Installing a Three-Node OpenStack Queens Cluster-Part 6

Configure Neutron on the controller node

Neutron is an OpenStack project designed to provide “network connection as a service” between interface devices (such as vNICs) managed by other OpenStack services (such as nova). It implements the Neutron API.
Here are the reasons why we use Neutron:

  • It provides an API for cloud tenants to build rich network topologies and configure advanced network policies in the cloud. Example: Creating a Multi-Tier Web Application Topology
  • It enables innovative plugins (open source and closed source) that introduce advanced networking capabilities. Example: Use L2-in-L3 tunnels to avoid VLAN restrictions, provide end-to-end QoS guarantee, and use monitoring protocols such as NetFlow.
  • Allows anyone to build advanced web services (open source and closed source) that can be plugged into the Openstack tenant network. Examples: LB-aaS, VPN-aaS, firewall-aaS, IDS-aaS (not implemented), data center interconnect-aaS.
  • Horizon GUI supports:
  • Neutron L2 and L3 network and subnet creation / deletion
  • Boot the VM on a specific Neutron network.
  • API extensibility framework, including the following extensions:
  • “Provider Network”, which maps the Neutron L2 network to specific VLANs in the physical data center

“Make your favorite beauty your job.” –Rumi

Let’s start installing Neutron on the controller node. step 1: As usual, we have to add Neutron users to keystone correction like the rest

[[email protected] ~(keystone)]# openstack user create --domain default --project service --password neutron123 neutron +---------------------+----------------------------------+ | Field               | Value                            | +---------------------+----------------------------------+ | default_project_id  | d13375a7f48b4642abc74ad68d6ffe4b | | domain_id           | default                          | | enabled             | True                             | | id                  | a831dddd9179494b95de64881d3abf79 | | name                | neutron                          | | options             | {}                               | | password_expires_at | None                             | +---------------------+----------------------------------+

The second step: Like we did before, let’s add Neutron to the admin role

[[email protected] ~(keystone)]# openstack role add --project service --user neutron admin

third step: Let’s add the neutron service entry. This is the same as what we have done for other services so far.

[[email protected] ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network  +-------------+----------------------------------+ | Field       | Value                            | +-------------+----------------------------------+ | description | OpenStack Networking service     | | enabled     | True                             | | id          | 14506b01a57049ff99eb51c4fb852ef5 | | name        | neutron                          | | type        | network                          | +-------------+----------------------------------+[[email protected] ~(keystone)]# export controller=192.168.122.130

the fourth step: Add neutron’s public, private and management endpoints

[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network public http://$controller:9696  +--------------+----------------------------------+ | Field        | Value                            | +--------------+----------------------------------+ | enabled      | True                             | | id           | a4fe0901a7894fbd9c6e330be6e34a6d | | interface    | public                           | | region       | RegionOne                        | | region_id    | RegionOne                        | | service_id   | 14506b01a57049ff99eb51c4fb852ef5 | | service_name | neutron                          | | service_type | network                          | | url          | http://192.168.122.130:9696        | +--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network internal http://$controller:9696 +--------------+----------------------------------+ | Field        | Value                            | +--------------+----------------------------------+ | enabled      | True                             | | id           | 84c6e17d4e274b92803f3ce22c68464c | | interface    | internal                         | | region       | RegionOne                        | | region_id    | RegionOne                        | | service_id   | 14506b01a57049ff99eb51c4fb852ef5 | | service_name | neutron                          | | service_type | network                          | | url          | http://192.168.122.130:9696        | +--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network admin http://$controller:9696  +--------------+----------------------------------+ | Field        | Value                            | +--------------+----------------------------------+ | enabled      | True                             | | id           | f889e50e5346473e894e0147577f3cfb | | interface    | admin                            | | region       | RegionOne                        | | region_id    | RegionOne                        | | service_id   | 14506b01a57049ff99eb51c4fb852ef5 | | service_name | neutron                          | | service_type | network                          | | url          | http://192.168.122.130:9696        | +--------------+----------------------------------+

the fifth step: You may have guessed that we have to add the neutron database and users to MariaDB

[[email protected] ~(keystone)]# mysql -u root -p Enter password:  Welcome to the MariaDB monitor.  Commands end with ; or g. Your MariaDB connection id is 1231 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> create database neutron_ml2; MariaDB [(none)]> grant all privileges on neutron_ml2.* to [email protected]'localhost' identified by 'neutron123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all privileges on neutron_ml2.* to [email protected]'%' identified by 'neutron123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges;  Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit; Bye

Step Six: Install Neutron Server on the controller

[[email protected] ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel -y install openstack-neutron openstack-neutron-ml2Determining fastest mirrors base: mirror.ucu.ac.ug centos-qemu-ev: mirror.ucu.ac.ug extras: mirror.ucu.ac.ug updates: mirror.ucu.ac.ug base                                                                                      | 3.6 kB  00:00:00      centos-ceph-luminous                                                                      | 2.9 kB  00:00:00      centos-openstack-queens                                                                   | 2.9 kB  00:00:00      centos-qemu-ev                                                                            | 2.9 kB  00:00:00      extras                                                                                    | 3.4 kB  00:00:00      updates                                                                                   | 3.4 kB  00:00:00      updates/7/x86_64/primary_db                                                               | 2.5 MB  00:00:02      Resolving Dependencies --> Running transaction check ---> Package openstack-neutron.noarch 1:12.0.5-1.el7 will be installed                                                                         

Step Seven: Back up the neutron file and create a new file with the following configuration

[[email protected] ~(keystone)]#  mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak[[email protected] ~(keystone)]# vim /etc/neutron/neutron.conf#New File [DEFAULT] core_plugin = ml2 service_plugins = router auth_strategy = keystone state_path = /var/lib/neutron dhcp_agent_notification = True allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True# RabbitMQ connection info transport_url = rabbit://openstack:[email protected]# Keystone auth info [keystone_authtoken] www_authenticate_uri = http://192.168.122.130:5000 auth_url = http://192.168.122.130:5000 memcached_servers = 192.168.122.130:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron123# MariaDB connection info [database] connection = mysql+pymysql://neutron:[email protected]/neutron_ml2# Nova connection info [nova] auth_url = http://192.168.122.130:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = pepe123 [oslo_concurrency] lock_path = $state_path/tmp

Step eight: Edit /etc/neutron/plugins/ml2/ml2_conf.ini and add the following on the specified line.

[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini #line 22: uncomment and specify Nova API server nova_metadata_host = 192.168.122.130 #line 34: uncomment and specify any secret key you like. Remember this because we shall need it later metadata_proxy_shared_secret = pepe123 #line 260: uncomment and specify Memcache server memcache_servers = 192.168.122.130:11211

Step 9: Do the same for the following files

[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini  [ml2]  type_drivers = flat,vlan,gre,vxlan  tenant_network_types =  mechanism_drivers = openvswitch,l2population  extension_drivers = port_security

Step 10: Edit nova configuration file and update as follows

[[email protected] ~(keystone)]# vim /etc/nova/nova.conf use_neutron = True linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver# add the following to the end : The Neutron auth info# the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini[neutron] auth_url = http://192.168.122.130:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron123 ##DO NOT FORGET THIS PASSWORD YOU SET IN NOVA SERVICE  service_metadata_proxy = True metadata_proxy_shared_secret = pepe123 ##SAME AS WE USED IN THE /etc/neutron/plugins/ml2/ml2_conf.ini FILE

Step 11: Add relevant ports to the firewall

[[email protected] ~(keystone)]# firewall-cmd --add-port=9696/tcp --permanent  success [[email protected] ~(keystone)]# firewall-cmd --reload  success

Step 12: Start Neutron server

[[email protected] ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [[email protected] ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"            INFO  [alembic.runtime.migration] Context impl MySQLImpl. INFO  [alembic.runtime.migration] Will assume non-transactional DDL.   Running upgrade for neutron … INFO  [alembic.runtime.migration] Context impl MySQLImpl. INFO  [alembic.runtime.migration] Will assume non-transactional DDL. INFO  [alembic.runtime.migration] Running upgrade  -> kilo, kilo_initial INFO  [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO  [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO  [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes INFO  [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework INFO  [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac INFO  [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage INFO  [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash INFO  [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers INFO  [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool INFO  [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qo [[email protected] ~(keystone)]# systemctl start neutron-server neutron-metadata-agent [[email protected] ~(keystone)]# systemctl enable neutron-server neutron-metadata-agent  [[email protected] ~(keystone)]# systemctl restart openstack-nova-api

We went there again, and the neutrons on the control node should now be OK. In the next guide, we will install neutrons on the nodes above it.

Click the link below to go directly to the previous post in this sequel.

Install Openstack three-node cluster on CentOS 7 part 1

Installing a Three-Node OpenStack Queens Cluster-Part 2

Installing a Three-Node OpenStack Queens Cluster-Part Three

Installing a Three-Node OpenStack Queens Cluster-Part 4

Installing a Three-Node OpenStack Queens Cluster-Part 5

Find the seventh part of the same sequel in the link below.

Installing a Three-Node OpenStack Queens Cluster-Part 7

Sidebar