Related Manuals for H3C SeerEngine-DC
Summary of Contents for H3C SeerEngine-DC
- Page 1 H3C SeerEngine-DC Controller Converged OpenStack Plug-Ins Installation Guide New H3C Technologies Co., Ltd. http://www.h3c.com Document version: 5W701-20210702...
- Page 2 The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.
- Page 3 Preface This installation guide describes the procedures for installing and removing the SeerEngine-DC OpenStack converged plug-ins. This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback. Audience This documentation is intended for: • Network planners.
-
Page 4: Table Of Contents
Installing the SeerEngine-DC Neutron plug-ins ································································································· 6 Obtaining the SeerEngine-DC Neutron plug-in installation package ························································· 6 Installing the SeerEngine-DC Neutron plug-ins on the OpenStack control node ······································· 6 Parameters and fields ································································································································ 9 Upgrading the SeerEngine-DC Neutron plug-ins ····························································································· 13 Installing the SeerEngine-DC Neutron security plug-in on OpenStack ····························································... -
Page 5: Overview
SeerEngine-DC Neutron security plug-ins are developed for the SeerEngine-DC controller based on the OpenStack framework. SeerEngine-DC Neutron security plug-ins can obtain security configuration from OpenStack through REST APIs and synchronize the configuration to the SeerEngine-DC controllers. They can obtain settings for the tenants' FW, LB, or VPN. -
Page 6: Preparing For Installation
Preparing for installation Hardware requirements Table 1 shows the hardware requirements for installing the SeerEngine-DC Neutron plug-ins on a server or virtual machine. Table 1 Hardware requirements Memory size Disk space Single-core and multicore 2 GB and above 5 GB and above... -
Page 7: Deploying Openstack By Using Kolla Ansible
Deploying OpenStack by using Kolla Ansible Before installing the plug-ins, deploy OpenStack by using Kolla Ansible first. For the OpenStack deployment procedure, see the installation guide for the specific OpenStack version on the OpenStack official website. -
Page 8: Preprovisioning Basic Seerengine-Dc Settings
Preprovisioning basic SeerEngine-DC settings This procedure preprovisions only basic SeerEngine-DC settings. For the configuration in a specific scenario, see the SeerEngine-DC configuration guide for that scenario. Table 3 Preprovisioning basic SeerEngine-DC settings Item Configuration directory Fabrics Provision > Network Design > Fabrics Tenants >... -
Page 9: Installing Openstack Plug-Ins
The SeerEngine-DC Neutron plug-ins are installed on the OpenStack control node. Setting up the basic environment Before installing SeerEngine-DC Neutron plug-ins on the OpenStack control node, set up the basic environment on the node. To set up the basic environment: Update the software source list, and then download and install the Python tools. -
Page 10: Installing The Seerengine-Dc Neutron Plug-Ins
The SeerEngine-DC Neutron plug-ins are included in the SeerEngine-DC OpenStack package. Obtain the SeerEngine-DC OpenStack package of the required version and then save the package to the target installation directory on the server or virtual machine. Alternatively, transfer the installation package to the target installation directory through a file transfer protocol such as FTP, TFTP, or SCP. - Page 11 [qos] notification_drivers = message_queue,qos_h3c IMPORTANT: The QoS feature will not operate correctly if you configure the database connection in configuration file neutron.conf as follows: [database] connection = mysql://… This is an open source bug in OpenStack. To prevent this problem, configure the database connection as follows: [database] connection = mysql+pymysql://…...
- Page 12 timeout = 1800 retry = 10 vif_type = ovs vhostuser_mode = server white_list = False use_neutron_credential = False output_json_log = False vendor_rpc_topic = VENDOR_PLUGIN hierarchical_port_binding_physicnets hierarchical_port_binding_physicnets_prefix physicnet enable_dhcp_hierarchical_port_binding = False enable_security_group = True enable_https = False neutron_plugin_ca_file = neutron_plugin_cert_file = neutron_plugin_key_file = enable_iam_auth = False enable_sdnc_rpc = False...
-
Page 13: Parameters And Fields
[root@localhost ~]# docker rmi $neutron_server_image [root@localhost ~]# docker tag kolla/neutron-server-h3c $neutron_server_image [root@localhost ~]# docker rmi kolla/neutron-server-h3c 10. Copy the neutron-server configuration to the h3c-agent directory and modify the configuration. [root@localhost ~]# cp -pR /etc/kolla/neutron-server /etc/kolla/h3c-agent [root@localhost ~]# sed -i 's/neutron-server/h3c-agent/g' /etc/kolla/h3c-agent/config.json... - Page 14 Parameter Required value Description change firewall in the value to fwaas_h3c. • FIREWALL:H3C:h3c_vcfplugin. fw.h3c_fwplugin_driver.H3CFw aasDriver:default • LOADBALANCER:H3C:h3c_vc Directory where the extension plug-ins are fplugin.lb.h3c_lbplugin_driver.H service_provider saved. 3CLbaasPluginDriver:default • VPN:H3C:h3c_vcfplugin.vpn.h 3c_vpnplugin_driver.H3CVpnPl uginDriver:default notification_drivers message_queue,qos_h3c Name of the QoS notification driver. Admin username for Keystone...
- Page 15 Neutron data from the SeerEngine-DC Neutron plug-ins. The available values are as follows: • VENDOR_PLUGIN—Default value, which means that the parameter vendor_rpc_topic does not take effect. • DP_PLUGIN—RPC topic of DPtech. The value of this parameter must be negotiated by the vendor and H3C.
- Page 16 True—Enable. t_binding • False—Disable. Only the Pike plug-in supports this parameter. Whether to deploy OpenStack security group rules to the SeerEngine-DC enable_security_group controller. The default value is False. Whether to enable HTTPS bidirectional authentication. The default value is False. •...
-
Page 17: Upgrading The Seerengine-Dc Neutron Plug-Ins
To upgrade the SeerEngine-DC Neutron plug-ins, just install the new version of the plug-ins. For information about installing the SeerEngine-DC Neutron plug-ins, see "Installing the SeerEngine-DC Neutron plug-ins."... - Page 18 To avoid damaging the installation packages, select binary mode if you are to transfer the package through FTP or TFTP. Installing the security plug-in on the OpenStack controller node Generate startup scripts for the neutron-server and h3c-sec-agent containers. [root@localhost ~]# runlike neutron_server>docker-neutron-server.sh [root@localhost ~]# cp docker-neutron-server.sh docker-h3c-sec-agent.sh [root@localhost ~]# sec –i 's/neutron-server/h3c-sec-agent/g'...
- Page 19 IMPORTANT: The service_provider parameter value for the VPN services is different between the Pike and Rocky plug-ins and the Ocata plug-ins. Be clear about the differences. c. Press Esc to quit the insert mode, and enter :wq to exit the vi editor and save the neutron.conf file.
- Page 20 # Enter the password of the neutron user in OpenStack. Copy the installation package to the neutron_server container. [root@localhost ~]# docker cp SeerEngine_DC_SEC_PLUGIN-E3603P01-py2.7.egg neutron_server:/ Install the package. [root@localhost ~]# docker exec –it –u root –name neutron_server bash [root@localhost ~]# easy_install SeerEngine_DC_SEC_PLUGIN-E3603P01-py2.7.egg [root@localhost ~]# h3c-sdnplugin controller install...
- Page 21 [root@localhost ~]# docker tag kolla/neutron-server-h3c $neutron_server_image [root@localhost ~]# docker tag kolla/neutron-server-h3c $h3c_sec_agent_image [root@localhost ~]# docker rmi kolla/neutron-server-h3c 10. Copy the configuration of neutron-server to the h3c-sec-agent directory, and edit the configuration. [root@localhost ~]# cp –pR /etc/kolla/neutron-server /etc/kolla/h3c-sec-agent [root@localhost ~]# sed –i 's/neutron-server/h3c-sec-agent/g' /etc/kolla/h3c-sec-agent/config.json...
- Page 22 This rule applies also to Lbaas and Vpnaas. To ensure that h3c-sec-agent can load the driver successfully, change the value of the driver field for [fwaas] in the /etc/kolla/neutron-server/fwaas_driver.ini directory to networking_sec_h3c.fw.h3c_fwplugin_driver.H3CFwaasDriver.
- Page 23 Parameter Description from the SeerEngine-DC controller in seconds, for example, 1800 seconds. As a best practice, set the waiting time greater than or equal to 1800 seconds. retry Number of connection request attempts, for example, 10. Whether to enable or disable the authentication-free user feature on OpenStack.
- Page 24 SeerEngine-DC Neutron security plugins and SeerEngine-DC controller to the OpenStack operating logs in JSON format. sec_output_json_log • True—Enable. • False—Disable. Whether to enable or disable Source Network Address Translation (SNAT) for load balancers on the SeerEngine-DC controller. lb_enable_snat • True—Enable. False—Disable.
- Page 25 Parameter Description RPC topic of the vendor. This parameter is required when the vendor needs to obtain Neutron data from the SeerEngine-DC Neutron plug-ins. The available values are as follows: • VENDOR_PLUGIN—Default value, which means that the vendor_rpc_topic parameter does not take effect.
- Page 26 Parameter Description Whether to enable slow shutdown when creating an LB real server. • True—Enable. lb_member_slow_shutdown • False—Disable. The default value is False. Whether to enable the multi-gateway mode for the tenant. • True—Enable the multi-gateway mode for the tenant. In an OpenStack environment without the Segments configuration, this setting enables different vRouters to access the external network over different gateways.
-
Page 27: Upgrading The Seerengine-Dc Neutron Security Plug-In
Only the Pike plug-ins support this parameter. Upgrading the SeerEngine-DC Neutron security plug-in To upgrade the SeerEngine-DC Neutron security plug-in, first remove the old version and then install the new version. For more information, see "Installing the security plug-in on the controller node."... -
Page 28: (Optional.) Configuring The Metadata Service For Network Nodes
OpenStack supports obtaining metadata from network nodes for VMs through DHCP or L3 gateway. H3C supports only the DHCP method. To configure the metadata service for network nodes: Download the OpenStack installation guide from the OpenStack official website and follow the installation guide to configure the metadata service for the network nodes. -
Page 29: Faq
The Python tools cannot be installed using the yum command when a proxy server is used for Internet access. What should I do? Configure HTTP proxy by performing the following steps: Make sure the server or the virtual machine can access the HTTP proxy server. At the CLI of the CentOS system, use the vi editor to open the yum.conf configuration file. - Page 30 If the issue persists, contact after-sales engineers.
Need help?
Do you have a question about the SeerEngine-DC and is the answer not in the manual?
Questions and answers