Installing and configuring the Neutron API service

The Neutron service provides an API for our services to access and define our software-defined networking. In our environment, we install the Neutron service on our controller node alongside our other API services such as Glance and Keystone.

Getting ready

Ensure you have a suitable server available for installation of the OpenStack network components. If you are using the accompanying Vagrant environment, this will be the controller node that we will be using.

Ensure you are logged in to the controller node. If you created this node with Vagrant, you can execute the following command:

vagrant ssh controller

Tip

Neutron requires access to a database and message queue. Check that the pre requisites have been installed by following the instructions at http://bit.ly/OpenStackCookbookPreReqs.

How to do it...

To configure our OpenStack Controller node for Neutron, carry out the following steps:

  1. First update the packages installed on the node: 
    sudo apt-get update
sudo apt-get upgrade
  2. We are now ready to install the Neutron service and the ML2 plugin using the following commands: 
    sudo apt-get install neutron-server \
 neutron-plugin-ml2 ntp
  3. Next we will edit the Neutron configuration files. As we are just providing the Neutron API service, we first need to configure the service in the /etc/neutron/neutron.conf file. Edit this file to insert the following contents that match the configuration found on our network node: 
    [DEFAULT]
verbose = True
debug = True
state_path = /var/lib/neutron
lock_path = $state_path/lock
log_dir = /var/log/neutron
use_syslog = True
syslog_log_facility = LOG_LOCAL0

bind_host = 0.0.0.0
bind_port = 9696
# Plugin
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

# auth
auth_strategy = keystone

# RPC configuration options. Defined in rpc __init__
# The messaging module to use, defaults to kombu.
rpc_backend = neutron.openstack.common.rpc.impl_kombu

rabbit_host = 172.16.0.200
rabbit_password = guest
rabbit_port = 5672
rabbit_userid = guest
rabbit_virtual_host = /
rabbit_ha_queues = false

# ===== Notification System Options ==========
notification_driver = neutron.openstack.common.notifier.rpc_notifier

# ======== neutron nova interactions ==========
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://172.16.0.200:8774/v2
nova_region_name = RegionOne
nova_admin_username = nova
nova_admin_tenant_name = service
nova_admin_password = nova
nova_admin_auth_url = https://192.168.100.200:35357/v2.0
nova_ca_certificates_file = /etc/ssl/certs/ca.pem
[agent]
root_helper = sudo

[keystone_authtoken]
auth_uri = https://192.168.100.200:35357/v2.0/
identity_uri = https://192.168.100.200:5000
admin_tenant_name = service
admin_user = neutron
admin_password = neutron
insecure = True

[database]
connection = mysql://neutron:openstack@172.16.0.200/neutron
  4. We then need to edit the /etc/neutron/plugins/ml2/ml2_conf.ini file to have the following content that matches the network node's configuration for consistency (except the local_ip option): 
    [ml2]
type_drivers = gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[ml2_type_vxlan]
vxlan_group =
vni_ranges = 1:1000

[vxlan]
enable_vxlan = True
vxlan_group =
local_ip = 
[agent]
tunnel_types = vxlan
vxlan_udp_port = 4789

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
  5. After these files have been configured correctly, we run the following command to ensure our Neutron database is at the correct level for the version of OpenStack we are using: 
    sudo neutron-db-manage \
 --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
 upgrade juno
  6. At this stage, we configure Nova to use Neutron. Nova component installation is covered in the next chapter, but it is shown here for your convenience. After the Nova components have been installed, configure the /etc/nova/nova.conf file to tell the OpenStack Compute components to utilize Neutron. Add the following lines under [Default] in our /etc/nova/nova.conf file: 
    # Network settings 
network_api_class=nova.network.neutronv2.api.API
neutron_url=http://172.16.0.200:9696/
neutron_auth_strategy=keystone
neutron_admin_tenant_name=service
neutron_admin_username=neutron
neutron_admin_password=neutron
neutron_admin_auth_url=https://192.168.100.200:35357/v2.0
neutron_ca_certificates_file=/etc/ssl/certs/ca.pem
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
service_neutron_metadata_proxy=true
neutron_metadata_proxy_shared_secret=foo
  7. Using the following command, restart our Neutron services running on this node to pick up the changes: 
    sudo service neutron-server restart
  8. When Nova has been installed, restart the Nova services running on this node to pick up the changes in the /etc/nova/nova.conf file: 
    ls /etc/init/nova-* | cut -d '/' -f4 | cut -d '.' -f1 | while read S; do sudo stop $S; sudo start $S; done

How it works...

Configuring our Neutron API service on the controller node is very straightforward with the right information at hand. We install a couple of required packages.

Use the following commands to install the Neutron package:

neutron-server
neutron-plugin-ml2

Once the Neutron package is installed, we configure the /etc/neutron/neutron.conf file that matches our network node config, with only one new section: the neutron nova interaction section. Here, we ensure correct settings to allow nova to interoperate with Neutron. We also configure the ML2 plugin file that also matches our network node, but we can omit the OVS section because it is surplus on our controller node.

We then run a command to ensure that our Neutron database has the correct rows and columns for use with the OpenStack Juno release.

Finally, we configure /etc/nova/nova.conf, which is the most important configuration file for our OpenStack Compute services:

  • network_api_class=nova.network.neutronv2.api.API: This tells our OpenStack Compute service to use Neutron Networking.
  • neutron_url=http://172.16.0.200:9696/: This is address of our Neutron Server API (running on our controller node).
  • neutron_auth_strategy=keystone: This tells Neutron to utilize the OpenStack Identity and Authentication service, Keystone.
  • neutron_admin_tenant_name=service: This is the name of the service tenant in Keystone.
  • neutron_admin_username=neutron: This is the username that Neutron uses for authentication in Keystone.
  • neutron_admin_password=neutron: This is the password that Neutron uses to authenticate with in Keystone.
  • neutron_admin_auth_url=https://172.16.0.200:35357/v2.0: This is the address of our Keystone service.
  • neutron_ca_certificates_file = /etc/ssl/certs/ca.pem: This references the Certificate Authority file that we generated in Chapter 1, Keystone – OpenStack Identity Service, to allow our SSL calls to Keystone to work correctly without setting an insecure flag.
  • libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver: This tells Libvirt to use the OVS Bridge driver.
  • linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver: This is the driver used to create Ethernet devices on our Linux hosts.
  • firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver: This is the driver that is used to manage the firewalls.
  • service_neutron_metadata_proxy=true: This allows us to utilize the metadata proxy service that passes requests from Neutron to the Nova API service.
  • foo: This is the random key we set in order to utilize the proxy service. It must match on all nodes running this service to ensure a level of security when passing proxy requests. 
    neutron_metadata_proxy_shared_secret=foo

See Also

上一章目录下一章