Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Installing Contrail Service Orchestration with the GUI Installer

 

If you prefer to install CSO using the CLI, following the instructions below and select the Install Later option to download the CSO files to your local drive. Manually transfer the CSO files to your installer VM using scp, ftp, or other similar programs. Log in to your installer VM and follow the instructions described in Installing and Configuring Contrail Service Orchestration.

Note

Upgrading from a previously installed version via GUI only downloads the CSO packages. It does not perform the actual upgrade. You must use the CLI to upgrade CSO. For more information, see Upgrading Contrail Service Orchestration Overview.

During IVM creation, it will use DNS information. Make sure the DNS information is correct before you begin CSO installation process.

To download and run the CSO installer:

  1. From your browser, go to the CSO download page.
  2. On the page that appears, click the Software tab and select 4.1 from the Version drop-down menu.
  3. Click the CSO Downloader link corresponding to your operating system to download the file to your local drive.

    The CSO Downloader will be downloaded to the local PC. During the install process, the CSO Downloader is then downloaded from the local PC to the server. If you need to start the install process over, you can save time by using the same CSO Downloader from the given location.

  4. Locate the file on your local drive and launch it.
    • For Windows, double-click the executable file.

    • For Linux, enter the following command:

      dpkg –i cso-downloader.deb

    • For macOS, drag the .dmg file to the installation window.

      Note

      When you install the CSO Downloader on macOS, you might receive an error message indicating that the application cannot be opened because it is from an unidentified developer. As a workaround, open the Security & Privacy Systems Preference. Click the General tab and click Open Anyway.

  5. Install the CSO Downloader.
  6. Enter your Juniper Networks support credentials and click Next.
  7. Follow the instructions to specify the software setup, including:
    • CSO release version to install.

    • Hypervisor server type—KVM or ESXi.

    • New installation or upgrade from a previously installed version.

    • CSO solution to install—Contrail Service Orchestrator or CSO Network Service Controller.

  8. Read and accept the license agreement, then click Next.
  9. Select CSO Deployment Type-Small, or Medium, or Large.
  10. Select location to download CSO package—Existing Installer VM, or Download on Host, or Local Machine

    The CSO Downloader performs health check to verify connectivity, memory availability, host OS version, kernel version, disk space, and DNS server.

  11. Enter the required details.

    CSO downloader verifies the entered details and validates IP availability, virtual bridge, gateway ping, and subnet mask.

    Note

    Remember the password as you will need it later.

  12. Click Next to download the CSO Installer.

    Additional files are downloaded as needed. Depending on your Internet bandwidth, it might take 30 minutes or more to download the files. After the download is complete, the CSO Downloader verifies the MD5 checksum of each file.

  13. Click Next after the download is complete to proceed with setting up the Installer UI.
  14. After setting up the Installer UI, you are redirected to the Installer UI webpage automatically. On the installer welcome page, enter the IVM password you created in Step 11 and click Login.
  15. Identify the size of the network to be managed and click either Express or Custom.

    The express install uses predefined defaults and requires less user input. Whichever option you select, you can click Back on the next page to return to this page to select the other option.

  16. If you select the Express install, the Express window appears.

    Figure 1 shows an example of the Express window for a small install.

    Figure 1: Example Express Install Window
    Example Express Install Window

    For small and medium-sized managed networks, all hosts belong to a common CSO cluster or region.

    For large networks, you must have a minimum of two regions. By default, a central region and regional region is configured for you. You can add an additional two more regions. Note that adding more regions requires more physical hosts.

    1. For each host, enter the IP address with subnet mask, the root password, select the VM network (or datastores for ESXi servers) from the drop-down menu, and VM gateway.
    2. Select the network type—CSO Directly Reachable or CSO Behind NAT. For more information, see CSO GUI Installer Overview.
    3. Enter the IP addresses for the VMs.
      • Click Input IP Range to add the IP addresses as a range.

      • Click Input IP to add a list of individual IP addresses, separated with a comma.

    4. (CSO Behind NAT only) Enter the central NAT gateway IP address.

      This is the NAT gateway public-facing IP address.

    5. Enter the regional NAT gateway IP address.

      Each CSO region or cluster can have a different NAT gateway or the same NAT gateway.

    6. Enter the NTP server IP address or FQDN name.
    7. Verify the default Kubernetes overlay network IP address and subnet mask and update as needed.
    8. Click Install.

      The CSO installer now creates the required CSO VMs and installs services within these VMs. A status window displays the progress.

  17. If you select the Custom install, the Custom install window appears.
    1. For each host, enter the IP address with subnet mask, the root password, and select the VM network (or datastores for ESXi servers) from the drop-down menu, and VM gateway.
    2. For each Contrail Analytics Node (CAN), enter the IP address with subnet mask, the root password, the VM network (or datastores for ESXi servers) from the drop-down menu, and VM gateway.
    3. Select the network type—CSO Directly Reachable or CSO Behind NAT. For more information, see CSO GUI Installer Overview.
    4. Enter the IP addresses for the VMs.
      • Click Input IP Range to add the IP addresses as a range.

      • Click Input IP to add a list of individual IP addresses, separated with a comma.

    5. (CSO Behind NAT only) Enter the central NAT gateway IP address.

      This is the NAT gateway public-facing IP address.

    6. Enter the regional NAT gateway IP address.

      Each CSO region or cluster can have a different NAT gateway or the same NAT gateway.

    7. Enter the NTP server IP address or FQDN name.
    8. Verify the default Kubernetes overlay network IP address and subnet mask and update as needed.
    9. For each region, enter the virtual IP address and hostname. See Figure 2.
      Figure 2: Custom Install Virtual IP Address and Hostname
      Custom Install Virtual IP Address
and Hostname

      For small and medium-sized managed networks, all hosts belong to a common CSO cluster or region.

      For large networks, you must have a minimum of two regions. By default, a central and regional region is configured for you. You can add an additional two more regions. Note that adding more regions requires more physical hosts.

      For secure communication between devices to CSO services, digital certificates must be uploaded to CSO. These certificates are mapped to a hostname or an associated IP / Virtual IP (VIP) address. For example, two certificates can be uploaded for a single VM. One maps to its VIP and the other to its hostname. Typically, one hostname or VIP is required per region.In case of small and medium installs, there is no concept of different regions. All VMs are part of a common central region. Therefore, a single set of certificates is uploaded for this central region. In case of a large install, where the CSO VMs are replicated across multiple regions, one or more certificates for each region should be uploaded.

      CSO generates certificates for VIPs and hostnames. However, these certificates are not signed by a trusted Certificate Authorities (CA). This results in “untrusted site” and “add security exception” warning messages to users. If you prefer to upload trusted CA signed certificates tied to a specific VIP or hostname, you can upload them to CSO (one or more for each region).

      The regional VIP and hostname must be provided wherever high availability of services is available. For example, in medium and large installs. The small install does not provide high availability. The VIP address is used as a front-end address for a set of load-balancers of a region in the back-end. In addition, an FQDN hostname should be provided for this VIP address. For example, cso-central.domain.net. Note that the uploaded signed certificate should be generated for this hostname.

    10. Click Choose Files to locate the certificate for that specific region.
    11. Review the default component configuration settings and update as needed.
    12. If you select External from the Keystone Service menu, enter the following additional information:
      • Keystone IP address.

      • Keystone administrator password.

      • External Keystone service token.

        If you do not know the service token, log in to your external keystone server. View the /etc/keystone/keystonerc file and search for the ES_SERVICE_TOKEN variable. For example:

      • Keystone administrator e-mail address.

    13. Click Install.

      The CSO installer now creates the required CSO VMs and installs services within these VMs. A status window displays the progress.

      Note

      Once the installation process is completed, click on show CSO-passwords link. You will need this password for the initial login.

  18. Select launch CSO-Admin portal to login to CSO. The initial username is cspadmin and the initial password is the password noted in the previous step. Once you login, you will be asked to change the password.