/
Installing vNIOS for KVM in the OpenStack Environment
Document toolboxDocument toolbox

Installing vNIOS for KVM in the OpenStack Environment

Owned by Jyothi KP
Last updated: Oct 18, 2024
7 min read

Note

Before you issue commands with Nova, ensure that your environment contains the necessary credentials. You can do this by sourcing the keystonerc_admin file that is created during the OpenStack installation. For more information, refer to the section Getting Credentials for a CLI in the OpenStack CLI Guide.

Sections covered in this topic are:

To install vNIOS for KVM in OpenStack complete the following steps:

  1. In OpenStack, run source keystonerc_admin to set up the OpenStack environment.

  2. Upload the qcow2 file for the specified vNIOS for KVM model to OpenStack. For more information, see Requirements.

  3. Set up the OpenStack flavors, as described in the Setting Up the OpenStack Flavors for vNIOS section.

  4. Import the vNIOS instance into OpenStack, as described in the Importing vNIOS Instance into OpenStack section.

  5. Set up security groups, as described in the Setting Up Security Groups section.

  6. Deploy an instance, as described in the Deploying a vNIOS Instance in an OpenStack Environment section.

Note
The serial console output for instances deployed in the OpenStack environment may have inconsistencies as the console output is from the VGA port. To view the console output for an instance, Infoblox recommends that you use the serial port connected to that instance.

Setting up the OpenStack Flavors for vNIOS

After you upload the qcow2 file, set up the OpenStack flavors for your vNIOS models. Each flavor corresponds to different vCPU, RAM, disk size, and functionality.
Infoblox enables you to choose the size of the virtual disk that you use for reporting. To do so, you must create a vNIOS instance and associate an additional disk with it. You can add an ephemeral disk in the flavor that is used to create an instance. Note that the value for the ephemeral disk must be a non-zero.
To set up the vNIOS OpenStack flavors, run the following command:

nova flavor-create --is-public true <name> <ID> <Memory> <disk> <cpu> --swap 0
--ephemeral 0
where

  • name defines the name for the vNIOS for KVM instance. For reporting, mention the name of the reporting model.

  • ID defines the unique OpenStack flavor ID for the KVM instance.

  • memory disk and cpu specify the flavors of the vNIOS for KVM instance.

  • ephemeral defines the additional disk that is required to configure the reporting model.

Following is a sample command:

nova flavor-create --is-public true vnios-1425.160 6 8192 160 4 --swap 0 --ephemeral 0

For list of vNIOS OpenStack flavors with their specifications, refer vNIOS for KVM Virtual Appliance Models.

To manage the vNIOS OpenStack flavors, use the standard Nova API. For example, run nova flavor-list to show the created flavors.

Importing vNIOS Instance into OpenStack

Use the following command to create a vNIOS instance in OpenStack:

glance image-create --name <the name of the vNIOS image> --visibility public
--container-format bare --disk-format qcow2 --file <location of the image>

Example:

glance image-create --name vnios-820 --visibility public --container-format bare
--disk-format qcow2 --file
/tmp/nios-7.3.3-318825-2016-03-04-23-16-19-55G-820-disk1.qcow2

Setting up Security Groups

When you set up your OpenStack environment, you can create an additional security group "vnios-sec-group" or add certain protocol rules to the existing or default security groups to allow specific network traffic. You can configure basic settings as described in the Basic Configuration section, or configure optional settings for Grid communication and for other protocols such as DNS and DHCP. For more information, refer to the Infoblox NIOS Documentation.

This section contains sample scripts that you can use to establish specific protocol rules.

Basic Configuration

  1. Create a security group. The following example is for creating a security group by name vnios-sec-group:
    #vNIOS security group
    neutron security-group-rule-create vnios-sec-group

  2. Add rules to the security group to allow specific network traffic on required ports. The following example creates a rule that allows only HTTPS traffic on port 443:
    # https
    neutron security-group-rule-create --protocol tcp --port-range-min 443 --port-range-max
    443 --ethertype IPv4 vnios-sec-group

Deploying the vNIOS Instances in an OpenStack Environment

As prerequisites, ensure that you have specified the vNIOS flavors and provided unique names for the instances you want to deploy.

Deploying a Standalone Instance

To deploy a standalone vNIOS instance in OpenStack, complete the following steps:

  1. Run the neutron port-create command to create port IDs for the MGMT, LAN1 and HA network interfaces.

    1. To create an MGMT port, use the command:
      neutron port-create <mgmt_network_name> --name <mgmt-node-1> --binding:vnic-type direct

    2. To create a LAN1 port, use the command:
      neutron port-create <lan1_network_name> --name <lan1-node-1> --binding:vnic-type direct

    3. (Optional) If you need to create a LAN2 port, then you must create a HA port. To create a HA port, use the command:
      neutron port-create <lan1_network_name> --name <ha-node-1> --binding:vnic-type direct

    4. (Optional) If you need to create a LAN2 port, use the command:
      neutron port-create <lan2_network_name> --name <lan2-node-1> --binding:vnic-type direct

  2. Run the neutron port list command to view the network and port IDs generated for all network interfaces. You can copy the port IDs from this output to the nova boot command.

  3. Deploy the instance using the nova boot command as shown in the following example:
    nova boot --config-drive True --flavor <flavor_name> --image <image_name> --nic port-id=<mgmt_port_id> --nic port-id=<lan1_port_id> --nic port-id=<ha_port_id> --nic port-id=<lan2_port_id> <instance_name>

    • flavor specifies the flavors of the vNIOS for KVM instance. For information about how to define flavors, see the Setting Up vNIOS OpenStack Flavors section.

    • image defines the name of the software package you downloaded. For information about supported vNIOS for KVM models, see vNIOS for KVM Virtual Appliance Models.

    • nic port-id specifies the port ID of an interface (MGMT, LAN1, LAN2, or HA).


The vNIOS for KVM instance automatically spins up after the nova boot command is executed.

Note

  • For the vNIOS appliance to run in OpenStack, you must specify at least two networks, MGMT and LAN1.

  • To remove networks, use the neutron net-delete command. If some of the networks remain, remove them manually from OpenStack Horizon.

Deploying the vNIOS Instances in a HA Setup

To deploy the vNIOS instances in a HA setup in OpenStack, complete the following steps:

  1. For both active and passive nodes, run the neutron port-create command to create port IDs for the MGMT, LAN1 and HA network interfaces as shown in the following steps:

    1. To create an MGMT port, use the command:
      neutron port-create <mgmt_network_name> --name <mgmt-node-1> --binding:vnic-type direct
      neutron port-create <mgmt_network_name> --name <mgmt-node-2> --binding:vnic-type direct

    2. To create a LAN1 port, use the command:
      neutron port-create <lan1_network_name> --name <lan1-node-1> --binding:vnic-type direct
      neutron port-create <lan1_network_name> --name <lan1-node-2> --binding:vnic-type direct

    3. To create a HA port, use the command:
      neutron port-create <lan1_network_name> --name <ha-node-1> --binding:vnic-type direct
      neutron port-create <lan1_network_name> --name <ha-node-2> --binding:vnic-type direct

  2. Create a port for HA-VIP in the same subnet as that of LAN1 by using the command:
    neutron port-create <lan1_network_name> --name <ha-vip> --binding:vnic-type direct

  3. Run the neutron port list command to view the network and port IDs generated for all network interfaces. You can copy the port IDs from this output to the nova boot command.

  4. Deploy active and passive nodes using  the nova boot command:
    nova boot --config-drive True --flavor <flavor_name>   --image  <image_name> --nic port-id=<mgmt_port_id> --nic port-id=<lan1_port_id> --nic port-id=<ha_port_id> <instance name>

    nova boot --config-drive True --flavor <flavor_name>   --image  <image_name> --nic port-id=<mgmt_port_id> --nic port-id=<lan1_port_id> --nic port-id=<ha_port_id> <instance name>

    • flavor specifies the flavors of the vNIOS for KVM instance. For information about how to define flavors, see the Setting Up vNIOS OpenStack Flavors section.

    • image defines the name of the software package you downloaded. For information about supported vNIOS for KVM models, see vNIOS for KVM Virtual Appliance Models.

    • nic port-id specifies the port ID of an interface (MGMT, LAN1, LAN2, or HA).

The vNIOS for KVM instance automatically spins up after the command is run. Proceed to configure the instances as explained in the following section.

Configuring the vNIOS Instance

  1. In OpenStack Horizon, select the launched instance.

  2. Assign the previously created security group to the instance.

  3. Click the Console tab.

  4. When the Infoblox login prompt appears, log in with the default user name and password.
    login: admin
    password: infoblox
    The Infoblox prompt appears: Infoblox >

  5. Install valid licenses. For more information about licenses, refer to the Managing Licenses topic in the Infoblox NIOS Documentation.

  6. In the console, run the set network command.
    This step is not required in the following scenarios:

    • If Elastic Scaling is set up for this instance.

    • If DHCP is enabled for this instance (the LAN1 IP address will be obtained automatically).

  7. (For a HA setup only) Complete the following:

    1. Log in to Grid Manager and change the configuration to HA pair.

    2. To set up an IPv6 only Grid, change the configuration to IPv6 only.

    3. Specify the IP addresses for the node 2 of the LAN1 port and that of HA-VIP port.
      The instance will restart. Once it is back online, you can see the updated configuration using  the show network command.

    4. In the console, use the show interface command to get the MAC address of the NIOS HA interface.

    5. Set the HA port of both active and passive nodes to form a bond with the HA interface as follows:
      neutron port-update <ha1-node-1 port id> --allowed-address-pairs type=dict list=true ip_address=<Ipv4/Ipv6 HA-VIP>,mac_address=<mac address of Node-1 HA interface>
      neutron port-update <ha1-node-2 port id> --allowed-address-pairs type=dict list=true ip_address=<Ipv4/Ipv6 HA-VIP>,mac_address=<mac address of Node-2 HA interface>
      Example:
      neutron port-update 1828291e-c109-46d1-8d13-35d40bc905a2 --allowed-address-pairs type=dict list=true ip_address=2001:1890:1959:2745::902,mac_address=fa:16:3e:07:09:72

    6. Log in to the console of node 2.

    7. Join the node 2 to the HA master through the HA-VIP port by using the set membership command.

Terminating vNIOS Instances

To terminate vNIOS instances, in OpenStack Horizon, select the instance and choose Terminate Instance from the drop-down list on the right-hand side of the panel.