1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
3 .. (c) Open Platform for NFV Project, Inc. and its contributors
9 This document contains details about how to use OPNFV Fuel - Euphrates
10 release - after it was deployed. For details on how to deploy check the
11 installation instructions in the :ref:`references` section.
13 This is an unified documentation for both x86_64 and aarch64
14 architectures. All information is common for both architectures
15 except when explicitly stated.
23 Fuel uses several networks to deploy and administer the cloud:
25 +------------------+-------------------+---------------------------------------------------------+
26 | Network name | Deploy Type | Description |
28 +==================+===================+=========================================================+
29 | **PXE/ADMIN** | baremetal only | Used for booting the nodes via PXE |
30 +------------------+-------------------+---------------------------------------------------------+
31 | **MCPCONTROL** | baremetal & | Used to provision the infrastructure VMs (Salt & MaaS). |
32 | | virtual | On virtual deploys, it is used for Admin too (on target |
33 | | | VMs) leaving the PXE/Admin bridge unused |
34 +------------------+-------------------+---------------------------------------------------------+
35 | **Mgmt** | baremetal & | Used for internal communication between |
36 | | virtual | OpenStack components |
37 +------------------+-------------------+---------------------------------------------------------+
38 | **Internal** | baremetal & | Used for VM data communication within the |
39 | | virtual | cloud deployment |
40 +------------------+-------------------+---------------------------------------------------------+
41 | **Public** | baremetal & | Used to provide Virtual IPs for public endpoints |
42 | | virtual | that are used to connect to OpenStack services APIs. |
43 | | | Used by Virtual machines to access the Internet |
44 +------------------+-------------------+---------------------------------------------------------+
47 These networks - except mcpcontrol - can be linux bridges configured before the deploy on the
48 Jumpserver. If they don't exists at deploy time, they will be created by the scripts as virsh
51 Mcpcontrol exists only on the Jumpserver and needs to be virtual because a DHCP server runs
52 on this network and associates static host entry IPs for Salt and Maas VMs.
60 Access to any component of the deployed cloud is done from Jumpserver to user *ubuntu* with
61 ssh key */var/lib/opnfv/mcp.rsa*. The example below is a connection to Salt master.
65 $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu 10.20.0.2
67 **Note**: The Salt master IP is not hard set, it is configurable via INSTALLER_IP during deployment
70 The Fuel baremetal deploy has a Virtualized Control Plane (VCP) which means that the controller
71 services are installed in VMs on the baremetal targets (kvm servers). These VMs can also be
72 accessed with virsh console: user *opnfv*, password *opnfv_secret*. This method does not apply
73 to infrastructure VMs (Salt master and MaaS).
75 The example below is a connection to a controller VM. The connection is made from the baremetal
80 $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu x.y.z.141
81 ubuntu@kvm01:~$ virsh console ctl01
83 User *ubuntu* has sudo rights. User *opnfv* has sudo rights only on aarch64 deploys.
86 =============================
87 Exploring the Cloud with Salt
88 =============================
90 To gather information about the cloud, the salt commands can be used. It is based
91 around a master-minion idea where the salt-master pushes config to the minions to
94 For example tell salt to execute a ping to 8.8.8.8 on all the nodes.
96 .. figure:: img/saltstack.png
98 Complex filters can be done to the target like compound queries or node roles.
99 For more information about Salt see the :ref:`references` section.
101 Some examples are listed below. Note that these commands are issued from Salt master
105 #. View the IPs of all the components
109 root@cfg01:~$ salt "*" network.ip_addrs
110 cfg01.baremetal-mcp-ocata-odl-ha.local:
113 mas01.baremetal-mcp-ocata-odl-ha.local:
117 .........................
120 #. View the interfaces of all the components and put the output in a file with yaml format
124 root@cfg01:~$ salt "*" network.interfaces --out yaml --output-file interfaces.yaml
125 root@cfg01:~# cat interfaces.yaml
126 cfg01.baremetal-mcp-ocata-odl-ha.local:
128 hwaddr: 52:54:00:72:77:12
131 broadcast: 10.20.0.255
133 netmask: 255.255.255.0
135 - address: fe80::5054:ff:fe72:7712
139 .........................
142 #. View installed packages in MaaS node
146 root@cfg01:~# salt "mas*" pkg.list_pkgs
147 mas01.baremetal-mcp-ocata-odl-ha.local:
159 .........................
162 #. Execute any linux command on all nodes (list the content of */var/log* in this example)
166 root@cfg01:~# salt "*" cmd.run 'ls /var/log'
167 cfg01.baremetal-mcp-ocata-odl-ha.local:
173 cloud-init-output.log
175 .........................
178 #. Execute any linux command on nodes using compound queries filter
182 root@cfg01:~# salt -C '* and cfg01*' cmd.run 'ls /var/log'
183 cfg01.baremetal-mcp-ocata-odl-ha.local:
189 cloud-init-output.log
191 .........................
194 #. Execute any linux command on nodes using role filter
198 root@cfg01:~# salt -I 'nova:compute' cmd.run 'ls /var/log'
199 cmp001.baremetal-mcp-ocata-odl-ha.local:
207 cloud-init-output.log
209 .........................
217 Once the deployment is complete, Openstack CLI is accessible from controller VMs (ctl01..03).
218 Openstack credentials are at */root/keystonercv3*.
222 root@ctl01:~# source keystonercv3
223 root@ctl01:~# openstack image list
224 +--------------------------------------+-----------------------------------------------+--------+
225 | ID | Name | Status |
226 +======================================+===============================================+========+
227 | 152930bf-5fd5-49c2-b3a1-cae14973f35f | CirrosImage | active |
228 | 7b99a779-78e4-45f3-9905-64ae453e3dcb | Ubuntu16.04 | active |
229 +--------------------------------------+-----------------------------------------------+--------+
232 The OpenStack Dashboard, Horizon is available at http://<controller VIP>:8078, e.g. http://10.16.0.11:8078.
233 The administrator credentials are *admin*/*opnfv_secret*.
235 .. figure:: img/horizon_login.png
238 A full list of IPs/services is available at <proxy public VIP>:8090 for baremetal deploys.
240 .. figure:: img/salt_services_ip.png
242 For Virtual deploys, the most commonly used IPs are in the table below.
244 +-----------+--------------+---------------+
245 | Component | IP | Default value |
246 +===========+==============+===============+
247 | gtw01 | x.y.z.124 | 172.16.10.124 |
248 +-----------+--------------+---------------+
249 | ctl01 | x.y.z.11 | 172.16.10.11 |
250 +-----------+--------------+---------------+
251 | cmp001 | x.y.z.101 | 172.16.10.101 |
252 +-----------+--------------+---------------+
253 | cmp002 | x.y.z.102 | 172.16.10.102 |
254 +-----------+--------------+---------------+
256 ==============================
257 Guest Operating System Support
258 ==============================
260 There are a number of possibilities regarding the guest operating systems which can be spawned
261 on the nodes. The current system spawns virtual machines for VCP VMs on the KVM nodes and VMs
262 requested by users in OpenStack compute nodes. Currently the system supports the following
263 UEFI-images for the guests:
265 +------------------+-------------------+------------------+
266 | OS name | x86_64 status | aarch64 status |
267 +==================+===================+==================+
268 | Ubuntu 17.10 | untested | Full support |
269 +------------------+-------------------+------------------+
270 | Ubuntu 16.04 | Full support | Full support |
271 +------------------+-------------------+------------------+
272 | Ubuntu 14.04 | untested | Full support |
273 +------------------+-------------------+------------------+
274 | Fedora atomic 27 | untested | Not supported |
275 +------------------+-------------------+------------------+
276 | Fedora cloud 27 | untested | Not supported |
277 +------------------+-------------------+------------------+
278 | Debian | untested | Full support |
279 +------------------+-------------------+------------------+
280 | Centos 7 | untested | Not supported |
281 +------------------+-------------------+------------------+
282 | Cirros 0.3.5 | Full support | Full support |
283 +------------------+-------------------+------------------+
284 | Cirros 0.4.0 | Full support | Full support |
285 +------------------+-------------------+------------------+
288 The above table covers only UEFI image and implies OVMF/AAVMF firmware on the host. An x86 deployment
289 also supports non-UEFI images, however that choice is up to the underlying hardware and the administrator
292 The images for the above operating systems can be found in their respective websites.
298 For each Openstack service three endpoints are created: admin, internal and public.
302 ubuntu@ctl01:~$ openstack endpoint list --service keystone
303 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
304 | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
305 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
306 | 008fec57922b4e9e8bf02c770039ae77 | RegionOne | keystone | identity | True | internal | http://172.16.10.26:5000/v3 |
307 | 1a1f3c3340484bda9ef7e193f50599e6 | RegionOne | keystone | identity | True | admin | http://172.16.10.26:35357/v3 |
308 | b0a47d42d0b6491b995d7e6230395de8 | RegionOne | keystone | identity | True | public | https://10.0.15.2:5000/v3 |
309 +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
311 MCP sets up all Openstack services to talk to each other over unencrypted
312 connections on the internal management network. All admin/internal endpoints use
313 plain http, while the public endpoints are https connections terminated via nginx
314 at the VCP proxy VMs.
316 To access the public endpoints an SSL certificate has to be provided. For
317 convenience, the installation script will copy the required certificate into
318 to the cfg01 node at /etc/ssl/certs/os_cacert.
320 Copy the certificate from the cfg01 node to the client that will access the https
321 endpoints and place it under /etc/ssl/certs. The SSL connection will be established
326 $ ssh -o StrictHostKeyChecking=no -i /var/lib/opnfv/mcp.rsa -l ubuntu 10.20.0.2 \
327 "cat /etc/ssl/certs/os_cacert" | sudo tee /etc/ssl/certs/os_cacert
330 =============================
331 Reclass model viewer tutorial
332 =============================
335 In order to get a better understanding on the reclass model Fuel uses, the `reclass-doc
336 <https://github.com/jirihybek/reclass-doc>`_ can be used to visualise the reclass model.
337 A simplified installation can be done with the use of a docker ubuntu container. This
338 approach will avoid installing packages on the host, which might collide with other packages.
339 After the installation is done, a webbrowser on the host can be used to view the results.
341 **NOTE**: The host can be any device with Docker package already installed.
342 The user which runs the docker needs to have root priviledges.
348 #. Create a new directory at any location
355 #. Place fuel repo in the above directory
360 $ git clone https://gerrit.opnfv.org/gerrit/fuel && cd fuel
363 #. Create a container and mount the above host directory
367 $ docker run --privileged -it -v <absolute_path>/modeler:/host ubuntu bash
370 #. Install all the required packages inside the container.
375 $ apt-get install -y npm nodejs
376 $ npm install -g reclass-doc
377 $ cd /host/fuel/mcp/reclass
378 $ ln -s /usr/bin/nodejs /usr/bin/node
379 $ reclass-doc --output /host /host/fuel/mcp/reclass
382 #. View the results from the host by using a browser. The file to open should be now at modeler/index.html
384 .. figure:: img/reclass_doc.png
393 1) `Installation instructions <http://docs.opnfv.org/en/stable-euphrates/submodules/fuel/docs/release/installation/installation.instruction.html>`_
394 2) `Saltstack Documentation <https://docs.saltstack.com/en/latest/topics>`_
395 3) `Saltstack Formulas <http://salt-formulas.readthedocs.io/en/latest/develop/overview-reclass.html>`_