Chapter 3. Deploying the undercloud for RHOSP dynamic routing

The undercloud is the node that controls the configuration, installation, and management of your final Red Hat OpenStack Platform (RHOSP) environment, which is called the overcloud. The undercloud uses OpenStack Platform component services, including the OVN BGP agent, that run in containers. These containerized services comprise a tool called RHOSP director, which you use to create and manage your overcloud.

The topic included in this section is:

3.1. Installing and configuring the undercloud for RHOSP dynamic routing

You use Red Hat OpenStack Platform (RHOSP) director to install and configure dynamic routing in the RHOSP undercloud. The high-level steps are:

  1. (Optional) Set BGP configuration values for the undercloud in frr-parameters.yaml.
  2. Set spine-leaf network topology configuration values for the undercloud in undercloud.conf.
  3. Run the openstack undercloud install command.

Procedure

  1. Log in to the undercloud host as the stack user.
  2. Source the stackrc undercloud credentials file:

    $ source ~/stackrc
  3. If you plan to use BGP to reach the other racks and overcloud nodes, then configure FRRouting (FRR) to be installed on the undercloud by adding the following parameters to a custom heat environment file, /home/stack/templates/frr-parameters.yaml.

    Note

    Remember this path. You need it in a later step.

    Example

    parameter_defaults:
      ContainerFrrImage: registry.redhat.io/rhosp-17.1/openstack-frr-rhel9:17.1.1
      FrrBfdEnabled: true
      FrrBgpEnabled: true
      FrrBgpAsn: 64999
      FrrBgpUplinks: ['nic2', 'nic3']
      FrrBgpUplinksScope: internal
      FrrLogLevel: debugging
      FrrBgpRouterID: 172.30.4.1
      FrrBgpIpv4SrcIp: 172.30.4.1
      FrrBgpIpv6SrcIp: fe80::5054:ff:fe74:73ce

    Tip

    For more information, see Networking (neutron) Parameters in the Overcloud parameters guide.

    FrrBfdEnabled
    When true, enable Bidirectional Forwarding Detection (BFD). The default is false.
    FrrBgpEnabled
    When true, enable Border Gateway Protocol (BGP). The default is true.
    FrrBgpAsn
    The default ASN to be used within FRRouting. The default is 65000. FrrBgpAsn can be set to a different value for each role that is used.
    FrrBgpUplinks
    A comma-delimited list of uplink network interfaces. The default is ['nic1', 'nic2'].
    FrrBgpUplinksScope
    Either peer with internal (iBGP) or external (eBGP) neighbors. The default is internal.
    FrrLogLevel
    Specifies the FRR log level using the set of values: emergencies, alerts, critical, errors, warnings, notifications, informational, debugging. The default is informational.
    FrrBgpRouterID
    The BGP router_id to be used by FRR.
    FrrBgpIpv4SrcIp
    The source IP address for IPv4 network traffic.
    FrrBgpIpv6SrcIp
    The source IP address for IPv6 network traffic.
    tripleo_frr_bgp_peers
    A role-specific parameter used to specify a list of IPs addresses or hostnames for Free Range Routing (FRR) to peer with.
    tripleo_frr_ovn_bgp_agent_enable
    A role-specific parameter used to enable or disable the OVN BGP agent on RHOSP nodes where no data plane routes are exposed. The default value is true.
  4. If you do not already have an undercloud.conf file, copy the sample template file:

    $ cp /usr/share/python-tripleoclient/undercloud.conf.sample \
    ~/templates/undercloud.conf
  5. In the [DEFAULT] section, set the following general parameter values.

    Example

    [DEFAULT]
    # General
    cleanup = false
    container_images_file=/home/stack/templates/
    \containers-prepare-parameter.yaml
    overcloud_domain_name = {{ cloud_domain }}
    undercloud_timezone = UTC
    undercloud_hostname = undercloud-0.{{ cloud_domain }}
    
    # BGP on undercloud
    ...
    
    # TLS-e
    ...
    
    # Networking
    ...
    
    # Subnets
    ...

    Tip

    For more information, see Director configuration parameters in the Installing and managing Red Hat OpenStack Platform with director guide.

    overcloud_domain_name
    Specifies the DNS domain name that you want to use when you deploy the overcloud. In a subsequent step, you must ensure that this value matches the value of the overcloud CloudDomain parameter.
    cleanup
    Delete temporary files. Set this to false to retain the temporary files used during deployment. The temporary files can help you debug the deployment if errors occur.
    container_images_file
    Specifies the Heat environment file with container image information.
    container_insecure_registries
    A list of insecure registries for podman to use. Use this parameter if you want to pull images from another source, such as a private container registry.
    custom_env_files
    Additional environment files that you want to add to the undercloud installation.
    undercloud_hostname
    Defines the fully qualified host name for the undercloud. If set, the undercloud installation configures all system host name settings. If left unset, the undercloud uses the current host name, but you must configure all system host name settings appropriately.
    undercloud_timezone
    Host timezone for the undercloud. If you do not specify a timezone, director uses the existing timezone configuration.
  6. If want to install BGP on the undercloud, then in the [DEFAULT] section, enable FRR on the undercloud, and point to the custom environment file where you set the FRR parameter values in an earlier step.

    Example

    [DEFAULT]
    # General
    ...
    
    # BGP on undercloud
    enable_frr=true
    custom_env_files=/home/stack/templates/frr-parameters.yaml
    
    # TLS-e
    ...
    
    # Networking
    ...
    
    # Subnets
    ...

  7. If you are using TLS-everywhere, then in the [DEFAULT] section, set the following TLS-everywhere parameter values:

    Example

    [DEFAULT]
    # General
    ...
    
    # BGP on undercloud
    ...
    
    # TLS-e
    enable_novajoin = False
    undercloud_nameservers = {{ freeipa_ip }}
    generate_service_certificate = True
    ipa_otp = {{ undercloud_otp }}
    
    # Networking
    ...
    
    # Subnets
    ...

    Tip

    For more information, see Director configuration parameters in the Installing and managing Red Hat OpenStack Platform with director guide.

    enable_novajoin
    When true, enables the novajoin service to deploy TLS.
    undercloud_nameservers
    Specifies the current IP addresses of the DNS servers for the undercloud nameserver. You can find this information in /etc/resolv.conf.
    generate_service_certificate
    Defines whether to generate an SSL/TLS certificate during the undercloud installation, which is used for the undercloud_service_certificate parameter.
    ipa_otp
    Set FreeIPA OTP fact.
  8. In the [DEFAULT] section, set the following networking parameter values:

    Example

    [DEFAULT]
    # General
    ...
    
    # BGP on undercloud
    ...
    
    # TLS-e
    ...
    
    # Networking
    local_interface = eth0
    local_ip = {{ undercloud_ctlplane }}/24
    undercloud_public_host = {{ undercloud_public_host }}
    undercloud_admin_host = {{ undercloud_admin_host }}
    
    # Subnets
    ...

    Tip

    For more information, see Director configuration parameters in the Installing and managing Red Hat OpenStack Platform with director guide.

    local_interface
    Interface to bridge for the local network.
    local_ip
    IP address for the undercloud on leaf0.
    undercloud_public_host
    Externally facing IP address of the undercloud.
    undercloud_admin_host
    Administration IP address of the undercloud. This IP address is usually on leaf0.
  9. Create a new section for each subnet that you defined earlier in the subnets parameter.

    Important

    Director cannot change the IP addresses for a subnet after director creates the subnet.

    Example

    [DEFAULT]
    # General
    ...
    
    # BGP on undercloud
    ...
    
    # TLS-e
    ...
    
    # Networking
    ...
    
    # Subnets
    [r1]
    # This subnet is used for overcloud nodes deployed on rack1.
    cidr = 192.168.1.0/24
    dhcp_start = 192.168.1.150
    dhcp_end = 192.168.1.170
    inspection_iprange = 192.168.1.171,192.168.1.185
    gateway = 192.168.1.1
    masquerade = False
    [r2]
    # This subnet is used for overcloud nodes deployed on rack2.
    cidr = 192.168.2.0/24
    dhcp_start = 192.168.2.150
    dhcp_end = 192.168.2.170
    inspection_iprange = 192.168.2.171,192.168.2.185
    gateway = 192.168.2.1
    masquerade = False
    [r3]
    # This subnet is used for overcloud nodes deployed on rack3.
    cidr = 192.168.3.0/24
    dhcp_start = 192.168.3.150
    dhcp_end = 192.168.3.170
    inspection_iprange = 192.168.3.171,192.168.3.185
    gateway = 192.168.3.1
    masquerade = False
    [r4]
    # This subnet is used for the underloud node and potentially FreeIPA
    # that are deployed on rack4.
    cidr = 192.168.4.0/24
    dhcp_start = {{ undercloud_dhcp_start }}
    dhcp_end = 192.168.4.170
    inspection_iprange = 192.168.4.171,192.168.4.185
    gateway = 192.168.4.1
    masquerade = False

    Tip

    For more information, see Subnets in the Installing and managing Red Hat OpenStack Platform with director guide.

    cidr
    The network that director uses to manage overcloud instances. This is the Provisioning network, which the undercloud neutron service manages. Leave this as the default 192.168.24.0/24 unless you use a different subnet for the Provisioning network.
    masquerade

    Defines whether to masquerade the network defined in the cidr for external access. This provides the Provisioning network with network address translation (NAT) so that the Provisioning network has external access through director.

    Note

    The director configuration also enables IP forwarding automatically using the relevant sysctl kernel parameter.

    dhcp_start and dhcp_end
    The start and end of the DHCP allocation range for overcloud nodes. Ensure that this range contains enough IP addresses to allocate your nodes.
    dhcp_exclude
    IP addresses to exclude in the DHCP allocation range.
    dns_nameservers
    DNS nameservers specific to the subnet. If no nameservers are defined for the subnet, the subnet uses nameservers defined in the undercloud_nameservers parameter.
    gateway
    The gateway for the overcloud instances. This is the undercloud host, which forwards traffic to the External network. Leave this as the default 192.168.24.1 unless you use a different IP address for director or want to use an external gateway directly.
  10. Run the install command.

    $ openstack undercloud install
  11. Ensure that your undercloud has the correct network configuration including any additional network routes to reach each leaf and rack.

    For more information, see Director configuration parameters in the Installing and managing Red Hat OpenStack Platform with director guide.

Verification

  1. The director configuration script starts all of the services automatically. Confirm that the RHOSP service containers are running:

    $ sudo podman ps -a --format "{{.Names}} {{.Status}}"

    Sample output

    You should see output similar to the following that indicates that the RHOSP service containers are Up:

    memcached Up 3 hours (healthy)
    haproxy Up 3 hours
    rabbitmq Up 3 hours (healthy)
    mysql Up 3 hours (healthy)
    iscsid Up 3 hours (healthy)
    keystone Up 3 hours (healthy)
    keystone_cron Up 3 hours (healthy)
    neutron_api Up 3 hours (healthy)
    logrotate_crond Up 3 hours (healthy)
    neutron_dhcp Up 3 hours (healthy)
    neutron_l3_agent Up 3 hours (healthy)
    neutron_ovs_agent Up 3 hours (healthy)
    ironic_api Up 3 hours (healthy)
    ironic_conductor Up 3 hours (healthy)
    ironic_neutron_agent Up 3 hours (healthy)
    ironic_pxe_tftp Up 3 hours (healthy)
    ironic_pxe_http Up 3 hours (unhealthy)
    ironic_inspector Up 3 hours (healthy)
    ironic_inspector_dnsmasq Up 3 hours (healthy)
    neutron-dnsmasq-qdhcp-30d628e6-45e6-499d-8003-28c0bc066487 Up 3 hours
    ...
  2. Confirm that you can initialize the stack user to use the command line tools:

    $ source ~/stackrc

    If the prompt displays (undercloud), this indicates that OpenStack commands authenticate and execute against the undercloud:

    Sample output

    (undercloud) [stack@director ~]$

    The director installation is complete. You can now use the director command line tools.

Additional resources