TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Installing Contrail with Red Hat OpenStack

Overview: Contrail with Red Hat OpenStack

If you are planning to use Contrail with Red Hat OpenStack, be sure to first install Red Hat OpenStack, using either RDO or RHOSP packages.

Procedure for Installing RHOSP5

The following provides general steps for installing Red Hat OpenStack and configuring the setup for Contrail.

Install OpenStack.
To provision an OpenStack node with RHOSP5 packages, refer to the official Red Hat documents:
DEPLOYING OPENSTACK: LEARNING ENVIRONMENTS (MANUAL SETUP)
Note: Configure a password for Keystone, the same password must be used in the Contrail testbed.py file.
Copy the OpenStack Keystone password to the testbed.py file. Refer to Update the Testbed.py.

Stop the nova-compute and Neutron services in the OpenStack node:

# service openstack-nova-compute stop  
# service neutron-server stop  
# nova service-disable $(hostname) nova-compute

Update the nova.conf file as follows:

# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API  
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://<FIRST_CFGM_IP>:9696
 (FIRST_CFGM_IP is the IP address of the first node in the CFGM role defined in the testbed.py.)  
# openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://<KEYSTONE_IP_ADDRESS>:35357/v2.0   
# openstack-config --set /etc/nova/nova.conf DEFAULT  compute_driver nova.virt.libvirt.LibvirtDriver

Restart the Nova services:

# service openstack-nova-api restart  
# service openstack-nova-conductor restart  
# service openstack-nova-scheduler restart  
# service openstack-nova-consoleauth restart

(optional) Configure the novncproxy_port value.
Contrail uses port 5999 for the novncproxy_port value. If the same port is preferred for any OpenStack node, update the novncproxy_port value as shown in the following:
```
# openstack-config --set /etc/nova/nova.conf DEFAULT  novncproxy_port 5999  
# service openstack-nova-novncproxy restart 
```

Install and Configure Contrail

After Red Hat OpenStack is installed and the testbed.py file has been configured with items for Red Hat, you can install Contrail.

Repositories for Third Party Packages

The Contrail installation depends on a number of third party open source packages that are not included in the contrail-install-packages file, however, they are downloaded and installed through the Internet when respective repositories have been enabled in the nodes.

For Red Hat registering of third party applications and subscribing, refer to Red Hat documentation:How to register and subscribe a system to the Red Hat Customer Portal using Red Hat Subscription-Manager at: https://access.redhat.com/solutions/253273
For enabling Extra Packages for Enterprise Linux (EPEL) repositories, the respective EPEL packages might require installation. Refer to EPEL documentation at: https://fedoraproject.org/wiki/EPEL.

Ensure that the contrail_install_repo has the highest priority.

The following are the least-required RHEL repositories to be enabled in all nodes.

subscription-manager repos --enable=rhel-7-server-extras-rpms

subscription-manager repos --enable=rhel-7-server-optional-rpms

subscription-manager repos --enable=rhel-7-server-rpms

subscription-manager repos --enable=rhel-7-server-openstack-5.0-rpms

rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm

yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Priority for a repository can be set manually by editing the corresponding sections in the /etc/yum.repos.d/*.repo files or use the yum-config-manager command.

To change priority of repos using the yum-config-manager command:

yum install yum-plugin-priorities

yum-config-manager --enable [reponame] --setopt="[reponame].priority=1"

Download and Install Contrail-Install-Packages to the First Config Node

The following steps show how to copy and install the contrail-install-packages, before updating the testbed.py file.

Copy the contrail-install-packages to the /root/ directory of the first config node. The first config node is the first Configuration Manager (cfgm) node defined in the env.roledefs[‘cfgm’] section roles in the testbed.py file.
Install the contrail-install-packages:
# yum --disablerepo=* localinstall <package file>
Set up contrail_install_repo and install fabric-utils:
# cd /opt/contrail/contrail_packages/
# ./setup.sh
Create the the testbed.py file in the testbeds directory, with host details under different Contrail roles.
cd /opt/contrail/utils/fabfile/testbeds/
Refer to example the testbed.py files available in the testbeds directory.

Update the Testbed.py File

The OpenStack node is not provisioned by using the Contrail fabric-utils utilities. It is the testbed.py file that carries node information.

Use the following steps to update the testbed.py file to make Contrail nodes aware of the OpenStack node information.

Update the OpenStack admin password in the testbed.py file:

#Openstack admin password

env.openstack_admin_password = '<password>'

and

 env.keystone = {  
    'keystone_ip'   : '10.84.12.15',  
    'auth_protocol' : 'http',                  #Default is http  
    'auth_port'     : '35357',                 #Default is 35357  
    'admin_token' : '$ABC123',  
    'admin_user'    : 'admin',                 #Default is admin  
    'admin_password': '<password>',            
    'service_tenant': 'service',               #Default is service  
    'admin_tenant'  : 'admin',                 #Default is admin  
    'region_name'   : 'RegionOne',             #Default is RegionOne  
    'insecure'      : 'True',                  #Default = False  
}

Update the keystone_ip value in the testbed.py file. The Keystone IP address is the same as the OpenStack IP address.

env.keystone = {  
    'keystone_ip'   : '10.xx.xx.xx',  
    'auth_protocol' : 'http',                  #Default is http  
    'auth_port'     : '35357',                 #Default is 35357  
    'admin_token' : '$ABC123',  
    'admin_user'    : 'admin',                 #Default is admin  
    'admin_password': '<password>,           
    'service_tenant': 'service',               #Default is service  
    'admin_tenant'  : 'admin',                 #Default is admin  
    'region_name'   : 'RegionOne',             #Default is RegionOne  
    'insecure'      : 'True',                  #Default = False
  }

Update the admin_token value in the testbed.py file.

The admin_token value is available in the /etc/keystone/keystone.conf file of the OpenStack node.

env.keystone = {  
    'keystone_ip'   : '10.xx.xx.xx',  
    'auth_protocol' : 'http',                  #Default is http  
    'auth_port'     : '35357',                 #Default is 35357  
    'admin_token' : '$ABC123',  
    'admin_user'    : 'admin',                 #Default is admin  
    'admin_password': '<password>',            
    'service_tenant': 'service',               #Default is service  
    'admin_tenant'  : 'admin',                 #Default is admin  
    'region_name'   : 'RegionOne',             #Default is RegionOne  
    'insecure'      : 'True',                  #Default = False  }

(optional) If a different Keystone user or tenant for Neutron service is preferred, update the Keystone settings as in the following:

env.keystone = {  
    'keystone_ip'   : '10.xx.xx.xx',  
    'auth_protocol' : 'http',                  #Default is http  
    'auth_port'     : '35357',                 #Default is 35357  
    'admin_token' : '$ABC123',  
    'admin_user'    : 'admin',                 #Default is admin  
    'admin_password': '<password>',            
    'service_tenant': 'service',               #Default is service  
    'admin_tenant'  : 'admin',                 #Default is admin  
    'region_name'   : 'RegionOne',             #Default is RegionOne  
    'insecure'      : 'True',                      #Default = False  
    'manage_neutron': 'no',          #Default = 'yes' , Does configure neutron user/role in keystone required.  
}

Update the service_token value in the testbed.py file.
Copy the admin_token value from the/etc/keystone/keystone.conf file of the OpenStack node, and enter it as the service_token value:
```
env.openstack = {  
    'service_token' : '$ABC123,  
    'amqp_host' : '<ip address>',  
}     
```

Update the amqp_host value in the testbed.py file.

Make the amqp_host value the same as the IP address of the OpenStack node:

env.openstack = {  
    'service_token' : '$ABC123',  
    'amqp_host' : '<ip address>',  
}

Verify that all nodes are reachable and properly updated in the testbed.py file.
To verify that all nodes are reachable, use the following command and see if it passes.
# fab all_command:”uname –a”

Complete the Installation on Remaining Nodes

Use the following procedure to complete the installation.

Copy and install contrail-install-packages to all other nodes, except the OpenStack node:
# fab install_pkg_all_without_openstack:</path/to/contrail-install-packages.rpm>

Disable IP tables. You must permanently disable IP tables.

IP tables can be disabled by issuing the following fab commands. The fab all_command command, as used in the following example, executes the given command in all nodes configured in the testbed.py file.

# fab all_command:"iptables --flush"  
# fab all_command:"sudo service iptables stop; echo pass"  
# fab all_command:"sudo service ip6tables stop; echo pass"  
# fab all_command:"sudo systemctl stop firewalld; echo pass"  
# fab all_command:"sudo systemctl status firewalld; echo pass"  
# fab all_command:"sudo chkconfig firewalld off; echo pass"  
# fab all_command:"sudo /usr/libexec/iptables/iptables.init stop; echo pass"  
# fab all_command:"sudo /usr/libexec/iptables/ip6tables.init stop; echo pass"  
# fab all_command:"sudo service iptables save; echo pass"  
# fab all_command:"sudo service ip6tables save; echo pass"

Install Contrail without OpenStack.
Because the OpenStack node is set up with RDO or RHOSP, and the relevant details are updated in the testbed.py file, Contrail must be installed without OpenStack. The following fab command is used to set up Contrail without OpenStack, while also assuming that IP tables are disabled permanently in all nodes.
# fab install_without_openstack
Set up Contrail.
Use the following fab command to set up Contrail without OpenStack, and with the assumption that IP tables are permanently disabled in all nodes.
# fab setup_without_openstack
Verify the setup.
Use the contrail-status and openstack-status commands to verify the setup status.
# fab all_command:”contrail-status; echo pass”
# fab all_command:”openstack-status”
Note: The contrail-status command is not available from the Red Hat OpenStack node.

Appendix: Installing with RDO

You can provision the OpenStack node by using RDO packages instead of RHOSP. This section provides guidelines for installing and provisioning when using RDO instead of RHOSP.

For more RDO installation information, refer to the Red Hat OpenStack documentation at https://openstack.redhat.com/Quickstart.

The following are the prerequisite steps.

You must already have the Red Hat OpenStack repositories set up and enabled.
Install RDO.
# yum install -y https://rdo.fedorapeople.org/rdo-release.rpm
Install Packstack.
# yum install -y openstack-packstack

Install All-in-One OpenStack

Use the following procedure to prepare to install Contrail when using RDO instead of RHOSP for Red Hat.

Install as an all-in-one node using Packstack.
# packstack --allinone --mariadb-pw=<password> --use-epel=y
Note: Packstack can use an answers file to determine where a service can be enabled or disabled based on your preference. Refer to Packstack documentation for more information.
Update the Keystone password to use a predictable password.
Packstack usually sets up Keystone with a random password. Use the following to set a predictable password for Keystone.
# source /root/keystonerc_admin && keystone user-password-update --pass <password> admin and update the same password in “OS_PASSWORD” in /root/keystonerc_admin