicurl | http://OSCTRL-UA:9696 | | region | regionOne | | service_id | 1d40c9c73ee64522a181bd6310efdf0b | +-------------+----------------------------------+ root@OSCTRL-UA:~#
8. Install the neutron related networking modules on controller node.
root@OSCTRL-UA:~# apt-get install neutron-server neutron-plugin-ml2 Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ipset libipset3 neutron-common python-jsonrpclib python-neutron The following NEW packages will be installed: ipset libipset3 neutron-common neutron-plugin-ml2 neutron-server python-jsonrpclib python-neutron 0 upgraded, 7 newly installed, 0 to remove and 37 not upgraded. Need to get 1,390 kB of archives. After this operation, 13.1 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://in.archive.ubuntu.com/ubuntu/ trusty/main python-jsonrpclib all 0.1.3-1build1 [14.1 kB] Get:2 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main python-neutron all 1:2014.2.3-0ubuntu2~cloud0 [1,265 kB] Get:3 http://in.archive.ubuntu.com/ubuntu/ trusty/universe libipset3 amd64 6.20.1-1 [50.8 kB] Get:4 http://in.archive.ubuntu.com/ubuntu/ trusty/universe ipset amd64 6.20.1-1 [34.2 kB] Get:5 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main neutron-common all 1:2014.2.3-0ubuntu2~cloud0 [15.7 kB] Get:6 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main neutron-plugin-ml2 all 1:2014.2.3-0ubuntu2~cloud0 [6,870 B] Get:7 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main neutron-server all 1:2014.2.3-0ubuntu2~cloud0 [3,486 B] Fetched 1,390 kB in 8s (167 kB/s) Selecting previously unselected package python-jsonrpclib. (Reading database ... 101633 files and directories currently installed.) Preparing to unpack .../python-jsonrpclib_0.1.3-1build1_all.deb ... Unpacking python-jsonrpclib (0.1.3-1build1) ... Selecting previously unselected package libipset3:amd64. Preparing to unpack .../libipset3_6.20.1-1_amd64.deb ... Unpacking libipset3:amd64 (6.20.1-1) ... Selecting previously unselected package ipset. Preparing to unpack .../ipset_6.20.1-1_amd64.deb ... Unpacking ipset (6.20.1-1) ... Selecting previously unselected package python-neutron. Preparing to unpack .../python-neutron_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking python-neutron (1:2014.2.3-0ubuntu2~cloud0) ... Selecting previously unselected package neutron-common. Preparing to unpack .../neutron-common_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking neutron-common (1:2014.2.3-0ubuntu2~cloud0) ... Selecting previously unselected package neutron-plugin-ml2. Preparing to unpack .../neutron-plugin-ml2_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking neutron-plugin-ml2 (1:2014.2.3-0ubuntu2~cloud0) ... Selecting previously unselected package neutron-server. Preparing to unpack .../neutron-server_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking neutron-server (1:2014.2.3-0ubuntu2~cloud0) ... Processing triggers for man-db (2.6.7.1-1ubuntu1) ... Processing triggers for ureadahead (0.100.0-16) ... Setting up python-jsonrpclib (0.1.3-1build1) ... Setting up libipset3:amd64 (6.20.1-1) ... Setting up ipset (6.20.1-1) ... Setting up python-neutron (1:2014.2.3-0ubuntu2~cloud0) ... Setting up neutron-common (1:2014.2.3-0ubuntu2~cloud0) ... Adding system user `neutron' (UID 114) ... Adding new user `neutron' (UID 114) with group `neutron' ... Not creating home directory `/var/lib/neutron'. Setting up neutron-plugin-ml2 (1:2014.2.3-0ubuntu2~cloud0) ... Setting up neutron-server (1:2014.2.3-0ubuntu2~cloud0) ... neutron-server start/running, process 4105 Processing triggers for libc-bin (2.19-0ubuntu6.6) ... Processing triggers for ureadahead (0.100.0-16) ... root@OSCTRL-UA:~#
9. Edit the file “/etc/neutron/neutron.conf” like below. Here , we are just updating the database connection details, RabbitMQ & keystone configuration.
under [DEFAULT] tab, add the below line. (for Keystone & RabbitMQ)
[DEFAULT] auth_strategy = keystone rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = OSCTRL-UA rabbit_password = rabbit123
under “[keystone_authtoken]” add like below, (neutron’s user credentials )
[keystone_authtoken] auth_uri = http://OSCTRL-UA:5000 auth_host = OSCTRL-UA auth_protocol = http auth_port = 35357 admin_tenant_name = service admin_user = neutron admin_password = neutron123
under “[database]” , replace the existing database connection with line below.
[database] connection = mysql://neutron:neutrondb123@OSCTRL-UA/neutron
10 . To notify compute node about the topology changes , we need to add the service tenant keys in /etc/neutron/neutron.conf. To get the service tenant keys, use the command below.
root@OSCTRL-UA:~# keystone tenant-get service +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Service Tenant | | enabled | True | | id | 332f6865332b45aa9cf0d79aacd1ae3b | | name | service | +-------------+----------------------------------+ root@OSCTRL-UA:~#
Edit the “/etc/neutron/neutron.conf” & add the following keys under [DEFAULT] tab.
[DEFAULT] ............ notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://OSCTRL-UA:8774/v2 nova_admin_username = nova nova_admin_tenant_id = 332f6865332b45aa9cf0d79aacd1ae3b nova_admin_password = nova123 nova_admin_auth_url = http://OSCTRL-UA:35357/v2.0
11. Edit the /etc/neutron/neutron.conf to add the Modular layer 2 (ML2) plugins.
[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
12. Set the “verbose = True ” under [DEFAULT] section.
[DEFAULT] ... verbose = True
13. Comment out any lines under “[service_providers]” section in /etc/neutron/neutron.conf.
14. Configuring Modular Layer 2 (ML2) plugin: Modular Layer 2 Plugin uses the Open vSwitch to build the virtual networking for the instances. OVS agent will be configured on the neutron node. Edit the ML2 configuration file “/etc/neutron/plugins/ml2/ml2_conf.ini like below.
Add the following keys to the [ml2] section:
[ml2] ... type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch
Add the following key to the [ml2_type_gre] section:
[ml2_type_gre] ... tunnel_id_ranges = 1:1000
Add the [securitygroup] section and the following keys to it:
[securitygroup] …. firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True
15. Edit the /etc/nova/nova.conf file to instruct to use the “Neutron Networking” instead of the default “Nova Networking”.
[DEFAULT] ... network_api_class = nova.network.neutronv2.api.API neutron_url = http://OSCTRL-UA:9696 neutron_auth_strategy = keystone neutron_admin_tenant_name = service neutron_admin_username = neutron neutron_admin_password = neutron123 neutron_admin_auth_url = http://OSCTRL-UA:35357/v2.0 linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver security_group_api = neutron
16. Finalize the installation by populating the database.
root@OSCTRL-UA:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron INFO [alembic.migration] Context impl MySQLImpl. INFO [alembic.migration] Will assume non-transactional DDL. INFO [alembic.migration] Running upgrade None -> havana, havana_initial INFO [alembic.migration] Running upgrade havana -> e197124d4b9, add unique constraint to members INFO [alembic.migration] Running upgrade e197124d4b9 -> 1fcfc149aca4, Add a unique constraint on (agent_type, host) columns to prevent a race condition when an agent entry is 'upserted'. INFO [alembic.migration] Running upgrade 1fcfc149aca4 -> 50e86cb2637a, nsx_mappings INFO [alembic.migration] Running upgrade 50e86cb2637a -> 1421183d533f, NSX DHCP/metadata support INFO [alembic.migration] Running upgrade 1421183d533f -> 3d3cb89d84ee, nsx_switch_mappings INFO [alembic.migration] Running upgrade 3d3cb89d84ee -> 4ca36cfc898c, nsx_router_mappings INFO [alembic.migration] Running upgrade 4ca36cfc898c -> 27cc183af192, ml2_vnic_type INFO [alembic.migration] Running upgrade 27cc183af192 -> 50d5ba354c23, ml2 binding:vif_details INFO [alembic.migration] Running upgrade 50d5ba354c23 -> 157a5d299379, ml2 binding:profile INFO [alembic.migration] Running upgrade 157a5d299379 -> 3d2585038b95, VMware NSX rebranding INFO [alembic.migration] Running upgrade 3d2585038b95 -> abc88c33f74f, lb stats INFO [alembic.migration] Running upgrade abc88c33f74f -> 1b2580001654, nsx_sec_group_mapping INFO [alembic.migration] Running upgrade 1b2580001654 -> e766b19a3bb, nuage_initial INFO [alembic.migration] Running upgrade e766b19a3bb -> 2eeaf963a447, floatingip_status INFO [alembic.migration] Running upgrade 2eeaf963a447 -> 492a106273f8, Brocade ML2 Mech. Driver INFO [alembic.migration] Running upgrade 492a106273f8 -> 24c7ea5160d7, Cisco CSR VPNaaS INFO [alembic.migration] Running upgrade 24c7ea5160d7 -> 81c553f3776c, bsn_consistencyhashes INFO [alembic.migration] Running upgrade 81c553f3776c -> 117643811bca, nec: delete old ofc mapping tables INFO [alembic.migration] Running upgrade 117643811bca -> 19180cf98af6, nsx_gw_devices INFO [alembic.migration] Running upgrade 19180cf98af6 -> 33dd0a9fa487, embrane_lbaas_driver INFO [alembic.migration] Running upgrade 33dd0a9fa487 -> 2447ad0e9585, Add IPv6 Subnet properties INFO [alembic.migration] Running upgrade 2447ad0e9585 -> 538732fa21e1, NEC Rename quantum_id to neutron_id INFO [alembic.migration] Running upgrade 538732fa21e1 -> 5ac1c354a051, n1kv segment allocs for cisco n1kv plugin INFO [alembic.migration] Running upgrade 5ac1c354a051 -> icehouse, icehouse INFO [alembic.migration] Running upgrade icehouse -> 54f7549a0e5f, set_not_null_peer_address INFO [alembic.migration] Running upgrade 54f7549a0e5f -> 1e5dd1d09b22, set_not_null_fields_lb_stats INFO [alembic.migration] Running upgrade 1e5dd1d09b22 -> b65aa907aec, set_length_of_protocol_field INFO [alembic.migration] Running upgrade b65aa907aec -> 33c3db036fe4, set_length_of_description_field_metering INFO [alembic.migration] Running upgrade 33c3db036fe4 -> 4eca4a84f08a, Remove ML2 Cisco Credentials DB INFO [alembic.migration] Running upgrade 4eca4a84f08a -> d06e871c0d5, set_admin_state_up_not_null_ml2 INFO [alembic.migration] Running upgrade d06e871c0d5 -> 6be312499f9, set_not_null_vlan_id_cisco INFO [alembic.migration] Running upgrade 6be312499f9 -> 1b837a7125a9, Cisco APIC Mechanism Driver INFO [alembic.migration] Running upgrade 1b837a7125a9 -> 10cd28e692e9, nuage_extraroute INFO [alembic.migration] Running upgrade 10cd28e692e9 -> 2db5203cb7a9, nuage_floatingip INFO [alembic.migration] Running upgrade 2db5203cb7a9 -> 5446f2a45467, set_server_default INFO [alembic.migration] Running upgrade 5446f2a45467 -> db_healing, Include all tables and make migrations unconditional. INFO [alembic.migration] Context impl MySQLImpl. INFO [alembic.migration] Will assume non-transactional DDL. INFO [alembic.autogenerate.compare] Detected server default on column 'cisco_ml2_apic_epgs.provider' INFO [alembic.autogenerate.compare] Detected removed index 'cisco_n1kv_vlan_allocations_ibfk_1' on 'cisco_n1kv_vlan_allocations' INFO [alembic.autogenerate.compare] Detected server default on column 'cisco_n1kv_vxlan_allocations.allocated' INFO [alembic.autogenerate.compare] Detected removed index 'cisco_n1kv_vxlan_allocations_ibfk_1' on 'cisco_n1kv_vxlan_allocations' INFO [alembic.autogenerate.compare] Detected removed index 'embrane_pool_port_ibfk_2' on 'embrane_pool_port' INFO [alembic.autogenerate.compare] Detected removed index 'firewall_rules_ibfk_1' on 'firewall_rules' INFO [alembic.autogenerate.compare] Detected removed index 'firewalls_ibfk_1' on 'firewalls' INFO [alembic.autogenerate.compare] Detected server default on column 'meteringlabelrules.excluded' INFO [alembic.autogenerate.compare] Detected server default on column 'ml2_port_bindings.host' INFO [alembic.autogenerate.compare] Detected added column 'nuage_routerroutes_mapping.destination' INFO [alembic.autogenerate.compare] Detected added column 'nuage_routerroutes_mapping.nexthop' INFO [alembic.autogenerate.compare] Detected server default on column 'poolmonitorassociations.status' INFO [alembic.autogenerate.compare] Detected added index 'ix_quotas_tenant_id' on '['tenant_id']' INFO [alembic.autogenerate.compare] Detected NULL on column 'tz_network_bindings.phy_uuid' INFO [alembic.autogenerate.compare] Detected NULL on column 'tz_network_bindings.vlan_id' INFO [neutron.db.migration.alembic_migrations.heal_script] Detected removed foreign key u'nuage_floatingip_pool_mapping_ibfk_2' on table u'nuage_floatingip_pool_mapping' INFO [alembic.migration] Running upgrade db_healing -> 3927f7f7c456, L3 extension distributed mode INFO [alembic.migration] Running upgrade 3927f7f7c456 -> 2026156eab2f, L2 models to support DVR INFO [alembic.migration] Running upgrade 2026156eab2f -> 37f322991f59, removing_mapping_tables INFO [alembic.migration] Running upgrade 37f322991f59 -> 31d7f831a591, add constraint for routerid INFO [alembic.migration] Running upgrade 31d7f831a591 -> 5589aa32bf80, L3 scheduler additions to support DVR INFO [alembic.migration] Running upgrade 5589aa32bf80 -> 884573acbf1c, Drop NSX table in favor of the extra_attributes one INFO [alembic.migration] Running upgrade 884573acbf1c -> 4eba2f05c2f4, correct Vxlan Endpoint primary key INFO [alembic.migration] Running upgrade 4eba2f05c2f4 -> 327ee5fde2c7, set_innodb_engine INFO [alembic.migration] Running upgrade 327ee5fde2c7 -> 3b85b693a95f, Drop unused servicedefinitions and servicetypes tables. INFO [alembic.migration] Running upgrade 3b85b693a95f -> aae5706a396, nuage_provider_networks INFO [alembic.migration] Running upgrade aae5706a396 -> 32f3915891fd, cisco_apic_driver_update INFO [alembic.migration] Running upgrade 32f3915891fd -> 58fe87a01143, cisco_csr_routing INFO [alembic.migration] Running upgrade 58fe87a01143 -> 236b90af57ab, ml2_type_driver_refactor_dynamic_segments INFO [alembic.migration] Running upgrade 236b90af57ab -> 86d6d9776e2b, Cisco APIC Mechanism Driver INFO [alembic.migration] Running upgrade 86d6d9776e2b -> 16a27a58e093, ext_l3_ha_mode INFO [alembic.migration] Running upgrade 16a27a58e093 -> 3c346828361e, metering_label_shared INFO [alembic.migration] Running upgrade 3c346828361e -> 1680e1f0c4dc, Remove Cisco Nexus Monolithic Plugin INFO [alembic.migration] Running upgrade 1680e1f0c4dc -> 544673ac99ab, add router port relationship INFO [alembic.migration] Running upgrade 544673ac99ab -> juno, juno root@OSCTRL-UA:~#
If you get any error like , “Access denied for user neutron@ (using password: YES)) None None ” , then there must be inconsistency in password what you have given in step 2 & what you have updated in neutron.conf file.
17. Restart the nova & networking services.
root@OSCTRL-UA:~# service nova-api restart nova-api stop/waiting nova-api start/running, process 15291 root@OSCTRL-UA:~# service neutron-server restart neutron-server stop/waiting neutron-server start/running, process 15319 root@OSCTRL-UA:~#
List loaded extensions to verify successful launch of the neutron-server process.
root@OSCTRL-UA:~# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | dhcp_agent_scheduler | DHCP Agent Scheduler | | l3-ha | HA Router extension | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+ root@OSCTRL-UA:~# date Wed Sep 30 22:33:52 IST 2015 root@OSCTRL-UA:~#
If you get any error like below, then you need to re-validate the keystone configuration on neutron.conf file.
root@OSCTRL-UA:~# neutron ext-list
Unauthorized (HTTP 401) (Request-ID: req-eeea0ae8-3133-4fbf-9bbf-152bae461f7b)
root@OSCTRL-UA:~#
Please find the attached below file to know the full contents of neutron.conf & ml2_conf.ini.
Hope this article informative to you . Share it ! Be Sociable !!!
Leave a Reply