x
/
fuel-plugin-cisco-aci
Code Issues Proposed changes
fuel-plugin-cisco-aci/doc/fuel-plugin-cisco-aci.rst

16 KiB
Raw Blame History

Fuel Plugin Cisco ACI specification

The Cisco Application Policy Infrastructure Controller (Cisco APIC) is the unifying point of automation and management for the Application Centric Infrastructure (ACI) fabric. The Cisco APIC provides centralized access to all fabric information, optimizes the application lifecycle for scale and performance, and supports flexible application provisioning across physical and virtual resources.[1] This specification describes automation of deployment Cisco ACI with OpenStack.

Problem description

This integration should be supported with the upstream version of Fuel product. Mirantis Openstack 6.0 release has Pluggable Architecture feature, that prevents developers from bringing any changes to the core product. Instead, the Cisco APIC functionality can be implemented as a plugin for Fuel.[2]

This plugin will let end user install the Mirantis OpenStack with Cisco SDN (software defined network) solution. This new feature supports 4 types of installation:

  • Generic APIC ML2 driver
  • GBP module and Mapping driver
  • GBP module and APIC ML2 driver
  • GBP module and APIC GBP driver

Each configuration will be described on its own section.

Proposed change

Right now Fuel supports 4 types of network configurations:

  • Neutron with VLAN segmentation (default)
  • Neutron with GRE segmentation
  • Neutron with VMware NSX
  • Legacy Networking (nova-network)

When successfully copied to the Fuel Master node and installed, a new submenu will appear on the Settings tab of the Fuel web UI. End user will have to select a checkbox/radiobutton with User Stories described below.

User Story 1: Generic APIC ML2 driver

This case will provide availability to configure Neutron for using Cisco SDN solution based on generic upstream ML2 neutron driver [3]. To enable this functionality, the plugin should support 2 types of configuration:

  • with automatic hosts discovery (using lldp)
  • static config.

This list describes what software and configuration should be added to corresponding hosts to support User Story 1 with autodiscovery feature enabled(checkbox called “Use lldp” set):

  • All hosts will be installed with LLDP package

  • All hosts will be installed with pip apicapi package

  • All hosts will be installed with neutron-driver-apic-agent package

  • All hosts will have these configurations in <neutron.conf>:

    [DEFAULT]
service_plugins=neutron.services.l3_router.l3_apic.ApicL3ServicePlugin
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin

  • All hosts will have these configurations in ml2_conf.ini file:

    [ml2]
type_drivers=local,flat,vlan,gre,vxlan
tenant_network_types=vlan
mechanism_drivers=openvswitch,cisco_apic
[ml2_type_vlan]
network_vlan_ranges="$physnets_dev:$vlan_range"
[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
integration_bridge="$integration_bridge"
bridge_mappings="$physnets_dev:$integration_bridge"
enable_tunneling=False
[agent]
polling_interval=2
l2_population=False
arp_responder=False

Where $integration_bridge , $physnets_dev, $vlan_range should be configured through the Fuel web UI in Neutron L2 Configuration section of the Networks tab.

  • All hosts will have these configurations in ml2_conf_cisco.ini file:

    [DEFAULT]
apic_system_id=openstack
[ml2_cisco_apic]
apic_hosts=$apic_hosts
apic_username=$apic_username
apic_password=$apic_password
apic_name_mapping=use_name

Where $apic_hosts, $apic_username, $apic_password - should be configured through the Fuel web UI.

  • All controllers will have neutron-driver-apic-svc-agent package installed
  • All hosts ml2_config_cisco.ini will have [apic_external_network:ext] section, if configured through the Fuel web UI.

This list describes what software and configuration should be added to the corresponding hosts to support User Story 1 with static config chosen:

  • All controllers have pip apicapi installed

  • neutron-driver-apic-svc-agent neutron-driver-apic-agent and lldp is not installed

  • All configurations are the same as "Auto discovery" way

  • On all hosts in ml2_config_cisco.ini file, we will add an example (user-defined) section configured through the Fuel web UI.

    [apic_switch:201]
compute11,compute21=1/10
compute12=1/11

  • For both cases (autodiscovery and static), configuration files on controller nodes (neutron.conf) should have admin credentials:

    [keystone_authtoken]
admin_user="$admin_username"
admin_password="$admin_password"
admin_tenant_name="$admin_tenant"

Where $admin_username, $admin_password and $admin_tenant point to the cloud administrator credentials.

User Story 2a: GBP module and Mapping driver

This case will provide availability to configure Neutron for using Cisco SDN solution that is targeted at Cisco group-based policy packages. This list describes what software and configuration should be added to the corresponding hosts to support User Story 2a.

  • All controllers will have these configurations in neutron.conf file:

    [DEFAULT]
service_plugins=neutron.services.
l3_router.l3_router_plugin.L3RouterPlugin,
gbpservice.neutron.services.grouppolicy.plugin.GroupPolicyPlugin,
gbpservice.neutron.services.servicechain.servicechain_plugin.ServiceChainPlugin
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
[group_policy]
policy_drivers=implicit_policy,resource_mapping
[servicechain]
servicechain_drivers = simplechain_driver
[quotas]
default_quota = -1
quota_network = -1
quota_subnet = -1
quota_port = -1
quota_security_group = -1
quota_security_group_rule = -1
quota_router = -1
quota_floatingip = -1

  • All controllers will have these configurations in ml2_conf.ini file:

    [ml2]
type_drivers=local,flat,vlan,gre,vxlan
tenant_network_types=vlan
mechanism_drivers=openvswitch
[ml2_type_vlan]
network_vlan_ranges="$physnets_dev:$vlan_range"
[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
integration_bridge="$integration_bridge"
bridge_mappings="$physnets_dev:$integration_bridge"
enable_tunneling=False
[agent]
polling_interval=2
l2_population=False
arp_responder=False

Where $integration_bridge, $physnets_dev, $vlan_range - should be configured through the Fuel web UI in the Neutron L2 Configuration section of the Networks tab.

  • All controllers will have 4 additional package installed:

    • group-based-policy
    • python-group-based-policy-client
    • group-based-policy-ui
    • group-based-policy-automation

  • All controllers will enable heat plugin in heat.conf file:

    [DEFAULT]
plugin_dirs=/path/to/code/gbpautomation/heat

  • All controllers will enable Horizon projects by linking project.py file to enabled_dashboards directory.

User Story 2b: GBP module and APIC ML2 driver

This case will provide availability to configure Neutron for using Cisco SDN solution that is targeted at Cisco group-based policy packages and APIC Controller with ML2 driver. This list describes what software and configuration should be added to the corresponding hosts to support User Story 2b.

  • All controllers will have these configurations in neutron.conf file:

    [DEFAULT]
service_plugins=neutron.services.l3_router.l3_apic.ApicL3ServicePlugin
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
[group_policy]
policy_drivers=implicit_policy,apic
[servicechain]
servicechain_drivers = simplechain_driver
[quotas]
default_quota = -1
quota_network = -1
quota_subnet = -1
quota_port = -1
quota_security_group = -1
quota_security_group_rule = -1
quota_router = -1
quota_floatingip = -1

  • All controllers will have these configurations in ml2_conf.ini file:

    [ml2]
type_drivers=local,flat,vlan,gre,vxlan
tenant_network_types=vlan
mechanism_drivers=openvswitch,cisco_aci
[ml2_type_vlan]
network_vlan_ranges="$physnets_dev:$vlan_range"
[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
integration_bridge="$integration_bridge"
bridge_mappings="$physnets_dev:$integration_bridge"
enable_tunneling=False
[agent]
polling_interval=2
l2_population=False
arp_responder=False

Where $integration_bridge, $physnets_dev, $vlan_range - should be configured through the Fuel web UI in the Neutron L2 Configuration section of the Networks tab.

  • All controllers will have these configurations in ml2_conf_cisco.ini file:

    [DEFAULT]
apic_system_id=openstack
[ml2_cisco_apic]
apic_hosts=$apic_hosts
apic_username=$apic_username
apic_password=$apic_password
apic_name_mapping=use_name

Where $apic_hosts, $apic_username, $apic_password - should be configured through the Fuel web UI.

  • All controllers will have these configurations in neutron.conf file:

    [keystone_authtoken]
admin_user="$admin_username"
admin_password="$admin_password"
admin_tenant_name="$admin_tenant"

Where $admin_username, $admin_password and $admin_tenant point to the cloud administrator credentials.

  • All controllers will have 4 additional package installed:

    • group-based-policy
    • python-group-based-policy-client
    • group-based-policy-ui
    • group-based-policy-automation

  • All controllers will enable heat plugin in heat.conf file:

    [DEFAULT]
plugin_dirs=/path/to/code/gbpautomation/heat

  • All controllers will enable Horizon projects by linking project.py file to enabled_dashboards directory.

  • All hosts will have [apic_external_network:ext] section in the ml2_config_cisco.ini file, if configured though Fuel web UI.

  • All controllers have pip apicapi installed

  • If LLDP is using - see US1 for configuration options that should be added.

User Story 3: GBP module and APIC GBP driver

This case will provide availability to configure Neutron for using Cisco SDN solution that is targeted at Cisco group-based policy packages and APIC Controller with GBP driver. This list describes what software and configuration should be added to the corresponding hosts to support User Story 3.

  • All controllers will have these configurations in neutron.conf file:

    [DEFAULT]
service_plugins=neutron.services.
l3_router.l3_router_plugin.L3RouterPlugin,
gbpservice.neutron.services.grouppolicy.plugin.GroupPolicyPlugin,
gbpservice.neutron.services.servicechain.servicechain_plugin.ServiceChainPlugin
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
[group_policy]
policy_drivers=implicit_policy,apic
[servicechain]
servicechain_drivers = simplechain_driver
[quotas]
default_quota = -1
quota_network = -1
quota_subnet = -1
quota_port = -1
quota_security_group = -1
quota_security_group_rule = -1
quota_router = -1
quota_floatingip = -1

  • All controllers will have these configurations in ml2_conf.ini file:

    [ml2]
type_drivers=local,flat,vlan,gre,vxlan
tenant_network_types=vlan
mechanism_drivers=openvswitch,apic_gbp
[ml2_type_vlan]
network_vlan_ranges="$physnets_dev:$vlan_range"
[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
integration_bridge="$integration_bridge"
bridge_mappings="$physnets_dev:$integration_bridge"
enable_tunneling=False
[agent]
polling_interval=2
l2_population=False
arp_responder=False

Where $integration_bridge, $physnets_dev, $vlan_range - should be configured through the Fuel web UI in the Neutron L2 Configuration section of the Networks tab.

  • All controllers will have these configurations in ml2_conf_cisco.ini file:

    [DEFAULT]
apic_system_id=openstack
[ml2_cisco_apic]
apic_hosts=$apic_hosts
apic_username=$apic_username
apic_password=$apic_password
apic_name_mapping=use_name

Where $apic_hosts, $apic_username, $apic_password - should be configured through the Fuel web UI.

  • All controllers will have these configurations in neutron.conf file:

    [keystone_authtoken]
admin_user="$admin_username"
admin_password="$admin_password"
admin_tenant_name="$admin_tenant"

Where $admin_username, $admin_password and $admin_tenant point to the cloud administrator credentials.

  • All controllers will have 4 additional package installed:

    • group-based-policy
    • python-group-based-policy-client
    • group-based-policy-ui
    • group-based-policy-automation

  • All controllers will enable heat plugin in heat.conf file:

    [DEFAULT]
plugin_dirs=/path/to/code/gbpautomation/heat

  • All controllers will enable Horizon projects by linking project.py file to enabled_dashboards directory.

  • All hosts will have [apic_external_network:ext] section in the ml2_config_cisco.ini file, if configured though Fuel web UI.

  • All controllers have pip apicapi installed

  • If LLDP is using - see US1 for configuration options that should be added.

Alternatives

There are no known alternatives for this plugin, although all steps can be performed manually.

Data model impact

GBP installation type requires additional tables in Neutron database. New scheme will be managed by gbp-db-manage command that comes from group-based-policy package.

REST API impact

None.

Upgrade impact

Upgrading should be tested explicitly with this plugin installed and APIC controller enabled.

Security impact

This plugin changes Neutron keystone_authtoken credentials from neutron user and services tenant to admin user and admin tenant on controller nodes. This may change in future, but for Juno release this must be set to admin values.

Notifications impact

None.

Other end user impact

None.

Plugin impact

This plugin should not impact other plugins until they do not modify the same settings for Neutron configuration.

Other deployer impact

Developer impact

Implementation

Assignee(s)

Primary assignee:

Nikita Koshikov - nkoshikov@mirantis.com

Work Items

  • Create fuel-plugin-cisco-aci plugin
  • Develop the Fuel web UI part of the plugin
  • Add puppet support for all configuration cases
  • Write documentation (User Guide)

Dependencies

  • Ubuntu 14.04 support in MOS [4]
  • This bug should also be fixed [5]

Testing

Plugin should pass tempest framework tests.

Documentation Impact

Reference to this plugin should be added to main Fuel documentation.

References

[1] http://cisco.com/go/apic [2] http://docs.mirantis.com/openstack/fuel/fuel-6.0/plugin-dev.html [3] https://blueprints.launchpad.net/neutron/+spec/ml2-cisco-apic-mechanism-driver [4] https://blueprints.launchpad.net/fuel/+spec/support-ubuntu-trusty [5] https://bugs.launchpad.net/fuel/+bug/1417994