diff options
author | Bin Hu <bh526r@att.com> | 2017-02-16 14:06:39 -0800 |
---|---|---|
committer | Bin Hu <bh526r@att.com> | 2017-02-16 14:06:39 -0800 |
commit | 66372c344ada1c34fea636b21f9f79b2d95bbcb5 (patch) | |
tree | f859549e1a5890e69ccfe3af31031416d1439556 /docs/release | |
parent | 9b0fde472adaae0605543ceb6432d200fc2380bc (diff) |
Initial Documentation Structure for Danube Release
Documentation framework, and initial documentation draft inherited from
Colorado
Change-Id: I732299388cd147dfc27045ed77f20dc068d324a3
Signed-off-by: Bin Hu <bh526r@att.com>
Diffstat (limited to 'docs/release')
-rw-r--r-- | docs/release/configguide/featureconfig.rst | 1058 | ||||
-rw-r--r-- | docs/release/configguide/index.rst | 1077 | ||||
-rw-r--r-- | docs/release/configguide/postinstall.rst | 24 | ||||
-rw-r--r-- | docs/release/installation/feature.configuration.rst | 1077 | ||||
-rw-r--r-- | docs/release/installation/index.rst | 21 | ||||
-rw-r--r-- | docs/release/installation/installation.instruction.rst | 185 | ||||
-rw-r--r-- | docs/release/release-notes/index.rst | 12 | ||||
-rw-r--r-- | docs/release/release-notes/release-notes.rst | 239 | ||||
-rw-r--r-- | docs/release/userguide/feature.usage.rst | 194 | ||||
-rw-r--r-- | docs/release/userguide/index.rst | 194 |
10 files changed, 4081 insertions, 0 deletions
diff --git a/docs/release/configguide/featureconfig.rst b/docs/release/configguide/featureconfig.rst new file mode 100644 index 0000000..2f20f47 --- /dev/null +++ b/docs/release/configguide/featureconfig.rst @@ -0,0 +1,1058 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +=============================================================== +IPv6 Configuration - Setting Up a Service VM as an IPv6 vRouter +=============================================================== + +This section provides instructions to set up a service VM as an IPv6 vRouter using OPNFV Danube Release +installers. The environment may be pure OpenStack option or Open Daylight L2-only option. +The deployment model may be HA or non-HA. The infrastructure may be bare metal or virtual environment. + +For complete instructions and documentations of setting up service VM as an IPv6 vRouter using ANY method, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +**************************** +Pre-configuration Activities +**************************** + +The configuration will work in 2 environments: + +1. OpenStack-only environment +2. OpenStack with Open Daylight L2-only environment + +Depending on which installer will be used to deploy OPNFV, each environment may be deployed +on bare metal or virtualized infrastructure. Each deployment may be HA or non-HA. + +Refer to the previous installer configuration chapters, installations guide and release notes. + +****************************************** +Setup Manual in OpenStack-Only Environment +****************************************** + +If you intend to set up a service VM as an IPv6 vRouter in OpenStack-only environment of +OPNFV Danube Release, please **NOTE** that: + +* Because the anti-spoofing rules of Security Group feature in OpenStack prevents + a VM from forwarding packets, we need to disable Security Group feature in the + OpenStack-only environment. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-NATIVE-INSTALL-1**: To install OpenStack-only environment of OPNFV Danube Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-nosdn-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-ha + # Scenario Configuration File: ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-noha + # Scenario Configuration File: no-ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-NATIVE-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they +are not there by default. + +**OPNFV-NATIVE-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they are not there by default + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = True + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security + [agent] + prevent_arp_spoofing = False + +**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = neutron + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-NATIVE-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------- +Set Up Service VM as IPv6 vRouter +--------------------------------- + +**OPNFV-NATIVE-SETUP-1**: Now we assume that OpenStack multi-node setup is up and running. +We have to source the tenant credentials in OpenStack controller node in this step. +Please **NOTE** that the method of sourcing tenant credentials may vary depending on installers. +For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +**OPNFV-NATIVE-SETUP-2**: Download ``fedora22`` image which would be used for ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-3**: Import Fedora22 image to ``glance`` + +.. code-block:: bash + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-4: This step is Informational. OPNFV Installer has taken care of this step +during deployment. You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``OS-NATIVE-SETUP-4`` and +``OS-NATIVE-SETUP-5`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/5-ipv6-configguide-scenario-1-native-os.html#set-up-service-vm-as-ipv6-vrouter>`_. + +**OPNFV-NATIVE-SETUP-5**: Create Neutron routers ``ipv4-router`` and ``ipv6-router`` +which need to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + neutron router-create ipv6-router + +**OPNFV-NATIVE-SETUP-6**: Create an external network/subnet ``ext-net`` using +the appropriate values based on the data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +**OPNFV-NATIVE-SETUP-7**: Create Neutron networks ``ipv4-int-network1`` and +``ipv6-int-network2`` with port_security disabled + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + neutron net-create ipv6-int-network2 + +**OPNFV-NATIVE-SETUP-8**: Create IPv4 subnet ``ipv4-int-subnet1`` in the internal network +``ipv4-int-network1``, and associate it to ``ipv4-router``. + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +**OPNFV-NATIVE-SETUP-9**: Associate the ``ext-net`` to the Neutron routers ``ipv4-router`` +and ``ipv6-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + neutron router-gateway-set ipv6-router ext-net + +**OPNFV-NATIVE-SETUP-10**: Create two subnets, one IPv4 subnet ``ipv4-int-subnet2`` and +one IPv6 subnet ``ipv6-int-subnet2`` in ``ipv6-int-network2``, and associate both subnets to +``ipv6-router`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv6-int-network2 10.0.0.0/24 + + neutron subnet-create --name ipv6-int-subnet2 --ip-version 6 --ipv6-ra-mode slaac \ + --ipv6-address-mode slaac ipv6-int-network2 2001:db8:0:1::/64 + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + neutron router-interface-add ipv6-router ipv6-int-subnet2 + +**OPNFV-NATIVE-SETUP-11**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**OPNFV-NATIVE-SETUP-12**: Create ports for vRouter (with some specific MAC address +- basically for automation - to know the IPv6 addresses that would be assigned to the port). + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv6-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-13**: Create ports for VM1 and VM2. + +.. code-block:: bash + + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-14**: Update ``ipv6-router`` with routing information to subnet +``2001:db8:0:2::/64`` + +.. code-block:: bash + + neutron router-update ipv6-router --routes type=dict list=true \ + destination=2001:db8:0:2::/64,nexthop=2001:db8:0:1:f816:3eff:fe11:1111 + +**OPNFV-NATIVE-SETUP-15**: Boot Service VM (``vRouter``), VM1 and VM2 + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + + nova list + + # Please wait for some 10 to 15 minutes so that necessary packages (like radvd) + # are installed and vRouter is up. + nova console-log vRouter + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + + nova list # Verify that all the VMs are in ACTIVE state. + +**OPNFV-NATIVE-SETUP-16**: If all goes well, the IPv6 addresses assigned to the VMs +would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +**OPNFV-NATIVE-SETUP-17**: Now we need to disable ``eth0-VM1``, ``eth0-VM2``, +``eth0-vRouter`` and ``eth1-vRouter`` port-security + +.. code-block:: bash + + for port in eth0-VM1 eth0-VM2 eth0-vRouter eth1-vRouter + do + neutron port-update --no-security-groups $port + neutron port-update $port --port-security-enabled=False + neutron port-show $port | grep port_security_enabled + done + +**OPNFV-NATIVE-SETUP-18**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +**************************************************************** +Setup Manual in OpenStack with Open Daylight L2-Only Environment +**************************************************************** + +If you intend to set up a service VM as an IPv6 vRouter in an environment of OpenStack +and Open Daylight L2-only of OPNFV Danube Release, please **NOTE** that: + +* We **SHOULD** use the ``odl-ovsdb-openstack`` version of Open Daylight Boron + in OPNFV Danube Release. Please refer to our + `Gap Analysis <http://artifacts.opnfv.org/ipv6/docs/gapanalysis/gap-analysis-odl-boron.html>`_ + for more information. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. +* However, in case of HA, when ``ipv6-router`` is created in step **SETUP-SVM-11**, + it could be created in any of the controller node. Thus you need to identify in which + controller node ``ipv6-router`` is created in order to manually spawn ``radvd`` daemon + inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through **SETUP-SVM-30**. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-INSTALL-1**: To install OpenStack with Open Daylight L2-only environment +of OPNFV Danube Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # There is no settings file provided by default for odl_l2 non-HA deployment + # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file + # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml + # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: + + # - For Non-HA, Virtual deployment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # - For Non-HA, Bare Metal deployment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-odl_l2-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-ha + # Scenario Configuration File: ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-noha + # Scenario Configuration File: no-ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = True + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security + [agent] + prevent_arp_spoofing = False + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = neutron + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------------------------- +Source the Credentials in OpenStack Controller Node +--------------------------------------------------- + +**SETUP-SVM-1**: Login in OpenStack Controller Node. Start a new terminal, +and change directory to where OpenStack is installed. + +**SETUP-SVM-2**: We have to source the tenant credentials in this step. Please **NOTE** +that the method of sourcing tenant credentials may vary depending on installers. For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +------------------------------------------------------------------------------------ +Informational Note: Move Public Network from Physical Network Interface to ``br-ex`` +------------------------------------------------------------------------------------ + +**SETUP-SVM-3**: Move the physical interface (i.e. the public network interface) to ``br-ex`` + +**SETUP-SVM-4**: Verify setup of ``br-ex`` + +**Those 2 steps are Informational. OPNFV Installer has taken care of those 2 steps during deployment. +You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``SETUP-SVM-3`` and +``SETUP-SVM-4`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/4-ipv6-configguide-servicevm.html#add-external-connectivity-to-br-ex>`_. + +-------------------------------------------------------- +Create IPv4 Subnet and Router with External Connectivity +-------------------------------------------------------- + +**SETUP-SVM-5**: Create a Neutron router ``ipv4-router`` which needs to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + +**SETUP-SVM-6**: Create an external network/subnet ``ext-net`` using the appropriate values based on the +data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +Please note that the IP addresses in the command above are for exemplary purpose. **Please replace the IP addresses of +your actual network**. + +**SETUP-SVM-7**: Associate the ``ext-net`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + +**SETUP-SVM-8**: Create an internal/tenant IPv4 network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + +**SETUP-SVM-9**: Create an IPv4 subnet ``ipv4-int-subnet1`` in the internal network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + +**SETUP-SVM-10**: Associate the IPv4 internal subnet ``ipv4-int-subnet1`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +-------------------------------------------------------- +Create IPv6 Subnet and Router with External Connectivity +-------------------------------------------------------- + +Now, let us create a second neutron router where we can "manually" spawn a ``radvd`` daemon to simulate an external +IPv6 router. + +**SETUP-SVM-11**: Create a second Neutron router ``ipv6-router`` which needs to provide external connectivity + +.. code-block:: bash + + neutron router-create ipv6-router + +**SETUP-SVM-12**: Associate the ``ext-net`` to the Neutron router ``ipv6-router`` + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv6-router ext-net + +**SETUP-SVM-13**: Create a second internal/tenant IPv4 network ``ipv4-int-network2`` + +.. code-block:: bash + + neutron net-create ipv4-int-network2 + +**SETUP-SVM-14**: Create an IPv4 subnet ``ipv4-int-subnet2`` for the ``ipv6-router`` internal network +``ipv4-int-network2`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv4-int-network2 10.0.0.0/24 + +**SETUP-SVM-15**: Associate the IPv4 internal subnet ``ipv4-int-subnet2`` to the Neutron router ``ipv6-router``. + +.. code-block:: bash + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + +-------------------------------------------------- +Prepare Image, Metadata and Keypair for Service VM +-------------------------------------------------- + +**SETUP-SVM-16**: Download ``fedora22`` image which would be used as ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**SETUP-SVM-17**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**SETUP-SVM-18**: Create ports for ``vRouter`` and both the VMs with some specific MAC addresses. + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv4-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +---------------------------------------------------------------------------------------------------------- +Boot Service VM (``vRouter``) with ``eth0`` on ``ipv4-int-network2`` and ``eth1`` on ``ipv4-int-network1`` +---------------------------------------------------------------------------------------------------------- + +Let us boot the service VM (``vRouter``) with ``eth0`` interface on ``ipv4-int-network2`` connecting to ``ipv6-router``, +and ``eth1`` interface on ``ipv4-int-network1`` connecting to ``ipv4-router``. + +**SETUP-SVM-19**: Boot the ``vRouter`` using ``Fedora22`` image on the OpenStack Compute Node with hostname +``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + +Please **note** that ``/opt/stack/opnfv_os_ipv6_poc/metadata.txt`` is used to enable the ``vRouter`` to automatically +spawn a ``radvd``, and + +* Act as an IPv6 vRouter which advertises the RA (Router Advertisements) with prefix + ``2001:db8:0:2::/64`` on its internal interface (``eth1``). +* Forward IPv6 traffic from internal interface (``eth1``) + +**SETUP-SVM-20**: Verify that ``Fedora22`` image boots up successfully and vRouter has ``ssh`` keys properly injected + +.. code-block:: bash + + nova list + nova console-log vRouter + +Please note that **it may take a few minutes** for the necessary packages to get installed and ``ssh`` keys +to be injected. + +.. code-block:: bash + + # Sample Output + [ 762.884523] cloud-init[871]: ec2: ############################################################# + [ 762.909634] cloud-init[871]: ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- + [ 762.931626] cloud-init[871]: ec2: 2048 e3:dc:3d:4a:bc:b6:b0:77:75:a1:70:a3:d0:2a:47:a9 (RSA) + [ 762.957380] cloud-init[871]: ec2: -----END SSH HOST KEY FINGERPRINTS----- + [ 762.979554] cloud-init[871]: ec2: ############################################################# + +------------------------------------------- +Boot Two Other VMs in ``ipv4-int-network1`` +------------------------------------------- + +In order to verify that the setup is working, let us create two cirros VMs with ``eth1`` interface on the +``ipv4-int-network1``, i.e., connecting to ``vRouter`` ``eth1`` interface for internal network. + +We will have to configure appropriate ``mtu`` on the VMs' interface by taking into account the tunneling +overhead and any physical switch requirements. If so, push the ``mtu`` to the VM either using ``dhcp`` +options or via ``meta-data``. + +**SETUP-SVM-21**: Create VM1 on OpenStack Controller Node with hostname ``opnfv-os-controller`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + +**SETUP-SVM-22**: Create VM2 on OpenStack Compute Node with hostname ``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + +**SETUP-SVM-23**: Confirm that both the VMs are successfully booted. + +.. code-block:: bash + + nova list + nova console-log VM1 + nova console-log VM2 + +---------------------------------- +Spawn ``RADVD`` in ``ipv6-router`` +---------------------------------- + +Let us manually spawn a ``radvd`` daemon inside ``ipv6-router`` namespace to simulate an external router. +First of all, we will have to identify the ``ipv6-router`` namespace and move to the namespace. + +Please **NOTE** that in case of HA (High Availability) deployment model where multiple controller +nodes are used, ``ipv6-router`` created in step **SETUP-SVM-11** could be in any of the controller +node. Thus you need to identify in which controller node ``ipv6-router`` is created in order to manually +spawn ``radvd`` daemon inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through +**SETUP-SVM-30**. The following command in Neutron will display the controller on which the +``ipv6-router`` is spawned. + +.. code-block:: bash + + neutron l3-agent-list-hosting-router ipv6-router + +Then you login to that controller and execute steps **SETUP-SVM-24** +through **SETUP-SVM-30** + +**SETUP-SVM-24**: identify the ``ipv6-router`` namespace and move to the namespace + +.. code-block:: bash + + sudo ip netns exec qrouter-$(neutron router-list | grep -w ipv6-router | \ + awk '{print $2}') bash + +**SETUP-SVM-25**: Upon successful execution of the above command, you will be in the router namespace. +Now let us configure the IPv6 address on the <qr-xxx> interface. + +.. code-block:: bash + + export router_interface=$(ip a s | grep -w "global qr-*" | awk '{print $7}') + ip -6 addr add 2001:db8:0:1::1 dev $router_interface + +**SETUP-SVM-26**: Update the sample file ``/opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf`` +with ``$router_interface``. + +.. code-block:: bash + + cp /opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf /tmp/radvd.$router_interface.conf + sed -i 's/$router_interface/'$router_interface'/g' /tmp/radvd.$router_interface.conf + +**SETUP-SVM-27**: Spawn a ``radvd`` daemon to simulate an external router. This ``radvd`` daemon advertises an IPv6 +subnet prefix of ``2001:db8:0:1::/64`` using RA (Router Advertisement) on its $router_interface so that ``eth0`` +interface of ``vRouter`` automatically configures an IPv6 SLAAC address. + +.. code-block:: bash + + $radvd -C /tmp/radvd.$router_interface.conf -p /tmp/br-ex.pid.radvd -m syslog + +**SETUP-SVM-28**: Add an IPv6 downstream route pointing to the ``eth0`` interface of vRouter. + +.. code-block:: bash + + ip -6 route add 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 + +**SETUP-SVM-29**: The routing table should now look similar to something shown below. + +.. code-block:: bash + + ip -6 route show + 2001:db8:0:1::1 dev qr-42968b9e-62 proto kernel metric 256 + 2001:db8:0:1::/64 dev qr-42968b9e-62 proto kernel metric 256 expires 86384sec + 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 dev qr-42968b9e-62 proto ra metric 1024 expires 29sec + fe80::/64 dev qg-3736e0c7-7c proto kernel metric 256 + fe80::/64 dev qr-42968b9e-62 proto kernel metric 256 + +**SETUP-SVM-30**: If all goes well, the IPv6 addresses assigned to the VMs would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +-------------------------------- +Testing to Verify Setup Complete +-------------------------------- + +Now, let us ``SSH`` to those VMs, e.g. VM1 and / or VM2 and / or vRouter, to confirm that +it has successfully configured the IPv6 address using ``SLAAC`` with prefix +``2001:db8:0:2::/64`` from ``vRouter``. + +We use ``floatingip`` mechanism to achieve ``SSH``. + +**SETUP-SVM-31**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +If everything goes well, ``ssh`` will be successful and you will be logged into those VMs. +Run some commands to verify that IPv6 addresses are configured on ``eth0`` interface. + +**SETUP-SVM-32**: Show an IPv6 address with a prefix of ``2001:db8:0:2::/64`` + +.. code-block:: bash + + ip address show + +**SETUP-SVM-33**: ping some external IPv6 address, e.g. ``ipv6-router`` + +.. code-block:: bash + + ping6 2001:db8:0:1::1 + +If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic +to reach external ``ipv6-router``. + diff --git a/docs/release/configguide/index.rst b/docs/release/configguide/index.rst new file mode 100644 index 0000000..fec73ae --- /dev/null +++ b/docs/release/configguide/index.rst @@ -0,0 +1,1077 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +=============================================================== +IPv6 Configuration - Setting Up a Service VM as an IPv6 vRouter +=============================================================== + +This section provides instructions to set up a service VM as an IPv6 vRouter using OPNFV Danube Release +installers. The environment may be pure OpenStack option or Open Daylight L2-only option. +The deployment model may be HA or non-HA. The infrastructure may be bare metal or virtual environment. + +For complete instructions and documentations of setting up service VM as an IPv6 vRouter using ANY method, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +**************************** +Pre-configuration Activities +**************************** + +The configuration will work in 2 environments: + +1. OpenStack-only environment +2. OpenStack with Open Daylight L2-only environment + +Depending on which installer will be used to deploy OPNFV, each environment may be deployed +on bare metal or virtualized infrastructure. Each deployment may be HA or non-HA. + +Refer to the previous installer configuration chapters, installations guide and release notes. + +****************************************** +Setup Manual in OpenStack-Only Environment +****************************************** + +If you intend to set up a service VM as an IPv6 vRouter in OpenStack-only environment of +OPNFV Danube Release, please **NOTE** that: + +* Because the anti-spoofing rules of Security Group feature in OpenStack prevents + a VM from forwarding packets, we need to disable Security Group feature in the + OpenStack-only environment. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-NATIVE-INSTALL-1**: To install OpenStack-only environment of OPNFV Danube Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-nosdn-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-ha + # Scenario Configuration File: ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-noha + # Scenario Configuration File: no-ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-NATIVE-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they +are not there by default. + +**OPNFV-NATIVE-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they are not there by default + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = True + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security + [agent] + prevent_arp_spoofing = False + +**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = neutron + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-NATIVE-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------- +Set Up Service VM as IPv6 vRouter +--------------------------------- + +**OPNFV-NATIVE-SETUP-1**: Now we assume that OpenStack multi-node setup is up and running. +We have to source the tenant credentials in OpenStack controller node in this step. +Please **NOTE** that the method of sourcing tenant credentials may vary depending on installers. +For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +**OPNFV-NATIVE-SETUP-2**: Download ``fedora22`` image which would be used for ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-3**: Import Fedora22 image to ``glance`` + +.. code-block:: bash + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-4: This step is Informational. OPNFV Installer has taken care of this step +during deployment. You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``OS-NATIVE-SETUP-4`` and +``OS-NATIVE-SETUP-5`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/5-ipv6-configguide-scenario-1-native-os.html#set-up-service-vm-as-ipv6-vrouter>`_. + +**OPNFV-NATIVE-SETUP-5**: Create Neutron routers ``ipv4-router`` and ``ipv6-router`` +which need to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + neutron router-create ipv6-router + +**OPNFV-NATIVE-SETUP-6**: Create an external network/subnet ``ext-net`` using +the appropriate values based on the data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +**OPNFV-NATIVE-SETUP-7**: Create Neutron networks ``ipv4-int-network1`` and +``ipv6-int-network2`` with port_security disabled + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + neutron net-create ipv6-int-network2 + +**OPNFV-NATIVE-SETUP-8**: Create IPv4 subnet ``ipv4-int-subnet1`` in the internal network +``ipv4-int-network1``, and associate it to ``ipv4-router``. + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +**OPNFV-NATIVE-SETUP-9**: Associate the ``ext-net`` to the Neutron routers ``ipv4-router`` +and ``ipv6-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + neutron router-gateway-set ipv6-router ext-net + +**OPNFV-NATIVE-SETUP-10**: Create two subnets, one IPv4 subnet ``ipv4-int-subnet2`` and +one IPv6 subnet ``ipv6-int-subnet2`` in ``ipv6-int-network2``, and associate both subnets to +``ipv6-router`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv6-int-network2 10.0.0.0/24 + + neutron subnet-create --name ipv6-int-subnet2 --ip-version 6 --ipv6-ra-mode slaac \ + --ipv6-address-mode slaac ipv6-int-network2 2001:db8:0:1::/64 + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + neutron router-interface-add ipv6-router ipv6-int-subnet2 + +**OPNFV-NATIVE-SETUP-11**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**OPNFV-NATIVE-SETUP-12**: Create ports for vRouter (with some specific MAC address +- basically for automation - to know the IPv6 addresses that would be assigned to the port). + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv6-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-13**: Create ports for VM1 and VM2. + +.. code-block:: bash + + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-14**: Update ``ipv6-router`` with routing information to subnet +``2001:db8:0:2::/64`` + +.. code-block:: bash + + neutron router-update ipv6-router --routes type=dict list=true \ + destination=2001:db8:0:2::/64,nexthop=2001:db8:0:1:f816:3eff:fe11:1111 + +**OPNFV-NATIVE-SETUP-15**: Boot Service VM (``vRouter``), VM1 and VM2 + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + + nova list + + # Please wait for some 10 to 15 minutes so that necessary packages (like radvd) + # are installed and vRouter is up. + nova console-log vRouter + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + + nova list # Verify that all the VMs are in ACTIVE state. + +**OPNFV-NATIVE-SETUP-16**: If all goes well, the IPv6 addresses assigned to the VMs +would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +**OPNFV-NATIVE-SETUP-17**: Now we need to disable ``eth0-VM1``, ``eth0-VM2``, +``eth0-vRouter`` and ``eth1-vRouter`` port-security + +.. code-block:: bash + + for port in eth0-VM1 eth0-VM2 eth0-vRouter eth1-vRouter + do + neutron port-update --no-security-groups $port + neutron port-update $port --port-security-enabled=False + neutron port-show $port | grep port_security_enabled + done + +**OPNFV-NATIVE-SETUP-18**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +**************************************************************** +Setup Manual in OpenStack with Open Daylight L2-Only Environment +**************************************************************** + +If you intend to set up a service VM as an IPv6 vRouter in an environment of OpenStack +and Open Daylight L2-only of OPNFV Danube Release, please **NOTE** that: + +* We **SHOULD** use the ``odl-ovsdb-openstack`` version of Open Daylight Boron + in OPNFV Danube Release. Please refer to our + `Gap Analysis <http://artifacts.opnfv.org/ipv6/docs/gapanalysis/gap-analysis-odl-boron.html>`_ + for more information. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. +* However, in case of HA, when ``ipv6-router`` is created in step **SETUP-SVM-11**, + it could be created in any of the controller node. Thus you need to identify in which + controller node ``ipv6-router`` is created in order to manually spawn ``radvd`` daemon + inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through **SETUP-SVM-30**. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-INSTALL-1**: To install OpenStack with Open Daylight L2-only environment +of OPNFV Danube Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # There is no settings file provided by default for odl_l2 non-HA deployment + # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file + # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml + # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: + + # - For Non-HA, Virtual deployment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # - For Non-HA, Bare Metal deployment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-odl_l2-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-ha + # Scenario Configuration File: ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-noha + # Scenario Configuration File: no-ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = True + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security + [agent] + prevent_arp_spoofing = False + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = neutron + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------------------------- +Source the Credentials in OpenStack Controller Node +--------------------------------------------------- + +**SETUP-SVM-1**: Login in OpenStack Controller Node. Start a new terminal, +and change directory to where OpenStack is installed. + +**SETUP-SVM-2**: We have to source the tenant credentials in this step. Please **NOTE** +that the method of sourcing tenant credentials may vary depending on installers. For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +------------------------------------------------------------------------------------ +Informational Note: Move Public Network from Physical Network Interface to ``br-ex`` +------------------------------------------------------------------------------------ + +**SETUP-SVM-3**: Move the physical interface (i.e. the public network interface) to ``br-ex`` + +**SETUP-SVM-4**: Verify setup of ``br-ex`` + +**Those 2 steps are Informational. OPNFV Installer has taken care of those 2 steps during deployment. +You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``SETUP-SVM-3`` and +``SETUP-SVM-4`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/4-ipv6-configguide-servicevm.html#add-external-connectivity-to-br-ex>`_. + +-------------------------------------------------------- +Create IPv4 Subnet and Router with External Connectivity +-------------------------------------------------------- + +**SETUP-SVM-5**: Create a Neutron router ``ipv4-router`` which needs to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + +**SETUP-SVM-6**: Create an external network/subnet ``ext-net`` using the appropriate values based on the +data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +Please note that the IP addresses in the command above are for exemplary purpose. **Please replace the IP addresses of +your actual network**. + +**SETUP-SVM-7**: Associate the ``ext-net`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + +**SETUP-SVM-8**: Create an internal/tenant IPv4 network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + +**SETUP-SVM-9**: Create an IPv4 subnet ``ipv4-int-subnet1`` in the internal network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + +**SETUP-SVM-10**: Associate the IPv4 internal subnet ``ipv4-int-subnet1`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +-------------------------------------------------------- +Create IPv6 Subnet and Router with External Connectivity +-------------------------------------------------------- + +Now, let us create a second neutron router where we can "manually" spawn a ``radvd`` daemon to simulate an external +IPv6 router. + +**SETUP-SVM-11**: Create a second Neutron router ``ipv6-router`` which needs to provide external connectivity + +.. code-block:: bash + + neutron router-create ipv6-router + +**SETUP-SVM-12**: Associate the ``ext-net`` to the Neutron router ``ipv6-router`` + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv6-router ext-net + +**SETUP-SVM-13**: Create a second internal/tenant IPv4 network ``ipv4-int-network2`` + +.. code-block:: bash + + neutron net-create ipv4-int-network2 + +**SETUP-SVM-14**: Create an IPv4 subnet ``ipv4-int-subnet2`` for the ``ipv6-router`` internal network +``ipv4-int-network2`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv4-int-network2 10.0.0.0/24 + +**SETUP-SVM-15**: Associate the IPv4 internal subnet ``ipv4-int-subnet2`` to the Neutron router ``ipv6-router``. + +.. code-block:: bash + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + +-------------------------------------------------- +Prepare Image, Metadata and Keypair for Service VM +-------------------------------------------------- + +**SETUP-SVM-16**: Download ``fedora22`` image which would be used as ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**SETUP-SVM-17**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**SETUP-SVM-18**: Create ports for ``vRouter`` and both the VMs with some specific MAC addresses. + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv4-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +---------------------------------------------------------------------------------------------------------- +Boot Service VM (``vRouter``) with ``eth0`` on ``ipv4-int-network2`` and ``eth1`` on ``ipv4-int-network1`` +---------------------------------------------------------------------------------------------------------- + +Let us boot the service VM (``vRouter``) with ``eth0`` interface on ``ipv4-int-network2`` connecting to ``ipv6-router``, +and ``eth1`` interface on ``ipv4-int-network1`` connecting to ``ipv4-router``. + +**SETUP-SVM-19**: Boot the ``vRouter`` using ``Fedora22`` image on the OpenStack Compute Node with hostname +``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + +Please **note** that ``/opt/stack/opnfv_os_ipv6_poc/metadata.txt`` is used to enable the ``vRouter`` to automatically +spawn a ``radvd``, and + +* Act as an IPv6 vRouter which advertises the RA (Router Advertisements) with prefix + ``2001:db8:0:2::/64`` on its internal interface (``eth1``). +* Forward IPv6 traffic from internal interface (``eth1``) + +**SETUP-SVM-20**: Verify that ``Fedora22`` image boots up successfully and vRouter has ``ssh`` keys properly injected + +.. code-block:: bash + + nova list + nova console-log vRouter + +Please note that **it may take a few minutes** for the necessary packages to get installed and ``ssh`` keys +to be injected. + +.. code-block:: bash + + # Sample Output + [ 762.884523] cloud-init[871]: ec2: ############################################################# + [ 762.909634] cloud-init[871]: ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- + [ 762.931626] cloud-init[871]: ec2: 2048 e3:dc:3d:4a:bc:b6:b0:77:75:a1:70:a3:d0:2a:47:a9 (RSA) + [ 762.957380] cloud-init[871]: ec2: -----END SSH HOST KEY FINGERPRINTS----- + [ 762.979554] cloud-init[871]: ec2: ############################################################# + +------------------------------------------- +Boot Two Other VMs in ``ipv4-int-network1`` +------------------------------------------- + +In order to verify that the setup is working, let us create two cirros VMs with ``eth1`` interface on the +``ipv4-int-network1``, i.e., connecting to ``vRouter`` ``eth1`` interface for internal network. + +We will have to configure appropriate ``mtu`` on the VMs' interface by taking into account the tunneling +overhead and any physical switch requirements. If so, push the ``mtu`` to the VM either using ``dhcp`` +options or via ``meta-data``. + +**SETUP-SVM-21**: Create VM1 on OpenStack Controller Node with hostname ``opnfv-os-controller`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + +**SETUP-SVM-22**: Create VM2 on OpenStack Compute Node with hostname ``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + +**SETUP-SVM-23**: Confirm that both the VMs are successfully booted. + +.. code-block:: bash + + nova list + nova console-log VM1 + nova console-log VM2 + +---------------------------------- +Spawn ``RADVD`` in ``ipv6-router`` +---------------------------------- + +Let us manually spawn a ``radvd`` daemon inside ``ipv6-router`` namespace to simulate an external router. +First of all, we will have to identify the ``ipv6-router`` namespace and move to the namespace. + +Please **NOTE** that in case of HA (High Availability) deployment model where multiple controller +nodes are used, ``ipv6-router`` created in step **SETUP-SVM-11** could be in any of the controller +node. Thus you need to identify in which controller node ``ipv6-router`` is created in order to manually +spawn ``radvd`` daemon inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through +**SETUP-SVM-30**. The following command in Neutron will display the controller on which the +``ipv6-router`` is spawned. + +.. code-block:: bash + + neutron l3-agent-list-hosting-router ipv6-router + +Then you login to that controller and execute steps **SETUP-SVM-24** +through **SETUP-SVM-30** + +**SETUP-SVM-24**: identify the ``ipv6-router`` namespace and move to the namespace + +.. code-block:: bash + + sudo ip netns exec qrouter-$(neutron router-list | grep -w ipv6-router | \ + awk '{print $2}') bash + +**SETUP-SVM-25**: Upon successful execution of the above command, you will be in the router namespace. +Now let us configure the IPv6 address on the <qr-xxx> interface. + +.. code-block:: bash + + export router_interface=$(ip a s | grep -w "global qr-*" | awk '{print $7}') + ip -6 addr add 2001:db8:0:1::1 dev $router_interface + +**SETUP-SVM-26**: Update the sample file ``/opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf`` +with ``$router_interface``. + +.. code-block:: bash + + cp /opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf /tmp/radvd.$router_interface.conf + sed -i 's/$router_interface/'$router_interface'/g' /tmp/radvd.$router_interface.conf + +**SETUP-SVM-27**: Spawn a ``radvd`` daemon to simulate an external router. This ``radvd`` daemon advertises an IPv6 +subnet prefix of ``2001:db8:0:1::/64`` using RA (Router Advertisement) on its $router_interface so that ``eth0`` +interface of ``vRouter`` automatically configures an IPv6 SLAAC address. + +.. code-block:: bash + + $radvd -C /tmp/radvd.$router_interface.conf -p /tmp/br-ex.pid.radvd -m syslog + +**SETUP-SVM-28**: Add an IPv6 downstream route pointing to the ``eth0`` interface of vRouter. + +.. code-block:: bash + + ip -6 route add 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 + +**SETUP-SVM-29**: The routing table should now look similar to something shown below. + +.. code-block:: bash + + ip -6 route show + 2001:db8:0:1::1 dev qr-42968b9e-62 proto kernel metric 256 + 2001:db8:0:1::/64 dev qr-42968b9e-62 proto kernel metric 256 expires 86384sec + 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 dev qr-42968b9e-62 proto ra metric 1024 expires 29sec + fe80::/64 dev qg-3736e0c7-7c proto kernel metric 256 + fe80::/64 dev qr-42968b9e-62 proto kernel metric 256 + +**SETUP-SVM-30**: If all goes well, the IPv6 addresses assigned to the VMs would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +-------------------------------- +Testing to Verify Setup Complete +-------------------------------- + +Now, let us ``SSH`` to those VMs, e.g. VM1 and / or VM2 and / or vRouter, to confirm that +it has successfully configured the IPv6 address using ``SLAAC`` with prefix +``2001:db8:0:2::/64`` from ``vRouter``. + +We use ``floatingip`` mechanism to achieve ``SSH``. + +**SETUP-SVM-31**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +If everything goes well, ``ssh`` will be successful and you will be logged into those VMs. +Run some commands to verify that IPv6 addresses are configured on ``eth0`` interface. + +**SETUP-SVM-32**: Show an IPv6 address with a prefix of ``2001:db8:0:2::/64`` + +.. code-block:: bash + + ip address show + +**SETUP-SVM-33**: ping some external IPv6 address, e.g. ``ipv6-router`` + +.. code-block:: bash + + ping6 2001:db8:0:1::1 + +If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic +to reach external ``ipv6-router``. + +********************************* +IPv6 Post Installation Procedures +********************************* + +Congratulations, you have completed the setup of using a service VM to act as an IPv6 vRouter. +You have validated the setup based on the instruction in previous sections. If you want to further +test your setup, you can ``ping6`` among ``VM1``, ``VM2``, ``vRouter`` and ``ipv6-router``. + +This setup allows further open innovation by any 3rd-party. For more instructions and documentations, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +************************************** +Automated post installation activities +************************************** + +Refer to the relevant testing guides, results, and release notes of Yardstick Project. diff --git a/docs/release/configguide/postinstall.rst b/docs/release/configguide/postinstall.rst new file mode 100644 index 0000000..9f07ac7 --- /dev/null +++ b/docs/release/configguide/postinstall.rst @@ -0,0 +1,24 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +================================= +IPv6 Post Installation Procedures +================================= + +Congratulations, you have completed the setup of using a service VM to act as an IPv6 vRouter. +You have validated the setup based on the instruction in previous sections. If you want to further +test your setup, you can ``ping6`` among ``VM1``, ``VM2``, ``vRouter`` and ``ipv6-router``. + +This setup allows further open innovation by any 3rd-party. For more instructions and documentations, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +************************************** +Automated post installation activities +************************************** + +Refer to the relevant testing guides, results, and release notes of Yardstick Project. + diff --git a/docs/release/installation/feature.configuration.rst b/docs/release/installation/feature.configuration.rst new file mode 100644 index 0000000..fec73ae --- /dev/null +++ b/docs/release/installation/feature.configuration.rst @@ -0,0 +1,1077 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +=============================================================== +IPv6 Configuration - Setting Up a Service VM as an IPv6 vRouter +=============================================================== + +This section provides instructions to set up a service VM as an IPv6 vRouter using OPNFV Danube Release +installers. The environment may be pure OpenStack option or Open Daylight L2-only option. +The deployment model may be HA or non-HA. The infrastructure may be bare metal or virtual environment. + +For complete instructions and documentations of setting up service VM as an IPv6 vRouter using ANY method, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +**************************** +Pre-configuration Activities +**************************** + +The configuration will work in 2 environments: + +1. OpenStack-only environment +2. OpenStack with Open Daylight L2-only environment + +Depending on which installer will be used to deploy OPNFV, each environment may be deployed +on bare metal or virtualized infrastructure. Each deployment may be HA or non-HA. + +Refer to the previous installer configuration chapters, installations guide and release notes. + +****************************************** +Setup Manual in OpenStack-Only Environment +****************************************** + +If you intend to set up a service VM as an IPv6 vRouter in OpenStack-only environment of +OPNFV Danube Release, please **NOTE** that: + +* Because the anti-spoofing rules of Security Group feature in OpenStack prevents + a VM from forwarding packets, we need to disable Security Group feature in the + OpenStack-only environment. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-NATIVE-INSTALL-1**: To install OpenStack-only environment of OPNFV Danube Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-nosdn-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-ha + # Scenario Configuration File: ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack-only environment + # Scenario Name: os-nosdn-nofeature-noha + # Scenario Configuration File: no-ha_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-nosdn-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack-only environment + ./deploy.sh -o mitaka -s nosdn -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-NATIVE-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-NATIVE-SEC-1** and **OPNFV-NATIVE-SEC-2** are applied, if they +are not there by default. + +**OPNFV-NATIVE-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they are not there by default + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = True + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security + [agent] + prevent_arp_spoofing = False + +**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = neutron + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-NATIVE-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------- +Set Up Service VM as IPv6 vRouter +--------------------------------- + +**OPNFV-NATIVE-SETUP-1**: Now we assume that OpenStack multi-node setup is up and running. +We have to source the tenant credentials in OpenStack controller node in this step. +Please **NOTE** that the method of sourcing tenant credentials may vary depending on installers. +For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +**OPNFV-NATIVE-SETUP-2**: Download ``fedora22`` image which would be used for ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-3**: Import Fedora22 image to ``glance`` + +.. code-block:: bash + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**OPNFV-NATIVE-SETUP-4: This step is Informational. OPNFV Installer has taken care of this step +during deployment. You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``OS-NATIVE-SETUP-4`` and +``OS-NATIVE-SETUP-5`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/5-ipv6-configguide-scenario-1-native-os.html#set-up-service-vm-as-ipv6-vrouter>`_. + +**OPNFV-NATIVE-SETUP-5**: Create Neutron routers ``ipv4-router`` and ``ipv6-router`` +which need to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + neutron router-create ipv6-router + +**OPNFV-NATIVE-SETUP-6**: Create an external network/subnet ``ext-net`` using +the appropriate values based on the data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +**OPNFV-NATIVE-SETUP-7**: Create Neutron networks ``ipv4-int-network1`` and +``ipv6-int-network2`` with port_security disabled + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + neutron net-create ipv6-int-network2 + +**OPNFV-NATIVE-SETUP-8**: Create IPv4 subnet ``ipv4-int-subnet1`` in the internal network +``ipv4-int-network1``, and associate it to ``ipv4-router``. + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +**OPNFV-NATIVE-SETUP-9**: Associate the ``ext-net`` to the Neutron routers ``ipv4-router`` +and ``ipv6-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + neutron router-gateway-set ipv6-router ext-net + +**OPNFV-NATIVE-SETUP-10**: Create two subnets, one IPv4 subnet ``ipv4-int-subnet2`` and +one IPv6 subnet ``ipv6-int-subnet2`` in ``ipv6-int-network2``, and associate both subnets to +``ipv6-router`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv6-int-network2 10.0.0.0/24 + + neutron subnet-create --name ipv6-int-subnet2 --ip-version 6 --ipv6-ra-mode slaac \ + --ipv6-address-mode slaac ipv6-int-network2 2001:db8:0:1::/64 + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + neutron router-interface-add ipv6-router ipv6-int-subnet2 + +**OPNFV-NATIVE-SETUP-11**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**OPNFV-NATIVE-SETUP-12**: Create ports for vRouter (with some specific MAC address +- basically for automation - to know the IPv6 addresses that would be assigned to the port). + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv6-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-13**: Create ports for VM1 and VM2. + +.. code-block:: bash + + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +**OPNFV-NATIVE-SETUP-14**: Update ``ipv6-router`` with routing information to subnet +``2001:db8:0:2::/64`` + +.. code-block:: bash + + neutron router-update ipv6-router --routes type=dict list=true \ + destination=2001:db8:0:2::/64,nexthop=2001:db8:0:1:f816:3eff:fe11:1111 + +**OPNFV-NATIVE-SETUP-15**: Boot Service VM (``vRouter``), VM1 and VM2 + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + + nova list + + # Please wait for some 10 to 15 minutes so that necessary packages (like radvd) + # are installed and vRouter is up. + nova console-log vRouter + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + + nova list # Verify that all the VMs are in ACTIVE state. + +**OPNFV-NATIVE-SETUP-16**: If all goes well, the IPv6 addresses assigned to the VMs +would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +**OPNFV-NATIVE-SETUP-17**: Now we need to disable ``eth0-VM1``, ``eth0-VM2``, +``eth0-vRouter`` and ``eth1-vRouter`` port-security + +.. code-block:: bash + + for port in eth0-VM1 eth0-VM2 eth0-vRouter eth1-vRouter + do + neutron port-update --no-security-groups $port + neutron port-update $port --port-security-enabled=False + neutron port-show $port | grep port_security_enabled + done + +**OPNFV-NATIVE-SETUP-18**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +**************************************************************** +Setup Manual in OpenStack with Open Daylight L2-Only Environment +**************************************************************** + +If you intend to set up a service VM as an IPv6 vRouter in an environment of OpenStack +and Open Daylight L2-only of OPNFV Danube Release, please **NOTE** that: + +* We **SHOULD** use the ``odl-ovsdb-openstack`` version of Open Daylight Boron + in OPNFV Danube Release. Please refer to our + `Gap Analysis <http://artifacts.opnfv.org/ipv6/docs/gapanalysis/gap-analysis-odl-boron.html>`_ + for more information. +* The hostnames, IP addresses, and username are for exemplary purpose in instructions. + Please change as needed to fit your environment. +* The instructions apply to both deployment model of single controller node and + HA (High Availability) deployment model where multiple controller nodes are used. +* However, in case of HA, when ``ipv6-router`` is created in step **SETUP-SVM-11**, + it could be created in any of the controller node. Thus you need to identify in which + controller node ``ipv6-router`` is created in order to manually spawn ``radvd`` daemon + inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through **SETUP-SVM-30**. + +----------------------------- +Install OPNFV and Preparation +----------------------------- + +**OPNFV-INSTALL-1**: To install OpenStack with Open Daylight L2-only environment +of OPNFV Danube Release: + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # There is no settings file provided by default for odl_l2 non-HA deployment + # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file + # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml + # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: + + # - For Non-HA, Virtual deployment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting.yaml + + # - For Non-HA, Bare Metal deployment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting_v6.yaml" for deployment in IPv6-only infrastructure + +**Compass** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + export ISO_URL=file://$BUILD_DIRECTORY/compass.iso + export OS_VERSION=${{COMPASS_OS_VERSION}} + export OPENSTACK_VERSION=${{COMPASS_OPENSTACK_VERSION}} + export CONFDIR=$WORKSPACE/deploy/conf/vm_environment + ./deploy.sh --dha $CONFDIR/os-odl_l2-nofeature-ha.yml \ + --network $CONFDIR/$NODE_NAME/network.yml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Non-HA deployment is currently not supported by Compass installer + +**Fuel** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-ha + # Scenario Configuration File: ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-ha -i <iso-uri> + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # Scenario Name: os-odl_l2-nofeature-noha + # Scenario Configuration File: no-ha_odl-l2_heat_ceilometer_scenario.yaml + # You can use either Scenario Name or Scenario Configuration File Name in "-s" parameter + sudo ./deploy.sh -b <stack-config-uri> -l <lab-name> -p <pod-name> \ + -s os-odl_l2-nofeature-noha -i <iso-uri> + + # Note: + # + # 1. Refer to http://git.opnfv.org/cgit/fuel/tree/deploy/scenario/scenario.yaml for scenarios + # 2. Refer to http://git.opnfv.org/cgit/fuel/tree/ci/README for description of + # stack configuration directory structure + # 3. <stack-config-uri> is the base URI of stack configuration directory structure + # 3.1 Example: http://git.opnfv.org/cgit/fuel/tree/deploy/config + # 4. <lab-name> and <pod-name> must match the directory structure in stack configuration + # 4.1 Example of <lab-name>: -l devel-pipeline + # 4.2 Example of <pod-name>: -p elx + # 5. <iso-uri> could be local or remote ISO image of Fuel Installer + # 5.1 Example: http://artifacts.opnfv.org/fuel/colorado/opnfv-colorado.1.0.iso + # + # Please refer to Fuel Installer's documentation for further information and any update + +**Joid** Installer: + +.. code-block:: bash + + # HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t ha -l default -f ipv6 + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + ./deploy.sh -o mitaka -s odl -t nonha -l default -f ipv6 + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +**OPNFV-INSTALL-2**: Clone the following GitHub repository to get the +configuration and metadata files + +.. code-block:: bash + + git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git \ + /opt/stack/opnfv_os_ipv6_poc + +---------------------------------------------- +Disable Security Groups in OpenStack ML2 Setup +---------------------------------------------- + +Please **NOTE** that although Security Groups feature has been disabled automatically +through ``local.conf`` configuration file by some installers such as ``devstack``, it is very likely +that other installers such as ``Apex``, ``Compass``, ``Fuel`` or ``Joid`` will enable Security +Groups feature after installation. + +**Please make sure that Security Groups are disabled in the setup** + +In order to disable Security Groups globally, please make sure that the settings in +**OPNFV-SEC-1** and **OPNFV-SEC-2** are applied, if they are not there by default. + +**OPNFV-SEC-1**: Change the settings in +``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows, if they +are not there by default. + +.. code-block:: bash + + # /etc/neutron/plugins/ml2/ml2_conf.ini + [securitygroup] + enable_security_group = True + firewall_driver = neutron.agent.firewall.NoopFirewallDriver + [ml2] + extension_drivers = port_security + [agent] + prevent_arp_spoofing = False + +**OPNFV-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows, +if they are not there by default. + +.. code-block:: bash + + # /etc/nova/nova.conf + [DEFAULT] + security_group_api = neutron + firewall_driver = nova.virt.firewall.NoopFirewallDriver + +**OPNFV-SEC-3**: After updating the settings, you will have to restart the +``Neutron`` and ``Nova`` services. + +**Please note that the commands of restarting** ``Neutron`` **and** ``Nova`` **would vary +depending on the installer. Please refer to relevant documentation of specific installers** + +--------------------------------------------------- +Source the Credentials in OpenStack Controller Node +--------------------------------------------------- + +**SETUP-SVM-1**: Login in OpenStack Controller Node. Start a new terminal, +and change directory to where OpenStack is installed. + +**SETUP-SVM-2**: We have to source the tenant credentials in this step. Please **NOTE** +that the method of sourcing tenant credentials may vary depending on installers. For example: + +**Apex** installer: + +.. code-block:: bash + + # On jump host, source the tenant credentials using /bin/opnfv-util provided by Apex installer + opnfv-util undercloud "source overcloudrc; keystone service-list" + + # Alternatively, you can copy the file /home/stack/overcloudrc from the installer VM called "undercloud" + # to a location in controller node, for example, in the directory /opt, and do: + # source /opt/overcloudrc + +**Compass** installer: + +.. code-block:: bash + + # source the tenant credentials using Compass installer of OPNFV + source /opt/admin-openrc.sh + +**Fuel** installer: + +.. code-block:: bash + + # source the tenant credentials using Fuel installer of OPNFV + source /root/openrc + +**Joid** installer: + +.. code-block:: bash + + # source the tenant credentials using Joid installer of OPNFV + source $HOME/joid_config/admin-openrc + +**devstack**: + +.. code-block:: bash + + # source the tenant credentials in devstack + source openrc admin demo + +**Please refer to relevant documentation of installers if you encounter any issue**. + +------------------------------------------------------------------------------------ +Informational Note: Move Public Network from Physical Network Interface to ``br-ex`` +------------------------------------------------------------------------------------ + +**SETUP-SVM-3**: Move the physical interface (i.e. the public network interface) to ``br-ex`` + +**SETUP-SVM-4**: Verify setup of ``br-ex`` + +**Those 2 steps are Informational. OPNFV Installer has taken care of those 2 steps during deployment. +You may refer to this step only if there is any issue, or if you are using other installers**. + +We have to move the physical interface (i.e. the public network interface) to ``br-ex``, including moving +the public IP address and setting up default route. Please refer to ``SETUP-SVM-3`` and +``SETUP-SVM-4`` in our `more complete instruction <http://artifacts.opnfv.org/ipv6/docs/setupservicevm/4-ipv6-configguide-servicevm.html#add-external-connectivity-to-br-ex>`_. + +-------------------------------------------------------- +Create IPv4 Subnet and Router with External Connectivity +-------------------------------------------------------- + +**SETUP-SVM-5**: Create a Neutron router ``ipv4-router`` which needs to provide external connectivity. + +.. code-block:: bash + + neutron router-create ipv4-router + +**SETUP-SVM-6**: Create an external network/subnet ``ext-net`` using the appropriate values based on the +data-center physical network setup. + +Please **NOTE** that you may only need to create the subnet of ``ext-net`` because OPNFV installers +should have created an external network during installation. You must use the same name of external +network that installer creates when you create the subnet. For example: + +* **Apex** installer: ``external`` +* **Compass** installer: ``ext-net`` +* **Fuel** installer: ``admin_floating_net`` +* **Joid** installer: ``ext-net`` + +**Please refer to the documentation of installers if there is any issue** + +.. code-block:: bash + + # This is needed only if installer does not create an external work + # Otherwise, skip this command "net-create" + neutron net-create --router:external ext-net + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,\ + end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 + +Please note that the IP addresses in the command above are for exemplary purpose. **Please replace the IP addresses of +your actual network**. + +**SETUP-SVM-7**: Associate the ``ext-net`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv4-router ext-net + +**SETUP-SVM-8**: Create an internal/tenant IPv4 network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron net-create ipv4-int-network1 + +**SETUP-SVM-9**: Create an IPv4 subnet ``ipv4-int-subnet1`` in the internal network ``ipv4-int-network1`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 \ + ipv4-int-network1 20.0.0.0/24 + +**SETUP-SVM-10**: Associate the IPv4 internal subnet ``ipv4-int-subnet1`` to the Neutron router ``ipv4-router``. + +.. code-block:: bash + + neutron router-interface-add ipv4-router ipv4-int-subnet1 + +-------------------------------------------------------- +Create IPv6 Subnet and Router with External Connectivity +-------------------------------------------------------- + +Now, let us create a second neutron router where we can "manually" spawn a ``radvd`` daemon to simulate an external +IPv6 router. + +**SETUP-SVM-11**: Create a second Neutron router ``ipv6-router`` which needs to provide external connectivity + +.. code-block:: bash + + neutron router-create ipv6-router + +**SETUP-SVM-12**: Associate the ``ext-net`` to the Neutron router ``ipv6-router`` + +.. code-block:: bash + + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron router-gateway-set ipv6-router ext-net + +**SETUP-SVM-13**: Create a second internal/tenant IPv4 network ``ipv4-int-network2`` + +.. code-block:: bash + + neutron net-create ipv4-int-network2 + +**SETUP-SVM-14**: Create an IPv4 subnet ``ipv4-int-subnet2`` for the ``ipv6-router`` internal network +``ipv4-int-network2`` + +.. code-block:: bash + + neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 \ + ipv4-int-network2 10.0.0.0/24 + +**SETUP-SVM-15**: Associate the IPv4 internal subnet ``ipv4-int-subnet2`` to the Neutron router ``ipv6-router``. + +.. code-block:: bash + + neutron router-interface-add ipv6-router ipv4-int-subnet2 + +-------------------------------------------------- +Prepare Image, Metadata and Keypair for Service VM +-------------------------------------------------- + +**SETUP-SVM-16**: Download ``fedora22`` image which would be used as ``vRouter`` + +.. code-block:: bash + + wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/\ + Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + + glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare \ + --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 + +**SETUP-SVM-17**: Create a keypair + +.. code-block:: bash + + nova keypair-add vRouterKey > ~/vRouterKey + +**SETUP-SVM-18**: Create ports for ``vRouter`` and both the VMs with some specific MAC addresses. + +.. code-block:: bash + + neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv4-int-network2 + neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 + neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 + neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 + +---------------------------------------------------------------------------------------------------------- +Boot Service VM (``vRouter``) with ``eth0`` on ``ipv4-int-network2`` and ``eth1`` on ``ipv4-int-network1`` +---------------------------------------------------------------------------------------------------------- + +Let us boot the service VM (``vRouter``) with ``eth0`` interface on ``ipv4-int-network2`` connecting to ``ipv6-router``, +and ``eth1`` interface on ``ipv4-int-network1`` connecting to ``ipv4-router``. + +**SETUP-SVM-19**: Boot the ``vRouter`` using ``Fedora22`` image on the OpenStack Compute Node with hostname +``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image Fedora22 --flavor m1.small \ + --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') \ + --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') \ + --key-name vRouterKey vRouter + +Please **note** that ``/opt/stack/opnfv_os_ipv6_poc/metadata.txt`` is used to enable the ``vRouter`` to automatically +spawn a ``radvd``, and + +* Act as an IPv6 vRouter which advertises the RA (Router Advertisements) with prefix + ``2001:db8:0:2::/64`` on its internal interface (``eth1``). +* Forward IPv6 traffic from internal interface (``eth1``) + +**SETUP-SVM-20**: Verify that ``Fedora22`` image boots up successfully and vRouter has ``ssh`` keys properly injected + +.. code-block:: bash + + nova list + nova console-log vRouter + +Please note that **it may take a few minutes** for the necessary packages to get installed and ``ssh`` keys +to be injected. + +.. code-block:: bash + + # Sample Output + [ 762.884523] cloud-init[871]: ec2: ############################################################# + [ 762.909634] cloud-init[871]: ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- + [ 762.931626] cloud-init[871]: ec2: 2048 e3:dc:3d:4a:bc:b6:b0:77:75:a1:70:a3:d0:2a:47:a9 (RSA) + [ 762.957380] cloud-init[871]: ec2: -----END SSH HOST KEY FINGERPRINTS----- + [ 762.979554] cloud-init[871]: ec2: ############################################################# + +------------------------------------------- +Boot Two Other VMs in ``ipv4-int-network1`` +------------------------------------------- + +In order to verify that the setup is working, let us create two cirros VMs with ``eth1`` interface on the +``ipv4-int-network1``, i.e., connecting to ``vRouter`` ``eth1`` interface for internal network. + +We will have to configure appropriate ``mtu`` on the VMs' interface by taking into account the tunneling +overhead and any physical switch requirements. If so, push the ``mtu`` to the VM either using ``dhcp`` +options or via ``meta-data``. + +**SETUP-SVM-21**: Create VM1 on OpenStack Controller Node with hostname ``opnfv-os-controller`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-controller \ + --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') \ + --key-name vRouterKey VM1 + +**SETUP-SVM-22**: Create VM2 on OpenStack Compute Node with hostname ``opnfv-os-compute`` + +.. code-block:: bash + + nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny \ + --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh \ + --availability-zone nova:opnfv-os-compute \ + --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') \ + --key-name vRouterKey VM2 + +**SETUP-SVM-23**: Confirm that both the VMs are successfully booted. + +.. code-block:: bash + + nova list + nova console-log VM1 + nova console-log VM2 + +---------------------------------- +Spawn ``RADVD`` in ``ipv6-router`` +---------------------------------- + +Let us manually spawn a ``radvd`` daemon inside ``ipv6-router`` namespace to simulate an external router. +First of all, we will have to identify the ``ipv6-router`` namespace and move to the namespace. + +Please **NOTE** that in case of HA (High Availability) deployment model where multiple controller +nodes are used, ``ipv6-router`` created in step **SETUP-SVM-11** could be in any of the controller +node. Thus you need to identify in which controller node ``ipv6-router`` is created in order to manually +spawn ``radvd`` daemon inside the ``ipv6-router`` namespace in steps **SETUP-SVM-24** through +**SETUP-SVM-30**. The following command in Neutron will display the controller on which the +``ipv6-router`` is spawned. + +.. code-block:: bash + + neutron l3-agent-list-hosting-router ipv6-router + +Then you login to that controller and execute steps **SETUP-SVM-24** +through **SETUP-SVM-30** + +**SETUP-SVM-24**: identify the ``ipv6-router`` namespace and move to the namespace + +.. code-block:: bash + + sudo ip netns exec qrouter-$(neutron router-list | grep -w ipv6-router | \ + awk '{print $2}') bash + +**SETUP-SVM-25**: Upon successful execution of the above command, you will be in the router namespace. +Now let us configure the IPv6 address on the <qr-xxx> interface. + +.. code-block:: bash + + export router_interface=$(ip a s | grep -w "global qr-*" | awk '{print $7}') + ip -6 addr add 2001:db8:0:1::1 dev $router_interface + +**SETUP-SVM-26**: Update the sample file ``/opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf`` +with ``$router_interface``. + +.. code-block:: bash + + cp /opt/stack/opnfv_os_ipv6_poc/scenario2/radvd.conf /tmp/radvd.$router_interface.conf + sed -i 's/$router_interface/'$router_interface'/g' /tmp/radvd.$router_interface.conf + +**SETUP-SVM-27**: Spawn a ``radvd`` daemon to simulate an external router. This ``radvd`` daemon advertises an IPv6 +subnet prefix of ``2001:db8:0:1::/64`` using RA (Router Advertisement) on its $router_interface so that ``eth0`` +interface of ``vRouter`` automatically configures an IPv6 SLAAC address. + +.. code-block:: bash + + $radvd -C /tmp/radvd.$router_interface.conf -p /tmp/br-ex.pid.radvd -m syslog + +**SETUP-SVM-28**: Add an IPv6 downstream route pointing to the ``eth0`` interface of vRouter. + +.. code-block:: bash + + ip -6 route add 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 + +**SETUP-SVM-29**: The routing table should now look similar to something shown below. + +.. code-block:: bash + + ip -6 route show + 2001:db8:0:1::1 dev qr-42968b9e-62 proto kernel metric 256 + 2001:db8:0:1::/64 dev qr-42968b9e-62 proto kernel metric 256 expires 86384sec + 2001:db8:0:2::/64 via 2001:db8:0:1:f816:3eff:fe11:1111 dev qr-42968b9e-62 proto ra metric 1024 expires 29sec + fe80::/64 dev qg-3736e0c7-7c proto kernel metric 256 + fe80::/64 dev qr-42968b9e-62 proto kernel metric 256 + +**SETUP-SVM-30**: If all goes well, the IPv6 addresses assigned to the VMs would be as shown as follows: + +.. code-block:: bash + + # vRouter eth0 interface would have the following IPv6 address: + # 2001:db8:0:1:f816:3eff:fe11:1111/64 + # vRouter eth1 interface would have the following IPv6 address: + # 2001:db8:0:2::1/64 + # VM1 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe33:3333/64 + # VM2 would have the following IPv6 address: + # 2001:db8:0:2:f816:3eff:fe44:4444/64 + +-------------------------------- +Testing to Verify Setup Complete +-------------------------------- + +Now, let us ``SSH`` to those VMs, e.g. VM1 and / or VM2 and / or vRouter, to confirm that +it has successfully configured the IPv6 address using ``SLAAC`` with prefix +``2001:db8:0:2::/64`` from ``vRouter``. + +We use ``floatingip`` mechanism to achieve ``SSH``. + +**SETUP-SVM-31**: Now we can ``SSH`` to VMs. You can execute the following command. + +.. code-block:: bash + + # 1. Create a floatingip and associate it with VM1, VM2 and vRouter (to the port id that is passed). + # Note that the name "ext-net" may work for some installers such as Compass and Joid + # Change the name "ext-net" to match the name of external network that an installer creates + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM1 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth0-VM2 | \ + awk '{print $2}') ext-net + neutron floatingip-create --port-id $(neutron port-list | grep -w eth1-vRouter | \ + awk '{print $2}') ext-net + + # 2. To know / display the floatingip associated with VM1, VM2 and vRouter. + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM1 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth0-VM2 | awk '{print $2}') | awk '{print $2}' + neutron floatingip-list -F floating_ip_address -F port_id | grep $(neutron port-list | \ + grep -w eth1-vRouter | awk '{print $2}') | awk '{print $2}' + + # 3. To ssh to the vRouter, VM1 and VM2, user can execute the following command. + ssh -i ~/vRouterKey fedora@<floating-ip-of-vRouter> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM1> + ssh -i ~/vRouterKey cirros@<floating-ip-of-VM2> + +If everything goes well, ``ssh`` will be successful and you will be logged into those VMs. +Run some commands to verify that IPv6 addresses are configured on ``eth0`` interface. + +**SETUP-SVM-32**: Show an IPv6 address with a prefix of ``2001:db8:0:2::/64`` + +.. code-block:: bash + + ip address show + +**SETUP-SVM-33**: ping some external IPv6 address, e.g. ``ipv6-router`` + +.. code-block:: bash + + ping6 2001:db8:0:1::1 + +If the above ping6 command succeeds, it implies that ``vRouter`` was able to successfully forward the IPv6 traffic +to reach external ``ipv6-router``. + +********************************* +IPv6 Post Installation Procedures +********************************* + +Congratulations, you have completed the setup of using a service VM to act as an IPv6 vRouter. +You have validated the setup based on the instruction in previous sections. If you want to further +test your setup, you can ``ping6`` among ``VM1``, ``VM2``, ``vRouter`` and ``ipv6-router``. + +This setup allows further open innovation by any 3rd-party. For more instructions and documentations, +please refer to: + +1. IPv6 Configuration Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/setupservicevm/index.html +2. IPv6 User Guide (HTML): http://artifacts.opnfv.org/ipv6/docs/gapanalysis/index.html + +************************************** +Automated post installation activities +************************************** + +Refer to the relevant testing guides, results, and release notes of Yardstick Project. diff --git a/docs/release/installation/index.rst b/docs/release/installation/index.rst new file mode 100644 index 0000000..85777f9 --- /dev/null +++ b/docs/release/installation/index.rst @@ -0,0 +1,21 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +=================================================== +IPv6 Installation Procedure and Configuration Guide +=================================================== + +:Abstract: + +This document provides the users with: + +1. Installation Procedure to install OPNFV Danube Release on IPv6-only Infrastructure +2. Configuration Guide to set up a service VM as an IPv6 vRouter using OPNFV Danube Release + +.. toctree:: + :numbered: + :maxdepth: 4 + + ./installation.instruction.rst + ./feature.configuration.rst diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst new file mode 100644 index 0000000..f78b1c7 --- /dev/null +++ b/docs/release/installation/installation.instruction.rst @@ -0,0 +1,185 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +========================================= +Install OPNFV on IPv6-Only Infrastructure +========================================= + +This section provides instructions to install OPNFV on IPv6-only Infrastructure. All underlay networks +and API endpoints will be IPv6-only except: + +1. "admin" network in underlay/undercloud still has to be IPv4, due to lack of support of IPMI + over IPv6 or PXE over IPv6. +2. OVS VxLAN (or GRE) tunnel endpoint is still IPv4 only, although IPv6 traffic can be + encapsulated within the tunnel. +3. Metadata server is still IPv4 only. + +Except the limitations above, the use case scenario of the IPv6-only infrastructure includes: + +1. Support OPNFV deployment on an IPv6 only infrastructure. +2. Horizon/ODL-DLUX access using IPv6 address from an external host. +3. OpenStack API access using IPv6 addresses from various python-clients. +4. Ability to create Neutron Routers, IPv6 subnets (e.g. SLAAC/DHCPv6-Stateful/ + DHCPv6-Stateless) to support North-South traffic. +5. Inter VM communication (East-West routing) when VMs are spread + across two compute nodes. +6. VNC access into a VM using IPv6 addresses. + +------------------------------------------- +Install OPNFV in OpenStack-Only Environment +------------------------------------------- + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting_v6.yaml + + # Non-HA, Virtual deployment in OpenStack-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # Non-HA, Bare Metal deployment in OpenStack-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-nosdn-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting_v6.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting.yaml" for deployment in IPv4 infrastructure + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +-------------------------------------------------- +Install OPNFV in OpenStack with ODL-L2 Environment +-------------------------------------------------- + +**Apex Installer**: + +.. code-block:: bash + + # HA, Virtual deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # HA, Bare Metal deployment in OpenStack with Open Daylight L2-only environment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting_v6.yaml + + # Non-HA deployment in OpenStack with Open Daylight L2-only environment + # There is no settings file provided by default for odl_l2 non-HA deployment + # You need to copy /etc/opnfv-apex/os-odl_l2-nofeature-ha.yaml to another file + # e.g. /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml + # and change the "ha_enabled" parameter to be "false", i.e.: "ha_enabled: false", and: + + # - For Non-HA, Virtual deployment + ./opnfv-deploy -v -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -n /etc/opnfv-apex/network_setting_v6.yaml + + # - For Non-HA, Bare Metal deployment + ./opnfv-deploy -d /etc/opnfv-apex/os-odl_l2-nofeature-noha.yaml \ + -i <inventory file> -n /etc/opnfv-apex/network_setting_v6.yaml + + # Note: + # + # 1. Parameter ""-v" is mandatory for Virtual deployment + # 2. Parameter "-i <inventory file>" is mandatory for Bare Metal deployment + # 2.1 Refer to https://git.opnfv.org/cgit/apex/tree/config/inventory for examples of inventory file + # 3. You can use "-n /etc/opnfv-apex/network_setting.yaml" for deployment in IPv4 infrastructure + +Please **NOTE** that: + +* You need to refer to **installer's documentation** for other necessary + parameters applicable to your deployment. +* You need to refer to **Release Notes** and **installer's documentation** if there is + any issue in installation. + +------------------- +Testing Methodology +------------------- + +There are 2 levels of testing to validate the deployment. + +++++++++++++++++ +Underlay Testing +++++++++++++++++ + +**Underlay** Testing is to validate that API endpoints are listening on IPv6 addresses. +This can be as simple as validating Keystone service, and as complete as validating each +API endpoint. It is important to reuse Tempest API testing. + +Please **Note** that, to the best of our knowledge, Tempest API testing does not validate +API endpoints listening on IPv6 addresses. Thus Underlay Testing is postponed to future +release until Tempest API testing is ready to validate API endpoints listening on IPv6 addresses. + ++++++++++++++++ +Overlay Testing ++++++++++++++++ + +**Overlay** Testing is to validate that IPv6 is supported in tenant networks, subnets and routers. +Both Tempest API testing and Tempest Scenario testing are used in our Overlay Testing. + +Tempest API testing validates that the Neutron API supports the creation of IPv6 networks, subnets, routers, etc: + +.. code-block:: bash + + tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_network + tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_port + tempest.api.network.test_networks.BulkNetworkOpsIpV6Test.test_bulk_create_delete_subnet + tempest.api.network.test_networks.NetworksIpV6Test.test_create_update_delete_network_subnet + tempest.api.network.test_networks.NetworksIpV6Test.test_external_network_visibility + tempest.api.network.test_networks.NetworksIpV6Test.test_list_networks + tempest.api.network.test_networks.NetworksIpV6Test.test_list_subnets + tempest.api.network.test_networks.NetworksIpV6Test.test_show_network + tempest.api.network.test_networks.NetworksIpV6Test.test_show_subnet + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_create_update_delete_network_subnet + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_external_network_visibility + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_list_networks + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_list_subnets + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_show_network + tempest.api.network.test_networks.NetworksIpV6TestAttrs.test_show_subnet + tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_port_in_allowed_allocation_pools + tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_port_with_no_securitygroups + tempest.api.network.test_ports.PortsIpV6TestJSON.test_create_update_delete_port + tempest.api.network.test_ports.PortsIpV6TestJSON.test_list_ports + tempest.api.network.test_ports.PortsIpV6TestJSON.test_show_port + tempest.api.network.test_routers.RoutersIpV6Test.test_add_multiple_router_interfaces + tempest.api.network.test_routers.RoutersIpV6Test.test_add_remove_router_interface_with_port_id + tempest.api.network.test_routers.RoutersIpV6Test.test_add_remove_router_interface_with_subnet_id + tempest.api.network.test_routers.RoutersIpV6Test.test_create_show_list_update_delete_router + tempest.api.network.test_security_groups.SecGroupIPv6Test.test_create_list_update_show_delete_security_group + tempest.api.network.test_security_groups.SecGroupIPv6Test.test_create_show_delete_security_group_rule + tempest.api.network.test_security_groups.SecGroupIPv6Test.test_list_security_groups + +Tempest Scenario testing validates some specific overlay IPv6 scenarios +(i.e. use cases) as follows: + +.. code-block:: bash + + tempest.scenario.test_network_v6.TestGettingAddress.test_dhcp6_stateless_from_os + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_dhcp6_stateless_from_os + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_dhcpv6_stateless + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_multi_prefix_slaac + tempest.scenario.test_network_v6.TestGettingAddress.test_dualnet_slaac_from_os + tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_dhcpv6_stateless + tempest.scenario.test_network_v6.TestGettingAddress.test_multi_prefix_slaac + tempest.scenario.test_network_v6.TestGettingAddress.test_slaac_from_os + +The above Tempest API testing and Scenario testing are quite comprehensive to validate +overlay IPv6 tenant networks. They are part of OpenStack default Smoke Tests, +run in FuncTest and integrated into OPNFV's CI/CD environment. + diff --git a/docs/release/release-notes/index.rst b/docs/release/release-notes/index.rst new file mode 100644 index 0000000..ababc25 --- /dev/null +++ b/docs/release/release-notes/index.rst @@ -0,0 +1,12 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +================================= +OPNFV IPv6i Project Release Notes +================================= + +.. toctree:: + :maxdepth: 1 + + ./release-notes diff --git a/docs/release/release-notes/release-notes.rst b/docs/release/release-notes/release-notes.rst new file mode 100644 index 0000000..2ab15d8 --- /dev/null +++ b/docs/release/release-notes/release-notes.rst @@ -0,0 +1,239 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +================================ +OPNFV IPv6 Project Release Notes +================================ + +This document provides the release notes for Danube of IPv6 Project. + +.. contents:: + :depth: 3 + :local: + + +Version History +--------------- + ++--------------------+--------------------+--------------------+--------------------+ +| **Date** | **Ver.** | **Author** | **Comment** | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ +| 2017-02-16 | 0.1.0 | Bin Hu | First draft | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ +| | 0.1.1 | | | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ +| | 1.0 | | | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ + +Important Notes +--------------- + +<STATE IMPORTANT NOTES/DEVIATIONS SINCE PREVIOUS ITERATIVE RELEASE AND OTHER IMPORTANT NOTES FOR THIS RELEASE> + +<EXAMPLE>: + +**Attention:** Please be aware that since LSV3 a pre-deploy script must be ran on the Fuel master - +see the OPNFV@Fuel SW installation instructions + +Summary +------- + +<SUMMARIZE THE RELEASE - THE CONTENT - AND OTHER IMPORTANT HIGH LEVEL PROPERTIES> + +<EXAMPLE>: + +Arno Fuel@OPNFV is based the OpenStack Fuel upstream project version 6.0.1, +but adds OPNFV unique components such as OpenDaylight version: Helium as well as other OPNFV unique configurations...... + +Release Data +------------ +<STATE RELEVANT RELEASE DATA/RECORDS> + +<EXAMPLE>: + ++--------------------------------------+--------------------------------------+ +| **Project** | E.g. Arno/genesis/fuel@opnfv | +| | | ++--------------------------------------+--------------------------------------+ +| **Repo/commit-ID** | E.g. genesis/adf634a0d4..... | +| | | ++--------------------------------------+--------------------------------------+ +| **Release designation** | E.g. Arno RC2 | +| | | ++--------------------------------------+--------------------------------------+ +| **Release date** | E.g. 2015-04-16 | +| | | ++--------------------------------------+--------------------------------------+ +| **Purpose of the delivery** | E.g. OPNFV Internal quality assurance| +| | | ++--------------------------------------+--------------------------------------+ + +Version Change +^^^^^^^^^^^^^^ + +Module Version Changes +~~~~~~~~~~~~~~~~~~~~~~ +<STATE WHAT UPSTREAM, - AS WELL AS OPNFV MODULE VERSIONS HAVE CHANGED> + +<EXAMPLE>: + +- Fuel have changed from 5.1 to 6.0.1 + +- OpenDaylight has changed from Helium-SR1 to Helium-SR2 + +Document Version Changes +~~~~~~~~~~~~~~~~~~~~~~~~ +<STATE WHAT RELATED DOCUMENTS THAT CHANGES WITH THIS RELEASE> + +<EXAMPLE>: + +- The Fuel@OPNFV installation guide version has changed from version 0.1 to to 0.2 + +Reason for Version +^^^^^^^^^^^^^^^^^^ + +Feature Additions +~~~~~~~~~~~~~~~~~ +<STATE ADDED FEATURES BY REFERENCE TO JIRA> + +<EXAMPLE>: + +**JIRA BACK-LOG:** + ++--------------------------------------+--------------------------------------+ +| **JIRA REFERENCE** | **SLOGAN** | +| | | ++--------------------------------------+--------------------------------------+ +| BGS-123 | ADD OpenDaylight ml2 integration | +| | | ++--------------------------------------+--------------------------------------+ +| BGS-456 | Add auto-deployment of Fuel@OPNFV | +| | | ++--------------------------------------+--------------------------------------+ + +Bug Corrections +~~~~~~~~~~~~~~~ + +**JIRA TICKETS:** + ++--------------------------------------+--------------------------------------+ +| **JIRA REFERENCE** | **SLOGAN** | +| | | ++--------------------------------------+--------------------------------------+ +| BGS-888 | Fuel doesn't deploy | +| | | ++--------------------------------------+--------------------------------------+ +| BGS-999 | Floating IP doesn't work | +| | | ++--------------------------------------+--------------------------------------+ + +Deliverables +------------ + +Software Deliverables +^^^^^^^^^^^^^^^^^^^^^ + +<STATE WHAT SOFTWARE DELIVERABLES THAT ARE RELATED TO THIS VERSION, AND WHERE THOSE CAN BE RETRIEVED> + +<EXAMPLE>: + +Documentation Deliverables +^^^^^^^^^^^^^^^^^^^^^^^^^^ + +<STATE WHAT DOCUMENTATION DELIVERABLES THAT ARE RELATED TO THIS VERSION, AND WHERE THOSE CAN BE RETRIEVED> + +<EXAMPLE>: + +Known Limitations, Issues and Workarounds +----------------------------------------- + +System Limitations +^^^^^^^^^^^^^^^^^^ + +<STATE ALL RELEVANT SYSTEM LIMITATIONS> + +<EXAMPLE>: + +**Max number of blades:** 1 Fuel master, 3 Controllers, 20 Compute blades + +**Min number of blades:** 1 Fuel master, 1 Controller, 1 Compute blade + +**Storage:** Ceph is the only supported storage configuration. + +**Max number of networks:** 3800 (Needs special switch config.) + +**L3Agent:** L3 agent and floating IPs is not supported. + +Known Issues +^^^^^^^^^^^^ + +<STATE ALL KNOWN ISSUES WITH JIRA REFERENCE> + +<EXAMPLE>: + +**JIRA TICKETS:** + ++--------------------------------------+--------------------------------------+ +| **JIRA REFERENCE** | **SLOGAN** | +| | | ++--------------------------------------+--------------------------------------+ +| BGS-987 | Nova-compute process does | +| | not re-spawn when killed | +| | | ++--------------------------------------+--------------------------------------+ +| BGS-654 | MOS 5.1 : neutron net-list returns | +| | "400 Bad request" | +| | | ++--------------------------------------+--------------------------------------+ + +Workarounds +^^^^^^^^^^^ + +<STATE ALL KNOWN WORKAROUNDS TO THE ISSUES STATED ABOVE> + +<EXAMPLE>: + +- In case the contact with a compute is lost - restart the compute host +- In case the disk is full on a controller - delete all files in /tmp + +Test Result +----------- + +<STATE THE QA COVERAGE AND RESULTS> + +<EXAMPLE>: + +Fuel@OPNFV Arno RC2 has undergone QA test runs with the following results: + ++--------------------------------------+--------------------------------------+ +| **TEST-SUITE** | **Results:** | +| | | ++--------------------------------------+--------------------------------------+ +| Tempest test suite 123 | Following tests failed: | +| | | +| | 1. Image resizing.... | +| | | +| | 2. Heat deploy.... | ++--------------------------------------+--------------------------------------+ +| Robot test suite 456 | Following tests failed: | +| | | +| | 1....... | +| | | +| | 2....... | ++--------------------------------------+--------------------------------------+ + +References +---------- + +<STATE RELEVANT REFERENCES FOR THIS RELEASE/VERSION> + +<EXAMPLE>: + +For more information on the OPNFV Danube release, please see: + +http://opnfv.org/danube diff --git a/docs/release/userguide/feature.usage.rst b/docs/release/userguide/feature.usage.rst new file mode 100644 index 0000000..f6d1c30 --- /dev/null +++ b/docs/release/userguide/feature.usage.rst @@ -0,0 +1,194 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +==================================== +Using IPv6 Feature of Danube Release +==================================== + +This section provides the users with gap analysis regarding IPv6 feature requirements with +OpenStack Newton Official Release and Open Daylight Boron/Carbon Official Release. The gap analysis +serves as feature specific user guides and references when as a user you may leverage the +IPv6 feature in the platform and need to perform some IPv6 related operations. + +*************************************** +IPv6 Gap Analysis with OpenStack Newton +*************************************** + +This section provides users with IPv6 gap analysis regarding feature requirement with +OpenStack Neutron in Newton Official Release. The following table lists the use cases / feature +requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF +(VM) layer, and its gap analysis with OpenStack Neutron in Newton Official Release. + +.. table:: + :class: longtable + + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Use Case / Requirement |Supported in Newton|Notes | + +===========================================================+===================+====================================================================+ + |All topologies work in a multi-tenant environment |Yes |The IPv6 design is following the Neutron tenant networks model; | + | | |dnsmasq is being used inside DHCP network namespaces, while radvd | + | | |is being used inside Neutron routers namespaces to provide full | + | | |isolation between tenants. Tenant isolation can be based on VLANs, | + | | |GRE, or VXLAN encapsulation. In case of overlays, the transport | + | | |network (and VTEPs) must be IPv4 based as of today. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 VM to VM only |Yes |It is possible to assign IPv6-only addresses to VMs. Both switching | + | | |(within VMs on the same tenant network) as well as east/west routing| + | | |(between different networks of the same tenant) are supported. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 external L2 VLAN directly attached to a VM |Yes |IPv6 provider network model; RA messages from upstream (external) | + | | |router are forwarded into the VMs | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 subnet routed via L3 agent to an external IPv6 network| |Configuration is enhanced since Kilo to allow easier setup of the | + | |1. Yes |upstream gateway, without the user being forced to create an IPv6 | + |1. Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached | |subnet for the external network. | + | to VMs; | | | + |2. Must be able to support multiple L3 agents for a given |2. Yes | | + | external network to support scaling (neutron scheduler | | | + | to assign vRouters to the L3 agents) | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability for a NIC to support both IPv4 and IPv6 (dual | |Dual-stack is supported in Neutron with the addition of | + |stack) address. | |``Multiple IPv6 Prefixes`` Blueprint | + | | | | + |1. VM with a single interface associated with a network, |1. Yes | | + | which is then associated with two subnets. | | | + |2. VM with two different interfaces associated with two |2. Yes | | + | different networks and two different subnets. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support IPv6 Address assignment modes. |1. Yes | | + | | | | + |1. SLAAC |2. Yes | | + |2. DHCPv6 Stateless | | | + |3. DHCPv6 Stateful |3. Yes | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability to create a port on an IPv6 DHCPv6 Stateful subnet |Yes | | + |and assign a specific IPv6 address to the port and have it | | | + |taken out of the DHCP address pool. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability to create a port with fixed_ip for a |**No** |The following patch disables this operation: | + |SLAAC/DHCPv6-Stateless Subnet. | |https://review.openstack.org/#/c/129144/ | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support for private IPv6 to external IPv6 floating IP; |**Rejected** |Blueprint proposed in upstream and got rejected. General expectation| + |Ability to specify floating IPs via Neutron API (REST and | |is to avoid NAT with IPv6 by assigning GUA to tenant VMs. See | + |CLI) as well as via Horizon, including combination of | |https://review.openstack.org/#/c/139731/ for discussion. | + |IPv6/IPv4 and IPv4/IPv6 floating IPs if implemented. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Provide IPv6/IPv4 feature parity in support for |**To-Do** |The L3 configuration should be transparent for the SR-IOV | + |pass-through capabilities (e.g., SR-IOV). | |implementation. SR-IOV networking support introduced in Juno based | + | | |on the ``sriovnicswitch`` ML2 driver is expected to work with IPv4 | + | | |and IPv6 enabled VMs. We need to verify if it works or not. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Additional IPv6 extensions, for example: IPSEC, IPv6 |**No** |It does not appear to be considered yet (lack of clear requirements)| + |Anycast, Multicast | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |VM access to the meta-data server to obtain user data, SSH |**No** |This is currently not supported. Config-drive or dual-stack IPv4 / | + |keys, etc. using cloud-init with IPv6 only interfaces. | |IPv6 can be used as a workaround (so that the IPv4 network is used | + | | |to obtain connectivity with the metadata service) | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, |Yes | | + |UDP) in security groups. Ability to control and manage all | | | + |IPv6 security group capabilities via Neutron/Nova API (REST| | | + |and CLI) as well as via Horizon. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |During network/subnet/router create, there should be an |Yes |Two new Subnet attributes were introduced to control IPv6 address | + |option to allow user to specify the type of address | |assignment options: | + |management they would like. This includes all options | | | + |including those low priority if implemented (e.g., toggle | |* ``ipv6-ra-mode``: to determine who sends Router Advertisements; | + |on/off router and address prefix advertisements); It must | | | + |be supported via Neutron API (REST and CLI) as well as via | |* ``ipv6-address-mode``: to determine how VM obtains IPv6 address, | + |Horizon | | default gateway, and/or optional information. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Security groups anti-spoofing: Prevent VM from using a |Yes | | + |source IPv6/MAC address which is not assigned to the VM | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Protect tenant and provider network from rogue RAs |Yes |When using a tenant network, Neutron is going to automatically | + | | |handle the filter rules to allow connectivity of RAs to the VMs only| + | | |from the Neutron router port; with provider networks, users are | + | | |required to specify the LLA of the upstream router during the subnet| + | | |creation, or otherwise manually edit the security-groups rules to | + | | |allow incoming traffic from this specific address. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support the ability to assign multiple IPv6 addresses to |Yes | | + |an interface; both for Neutron router interfaces and VM | | | + |interfaces. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability for a VM to support a mix of multiple IPv4 and IPv6|Yes | | + |networks, including multiples of the same type. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support for IPv6 Prefix Delegation. |Yes |Partial support in Newton | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Distributed Virtual Routing (DVR) support for IPv6 |**No** |Blueprint proposed upstream, pending discussion. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 First-Hop Security, IPv6 ND spoofing |Yes | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 support in Neutron Layer3 High Availability |Yes | | + |(keepalived+VRRP). | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + +************************************************* +IPv6 Gap Analysis with Open Daylight Boron/Carbon +************************************************* + +This section provides users with IPv6 gap analysis regarding feature requirement with +Open Daylight Boron/Carbon Official Release. The following table lists the use cases / feature +requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF +(VM) layer, and its gap analysis with Open Daylight Boron/Carbon Official Release. + +**Open Daylight Boron/Carbon Status** + +There are 2 options in Open Daylight Boron/Carbon to provide Virtualized Networks: + +1 ``Old Netvirt``: netvirt implementation used in Open Daylight Beryllium Release + identified by feature ``odl-ovsdb-openstack`` + +2 ``New Netvirt``: netvirt implementation which will replace the Old Netvirt in the + future releases based on a more modular design. It is identified by feature + ``odl-netvirt-openstack`` + +.. table:: + :class: longtable + + +--------------------------------------------------+---------------------------------------------+--------------------------------------------------------------+ + |Use Case / Requirement | Supported in ODL Boron/Carbon |Notes | + | +---------------------+-----------------------+ | + | | Old Netvirt | New Netvirt | | + | |(odl-ovsdb-openstack)|(odl-netvirt-openstack)| | + +==================================================+=====================+=======================+==============================================================+ + |REST API support for IPv6 subnet creation in ODL |Yes |Yes |Yes, it is possible to create IPv6 subnets in ODL using | + | | | |Neutron REST API. | + | | | | | + | | | |For a network which has both IPv4 and IPv6 subnets, ODL | + | | | |mechanism driver will send the port information which includes| + | | | |IPv4/v6 addresses to ODL Neutron northbound API. When port | + | | | |information is queried it displays IPv4 and IPv6 addresses. | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPv6 Router support in ODL |**No** |**Partial** |IPv6 Router support is work in progress in ODL. | + | | | | | + |1. Communication between VMs on same compute node | | |Currently communication between VMs on the same network is | + |2. Communication between VMs on different compute | | |supported, and the support for the other modes is work in | + | nodes (east-west) | | |progress. | + |3. External routing (north-south) | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPAM: Support for IPv6 Address assignment modes. |**No** |Yes |ODL IPv6 Router supports all the IPv6 Address assignment modes| + | | | |along with Neutron DHCP Agent. | + |1. SLAAC | | | | + |2. DHCPv6 Stateless | | | | + |3. DHCPv6 Stateful | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |When using ODL for L2 forwarding/tunneling, it is |Yes |Yes | | + |compatible with IPv6. | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |Full support for IPv6 matching (i.e. IPv6, ICMPv6,|**Partial** |**Partial** |Security Groups for IPv6 is a work in progress, and some | + |TCP, UDP) in security groups. Ability to control | | |partial support is available. | + |and manage all IPv6 security group capabilities | | | | + |via Neutron/Nova API (REST and CLI) as well as via| | | | + |Horizon | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |Shared Networks support |Yes |Yes | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPv6 external L2 VLAN directly attached to a VM. |**ToDo** |**ToDo** | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |ODL on an IPv6 only Infrastructure. |**No** |**Work in Progress** |Deploying OpenStack with ODL on an IPv6 only infrastructure | + | | | |where the API endpoints are all IPv6 addresses. | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ diff --git a/docs/release/userguide/index.rst b/docs/release/userguide/index.rst new file mode 100644 index 0000000..f6d1c30 --- /dev/null +++ b/docs/release/userguide/index.rst @@ -0,0 +1,194 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Bin Hu (AT&T) and Sridhar Gaddam (RedHat) + +==================================== +Using IPv6 Feature of Danube Release +==================================== + +This section provides the users with gap analysis regarding IPv6 feature requirements with +OpenStack Newton Official Release and Open Daylight Boron/Carbon Official Release. The gap analysis +serves as feature specific user guides and references when as a user you may leverage the +IPv6 feature in the platform and need to perform some IPv6 related operations. + +*************************************** +IPv6 Gap Analysis with OpenStack Newton +*************************************** + +This section provides users with IPv6 gap analysis regarding feature requirement with +OpenStack Neutron in Newton Official Release. The following table lists the use cases / feature +requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF +(VM) layer, and its gap analysis with OpenStack Neutron in Newton Official Release. + +.. table:: + :class: longtable + + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Use Case / Requirement |Supported in Newton|Notes | + +===========================================================+===================+====================================================================+ + |All topologies work in a multi-tenant environment |Yes |The IPv6 design is following the Neutron tenant networks model; | + | | |dnsmasq is being used inside DHCP network namespaces, while radvd | + | | |is being used inside Neutron routers namespaces to provide full | + | | |isolation between tenants. Tenant isolation can be based on VLANs, | + | | |GRE, or VXLAN encapsulation. In case of overlays, the transport | + | | |network (and VTEPs) must be IPv4 based as of today. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 VM to VM only |Yes |It is possible to assign IPv6-only addresses to VMs. Both switching | + | | |(within VMs on the same tenant network) as well as east/west routing| + | | |(between different networks of the same tenant) are supported. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 external L2 VLAN directly attached to a VM |Yes |IPv6 provider network model; RA messages from upstream (external) | + | | |router are forwarded into the VMs | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 subnet routed via L3 agent to an external IPv6 network| |Configuration is enhanced since Kilo to allow easier setup of the | + | |1. Yes |upstream gateway, without the user being forced to create an IPv6 | + |1. Both VLAN and overlay (e.g. GRE, VXLAN) subnet attached | |subnet for the external network. | + | to VMs; | | | + |2. Must be able to support multiple L3 agents for a given |2. Yes | | + | external network to support scaling (neutron scheduler | | | + | to assign vRouters to the L3 agents) | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability for a NIC to support both IPv4 and IPv6 (dual | |Dual-stack is supported in Neutron with the addition of | + |stack) address. | |``Multiple IPv6 Prefixes`` Blueprint | + | | | | + |1. VM with a single interface associated with a network, |1. Yes | | + | which is then associated with two subnets. | | | + |2. VM with two different interfaces associated with two |2. Yes | | + | different networks and two different subnets. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support IPv6 Address assignment modes. |1. Yes | | + | | | | + |1. SLAAC |2. Yes | | + |2. DHCPv6 Stateless | | | + |3. DHCPv6 Stateful |3. Yes | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability to create a port on an IPv6 DHCPv6 Stateful subnet |Yes | | + |and assign a specific IPv6 address to the port and have it | | | + |taken out of the DHCP address pool. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability to create a port with fixed_ip for a |**No** |The following patch disables this operation: | + |SLAAC/DHCPv6-Stateless Subnet. | |https://review.openstack.org/#/c/129144/ | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support for private IPv6 to external IPv6 floating IP; |**Rejected** |Blueprint proposed in upstream and got rejected. General expectation| + |Ability to specify floating IPs via Neutron API (REST and | |is to avoid NAT with IPv6 by assigning GUA to tenant VMs. See | + |CLI) as well as via Horizon, including combination of | |https://review.openstack.org/#/c/139731/ for discussion. | + |IPv6/IPv4 and IPv4/IPv6 floating IPs if implemented. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Provide IPv6/IPv4 feature parity in support for |**To-Do** |The L3 configuration should be transparent for the SR-IOV | + |pass-through capabilities (e.g., SR-IOV). | |implementation. SR-IOV networking support introduced in Juno based | + | | |on the ``sriovnicswitch`` ML2 driver is expected to work with IPv4 | + | | |and IPv6 enabled VMs. We need to verify if it works or not. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Additional IPv6 extensions, for example: IPSEC, IPv6 |**No** |It does not appear to be considered yet (lack of clear requirements)| + |Anycast, Multicast | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |VM access to the meta-data server to obtain user data, SSH |**No** |This is currently not supported. Config-drive or dual-stack IPv4 / | + |keys, etc. using cloud-init with IPv6 only interfaces. | |IPv6 can be used as a workaround (so that the IPv4 network is used | + | | |to obtain connectivity with the metadata service) | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Full support for IPv6 matching (i.e., IPv6, ICMPv6, TCP, |Yes | | + |UDP) in security groups. Ability to control and manage all | | | + |IPv6 security group capabilities via Neutron/Nova API (REST| | | + |and CLI) as well as via Horizon. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |During network/subnet/router create, there should be an |Yes |Two new Subnet attributes were introduced to control IPv6 address | + |option to allow user to specify the type of address | |assignment options: | + |management they would like. This includes all options | | | + |including those low priority if implemented (e.g., toggle | |* ``ipv6-ra-mode``: to determine who sends Router Advertisements; | + |on/off router and address prefix advertisements); It must | | | + |be supported via Neutron API (REST and CLI) as well as via | |* ``ipv6-address-mode``: to determine how VM obtains IPv6 address, | + |Horizon | | default gateway, and/or optional information. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Security groups anti-spoofing: Prevent VM from using a |Yes | | + |source IPv6/MAC address which is not assigned to the VM | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Protect tenant and provider network from rogue RAs |Yes |When using a tenant network, Neutron is going to automatically | + | | |handle the filter rules to allow connectivity of RAs to the VMs only| + | | |from the Neutron router port; with provider networks, users are | + | | |required to specify the LLA of the upstream router during the subnet| + | | |creation, or otherwise manually edit the security-groups rules to | + | | |allow incoming traffic from this specific address. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support the ability to assign multiple IPv6 addresses to |Yes | | + |an interface; both for Neutron router interfaces and VM | | | + |interfaces. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Ability for a VM to support a mix of multiple IPv4 and IPv6|Yes | | + |networks, including multiples of the same type. | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Support for IPv6 Prefix Delegation. |Yes |Partial support in Newton | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |Distributed Virtual Routing (DVR) support for IPv6 |**No** |Blueprint proposed upstream, pending discussion. | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 First-Hop Security, IPv6 ND spoofing |Yes | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + |IPv6 support in Neutron Layer3 High Availability |Yes | | + |(keepalived+VRRP). | | | + +-----------------------------------------------------------+-------------------+--------------------------------------------------------------------+ + +************************************************* +IPv6 Gap Analysis with Open Daylight Boron/Carbon +************************************************* + +This section provides users with IPv6 gap analysis regarding feature requirement with +Open Daylight Boron/Carbon Official Release. The following table lists the use cases / feature +requirements of VIM-agnostic IPv6 functionality, including infrastructure layer and VNF +(VM) layer, and its gap analysis with Open Daylight Boron/Carbon Official Release. + +**Open Daylight Boron/Carbon Status** + +There are 2 options in Open Daylight Boron/Carbon to provide Virtualized Networks: + +1 ``Old Netvirt``: netvirt implementation used in Open Daylight Beryllium Release + identified by feature ``odl-ovsdb-openstack`` + +2 ``New Netvirt``: netvirt implementation which will replace the Old Netvirt in the + future releases based on a more modular design. It is identified by feature + ``odl-netvirt-openstack`` + +.. table:: + :class: longtable + + +--------------------------------------------------+---------------------------------------------+--------------------------------------------------------------+ + |Use Case / Requirement | Supported in ODL Boron/Carbon |Notes | + | +---------------------+-----------------------+ | + | | Old Netvirt | New Netvirt | | + | |(odl-ovsdb-openstack)|(odl-netvirt-openstack)| | + +==================================================+=====================+=======================+==============================================================+ + |REST API support for IPv6 subnet creation in ODL |Yes |Yes |Yes, it is possible to create IPv6 subnets in ODL using | + | | | |Neutron REST API. | + | | | | | + | | | |For a network which has both IPv4 and IPv6 subnets, ODL | + | | | |mechanism driver will send the port information which includes| + | | | |IPv4/v6 addresses to ODL Neutron northbound API. When port | + | | | |information is queried it displays IPv4 and IPv6 addresses. | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPv6 Router support in ODL |**No** |**Partial** |IPv6 Router support is work in progress in ODL. | + | | | | | + |1. Communication between VMs on same compute node | | |Currently communication between VMs on the same network is | + |2. Communication between VMs on different compute | | |supported, and the support for the other modes is work in | + | nodes (east-west) | | |progress. | + |3. External routing (north-south) | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPAM: Support for IPv6 Address assignment modes. |**No** |Yes |ODL IPv6 Router supports all the IPv6 Address assignment modes| + | | | |along with Neutron DHCP Agent. | + |1. SLAAC | | | | + |2. DHCPv6 Stateless | | | | + |3. DHCPv6 Stateful | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |When using ODL for L2 forwarding/tunneling, it is |Yes |Yes | | + |compatible with IPv6. | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |Full support for IPv6 matching (i.e. IPv6, ICMPv6,|**Partial** |**Partial** |Security Groups for IPv6 is a work in progress, and some | + |TCP, UDP) in security groups. Ability to control | | |partial support is available. | + |and manage all IPv6 security group capabilities | | | | + |via Neutron/Nova API (REST and CLI) as well as via| | | | + |Horizon | | | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |Shared Networks support |Yes |Yes | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |IPv6 external L2 VLAN directly attached to a VM. |**ToDo** |**ToDo** | | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ + |ODL on an IPv6 only Infrastructure. |**No** |**Work in Progress** |Deploying OpenStack with ODL on an IPv6 only infrastructure | + | | | |where the API endpoints are all IPv6 addresses. | + +--------------------------------------------------+---------------------+-----------------------+--------------------------------------------------------------+ |