OpenStack Network Configuration for Avi Controller Cluster
This article explains how to configure a cluster in Avi Vantage for an OpenStack cloud. To provide Avi Controller high availability (HA), add two additional Controller nodes to create a 3-node Controller cluster. For more details on deploying a cluster, refer to Deploying an Avi Controller Cluster.
Prerequisites for Cluster Deployment
There are certain prerequisites defined for the leader and follower nodes in a cluster. For complete information, refer to Prerequisites for Cluster Deployment.
From an OpenStack perspective, consider the following:
- A Neutron port is created and is available for cluster VIP.
- A floating IP is available for Neutron port.
Deploying an Avi Controller Cluster
For complete information on configuring Controller’s management interfaces and cluster IP, refer to Deploying an Avi Controller Cluster. The following steps are for creating OpenStack floating IP and binding that with the cluster IP:
Write Mode
- Access OpenStack Horizon CLI.
a) List the Network
openstack network list — This indicates the configured requisite networks.
b) Create a floating IProot@openstack-mitaka:/root# openstack network list +--------------------------------------+---------------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------------+------------------------------------------------------+ | 10a514a3-d843-499d-80fd-28274d4a4912 | webserver-net | 3ebfb2ef-9b47-44f7-9da5-5245e1d0ed53 192.168.10.0/24 | | 5dd0b1cb-ebba-4ff9-84fd-74dcf13c7f86 | client-net | a9a00d61-6ee8-4fac-80df-4e0bb8c8b4f3 192.168.11.0/24 | | c1c045f5-2d0f-43e3-ab43-55f990cde9b7 | provider1 | 1b65c0da-38c7-4c85-88a9-30c52c6a4558 10.130.128.0/18 | | dd9dab27-9228-4765-96f2-d56194136ba0 | avimgmt | 5785c1cf-a222-4b0a-9343-003153f37a65 172.16.0.0/24 | +--------------------------------------+---------------+------------------------------------------------------+
openstack floating ip create provider1 — *provider1* is the network used.
New floating IP is created.root@openstack-mitaka:/root# openstack floating ip create provider1
c) Get the port-id for cluster IP.+---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | description | | | fixed_ip_address | | | floating_ip_address | 10.130.170.86 | | floating_network_id | c1c045f5-2d0f-43e3-ab43-55f990cde9b7 | | id | 4ec57a12-7357-461a-80f6-d87ae7536335 | | port_id | | | router_id | | | status | DOWN | | tenant_id | 904fb201a92f443297bffca3b354d52d | +---------------------+--------------------------------------+
d) Associate the cluster IP with the floating IP.openstack port list -c ID -c 'Fixed IP Addresses'|grep 172.16.0.65 95665123-64a4-453a-abde-70fdb3d2ae2a| ip_address='172.16.0.65', subnet_id='5785c1cf-a222-4b0a-9343-003153f37a65'
Using the port-id from the command above (95665123-64a4-453a-abde-70fdb3d2ae2a in this case), associate it with the floating IP created in step b.root@openstack-mitaka:/root# openstack floating ip set --port 95665123-64a4-453a-abde-70fdb3d2ae2a 4ec57a12-7357-461a-80f6-d87ae7536335+--------------------------+--------------------------------------+ | Field | Value | +--------------------------+--------------------------------------+ | description | | | fixed_ip_address | 172.16.0.65 | | floating_ip_address | 10.130.170.86 | | floating_network_id | c1c045f5-2d0f-43e3-ab43-55f990cde9b7| | id | 4ec57a12-7357-461a-80f6-d87ae7536335| | port_id | 95665123-64a4-453a-abde-70fdb3d2ae2a| | router_id | 2d3b93a2-7804-4841-90c4-be15b148d099| | status | ACTIVE | | tenant_id | 904fb201a92f443297bffca3b354d52d | +--------------------------+--------------------------------------+ - Add the cluster IP and the secondary IP for the cluster leader. As shown in Figure 1, 172.16.0.65 is the cluster IP which is added as the secondary IP for the cluster leader.
Figure 1. OpenStack Cluster Configuration
root@172-16-0-66:~# ip a
eth0: (BROADCAST,MULTICAST,UP,LOWER_UP) mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:bd:5a:0f brd ff:ff:ff:ff:ff:ff
inet 172.16.0.66/24 brd 172.16.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.0.65/32 scope global eth0:1 Cluster IP
Restricting the number of Parallel creation of SEs
The fix/ parallel SE creation cannot be modified from CLI commands. However, this can be from the below-mentioned file:
/opt/avi/scripts/update_cc_ops_limit.py --help
usage: update_cc_ops_limit.py [-h] --cloud-name CLOUD_NAME [--show] [--se-creations-limit SE_CREATIONS_LIMIT] [--vnic-ops-limit VNIC_OPS_LIMIT]
optional arguments:
-h, --help show this help message and exit
--cloud-name CLOUD_NAME Name of cloud to be updated
--show Show existing limits
--se-creations-limit SE_CREATIONS_LIMIT Maximum number of concurrent SE creations. The default value of -1 means no limit. A value of 0 means this operation is currently disabled.
--vnic-ops-limit VNIC_OPS_LIMIT Maximum number of concurrent vNIC (both add and delete) operations. The default value of -1 means no limit. A value of 0 means this operation is currently disabled.
SE Parallel Limit
The following are the steps to configure the OpenStack maximum SE limit:
show existing SE limit
======================
root@10-50-56-243:/opt/avi/scripts# python3 update_cc_ops_limit.py --cloud-name 'openstack_cloud' --show
Existing max_concurrent_se_creations limit = -1
Existing max_concurrent_vnic_ops limit = -1
set creation limit to 2
======================
root@10-50-56-243:/opt/avi/scripts# python3 update_cc_ops_limit.py --cloud-name 'openstack_cloud' --se-creations-limit '2'
updating concurrent SE creations limit to 2
show se creation limit
=====================
root@10-50-56-243:/opt/avi/scripts# python3 update_cc_ops_limit.py --cloud-name 'openstack_cloud' --show
Existing max_concurrent_se_creations limit = 2
Existing max_concurrent_vnic_ops limit = -1
No-Access Mode
For OpenStack No-Access cloud type, the AAP entries need to be configured manually using the following command. An example is shown in the code block below.
root@openstack-mitaka:/root# openstack port set --allowed--address ip-address=172.16.0.133 Controller_Port
root@openstack-mitaka:/root# openstack port set --allowed--address ip-address=172.16.0.133 d0bf0bda-02e2-46bf-abd2-0d05cc4654df
root@openstack-mitaka:/root# openstack port show d0bf0bda-02e2-46bf-abd2-0d05cc4654df
+-------------------------------+-----------------------------------------------------------------------------------+
| Field | Value |
+--------------------------+----------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | {"ip_address": "172.16.0.131", "mac_address": "fa:16:3e:47:6b:70"} |
| binding:host_id | openstack-mitaka |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true} |
| binding:vif_type | bridge |
| binding:vnic_type | normal |
| created_at | 2018-01-12T13:58:02 |
| description | |
| device_id | 2adedfc3-75d6-4296-ad18-bfc38873485c |
| device_owner | compute:nova |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "5785c1cf-a222-4b0a-9343-003153f37a65", "ip_address": "172.16.0.133"} |
| id | d0bf0bda-02e2-46bf-abd2-0d05cc4654df |
| mac_address | fa:16:3e:47:6b:70 |
| name | |
| network_id | dd9dab27-9228-4765-96f2-d56194136ba0 |
| port_security_enabled | True |
| security_groups | 3cc1092e-538c-4ff7-b4ac-eeff84731f75 |
| status | ACTIVE |
| tenant_id | 904fb201a92f443297bffca3b354d52d |
| updated_at | 2018-01-12T14:19:06 |
+--------------------------+----------------------------------------------------------------------------------------+
Create the neutron port for the VIP by using the following command.
openstack port create --network "neutron_network_name" --allowed-address mac-address="fa:16:3e:52:81:03",ip-address="172.16.0.63" --allowed-address mac-address="fa:16:3e:52:81:04",ip-address="172.16.0.64" --allowed-address mac-address="fa:16:3e:52:81:06",ip-address="172.16.0.66" --fixed-ip ip-address="172.16.0.65" --project "904fb201a92f443297bffca3b354d52d"
Example
openstack port create --network "neutron_network_name" --allowed-address mac-address="controller_mac1",ip-address="controller_ip1" --allowed-address mac-address="controller_mac2",ip-address="controller_ip2" --allowed-address mac-address="controller_mac3",ip-address="controller_ip3" --fixed-ip ip-address="cluster_ip" --project "project-id"
Note: When the leader Controller fails (or reboots), a follower Controller will take over the cluster IP (in this case 172.16.0.65), and the mapping between floating IP (10.130.170.86) and cluster IP (172.16.0.65) will not change. Therefore, without intervention, the floating IP and cluster IP association will work as expected.