CALICO with OpenStack

Rajesh Kumar

2

CALICO with OpenStack

Calico provides secure network connectivity for containers and virtual

machine workloads.

Calico integrates seamlessly with cloud orchestration systems such as

OpenStack and Docker to provide networking between local and

geographically distributed workloads.

Here will discuss more about integrate with OpenStack

3

CALICO with OpenStack

Calico’s integration with OpenStack consists of the following pieces.

•The Calico driver for Neutron, that runs as part of the Neutron server on each

machine where the Neutron server runs. (There can be just one Neutron server, but

typically there are more, to provide higher availability.) This driver handles

OpenStack network, subnet, instance and security operations and translates them

into equivalent Etcd data for Felix to implement. It also reads the agent and per-port

status information that Felix writes into Etcd, and reports this into the Neutron DB.

4

CALICO with OpenStack

• Etcd, providing a distributed key/value database that is accessible from all compute hosts and Neutron servers.

• Felix (the Calico agent) running on each compute host. Felix reads information from Etcd that specifies workloads and their properties (IP addresses, security etc.), and implements that connectivity and security for them. Felix also reports its own agent status, and the programming status for each workload, through Etcd.

• BIRD, also running on each compute host, to propagate local workload routes to other compute hosts and infrastructure routers.

• The Calico DHCP agent, running on each compute host, that configures and launches Dnsmasq instances to provide DHCP for the locally hosted workloads. Architecturally this fills the same role as the reference Neutron DHCP agent; the key difference is that it gets its information from Etcd instead of by RPC from the Neutron server, as we have found this to be more scalable.

5

CALICO with OpenStack

• The Etcd, Felix and BIRD pieces are the same as in other Calico integrations, and so independent of OpenStack. The Calico Neutron driver and DHCP agent are specific to OpenStack, and are provided by the networking-calico project. networking-calico is an unofficial OpenStack project.

• From an OpenStack point of view, networking-calico is just one of many possible Neutron drivers that provide connectivity between instances (VMs) as specified by the Neutron API. The Usage section gives more detail about the parts of the Neutron API that the networking-calico provides

6

CALICO with OpenStack

There are many ways to try out Calico with OpenStack, because OpenStack is a sufficiently complex system that there is a small industry concerned with deploying it correctly and successfully.You can install Calico via any of the following methods:

•Package-based install for Ubuntu 14.04 (Trusty) or 16.04 (Xenial)

•RPM-based install for Red Hat Enterprise Linux 7 (RHEL 7)

•Canonical’s Juju Charms

•Mirantis Fuel

•DevStack

Refer the link for more details on installation - https://docs.projectcalico.org/v2.6/getting-started/openstack/installation/

7

Target platforms and OpenStack releases

Aim to develop and maintain the Neutron driver for Calico (networking-calico) so that its master code works with OpenStack master or any previous release (back to Icehouse), on any OS platform, and independently of the deployment mechanism that is used to install it.

That said, we recommend using OpenStack Liberty or later, on Ubuntu Trusty or Xenial, or RHEL/CentOS 7, as those are the platform combinations that are used in most of our own testing, and by many third party Calico users.

8

Nova patch needed with Mitaka and earlier

With OpenStack Mitaka and earlier, and if your libvirt is >= 1.3.3 and < 3.1,

you will need to patch the Nova code post installation, on each compute

host, as in this change. In case you need the same Nova code to work with

all possible libvirt versions, you should then add this further change.

OpenStack Newton and later already include these two changes.

Refer the link for details - https://docs.projectcalico.org/v2.6/getting-started/openstack/installation/