7.4. Common Networking Configuration

7.4.1. Disable Network Manager

OpenStack networking currently does not work on systems that have the Network Manager (NetworkManager) service enabled.
Follow the steps listed in this procedure while logged in as the root user on each system in the environment that will handle network traffic. This includes the system that will host the OpenStack Networking service, all network nodes, and all compute nodes.
These steps determine the state of the NetworkManager service, disable it from running, and replace it with the standard network service:

Procedure 7.3. Disabling the Network Manager service

  1. Verify Network Manager is currently enabled using the systemctl command. 
    # systemctl status NetworkManager.service | grep Active:
    The output indicates whether or not the Network Manager service is enabled.
    • The system displays an error if the Network Manager service is not currently installed: 
      error reading information on service NetworkManager: No such file or directory
      If this error is displayed then no further action is required to disable the Network Manager service.
    • The system displays Active: active (running) if Network Manager is running, or Active: inactive (dead) if it is not.
      For example, if Network Manager is active: 
      Active: active (running) since Thu 2014-06-26 19:34:00 EDT; 2s ago
      If Network Manager is inactive, then no further action is required.
  2. If Network Manager is running, then you must first stop it: 
    # systemctl stop NetworkManager.service
  3. Then disable Network Manager: 
    # systemctl disable NetworkManager.service
  4. Open each interface configuration file on the system in a text editor. Interface configuration files are found in the /etc/sysconfig/network-scripts/ directory and have names of the form ifcfg-X where X is replaced by the name of the interface. Valid interface names include eth0, p1p5, and em1.
    In each file ensure that the NM_CONTROLLED configuration key is set to no and the ONBOOT configuration key is set to yes. Add these keys manually if they do not already exist in each file. 
    NM_CONTROLLED=no
ONBOOT=yes
    This action ensures that the standard network service will take control of the interfaces and automatically activate them on boot.
  5. Ensure that the standard network service is started using the systemctl command: 
    # systemctl start network.service
  6. Ensure that the network service is enabled: 
    # systemctl enable network.service
The Network Manager service has been disabled. The standard network service has been enabled and configured to control the required network interfaces.

7.4.2. Install the Networking Service Packages

The OpenStack Networking service requires the following packages:
openstack-neutron
Provides the networking service and associated configuration files.
openstack-neutron-PLUGIN
Provides a networking plug-in. Replace PLUGIN with one of the recommended plug-ins (openvswitch and linuxbridge).
openstack-utils
Provides supporting utilities to assist with a number of tasks including the editing of configuration files.
openstack-selinux
Provides OpenStack specific SELinux policy modules.
The packages must be installed on all systems that will handle network traffic. This includes the OpenStack Networking service node, all network nodes, and all Compute nodes.
To install all of the above packages, execute the following command while logged in as the root user: 
# yum install -y openstack-neutron \
   openstack-neutron-PLUGIN \
   openstack-utils \
   openstack-selinux
Replace PLUGIN with openvswitch or linuxbridge (determines which plug-in is installed).
The networking services are installed and ready to be configured.

7.4.3. Configure the Firewall to Allow OpenStack Networking Traffic

Remote systems requiring integration with the OpenStack Networking service will need to be granted access to TCP port 9696.
All steps in this procedure must be run while logged in to the server hosting the OpenStack Networking service as the root user.

Procedure 7.4. Configuring the firewall to allow OpenStack Networking traffic (for Red Hat Enterprise Linux 6-based systems)

  1. Open the /etc/sysconfig/iptables file in a text editor.
  2. Add an INPUT rule allowing TCP traffic on port 9696 to the file. The new rule must appear before any INPUT rules that REJECT traffic. 
    -A INPUT -p tcp -m multiport --dports 9696 -j ACCEPT
  3. Save the changes to the /etc/sysconfig/iptables file.
  4. Restart the iptables service to ensure that the change takes effect. 
    # service iptables restart

Procedure 7.5. Configuring the firewall to allow OpenStack Networking traffic (for Red Hat Enterprise Linux 7-based systems)

  1. Add a rule allowing TCP traffic on port 9696. 
    # firewall-cmd --permanent --add-port=9696/tcp
  2. For the change to take immediate effect, add the rule to the runtime mode: 
    # firewall-cmd --add-port=9696/tcp
The firewall is now configured to allow incoming connections to the networking service on port 9696.