couch to openstack: neutron (quantum) - august 13, 2013 featuring sean winn
DESCRIPTION
Tuesday, August 13th session of the vBrownBag OpenStack Sack Lunch Series: Couch to OpenStack. With Sean Winn's help, we cover Neutron, the OpenStack Networking Service formerly known as Quantum. Neutron configures network access and services for your OpenStack instances. Credit to Ken Pepple for the OpenStack Project Diagram, and to Dan Wendlandt and the VMware Team for the workflow used in the labTRANSCRIPT
Neutron (the project formerly known as Quantum) – Network
Couch To OpenStack
- Deploy an additional node- Modify resource allocations as needed- … Let’s take a look:
Vagrantfile Review
- BEFORE you vagrant up:- Make sure you have at least 8 GB RAM available
just for the VMs- You can decrease RAM required by modifying the
Vagrantfile- git clone
https://github.com/bunchc/Couch_to_OpenStack.git - cd Couch_to_OpenStack- vagrant up
Build Time!
- Subscribe & Recordings: http://bit.ly/BrownbagPodcast
- Sign up for the rest of the series: http://openstack.prov12n.com/about-couch-to-openstack/
Some Logistics
On Twitter: #vBrownBag
Also: @VMTrooper, @Jfrappier, @seanmwinn
Join the conversation
- New Edition: http://www.packtpub.com/openstack-cloud-computing-cookbook-second-edition/book
- Old Edition: http://amzn.to/12eI6rX
Buy the Book
7/2/2013 – Intro to OpenStack7/9/2013 – Vagrant Primer7/16/2013 – Identity services (Keystone)7/23/2013 – Image services (Glance)7/30/2013 – Compute Services (Nova)8/6/2013 – Block Storage / Volume Services (Cinder)8/13/2013 – Networking Services (Neutron fka Quantum) << We Are Here8/20/2013 – C2OS Office Hours (Review, catch-up, Q&A)8/27/2013 – VMworld US Break9/3/2013 – Monitoring & Troubleshooting9/10/2013 – HA OpenStack9/17/2013 – DevOps Deployments
Note: Dates are subject to change depending on how far we get in each lesson.
The Rest of the Series
Use the automated Cinder Install and manually install Quantum
Remember we have a G+ Support group here:http://bit.ly/C2OSGooglePlus
Homework Review
- Creates the Controller, Compute, Cinder and Quantum Nodes
- Sets variables required for Quantum deployment
- Creates a Quantum Service and Endpoint in Keystone
- Updates MySQL- Creates a Quantum DB- Assigns the Quantum User to the DB
- Installs Quantum- Configures Quantum settings
Build – What’s it doing?
- Networking Services for Cloud Instances
- Replaces nova-network
- Advanced capabilities such as plugins for managing network vendor gear and software, load balancing, API for applications to interact with and respond to network management
Neutron Intro
Cinder Architecture
Neutron ComponentsComponent Purpose
neutron-server Allow API access for users and other OpenStack services
neutron-*-plugin-agent
Allow Neutron to dictate network policy to Open vSwitch
neutron-l3-agent Provide L3 Services to the OpenStack Instances
neutron-dhcp-agent Provide DHCP addressing to the Instances
ovs-vswitchd* Open vSwitch – provide networking for the Instances
Neutron Architecture
- http://docs.openstack.org/grizzly/openstack-network/admin/content/nova_with_quantum.html
- http://docs.openstack.org/trunk/openstack-network/admin/content/Architecture.html
Concepts – Reference
- vagrant ssh controller- sudo su -- cat .stackrc
- export OS_TENANT_NAME=cookbook- export OS_USERNAME=admin- export OS_PASSWORD=openstack- export
OS_AUTH_URL=http://${MY_IP}:5000/v2.0/
- source /vagrant/.stackrc
Using Quantum!
- keystone service-list+----------------------------------+----------+----------+----------------------------+| id | name | type | description |+----------------------------------+----------+----------+----------------------------+| 685e7a8f4d564565ae9b92aa3acefb11 | ec2 | ec2 | EC2 Service || d6389fe30e2e47e38894a7704654c8af | glance | image | OpenStack Image Service || e100b742241e4b449426c37310f8dac1 | keystone | identity | OpenStack Identity Service || e8d68889d06b4dacb3029b4127b64ff8 | network | network | Quantum Network Service || bde08cc22a714a45acadc5f55c469941 | nova | compute | OpenStack Compute Service || baabd87fc7f2443388502fed5c02192d | volume | volume | Volume Service |+----------------------------------+----------+----------+----------------------------+
- keystone service-get <UUID>+-------------+----------------------------------+| Property | Value |+-------------+----------------------------------+| description | Quantum Network Service || id | e8d68889d06b4dacb3029b4127b64ff8 || name | network || type | network |+-------------+----------------------------------+
Verify Quantum Service
- quantum agent-list
+--------------------------------------+--------------------+--------------+-------+----------------+| id | agent_type | host | alive | admin_state_up |+--------------------------------------+--------------------+--------------+-------+----------------+| 3f83ef61-dc16-48aa-ab88-1d94ab31be64 | L3 agent | quantum.book | :-) | True || 9020fe03-ccaf-4450-a734-d01131e3bf38 | Open vSwitch agent | compute.book | :-) | True || 9b253d53-ae65-4037-b59d-2f731cfdc221 | Open vSwitch agent | quantum.book | :-) | True || de9f06b0-58af-403f-a6bf-99f3d4f3e315 | DHCP agent | quantum.book | :-) | True |+--------------------------------------+--------------------+--------------+-------+----------------+
Verify Quantum Components
- Public Network to access OpenStack Compute instances:quantum net-create public-net --router:external=Truequantum subnet-create --name public-subnet public-net 192.168.80.32/27
- Private Network for internal communication:quantum net-create private-netquantum subnet-create --name private-subnet private-net 10.10.80.32/27
# store the private network’s UUID for future usequantum net-show private-netPRIVATE_NET_UUID=<private_net_id>
- Create a Router to allow external access:quantum router-create router1quantum router-gateway-set router1 public-netquantum router-interface-add router1 private-subnet
- Create Access Rules (enable ssh and ICMP):quantum security-group-create sshquantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol tcp --port-range-min 22 --port-range-max 22 sshquantum security-group-rule-create --direction ingress --ethertype IPv4 --protocol icmp ssh
Configure Quantum Networks
- Create a certificate file for communication with your VMnova keypair-add demo > demo.pemchmod 0600 *.pem
- Verify your imagesnova image-list OR glance image-list+--------------------------------------+----------------------------+-------------+-----------+| ID | Name | Disk Format | Size |+--------------------------------------+----------------------------+-------------+-----------+| bc670eb3-67dc-42f3-82b2-91e96f5eca52 | Cirros 0.3 | qcow2 | 9761280 || 90c17ca9-6447-4d45-b862-86366881c13a | Ubuntu 12.04 x86_64 Server | qcow2 | 252641280 |+--------------------------------------+----------------------------+-------------+-----------+
- Boot a new instance of an imagenova boot --image <uuid> --flavor 2 --nic net-id=$PRIVATE_NET_UUID --key_name demo --security_groups ssh myInstance
Create a Nova Instance
- Let’s get the port ID of the Instance NIC and store it in a variablequantum port-list -c id -c fixed_ips -c device_owner+---------+-----------------------------------------------------+--------------------------+| id | fixed_ips | device_owner |+---------+-----------------------------------------------------+--------------------------+| 30...c3 | {"subnet_id": "...", "ip_address": "10.10.80.35"} | network:dhcp || 6c...a7 | {"subnet_id": "...", "ip_address": "10.10.80.34"} | compute:None || 7d...51 | {"subnet_id": "...", "ip_address": "10.10.80.33"} | network:router_interface || 8c...21 | {"subnet_id": "...", "ip_address": "192.168.80.34"} | network:router_gateway |+---------+-----------------------------------------------------+--------------------------+INSTANCUUID=6c4d5102-d72a-4bb0-ad30-934e4830baa7
- Attach the external network to your Instance NICquantum floatingip-create --port-id $INSTANCEUUID public-netCreated a new floatingip:+---------------------+--------------------------------------+| Field | Value |+---------------------+--------------------------------------+| fixed_ip_address | 10.10.80.34 || floating_ip_address | 192.168.80.35 | <--- External IP to use for ssh access| floating_network_id | 20b71d30-0610-470c-a15d-063c85146aea || id | 05887958-1e21-4e96-931c-0217ecdd1618 || port_id | 6c4d5102-d72a-4bb0-ad30-934e4830baa7 || router_id | 53d2821d-a868-4707-98e5-27c51038f89d || tenant_id | 5870b183cef346249511993a96f4e38e |+---------------------+--------------------------------------+
Enable External Access
Thanks Sean Winn for helping out with the Neutron Session tonight. I look forward to him coming back for a session of his own on a future podcast.
Thank you Dan Wendlandt and your team at VMware for the great workflow that I used in the Neutron lab. Viewers can see the VMware Team’s OpenStack Summit session on the OpenStack Foundation YouTube Channel: http://www.youtube.com/watch?v=_pLPtGiGh9M
Acknowledgements
For next week’s session, we will be having C2OS Office Hours. This will allow us to review what we have accomplished up until this point
1. If you have not had a chance to try out the test environments, now is the perfect time to do so.
2. If you are already caught up with what we’ve done so far, try extending your environment add another node to the deployment:
1. Additional Nova nodes2. Additional Cinder nodes
3. Post ideas, questions, comments on the Google Plus Community: http://bit.ly/C2OSGooglePlus
Homework!