Red Hat Enterprise Linux

    There are two sections to the install: adding Calico to OpenStack control nodes, and adding Calico to OpenStack compute nodes. Follow the Common steps on each node before moving on to the specific instructions in the control and compute sections. If you want to create a combined control and compute node, work through all three sections.

    • Ensure that you meet the requirements.
    • Confirm that you have SSH access to and root privileges on one or more Red Hat Enterprise Linux (RHEL) hosts.
    • Make sure you have working DNS between the RHEL hosts (use if you don’t have DNS on your network).
    • on the RHEL hosts.

    Some steps need to be taken on all machines being installed with Calico. These steps are detailed in this section.

    1. . You may have already added this to install OpenStack.

    2. Configure the Calico repository:

    3. Install the etcd3-gateway Python package. A current copy of that code is needed by Calico’s OpenStack driver and DHCP agent, so you should install it with pip3.

      1. yum install python3-pip
      2. pip3 install git+https://github.com/dims/etcd3-gateway.git@5a3157a122368c2314c7a961f61722e47355f981

    4. Edit /etc/neutron/neutron.conf. Add a [calico] section with the following content, where <ip> is the IP address of the etcd server.

      1. [calico]
      2. etcd_host = <ip>

    On each control node, perform the following steps:

    1. Delete all configured OpenStack state, in particular any instances, routers, subnets and networks (in that order) created by the install process referenced above. You can do this using the web dashboard or at the command line.

      tip

      The Admin and Project sections of the web dashboard both have subsections for networks and routers. Some networks may need to be deleted from the Admin section.

      Red Hat Enterprise Linux - 图2caution

      The Calico install will fail if incompatible state is left around.

    2. Edit /etc/neutron/neutron.conf. In the [DEFAULT] section, find the line beginning with core_plugin, and change it to read core_plugin = calico. Also remove any existing setting for service_plugins.

      1. yum install -y calico-control

    4. Restart the neutron server process:

      On each compute node, perform the following steps:

      1. Open /etc/nova/nova.conf and remove the line from the [DEFAULT] section that reads:

        1. linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver

        Remove the lines from the [neutron] section setting service_neutron_metadata_proxy or service_metadata_proxy to True, if there are any. Additionally, if there is a line setting metadata_proxy_shared_secret, comment that line out as well.

        Restart nova compute.

        If this node is also a controller, additionally restart nova-api.

        1. service openstack-nova-api restart

      2. If they’re running, stop the Open vSwitch services.

        Then, prevent the services running if you reboot.

        1. chkconfig openvswitch off
        2. chkconfig neutron-openvswitch-agent off

        Then, on your control node, run the following command to find the agents that you just stopped.

        1. neutron agent-list

        For each agent, delete them with the following command on your control node, replacing <agent-id> with the ID of the agent.

        1. neutron agent-delete <agent-id>

      3. Install Neutron infrastructure code on the compute host.

        1. yum install -y openstack-neutron

      4. Edit /etc/neutron/neutron.conf. In the [oslo_concurrency] section, ensure that the lock_path variable is uncommented and set as follows.

        1. # Directory to use for lock files. For security, the specified directory should
        2. # only be writable by the user running the processes that need locking.
        3. # Defaults to environment variable OSLO_LOCK_PATH. If external locks are used,
        4. # a lock path must be set.
        5. lock_path = $state_path/lock

      5. Stop and disable the Neutron DHCP agent, and install the Calico DHCP agent (which uses etcd, allowing it to scale to higher numbers of hosts).

        1. service neutron-dhcp-agent stop
        2. chkconfig neutron-dhcp-agent off
        3. yum install -y calico-dhcp-agent
        1. chkconfig neutron-l3-agent off

        Repeat for bridging agent and any others.

      7. If this node is not a controller, install and start the Nova Metadata API. This step is not required on combined compute and controller nodes.

      8. Install the BIRD BGP client.

        1. yum install -y bird bird6

      9. Install the calico-compute package.

        1. yum install -y calico-compute

      10. Configure BIRD. By default Calico assumes that you will deploy a route reflector to avoid the need for a full BGP mesh. To this end, it includes configuration scripts to prepare a BIRD config file with a single peering to the route reflector. If that’s correct for your network, you can run either or both of the following commands.

        For IPv4 connectivity between compute hosts:

        1. calico-gen-bird-conf.sh <compute_node_ip> <route_reflector_ip> <bgp_as_number>

        And/or for IPv6 connectivity between compute hosts:

        1. calico-gen-bird6-conf.sh <compute_node_ipv4> <compute_node_ipv6> <route_reflector_ipv6> <bgp_as_number>

        You will also need to configure your route reflector to allow connections from the compute node as a route reflector client.

        If you are configuring a full BGP mesh you need to handle the BGP configuration appropriately on each compute host. The scripts above can be used to generate a sample configuration for BIRD, by replacing the with the IP of one other compute host—this will generate the configuration for a single peer connection, which you can duplicate and update for each compute host in your mesh.

        To maintain connectivity between VMs if BIRD crashes or is upgraded, configure BIRD graceful restart. Edit the systemd unit file /usr/lib/systemd/system/bird.service (and bird6.service for IPv6):

        • Add -R to the end of the ExecStart line.
        • Add KillSignal=SIGKILL as a new line in the [Service] section.
        • Run systemctl daemon-reload to tell systemd to reread that file.

        Ensure that BIRD (and/or BIRD 6 for IPv6) is running and starts on reboot.

        1. service bird restart
        2. service bird6 restart
        3. chkconfig bird on
        4. chkconfig bird6 on

      11. Create /etc/calico/felix.cfg with the following content, where <ip> is the IP address of the etcd server.

        1. [global]
        2. DatastoreType = etcdv3
        3. EtcdAddr = <ip>:2379

      12. Restart the Felix service.

        1. service calico-felix restart

      This table sets out where to configure each component of Calico for OpenStack, and the detailed access permissions that each component needs: