diff --git a/_images/nsx-vcenter-arch.png b/_images/nsx-vcenter-arch.png new file mode 100644 index 000000000..c010f1115 Binary files /dev/null and b/_images/nsx-vcenter-arch.png differ diff --git a/_images/nsx-vswitch1.png b/_images/nsx-vswitch1.png new file mode 100644 index 000000000..97c7b34b8 Binary files /dev/null and b/_images/nsx-vswitch1.png differ diff --git a/_images/nsx-vswitch10.png b/_images/nsx-vswitch10.png new file mode 100644 index 000000000..7ac1bef88 Binary files /dev/null and b/_images/nsx-vswitch10.png differ diff --git a/_images/nsx-vswitch11.png b/_images/nsx-vswitch11.png new file mode 100644 index 000000000..d69024704 Binary files /dev/null and b/_images/nsx-vswitch11.png differ diff --git a/_images/nsx-vswitch12.png b/_images/nsx-vswitch12.png new file mode 100755 index 000000000..ef7c03b8f Binary files /dev/null and b/_images/nsx-vswitch12.png differ diff --git a/_images/nsx-vswitch13.png b/_images/nsx-vswitch13.png new file mode 100644 index 000000000..e121eb2c4 Binary files /dev/null and b/_images/nsx-vswitch13.png differ diff --git a/_images/nsx-vswitch2.png b/_images/nsx-vswitch2.png new file mode 100644 index 000000000..b79bc1303 Binary files /dev/null and b/_images/nsx-vswitch2.png differ diff --git a/_images/nsx-vswitch3.png b/_images/nsx-vswitch3.png new file mode 100644 index 000000000..28e0933f0 Binary files /dev/null and b/_images/nsx-vswitch3.png differ diff --git a/_images/nsx-vswitch4.png b/_images/nsx-vswitch4.png new file mode 100644 index 000000000..ef6e7ae27 Binary files /dev/null and b/_images/nsx-vswitch4.png differ diff --git a/_images/nsx-vswitch5.png b/_images/nsx-vswitch5.png new file mode 100644 index 000000000..4193cb419 Binary files /dev/null and b/_images/nsx-vswitch5.png differ diff --git a/_images/nsx-vswitch6.png b/_images/nsx-vswitch6.png new file mode 100644 index 000000000..b1b7496ee Binary files /dev/null and b/_images/nsx-vswitch6.png differ diff --git a/_images/nsx-vswitch7.png b/_images/nsx-vswitch7.png new file mode 100644 index 000000000..34942e1b3 Binary files /dev/null and b/_images/nsx-vswitch7.png differ diff --git a/_images/nsx-vswitch8.png b/_images/nsx-vswitch8.png new file mode 100644 index 000000000..2d16f5dc7 Binary files /dev/null and b/_images/nsx-vswitch8.png differ diff --git a/_images/nsx-vswitch9.png b/_images/nsx-vswitch9.png new file mode 100644 index 000000000..8abd44b0f Binary files /dev/null and b/_images/nsx-vswitch9.png differ diff --git a/_images/user_screen_shots/nsx-create-env.png b/_images/user_screen_shots/nsx-create-env.png index e9c787cd5..c65833542 100644 Binary files a/_images/user_screen_shots/nsx-create-env.png and b/_images/user_screen_shots/nsx-create-env.png differ diff --git a/_images/user_screen_shots/nsx-networking.png b/_images/user_screen_shots/nsx-networking.png index b5a79ec54..794a5f0ac 100644 Binary files a/_images/user_screen_shots/nsx-networking.png and b/_images/user_screen_shots/nsx-networking.png differ diff --git a/_images/vcenter-nsx-settings.png b/_images/vcenter-nsx-settings.png new file mode 100644 index 000000000..da83a3bc8 Binary files /dev/null and b/_images/vcenter-nsx-settings.png differ diff --git a/pages/planning-guide/7000-nsx-plan.rst b/pages/planning-guide/7000-nsx-plan.rst index 0aa955893..9c4c58696 100644 --- a/pages/planning-guide/7000-nsx-plan.rst +++ b/pages/planning-guide/7000-nsx-plan.rst @@ -10,6 +10,9 @@ VMware provides an NSX plug-in for OpenStack that enables the Neutron service to communicate and provision virtual networks in NSX that can manage Open vSwitches on controller and compute nodes. +.. note: Fuel 6.0 supports NSX as an Experimental Feature. + See :ref:`experimental-features-op` for more information. + This section summarizes the planning you should do and other steps that are required before you attempt to deploy Mirantis OpenStack @@ -18,7 +21,7 @@ with NSX integration. For more information: - See :ref:`neutron-nsx-arch` for information about how NSX support - is implemented in Mirantis OpenStack; + is implemented in Mirantis OpenStack. - :ref:`nsx-deploy` gives instructions for creating and deploying a Mirantis OpenStack environment that is integrated @@ -87,9 +90,9 @@ VMware NSX cluster configuration .. Attention:: - You must specify the same transport type on the Settings tab in FUEL web UI. + You must specify the same transport type on the *Settings* tab in the Fuel web UI. -* Obtain and put NSX specific packages on the Fuel Master node +* Obtain and put NSX-specific packages on the Fuel Master node * Upload NSX package archives to the Fuel Master node which has IP address 10.20.0.2 in this example: @@ -123,11 +126,263 @@ VMware NSX cluster configuration `NSX appliances installation `_ and `NSX cluster configuration `_ for details about the NSX cluster deployment process. +Cleaning up the NSX cluster +--------------------------- + +To cleanup the NSX cluster, log into the NSX Manager, follow these steps: + +#. Open the dashboard and click on numbered link in *Hypervisor Software Version Summary*: + + .. image:: /_images/nsx-cleanup-1.png + +#. Tick all registered nodes and press *Delete Checked* button: + + .. image:: /_images/nsx-cleanup-2.png + :width: 60% + +#. Click on *Logical Layer* in the *category* column. Tick all remaining + logical entities and remove them by pressing the corresponding *Delete + Checked* button: + + .. image:: /_images/nsx-cleanup-3.png + :width: 60% + + +Preparing for Neutron with VMware NSX plugin installation +--------------------------------------------------------- + +This section is dedicated to integration of Mirantis OpenStack with NSX as the networking option +and vCenter as a hypervisor. + +To enable Neutron with VMware NSX plugin, you should have +the NSX cluster configured. +Once it is enabled, an NSX vSwitch should be +configured inside the ESXi hosts. + +.. note:: To install NSX with KVM or QEMU hypervisor, + see :ref:`nsx-deploy` and :ref:`Select Hypervisor for NSX`. + + +Installing NSX vSwitch +~~~~~~~~~~~~~~~~~~~~~~ + +The NSX vSwitch is a part of an SDN solution +for the VMware vSphere platform, +similar to the Standard +vSwitch and the Virtual Distributed Switch. +The NSX vSwitch needs a dedicated +physical uplink (vmnic) to connect to the upstream network. +Before proceeding to the actual installation, +ensure that you have at least one unused vmnic +interface available on all your ESXi hosts. +The NSX vSwitch is provided as +a vSphere Installation Bundle (VIB) +that needs to be installed on each ESXi +host that you plan on using. + +To install NSX vSwitch, follow these steps: + +#. Make sure VIB file is available to the ESXi hosts (for example, via a shared storage). + + .. image:: /_images/nsx-vswitch1.png + :width: 50% + + +#. Temporarily enable SSH access to the ESXi hosts. + + .. image:: /_images/nsx-vswitch2.png + :width: 50% + +#. After you have enabled SSH access to the ESXi hosts, connect to your first ESXi host via SSH. + Start the installation of the NSX vSwitch VIB file with + the *esxcli software vib install --no-sig-check -v * command: + + :: + + + ~ # esxcli software vib install --no-sig-check -v /vmfs/volumes/SiteA-IPv6-NFS/vmware-nsxvswitch-2.0.1-30494-release.vib + Installation Result + Message: Operation finished successfully. + Reboot Required: false + VIBs Installed: VMware_bootbank_vmware-nsxvswitch_2.0.1-30494 + VIBs Removed: + VIBs Skipped: + ~ # + +4. The installation of VIB file is over. Do not shut down SSH. + +Configuring the NSX vSwitch +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +In comparison to the Standard vSwitch and the virtual Distributed Switch installation procedure, +done via vCenter, the NSX vSwitch is configured with the CLI. + +#. To configure the NSX vSwitch, connect an uplink to the switch: + this will create an NVS bridge. + + :: + + ~ # nsxcli uplink/connect vmnic4 + +#. Configure the IP address for the transport endpoint. This transport + endpoint creates overlay tunnels with other transport endpoints, + such as Hypervisors, Gateway nodes and Service Nodes. The NSX + vSwitch uses a separate IP stack for this: + the VMware NSX transport endpoint has its own default gateway. + Set the IP address of the transport endpoint with the *nsxcli uplink/set-ip * + command. + VLAN tag can also be set by putting ** as an additional parameter to the command (for example, *100*). + + :: + + + ~ # nsxcli uplink/set-ip vmnic4 192.168.110.123 255.255.255.0 + +#. Set the default gateway with the + *nsxcli gw/set tunneling * command. + + :: + + + ~ # nsxcli gw/set tunneling 192.168.110.121 + ~ # + +#. Create a Transport-Net Bridge to which Virtual Machines will later + connect to. The name of this bridge must be *br-int*. + Create the NSX bridge with the following command: + + :: + + + ~ # nsxcli network/add br-int br-int nsx.network manual + success + ~ # + +#. Register the NSX vSwitch with the NSX controller. + First, use the *nsxcli manager/set ssl:* command + to point the NSX vSwitch to the NSX controller. In + the case of an NSX controller cluster, you can specify any IP address of a cluster member. + + :: + + + ~ # nsxcli manager/set ssl:192.168.110.101 + ~ # + + +#. Extract the SSL certificate from the NSX vSwitch with + *cat /etc/nsxvswitch/nsxvswitch-cert.pem.* command. + Copy the text including the * —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–* line. + You will need this text in the next step. + + .. image:: /_images/nsx-vswitch3.png + :width: 50% + +#. Do not close the SSH session yet. + Return to the NSX Manager Dashboard. + Within the *Summary of Transport Components* section, click on + *Add within the Hypervisor* row. + + .. image:: /_images/nsx-vswitch4.png + :width: 50% + +#. Confirm that the pre-selected transport type is Hypervisor. + + .. image:: /_images/nsx-vswitch5.png + :width: 50% + + +#. Give the hypervisor node a name; the hostname can be used here. + + .. image:: /_images/nsx-vswitch6.png + :width: 50% + +#. As the *Integration Bridge Id*, specify *br-int*. + Leave the other values default. + The *Tunnel Keep-alive Spray* would randomize TCP source ports for STT tunnel keep-alives + for packet spray across active network path. + + .. image:: /_images/nsx-vswitch7.png + :width: 50% + +#. Select the Credential Type of Security Certificate and paste the previously copied certificate + into the Security Certificate field. + + .. image:: /_images/nsx-vswitch8.png + :width: 50% + +#. Create a transport connector for + the NSX vSwitch using STT as the transport type and the IP address that you configured a few steps earlier. + + .. image:: /_images/nsx-vswitch9.png + :width: 50% + +#. Return to the NSX Manager Dashboard: you will see the new Hypervisor within + the *Summary of Transport Components* section on the *Hypervisors* row. + Click on the number for active hypervisors to see more details. + + .. image:: /_images/nsx-vswitch10.png + :width: 50% + +#. You should see the ESXi host with the NSX vSwitch successfully added as a hypervisor with the Connection status as Up. + + .. image:: /_images/nsx-vswitch11.png + :width: 50% + +#. Instruct VMware NSX to export the OpenStack virtual machine virtual interface + (*vif*) UUID as extra information besides the VMware vSphere one. + This is necessary as OpenStack uses a different UUID than VMware vSphere does. + Without this setting OpenStack will not recognize a virtual machine that it created for further operations via the Neutron API. + Instruct NSX to allow custom vifs with the *nsxd --allow-custom-vifs* command. + When asked for a username and password, enter the username and password for the ESXi host. + + :: + + + ~ # nsxd --allow-custom-vifs + 2013-12-18T19:50:15Z|00001|ovs_esxd|INFO|Normal operation + username : root + Password: + WARNING: can't open config file: /etc/pki/tls/openssl.cnf + nsxd: NSXD will be restarted now. + Killing nsxd (227588). + 2013-12-18T19:50:21Z|00001|ovs_esxd|INFO|Normal operation + WARNING: can't open config file: /etc/pki/tls/openssl.cnf + Starting nsxd. + ~ # + + + .. note:: You can safely ignore the warning message about the */etc/pki/tls/openssl.cnf* configuration file. + +#. Verify that the configuration change has been applied with the *nsxcli custom-vifs/show* command. + Repeat the above steps for any additional ESX host that you want to use with this setup. + + :: + + + ~ # nsxcli custom-vifs/show + Custom-VIFs: Enabled + ~ # + + +#. Return to the vSphere Web Client where you can see vmnic4 connected to the NSX vSwitch. + + .. image:: /_images/nsx-vswitch12.png + :width: 50% + +#. After you have installed and configured the NSX vSwitch on + all Hypervisors, you can see the results in the NSX Manager Dashboard. + + .. image:: /_images/nsx-vswitch13.png + :width: 50% + + +For further instructions on configuring Neutron with VMware NSX plugin in the Fuel web UI, see :ref:`vcenter-deploy`. + Limitations ------------------------------- -- Only KVM or QEMU are supported as hypervisor options - when using VMware NSX. +----------- + - Only VMware NSX 4.0 is supported - Resetting or deleting the environment via "Reset" and "Delete" buttons on the Actions tab does not flush the entities (logical switches, routers, @@ -135,21 +390,4 @@ Limitations Eventually, the cluster may run out of resources; it is up to the cloud operator to remove unneeded entities from the VMware NSX cluster. Each time the deployment fails or is interrupted; after solving the problem, restart - the deployment process. - - To cleanup the NSX cluster, log into the NSX Manager, open the dashboard and - click on numbered link in "Hypervisor Software Version Summary": - - .. image:: /_images/nsx-cleanup-1.png - - Tick all registered nodes and press "Delete Checked" button: - - .. image:: /_images/nsx-cleanup-2.png - :width: 60% - - Then click on "Logical Layer" in the "category" column, tick all remaining - logical entities and remove them by pressing the corresponding "Delete - Checked" button: - - .. image:: /_images/nsx-cleanup-3.png - :width: 60% + the deployment process. \ No newline at end of file diff --git a/pages/reference-architecture/neutron-intro/0270-nsx.rst b/pages/reference-architecture/neutron-intro/0270-nsx.rst index 86a0427a6..345cd47e0 100644 --- a/pages/reference-architecture/neutron-intro/0270-nsx.rst +++ b/pages/reference-architecture/neutron-intro/0270-nsx.rst @@ -9,7 +9,7 @@ might look like this, it is assumed that the NSX nodes have L2 connectivity with OpenStack nodes: .. image:: /_images/Neutron_nsx_l2.png - :width: 80% + :width: 50% If your NSX cluster resides in its own network and you do not want to relocate you NSX nodes, it is possible to use L3 connectivity between the NSX network @@ -22,8 +22,19 @@ Settings tab: Here is an example of how it will look: .. image:: /_images/Neutron_nsx_l3.png - :width: 80% + :width: 50% .. note:: You do not need a physically separate Private network for this setup. +Neutron with VMware NSX and vCenter +----------------------------------- + +In Mirantis OpenStack 6.0, Neutron with VMware NSX can be enabled +with vCenter as a hypervisor. +In this case, the following topology +will be implemented: + +.. image:: /_images/nsx-vcenter-arch.png + :width: 80% + diff --git a/pages/terminology/e/experimental-features.rst b/pages/terminology/e/experimental-features.rst index 27e4d05d4..0d7351ff7 100644 --- a/pages/terminology/e/experimental-features.rst +++ b/pages/terminology/e/experimental-features.rst @@ -17,6 +17,7 @@ The following features are currently defined as experimental: - Zabbix integration; see :ref:`zabbix-plan`. - Ability to update 5.0 and 5.0.1 environments to 5.0.2; see :ref:`upgrade-patch-top-ug`. +- NSX. See :ref:`nsx-plan` and :ref:`nsx-deploy`. Instructions for enabling experimental features on a running Fuel Master node are provided in diff --git a/pages/user-guide/7310-nsx.rst b/pages/user-guide/7310-nsx.rst index bc4d7676a..c708d3f4a 100644 --- a/pages/user-guide/7310-nsx.rst +++ b/pages/user-guide/7310-nsx.rst @@ -42,22 +42,24 @@ You can deploy Mirantis OpenStack with or without :ref:`ha-term`. PageBreak +.. _select-hyperv-nsx: + Select Hypervisor for NSX +++++++++++++++++++++++++ -Select either the KVM or QEMU :ref:`hypervisor` +Select either the KVM, QEMU or vCenter :ref:`hypervisor` when you create your OpenStack Environment. After that, you need to fill in the corresponding fields. -You can modify the NSX specific values on the Settings tab +You can modify the NSX-specific values on the *Settings* tab after you create the environment. .. image:: /_images/user_screen_shots/nsx-hv.png :width: 50% -Select Neutron VMware NSX plugin -++++++++++++++++++++++++++++++++ +Select Neutron VMware NSX plug-in ++++++++++++++++++++++++++++++++++ -Choose the Neutron VMware NSX plugin on the Network settings page. +Choose the Neutron VMware NSX plug-in on the *Network Setup* page. .. image:: /_images/user_screen_shots/nsx-networking.png :width: 50% @@ -91,12 +93,12 @@ Complete the creation of your NSX environment :width: 50% -Select "Create" and click on the icon for your named environment. +Select *Create* and click on the icon for your named environment. Configuring your environment for NSX ------------------------------------ -After you exit from the "Create a New OpenStack Environment" wizard, +After you exit from the *Create a New OpenStack Environment* wizard, Fuel displays a set of configuration tabs that you use to finish configuring your environment. @@ -108,17 +110,22 @@ integrated with NSX. Network settings ++++++++++++++++ -This example screenshot illustrate the completed Network Settings page -when using the Neutron VMware NSX plugin. - -.. image:: /_images/nsx-settings.png - :width: 80% - -Input the values you specified when did :ref:`nsx-plan`. -Here is an example how filled NSX settings block might look: +In *Network Settings* tab, +specify the NSX and check vCenter +credentials that you specified when performed +steps described in :ref:`nsx-plan` .. image:: /_images/nsx-settings-filled.png - :width: 80% + :width: 50% + +Note that when you have deployed your Neutron with NSX plug-in +environment and logged into the Horizon dashboard, +external and internal networks are created with +*net04_ext* and *net_04* names accordingly. + +For more information on configuring networks, +see the blog post +`Create virtual networks and launch a VM instance in OpenStack `_. For more information about how NSX support is implemented, see :ref:`neutron-nsx-arch`.