Neutron service on controller

The networking service in Openstack is called Neutron. Neutron consists of multiple components, some of which is to be installed on the controller, some on dedicated networking nodes (depending on types of network), and some on the compute nodes.

In this setup we'll go with the "Provider networking" option, which is the simpler one. We will not be able to work with self-service networks

The process below is a mixture of https://docs.openstack.org/neutron/2025.1/install/environment-networking-controller-ubuntu.html and https://docs.openstack.org/neutron/2025.1/admin/deploy-ovs-provider.html

Install Neutron

Prepare database

sudo mysql -u root -p

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';

Create service credentials

. admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network

Create service endpoints

openstack endpoint create --region <REGION> network public http://<FQDN>:9696
openstack endpoint create --region <REGION> network admin http://<FQDN>:9696
openstack endpoint create --region <REGION> network internal http://<FQDN>:9696

Install and configure components

sudo apt install neutron-server neutron-plugin-ml2 #neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent

Neutron service

/etc/neutron/neutron.conf

[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:Passw0rd!@os-control
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
dhcp_agents_per_network = 2

[agent]
root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf"

[database]
#connection = sqlite:////var/lib/neutron/neutron.sqlite
connection = mysql+pymysql://neutron:Passw0rd!@os-control/neutron

[keystone_authtoken]
www_authenticate_uri = http://os-control:5000
auth_url = http://os-control:5000
memcached_servers = os-control:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = Passw0rd!

[nova]
auth_url = http://os-control:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionAma
project_name = service
username = nova
password = Passw0rd!

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

Modular Layer 2 (ml2) plugin

/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = openvswitch
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_networks = provider

[ml2_type_vlan]
network_vlan_ranges = provider #:100-200 #Optionally limit the valid vlan range

[ovs]
bridge_mappings = provider:br-provider

Populate database

sudo neutron-db-manage --config-file /etc/neutron/neutron.conf   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head