Neutron install 3.1 - noironetworks/opflex-documentation GitHub Wiki

Neutron/Controller node preparation

Step 1. Disable neutron agents

Disable the L3 service and default openvswitch agent on the Neutron server(s) using the following commands.

systemctl stop neutron-l3-agent

systemctl disable neutron-l3-agent

systemctl stop neutron-openvswitch-agent

systemctl disable neutron-openvswitch-agent

Step 2. Install necessary packages

aci-integration-module

neutron-ml2-driver-apic

acitoolkit

apicapi

neutron-opflex-agent

openstack-dashboard-gbp

openstack-heat-gbp

openstack-neutron-gbp

python-django-horizon-gbp

python-gbpclient

Step 3. neutron.conf changes

Once the package installation completes, the /etc/neutron/neutron.conf file needs to be updated to point to the APIC for networking services. Edit the existing list of core and service plugins in the file and with:

core_plugin=ml2plus

service_plugins=apic_aim_l3,group_policy,ncp

note: You need to be cautious not to remove services that do not clash with services required by this plugin. For example, if lbaas and/or metering service is enabled you need to make sure it stays enabled as shown in below example.

Example:

service_plugins = group_policy,ncp,apic_aim_l3,metering.lbaas

Also add apic_system_id to the neutron.con [DEFAULT] section

apic_system_id = <APIC_SYSTEM_ID>

Step 4. ml2_conf.ini changes

The ML2 configuration /etc/neutron/plugins/ml2/ml2_conf.ini file also requires the following changes to enable the correct mechanism, extension and type driver for APIC, and OpFlex as a new network type:

type_drivers = opflex,local,flat,vlan,gre,vxlan

tenant_network_types = opflex

mechanism_drivers = apic_aim

extension_drivers = apic_aim

If using VXLAN Encapsulation, edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and comment out the following line

Example:

# network_vlan_ranges =


If using VLAN Encapsulation, edit the /etc/neutron/plugins/ml2/ml2_conf.ini file and add the range of the VLANS to the [ml2_type_vlan] section using the following line:

network_vlan_ranges = physnet1:<start_vlan_range>:<end_vlan _range>

Example:

network_vlan_ranges = physnet1:1000:2000

Step 5. Enable GBP heat plugin

Enable the heat plugin for GBP. This is done by making sure the plugin_dirs in the DEFAULT section of /etc/heat/heat.conf file includes the GBP path:

plugin_dirs = /usr/lib/python2.7/site-packages/gbpautomation/heat

Step 6. DHCP agent configuration

Edit the /etc/neutron/dhcp_agent.ini file, make sure force_matadata is enabled and verify other values:

ovs_integration_bridge = br-int

enable_isolated_metadata = True

force_metadata = True

Note: The DHCP agent setting are only needed when using non optimized DHCP and metadata. Since optimized metadata and DHCP do not use the DHCP agent, these setting has no effect.

systemctl restart neutron-dhcp-agent

Step 7. policy.json

Copy the policy.json file from /etc/group-based-policy/policy.d/policy.json to /etc/neutron.

cp /etc/group-based-policy/policy.d/policy.json /etc/neutron/policy.json

Note This overwrites the policy.json file in the /etc/neutron directory. If you have made any changes to this file you will need to merge the changes into the new policy.json file.

Step 8. Create ml2_conf_cisco_apic.conf

Create the /etc/neutron/conf.d/neutron-server/ml2_conf_cisco_apic.conf (Should I symlink it?)

[apic_aim_auth]

auth_plugin=v3password

auth_url=http://<CONTROLLER-IP or VIP>:35357/v3/

username=admin?

password=<ADMIN_PASSWORD>

user_domain_name=default

project_domain_name=default

project_name=admin

[ml2_apic_aim]

enable_optimized_metadata = True

[group_policy]

policy_drivers=aim_mapping

extension_drivers = aim_extension,proxy_group

[group_policy_implicit_policy]

default_ip_pool=192.168.0.0/16

If using IPv6, add the IP versions and IPv6 pool to the above implicit policy, replace above section with:

[group_policy_implicit_policy]

default_ip_version=46

default_ip_pool=192.168.0.0/16,2001:db8:2::/64

When using IPv6 also add the RA and address assignment modes:

[resource_mapping]

default_ipv6_ra_mode = slaac

default_ipv6_address_mode = slaac

Step 8. Configure AIM

a) Create or edit the/etc/aim/aim.conf file with content:

[DEFAULT]

debug=False

rpc_backend=rabbit

control_exchange=neutron

default_log_levels=neutron.context=ERROR

[oslo_messaging_rabbit]

rabbit_host=<rabbit-mq-host>

rabbit_port=<rabbit-m1-port>

rabbit_hosts=<rabbit-mq-host>:<rabbit-m1-port>

rabbit_use_ssl=False

rabbit_userid=<username>

rabbit_password=<password>

rabbit_ha_queues=False

The above values can be obtained from the neutron.conf file.

Now add the database connect string, you can also copy the database string from neutron.conf

[database]

connection=mysql+pymysql://neutron:<PASSWORD>@<CONTROLLER-IP>/neutron

Add the [aim] and [apic] sections as shown in below example:

[aim]

agent_down_time = 75

poll_config = False

aim_system_id = <APIC_SYSTEM_ID>

max_operation_retry=5

[apic]

apic_hosts = <APIC-IP>

apic_username = admin

apic_password = <PASSWORD>

apic_use_ssl = True

where apic_hosts needs a comma separated list of all APICs in the cluster.

b) Edit the /etc/aim/aimctl.conf

[DEFAULT]

apic_system_id = <APIC_SYSTEM_ID>

[apic_vmdom:<APIC_SYSTEM_ID>]

#This section is optional and used in case static link provisioning is used

[apic_switch:101]

compute01 = 1/10

compute02 = 1/11

[apic_switch:102]

compute02 = 1/10

compute04 = 1/11

c) Initialize the aim database using below commands:

aimctl db-migration upgrade head

aimctl config update

aimctl infra create

aimctl manager load-domains --enforce

d) Start and enable the aim services

systemctl start aim-aid

systemctl start aim-event-service-polling

systemctl start aim-event-service-rpc

systemctl enable aim-aid

systemctl enable aim-event-service-polling

systemctl enable aim-event-service-rpc

Restart the neutron service

systemctl restart neutron-server

Configuration of the controller is now complete.

⚠️ **GitHub.com Fallback** ⚠️