(Last Updated On: March 20, 2019)

Configuring Neutron on Controller Node

Neutron is an OpenStack project to provide “network connectivity as a service” between interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). It implements the Neutron API.
The following are the reasons as to why we should use Neutron:

  • It gives cloud tenants an API to build rich networking topologies, and configure advanced network policies in the cloud. Example: create multi-tier web application topology
  • It enables innovation plugins (open and closed source) that introduce advanced network capabilities. Example: use L2-in-L3 tunneling to avoid VLAN limits, provide end-to-end QoS guarantees, use monitoring protocols like NetFlow.
  • Lets anyone build advanced network services (open and closed source) that plug into Openstack tenant networks. Examples: LB-aaS, VPN-aaS, firewall-aaS, IDS-aaS (not implemented), data-center-interconnect-aaS.
  • Horizon GUI support for:
  • Neutron L2 and L3 network and subnet creation/deletion
  • Booting VMs on specific Neutron networks.
  • API Extensibility Framework, including extensions for:
  • “provider network”, which maps Neutron L2 networks to a specific VLAN in the physical data center

“Let the beauty of what you love be what you do. “
–Rumi

Let us begin installing Neutron on controller node.
Step One: As usual, we have to add Neutron user to keystone just like the rest

[[email protected] ~(keystone)]# openstack user create --domain default --project service --password neutron123 neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | d13375a7f48b4642abc74ad68d6ffe4b |
| domain_id | default |
| enabled | True |
| id | a831dddd9179494b95de64881d3abf79 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+

Step Two: Like we have done before, let us add Neutron to the admin role

[[email protected] ~(keystone)]# openstack role add --project service --user neutron admin

Step Three: Let us add neutron service entry. This is the same as what we have been doing for the other services so far.

[[email protected] ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network 
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking service |
| enabled | True |
| id | 14506b01a57049ff99eb51c4fb852ef5 |
| name | neutron |
| type | network |
+-------------+----------------------------------+


[[email protected] ~(keystone)]# export controller=192.168.122.130

Step Four: Add public, private and admin endpoints for neutron

[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network public http://$controller:9696 
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a4fe0901a7894fbd9c6e330be6e34a6d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 14506b01a57049ff99eb51c4fb852ef5 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.122.130:9696 |
+--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network internal http://$controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 84c6e17d4e274b92803f3ce22c68464c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 14506b01a57049ff99eb51c4fb852ef5 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.122.130:9696 |
+--------------+----------------------------------+
[[email protected] ~(keystone)]# openstack endpoint create --region RegionOne network admin http://$controller:9696 
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f889e50e5346473e894e0147577f3cfb |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 14506b01a57049ff99eb51c4fb852ef5 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.122.130:9696 |
+--------------+----------------------------------+

Step Five: As you might have guessed, we have to add neutron database and user to MariaDB

[[email protected] ~(keystone)]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1231
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database neutron_ml2;
MariaDB [(none)]> grant all privileges on neutron_ml2.* to [email protected]'localhost' identified by 'neutron123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron_ml2.* to [email protected]'%' identified by 'neutron123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;
Bye

Step Six: Installation of Neutron Server on controller

[[email protected] ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel -y install openstack-neutron openstack-neutron-ml2
Determining fastest mirrors
base: mirror.ucu.ac.ug
centos-qemu-ev: mirror.ucu.ac.ug
extras: mirror.ucu.ac.ug
updates: mirror.ucu.ac.ug
base | 3.6 kB 00:00:00
centos-ceph-luminous | 2.9 kB 00:00:00
centos-openstack-queens | 2.9 kB 00:00:00
centos-qemu-ev | 2.9 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
updates/7/x86_64/primary_db | 2.5 MB 00:00:02
Resolving Dependencies
--> Running transaction check
---> Package openstack-neutron.noarch 1:12.0.5-1.el7 will be installed

Step Seven: Back up neutron file and create a new one with the following configuration

[[email protected] ~(keystone)]#  mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

[[email protected] ~(keystone)]# vim /etc/neutron/neutron.conf
#New File
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
# RabbitMQ connection info
transport_url = rabbit://openstack:[email protected]
# Keystone auth info
[keystone_authtoken]
www_authenticate_uri = http://192.168.122.130:5000
auth_url = http://192.168.122.130:5000
memcached_servers = 192.168.122.130:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron123
# MariaDB connection info
[database]
connection = mysql+pymysql://neutron:[email protected]/neutron_ml2
# Nova connection info
[nova]
auth_url = http://192.168.122.130:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = pepe123
[oslo_concurrency]
lock_path = $state_path/tmp

Step Eight: Edit /etc/neutron/plugins/ml2/ml2_conf.ini and add the following on the specified lines.

[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
#line 22: uncomment and specify Nova API server
nova_metadata_host = 192.168.122.130
#line 34: uncomment and specify any secret key you like. Remember this because we shall need it later
metadata_proxy_shared_secret = pepe123
#line 260: uncomment and specify Memcache server
memcache_servers = 192.168.122.130:11211

Step Nine: Do the same for the following files

[[email protected] ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

Step Ten: Edit nova config file and update as follows

[[email protected] ~(keystone)]# vim /etc/nova/nova.conf
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
# add the following to the end : The Neutron auth info
# the value of metadata_proxy_shared_secret is the same with the one in metadata_agent.ini
[neutron]
auth_url = http://192.168.122.130:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron123 ##DO NOT FORGET THIS PASSWORD YOU SET IN NOVA SERVICE
service_metadata_proxy = True
metadata_proxy_shared_secret = pepe123 ##SAME AS WE USED IN THE /etc/neutron/plugins/ml2/ml2_conf.ini FILE

Step Eleven: Add relevant ports to firewall

[[email protected] ~(keystone)]# firewall-cmd --add-port=9696/tcp --permanent 
success
[[email protected] ~(keystone)]# firewall-cmd --reload
success

Step Twelve: Start Neutron Server

[[email protected] ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[[email protected] ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head"

INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron …
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial
INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes
INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework
INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac
INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage
INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash
INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers
INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool
INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qo
[[email protected] ~(keystone)]# systemctl start neutron-server neutron-metadata-agent
[[email protected] ~(keystone)]# systemctl enable neutron-server neutron-metadata-agent
[[email protected] ~(keystone)]# systemctl restart openstack-nova-api

There we go once again guys, Neutron should be okay now on the control node. In the next guide, we will be installing neutron on its on node.

Click on the below links to be directed to previous posts in this sequel.

Installation of Openstack three Node Cluster on CentOS 7 Part One

Installation of Three node OpenStack Queens Cluster – Part Two

Installation of Three node OpenStack Queens Cluster – Part Three

Installation of Three node OpenStack Queens Cluster – Part Four

Installation of Three node OpenStack Queens Cluster – Part Five

Part Seven of this same sequel is found in the below link.

Installation of Three node OpenStack Queens Cluster – Part Seven