OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins as a part of the Git hosting and code review systems migration detailed in these mailing list posts: http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html Attempts have been made to correct repository namespaces and hostnames based on simple pattern matching, but it's possible some were updated incorrectly or missed entirely. Please reach out to us via the contact information listed at https://opendev.org/ with any questions you may have.
|1 month ago|
|deployment_scripts/puppet||2 years ago|
|doc||3 years ago|
|repositories||2 years ago|
|specs||2 years ago|
|.gitignore||2 years ago|
|.gitreview||1 month ago|
|LICENSE||3 years ago|
|README.md||2 years ago|
|components.yaml||2 years ago|
|deployment_tasks.yaml||2 years ago|
|environment_config.yaml||2 years ago|
|metadata.yaml||2 years ago|
|node_roles.yaml||2 years ago|
|pre_install.sh||2 years ago|
|tasks.yaml||2 years ago|
Calico’s pure L3 approach to data center networking integrates seamlessly with Mirantis OpenStack to bring simple, scalable and secure networking to your deployment.
Based on the same scalable IP network principles as the Internet, Calico implements a highly efficient vRouter in each compute node that leverages the existing Linux kernel forwarding engine without the need for vSwitches. Each vRouter propagates workload reachability information (routes) to the rest of the data center using BGP – either directly in small scale deployments or via BGP route reflectors to reach Internet level scales in large deployments.
Calico peers directly with the data center’s physical fabric (whether L2 or L3) without the need for on/off ramps, NAT, tunnels, or overlays.
With Calico, networking issues are easy to troubleshoot. Since it’s all IP, standard tools such as ping and traceroute will just work.
Calico supports rich and flexible network policy which it enforces using bookended ACLs on each compute node to provide tenant isolation, security groups, and external reachability constraints.
For more details, see projectcalico.org.
Mirantis Fuel 9.0
Install the fuel plugin builder, fpb:
easy_install pip pip install fuel-plugin-builder
Clone the calico plugin repository and run the plugin builder:
git clone https://github.com/openstack/fuel-plugin-calico cd fuel-plugin-calico/ fpb --build .
Check that the file fuel-plugin-calico-VERSION.noarch.rpm was created.
Prepare a clean fuel master node.
Copy the plugin onto the fuel master node:
scp fuel-plugin-calico-VERSION.noarch.rpm root@<Fuel_Master_Node_IP>:/tmp
yum install -y patch
Install the plugin on the fuel master node:
cd /tmp fuel plugins --install fuel-plugin-calico-VERSION.noarch.rpm
Check the plugin was installed:
fuel plugins --list
To deploy a cluster with the Calico plugin, use the Fuel web UI to deploy an OpenStack cluster in the usual way, with the following guidelines:
Create a new OpenStack environment, selecting:
Mitaka on Ubuntu 14.04 "Calico networking" as the networking setup
Under the network tab, configure the
Public settings to reduce
Floating-IP addresses pool to one address,
because Calico does not support Floating IPs use-case.
For example (exact values will
depend on your setup):
Node Network Group default: CIDR: 172.18.203.0/24 IP Range: 172.18.203.2 - 172.18.203.253 Gateway: 172.18.203.1 Use VLAN tagging: No Settings Neutron L3: Floating IP range: 172.18.203.254 - 172.18.203.254
Under the network tab, configure the
Private network settings
(this network will be used for BGP peering between custer nodes, route
reflectors and external peers, configured by UI). Do not forget to exclude
Your BGP peers and gateway from the IP range!
For example (exact values will depend on your setup):
IP Range: 22.214.171.124 - 126.96.36.199 CIDR: 188.8.131.52/24 Use VLAN tagging: No
Under Fuel CLI, configure gateway for
This gateway will be used for pass outgoing external traffic from instances.
In most cases the same gateway node should be also an external BGB peer
(see below, external BGB peer-1).
[root@nailgun ~]# fuel2 network-group list +----+---------+------------+---------------+---------+----------+ | id | name | vlan_start | cidr | gateway | group_id | +----+---------+------------+---------------+---------+----------+ | 5 | private | None | 10.88.12.0/24 | None | 1 | +----+---------+------------+---------------+---------+----------+ [root@nailgun ~]# fuel2 network-group update -g 10.88.12.1 5 +------------+---------------+ | Field | Value | +------------+---------------+ | id | 5 | | name | private | | vlan_start | None | | cidr | 10.88.12.0/24 | | gateway | 10.88.12.1 | | group_id | 1 | +------------+---------------+
Under the network tab, configure IP pool for Calico network fabric. Ip addresses from this pool will be assigned to VM instances:
Settings Neutron L3: Admin Tenant network CIDR: 10.10.0.0/16 Admin Tenant network gateway: 10.10.0.1
Under the network tab, in the
other/Calico_networking section setup
AS number, external BGP peering and another Calico networking options.
AS Number: 64513 [X] Allow external BGP peering External BGP peers: peer-1:65000:10.88.12.1 peer-2:65002:184.108.40.206
Add nodes (for meaningful testing, you will need at least two compute nodes in addition to the controller). Calico-RR (route-reflector) and Calico-ETCD node roles may be co-located on Controller nodes or deployed separately.
Under the nodes tab, configure networks to NICs mapping (exact positions will depend on your setup)
Do not forget to configure BGP peering session on you infrastructure BGP peers.