No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Guide for Interworking Between HUAWEI CloudFabric Solution and Redhat OpenStack

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Interconnecting the OpenStack with the Agile Controller-DCN

Interconnecting the OpenStack with the Agile Controller-DCN

Configuration for the Agile Controller-DCN V300R002 (Network Overlay Scenario)

Configuring the Agile Controller-DCN
Data Preparation

The following table describes the data required for interconnecting with the OpenStack.

Item

Example Value

Description

Creating a northbound user

Account

openstack@huawei.com

Used for interconnection with the OpenStack but not login.

Description

Account used for interconnection with a cloud platform

N/A

Password

Huawei@123

It must comply with the password policy of the Agile Controller-DCN.

Modify password first login

no

The account and password are used for interconnection with the OpenStack but not login.

User Type

Cluster Share User

Single Agile Controller-DCN cluster: Select a shared cluster user.

Tenant

Tenant: NAAS

Role: Northbound Interface Operator

If the user type is Cluster Share User, the NAAS tenant must be associated and the role must be set to Northbound Interface Operator.

Creating an OpenStack

Cloud platform name

RedHatOP

Used for interconnection with the OpenStack.

VNI

6000–7000

The VNI resource is used for the network service of the cloud platform. The value range is smaller than the global VNI value range because some global VNI resources are reserved for the router service of the cloud platform. The value range is the same as the value of the vni_ranges field in the /etc/neutron/plugins/ml2/ml2_conf.ini configuration file of the cloud platform.

IP address

172.24.52.12

172.24.52.6

172.24.52.15

It indicates the IP address of the neutron-server. Multiple IP addresses need to be configured for multiple neutron-server nodes. One to three IP addresses can be added.

Procedure
  1. Create a northbound user.

    1. Choose System > Administrator > Administrator from the main menu, and click Create.

    2. Set basic information about the northbound user according to the planned data and click Next.

    3. Allow all IP addresses to use this account to log in to the Agile Controller-DCN, and click Next.

    4. Set the user type, select Northbound Interface Operator, and click Confirm.

    5. Switch to the northbound user for login. A message is displayed indicating that the user has insufficient rights.

  2. Create a cloud platform.

    1. Choose Integration > Cloud Platform > OpenStack from the main menu and click Create.

    2. Set the parameters for interconnecting the Agile Controller-DCN with the OpenStack, and click Confirm.
    3. IP addresses in this project: 172.24.52.12/6/15

  3. Configure the JSONRPC protocol.

    1. Choose System > System Settings > Southbound Protocol > JSONRPC > JSONRPC Configuration.
    2. Set Enable port 40960 to ON and click Apply. If this parameter is set to ON, the Agile Controller-DCN uses port 40960 to establish JSONRPC communication with the cloud platform. This parameter does not need to be set to ON if the Agile Controller-DCN is not connected to a cloud platform.
    3. Set TLS Switch to ON and click Apply.

  4. Modify the parameters of the cloud platform.

    1. Modify the rpc_workers parameter. (Note: The default value is 48. If the value meets the requirement, skip this step.)

      Reason for modification: The neutron-server process on the cloud platform is classified into two types: One is used to process the API requests received by Neutron, and the other is used to process the RPC requests between agents (such as neutron-openvswitch-agent and neutron-dhcp-agent) and Neutron. In the scenario where a large number of networks and VMs are deployed, a large number of neutron-server processes are required to process RPC requests. The rpc_workers parameter indicates the number of neutron-server processes. The recommended value is 5 or higher.

      Modification method: Log in to all OpenStack control nodes as the root user and open the /etc/neutron/neutron.conf file. Set the value of rpc_workers to 5 or higher. Run the following command to restart the neutron-server on all OpenStack control nodes to make the modification take effect:

      [root@controller ~]# systemctl restart neutron-server.service
    2. Modify the rpc_response_timeout parameter.

      Reason for modification: In the scenario where services are provisioned independently on the cloud platform, if ports on the VMs and DHCP server go online, the neutron-openvswitch-agent reports these online events to the neutron-server through RPC interfaces in batches. In the scenario where the cloud platform and Agile Controller-DCN collaborate to provision services, the port online event needs to be sent to the Agile Controller-DCN. Therefore, the duration for the neutron-server to respond to a request of the neutron-openvswitch-agent becomes longer. The rpc_response_timeout parameter specifies the timeout duration for the neutron-openvswitch-agent to wait for the response from the neutron-server, in seconds. The recommended value is 300.

      Modification method:

      Log in to all OpenStack network and compute nodes as the root user and open the /etc/neutron/neutron.conf file. Set the value of rpc_response_timeout to 300.

      Run the following command to restart neutron-openvswitch-agent on all OpenStack network and compute nodes to make the modification take effect:

      [root@controller ~]# systemctl restart neutron-openvswitch-agent.service

Installing a Plug-in and Configuring the OpenStack

Prerequisites:

  • All hosts, the OpenStack, and the Agile Controller-DCN have been installed.
  • The OpenStack controller node where the neutron-server is installed must communicate with the northbound network of the Agile Controller-DCN.

Procedure:

  1. Upload AgileController-DCNV300R002C10SPC300B015_cloud_plugin_pkg.zip to the root directory of the OpenStack control node where the neutron-server is installed. Decompress the installation package.

    [root@controller ~]# unzip AgileController-DCNV300R002C10SPC300B015_cloud_plugin_pkg.zip
    [root@controller ~]# tar -zxf networking-huawei.tar.gz

  2. Modify parameters in /root/networking-huawei/tools/networking_huawei_config.txt. The parameters in bold must be set.

    [huawei_ac_agent_config]
    
    # Huawei Agile Controller(AC) json rpc server IP address.
    # If AC in cluster mode, provide floating/virtual IP,
    # else AC IP address. (Required)
    rpc_server_ip = 172.24.52.81        //Northbound floating IP address of the Agile Controller-DCN
    
    # Huawei Agile Controller(AC) json rpc service port number,
    # default port is 4096.(Optional)
    # Minimum value: 1
    # Maximum value: 65535
    #  (integer value)
    #rpc_server_port = 4096
    
    # Current neutron server IP address which
    # act as json rpc client.(Required)
    host_ip = 172.24.52.11      //IP address of the local NIC used for JSONRPC interconnection. Here, set it to the external IP address of the control node.
    # TLS version, support version [SSLv23, TLS_1],
    # default version is SSLv23 (Optional)
    #tls_version = SSLv23         //TLS version used by the JSONRPC protocol
    
    
    [huawei_ac_config]
    
    # Huawei Agile Controller(AC) REST host
    # ip address. If this is not set then no
    # HTTP requests will be made.(Required)
    host = 172.24.52.81           //Northbound floating IP address of the Agile Controller-DCN
    
    # Huawei Agile Controller(AC) ReST interface
    # port number, default port is 18002.(Optional)
    # Minimum value: 1
    # Maximum value: 65535
    #port = 18002
    
    # Neutron server ip address.(Required)
    neutron_ip = 172.24.52.11       //IP address of the local NIC used for RESTCONF interconnection
    
    # OpenStack cloud name.(Required)
    cloud_name = RedHatOP       //Cloud platform name configured on the Agile Controller-DCN
    
    # OpenStack version: [ Kilo, Liberty, Mitaka, FusionSphere6.1 ]. Default is
    # Liberty. (string value)(Required)
    OPS_version = Newton          //OpenStack version information
    
    ...
    
    # SNAT enable option. Pls set this option
    # to False if you want to disable snat.(Optional)
    # default is True.(Optional)
    #enable_snat = true    //Indicates whether the global SNAT service is enabled. The default value is true.
    
    # Bind port level option. Pls set this option to True if you want to enable
    # bind port level. This is an optional parameter, default is False. It can be
    # configured to true/false/True/False. (boolean value)(Optional)
    #enable_bind_port_level = true   //Indicates whether to enable hierarchical binding. The default value is false. In the network overlay scenario, set it to true. In the hybrid overlay scenario, set it to false.
    
    # Bind port level option. Pls set this option to what you have set in
    # network/compute node bridge mappings. Once you enabled bind port level, this
    # option should be the same with bridge mappings config. (string value)(Optional)
    physical_network = datacentre   //Physical network name that needs to be set when hierarchical binding is enabled
    # Neutron synchronization time in 24 hours format, will trigger on the time at
    # which user configured in this parameter. If need perform the neutron sync
    # weekly, then provide the weekday name before the time. If weekday is not
    # provided, then it will be considered as daily.
    # Examples: 01:05:03, 2:4:3, 18:2:05, Sat 2:32:54, Monday 20:1:23
    # This is an optional parameter, default is daily 02:00:00 in the morning.
    # Minimum value: 00:00:00
    # Maximum value: 23:59:59
    #  (string value)(Optional)
    #neutron_sync_time = 02:00:00

    NOTE:

    The networking_huawei_config.txt file contains only basic interconnection parameters. To set more parameters, modify the /etc/neutron/huawei_driver_config.ini file after installing the plug-in.

  3. Modify the /root/networking-huawei/networking_huawei/drivers/ac/plugins/ml2/driver.py to support the compatibility with the N version.

  4. Install the plug-in.

    1. Go to the installation directory and run the networking-huawei/tools/networking_huawei_install.sh command.

    2. During the execution, you need to enter the northbound user name and password of the Agile Controller-DCN (openstack@huawei.com and Huawei@123 in this project). Enter the OpenStack user name and password (admin and NfQgDVBhJW8BD2nPb7EZvy7GG), and then enter Y repeatedly until the installation is complete.

    3. Modify the vni_ranges parameter in the /etc/neutron/plugins/ml2/ml2_conf.ini file. The value of this parameter must be the same as the VNI value of the OpenStack created on the Agile Controller-DCN. In this project, set this parameter to 6000:7000.

    4. Change the value of the l3_ha parameter in the /etc/neutron/neutron.conf file to false to disable the HA function.

    5. Change the value of the auth_url parameter in the /etc/neutron/huawei_driver_config.ini file to that of the auth_url parameter in the /etc/neutron/neutron.conf file.

    6. Restart the neutron-server.

  5. Synchronize the security group.

    1. Go to the tools directory in the plug-in installation directory.
      [root@controller ~]# cd /root/networking-huawei/tools
    2. Run the sync_security_group.sh script to synchronize the default security group default.
      [root@controller ~]# sh sync_security_group.sh

    Precautions for delivering the default OpenStack security group:

    The OpenStack plug-in uses the security_group_sync_times parameter in the huawei_driver_config.ini file to determine whether to deliver the default security group to the Agile Controller-DCN.

    It indicates the number of times for delivering the default security group when the neutron-server starts. The value ranges from 1 to 10, and the default value is 1. When the OpenStack interconnects with the Agile Controller-DCN for the first time, the value is 1 by default. When the OpenStack interconnects with the Agile Controller-DCN again, increase the value by one and restart the neutron-server. The number of interconnection times cannot exceed 10.

    Do not directly set security_group_sync_times to 10. Instead, increase the value by 1 each time the default security group needs to be delivered. For example: If the current value is 5 and you need to deliver the default security group again, change the value to 6 and restart the neutron-server. In this mode, the default security group is delivered only when the neutron-server is restarted next time. In other cases, the default security group is not delivered. In this way, the 10 precious opportunities are not consumed. If you directly change the value to 10, the quota for delivering the default security group is used up after the neutron-server is restarted for 10 times.

    If the Agile Controller-DCN is reinstalled for more than 10 times, you need to manually clear the OpenStack database by performing the following steps:

    1. Access the MySQL database. Generally, the password is root or aaaa.
      mysql -uroot -proot
    2. Switch to the neutron database.
      use neutron
    3. Change the value of huawei_ac_config to 0.
      update huawei_ac_config set value=0;

Configuring Hierarchical Binding
NOTE:

You need to configure hierarchical binding only in the network overlay scenario, not in the hybrid overlay scenario.

  1. Log in to all compute and network nodes as the root user and modify the /etc/neutron/plugins/ml2/openvswitch_agent.ini file. As shown in the following figure, modify bridge_mappings under the [ovs] label. Information in green indicates the physical network name and that in red indicates the OVS bridge to be manually created. The information can be customized.

    [ovs]
    
    # Comma-separated list of <physical_network>:<bridge> tuples mapping physical
    # network names to the agent's node-specific Open vSwitch bridge names to be
    # used for flat and VLAN networks. The length of bridge names should be no more
    # than 11. Each bridge must exist, and should have a physical network interface
    # configured as a port. All physical networks configured on the server should
    # have mappings to appropriate bridges on each agent. Note: If you remove a
    # bridge from this mapping, make sure to disconnect it from the integration
    # bridge as it won't be managed by the agent anymore. (list value)
    #bridge_mappings =
    bridge_mappings = datacentre:br-physnet

  2. Create the br-physnet bridge.

  3. Delete the br-tenant bridge.

  4. Bind the bridge to a physical port.

  5. Check the OVS configuration.

  6. Delete the default bridge br-tun.

  7. Modify the /etc/neutron/plugins/ml2/openvswitch_agent.ini file to comment out all tunnel-related parameters (in bold).

    # Network types supported by the agent (gre and/or vxlan). (list value)
    #tunnel_types = vxlan
    # The UDP port to use for VXLAN tunnels. (port value)
    # Minimum value: 0
    # Maximum value: 65535
    #vxlan_udp_port = 4789
    # Use ML2 l2population mechanism driver to learn remote MAC and IPs and improve
    # tunnel scalability. (boolean value)
    #l2_population = false
    # Tunnel bridge to use. (string value)
    #tunnel_bridge = br-tun
    # IP address of local overlay (tunnel) network endpoint. Use either an IPv4 or
    # IPv6 address that resides on one of the host network interfaces. The IP
    # version of this value must match the value of the 'overlay_ip_version' option
    # in the ML2 plug-in configuration file on the neutron server node(s). (IP
    # address value)
    #local_ip = 172.24.53.7

  8. Restart the neutron-openvswitch-agent service on all compute and network nodes and check the status of the OVS bridge. Verify that the default bridge br-tun is deleted.

  9. Modify the configuration file /etc/neutron/huawei_driver_config.ini of the control node (where the neutron-server service is located) to enable hierarchical binding and configure the physical network name.

    [huawei_ac_config]
    # Bind port level option. Pls set this option to True if you want to enable
    # bind port level. This is an optional parameter, default is False. It can be
    # configured to true/false/True/False. (boolean value)(Optional)
    enable_bind_port_level = true
    
    # Bind port level option. Pls set this option to what you have set in
    # network/compute node bridge mappings. Once you enabled bind port level, this
    # option should be the same with bridge mappings config. (string value)(Optional)
    physical_network = datacentre

  10. Restart the neutron-server service on the control node where the neutron-server service is located.

    [root@overcloud-controller-1 ~]# systemctl restart neutron-server.service
    [root@overcloud-controller-1 ~]# systemctl status neutron-server.service
    neutron-server.service - OpenStack Neutron Server
    Loaded: loaded (/usr/lib/systemd/system/neutron-server.service; enabled; vendor preset: disabled)
    Active: active (running) since Fri 2018-03-09 16:10:36 UTC; 46min ago
    Main PID: 1040573 (neutron-server)
    CGroup: /system.slice/neutron-server.service

Configuration for the Agile Controller-DCN V300R003 (Hybrid Overlay Scenario)

Configuring the Agile Controller-DCN
Data Preparation

The following table describes the data required for interconnecting with the OpenStack.

Item

Example Value

Description

Creating a northbound user

Account

openstack@huawei.com

Used for interconnection with the OpenStack but not login.

Description

Account used for interconnection with a cloud platform

N/A

Password

Huawei@123

It must comply with the password policy of the Agile Controller-DCN.

Modify password first login

no

The account and password are used for interconnection with the OpenStack but not login.

User Type

Cluster Share User

Single Agile Controller-DCN cluster: Select a shared cluster user.

Tenant

Tenant: NAAS

Role: Northbound Interface Operator

If the user type is Cluster Share User, the NAAS tenant must be associated and the role must be set to Northbound Interface Operator.

Creating an OpenStack

Cloud platform name

RedHatOP

Used for interconnection with the OpenStack.

VNI

6000–7000

The VNI resource is used for the network service of the cloud platform. The value range is smaller than the global VNI value range because some global VNI resources are reserved for the router service of the cloud platform. The value range is the same as the value of the vni_ranges field in the /etc/neutron/plugins/ml2/ml2_conf.ini configuration file of the cloud platform.

IP address

172.24.52.12

172.24.52.6

172.24.52.15

It indicates the IP address of the neutron-server. Multiple IP addresses need to be configured for multiple neutron-server nodes. One to three IP addresses can be added.

Procedure
  1. Create a northbound user.

    1. Choose System > Administrator > Administrator from the main menu, and click Create.

    2. Set basic information about the northbound user according to the planned data and click Next.

    3. Allow all IP addresses to use this account to log in to the Agile Controller-DCN, and click Next.

    4. Set the user type, select Northbound Interface Operator, and click Confirm.

    5. Switch to the northbound user for login. A message is displayed indicating that the user has insufficient rights.

  2. Create a cloud platform.

    1. Choose Integration > Cloud Platform > OpenStack from the main menu and click Create.

    2. Set the parameters for interconnecting the Agile Controller-DCN with the OpenStack, and click Confirm. IP addresses in this project: 172.24.52.12/6/15

  3. Configure the JSONRPC protocol.

    1. Choose System > System Settings > Southbound Protocol > JSONRPC > JSONRPC Configuration.
    2. Set Enable port 40960 to ON and click Apply. If this parameter is set to ON, the Agile Controller-DCN uses port 40960 to establish JSONRPC communication with the cloud platform. This parameter does not need to be set to ON if the Agile Controller-DCN is not connected to a cloud platform.
    3. Set TLS Switch to ON and click Apply.

  4. Modify the parameters of the cloud platform.

    1. Modify the rpc_workers parameter. (Note: The default value is 48. If the value meets the requirement, skip this step.)

      Reason for modification: The neutron-server process on the cloud platform is classified into two types: One is used to process the API requests received by Neutron, and the other is used to process the RPC requests between agents (such as neutron-openvswitch-agent and neutron-dhcp-agent) and Neutron. In the scenario where a large number of networks and VMs are deployed, a large number of neutron-server processes are required to process RPC requests. The rpc_workers parameter indicates the number of neutron-server processes. The recommended value is 5 or higher.

      Modification method: Log in to all OpenStack control nodes as the root user and open the /etc/neutron/neutron.conf file. Set the value of rpc_workers to 5 or higher.

      Run the following command to restart the neutron-server on all OpenStack control nodes to make the modification take effect:

      [root@controller ~]# systemctl restart neutron-server.service
    2. Modify the rpc_response_timeout parameter.

      Reason for modification: In the scenario where services are provisioned independently on the cloud platform, if ports on the VMs and DHCP server go online, the neutron-openvswitch-agent reports these online events to the neutron-server through RPC interfaces in batches. In the scenario where the cloud platform and Agile Controller-DCN collaborate to provision services, the port online event needs to be sent to the Agile Controller-DCN. Therefore, the duration for the neutron-server to respond to a request of the neutron-openvswitch-agent becomes longer. The rpc_response_timeout parameter specifies the timeout duration for the neutron-openvswitch-agent to wait for the response from the neutron-server, in seconds. The recommended value is 300.

      Modification method: Log in to all OpenStack network and compute nodes as the root user and open the /etc/neutron/neutron.conf file. Set the value of rpc_response_timeout to 300.

      Run the following command to restart neutron-openvswitch-agent on all OpenStack network and compute nodes to make the modification take effect:

      [root@controller ~] systemctl restart neutron-openvswitch-agent.service

Installing a Plug-in and Configuring the OpenStack

Prerequisites:

  • All hosts, the OpenStack, and the Agile Controller-DCN have been installed.
  • The OpenStack controller node where the neutron-server is installed must communicate with the northbound network of the Agile Controller-DCN.

Procedure:

  1. Upload AgileController-DCNV300R002C10SPC300B015_cloud_plugin_pkg.zip to the root directory of the OpenStack control node where the neutron-server is installed. Decompress the installation package.

    [root@controller ~]# unzip AgileController-DCNV300R002C10SPC300B015_cloud_plugin_pkg.zip

    [root@controller ~]# tar -zxf networking-huawei.tar.gz

  2. Modify parameters in /root/networking-huawei/tools/networking_huawei_config.txt. The parameters in bold must be set.

    The networking_huawei_config.txt file contains only basic interconnection parameters. To set more parameters, modify the /etc/neutron/huawei_driver_config.ini file after installing the plug-in.

    In the hybrid scenario, modify the configuration file of V3R3 according to the following figure.

  3. Install the plug-in.

    1. Go to the installation directory and run the networking-huawei/tools/networking_huawei_install.sh command.

    2. During the execution, you need to enter the northbound user name and password of the Agile Controller-DCN (openstack@huawei.com and Huawei@123 in this project). Enter the OpenStack user name and password (admin and NfQgDVBhJW8BD2nPb7EZvy7GG), and then enter Y repeatedly until the installation is complete.

    3. Modify the vni_ranges parameter in the /etc/neutron/plugins/ml2/ml2_conf.ini file. The value of this parameter must be the same as the VNI value of the OpenStack created on the Agile Controller-DCN. In this project, set this parameter to 6000:7000.

    4. Change the value of the l3_ha parameter in the /etc/neutron/neutron.conf file to false to disable the HA function.

    5. Change the value of the auth_url parameter in the /etc/neutron/huawei_driver_config.ini file to that of the auth_url parameter in the /etc/neutron/neutron.conf file.

    6. Restart the neutron-server.

  4. Synchronize the security group.

    1. Go to the tools directory in the plug-in installation directory.
      [root@controller ~]# cd /root/networking-huawei/tools
    2. Run the sync_security_group.sh script to synchronize the default security group default.
      [root@controller ~]# sh sync_security_group.sh

    Precautions for delivering the default OpenStack security group:

    The OpenStack plug-in uses the security_group_sync_times parameter in the huawei_driver_config.ini file to determine whether to deliver the default security group to the Agile Controller-DCN.

    It indicates the number of times for delivering the default security group when the neutron-server starts. The value ranges from 1 to 10, and the default value is 1. When the OpenStack interconnects with the Agile Controller-DCN for the first time, the value is 1 by default. When the OpenStack interconnects with the Agile Controller-DCN again, increase the value by one and restart the neutron-server. The number of interconnection times cannot exceed 10.

    Do not directly set security_group_sync_times to 10. Instead, increase the value by 1 each time the default security group needs to be delivered. For example: If the current value is 5 and you need to deliver the default security group again, change the value to 6 and restart the neutron-server.

    In this mode, the default security group is delivered only when the neutron-server is restarted next time. In other cases, the default security group is not delivered. In this way, the 10 precious opportunities are not consumed. If you directly change the value to 10, the quota for delivering the default security group is used up after the neutron-server is restarted for 10 times.

    If the Agile Controller-DCN is reinstalled for more than 10 times, you need to manually clear the OpenStack database by performing the following steps:

    1. Access the MySQL database. Generally, the password is root or aaaa.
      mysql -uroot -proot
    2. Switch to the neutron database.
      use neutron
    3. Change the value of huawei_ac_config to 0.
      update huawei_ac_config set value=0;

Download
Updated: 2019-03-25

Document ID: EDOC1100072313

Views: 2521

Downloads: 17

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next