An FCD, also known as an Improved Virtual Disk (IVD) or Managed Virtual Disk, is a named virtual disk independent of a virtual machine. Using FCDs for Cinder volumes eliminates the need for shadow virtual machines. This patch adds Kolla support. Change-Id: Ic0b66269e6d32762e786c95cf6da78cb201d2765
13 KiB
VMware - Nova Virtualisation Driver
Overview
Kolla can deploy the Nova and Neutron Service(s) for VMware vSphere. Depending on the network architecture (NsxT, NsxV or DVS) you choose, Kolla deploys the following OpenStack services for VMware vSphere:
For VMware NsxT:
- nova-compute
- neutron-server
For VMware NsxV:
- nova-compute
- neutron-server
For VMware DVS:
- nova-compute
- neutron-server
- neutron-dhcp-agent
- neutron-metadata-agent
Kolla can deploy the Glance and Cinder services using VMware datastore as their backend. You can create Cinder volumes as VMDKs or as First Class Disks (FCDs).
An FCD, also known as an Improved Virtual Disk (IVD) or Managed Virtual Disk, is a named virtual disk independent of a virtual machine. Using FCDs for Cinder volumes eliminates the need for shadow virtual machines.
The FCD backend is offered in addition to the default VMDK backend. If you use FCD as the backend driver for Cinder, you can use both FCD and VMDK volumes in the same deployment.
Ceilometer metering for vSphere is also supported.
Because the vmware-nsx drivers for neutron use completely different architecture than other types of virtualization, vmware-nsx drivers cannot coexist with other type of virtualization in one region. In neutron vmware-nsx drivers, neutron-server acts like an agent to translate OpenStack actions into what vSphere/NSX Manager API can understand. Neutron does not directly takes control of the Open vSwitch inside the VMware environment but through the API exposed by vSphere/NSX Manager.
Note
VMware NSX plugin is not in the kolla image by default. VMware NSX plugin has to be added in the neutron image and if you are using vmware_dvs also in neutron-dhcp-agent image.
For VMware DVS, the Neutron DHCP agent does not attaches to Open
vSwitch inside VMware environment, but attach to the Open vSwitch bridge
called br-dvs
on the OpenStack side and replies to/receives
DHCP packets through VLAN. Similar to what the DHCP agent does, Neutron
metadata agent attaches to br-dvs
bridge and works through
VLAN.
Note
VMware NSX-DVS plugin does not support tenant networks, so all VMs should attach to Provider VLAN/Flat networks.
VMware NSX-T
Preparation
You should have a working NSX-T environment, this part is out of scope of Kolla. For more information, please see VMware NSX-T documentation. The NSX Manager provides a web-based user interface where you can manage your NSX-T environment. It also hosts the API server that processes API calls. The NSX Manager interface provides two modes for configuring resources:
- Policy mode
- Manager mode
In Kolla you will have the choice between both with neutron plugin vmware_nsxv3 for Manager mode and vmware_nsxp for Policy Mode. For more information, please see documentation.
In addition, it is important to modify the firewall rule of vSphere to make sure that VNC is accessible from outside VMware environment.
On every VMware host, edit /etc/vmware/firewall/vnc.xml
as below:
<!-- FirewallRule for VNC Console -->
ConfigRoot>
<service>
<id>VNC</id>
<rule id = '0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>5900</begin>
<end>5999</end>
<port>
</rule>
</rule id = '0001'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>0</begin>
<end>65535</end>
<port>
</rule>
</enabled>true</enabled>
<required>false</required>
<service>
</ConfigRoot> </
Then refresh the firewall config by:
# esxcli network firewall refresh
Verify that the firewall config is applied:
# esxcli network firewall ruleset list
Deployment
The deployment below covers the Policy mode (vmware_nsxp)
Enable VMware nova-compute plugin and NSX-T neutron-server plugin in
/etc/kolla/globals.yml
:
enable_openvswitch: no
nova_compute_virt_type: "vmware"
neutron_plugin_agent: "vmware_nsxp"
If you want to set VMware datastore as cinder backend, enable it in
/etc/kolla/globals.yml
:
enable_cinder: "yes"
cinder_backend_vmwarevc_vmdk: "yes"
vmware_datastore_name: "TestDatastore"
If you want to set VMware First Class Disk (FCD) datastore as VMware
vStorage Object backend, enable it in
/etc/kolla/globals.yml
:
enable_cinder: "yes"
cinder_backend_vmware_vstorage_object: "yes"
vmware_datastore_name: "TestDatastore"
If you want to set VMware datastore as glance backend, enable it in
/etc/kolla/globals.yml
:
glance_backend_vmware: "yes"
vmware_vcenter_name: "TestDatacenter"
vmware_datastore_name: "TestDatastore"
VMware options are required in /etc/kolla/globals.yml
,
these options should be configured correctly according to your NSX-T
environment.
Options for nova-compute
and
ceilometer
:
vmware_vcenter_host_ip: "127.0.0.1"
vmware_vcenter_host_username: "admin"
vmware_vcenter_cluster_name: "cluster-1"
vmware_vcenter_insecure: "True"
vmware_vcenter_datastore_regex: ".*"
Note
The VMware vCenter password has to be set in
/etc/kolla/passwords.yml
.
vmware_vcenter_host_password: "admin"
Options for Neutron NSX-T support:
vmware_nsxp_api_user: "admin"
vmware_nsxp_insecure: true
vmware_nsxp_default_tier0_router: "T0-Example"
vmware_nsxp_dhcp_profile: "dhcp-profile-example"
vmware_nsxp_metadata_proxy: "metadata_proxy-example"
vmware_nsxp_api_managers: "nsx-manager.local"
vmware_nsxp_default_vlan_tz: "vlan-tz-example"
vmware_nsxp_default_overlay_tz: "overlay-tz-example"
Note
If you want to set secure connections to VMware, set
vmware_vcenter_insecure
to false. Secure connections to
vCenter requires a CA file, copy the vCenter CA file to
/etc/kolla/config/vmware_ca
.
Note
The VMware NSX-T password has to be set in
/etc/kolla/passwords.yml
.
vmware_nsxp_api_password: "xxxxx"
vmware_nsxp_metadata_proxy_shared_secret: "xxxxx"
Then you should start kolla-ansible
deployment normally as KVM/QEMU
deployment.
VMware NSX-V
Preparation
You should have a working NSX-V environment, this part is out of scope of Kolla. For more information, please see VMware NSX-V documentation.
In addition, it is important to modify the firewall rule of vSphere to make sure that VNC is accessible from outside VMware environment.
On every VMware host, edit /etc/vmware/firewall/vnc.xml
as below:
<!-- FirewallRule for VNC Console -->
ConfigRoot>
<service>
<id>VNC</id>
<rule id = '0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>5900</begin>
<end>5999</end>
<port>
</rule>
</rule id = '0001'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>0</begin>
<end>65535</end>
<port>
</rule>
</enabled>true</enabled> <required>false</required>
<service>
</ConfigRoot> </
Then refresh the firewall config by:
# esxcli network firewall refresh
Verify that the firewall config is applied:
# esxcli network firewall ruleset list
Deployment
Enable VMware nova-compute plugin and NSX-V neutron-server plugin in
/etc/kolla/globals.yml
:
nova_compute_virt_type: "vmware"
neutron_plugin_agent: "vmware_nsxv"
Note
VMware NSX-V also supports Neutron FWaaS and VPNaaS services, you can
enable them by setting these options in globals.yml
:
- enable_neutron_vpnaas: "yes"
- enable_neutron_fwaas: "yes"
If you want to set VMware VMDK datastore as cinder backend, enable it
in /etc/kolla/globals.yml
:
enable_cinder: "yes"
cinder_backend_vmwarevc_vmdk: "yes"
vmware_datastore_name: "TestDatastore"
If you want to set VMware First Class Disk (FCD) datastore as VMware
vStorage Object backend, enable it in
/etc/kolla/globals.yml
:
enable_cinder: "yes"
cinder_backend_vmware_vstorage_object: "yes"
vmware_datastore_name: "TestDatastore"
If you want to set VMware datastore as glance backend, enable it in
/etc/kolla/globals.yml
:
glance_backend_vmware: "yes"
vmware_vcenter_name: "TestDatacenter"
vmware_datastore_name: "TestDatastore"
VMware options are required in /etc/kolla/globals.yml
,
these options should be configured correctly according to your NSX-V
environment.
Options for nova-compute
and
ceilometer
:
vmware_vcenter_host_ip: "127.0.0.1"
vmware_vcenter_host_username: "admin"
vmware_vcenter_cluster_name: "cluster-1"
vmware_vcenter_insecure: "True"
vmware_vcenter_datastore_regex: ".*"
Note
The VMware vCenter password has to be set in
/etc/kolla/passwords.yml
.
vmware_vcenter_host_password: "admin"
Options for Neutron NSX-V support:
vmware_nsxv_user: "nsx_manager_user"
vmware_nsxv_manager_uri: "https://127.0.0.1"
vmware_nsxv_cluster_moid: "TestCluster"
vmware_nsxv_datacenter_moid: "TestDataCeter"
vmware_nsxv_resource_pool_id: "TestRSGroup"
vmware_nsxv_datastore_id: "TestDataStore"
vmware_nsxv_external_network: "TestDVSPort-Ext"
vmware_nsxv_vdn_scope_id: "TestVDNScope"
vmware_nsxv_dvs_id: "TestDVS"
vmware_nsxv_backup_edge_pool: "service:compact:1:2"
vmware_nsxv_spoofguard_enabled: "false"
vmware_nsxv_metadata_initializer: "false"
vmware_nsxv_edge_ha: "false"
Note
If you want to set secure connections to VMware, set
vmware_vcenter_insecure
to false. Secure connections to
vCenter requires a CA file, copy the vCenter CA file to
/etc/kolla/config/vmware_ca
.
Note
The VMware NSX-V password has to be set in
/etc/kolla/passwords.yml
.
vmware_nsxv_password: "nsx_manager_password"
Then you should start kolla-ansible
deployment normally as KVM/QEMU
deployment.
VMware NSX-DVS
Preparation
Before deployment, you should have a working VMware vSphere environment. Create a cluster and a vSphere Distributed Switch with all the host in the cluster attached to it.
For more information, please see Setting Up Networking with vSphere Distributed Switches.
Deployment
Enable VMware nova-compute plugin and NSX-V neutron-server plugin in
/etc/kolla/globals.yml
:
nova_compute_virt_type: "vmware"
neutron_plugin_agent: "vmware_dvs"
If you want to set VMware VMDK datastore as cinder backend, enable it
in /etc/kolla/globals.yml
:
enable_cinder: "yes"
cinder_backend_vmwarevc_vmdk: "yes"
vmware_datastore_name: "TestDatastore"
If you want to set VMware First Class Disk (FCD) datastore as VMware
vStorage Object backend, enable it in
/etc/kolla/globals.yml
:
enable_cinder: "yes"
cinder_backend_vmware_vstorage_object: "yes"
vmware_datastore_name: "TestDatastore"
If you want to set VMware datastore as Glance backend, enable it in
/etc/kolla/globals.yml
:
glance_backend_vmware: "yes"
vmware_vcenter_name: "TestDatacenter"
vmware_datastore_name: "TestDatastore"
VMware options are required in /etc/kolla/globals.yml
,
these options should be configured correctly according to the vSphere
environment you installed before. All option for nova, cinder, glance
are the same as VMware-NSX, except the following options.
Options for Neutron NSX-DVS support:
vmware_dvs_host_ip: "192.168.1.1"
vmware_dvs_host_port: "443"
vmware_dvs_host_username: "admin"
vmware_dvs_dvs_name: "VDS-1"
vmware_dvs_dhcp_override_mac: ""
Note
The VMware NSX-DVS password has to be set in
/etc/kolla/passwords.yml
.
vmware_dvs_host_password: "password"
Then you should start kolla-ansible
deployment normally as KVM/QEMU
deployment.
For more information on OpenStack vSphere, see VMware vSphere
<admin/configuration/hypervisor-vmware.html>
, VMware-NSX
package.