Powervcdriver

PowerVC Driver Deprecation (Not to be confused with the PowerVC product, but rather the ICM OpenStack Nova driver that talks to PowerVC)
As of the Mitaka release, the driver for managing PowerVC deployments through OpenStack ("PowerVC driver") has been deprecated. The driver is no longer being updated to work with future releases of OpenStack and will not be supported with those releases. This was the driver used within IBM Cloud Manager. OpenStack operators currently using this driver to manage their PowerKVM/PowerVM systems can transition to the libvirt or PowerVM OpenStack drivers, which are supported directly with OpenStack and do not require a PowerVC deployment. Note: This deprecation impacts only the OpenStack driver used to manage PowerVC deployments, not the IBM PowerVC product itself.

Operators using PowerVM: it is highly recommended to migrate to the PowerVM Driver. IBM PowerVC now utilizes the PowerVM driver.

Operators using PowerKVM: it is highly recommended to migrate to the libvirt Nova driver.

= IBM PowerVC Driver for OpenStack =

Overview
Use PowerVC driver you are able to manage Power system that supported by PowerVC in your cloud environment. PowerVC Driver is consist with 4 services: 1. nova-powervc 2. cinder-powervc 3. glance-powervc 4. neutron-powervc

Note that powervc driver will directly call the db api in each services to synchronize PowerVC resources like instances, flavors, volumes, volume types, images, networks, ports, subnets and etc into your cloud system. nova-powervc service will internally start nova-compute services for each host in PowerVC, you can type 'nova service-list' to show the nova-compute services.

Download PowerVC Driver
git clone https://github.com/openstack/powervc-driver.git

Prepare Install Driver

 * Create and copy PowerVC Driver configuration

mkdir /etc/powervc cd powervc-driver cp common-powervc/etc/*.conf /etc/powervc cp neutron-powervc/etc/*.conf /etc/powervc


 * Create PowerVC Driver logging directory

mkdir -p /var/log/powervc


 * Create folders and link powervc driver source to python site-packages

mkdir -p %{python_sitelib}/nova/virt mkdir -p %{python_sitelib}/nova/api/openstack/compute/contrib mkdir -p %{python_sitelib}/powervc ln -s powervc-driver/nova-powervc/powervc/nova/driver %{python_sitelib}/nova/virt/powervc ln -s powervc-driver/nova-powervc/powervc/nova/extension/extended_powervm.py %{python_sitelib}/nova/api/openstack/compute/contrib/extended_powervm.py   ln -s powervc-driver/nova-powervc/powervc/nova/extension/host_maintenance_mode.py %{python_sitelib}/nova/api/openstack/compute/contrib/host_maintenance_mode.py    ln -s powervc-driver/common-powervc/powervc %{python_sitelib}/powervc

Create project Powervc: keystone tenant-create --name Powervc Add user powervc: keystone user-create --name powervc --pass passw0rd --enabled true Add permission: keystone user-role-add --user powervc --role admin --tenant Powervc
 * Create powervc specified tenant, all the resources will be synchronized to this project.

Configure /etc/nova/nova.conf
vi /etc/nova/nova.conf compute_driver = powervc.nova.driver.virt.powervc.driver.PowerVCDriver
 * Replace compute driver with PowerVC's nova driver

Configure /etc/cinder/cinder.conf
vi /etc/cinder/cinder.conf volume_driver = powervc.volume.driver.powervc.PowerVCDriver or you want to use multiple backend add powervcdriver into your enabled_backends list and add following section: [powervcdriver] volume_driver = powervc.volume.driver.powervc.PowerVCDriver volume_backend_name = powervc
 * Enable OpenStack cinder volume with PowerVC

Configure /etc/powervc/amqp-openstack.conf
The following describes how to configure amqp messager rabbitmq between powervc driver and controller node. rabbit_host= rabbit_port= rabbit_use_ssl= rabbit_userid= rabbit_password= [DEFAULT] # and zmq(not supported yet) rpc_backend = rabbit
 * Refer to /etc/nova/nova.conf, configure the amqp credential between powervc driver and controller node.
 * Total CONF File Sample

#	# AMQP options #

# User durable queues in amqp amqp_durable_queues = true

# Auto-delete queues in amqp amqp_auto_delete = false

# Size of RPC connection pool rpc_conn_pool_size = 60

# Seconds to wait for a response from a call rpc_response_timeout = 60

#	# Eventlet options #

# Size of RPC greenthread pool rpc_thread_pool_size = 2048

#	# RabbitMQ driver configuration #

# The RabbitMQ broker address where a single node is used rabbit_host = 9.5.124.47

# The RabbitMQ broker port where a single node is used rabbit_port = 5671

# Connect over SSL for RabbitMQ rabbit_use_ssl = true

# SSL certification authority file (valid only if SSL enabled) kombu_ssl_ca_certs=/etc/pki/tls/icm/rabbitmq/cacerts.pem # The RabbitMQ user id	rabbit_userid = rabbitclient

# The RabbitMQ password rabbit_password = W0lCTTp2MV1ldVE5MERvUGlKRGNHMnNu

# The RabbitMQ virtual host rabbit_virtual_host = /

Configure /etc/powervc/amqp-powervc.conf
In the latest powervc driver version, it uses rabbitmq as its amqp messager. The following describes how to configure amqp messager rabbitmq between powervc driver and PowerVC server. kombu_ssl_keyfile = /etc/powervc/powervcmq_ssl/key.pem kombu_ssl_certfile = /etc/powervc/powervcmq_ssl/cert.pem kombu_ssl_ca_certs = /etc/powervc/powervcmq_ssl/cacert.pem
 * We need to configure the following properties:

rabbit_login_method = rabbit_host = rabbit_port = rabbit_use_ssl = true rabbit_userid = rabbit_password =

1. Generate SSL private key in PowerVC Driver controller node like below: openssl genrsa -out key.pem 2048
 * Here is way to authenticate cert with PowerVC server:

2. Generate a certificate request in PowerVC Driver controller node with previously created private key, you need to fill up with subject for your controller node: openssl req -new -key key.pem -out cert.csr -subj "/CN=c582f1-n36-vm1_pok_stglabs_ibm_com Messaging Client/O=PowerVC Driver" Note: Replace 'c582f1-n36-vm1_pok_stglabs_ibm_com' with the name of your controller node.

3. Copy the certificate request generated in above step to PowerVC node

4. Sign the request certificate by the PowerVC message queue CA in PowerVC node: openssl x509 -req -days 3650 -in cert.csr -CA /etc/pki/messages/ca/cacert.pem -CAkey /etc/pki/messages/ca/private/cakey.pem -CAcreateserial -out cert.pem

5. Copy the SSL certificate 'cert.pem' and PowerVC message queue CA certificate /etc/pki/messages/ca/cacert.pem from PowerVC node to PowerVC Driver controller node

6. mkdir /etc/powervc/powervcmq_ssl, copy all the pem files to this folder, and add permission to all the files.

7. Create pvcdriver account in PowerVC node for rabbitmq if not existed: su - rabbitmq /usr/lib/rabbitmq/bin/rabbitmqctl add_user pvcdriver passw0rd /usr/lib/rabbitmq/bin/rabbitmqctl set_permissions -p / pvcdriver ".*" ".*" ".*"

[DEFAULT] rpc_backend = rabbit
 * Total CONF File Sample

#	# AMQP options #

# User durable queues in amqp amqp_durable_queues = false

# Auto-delete queues in amqp amqp_auto_delete = false

# Size of RPC connection pool rpc_conn_pool_size = 60

# Seconds to wait for a response from a call rpc_response_timeout = 60

#	# Eventlet options #

# Size of RPC greenthread pool rpc_thread_pool_size = 2048

#	# RabbitMQ driver configuration #

# SSL version to use (valid only if SSL enabled), valid values are TLSv1, # SSLv23 and SSLv3. SSLv2 may be avialable on some distributions. #kombu_ssl_version =

# SSL key file (valid only if SSL enabled) kombu_ssl_keyfile = /etc/powervc/powervcmq_ssl/key.pem

# SSL cert file (valid only if SSL enabled) kombu_ssl_certfile = /etc/powervc/powervcmq_ssl/cert.pem

# SSL certificaiton authority file (valid only if SSL enabled) kombu_ssl_ca_certs = /etc/powervc/powervcmq_ssl/cacert.pem

# The RabbitMQ login method rabbit_login_method = AMQPLAIN # The RabbitMQ broker address where a single node is used rabbit_host = 9.123.105.162

# The RabbitMQ broker port where a single node is used rabbit_port = 5671

# Connect over SSL for RabbitMQ rabbit_use_ssl = true

# The RabbitMQ user id	rabbit_userid = pvcdriver_mq_9_5_124_47

# The RabbitMQ password rabbit_password = W0lCTTp2MV0wcHBxcDYxcDk4MjY4bjZzNnA1NjFzbzkwbzJwcjE5OA==

Configure /etc/powervc/powervc.conf
Configure file powervc.conf is the key for PowerVC driver, we need to configure the restAPI credential to controller and PowerVC Server. [openstack] # Authentication url to authenticate with keystone (string value) auth_url = http://192.168.200.2:5000/v2.0
 * We need to edit following properties:

admin_tenant_name = Powervc admin_user = powervc admin_password =passw0rd http_insecure=true

[powervc] auth_url = https://192.168.1.55/powervc/openstack/identity/v3 admin_user =root admin_password =passw0rd

staging_project_name = Powervc

[DEFAULT] # Log info messages verbose = true
 * Total CONF File Sample

[database] # Maximum number of SQL connections to keep open in a pool max_pool_size = 10

# If set, use this value for max_overflow with sqlalchemy max_overflow = 20

[openstack] # Authentication url to authenticate with keystone (string value) auth_url = http://9.5.124.sample:5000/v2.0

# v2.0 or v3	keystone_version = v2.0

# Tenant name for connecting to keystone in admin context (string value) admin_tenant_name = Powervc

# Username for connecting to keystone in admin context (string value) admin_user = powervc # Password for connecting to keystone in admin context (string value) admin_password = passw0rd

# For local SSL connections, specify the path and filename of the cacert file #connection_cacert = http_insecure = true

# Region name for the local Openstack. Must be set to correct name when local # Openstack is configured for working in multiple regions environment. region_name = PowerVCDriverTest

# RTC 212148 - Power state periodic sync interval in seconds. sync_power_state_interval = -1

[powervc]

# Full class name for the manager for PowerVC Manager Service (string value) powervc_manager = powervc.nova.driver.compute.manager.PowerVCCloudManager

# Full class name for the driver for PowerVC Driver Service (string value) powervc_driver = powervc.nova.driver.virt.powervc.driver.PowerVCDriver

#	# Connection information for PowerVC. #

# Authentication url of the PowerVC to connect to	# INPUT REQUIRED # Provide 'host' portion by updating it to the hostname of the PowerVC system auth_url = https://9.123.105.sample/powervc/openstack/identity/v3

# v2.0 or v3	keystone_version = v3

# Username for PowerVC connection (string value) admin_user = root

# Password for PowerVC connection (string value) admin_password = W0lCTTp2MV1DbmZmajBlcQ== # Tenant name for PowerVC connection (string value) admin_tenant_name = ibm-default

# For PowerVC SSL connections, specify the path and filename of the cacert file # INPUT REQUIRED # Provide the cacert file by copying it from its install location on the # PowerVC host (e.g. /etc/pki/tls/certs/powervc.crt) to the local hosting # Openstack system. #connection_cacert =

# Value of insecure option for PowerVC connections (Default=True) # INPUT REQUIRED # Change to False when using a secure connection and providing a cacert file. http_insecure = true

# Value of authorization token expiration stale duration (Default=3600) # INPUT REQUIRED # Due to PowerVC requirement, all the REST API customers need to pre-refresh # authorization token at least 1 hour before expiration expiration_stale_duration = 3600

# The names of the storage connectivity groups supported by our driver # INPUT REQUIRED # Provide the PowerVC storage connectivity group (SCG) names by getting the name # from the PowerVC system, or using the PowerVC default SCG of 'Any host, all VIOS'. # If there are more than one SCG you want to specify, just add more SCG values with # more storage_connectivity_group # Note: The value of this property must exactly match the value as specified on the # PowerVC server, including case, punctuation, and spaces. storage_connectivity_group = Any host, all VIOS

#	# Sync variables #

# The name of the staging project (string value) # If not set defaults to 'Public'. If set the named project should exist and # be accessible by the staging_user. staging_project_name = Powervc

# The name of the staging user (string value) # If not set defaults to 'admin'. If set the user should exist and # have access to the project identified by staging_project_name. staging_user = admin

# The prefix that will be added to the flavor name from PowerVC # and stored (string value). This should be unique for every # connection to help distinguish the flavors flavor_prefix = PVC-

# This is a list of PowerVC flavor names that should be synced. # If no flavor name is specified, then all flavors are synced. flavor_white_list =

# This is a list of PowerVC flavor names that should not be synced. flavor_black_list =

# The periodic flavor sync interval in seconds. flavor_sync_interval = 300

# Instance periodic sync interval specified in seconds instance_sync_interval = 20

# How many instance sync intervals between full instance syncs. Only instances # known to be out of sync are synced on the interval except after this many # intervals when all instances are synced. full_instance_sync_frequency = 30

# Image periodic sync interval specified in seconds. This is the time from the end # of one successful image periodic sync operation to the start of the next. image_periodic_sync_interval_in_seconds = 300

# The time in seconds between image sync retry attempts if an error was # encountered during an image sync operation image_sync_retry_interval_time_in_seconds = 60

# The maximum number of images to return. The default is 500 images. If your PowerVC # has more than 500 images, this limit should be increased to include all images. image_limit = 500

# Volume periodic sync interval specified in seconds volume_sync_interval = 20

# How many volume sync intervals between full volume syncs. # Only volumes known to be out of sync are synced on the interval # except after this many intervals when all volumes are synced. full_volume_sync_frequency = 30

# Volume type periodic sync interval specified in seconds volume_type_sync_interval = 20

# How many volume type sync intervals between full volume type syncs. # Only volumes known to be out of sync are synced on the interval # except after this many intervals when all volumes are synced. full_volume_type_sync_frequency = 30

# Ignore delete errors so an exception is not thrown during a	# delete. When set to true, this allows the volume to be deleted # on the hosting OS even if an exception occurs. When set to false, # exceptions during delete prevent the volume from being deleted # on the hosting OS. volume_driver_ignore_delete_error = False

# The times to check whether attaching/detaching the volume succeed volume_max_try_times = 12

# Minimum delay interval and initial delay seconds for long run tasks. longrun_loop_interval = 7 longrun_initial_delay = 10

Configure /etc/powervc/amqp-openstack-neutron.conf
This conf file configures the amqp connection between powervc driver neutron service and controller by rabbitmq. rabbit_host= rabbit_port= rabbit_use_ssl= rabbit_userid= rabbit_password=
 * Refer to /etc/nova/nova.conf and you need to configure following values:

[DEFAULT] rpc_backend = rabbit
 * Total CONF File Sample

# The default exchange under which topics are scoped. May be overridden by an	# exchange name specified in the tranport_url option control_exchange = nova

#	# AMQP options #

# User durable queues in amqp amqp_durable_queues = true

# Auto-delete queues in amqp amqp_auto_delete = false

# Size of RPC connection pool rpc_conn_pool_size = 60

# Seconds to wait for a response from a call rpc_response_timeout = 60

#	# Eventlet options #

# Size of RPC greenthread pool rpc_thread_pool_size = 2048

#	# RabbitMQ driver configuration #

# The RabbitMQ broker address where a single node is used rabbit_host = 9.5.124.sample

# The RabbitMQ broker port where a single node is used rabbit_port = 5671

# Connect over SSL for RabbitMQ rabbit_use_ssl = true

# SSL certification authority file (valid only if SSL enabled) kombu_ssl_ca_certs=/etc/pki/tls/icm/rabbitmq/cacerts.pem

# The RabbitMQ user id	rabbit_userid = rabbitclient

# The RabbitMQ password rabbit_password = W0lCTTp2MV1ldVE5MERvUGlKRGNHMnNu

# The RabbitMQ virtual host rabbit_virtual_host = /

Configure /etc/powervc/amqp-openstack-neutron.conf
This conf file configures the how powervc driver neutron service connect to controller nuetron services. connection = mysql://root:openstack1@localhost/powervc?charset=utf8
 * Refer to /etc/neutron/neutron.conf and you need to configure following values:

[DEFAULT] debug = False verbose = True
 * Total CONF File Sample

[AGENT] # Agent's polling interval in seconds polling_interval = 60

# (ListOpt) Comma-separated list of PowerVC network names to be mapped to # local OS as networks. If the network does not exist in the local OS, it # will be automatically created. PowerVC networks listed here do not have # to exist prior to starting up the powervc_neutron_agent. Wildcard # characters ('*') can be specified. By default, all PowerVC networks will # be available in the local OS. # map_powervc_networks = *

[DATABASE] # Database where agent will store mapping data connection = mysql://root:openstack1@localhost/powervc?charset=utf8

Configure /etc/neutron/plugins/ml2/ml2_conf.ini
We need to configure /etc/neutron/plugins/ml2/ml2_conf.ini in controller node to enable vlan ml2: [ml2] type_drivers = vlan tenant_network_types=vlan
 * vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2_type_vlan] network_vlan_ranges = vlan:1:4094,default:1:4094

# This file autogenerated by Chef # Do not edit, changes will be overwritten
 * Total CONF File Sample

[ml2] # (ListOpt) List of network type driver entrypoints to be loaded from # the neutron.ml2.type_drivers namespace. #	# type_drivers = local,flat,vlan,gre,vxlan # Example: type_drivers = flat,vlan,gre,vxlan type_drivers = local,flat,vlan,gre,vxlan

# (ListOpt) Ordered list of network_types to allocate as tenant # networks. The default value 'local' is useful for single-box testing # but provides no connectivity between hosts. #	# tenant_network_types = local # Example: tenant_network_types = vlan,gre,vxlan tenant_network_types = vlan

# (ListOpt) Ordered list of networking mechanism driver entrypoints # to be loaded from the neutron.ml2.mechanism_drivers namespace. # mechanism_drivers = # Example: mechanism_drivers = openvswitch,mlnx # Example: mechanism_drivers = arista # Example: mechanism_drivers = cisco,logger # Example: mechanism_drivers = openvswitch,brocade # Example: mechanism_drivers = linuxbridge,brocade mechanism_drivers = openvswitch

[ml2_type_flat] # (ListOpt) List of physical_network names with which flat networks # can be created. Use * to allow flat networks with arbitrary # physical_network names. #	# flat_networks = # Example:flat_networks = physnet1,physnet2 # Example:flat_networks = * flat_networks = default

[ml2_type_vlan] # (ListOpt) List of [::] tuples # specifying physical_network names usable for VLAN provider and # tenant networks, as well as ranges of VLAN tags on each # physical_network available for allocation as tenant networks. #	# network_vlan_ranges = # Example: network_vlan_ranges = physnet1:1000:2999,physnet2 network_vlan_ranges = default:1:4094

[ml2_type_gre] # (ListOpt) Comma-separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation tunnel_id_ranges = 1:1000

[ml2_type_vxlan] # (ListOpt) Comma-separated list of : tuples enumerating # ranges of VXLAN VNI IDs that are available for tenant network allocation. vni_ranges = 1001:2000

# (StrOpt) Multicast group for the VXLAN interface. When configured, will # enable sending all broadcast traffic to this multicast group. When left # unconfigured, will disable multicast VXLAN mode. #	# vxlan_group = # Example: vxlan_group = 239.1.1.1 vxlan_group =

[securitygroup] # Controls if neutron security group is enabled or not. # It should be false when you use nova security group. enable_security_group = True

# Use ipset to speed-up the iptables security groups. Enabling ipset support # requires that ipset is installed on L2 agent node. enable_ipset = True

Launch PowerVC Driver services
glance-powervc/bin/glance-powervc --config-file /etc/powervc/powervc.conf --logfile /var/log/powervc/glance-powervc.log neutron-powervc/bin/neutron-powervc-agent --config-file /etc/powervc/powervc-neutron.conf --config-file /etc/powervc/powervc.conf --logfile /var/log/powervc/neutron-powervc.log cinder-powervc/bin/cinder-powervc --config-file /etc/powervc/powervc.conf --config-file /etc/cinder/cinder.conf --logfile /var/log/powervc/cinder-powervc.log service openstack-cinder-volume restart nova-powervc/bin/nova-powervc --config-file /etc/powervc/powervc.conf --config-file /etc/nova/nova.conf --logfile /var/log/powervc/nova-powervc.log
 * Glance PowerVC sync service
 * Neutron PowerVC Driver Agent
 * Cinder PowerVC Driver
 * Nova PowerVC Driver

To move each running service to the background, ctrl-z and bg .

Limitations


Known Bugs
