...
Code Block |
---|
set "$@" --remote=ptcp:6640 |
Now you should be able to see port "6640" is in listening state.
...
Code Block | ||
---|---|---|
| ||
$ git clone https://github.com/openstack/networking-onos.git $ pip install ./networking-onos |
...
Note |
---|
If you found any run time problem in Neutron server and networking-onos module, please refer to networking-onos install guides per each OpenStack version. |
2. Edit ml2_conf_onos.ini uner networking-onos/etc/neutron/plugins/ml2 for ONOS endpoint and credential. You may want to copy the config file under /etc/neutron/plugins/ml2/ where other Neutron configuration files are.
...
Note |
---|
URL path is changed from "onos/openstackswitching" to "onos/openstacknetworking" since 1.8.0. |
...
3. Next step is installing and running OpenStack services. For DevStack users, use the following sample DevStack local.conf to build OpenStack controller node. Make sure your DevStack branch is consistent with the OpenStack branch, "stable/mitaka" for example.
...
Code Block | ||
---|---|---|
| ||
[[local|localrc]] HOST_IP=10.134.231.28 SERVICE_HOST=10.134.231.28 RABBIT_HOST=10.134.231.28 DATABASE_HOST=10.134.231.28 Q_HOST=10.134.231.28 ADMIN_PASSWORD=nova DATABASE_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD SERVICE_TOKEN=$ADMIN_PASSWORD DATABASE_TYPE=mysql # Log SCREEN_LOGDIR=/opt/stack/logs/screen # Images FORCE_CONFIG_DRIVE=True # Networks Q_ML2_TENANT_NETWORK_TYPE=vxlan Q_ML2_PLUGIN_MECHANISM_DRIVERS=onos_ml2 Q_PLUGIN_EXTRA_CONF_PATH=/opt/stack/networking-onos/etc/neutron/plugins/ml2 Q_PLUGIN_EXTRA_CONF_FILES=(ml2_conf_onos.ini) ML2_L3_PLUGIN=onos_router NEUTRON_CREATE_INITIAL_NETWORKS=False # Services enable_service q-svc disable_service n-net disable_service n-cpu disable_service tempest disable_service c-sch disable_service c-api disable_service c-vol # Branches GLANCE_BRANCH=stable/mitaka HORIZON_BRANCH=stable/mitaka KEYSTONE_BRANCH=stable/mitaka NEUTRON_BRANCH=stable/mitaka NOVA_BRANCH=stable/mitaka |
If you use other deployment tool or build OpenStack manually, refer to the following Nova and Neutron configurations.
...
Code Block | ||
---|---|---|
| ||
[DEFAULT] force_config_drive = True network_api_class = nova.network.neutronv2.api.API security_group_api = neutron [neutron] url = http://10.134.231.28:9696 auth_strategy = keystone admin_auth_url = http://10.134.231.28:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = [admin passwd] |
Don't forget to set ml2_conf_onos.ini when you start Neutron service.
...
Note |
---|
If your compute node is a VM, try http://docs.openstack.org/developer/devstack/guides/devstack-with-nested-kvm.html this first or set |
...
For manual set up, set Neutron as a network API in the Nova configuration.
...
Code Block |
---|
onos$ buck build onos onos$ cp ~/network-cfg.json ~/onos/tools/package/config/ onos$ onos-package onos$ stc setup onos$ onos-buck-publish-local onos$ onos-buck publish --to-local-repo //protocols/ovsdb/api:onos-protocols-ovsdb-api onos$ onos-buck publish --to-local-repo //protocols/ovsdb/rfc:onos-protocols-ovsdb-rfc onos$ onos-buck publish --to-local-repo //apps/openstacknode/api:onos-apps-openstacknode-api onos$ cd apps/openstacknetworking; mci; onos$ onos-app $OC1 reinstall! target/onos-app-openstacknetworking-1.10.0-SNAPSHOT.oar |
2. Check all applications are activated successfully.
Code Block |
---|
onos> apps -a -s * 9 org.onosproject.ovsdb-base 1.10.0.SNAPSHOT OVSDB Provider * 13 org.onosproject.optical-model 1.10.0.SNAPSHOT Optical information model * 20 org.onosproject.drivers 1.10.0.SNAPSHOT Default device drivers * 39 org.onosproject.drivers.ovsdb 1.10.0.SNAPSHOT OVSDB Device Drivers * 47 org.onosproject.openflow-base 1.10.0.SNAPSHOT OpenFlow Provider * 56 org.onosproject.openstacknode 1.10.0.SNAPSHOT OpenStack Node Bootstrap App * 57 org.onosproject.openstacknetworking 1.10.0.SNAPSHOT OpenStack Networking App |
...
3. Check all nodes are registered and all COMPUTE type node's states are COMPLETE with openstack-nodes command. Use openstack-node-check command for more detailed states if the state is INCOMPLETE. If you want to reinitialize only a particular compute node, use openstack-node-init command with hostname. For GATEWAY type node, leave it in DEVICE_CREATED state. You'll need additional configurations explained later for gateway nodes.
...
Code Block | ||
---|---|---|
| ||
$ wget -qO- https://get.docker.com/ | sudo sh $ sudo apt-get install python-pip -y $ sudo pip install oslo.config $ sudo pip install ipaddress |
...
2. Download sona-setup scripts as well.
Code Block | ||
---|---|---|
| ||
$ git clone https://github.com/sonaproject/sona-setup.git $ cd sona-setup |
...
3. Write vRouterConfig.ini and place it under sona-setup directory.
...
- line 2, routerBridge: Router bridge device ID configured in the network configuration. It should be unique across the system.
- line 3, floatingCidr: Floating IP address ranges. It can be comma separated list.
- line 4, localPeerMac: Local MAC address used for peering. It should be unique across the system.
- line 5, localPeerIp: Local IP address used for peering. It should be unique across the system.
- line 6, vRouterName: Hostname to be configured in Quagga.
- line 7, bgpNeighborIp: Remote peer's IP address.
- line 8, localAsNum: Local AS number.
- line 9, remoteAsNum: Remote peer's AS number.
- line 10, uplinkPortNum: Port number of uplink interface on br-router bridge.
...
4. Run createJsonAndvRouter.sh. It will create configurations for vRouter, vrouter.json, and then brings up ONOS container with vRouter application activated.
Code Block |
---|
sona-setup$ ./createJsonAndvRouter.sh sona-setup$ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e5ac67e62bbb onosproject/onos:1.6 "./bin/onos-service" 9 days ago Up 9 days 6653/tcp, 8101/tcp, 8181/tcp, 9876/tcp onos-vrouter |
5. Next, run createQuagga.sh. It will create Quagga configurations, zebra.conf and bgpd.conf with floating IP ranges, and then brings up Quagga container. It also re-generates vrouter.json with Quagga container's port number and restart ONOS container.
...
Code Block | ||
---|---|---|
| ||
! hostname router-01 password zebra ! |
If you check the result of ovs-ofctl show
, there should be a new port named quagga-router
on br-router
bridge.
Code Block | ||
---|---|---|
| ||
sona-setup$ sudo ovs-ofctl show br-routerOFPT_FEATURES_REPLY (xid=0x2): dpid:00000000000000b1 n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst 1(patch-rout): addr:1a:46:69:5a:8e:f6 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max 2(quagga): addr:7a:9b:05:57:2c:ff config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 3(quagga-router): addr:c6:f5:68:d6:ff:56 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max LOCAL(br-router): addr:1a:13:72:57:4a:4d config: PORT_DOWN state: LINK_DOWN speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 |
7. Now, check hosts, fpm-connections, next-hops, and routes from ONOS-vRouter. You should be able to see default route (0.0.0.0/0) with next hop of the external router.
...
Code Block | ||
---|---|---|
| ||
[DEFAULT] routerBridge = "of:00000000000000b2" floatingCidr = "172.27.0.0/24" floatingGateway = "172.27.0.1" localPeerMac = "fe:00:00:00:00:03" localPeerIp = "172.18.0.250/30" vRouterName = "gateway-02" bgpNeighborIp = "172.18.0.249/30" localAsNum = 65101 remoteAsNum = 65100 uplinkPortNum = "3" |
...
You'll have to enable multipath in your external router as well.
...
Basically, ONOS itself provides HA by default when there are multiple instances in the cluster. This section describes how to add a proxy server beyond the ONOS cluster, and make use of it in Neutron as a single access point of the cluster. For the proxy server, we used the HA proxy server (http://www.haproxy.org) here.
1. Install HA proxy.
Code Block | ||
---|---|---|
| ||
$ sudo add-apt-repository -y ppa:vbernat/haproxy-1.5 $ sudo add-apt-repository -y ppa:vbernat/haproxy-1.5 $ sudo apt-get update $ sudo apt-get install -y haproxy |
...
2. Configure HA proxy.
Code Block | ||
---|---|---|
| ||
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend localnodes bind *:8181 mode http default_backend nodes backend nodes mode http balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk GET /onos/ui/login.html server web01 [onos-01 IP address]:8181 check server web02 [onos-02 IP address]:8181 check server web03 [onos-03 IP address]:8181 check listen stats *:1936 stats enable stats uri / stats hide-version stats auth someuser:password |
...
3. Set url_path to point to the proxy server in Neutron ML2 ONOS mechanism driver configuration and restart Neutron.
Code Block | ||
---|---|---|
| ||
# Configuration options for ONOS ML2 Mechanism driver [onos] # (StrOpt) ONOS ReST interface URL. This is a mandatory field. url_path = http://[proxy-server IP]:8181/onos/openstackswitching # (StrOpt) Username for authentication. This is a mandatory field. username = onos # (StrOpt) Password for authentication. This is a mandatory field. password = rocks |
...
4. Stop one of the ONOS instance and check everything works fine.
...