Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Installing Contrail Service Orchestration with the GUI Installer

 

If you prefer to install CSO using the CLI, following the instructions below and select the Install Later option to download the CSO files to your local drive. Manually transfer the CSO files to your installer VM using scp, ftp, or other similar programs. Log in to your installer VM and follow the instructions described in Installing and Configuring Contrail Service Orchestration.

Note

Upgrading from a previously installed version only downloads the CSO packages. It does not perform the actual upgrade. You must use the CLI to upgrade CSO. For more information, see Upgrading Contrail Service Orchestration Overview.

To download and run the CSO installer:

  1. From your browser, go to CSO download page.
  2. On the page that appears, click the Software tab and select 4.0 from the Version drop-down menu.
  3. Click the CSO downloader link corresponding to your operating system to download the file to your local drive.
  4. Locate the file on your local drive and launch it.
    • For Windows, double-click the executable file.

    • For Linux, enter the following command:

      dpkg –i cso-downloader.deb

    • For macOS, drag the .dmg file to the installation window.

      Note

      When you install the CSO Downloader on macOS, you might receive an error message indicating that the application cannot be opened because it is from an unidentified developer. As a workaround, open the Security & Privacy Systems Preference. Click the General tab and click Open Anyway.

  5. Enter your Juniper Networks support credentials and click Next.
  6. Follow the instructions to specify the software setup, including:
    • Default download location on your local system.

    • CSO release version to install.

    • Hypervisor server type—KVM or ESXi.

    • New installation or upgrade from a previously installed version.

    • CSO solution to install—Contrail Service Orchestrator or CSO Network Service Controller.

  7. Read and accept the license agreement, then click Next.
  8. Select when to create the IVM and install the software.
    • Select Install Now if you already know the host hypervisor information and want to create the IVM now.

      1. Enter the hypervisor server IP address and root password, then click Next.
      2. Enter the IP address, the new root password, and the virtual bridge (or port group if using ESXi) for the IVM that is to be created.

        All CSO VMs will be attached to this virtual bridge.

        Note

        Remember the password as you will need it later.

      3. (ESXi only) Select the datastore where the IVM is to be created.
      4. Click Next.
    • Select Install Later if you do not know the host hypervisor server IP address and root password, or want to use the CLI to install and configure CSO.

      If you select this option, files are downloaded but the IVM is not created. To continue at a later time, re-launch the application as shown in Step 4 above.

    Additional files are downloaded as needed. Depending on your Internet bandwidth, it might take 30 minutes or more to download the files. After the download is complete, the CSO installer verifies the MD5 checksum of each file.

    If you selected Install Later, the CSO installer stops here.

    If you selected Install Now, the CSO installer creates the IVM and opens the installer component user interface in your default browser.

  9. On the installer welcome page, enter the IVM password you created in Step 8 and click Login.
  10. Identify the size of the network to be managed and click either Express or Custom.

    The express install uses predefined defaults and requires less user input. Whichever option you select, you can click Back on the next page to return to this page to select the other option.

  11. If you selected the express install, the Express window appears.

    Figure 1 shows an example of the Express window for a large install.

    Figure 1: Example Express Install Window
    Example Express Install Window

    For small and medium-sized managed networks, all hosts belong to a common CSO cluster or region.

    For large networks, you must have a minimum of two regions. By default, a central region and regional region is configured for you. You can add an additional two more regions. Note that adding more regions requires more physical hosts.

    1. For each host, enter the IP address with subnet mask, the root password, and select the VM network (or datastores for ESXi servers) from the drop-down menu.
    2. Select the network type—CSO Directly Reachable or CSO Behind NAT. For more information, see CSO GUI Installer Overview.
    3. Enter the IP addresses for the VMs.
      • Click Input IP Range to add the IP addresses as a range.

      • Click Input IP to add a list of individual IP addresses, separated with a comma.

    4. (CSO Behind NAT only) Enter the central NAT gateway IP address.

      This is the NAT gateway public-facing IP address.

    5. Enter the regional NAT gateway IP address.

      Each CSO region or cluster can have a different NAT gateway or the same NAT gateway.

    6. Enter the NTP server IP address or FQDN name.
    7. Verify the default Kubernetes overlay network IP address and subnet mask and update as needed.
    8. Click Install.

      The CSO installer now creates the required CSO VMs and installs services within these VMs. A status window displays the progress.

  12. If you selected the custom install, the Custom install window appears.
    1. For each host, enter the IP address with subnet mask, the root password, and select the VM network (or datastores for ESXi servers) from the drop-down menu.
    2. Select the network type—CSO Directly Reachable or CSO Behind NAT. For more information, see CSO GUI Installer Overview.
    3. Enter the IP addresses for the VMs.
      • Click Input IP Range to add the IP addresses as a range.

      • Click Input IP to add a list of individual IP addresses, separated with a comma.

    4. (CSO Behind NAT only) Enter the central NAT gateway IP address.

      This is the NAT gateway public-facing IP address.

    5. Enter the regional NAT gateway IP address.

      Each CSO region or cluster can have a different NAT gateway or the same NAT gateway.

    6. Enter the NTP server IP address or FQDN name.
    7. Verify the default Kubernetes overlay network IP address and subnet mask and update as needed.
    8. For each region, enter the virtual IP address and hostname. See Figure 2.
      Figure 2: Custom Install Virtual IP Address and Hostname
      Custom Install Virtual IP Address and
Hostname

      For small and medium-sized managed networks, all hosts belong to a common CSO cluster or region.

      For large networks, you must have a minimum of two regions. By default, a central and regional region is configured for you. You can add an additional two more regions. Note that adding more regions requires more physical hosts.

      For secure communication between devices to CSO services, digital certificates must be uploaded to CSO. These certificates are mapped to a hostname or an associated IP / Virtual IP (VIP) address. For example, two certificates can be uploaded for a single VM. One maps to its VIP and the other to its hostname. Typically, one hostname or VIP is required per region.In case of small and medium installs, there is no concept of different regions. All VMs are part of a common central region. Therefore, a single set of certificates is uploaded for this central region. In case of a large install, where the CSO VMs are replicated across multiple regions, one or more certificates for each region should be uploaded.

      CSO generates certificates for VIPs and hostnames. However, these certificates are not signed by a trusted Certificate Authorities (CA). This results in “untrusted site” and “add security exception” warning messages to users. If you prefer to upload trusted CA signed certificates tied to a specific VIP or hostname, you can upload them to CSO (one or more for each region).

      The regional VIP and hostname must be provided wherever high availability of services is available. For example, in medium and large installs. The small install does not provide high availability. The VIP address is used as a front-end address for a set of load-balancers of a region in the back-end. In addition, an FQDN hostname should be provided for this VIP address. For example, cso-central.domain.net. Note that the uploaded signed certificate should be generated for this hostname.

    9. Click Choose Files to locate the certificate for that specific region.
    10. Review the default component configuration settings and update as needed.
    11. If you select External from the Keystone Service menu, enter the following additional information:
      • Keystone IP address.

      • Keystone administrator password.

      • External Keystone service token.

        If you do not know the service token, log in to your external keystone server. View the /etc/keystone/keystonerc file and search for the ES_SERVICE_TOKEN variable. For example:

      • Keystone administrator e-mail address.

    12. Click Install.

      The CSO installer now creates the required CSO VMs and installs services within these VMs. A status window displays the progress.