Neutron (the project formerly known as Quantum) – Network
Couch To OpenStack
- Deploy an additional node
- Modify resource allocations as needed
- … Let’s take a look:
Vagrantfile Review
- BEFORE you vagrant up:
- Make sure you have at least 8 GB RAM available just for
the VMs
- You can decrease RAM required by modifying the
Vagrantfile
- git clone https://github.com/bunchc/Couch_to_OpenStack.git
- cd Couch_to_OpenStack
- vagrant up
Build Time!
- Subscribe & Recordings: http://bit.ly/BrownbagPodcast
- Sign up for the rest of the series:
http://openstack.prov12n.com/about-couch-to-openstack/
Some Logistics
On Twitter: #vBrownBag
Also: @VMTrooper, @Jfrappier, @seanmwinn
Join the conversation
- New Edition: http://www.packtpub.com/openstack-cloud-
computing-cookbook-second-edition/book
- Old Edition: http://amzn.to/12eI6rX
Buy the Book
7/2/2013 – Intro to OpenStack
7/9/2013 – Vagrant Primer
7/16/2013 – Identity services (Keystone)
7/23/2013 – Image services (Glance)
7/30/2013 – Compute Services (Nova)
8/6/2013 – Block Storage / Volume Services (Cinder)
8/13/2013 – Networking Services (Neutron fka Quantum) << We Are Here
8/20/2013 – C2OS Office Hours (Review, catch-up, Q&A)
8/27/2013 – VMworld US Break
9/3/2013 – Monitoring & Troubleshooting
9/10/2013 – HA OpenStack
9/17/2013 – DevOps Deployments
Note: Dates are subject to change depending on how far we get in each lesson.
The Rest of the Series
Use the automated Cinder Install and manually install
Quantum
Remember we have a G+ Support group here:
http://bit.ly/C2OSGooglePlus
Homework Review
- Creates the Controller, Compute, Cinder and Quantum
Nodes
- Sets variables required for Quantum deployment
- Creates a Quantum Service and Endpoint in Keystone
- Updates MySQL
- Creates a Quantum DB
- Assigns the Quantum User to the DB
- Installs Quantum
- Configures Quantum settings
Build – What’s it doing?
- Networking Services for Cloud Instances
- Replaces nova-network
- Advanced capabilities such as plugins for managing
network vendor gear and software, load balancing, API
for applications to interact with and respond to network
management
Neutron Intro
Cinder Architecture
Neutron Components
Component Purpose
neutron-server Allow API access for users and other OpenStack services
neutron-*-plugin-
agent
Allow Neutron to dictate network policy to Open
vSwitch
neutron-l3-agent Provide L3 Services to the OpenStack Instances
neutron-dhcp-agent Provide DHCP addressing to the Instances
ovs-vswitchd* Open vSwitch – provide networking for the Instances
Neutron Architecture
- http://docs.openstack.org/grizzly/openstack-
network/admin/content/nova_with_quantum.html
- http://docs.openstack.org/trunk/openstack-
network/admin/content/Architecture.html
Concepts – Reference
- vagrant ssh controller
- sudo su -
- cat .stackrc
- export OS_TENANT_NAME=cookbook
- export OS_USERNAME=admin
- export OS_PASSWORD=openstack
- export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/
- source /vagrant/.stackrc
Using Quantum!
- keystone service-list
+----------------------------------+----------+----------+----------------------------+
| id | name | type | description |
+----------------------------------+----------+----------+----------------------------+
| 685e7a8f4d564565ae9b92aa3acefb11 | ec2 | ec2 | EC2 Service |
| d6389fe30e2e47e38894a7704654c8af | glance | image | OpenStack Image Service |
| e100b742241e4b449426c37310f8dac1 | keystone | identity | OpenStack Identity Service |
| e8d68889d06b4dacb3029b4127b64ff8 | network | network | Quantum Network Service |
| bde08cc22a714a45acadc5f55c469941 | nova | compute | OpenStack Compute Service |
| baabd87fc7f2443388502fed5c02192d | volume | volume | Volume Service |
+----------------------------------+----------+----------+----------------------------+
- keystone service-get <UUID>
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Quantum Network Service |
| id | e8d68889d06b4dacb3029b4127b64ff8 |
| name | network |
| type | network |
+-------------+----------------------------------+
Verify Quantum Service
- quantum agent-list
+--------------------------------------+--------------------+--------------+-------+----------------+
| id | agent_type | host | alive | admin_state_up |
+--------------------------------------+--------------------+--------------+-------+----------------+
| 3f83ef61-dc16-48aa-ab88-1d94ab31be64 | L3 agent | quantum.book | :-) | True |
| 9020fe03-ccaf-4450-a734-d01131e3bf38 | Open vSwitch agent | compute.book | :-) | True |
| 9b253d53-ae65-4037-b59d-2f731cfdc221 | Open vSwitch agent | quantum.book | :-) | True |
| de9f06b0-58af-403f-a6bf-99f3d4f3e315 | DHCP agent | quantum.book | :-) | True |
+--------------------------------------+--------------------+--------------+-------+----------------+
Verify Quantum Components
- Public Network to access OpenStack Compute instances:
quantum net-create public-net --router:external=True
quantum subnet-create --name public-subnet public-net 192.168.80.32/27
- Private Network for internal communication:
quantum net-create private-net
quantum subnet-create --name private-subnet private-net 10.10.80.32/27
# store the private network’s UUID for future use
quantum net-show private-net
PRIVATE_NET_UUID=<private_net_id>
- Create a Router to allow external access:
quantum router-create router1
quantum router-gateway-set router1 public-net
quantum router-interface-add router1 private-subnet
- Create Access Rules (enable ssh and ICMP):
quantum security-group-create ssh
quantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol tcp --port-
range-min 22 --port-range-max 22 ssh
quantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol icmp ssh
Configure Quantum Networks
- Create a certificate file for communication with your VM
nova keypair-add demo > demo.pem
chmod 0600 *.pem
- Verify your images
nova image-list OR glance image-list
+--------------------------------------+----------------------------+-------------+-----------+
| ID | Name | Disk Format | Size |
+--------------------------------------+----------------------------+-------------+-----------+
| bc670eb3-67dc-42f3-82b2-91e96f5eca52 | Cirros 0.3 | qcow2 | 9761280 |
| 90c17ca9-6447-4d45-b862-86366881c13a | Ubuntu 12.04 x86_64 Server | qcow2 | 252641280 |
+--------------------------------------+----------------------------+-------------+-----------+
- Boot a new instance of an image
nova boot --image <uuid> --flavor 2 --nic net-id=$PRIVATE_NET_UUID --key_name demo --
security_groups ssh myInstance
Create a Nova Instance
- Let’s get the port ID of the Instance NIC and store it in a variable
quantum port-list -c id -c fixed_ips -c device_owner
+---------+-----------------------------------------------------+--------------------------+
| id | fixed_ips | device_owner |
+---------+-----------------------------------------------------+--------------------------+
| 30...c3 | {"subnet_id": "...", "ip_address": "10.10.80.35"} | network:dhcp |
| 6c...a7 | {"subnet_id": "...", "ip_address": "10.10.80.34"} | compute:None |
| 7d...51 | {"subnet_id": "...", "ip_address": "10.10.80.33"} | network:router_interface |
| 8c...21 | {"subnet_id": "...", "ip_address": "192.168.80.34"} | network:router_gateway |
+---------+-----------------------------------------------------+--------------------------+
INSTANCUUID=6c4d5102-d72a-4bb0-ad30-934e4830baa7
- Attach the external network to your Instance NIC
quantum floatingip-create --port-id $INSTANCEUUID public-net
Created a new floatingip:
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| fixed_ip_address | 10.10.80.34 |
| floating_ip_address | 192.168.80.35 | <--- External IP to use for ssh access
| floating_network_id | 20b71d30-0610-470c-a15d-063c85146aea |
| id | 05887958-1e21-4e96-931c-0217ecdd1618 |
| port_id | 6c4d5102-d72a-4bb0-ad30-934e4830baa7 |
| router_id | 53d2821d-a868-4707-98e5-27c51038f89d |
| tenant_id | 5870b183cef346249511993a96f4e38e |
+---------------------+--------------------------------------+
Enable External Access
Thanks Sean Winn for helping out with the Neutron Session tonight. I look forward to him
coming back for a session of his own on a future podcast.
Thank you Dan Wendlandt and your team at VMware for the great workflow that I used in the
Neutron lab. Viewers can see the VMware Team’s OpenStack Summit session on the OpenStack
Foundation YouTube Channel: http://www.youtube.com/watch?v=_pLPtGiGh9M
Acknowledgements
For next week’s session, we will be having C2OS Office Hours. This will allow us to review
what we have accomplished up until this point
1. If you have not had a chance to try out the test environments, now is the perfect time to
do so.
2. If you are already caught up with what we’ve done so far, try extending your environment
add another node to the deployment:
1. Additional Nova nodes
2. Additional Cinder nodes
1. Post ideas, questions, comments on the Google Plus Community: http://bit.ly/C2OSGooglePlus
Homework!

Couch to OpenStack: Neutron (Quantum) - August 13, 2013 Featuring Sean Winn

  • 1.
    Neutron (the projectformerly known as Quantum) – Network Couch To OpenStack
  • 2.
    - Deploy anadditional node - Modify resource allocations as needed - … Let’s take a look: Vagrantfile Review
  • 3.
    - BEFORE youvagrant up: - Make sure you have at least 8 GB RAM available just for the VMs - You can decrease RAM required by modifying the Vagrantfile - git clone https://github.com/bunchc/Couch_to_OpenStack.git - cd Couch_to_OpenStack - vagrant up Build Time!
  • 4.
    - Subscribe &Recordings: http://bit.ly/BrownbagPodcast - Sign up for the rest of the series: http://openstack.prov12n.com/about-couch-to-openstack/ Some Logistics
  • 5.
    On Twitter: #vBrownBag Also:@VMTrooper, @Jfrappier, @seanmwinn Join the conversation
  • 6.
    - New Edition:http://www.packtpub.com/openstack-cloud- computing-cookbook-second-edition/book - Old Edition: http://amzn.to/12eI6rX Buy the Book
  • 7.
    7/2/2013 – Introto OpenStack 7/9/2013 – Vagrant Primer 7/16/2013 – Identity services (Keystone) 7/23/2013 – Image services (Glance) 7/30/2013 – Compute Services (Nova) 8/6/2013 – Block Storage / Volume Services (Cinder) 8/13/2013 – Networking Services (Neutron fka Quantum) << We Are Here 8/20/2013 – C2OS Office Hours (Review, catch-up, Q&A) 8/27/2013 – VMworld US Break 9/3/2013 – Monitoring & Troubleshooting 9/10/2013 – HA OpenStack 9/17/2013 – DevOps Deployments Note: Dates are subject to change depending on how far we get in each lesson. The Rest of the Series
  • 8.
    Use the automatedCinder Install and manually install Quantum Remember we have a G+ Support group here: http://bit.ly/C2OSGooglePlus Homework Review
  • 9.
    - Creates theController, Compute, Cinder and Quantum Nodes - Sets variables required for Quantum deployment - Creates a Quantum Service and Endpoint in Keystone - Updates MySQL - Creates a Quantum DB - Assigns the Quantum User to the DB - Installs Quantum - Configures Quantum settings Build – What’s it doing?
  • 10.
    - Networking Servicesfor Cloud Instances - Replaces nova-network - Advanced capabilities such as plugins for managing network vendor gear and software, load balancing, API for applications to interact with and respond to network management Neutron Intro
  • 11.
  • 12.
    Neutron Components Component Purpose neutron-serverAllow API access for users and other OpenStack services neutron-*-plugin- agent Allow Neutron to dictate network policy to Open vSwitch neutron-l3-agent Provide L3 Services to the OpenStack Instances neutron-dhcp-agent Provide DHCP addressing to the Instances ovs-vswitchd* Open vSwitch – provide networking for the Instances
  • 13.
  • 14.
  • 15.
    - vagrant sshcontroller - sudo su - - cat .stackrc - export OS_TENANT_NAME=cookbook - export OS_USERNAME=admin - export OS_PASSWORD=openstack - export OS_AUTH_URL=http://${MY_IP}:5000/v2.0/ - source /vagrant/.stackrc Using Quantum!
  • 16.
    - keystone service-list +----------------------------------+----------+----------+----------------------------+ |id | name | type | description | +----------------------------------+----------+----------+----------------------------+ | 685e7a8f4d564565ae9b92aa3acefb11 | ec2 | ec2 | EC2 Service | | d6389fe30e2e47e38894a7704654c8af | glance | image | OpenStack Image Service | | e100b742241e4b449426c37310f8dac1 | keystone | identity | OpenStack Identity Service | | e8d68889d06b4dacb3029b4127b64ff8 | network | network | Quantum Network Service | | bde08cc22a714a45acadc5f55c469941 | nova | compute | OpenStack Compute Service | | baabd87fc7f2443388502fed5c02192d | volume | volume | Volume Service | +----------------------------------+----------+----------+----------------------------+ - keystone service-get <UUID> +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | Quantum Network Service | | id | e8d68889d06b4dacb3029b4127b64ff8 | | name | network | | type | network | +-------------+----------------------------------+ Verify Quantum Service
  • 17.
    - quantum agent-list +--------------------------------------+--------------------+--------------+-------+----------------+ |id | agent_type | host | alive | admin_state_up | +--------------------------------------+--------------------+--------------+-------+----------------+ | 3f83ef61-dc16-48aa-ab88-1d94ab31be64 | L3 agent | quantum.book | :-) | True | | 9020fe03-ccaf-4450-a734-d01131e3bf38 | Open vSwitch agent | compute.book | :-) | True | | 9b253d53-ae65-4037-b59d-2f731cfdc221 | Open vSwitch agent | quantum.book | :-) | True | | de9f06b0-58af-403f-a6bf-99f3d4f3e315 | DHCP agent | quantum.book | :-) | True | +--------------------------------------+--------------------+--------------+-------+----------------+ Verify Quantum Components
  • 18.
    - Public Networkto access OpenStack Compute instances: quantum net-create public-net --router:external=True quantum subnet-create --name public-subnet public-net 192.168.80.32/27 - Private Network for internal communication: quantum net-create private-net quantum subnet-create --name private-subnet private-net 10.10.80.32/27 # store the private network’s UUID for future use quantum net-show private-net PRIVATE_NET_UUID=<private_net_id> - Create a Router to allow external access: quantum router-create router1 quantum router-gateway-set router1 public-net quantum router-interface-add router1 private-subnet - Create Access Rules (enable ssh and ICMP): quantum security-group-create ssh quantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol tcp --port- range-min 22 --port-range-max 22 ssh quantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol icmp ssh Configure Quantum Networks
  • 19.
    - Create acertificate file for communication with your VM nova keypair-add demo > demo.pem chmod 0600 *.pem - Verify your images nova image-list OR glance image-list +--------------------------------------+----------------------------+-------------+-----------+ | ID | Name | Disk Format | Size | +--------------------------------------+----------------------------+-------------+-----------+ | bc670eb3-67dc-42f3-82b2-91e96f5eca52 | Cirros 0.3 | qcow2 | 9761280 | | 90c17ca9-6447-4d45-b862-86366881c13a | Ubuntu 12.04 x86_64 Server | qcow2 | 252641280 | +--------------------------------------+----------------------------+-------------+-----------+ - Boot a new instance of an image nova boot --image <uuid> --flavor 2 --nic net-id=$PRIVATE_NET_UUID --key_name demo -- security_groups ssh myInstance Create a Nova Instance
  • 20.
    - Let’s getthe port ID of the Instance NIC and store it in a variable quantum port-list -c id -c fixed_ips -c device_owner +---------+-----------------------------------------------------+--------------------------+ | id | fixed_ips | device_owner | +---------+-----------------------------------------------------+--------------------------+ | 30...c3 | {"subnet_id": "...", "ip_address": "10.10.80.35"} | network:dhcp | | 6c...a7 | {"subnet_id": "...", "ip_address": "10.10.80.34"} | compute:None | | 7d...51 | {"subnet_id": "...", "ip_address": "10.10.80.33"} | network:router_interface | | 8c...21 | {"subnet_id": "...", "ip_address": "192.168.80.34"} | network:router_gateway | +---------+-----------------------------------------------------+--------------------------+ INSTANCUUID=6c4d5102-d72a-4bb0-ad30-934e4830baa7 - Attach the external network to your Instance NIC quantum floatingip-create --port-id $INSTANCEUUID public-net Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | 10.10.80.34 | | floating_ip_address | 192.168.80.35 | <--- External IP to use for ssh access | floating_network_id | 20b71d30-0610-470c-a15d-063c85146aea | | id | 05887958-1e21-4e96-931c-0217ecdd1618 | | port_id | 6c4d5102-d72a-4bb0-ad30-934e4830baa7 | | router_id | 53d2821d-a868-4707-98e5-27c51038f89d | | tenant_id | 5870b183cef346249511993a96f4e38e | +---------------------+--------------------------------------+ Enable External Access
  • 21.
    Thanks Sean Winnfor helping out with the Neutron Session tonight. I look forward to him coming back for a session of his own on a future podcast. Thank you Dan Wendlandt and your team at VMware for the great workflow that I used in the Neutron lab. Viewers can see the VMware Team’s OpenStack Summit session on the OpenStack Foundation YouTube Channel: http://www.youtube.com/watch?v=_pLPtGiGh9M Acknowledgements
  • 22.
    For next week’ssession, we will be having C2OS Office Hours. This will allow us to review what we have accomplished up until this point 1. If you have not had a chance to try out the test environments, now is the perfect time to do so. 2. If you are already caught up with what we’ve done so far, try extending your environment add another node to the deployment: 1. Additional Nova nodes 2. Additional Cinder nodes 1. Post ideas, questions, comments on the Google Plus Community: http://bit.ly/C2OSGooglePlus Homework!

Editor's Notes

  • #19 If you see the following after deploying your Instance:root@compute:~# ps -ef | grep dns107 4450 1 0 14:31 ? 00:00:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.confroot 6003 5897 0 19:17 pts/3 00:00:00 grep --color=auto dnsMay need to do the following:killalldnsmasqservice nova-network restartroot@compute:~# ps -ef | grepdnsnobody 6259 1 0 19:22 ? 00:00:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=10.10.139.1 --except-interface=lo --dhcp-range=set:privateNet,10.10.139.3,static,255.255.255.224,120s --dhcp-lease-max=32 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocalroot 6260 6259 0 19:22 ? 00:00:00 /usr/sbin/dnsmasq --strict-order --bind-interfaces --conf-file= --pid-file=/var/lib/nova/networks/nova-br100.pid --listen-address=10.10.139.1 --except-interface=lo --dhcp-range=set:privateNet,10.10.139.3,static,255.255.255.224,120s --dhcp-lease-max=32 --dhcp-hostsfile=/var/lib/nova/networks/nova-br100.conf --dhcp-script=/usr/bin/nova-dhcpbridge --leasefile-ro --domain=novalocalroot 6775 5897 0 19:26 pts/3 00:00:00 grep --color=auto dns