Professional Documents
Culture Documents
ICMO Hybrid Cloud Next 4 2 021115
ICMO Hybrid Cloud Next 4 2 021115
ii
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
Contents
Overview of IBM Cloud Manager with
OpenStack version 4.2 "Next" . . . . . 1
IBM Cloud Manager - Deployer . . . . . .
Planning for IBM Cloud Manager - Deployer
Installing IBM Cloud Manager - Deployer .
Uninstalling IBM Cloud Manager - Deployer
IBM Cloud Manager - Deployer service
commands . . . . . . . . . . . .
Using IBM Cloud Manager - Deployer. . .
Hybrid cloud . . . . . . . . . . . .
Planning for a hybrid environment . . . .
.
.
.
.
.
.
.
.
1
2
2
3
.
.
.
.
.
.
.
.
3
3
4
5
iii
iv
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
After you deploy the cloud, you can use IBM Cloud Manager - Deployer for the
following tasks:
v Check status on deployed clouds.
v Monitor progress of clouds that are being deployed.
v Grow and shrink the cloud by adding and removing compute nodes.
Procedure
1. Download the IBM Cloud Manager - Deployer beta package from IBM Cloud
Manager with OpenStack.
2. Extract the contents of the IBM Cloud Manager - Deployer beta package.
tar -zxvf icm-4.2.beta-deployment-manager-ui.tar.gz
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
What to do next
When the installation completes, you are ready to start to use IBM Cloud Manager
- Deployer to deploy your cloud. For more information, see Using IBM Cloud
Manager - Deployer.
Procedure
1. Stop the IBM Cloud Manager - Deployer service.
service icm-deployer stop
Description
Overview
Procedure
1. Use a browser to connect to IBM Cloud Manager - Deployer available at
https://fqdn.com:8443/, where fqdn.com is the fully qualified domain name of
the deployment system. IBM Cloud Manager - Deployer is displayed.
2. To deploy a cloud, click Create New Cloud. IBM Cloud Manager - Deployer
guides you through the deployment process.
Results
After you deploy your cloud, you can use IBM Cloud Manager - Deployer for the
following tasks:
v Check status on deployed clouds.
v Monitor progress of clouds that are being deployed.
v Grow and shrink the cloud by adding and removing compute nodes.
Hybrid cloud
One of the new features in IBM Cloud Manager with OpenStack version 4.2 "Next"
is the ability to create a hybrid cloud with IBM Cloud OpenStack Services. The
hybrid cloud consists of an off-premises region that is created by IBM Cloud
OpenStack Services at your request, and an on-premises region that you create.
Optionally use the new IBM Cloud Manager - Deployer user interface to deploy
your on-premises cloud.
To deploy a hybrid cloud, you need to first contact Eric Schultz (email address:
schultzy@us.ibm.com) at IBM Cloud OpenStack Services. In this environment, IBM
Cloud Manager with OpenStack runs in your on-premises data center and is
integrated with your IBM Cloud OpenStack Services cloud. These two regions
share a common Keystone that runs in IBM Cloud OpenStack Services.
After your hybrid cloud is configured, you can manage and deploy virtual
machine instances to both regions by using your on-premises dashboard. Virtual
machine instances that are created in the on-premises and off-premises regions can
communicate with each other. Since Keystone is shared, you need to manage only
one set of users for both regions.
This image shows the hybrid environment. Only x86 Linux Kernel-based Virtual
Machine (KVM) or QEMU machines are supported for this beta. You need to have
a minimum of three x86 RHEL 6.5 machines. One machine is the deployment
server where IBM Cloud Manager with OpenStack 4.2 is installed. One machine is
used as the OpenStack controller and the other machine is used as a compute node
where your virtual machine instances run. You can have up to 20 compute nodes.
For more information about the minimum hardware requirements, see Planning for
IBM Cloud Manager with OpenStack.
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
Off-Premises
(IBM Cloud OpenStack Services)
On-Premises
Deployment Server
IBM Cloud Manager
with OpenStack 4.2
(Chef, deployment CLI,
and cookbooks)
Deployment UI
Compute
IBM Cloud
OpenStack Services
Virtual Machine
Compute
IBM Cloud Manager
with OpenStack
Virtual Machine
Internet
Customer Gateway
On-Premises Gateway
*In addition to the services shown in the diagram, the controller also runs the other OpenStack services for the
region, such as Nova, Neutron, image (Glance), block storage (Cinder), Ceilometer, and orchestration (Heat)
liaca514-00
Overview
environment.
Participate in Hybrid Beta
Contact IBM Cloud
OpenStack Services to
begin hybrid onboarding
Eric Schultz at
schultzy@us.ibm.com
liaca515-01
___ 1.
___ 2.
___ 3.
___ 4.
___ 5.
___ 6.
(Optional) Installing and configuring IBM UrbanCode Deploy and IBM UrbanCode Deploy with
Patterns on page 15
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
Overview
v Keystone is the only shared service. No other service is shared, including Glance
and Heat.
v The self-service portal is not supported.
v Neutron VPNaaS is not supported to connect on-premises virtual machine
networks to the IBM Cloud OpenStack Services virtual machine network.
v The dashboard that runs on the IBM Cloud OpenStack Services region cannot be
used to manage the on-premises IBM Cloud Manager with OpenStack 4.2
region.
v Due to limitations of the Keystone client support of the Keystone v3 API,
Keystone CLI commands do not work. You can work around this issue by using
the OpenStack command, for example:
OS_AUTH_URL=https://192.168.101.10:5000/v3 openstack --os-identity-api-version
3 user list
For more information about the OpenStack CLI, see OpenStack Command-Line
Interface Reference.
v Only a single domain, Default, is supported by IBM Cloud OpenStack Services.
The admin-on-prem user does not have access to view or modify domains.
v Only an IBM Cloud OpenStack Services admin can create security groups for
RegionOne. Only the default security group is supported.
v The on-premises region runs http and Cloud Management Dashboard runs
https, so when you access the console of an instance you must click Click here
to show only console and use full screen mode. Most browser settings do not
allow a mix of http and https content on the same page.
v When you use the Cloud Management Dashboard, all users with the
on_prem_admin role have the permissions to use the ADMIN tab to perform
administrative functions for the on-premises region. Users with this role do not
have permission to access the admin functions for the IBM Cloud OpenStack
Services region. If you are in an ADMIN pane and switch to the IBM Cloud
OpenStack Services region, you are logged out and the following message is
displayed:
You do not have permission to access the resource:
/admin/volumes/
Login as different user or go back to home page
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
Downloading IBM Cloud Manager with OpenStack, version 4.2. See IBM Cloud Manager with
OpenStack on developerWorks Service Management Connect.
___ 2.
___ 3.
___ 4.
___ 5.
Applying IBM Cloud Manager with OpenStack 4.2 fix pack 4.2.0.1. See IBM Support Portal.
___ 6.
the onboarding process to ensure that the IBM Cloud OpenStack Services IP
addresses do not overlap with IP addresses in your environment. For more
information about IBM Cloud OpenStack Services and the IBM Cloud OpenStack
Services onboarding process, see Contacting IBM Cloud OpenStack Services to set
up a hybrid environment on page 8.
Important: The VPN connection requires a public internet connection to your
environment. Your company might have policies in place that require specialized
configuration and network isolation. It is your responsibility to ensure that you are
in compliance with the internet and security policies that are required by your
company.
Before you begin, you must obtain the following information from IBM Cloud
OpenStack Services:
v The public IP address of the IBM Cloud OpenStack Services gateway.
v The virtual tunnel address of the IBM Cloud OpenStack Services gateway
(typically 172.19.0.2/30).
v The preshared secret.
v The IP address of the IBM Cloud OpenStack Services OpenStack environment
proxy (typically, 192.168.101.10).
Procedure
1. Establish the site-to-site VPN connection.
a. Create the virtual tunnel interface (VTI) by using the virtual tunnel address
from IBM Cloud OpenStack Services.
b. Create the IPSec VPN configuration if it is not configured already.
1) Create and configure the Internet Key Exchange (IKE) and
Encapsulating Security Payload (ESP). Typical values include aes256
encryption and sha1 hash.
2) Add the IPSec to your public IP interface.
3) Create and configure the IPSec NAT allowed networks. Set the NAT
allowed networks to 0.0.0.0/0.
c. Create and configure the VPN peer. Use the public IP address of the IBM
Cloud OpenStack Services customer gateway and the preshared secret that
you obtained from IBM Cloud OpenStack Services. Bind the peer to the VTI
interface that you created and configured in Step 1a.
d. Verify that the tunnel is established. If you have problems, contact IBM
Cloud OpenStack Services Support.
e. Create a route to the IBM Cloud OpenStack Services OpenStack
environment through the virtual tunnel interface router. Typically, the
OpenStack environment is 192.168.101.10 and the next hop address is
172.19.01.1.
f. Verify that you can communicate with the IBM Cloud OpenStack Services
OpenStack environment. You must use cURL to test the connection because
the ping utility is disabled on the IBM Cloud OpenStack Services OpenStack
environment.
curl --insecure https://192.168.101.10
10
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
b. For machines that need access to the virtual machine instances, access the
IBM Cloud OpenStack Services virtual machines:
ip route add 192.168.100.0/24 via 10.91.38.225
c. Test the connections from the machine where the route was added:
curl --insecure https://192.168.101.10
ping ICOS virtual machine instance
In another window, run the command that is having problems. If you see the
packets on the virtual tunnel interface but no responses, then you know that the
problem in on the IBM Cloud OpenStack Services side. If there are no incoming
packets on the virtual tunnel interface, then you know that you have a problem
with your configuration.
If you have high traffic on your virtual tunnel interface, try looking at the traffic
that is destined to or leaving from a certain IP address, for example:
sudo tcpdump -i vti0 src or dst 192.168.100.6
Overview
11
Procedure
1. Create a directory to store the files for the topology that you deploy. Change
your-deployment-name to the name for your deployment. The same directory is
used when you deploy the on-premises region.
$ mkdir your-deployment-name
$ chmod 600 your-deployment-name
$ cd your-deployment-name
12
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
Procedure
1. Log in to the deployment system as the root user. This is the system where IBM
Cloud Manager with OpenStack was installed.
2. Navigate to the directory that you created to store the files for the topology
that you deploy. This directory contains your your-hybrid-passwordsfile.json file.
3. Copy the example-icos-hybrid-controller-n-compute-kvm-cloud.yml cloud file
as the base structure for your cloud deployment and rename it for your cloud
environment.
Note: This step assumes the default IBM Cloud Manager with OpenStack
installation path on the deployment server (/opt/ibm/cmwo).
Overview
13
$ cp /opt/ibm/cmwo/cli/config/ example-icos-hybrid-controller-n-compute-kvm-cloud.yml
your-icos-hybrid-cloud.yml
Note: This command generates a topology file and other related files for your
deployment and stores them in the same directory as your cloud file,
your-icos-hybrid-cloud.yml. The cloud file is no longer needed after the
deployment completes and can be removed. The generated files are only used
if you must update your cloud.
$ rm your-icos-hybrid-cloud.yml
Results
After the deployment is complete, the IBM Cloud Manager with OpenStack
services are ready to use. The IBM Cloud Manager with OpenStack dashboard is
available at https://node.fqdn.com/, where node.fqdn.com is the fully qualified
domain name of the node. You can log in using the admin-on-prem user with the
password that you customized.
After you deploy the on-premises region, you need to configure the region for
functions such as networking and security. For information about post-deployment
tasks, see Managing IBM Cloud Manager with OpenStack as an Administrator.
If you want to deploy the same image in both regions, you must create the image
in both regions by using the glance command-line interface or the dashboard. For
more information, see Copying OpenStack Glance images.
Consider using IBM UrbanCode Deploy with Patterns to bring DevOps to your
hybrid cloud environment. For more information, see Installing and configuring
IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns on page 15.
14
Getting started with IBM Cloud Manager with OpenStack 4.2 "Next"
Download and install IBM UrbanCode Deploy 6.1.1.0. See Installing the server in interactive mode.
___ 2.
On the IBM UrbanCode Deploy server, create a token for connecting to the IBM UrbanCode Deploy
with Patterns server. See Tokens.
___ 3.
Download IBM UrbanCode Deploy with Patterns 6.1.1.0. To obtain the media, go to Fix Central.
___ 4.
Install an IBM UrbanCode Deploy with Patterns engine. See Installing engines in interactive mode.
___ 5.
Install the IBM UrbanCode Deploy with Patterns design server, providing the token that you created
on the IBM UrbanCode Deploy server. See Installing the design server in interactive mode.
Next, you can configure access to the cloud by using the Cloud tab under System
Settings. For details, see Connecting to OpenStack clouds.
Then, get started with creating your own blueprints for your cloud. For details, see
Modeling blueprints for OpenStack.
For more information about IBM UrbanCode Deploy with Patterns, see IBM
UrbanCode Deploy with Patterns welcome page and the IBM UrbanCode
developer center.
For technical support for IBM UrbanCode Deploy or IBM UrbanCode Deploy with
Patterns 6.1.1.0., contact IBM Cloud OpenStack Services Support.
Overview
15