The YaST Crowbar module enables you to configure all networks within the
cloud, to set up additional repositories and to manage the Crowbar
users. This module should be launched before starting the
SUSE OpenStack Cloud Crowbar installation. To start this module, either run yast
crowbar
or › › .
On this tab you can manage users for the Crowbar Web interface. The
user crowbar
(password
crowbar
) is preconfigured. Use the
, and
buttons to manage user accounts. Users
configured here have no relations to existing system users on the
Administration Server.
Use the Section 2.1, “Network”). Change the IP address assignment for each network under . You may also add a bridge ( ) or a VLAN ( , ) to a network. Only change the latter two settings if you really know what you require; sticking with the defaults is recommended.
tab to change the default network setup (described inAfter you have completed the SUSE OpenStack Cloud Crowbar installation, you cannot change the network setup anymore. If you did, you would need to completely set up the Administration Server again.
As of SUSE OpenStack Cloud 7, using a VLAN for the admin network is only supported on a native/untagged VLAN. If you need VLAN support for the admin network, it must be handled at switch level.
When deploying Compute Nodes with Microsoft Hyper-V or Windows Server, you must not use openvswitch with gre. Instead, use openvswitch with VLAN (recommended) or linuxbridge as a plugin for Neutron.
When changing the network configuration with YaST or by editing
/etc/crowbar/network.json
you can define VLAN
settings for each network. For the networks nova-fixed
and nova-floating
, however, special rules apply:
nova-fixed: The setting will be ignored. However, VLANs will automatically be used if deploying Neutron with VLAN support (using the drivers linuxbridge, openvswitch plus VLAN or cisco_nexus). In this case, you need to specify a correct for this network.
nova-floating: When using a VLAN for
nova-floating
(which is the default), the and settings for
and need to be
the same. When not using a VLAN for nova-floating
, it
needs to use a different physical network interface than the
nova_fixed
network.
Other, more flexible network mode setups, can be configured by manually editing the Crowbar network configuration files. See Appendix D, The Network Barclamp Template File for more information. SUSE or a partner can assist you in creating a custom setup within the scope of a consulting services agreement. See http://www.suse.com/consulting/ for more information on SUSE consulting.
If you want to separate the admin and the BMC network, you must change the settings for the networks
and . The is used to generate a VLAN tagged interface on the Administration Server that can access the network. The needs to be in the same ranges as , and needs to have enabled.
bmc |
bmc_vlan | |
---|---|---|
Subnet |
| |
Netmask |
| |
Router |
| |
Broadcast |
| |
Host Range |
|
|
VLAN |
yes | |
VLAN ID |
100 | |
Bridge |
no |
On the Section 2.1.2, “Network Modes” for details.
tab you can choose between , , and . In single mode, all traffic is handled by a single Ethernet card. Dual mode requires two Ethernet cards and separates traffic for private and public networks. SeeTeaming mode is almost identical to single mode, except that you combine several Ethernet cards to a “bond”. It is required for an HA setup of SUSE OpenStack Cloud. When choosing this mode, you also need to specify a . This option lets you define whether to focus on reliability (fault tolerance), performance (load balancing), or a combination of both. You can choose between the following modes:
Default mode in SUSE OpenStack Cloud. Packets are transmitted in round-robin fashion from the first to the last available interface. Provides fault tolerance and load balancing.
Only one network interface is active. If it fails, a different interface becomes active. This setting is the default for SUSE OpenStack Cloud. Provides fault tolerance.
Traffic is split between all available interfaces based on the
following policy: [(source MAC address XOR'd with destination MAC
address XOR packet type ID) modulo slave count]
. Requires
support from the switch. Provides fault tolerance and load balancing.
The complete traffic is broadcasted on all interfaces. Requires support from the switch. Provides fault tolerance.
Aggregates interfaces into groups that share the same speed and duplex
settings. Requires ethtool
support in the interface
drivers and a switch that supports and is configured for IEEE 802.3ad
Dynamic link aggregation. Provides fault tolerance and load balancing.
Adaptive transmit load balancing. Requires ethtool
support in the interface drivers but no switch support. Provides fault
tolerance and load balancing.
Adaptive load balancing. Requires ethtool
support in the interface drivers but no switch support. Provides fault
tolerance and load balancing.
For a more detailed description of the modes, see https://www.kernel.org/doc/Documentation/networking/bonding.txt.
The Section 2.1, “Network”, one way to access the Administration Server from a defined external network is via a Bastion network and a second network card (as opposed to providing an external gateway).
tab of the YaST Crowbar module also lets you set up a Bastion network. As outlined inTo set up the Bastion network, you need to have a static IP address for the Administration Server from the external network. The example configuration used below assumes that the external network from which to access the admin network has the following addresses. Adjust them according to your needs.
Subnet |
|
Netmask |
|
Broadcast |
|
Gateway |
|
Static Administration Server address |
|
In addition to the values above, you need to enter the
Section D.4, “Network Conduits” for details on the
syntax. The default value ?1g2
matches the second
interface (“eth1”) of the system.
After you have completed the SUSE OpenStack Cloud Crowbar installation, you cannot change the network setup anymore. If you did, you would need to completely set up the Administration Server again.
The example configuration from above allows to access SUSE OpenStack Cloud nodes
from within the bastion network. If you want to
access nodes from outside the bastion network, make the
router for the bastion network the default router for the
Administration Server. This is achieved by setting the value for the bastion
network's entry to a lower value
than the corresponding entry for the admin network. By default no
router preference is set for the Administration Server—in this case,
set the preference for the bastion network to 5
.
If you use a Linux gateway between the outside and the bastion network, you also need to disable route verification (rp_filter) on the Administration Server. Do so by running the following command on the Administration Server:
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
That command disables route verification for the current session, so
the setting will not “survive” a reboot. Make it
permanent by editing /etc/sysctl.conf
and setting
the value for to
0
.
This dialog lets you announce the locations of the product, pool, and update repositories (see Chapter 5, Software Repository Setup for details). You can choose between four alternatives:
If you have an SMT server installed on the Administration Server as explained in Chapter 4, Installing and Setting Up an SMT Server on the Administration Server (Optional), choose this option. The repository details do not need to be provided, they will be configured automatically. This option will be applied by default in case the repository configuration has net been changed manually.
If you use a remote SMT for all repositories,
choose this option and provide the (in the
form of http://smt.example.com
). The repository
details do not need to be provided, they will be configured
automatically.
If you use a remote SUSE Manager server for all
repositories, choose this option and provide the (in the form of
http://manager.example.com
).
If you use different sources for your repositories or are using
non-standard locations, choose this option and manually provide a
location for each repository. This can either be a local directory
(/srv/tftpboot/suse-12.2/x86_64/repos/SLES12-SP2-Pool/
)
or a remote location
(http://manager.example.com/ks/dist/child/sles12-sp2-updates-x86_64/sles12-sp2-x86_64/
). Activating
ensures that you will be informed, if a
repository is not available during node deployment (otherwise errors will
be silently ignored).
The How to make custom software repositories from an external server (for example a remote SMT or SUSE M..? for instructions.
dialog allows to add additional repositories. SeeIn case you have made the repositories available in the default locations on the Administration Server (see Table B.4, “Default Repository Locations on the Administration Server” for a list), choose and leave the empty (default). The repositories will automatically be detected.
In case you need to adjust the pre-defined network setup of SUSE OpenStack Cloud beyond the scope of changing IP address assignments (as described in Chapter 7, Crowbar Setup), you need to manually modify the network barclamp template. Refer to Appendix D, The Network Barclamp Template File for details.
By default, external networks cannot be reached from nodes in the
SUSE OpenStack Cloud. To access external services such as a
SUSE Manager server, an SMT server, or a SAN, you need to make the
external network(s) known to SUSE OpenStack Cloud. Do so by adding a
network definition for each external network to
/etc/crowbar/network.json
. Refer to
Appendix D, The Network Barclamp Template File for setup instructions.
"external" : { "add_bridge" : false, "vlan" : XXX, "ranges" : { "host" : { "start" : "192.168.150.1", "end" : "192.168.150.254" } }, "broadcast" : "192.168.150.255", "netmask" : "255.255.255.0", "conduit" : "intf1", "subnet" : "192.168.150.0", "use_vlan" : true }
Replace the value XXX for the VLAN by a value not used within the SUSE OpenStack Cloud network and not used by Neutron. By default, the following VLANs are already used:
VLAN ID |
Used by |
---|---|
100 |
BMC VLAN (bmc_vlan) |
200 |
Storage Network |
300 |
Public Network (nova-floating, public) |
400 |
Software-defined network (os_sdn) |
500 |
Private Network (nova-fixed) |
501 - 2500 |
Neutron (value of nova-fixed plus 2000) |
For custom setups, the public and floating networks can be separated. For this, configure your own separate floating network which will not be a subnet of public network. The floating network also needs to have its own router defined.
If you need to adjust the Maximum Transmission Unit (MTU) for the
Admin and/or Storage Network, adjust
/etc/crowbar/network.json
as shown below. You can
also enable jumbo frames this way by setting the MTU to 9000. The
following example enables jumbo frames for both, the storage and the admin
network by setting "mtu": 9000
.
"admin": { "add_bridge": false, "broadcast": "192.168.124.255", "conduit": "intf0", "mtu": 9000, "netmask": "255.255.255.0", "ranges": { "admin": { "end": "192.168.124.11", "start": "192.168.124.10" }, "dhcp": { "end": "192.168.124.80", "start": "192.168.124.21" }, "host": { "end": "192.168.124.160", "start": "192.168.124.81" }, "switch": { "end": "192.168.124.250", "start": "192.168.124.241" } }, "router": "192.168.124.1", "router_pref": 10, "subnet": "192.168.124.0", "use_vlan": false, "vlan": 100 }, "storage": { "add_bridge": false, "broadcast": "192.168.125.255", "conduit": "intf1", "mtu": 9000, "netmask": "255.255.255.0", "ranges": { "host": { "end": "192.168.125.239", "start": "192.168.125.10" } }, "subnet": "192.168.125.0", "use_vlan": true, "vlan": 200 },
After you have completed the SUSE OpenStack Cloud Crowbar installation, you cannot change the network setup anymore. This also includes changing the MTU size.
Before starting the SUSE OpenStack Cloud Crowbar installation to finish the configuration of the Administration Server make sure to double-check the following items.
Make sure the network configuration is correct. Run Chapter 7, Crowbar Setup for further instructions.
› to review/change the configuration. SeeIn case you are planning to make SUSE OpenStack Cloud highly available upon the initial setup from the start or later, set up the network in the teaming mode. Such a setup requires at least two network cards for each node.
Make sure hostname
-f
returns a
fully qualified host name. See
Chapter 6, Service Configuration: Administration Server Network Configuration for further instructions.
Make sure all update and product repositories are available. See Chapter 5, Software Repository Setup for further instructions.
Make sure the operating system and SUSE OpenStack Cloud are up-to-date and
have the latest patches installed. Run zypper patch
to install them.
To use the Web interface for the SUSE OpenStack Cloud Crowbar installation you need network access to the Administration Server via a second network interface. As the network will be reconfigured during the SUSE OpenStack Cloud Crowbar installation, make sure to either have a bastion network or an external gateway configured. (For details on bastion networks, see Section 7.3.1, “Setting Up a Bastion Network”.)
Now everything is in place to finally set up Crowbar and install the Administration Server. Crowbar requires a PostgreSQL database—you can either create one on the Administration Server or use an existing PostgreSQL database on a remote server.
Start Crowbar:
sudo systemctl start crowbar-init
Create a new database on the Administration Server. By default the credentials
crowbar
/crowbar
are used:
crowbarctl database create
To use a different user name and password, run the following command instead:
crowbarctl database create \ --db_username=USERNAME --db_password=PASSWORD
Run crowbarctl database help create
for help and more
information.
Start Crowbar:
sudo systemctl start crowbar-init
Make sure a user account that can be used for the Crowbar database exists on the remote PostgreSQL database. If not, create such an account.
Test the database connection using the credentials from the previous step:
crowbarctl database test --db-username=USERNAME \ --db-password=PASSWORD --database=DBNAME \ --host=IP_or_FQDN --port=PORT
You need to be able to successfully connect to the database before you
can proceed. Run crowbarctl database help test
for
help and more information.
To connect to the database, use the following command:
crowbarctl database connect --db-username=USERNAME \ --db-password=PASSWORD --database=DBNAME \ --host=IP_or_FQDN --port=PORT
Run crowbarctl database help connect
for help and more
information.
After the database is successfully created or connected to, you can access the Web interface from a Web browser, using the following address:
http://ADDRESS
Replace ADDRESS either with the IP address of the
second network interface or its associated host name. Logging in to the
Web interface requires the credentials you configured with YaST Crowbar (see Section 7.1, “). If you have not changed the
defaults, user name and password are both ”crowbar
. Refer
to Chapter 8, The Crowbar Web Interface for details.
The Web interface shows the SUSE OpenStack Cloud installation wizard. Click to begin. The installation progress is shown in the Web interface:
If the installation has successfully finished, you will be redirected to the Crowbar Dashboard:
Form here you can start allocating nodes and then deploy the OpenStack services. Refer to Part III, “Setting Up OpenStack Nodes and Services” for more information.