BestHub
Sign in
Cloud Computing 15 min read

Step-by-Step Guide to Deploy OpenStack Neutron Server on Icehouse

This article provides a comprehensive, command‑by‑command tutorial for installing and configuring the OpenStack Neutron networking service on the controller, network, and compute nodes, covering package installation, database setup, Keystone integration, ML2 plugin configuration, and service startup.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Step-by-Step Guide to Deploy OpenStack Neutron Server on Icehouse

Neutron Server Node

In a typical OpenStack deployment, the networking service (Neutron) consists of three roles: neutron server, network node, and compute node. This guide begins with installing the neutron server on the controller node.

Install required packages

# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient

Create neutron database # openstack-db --init --service neutron --password neutron Note: neutron will automatically create its tables on first start; ignore any errors from this command.

Create neutron user in Keystone

# keystone user-create --name neutron --pass neutron --email [email protected]

Add admin role to neutron user

# keystone user-role-add --user neutron --tenant service --role admin

Create neutron service and endpoint

# keystone service-create --name neutron --type network --description "OpenStack Networking"
# keystone endpoint-create \
   --service-id $(keystone service-list | awk '/ network / {print $2}') \
   --publicurl http://controller:9696 \
   --adminurl http://controller:9696 \
   --internalurl http://controller:9696

Configure neutron server

Set database connection URL:

# openstack-config --set /etc/neutron/neutron.conf database connection \
   mysql://neutron:neutron@controller/neutron

Configure Keystone authentication:

# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host controller
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password neutron

Configure message queue backend (Qpid):

# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid
# openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname controller

Notify Nova of port status changes:

# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }')
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password nova
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://controller:35357/v2.0

Configure ML2 plugin

# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router

ML2 configuration file:

# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers gre
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True

Configure Nova to use Neutron:

# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://controller:9696
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://controller:35357/v2.0
# openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron

Create symbolic link for plugin configuration: # ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini Restart and start services

# for svc in api scheduler conductor; do service openstack-nova-${svc} restart; done
# service neutron-server start
# chkconfig neutron-server on

Network Node Configuration

Enable IP forwarding and disable rp_filter:

# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
# sysctl -p

Install network node packages:

# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

Configure Keystone authentication on the network node (same as controller).

Configure Qpid backend and ML2 plugin (same commands as above).

Configure L3 agent:

# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT use_namespaces True

Configure DHCP agent:

# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces True

Custom DHCP options:

# vim /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454

Configure metadata agent:

# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:5000/v2.0
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region regionOne
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name service
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user neutron
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password neutron
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET

Enable metadata proxy in Nova:

# openstack-config --set /etc/nova/nova.conf DEFAULT service_neutron_metadata_proxy true
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_metadata_proxy_shared_secret METADATA_SECRET
# service openstack-nova-api restart

Configure Open vSwitch:

# service openvswitch start
# chkconfig openvswitch on
# ovs-vsctl add-br br-int
# ovs-vsctl add-br br-ex
# ovs-vsctl add-port br-ex eth1
# ovs-vsctl br-set-external-id br-ex bridge-id br-ex

Start all neutron agents:

# for svc in openvswitch-agent l3-agent dhcp-agent metadata-agent; do service neutron-${svc} start; chkconfig neutron-${svc} on; done
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

cloud computingLinuxNetworkingOpenStackNeutron
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment