How to Install and Configure OpenStack Neutron

In this tutorial, How to Install and Configure the OpenStack Network Service (Neutron). This example chooses the ML2 plugin. In previous, My post has How to install OpenStack all in one Centos 7If you have not yet install OpenStack Neutron then step install as below

Step by step Install and Configure Neutron in OpenStack

Create a User and Database on MariaDB for Neutron.

[root@DevopsRoles ~(keystone)]# mysql -u root -p 
MariaDB [(none)]> create database neutron_ml2;
MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
MariaDB [(none)]> flush privileges; 
MariaDB [(none)]> exit 

How to add user or service for Neutron on Keystone Server.

# add neutron user (set in service project)
[root@DevopsRoles ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron 

# add neutron user in admin role
[root@DevopsRoles ~(keystone)]# openstack role add --project service --user neutron admin

# add service entry for neutron
[root@DevopsRoles ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network

# define keystone host
[root@DevopsRoles ~(keystone)]# export controller=10.0.2.15

# add endpoint for neutron (public)
[root@DevopsRoles ~(keystone)]# openstack endpoint create --region RegionOne network public http://$controller:9696 

# add endpoint for neutron (internal)
[root@DevopsRoles ~(keystone)]# openstack endpoint create --region RegionOne network internal http://$controller:9696

# add endpoint for neutron (admin)
[root@DevopsRoles ~(keystone)]# openstack endpoint create --region RegionOne network admin http://$controller:9696 

Install Neutron services.

# install from Stein, EPEL
[root@DevopsRoles ~(keystone)]# yum --enablerepo=centos-openstack-stein,epel -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

Configure Neutron.

[root@DevopsRoles ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf_BK 

[root@DevopsRoles ~(keystone)]# vi /etc/neutron/neutron.conf
# create new
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:password@10.0.2.15

# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://10.0.2.15:5000
auth_url = http://10.0.2.15:5000
memcached_servers = 10.0.2.15:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword

# MariaDB connection info
[database]
connection = mysql+pymysql://neutron:password@10.0.2.15/neutron_ml2

# Nova connection info
[nova]
auth_url = http://10.0.2.15:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword

[oslo_concurrency]
lock_path = $state_path/tmp

[root@DevopsRoles ~(keystone)]# chmod 640 /etc/neutron/neutron.conf 
[root@DevopsRoles ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf 

[root@DevopsRoles ~(keystone)]# vi /etc/neutron/l3_agent.ini
[DEFAULT]
# line 2: add
interface_driver = openvswitch
[root@DevopsRoles ~(keystone)]# vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
# line 2: add
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

[root@DevopsRoles ~(keystone)]# vi /etc/neutron/metadata_agent.ini
[DEFAULT]
# line 2: add
# specify Nova API server
nova_metadata_host = 10.0.2.15
# specify any secret key you like
metadata_proxy_shared_secret = metadata_secret
# line 212: uncomment and specify Memcache server
memcache_servers = 10.0.2.15:11211

[root@DevopsRoles ~(keystone)]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
# add to the end ( it's OK with no value for "tenant_network_types" (set later if need) )
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch
extension_drivers = port_security
[root@DevopsRoles ~(keystone)]# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
# add to the end
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true

[root@DevopsRoles ~(keystone)]# vi /etc/nova/nova.conf
# add follows into [DEFAULT] section
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300

# add follows to the end : Neutron auth info
# the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini
[neutron]
auth_url = http://10.0.2.15:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = metadata_secret

If SELinux is enabled on Centos 7

[root@DevopsRoles ~(keystone)]# yum --enablerepo=centos-openstack-stein -y install openstack-selinux 
[root@DevopsRoles ~(keystone)]# setsebool -P neutron_can_network on 
[root@DevopsRoles ~(keystone)]# setsebool -P haproxy_connect_any on 
[root@DevopsRoles ~(keystone)]# setsebool -P daemons_enable_cluster_mode on 
[root@DevopsRoles ~(keystone)]# vi my-ovsofctl.te
# create new
module my-ovsofctl 1.0;

require {
        type neutron_t;
        class capability sys_rawio;
}

#============= neutron_t ==============
allow neutron_t self:capability sys_rawio;
# End create new my-ovsofctl.te file

[root@DevopsRoles ~(keystone)]# checkmodule -m -M -o my-ovsofctl.mod my-ovsofctl.te 
[root@DevopsRoles ~(keystone)]# semodule_package --outfile my-ovsofctl.pp --module my-ovsofctl.mod 
[root@DevopsRoles ~(keystone)]# semodule -i my-ovsofctl.pp 

Allow ports for services with Firewalld is running

[root@DevopsRoles ~(keystone)]# firewall-cmd --add-port=9696/tcp --permanent 
[root@DevopsRoles ~(keystone)]# firewall-cmd --reload 

Start Neutron services.

[root@DevopsRoles ~(keystone)]# systemctl start openvswitch 
[root@DevopsRoles ~(keystone)]# systemctl enable openvswitch 
[root@DevopsRoles ~(keystone)]# ovs-vsctl add-br br-int
[root@DevopsRoles ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 
[root@DevopsRoles ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"
[root@DevopsRoles ~(keystone)]# for service in server dhcp-agent l3-agent metadata-agent openvswitch-agent; do
[root@DevopsRoles ~(keystone)]# systemctl start neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch-agent
[root@DevopsRoles ~(keystone)]# systemctl enable neutron-dhcp-agent neutron-l3-agent neutron-metadata-agent neutron-openvswitch
[root@DevopsRoles ~(keystone)]# systemctl restart openstack-nova-api openstack-nova-compute

# show status
[root@DevopsRoles ~(keystone)]# openstack network agent list 

You have installed and configured OpenStack Network Service (Neutron).

,

About HuuPV

My name is Huu. I love technology and especially Devops Skill such as Docker, vagrant, git so forth. I likes open-sources. so I created DevopsRoles.com site to share the knowledge that I have learned. My Job: IT system administrator. Hobbies: summoners war game, gossip.
View all posts by HuuPV →

Leave a Reply

Your email address will not be published. Required fields are marked *

Comment moderation is enabled. Your comment may take some time to appear.

This site uses Akismet to reduce spam. Learn how your comment data is processed.