Applies to SUSE OpenStack Cloud 7

7 Crowbar Setup

Abstract

The YaST Crowbar module enables you to configure all networks within the cloud, to set up additional repositories and to manage the Crowbar users. This module should be launched before starting the SUSE OpenStack Cloud Crowbar installation. To start this module, either run yast crowbar or YaST › Miscellaneous › Crowbar.

7.1 User Settings

On this tab you can manage users for the Crowbar Web interface. The user crowbar (password crowbar) is preconfigured. Use the Add, Edit and Delete buttons to manage user accounts. Users configured here have no relations to existing system users on the Administration Server.

YaST Crowbar Setup: User Settings
Figure 7.1: YaST Crowbar Setup: User Settings

7.2 Networks

Use the Networks tab to change the default network setup (described in Section 2.1, “Network”). Change the IP address assignment for each network under Edit Ranges. You may also add a bridge (Add Bridge) or a VLAN (Use VLAN, VLAN ID) to a network. Only change the latter two settings if you really know what you require; sticking with the defaults is recommended.

YaST Crowbar Setup: Network Settings
Figure 7.2: YaST Crowbar Setup: Network Settings
Warning
Warning: No Network Changes After Having Completed the SUSE OpenStack Cloud Crowbar installation

After you have completed the SUSE OpenStack Cloud Crowbar installation, you cannot change the network setup anymore. If you did, you would need to completely set up the Administration Server again.

Important
Important: VLAN Settings

As of SUSE OpenStack Cloud 7, using a VLAN for the admin network is only supported on a native/untagged VLAN. If you need VLAN support for the admin network, it must be handled at switch level.

When deploying Compute Nodes with Microsoft Hyper-V or Windows Server, you must not use openvswitch with gre. Instead, use openvswitch with VLAN (recommended) or linuxbridge as a plugin for Neutron.

When changing the network configuration with YaST or by editing /etc/crowbar/network.json you can define VLAN settings for each network. For the networks nova-fixed and nova-floating, however, special rules apply:

nova-fixed: The USE VLAN setting will be ignored. However, VLANs will automatically be used if deploying Neutron with VLAN support (using the drivers linuxbridge, openvswitch plus VLAN or cisco_nexus). In this case, you need to specify a correct VLAN ID for this network.

nova-floating: When using a VLAN for nova-floating (which is the default), the USE VLAN and VLAN ID settings for nova-floating and public need to be the same. When not using a VLAN for nova-floating, it needs to use a different physical network interface than the nova_fixed network.

Other, more flexible network mode setups, can be configured by manually editing the Crowbar network configuration files. See Appendix D, The Network Barclamp Template File for more information. SUSE or a partner can assist you in creating a custom setup within the scope of a consulting services agreement. See http://www.suse.com/consulting/ for more information on SUSE consulting.

7.2.1 Separating the Admin and the BMC Network

If you want to separate the admin and the BMC network, you must change the settings for the networks bmc and bmc_vlan. The bmc_vlan is used to generate a VLAN tagged interface on the Administration Server that can access the bmc network. The bmc_vlan needs to be in the same ranges as bmc, and bmc needs to have VLAN enabled.

Table 7.1: Separate BMC Network Example Configuration

bmc

bmc_vlan

Subnet

192.168.128.0

Netmask

255.255.255.0

Router

192.168.128.1

Broadcast

192.168.128.255

Host Range

192.168.128.10 - 192.168.128.100

192.168.128.101 - 192.168.128.101

VLAN

yes

VLAN ID

100

Bridge

no

YaST Crowbar Setup: Network Settings for the BMC Network
Figure 7.3: YaST Crowbar Setup: Network Settings for the BMC Network

7.3 Network Mode

On the Network Mode tab you can choose between single, dual, and team. In single mode, all traffic is handled by a single Ethernet card. Dual mode requires two Ethernet cards and separates traffic for private and public networks. See Section 2.1.2, “Network Modes” for details.

Teaming mode is almost identical to single mode, except that you combine several Ethernet cards to a “bond”. It is required for an HA setup of SUSE OpenStack Cloud. When choosing this mode, you also need to specify a Bonding Policy. This option lets you define whether to focus on reliability (fault tolerance), performance (load balancing), or a combination of both. You can choose between the following modes:

0 (balance-rr)

Default mode in SUSE OpenStack Cloud. Packets are transmitted in round-robin fashion from the first to the last available interface. Provides fault tolerance and load balancing.

1 (active-backup)

Only one network interface is active. If it fails, a different interface becomes active. This setting is the default for SUSE OpenStack Cloud. Provides fault tolerance.

2 (balance-xor)

Traffic is split between all available interfaces based on the following policy: [(source MAC address XOR'd with destination MAC address XOR packet type ID) modulo slave count]. Requires support from the switch. Provides fault tolerance and load balancing.

3 (broadcast)

The complete traffic is broadcasted on all interfaces. Requires support from the switch. Provides fault tolerance.

4 (802.3ad)

Aggregates interfaces into groups that share the same speed and duplex settings. Requires ethtool support in the interface drivers and a switch that supports and is configured for IEEE 802.3ad Dynamic link aggregation. Provides fault tolerance and load balancing.

5 (balance-tlb)

Adaptive transmit load balancing. Requires ethtool support in the interface drivers but no switch support. Provides fault tolerance and load balancing.

6 (balance-alb)

Adaptive load balancing. Requires ethtool support in the interface drivers but no switch support. Provides fault tolerance and load balancing.

For a more detailed description of the modes, see https://www.kernel.org/doc/Documentation/networking/bonding.txt.

7.3.1 Setting Up a Bastion Network

The Network Mode tab of the YaST Crowbar module also lets you set up a Bastion network. As outlined in Section 2.1, “Network”, one way to access the Administration Server from a defined external network is via a Bastion network and a second network card (as opposed to providing an external gateway).

To set up the Bastion network, you need to have a static IP address for the Administration Server from the external network. The example configuration used below assumes that the external network from which to access the admin network has the following addresses. Adjust them according to your needs.

Table 7.2: Example Addresses for a Bastion Network

Subnet

10.10.1.0

Netmask

255.255.255.0

Broadcast

10.10.1.255

Gateway

10.10.1.1

Static Administration Server address

10.10.1.125

In addition to the values above, you need to enter the Physical Interface Mapping. With this value you specify the Ethernet card that is used for the bastion network. See Section D.4, “Network Conduits” for details on the syntax. The default value ?1g2 matches the second interface (eth1) of the system.

YaST Crowbar Setup: Network Settings for the Bastion Network
Figure 7.4: YaST Crowbar Setup: Network Settings for the Bastion Network
Warning
Warning: No Network Changes After Having Completed the SUSE OpenStack Cloud Crowbar installation

After you have completed the SUSE OpenStack Cloud Crowbar installation, you cannot change the network setup anymore. If you did, you would need to completely set up the Administration Server again.

Important
Important: Accessing Nodes From Outside the Bastion Network

The example configuration from above allows to access SUSE OpenStack Cloud nodes from within the bastion network. If you want to access nodes from outside the bastion network, make the router for the bastion network the default router for the Administration Server. This is achieved by setting the value for the bastion network's Router preference entry to a lower value than the corresponding entry for the admin network. By default no router preference is set for the Administration Server—in this case, set the preference for the bastion network to 5.

If you use a Linux gateway between the outside and the bastion network, you also need to disable route verification (rp_filter) on the Administration Server. Do so by running the following command on the Administration Server:

echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

That command disables route verification for the current session, so the setting will not survive a reboot. Make it permanent by editing /etc/sysctl.conf and setting the value for net.ipv4.conf.all.rp_filter to 0.

7.4 Repositories

This dialog lets you announce the locations of the product, pool, and update repositories (see Chapter 5, Software Repository Setup for details). You can choose between four alternatives:

Local SMT Server

If you have an SMT server installed on the Administration Server as explained in Chapter 4, Installing and Setting Up an SMT Server on the Administration Server (Optional), choose this option. The repository details do not need to be provided, they will be configured automatically. This option will be applied by default in case the repository configuration has net been changed manually.

Remote SMT Server

If you use a remote SMT for all repositories, choose this option and provide the Sever URL (in the form of http://smt.example.com). The repository details do not need to be provided, they will be configured automatically.

SUSE Manager Server

If you use a remote SUSE Manager server for all repositories, choose this option and provide the Sever URL (in the form of http://manager.example.com).

Custom

If you use different sources for your repositories or are using non-standard locations, choose this option and manually provide a location for each repository. This can either be a local directory (/srv/tftpboot/suse-12.2/x86_64/repos/SLES12-SP2-Pool/) or a remote location (http://manager.example.com/ks/dist/child/sles12-sp2-updates-x86_64/sles12-sp2-x86_64/). Activating Ask On Error ensures that you will be informed, if a repository is not available during node deployment (otherwise errors will be silently ignored).

The Add Repository dialog allows to add additional repositories. See How to make custom software repositories from an external server (for example a remote SMT or SUSE M..? for instructions.

Tip
Tip: Default Locations

In case you have made the repositories available in the default locations on the Administration Server (see Table B.4, “Default Repository Locations on the Administration Server” for a list), choose Custom and leave the Repository URL empty (default). The repositories will automatically be detected.

YaST Crowbar Setup: Repository Settings
Figure 7.5: YaST Crowbar Setup: Repository Settings

7.5 Custom Network Configuration

In case you need to adjust the pre-defined network setup of SUSE OpenStack Cloud beyond the scope of changing IP address assignments (as described in Chapter 7, Crowbar Setup), you need to manually modify the network barclamp template. Refer to Appendix D, The Network Barclamp Template File for details.

7.5.1 Providing Access to External Networks

By default, external networks cannot be reached from nodes in the SUSE OpenStack Cloud. To access external services such as a SUSE Manager server, an SMT server, or a SAN, you need to make the external network(s) known to SUSE OpenStack Cloud. Do so by adding a network definition for each external network to /etc/crowbar/network.json. Refer to Appendix D, The Network Barclamp Template File for setup instructions.

Example 7.1: Example Network Definition for the External Network 192.168.150.0/16
            "external" : {
               "add_bridge" : false,
               "vlan" : XXX,
               "ranges" : {
                  "host" : {
                     "start" : "192.168.150.1",
                     "end" : "192.168.150.254"
                  }
               },
               "broadcast" : "192.168.150.255",
               "netmask" : "255.255.255.0",
               "conduit" : "intf1",
               "subnet" : "192.168.150.0",
               "use_vlan" : true
            }

Replace the value XXX for the VLAN by a value not used within the SUSE OpenStack Cloud network and not used by Neutron. By default, the following VLANs are already used:

Table 7.3: VLANs used by the SUSE OpenStack Cloud Default Network Setup

VLAN ID

Used by

100

BMC VLAN (bmc_vlan)

200

Storage Network

300

Public Network (nova-floating, public)

400

Software-defined network (os_sdn)

500

Private Network (nova-fixed)

501 - 2500

Neutron (value of nova-fixed plus 2000)

7.5.2 Split Public and Floating Networks on Different VLANs

For custom setups, the public and floating networks can be separated. For this, configure your own separate floating network which will not be a subnet of public network. The floating network also needs to have its own router defined.

7.5.3 Adjusting the Maximum Transmission Unit for the Admin and Storage Network

If you need to adjust the Maximum Transmission Unit (MTU) for the Admin and/or Storage Network, adjust /etc/crowbar/network.json as shown below. You can also enable jumbo frames this way by setting the MTU to 9000. The following example enables jumbo frames for both, the storage and the admin network by setting "mtu": 9000.

        "admin": {
          "add_bridge": false,
          "broadcast": "192.168.124.255",
          "conduit": "intf0",
          "mtu": 9000,
          "netmask": "255.255.255.0",
          "ranges": {
            "admin": {
              "end": "192.168.124.11",
              "start": "192.168.124.10"
            },
            "dhcp": {
              "end": "192.168.124.80",
              "start": "192.168.124.21"
            },
            "host": {
              "end": "192.168.124.160",
              "start": "192.168.124.81"
            },
            "switch": {
              "end": "192.168.124.250",
              "start": "192.168.124.241"
            }
          },
          "router": "192.168.124.1",
          "router_pref": 10,
          "subnet": "192.168.124.0",
          "use_vlan": false,
          "vlan": 100
        },
        "storage": {
          "add_bridge": false,
          "broadcast": "192.168.125.255",
          "conduit": "intf1",
          "mtu": 9000,
          "netmask": "255.255.255.0",
          "ranges": {
            "host": {
              "end": "192.168.125.239",
              "start": "192.168.125.10"
            }
          },
          "subnet": "192.168.125.0",
          "use_vlan": true,
          "vlan": 200
        },
Warning
Warning: No Network Changes After Having Completed the SUSE OpenStack Cloud Crowbar installation

After you have completed the SUSE OpenStack Cloud Crowbar installation, you cannot change the network setup anymore. This also includes changing the MTU size.

7.6 Starting the SUSE OpenStack Cloud Crowbar installation

Before starting the SUSE OpenStack Cloud Crowbar installation to finish the configuration of the Administration Server make sure to double-check the following items.

Final Check Points
  • Make sure the network configuration is correct. Run YaST › Crowbar to review/change the configuration. See Chapter 7, Crowbar Setup for further instructions.

    Important
    Important: An HA Setup Requires Teaming Network Mode

    In case you are planning to make SUSE OpenStack Cloud highly available upon the initial setup from the start or later, set up the network in the teaming mode. Such a setup requires at least two network cards for each node.

  • Make sure hostname -f returns a fully qualified host name. See Chapter 6, Service Configuration: Administration Server Network Configuration for further instructions.

  • Make sure all update and product repositories are available. See Chapter 5, Software Repository Setup for further instructions.

  • Make sure the operating system and SUSE OpenStack Cloud are up-to-date and have the latest patches installed. Run zypper patch to install them.

  • To use the Web interface for the SUSE OpenStack Cloud Crowbar installation you need network access to the Administration Server via a second network interface. As the network will be reconfigured during the SUSE OpenStack Cloud Crowbar installation, make sure to either have a bastion network or an external gateway configured. (For details on bastion networks, see Section 7.3.1, “Setting Up a Bastion Network”.)

Now everything is in place to finally set up Crowbar and install the Administration Server. Crowbar requires a PostgreSQL database—you can either create one on the Administration Server or use an existing PostgreSQL database on a remote server.

Procedure 7.1: Setting up Crowbar with a Local Database
  1. Start Crowbar:

    sudo systemctl start crowbar-init
  2. Create a new database on the Administration Server. By default the credentials crowbar/crowbar are used:

    crowbarctl database create

    To use a different user name and password, run the following command instead:

    crowbarctl database create \
    --db_username=USERNAME --db_password=PASSWORD

    Run crowbarctl database help create for help and more information.

Procedure 7.2: Setting up Crowbar with a Remote PostgreSQL Database
  1. Start Crowbar:

    sudo systemctl start crowbar-init
  2. Make sure a user account that can be used for the Crowbar database exists on the remote PostgreSQL database. If not, create such an account.

  3. Test the database connection using the credentials from the previous step:

    crowbarctl database test --db-username=USERNAME \
    --db-password=PASSWORD --database=DBNAME \
    --host=IP_or_FQDN --port=PORT

    You need to be able to successfully connect to the database before you can proceed. Run crowbarctl database help test for help and more information.

  4. To connect to the database, use the following command:

    crowbarctl database connect --db-username=USERNAME \
    --db-password=PASSWORD --database=DBNAME \
    --host=IP_or_FQDN --port=PORT

    Run crowbarctl database help connect for help and more information.

After the database is successfully created or connected to, you can access the Web interface from a Web browser, using the following address:

http://ADDRESS

Replace ADDRESS either with the IP address of the second network interface or its associated host name. Logging in to the Web interface requires the credentials you configured with YaST Crowbar (see Section 7.1, “User Settings). If you have not changed the defaults, user name and password are both crowbar. Refer to Chapter 8, The Crowbar Web Interface for details.

The Web interface shows the SUSE OpenStack Cloud installation wizard. Click Start Installation to begin. The installation progress is shown in the Web interface:

The SUSE OpenStack Cloud Crowbar installation Web interface
Figure 7.6: The SUSE OpenStack Cloud Crowbar installation Web interface

If the installation has successfully finished, you will be redirected to the Crowbar Dashboard:

Crowbar Web Interface: The Dashboard
Figure 7.7: Crowbar Web Interface: The Dashboard

Form here you can start allocating nodes and then deploy the OpenStack services. Refer to Part III, “Setting Up OpenStack Nodes and Services” for more information.