Cisco ACI and Pivotal Cloud Foundry Integration 2

Similar documents
Cisco ACI Simulator VM Installation Guide

Cisco Mini ACI Fabric and Virtual APICs

Cisco APIC in a Cisco ACI Multi-Site Topology New and Changed Information 2

Cisco ACI with Red Hat Virtualization 2

Cisco ACI Terminology ACI Terminology 2

Virtual Machine Manager Domains

Cisco ACI vcenter Plugin

Cisco ACI with Cisco AVS

Cisco ACI Multi-Site Fundamentals Guide

Implementing Container Application Platforms with Cisco ACI

Quick Start Guide (SDN)

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Verified Scalability Guide for Cisco APIC, Release 3.0(1k) and Cisco Nexus 9000 Series ACI-Mode Switches, Release 13.0(1k)

Quick Start Guide (SDN)

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking

Cisco ACI and Cisco AVS

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Cisco ACI Virtual Machine Networking

Virtualization Design

Configuring Layer 4 to Layer 7 Resource Pools

Cisco ACI with OpenStack Deployment Guide for Ubuntu Using Juju Charms

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

Cisco ACI Virtual Machine Networking

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Using PCF Ops Manager to Deploy Hyperledger Fabric

Tenant Onboarding. Tenant Onboarding Overview. Tenant Onboarding with Virtual Data Centers

Design Guide for Cisco ACI with Avi Vantage

Cisco ACI Virtual Machine Networking

Cisco Application Policy Infrastructure Controller OpenStack and Container Plugins Release 3.2(2), Release Notes

Microsegmentation with Cisco ACI

Provisioning Overlay Networks

Layer 4 to Layer 7 Design

MAC Filtering for Lobby Ambassadors

Production Pivotal Cloud Foundry on VMware vsphere using Dell EMC XC Series Appliances or XC Core System Deployment Guide

Creating Application Containers

Service Graph Design with Cisco Application Centric Infrastructure

Cisco ACI and OpenShift Integration New and Changed Information 2

Lifecycle Management for Virtual Machine Applications Configuration Guide, Cisco IOS Everest 16.6

Using Cisco APIC to Deploy an EPG on a Specific Port

Cisco Container Platform Installation Guide

Configuring APIC Accounts

Cisco APIC and Static Management Access

Installing or Recovering Cisco APIC Images

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

Microsegmentation with Cisco ACI

Cisco ACI Virtualization Guide, Release 2.2(1)

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Creating Application Containers

Cisco HyperFlex Systems

Cisco ACI Virtualization Guide, Release 2.1(1)

Manage Hybrid Clouds with a Cisco CloudCenter, Cisco Application Centric Infrastructure, and Cisco UCS Director Solution

Cisco ACI Multi-Site, Release 1.1(1), Release Notes

Configure. Background. Register the FTD Appliance

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Intra-EPG Isolation Enforcement and Cisco ACI

UCS Director: Tenant Onboarding Cisco ACI & Microsoft HyperV. Dec. 2016

AGENDA Introduction Pivotal Cloud Foundry NSX-V integration with Cloud Foundry New Features in Cloud Foundry Networking NSX-T with Cloud Fou

Using the vrealize Orchestrator OpenStack Plug-In 2.0. Modified on 19 SEP 2017 vrealize Orchestrator 7.0

Single Sign-On for PCF. User's Guide

Redhat OpenStack 5.0 and PLUMgrid OpenStack Networking Suite 2.0 Installation Hands-on lab guide

Cisco UCS Director and ACI Advanced Deployment Lab

Cisco ACI with OpenStack OpFlex Architectural Overview

Installing or Upgrading ANM Virtual Appliance

Configuring a Device Cluster (Logical Device)

Cisco ACI Virtualization Guide, Release 2.2(2)

Cisco NSH Service Chaining Configuration Guide

Pivotal Cloud Foundry on VMware vsphere using Dell EMC XC Series Hyper-Converged Appliances Deployment Guide

Table of Contents HOL-PRT-1305

believe in more SDN for Datacenter A Simple Approach

Installing the Cisco CSR 1000v in VMware ESXi Environments

Principles of Application Centric Infrastructure

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

Cisco ACI Simulator Release Notes, Release 1.1(1j)

Provisioning Overlay Networks

VMware Integrated OpenStack with Kubernetes Getting Started Guide. VMware Integrated OpenStack 4.0

IaaS Integration for Multi-Machine Services

Intra-EPG Isolation Enforcement and Cisco ACI

Provisioning Core ACI Fabric Services

Using vrealize Operations Tenant App as a Service Provider

Getting Started with VMware Integrated OpenStack with Kubernetes. VMware Integrated OpenStack 5.1

Forescout. Controller Plugin. Configuration Guide. Version 1.1

About Cisco ACI with Microsoft SCVMM

VMware Integrated OpenStack Quick Start Guide

Migrating vrealize Automation 6.2 to 7.2

Intra-EPG Isolation Enforcement and Cisco ACI

Schema Management. Schema Management

Cisco CSR 1000V VxLAN Support 2

Cisco Application Policy Infrastructure Controller OpenStack and Container Plugins, Release 2.3(1), Release Notes

Toggling Between Basic and Advanced GUI Modes

F5 iworkflow : Cisco APIC Administration. Version 2.0

Getting Started Guide. VMware NSX Cloud services

Deploying the Cisco ASA 1000V

The Cisco HyperFlex Dynamic Data Fabric Advantage

Securing Containers Using a PNSC and a Cisco VSG

Installing Cisco Virtual Switch Update Manager

F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure

Transcription:

Cisco ACI and Pivotal Cloud Foundry Integration New and Changed Information 2 Cisco ACI and Pivotal Cloud Foundry Integration 2 Preparation 2 Pivotal Cloud Foundry Compatibility 2 Preparing for Pivotal Cloud Foundry ACI Integration 2 Deployment 3 Provisioning Cisco ACI to Work with Pivotal Cloud Foundry 3 Deploying PAS with ACI CNI Plug-in Tile 4 Upgrading the ACI CNI Plug-in 6 Removing Cisco ACI Add-ons from Pivotal Cloud Foundry 6 Unprovisioning Pivotal Cloud Foundry from the ACI Fabric 7 Operations 7 Using Cisco ACI-Specific Extensions 7 Collecting Log Files for Support Requests 8

Revised: August 1, 2018 New and Changed Information The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release. Cisco APIC Release Version Release 3.2(1) Feature Support for Pivotal Cloud Foundry in Cisco ACI Description This release enables the deployment of Pivotal Cloud Foundry in the Cisco ACI fabric. Cisco ACI and Pivotal Cloud Foundry Integration Pivotal Cloud Foundry is a platform as a service (PAAS) that uses Linux containers to deploy and manage applications. It works as an overlay on various infrastructure systems like VMware vsphere and Amazon Web Services (AWS) and operates on the underlying network used by these systems. Beginning with Cisco APIC Release 3.2(1), Pivotal Cloud Foundry is integrated with Cisco Application Centric Infrastructure (ACI). This enables customers to use all Cisco ACI security and policy features with Pivotal Cloud Foundry containers. In the Cisco APIC Release 3.2(1), Cisco ACI integration applies to Pivotal Cloud Foundry deployed on VMware vsphere where the Cisco ACI provides the network fabric for VMware vsphere. This document is a guide to deploying Pivotal Cloud Foundry integrated with Cisco ACI and describes the use of Cisco ACI-specific extensions to Pivotal Cloud Foundry. Preparation Pivotal Cloud Foundry Compatibility Cloud Foundry is compatible with the following software: Cisco APIC Release 3.2(1) Ops Manager 2.1 and Pivotal Application Service (PAS) 2.1.1 Cisco ACI add-ons 0.2.0 Note This document does not include deployment of isolation segments. Preparing for Pivotal Cloud Foundry ACI Integration The following tasks must be completed before you can integrate Pivotal Cloud Foundry with the Cisco ACI. 2

Before you begin It is assumed that you have completed the following tasks: Set up the Cisco ACI fabric to use with a VMware vcenter deployment. See the Cisco ACI and Cisco APIC documentation on Cisco.com. Read and understood the guidelines in the knowledge base article Cisco ACI and OpFlex Connectivity for Orchestrators. Step 3 Step 4 Create a VMware VMM domain in Cisco APIC that uses the desired VMware vcenter data center. Ensure that you have an Attachable Entity Profile (AEP) in Cisco APIC that enables communication on the switch ports that are connected to ESXi hypervisors. Create a VRF that to hold all your endpoints (BOSH Director, Ops Manager, Pivotal Cloud Foundry component VMs, and containers). Create and provision L3Out in Cisco APIC for external communication and associate it with the VRF you created in the previous step. Step 5 Create an external network under the L3Out that allows traffic to all destinations (0.0.0.0/0). Step 6 Step 7 Create a working directory and extract the Cisco ACI add-ons distribution file (dist-generics-cloudfoundryxxxxxx.tgz). Install the acc_provision Debian package. Deployment Provisioning Cisco ACI to Work with Pivotal Cloud Foundry Before you begin Ensure that you have completed the tasks in the section Preparing for Pivotal Cloud Foundry ACI Integration, on page 2 in this guide. Create a provisioning configuration file, using the following example. Change the values in the example to fit your environment. ## Configuration for ACI Fabric aci_config: system_id: mycf0 # Unique ID for this install apic_hosts: # List of APIC hosts to connect to 172.28.184.150 apic_login: 3

username: admin password: myadminpassword vmm_domain: # CloudFoundry VMM domain config encap_type: vxlan # Encap mode: vxlan or vlan mcast_range: # Every VMM must use a distinct range start: 225.20.1.1 end: 225.20.255.255 nested_inside: type: vmware name: fab15vds1 # Your VMware VMM domain name # The following resources must already exist on the APIC, # they are used, but not created by the provisioning tool. aep: esxaep # The AEP for ports/vpcs vrf: # VRF to place the endpoints in name: l3out_1_vrf tenant: common l3out: name: l3out1 # Used for external communication external_networks: - l3out_1_net # Used for external contracts # # Networks used by CloudFoundry # net_config: node_subnet: 10.1.0.1/16 # Subnet for CloudFoundry nodes pod_subnet: 10.2.0.1/16 # Subnet for container IPs extern_dynamic: 150.3.0.1/24 # Subnet for dynamic external IPs extern_static: 150.4.0.1/24 # Subnet for static external IPs node_svc_subnet: 10.5.0.1/24 # Subnet for service graphs service_vlan: 4002 # VLAN used by LoadBalancer services infra_vlan: 4093 # VLAN used by ACI infra In the preceding example, node subnet 10.1.0.0/16 will be used for the BOSH Director virtual machine (VM) and Pivotal Cloud Foundry component VM. Step 3 Configure Cisco APIC and generate a configuration file for cf-deployment. acc_provision -a -u <apic username> -p <apic password> -c mycf0-prov-config.yaml -o mycf0-vars.yaml -f cloudfoundry-1.0 This command configures Cisco APIC for Pivotal Cloud Foundry and generates a file called mycf0-vars.yaml. Make a note of the following values in the file mycf0-vars.yaml: apic_dvs, apic_node_portgroup, apic_node_portgroup, apic_node_subnet, and apic_infra_portgroup. Deploying PAS with ACI CNI Plug-in Tile Create the Ops Manager VM (v2.1) using ovftool or another tool on VMware vsphere. Make sure that this VM's virtual NIC (vnic) is attached to the vsphere portgroup created by acc_provision (apic_node_portgroup in the configuration file produced by acc_provision). Power up this VM and point your browser to the VM s IP address, and provide credentials to log in. 4

Step 3 Step 4 Configure BOSH Director (tile named VMware vsphere) to specify the location of vcenter and create availability zones. Map the default network in Create Networks to the vsphere portgroup created by acc_provision. See the configuration output file produced by acc_provision for the values you will need. vsphere Network Name: apic_dvs/apic_node_portgroup CIDR, Gateway: apic_node_subnet Reserved IP Ranges: Use the IP address for the Ops Manager VM. Step 5 Step 6 Step 7 Download Pivotal Application Service (PAS) and import it as a product but do not deploy it at this stage. Click the PAS tile to configure it. Provide all the form inputs required by your installation. Create an additional network in BOSH Director by completing the following steps: a) On the VMware vsphere (BOSH Director) configuration page, click Create Networks > Add Network b) Provide the following values for the new network: Name: apic-infra Subnet-vSphere Network Name: apic_dvs/apic_infra_portgroup Subnet-CIDR: 169.254.0.0/16 Subnet-Gateway: 169.254.0.1 Step 8 Run the scripts/ops_manager_patch.sh script from the directory that contains the scripts/cisco-pcf-opsman-patch.diff path. This script restarts the Ops Manager after applying the patch. You will lose connectivity to Ops Manager for a few minutes. ops_manager_patch.sh <host> <username> <password> Positional parameters host Name or IP address of OpsManager username Name of local user on OpsManager with sudo privileges password Password of local user Step 9 0 Import the tile ACI CNI Plug-in tile, and add it by clicking on the + icon. Configure the ACI CNI Plug-in tile using the Python script scripts/aci-tile-config.py, providing the output file produced by acc_provision as input. python aci-tile-config.py [-h] host user password config_file positional arguments: host Name or IP Address of Ops Manager user Ops Manager Admin user name password Ops Manager Admin user password config_file Name of config file created by acc_provision optional arguments: -h, --help show this help message and exit 5

1 2 3 To view the configured values, click the tile. Enable the ACI CNI Plug-in by completing the following steps: a) Click Pivotal Application Service. b) Go to Network > Container Network Interface Plugin. c) In the Container Network Interface Plugin area, choose external. On the dashboard, click Apply Changes to install PAS with ACI add-ons. Installation can take a few hours. Upgrading the ACI CNI Plug-in This topic describes how to upgrade the Cisco ACI CNI Plug-in release version for Pivotal Cloud Foundry without having to reinstall Ops Manager and Pivotal Application Service (PAS) components. You can perform this operation when you want to upgrade to new features and bug fixes in Cisco ACI. Undo the Ops Manager patch using the script ops_manager_patch.sh. Use the same release version of the script as your current installation. Apply the new patch to the Ops Manager using the ops_manager_patch.sh script from the new release version that you want to upgrade to. The Ops Manager reboots and loses connectivity for a few minutes. Note You can skip the Ops Manager patch upgrade if there are no changes to the ops_manager_patch.sh file between the releases. Step 3 Step 4 Delete the ACI CNI Plug-in from the Ops Manager UI. Import the latest version of the ACI CNI Plug-in tile that you want to upgrade to and add it to the Ops Manager UI. Provide the acc_provision parameters using the aci-tile-config.py script and follow the regular installation process and apply the changes. Removing Cisco ACI Add-ons from Pivotal Cloud Foundry You can delete Installed Cisco ACI plug-ins by following the instructions in this section. In the Ops Manager GUI, delete the ACI CNI Plug-in tile from Ops Manager and apply the changes. (Optional) To undo the patching of Ops Manager (as described in Step 8 of Deploying PAS with ACI CNI Plug-in Tile), run the following command: 6

ops_manager_patch.sh -u <host> <username> <password> Positional parameters host Name or IP address of OpsManager username Name of local user on OpsManager with sudo privileges password Password of local user Unprovisioning Pivotal Cloud Foundry from the ACI Fabric This section describes how to uprovision Pivotal Cloud Foundry from the Cisco ACI fabric. Before you begin Before unprovisioning the resources allocated to your Pivotal Cloud Foundry installation from your Cisco ACI fabric, ensure that Pivotal Cloud Foundry and BOSH Director have been removed from Ops Manager, and then delete the Ops Manager VM from VMware vsphere. a) Unprovision the fabric. acc_provision -a -d -u <apic username> -p <apic password> -c mycf0-prov-config.yaml -o mycf0-vars.yaml -f cloudfoundry-1.0 Note This command also deletes the Cisco ACI tenant. If you are using a shared tenant, this command is dangerous. Operations Using Cisco ACI-Specific Extensions You can access Cisco ACI-specific Pivotal Cloud Foundry extensions through a Python CLI script, cf-aci.py. Extensions features include EPG annotations and external IP address. The Python CLI script is in the scripts/ directory of the distribution files (dist-generics-cloudfoundryxxxxxx.tgz). Most commands are self- explanatory and take one or two arguments. Run the Python CLI script to access the Cisco ACI-specific Pivotal Cloud Foundry extensions, using the following example:./scripts/cf-aci.py --help Usage: cf-aci.py <command> <command-arguments> Available commands: app-ext-ip <app-name> Get external IP of an app app-vip <app-name> Get virtual IP of an app epg-app <app-name> Get EPG annotation of an app epg-org <org-name> Get EPG annotation of an org epg-space <space-name> Get EPG annotation of a space 7

set-app-ext-ip <app-name> <IP-address> Set external IP on an app set-epg-app <app-name> <EPG-name> Set EPG annotation on an app set-epg-org <app-name> <EPG-name> Set EPG annotation on an org set-epg-space <app-name> <EPG-name> Set EPG annotation on a space unset-app-ext-ip <app-name> Remove external IP of an app unset-epg-app <app-name> Remove EPG annotation of an app unset-epg-org <org-name> Remove EPG annotation of an org unset-epg-space <space-name> Remove EPG annotation of a space Collecting Log Files for Support Requests If problems arise, Cisco support may ask that you submit log files to help them troubleshoot the problems. Follow the steps in this section to collect the log files for Pivotal Cloud Foundry. Step 3 Step 4 Get the list of VM instances in your deployment. bosh vms -d cf Generate report on the desired VM instance (diego_database or diego_cell). bosh ssh -d cf <instance> -c 'sudo/var/vcap/packages/apic-host-report/apic-host-report.sh' Note the report file mentioned in the output. Copy over the report file. bosh scp -d cf <instance>:<path/to/report-file>. 8

2018 Cisco Systems, Inc. All rights reserved.

Americas Headquarters Cisco Systems, Inc. San Jose, CA 95134-1706 USA Asia Pacific Headquarters CiscoSystems(USA)Pte.Ltd. Singapore Europe Headquarters CiscoSystemsInternationalBV Amsterdam,TheNetherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback