Installing a NorthStar Cluster Using a HEAT Template
This topic describes installing a NorthStar cluster in an OpenStack environment using a HEAT template. These instructions assume that you are using one of the provided HEAT templates.
System Requirements
In addition to the system requirements for installing the NorthStar Controller in a two-VM environment, a cluster installation also requires that:
An individual compute node is hosting only one NorthStar Controller VM and one JunosVM. You can ensure this by launching the NorthStar Controller VM into a specific availability zone and compute node, or by using a host affinity such as OS::Nova::ServerGroup with an anti-affinity rule.
The cluster has a single virtual IP address for the client facing connection. If promiscuous mode is disabled in OpenStack (blocking the virtual IP address), you can use the Neutron::Port allowed-address-pair attribute to permit the additional address.
Launch the Stack
Create a stack from the HEAT template file using the heat stack-create command.
# heat stack-create stack-name -f heat-template-name --parameters customer_name=instance-name;app_image=centos6-image-name;junosvm_image= junosvm-image-name;public_network=public-network-uuid;key_name= keypair-name;app_flavor=app-vm-flavor;junosvm_flavor=junosvm-flavor
Obtain the Stack Attributes
Ensure that the stack creation is complete by examining the output of the heat stack-show command.
# heat stack-show stack-name | grep stack_status
Obtain the UUID of the NorthStar Controller VM and the JunosVM instances for each node in the cluster by executing the resource-list command.
# heat resource-list stack-name | grep ::Server
Using the UUIDs obtained from the resource-list command output, obtain the associated IP addresses by executing the interface-list command for each UUID.
# nova interface-list uuid
Verify that each compute node in the cluster has only one NorthStar Controller VM and only one JunosVM by executing the following command for each UUID:
# nova show uuid | grep hypervisor
Configure the Virtual IP Address
Find the UUID of the virtual IP port that is defined in the HEAT template by examining the output of the heat resource-list command.
# heat resource-list stack-name | grep vip_port
Find the assigned virtual IP address for that UUID by examining the output of the neutron port-show command.
# neutron port-show vip-port-uuid
Find the UUID of each public-facing NorthStar Controller port by examining the output of the neutron port-list command.
# neutron port-list | grep stack-name-app_port_eth0
For example:
# neutron port-list | grep northstarHAexample-app_port_eth0
Update each public-facing NorthStar Controller port to accept the virtual IP address by executing the neutron port-update command for each port.
# neutron port-update vip-port-uuid --allowed_address_pairs list=true type=dict ip_address=vip-ip
For example:
# neutron port-update a15578e2-b9fb-405c-b4c4-1792f5207003 --allowed_address_pairs list=true type=dict ip_address=172.25.158.139
Wait until each NorthStar Controller VM finishes its booting process, at which time, you should be able to ping its public IP address. You can also use the nova console-log command to monitor the booting status of the NorthStar Controller VM.
Resize the Image
The CentOS 6 official cloud image does not resize correctly for the selected OpenStack flavor. This results in the NorthStar Controller VM filesystem size being set at 8G instead of the size that is actually specified by the flavor. Using the following procedure, you can adjust your filesystem to be in sync with the allocated disk size. Alternatively, you can hold off on the resizing procedure until after you complete the NorthStar RPM bundle installation. There is a resize-vm script inside /opt/northstar/utils/.
The fdisk command can have undesirable effects if used inappropriately. We recommend that you consult with your system administrator before proceeding with this workaround, especially if you are unfamiliar with the fdisk command.
Use the following procedure for each NorthStar Controller VM. Replace XX in the commands with the number of the VM (01, 02, 03, and so on).
Determine whether the size of the VM is correct. If it is correct, you do not need to proceed with the resizing.
# ssh centos@App_XX_Public_IPv4 Warning: Permanently added '172.25.158.161' (RSA) to the list of known hosts. [centos@app_instance_XX ~]$ df -h Filesystem Size Used Avail Use% Mounted on /dev/vda1 7.8G 646M 6.8G 9% / tmpfs 1.9G 0 1.9G 0% /dev/shm
Use the fdisk command to recreate the partition.
# ssh centos@App_XX_Public_IPv4 Warning: Permanently added '172.25.158.161' (RSA) to the list of known hosts. [user@demo-northstar-app centos]# fdisk /dev/vda WARNING: DOS-compatible mode is deprecated. It's strongly recommended to switch off the mode (command 'c') and change display units to sectors (command 'u'). Command (m for help): c DOS Compatibility flag is not set Command (m for help): u Changing display/entry units to sectors Command (m for help): p Disk /dev/vda: 85.9 GB, 85899345920 bytes 255 heads, 63 sectors/track, 10443 cylinders, total 167772160 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00050c05 Device Boot Start End Blocks Id System /dev/vda1 * 2048 16777215 8387584 83 Linux Command (m for help): d Selected partition 1 Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First sector (2048-167772159, default 2048): Using default value 2048 Last sector, +sectors or +size{K,M,G} (2048-167772159, default 167772159): Using default value 167772159 Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. WARNING: Re-reading the partition table failed with error 16: Device or resource busy. The kernel still uses the old table. The new table will be used at the next reboot or after you run partprobe(8) or kpartx(8) Syncing disks. [user@demo-northstar-app centos]#
Reboot the VM to apply the partition changes.
[user@app_instance_XX centos]# reboot Broadcast message from centos@app_instance_XX (/dev/pts/0) at 14:54 ... The system is going down for reboot NOW!
Wait until the NorthStar Controller VM has returned to an up state.
Reconnect to the VM using SSH.
Check the partition size again to verify that the partition was resized.
If the partition size is still incorrect, use the resize2fs command to adjust the filesystem.
# resize2fs /dev/vda1
Install the NorthStar Controller RPM Bundle
Install the NorthStar Controller RPM bundle for an OpenStack environment. The procedure uses the rpm and install-vm.sh commands.
Configure the JunosVM
For security reasons, the JunosVM does not come with a default configuration. Use the following procedure to manually configure the JunosVM using the OpenStack novnc client.
Obtain the novnc client URL.
# nova get-vnc-console JunosVM-ID novnc
Configure the JunosVM as you would in a fresh install of the Junos OS.
Copy the root user of the NorthStar Controller VM SSH public key to the JunosVM. This allows configuration from the NorthStar Controller VM to the JunosVM using an ssh-key based connection.
On the NorthStar Controller VM, run the net_setup.py script, and select option B to complete the configuration of the JunosVM. Once complete, you should be able to remotely ping the JunosVM IP address.
Configure SSH Key Exchange
Use the following procedure to configure SSH key exchange between the NorthStar Controller VM and the JunosVM. For High Availability (HA) in a cluster, this must be done for every pair of VMs.
Log in to the NorthStar Controller server and display the contents of the id_rsa.pub file by executing the concatenate command.
$cat /opt/pcs/.ssh/id_rsa.pub
You will need the ssh-rsa string from the output.
Log in to the JunosVM and replace the ssh-rsa string with the one from the id_rsa.pub file by executing the following commands.
ssh northstar@JunosVM-ip configure set system login user northstar authenication ssh-rsa replacement-string commit exit
On the NorthStar Controller server, update the known hosts file by executing the following commands.
$su - pcs $ssh -o UserKnownHostsFile=/opt/pcs/.ssh/known_hosts -i /opt/pcs/.ssh/id_rsa northstar@JunosVM-ip exit exit
Configure the HA Cluster
HA on the NorthStar Controller is an active/standby solution. That means that there is only one active node at a time, with all other nodes in the cluster serving as standby nodes. All of the nodes in a cluster must be on the same local subnet for HA to function. On the active node, all processes are running. On the standby nodes, those processes required to maintain connectivity are running, but NorthStar processes are in a stopped state.
If the active node experiences a hardware- or software-related connectivity failure, the NorthStar HA_agent process elects a new active node from amongst the standby nodes. Complete failover is achieved within five minutes. One of the factors in the selection of the new active node is the user-configured priorities of the candidate nodes.
All processes are started on the new active node, and the node acquires the virtual IP address that is required for the client-facing interface. This address is always associated with the active node, even if failover causes the active node to change.
See the NorthStar Controller User Guide for further information on configuring and using the HA feature.