diff options
Diffstat (limited to 'docs/configguide/option-pure-os.rst')
-rw-r--r-- | docs/configguide/option-pure-os.rst | 236 |
1 files changed, 0 insertions, 236 deletions
diff --git a/docs/configguide/option-pure-os.rst b/docs/configguide/option-pure-os.rst deleted file mode 100644 index 46dcb6b..0000000 --- a/docs/configguide/option-pure-os.rst +++ /dev/null @@ -1,236 +0,0 @@ -====================================================================== -Set Up a Service VM as an IPv6 vRouter in Native OpenStack Environment -====================================================================== - -If you intend to set up a service VM as an IPv6 vRouter in native OpenStack environment of -OPNFV Brahmaputra Release base platform, the instructions are as follows. - -Please **NOTE** that: - -* Because the anti-spoofing rules of Security Group feature in OpenStack prevents - a VM from forwarding packets, we need to disable Security Group feature in the - native OpenStack environment. -* The hostnames, IP addresses, and username are for exemplary purpose in instructions. - Please change as needed to fit your environment. -* The instructions apply to both deployment model of single controller node and - HA (High Availability) deployment model where multiple controller nodes are used - -***************************** -Install OPNFV and Preparation -***************************** - -**OPNFV-NATIVE-INSTALL-1**: To install pure OpenStack option of OPNFV Brahmaputra Release: - -.. code-block:: bash - - deploy --scenario os_ha - -**OPNFV-NATIVE-INSTALL-2**: Clone the following GitHub repository to get the -configuration and metadata files - -.. code-block:: bash - - git clone https://github.com/sridhargaddam/opnfv_os_ipv6_poc.git /opt/stack/opnfv_os_ipv6_poc - -********************************************** -Disable Security Groups in OpenStack ML2 Setup -********************************************** - -**OPNFV-NATIVE-SEC-1**: Change the settings in -``/etc/neutron/plugins/ml2/ml2_conf.ini`` as follows - -.. code-block:: bash - - # /etc/neutron/plugins/ml2/ml2_conf.ini - [securitygroup] - enable_security_group = False - firewall_driver = neutron.agent.firewall.NoopFirewallDriver - -**OPNFV-NATIVE-SEC-2**: Change the settings in ``/etc/nova/nova.conf`` as follows - -.. code-block:: bash - - # /etc/nova/nova.conf - [DEFAULT] - security_group_api = nova - firewall_driver = nova.virt.firewall.NoopFirewallDriver - -********************************* -Set Up Service VM as IPv6 vRouter -********************************* - -**OPNFV-NATIVE-SETUP-1**: Now we assume that OpenStack multi-node setup is up and running. The following -commands should be executed: - -.. code-block:: bash - - source openrc admin demo - -**OPNFV-NATIVE-SETUP-2**: Download ``fedora22`` image which would be used for ``vRouter`` - -.. code-block:: bash - - wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Base-22-20150521.x86_64.qcow2 - -**OPNFV-NATIVE-SETUP-3**: Import Fedora22 image to ``glance`` - -.. code-block:: bash - - glance image-create --name 'Fedora22' --disk-format qcow2 --container-format bare --file ./Fedora-Cloud-Base-22-20150521.x86_64.qcow2 - -**OPNFV-NATIVE-SETUP-4**: Create Neutron routers ``ipv4-router`` and ``ipv6-router`` -which need to provide external connectivity. - -.. code-block:: bash - - neutron router-create ipv4-router - neutron router-create ipv6-router - -**OPNFV-NATIVE-SETUP-5**: Create an external network/subnet ``ext-net`` using -the appropriate values based on the data-center physical network setup. - -.. code-block:: bash - - neutron net-create --router:external ext-net - -**OPNFV-NATIVE-SETUP-6**: If your ``opnfv-os-controller`` node has two interfaces ``eth0`` and -``eth1``, and ``eth1`` is used for external connectivity, move the IP address of ``eth1`` to ``br-ex``. - -Please note that the IP address ``198.59.156.113`` and related subnet and gateway addressed in the command -below are for exemplary purpose. **Please replace them with the IP addresses of your actual network**. - -.. code-block:: bash - - sudo ip addr del 198.59.156.113/24 dev eth1 - sudo ovs-vsctl add-port br-ex eth1 - sudo ifconfig eth1 up - sudo ip addr add 198.59.156.113/24 dev br-ex - sudo ifconfig br-ex up - sudo ip route add default via 198.59.156.1 dev br-ex - neutron subnet-create --disable-dhcp --allocation-pool start=198.59.156.251,end=198.59.156.254 --gateway 198.59.156.1 ext-net 198.59.156.0/24 - -**OPNFV-NATIVE-SETUP-7**: Verify that ``br-ex`` now has the original external IP address, -and that the default route is on ``br-ex`` - -.. code-block:: bash - - $ ip a s br-ex - 38: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1430 qdisc noqueue state UNKNOWN group default - link/ether 00:50:56:82:42:d1 brd ff:ff:ff:ff:ff:ff - inet 198.59.156.113/24 brd 198.59.156.255 scope global br-ex - valid_lft forever preferred_lft forever - inet6 fe80::543e:28ff:fe70:4426/64 scope link - valid_lft forever preferred_lft forever - $ - $ ip route - default via 198.59.156.1 dev br-ex - 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.10 - 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 - 198.59.156.0/24 dev br-ex proto kernel scope link src 198.59.156.113 - -Please note that the IP addresses above are exemplary purpose. - -**OPNFV-NATIVE-SETUP-8**: Create Neutron networks ``ipv4-int-network1`` and -``ipv6-int-network2`` with port_security disabled - -.. code-block:: bash - - neutron net-create --port_security_enabled=False ipv4-int-network1 - neutron net-create --port_security_enabled=False ipv6-int-network2 - -**OPNFV-NATIVE-SETUP-9**: Create IPv4 subnet ``ipv4-int-subnet1`` in the internal network -``ipv4-int-network1``, and associate it to ``ipv4-router``. - -.. code-block:: bash - - neutron subnet-create --name ipv4-int-subnet1 --dns-nameserver 8.8.8.8 ipv4-int-network1 20.0.0.0/24 - neutron router-interface-add ipv4-router ipv4-int-subnet1 - -**OPNFV-NATIVE-SETUP-10**: Associate the ``ext-net`` to the Neutron routers ``ipv4-router`` -and ``ipv6-router``. - -.. code-block:: bash - - neutron router-gateway-set ipv4-router ext-net - neutron router-gateway-set ipv6-router ext-net - -**OPNFV-NATIVE-SETUP-11**: Create two subnets, one IPv4 subnet ``ipv4-int-subnet2`` and -one IPv6 subnet ``ipv6-int-subnet2`` in ``ipv6-int-network2``, and associate both subnets to -``ipv6-router`` - -.. code-block:: bash - - neutron subnet-create --name ipv4-int-subnet2 --dns-nameserver 8.8.8.8 ipv6-int-network2 10.0.0.0/24 - neutron subnet-create --name ipv6-int-subnet2 --ip-version 6 --ipv6-ra-mode slaac --ipv6-address-mode slaac ipv6-int-network2 2001:db8:0:1::/64 - neutron router-interface-add ipv6-router ipv4-int-subnet2 - neutron router-interface-add ipv6-router ipv6-int-subnet2 - -**OPNFV-NATIVE-SETUP-12**: Create a keypair - -.. code-block:: bash - - nova keypair-add vRouterKey > ~/vRouterKey - -**OPNFV-NATIVE-SETUP-13**: Create ports for vRouter (with some specific MAC address -- basically for automation - to know the IPv6 addresses that would be assigned to the port). - -.. code-block:: bash - - neutron port-create --name eth0-vRouter --mac-address fa:16:3e:11:11:11 ipv6-int-network2 - neutron port-create --name eth1-vRouter --mac-address fa:16:3e:22:22:22 ipv4-int-network1 - -**OPNFV-NATIVE-SETUP-14**: Create ports for VM1 and VM2. - -.. code-block:: bash - - neutron port-create --name eth0-VM1 --mac-address fa:16:3e:33:33:33 ipv4-int-network1 - neutron port-create --name eth0-VM2 --mac-address fa:16:3e:44:44:44 ipv4-int-network1 - -**OPNFV-NATIVE-SETUP-15**: Update ``ipv6-router`` with routing information to subnet -``2001:db8:0:2::/64`` - -.. code-block:: bash - - neutron router-update ipv6-router --routes type=dict list=true destination=2001:db8:0:2::/64,nexthop=2001:db8:0:1:f816:3eff:fe11:1111 - -**OPNFV-NATIVE-SETUP-16**: Boot Service VM (``vRouter``), VM1 and VM2 - -.. code-block:: bash - - nova boot --image Fedora22 --flavor m1.small --user-data /opt/stack/opnfv_os_ipv6_poc/metadata.txt --availability-zone nova:opnfv-os-compute --nic port-id=$(neutron port-list | grep -w eth0-vRouter | awk '{print $2}') --nic port-id=$(neutron port-list | grep -w eth1-vRouter | awk '{print $2}') --key-name vRouterKey vRouter - nova list - nova console-log vRouter #Please wait for some 10 to 15 minutes so that necessary packages (like radvd) are installed and vRouter is up. - nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --nic port-id=$(neutron port-list | grep -w eth0-VM1 | awk '{print $2}') --availability-zone nova:opnfv-os-controller --key-name vRouterKey --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh VM1 - nova boot --image cirros-0.3.4-x86_64-uec --flavor m1.tiny --nic port-id=$(neutron port-list | grep -w eth0-VM2 | awk '{print $2}') --availability-zone nova:opnfv-os-compute --key-name vRouterKey --user-data /opt/stack/opnfv_os_ipv6_poc/set_mtu.sh VM2 - nova list # Verify that all the VMs are in ACTIVE state. - -**OPNFV-NATIVE-SETUP-17**: If all goes well, the IPv6 addresses assigned to the VMs -would be as shown as follows: - -.. code-block:: bash - - vRouter eth0 interface would have the following IPv6 address: 2001:db8:0:1:f816:3eff:fe11:1111/64 - vRouter eth1 interface would have the following IPv6 address: 2001:db8:0:2::1/64 - VM1 would have the following IPv6 address: 2001:db8:0:2:f816:3eff:fe33:3333/64 - VM2 would have the following IPv6 address: 2001:db8:0:2:f816:3eff:fe44:4444/64 - -**OPNFV-NATIVE-SETUP-18**: Now we can ``SSH`` to ``vRouter``. - -Please **NOTE** that in case of HA (High Availability) deployment model where multiple controller -nodes are used, ``ipv6-router`` created in step **OPNFV-NATIVE-SETUP-4** could be in any of the controller -node. Thus you need to identify in which controller node ``ipv6-router`` is created in order to -enter the ``ipv6-router`` namespace. The following command in Neutron will display the -controller on which the ``ipv6-router`` is spawned. - -.. code-block:: bash - - neutron l3-agent-list-hosting-router ipv6-router - -Then you login to that controller. - -To ``SSH`` to ``vRouter``, you can execute the following command. - -.. code-block:: bash - - sudo ip netns exec qrouter-$(neutron router-list | grep -w ipv6-router | awk '{print $2}') ssh -i ~/vRouterKey fedora@2001:db8:0:1:f816:3eff:fe11:1111 - |