This article will demonstrate that how to configure the Neutron configuration on compute node part. The compute node handles the network connectivity and security groups for each instance. In the compute node, we need to enable certain kernel parameters and install the networking components for neutron. Once the required networking components are installed , we just need to edit the configuration files to make the entries for identity service and MQ service. So far , we have configured the neutron configuration on controller node and Network node.
Let’s configure the Neutron for our environment. (Mandatory configurations on Controller Node , Network Node & Compute nodes.)
- Install & Configure Neutron Related services on Controller Node
- Install & Configure Neutron Related services for Network Node
- Install & Configure Neutron Related Services for Compute Node (We Are here)
Configure prerequisites on Compute Node:
1.Login to Openstack Compute and gain root access.
2. Edit the /etc/sysctl.conf and add the following entries.
net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.bridge.bridge-nf-call-iptables=1 net.bridge.bridge-nf-call-ip6tables=1
3. Implement the changes.
root@OSCMP-UA:~# sysctl -p net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.default.rp_filter = 0 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 root@OSCMP-UA:~#
If you get any error like below , load the br_netfilter kernel module .
root@OSCMP-UA:~# sysctl -p
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-iptables: No such file or directory
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-ip6tables: No such file or directory
root@OSCMP-UA:~#
You can load the br_netfilter kernel module using command below.
root@OSCMP-UA:~# modprobe br_netfilter root@OSCMP-UA:~# root@OSCMP-UA:~# lsmod |grep br_netfilter br_netfilter 20480 0 bridge 110592 1 br_netfilter root@OSCMP-UA:~#
To make the change persistent , update the /etc/modules file.
root@OSCMP-UA:~# cat /etc/modules |grep br_netfilter br_netfilter root@OSCMP-UA:~#
Install the Networking components on Compute Node:
You need to install neutron-plugin-ml2 and neutron-plugin-openvswtich-agent packages on compute node.
1.Install the networking components on compute node.
root@OSCMP-UA:~# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: ipset libipset3 neutron-common openvswitch-common openvswitch-switch python-jsonrpclib python-neutron python-novaclient Suggested packages: openvswitch-datapath-module The following NEW packages will be installed: ipset libipset3 neutron-common neutron-plugin-ml2 neutron-plugin-openvswitch-agent openvswitch-common openvswitch-switch python-jsonrpclib python-neutron python-novaclient 0 upgraded, 10 newly installed, 0 to remove and 34 not upgraded. Need to get 2,856 kB of archives. After this operation, 20.8 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main python-novaclient all 1:2.19.0-0ubuntu1~cloud0 [157 kB] Get:2 http://in.archive.ubuntu.com/ubuntu/ trusty/main python-jsonrpclib all 0.1.3-1build1 [14.1 kB] Get:3 http://in.archive.ubuntu.com/ubuntu/ trusty/universe libipset3 amd64 6.20.1-1 [50.8 kB] Get:4 http://in.archive.ubuntu.com/ubuntu/ trusty/universe ipset amd64 6.20.1-1 [34.2 kB] Get:5 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main python-neutron all 1:2014.2.3-0ubuntu2~cloud0 [1,265 kB] Get:6 http://in.archive.ubuntu.com/ubuntu/ trusty-updates/main openvswitch-common amd64 2.0.2-0ubuntu0.14.04.2 [444 kB] Get:7 http://in.archive.ubuntu.com/ubuntu/ trusty-updates/main openvswitch-switch amd64 2.0.2-0ubuntu0.14.04.2 [864 kB] Get:8 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main neutron-common all 1:2014.2.3-0ubuntu2~cloud0 [15.7 kB] Get:9 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main neutron-plugin-ml2 all 1:2014.2.3-0ubuntu2~cloud0 [6,870 B] Get:10 http://ubuntu-cloud.archive.canonical.com/ubuntu/ trusty-updates/juno/main neutron-plugin-openvswitch-agent all 1:2014.2.3-0ubuntu2~cloud0 [3,758 B] Fetched 2,856 kB in 10s (268 kB/s) Selecting previously unselected package python-jsonrpclib. (Reading database ... 100023 files and directories currently installed.) Preparing to unpack .../python-jsonrpclib_0.1.3-1build1_all.deb ... Unpacking python-jsonrpclib (0.1.3-1build1) ... Selecting previously unselected package libipset3:amd64. Preparing to unpack .../libipset3_6.20.1-1_amd64.deb ... Unpacking libipset3:amd64 (6.20.1-1) ... Selecting previously unselected package ipset. Preparing to unpack .../ipset_6.20.1-1_amd64.deb ... Unpacking ipset (6.20.1-1) ... Selecting previously unselected package python-novaclient. Preparing to unpack .../python-novaclient_1%3a2.19.0-0ubuntu1~cloud0_all.deb ... Unpacking python-novaclient (1:2.19.0-0ubuntu1~cloud0) ... Selecting previously unselected package python-neutron. Preparing to unpack .../python-neutron_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking python-neutron (1:2014.2.3-0ubuntu2~cloud0) ... Selecting previously unselected package neutron-common. Preparing to unpack .../neutron-common_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking neutron-common (1:2014.2.3-0ubuntu2~cloud0) ... Selecting previously unselected package neutron-plugin-ml2. Preparing to unpack .../neutron-plugin-ml2_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking neutron-plugin-ml2 (1:2014.2.3-0ubuntu2~cloud0) ... Selecting previously unselected package openvswitch-common. Preparing to unpack .../openvswitch-common_2.0.2-0ubuntu0.14.04.2_amd64.deb ... Unpacking openvswitch-common (2.0.2-0ubuntu0.14.04.2) ... Selecting previously unselected package openvswitch-switch. Preparing to unpack .../openvswitch-switch_2.0.2-0ubuntu0.14.04.2_amd64.deb ... Unpacking openvswitch-switch (2.0.2-0ubuntu0.14.04.2) ... Selecting previously unselected package neutron-plugin-openvswitch-agent. Preparing to unpack .../neutron-plugin-openvswitch-agent_1%3a2014.2.3-0ubuntu2~cloud0_all.deb ... Unpacking neutron-plugin-openvswitch-agent (1:2014.2.3-0ubuntu2~cloud0) ... Processing triggers for man-db (2.6.7.1-1ubuntu1) ... Processing triggers for ureadahead (0.100.0-16) ... Setting up python-jsonrpclib (0.1.3-1build1) ... Setting up libipset3:amd64 (6.20.1-1) ... Setting up ipset (6.20.1-1) ... Setting up python-novaclient (1:2.19.0-0ubuntu1~cloud0) ... Setting up python-neutron (1:2014.2.3-0ubuntu2~cloud0) ... Setting up neutron-common (1:2014.2.3-0ubuntu2~cloud0) ... Adding system user `neutron' (UID 110) ... Adding new user `neutron' (UID 110) with group `neutron' ... Not creating home directory `/var/lib/neutron'. Setting up neutron-plugin-ml2 (1:2014.2.3-0ubuntu2~cloud0) ... Setting up openvswitch-common (2.0.2-0ubuntu0.14.04.2) ... Setting up openvswitch-switch (2.0.2-0ubuntu0.14.04.2) ... openvswitch-switch start/running Processing triggers for ureadahead (0.100.0-16) ... Setting up neutron-plugin-openvswitch-agent (1:2014.2.3-0ubuntu2~cloud0) ... neutron-plugin-openvswitch-agent start/running, process 18376 Processing triggers for libc-bin (2.19-0ubuntu6.6) ... Processing triggers for ureadahead (0.100.0-16) ... root@OSCMP-UA:~#
Configure the Networking common components:
Edit the neutron.conf file and update the following items.
- Configure the Networking service to use Identity service for authentication. Edit the “/etc/neutron/neutron.conf” file and update the following key on default section.
[DEFAULT] ... auth_strategy = keystone
- Add the following keys to the [keystone_authtoken] section.
[keystone_authtoken] ..... auth_uri = http://OSCTRL-UA:5000 auth_host = OSCTRL-UA auth_protocol = http auth_port = 35357 admin_tenant_name = service admin_user = neutron admin_password = neutron123
- Configure Networking service to use the message broker RabbitMQ . Add the following keys to the default section.
[DEFAULT] ... rpc_backend = neutron.openstack.common.rpc.impl_kombu rabbit_host = OSCTRL-UA rabbit_password = rabbit123
- Configure the Networking service to use ML2 plugins and associated services. Add the following keys to the default section.
[DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True verbose = true
- Comment out any lines in the [service_providers] section
Configure the Modular Layer 2 (ML2) plug-in:
The Module Layer 2 (ML2) plugin uses the Open vSwitch mechanism to build the virtual networking framework for instances. Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and update the required configuration.
- Add the following keys to the [ml2] section on “/etc/neutron/plugins/ml2/ml2_conf.ini” .
[ml2] ... type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch
- Add the following keys to the [ml2_type_gre] section.
[ml2_type_gre] ... tunnel_id_ranges = 1:1000
- Add the [securitygroup] section and the following keys to it:
[securitygroup] ... firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver enable_security_group = True
- Add the [ovs] section and the following keys to it:
[ovs] ... local_ip = 192.168.204.9 tunnel_type = gre enable_tunneling = True
Note: Replace 192.168.204.9 with the IP address of the instance tunnels network interface on your compute node.
Configure the Open vSwitch (OVS) service:
The open vswitch service provides the underlying virtual networking framework for openstack instances . The integration bridge br-int handles internal openstack instance network traffic within open vSwitch.
- Restart the Open vSwtich Service & create the integration bridge if it’s not already created.
root@OSCMP-UA:~# service openvswitch-switch restart openvswitch-switch stop/waiting openvswitch-switch start/running root@OSCMP-UA:~# ovs-vsctl add-br br-int ovs-vsctl: cannot create a bridge named br-int because a bridge named br-int already exists root@OSCMP-UA:~#
Configure Compute node to use Networking:
By default, Openstack will use the legacy nova-network. We need to re-configure nova to use the neutron network.
- Edit the /etc/nova/nova.conf and update the default section like below.
[DEFAULT] .... network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver
- Update the [neutron] section like below.
[neutron] ... url = http://OSCTRL-UA:9696 auth_strategy = keystone admin_auth_url = http://OSCTRL-UA:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = neutron123
To finalize the installation and configuration, just restart the nova service and OVS service on Compute node.
root@OSCMP-UA:~# service nova-compute restart nova-compute stop/waiting nova-compute start/running, process 18711 root@OSCMP-UA:~# service neutron-plugin-openvswitch-agent restart neutron-plugin-openvswitch-agent stop/waiting neutron-plugin-openvswitch-agent start/running, process 18726 root@OSCMP-UA:~#
Verify our work:
1.Login to the controller node
2.Source the admin credentials.
root@OSCTRL-UA:~# cat admin.rc export OS_USERNAME=admin export OS_PASSWORD=admin123 export OS_TENANT_NAME=admin export OS_AUTH_URL=http://OSCTRL-UA:35357/v2.0 root@OSCTRL-UA:~# source admin.rc root@OSCTRL-UA:~#
3.List the neutron agents status.
root@OSCTRL-UA:~# neutron agent-list +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ | 12d30025-2b13-4edf-806a-cfea51089c1e | L3 agent | OSNWT-UA | :-) | True | neutron-l3-agent | | 26b7634d-7e81-4d84-9458-af95db545828 | Metadata agent | OSNWT-UA | :-) | True | neutron-metadata-agent | | 6a65089e-7af5-4fe0-b746-07bc8fa7d7d0 | DHCP agent | OSNWT-UA | :-) | True | neutron-dhcp-agent | | ad45ceea-6fa4-4cad-af17-ae7e40becb4b | Open vSwitch agent | OSNWT-UA | :-) | True | neutron-openvswitch-agent | | f8f16a65-575b-4aff-92d9-5fe16db283cb | Open vSwitch agent | OSCMP-UA | :-) | True | neutron-openvswitch-agent | +--------------------------------------+--------------------+----------+-------+----------------+---------------------------+ root@OSCTRL-UA:~#
The Neutron agents status shows that we have successfully configured the Neutron Networking . (neutron-openvswitch-agent live on both network (OSNWT-UA) & compute nodes (OSCMP-UA) ).
The Next article will demonstrate the initial network setup for Neutron.
Share it !! Be Sociable !!!