Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

7.6. Configure the L3 Agent

Configure the Layer 3 agent. All steps in this procedure must be performed on the server hosting OpenStack Networking, while logged in as the root user.

Procedure 7.16. Configuring the L3 Agent

  1. Configure the L3 agent to use the Identity service for authentication.
    1. Set the authentication strategy to keystone:
      # openstack-config --set /etc/neutron/metadata_agent.ini \
         DEFAULT auth_strategy keystone
    2. Set the Identity service host that the L3 agent must use:
      # openstack-config --set /etc/neutron/metadata_agent.ini \
         keystone_authtoken auth_host IP
      Replace IP with the IP address or host name of the server hosting the Identity service.
    3. Set the L3 agent to authenticate as the correct tenant:
      # openstack-config --set /etc/neutron/metadata_agent.ini \
         keystone_authtoken admin_tenant_name services
      Replace services with the name of the tenant created for the use of OpenStack Networking. Examples in this guide use services.
    4. Set the L3 agent to authenticate using the neutron administrative user account:
      # openstack-config --set /etc/neutron/metadata_agent.ini \
         keystone_authtoken admin_user neutron
    5. Set the L3 agent to use the correct neutron administrative user account password:
      # openstack-config --set /etc/neutron/metadata_agent.ini \
         keystone_authtoken admin_password PASSWORD
      Replace PASSWORD with the password set when the neutron user was created.
    6. If the neutron-metadata-agent service and the nova-metadata-api service are not installed on the same server, set the address of the nova-metadata-api service:
      # openstack-config --set /etc/neutron/metadata_agent.ini \
         DEFAULT nova_metadata_ip IP
      Replace IP with the IP address of the server hosting the nova-metadata-api service.
  2. Set the interface driver in the /etc/neutron/l3_agent.ini file based on the OpenStack Networking plug-in being used. Use the command the applies to the plug-in used in your environment:
    • Open vSwitch Interface Driver

      # openstack-config --set /etc/neutron/l3_agent.ini \
         DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
    • Linux Bridge Interface Driver

      # openstack-config --set /etc/neutron/l3_agent.ini \
         DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
  3. The L3 agent connects to external networks using either an external bridge or an external provider network. When using the Open vSwitch plug-in, either approach is supported. When using the Linux Bridge plug-in, only the use of an external provider network is supported. Set up the option that is most appropriate for your environment.
    • Using an External Bridge

      Create and configure an external bridge and configure OpenStack Networking to use it. Perform these steps on each system hosting an instance of the L3 agent.
      1. Create the external bridge, br-ex:
        # ovs-vsctl add-br br-ex
      2. Ensure that the br-ex device persists on reboot by creating a /etc/sysconfig/network-scripts/ifcfg-br-ex file, and adding the following lines:
        DEVICE=br-ex
        DEVICETYPE=ovs
        TYPE=OVSBridge
        ONBOOT=yes
        BOOTPROTO=none
      3. Ensure that the L3 agent will use the external bridge:
        # openstack-config --set /etc/neutron/l3_agent.ini \
           DEFAULT external_network_bridge br-ex
    • Using a Provider Network

      To connect the L3 agent to external networks using a provider network, you must first have created the provider network. You must also have created a subnet and router to associate with it. The unique identifier of the router is required to complete these steps.
      Set the value of the external_network_bridge configuration to be blank. This ensures that the L3 agent does not attempt to use an external bridge:
      # openstack-config --set /etc/neutron/l3_agent.ini \
         DEFAULT external_network_bridge ""
  4. Start the neutron-l3-agent service and configure it to start at boot time:
    # systemctl start neutron-l3-agent.service
    # systemctl enable neutron-l3-agent.service
  5. The OpenStack Networking metadata agent allows virtual machine instances to communicate with the Compute metadata service. It runs on the same hosts as the L3 agent. Start the neutron-metadata-agent service and configure it to start at boot time:
    # systemctl start neutron-metadata-agent.service
    # systemctl enable neutron-metadata-agent.service
  6. The leastrouter scheduler enumerates L3 Agent router assignment, and consequently schedules the router to the L3 Agent with the fewest routers. This differs from the ChanceScheduler behavior, which randomly selects from the candidate pool of L3 Agents.
    1. Enable the leastrouter scheduler:
      # openstack-config --set /etc/neutron/neutron.conf \
         DEFAULT router_scheduler_driver neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
    2. Set up the shell to access keystone as the administrative user:
      # source ~/keystonerc_admin
    3. The router is scheduled once connected to a network. Unschedule the router:
      [(keystone_admin)]# neutron l3-agent-router-remove L3_NODE_ID ROUTER_ID
      Replace L3_NODE_ID with the unique identifier of the agent on which the router is currently hosted, and replace ROUTER_ID with the unique identifier of the router.
    4. Assign the router:
      [(keystone_admin)]# neutron l3-agent-router-add L3_NODE_ID ROUTER_ID
      Replace L3_NODE_ID with the unique identifier of the agent on which the router is to be assigned, and replace ROUTER_ID with the unique identifier of the router.