Browse Source

Specification added

Change-Id: I8406b7daa5fc667edbe827f65de2d71aed629123
Nikita Koshikov 4 years ago
parent
commit
831493edb0
1 changed files with 504 additions and 0 deletions
  1. 504
    0
      doc/fuel-plugin-cisco-aci.rst

+ 504
- 0
doc/fuel-plugin-cisco-aci.rst View File

@@ -0,0 +1,504 @@
1
+..
2
+ This work is licensed under a Creative Commons Attribution 3.0 Unported
3
+ License.
4
+
5
+ http://creativecommons.org/licenses/by/3.0/legalcode
6
+
7
+===================================
8
+Fuel Plugin Cisco ACI specification
9
+===================================
10
+
11
+The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.[1]
12
+This specification describes automation of deployment Cisco ACI with OpenStack.
13
+
14
+Problem description
15
+===================
16
+
17
+This integration should be supported with the upstream version of Fuel product.
18
+Mirantis Openstack 6.0 release has Pluggable Architecture feature, that prevents developers from bringing any changes to the core product. Instead, the Cisco APIC functionality can be implemented as a plugin for Fuel.[2]
19
+
20
+This plugin will let end user install the Mirantis OpenStack with Cisco SDN (software defined network) solution. This  new feature supports 4 types of installation:
21
+
22
+* Generic APIC ML2 driver
23
+
24
+* GBP module and Mapping driver
25
+
26
+* GBP module and APIC ML2 driver
27
+
28
+* GBP module and APIC GBP driver
29
+
30
+Each configuration will be described on its own section.
31
+
32
+Proposed change
33
+===============
34
+
35
+Right now Fuel supports 4 types of network configurations:
36
+
37
+* Neutron with VLAN segmentation (default)
38
+
39
+* Neutron with GRE segmentation
40
+
41
+* Neutron with VMware NSX
42
+
43
+* Legacy Networking (nova-network)
44
+
45
+When successfully copied to the Fuel Master node and installed, a new submenu will appear on the Settings tab of the Fuel web UI.
46
+End user will have to select a checkbox/radiobutton with User Stories described below.
47
+
48
+User Story 1: Generic APIC ML2 driver
49
+---------------------------------------------------
50
+
51
+This case will provide availability to configure Neutron for using Cisco SDN solution based on generic upstream ML2 neutron driver [3]. To enable this functionality, the plugin should  support 2 types of configuration:
52
+
53
+* with automatic hosts discovery (using lldp)
54
+* static config.
55
+
56
+This list describes what software and configuration should be added to corresponding hosts to support User Story 1 with autodiscovery feature enabled(checkbox called “Use lldp” set):
57
+
58
+* All hosts will be installed with LLDP package
59
+* All hosts will be installed with pip apicapi package
60
+* All hosts will be installed with neutron-driver-apic-agent package
61
+* All hosts will have these configurations in *<neutron.conf>*:
62
+
63
+  ::
64
+
65
+    [DEFAULT]
66
+    service_plugins=neutron.services.l3_router.l3_apic.ApicL3ServicePlugin
67
+    core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
68
+
69
+* All hosts will have these configurations in *ml2_conf.ini* file:
70
+
71
+  ::
72
+
73
+    [ml2]
74
+    type_drivers=local,flat,vlan,gre,vxlan
75
+    tenant_network_types=vlan
76
+    mechanism_drivers=openvswitch,cisco_apic
77
+    [ml2_type_vlan]
78
+    network_vlan_ranges="$physnets_dev:$vlan_range"
79
+    [securitygroup]
80
+    enable_security_group=True
81
+    firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
82
+    [ovs]
83
+    integration_bridge="$integration_bridge"
84
+    bridge_mappings="$physnets_dev:$integration_bridge"
85
+    enable_tunneling=False
86
+    [agent]
87
+    polling_interval=2
88
+    l2_population=False
89
+    arp_responder=False
90
+
91
+Where **$integration_bridge** , **$physnets_dev**, **$vlan_range** should be configured through the Fuel web UI in Neutron L2 Configuration section of the Networks tab.
92
+
93
+* All hosts will have these configurations in *ml2_conf_cisco.ini* file:
94
+
95
+  ::
96
+
97
+    [DEFAULT]
98
+    apic_system_id=openstack
99
+    [ml2_cisco_apic]
100
+    apic_hosts=$apic_hosts
101
+    apic_username=$apic_username
102
+    apic_password=$apic_password
103
+    apic_name_mapping=use_name
104
+
105
+Where **$apic_hosts**, **$apic_username**, **$apic_password** - should be configured through the Fuel web UI.
106
+
107
+* All controllers will have neutron-driver-apic-svc-agent package installed
108
+* All hosts *ml2_config_cisco.ini* will have [apic_external_network:ext] section, if configured through the Fuel web UI.
109
+
110
+This list describes what software and configuration should be added to the corresponding hosts to support User Story 1 with static config chosen:
111
+
112
+* All controllers have pip apicapi installed
113
+* neutron-driver-apic-svc-agent neutron-driver-apic-agent and lldp is not installed
114
+* All configurations are the same as "Auto discovery" way
115
+* On all hosts in *ml2_config_cisco.ini* file, we will add an example (user-defined) section configured through the Fuel web UI.
116
+
117
+  ::
118
+
119
+    [apic_switch:201]
120
+    compute11,compute21=1/10
121
+    compute12=1/11
122
+
123
+* For both cases (autodiscovery and static), configuration files
124
+  on controller nodes (*neutron.conf*) should have admin credentials:
125
+
126
+  ::
127
+
128
+    [keystone_authtoken]
129
+    admin_user="$admin_username"
130
+    admin_password="$admin_password"
131
+    admin_tenant_name="$admin_tenant"
132
+
133
+Where **$admin_username**, **$admin_password** and **$admin_tenant** point to the cloud administrator credentials.
134
+
135
+User Story 2a: GBP module and Mapping driver
136
+-------------------------------------------------------------
137
+
138
+This case will provide availability to configure Neutron for using Cisco SDN solution that is targeted at Cisco group-based policy packages.
139
+This list describes what software and configuration should be added to the corresponding hosts to support User Story 2a.
140
+
141
+* All controllers will have these configurations in *neutron.conf* file:
142
+
143
+  ::
144
+
145
+    [DEFAULT]
146
+    service_plugins=neutron.services.
147
+    l3_router.l3_router_plugin.L3RouterPlugin,
148
+    gbpservice.neutron.services.grouppolicy.plugin.GroupPolicyPlugin,
149
+    gbpservice.neutron.services.servicechain.servicechain_plugin.ServiceChainPlugin
150
+    core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
151
+    [group_policy]
152
+    policy_drivers=implicit_policy,resource_mapping
153
+    [servicechain]
154
+    servicechain_drivers = simplechain_driver
155
+    [quotas]
156
+    default_quota = -1
157
+    quota_network = -1
158
+    quota_subnet = -1
159
+    quota_port = -1
160
+    quota_security_group = -1
161
+    quota_security_group_rule = -1
162
+    quota_router = -1
163
+    quota_floatingip = -1
164
+
165
+* All controllers will have these configurations in *ml2_conf.ini* file:
166
+
167
+  ::
168
+
169
+    [ml2]
170
+    type_drivers=local,flat,vlan,gre,vxlan
171
+    tenant_network_types=vlan
172
+    mechanism_drivers=openvswitch
173
+    [ml2_type_vlan]
174
+    network_vlan_ranges="$physnets_dev:$vlan_range"
175
+    [securitygroup]
176
+    enable_security_group=True
177
+    firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
178
+    [ovs]
179
+    integration_bridge="$integration_bridge"
180
+    bridge_mappings="$physnets_dev:$integration_bridge"
181
+    enable_tunneling=False
182
+    [agent]
183
+    polling_interval=2
184
+    l2_population=False
185
+    arp_responder=False
186
+
187
+Where **$integration_bridge**, **$physnets_dev**, **$vlan_range** - should be configured through the
188
+Fuel web UI in the Neutron L2 Configuration section of the Networks tab.
189
+
190
+* All controllers will have 4 additional package installed:
191
+
192
+  * group-based-policy
193
+  * python-group-based-policy-client
194
+  * group-based-policy-ui
195
+  * group-based-policy-automation
196
+
197
+* All controllers will enable heat plugin in *heat.conf* file:
198
+
199
+  ::
200
+
201
+    [DEFAULT]
202
+    plugin_dirs=/path/to/code/gbpautomation/heat
203
+
204
+* All controllers will enable Horizon projects by linking *project.py* file to enabled_dashboards directory.
205
+
206
+User Story 2b: GBP module and APIC ML2 driver
207
+---------------------------------------------------------
208
+
209
+This case will provide availability to configure Neutron for using Cisco SDN solution that is targeted at Cisco group-based policy packages
210
+and APIC Controller with ML2 driver.
211
+This list describes what software and configuration should be added to the corresponding hosts to support User Story 2b.
212
+
213
+* All controllers will have these configurations in *neutron.conf* file:
214
+
215
+  ::
216
+
217
+    [DEFAULT]
218
+    service_plugins=neutron.services.l3_router.l3_apic.ApicL3ServicePlugin
219
+    core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
220
+    [group_policy]
221
+    policy_drivers=implicit_policy,apic
222
+    [servicechain]
223
+    servicechain_drivers = simplechain_driver
224
+    [quotas]
225
+    default_quota = -1
226
+    quota_network = -1
227
+    quota_subnet = -1
228
+    quota_port = -1
229
+    quota_security_group = -1
230
+    quota_security_group_rule = -1
231
+    quota_router = -1
232
+    quota_floatingip = -1
233
+
234
+* All controllers will have these configurations in *ml2_conf.ini* file:
235
+
236
+  ::
237
+
238
+    [ml2]
239
+    type_drivers=local,flat,vlan,gre,vxlan
240
+    tenant_network_types=vlan
241
+    mechanism_drivers=openvswitch,cisco_aci
242
+    [ml2_type_vlan]
243
+    network_vlan_ranges="$physnets_dev:$vlan_range"
244
+    [securitygroup]
245
+    enable_security_group=True
246
+    firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
247
+    [ovs]
248
+    integration_bridge="$integration_bridge"
249
+    bridge_mappings="$physnets_dev:$integration_bridge"
250
+    enable_tunneling=False
251
+    [agent]
252
+    polling_interval=2
253
+    l2_population=False
254
+    arp_responder=False
255
+
256
+Where **$integration_bridge**, **$physnets_dev**, **$vlan_range** - should be configured through the
257
+Fuel web UI in the Neutron L2 Configuration section of the Networks tab.
258
+
259
+* All controllers will have these configurations in *ml2_conf_cisco.ini* file:
260
+
261
+  ::
262
+
263
+    [DEFAULT]
264
+    apic_system_id=openstack
265
+    [ml2_cisco_apic]
266
+    apic_hosts=$apic_hosts
267
+    apic_username=$apic_username
268
+    apic_password=$apic_password
269
+    apic_name_mapping=use_name
270
+
271
+Where **$apic_hosts**, **$apic_username**, **$apic_password** - should be configured through the Fuel web UI.
272
+
273
+* All controllers will have these configurations in *neutron.conf* file:
274
+
275
+  ::
276
+
277
+    [keystone_authtoken]
278
+    admin_user="$admin_username"
279
+    admin_password="$admin_password"
280
+    admin_tenant_name="$admin_tenant"
281
+
282
+Where **$admin_username**, **$admin_password** and **$admin_tenant** point to the cloud administrator credentials.
283
+
284
+* All controllers will have 4 additional package installed:
285
+
286
+  * group-based-policy
287
+  * python-group-based-policy-client
288
+  * group-based-policy-ui
289
+  * group-based-policy-automation
290
+
291
+* All controllers will enable heat plugin in *heat.conf* file:
292
+
293
+  ::
294
+
295
+    [DEFAULT]
296
+    plugin_dirs=/path/to/code/gbpautomation/heat
297
+
298
+* All controllers will enable Horizon projects by linking *project.py* file to enabled_dashboards directory.
299
+
300
+* All hosts will have [apic_external_network:ext] section in the *ml2_config_cisco.ini* file, if configured though Fuel web UI.
301
+
302
+* All controllers have pip apicapi installed
303
+
304
+* If LLDP is using - see US1 for configuration options that should be added.
305
+
306
+User Story 3: GBP module and APIC GBP driver
307
+---------------------------------------------------------
308
+
309
+This case will provide availability to configure Neutron for using Cisco SDN solution that is targeted at Cisco group-based policy packages
310
+and APIC Controller with GBP driver.
311
+This list describes what software and configuration should be added to the corresponding hosts to support User Story 3.
312
+
313
+* All controllers will have these configurations in *neutron.conf* file:
314
+
315
+  ::
316
+
317
+    [DEFAULT]
318
+    service_plugins=neutron.services.
319
+    l3_router.l3_router_plugin.L3RouterPlugin,
320
+    gbpservice.neutron.services.grouppolicy.plugin.GroupPolicyPlugin,
321
+    gbpservice.neutron.services.servicechain.servicechain_plugin.ServiceChainPlugin
322
+    core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
323
+    [group_policy]
324
+    policy_drivers=implicit_policy,apic
325
+    [servicechain]
326
+    servicechain_drivers = simplechain_driver
327
+    [quotas]
328
+    default_quota = -1
329
+    quota_network = -1
330
+    quota_subnet = -1
331
+    quota_port = -1
332
+    quota_security_group = -1
333
+    quota_security_group_rule = -1
334
+    quota_router = -1
335
+    quota_floatingip = -1
336
+
337
+* All controllers will have these configurations in *ml2_conf.ini* file:
338
+
339
+  ::
340
+
341
+    [ml2]
342
+    type_drivers=local,flat,vlan,gre,vxlan
343
+    tenant_network_types=vlan
344
+    mechanism_drivers=openvswitch,apic_gbp
345
+    [ml2_type_vlan]
346
+    network_vlan_ranges="$physnets_dev:$vlan_range"
347
+    [securitygroup]
348
+    enable_security_group=True
349
+    firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
350
+    [ovs]
351
+    integration_bridge="$integration_bridge"
352
+    bridge_mappings="$physnets_dev:$integration_bridge"
353
+    enable_tunneling=False
354
+    [agent]
355
+    polling_interval=2
356
+    l2_population=False
357
+    arp_responder=False
358
+
359
+Where **$integration_bridge**, **$physnets_dev**, **$vlan_range** - should be configured through the
360
+Fuel web UI in the Neutron L2 Configuration section of the Networks tab.
361
+
362
+* All controllers will have these configurations in *ml2_conf_cisco.ini* file:
363
+
364
+  ::
365
+
366
+    [DEFAULT]
367
+    apic_system_id=openstack
368
+    [ml2_cisco_apic]
369
+    apic_hosts=$apic_hosts
370
+    apic_username=$apic_username
371
+    apic_password=$apic_password
372
+    apic_name_mapping=use_name
373
+
374
+Where **$apic_hosts**, **$apic_username**, **$apic_password** - should be configured through the Fuel web UI.
375
+
376
+* All controllers will have these configurations in *neutron.conf* file:
377
+
378
+  ::
379
+
380
+    [keystone_authtoken]
381
+    admin_user="$admin_username"
382
+    admin_password="$admin_password"
383
+    admin_tenant_name="$admin_tenant"
384
+
385
+Where **$admin_username**, **$admin_password** and **$admin_tenant** point to the cloud administrator credentials.
386
+
387
+* All controllers will have 4 additional package installed:
388
+
389
+  * group-based-policy
390
+  * python-group-based-policy-client
391
+  * group-based-policy-ui
392
+  * group-based-policy-automation
393
+
394
+* All controllers will enable heat plugin in *heat.conf* file:
395
+
396
+  ::
397
+
398
+    [DEFAULT]
399
+    plugin_dirs=/path/to/code/gbpautomation/heat
400
+
401
+* All controllers will enable Horizon projects by linking *project.py* file to enabled_dashboards directory.
402
+
403
+* All hosts will have [apic_external_network:ext] section in the *ml2_config_cisco.ini* file, if configured though Fuel web UI.
404
+
405
+* All controllers have pip apicapi installed
406
+
407
+* If LLDP is using - see US1 for configuration options that should be added.
408
+
409
+
410
+Alternatives
411
+---------------
412
+
413
+There are no known alternatives for this plugin, although all steps can be performed manually.
414
+
415
+Data model impact
416
+-------------------------
417
+
418
+GBP installation type requires additional tables in Neutron database.
419
+New scheme will be managed by `gbp-db-manage` command that comes from group-based-policy package.
420
+
421
+REST API impact
422
+---------------
423
+
424
+None.
425
+
426
+Upgrade impact
427
+--------------
428
+
429
+Upgrading should be tested explicitly with this plugin installed and APIC controller enabled.
430
+
431
+Security impact
432
+---------------
433
+
434
+This plugin changes Neutron keystone_authtoken credentials from `neutron` user and `services`
435
+tenant to `admin` user and `admin` tenant on controller nodes. This may change in future, but
436
+for Juno release this must be set to admin values.
437
+
438
+Notifications impact
439
+--------------------
440
+
441
+None.
442
+
443
+Other end user impact
444
+---------------------
445
+
446
+None.
447
+
448
+Plugin impact
449
+-------------
450
+
451
+This plugin should not impact other plugins until they do not modify the same settings for Neutron configuration.
452
+
453
+Other deployer impact
454
+---------------------
455
+
456
+Developer impact
457
+----------------
458
+
459
+
460
+Implementation
461
+==============
462
+
463
+Assignee(s)
464
+-----------
465
+Primary assignee:
466
+    Nikita Koshikov - nkoshikov@mirantis.com
467
+
468
+Work Items
469
+----------
470
+
471
+* Create fuel-plugin-cisco-aci plugin
472
+
473
+* Develop the Fuel web UI part of the plugin
474
+
475
+* Add puppet support for all configuration cases
476
+
477
+* Write documentation (User Guide)
478
+
479
+Dependencies
480
+============
481
+
482
+* Ubuntu 14.04 support in MOS [4]
483
+
484
+* This bug should also be fixed [5]
485
+
486
+Testing
487
+========
488
+
489
+Plugin should pass tempest framework tests.
490
+
491
+Documentation Impact
492
+====================
493
+
494
+Reference to this plugin should be added to main Fuel documentation.
495
+
496
+References
497
+==========
498
+
499
+[1] http://cisco.com/go/apic
500
+[2] http://docs.mirantis.com/openstack/fuel/fuel-6.0/plugin-dev.html
501
+[3] https://blueprints.launchpad.net/neutron/+spec/ml2-cisco-apic-mechanism-driver
502
+[4] https://blueprints.launchpad.net/fuel/+spec/support-ubuntu-trusty
503
+[5] https://bugs.launchpad.net/fuel/+bug/1417994
504
+

Loading…
Cancel
Save