manualshive.com logo in svg

H3C SeerEngine-DC, Installation Manual

Share
Download
H3C SeerEngine-DC Installation Manual Download Page 8

Preprovisioning basic SeerEngine-DC 
settings 

This procedure preprovisions only basic SeerEngine-DC settings. For the configuration in a specific 
scenario, see the SeerEngine-DC configuration guide for that scenario. 

Table 3 Preprovisioning basic SeerEngine-DC settings 

Item 

Configuration directory 

Fabrics 

Provision

 > 

Network Design

 > 

Fabrics

 

VDS 

Tenants

 > 

Common Network Settings

 > 

Virtual Distributed 

Switches

 

IP address pool 

Provision

 > 

Inventory

 > 

IP Address Pools

 

VNID pools (VLANs, VXLANs, and 
VLAN-VXLAN mappings) 

Provision 

Inventory

 > 

VNID Pools

 > 

VLANs 

Provision 

Inventory

 > 

VNID Pools

 > 

VXLANs

 

Provision 

Inventory

 > 

VNID Pools

 > 

VLAN-VXLAN 

Mappings 

Add access devices and border devices to 
a fabric 

Provision

 > 

Network Design

 > 

Fabrics

 

L4-L7 device, physical resource pool, and 
template 

Provision

 > 

Inventory

 > 

Devices 

L4-L7 Device

 

Provision

 > 

Inventory

 > 

Devices

 > 

L4-L7 Physical 

Resource Pools

 

Border gateway 

Tenants 

Common Network Settings

 > 

Gateway

 

Domains and hosts 

Provision 

Network Design

 > 

Domains 

Provision 

Network Design

 > 

Domains

 > 

Hosts 

Interoperability with OpenStack 

Virtual Networking 

OpenStack 

NOTE: 

  Make sure the cloud platform name (case sensitive) 

is the same as the value for the cloud_region_name 
parameter in the ml2_conf.ini file of the Neutron 
plug-in. 

  Make the VNI range is the same as the VXLAN VNI 

range on the cloud platform. 

 

 

Summary of Contents for SeerEngine-DC

Page 1: ...H3C SeerEngine DC Controller Converged OpenStack Plug Ins Installation Guide New H3C Technologies Co Ltd http www h3c com Document version 5W701 20210702 ...

Page 2: ...w H3C Technologies Co Ltd any trademarks that may be mentioned in this document are the property of their respective owners Notice The information in this document is subject to change without notice All contents in this document including statements information and recommendations are believed to be accurate but they are presented without warranty of any kind express or implied H3C shall not be l...

Page 3: ...re in Boldface For example the New User window opens click OK Multi level menus are separated by angle brackets For example File Create Folder Symbols Convention Description WARNING An alert that calls attention to important information that if not understood or followed can result in personal injury CAUTION An alert that calls attention to important information that if not understood or followed ...

Page 4: ...lling the SeerEngine DC Neutron plug ins on the OpenStack control node 6 Parameters and fields 9 Upgrading the SeerEngine DC Neutron plug ins 13 Installing the SeerEngine DC Neutron security plug in on OpenStack 13 Installing the security plug in on the controller node 13 Upgrading the SeerEngine DC Neutron security plug in 23 Optional Configuring the metadata service for network nodes 24 FAQ 25 T...

Page 5: ...he OpenStack framework The SeerEngine DC Neutron plug ins allow deployment of the network configuration obtained from OpenStack through REST APIs on the SeerEngine DC controller including tenants networks subnets routers and ports CAUTION To avoid service interruptions do not modify the settings issued by the cloud platform on the controller such as the virtual link layer network vRouter and vSubn...

Page 6: ...Stack Stein IMPORTANT Before you install the OpenStack plug ins make sure the following requirements are met Your system has a reliable Internet connection OpenStack has been deployed correctly Verify that the etc hosts file on all nodes has the host name IP address mappings and the OpenStack Neutron extension services Neutron FWaas Neutron VPNaas or Neutron LBaas have been deployed For the deploy...

Page 7: ...ing Kolla Ansible Before installing the plug ins deploy OpenStack by using Kolla Ansible first For the OpenStack deployment procedure see the installation guide for the specific OpenStack version on the OpenStack official website ...

Page 8: ...nventory VNID Pools VXLANs Provision Inventory VNID Pools VLAN VXLAN Mappings Add access devices and border devices to a fabric Provision Network Design Fabrics L4 L7 device physical resource pool and template Provision Inventory Devices L4 L7 Device Provision Inventory Devices L4 L7 Physical Resource Pools Border gateway Tenants Common Network Settings Gateway Domains and hosts Provision Network ...

Page 9: ...n all root localhost yum makecache root localhost yum install y python pip python setuptools 2 Install runlike root localhost pip install runlike 3 Log in to the controller node and edit the etc hosts file Add the following information to the file IP and name mappings of all hosts in this OpenStack environment To obtain this information access the SeerEngine DC controller and select Provision Doma...

Page 10: ...lla neutron server neutron conf b Press I to switch to the insert mode and modify the configuration file For information about the parameters see neutron conf DEFAULT core_plugin ml2 service_plugins h3c_l3_router qos h3c_vpc_connection h3c_port_forwarding service_providers service_provider VPC_CONNECTION H3C networking_h3c vpc_connection h3c_vpc_conn ection_driver H3CVpcConnectionDriver default qo...

Page 11: ...olla neutron server fwaas_driver ini file to networking_h3c fw h3c_fwplugin_driver H3CfwaasDriver 3 Modify the ml2_conf ini configuration file a Use the vi editor to open the ml2_conf ini configuration file root localhost vi etc kolla neutron server ml2_conf ini b Press I to switch to the insert mode and set the parameters in the ml2_conf ini configuration file For information about the parameters...

Page 12: ...o True perform the following tasks Delete the username password and domain parameters in the ml2_conf_h3c ini configuration file Add an authentication free user to the controller Enter the IP address of the host where the Neutron server resides Specify the role as Admin 6 If you have set the use_neutron_credential parameter to True perform the following steps a Modify the neutron conf configuratio...

Page 13: ...ocalhost docker rmi kolla neutron server h3c 10 Copy the neutron server configuration to the h3c agent directory and modify the configuration root localhost cp pR etc kolla neutron server etc kolla h3c agent root localhost sed i s neutron server h3c agent g etc kolla h3c agent config json 11 Start the neutron server container root localhost source docker neutron server sh 12 View the startup statu...

Page 14: ...tworks to which the tenants belong vxlan must be specified as the first driver type For intranet only vxlan is available For extranet only vlan is available mechanism_drivers ml2_h3c Name of the ml2 driver To create SR IOV instances for VLAN networks set this parameter to sriovnicswitch ml2_h3c To create hierarchy supported instances set this parameter to ml2_h3c openvswitch extension_drivers ml2_...

Page 15: ...he vhostuser_mode parameter when the value of this parameter is vhostuser Only the Pike plug in supports this parameter vhostuser_mode Default DPDK vHost user mode server client The default value is server This setting takes effect only when the value of the vif_type parameter is vhostuser white_list Whether to enable or disable the authentication free user feature on OpenStack True Enable False D...

Page 16: ...ice save the CA certificate in the usr share neutron directory Only the Pike plug in supports this parameter neutron_plugin_cert_file Save location for the Cert certificate of the controller As a best practice save the Cert certificate in the usr share neutron directory Only the Pike plug in supports this parameter neutron_plugin_key_file Save location for the Key certificate of the controller As ...

Page 17: ...nt Before an upgrade back up the settings in the etc kolla neutron server neutron conf and etc kolla neutron server ml2_conf ini configuration files After the upgrade modify the parameter settings according to the configuration files to ensure configuration consistency before and after the upgrade To upgrade the SeerEngine DC Neutron plug ins just install the new version of the plug ins For inform...

Page 18: ... FIREWALL H3C networking_sec_h3c fw h3c_fwplugin_driver H3CFwa asDriver default service_provider LOADBALANCERV2 H3C networking_sec_h3c lb h3c_lbplugin_driver_ v2 H3CLbaasv2PluginDriver default service_provider VPN H3C networking_sec_h3c vpn h3c_vpnplugin_driver H3CVpnPlu ginDriver default IMPORTANT For the Pike plug ins when the load balancer supports multiple resource pools of the Context type yo...

Page 19: ... port_security ml2_type_vlan network_vlan_ranges physicnet1 1000 2999 ml2_type_vxlan vni_ranges 1 500 c Press Esc to quit insert mode and enter wq to exit the vi editor and save the file 4 Edit the neutron conf configuration file a Use the vi editor to open the neutron conf configuration file root localhost vi etc kolla neutron server neutron conf b Press I to switch to the insert mode and then ed...

Page 20: ... the role as Admin 6 If you have set the use_neutron_credential parameter to True perform the following steps a Modify the neutron conf configuration file Use the vi editor to open the neutron conf configuration file Press I to switch to insert mode and add the following configuration For information about the parameters see neutron conf keystone_authtoken admin_user neutron admin_password 123456 ...

Page 21: ...sec agent services root localhost source docker neutron server sh root localhost source docker h3c sec agent sh 12 Verify the status of the services root localhost docker ps filter name neutron_server CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 289e4e132a9b kolla centos source neutron server ocata dumb init single 1 minutes ago Up 1 minutes neutron_server root localhost docker ps filter ...

Page 22: ...is parameter to ml2_h3c openvswitch extension_drivers Names of the ml2 extension drivers Available names include ml2_extension_h3c qos and port_security If the QoS feature is not enabled on OpenStack you do not need to specify the value qos for this parameter To not enable port security on OpenStack you do not need to specify the port_security value for this parameter The Kilo 2015 1 Liberty 2015 ...

Page 23: ...l type is available only when the value of the resource_mode parameter is CORE_GATEWAY fw_share_by_tenant Whether to enable exclusive use of a gateway service type firewall context by a single tenant and allow the context to be shared by service resources of the tenant when the firewall type is CGSR_SHARE lb_type Type of the load balancers created on the controller CGSR Gateway service type load b...

Page 24: ...be shared auto_create_resource Whether to enable or disable the automatic resources creation feature True Enable False Disable nfv_ha Whether the NFV and NFV_SHARE resources support stack True Support False Do not support use_neutron_credential Whether to use the OpenStack Neutron username and password to communicate with the SeerEngine DC controller True Use False Do not use firewall_force_audit ...

Page 25: ...share neutron directory Only the Pike plug ins support this parameter cgsr_fw_context_limit Context threshold for context based gateway service type firewalls The value is an integer When the threshold is reached all the context based gateway service type firewalls use the same context This parameter takes effect only when the value of the firewall_type parameter is CGSR_SHARE_BY_COUNT Only the Pi...

Page 26: ...the controller s gateway name for the network_vlan_ranges parameter Only the Pike plug ins support this parameter tenant_gateway_name Name of the gateway to which the tenant is bound The default value is None When the value of the tenant_gw_selection_strategy parameter is match_gateway_name You must specify the name of an existing gateway on the controller side Only the Pike Queens and Rocky plug ...

Page 27: ...de Resource pool mode of LB service resources SP All gateways share the same LB resource pool MP Each gateway uses an LB resource pool The default value is SP enable_lb_xff Whether to enable XFF transparent transmission for LB listeners True Enable False Disable When the value is True and the listener protocol is HTTP or TERMINATED_HTTPS a newly created listener is enabled with XFF transparent tra...

Page 28: ... the network nodes to provide metadata service through DHCP a Use the vi editor to open configuration file dhcp_agent ini root network vi etc kolla neutron dhcp agent dhcp_agent ini b Press I to switch to the insert mode and modify configuration file dhcp_agent ini as follows DEFAULT force_metadata True Set the value to True for the force_metadata parameter to force the network nodes to provide me...

Page 29: ...username username proxy_password password Table 4 describes the arguments in HTTP proxy information Table 4 Arguments in HTTP proxy information Field Description username Username for logging in to the proxy server for example sdn password Password for logging in to the proxy server for example 123456 yourproxyaddress IP address of the proxy server for example 172 25 1 1 proxyport Port number of t...

Page 30: ...26 3 If the issue persists contact after sales engineers ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands