Configure systems for use with Calico
When running Calico with OpenStack, you also need to configure various OpenStack components, as follows.
Calico uses the Nova metadata service to provide metadata to VMs, without any proxying by Neutron. To make that work:
- An instance of the Nova metadata API must run on every compute node.
/etc/nova/nova.confmust not set
True. (The default
Falsevalue is correct for a Calico cluster.)
Neutron server (/etc/neutron/neutron.conf)
/etc/neutron/neutron.conf you need the following settings to
configure the Neutron service.
|core_plugin||calico||Use the Calico core plugin|
Calico can operate either as a core plugin or as an ML2 mechanism driver. The function is the same both ways, except that floating IPs are only supported when operating as a core plugin; hence the recommended setting here.
However, if you don’t need floating IPs and have other reasons for using ML2, you can, instead, set
|core_plugin||neutron.plugins.ml2.plugin.ML2Plugin||Use ML2 plugin|
and then the further ML2-specific configuration as covered below.
The following options in the
[calico] section of
/etc/neutron/neutron.conf govern how
the Calico plugin/driver and DHCP agent connect to the Calico etcd
datastore. You should set
etcd_host to the IP of your etcd server, and
that server is using a non-standard port. If the etcd server is TLS-secured, also set:
etcd_cert_fileto a client certificate, which must be signed by a Certificate Authority that the server trusts
etcd_key_fileto the corresponding private key file
etcd_ca_cert_fileto a file containing data for the Certificate Authorities that you trust to sign the etcd server’s certificate.
|etcd_host||127.0.0.1||The hostname or IP of the etcd server|
|etcd_port||2379||The port to use for the etcd node/proxy|
|etcd_key_file||The path to the TLS key file to use with etcd|
|etcd_cert_file||The path to the TLS client certificate file to use with etcd|
|etcd_ca_cert_file||The path to the TLS CA certificate file to use with etcd|
In a multi-region deployment,
[calico] openstack_region configures the name of the region that the local compute or controller
node belongs to.
||none||The name of the region that the local compute of controller node belongs to.|
When specified, the value of
openstack_region must be a string of lower case alphanumeric
characters or ‘-‘, starting and ending with an alphanumeric character, and must match the value of
configured for the Felixes in the same region.
/etc/neutron/plugins/ml2/ml2_conf.ini you need the following
settings to configure the ML2 plugin.
|type_drivers||local, flat||Allow ‘local’ and ‘flat’ networks|
|tenant_network_types||local, flat||Allow ‘local’ and ‘flat’ networks|