summaryrefslogtreecommitdiffstats
path: root/charms/trusty/neutron-contrail/README.md
blob: 625730412a61efcaac4c40b9a1774f23bbeff186 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
Overview
--------

OpenContrail (www.opencontrail.org) is a fully featured Software Defined
Networking (SDN) solution for private clouds. It supports high performance
isolated tenant networks without requiring external hardware support. It
provides a Neutron plugin to integrate with OpenStack.

This charm is designed to be used in conjunction with the rest of the OpenStack
related charms in the charm store to virtualize the network that Nova Compute
instances plug into.

This subordinate charm provides the Nova Compute vRouter component which
contains the contrail-vrouter-agent service.
Only OpenStack Icehouse or newer is supported.
Juju 1.23.2+ required.

Usage
-----

Nova Compute, Contrail Configuration and Keystone are prerequisite services to
deploy.

Nova Compute should be deployed with legacy plugin management set to false:

    nova-compute:
      manage-neutron-plugin-legacy-mode: false

Once ready, deploy and relate as follows:

    juju deploy neutron-contrail
    juju add-relation nova-compute neutron-contrail
    juju add-relation neutron-contrail:contrail-discovery contrail-configuration:contrail-discovery
    juju add-relation neutron-contrail:contrail-api contrail-configuration:contrail-api
    juju add-relation neutron-contrail keystone

Install Sources
---------------

The version of OpenContrail installed when deploying can be changed using the
'install-sources' option. This is a multilined value that may refer to PPAs or
Deb repositories.

Control Node Relation
---------------------

This charm is typically related to contrail-configuration:contrail-discovery.
This instructs the Contrail vRouter agent to use the discovery service for
locating control nodes. This is the recommended approach.

Should the user wish to use vRouter configuration that specifies the location
of control nodes explicitly, not using the discovery service, they can relate
to a contrail-control charm:

    juju add-relation neutron-contrail contrail-control

Nova Metadata
-------------

To use Nova Metadata with Nova Compute instances, a metadata service must first
be registered. Registration allows OpenContrail to create the appropriate
network config to proxy requests from instances to a nova-api service on the
network.

Option 'local-metadata-server' controls if a local nova-api-metadata service is
started (per Compute Node) and registered to serve metadata requests. It is
the recommended approach for serving metadata to instances and is enabled by
default.

Alternatively, relating to a charm implementing neutron-metadata interface will
use this external metadata service:

    juju add-relation neutron-contrail neutron-metadata-charm

contrail-configuration charm also needs to be related to the same charm to
register the metadata service:

    juju add-relation contrail-configuration neutron-metadata-charm

Virtual Gateways
----------------

For launched instances to be able to access external networks e.g. the Internet
a gateway is required that allows virtual network traffic to traverse an IP
network.

For production setups, this is typically a hardware gateway. For testing
purposes OpenContrail provides a software gateway (Simple Gateway) that runs on
Compute Node(s) and provides this function.

Option 'virtual-gateways' allows specifying of one or more software gateways.
The value is a YAML encoded string using a list of maps, where each map
consists of the following attributes:

    project - project name
    network - network name
    interface - interface to use (will be created)
    subnets - list of virtual subnets to route
    routes - list of routes gateway will make available to virtual subnets,
             0.0.0.0/0 selects all routes

For example to create a gateway for virtual subnet 10.0.10.0/24 on
'admin:public' network using local interface vgw for routing:

    juju set neutron-contrail \
      "virtual-gateways=[ { project: admin, network: public, interface: vgw, subnets: [ 10.0.10.0/24 ], routes: [ 0.0.0.0/0 ] } ]"

Previously specified gateways will be removed.

The routing of external IP networks needs to be updated if virtual network
traffic will traverse it. Traffic flow from the IP network should be directed to
one of the Compute Nodes.

For example a static route could be added to the router of the Compute Node
network:

    // assuming it's a linux box
    sudo ip route add 10.0.10.0/24 via <compute ip>

The virtual-gateways option can be used with 'floating-ip-pools' option of the
contrail-configuration charm to create a typical Neutron setup of launched
instances attached to a private network, each with an assigned public/external
floating IP.

Using the running example above, you would use Neutron to create an external
network with subnet 10.0.10.0/24 and a private network of 10.0.5.0/24. You would
set the virtual-gateways option (as above) and the floating-ip-pools option.
You would attach launched instances to the private network and then assign them
floating IPs from the external network. vRouter will automatically perform 1:1
NAT of an external address to a private one. (Note: security groups may still
need to be updated to allow traffic flow).