Skip to content

OFAgent OpenStack IceHouse environment HOWTO

KANEKO Yoshihiro edited this page May 7, 2014 · 2 revisions

==================================== Instructions for construction of OpenStack IceHouse environment with OFAgent using devstack

This document explains how to construct OpenStack IceHouse environment with OFAgent using devstack.

1. System structure

Assuming the following systems as a goal.

+--------+
| Client |
+----+---+
     |
-----+---------+-------------------+-----------
               |                   |
      +--------+--------+  +-------+--------+
      | All-in-one Node |  | Compute Node   |
      |  Nova           |  |  Neutron       |
      |  Keystone       |  |   ofagent      |
      |  Glance         |  |  Nova          |
      |  Neutron        |  |   nova-compute |
      |  Cinder         |  +----------------+
      |  Horizon        |
      +-----------------+
  • All-in-one Node:

    OpenStack components are run on this node. It is including nova-compute, so VM is run on this node too. Besides a traffic to the outside network from VM on compute node goes via this node.

  • Compute Node:

    The nova-compute and the agent for Neutron OFAgent are run on this node.

  • Client:

    This host is used for confirmation of communication of VM and a remote host on an external network.

We use Ubuntu 14.04 Server on both node.

The following addresses are used in each host.

  • Network: 192.168.122.0/24

  • Hosts

    • All-in-one Node:

      • Host name: allinone
      • IP address: 192.168.122.60
    • Compute Node:

      • Host name: compute1
      • IP address: 192.168.122.61
    • Client:

      • Host name: client
      • IP address: 192.168.122.1

On this document, we built both nodes on each VM using libvirt and KVM. We used the host system as the client, and added a route entry for access to a floating-ip.

$ sudo route add -net 192.168.100.0/24 gw 192.168.122.60

2. Getting and setting

We assume installation of Ubutnu 14.04 Server was completed.

Install the needed packages.

$ sudo apt-get install git python-dev python-pip
$ sudo pip install -U six

Download devstack. We provide pre-configured devstack for your convenience.

$ cd
$ git clone https://github.com/osrg/devstack.git -b ofagent/icehouse

You can use the upstream version if you want to use latest devstack.

$ git clone https://github.com/openstack-dev/devstack.git -b stable/icehouse

2.1 All-in-one Node

Configure network interface.

$ sudo vi /etc/network/interfaces

/etc/network/interfaces:

auto lo

auto eth0
iface eth0 inet static
        address 192.168.122.60
        netmask 255.255.255.0
        gateway 192.168.122.1
        dns-nameservers 192.168.122.1

Restart networking.

$ sudo /etc/init.d/networking restart

Configure devstack. If you use the pre-configured version, you can skip this step.

$ cd ~/devstack
$ vi localrc
$ vi local.conf

localrc:

SERVICE_HOST=192.168.122.60

disable_service n-net
enable_service q-svc q-agt q-dhcp q-l3 q-meta q-lbaas neutron

FLOATING_RANGE=192.168.100.0/24
PUBLIC_NETWORK_GATEWAY=192.168.100.1
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ofagent,l2population
Q_AGENT=ofagent
ENABLE_TENANT_TUNNELS=True
Q_ML2_TENANT_NETWORK_TYPE=gre

Q_HOST=$SERVICE_HOST
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
KEYSTONE_AUTH_HOST=$SERVICE_HOST
KEYSTONE_SERVICE_HOST=$SERVICE_HOST

MYSQL_PASSWORD=mysql
RABBIT_PASSWORD=rabbit
SERVICE_TOKEN=service
SERVICE_PASSWORD=admin
SERVICE_TENANT_NAME=service
ADMIN_PASSWORD=admin

NEUTRON_REPO=https://github.com/osrg/quantum
NEUTRON_BRANCH=ofagent

Please modify IP addresses (SERVICE_HOST, FLOATING_RANGE, PUBLIC_NETWORK_GATEWAY) if you need.

local.conf:

[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[agent]
l2_population=True

2.2 Compute Node

Configure network interface.

$ sudo vi /etc/network/interfaces

/etc/network/interfaces:

auto lo

auto eth0
iface eth0 inet static
        address 192.168.122.61
        netmask 255.255.255.0
        gateway 192.168.122.1
        dns-nameservers 192.168.122.1

Restart networking.

$ sudo /etc/init.d/networking restart

Configure devstack.

$ cd ~/devstack
$ vi localrc
$ vi local.conf

If you use the pre-configured version, you should only modify localrc. Comment-out "all-in-one node" block, and uncomment "compute node" block.

localrc:

SERVICE_HOST=192.168.122.60

# all-in-one node
#disable_service n-net
#enable_service q-svc q-agt q-dhcp q-l3 q-meta q-lbaas neutron

# compute node
disable_all_services
enable_service n-cpu q-agt neutron

(snip)

If you do not use the pre-configured version, you have to create the following files:

localrc:

SERVICE_HOST=192.168.122.60

disable_all_services
enable_service n-cpu q-agt neutron

FLOATING_RANGE=192.168.100.0/24
PUBLIC_NETWORK_GATEWAY=192.168.100.1
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ofagent,l2population
Q_AGENT=ofagent
ENABLE_TENANT_TUNNELS=True
Q_ML2_TENANT_NETWORK_TYPE=gre

Q_HOST=$SERVICE_HOST
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
KEYSTONE_AUTH_HOST=$SERVICE_HOST
KEYSTONE_SERVICE_HOST=$SERVICE_HOST

MYSQL_PASSWORD=mysql
RABBIT_PASSWORD=rabbit
SERVICE_TOKEN=service
SERVICE_PASSWORD=admin
SERVICE_TENANT_NAME=service
ADMIN_PASSWORD=admin

NEUTRON_REPO=https://github.com/osrg/quantum
NEUTRON_BRANCH=ofagent

Please modify IP addresses (SERVICE_HOST, FLOATING_RANGE, PUBLIC_NETWORK_GATEWAY) if you need.

local.conf:

[[post-config|/etc/neutron/plugins/ml2/ml2_conf.ini]]
[agent]
l2_population=True

3. Play OFAgent and OpenStack

3.1 Starting devstack

Start devstack on all-in-one node first.

All-in-one Node:

$ cd ~/devstack
$ ./stack.sh
[snip]

Horizon is now available at http://192.168.122.60/
Keystone is serving at http://192.168.122.60:5000/v2.0/
Examples on using novaclient command line is in exercise.sh
The default users are: admin and demo
The password: admin
This is your host ip: 192.168.122.60

WARNING: Q_AGENT_EXTRA_AGENT_OPTS is used
You are using Q_AGENT_EXTRA_AGENT_OPTS to pass configuration into /etc/neutron/neutron.conf.
Please convert that configuration in localrc to a /etc/neutron/neutron.conf section in local.conf:
Q_AGENT_EXTRA_AGENT_OPTS will be removed early in the 'K' development cycle

[[post-config|/$Q_PLUGIN_CONF_FILE]]
[DEFAULT]

tunnel_types=gre
stack.sh completed in 238 seconds.
$

Then start devstack on compute node.

Compute Node:

$ cd ~/devstack
$ ./stack.sh

Confirm the status of services.

$ cd ~/devstack
$ . ./openrc admin demo
$ nova host-list
+-----------+-------------+----------+
| host_name | service     | zone     |
+-----------+-------------+----------+
| allinone  | conductor   | internal |
| allinone  | compute     | nova     |
| allinone  | cert        | internal |
| allinone  | scheduler   | internal |
| allinone  | consoleauth | internal |
| compute1  | compute     | nova     |
+-----------+-------------+----------+

3.2 Run VM

Launch VM by the following command.

nova boot --flavor <flavor-id> --image <image-id> --nic net-id=<net-id> <VM-name>

Example:

$ . ./openrc demo demo
$ nova flavor-list
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID  | Name      | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1   | m1.tiny   | 512       | 1    | 0         |      | 1     | 1.0         | True      |
| 2   | m1.small  | 2048      | 20   | 0         |      | 1     | 1.0         | True      |
| 3   | m1.medium | 4096      | 40   | 0         |      | 2     | 1.0         | True      |
| 4   | m1.large  | 8192      | 80   | 0         |      | 4     | 1.0         | True      |
| 42  | m1.nano   | 64        | 0    | 0         |      | 1     | 1.0         | True      |
| 451 | m1.heat   | 1024      | 0    | 0         |      | 2     | 1.0         | True      |
| 5   | m1.xlarge | 16384     | 160  | 0         |      | 8     | 1.0         | True      |
| 84  | m1.micro  | 128       | 0    | 0         |      | 1     | 1.0         | True      |
+-----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
$ nova image-list
+--------------------------------------+---------------------------------+--------+--------+
| ID                                   | Name                            | Status | Server |
+--------------------------------------+---------------------------------+--------+--------+
| c5c08d82-ed5d-4afd-9db5-dc96fc662eaf | cirros-0.3.1-x86_64-uec         | ACTIVE |        |
| 06ec99d9-8978-490c-ae96-a2e384fa3d4f | cirros-0.3.1-x86_64-uec-kernel  | ACTIVE |        |
| 9f8ac1b2-0f0a-41b0-9d67-a96ab7dce20c | cirros-0.3.1-x86_64-uec-ramdisk | ACTIVE |        |
+--------------------------------------+---------------------------------+--------+--------+
$ neutron net-list
+--------------------------------------+---------+--------------------------------------------------+
| id                                   | name    | subnets                                          |
+--------------------------------------+---------+--------------------------------------------------+
| 709d4849-68d8-4bef-96ce-9158110f1db4 | private | 2ae0a1f3-18f9-40fc-a00b-74500699be4a 10.0.0.0/24 |
| bbf108ab-de59-468c-a85b-63a21a927adc | public  | 59299e1f-1d3f-47cc-ab56-54965a911f62             |
+--------------------------------------+---------+--------------------------------------------------+
$ nova boot --flavor m1.nano --image c5c08d82-ed5d-4afd-9db5-dc96fc662eaf --nic net-id=709d4849-68d8-4bef-96ce-9158110f1db4 vm1
+--------------------------------------+----------------------------------------------------------------+
| Property                             | Value                                                          |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                                         |
| OS-EXT-AZ:availability_zone          | nova                                                           |
| OS-EXT-STS:power_state               | 0                                                              |
| OS-EXT-STS:task_state                | scheduling                                                     |
| OS-EXT-STS:vm_state                  | building                                                       |
| OS-SRV-USG:launched_at               | -                                                              |
| OS-SRV-USG:terminated_at             | -                                                              |
| accessIPv4                           |                                                                |
| accessIPv6                           |                                                                |
| adminPass                            | 3rRoJpkdGRDr                                                   |
| config_drive                         |                                                                |
| created                              | 2014-05-07T09:56:47Z                                           |
| flavor                               | m1.nano (42)                                                   |
| hostId                               |                                                                |
| id                                   | c0252703-8fb8-4a30-ab65-d7f48d55716b                           |
| image                                | cirros-0.3.1-x86_64-uec (c5c08d82-ed5d-4afd-9db5-dc96fc662eaf) |
| key_name                             | -                                                              |
| metadata                             | {}                                                             |
| name                                 | vm1                                                            |
| os-extended-volumes:volumes_attached | []                                                             |
| progress                             | 0                                                              |
| security_groups                      | default                                                        |
| status                               | BUILD                                                          |
| tenant_id                            | 292a07fb37eb4bdcacc095c0e6d113d5                               |
| updated                              | 2014-05-07T09:56:47Z                                           |
| user_id                              | 488b33b65ec74ff18d5ac12fe0df58bf                               |
+--------------------------------------+----------------------------------------------------------------+
$ nova list
+--------------------------------------+------+--------+------------+-------------+------------------+
| ID                                   | Name | Status | Task State | Power State | Networks         |
+--------------------------------------+------+--------+------------+-------------+------------------+
| c0252703-8fb8-4a30-ab65-d7f48d55716b | vm1  | ACTIVE | -          | Running     | private=10.0.0.2 |
+--------------------------------------+------+--------+------------+-------------+------------------+

3.3 Security Groups

Setting up Security Groups by the following commands.

neutron security-group-rule-create --protocol icmp <group id>
neutron security-group-rule-create --protocol tcp --port-range-min <from-port> --port-range-max <to-port> <group id>
neutron security-group-rule-create --protocol udp --port-range-min <from-port> --port-range-max <to-port> <group id>

Example:

$ cd devstack
$ . ./openrc demo demo
$ neutron security-group-list
+--------------------------------------+---------+-------------+
| id                                   | name    | description |
+--------------------------------------+---------+-------------+
| bf7c217b-0cdf-42a3-8918-cc06df25ea67 | default | default     |
+--------------------------------------+---------+-------------+
$ neutron security-group-rule-create --protocol icmp bf7c217b-0cdf-42a3-8918-cc06df25ea67
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 42674716-6cb2-49cd-b621-5e76b83ec616 |
| port_range_max    |                                      |
| port_range_min    |                                      |
| protocol          | icmp                                 |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | bf7c217b-0cdf-42a3-8918-cc06df25ea67 |
| tenant_id         | 292a07fb37eb4bdcacc095c0e6d113d5     |
+-------------------+--------------------------------------+
$ neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 bf7c217b-0cdf-42a3-8918-cc06df25ea67
Created a new security_group_rule:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| direction         | ingress                              |
| ethertype         | IPv4                                 |
| id                | 24fd03be-9bf1-490d-81ee-0f300381a1a9 |
| port_range_max    | 22                                   |
| port_range_min    | 22                                   |
| protocol          | tcp                                  |
| remote_group_id   |                                      |
| remote_ip_prefix  |                                      |
| security_group_id | bf7c217b-0cdf-42a3-8918-cc06df25ea67 |
| tenant_id         | 292a07fb37eb4bdcacc095c0e6d113d5     |
+-------------------+--------------------------------------+

3.4 Associate Floating IP

Associate Floating IP with VM.

neutron floatingip-create <net-id>
neutron floatingip-associate <float-id> <port-id>

Example:

$ neutron floatingip-create public
Created a new floatingip:
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    |                                      |
| floating_ip_address | 192.168.100.3                        |
| floating_network_id | bbf108ab-de59-468c-a85b-63a21a927adc |
| id                  | 68e2e24d-90d6-4033-88f0-3691ff8a54e2 |
| port_id             |                                      |
| router_id           |                                      |
| status              | DOWN                                 |
| tenant_id           | 292a07fb37eb4bdcacc095c0e6d113d5     |
+---------------------+--------------------------------------+
$ neutron port-list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                       |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| 0bf1130e-8fed-40bb-b250-0813946f5662 |      | fa:16:3e:68:5e:cd | {"subnet_id": "2ae0a1f3-18f9-40fc-a00b-74500699be4a", "ip_address": "10.0.0.2"} |
| 1bd3ef5d-67c8-4899-a249-8563443c1272 |      | fa:16:3e:03:c5:ad | {"subnet_id": "2ae0a1f3-18f9-40fc-a00b-74500699be4a", "ip_address": "10.0.0.3"} |
| f5d0877b-23c9-4f51-bfec-3669c1398bae |      | fa:16:3e:59:e4:c6 | {"subnet_id": "2ae0a1f3-18f9-40fc-a00b-74500699be4a", "ip_address": "10.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
$ neutron floatingip-associate 68e2e24d-90d6-4033-88f0-3691ff8a54e2 0bf1130e-8fed-40bb-b250-0813946f5662Starting new HTTP connection (1): 192.168.122.60
Associated floatingip 68e2e24d-90d6-4033-88f0-3691ff8a54e2
$ neutron floatingip-list 
+--------------------------------------+------------------+---------------------+--------------------------------------+
| id                                   | fixed_ip_address | floating_ip_address | port_id                              |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 68e2e24d-90d6-4033-88f0-3691ff8a54e2 | 10.0.0.2         | 192.168.100.3       | 0bf1130e-8fed-40bb-b250-0813946f5662 |
+--------------------------------------+------------------+---------------------+--------------------------------------+

3.5 Access to VM from client host

Run ping and ssh login to VM via Floating IP from client.

$ ping -c 10 192.168.100.3
PING 192.168.100.3 (192.168.100.3) 56(84) bytes of data.
64 bytes from 192.168.100.3: icmp_req=1 ttl=62 time=2.35 ms
64 bytes from 192.168.100.3: icmp_req=2 ttl=62 time=1.20 ms
64 bytes from 192.168.100.3: icmp_req=3 ttl=62 time=0.748 ms
64 bytes from 192.168.100.3: icmp_req=4 ttl=62 time=0.710 ms
64 bytes from 192.168.100.3: icmp_req=5 ttl=62 time=0.649 ms
64 bytes from 192.168.100.3: icmp_req=6 ttl=62 time=0.705 ms
64 bytes from 192.168.100.3: icmp_req=7 ttl=62 time=0.684 ms
64 bytes from 192.168.100.3: icmp_req=8 ttl=62 time=0.393 ms
64 bytes from 192.168.100.3: icmp_req=9 ttl=62 time=0.706 ms
64 bytes from 192.168.100.3: icmp_req=10 ttl=62 time=0.765 ms

--- 192.168.100.3 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9001ms
rtt min/avg/max/mdev = 0.393/0.891/2.355/0.523 ms
$
$ ssh cirros@192.168.100.3
The authenticity of host '192.168.100.3 (192.168.100.3)' can't be established.
RSA key fingerprint is 07:ad:05:91:03:a8:cc:3e:d5:17:9d:1c:61:31:6d:4f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.3' (RSA) to the list of known hosts.
cirros@192.168.100.3's password: cubswin:)
$ ifconfig
eth0      Link encap:Ethernet  HWaddr FA:16:3E:68:5E:CD  
          inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe68:5ecd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:96 errors:0 dropped:0 overruns:0 frame:0
          TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13321 (13.0 KiB)  TX bytes:8474 (8.2 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

$ exit
Connection to 192.168.100.3 closed.