-
Notifications
You must be signed in to change notification settings - Fork 1.2k
OFAgent OpenStack IceHouse environment HOWTO
KANEKO Yoshihiro edited this page May 7, 2014
·
2 revisions
==================================== Instructions for construction of OpenStack IceHouse environment with OFAgent using devstack
This document explains how to construct OpenStack IceHouse environment with OFAgent using devstack.
Assuming the following systems as a goal.
+--------+
| Client |
+----+---+
|
-----+---------+-------------------+-----------
| |
+--------+--------+ +-------+--------+
| All-in-one Node | | Compute Node |
| Nova | | Neutron |
| Keystone | | ofagent |
| Glance | | Nova |
| Neutron | | nova-compute |
| Cinder | +----------------+
| Horizon |
+-----------------+
-
All-in-one Node:
OpenStack components are run on this node. It is including nova-compute, so VM is run on this node too. Besides a traffic to the outside network from VM on compute node goes via this node.
-
Compute Node:
The nova-compute and the agent for Neutron OFAgent are run on this node.
-
Client:
This host is used for confirmation of communication of VM and a remote host on an external network.
We use Ubuntu 14.04 Server on both node.
The following addresses are used in each host.
-
Network: 192.168.122.0/24
-
Hosts
-
All-in-one Node:
- Host name: allinone
- IP address: 192.168.122.60
-
Compute Node:
- Host name: compute1
- IP address: 192.168.122.61
-
Client:
- Host name: client
- IP address: 192.168.122.1
-
On this document, we built both nodes on each VM using libvirt and KVM. We used the host system as the client, and added a route entry for access to a floating-ip.
$ sudo route add -net 192.168.100.0/24 gw 192.168.122.60
We assume installation of Ubutnu 14.04 Server was completed.
Install the needed packages.
$ sudo apt-get install git python-dev python-pip
$ sudo pip install -U six
Download devstack. We provide pre-configured devstack for your convenience.
$ cd
$ git clone https://github.com/osrg/devstack.git -b ofagent/icehouse
You can use the upstream version if you want to use latest devstack.
$ git clone https://github.com/openstack-dev/devstack.git -b stable/icehouse
Configure network interface.
$ sudo vi /etc/network/interfaces
/etc/network/interfaces:
auto lo
auto eth0
iface eth0 inet static
address 192.168.122.60
netmask 255.255.255.0
gateway 192.168.122.1
dns-nameservers 192.168.122.1
Restart networking.
$ sudo /etc/init.d/networking restart
Configure devstack. If you use the pre-configured version, you can skip this step.
$ cd ~/devstack
$ vi localrc
$ vi local.conf
localrc:
SERVICE_HOST=192.168.122.60
disable_service n-net
enable_service q-svc q-agt q-dhcp q-l3 q-meta q-lbaas neutron
FLOATING_RANGE=192.168.100.0/24
PUBLIC_NETWORK_GATEWAY=192.168.100.1
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ofagent,l2population
Q_AGENT=ofagent
ENABLE_TENANT_TUNNELS=True
Q_ML2_TENANT_NETWORK_TYPE=gre
Q_HOST=$SERVICE_HOST
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
KEYSTONE_AUTH_HOST=$SERVICE_HOST
KEYSTONE_SERVICE_HOST=$SERVICE_HOST
MYSQL_PASSWORD=mysql
RABBIT_PASSWORD=rabbit
SERVICE_TOKEN=service
SERVICE_PASSWORD=admin
SERVICE_TENANT_NAME=service
ADMIN_PASSWORD=admin
NEUTRON_REPO=https://github.com/osrg/quantum
NEUTRON_BRANCH=ofagent
Please modify IP addresses (SERVICE_HOST, FLOATING_RANGE, PUBLIC_NETWORK_GATEWAY) if you need.
local.conf:
[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[agent]
l2_population=True
Configure network interface.
$ sudo vi /etc/network/interfaces
/etc/network/interfaces:
auto lo
auto eth0
iface eth0 inet static
address 192.168.122.61
netmask 255.255.255.0
gateway 192.168.122.1
dns-nameservers 192.168.122.1
Restart networking.
$ sudo /etc/init.d/networking restart
Configure devstack.
$ cd ~/devstack
$ vi localrc
$ vi local.conf
If you use the pre-configured version, you should only modify localrc. Comment-out "all-in-one node" block, and uncomment "compute node" block.
localrc:
SERVICE_HOST=192.168.122.60
# all-in-one node
#disable_service n-net
#enable_service q-svc q-agt q-dhcp q-l3 q-meta q-lbaas neutron
# compute node
disable_all_services
enable_service n-cpu q-agt neutron
(snip)
If you do not use the pre-configured version, you have to create the following files:
localrc:
SERVICE_HOST=192.168.122.60
disable_all_services
enable_service n-cpu q-agt neutron
FLOATING_RANGE=192.168.100.0/24
PUBLIC_NETWORK_GATEWAY=192.168.100.1
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ofagent,l2population
Q_AGENT=ofagent
ENABLE_TENANT_TUNNELS=True
Q_ML2_TENANT_NETWORK_TYPE=gre
Q_HOST=$SERVICE_HOST
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
KEYSTONE_AUTH_HOST=$SERVICE_HOST
KEYSTONE_SERVICE_HOST=$SERVICE_HOST
MYSQL_PASSWORD=mysql
RABBIT_PASSWORD=rabbit
SERVICE_TOKEN=service
SERVICE_PASSWORD=admin
SERVICE_TENANT_NAME=service
ADMIN_PASSWORD=admin
NEUTRON_REPO=https://github.com/osrg/quantum
NEUTRON_BRANCH=ofagent
Please modify IP addresses (SERVICE_HOST, FLOATING_RANGE, PUBLIC_NETWORK_GATEWAY) if you need.
local.conf:
[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[agent]
l2_population=True
Start devstack on all-in-one node first.
All-in-one Node:
$ cd ~/devstack
$ ./stack.sh
[snip]
Horizon is now available at http://192.168.122.60/
Keystone is serving at http://192.168.122.60:5000/v2.0/
Examples on using novaclient command line is in exercise.sh
The default users are: admin and demo
The password: admin
This is your host ip: 192.168.122.60
WARNING: Q_AGENT_EXTRA_AGENT_OPTS is used
You are using Q_AGENT_EXTRA_AGENT_OPTS to pass configuration into /etc/neutron/neutron.conf.
Please convert that configuration in localrc to a /etc/neutron/neutron.conf section in local.conf:
Q_AGENT_EXTRA_AGENT_OPTS will be removed early in the 'K' development cycle
[[post-config|/$Q_PLUGIN_CONF_FILE]]
[DEFAULT]
tunnel_types=gre
stack.sh completed in 238 seconds.
$
Then start devstack on compute node.
Compute Node:
$ cd ~/devstack
$ ./stack.sh
Confirm the status of services.
$ cd ~/devstack
$ . ./openrc admin demo
$ nova host-list
+-----------+-------------+----------+
| host_name | service | zone |
+-----------+-------------+----------+
| allinone | conductor | internal |
| allinone | compute | nova |
| allinone | cert | internal |
| allinone | scheduler | internal |
| allinone | consoleauth | internal |
| compute1 | compute | nova |
+-----------+-------------+----------+
Launch VM by the following command.
nova boot --flavor <flavor-id> --image <image-id> --nic net-id=<net-id> <VM-name>
Example:
$ . ./openrc demo demo
$ nova flavor-list
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 42 | m1.nano | 64 | 0 | 0 | | 1 | 1.0 | True |
| 451 | m1.heat | 1024 | 0 | 0 | | 2 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
| 84 | m1.micro | 128 | 0 | 0 | | 1 | 1.0 | True |
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
$ nova image-list
+--------------------------------------+---------------------------------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+---------------------------------+--------+--------+
| c5c08d82-ed5d-4afd-9db5-dc96fc662eaf | cirros-0.3.1-x86_64-uec | ACTIVE | |
| 06ec99d9-8978-490c-ae96-a2e384fa3d4f | cirros-0.3.1-x86_64-uec-kernel | ACTIVE | |
| 9f8ac1b2-0f0a-41b0-9d67-a96ab7dce20c | cirros-0.3.1-x86_64-uec-ramdisk | ACTIVE | |
+--------------------------------------+---------------------------------+--------+--------+
$ neutron net-list
+--------------------------------------+---------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+--------------------------------------------------+
| 709d4849-68d8-4bef-96ce-9158110f1db4 | private | 2ae0a1f3-18f9-40fc-a00b-74500699be4a 10.0.0.0/24 |
| bbf108ab-de59-468c-a85b-63a21a927adc | public | 59299e1f-1d3f-47cc-ab56-54965a911f62 |
+--------------------------------------+---------+--------------------------------------------------+
$ nova boot --flavor m1.nano --image c5c08d82-ed5d-4afd-9db5-dc96fc662eaf --nic net-id=709d4849-68d8-4bef-96ce-9158110f1db4 vm1
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | 3rRoJpkdGRDr |
| config_drive | |
| created | 2014-05-07T09:56:47Z |
| flavor | m1.nano (42) |
| hostId | |
| id | c0252703-8fb8-4a30-ab65-d7f48d55716b |
| image | cirros-0.3.1-x86_64-uec (c5c08d82-ed5d-4afd-9db5-dc96fc662eaf) |
| key_name | - |
| metadata | {} |
| name | vm1 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 292a07fb37eb4bdcacc095c0e6d113d5 |
| updated | 2014-05-07T09:56:47Z |
| user_id | 488b33b65ec74ff18d5ac12fe0df58bf |
+--------------------------------------+----------------------------------------------------------------+
$ nova list
+--------------------------------------+------+--------+------------+-------------+------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+------+--------+------------+-------------+------------------+
| c0252703-8fb8-4a30-ab65-d7f48d55716b | vm1 | ACTIVE | - | Running | private=10.0.0.2 |
+--------------------------------------+------+--------+------------+-------------+------------------+
Setting up Security Groups by the following commands.
neutron security-group-rule-create --protocol icmp <group id>
neutron security-group-rule-create --protocol tcp --port-range-min <from-port> --port-range-max <to-port> <group id>
neutron security-group-rule-create --protocol udp --port-range-min <from-port> --port-range-max <to-port> <group id>
Example:
$ cd devstack
$ . ./openrc demo demo
$ neutron security-group-list
+--------------------------------------+---------+-------------+
| id | name | description |
+--------------------------------------+---------+-------------+
| bf7c217b-0cdf-42a3-8918-cc06df25ea67 | default | default |
+--------------------------------------+---------+-------------+
$ neutron security-group-rule-create --protocol icmp bf7c217b-0cdf-42a3-8918-cc06df25ea67
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 42674716-6cb2-49cd-b621-5e76b83ec616 |
| port_range_max | |
| port_range_min | |
| protocol | icmp |
| remote_group_id | |
| remote_ip_prefix | |
| security_group_id | bf7c217b-0cdf-42a3-8918-cc06df25ea67 |
| tenant_id | 292a07fb37eb4bdcacc095c0e6d113d5 |
+-------------------+--------------------------------------+
$ neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 bf7c217b-0cdf-42a3-8918-cc06df25ea67
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| direction | ingress |
| ethertype | IPv4 |
| id | 24fd03be-9bf1-490d-81ee-0f300381a1a9 |
| port_range_max | 22 |
| port_range_min | 22 |
| protocol | tcp |
| remote_group_id | |
| remote_ip_prefix | |
| security_group_id | bf7c217b-0cdf-42a3-8918-cc06df25ea67 |
| tenant_id | 292a07fb37eb4bdcacc095c0e6d113d5 |
+-------------------+--------------------------------------+
Associate Floating IP with VM.
neutron floatingip-create <net-id>
neutron floatingip-associate <float-id> <port-id>
Example:
$ neutron floatingip-create public
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | |
| floating_ip_address | 192.168.100.3 |
| floating_network_id | bbf108ab-de59-468c-a85b-63a21a927adc |
| id | 68e2e24d-90d6-4033-88f0-3691ff8a54e2 |
| port_id | |
| router_id | |
| status | DOWN |
| tenant_id | 292a07fb37eb4bdcacc095c0e6d113d5 |
+---------------------+--------------------------------------+
$ neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 0bf1130e-8fed-40bb-b250-0813946f5662 | | fa:16:3e:68:5e:cd | {"subnet_id": "2ae0a1f3-18f9-40fc-a00b-74500699be4a", "ip_address": "10.0.0.2"} |
| 1bd3ef5d-67c8-4899-a249-8563443c1272 | | fa:16:3e:03:c5:ad | {"subnet_id": "2ae0a1f3-18f9-40fc-a00b-74500699be4a", "ip_address": "10.0.0.3"} |
| f5d0877b-23c9-4f51-bfec-3669c1398bae | | fa:16:3e:59:e4:c6 | {"subnet_id": "2ae0a1f3-18f9-40fc-a00b-74500699be4a", "ip_address": "10.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
$ neutron floatingip-associate 68e2e24d-90d6-4033-88f0-3691ff8a54e2 0bf1130e-8fed-40bb-b250-0813946f5662Starting new HTTP connection (1): 192.168.122.60
Associated floatingip 68e2e24d-90d6-4033-88f0-3691ff8a54e2
$ neutron floatingip-list
+--------------------------------------+------------------+---------------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 68e2e24d-90d6-4033-88f0-3691ff8a54e2 | 10.0.0.2 | 192.168.100.3 | 0bf1130e-8fed-40bb-b250-0813946f5662 |
+--------------------------------------+------------------+---------------------+--------------------------------------+
Run ping and ssh login to VM via Floating IP from client.
$ ping -c 10 192.168.100.3
PING 192.168.100.3 (192.168.100.3) 56(84) bytes of data.
64 bytes from 192.168.100.3: icmp_req=1 ttl=62 time=2.35 ms
64 bytes from 192.168.100.3: icmp_req=2 ttl=62 time=1.20 ms
64 bytes from 192.168.100.3: icmp_req=3 ttl=62 time=0.748 ms
64 bytes from 192.168.100.3: icmp_req=4 ttl=62 time=0.710 ms
64 bytes from 192.168.100.3: icmp_req=5 ttl=62 time=0.649 ms
64 bytes from 192.168.100.3: icmp_req=6 ttl=62 time=0.705 ms
64 bytes from 192.168.100.3: icmp_req=7 ttl=62 time=0.684 ms
64 bytes from 192.168.100.3: icmp_req=8 ttl=62 time=0.393 ms
64 bytes from 192.168.100.3: icmp_req=9 ttl=62 time=0.706 ms
64 bytes from 192.168.100.3: icmp_req=10 ttl=62 time=0.765 ms
--- 192.168.100.3 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9001ms
rtt min/avg/max/mdev = 0.393/0.891/2.355/0.523 ms
$
$ ssh cirros@192.168.100.3
The authenticity of host '192.168.100.3 (192.168.100.3)' can't be established.
RSA key fingerprint is 07:ad:05:91:03:a8:cc:3e:d5:17:9d:1c:61:31:6d:4f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.3' (RSA) to the list of known hosts.
cirros@192.168.100.3's password: cubswin:)
$ ifconfig
eth0 Link encap:Ethernet HWaddr FA:16:3E:68:5E:CD
inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe68:5ecd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:96 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:13321 (13.0 KiB) TX bytes:8474 (8.2 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
$ exit
Connection to 192.168.100.3 closed.