Installing and configuring controller nodes
precondition
Before configuring OpenStack network (neutron) services, you must create databases, service credentials, and API endpoints.
To create a database, complete the following steps:
Connect to the database server as root using the database access client:
mysql -u root -p
To create a neutron database:
CREATE DATABASE neutron;
Grant correct access to the neutron database and replace neutron with the appropriate password_ DBPASS :
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
Exit the database access client.
Obtain administrator credentials to access administrator only CLI commands:
. admin-openrc
To create service credentials, complete the following steps:
To create a neutron user:
openstack user create --domain default --password-prompt neutron
To add a neutron user to the administrator role:
openstack role add --project service --user neutron admin
To create a neutron service entity:
openstack service create --name neutron \ --description "OpenStack Networking" network
To create a web service API endpoint:
openstack endpoint create --region RegionOne \ network public http://controller:9696 openstack endpoint create --region RegionOne \ network internal http://controller:9696 openstack endpoint create --region RegionOne \ network admin http://controller:9696
Configure network options
You can deploy network services using one of the two architectures represented by options 1 and 2.
Option 1 deploys the simplest architecture and only supports connecting instances to the provider (external) network. There are no self-service (private) networks, routers, or floating IP addresses. Only administrators or other privileged users can manage the provider network.
Option 2 enhances option 1 with layer 3 services that support connecting instances to a self-service network. Demo or other non privileged users can manage the self-service network, including routers that provide connections between the self-service network and the provider network. In addition, floating IP addresses provide a connection to the instance using a self-service network from an external network, such as the Internet.
Self service networks usually use overlay networks. Overlay network protocols, such as VXLAN, include additional headers that increase overhead and reduce the available space for payload or user data. Without knowing the virtual network infrastructure, the instance attempts to send packets using the default Ethernet maximum transmission unit (MTU) of 1500 bytes. The network service automatically provides the correct MTU value to the instance through DHCP. However, some cloud images do not use DHCP or ignore the DHCP MTU option and need to be configured using metadata or scripts.
Option 2 also supports attaching instances to the provider network.
Select one of the following network options to configure services specific to it. Then, return here and continue configuration Metadata Agent .
Network option 1: provider network
Network option 2: self service network
Configure metadata proxy
The metadata proxy provides configuration information, such as credentials, to the instance.
Edit / etc / metadata_agent.ini file and complete the following operations:
In the [DEFAULT] section, configure the metadata host and shared key (replace metadata_secret with the appropriate key of the metadata agent):
[DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
Configure computing services to use network services
The Nova compute service must be installed to complete this step. For more details, see docs website Calculate the installation guide under the installation guide section of.
Edit the / etc/nova/nova.conf file and do the following:
In the [neutral] section, configure the access parameters, enable the metadata proxy, and configure the password:
[neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
Replace the sub password with the password you selected for the neutron user in the identity service.
Set metadata_ Replace secret with the key you selected for the metadata broker.
If necessary, see Computing service configuration guide , for a full set of options including overriding the service directory endpoint URL.
Complete installation
The network service initialization script requires a symbolic link / etc/neutron/plugin.ini to point to the ML2 plug-in configuration file / etc/neutron/plugins/ml2/ml2_conf.ini. If this symbolic link does not exist, use the following command to create it:
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
Populate database:
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
Since the script requires a complete server and plug-in configuration file, the database population of the network will be performed later.
Restart the computing API service:
systemctl restart openstack-nova-api.service
Start the network service and configure it to start when the system starts.
For two network options:
systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
For network option 2, you should also enable and start layer 3 services:
systemctl enable neutron-l3-agent.service systemctl start neutron-l3-agent.service
Installing and configuring compute nodes
The compute node handles the connections and security groups of instances.
Installation components
yum install openstack-neutron-linuxbridge ebtables ipset
Configure common components
Network common component configuration includes authentication mechanism, message queue and plug-in.
The default profile varies from release to release. You may need to add these sections and options instead of modifying existing sections and options. In addition, the ellipsis (...) in the configuration code snippet indicates the potential default configuration options that you should keep.
Edit the / etc/neutron/neutron.conf file and complete the following operations (in the [database] section, comment out all connection options because the compute node does not directly access the database):
In the [DEFAULT] section, configure RabbitMQ message queue access (replace rabbit_pass with the password you selected for the openstack account in RabbitMQ):
[DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller
In the [DEFAULT] and [keystone_authtoken] sections, configure identity service access (replace neutron_pass with the password you selected for the neutron user in the identity service):
Comment out or delete any other options in the [keystone_authtoken] section.
[DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS
In the [oslo_concurrency] section, configure the lock path:
[oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
Configure network options
Select the same network options as the controller node to configure its specific services. After that, return here and continue Configure the Compute service to use network services.
Network option 1: provider network
Network option 2: self service network
Configure computing services to use network services
Edit the / etc/nova/nova.conf file and complete the following (replace neutron_pass with the password you selected for the neutron user in the identity service):
In the [neutral] section, configure access parameters:
[neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
If necessary, see Computing service configuration guide , for a full set of options including overriding the service directory endpoint URL.
Complete installation
Restart computing service:
systemctl restart openstack-nova-compute.service
Start the Linux bridge agent and configure it to start when the system boots:
systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service