OpenStack Network Configuration for Avi Controller Cluster

This article explains how to configure a cluster in Avi Vantage for an OpenStack cloud. To provide Avi Controller high availability (HA), add two additional Controller nodes to create a 3-node Controller cluster. For more details on deploying a cluster, refer to Deploying an Avi Controller Cluster.

Prerequisites for Cluster Deployment

There are certain prerequisites defined for the leader and follower nodes in a cluster. For complete information, refer to Prerequisites for Cluster Deployment.
From an OpenStack perspective, consider the following:

  1. A Neutron port is created and is available for cluster VIP.
  2. A floating IP is available for Neutron port.

Deploying an Avi Controller Cluster

For complete information on configuring Controller’s management interfaces and cluster IP, refer to Deploying an Avi Controller Cluster. The following steps are for creating OpenStack floating IP and binding that with the cluster IP:

Write Mode

  1. Access OpenStack Horizon CLI.
    a) List the Network
    openstack network list — This indicates the configured requisite networks.
    
        root@openstack-mitaka:/root# openstack network list
        +--------------------------------------+---------------+------------------------------------------------------+
        | id                                   | name          | subnets                                              |
        +--------------------------------------+---------------+------------------------------------------------------+
        | 10a514a3-d843-499d-80fd-28274d4a4912 | webserver-net | 3ebfb2ef-9b47-44f7-9da5-5245e1d0ed53 192.168.10.0/24 |
        | 5dd0b1cb-ebba-4ff9-84fd-74dcf13c7f86 | client-net    | a9a00d61-6ee8-4fac-80df-4e0bb8c8b4f3 192.168.11.0/24 |
        | c1c045f5-2d0f-43e3-ab43-55f990cde9b7 | provider1     | 1b65c0da-38c7-4c85-88a9-30c52c6a4558 10.130.128.0/18 |
        | dd9dab27-9228-4765-96f2-d56194136ba0 | avimgmt       | 5785c1cf-a222-4b0a-9343-003153f37a65 172.16.0.0/24   |
        +--------------------------------------+---------------+------------------------------------------------------+
        
        
    b) Create a floating IP
    openstack floating ip create provider1 — *provider1* is the network used.
    
        root@openstack-mitaka:/root# openstack floating ip create provider1
        
        
    New floating IP is created.
    
        +---------------------+--------------------------------------+
        | Field               | Value                                |
        +---------------------+--------------------------------------+
        | description         |                                      |
        | fixed_ip_address    |                                      |
        | floating_ip_address | 10.130.170.86                        |
        | floating_network_id | c1c045f5-2d0f-43e3-ab43-55f990cde9b7 |
        | id                  | 4ec57a12-7357-461a-80f6-d87ae7536335 |
        | port_id             |                                      |
        | router_id           |                                      |
        | status              | DOWN                                 |
        | tenant_id           | 904fb201a92f443297bffca3b354d52d     |
        +---------------------+--------------------------------------+
        
        
    c) Get the port-id for cluster IP.
    
        openstack port list -c ID -c 'Fixed IP Addresses'|grep 172.16.0.65
         95665123-64a4-453a-abde-70fdb3d2ae2a| ip_address='172.16.0.65', subnet_id='5785c1cf-a222-4b0a-9343-003153f37a65'
        
        
    d) Associate the cluster IP with the floating IP.
    Using the port-id from the command above (95665123-64a4-453a-abde-70fdb3d2ae2a in this case), associate it with the floating IP created in step b.
    
        root@openstack-mitaka:/root# openstack floating ip set --port 95665123-64a4-453a-abde-70fdb3d2ae2a 4ec57a12-7357-461a-80f6-d87ae7536335
        
        
    
        
    +--------------------------+--------------------------------------+
    | Field                    | Value                               |
    +--------------------------+--------------------------------------+
    | description              |                                     |
    | fixed_ip_address         | 172.16.0.65                         |
    | floating_ip_address      | 10.130.170.86                       |
    | floating_network_id      | c1c045f5-2d0f-43e3-ab43-55f990cde9b7|
    | id                       | 4ec57a12-7357-461a-80f6-d87ae7536335|
    | port_id                  | 95665123-64a4-453a-abde-70fdb3d2ae2a|
    | router_id                | 2d3b93a2-7804-4841-90c4-be15b148d099|
    | status                   | ACTIVE                              |
    | tenant_id                | 904fb201a92f443297bffca3b354d52d    |
    +--------------------------+--------------------------------------+
        
        
  2. Add the cluster IP and the secondary IP for the cluster leader. As shown in Figure 1, 172.16.0.65 is the cluster IP which is added as the secondary IP for the cluster leader. Figure_1

    Figure 1. OpenStack Cluster Configuration


    root@172-16-0-66:~# ip a
    eth0: (BROADCAST,MULTICAST,UP,LOWER_UP) mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:bd:5a:0f brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.66/24 brd 172.16.0.255 scope global eth0
    valid_lft forever preferred_lft forever
    inet 172.16.0.65/32 scope global eth0:1 Cluster IP

Restricting the number of Parallel creation of SEs

The fix/ parallel SE creation cannot be modified from CLI commands. However, this can be from the below-mentioned file:


/opt/avi/scripts/update_cc_ops_limit.py  --help
usage: update_cc_ops_limit.py [-h] --cloud-name CLOUD_NAME [--show] [--se-creations-limit SE_CREATIONS_LIMIT] [--vnic-ops-limit VNIC_OPS_LIMIT]

optional arguments:
-h, --help                                 show this help message and exit
--cloud-name CLOUD_NAME                    Name of cloud to be updated
--show                                     Show existing limits
--se-creations-limit SE_CREATIONS_LIMIT    Maximum number of concurrent SE creations. The default value of -1 means no limit. A value of 0 means this operation is currently disabled.
--vnic-ops-limit VNIC_OPS_LIMIT            Maximum number of concurrent vNIC (both add and delete) operations. The default value of -1 means no limit. A value of 0 means this operation is currently disabled.

SE Parallel Limit

The following are the steps to configure the OpenStack maximum SE limit:

show existing SE limit



======================
root@10-50-56-243:/opt/avi/scripts# python3 update_cc_ops_limit.py  --cloud-name 'openstack_cloud' --show
Existing max_concurrent_se_creations limit = -1
Existing max_concurrent_vnic_ops limit = -1

set creation limit to 2



======================
root@10-50-56-243:/opt/avi/scripts# python3 update_cc_ops_limit.py  --cloud-name 'openstack_cloud' --se-creations-limit '2'
updating concurrent SE creations limit to 2

show se creation limit



=====================
root@10-50-56-243:/opt/avi/scripts# python3 update_cc_ops_limit.py  --cloud-name 'openstack_cloud' --show
Existing max_concurrent_se_creations limit = 2
Existing max_concurrent_vnic_ops limit = -1

No-Access Mode

For OpenStack No-Access cloud type, the AAP entries need to be configured manually using the following command. An example is shown in the code block below.


root@openstack-mitaka:/root# openstack port set --allowed--address ip-address=172.16.0.133 Controller_Port
  

root@openstack-mitaka:/root#  openstack port set --allowed--address ip-address=172.16.0.133 d0bf0bda-02e2-46bf-abd2-0d05cc4654df
root@openstack-mitaka:/root# openstack port show d0bf0bda-02e2-46bf-abd2-0d05cc4654df    
        +-------------------------------+-----------------------------------------------------------------------------------+
 | Field                    | Value                                                                                  |
 +--------------------------+----------------------------------------------------------------------------------------+
 | admin_state_up           |   True                                                                                 |
 | allowed_address_pairs    |   {"ip_address": "172.16.0.131", "mac_address": "fa:16:3e:47:6b:70"}                   |
 | binding:host_id          |   openstack-mitaka                                                                     |
 | binding:profile          |   {}                                                                                   |
 | binding:vif_details      |   {"port_filter": true}                                                                |
 | binding:vif_type         |   bridge                                                                               |
 | binding:vnic_type        |   normal                                                                               |
 | created_at               |   2018-01-12T13:58:02                                                                  |
 | description              |                                                                                        |
 | device_id                |   2adedfc3-75d6-4296-ad18-bfc38873485c                                                 |
 | device_owner             |   compute:nova                                                                         |
 | extra_dhcp_opts          |                                                                                        |
 | fixed_ips                |   {"subnet_id": "5785c1cf-a222-4b0a-9343-003153f37a65", "ip_address": "172.16.0.133"}  |
 | id                       |   d0bf0bda-02e2-46bf-abd2-0d05cc4654df                                                 |
 | mac_address              |   fa:16:3e:47:6b:70                                                                    |
 | name                     |                                                                                        |
 | network_id               |   dd9dab27-9228-4765-96f2-d56194136ba0                                                 |
 | port_security_enabled    |   True                                                                                 |
 | security_groups          |   3cc1092e-538c-4ff7-b4ac-eeff84731f75                                                 |
 | status                   |   ACTIVE                                                                               |
 | tenant_id                |   904fb201a92f443297bffca3b354d52d                                                     |
 | updated_at               |   2018-01-12T14:19:06                                                                  |
 +--------------------------+----------------------------------------------------------------------------------------+
  

Create the neutron port for the VIP by using the following command.


openstack port create --network "neutron_network_name" --allowed-address mac-address="fa:16:3e:52:81:03",ip-address="172.16.0.63" --allowed-address mac-address="fa:16:3e:52:81:04",ip-address="172.16.0.64" --allowed-address mac-address="fa:16:3e:52:81:06",ip-address="172.16.0.66" --fixed-ip ip-address="172.16.0.65" --project "904fb201a92f443297bffca3b354d52d"


Example


openstack port create --network "neutron_network_name" --allowed-address mac-address="controller_mac1",ip-address="controller_ip1" --allowed-address mac-address="controller_mac2",ip-address="controller_ip2" --allowed-address mac-address="controller_mac3",ip-address="controller_ip3" --fixed-ip ip-address="cluster_ip" --project "project-id"


Note: When the leader Controller fails (or reboots), a follower Controller will take over the cluster IP (in this case 172.16.0.65), and the mapping between floating IP (10.130.170.86) and cluster IP (172.16.0.65) will not change. Therefore, without intervention, the floating IP and cluster IP association will work as expected.