Nov 15, 2017

How to Connect existing Network without BGP gateway by Simple Gateway

Previous post described how to deploy Openstack Ocata with OpenContrail 4.0. At that setup, VM can connect other VM, but VM cannot connect existing network such as Internet.
Basically, OpenContrail requires Gateway router which can speak MPBGP and MPLSoGRE to communicate other networks. (i.e. Juniper MX router or Cisco ASR router)
If you don't have such router, need to use "Simple Gateway" that uses Contrail vRouter as a gateway.

Simple Gateway works like a Network Node of Neutron.
Simple Gateway is created in Compute node and it works together with Contrail vRouter. It takes over overlay Tunnel and Physical NIC.


In case of VM wants to connect Internet, Simple Gateway terminates VM packet, then Simple Gateway routes its pakcets to Compute node kernel. After that, the packets look up routing table on Compute node. Eventually the packets reach to Internet via GW.

How to setup Simple Gateway

  1. Create Virtual-network for Public (For External network connection)
  2. Create Simple Gateway
  3. Create Virtual-network for Private (For Virtual-machine)
  4. Spawn Virtual-machine
  5. set Floating IP to Virtual-machine
  6. Verify connectivity

1. Create Virtual-network for Public (For External network connection)

Possible to create either Openstack or OpenContrail.

In case of Openstack

Create
source openstackrc
openstack network create public --external
openstack subnet create --network public --subnet-range 203.0.113.0/24 public_subnet
Verify
openstack network list --external
+--------------------------------------+--------+--------------------------------------+
| ID                                   | Name   | Subnets                              |
+--------------------------------------+--------+--------------------------------------+
| 08960915-ef83-4980-ae3d-08aea937d4fb | public | bea3e1c9-4658-4b17-bfb6-9ee8047d04c6 |
+--------------------------------------+--------+--------------------------------------+

In case of Contrail

Open Configure > Networking >Networks, Click "+" then set below items and Save
Name: Name of Virtual-network (i.e. public)
Subnet:Network address in "CIDR" (i.e.203.0.113.0/24)
Adbanced Options: Check "External"

2.Create Simple Gateway

Login target node to create SimpleGateway due to Simple Gateway is created on Compute node.
Execute command below after login.
docker exec agent python /opt/contrail/utils/provision_vgw_interface.py --oper create --interface vgw1 --subnets 203.0.113.0/24 --routes 0.0.0.0/0 --vrf default-domain:admin:public:public
Arguments

  • --oper: "create" or "delete"
  • --interface: Name of Simple Gateway. In case of multiple simple gateways are created, set unique name to each gateway.
  • --subnets: Define subnet address of Simple Gateway using. Define subnet address what you want to expose to external.
  • --routes: Define destination network that Simple Gateway allows to connect. Define 0.0.0.0/0, in case of unspecified network such as Internet. Define particular network, such ad 10.0.0.0/24, in case of specified network. Multiple networks are allowed.
  • --vrf: Define name of VRF that Contrail uses. Syntax is "default-domain:<project name>:<virtual network name>:<virtual-network name>
Network will be seen by "route -n" after creation.
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.84.50.100    0.0.0.0         UG    0      0        0 vhost0
10.84.50.0      0.0.0.0         255.255.255.0   U     0      0        0 vhost0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
203.0.113.0     0.0.0.0         255.255.255.0   U     0      0        0 vgw1
If GW or other nodes need to reach 203.0.113.0/24, add routing table that nexthop address is vhost0 of Compute node.
i.e.)kvm host needs to reach 203.0.113.0/24, below configuration is required.
also, KVM Host needs to connect external (internet), Configure NAT if necessary.
route add -net 203.0.113.0 netmask 255.255.255.0 gw 10.84.50.119
iptables -A POSTROUTING -t nat -o em1 -s 203.0.113.0/24 -j MASQUERADE

3.Create Virtual-network for Private (For Virtual-machine)

Possible to create either Openstack or OpenContrail.

In case of Openstack

Create
source openstackrc
openstack network create user-VN1
openstack subnet create --network user-VN1 --subnet-range 192.168.0.0/24 user-VN1_subnet
Verify
openstack network list --internal
+--------------------------------------+----------+--------------------------------------+
| ID                                   | Name     | Subnets                              |
+--------------------------------------+----------+--------------------------------------+
| 7f26e637-e4d2-4ce1-9afc-572837a096d4 | user-VN1 | 019c0a3c-b4a3-492a-8832-633ceffc07a3 |
+--------------------------------------+----------+--------------------------------------+

In case of Contrail

Open "Configure > Networking >Networks" Click "+", set blow items and Save
Name: Name of Virtual-network
Subnet:Network address in "CIDR"  (i.e.192.168.0.0/24)

4.Spawn Virtual-machine

Create Virtual-machine on "user-VN1" by either Horizon or command
source openstackrc
nova boot --flavor m1.tiny --image cirros --nic net-id=7f26e637-e4d2-4ce1-9afc-572837a096d4 VM1

5.set Floating IP to Virtual-machine

Possible to create either Openstack or OpenContrail.

In case of Openstack

Create
source openstackrc
openstack floating ip create public
openstack server add floating ip VM1 203.0.113.3
Verify
openstack floating ip list
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port                                 | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ef192165-151f-42f9-b58b-6215e6f92ba1 | 203.0.113.3         | 192.168.0.3      | a3b9d5a8-f33a-48be-92a3-d3b3508f9503 | 08960915-ef83-4980-ae3d-08aea937d4fb | 31ecaa5de0ea4ba783b8e267e6249d79 |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+

In case of Contrail

Open "Configure > Networking >Floating IPs", Click "+", set below items and Save
Floating IP Pool: admin:public:default (203.0.113.0/24)
Click right side Icon and Select "Associate Port" after creating Floating IP. Select target IP address of VM and Save

6.Verify connectivity

Verify connectivity from Compute node
if failed, confirm below
  • Subnet, route configuration of Simple gateway
  • Permit External connection by Security group, if from External Connection if failed.
  • Routing teble of KVM host and GW
  • NAT is required.
To isolate issues, "tcpdump" on vhost0 of Compute node or KVM host then confirm where the packets are missing.
Fro more help, visit Slack channel of OpenContrail.

Posted by at No comments:

Oct 16, 2017

How to install Kolla Openstack Ocata and Open Contrail4.0

This is English version Japanese is here.

This article describe how to install Openstack ocata and OpenContrail 4.0 which are uploaded at Dockerhub.

There are 4 Ubuntu 16.04 Virtual machines spawned KVM and each roles are below. Spawned Virtual machines must have more than 2 NICs. (Openstack kolla requirements)
All of Installation and provisioning are don by kolla1.
** In case of KVM, must enable "nested" on KVM host and VMX attribute on Virtual machine.
Servers:
kolla1(10.84.50.117): Openstack Controller/Ansible
kolla2(10.84.50.118): Contrail Controller
kolla3(10.84.50.119): Compute node
kolla4(10.84.50.120): Compute node
Procedure:
  1. Preparation
  2. Install/Download Ansible and Playbook
  3. Install
  4. Configuration after Installation
  5. Operation check

1.Preparation

Create CA and register target servers because of Kolla1 connects to all of nodes as Root.
Execute Kolla1
ssh-keygen -t rsa
Execute command below to all of nodes.
ssh-copy-id -i ~/.ssh/id_rsa.pub lab@10.84.50.117
ssh -t lab@10.84.50.117 'sudo mkdir /root/.ssh'
ssh -t lab@10.84.50.117 'sudo cp /home/lab/.ssh/authorized_keys /root/.ssh/authorized_keys'

Preparation to use Ansible
Execute Kolla1
apt update
apt install python-pip sshpass
pip install -U pip
pip install -U ansible
pip install  pyOpenSSL==16.2.0
Execute command below to all of nodes.
ssh -t root@10.84.50.117 'apt-get -y install python-simplejson'



2. Download and Configure Ansible Playbook



Download install file from github.


git clone https://github.com/gokulpch/OpenContrail-Kolla.git

Two directories are available, contrail-ansible for OpenContrial and kolla-ansible for Opentack.





Modify Configuration file of Openstack



Modify OpenContrail-Kolla/kolla-ansible/etc/kolla/globals.yml

Modifiy 4 items below;


network_interface: "ens3"
kolla_internal_vip_address: "10.84.50.117"
contrail_api_interface_address: "10.84.50.118"
neutron_external_interface: "ens4"


    

  • network_interface: Configure VM NIC which connects Underlay network
    • 

  • kolla_internal_vip_address: Configure IP address of Openstack Controller
    • 

  • contrail_api_interface_address: Configure IP address of OpenContrail Config node
    • 

  • neutron_external_interface: Configure NIC as Fake NIC
    • 








Modify OpenContrail-Kolla/kolla-ansible/etc/kolla/passwords.yml

The file is configured password of each components.(default is contrail1)

If you need to modify password, use this file.





Modify OpenContrail-Kolla/kolla-ansible/ansible/inventory/multinode

Modify [control] [network] [compute] [monitoring] [storage] items. An example below uses hostname. In case of using host name, must able to resolve IP address from hostname by /etc/hosts and so on.


[control]
kolla1
[network]
kolla1
[compute]
kolla3
kolla4
[monitoring]
kolla1
[storage]
kolla1






Configure configuration file of OpenContrail



Modify OpenContrail-Kolla/contrail-ansible/playbooks/inventory/my-inventory/hosts



Modify [contrail-controllers] [contrail-analytics] [contrail-compute] [openstack-controllers] items. Must use IP address instead of host name otherwise OpenContrail doesn't work correctly.


[contrail-controllers]
10.84.50.118
[contrail-analyticsdb]
10.84.50.118
[contrail-analytics]
10.84.50.118
[contrail-compute]
10.84.50.119
10.84.50.120
[openstack-controllers]
10.84.50.117





Modify OpenContrail-Kolla/contrail-ansible/playbooks/inventory/my-inventory/group_vars/all.yml 





Modify 5 items below;


ansible_ssh_private_key_file: ~/.ssh/id_rsa
global_config: { external_rabbitmq_servers: 10.84.50.117 }
rabbitmq_config: { user: openstack, password: contrail1 }
keystone_config: {ip: 10.84.50.117, admin_password: contrail1, auth_protocol: http}
vrouter_physical_interface: ens3




    

  • ansible_ssh_private_key_file: Configure CA for login (uncomment this item. remove "#")
    • 

  • global_config: Configure IP address of RabbitMQ
    • 

  • rabbitmq_config: Configure password of RabbitMQ. Must modify if the password is modified at passwords.yml.
    • 

  • keystone_config: Configure IP address and password of Keysone. Must modify if the password is modified at passwords.yml.
    • 

  • vrouter_physical_interface: Configure NIC of vRouter of OpenContrailぎ. If NIC is different of each Compute nodes, configure NIC at hosts file.
    • 












3.Install



Preparation for installation of Openstack



Install dependency file and export variable to ignore ssh key verification.


ssh -t root@10.84.50.117 'apt-get -y install python-oslo-config'
export ANSIBLE_HOST_KEY_CHECKING=False



Install Openstack


cd OpenContrail-Kolla/kolla-ansible/ansible/
ansible-playbook -i inventory/multinode -e @../etc/kolla/globals.yml -e @../etc/kolla/passwords.yml -e action=bootstrap-servers kolla-host.yml
ansible-playbook -i inventory/multinode -e @../etc/kolla/globals.yml -e @../etc/kolla/passwords.yml -e action=deploy site.yml



Preparation for installation of OpenContrail

Install Docker


ssh -t root@10.84.50.118 'curl -sSL https://get.docker.io | bash'



Install OpenContrail


cd OpenContrail-Kolla/contrail-ansible/playbooks/
ansible -i inventory/my-inventory -m shell -a 'apt-get install -y ntp' all
ansible-playbook  -i inventory/my-inventory site.yml





Reboot compute nodes


ssh -t root@10.84.50.119 reboot
ssh -t root@10.84.50.120 reboot





4.Configuration after installation





Fix a bug of horizon


docker exec -i horizon sudo sed -i -e 's:/usr/share/openstack-dashboard/static:/var/lib/openstack-dashboard/static:g' /etc/apache2/conf-enabled/000-default.conf
docker exec -i horizon /usr/share/openstack-dashboard/manage.py collectstatic --noinput
docker exec -i horizon /usr/share/openstack-dashboard/manage.py compress
docker exec -i horizon sudo service apache2 reload



Create openstackrc


echo 'export OS_USERNAME=admin
export OS_PASSWORD=contrail1
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.84.50.117:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2' > openstackrc



Install Openstack client


pip install python-openstackclient



Create flavor


source openstackrc
openstack flavor create --id 1 --disk 1 --ram 512 --public m1.tiny
openstack flavor create --id 2 --disk 20 --ram 2048 --public m1.small
openstack flavor create --id 3 --disk 40 --ram 4096 --public m1.medium
openstack flavor create --id 4 --disk 80 --ram 8192 --public m1.large
openstack flavor create --id 5 --disk 160 --ram 16384 --public m1.xlarge



5.Operation Check

Execute openstack network list. If 3 network date is returned, finish to install/provision Openstack and OpenContrail.


+--------------------------------------+-------------------------+--------------------------------------+
| ID                                   | Name                    | Subnets                              |
+--------------------------------------+-------------------------+--------------------------------------+
| a5432e6b-0155-4b13-abe8-e6290f6dc9fe | __link_local__          |                                      |
| 5a58e2d9-88b1-4ff2-9e0f-e0ed5e4e72ce | default-virtual-network |                                      |
| 65549c94-5ffc-4b30-9025-00a54813a695 | ip-fabric               |                                      |
+--------------------------------------+-------------------------+--------------------------------------+



Next article describes how to configure Simple Gateway to connect outside of OpenContrail.



Refference

https://gitlab.com/gokulpch/OpenContrail-Kolla/blob/master/README.md













Posted by



at





6 comments:
  
































        

      









Subscribe to:
Posts (Atom)