Integrating RHV & OpenStack with Neutron

Hi folks, I recently posted an article on one of the official Red Hat blogs about the new Neutron integration between RHV and RHOSP. I have to say it’s very cool and might change the way you look at networking capabilities in RHV, at least if you’re also using RHOSP in the same data center.

As a side note, I’ve mentioned my friend and colleague, Tony James in recent posts and he makes another appearance this week. He helped pull together the configuration steps as well as the demo that we recorded. Big kudos to to “Big T”.

Back to the actual integration. If you don’t want to look at the other article, the condensed version of “why should you might care” is as follows:

  1. Run applications across RHV & RHOSP – front end of the app on RHOSP and the back end on RHV using the Neutron integration to bridge the network gap.
  2. Add SDN capabilities to RHV via the Neutron integration, even if the app only exists in RHV.
  3. Manage the SDN network topologies for both RHV and RHOSP from a single management space (web or programmatic).

Those are the 3 big use cases, in a nutshell. If you want to hear about them in more detail, read the original article, it’s not a long read, but it might be worth your time.

The overall workflow for the configuration, as with most RHV-related configurations, is straightforward:

  1. Install the OpenStack Neutron packages on the RHV hypervisor hosts
  2. Configure hosts (hypervisor nodes) – very quick text edit
  3. Define OpenStack Neutron as an “External Network Provider” in RHV Manager
  4. Create one or more hosts in RHV that utilize the Neutron integration
  5. Import one or more networks from RHOSP into RHV
  6. Create one or more virtual machines that use the Neutron network(s)

More in Depth

Just to be clear, RHV and RHOSP need to both be up and running. Nothing special needs to be done on the RHOSP side. The only thing that needs to be done in OpenStack is to have 1 or more networks created in Neutron that will be utilized by RHV.

On the RHV side of things, there are multiple steps, but they’re all easy:

  1. In addition to the standard software repositories, you will need to subscribe the RHV hosts to the following additional repositories:
    # subscription-manager repos --enable=rhel-7-server-openstack-7.0-rpms --enable=rhel-7-server-extras-rpms
  2. From those repositories, the following packages need to be installed:
    # yum -y install openstack-neutron openstack-neutron-openvswitch openstack-selinux openstack-utils openvswitch vdsm-hook-openstacknet
  3. Add the following lines to the following 2 files for the host agent configuration:
    /etc/neutron/neutron.conf
    rabbit_host=[ip_address_of_rabbit_host]
    rabbit_port=5672
    rabbit_userid=guest
    rabbit_password=guest
    /etc/neutron/plugins/ml2/openvswitch_agent.ini
    [ovs]
    Integration_bridge = br-int
    Tunnel_bridge = br-tun
    Local_ip = [ip_of_local_host]
    
    [agent]
    Tunnel_types = vxlan
    Define the Neutron provider in RHV-M
  4. After logging into RHV-M, in the left pane select “External Providers”
  5. Select “Add” to add a provider
  6. In the window that is displayed:
    – Give the provider a name and optionally a description
    – Select “OpenStack Networking” for the provider type
    – Keep “Open vSwitch” selected for the networking plugin
    – Provide the OpenStack Neutron public API endpoint for the provider URL
    – Check the “Requires Authentication” box and provide the credentials for the “neutron” admin account in the “services” tenant along with the public API endpoint for OpenStack keystone
  7. Click the “Test” button to verify connectivity
  8. Select the “Agent Configuration” tab from the left side of the dialog box
  9. Provide a network label and bridge name for “Interface Mappings”
  10. Ensure “RabbitMQ” is selected for broker type
  11. Enter the hostname or IP address of the RabbitMQ host
  12. Enter the RabbitMQ port
  13. Unless authentication has been configured for RabbitMQ the username “guest” and password “guest” can be used.
  14. Click “Ok

Import a network from the Neutron provider:

  1. Select the newly added Neutron provider in the left pane
  2. Select the “Networks” sub-tab and click the “Import button”

Add a host with the external network provider:

  1. Select the “Hosts” main tab and click the “New” button
  2. Fill in the “Name” and relevant host/IP info along with SSH connection info for the the host
  3. Click “Ok” to begin host installation.

After the host has been added through RHV-M the following IPtables configuration should be performed in order to ensure that VMs in RHV can pull IP addresses from the DHCP servers in Neutron/OVS:

  1. Edit /etc/sysconfig/iptables and comment out the following line:
    -A INPUT -j REJECT —reject-with icmp-host-prohibited
  2. Reload iptables:
    # systemctl reload iptables.service

As usual, I’ve created a demo walk thru of the configuration. It shows almost everything described above, but it also shows a VM with an interface on the Neutron network. Additionally, a Floating IP is created on the RHOSP side that is associated with the IP address on the RHV side. Thanks again to Tony James for his help in creating the demo.

Best viewed in full screen:

What If You Want SDN but not OpenStack?

Great question. Help is on the way. The solution above works really well for those that already have OpenStack in their environment. But if you don’t need OpenStack, then it seems silly to stand it up just to run Neutron in RHV. I fully agree. With that said, full support for running Open vSwitch within RHV is coming. It’s in the roadmap for the 4.x release. No, I don’t have a date that I can post, but I can tell you it’s in the works.

What If You Want SDN but not OpenStack and not Open vSwitch?

That’s also a great question. Help is here, just not in this article. There is a separate API (External Partner Network API) available in RHV 4 that allows customers and partners to integrate more easily with RHV. For example, you want Midokura, Nuage, Big Switch, or any of the other awesome partners out there, there is no hard coding required.. “Use the force, Luke!!” I mean, use the API, man!

I hope this helps,

Captain KVM

6 thoughts on “Integrating RHV & OpenStack with Neutron”

  1. One small nitpick – If RHV was configured to manage firewall settings on the hypervisors (this is the default), then manual iptables settings will get overriden. Instead, custom iptables rules need to be set via engine-config.

    1. Barak,

      Most folks (well over 90%) want it this way.. and as you point out, it can be overridden if you have a stronger firewall or more detailed firewall.

      Captain KVM

  2. Hello,
    u installed and configured neutron on RHEV-H but what about if that hypervisor does go down? I mean the hypervisor ip used for public API authentication.
    Another question: is possible to integrate RHEV environment with remote OSP? I mean having RHEV hypervisors and OSP neutron installed on different systems letting them speak via network.
    I hope to speak more of this,
    Best Regards
    Alessio Dini

    1. Hi Allessio,

      Thanks for stopping by. For your first question, I think I understand you correctly. The authentication on the RHV side is really handled by RHV-M, and the configuration is shared where needed on the hypervisors. So if the hypervisor fails, the authentication is still there even if it was the hypervisor that was originally used to authenticate. As for your second question, I’m not sure I understand it. In this particular case, RHV and OpenStack are on different systems already. RHV connects to the Neutron service in OpenStack via the RHV External Provider.

      Captain KVM

      1. Hello,
        first of all thank you for your time.
        When I wrote my first reply I was beginning to work about RHEV Neutron integration.
        Now it still does not work but I have more ideas clear in my mind.
        Question: the hypervisor where U ran those commands in your post.. how many nic they have?And..
        did u configure any custom properties engine side?Or did you use any hook?And what about interface mappings in the network provider window? What did u write there?
        Sorry for my questions but your post is the unique source of technical commands.. no one neither Redhat documentation has some procedure or guide for this integration.
        Could you write a more complete procedure?
        Thank you captain!!

        Best Regards
        Alessio Dini

        1. Allesio,

          I believe the hosts had at least 2 NICs each. We did not use hook or custom properties or do anything not described in the article or video. As for documentation, there is actually official documentation, it just isn’t as intuitive to find as you would hope. You can find everything related to integrating VMware data stores, OpenStack networks, etc in the RHV Admin Guide under “External Providers”. For example:

          https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1-beta/html/administration_guide/sect-external_provider_networks

          and

          https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1-beta/html/administration_guide/sect-Adding_External_Providers#Adding_an_OpenStack_Network_Service_Neutron_for_Network_Provisioning

          Those are specific to RHV 4.1 beta external beta.

          Hope this helps,

          Captain KVM

Agree? Disagree? Something to add to the conversation?