Contents

Overview·· 1

VCF Neutron plug-ins· 1

Nova patch· 1

Preparing for installation· 2

Hardware requirements· 2

Software requirements· 2

Installing OpenStack plug-ins· 3

Installing the Python tools· 3

Installing the VCF Neutron plug-ins· 3

Prerequisites· 3

Installation procedure· 3

Verifying the installation· 7

Parameters and fields· 7

Removing the VCF Neutron plug-ins· 12

Upgrading the VCF Neutron plug-ins· 13

Installing the Nova patch· 13

Prerequisites· 13

Installation procedure· 13

Verifying the installation· 16

Removing the Nova patch· 16

Upgrading the Nova patch· 17

FAQ·· 18

What should I do if the Python tools cannot be installed by using the yum command when a proxy server is used for Internet access?· 18

What HA modes does the Neutron plug-in support?· 18

 

Overview

This document describes how to install the virtual converged framework (VCF) Neutron plug-ins and the Nova patch that are compatible with OpenStack on CentOS.

VCF Neutron plug-ins

Neutron is a type of OpenStack services used to manage all virtual networking infrastructures (VNIs) in an OpenStack environment. It provides virtual network services to the devices managed by OpenStack computing services.

VCF Neutron plug-ins are developed for VCF controller based on the OpenStack framework. VCF Neutron plug-ins can obtain network configuration from OpenStack through REST APIs and synchronize the configuration to the VCF controllers. They can obtain settings for the tenants' networks, subnets, routers, ports, FW, LB, or VPN. Different types of VCF Neutron plug-ins can provide the following features for tenants:

·     VCF Neutron Core plug-in—Allows tenants to use basic network communication for cores, including networks, subnets, routers, and ports.

·     VCF Neutron L3_Routing—Allows tenants to forward traffic to each other at Layer 3.

·     VCF Neutron FWaaS plug-in—Allows tenants to create firewall services.

·     VCF Neutron LBaaS plug-in—Allows tenants to create LB services.

·     VCF Neutron VPNaaS plug-in—Allows tenants to create VPN services.

Nova patch

Nova is an OpenStack computing controller that provides virtual services for users. The virtual services include creating, starting up, shutting down, and migrating virtual machines and setting configuration information for the virtual machines, such as CPU and memory information.

The Nova patch enables virtual machines created by OpenStack to access networks managed by VCF controllers.

Preparing for installation

Hardware requirements

To install VCF Neutron plug-ins or the Nova patch on a server or a virtual machine, make sure the server or virtual machine meets the hardware requirements in Table 1.

Table 1 Hardware requirements

CPU	Memory size	Disk space
Single-core and multicore CPUs	2 GB and above	5 GB and above

 

Software requirements

Table 2 shows the software requirements for installing the VCF Neutron plug-ins and the Nova patch.

Table 2 Software requirements

Item	Supported versions
OpenStack	·     OpenStack Juno 2014.2 operates on CentOS 7.1.1503 ·     OpenStack Kilo 2015.1 operates on CentOS 7.1.1503 ·     OpenStack Liberty operates on CentOS 7.1.1503 ·     OpenStack Mitaka operates on CentOS 7.1.1503 ·     OpenStack Ocata operates on CentOS 7.2.1511

 

IMPORTANT: Before you install the OpenStack plug-ins, make sure the following requirements are met: ·     Your system has Internet access because the system must first access the Internet to set up the installation environment. ·     Make sure the OpenStack environment is deployed correctly, for example, the /etc/hosts file on all nodes has the host name-IP address mappings. For information about the OpenStack environment deployment, see the installation guide for the specific OpenStack version on the official website.

 

Installing OpenStack plug-ins

The VCF Neutron plug-ins and the Nova patch can be installed on different OpenStack versions. The VCF Neutron plug-ins and the Nova patch installation package varies by OpenStack version. The procedures for installing the VCF Neutron plug-ins or the Nova patch on different OpenStack versions are the same. This document uses OpenStack Juno 2014.2 as an example.

Install the VCF Neutron plug-ins on an OpenStack controller node and install the Nova patch on an OpenStack compute node. Before installation, you need to install the Python tools on the associated node.

Installing the Python tools

Before installing the plug-ins, first you need to download the Python tools online and install them.

To download and install the Python tools:

1.     Update the software source list.

[root@localhost ~]# yum clean all

[root@localhost ~]# yum makecache

2.     Download and install the Python tools.

[root@localhost ~]# yum install –y python-pip python-setuptools

Installing the VCF Neutron plug-ins

Prerequisites

The VCF Neutron plug-ins are included in the VCF OpenStack package. Perform the following steps to download the VCF OpenStack package from the H3C website:

1.     In the Web browser address bar, enter http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the VCF OpenStack package of the required version.

2.     Copy the VCF OpenStack package to the installation directory on the server or virtual machine, or upload it to the installation directory through FTP, TFTP, or SCP.

 

	NOTE: If you decide to upload the VCF OpenStack package through FTP or TFTP, use the binary mode to avoid damage to the package.

 

Installation procedure

Some parameters must be configured with the required values as described in "Parameters and fields."

To install the VCF Neutron plug-ins:

1.     Change the working directory to where the VCF OpenStack package (an .egg file) is saved, and install the package on the OpenStack controller node. The name of the VCF OpenStack package is VCF_CONTROLLER_PLUGIN-version1_version2-py2.7. version1 represents the version of the package. version2 represents the version of OpenStack.

In the following example, the VCF OpenStack package is saved to the path /root.

[root@localhost ~]# easy_install VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7.egg

2.     Install the VCF Neutron plug-ins.

[root@localhost ~]# h3c-vcfplugin controller install

3.     Use the vi editor to open the neutron.conf configuration file.

[root@localhost ~]# vi /etc/neutron/neutron.conf

4.     Press I to switch to the insert mode, and set the parameters in the neutron.conf configuration file. For information about the parameters, see "neutron.conf."

?     For plug-ins on OpenStack Juno 2014.2, modify the neutron.conf configuration file as follows:

[DEFAULT]

core_plugin = ml2

service_plugins = h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpnaas

[service_providers]

service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default

service_provider=LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPluginDriver:default

service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default

?     For plug-ins on other OpenStack versions, modify the neutron.conf configuration file based on the service configured on OpenStack:

Load balancing V1 service (plug-ins on OpenStack Ocata do not support this configuration):

[DEFAULT]

core_plugin = ml2

service_plugins = h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpnaas

[service_providers]

service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default

service_provider=LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPluginDriver:default

service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default

Load balancing V2 service:

[DEFAULT]

core_plugin = ml2

service_plugins = h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2,vpnaas

[service_providers]

service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default

service_provider=LOADBALANCERV2:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver_v2.H3CLbaasv2PluginDriver:default

service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default

5.     Press Esc to quit the insert mode.

6.     Enter :wq to exit the vi editor and save the neutron.conf file.

:wq

7.     Modify the ml2_conf.ini configuration file:

a.     Use the vi editor to open the ml2_conf.ini configuration file.

[root@localhost ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

b.     Press I to switch to the insert mode, and set the parameters (see "ml2_conf.ini" in the ml2_conf.ini configuration file.

[ml2]

type_drivers = vxlan,vlan

tenant_network_types = vxlan,vlan

mechanism_drivers = ml2_h3c

extension_drivers = ml2_extension_h3c

[ml2_type_vlan]

network_vlan_ranges = physicnet1:1000:2999

[ml2_type_vxlan]

vni_ranges = 1:500

c.     Press Esc to quit the insert mode.

d.     Enter :wq to exit the vi editor, and save the ml2_conf.ini file.

:wq

8.     Modify the local_settings configuration file:

a.     Use the vi editor to open the local_settings.py configuration file.

[root@localhost ~]# vi /etc/openstack-dashboard/local_settings

b.     Press I to switch to the insert mode. Set the values for the LB, FW, and VPN fields in the OPENSTACK_NEUTRON_NETWORK parameter to enable the associated configuration pages in OpenStack Web. For information about the fields, see "OPENSTACK_NEUTRON_NETWORK."

OPENSTACK_NEUTRON_NETWORK = {

    'enable_lb': True,

    'enable_firewall': True,

    'enable_quotas': True,

    'enable_vpn': True,

    # The profile_support option is used to detect if an external router can be

    # configured via the dashboard. When using specific plugins the

    # profile_support can be turned on if needed.

    'profile_support': None,

    #'profile_support': 'cisco',

}

c.     Press Esc to quit the insert mode.

d.     Enter :wq to exit the vi editor and save the local_settings.py file.

:wq

9.     Modify the ml2_conf_h3c.ini configuration file:

a.     Use the vi editor to open the ml2_conf_h3c.ini configuration file.

[root@localhost ~]# vi /etc/neutron/plugins/ml2/ml2_conf_h3c.ini

b.     Press I to switch to the insert mode, and set the following parameters in the ml2_conf_h3c.ini configuration file. For information about the parameters, see "ml2_conf_h3c.ini."

[VCFCONTROLLER]

url = https://127.0.0.1:8443

username = sdn

password = skyline123

domain = sdn

timeout = 1800

retry = 10

vnic_type=ovs

hybrid_vnic = True

default_tenant_mode = False

ip_mac_binding = True

denyflow_age =300

white_list = False

binddefaultrouter = False

auto_create_tenant_to_vcfc = True

router_binding_public_vrf = False

enable_subnet_dhcp = True

dhcp_lease_time = 365

firewall_type = GATEWAY

lb_type = GATEWAY

resource_mode = NFV

vsr_share_count = 1

auto_delete_tenant_to_vcfc = True

auto_create_resource = True

nfv_ha = True

vds_name = VDS1

enable_metadata = False

use_neutron_credential = False

enable_security_group = True

disable_internal_l3flow_offload = True

firewall_force_audit = True

enable_l3_router_rpc_notify = False

output_json_log = False

lb_enable_snat = False

empty_rule_action = deny

vendor_rpc_topic = VENDOR_PLUGIN

qos_rx_limit_min = 0

c.     Press Esc to quit the insert mode.

d.     Enter :wq to exit the vi editor and save the ml2_conf_h3c.ini file.

:wq

10.     If you have set the white_list parameter to True, perform the following tasks:

?     Delete the username, password, and domain parameters in the ml2_conf_h3c.ini configuration file.

?     Add an authentication-free user to the VCF controller:

On the top navigation bar of the VCF controller Web interface, select Controller > System > Authentication.

Click Add.

Enter the IP address of Neutron server, and specify the role as Admin.

Click OK.

11.     If you have set the binddefaultrouter parameter to True, perform the following steps:

a.     On the top navigation bar of the VCF controller Web interface, select vNetwork > vRouter.

b.     Click Add vRouter.

Configure the vRouter name as defaultRouter and the tenant as default, and select Public network VRF.

Click OK.

12.     If you have set the use_neutron_credential parameter to True, perform the following steps:

a.     On the top navigation bar of the VCF controller Web interface, select Controller > System > Users.

b.     Click Add user.

Configure the username as neutron and the role as Admin, and set the password provided by the OpenStack administrator.

Click OK.

13.     Restart the neutron-server service.

[root@localhost ~]# service neutron-server restart

neutron-server stop/waiting

neutron-server start/running, process 4583

14.     Restart the h3c-agent service.

[root@localhost ~]# service h3c-agent restart

h3c-agent stop/waiting

h3c-agent start/running, process 4678

Verifying the installation

# Verify that the VCF OpenStack package is correctly installed. If the correct software and OpenStack versions are displayed, the package is successfully installed.

[root@localhost ~]# pip freeze | grep VCF

VCF-CONTROLLER-PLUGIN===E2176-juno-2014.2

# Verify that the neutron-server service is enabled. The service is enabled if its state is running.

[root@localhost ~]# service neutron-server status

neutron-server start/running, process 1849

# Verify that the h3c-agent service is enabled. The service is enabled if its state is running.

[root@localhost ~]# service h3c-agent status

h3c-agent start/running, process 4678

Parameters and fields

This section describes parameters in configuration files and fields included in parameters.

neutron.conf

Parameter	Required value	Description
core_plugin	ml2	Used for loading the core plug-in ml2 to OpenStack.
service_plugins	h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpnaas	Used for loading the extension plug-ins to OpenStack.
service_provider	·     FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default ·     LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPluginDriver:default ·     VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default	Directory where the extension plug-ins are saved.

 

ml2_conf.ini

Parameter	Required value	Description
type_drivers	vxlan,vlan	Driver type. vxlan must be specified as the first driver type.
tenant_network_types	vxlan,vlan	Type of the networks to which the tenants belong. vxlan must be specified as the first driver type. For intranet, only vxlan is available. For extranet, only vlan is available.
mechanism_drivers	ml2_h3c	Name of the ml2 driver.
extension_drivers	ml2_extension_h3c	Name of the ml2 extension driver.
network_vlan_ranges	N/A	Value range for the VLAN ID of the extranet, for example, physicnet1:1000:2999.
vni_ranges	N/A	Value range for the VXLAN ID of the intranet, for example, 1:500.

 

OPENSTACK_NEUTRON_NETWORK

Field	Description
enable_lb	Whether to enable or disable the LB configuration page. ·     True—Enable. ·     False—Disable.
enable_firewall	Whether to enable or disable the FW configuration page. ·     True—Enable. ·     False—Disable.
enable_vpn	Whether to enable or disable the VPN configuration page. ·     True—Enable. ·     False—Disable.

 

ml2_conf_h3c.ini

Parameter	Description
url	HTTPS URL address of the VCF controller, for example, https://127.0.0.1:8443.
username	Username for logging in to the VCF controller, for example, sdn. You do not need to configure a username when the use_neutron_credential parameter is set to True.
password	Password for logging in to the VCF controller, for example, skyline123. You do not need to configure a password when the use_neutron_credential parameter is set to True.
domain	Name of the domain where the VCF controller resides, for example, sdn.
timeout	Time period that the Neutron server waits for a response from the VCF controller in seconds, for example, 1800 seconds. ·     Set a time period not less than 300 seconds for plug-ins on OpenStack Juno 2014.2 as a best practice. ·     Set a time period not less than 1800 seconds for plug-ins on other OpenStack versions as a best practice.
retry	Maximum times for sending connection requests from the Neutron server to the VCF controller, for example, 10.
vnic_type	Type of the virtual NIC that the virtual machine supports. The value can be ovs or phy. ·     Plug-ins on OpenStack Juno 2014.2 support only the ovs type virtual NIC. ·     Plug-ins on OpenStack Kilo 2015.1 support both virtual NIC types. ·     Plug-ins on OpenStack Liberty, Mitaka, and Ocata do not support this parameter.
hybrid_vnic	Whether to enable or disable the feature of mapping OpenStack VLAN to VCF controller VXLAN. ·     True—Enable. ·     False—Disable.
default_tenant_mode	Whether to enable or disable the default tenant mode. ·     True—Enable. ·     False—Disable. All tenants use the virtualized network function (VNF) resources for the default tenant after the default tenant mode is enabled. Plug-ins on OpenStack Liberty, Mitaka, and Ocata do not support this parameter.
ip_mac_binding	Whether to enable or disable IP-MAC binding. ·     True—Enable. ·     False—Disable. The default value of this parameter is False for plug-ins on OpenStack Juno 2014.2 and True for plug-ins on other OpenStack versions.
denyflow_age	Anti-spoofing flow table aging time for the virtual distributed switch (VDS) an integer in the range of 1 to 3600 seconds, for example, 300 seconds.
white_list	Whether to enable or disable the authentication-free user feature on OpenStack. ·     True—Enable. ·     False—Disable.
binddefaultrouter	Whether to enable or disable the feature of binding networks to the VCF controller default router. Plug-ins on OpenStack Ocata do not support this parameter. ·     True—Enable. ·     False—Disable.
auto_create_tenant_to_vcfc	Whether to enable or disable the feature of automatically creating tenants on the VCF controller. ·     True—Enable. ·     False—Disable.
router_binding_public_vrf	Whether to use the public network VRF for creating a vRouter. ·     True—Use. ·     False—Do not use.
enable_subnet_dhcp	Whether to enable or disable DHCP for creating a vSubnet. ·     True—Enable. ·     False—Disable.
dhcp_lease_time	Valid time for vSubnet IP addresses obtained from the DHCP address pool in days, for example, 365 days.
firewall_type	Mode of the firewall created on the VCF controller. ·     SERVICE_CHAIN—Service chain type firewall, which is available only when the value of the resource_mode parameter is set to NFV. Only plug-ins on OpenStack Juno 2014.2 support this type. ·     GATEWAY—Gateway type firewall, which is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. Plug-ins on OpenStack Juno 2014.2 do not support this type. ·     CGSR—Gateway service type firewall, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. Each CGSR type firewall uses an independent context. Plug-ins on all OpenStack versions support this type. ·     CGSR_SHARE—Gateway service type firewall, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. All CGSR_SHARE type firewalls use the same context even if they belong to different tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type.
lb_type	Mode of the load balancer created on the VCF controller. ·     SERVICE_CHAIN—Service chain type load balancer. For plug-ins on OpenStack Juno, this type is available only when the value of the resource_mode parameter is set to NFV. For plug-ins on other OpenStack versions, this type is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. SERVICE_CHAIN load balancers that belong to one tenant use the same VNF. SERVICE_CHAIN load balancers that belong to different tenants use different VNFs. ·     SERVICE_CHAIN_SHARE—Service chain type load balancer, which is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. All SERVICE_CHAIN_SHARE type load balancers share the same VNF even if they belong to different tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type. ·     GATEWAY—Gateway type load balancer, which is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. Plug-ins on all OpenStack versions support this type. ·     CGSR—Gateway service type load balancer, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. CGSR type load balancers that belong to one tenant use the same context. CGSR type load balancers that belong to different tenants use different contexts. Plug-ins on all OpenStack versions support this type. ·     CGSR_SHARE—Gateway service type load balancer, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. All CGSR_SHARE type load balancers use the same context even if they belong to different tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type.
resource_mode	Type of the resource created on the VCF controller. ·     SELF_GATEWAY—Independent gateway resource. ·     NFV—VNF resource. ·     NFV_SHARE—VNF resource, which can be shared by all tenants. ·     CORE_GATEWAY—Gateway service resource. ·     NFV_SHARE_PARTLY—VNF resource, which can be shared by the specified number of tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type.
vsr_share_count	Number of tenants that share the same VNF resource, in the range of 1 to 65535. The default number is 1. This parameter is valid only when the value of resource_mode is NFV_SHARE_PARTLY. Plug-ins on OpenStack Juno 2014.2 do not support this type.
auto_delete_tenant_to_vcfc	Whether to enable or disable the feature of automatically removing tenants from the VCF controller. ·     True—Enable. ·     False—Disable. The default value of this parameter is False for plug-ins on OpenStack Juno 2014.2 and True for plug-ins on other OpenStack versions.
auto_create_resource	Whether to enable or disable the feature of automatically creating resources. ·     True—Enable. ·     False—Disable.
nfv_ha	Whether configure the NFV and NVF_SHARE resources to support stack. ·     True—Support. ·     False—Do not support.
vds_name	Name of the VDS, for example, VDS1.
enable_metadata	Whether to enable or disable metadata for OpenStack. ·     True—Enable. ·     False—Disable. If you enable this feature, you must set the enable_l3_router_rpc_notify parameter to True to enable sending Layer 3 routing events to the metadata module through remote procedure call (RPC).
use_neutron_credential	Whether to use the OpenStack Neutron username and password to communicate with the VCF controller. ·     True—Use. ·     False—Do not use.
enable_security_group	Whether to enable or disable the feature of deploying security group rules to the VCF controller. ·     True—Enable. ·     False—Disable.
disable_internal_l3flow_offload	Whether to enable or disable the gateway to forward traffic inside the Overlay network. ·     True—Disable. ·     False—Enable.
firewall_force_audit	Whether to audit firewall policies synchronized to the VCF controller by OpenStack. ·     True—Audits firewall policies synchronized to the VCF controller by OpenStack. The auditing state of the synchronized policies on the controller is True (audited). ·     False—Does not audit firewall policies synchronized to the VCF controller by OpenStack. The synchronized policies on the controller retain their previous auditing state. The default value of this parameter is True for plug-ins on OpenStack Juno 2014.2 and Kilo 2015.1 and False for plug-ins on other OpenStack versions.
enable_l3_router_rpc_notify	Whether to enable or disable the feature of sending Layer 3 routing events through RPC. ·     True—Enable. ·     False—Disable.
output_json_log	Whether to output REST API messages to the OpenStack operating logs in JSON format for communication between the VCF Neutron plugins and VCF controller. ·     True—Enable. ·     False—Disable.
lb_enable_snat	Whether to enable or disable Source Network Address Translation (SNAT) for load balancers on the VCF controller. ·     True—Enable. ·     False—Disable. Plug-ins on OpenStack Juno 2014.2 do not support this parameter.
empty_rule_action	Set the action for security policies that do not contain any ACL rules on the VCF controller. In current software version, only the deny action is supported.
vendor_rpc_topic	RPC topic of the vendor. This parameter is required when the vendor needs to obtain Neutron data from the VCF Neutron plug-ins. The available values are as follows: ·     VENDOR_PLUGIN—Default value, which means that the parameter does not take effect. ·     DP_PLUGIN—RPC topic of DPtech. The value of this parameter must be negotiated by the vendor and H3C. Plug-ins on OpenStack Juno 2014.2 do not support this parameter.
qos_rx_limit_min	Minimum guaranteed bandwidth for inbound flows, in kbps. The controller uses the value of this parameter or the value of the same parameter configured for QoS on OpenStack, whichever is larger. Only plug-ins on OpenStack Kilo 2015.1 support this field.

 

Removing the VCF Neutron plug-ins

You must remove the VCF Neutron plug-ins before removing the VCF OpenStack package.

To remove the VCF Neutron plug-ins:

1.     Remove the VCF Neutron plug-ins by using either of the following methods:

?     Enter y to remove the database for the VCF Neutron plug-ins at the same time. As a best practice, remove the configurations for the SERVICE_CHAIN type firewalls, or GATEWAY or SERVICE_CHAIN type load balancers on OpenStack before you remove the plug-ins.

?     Enter n to retain the database. When you install new VCF Neutron plug-ins, the plug-ins automatically read the configuration file from the database.

[root@localhost ~]# h3c-vcfplugin controller uninstall

Uninstall the neutron plugin

whether to drop database tables:(y/n):

2.     Remove the VCF OpenStack package.

[root@localhost ~]# pip uninstall VCF-CONTROLLER-PLUGIN

Uninstalling VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2:

  /usr/bin/h3c-agent

  /usr/bin/h3c-vcfplugin

  /usr/lib/python2.7/site-packages/VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7

.egg

Proceed (y/n)? y

  Successfully uninstalled VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2

Upgrading the VCF Neutron plug-ins

CAUTION: ·     Upgrade the VCF Neutron plug-ins with caution. Services might be interrupted during the upgrade procedure. ·     The default parameter settings for VCF Neutron plug-ins might vary by OpenStack version (Juno 2014.2, Kilo 2015.1, Liberty, Mitaka, and Ocata). Modify the default parameter settings for VCF Neutron plug-ins when upgrading the OpenStack version to ensure that the plug-ins have the same configurations before and after the upgrade. ·     You can upgrade VCF Neutron plug-ins on OpenStack Juno 2014.2 only to a later plug-in version of OpenStack Juno 2014.2. Upgrading to other OpenStack versions is not supported.

 

To upgrade the VCF Neutron plug-ins, you need to remove the current version first, and install the new version. For information about installing the VCF Neutron plug-ins, see "Installing the VCF Neutron plug-ins." For information about removing the VCF Neutron plug-ins, see "Removing the VCF Neutron plug-ins."

Installing the Nova patch

Prerequisites

The Nova patch is included in the VCF OpenStack package. Perform the following steps to download the VCF OpenStack package from the H3C website:

1.     In the Web browser address bar, enter http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the VCF OpenStack package of the required version.

2.     Copy the VCF OpenStack package to the installation directory on the server or virtual machine, or upload it to the installation directory through FTP, TFTP, or SCP.

 

	NOTE: If you decide to upload the VCF OpenStack package through FTP or TFTP, use the binary mode to avoid damage to the package.

 

Installation procedure

Based on your network environment, choose one between step 3 and step 4.

To install the Nova patch:

1.     Change the working directory to where the VCF OpenStack package (an .egg file) is saved, and install the package on the OpenStack compute node. The name of the VCF OpenStack package is VCF_CONTROLLER_PLUGIN-version1_version2-py2.7. version1 represents the version of the package. version2 represents the version of OpenStack.

In this example, the VCF OpenStack package is saved to the /root path.

[root@localhost ~]# easy_install VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7.egg

2.     Install the Nova patch.

[root@localhost ~]# h3c-vcfplugin compute install

3.     In a host overlay scenario, modify the nova.conf configuration file as follows:

If the hypervisor type of the compute node is KVM, perform the following steps:

a.     Use the vi editor to open the nova.conf configuration file.

[root@localhost ~]# vi /etc/nova/nova.conf

b.     Press I to switch to the insert mode, and set the parameters in the nova.conf configuration file.

For OpenStack Juno2014.2:

[s1020v]

s1020v = True

[neutron]

ovs_bridge = vds1-br

For other OpenStack versions:

[s1020v]

s1020v = True

member_status = True

[neutron]

ovs_bridge = vds1-br

c.     Press Esc to quit the insert mode.

d.     Enter :wq to exit the vi editor, and save the nova.conf file.

:wq

If the hypervisor type of the compute node is VMware vCenter (plug-ins on OpenStack Juno 2014.2 do not support this hypervisor type), perform the following steps:

a.     Stop the neutron-openvswitch-agent service and disable the system to start the service at startup.

[root@localhost ~]# service neutron-openvswitch-agent stop

[root@localhost ~]# systemctl disable neutron-openvswitch-agent.service

b.     Use the vi editor to open the nova.conf configuration file.

[root@localhost ~]# vi /etc/nova/nova.conf

c.     Press I to switch to the insert mode, and set the parameters in the nova.conf configuration file.

[DEFAULT]

compute_driver = vmwareapi.VMwareVCDriver

[vmware]

host_ip = 127.0.0.1

host_username = sdn

host_password = skyline123

cluster_name = vcenter

insecure = true

[s1020v]

s1020v = True

vds = VDS2

d.     Press Esc to quit the insert mode.

e.     Enter :wq to exit the vi editor, and save the nova.conf file.

:wq

For descriptions of the parameters, see Table 3.

4.     In a network overlay scenario, modify the nova.conf configuration file as follows:

If the hypervisor type of the compute node is KVM, you do not need to install the Nova patch.

If the hypervisor type of the compute node is VMware vCenter (plug-ins on OpenStack Juno 2014.2 do not support this hypervisor type), perform the following steps:

a.     Stop the neutron-openvswitch-agent service and disable the system to start the service at startup.

[root@localhost ~]# service neutron-openvswitch-agent stop

[root@localhost ~]# systemctl disable neutron-openvswitch-agent.service

b.     Select vNetwork > Host from the top navigation tree of the VCF controller webpage to identify whether the compute node is online. If the compute node is online, delete the compute node.

c.     Execute the neutron agent-list command on the controller node to identify whether the database contains the agent of the compute node. If the database contains the agent of the compute node, use the neutron agent-delete id to delete it. The id argument represents the agent ID of the compute node, for example, 25c3d3ac-5158-4123-b505-ed619b741a52.

[root@localhost ~]# neutron agent-list

| id                                   | agent_type         | host        |

| 25c3d3ac-5158-4123-b505-ed619b741a52 | Open vSwitch agent | compute3

 

[root@localhost ~]# neutron agent-delete 25c3d3ac-5158-4123-b505-ed619b741a52

Deleted agent: 25c3d3ac-5158-4123-b505-ed619b741a52

d.     Use the vi editor to open the nova.conf configuration file.

[root@localhost ~]# vi /etc/nova/nova.conf

e.     Press I to switch to the insert mode, and set the parameters in the nova.conf configuration file.

[DEFAULT]

compute_driver = vmwareapi.VMwareVCDriver

[vmware]

host_ip = 127.0.0.1

host_username = sdn

host_password = skyline123

cluster_name = vcenter

insecure = True

[s1020v]

s1020v = False

vds = VDS2

uplink_teaming_policy = loadbalance_srcid

f.     Press Esc to quit the insert mode.

g.     Enter :wq to exit the vi editor, and save the nova.conf file.

:wq

Table 3 Parameters in the configuration file

Parameter	Description
s1020v	Whether to use the H3C S1020V vSwitch to forward the traffic between vSwitches and the traffic between the vSwitches and extranet: ·     True—Use the H3C S1020V vSwitch. ·     False—Do not use the H3C S1020V vSwitch.
member_status	Whether to enable or disable the feature of modifying the status of members on OpenStack load balancers. ·     True—Enable. ·     False—Disable.
vds	VDS to which the host in the vCenter belongs. In this example, the host belongs to VDS2. In the host overlay networking, you can only specify the VDS that the VCF controller synchronizes to the vCenter. In the network overlay networking, you can specify an existing VDS on demand.
ovs_bridge	Name of the bridge for the H3C S1020V vSwitch. Make sure the bridges created on all H3C S1020V vSwitches use the same name.
compute_driver	Name of the driver used by the compute node for virtualization.
host_ip	IP address used to log in to the vCenter, for example, 127.0.0.1.
host_username	Username for logging in to the vCenter, for example, sdn.
host_password	Password for logging in to the vCenter, for example, skyline123.
cluster_name	Name of the team in the vCenter environment, for example, vcenter.
insecure	Whether to enable or disable security check. In the current software version, the value can only be True, which means security check is disabled.
uplink_teaming_policy	Uplink routing policy. ·     loadbalance_srcid—Source vPort-based routing. ·     loadbalance_ip—IP hash-based routing. ·     loadbalance_srcmac—Source MAC hash-based routing. ·     loadbalance_loadbased—Physical NIC load-based routing. ·     failover_explicit—Explicit failover order-based routing.

 

5.     Restart the openstack-nova-compute service.

[root@localhost ~]# service openstack-nova-compute restart

Verifying the installation

# Verify that the VCF OpenStack package is correctly installed. If the correct software and OpenStack versions are displayed, the package is successfully installed.

[root@localhost ~]# pip freeze | grep VCF

VCF-CONTROLLER-PLUGIN===E2176-juno-2014.2

# Verify that the openstack-nova-compute service is enabled. The service is enabled if its state is running.

[root@localhost ~]# service openstack-nova-compute status

nova-compute start/running, process 184

Removing the Nova patch

You must remove the Nova patch before removing the VCF OpenStack package.

To remove the Nova patch:

1.     Remove the Nova patch.

[root@localhost ~]# h3c-vcfplugin compute uninstall

2.     Remove the VCF OpenStack package.

[root@localhost ~]# pip uninstall VCF-CONTROLLER-PLUGIN

Uninstalling VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2:

  /usr/bin/h3c-agent

  /usr/bin/h3c-vcfplugin

  /usr/lib/python2.7/site-packages/VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7

.egg

Proceed (y/n)? y

  Successfully uninstalled VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2

Upgrading the Nova patch

	CAUTION: Upgrade the Nova patch with caution. Services might be interrupted during the upgrade procedure.

 

To upgrade the Nova patch, you need to remove the current version first, and install the new version. For information about installing the Nova patch, see "Installing the Nova patch." For information about removing the Nova patch, see "Removing the Nova patch."

FAQ

What should I do if the Python tools cannot be installed by using the yum command when a proxy server is used for Internet access?

Configure HTTP proxy by performing the following steps:

1.     Make sure the server or the virtual machine can access the HTTP proxy server.

2.     At the CLI of the CentOS system, use the vi editor to open the yum.conf configuration file. If the yum.conf configuration file does not exist, this step creates the file.

[root@localhost ~]# vi /etc/yum.conf

3.     Press I to switch to the insert mode, and provide HTTP proxy information.

?     If the server does not require authentication, enter HTTP proxy information in the following format:
proxy = http://yourproxyaddress:proxyport

?     If the server requires authentication, enter HTTP proxy information in the following format:
proxy = http://yourproxyaddress:proxyport
proxy_username=username
proxy_password=password

Table 4 describes the arguments in HTTP proxy information.

Table 4 Arguments in HTTP proxy information

Field	Description
username	Username for logging in to the proxy server, for example, sdn.
password	Password for logging in to the proxy server, for example, 123456.
yourproxyaddress	IP address of the proxy server, for example, 172.25.1.1.
proxyport	Port number of the proxy server, for example, 8080.

 

proxy = http://172.25.1.1:8080

proxy_username = sdn

proxy_password = 123456

4.     Press Esc to quit the insert mode.

5.     Enter :wq to exit the vi editor and save the yum.conf file.

:wq

What HA modes does the Neutron plug-in support?

The VCFC Neutron plug-in runs the neutron-server and h3c-agent processes, on which HA can be configured only through a third-party cluster stack such as Pacemaker.

neutron-server is a stateless service process provided by OpenStack. It supports active/passive and active/active HA modes. h3c-agent is a service process based on neutron-l3-agent. It supports only the active/passive HA mode.