Red Hat Training
A Red Hat training course is available for Red Hat OpenStack Platform
7.6. Configure the L3 Agent
Configure the Layer 3 agent. All steps in this procedure must be performed on the server hosting OpenStack Networking, while logged in as the
root
user.
Procedure 7.16. Configuring the L3 Agent
- Configure the L3 agent to use the Identity service for authentication.
- Set the authentication strategy to
keystone
:#
openstack-config --set /etc/neutron/metadata_agent.ini \
DEFAULT auth_strategy keystone
- Set the Identity service host that the L3 agent must use:
#
openstack-config --set /etc/neutron/metadata_agent.ini \
keystone_authtoken auth_host IP
Replace IP with the IP address or host name of the server hosting the Identity service. - Set the L3 agent to authenticate as the correct tenant:
#
openstack-config --set /etc/neutron/metadata_agent.ini \
keystone_authtoken admin_tenant_name services
Replace services with the name of the tenant created for the use of OpenStack Networking. Examples in this guide useservices
. - Set the L3 agent to authenticate using the
neutron
administrative user account:#
openstack-config --set /etc/neutron/metadata_agent.ini \
keystone_authtoken admin_user neutron
- Set the L3 agent to use the correct
neutron
administrative user account password:#
openstack-config --set /etc/neutron/metadata_agent.ini \
keystone_authtoken admin_password PASSWORD
Replace PASSWORD with the password set when theneutron
user was created. - If the
neutron-metadata-agent
service and thenova-metadata-api
service are not installed on the same server, set the address of thenova-metadata-api
service:#
openstack-config --set /etc/neutron/metadata_agent.ini \
DEFAULT nova_metadata_ip IP
Replace IP with the IP address of the server hosting thenova-metadata-api
service.
- Set the interface driver in the
/etc/neutron/l3_agent.ini
file based on the OpenStack Networking plug-in being used. Use the command the applies to the plug-in used in your environment:Open vSwitch Interface Driver
#
openstack-config --set /etc/neutron/l3_agent.ini \
DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
Linux Bridge Interface Driver
#
openstack-config --set /etc/neutron/l3_agent.ini \
DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
- The L3 agent connects to external networks using either an external bridge or an external provider network. When using the Open vSwitch plug-in, either approach is supported. When using the Linux Bridge plug-in, only the use of an external provider network is supported. Set up the option that is most appropriate for your environment.
Using an External Bridge
Create and configure an external bridge and configure OpenStack Networking to use it. Perform these steps on each system hosting an instance of the L3 agent.- Create the external bridge,
br-ex
:#
ovs-vsctl add-br br-ex
- Ensure that the
br-ex
device persists on reboot by creating a/etc/sysconfig/network-scripts/ifcfg-br-ex
file, and adding the following lines:DEVICE=br-ex DEVICETYPE=ovs TYPE=OVSBridge ONBOOT=yes BOOTPROTO=none
- Ensure that the L3 agent will use the external bridge:
#
openstack-config --set /etc/neutron/l3_agent.ini \
DEFAULT external_network_bridge br-ex
Using a Provider Network
To connect the L3 agent to external networks using a provider network, you must first have created the provider network. You must also have created a subnet and router to associate with it. The unique identifier of the router is required to complete these steps.Set the value of theexternal_network_bridge
configuration to be blank. This ensures that the L3 agent does not attempt to use an external bridge:#
openstack-config --set /etc/neutron/l3_agent.ini \
DEFAULT external_network_bridge ""
- Start the
neutron-l3-agent
service and configure it to start at boot time:#
systemctl start neutron-l3-agent.service
#
systemctl enable neutron-l3-agent.service
- The OpenStack Networking metadata agent allows virtual machine instances to communicate with the Compute metadata service. It runs on the same hosts as the L3 agent. Start the
neutron-metadata-agent
service and configure it to start at boot time:#
systemctl start neutron-metadata-agent.service
#
systemctl enable neutron-metadata-agent.service
- The
leastrouter
scheduler enumerates L3 Agent router assignment, and consequently schedules the router to the L3 Agent with the fewest routers. This differs from the ChanceScheduler behavior, which randomly selects from the candidate pool of L3 Agents.- Enable the
leastrouter
scheduler:#
openstack-config --set /etc/neutron/neutron.conf \
DEFAULT router_scheduler_driver neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
- Set up the shell to access keystone as the administrative user:
#
source ~/keystonerc_admin
- The router is scheduled once connected to a network. Unschedule the router:
[(keystone_admin)]#
neutron l3-agent-router-remove L3_NODE_ID ROUTER_ID
Replace L3_NODE_ID with the unique identifier of the agent on which the router is currently hosted, and replace ROUTER_ID with the unique identifier of the router. - Assign the router:
[(keystone_admin)]#
neutron l3-agent-router-add L3_NODE_ID ROUTER_ID
Replace L3_NODE_ID with the unique identifier of the agent on which the router is to be assigned, and replace ROUTER_ID with the unique identifier of the router.