Ubuntu

There are two sections to the install: adding Calico to OpenStack control nodes, and adding Calico to OpenStack compute nodes. Follow the Common steps on each node before moving on to the specific instructions in the control and compute sections. If you want to create a combined control and compute node, work through all three sections.

Ensure that you meet the requirements.
Confirm that you have SSH access to and root privileges on one or more Ubuntu hosts (your OpenStack compute or control nodes).
on the Ubuntu hosts.

Some steps need to be taken on all machines being installed with Calico. These steps are detailed in this section.

Configure APT to use the Calico PPA:
Add the official PPA. This PPA contains fixes to BIRD that are not yet available in Ubuntu. To add the PPA, run:
tip

If the above command fails with error 'ascii' codec can't decode byte, try running the command with a UTF-8 enabled locale: LC_ALL=en_US.UTF-8 add-apt-repository ppa:cz.nic-labs/bird.
Update your package manager on each machine:
```
apt-get update
```
Install the etcd3-gateway Python package. A current copy of that code is needed by Calico’s OpenStack driver and DHCP agent, so you should install it with pip3.
```
apt-get install -y python3-pip
pip3 install git+https://github.com/dims/etcd3-gateway.git@5a3157a122368c2314c7a961f61722e47355f981
```
Edit /etc/neutron/neutron.conf. Add a [calico] section with the following content, where <ip> is the IP address of the etcd server.
```
[calico]
etcd_host = <ip>
```

On each control node, perform the following steps.

Run apt-get upgrade and apt-get dist-upgrade. These commands bring in Calico-specific updates to the OpenStack packages and to dnsmasq.
Edit /etc/neutron/neutron.conf. In the [DEFAULT] section, find the line beginning with core_plugin, and change it to read core_plugin = calico. Also remove any existing setting for service_plugins.
Install the calico-control package:
```
apt-get install -y calico-control
```
Restart the Neutron server process:
```
service neutron-server restart
```

On each compute node, perform the following steps:

Open /etc/nova/nova.conf and remove the line from the section that reads:

Remove the lines from the [neutron] section setting service_neutron_metadata_proxy or service_metadata_proxy to True, if there are any.

Restart nova compute.
```
service nova-compute restart
```

If they’re running, stop the Open vSwitch services:

service openvswitch-switch stop
service neutron-plugin-openvswitch-agent stop

Then, prevent the services running if you reboot:

sh -c "echo 'manual' > /etc/init/openvswitch-switch.override"
sh -c "echo 'manual' > /etc/init/openvswitch-force-reload-kmod.override"
sh -c "echo 'manual' > /etc/init/neutron-plugin-openvswitch-agent.override"

Then, on your control node, run the following command to find the agents that you just stopped:

neutron agent-list

For each agent, delete them with the following command on your control node, replacing <agent-id> with the ID of the agent:

neutron agent-delete <agent-id>

Install some extra packages:

apt-get install -y neutron-common neutron-dhcp-agent nova-api-metadata

Run apt-get upgrade and apt-get dist-upgrade. These commands bring in Calico-specific updates to the OpenStack packages and to dnsmasq.
Install the Calico DHCP agent (which uses etcd, allowing it to scale to higher numbers of hosts) and disable the Neutron-provided one:
```
service neutron-dhcp-agent stop
echo manual | tee /etc/init/neutron-dhcp-agent.override
apt-get install -y calico-dhcp-agent
```
Install the calico-compute package:
This step may prompt you to save your iptables rules to make them persistent on restart — hit yes.
Configure BIRD. By default Calico assumes that you will deploy a route reflector to avoid the need for a full BGP mesh. To this end, it includes configuration scripts to prepare a BIRD config file with a single peering to the route reflector. If that’s correct for your network, you can run either or both of the following commands.

For IPv4 connectivity between compute hosts:
```
calico-gen-bird-conf.sh <compute_node_ip> <route_reflector_ip> <bgp_as_number>
```
And/or for IPv6 connectivity between compute hosts:
```
calico-gen-bird6-conf.sh <compute_node_ipv4> <compute_node_ipv6> <route_reflector_ipv6> <bgp_as_number>
```
You will also need to configure your route reflector to allow connections from the compute node as a route reflector client.

If you are configuring a full BGP mesh you need to handle the BGP configuration appropriately on each compute host. The scripts above can be used to generate a sample configuration for BIRD, by replacing the <route_reflector_ip> with the IP of one other compute host — this will generate the configuration for a single peer connection, which you can duplicate and update for each compute host in your mesh.

To maintain connectivity between VMs if BIRD crashes or is upgraded, configure BIRD graceful restart:
- Add -R to BIRD_ARGS in /etc/bird/envvars (you may need to uncomment this option).
- Edit the upstart jobs /etc/init/bird.conf and bird6.conf (if you’re using IPv6), and add the following script to it.
```
pre-stop script
PID=`status bird | egrep -oi '([0-9]+)$' | head -n1`
kill -9 $PID
end script
```
Create /etc/calico/felix.cfg with the following content, where <ip> is the IP address of the etcd server.
```
[global]
DatastoreType = etcdv3
EtcdAddr = <ip>:2379
```

If your etcd cluster has authentication enabled, you must also configure the relevant Calico components with an etcd user name and password. You can create a single etcd user for Calico that has permission to read and write any key beginning with /calico/, or you can create specific etcd users for each component, with more precise permissions.