Versions Compared

Old Version 6

changes.mady.by.user Jyothi KP

Saved on

compared with

New Version 7

changes.mady.by.user Jyothi KP

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note
titleNote

Before you issue commands with Nova, ensure that your environment contains the necessary credentials. You can do this by sourcing the keystonerc_admin file that is created during the OpenStack installation. For more information, refer to the section Getting Credentials for a CLI in the OpenStack CLI Guide.

Sections covered in this topic are:

Table of Contents

To install vNIOS for KVM in OpenStack complete the following steps:

  1. In OpenStack, run source keystonerc_admin to set up the OpenStack environment.
  2. Upload the qcow2 file for the specified vNIOS for KVM model to OpenStack. For more information, see Requirements.
  3. Set up the OpenStack flavors, as described in the Setting Up vNIOS the OpenStack Flavors for vNIOS section.
  4. Import the vNIOS instance into OpenStack, as described in the Importing vNIOS Instance into OpenStack section.
  5. Set up security groups, as described in the Setting Up Security Groups section.
  6. Start Deploy an instance, as described in the Starting Deploying a vNIOS Instance in an OpenStack Environment section.

Setting

...

up the OpenStack Flavors for vNIOS

After you upload the qcow2 file, set up the OpenStack flavors for your vNIOS models. Each flavor corresponds to different vCPU, RAM, disk size, and functionality.
Infoblox enables you to choose the size of the virtual disk that you use for reporting. To do so, you must create a vNIOS instance and associate an additional disk with it. You can add an ephemeral disk in the flavor that is used to create an instance. Note that the value for the ephemeral disk must be a non-zero.
To set up the vNIOS OpenStack flavors, run the following command:

...

Use the following command to create the a vNIOS instance in OpenStack:

...

glance image-create --name vnios-820 --visibility public --container-format bare
--disk-format qcow2 --file
/tmp/nios-7.3.3-318825-2016-03-04-23-16-19-55G-820-disk1.qcow2

Setting

...

up Security Groups

When you set up your OpenStack environment, you can create an additional security group "vnios-sec-group" or add certain protocol rules to the existing or default security groups to allow specific network traffic. You can configure basic settings as described in the Basic Configuration section, or configure optional settings as described in the Advanced Configuration section. These sections contain sample scripts for Grid communication and for other protocols such as DNS and DHCP. For more information, refer to the Infoblox NIOS Documentation.

This section contains sample scripts that you can use to establish specific protocol rules.

Basic Configuration

...

  1. Create a security group. The following example is for creating a security group

...

  1. by name vnios-sec-group

...

  1. :
    #vNIOS security group
    neutron security-group-rule-create vnios-sec-group

...

  1. Add rules to the security group to allow specific network traffic on required ports. The following example creates a rule that allows only HTTPS traffic on port 443:
    # https
    neutron security-group-rule-create --protocol tcp --port-range-min 443 --port-range-max
    443 --ethertype IPv4 vnios-sec-group

...

Advanced Configuration

Grid communications:

#tunnels
neutron security-group-rule-create --protocol udp --port-range-min 1023
--port-range-max 1023 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 1023
--port-range-max 1023 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 1194
--port-range-max 1195 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 1194
--port-range-max 1195 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 2114
--port-range-max 2114 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 2114
--port-range-max 2114 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 802 --port-range-max 802 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 802 --port-range-max 802 --ethertype IPv6 vnios-sec-group

Optional for other protocols:

# dhcp
neutron security-group-rule-create --protocol udp --port-range-min 67 --port-range-max
69 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 67 --port-range-max
69 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 647 --port-range-max 647 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 647 --port-range-max 647 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 546 --port-range-max
547 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 546 --port-range-max
547 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 546 --port-range-max
547 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 546 --port-range-max
547 --ethertype IPv6 vnios-sec-group
# ntp
neutron security-group-rule-create --protocol tcp --port-range-min 123 --port-range-max
123 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 123 --port-range-max
123 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 123 --port-range-max
123 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 123 --port-range-max
123 --ethertype IPv6 vnios-sec-group
 # dns
neutron security-group-rule-create --protocol tcp --port-range-min 53 --port-range-max
53 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 53 --port-range-max
53 --ethertype IPv6 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 53 --port-range-max
53 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 53 --port-range-max
53 --ethertype IPv6 vnios-sec-group
 # ftp
neutron security-group-rule-create --protocol tcp --port-range-min 20 --port-range-max
21 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 20 --port-range-max
21 --ethertype IPv6 vnios-sec-group
# syslog
neutron security-group-rule-create --protocol udp --port-range-min 514 --port-range-max
514 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol udp --port-range-min 514 --port-range-max
514 --ethertype IPv6 vnios-sec-group
# reporting
neutron security-group-rule-create --protocol tcp --port-range-min 9997
--port-range-max 9997 --ethertype IPv4 vnios-sec-group
neutron security-group-rule-create --protocol tcp --port-range-min 9997
--port-range-max 9997 --ethertype IPv6 vnios-sec-group
# ICMP
neutron security-group-rule-create --protocol icmp --ethertype IPv4 vnios-sec-group neutron security-group-rule-create --protocol icmp --ethertype IPv6 vnios-sec-group

The following screen shot illustrates how to set up the security group rules.
Image Removed

Starting a vNIOS Instance in OpenStack Environment

To start a vNIOS instance:

...

Ensure that you have already specified the vNIOS flavors and provided a unique name for the instance you want to spin up. For the list of available flavors, see vNIOS for KVM Virtual Appliance Models.
Execute the neutron port-create command to create port IDs for the network interfaces (MGMT and LAN1/HA). You can use the security-group option to associate the vNIOS instance with the security group(s) you have created. For information, see the Setting Up Security Groups section. (Optionally, you can associate the vNIOS instance with a security group when you execute the nova boot command.)
Note
Do not reuse the OpenStack neutron port of the deleted instances. When you reuse the neutron port of a deleted instance, a mismatch in the MAC address between the VM interface and the host VF might happen during NIC bonding. Also, the neutron port does not function properly when you reuse it repeatedly. 

Following is a neutron example:

$ neutron port-create --security-group <name of the security group> 
For an HA pair, you must also execute the allowed-address-pairs option to define the VIP port for the HA configuration, using the VRRP MAC address and the Virtual Router ID you use. Following is an example:
$ neutron port-create VIP –-allowed-address-pairs list=true mac_address= 00:00:5e:00:01:c8 ip_address=10.0.0.22 

...

Deploying the vNIOS Instances in an OpenStack Environment

As prerequisites, ensure that you have specified the vNIOS flavors and provided unique names for the instances you want to deploy.

Deploying a Standalone Instance

To deploy a standalone vNIOS instance in OpenStack, complete the following steps:

  1. Run the neutron port-create command to create port IDs for the MGMT, LAN1 and HA network interfaces.
    1. To create an MGMT port, use the command:
      neutron port-create <mgmt_network_name> --name <mgmt-node-1> --binding:vnic-type direct

    2. To create a LAN1 port, use the command:
      neutron port-create <lan1_network_name> --name <lan1-node-1> --binding:vnic-type direct

    3. (Optional) If you need to create a LAN2 port, then you must create a HA port. To create a HA port, use the command:
      neutron port-create <lan1_network_name> --name <ha-node-1> --binding:vnic-type direct

    4. (Optional) If you need to create a LAN2 port, use the command:
      neutron port-create <lan2_network_name> --name <lan2-node-1> --binding:vnic-type direct
  2. Run the neutron port list command to view the network and port IDs generated for all network interfaces. You can copy the port IDs from this output to the nova boot command.
  3. Deploy the instance using the nova boot command as shown in the following example:
    nova boot --config-drive True --flavor <flavor_name> --image <image_name> --nic port-id=<mgmt_port_id> --nic port-id=<lan1_port_id> --nic port-id=<ha_port_id> --nic port-id=<lan2_port_id> <instance_name>
    • flavor specifies the flavors of the vNIOS for KVM instance. For information about how to define flavors, see the Setting Up vNIOS OpenStack Flavors section.
    • image defines the name of the software package you downloaded. For information about supported vNIOS for KVM models, see vNIOS for KVM Virtual Appliance Models.
    • nic port-id specifies the port ID of an interface (MGMT, LAN1, LAN2, or HA).


The vNIOS for KVM instance automatically spins up after the nova boot command is executed.

Note
titleNote
  • For the vNIOS appliance to run in OpenStack, you must specify at least two networks, MGMT and LAN1.
  • To remove networks, use the neutron net-delete command. If some of the networks remain, remove them manually from OpenStack Horizon.

Deploying the vNIOS Instances in a HA Setup

To deploy the vNIOS instances in a HA setup in OpenStack, complete the following steps:

Note
titleNote

In a HA configuration, you must unblock the VRRP port 112 in your security group.

  1. For both active and passive nodes, run the neutron port-create command to create port IDs for the MGMT, LAN1 and HA network interfaces as shown in the following steps:
    1. To create an MGMT port, use the command:
      neutron port-create <mgmt_network_name> --name <mgmt-node-1> --binding:vnic-type direct
      neutron port-create <mgmt_network_name> --name <mgmt-node-2> --binding:vnic-type direct

    2. To create a LAN1 port, use the command:
      neutron port-create <lan1_network_name> --name <lan1-node-1> --binding:vnic-type direct
      neutron port-create <lan1_network_name> --name <lan1-node-2> --binding:vnic-type direct

    3. To create a HA port, use the command:
      neutron port-create <lan1_network_name> --name <ha-node-1> --binding:vnic-type direct
      neutron port-create <lan1_network_name> --name <ha-node-2> --binding:vnic-type direct

  2. Create a port for HA-VIP in the same subnet as that of LAN1 by using the command:
    neutron port-create <lan1_network_name> --name <ha-vip> --binding:vnic-type direct

  3. Run the neutron port list command to view the network and port IDs generated for all network interfaces so you can copy and paste them into . You can copy the port IDs from this output to the nova boot command.Execute the nova boot command in OpenStack to spin up the vNIOS instance. (Note
  4. : Use the custom name you came up with when creating flavors).
    Following is an example

    Deploy active and passive nodes using  the nova boot command:
    nova boot --config-drive

    False --image
    <nios-7.3.0-314352-2016-01-29-05-02-02-160G-1425-disk1.qcow2> --flavor <vnios1410.160>
    – security-groups <name of the security group> --nic net-id=<the network ID for the MGMT interface> --nic net-id=<the network ID for the LAN1/HA interface only if you are configuring an HA pair>

    True --flavor <flavor_name>   --image  <image_name> --nic port-id=<mgmt_port_id> --nic port-id=<lan1_port_id> --nic port-id=<ha_port_id> <instance name>

    flavor specifies nova boot --config-drive True --flavor <flavor_name>   --image  <image_name> --nic port-id=<mgmt_port_id> --nic port-id=<lan1_port_id> --nic port-id=<the IP address ID for the LAN1 interface>
    <my-vm-name>
    where<ha_port_id> <instance name>
    • flavor specifies the flavors of the vNIOS for KVM instance. For information about how to define flavors, see the Setting Up vNIOS OpenStack Flavors section.security-groups defines the security group with which this vNIOS instance associates
    • image defines the name of the software package you downloaded. For information about how to create rules for security groups, see the Setting Up Security Groups section.nic net-id specifies the network ID for the MGMT interface. Note that when provisioning an HA pair, you must also specify the network ID for the LAN1/HA interface. For more information, see Sample Commands for Provisioning an HA Pairsupported vNIOS for KVM models, see vNIOS for KVM Virtual Appliance Models.
    • nic port-id specifies the IP address ID for the LAN1/HA interface.
      Note: For the vNIOS appliance to run in OpenStack, you must specify at least two networks, MGMT and LAN1. To remove networks, use the neutron net-delete command. If some of the networks remain, use OpenStack Horizon to manually remove them.my-vm-name defines the unique name of the VMport ID of an interface (MGMT, LAN1, LAN2, or HA).

The vNIOS for KVM instance automatically spins up after the

...

command is

...

run. Proceed to configure the instances as explained in the following section.

Configuring the vNIOS Instance

  1. In OpenStack Horizon, select the launched instance.
  2. Assign the previously created security group to the instance.
  3. Click the Console tab.
  4. When the Infoblox login prompt appears, log in with the default user name and password.
    login: admin
    password: infoblox
    The Infoblox prompt appears: Infoblox >
  5. You must have Install valid licenses before you can configure the vNIOS appliance. To obtain permanent licenses, first use the Infoblox > show version command to obtain the serial number of the vNIOS appliance, and then visit the Infoblox Support web site at https://support.infoblox.com. Log in with the user ID and password you receive when you register your product online at
    http://www.infoblox.com/support/customer/evaluation-and-registration.
    If the vNIOS virtual appliance does not have the Infoblox licenses required to run NIOS services and to join a Grid, you can use the set temp_license command to generate and install a temporary 60-day license.

  6. From the list of licenses, select the Grid, vNIOS, and other relevant licenses for your vNIOS virtual appliance.
    Note that you must have both the Grid and vNIOS licenses for the vNIOS virtual appliance to join a Grid (2 and 8 from the list).

  7. In OpenStack Horizon, go to InstanceOverview and copy the floating IP address of the instance.
  8. Go back to the console and run the set network command. Not required for Elastic Scaling.
  9. Go to the Infoblox Grid Manager and enable the NAT mode for the Grid member. For an HA Grid Master, ensure that you specify these settings for both nodes. 
    1. Click Grid -> Grid Manager -> Members -> Network.
    2. Select the Grid member and click Edit.
    3. Click Network -> Advanced.
    4. Click Enable NAT Compatibility and enter the floating IP address.
    5. Click Save & Close.
    After you confirm your network settings, the Infoblox Grid Manager automatically restarts. You can then proceed to set up a Grid, as described in Setting Up a Grid. For more information about licenses, refer to the Managing Licenses topic in the Infoblox NIOS Documentation.
  10. In the console, run the set network command.
    This step is not required in the following scenarios:
    • If Elastic Scaling is set up for this instance.
    • If DHCP is enabled for this instance (the LAN1 IP address will be obtained automatically).

  11. (For a HA setup only) Complete the following:

    1. Log in to Grid Manager and change the configuration to HA pair.

    2. To set up an IPv6 only Grid, change the configuration to IPv6 only.

    3. Specify the IP addresses for the node 2 of the LAN1 port and that of HA-VIP port.
      The instance will restart. Once it is back online, you can see the updated configuration using  the show network command.

    4. In the console, use the show interface command to get the MAC address of the NIOS HA interface.

    5. Set the HA port of both active and passive nodes to form a bond with the HA interface as follows:
      neutron port-update <ha1-node-1 port id> --allowed-address-pairs type=dict list=true ip_address=<Ipv4/Ipv6 HA-VIP>,mac_address=<mac address of Node-1 HA interface>
      neutron port-update <ha1-node-2 port id> --allowed-address-pairs type=dict list=true ip_address=<Ipv4/Ipv6 HA-VIP>,mac_address=<mac address of Node-1 HA interface>
      Example:
      neutron port-update 1828291e-c109-46d1-8d13-35d40bc905a2 --allowed-address-pairs type=dict list=true ip_address=2001:1890:1959:2745::902,mac_address=fa:16:3e:07:09:72

    6. Log in to the console of node 2.

    7. Join the node 2 to the HA master through the HA-VIP port by using the set membership command.

Terminating vNIOS Instances

To terminate vNIOS instances, go to in OpenStack Horizon, select the instance and select "choose Terminate Instance" from the drop-down menu list on the right-hand side of the panel.