Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Production Ready OpenStack - Recipes for Successful Environments

You're reading from   Production Ready OpenStack - Recipes for Successful Environments Production Ready OpenStack - Recipes for Successful Environments

Arrow left icon
Product type Paperback
Published in Oct 2015
Publisher Packt
ISBN-13 9781783986903
Length 210 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Arthur Berezin Arthur Berezin
Author Profile Icon Arthur Berezin
Arthur Berezin
Arrow right icon
View More author details
Toc

Table of Contents (11) Chapters Close

Preface 1. Introduction to OpenStack and its Deployment Using Packages FREE CHAPTER 2. Deploying OpenStack Using Staypuft OpenStack Installer 3. Deploying Highly Available OpenStack 4. Keystone Identity Service 5. Glance Image Service 6. Cinder Block Storage Service 7. Neutron Networking Service 8. Nova-Compute Service 9. Horizon Dashboard Service Index

Installing Neutron – networking service

Neutron networking service is responsible for the creation and management of layer 2 networks, layer 3 subnets, routers, and services, such as firewalls, VPNs, and DNS. Neutron service is constructed of Neutron-server service, which serves the Neutron API and interacts with the Neutron components since we deploy controller-Neutron-compute layout that we need to install and configure neutron-server and Modular Layer 2 (ML2) plugin on the controller node. Then, we will configure layer 3, DHCP, and metadata services on the Neutron network node. We will configure the compute node to use Neutron networking services.

Getting ready

Before configuring Neutron services, we need to create a Database that will hold Neutron's objects, a Keystone endpoint for Neutron, open the needed firewall ports, and install all needed Neutron packages on the controller, Neutron network node, and on compute nodes.

Run the following commands on the controller node!

Create database

  1. Access the database instance using MySQL command with the root user account:
    [root@controller ~]# mysql -u root -p
    
  2. Create a new database for Neutron called neutron:
    MariaDB [(none)]> CREATE DATABASE neutron;
    
  3. Create a database user account named neutron_db_user with the password neutron_db_password and grant access to the newly created database:
    MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron_user_db'@'localhost' IDENTIFIED BY 'neutron_db_password';
    MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron_user_db'@'%' IDENTIFIED BY 'neutron_db_password';
    

Create Keystone service credentials and endpoint

Keep in mind that for using Keystone command, we need to source Keystone environment parameters with admin credentials: # source ~/keystonerc_admin.

[root@controller ~(keystone_admin)]# keystone user-create --name neutron --pass password
[root@controller ~(keystone_admin)]# keystone user-role-add --user neutron --tenant services --role admin
[root@controller ~(keystone_admin)]# keystone service-create --name neutron --type network --description "OpenStack Networking"

Create a new endpoint for Neutron in Keystone services catalog:

[root@controller ~(keystone_admin)]# keystone endpoint-create \--service neutron \--publicurl http://controller:9696 \--adminurl http://controller:9696 \--internalurl http://controller:9696

Open service firewall ports

Add firewall rule to open TCP port 9696:

[root@controller ~]# firewall-cmd --permanent --add-port=9696/tcp
[root@controller ~]# firewall-cmd --reload

Install service packages

Install Neutron server and ML2 plugin packages on the controller:

[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 

How to do it…

We start by configuring Neutron server service on the controller node. We will configure Neutron to access the database and message broker. Then, we will configure Neutron to use Keystone, as it's an authentication strategy. We will use ML2 driver backend and configure Neutron to use it. Finally, we will configure Nova service to use Neutron and ML2 plugin as networking services.

Configure database connection

Use OpenStack configure command to configure the connection string to the database:

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron_db_user:neutron_db_password@controller/neutron_db

Configure message broker

Configure Neutron to use RabbitMQ message broker:

Tip

Remember to change 10.10.0.1 to your controller management IP.

[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
[root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 10.10.0.1

Configure Neutron service

  1. Configure Neutron to use Keystone as an authentication strategy:
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \auth_strategy keystone
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \auth_uri http://controller:5000
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \auth_host controller
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \auth_protocol http
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \auth_port 35357
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \admin_tenant_name services
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \admin_user neutron
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken \admin_password password
    
  2. Configure Neutron to synchronize networking topology changes with Nova:
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \notify_nova_on_port_status_changes True
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \notify_nova_on_port_data_changes True
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \nova_url http://controller:8774/v2
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \nova_admin_username nova
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \nova_admin_tenant_id $(keystone tenant-list | awk '/ services / { print $2 }')
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \nova_admin_password passowrd
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \nova_admin_auth_url http://controller:35357/v2.0
    
  3. Now configure Neutron to use ML2 Neutron plugin:
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \core_plugin ml2
    [root@controller ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT \service_plugins router
    
  4. Configure ML2 plugin to use Open vSwitch agent with GRE segregation for virtual networks for instances:
    [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \type_drivers gre
    [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \tenant_network_types gre
    [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 \mechanism_drivers openvswitch
    [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre \tunnel_id_ranges 1:1000
    [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
    [root@controller ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup \enable_security_group True
    
  5. Once Neutron and ML2 are configured, we need to configure Nova to use Neutron as its networking provider:
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://controller:9696
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password NEUTRON_PASS
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://controller:35357/v2.0
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
    
  6. Since we are using ML2 Neutron plugin, we need to add a symbolic link associated with ML2 and Neutron plugin as follows:
    [root@controller ~]# ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
    
  7. Prepare Nova to use Neutron metadata service:
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy true
    [root@controller ~]# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret SHARED_SECRET
    

Start and enable service

  1. If Nova services are running, we need to restart them:
    [root@controller ~]# systemctl restart openstack-nova-api
    [root@controller ~]# systemctl restart openstack-nova-scheduler
    [root@controller ~]# systemctl restart openstack-nova-conductor
    
  2. At this point, we can start and enable Neutron-server service:
    [root@controller ~]# systemctl start neutron-server
    [root@controller ~]# systemctl enable neutron-server
    

    This concludes configuring Neutron server on the controller node, now we can configure Neutron network node.

You have been reading a chapter from
Production Ready OpenStack - Recipes for Successful Environments
Published in: Oct 2015
Publisher: Packt
ISBN-13: 9781783986903
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image