Configure Dependencies

• 1: Configure Bridges
• 2: Disable FirewallD on RHEL 7
• 3: Configure NTP
• 4: Configure Java
• 5: Configure an MTA
• 6: Install MidoNet
• 6.1: Prerequisites
• 6.2: MidoNet Component Topology
• 6.3: Install MidoNet for Eucalyptus

1 - Configure Bridges

To configure a bridge on CentOS 7 or RHEL 7, you need to create a file with bridge configuration (for example, ifcfg-brX) and modify the file for the physical interface (for example, ifcfg-ethX). The following steps describe how to set up a bridge on both CentOS 7 and RHEL 7. We show examples for configuring bridge devices that either obtain IP addresses using DHCP or statically.

Install the bridge-utils package.

yum install bridge-utils

Go to the /etc/sysconfig/network-scripts directory:

cd /etc/sysconfig/network-scripts

Open the network script for the device you are adding to the bridge and add your bridge device to it. The edited file should look similar to the following:

DEVICE=eth0
# change the hardware address to match the hardware address your NIC uses
HWADDR=00:16:76:D6:C9:45
ONBOOT=yes
BRIDGE=br0
NM_CONTROLLED=no

Create a new network script in the /etc/sysconfig/network-scripts directory called ifcfg-br0 or something similar. The br0 is the name of the bridge, but this can be anything as long as the name of the file is the same as the DEVICE parameter, and the name is specified correctly in the previously created physical interface configuration (ifcfg-ethX).

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

If you are using a static IP address, the configuration will look similar to:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=static_IP_address
NETMASK=netmask
GATEWAY=gateway
ONBOOT=yes

Enter the following command:

systemctl restart network.service

2 - Disable FirewallD on RHEL 7

This topic describes how to stop and disable FirewallD on RHEL 7.Prerequisites

• You should have successfully installed RHEL 7 before this task. If you have existing firewall rules on your host machines, you must disable the firewall in order to install Eucalyptus . You should re-enable it after installation.

  Note

  The firewall on a RHEL 7 system is enabled by default. Before you restart the CLC, you must disable the firewalld service on all host machines.

For more information, see FirewallD on RHEL 7 or FirewallD on CentOS .

To stop and disable FirewallD Check the status of the firewalld service:

systemctl status firewalld.service

The status displays as active (running) or inactive (dead) . If the firewall is active / running, enter this command to stop it:

systemctl stop firewalld.service

To completely disable the firewalld service, so it does not reload when you restart the host machine:

systemctl disable firewalld.service

Verify the status of the firewalld service:

systemctl status firewalld.service

The status should display as disabled and inactive (dead) .

firewalld.service - firewalld - dynamic firewall daemon
  Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
  Active: inactive (dead)

Repeat these steps for all host machines. The firewalld service is stopped and disabled. You can now start the CLC and other host machines.

Postrequisites

• You should re-enable the firewall after installation is complete.

3 - Configure NTP

To use NTP:

Install NTP on the machines that will host Eucalyptus components.

yum install ntp

Open the /etc/ntp.conf file and add NTP servers, if necessary, as in the following example.

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org

Save and close the file. Synchronize your server.

ntpdate -u YOUR_NTP_SERVER

Configure NTP to run at reboot.

systemctl enable ntpd.service

Start NTP.

systemctl start ntpd.service

Synchronize your system clock, so that when your system is rebooted, it does not get out of sync.

hwclock --systohc

Repeat on each host machine that will run a Eucalyptus service.

4 - Configure Java

For the supported version of the Java Virtual Machine (JVM), see the Compatibility Matrix in the Release Notes .

As of Eucalyptus 4.3, JVM 8 is required. Eucalyptus RPM packages require java-1.8.0-openjdk, which will be installed automatically.

To use Java with Eucalyptus cloud:

Open the /etc/eucalyptus/eucalyptus.conf file. Verify that the CLOUD_OPTS setting does not set –java-home , or that –java-home points to a supported JVM version.

5 - Configure an MTA

You can use Sendmail, Exim, postfix, or something simpler. The MTA server does not have to be able to receive incoming mail.

Many Linux distributions satisfy this requirement with their default MTA. For details about configuring your MTA, go to the documentation for your specific product.

To test your mail relay for localhost, send email to yourself from the terminal using mail .

6 - Install MidoNet

Install MidoNet

Eucalyptus requires MidoNet for VPC functionality. This section describes how to install MidoNet for use with Eucalyptus.

Before you begin:

• See the Planning your Network section of the guide to create a map of how MidoNet / will be deployed into your environment.
• See the MidoNet Installation Guide to become familiar with the general MidoNet installation procedure and concepts.

6.1 - Prerequisites

This topic discusses the prerequisites for installing MidoNet 5.2.

You need to configure software repositories and install Network State Database (NSDB) services: ZooKeeper and Cassandra.

Repository Access

In order to use MidoNet with Eucalyptus you need to configure the MidoNet repositories.

Create /etc/yum.repos.d/midonet.repo and /etc/yum.repos.d/midonet-misc.repo on all host machines that will run MidoNet components including ZooKeeper and Cassandra. For example:

[midonet]
name=MidoNet
baseurl=http://builds.midonet.org/midonet-5.2/stable/el7/
enabled=1
gpgcheck=1
gpgkey=https://builds.midonet.org/midorepo.key

and:

[midonet-misc]
name=MidoNet 3rd Party Tools and Libraries
baseurl=http://builds.midonet.org/misc/stable/el7/
enabled=1
gpgcheck=1
gpgkey=https://builds.midonet.org/midorepo.key

See MidoNet Repository Configuration.

ZooKeeper

MidoNet uses Apache ZooKeeper to store critical path data about the virtual and physical network topology.

For a simple single-server installation, install ZooKeeper on any server that is IP accessible from all Midolman agents (for example: on the CLC host machine itself). You can also cluster ZooKeeper for fault tolerance. See MidoNet NSDB ZooKeeper Installation.

Enable and start the ZooKeeper service before installing the other MidoNet services.

Cassandra

MidoNet uses Apache Cassandra to store flow state information.

For a simple single-server installation, install Cassandra on any server that is IP accessible from all Midolman agents (for example: on the CLC host machine itself). You can also cluster Cassandra for fault tolerance. See MidoNet NSDB Cassandra Installation.

Enable and start the Cassandra service before installing the other MidoNet services.

6.2 - MidoNet Component Topology

This topic lists topology recommendations for installing MidoNet.

• The midonet-api must run co-located with the Cloud Controller (CLC).
• Each Node Controller (NC) must run a Midolman agent.
• The Cloud Controller (CLC) must run a Midolman agent.
• It is recommended that your User Facing Services (UFS) host be used as the MidoNet Gateway (i.e., running a Midolman agent) when configuring .
• The network interface(s) specified as * (in the configuration file) should be dedicated for /MidoNet (for configuration/operation/use).
• /MidoNet expects exclusive use of the network interface specified in .
• If the main network interface of a server is specified in , most likely the connectivity to that server will be lost once is deployed.

Network YAML Example

The following Eucalyptus network YAML file shows a sample VPCMIDO mode configuration:

Mode: VPCMIDO

InstanceDnsServers:
- "10.10.10.1"

PublicIps:
- "1.A.B.1-1.A.B.255"

Mido:
  Gateways:
  - ExternalCidr: "172.19.0.0/30"
    ExternalDevice: "veth1"
    ExternalIp: "172.19.0.2"
    ExternalRouterIp: "172.19.0.1"
    Ip: "10.10.10.1"

Where 1.A.B.1-1.A.B.255 represents the public IP address range for your cloud.

6.3 - Install MidoNet for Eucalyptus

This topic shows how to install MidoNet for use in your Eucalyptus cloud.

Install the MidoNet Cluster on the Cloud Controller (CLC)

This topic describes how to install the MidoNet Cluster. MidoNet Cluster services provide a means to manage MidoNet functions that MidoNet agents (Midolman) are unable to perform on their own. MidoNet Cluster services include state synchronization of VxLAN gateways and the MidoNet REST API. A MidoNet v5 deployment requires at least one MidoNet cluster node, and it must be co-located on the CLC host machine in Eucalyptus deployments. For security reasons, the MidoNet REST API is accessed only on the CLC (localhost interface).

To install the MidoNet Cluster on the CLC

Add the MidoNet repo file as described in Prerequisites . Install MidoNet Cluster packages.

yum install midonet-cluster python-midonetclient

Edit the /etc/midonet/midonet.conf file to set the ZooKeeper host IP(s). Replace ZOOKEEPER_HOST_IP in the following example:

[zookeeper]
zookeeper_hosts = ZOOKEEPER_HOST_IP:2181 

Configure cloud-wide access to the NSDB services:

cat << EOF | mn-conf set -t default
zookeeper {
  zookeeper_hosts = “ZOOKEEPER_HOST:2181"
}

cassandra {
  servers = “CASSANDRA_HOST"
}
EOF

Enable and start the MidoNet Cluster:

systemctl enable midonet-cluster.service
systemctl start midonet-cluster.service

Set the midonet-api end point:

mn-conf set cluster.rest_api.http_port=8080
mn-conf set cluster.rest_api.http_host="127.0.0.1"

Restart the Midonet Cluster so the rest_api parameters take effect:

systemctl restart midonet-cluster.service

Install Midolman on components

This topic describes how to install the Midolman agent. Midolman is the MidoNet Agent, which is a daemon that runs on all hosts where traffic enters and leaves MidoNet. The Midolman agent is required on the Cloud Controller (CLC), Node Controllers (NCs), and any host that is a MidoNet Gateway node (e.g., UFS).

To install Midolman agent

Edit the /etc/midolman/midolman.conf file to set the ZooKeeper host IP(s). Replace ZOOKEEPER_HOST_IP in the following example:

[zookeeper]
zookeeper_hosts = ZOOKEEPER_HOST_IP:2181

Enable and start Midolman:

systemctl enable midolman.service
systemctl start midolman.service

Configure a Midolman resource usage template. For large Eucalyptus clouds, use the agent-compute-large template. For standard (small or medium) Eucalyptus clouds, use the default template. For gateway nodes, use the agent-gateway templates.

See the Midolman Installation documentation for more information.

Choose the Midolman resource usage template name, based on the size and type of installation:

agent-compute-large
agent-compute-medium
agent-gateway-large
agent-gateway-medium
default

Run this command, replacing TEMPLATE_NAME with your chosen template:

mn-conf template-set -h local -t TEMPLATE_NAME

Create a tunnel zone in MidoNet and add hosts

This topic describes how to create a MidoNet tunnel zone. In MidoNet, a tunnel zone is an isolation zone for hosts. Physical hosts that are members of a given tunnel zone communicate directly with one another and establish network tunnels as needed, and on demand. These network tunnels are used to transport overlay traffic (e.g., inter-VM communication) and isolate the underlay physical network communication (i.e., inter-physical hosts communication). On a Eucalyptus deployment, one MidoNet tunnel zone is expected with the IP address on the physical network designated to carry VM traffic being used when configuring its members. Eucalyptus accepts the following tunnel zone names:

• eucatz
• euca-tz
• midotz
• mido-tz

For more information, see What are Tunnel Zones?

To create a tunnel zone in MidoNet

Log into the MidoNet shell. For example:

midonet-cli -A --midonet-url=http://127.0.0.1:8080/midonet-api

Create a GRE tunnel zone:

[root@clcfrontend mido-docs]# midonet-cli -A --midonet-url=http://127.0.0.1:8080/midonet-api
midonet> tunnel-zone add name eucatz type gre
midonet> tunnel-zone list
tzone tzone0 name eucatz type gre
midonet> host list
host host0 name node1 alive true
host host1 name clcfrontend alive true
host host2 name node2 alive true

You should see a host listed for each of your Node Controllers and for your User Facing Service host; if not, check the /var/log/midolman/midolman.log log file on the missing hosts to ensure there are no error messages.

After verifying all your hosts are listed, add each host to your tunnel zone as follows. Replace HOST_N_IP with the IP of your Node Controller or User Facing Service host that you used to register the component with Eucalyptus :

midonet> tunnel-zone tzone0 add member host host0 address HOST_0_IP
midonet> tunnel-zone tzone0 add member host host1 address HOST_1_IP
midonet> tunnel-zone tzone0 add member host host2 address HOST_2_IP

You are now ready to install and configure Eucalyptus to use this MidoNet installation.

Additional ZooKeeper Configuration

Ongoing data directory cleanup is required for ZooKeeper. The following parameters should be added in /etc/zookeeper/zoo.cfg for automatic purging of the snapshots and corresponding transaction logs:

autopurge.snapRetainCount=3  # The number of snapshots to retain in dataDir
autopurge.purgeInterval=1  # Purge task interval in hours

For more information, see ZooKeeper Admin Guide, Ongoing Data Directory Cleanup.