Neutron install 3.1 - noironetworks/opflex-documentation GitHub Wiki
Neutron/Controller node preparation
Disable the L3 service and default openvswitch agent on the Neutron server(s) using the following commands.
systemctl stop neutron-l3-agent
systemctl disable neutron-l3-agent
systemctl stop neutron-openvswitch-agent
systemctl disable neutron-openvswitch-agent
aci-integration-module
neutron-ml2-driver-apic
acitoolkit
apicapi
neutron-opflex-agent
openstack-dashboard-gbp
openstack-heat-gbp
openstack-neutron-gbp
python-django-horizon-gbp
python-gbpclient
Once the package installation completes, the /etc/neutron/neutron.conf file needs to be updated to point to the APIC for networking services. Edit the existing list of core and service plugins in the file and with:
core_plugin=ml2plus
service_plugins=apic_aim_l3,group_policy,ncp
note: You need to be cautious not to remove services that do not clash with services required by this plugin. For example, if lbaas and/or metering service is enabled you need to make sure it stays enabled as shown in below example.
Example:
service_plugins = group_policy,ncp,apic_aim_l3,metering.lbaas
Also add apic_system_id to the neutron.con [DEFAULT] section
apic_system_id = <APIC_SYSTEM_ID>
The ML2 configuration /etc/neutron/plugins/ml2/ml2_conf.ini file also requires the following changes to enable the correct mechanism, extension and type driver for APIC, and OpFlex as a new network type:
type_drivers = opflex,local,flat,vlan,gre,vxlan
tenant_network_types = opflex
mechanism_drivers = apic_aim
extension_drivers = apic_aim
If using VXLAN Encapsulation, edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and comment out the following line
Example:
# network_vlan_ranges =
If using VLAN Encapsulation, edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and add the range of the VLANS to the [ml2_type_vlan] section using the following line:
network_vlan_ranges = physnet1:<start_vlan_range>:<end_vlan _range>
Example:
network_vlan_ranges = physnet1:1000:2000
Enable the heat plugin for GBP. This is done by making sure the plugin_dirs in the DEFAULT section of /etc/heat/heat.conf file includes the GBP path:
plugin_dirs = /usr/lib/python2.7/site-packages/gbpautomation/heat
Edit the /etc/neutron/dhcp_agent.ini file, make sure force_matadata is enabled and verify other values:
ovs_integration_bridge = br-int
enable_isolated_metadata = True
force_metadata = True
Note: The DHCP agent setting are only needed when using non optimized DHCP and metadata. Since optimized metadata and DHCP do not use the DHCP agent, these setting has no effect.
systemctl restart neutron-dhcp-agent
Copy the policy.json file from /etc/group-based-policy/policy.d/policy.json to /etc/neutron.
cp /etc/group-based-policy/policy.d/policy.json /etc/neutron/policy.json
Note This overwrites the policy.json file in the /etc/neutron directory. If you have made any changes to this file you will need to merge the changes into the new policy.json file.
Create the /etc/neutron/conf.d/neutron-server/ml2_conf_cisco_apic.conf (Should I symlink it?)
[apic_aim_auth]
auth_plugin=v3password
auth_url=http://<CONTROLLER-IP or VIP>:35357/v3/
username=admin?
password=<ADMIN_PASSWORD>
user_domain_name=default
project_domain_name=default
project_name=admin
[ml2_apic_aim]
enable_optimized_metadata = True
[group_policy]
policy_drivers=aim_mapping
extension_drivers = aim_extension,proxy_group
[group_policy_implicit_policy]
default_ip_pool=192.168.0.0/16
If using IPv6, add the IP versions and IPv6 pool to the above implicit policy, replace above section with:
[group_policy_implicit_policy]
default_ip_version=46
default_ip_pool=192.168.0.0/16,2001:db8:2::/64
When using IPv6 also add the RA and address assignment modes:
[resource_mapping]
default_ipv6_ra_mode = slaac
default_ipv6_address_mode = slaac
a) Create or edit the/etc/aim/aim.conf file with content:
[DEFAULT]
debug=False
rpc_backend=rabbit
control_exchange=neutron
default_log_levels=neutron.context=ERROR
[oslo_messaging_rabbit]
rabbit_host=<rabbit-mq-host>
rabbit_port=<rabbit-m1-port>
rabbit_hosts=<rabbit-mq-host>:<rabbit-m1-port>
rabbit_use_ssl=False
rabbit_userid=<username>
rabbit_password=<password>
rabbit_ha_queues=False
The above values can be obtained from the neutron.conf file.
Now add the database connect string, you can also copy the database string from neutron.conf
[database]
connection=mysql+pymysql://neutron:<PASSWORD>@<CONTROLLER-IP>/neutron
Add the [aim] and [apic] sections as shown in below example:
[aim]
agent_down_time = 75
poll_config = False
aim_system_id = <APIC_SYSTEM_ID>
max_operation_retry=5
[apic]
apic_hosts = <APIC-IP>
apic_username = admin
apic_password = <PASSWORD>
apic_use_ssl = True
where apic_hosts needs a comma separated list of all APICs in the cluster.
b) Edit the /etc/aim/aimctl.conf
[DEFAULT]
apic_system_id = <APIC_SYSTEM_ID>
[apic_vmdom:<APIC_SYSTEM_ID>]
#This section is optional and used in case static link provisioning is used
[apic_switch:101]
compute01 = 1/10
compute02 = 1/11
[apic_switch:102]
compute02 = 1/10
compute04 = 1/11
c) Initialize the aim database using below commands:
aimctl db-migration upgrade head
aimctl config update
aimctl infra create
aimctl manager load-domains --enforce
d) Start and enable the aim services
systemctl start aim-aid
systemctl start aim-event-service-polling
systemctl start aim-event-service-rpc
systemctl enable aim-aid
systemctl enable aim-event-service-polling
systemctl enable aim-event-service-rpc
Restart the neutron service
systemctl restart neutron-server
Configuration of the controller is now complete.