-
Notifications
You must be signed in to change notification settings - Fork 2
Contrail with RedHat OpenStack
Official instructions can be found here
Setup and provision a RedHat OpenStack environment using official documentation
https://access.redhat.com/documentation/en/red-hat-enterprise-linux-openstack-platform/
Run these on all nodes
To update RHOSP nodes with Contrail information, paste the contents of keystonrc file, or the overcloudrc file if using RedHat Director, into a file named /etc/contrail/openstackrc. Example
cat > /etc/contrail/openstackrc <<EOF
#The contents of overcloudrc file
export OS_NO_CACHE=True
export OS_CLOUDNAME=overcloud
export OS_AUTH_URL=http://<keystone-ip>:5000/v2.0
export NOVA_VERSION=1.1
export COMPUTE_API_VERSION=1.1
export OS_USERNAME=admin
export no_proxy=, <keystone-ip>, <keystone-ip>
export OS_PASSWORD=8jNKeRh3jUPa9rFr3TcBdyZxR
export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
export OS_TENANT_NAME=admin
EOF
Verify that networking service will be provided by Contrail. Because the networking service will be provided by the Contrail controller, you must disable neutron-server if it is already enabled in the RHOSP nodes.
To check the status of neutron-server:
service neutron-server status
To disable neutron-server:
service neutron-server stop
Prepare the Red Hat Enterprise Linux (RHEL) Repositories and install openstack-utils
subscription-manager repos --enable=rhel-7-server-rpms
subscription-manager repos --enable=rhel-7-server-rh-common-rpms
subscription-manager repos --enable=rhel-7-server-extras-rpms
subscription-manager repos --enable=rhel-7-server-openstack-10-rpms
subscription-manager repos --enable=rhel-7-server-openstack-10-devtools-rpms
yum -y install openstack-utils
Update the networking service configuration in nova.conf. Because the Contrail controller will be providing the Neutron services, you need to change the and set the Neutron URL.
Note: For the , use the Contrail VIP address if the Contrail services are running in HA mode.
source /etc/contrail/openstackrc
openstack-config --set /etc/nova/nova.conf neutron url http://<controller-ip>:9696
Replace the with the IP address of the Keystone server, and set up the neutron_admin_auth_url:
openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://<keystone-ip>:35357/v2.0
Create the networking service API endpoint, using the from the previous step.
Note: If the API endpoint is currently pointing to the RHOSP node, the existing endpoint must be removed before creating the new API endpoint. To update the API endpoint, run this one a single node only. Don't run this on every node:
openstack endpoint create --region regionOne --publicurl 'http://<controller-ip>:9696' --adminurl 'http://<controller-ip>:9696' --internalurl 'http://<controller-ip>:9696' neutron
To list endpoints (by endpoint-id) :
openstack endpoint list --long
To delete an existing endpoint:
source /etc/contrail/openstackrc; openstack endpoint delete <endpoint-id>
There is a known issue, in some cases, the keystone endpoint-delete results in an error message. If this happens, you must delete the existing endpoint from the database.
Caution: Always use extreme caution when deleting items directly from the database. To delete an existing endpoint from the database:
mysql -u root -o keystone -e "delete from endpoint where url='http://<rhosp-node-ip>:9696’;”
Restart services:
service openstack-nova-api restart
service openstack-nova-conductor restart
service openstack-nova-scheduler restart
service openstack-nova-consoleauth restart
Ensure IP tables are disabled. To disable IP tables on a single node:
iptables --flush
sudo service iptables stop
sudo service ip6tables stop
sudo systemctl stop firewalld
sudo systemctl status firewalld
sudo chkconfig firewalld off
sudo /usr/libexec/iptables/iptables.init stop
sudo /usr/libexec/iptables/ip6tables.init stop
sudo service iptables save
sudo service ip6tables save
service NetworkManager stop
chkconfig NetworkManager off
In each enabled interface, disable NM_CONTROLLED in the config file at /etc/sysconfig/network-scripts/ and add the a new configuration:
NM_CONTROLLED=no
ONBOOT=yes
Prepare the Contrail Install Packages
Latest Contrail is provided in a .tgz package of this form:
contrail-install-packages -<release>-<version>~<sku>.el7.noarch.tgz
Copy the contrail-install-packages to the first Contrail config node.
cat << __EOT__ > /etc/yum.repos.d/contrail-install.repo
[contrail_install_repo]
name=contrail_install_repo
baseurl=file:///opt/contrail/contrail_install_repo/
enabled=1
priority=1
gpgcheck=0
__EOT__
mkdir -p /opt/contrail/contrail_install_repo
mkdir -p /opt/contrail/bin
cd /opt/contrail/contrail_install_repo/
tar xzvf /path/to/contrail-install-packages -<release>-<version>~<sku>.el7.noarch.tgz
Create shell scripts and put to bin
cp /opt/contrail/contrail_packages/helpers/* /opt/contrail/bin/
Remove existing python-crypto-2.0.1 rpm.
yum -y --disablerepo=* remove python-crypto-2.0.1
Install if available
yum -y install yum-plugin-priorities
Priority Override for obsolete packages
priorities_conf="/etc/yum/pluginconf.d/priorities.conf"
[ -f $priorities_conf ] && \
grep -qi "\[main\]" $priorities_conf && \
! grep -q "check_obsoletes\s*=\s*1" $priorities_conf && \
sed -i 's/\[main\]$/&\ncheck_obsoletes = 1/' $priorities_conf && \
echo "PASS: Added Priority Override for Obsolete packages" || ( \
grep -q "check_obsoletes\s*=\s*1" $priorities_conf && \
echo "PASS: Priority Override for Obsolete packages already exists. Nothing to do" ) || ( \
[ ! -f $priorities_conf ] && echo "WARNING: $priorities_conf not found" ) || ( \
echo "WARNING: Couldnt add priority Override for Obsolete packages. Check..." && \
cat $priorities_conf )
Install basic packages and fabric utilities
yum -y install contrail-fabric-utils contrail-setup
Always use the recommended kernel version with Contrail nodes, including the compute nodes. Check the kernel version before starting the installation.
To see the current kernel version in a node:
uname -r
yum list --showduplicates kernel
yum install kernel-3.10.0-327.10.1.el7
Configure the Testbed.py File RHOSP Options
The testbed.py is the configuration file for Contrail installation and provisioning. The RHOSP node is provisioned with Contrail node information by using the Contrail testbed.py.
This section presents the information needed to update the RHOSP options in the testbed.py.
For complete information about configuring all of the options in the testbed.py before provisioning Contrail, see Testbed Definitions File Settings for Deploying Contrail with an Existing OpenStack Node in the Contrail Feature Guide, and refer to the example testbed.py files available in the /opt/contrail/utils/fabfile/testbeds/ directory.
Create the testbed.py file in the first Contrail controller node: /opt/contrail/utils/fabfile/testbeds/testbed.py
Use the following examples to update the testbed.py with RHOSP information. In environments where Keystone is deployed outside of Contrail provisioning scripts, use the following example:
# Note :
# "insecure" is applicable only when protocol is https
env.keystone = {
'keystone_ip' : '10.xx.xx.xx', # IP Address of the Keystone Server (In case of OpenStack HA, provide OpenStack VIP)
'auth_protocol' : 'http', # Auth Protocol used by Keystone
'auth_port' : '35357', # Auth Port used by Keystone
'admin_token' : '$123ABC', # Admin Token of Keystone
'admin_user' : 'admin', # Admin user name of Keystone
'admin_password' : '<password>', # Password of Admin user of Keystone
'nova_password' : '$123DEF', # Password of nova service, can be found in nova.conf on controller node
'neutron_password' : '$123GHI', # Password of networking service, can be found in nova.conf
'service_tenant ' : 'service', # Tenant name of services like nova, neutron, glance...etc.
'admin_tenant' : 'admin', # Tenant name of admin user
'region_name' : 'regionOne', # OpenStack region to use. Default is regionOne (with a small 'r')
'insecure' : 'False', # Insecure option set for Keystone. Default is False
'manage_neutron' : 'no', # Configure neutron user/role in keystone server. Default = 'yes'
}
In environments where OpenStack services are deployed independently of Contrail, use the following example:
# Contrary to the juniper documentation this is the admin token
# IP of AMQP Server to be used in OpenStack is the OpenStack Controller node
# manage_amqp : Default = 'no', if set to 'yes' provisions AMQP in OpenStack nodes and
# OpenStack services uses the AMQP in OpenStack nodes instead of config nodes.
# amqp_host is neglected if manage_amqp is set
#
env.openstack = {
'service_token' : '4ABC123',
'amqp_host' : '10.xx.xx.xx',
'manage_amqp' : 'no',
'osapi_compute_workers' : 40, # Default 40, For low memory system reduce the thread.
'conductor_workers' : 40, # Default 40, For low memory system reduce the thread.
}
Update config node options.
#Config node related config knobs
#amqp_hosts : List of AMQP servers to be used by config services. Add all of the remaining nodes here
#amqp_port : Port of the customer deployed AMQP servers.
env.cfgm = {
'amqp_hosts' : ['10.xx.xx.xx],
'amqp_port' : '5672'
}
An example configuration is available here.
Use the following procedure to complete the installation.
Precheck: Verify that all nodes are reachable and correctly updated in the testbed.py file. To verify that all nodes are reachable:
fab all_command:"uname -a"
Ensure the command passes, and that it was executed in all nodes.
Copy and install contrail-install-packages to all other nodes by following the above instructions.
Upgrade the kernel to ensure that all Contrail nodes are using the recommended kernel version. To upgrade the kernel:
fab upgrade_kernel_all
Trigger Contrail controller installation, without nova compute:
fab install_without_openstack:manage_nova_compute=no
Provision the Contrail controller system This step modifies the configuration files for each Contrail component and brings up Contrail services.
Provision Contrail controller, without nova compute:
fab setup_without_openstack:manage_nova_compute=no
After successful install the analytics node may fail with redis errors. You'll have to disable protected mode in /etc/redis.conf Do not install additional services or packages in the node. Services such as OVS from RHOSP are not compatible with Contrail services. Additionally, installing unnecessary packages in the Contrail nodes may lead to dependency failures. As an example, some OpenStack packages have different dependencies than those of Contrail. Install only required services and packages in the Contrail nodes.