- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 110.40 KB |
Installing the VCF Neutron plug-ins
Removing the VCF Neutron plug-ins
Upgrading the VCF Neutron plug-ins
What HA modes does the Neutron plug-in support?
Overview
This document describes how to install the virtual converged framework (VCF) Neutron plug-ins and the Nova patch that are compatible with OpenStack on CentOS.
VCF Neutron plug-ins
Neutron is a type of OpenStack services used to manage all virtual networking infrastructures (VNIs) in an OpenStack environment. It provides virtual network services to the devices managed by OpenStack computing services.
VCF Neutron plug-ins are developed for VCF controller based on the OpenStack framework. VCF Neutron plug-ins can obtain network configuration from OpenStack through REST APIs and synchronize the configuration to the VCF controllers. They can obtain settings for the tenants' networks, subnets, routers, ports, FW, LB, or VPN. Different types of VCF Neutron plug-ins can provide the following features for tenants:
· VCF Neutron Core plug-in—Allows tenants to use basic network communication for cores, including networks, subnets, routers, and ports.
· VCF Neutron L3_Routing—Allows tenants to forward traffic to each other at Layer 3.
· VCF Neutron FWaaS plug-in—Allows tenants to create firewall services.
· VCF Neutron LBaaS plug-in—Allows tenants to create LB services.
· VCF Neutron VPNaaS plug-in—Allows tenants to create VPN services.
Nova patch
Nova is an OpenStack computing controller that provides virtual services for users. The virtual services include creating, starting up, shutting down, and migrating virtual machines and setting configuration information for the virtual machines, such as CPU and memory information.
The Nova patch enables virtual machines created by OpenStack to access networks managed by VCF controllers.
Preparing for installation
Hardware requirements
To install VCF Neutron plug-ins or the Nova patch on a server or a virtual machine, make sure the server or virtual machine meets the hardware requirements in Table 1.
CPU |
Memory size |
Disk space |
Single-core and multicore CPUs |
2 GB and above |
5 GB and above |
Software requirements
Table 2 shows the software requirements for installing the VCF Neutron plug-ins and the Nova patch.
Item |
Supported versions |
OpenStack |
· OpenStack Juno 2014.2 operates on CentOS 7.1.1503 · OpenStack Kilo 2015.1 operates on CentOS 7.1.1503 · OpenStack Liberty operates on CentOS 7.1.1503 · OpenStack Mitaka operates on CentOS 7.1.1503 · OpenStack Ocata operates on CentOS 7.2.1511 |
|
IMPORTANT: Before you install the OpenStack plug-ins, make sure the following requirements are met: · Your system has Internet access because the system must first access the Internet to set up the installation environment. · Make sure the OpenStack environment is deployed correctly, for example, the /etc/hosts file on all nodes has the host name-IP address mappings. For information about the OpenStack environment deployment, see the installation guide for the specific OpenStack version on the official website. |
Installing OpenStack plug-ins
The VCF Neutron plug-ins and the Nova patch can be installed on different OpenStack versions. The VCF Neutron plug-ins and the Nova patch installation package varies by OpenStack version. The procedures for installing the VCF Neutron plug-ins or the Nova patch on different OpenStack versions are the same. This document uses OpenStack Juno 2014.2 as an example.
Install the VCF Neutron plug-ins on an OpenStack controller node and install the Nova patch on an OpenStack compute node. Before installation, you need to install the Python tools on the associated node.
Installing the Python tools
Before installing the plug-ins, first you need to download the Python tools online and install them.
To download and install the Python tools:
1. Update the software source list.
[root@localhost ~]# yum clean all
[root@localhost ~]# yum makecache
2. Download and install the Python tools.
[root@localhost ~]# yum install –y python-pip python-setuptools
Installing the VCF Neutron plug-ins
Prerequisites
The VCF Neutron plug-ins are included in the VCF OpenStack package. Perform the following steps to download the VCF OpenStack package from the H3C website:
1. In the Web browser address bar, enter http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the VCF OpenStack package of the required version.
2. Copy the VCF OpenStack package to the installation directory on the server or virtual machine, or upload it to the installation directory through FTP, TFTP, or SCP.
|
NOTE: If you decide to upload the VCF OpenStack package through FTP or TFTP, use the binary mode to avoid damage to the package. |
Installation procedure
Some parameters must be configured with the required values as described in "Parameters and fields."
To install the VCF Neutron plug-ins:
1. Change the working directory to where the VCF OpenStack package (an .egg file) is saved, and install the package on the OpenStack controller node. The name of the VCF OpenStack package is VCF_CONTROLLER_PLUGIN-version1_version2-py2.7. version1 represents the version of the package. version2 represents the version of OpenStack.
In the following example, the VCF OpenStack package is saved to the path /root.
[root@localhost ~]# easy_install VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7.egg
2. Install the VCF Neutron plug-ins.
[root@localhost ~]# h3c-vcfplugin controller install
3. Use the vi editor to open the neutron.conf configuration file.
[root@localhost ~]# vi /etc/neutron/neutron.conf
4. Press I to switch to the insert mode, and set the parameters in the neutron.conf configuration file. For information about the parameters, see "neutron.conf."
? For plug-ins on OpenStack Juno 2014.2, modify the neutron.conf configuration file as follows:
[DEFAULT]
core_plugin = ml2
service_plugins = h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpnaas
[service_providers]
service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default
service_provider=LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPluginDriver:default
service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default
? For plug-ins on other OpenStack versions, modify the neutron.conf configuration file based on the service configured on OpenStack:
Load balancing V1 service (plug-ins on OpenStack Ocata do not support this configuration):
[DEFAULT]
core_plugin = ml2
service_plugins = h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpnaas
[service_providers]
service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default
service_provider=LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPluginDriver:default
service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default
Load balancing V2 service:
[DEFAULT]
core_plugin = ml2
service_plugins = h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2,vpnaas
[service_providers]
service_provider=FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default
service_provider=LOADBALANCERV2:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver_v2.H3CLbaasv2PluginDriver:default
service_provider=VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default
5. Press Esc to quit the insert mode.
6. Enter :wq to exit the vi editor and save the neutron.conf file.
:wq
7. Modify the ml2_conf.ini configuration file:
a. Use the vi editor to open the ml2_conf.ini configuration file.
[root@localhost ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
b. Press I to switch to the insert mode, and set the parameters (see "ml2_conf.ini" in the ml2_conf.ini configuration file.
[ml2]
type_drivers = vxlan,vlan
tenant_network_types = vxlan,vlan
mechanism_drivers = ml2_h3c
extension_drivers = ml2_extension_h3c
[ml2_type_vlan]
network_vlan_ranges = physicnet1:1000:2999
[ml2_type_vxlan]
vni_ranges = 1:500
c. Press Esc to quit the insert mode.
d. Enter :wq to exit the vi editor, and save the ml2_conf.ini file.
:wq
8. Modify the local_settings configuration file:
a. Use the vi editor to open the local_settings.py configuration file.
[root@localhost ~]# vi /etc/openstack-dashboard/local_settings
b. Press I to switch to the insert mode. Set the values for the LB, FW, and VPN fields in the OPENSTACK_NEUTRON_NETWORK parameter to enable the associated configuration pages in OpenStack Web. For information about the fields, see "OPENSTACK_NEUTRON_NETWORK."
OPENSTACK_NEUTRON_NETWORK = {
'enable_lb': True,
'enable_firewall': True,
'enable_quotas': True,
'enable_vpn': True,
# The profile_support option is used to detect if an external router can be
# configured via the dashboard. When using specific plugins the
# profile_support can be turned on if needed.
'profile_support': None,
#'profile_support': 'cisco',
}
c. Press Esc to quit the insert mode.
d. Enter :wq to exit the vi editor and save the local_settings.py file.
:wq
9. Modify the ml2_conf_h3c.ini configuration file:
a. Use the vi editor to open the ml2_conf_h3c.ini configuration file.
[root@localhost ~]# vi /etc/neutron/plugins/ml2/ml2_conf_h3c.ini
b. Press I to switch to the insert mode, and set the following parameters in the ml2_conf_h3c.ini configuration file. For information about the parameters, see "ml2_conf_h3c.ini."
[VCFCONTROLLER]
url = https://127.0.0.1:8443
username = sdn
password = skyline123
domain = sdn
timeout = 1800
retry = 10
vnic_type=ovs
hybrid_vnic = True
default_tenant_mode = False
ip_mac_binding = True
denyflow_age =300
white_list = False
binddefaultrouter = False
auto_create_tenant_to_vcfc = True
router_binding_public_vrf = False
enable_subnet_dhcp = True
dhcp_lease_time = 365
firewall_type = GATEWAY
lb_type = GATEWAY
resource_mode = NFV
vsr_share_count = 1
auto_delete_tenant_to_vcfc = True
auto_create_resource = True
nfv_ha = True
vds_name = VDS1
enable_metadata = False
use_neutron_credential = False
enable_security_group = True
disable_internal_l3flow_offload = True
firewall_force_audit = True
enable_l3_router_rpc_notify = False
output_json_log = False
lb_enable_snat = False
empty_rule_action = deny
vendor_rpc_topic = VENDOR_PLUGIN
qos_rx_limit_min = 0
c. Press Esc to quit the insert mode.
d. Enter :wq to exit the vi editor and save the ml2_conf_h3c.ini file.
:wq
10. If you have set the white_list parameter to True, perform the following tasks:
? Delete the username, password, and domain parameters in the ml2_conf_h3c.ini configuration file.
? Add an authentication-free user to the VCF controller:
On the top navigation bar of the VCF controller Web interface, select Controller > System > Authentication.
Click Add.
Enter the IP address of Neutron server, and specify the role as Admin.
Click OK.
11. If you have set the binddefaultrouter parameter to True, perform the following steps:
a. On the top navigation bar of the VCF controller Web interface, select vNetwork > vRouter.
b. Click Add vRouter.
Configure the vRouter name as defaultRouter and the tenant as default, and select Public network VRF.
Click OK.
12. If you have set the use_neutron_credential parameter to True, perform the following steps:
a. On the top navigation bar of the VCF controller Web interface, select Controller > System > Users.
b. Click Add user.
Configure the username as neutron and the role as Admin, and set the password provided by the OpenStack administrator.
Click OK.
13. Restart the neutron-server service.
[root@localhost ~]# service neutron-server restart
neutron-server stop/waiting
neutron-server start/running, process 4583
14. Restart the h3c-agent service.
[root@localhost ~]# service h3c-agent restart
h3c-agent stop/waiting
h3c-agent start/running, process 4678
Verifying the installation
# Verify that the VCF OpenStack package is correctly installed. If the correct software and OpenStack versions are displayed, the package is successfully installed.
[root@localhost ~]# pip freeze | grep VCF
VCF-CONTROLLER-PLUGIN===E2176-juno-2014.2
# Verify that the neutron-server service is enabled. The service is enabled if its state is running.
[root@localhost ~]# service neutron-server status
neutron-server start/running, process 1849
# Verify that the h3c-agent service is enabled. The service is enabled if its state is running.
[root@localhost ~]# service h3c-agent status
h3c-agent start/running, process 4678
Parameters and fields
This section describes parameters in configuration files and fields included in parameters.
neutron.conf
Parameter |
Required value |
Description |
core_plugin |
ml2 |
Used for loading the core plug-in ml2 to OpenStack. |
service_plugins |
h3c_vcfplugin.l3_router.h3c_l3_router_plugin.H3CL3RouterPlugin,firewall,lbaas,vpnaas |
Used for loading the extension plug-ins to OpenStack. |
service_provider |
· FIREWALL:H3C:h3c_vcfplugin.fw.h3c_fwplugin_driver.H3CFwaasDriver:default · LOADBALANCER:H3C:h3c_vcfplugin.lb.h3c_lbplugin_driver.H3CLbaasPluginDriver:default · VPN:H3C:h3c_vcfplugin.vpn.h3c_vpnplugin_driver.H3CVpnPluginDriver:default |
Directory where the extension plug-ins are saved. |
ml2_conf.ini
Parameter |
Required value |
Description |
type_drivers |
vxlan,vlan |
Driver type. vxlan must be specified as the first driver type. |
tenant_network_types |
vxlan,vlan |
Type of the networks to which the tenants belong. vxlan must be specified as the first driver type. For intranet, only vxlan is available. For extranet, only vlan is available. |
mechanism_drivers |
ml2_h3c |
Name of the ml2 driver. |
extension_drivers |
ml2_extension_h3c |
Name of the ml2 extension driver. |
network_vlan_ranges |
N/A |
Value range for the VLAN ID of the extranet, for example, physicnet1:1000:2999. |
vni_ranges |
N/A |
Value range for the VXLAN ID of the intranet, for example, 1:500. |
OPENSTACK_NEUTRON_NETWORK
Field |
Description |
enable_lb |
Whether to enable or disable the LB configuration page. · True—Enable. · False—Disable. |
enable_firewall |
Whether to enable or disable the FW configuration page. · True—Enable. · False—Disable. |
enable_vpn |
Whether to enable or disable the VPN configuration page. · True—Enable. · False—Disable. |
ml2_conf_h3c.ini
Parameter |
Description |
url |
HTTPS URL address of the VCF controller, for example, https://127.0.0.1:8443. |
username |
Username for logging in to the VCF controller, for example, sdn. You do not need to configure a username when the use_neutron_credential parameter is set to True. |
password |
Password for logging in to the VCF controller, for example, skyline123. You do not need to configure a password when the use_neutron_credential parameter is set to True. |
domain |
Name of the domain where the VCF controller resides, for example, sdn. |
timeout |
Time period that the Neutron server waits for a response from the VCF controller in seconds, for example, 1800 seconds. · Set a time period not less than 300 seconds for plug-ins on OpenStack Juno 2014.2 as a best practice. · Set a time period not less than 1800 seconds for plug-ins on other OpenStack versions as a best practice. |
retry |
Maximum times for sending connection requests from the Neutron server to the VCF controller, for example, 10. |
vnic_type |
Type of the virtual NIC that the virtual machine supports. The value can be ovs or phy. · Plug-ins on OpenStack Juno 2014.2 support only the ovs type virtual NIC. · Plug-ins on OpenStack Kilo 2015.1 support both virtual NIC types. · Plug-ins on OpenStack Liberty, Mitaka, and Ocata do not support this parameter. |
hybrid_vnic |
Whether to enable or disable the feature of mapping OpenStack VLAN to VCF controller VXLAN. · True—Enable. · False—Disable. |
default_tenant_mode |
Whether to enable or disable the default tenant mode. · True—Enable. · False—Disable. All tenants use the virtualized network function (VNF) resources for the default tenant after the default tenant mode is enabled. Plug-ins on OpenStack Liberty, Mitaka, and Ocata do not support this parameter. |
ip_mac_binding |
Whether to enable or disable IP-MAC binding. · True—Enable. · False—Disable. The default value of this parameter is False for plug-ins on OpenStack Juno 2014.2 and True for plug-ins on other OpenStack versions. |
denyflow_age |
Anti-spoofing flow table aging time for the virtual distributed switch (VDS) an integer in the range of 1 to 3600 seconds, for example, 300 seconds. |
white_list |
Whether to enable or disable the authentication-free user feature on OpenStack. · True—Enable. · False—Disable. |
binddefaultrouter |
Whether to enable or disable the feature of binding networks to the VCF controller default router. Plug-ins on OpenStack Ocata do not support this parameter. · True—Enable. · False—Disable. |
auto_create_tenant_to_vcfc |
Whether to enable or disable the feature of automatically creating tenants on the VCF controller. · True—Enable. · False—Disable. |
router_binding_public_vrf |
Whether to use the public network VRF for creating a vRouter. · True—Use. · False—Do not use. |
enable_subnet_dhcp |
Whether to enable or disable DHCP for creating a vSubnet. · True—Enable. · False—Disable. |
dhcp_lease_time |
Valid time for vSubnet IP addresses obtained from the DHCP address pool in days, for example, 365 days. |
firewall_type |
Mode of the firewall created on the VCF controller. · SERVICE_CHAIN—Service chain type firewall, which is available only when the value of the resource_mode parameter is set to NFV. Only plug-ins on OpenStack Juno 2014.2 support this type. · GATEWAY—Gateway type firewall, which is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. Plug-ins on OpenStack Juno 2014.2 do not support this type. · CGSR—Gateway service type firewall, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. Each CGSR type firewall uses an independent context. Plug-ins on all OpenStack versions support this type. · CGSR_SHARE—Gateway service type firewall, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. All CGSR_SHARE type firewalls use the same context even if they belong to different tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type. |
lb_type |
Mode of the load balancer created on the VCF controller. · SERVICE_CHAIN—Service chain type load balancer. For plug-ins on OpenStack Juno, this type is available only when the value of the resource_mode parameter is set to NFV. For plug-ins on other OpenStack versions, this type is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. SERVICE_CHAIN load balancers that belong to one tenant use the same VNF. SERVICE_CHAIN load balancers that belong to different tenants use different VNFs. · SERVICE_CHAIN_SHARE—Service chain type load balancer, which is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. All SERVICE_CHAIN_SHARE type load balancers share the same VNF even if they belong to different tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type. · GATEWAY—Gateway type load balancer, which is available only when the value of the resource_mode parameter is set to NFV, NFV_SHARE, or NFV_SHARE_PARTLY. Plug-ins on all OpenStack versions support this type. · CGSR—Gateway service type load balancer, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. CGSR type load balancers that belong to one tenant use the same context. CGSR type load balancers that belong to different tenants use different contexts. Plug-ins on all OpenStack versions support this type. · CGSR_SHARE—Gateway service type load balancer, which is available only when the value of the resource_mode parameter is set to CORE_GATEWAY. All CGSR_SHARE type load balancers use the same context even if they belong to different tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type. |
resource_mode |
Type of the resource created on the VCF controller. · SELF_GATEWAY—Independent gateway resource. · NFV—VNF resource. · NFV_SHARE—VNF resource, which can be shared by all tenants. · CORE_GATEWAY—Gateway service resource. · NFV_SHARE_PARTLY—VNF resource, which can be shared by the specified number of tenants. Plug-ins on OpenStack Juno 2014.2 do not support this type. |
vsr_share_count |
Number of tenants that share the same VNF resource, in the range of 1 to 65535. The default number is 1. This parameter is valid only when the value of resource_mode is NFV_SHARE_PARTLY. Plug-ins on OpenStack Juno 2014.2 do not support this type. |
auto_delete_tenant_to_vcfc |
Whether to enable or disable the feature of automatically removing tenants from the VCF controller. · True—Enable. · False—Disable. The default value of this parameter is False for plug-ins on OpenStack Juno 2014.2 and True for plug-ins on other OpenStack versions. |
auto_create_resource |
Whether to enable or disable the feature of automatically creating resources. · True—Enable. · False—Disable. |
nfv_ha |
Whether configure the NFV and NVF_SHARE resources to support stack. · True—Support. · False—Do not support. |
vds_name |
Name of the VDS, for example, VDS1. |
enable_metadata |
Whether to enable or disable metadata for OpenStack. · True—Enable. · False—Disable. If you enable this feature, you must set the enable_l3_router_rpc_notify parameter to True to enable sending Layer 3 routing events to the metadata module through remote procedure call (RPC). |
use_neutron_credential |
Whether to use the OpenStack Neutron username and password to communicate with the VCF controller. · True—Use. · False—Do not use. |
enable_security_group |
Whether to enable or disable the feature of deploying security group rules to the VCF controller. · True—Enable. · False—Disable. |
disable_internal_l3flow_offload |
Whether to enable or disable the gateway to forward traffic inside the Overlay network. · True—Disable. · False—Enable. |
firewall_force_audit |
Whether to audit firewall policies synchronized to the VCF controller by OpenStack. · True—Audits firewall policies synchronized to the VCF controller by OpenStack. The auditing state of the synchronized policies on the controller is True (audited). · False—Does not audit firewall policies synchronized to the VCF controller by OpenStack. The synchronized policies on the controller retain their previous auditing state. The default value of this parameter is True for plug-ins on OpenStack Juno 2014.2 and Kilo 2015.1 and False for plug-ins on other OpenStack versions. |
enable_l3_router_rpc_notify |
Whether to enable or disable the feature of sending Layer 3 routing events through RPC. · True—Enable. · False—Disable. |
output_json_log |
Whether to output REST API messages to the OpenStack operating logs in JSON format for communication between the VCF Neutron plugins and VCF controller. · True—Enable. · False—Disable. |
lb_enable_snat |
Whether to enable or disable Source Network Address Translation (SNAT) for load balancers on the VCF controller. · True—Enable. · False—Disable. Plug-ins on OpenStack Juno 2014.2 do not support this parameter. |
empty_rule_action |
Set the action for security policies that do not contain any ACL rules on the VCF controller. In current software version, only the deny action is supported. |
vendor_rpc_topic |
RPC topic of the vendor. This parameter is required when the vendor needs to obtain Neutron data from the VCF Neutron plug-ins. The available values are as follows: · VENDOR_PLUGIN—Default value, which means that the parameter does not take effect. · DP_PLUGIN—RPC topic of DPtech. The value of this parameter must be negotiated by the vendor and H3C. Plug-ins on OpenStack Juno 2014.2 do not support this parameter. |
qos_rx_limit_min |
Minimum guaranteed bandwidth for inbound flows, in kbps. The controller uses the value of this parameter or the value of the same parameter configured for QoS on OpenStack, whichever is larger. Only plug-ins on OpenStack Kilo 2015.1 support this field. |
Removing the VCF Neutron plug-ins
You must remove the VCF Neutron plug-ins before removing the VCF OpenStack package.
To remove the VCF Neutron plug-ins:
1. Remove the VCF Neutron plug-ins by using either of the following methods:
? Enter y to remove the database for the VCF Neutron plug-ins at the same time. As a best practice, remove the configurations for the SERVICE_CHAIN type firewalls, or GATEWAY or SERVICE_CHAIN type load balancers on OpenStack before you remove the plug-ins.
? Enter n to retain the database. When you install new VCF Neutron plug-ins, the plug-ins automatically read the configuration file from the database.
[root@localhost ~]# h3c-vcfplugin controller uninstall
Uninstall the neutron plugin
whether to drop database tables:(y/n):
2. Remove the VCF OpenStack package.
[root@localhost ~]# pip uninstall VCF-CONTROLLER-PLUGIN
Uninstalling VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2:
/usr/bin/h3c-agent
/usr/bin/h3c-vcfplugin
/usr/lib/python2.7/site-packages/VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7
.egg
Proceed (y/n)? y
Successfully uninstalled VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2
Upgrading the VCF Neutron plug-ins
|
CAUTION: · Upgrade the VCF Neutron plug-ins with caution. Services might be interrupted during the upgrade procedure. · The default parameter settings for VCF Neutron plug-ins might vary by OpenStack version (Juno 2014.2, Kilo 2015.1, Liberty, Mitaka, and Ocata). Modify the default parameter settings for VCF Neutron plug-ins when upgrading the OpenStack version to ensure that the plug-ins have the same configurations before and after the upgrade. · You can upgrade VCF Neutron plug-ins on OpenStack Juno 2014.2 only to a later plug-in version of OpenStack Juno 2014.2. Upgrading to other OpenStack versions is not supported. |
To upgrade the VCF Neutron plug-ins, you need to remove the current version first, and install the new version. For information about installing the VCF Neutron plug-ins, see "Installing the VCF Neutron plug-ins." For information about removing the VCF Neutron plug-ins, see "Removing the VCF Neutron plug-ins."
Installing the Nova patch
Prerequisites
The Nova patch is included in the VCF OpenStack package. Perform the following steps to download the VCF OpenStack package from the H3C website:
1. In the Web browser address bar, enter http://www.h3c.com/cn/Software_Download. Select SDN > H3C Virtual Converged Framework Controller, and download the VCF OpenStack package of the required version.
2. Copy the VCF OpenStack package to the installation directory on the server or virtual machine, or upload it to the installation directory through FTP, TFTP, or SCP.
|
NOTE: If you decide to upload the VCF OpenStack package through FTP or TFTP, use the binary mode to avoid damage to the package. |
Installation procedure
Based on your network environment, choose one between step 3 and step 4.
To install the Nova patch:
1. Change the working directory to where the VCF OpenStack package (an .egg file) is saved, and install the package on the OpenStack compute node. The name of the VCF OpenStack package is VCF_CONTROLLER_PLUGIN-version1_version2-py2.7. version1 represents the version of the package. version2 represents the version of OpenStack.
In this example, the VCF OpenStack package is saved to the /root path.
[root@localhost ~]# easy_install VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7.egg
2. Install the Nova patch.
[root@localhost ~]# h3c-vcfplugin compute install
3. In a host overlay scenario, modify the nova.conf configuration file as follows:
If the hypervisor type of the compute node is KVM, perform the following steps:
a. Use the vi editor to open the nova.conf configuration file.
[root@localhost ~]# vi /etc/nova/nova.conf
b. Press I to switch to the insert mode, and set the parameters in the nova.conf configuration file.
For OpenStack Juno2014.2:
[s1020v]
s1020v = True
[neutron]
ovs_bridge = vds1-br
For other OpenStack versions:
[s1020v]
s1020v = True
member_status = True
[neutron]
ovs_bridge = vds1-br
c. Press Esc to quit the insert mode.
d. Enter :wq to exit the vi editor, and save the nova.conf file.
:wq
If the hypervisor type of the compute node is VMware vCenter (plug-ins on OpenStack Juno 2014.2 do not support this hypervisor type), perform the following steps:
a. Stop the neutron-openvswitch-agent service and disable the system to start the service at startup.
[root@localhost ~]# service neutron-openvswitch-agent stop
[root@localhost ~]# systemctl disable neutron-openvswitch-agent.service
b. Use the vi editor to open the nova.conf configuration file.
[root@localhost ~]# vi /etc/nova/nova.conf
c. Press I to switch to the insert mode, and set the parameters in the nova.conf configuration file.
[DEFAULT]
compute_driver = vmwareapi.VMwareVCDriver
[vmware]
host_ip = 127.0.0.1
host_username = sdn
host_password = skyline123
cluster_name = vcenter
insecure = true
[s1020v]
s1020v = True
vds = VDS2
d. Press Esc to quit the insert mode.
e. Enter :wq to exit the vi editor, and save the nova.conf file.
:wq
For descriptions of the parameters, see Table 3.
4. In a network overlay scenario, modify the nova.conf configuration file as follows:
If the hypervisor type of the compute node is KVM, you do not need to install the Nova patch.
If the hypervisor type of the compute node is VMware vCenter (plug-ins on OpenStack Juno 2014.2 do not support this hypervisor type), perform the following steps:
a. Stop the neutron-openvswitch-agent service and disable the system to start the service at startup.
[root@localhost ~]# service neutron-openvswitch-agent stop
[root@localhost ~]# systemctl disable neutron-openvswitch-agent.service
b. Select vNetwork > Host from the top navigation tree of the VCF controller webpage to identify whether the compute node is online. If the compute node is online, delete the compute node.
c. Execute the neutron agent-list command on the controller node to identify whether the database contains the agent of the compute node. If the database contains the agent of the compute node, use the neutron agent-delete id to delete it. The id argument represents the agent ID of the compute node, for example, 25c3d3ac-5158-4123-b505-ed619b741a52.
[root@localhost ~]# neutron agent-list
| id | agent_type | host |
| 25c3d3ac-5158-4123-b505-ed619b741a52 | Open vSwitch agent | compute3
[root@localhost ~]# neutron agent-delete 25c3d3ac-5158-4123-b505-ed619b741a52
Deleted agent: 25c3d3ac-5158-4123-b505-ed619b741a52
d. Use the vi editor to open the nova.conf configuration file.
[root@localhost ~]# vi /etc/nova/nova.conf
e. Press I to switch to the insert mode, and set the parameters in the nova.conf configuration file.
[DEFAULT]
compute_driver = vmwareapi.VMwareVCDriver
[vmware]
host_ip = 127.0.0.1
host_username = sdn
host_password = skyline123
cluster_name = vcenter
insecure = True
[s1020v]
s1020v = False
vds = VDS2
uplink_teaming_policy = loadbalance_srcid
f. Press Esc to quit the insert mode.
g. Enter :wq to exit the vi editor, and save the nova.conf file.
:wq
Table 3 Parameters in the configuration file
Parameter |
Description |
s1020v |
Whether to use the H3C S1020V vSwitch to forward the traffic between vSwitches and the traffic between the vSwitches and extranet: · True—Use the H3C S1020V vSwitch. · False—Do not use the H3C S1020V vSwitch. |
member_status |
Whether to enable or disable the feature of modifying the status of members on OpenStack load balancers. · True—Enable. · False—Disable. |
vds |
VDS to which the host in the vCenter belongs. In this example, the host belongs to VDS2. In the host overlay networking, you can only specify the VDS that the VCF controller synchronizes to the vCenter. In the network overlay networking, you can specify an existing VDS on demand. |
ovs_bridge |
Name of the bridge for the H3C S1020V vSwitch. Make sure the bridges created on all H3C S1020V vSwitches use the same name. |
compute_driver |
Name of the driver used by the compute node for virtualization. |
host_ip |
IP address used to log in to the vCenter, for example, 127.0.0.1. |
host_username |
Username for logging in to the vCenter, for example, sdn. |
host_password |
Password for logging in to the vCenter, for example, skyline123. |
cluster_name |
Name of the team in the vCenter environment, for example, vcenter. |
insecure |
Whether to enable or disable security check. In the current software version, the value can only be True, which means security check is disabled. |
uplink_teaming_policy |
Uplink routing policy. · loadbalance_srcid—Source vPort-based routing. · loadbalance_ip—IP hash-based routing. · loadbalance_srcmac—Source MAC hash-based routing. · loadbalance_loadbased—Physical NIC load-based routing. · failover_explicit—Explicit failover order-based routing. |
5. Restart the openstack-nova-compute service.
[root@localhost ~]# service openstack-nova-compute restart
Verifying the installation
# Verify that the VCF OpenStack package is correctly installed. If the correct software and OpenStack versions are displayed, the package is successfully installed.
[root@localhost ~]# pip freeze | grep VCF
VCF-CONTROLLER-PLUGIN===E2176-juno-2014.2
# Verify that the openstack-nova-compute service is enabled. The service is enabled if its state is running.
[root@localhost ~]# service openstack-nova-compute status
nova-compute start/running, process 184
Removing the Nova patch
You must remove the Nova patch before removing the VCF OpenStack package.
To remove the Nova patch:
1. Remove the Nova patch.
[root@localhost ~]# h3c-vcfplugin compute uninstall
2. Remove the VCF OpenStack package.
[root@localhost ~]# pip uninstall VCF-CONTROLLER-PLUGIN
Uninstalling VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2:
/usr/bin/h3c-agent
/usr/bin/h3c-vcfplugin
/usr/lib/python2.7/site-packages/VCF_CONTROLLER_PLUGIN-E2176_juno_2014.2-py2.7
.egg
Proceed (y/n)? y
Successfully uninstalled VCF-CONTROLLER-PLUGIN-E2176-juno-2014.2
Upgrading the Nova patch
|
CAUTION: Upgrade the Nova patch with caution. Services might be interrupted during the upgrade procedure. |
To upgrade the Nova patch, you need to remove the current version first, and install the new version. For information about installing the Nova patch, see "Installing the Nova patch." For information about removing the Nova patch, see "Removing the Nova patch."
FAQ
What should I do if the Python tools cannot be installed by using the yum command when a proxy server is used for Internet access?
Configure HTTP proxy by performing the following steps:
1. Make sure the server or the virtual machine can access the HTTP proxy server.
2. At the CLI of the CentOS system, use the vi editor to open the yum.conf configuration file. If the yum.conf configuration file does not exist, this step creates the file.
[root@localhost ~]# vi /etc/yum.conf
3. Press I to switch to the insert mode, and provide HTTP proxy information.
? If
the server does not require authentication, enter HTTP proxy information in the following format:
proxy =
http://yourproxyaddress:proxyport
? If the server requires authentication, enter
HTTP proxy information in the following format:
proxy = http://yourproxyaddress:proxyport
proxy_username=username
proxy_password=password
Table 4 describes the arguments in HTTP proxy information.
Table 4 Arguments in HTTP proxy information
Field |
Description |
username |
Username for logging in to the proxy server, for example, sdn. |
password |
Password for logging in to the proxy server, for example, 123456. |
yourproxyaddress |
IP address of the proxy server, for example, 172.25.1.1. |
proxyport |
Port number of the proxy server, for example, 8080. |
proxy = http://172.25.1.1:8080
proxy_username = sdn
proxy_password = 123456
4. Press Esc to quit the insert mode.
5. Enter :wq to exit the vi editor and save the yum.conf file.
:wq
What HA modes does the Neutron plug-in support?
The VCFC Neutron plug-in runs the neutron-server and h3c-agent processes, on which HA can be configured only through a third-party cluster stack such as Pacemaker.
neutron-server is a stateless service process provided by OpenStack. It supports active/passive and active/active HA modes. h3c-agent is a service process based on neutron-l3-agent. It supports only the active/passive HA mode.