OpenStack Kilo on Ubuntu 14.04.2 – Configure Neutron #2


OpenStack Logo

This is the second part of configuring neutron (Networking) on Ubuntu 14.04, you can go through previous article on Configure Neutron #1, in which we have installed and configured Networking components on Controller node.

Here, in this tutorial we will install and configure Network Node.


Make sure you have enabled OpenStack Kilo repository on Compute Node, or follow below steps to enable it.

Install the Ubuntu Cloud archive keyring and repository.

# apt-get install ubuntu-cloud-keyring
# echo "deb" "trusty-updates/kilo main" > /etc/apt/sources.list.d/cloudarchive-kilo.list

Upgrade your system.

# apt-get update

Configure kernel parameters on network node, edit /etc/sysctl.conf file.

# nano /etc/sysctl.conf

Add the following parameters into the file.


Apply the changes.

# sysctl -p

Install and configure Networking components:

Install the following packages on Network node.

# apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent

Edit /etc/neutron/neutron.conf.

# nano /etc/neutron/neutron.conf

Modify the below settings and make sure to place a entries in the proper sections. In the case of database section, comment out any connection options as network node does not directly access the database

rpc_backend = rabbit
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
auth_strategy = keystone
verbose = True
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = password
## Replace "password" with the password you chose for the openstack account in RabbitMQ
#connection = sqlite:////var/lib/neutron/neutron.sqlite
##Comment out the above line.
auth_uri = https://controller:5000
auth_url = https://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = password
## Replace "password" with the password you chose for neutron user in the identity service

Configure Modular Layer 2 (ML2) plug-in:

Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file.

# nano /etc/neutron/plugins/ml2/ml2_conf.ini

Modify the below sections.

type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
flat_networks = external
tunnel_id_ranges = 1:1000
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
local_ip =
## Tunnel network interface on your Network Node.
bridge_mappings = external:br-ex
tunnel_types = gre

Note: [ovs] and [agent] stanzas are need to be added extra at the bottom of the file.

Configure the Layer-3 (L3) agent:

It provides routing services for virtual networks, Edit the /etc/neutron/l3_agent.ini file.

# nano /etc/neutron/l3_agent.ini

Modify the [DEFAULT] section.

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True
verbose = True

Configure the DHCP agent:

Edit the /etc/neutron/dhcp_agent.ini file.

# nano  /etc/neutron/dhcp_agent.ini

Modify the following stanzas.

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True
verbose = True

Configure the metadata agent:

Edit the /etc/neutron/metadata_agent.ini file

# nano /etc/neutron/metadata_agent.ini

Modify the following sections, you may have to comment out the existing entries.

verbose = True
auth_uri = https://controller:5000
auth_url = https://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = password
## Replace "password" with the password you chose for neutron user in the identity service.
nova_metadata_ip = controller
metadata_proxy_shared_secret = 26f008fb8c504b393df3
## Replace "26f008fb8c504b393df3" with a suitable secret for the metadata proxy

On the Controller node, edit the /etc/nova/nova.conf file.

# nano /etc/nova/nova.conf

Modify the [neutron] sections.

service_metadata_proxy = True
metadata_proxy_shared_secret = 26f008fb8c504b393df3
## Replace "26f008fb8c504b393df3" with the secret you chose for the metadata proxy.

Restart the compute API service on controller node.

# service nova-api restart

Configure the Open vSwitch (OVS) service:

Restart the OVS service on Network Node.

# service openvswitch-switch restart

Add the external bridge.

# ovs-vsctl add-br br-ex

Add a port to the external bridge that connects to the physical external network interface, in my case eth2 is the interface name.

# ovs-vsctl add-port br-ex eth2

Restar the networking services.

# service neutron-plugin-openvswitch-agent restart
# service neutron-l3-agent restart
# service neutron-dhcp-agent restart
# service neutron-metadata-agent restart

Verify operation:

Load admin credentials on the controller node.

# source

List the agents.

# neutron agent-list
| id                                   | agent_type         | host    | alive | admin_state_up | binary                    |
| 23da3f95-b81b-4426-9d7a-d5cbfc5241c0 | Metadata agent     | network | :-)   | True           | neutron-metadata-agent    |
| 4217b0c0-fbd4-47d9-bc22-5187f09d958a | DHCP agent         | network | :-)   | True           | neutron-dhcp-agent        |
| b4cf95cd-2eba-4c69-baa6-ae8832384e40 | Open vSwitch agent | network | :-)   | True           | neutron-openvswitch-agent |
| d9e174be-e719-4f05-ad05-bc444eb97df5 | L3 agent           | network | :-)   | True           | neutron-l3-agent          |

That’s All!!!, you have successfully configured Network Node.

You might also like