From 71c187549b0788ef85b8e80b35bc8c3e145e3efc Mon Sep 17 00:00:00 2001 From: Gor Poghosyan Date: Thu, 30 Jan 2025 16:35:51 -0800 Subject: [PATCH 1/5] wip --- tutorials/netris-cloudstack_p1.rst | 62 +++++++++++++++--------------- tutorials/netris-cloudstack_p2.rst | 32 +++++++++++---- 2 files changed, 56 insertions(+), 38 deletions(-) diff --git a/tutorials/netris-cloudstack_p1.rst b/tutorials/netris-cloudstack_p1.rst index 683c188bf..bf99b63b4 100644 --- a/tutorials/netris-cloudstack_p1.rst +++ b/tutorials/netris-cloudstack_p1.rst @@ -48,51 +48,53 @@ Use Cases Compute and Network Architecture ================================ -The current infrastructure for Netris-CloudStack integration is designed to support scalable and dynamic networking for cloud workloads. Below is a breakdown of the key components and their roles: +The current infrastructure for Netris-CloudStack integration is designed to support **scalable and dynamic** networking for cloud workloads. This section outlines the key infrastructure components and their roles. Diagram Overview ---------------- -The diagram illustrates the interconnected infrastructure, consisting of: +The diagram represents the interconnected infrastructure, consisting of: -1. Leaf and Spine Switches: +1. **Leaf and Spine Switches**: - * These form the core networking layer, enabling high-speed and fault-tolerant connections. - * Spine switches (Spine 1 and Spine 2) aggregate traffic and connect to the leaf switches. - * Leaf switches (Leaf 1 and Leaf 2) connect directly to the compute nodes and softgates, ensuring efficient traffic distribution and handling VXLAN traffic. + - These switches form the **core networking fabric**, ensuring **high-speed, redundant, and fault-tolerant connectivity**. + - **Spine switches** (Spine 1 and Spine 2) aggregate traffic and connect to **leaf switches**. + - **Leaf switches** (Leaf 1 and Leaf 2) connect directly to **compute nodes and softgates**, handling **VXLAN encapsulation**. -2. Softgates: +2. **Softgates**: - * Softgates play a critical role in integrating physical and virtual network environments. They are responsible for: - - * NAT Function: Enabling secure communication between private and external networks. - * Elastic Load Balancer: Distributing traffic across multiple resources for high availability and scalability. - * Network Access Control: Enforcing access policies for secure communication. - - * Additionally, they bridge VXLAN and traditional networks and support BGP/EVPN-based signaling for dynamic routing. + - Softgates play a critical role in integrating physical and virtual network environments. They are responsible for: -3. Servers: + - **NAT Functionality**: Facilitates secure communication between **private and external networks**. + - **Elastic Load Balancer**: Distributes inbound traffic to multiple backend instances. + - **Network Access Control**: Enforces security policies at the edge. - * Server 1: Designated as the CloudStack Management Node, responsible for orchestrating the environment. - * Server 2, Server 3, and Server 4: These are KVM hypervisors managed by CloudStack, functioning as VTEPs for VXLAN tunnels. + - Additionally, Softgates bridge **VXLAN and traditional networking** and support **BGP/EVPN for dynamic routing**. -4. OOB (Out-of-Band) Switch: +3. **Servers**: - * An Out-of-Band (OOB) switch connects all servers for administrative purposes. - * This switch allows administrators to: - * Access servers during emergencies. - * Install software packages and perform updates. - * Troubleshoot and manage servers independently of the main network. + - **Server 1**: -5. Internet eBGP: + - Designated as the **CloudStack Management Node**, responsible for orchestrating the environment. + - **Server 2, Server 3, and Server 4**: - * Leaf switches are connected to external networks via eBGP, ensuring reachability for public and private traffic. + - These **KVM hypervisors** are managed by **CloudStack** and function as **VXLAN Tunnel Endpoints (VTEPs)**. + +4. **OOB (Out-of-Band) Switch (If Present)**: + + - If available, an **OOB switch** provides an independent **management network** for accessing servers. + - Allows administrators to: + + - Perform **software installations and updates**. + - Troubleshoot and manage servers independently of the main network. Network Flow ------------ -#. Traffic flows between hypervisors (VTEPs) over VXLAN tunnels. These tunnels are dynamically configured using BGP/EVPN signaling. -#. Softgates handle routing between overlay and underlay networks, ensuring seamless communication for workloads. -#. The CloudStack Controller communicates with the Netris Controller API to coordinate network configurations. -#. Leaf and spine switches provide a robust and scalable fabric to support high availability and performance. -#. The OOB switch provides an independent path for server management, ensuring operational reliability. + +1. **Hypervisor traffic** traverses **VXLAN tunnels**, dynamically configured via **BGP/EVPN**. +2. **Softgates handle routing** between overlay and underlay networks, ensuring seamless workload communication. +3. **CloudStack Controller** communicates with **Netris Controller API** to synchronize network configurations. +4. **Leaf and Spine switches** ensure a **highly available and scalable** fabric for compute workloads. +5. If an **OOB switch is available**, it provides **direct administrative access** to all servers. +6. **Softgates establish BGP sessions** for external connectivity, ensuring **public and private traffic reachability**. diff --git a/tutorials/netris-cloudstack_p2.rst b/tutorials/netris-cloudstack_p2.rst index fd95a32db..47be394f0 100644 --- a/tutorials/netris-cloudstack_p2.rst +++ b/tutorials/netris-cloudstack_p2.rst @@ -42,11 +42,14 @@ Allocations represent IP ranges assigned to an organization, such as private IP Create Subnets -^^^^^^^^^^^^^^ +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Subnets are **prefixes** that fall under **allocations** and serve specific purposes. In this step, we define **loopback and management subnets** within the Netris allocation. -Subnets are prefixes that fall under allocations and are used for specific purposes. Let’s create two subnets within the allocation for management and loopback purposes. +Loopback Subnet +"""""""""""""""""""""""""""""" -1. Loopback Subnet: +The **loopback subnet** is used for assigning **unique IPs** to each device (e.g., hypervisors, softgates) for **BGP peering and internal communication**. * **Prefix**: 10.0.0.0/16. * **Name**: “Loopback IP Subnet”. @@ -56,7 +59,10 @@ Subnets are prefixes that fall under allocations and are used for specific purpo * **Purpose**: Choose Loopback. * **Sites**: Associate with your Netris site. -2. Management Subnet: +Management Subnet (Optional) +"""""""""""""""""""""""""""""""""" + +The **management subnet** provides connectivity for **server administration**. * **Prefix**: 10.10.0.0/16. * **Name**: “OOB Management Subnet”. @@ -64,15 +70,25 @@ Subnets are prefixes that fall under allocations and are used for specific purpo * **Tenant**: Assign to “Admin”. * **Type**: Select Subnet. * **Purpose**: Choose Management. - * **Default Gateway**: Set to 10.10.0.1. + * **Default Gateway**: 10.10.0.1. * **Sites**: Associate with your Netris site. -3. Click **Add** after filling in the fields for each subnet. +.. note:: + + If your infrastructure does **not** have a dedicated **management network**, you can **skip this step**. + + +**Adding Subnets in Netris** + + +1. Navigate to **Network → IPAM → +Add**. +2. Fill in the fields for each subnet as per the configurations above. +3. Click **Add** to save. Refer to the screenshots for guidance: - * Loopback Subnet: - * Management Subnet: +- **Loopback Subnet Configuration** +- **Management Subnet Configuration** (if applicable) Inventory Setup From a3f84bd5601c38de125b2dd0eda7ad39740a9efd Mon Sep 17 00:00:00 2001 From: Gor Poghosyan Date: Thu, 30 Jan 2025 17:54:00 -0800 Subject: [PATCH 2/5] WIP --- tutorials/netris-cloudstack_p2.rst | 266 ++++++++++++++++++----------- 1 file changed, 165 insertions(+), 101 deletions(-) diff --git a/tutorials/netris-cloudstack_p2.rst b/tutorials/netris-cloudstack_p2.rst index 47be394f0..9b4cb27fe 100644 --- a/tutorials/netris-cloudstack_p2.rst +++ b/tutorials/netris-cloudstack_p2.rst @@ -94,81 +94,88 @@ Refer to the screenshots for guidance: Inventory Setup --------------- -The Inventory Setup in Netris allows you to add and manage devices such as switches, SoftGates, and servers. +The **Inventory Setup** in Netris allows you to **add and manage** devices such as **switches, SoftGates, and servers**. Adding Servers ^^^^^^^^^^^^^^ -In this step, we’ll configure the servers for the **Netris inventory**. The first server **(Server 1)** will be configured differently from the remaining three servers **(Server 2, 3, and 4)**, which act as CloudStack KVM hypervisors. - +In this step, we’ll configure the servers for the **Netris inventory**. The first server (**Server 1**) will be configured differently from the remaining three servers (**Server 2, 3, and 4**), which act as **CloudStack KVM hypervisors**. +Step 1: Navigate to Topology +"""""""""""""""""""""""""""""""""""""""""" 1. Go to: **Network** → **Topology** → **+Add**. **Prerequisites**: + + - **Loopback subnet** must be defined in **Netris IPAM**. + - **Management subnet** must be defined in **Netris IPAM** (*Skip if not applicable*). + +Step 2: Add Servers +"""""""""""""""""""""""""""""""""""""""""" + +**Server 1 (CloudStack Management Node)**: + + - **Name**: Server 1 + - **Tenant**: Assign to Admin. + - **Description**: Leave blank or add relevant details. + - **Type**: Select Server. + - **Site**: Assign to your site. + - **AS Number**: Assign automatically or provide a unique ASN. + - **Main IP Address**: Select `Disabled` (as no Main IP is needed). + - **Management IP Address**: + + - Assign an IP from the **Management** Subnet (e.g., 10.10.10.1) if OOB is **available**. + - Select `Disabled` if **no management network** is present. + + - **Role**: Generic. + - **Port Count**: Set to `4`. + - **Tags**: + + - `iface.eth1=CS-Cloud1-MGMT` + - `iface.eth2=CS-Cloud1-MGMT` - * **Loopback subnet** must be defined in **Netris IPAM**. - * **Management subnet** must be defined in **Netris IPAM**. +Click **Add** to save the configuration for **Server 1**. -2. Add Servers +.. note:: -* **Server 1 (CloudStack Management Node)**: - - * **Name**: Server 1 - * **Tenant**: Assign to Admin. - * **Description**: Leave blank or add relevant details. - * **Type**: Select Server. - * **Site**: Assign to your site. - * **AS Number**: Assign automatically or provide a unique ASN. - * **Main IP Address**: Select Disabled (as no Main IP is needed). - * **Management IP Address**: Assign 10.10.10.1 (from the Management Subnet). - * **Role**: Generic. - * **Port Count**: Set to 4. - * **Tags**: - - * iface.eth1=CS-Cloud1-MGMT - * iface.eth2=CS-Cloud1-MGMT + **Why isn’t underlay enabled for Server 1?** + Server 1 does **not** run the `netris-cloudstack-agent`, and its traffic will be **encapsulated in VLAN** instead of VXLAN. -Click **Add** to save the configuration for **Server 1**. +**Server 2, 3, and 4 (CloudStack KVM Hypervisors)**: -📌 **Why isn’t underlay enabled for Server 1?** + - **Name**: + + - `Server 2` for the first hypervisor. + - `Server 3` for the second hypervisor. + - `Server 4` for the third hypervisor. - Server 1 does not run the netris-cloudstack-agent, and its traffic will be encapsulated in **traditional VLAN** instead of **VXLAN**. + - **Tenant**: Assign to Admin. + - **Description**: Leave blank or add relevant details. + - **Type**: Select Server. + - **Site**: Assign to your site. + - **AS Number**: Assign automatically or provide a unique ASN. + - **Main IP Address**: Assign from the **Loopback Subnet**: + + - `10.0.8.2` for **Server 2**. + - `10.0.8.3` for **Server 3**. + - `10.0.8.4` for **Server 4**. -* **Server 2, 3, and 4 (CloudStack KVM Hypervisors)**: + - **Management IP Address**: + (*If OOB is present, set the IP. Otherwise, select `Disabled`.*) - * **Name**: - - * Server 2 for the first hypervisor. - * Server 3 for the second hypervisor. - * Server 4 for the third hypervisor. - - * **Tenant**: Assign to Admin. - * **Description**: Leave blank or add relevant details. - * **Type**: Select Server. - * **Site**: Assign to your site. - * **AS Number**: Assign automatically or provide a unique ASN. - - * **Main IP Address**: Assign from the **Loopback Subnet**: - - * 10.0.8.2 for **Server 2**. - * 10.0.8.3 for **Server 3**. - * 10.0.8.4 for **Server 4**. - - * **Management IP Address**: Assign from the **Management Subnet**: - - * 10.10.10.2 for **Server 2**. - * 10.10.10.3 for **Server 3**. - * 10.10.10.4 for **Server 4**. - - * **Role**: Hypervisor:CloudStack. - * **Port Count**: Set to 4. - * **Tags**: + - `10.10.10.2` for **Server 2**. + - `10.10.10.3` for **Server 3**. + - `10.10.10.4` for **Server 4**. - * iface.eth1=CS-Cloud1-Compute - * iface.eth2=CS-Cloud1-Compute - - * **Custom Field**: + - **Role**: `Hypervisor:CloudStack` + - **Port Count**: Set to 4. + - **Tags**: + + - `iface.eth1=CS-Cloud1-Compute` + - `iface.eth2=CS-Cloud1-Compute` + + - **Custom Field**: For each server, use the following JSON with the specific **ipv4** address: @@ -215,6 +222,14 @@ Click **Add** to save the configuration for **Server 1**. } + +For **each server**, click **Add** to save the configuration. + +.. note:: + + If you **don’t have a management network**, simply **select `Disabled`** in the **Management IP Address** field. + + Repeat the process for **Server 2**, **Server 3**, and **Server 4**, updating the Main and Management IP addresses and JSON as per the above configuration. @@ -224,10 +239,6 @@ Repeat the process for **Server 2**, **Server 3**, and **Server 4**, updating th * **JSON Configuration** serves as a **template** that the ``netris-cloudstack-agent`` will use to configure cloudbr0 on the hypervisor nodes. -3. Save the Configuration - - * For each server, click **Add** to save the configuration. - Terraform Example for Adding a Server """"""""""""""""""""""""""""""""""""" @@ -270,46 +281,67 @@ The following Terraform configuration example demonstrates how to **automate ser Creating Servers’ Links ^^^^^^^^^^^^^^^^^^^^^^^ -To fully establish the network topology, you need to create the links between leaf switches and servers as illustrated in the first diagram. This section explains how to create the links step-by-step. +To fully establish the network topology, you need to **create links** between the **leaf switches and servers** as illustrated in the **first diagram**. -**Navigate to the Device** +This section explains how to create the links **step-by-step** while considering **two scenarios**: + + - **If an OOB network exists**: Enable **Underlay** on all **hypervisor links**. + - **If no OOB network exists**: Leave **Underlay disabled** on hypervisors **initially**, then enable it after the **Netris-CloudStack Agent is installed**. -#. In the Topology view, right-click on one of the leaf switch that will be part of the link (e.g., Leaf-1). -#. Select Create Link from the context menu. +Step 1: Navigate to Topology +""""""""""""""""""""""""""""""""""" +1. In the **Topology view**, right-click on one of the **leaf switches** that will be part of the link (e.g., `Leaf-1`). +2. Select **Create Link** from the context menu. -**Configure the Link** +Step 2: Configure the Link +""""""""""""""""""""""""""""""""""" -1. **From Section:** +1. **From Section**: + + - **Device**: Automatically selected based on the device you right-clicked. + - **Port**: Choose the port on the selected device (e.g., `swp1` on `Leaf-1`). - * **Device**: Automatically selected based on the device you right-clicked. - * **Port**: Choose the port on the selected device (e.g., swp1 on Leaf-1). - 2. **To Section**: - * **Device**: Select the other device participating in the link (e.g., Leaf-1). - * **Port**: Choose the appropriate port on the second device (e.g., eth1 on Server 1). + - **Device**: Select the other device participating in the link (e.g., `Server 1`). + - **Port**: Choose the appropriate port on the second device (e.g., `eth1` on `Server 1`). 3. **Options**: - * **Underlay**: - * **Mark** the checkbox for all links **except the link involving Server 1**. + - **Underlay**: + + - If an **OOB network exists**, **mark** the checkbox for **all hypervisor links**. + - If **no OOB network exists**, **leave Underlay unchecked** on hypervisors for now. 4. Click **Add** to save the link. +Step 3: Repeat for All Server Interfaces +""""""""""""""""""""""""""""""""""""""""" -**Repeat for All other servers’ interfaces** +- Follow the same **link creation process** for all **server interfaces**. +- Ensure that **Underlay is unchecked** for **Server 1**. +.. note:: + + **Handling Deployments Without OOB** + If your infrastructure **does not have an OOB network**, you will initially **leave Underlay disabled on hypervisors**. + In the next steps, you will configure a **temporary VLAN-based VNet** to provide **temporary internet access** for installing the `netris-cloudstack-agent`. + Once the agent is installed, you will **return to these links** and **enable Underlay** for full integration. -**Notes**: - * For links involving **Server 1**, leave the **Underlay** checkbox **unmarked**. +Key Considerations +""""""""""""""""""""""""""""""""""" -Unlike CloudStack hypervisors, **Server 1 does not have the Netris-CloudStack Agent installed**. This means it does not need dynamic networking capabilities or VXLAN encapsulation. Instead, its traffic remains inside a **traditional VLAN**. Disabling **Underlay** for Server 1 ensures: +✔ **Server 1 Does Not Use Underlay** + Unlike CloudStack hypervisors, **Server 1 does not have the Netris-CloudStack Agent installed**. + This means it does **not require VXLAN encapsulation** and instead **operates on a VLAN-based connection**. - * CloudStack **management traffic remains isolated**. - * Management traffic **does not require VXLAN encapsulation**. - * It uses **a simpler VLAN-based connection** instead of participating in the Netris overlay network. +✔ **Dynamic Hypervisor Integration** + - **With OOB**: Hypervisors get **instant network provisioning** via `netris-cloudstack-agent`. + - **Without OOB**: Hypervisors initially operate on **VLAN-based temporary connectivity**, later transitioning to **Underlay-enabled VXLAN networking**. + +This **ensures flexibility**, whether an **OOB network exists or not**, while maintaining a **structured and seamless deployment process**. 🚀 Terraform Example for Creating Servers’ Links @@ -373,10 +405,19 @@ Once saved, this setting will **optimize BGP overlays** for hypervisor networkin Adding Subnets for CloudStack Cluster ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -In this step, we’ll configure multiple subnets within the **Netris IPAM** to support the **CloudStack deployment**. These subnets are categorized based on their purpose and usage within the infrastructure. We will create five **Common-purpose subnets** and one **NAT-purpose subnet** to fulfill the network requirements of CloudStack. +In this step, we’ll configure multiple subnets within the **Netris IPAM** to support the **CloudStack deployment**. +These subnets are categorized based on their purpose and usage within the infrastructure. + +We will create: + +- Five **Common-purpose subnets**. +- One **NAT-purpose subnet**. +- An **Optional OOB subnet** (for infrastructures without an existing OOB network). .. note:: - The subnet sizes provided in this section are **examples**. You should allocate subnet sizes based on your specific requirements and infrastructure constraints. + + The subnet sizes provided in this section are **examples**. + You should allocate subnet sizes based on your specific requirements and infrastructure constraints. Example IP Plan for CloudStack @@ -389,6 +430,7 @@ This section provides **example allocations** for a CloudStack deployment. You c :: 10.0.0.0/8 (Allocation) – Private IP range + ├── 10.55.0.0/21 (Subnet) - Temporary OOB Network (for non-OOB infrastructures) ├── 10.99.0.0/21 (Subnet) - CloudStack Management (Management Nodes) ├── 10.100.0.0/21 (Subnet) - CloudStack Management (Hypervisor Nodes) @@ -409,11 +451,35 @@ This section provides **example allocations** for a CloudStack deployment. You c ├── 198.51.100.0/25 (Subnet) - Netris services subnet for ACS +Optional: Defining a Temporary OOB Network +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + +.. note:: + **If your infrastructure does not have an OOB network**, you must define a **temporary OOB subnet** + to provide **internet access** for installing the `netris-cloudstack-agent` on hypervisors. + +- This subnet will later be used to **create a VNet**, which will act as a temporary OOB. +- It allows servers to **use traditional VLAN encapsulation** before transitioning to VXLAN. + +**Example Temporary OOB Subnet** + +:: + + - Prefix: 10.55.0.0/21 (Example) + - Name: Temporary OOB Subnet + - Purpose: Common + - VPC: Select vpc-1:Default + - Tenant: Assign to Admin + - Type: Subnet + - Sites: Select the relevant site. + +.. note:: + If your infrastructure already has an **OOB network**, **skip this step**. + Define Subnets for CloudStack Management -"""""""""""""""""""""""""""""""""""""""" +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" -**Step 1: Add the Subnet for CloudStack Management Nodes** :: @@ -425,7 +491,6 @@ Define Subnets for CloudStack Management - Type: Subnet - Sites: Select the relevant site. -**Step 2: Add the Subnet for CloudStack Hypervisor Nodes** :: @@ -439,9 +504,8 @@ Define Subnets for CloudStack Management Define Public Allocation -"""""""""""""""""""""""" +"""""""""""""""""""""""""""""" -**Step 3: Create a Public Allocation for CloudStack** :: @@ -454,7 +518,7 @@ Define Public Allocation Define CIDR for CloudStack System VMs -""""""""""""""""""""""""""""""""""""" +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" In this step, we define a dedicated **subnet** for CloudStack **System VMs**, which will be used as their primary network in the subsequent steps. On cloudstack side, this CIDR will be **exclusively** reserved for system VMs @@ -470,7 +534,8 @@ In this step, we define a dedicated **subnet** for CloudStack **System VMs**, wh Defining CIDR for Internal Use (Infrastructure NAT) -""""""""""""""""""""""""""""""""""""""""""""""""""" +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + This subnet is used for **internal NAT purposes**, such as: - Accessing CloudStack GUI using a public IP. @@ -490,7 +555,8 @@ This subnet is designed to handle infrastructure-level NAT requirements efficien Define CIDR for CloudStack Virtual Routers (VRs) -"""""""""""""""""""""""""""""""""""""""""""""""" +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + This step involves defining the CIDR for **CloudStack Virtual Routers (VRs)**, which will be used in the **ACS Virtual Routers V-Net**. Each **VPC’s VR** will pick an **IP address** from this pool. @@ -515,12 +581,12 @@ CloudStack’s VPN services require **publicly routable IPs** for VPN connectivi - Sites: Select the relevant site. -Defining CIDR for Netris Services -""""""""""""""""""""""""""""""""" +Public Allocation/Subnet for Netris Services +""""""""""""""""""""""""""""""""""""""" + This CIDR is used by **CloudStack** to manage NAT and Load Balancer services directly in **Netris**, bypassing the Virtual Routers (VRs). When a user creates a NAT rule or Load Balancer in CloudStack, the system selects a free IP from this range and creates that service in **Netris**. -**Step 4: Create a Public Allocation for Netris Services** :: @@ -531,7 +597,7 @@ This CIDR is used by **CloudStack** to manage NAT and Load Balancer services dir - Tenant: Assign to Admin - Type: Allocation -**Step 5: Define the Netris Services Subnet** +**Define the Netris Services Subnet** :: @@ -544,15 +610,13 @@ This CIDR is used by **CloudStack** to manage NAT and Load Balancer services dir - Sites: Select the relevant site. -Summary -""""""" +**Summary** +"""""""""""""" - Subnet sizes are **examples** and should be **adjusted based on your needs**. -- **Public vs. Private subnets**: Some services require public allocations, while others can operate on private ranges. -- **Netris handles NAT and Load Balancing**: CloudStack automatically provisions these services in Netris. -- **Infrastructure NAT ensures external connectivity** for ACS services like the GUI and outbound SNAT. +- **The temporary OOB subnet is only needed if there's no existing OOB network**. +- **Public vs. Private subnets**: Some services require public subnets, while others can operate on private ranges. -This completes the subnet setup for **CloudStack deployment in Netris**. Enabling Internet Connectivity for ACS Servers From f65f9432bd2505ad89e0f09cc77c9d0a21ef80b8 Mon Sep 17 00:00:00 2001 From: Gor Poghosyan Date: Thu, 30 Jan 2025 18:09:23 -0800 Subject: [PATCH 3/5] wip --- tutorials/netris-cloudstack_p2.rst | 31 ++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/tutorials/netris-cloudstack_p2.rst b/tutorials/netris-cloudstack_p2.rst index 9b4cb27fe..1a29aa0b6 100644 --- a/tutorials/netris-cloudstack_p2.rst +++ b/tutorials/netris-cloudstack_p2.rst @@ -625,7 +625,11 @@ Enabling Internet Connectivity for ACS Servers To provide **outbound connectivity** for both **CloudStack Management Nodes** and **Hypervisor Nodes**, we will configure **SNAT (Source NAT) rules** in the **Netris Controller**. These rules utilize the previously defined **203.0.113.32/27 NAT pool** to enable access to external networks. .. note:: - This configuration ensures that ACS servers can reach external resources while maintaining internal network security. + + - This configuration ensures that ACS servers can reach external resources while maintaining internal network security. + - If your infrastructure **does not have an OOB network** and you **created a temporary OOB subnet**, + you must also enable **SNAT** for that subnet to allow internet access for installing the `netris-cloudstack-agent` on hypervisors. + Step 1: Navigate to NAT """"""""""""""""""""""""""""""""""""""""""""""""" @@ -673,11 +677,34 @@ Click **Add** to save the rule. Click **Add** to save the rule. +**(Optional) SNAT Rule for Temporary OOB Subnet** + +.. note:: + If your infrastructure **does not have an OOB network** and you **created a temporary OOB subnet**, + configure **SNAT for that subnet** so that hypervisors can reach external repositories to install the `netris-cloudstack-agent`. + +:: + + - Name: **SNAT Temporary OOB Network** + - Site: **Select the relevant site.** + - State: **Enabled** + - Action: **SNAT** + - Local VPC: **Select vpc-1:Default.** + - Protocol: **ALL** + - Source Address: **10.55.0.0/21** (Example) + - Destination Address: **0.0.0.0/0** (Allowing outbound traffic to any destination) + - SNAT to: **SNAT to IP** + - IP: **203.0.113.32/32** (Example IP from previously created NAT Pool) + - Comment: *(Optional, e.g., "Temporary internet access for CloudStack Hypervisors")* + +Click **Add** to save the rule. + + Step 3: Verify Configurations """"""""""""""""""""""""""""""""""""""""""""""""" 1. Navigate to **Network → NAT** in the **Netris Controller**. -2. Verify that both **SNAT rules** are listed with: +2. Verify that all **SNAT rules** are listed with: - The correct **source addresses**. - The assigned **SNAT IP**. From e9cf3b25203f76b84b766c1779d74e15345f7176 Mon Sep 17 00:00:00 2001 From: Gor Poghosyan Date: Thu, 30 Jan 2025 19:46:53 -0800 Subject: [PATCH 4/5] wip --- tutorials/netris-cloudstack_p2.rst | 212 +++++++++++++++++------------ 1 file changed, 124 insertions(+), 88 deletions(-) diff --git a/tutorials/netris-cloudstack_p2.rst b/tutorials/netris-cloudstack_p2.rst index 1a29aa0b6..d9692f38c 100644 --- a/tutorials/netris-cloudstack_p2.rst +++ b/tutorials/netris-cloudstack_p2.rst @@ -643,16 +643,16 @@ Step 2: Configure SNAT Rules :: - - Name: **SNAT CloudStack Management Nodes** - - Site: **Select the relevant site.** - - State: **Enabled** - - Action: **SNAT** - - Local VPC: **Select vpc-1:Default.** - - Protocol: **ALL** - - Source Address: **10.99.0.0/21** (Example) - - Destination Address: **0.0.0.0/0** (Allowing outbound traffic to any destination) - - SNAT to: **SNAT to IP** - - IP: **203.0.113.32/32** (Example IP from previously created NAT Pool) + - Name: SNAT CloudStack Management Nodes + - Site: Select the relevant site. + - State: Enabled + - Action: SNAT + - Local VPC: Select vpc-1:Default. + - Protocol: ALL + - Source Address: 10.99.0.0/21 (Example) + - Destination Address: 0.0.0.0/0 (Allowing outbound traffic to any destination) + - SNAT to: SNAT to IP + - IP: 203.0.113.32/32 (Example IP from previously created NAT Pool) - Comment: *(Optional, e.g., "Outbound access for CloudStack Management Nodes")* Click **Add** to save the rule. @@ -662,16 +662,16 @@ Click **Add** to save the rule. :: - - Name: **SNAT CloudStack Management Hypervisors** - - Site: **Select the relevant site.** - - State: **Enabled** - - Action: **SNAT** - - Local VPC: **Select vpc-1:Default.** - - Protocol: **ALL** - - Source Address: **10.100.0.0/21** (Example) - - Destination Address: **0.0.0.0/0** (Allowing outbound traffic to any destination) - - SNAT to: **SNAT to IP** - - IP: **203.0.113.32/32** (Example IP from previously created NAT Pool) + - Name: SNAT CloudStack Management Hypervisors + - Site: Select the relevant site. + - State: Enabled + - Action: SNAT + - Local VPC: Select vpc-1:Default. + - Protocol: ALL + - Source Address: 10.100.0.0/21 (Example) + - Destination Address: 0.0.0.0/0 (Allowing outbound traffic to any destination) + - SNAT to: SNAT to IP + - IP: 203.0.113.32/32 (Example IP from previously created NAT Pool) - Comment: *(Optional, e.g., "Outbound access for CloudStack Hypervisors")* Click **Add** to save the rule. @@ -685,16 +685,16 @@ Click **Add** to save the rule. :: - - Name: **SNAT Temporary OOB Network** - - Site: **Select the relevant site.** - - State: **Enabled** - - Action: **SNAT** - - Local VPC: **Select vpc-1:Default.** - - Protocol: **ALL** - - Source Address: **10.55.0.0/21** (Example) - - Destination Address: **0.0.0.0/0** (Allowing outbound traffic to any destination) - - SNAT to: **SNAT to IP** - - IP: **203.0.113.32/32** (Example IP from previously created NAT Pool) + - Name: SNAT Temporary OOB Network + - Site: Select the relevant site. + - State: Enabled + - Action: SNAT + - Local VPC: Select vpc-1:Default. + - Protocol: ALL + - Source Address: 10.55.0.0/21 (Example) + - Destination Address: 0.0.0.0/0 (Allowing outbound traffic to any destination) + - SNAT to: SNAT to IP + - IP: 203.0.113.32/32 (Example IP from previously created NAT Pool) - Comment: *(Optional, e.g., "Temporary internet access for CloudStack Hypervisors")* Click **Add** to save the rule. @@ -726,20 +726,20 @@ Step 2: Configure the DNAT Rule :: - - Name: **DNAT CloudStack GUI** - - Site: **Select the relevant site.** - - State: **Enabled** - - Action: **DNAT** - - Local VPC: **Select vpc-1:Default.** - - Protocol: **TCP** - - Source Address: **0.0.0.0/0** (to allow access from any external address). - - Source Port: **1-65535** (allow any source port). - - Destination Address: **Select available public NAT IP from previously created NAT Pool** (e.g., 203.0.113.33/32). - - Destination Port: **80** (HTTP). - - DNAT to IP: **Set to the internal IP of Server 1 (10.99.1.1/32).** - - DNAT to Port: **8080** (CloudStack Management GUI port). - - ACL Port Group: **Set to None unless specific ACL rules are required.** - - Comment: **Optional.** + - Name: DNAT CloudStack GUI + - Site: Select the relevant site. + - State: Enabled + - Action: DNAT + - Local VPC: Select vpc-1:Default. + - Protocol: TCP + - Source Address: 0.0.0.0/0 (to allow access from any external address). + - Source Port: 1-65535 (allow any source port). + - Destination Address: Select available public NAT IP from previously created NAT Pool (e.g., 203.0.113.33/32). + - Destination Port: 80 (HTTP). + - DNAT to IP: Set to the internal IP of Server 1 (10.99.1.1/32). + - DNAT to Port: 8080 (CloudStack Management GUI port). + - ACL Port Group: Set to None unless specific ACL rules are required. + - Comment: Optional. 2. Save the rule by clicking **Add**. @@ -756,28 +756,38 @@ This rule will not take effect until: Creating CloudStack Networks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -**V-Nets** define the foundational **network segments** (**VXLANs** or **VLANs** with **default gateway IP**) within Netris, serving as the backbone for CloudStack’s management and system-level operations. In this step, we’ll create four distinct **V-Nets**, each serving a specific purpose within the CloudStack infrastructure. +**V-Nets** define the foundational **network segments** (**VXLANs** or **VLANs with default gateway IPs**) within Netris, serving as the backbone for CloudStack’s management and system-level operations. In this step, we’ll create distinct **V-Nets**, each serving a specific purpose within the CloudStack infrastructure. + +.. note:: + - If your infrastructure **does not have an OOB network** and you created a **temporary OOB subnet** in the previous step, + you should also **create a VNet** for that subnet to provide internet access for installing `netris-cloudstack-agent` on hypervisors. + Overview of V-Nets and Their Purpose """"""""""""""""""""""""""""""""""""""""""""""""" 1. **CloudStack Management (Management Nodes)**: - - A subnet for CloudStack Management Node (Server 1). + - A network for CloudStack Management Node (Server 1). - Used to handle internal traffic between the management node and other components in the environment. 2. **CloudStack Management (Hypervisor Nodes)**: - - A subnet dedicated to managing hypervisor traffic. - - Configured with a special tag (**system.cloudstack.management**) to instruct the Netris-CloudStack Agent that this V-Net is mapped to **cloudbr0**. + - A network dedicated to managing hypervisor traffic. + - Configured with a special tag (**system.cloudstack.management**) to instruct the **Netris-CloudStack Agent** that this V-Net is mapped to **cloudbr0**. 3. **CloudStack System VMs**: - - A subnet to provide a **public IP range** for System VMs that manage internal CloudStack operations (e.g., console proxy, secondary storage VM). + - A network to provide a **public IP range** for System VMs that manage internal CloudStack operations (e.g., console proxy, secondary storage VM). - Public-facing as required for certain services. 4. **CloudStack Virtual Routers (VRs)**: - - A subnet to provide IPs for **Virtual Routers** used within VPCs. + - A network to provide IPs for **Virtual Routers** used within VPCs. - Handles tenant network services, such as **DHCP, DNS, and VPN**. - Can use either a **public or private subnet** based on whether public-facing services (e.g., VPN) are required. +5. **(Optional) Temporary OOB Network**: + - A network created **only if your infrastructure lacks OOB**. + - Used **temporarily** to provide **internet access to hypervisors** for installing `netris-cloudstack-agent`. + + Step 1: Navigate to V-Net """"""""""""""""""""""""""""""""""""""""""""""""" @@ -789,69 +799,95 @@ Step 2: Configure V-Nets **1. CloudStack Management (Management Nodes)** :: - - Name: **CloudStack Management (Management Nodes)** - - VPC: **Select vpc-1:Default.** - - Sites: **Select the relevant site.** - - VLAN ID: **Assign Automatically.** - - Owner: **Assign to Admin.** - - V-Net State: **Active.** - - IPv4 Gateway: **Use 10.99.0.1 (from the 10.99.0.0/21 subnet).** + - Name: CloudStack Management (Management Nodes) + - VPC: Select vpc-1:Default + - Sites: Select the relevant site + - VLAN ID: Assign Automatically + - Owner: Assign to Admin + - V-Net State: Active + - IPv4 Gateway: Use 10.99.0.1 (from the 10.99.0.0/21 subnet) - Network Interface Tags: - - Add the tag **CS-Cloud1-MGMT** and mark the **‘Untagged’** checkbox. + - Add the tag CS-Cloud1-MGMT and mark the ‘Untagged’ checkbox. - These tags guide Netris to discover and associate the correct server NICs with this V-Net. - - Click **Save**. + +Click **Save**. **2. CloudStack Management (Hypervisor Nodes)** :: - - Name: **CloudStack Management (Hypervisor Nodes)** - - VPC: **Select vpc-1:Default.** - - Sites: **Select the relevant site.** - - VLAN ID: **Assign Automatically.** - - Owner: **Assign to Admin.** - - V-Net State: **Active.** - - IPv4 Gateway: **Use 10.100.0.1 (from the 10.100.0.0/21 subnet).** + - Name: CloudStack Management (Hypervisor Nodes) + - VPC: Select vpc-1:Default + - Sites: Select the relevant site + - VLAN ID: Assign Automatically + - Owner: Assign to Admin + - V-Net State: Active + - IPv4 Gateway: Use 10.100.0.1 (from the 10.100.0.0/21 subnet) - Tags: - - Add **CS-Cloud1-Compute**. - - Add **system.cloudstack.management** (special tag that instructs the Netris-CloudStack Agent this V-Net is used for **cloudbr0**). - - Click **Save**. + - Add CS-Cloud1-Compute + - Add system.cloudstack.management (special tag that instructs the Netris-CloudStack Agent this V-Net is used for cloudbr0). + +Click **Save**. **3. CloudStack System VMs** :: - - Name: **CloudStack System VMs** - - VPC: **Select vpc-1:Default.** - - Sites: **Select the relevant site.** - - VLAN ID: **Disabled.** - - Owner: **Assign to Admin.** - - V-Net State: **Active.** - - IPv4 Gateway: **Use an appropriate gateway from the public subnet for system VMs (e.g., 203.0.113.1/27).** - - Tags: **Add CS-Cloud1-Compute**. - - Click **Save**. + - Name: CloudStack System VMs + - VPC: Select vpc-1:Default + - Sites: Select the relevant site + - VLAN ID: Disabled + - Owner: Assign to Admin + - V-Net State: Active + - IPv4 Gateway: Use an appropriate gateway from the public subnet for system VMs (e.g., 203.0.113.1/27) + - Tags: Add CS-Cloud1-Compute + +Click **Save**. **4. CloudStack Virtual Routers (VRs)** :: - - Name: **CloudStack VRs** - - VPC: **Select vpc-1:Default.** - - Sites: **Select the relevant site.** - - VLAN ID: **Disabled.** - - Owner: **Assign to Admin.** - - V-Net State: **Active.** - - IPv4 Gateway: **Use an appropriate gateway from the public or private subnet for VRs** (depending on your environment, e.g., 203.0.113.129/25). - - Tags: **Add CS-Cloud1-Compute**. - - Click **Save**. + - Name: CloudStack VRs + - VPC: Select vpc-1:Default + - Sites: Select the relevant site + - VLAN ID: Disabled + - Owner: Assign to Admin + - V-Net State: Active + - IPv4 Gateway: Use an appropriate gateway from the public or private subnet for VRs (depending on your environment, e.g., 203.0.113.129/25) + - Tags: Add CS-Cloud1-Compute + +Click **Save**. + + +**(Optional) 5. Temporary OOB Network** + +.. note:: + - This **VNet is only required if your infrastructure lacks an OOB network**. + - It provides **temporary internet access** to CloudStack hypervisors for installing the `netris-cloudstack-agent`. + +:: + + - Name: Temporary OOB Network + - VPC: Select vpc-1:Default + - Sites: Select the relevant site + - VLAN ID: Assign Automatically + - Owner: Assign to Admin + - V-Net State: Active + - IPv4 Gateway: Use 10.55.0.1 (from the 10.55.0.0/21 subnet) + - Network Interface Tags: + - Add the tag CS-Cloud1-Compute and mark the ‘Untagged’ checkbox. + +Click **Save**. Step 3: Review and Verify """"""""""""""""""""""""""""""""""""""""""""""""" 1. Navigate to **Services → V-Net**. -2. Confirm the following for all four V-Nets: +2. Confirm the following for all V-Nets: - **Management V-Nets** have automatically assigned VLAN IDs. - **System V-Nets** have VLAN IDs **disabled**. - **Tags** are applied correctly: - **CS-Cloud1-MGMT** for Management Nodes. (Network Interface Tag) - **CS-Cloud1-Compute** and **system.cloudstack.management** for Hypervisor Nodes. (Regular Tags) + 3. Confirm the **IPv4 Gateways** match the correct subnets for each V-Net. From dfcd8fffecb8c05dc3202b3150acad672eb7a664 Mon Sep 17 00:00:00 2001 From: Gor Poghosyan Date: Thu, 30 Jan 2025 20:42:28 -0800 Subject: [PATCH 5/5] added optional OOB network handling --- conf.py | 1 + tutorials/netris-cloudstack_p3.rst | 185 +++++++++++++++++++++++++++-- updatePages.sh | 2 +- 3 files changed, 175 insertions(+), 13 deletions(-) diff --git a/conf.py b/conf.py index 935782ae5..e53f9ca01 100644 --- a/conf.py +++ b/conf.py @@ -36,6 +36,7 @@ 'sphinx.ext.githubpages', 'sphinx_rtd_theme', 'sphinx_copybutton', + 'sphinx_tabs.tabs', ] # Add any paths that contain templates here, relative to this directory. diff --git a/tutorials/netris-cloudstack_p3.rst b/tutorials/netris-cloudstack_p3.rst index 8416ad4ee..c61c2e7fc 100644 --- a/tutorials/netris-cloudstack_p3.rst +++ b/tutorials/netris-cloudstack_p3.rst @@ -128,7 +128,51 @@ Netris Fabric Integration Install Netris-CloudStack Agent on Hypervisor Servers --------------------------------------------------------- -The **netris-cloudstack agent** acts as a bridge between CloudStack and the Netris Controller. It automates the provisioning and configuration of network resources required for CloudStack’s operations on hypervisor nodes. The agent ensures seamless integration by performing the following key functions: +The **netris-cloudstack agent** acts as a bridge between **CloudStack** and the **Netris Controller**. It automates the **provisioning** and **configuration** of network resources required for **CloudStack’s operations on hypervisor nodes**. + +.. note:: + - If your infrastructure **does not have an OOB network**, your hypervisors will **not have internet access**. + Follow the **pre-installation steps** below to temporarily configure internet access **before proceeding** with the installation. + - If you **have an OOB network**, proceed directly to **Installation Steps**. + +--- + +Pre-Installation Steps (For Deployments Without OOB) +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. warning:: + These steps are **only for users without an OOB network**. If your hypervisors **already have internet access via OOB**, **skip this section**. + +1. **Assign an IP address** to the hypervisor’s **NIC connected to the Netris fabric**: + + .. code-block:: shell + + ip address add 10.55.1.1/21 dev ens3 + +2. **Set a temporary default route** via the **temporary OOB gateway**: + + .. code-block:: shell + + ip route add default via 10.55.0.1 metric 10 + +3. **Set DNS resolvers** to enable domain name resolution: + + .. code-block:: shell + + echo "nameserver 1.1.1.1" > /etc/resolv.conf + echo "nameserver 8.8.8.8" >> /etc/resolv.conf + +4. **Verify connectivity**: + + .. code-block:: shell + + ip addr show ens3 # Ensure the IP is assigned + ping -c 4 10.55.0.1 # Check connectivity to the temporary gateway + ping -c 4 1.1.1.1 # Check external connectivity + curl -I https://www.google.com # Verify internet access + +After confirming connectivity, proceed with the **Netris-CloudStack Agent installation**. + Key Functions of the Netris-CloudStack Agent ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -140,23 +184,25 @@ Key Functions of the Netris-CloudStack Agent 2. **Network Automation**: - - Configures VXLAN overlays to extend Layer 2 networks across the Netris fabric. - - Integrates with Netris EVPN to enable dynamic exchange of MAC and IP address information. + - Configures **VXLAN overlays** to extend **Layer 2 networks** across the **Netris fabric**. + - Integrates with **Netris EVPN** to enable **dynamic exchange of MAC and IP address information**. Installation Steps ^^^^^^^^^^^^^^^^^^ -To provision the **netris-cloudstack agent** on the hypervisor servers (Server 2-4): +To provision the **netris-cloudstack agent** on the hypervisor servers (**Server 2-4**): 1. Navigate to: **Net → Inventory**. 2. Locate the desired server node (e.g., **Server 2**). -3. Click the three vertical dots (**⋮**) on the right-hand side of the node and select **Install Agent**. -4. A **one-line installer command** will appear. Copy this command to your clipboard. +3. Click the **three vertical dots (⋮)** on the right-hand side of the node and select **Install Agent**. +4. A **one-line installer command** will appear. **Copy this command** to your clipboard. + + - **Note:** Each installer command is **unique to the specific node**. + +5. **SSH into the server** and execute the copied command: + +6. **Repeat this process** for each hypervisor server (**Servers 2, 3, and 4**). - - **Note:** Each installer command is unique to the specific node. - -5. SSH into the server and execute the copied command: -6. Repeat this process for each hypervisor server (**Servers 2, 3, and 4**). Example Successful Output of One-Liner Script ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -177,6 +223,7 @@ Below is an example of a successful installation output after executing the **on === Netris-CloudStack Agent is now installed! === + Get started with Netris: https://netris.io/docs/en/stable/ + Verification Steps ^^^^^^^^^^^^^^^^^^ @@ -186,12 +233,126 @@ Verification Steps systemctl status netris-cloudstack-agent.service -2. **Confirm that the `cloudbr0` bridge has been created**, has the correct IP address, and that the default gateway is reachable: +2. **Confirm that the `cloudbr0` bridge has been created** and has the correct IP address: .. code-block:: shell ip addr show cloudbr0 - ping 10.100.0.1 + +--- + +Checking Network Connectivity +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + - If your infrastructure **has an OOB network**, and **Underlay was enabled during link setup**, you **should be able to ping the VXLAN gateway (e.g., 10.100.0.1) now**. + - If your infrastructure **does not have an OOB network**, and **Underlay is still disabled**, you **will NOT be able to ping the VXLAN gateway yet**. + Proceed to the **next step** to enable underlay. + +.. tabs:: + + .. group-tab:: With OOB (Underlay Enabled) + + **Verify connectivity:** + + .. code-block:: shell + + ping -c 4 10.100.0.1 # This should work if underlay is enabled. + + .. group-tab:: Without OOB (Underlay Disabled) + + - **Skip connectivity checks for now.** + - Proceed to **Enabling Underlay for Hypervisors** in the next step. + +--- + +Finalizing the Network Setup +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + - If your infrastructure **did not have an OOB network**, and you created a **temporary OOB VNet**, + now is the time to **switch from the temporary connection** to **underlay networking**. + +Step 1: Enable Underlay for Hypervisor Links +"""""""""""""""""""""""""""""""""""""""""""""""""" + +1. **Navigate to**: **Netris Controller → Net → Topology**. +2. **Find the hypervisor’s links** (e.g., Server 2 → Leaf-1). +3. **Right-click on the link** and select **Edit**. +4. **Enable the "Underlay" checkbox**. +5. **Click Save**. +6. **Repeat for all hypervisors (Server 2, 3, and 4)**. + +Step 2: Verify VXLAN Connectivity +"""""""""""""""""""""""""""""""""""""""""""""""""""" + +1. **Reconnect to the server using the new cloudbr0 IP**: + + .. code-block:: shell + + ssh root@10.100.1.1 + +2. **Confirm that the gateway of the VXLAN VNet is now reachable**: + + .. code-block:: shell + + ping -c 4 10.100.0.1 # Now the gateway should respond + +Step 3: Remove Temporary Configurations +"""""""""""""""""""""""""""""""""""""""""""""""""""" + +1. **Delete the temporary default route**: + + .. code-block:: shell + + ip route del default via 10.55.0.1 + +2. **Verify that the server is now using `cloudbr0` for network access**: + + .. code-block:: shell + + ip route show + ip addr show cloudbr0 + ping -c 4 1.1.1.1 + curl -I https://www.google.com + + +**Keeping the Temporary OOB VNet for Emergency Access** +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +.. note:: + If your infrastructure **does not have a dedicated OOB network**, you can **retain the temporary VNet** as an **emergency access method**. + +Why Keep the Emergency OOB? +"""""""""""""""""""""""""""""""""""" + +- **Allows access to the hypervisors if underlay networking fails**. +- **Can be used for troubleshooting or upgrades** without disrupting the overlay network. +- **Provides a backup path to manage servers** without depending on cloudbr0. + +How to Use Emergency OOB? +"""""""""""""""""""""""""""""""""""" + +1. **Disable underlay** on a hypervisor link: + + .. + + Navigate to Net > Topology, edit the link, and uncheck "Underlay" + +2. **Reconnect to the hypervisor using the OOB IP**: + + .. code-block:: shell + + ssh root@10.55.1.1 + +3. **Perform necessary maintenance**, then **re-enable underlay** when done. + +.. note:: + + **Persisting OOB IP Configuration (Recommended)** + + For long-term usability, configure the **emergency OOB IP persistently** using **Netplan**: + Install CloudStack Management Service diff --git a/updatePages.sh b/updatePages.sh index 741d07673..247be9b4b 100755 --- a/updatePages.sh +++ b/updatePages.sh @@ -8,7 +8,7 @@ set -x apt-get update apt-get -y install git git-lfs rsync python3-pip python3-virtualenv python3-setuptools -python3 -m pip install --upgrade sphinx-rtd-theme==0.5.1 importlib-metadata==4.0.1 gitpython docutils==0.16 rinohtype pygments sphinx-copybutton +python3 -m pip install --upgrade sphinx-rtd-theme==0.5.1 importlib-metadata==4.0.1 gitpython docutils==0.16 rinohtype pygments sphinx-copybutton sphinx-tabs ####################################### # SILENCE ALL SAFE.DIRECTORY WARNINGS #