11. Install Networking (neutron) on compute VMΒΆ
This page is based on the following OpenStack Installation Guide pages:
http://docs.openstack.org/liberty/install-guide-rdo/neutron-compute-install.html
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance.html
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-networks-public.html
It is also based on some steps from the following guide:
https://www.citrix.com/blogs/2015/11/30/integrating-xenserver-rdo-and-neutron/
Steps 1, 3, 4, 6, 8, 11, 14 and 15 have specific changes for the use of XenServer.
Install the neutron and ovs packages:
# yum install openstack-neutron openstack-neutron-openvswitch ebtables ipset openvswitch
Configure neutron. Replace
*HOST_NAME*
,*RABBIT_PASS*
and*NEUTRON_PASS*
with your own:# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone host = *HOST_NAME* [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = *RABBIT_PASS* [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = *NEUTRON_PASS* [oslo_concurrency] lock_path = /var/lib/neutron/tmp
- Make sure that any connection options under
[database]
are deleted or commented-out. - Delete or comment-out any pre-existing lines in the
[keystone_authtoken]
section.
Configure the neutron ovs agent. Replace
*XAPI_BRIDGE*
and*XENSERVER_ROOT*
with your own:# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini [ovs] integration_bridge = *XAPI_BRIDGE* bridge_mappings = public:xenbr0 [agent] root_helper = neutron-rootwrap-xen-dom0 /etc/neutron/rootwrap.conf root_helper_daemon = minimize_polling = False [securitygroup] firewall_driver = neutron.agent.firewall.NoopFirewallDriver
Configure neutron rootwrap to connect to XenServer. Replace
*XENSERVER_ROOT*
with your own:# vim /etc/neutron/rootwrap.conf [xenapi] xenapi_connection_url=http://compute1 xenapi_connection_username=root xenapi_connection_password=*XENSERVER_ROOT*
- There are other lines already present in this file. These should be left as-is.
Reconfigure nova to use neutron. Replace
*NEUTRON_PASS*
with your own:# vim /etc/nova/nova.conf [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = *NEUTRON_PASS*
Use the helper script to install the dom0 neutron plugins:
# source rdo_xenserver_helper.sh # install_dom0_plugins
- Enter the XenServer root password when prompted (twice).
- If you are prompted whether or not to overwrite a file under /tmp, answer
y
.
Restart the nova service:
# systemctl restart openstack-nova-compute.service
Enable and start the neutron service:
# systemctl enable neutron-openvswitch-agent.service # systemctl start neutron-openvswitch-agent.service
Log on to the controller node as root.
Load the “admin” credential file:
# source admin-openrc.sh
Check the neutron agent list:
# neutron agent-list +--------------------------------------+--------------------+---------------------------------------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+---------------------------------------------+-------+----------------+---------------------------+ | 57c49643-3e48-4252-9665-2f22e3b93b0e | Open vSwitch agent | compute1-vm.openstack.lab.eco.rackspace.com | :-) | True | neutron-openvswitch-agent | | 977ff9ae-96e5-4ef9-93d5-65a8541d7d25 | Metadata agent | controller.openstack.lab.eco.rackspace.com | :-) | True | neutron-metadata-agent | | ca0fb18a-b3aa-4cd1-bc5f-ba4700b4d9ce | Open vSwitch agent | controller.openstack.lab.eco.rackspace.com | :-) | True | neutron-openvswitch-agent | | d42db23f-3738-48b3-8f83-279ee29e84ef | DHCP agent | controller.openstack.lab.eco.rackspace.com | :-) | True | neutron-dhcp-agent | +--------------------------------------+--------------------+---------------------------------------------+-------+----------------+---------------------------+
- The list should include the ovs agent running on
controller
andcompute1-vm
.
Create the default security group:
# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 # nova secgroup-add-rule default tcp 1 65535 0.0.0.0/0
Create the public network. Replace
*PUBLIC_NETWORK_CIDR*
,*START_IP_ADDRESS*
,*END_IP_ADDRESS*
*DNS_RESOLVER*
and*PUBLIC_NETWORK_GATEWAY*
with your own:# neutron net-create public --shared --provider:physical_network public --provider:network_type flat # neutron subnet-create public *PUBLIC_NETWORK_CIDR* --name public --allocation-pool start=*START_IP_ADDRESS*,end=*END_IP_ADDRESS* --dns-nameserver *DNS_RESOLVER* --gateway *PUBLIC_NETWORK_GATEWAY*
There is a bug regarding the network’s segmentation ID which needs to be fixed. This should be resolved in openstack-neutron-7.0.1, but if you are running an older version:
Update the segmentation_id field in the neutron database:
# mysql neutron > update ml2_network_segments set segmentation_id=0; > quit
Update the segmentation_id for the DHCP agent’s ovs port:
# ovs-vsctl set Port $(ovs-vsctl show | grep Port | grep tap | awk -F \" ' { print $2 } ') other_config:segmentation_id=0
15. There is a bug in Neutron which is causing available XenAPI sessions to be exhausted. I have reported this and submitted a patch in https://bugs.launchpad.net/neutron/+bug/1558721. Until the bug is fixed upstream, here is the manual patch to fix the problem:
Open the neutron-rootwrap-xen-dom0 file:
# vim /usr/bin/neutron-rootwrap-xen-dom0Locate the following lines (should start at line 117):
result = session.xenapi.host.call_plugin( host, 'netwrap', 'run_command', {'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)}) return json.loads(result)Add the following before the ‘return’ line. It should have the same indentation as the ‘return’ line:
session.xenapi.session.logout()The whole section should now read:
result = session.xenapi.host.call_plugin( host, 'netwrap', 'run_command', {'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)}) session.xenapi.session.logout() return json.loads(result)