- About This Guide
- Elastic Services Controller Overview
-
- Prerequisites
- Installing Cisco Elastic Services Controller on OpenStack
- Installing High Availability Active/Standby
- Cisco Elastic Services Controller Active/Active High Availability Overview
- Installing Active/Active High Availability Cluster
- Managing Cluster in ESC Active/Active High Availability
- Configuring GEO in Active/Active High Availability
- DRBD Encryption for ESC Active/Standby and Active/Active HA Data Replication
- Upgrading ESC Active/Active High Availability
- Cisco Elastic Services Controller Installer Arguments
- List of Variables Used in CSP 2100 Sample Files
Cisco Elastic Services Controller Installer Arguments
You need to specify the following bootvm.py script arguments to boot ESC instances.
Arguments |
Description |
||
---|---|---|---|
esc_hostname |
Specifies the host name of the ESC VM instance. |
||
--image |
Specifies the image id used in the OpenStack glance to boot up the ESC instance. |
||
--boot_volume |
Specify the volume name or id of the external bootable volume from where you want to launch ESC instance. |
||
--ignore-ssl-errors |
It sets the "ignoreSslErrors" to "yes". It helps in deploying to a development or test environment when you don't have a root trusted certificate installed. |
||
--managers |
|
||
--net |
Specifies the Network IDs or names in OpenStack that ESC connects to. |
||
--ipaddr |
|
||
--gateway_ip |
(Optional) Specifies the default gateway IP address of ESC. |
||
--os_auth_url |
(Optional) Specifies the OpenStack keystone url used by os_auth_url for authentication. |
||
--os_username |
(Optional) Specifies the OpenStack keystone username used by os_username for authentication. |
||
--os_password |
(Optional) Specifies the OpenStack keystone password used by os_password for authentication. |
||
--os_tenant_name |
(Optional) Specifies the OpenStack tenant name used by os_tenant_name for ESC deployment. |
||
--bs_os_auth_url |
(Optional) Specifies the OpenStack keystone url used by bs_os_auth_url for authentication. |
||
--bs_os_username |
(Optional) Specifies the OpenStack keystone username used by bs_os_username for authentication. |
||
--bs_os_password |
(Optional) Specifies the OpenStack keystone password used by bs_os_password for authentication. |
||
--bs_os_tenant_name |
(Optional) Specifies the OpenStack tenant name used by bs_os_tenant_name for ESC deployment. |
||
--flavor |
(Optional) Specifies the OpenStack flavor id to boot the ESC VM. |
||
--security_rules_file |
(Optional) Specifies the file to define security rules (IP, Port security) for ESC VM. |
||
--etc_hosts_file |
(Optional) Specifies the file for adding more entries to the ESC vm's hosts file (/etc/hosts). |
||
--avail_zone |
(Optional) Specifies the OpenStack zone used for ESC deployment. |
||
--esc_params_file |
(Optional) Specifies the default parameter file for ESC deployment. |
||
--etsi_params_file |
(Optional) Specifies the ETSI properties file for ESC deployment. |
||
--db_volume_id |
(Optional) Specifies the cinder volume id to mount for database storage in ESC HA Active/Standby [ESC-HA Active/Standby]. |
||
-- ha_node_list |
|
||
--kad_vip |
(Optional) Specifies the IP address for Keepalived VIP (virtual IP) plus the interface of Keepalived VIP [ESC-HA Active/Standby]. An example format for specifying the interface of VIP is --kad_vip 192.0.2.1:eth2 or --kad_vip [2001:cc0:2020::fc]:eth2 |
||
--kad_vif |
(Optional) Specifies the interface for Keepalived virtual IP and keepalived VRRP [ESC-HA Active/Standby]. You can also use this argument to only specify the interface for Keepalived VRRP, if the VIP interface is already specified using the kad_vip argument. |
||
--kad_vri |
Specified the virtual router id of vrrp instance. Accepted values for kad_vri are 0 to 254. ESC VMs in the same HA Active/Standby should use the same kad_vri number. If kad_vip is not used for L3 HA Active/Standby, the kad_vir has to be used, otherwise, you can skip kad_vri argument. |
||
--route |
Specifies the routing configuration for ESC VM. |
||
--ntp_server |
(Optional) Specifies the NTP server address. |
||
--rsyslog_server |
(Optional) Specifies the IP address of rsyslog server that ESC sends the log to |
||
--rsyslog_server_port |
(Optional) Specifies the port of rsyslog server that ESC sends the log to. |
||
--rsyslog_server_protocol |
(Optional) Specifies the protocol to be used by the ESC to forward logs to the server. |
||
--secure |
|
||
--host_mapping_file |
(Optional) Specifies the host mapping file for VNF deployment. |
||
--version |
(Optional) Prints the version of bootvm.py and exits. |
||
--rng_virtio |
Enables installing and deploying the ESC VM on Libvirt/KVM with the RNG Virtio device. The default values are: device=/dev/random rate_period=1000 rate_bytes=1024 |
||
--user_pass |
This along with --user_confd_pass are mandatory arguments from 3.0 onwards.
Following is an example of --user_pass for admin account and stronger clear text passwords. Use single quotes to avoid conflict with shell reserved characters: -user_pass admin:'Strong4Security!'. Another example to install ESC using a password hash for both admin accounts. Use single quotes to avoid conflict with shell reserved characters: --user_pass admin:'$algorithm$salt$hash-of-salt-password'. ESC 2.1 and later, accepts the public key for this attribute. For example, the following will generate 'admin321' as the password for user 'admin' and use /tmp/abc.pub as the key file to inject the public key for it:
|
||
--user_confd_pass |
Following is an example of --user_confd_ pass for admin account and stronger clear text passwords. Use single quotes to avoid conflict with shell reserved characters: --user_confd_ pass:'Strong4Security!'. Another example, to install ESC using a password hash for both admin accounts. Use single quotes to avoid conflict with shell reserved characters: --user_confd_ pass:'$algorithm$salt$hash-of-salt-password'. ESC 2.1 and later, accepts the public key for this attribute. For example, the following will generate 'admin321' as the password for user 'admin' and use /tmp/abc.pub as the key file to inject the public key for it: --user_confd_ pass:admin321:/tmp/abc.pub |
||
--esc_portal_startup |
(Optional) Starts the ESC portal. |
||
--log |
(Optional) Specifies the log file. By default, logs to stdout. |
||
--esc_monitor_check_ips |
(Optional) Specifies the IP addresses that must be monitored by esc_monitor (for HA Active/Standby failover). |
||
--enable-https-rest |
(Optional) Enables a secure REST Interface for the created ESC VM. |
||
--enable-http-rest |
(Optional) Enables an unsecured REST Interface for the created ESC VM. |
||
--disable-rest-auth |
(Optional) Disables REST API authentication.
|
||
--enable-snmp-agent |
(Optional) Enables automatic start-up of the SNMP service. The default value is False. |
||
--ha_mode |
Specifies the ESC HA Active/Standby mode for HA Active/Standby installation. Specify one of the following available options for HA Active/Standby: no_ha: No HA, cinder: Shared Cinder Volume, drbd: Built-in DRBD, drbd_on_cinder: DRBD over Cinder Volume |
||
--enable-https-etsi |
(Optional) Enables a secure ETSI REST Interface for the created ESC VM. |
||
--enable-http-etsi |
(Optional) Enables an unsecured ETSI REST Interface for the created ESC VM. Enabling this interface is not recommended in a production environment. | ||
--encrypt_key |
Specifies the key for encryption. |
||
--proxy |
Uses the proxy on a given port. |
||
--noproxy |
Lists the hosts which do not use proxy. |
||
--kad_unicast_src_ip |
Specifies the source IP address of unicast. Should be the IP address of interface that ESC VM uses for unicast (L3) VRRP communication. Example: --kad_unicast_src_ip 10.0.0.1 |
||
--kad_unicast_peer |
Specified the peer IP addresses of unicast. Should be the ip address of interface that ESC peer VM uses for unicast (L3) VRRP communication. Example: --kad_unicast_peer 10.0.0.1 |
||
--placement_hint |
Use this argument to specify the placement of ESC HA Active/Standby virtual machines using the server group, samehost, differenthost filters.
|
||
--format {json} |
Use this argument to capture the success and failure message in the output. Example: $ ./bootvm.py --image ESC-2_3_0_8 --net network --format json --test-0 { "status" : "Success" , "vm_uuid" : "UUID" } |
||
--user_rest_pass |
Adds a user to access the Rest API. Format is username: password. This option can be repeated. |
||
--user_portal_pass |
Add a portal user. Format username: password. This option can be repeated. |
||
--user_etsi_pass |
Adds a user to access the ETSI REST API. Format username:password. Only a single user can be supplied. |
||
--etsi_oauth2_pass |
Add an OAuth2 client for access to the ETSI REST API. Format clientId:clientSecret. This option can be repeated. |
||
--no_vim_credentials |
After the deployment is complete, the user can set these VIM credential through ESC's VIM/VIM User APIs (REST/Netconf). For more information on configuring through REST APIs and Netconf, see Configuring VIM credentials after installing ESC in the Post Installation Tasks chapter. |
Cisco Elastic Services Controller Installer File Reference
File |
Description |
security_rules_file |
The file contains the following:
|
etc_hosts_file |
The file contains one or more entries that you want to include in the /etc/hosts file. |
esc_params_file |
The file contains information to configure various parameters of ESC. For details on parameters that can be configured in the esc_params_file are described in table below. |
host_mapping_file |
The file contains information to map a network based on the hosts. |
ESC Configuration Parameters
Using this file, you can configure various ESC parameters during the installation. The parameters that can be configured are shown in the table.
openstack.endpoint=adminURL
affinity.filter=ServerGroupAffinity
esc_param.conf |
Type |
Default Value |
Description |
---|---|---|---|
default.vm_recovery_retries_max
|
Int |
3
|
Number of recovery attempts allowed per VM. |
openstack.endpoint
|
String |
publicURL
|
The parameter to set up the keystone endpoint value of ESC. Options: adminURL, publicURL You can change the default value using CLI or REST services.
|
log.level
|
String |
INFO
|
Level of logging. Options: INFO, Trace, DEBUG |
affinity.filter
|
String |
SameHostFilter
|
A constant string used to build PolicyEngine and initializing VM policy table. Options: SameHostFilter, ServerGroupAffinity |
anti_affinity.filter
|
String |
DifferentHostFilter
|
A constant string used to build PolicyEngine and initializing VM policy table. Options: DifferentHostFilter |
![]() Note |
|
ServerGroupAntiAffinityFilter for Openstack
ESC adapts to use ServerGroupAntiAffinityFilter for Openstack.
REST
PUT
http://localhost:8080/ESCManager/v0/config/anti_affinity/filter/ServerGroupAntiAffinity
PUT
http://localhost:8080/ESCManager/v0/config/affinity/filter/ServerGroupAffinity
CLI
sudo escadm escmanager config set --key ANTI_AFFINITY.FILTER --value ServerGroupAntiAffinity
sudo escadm escmanager config set --key AFFINITY.FILTER --value ServerGroupAffinity
Important Points
ServerGroupAntiAffinityFilter from Openstack doesn't support inter-dep anti-affinit, scaling, and mix use of ServerGroup and default (SameHost/DifferentHost) filter. If you are using ServerGroupAntiAffinity filter, Intra vm group placement is not allowed. You can only use <placement_group> for the VM based placement policy, one VM per vm_group. You can not add a single vm group in two different placement_groups.
ESC Services, Ports, and Security Group Overview
Service |
Visibility |
Optional? |
Interface |
Protocol |
Port |
|
---|---|---|---|---|---|---|
1 |
sshd |
External (Orchestration) |
No |
0.0.0.0 |
TCP |
22 |
2 |
ESC Web UI/Portal (HTTPS) |
External (Orchestration) |
Yes (REST and/or Netconf can be used instead) |
0.0.0.0 |
TCP |
443 (Previously 9001) |
3 |
ESC Netconf API |
External (Orchestration) |
Yes (REST and/or Portal can be used instead) |
0.0.0.0 |
TCP |
830 |
4 |
ESC SNMP |
External (Orchestration) |
Yes (only configurable through custom user-data/esc-config.yaml) |
0.0.0.0 |
TCP |
2001 |
5 |
ESC DRBD (HA Active/Standby Replication) |
External (Orchestration) |
No. Required for HA Active/Standby setup. |
0.0.0.0 |
TCP |
7789 |
6 |
ESC ConfD CLI |
External |
Yes Configurable by modifying and reloading esc_production_confd.conf |
0.0.0.0 |
SSH |
2024 |
7 |
ESC REST API (HTTPS) |
External (Orchestration) |
Yes (Portal and/or Netconf can be used instead) |
0.0.0.0 |
TCP |
8443 |
8 |
ESC Keepalived |
External (Orchestration) |
No. Required for HA Active/Standby setup. |
0.0.0.0 |
Multicast VRRP |
N/A |
9 |
ETSI-VNFM (HTTP) |
External |
Yes (configurable through etsi-production.properties) |
0.0.0.0 |
TCP |
8250 |
10 |
ETSI-VNFM (HTTPS) |
External |
Yes (configurable through etsi-production.properties) |
0.0.0.0 |
TCP |
8251 |
11 |
ETSI-VNFM (Prometheus) |
External |
Yes (configurable through etsi-production.properties) |
0.0.0.0 |
TCP |
8252 |
12 |
ETSI-VNFM (Additional HTTPS Port for artifacts download) |
External |
Yes (configurable through etsi-production.properties) |
0.0.0.0 |
TCP |
8253 |
13 |
ESC Health API |
External (Orchestration) |
No |
0.0.0.0 |
TCP |
For ESC 5.2 and later, 8060 For ESC 5.1 and earlier, 60000 |
14 |
ETSI Health API |
Internal |
Local only |
|||
15 |
D-MONA REST API |
External |
No |
0.0.0.0 |
TCP |
8443 |
16 |
Consul Service 1 |
External |
No |
0.0.0.0 |
TCP |
8300, 8301, 8302 |
17 |
Consul Service 2 |
No |
0.0.0.0 |
TCP and UDP |
8301 8302 8600 |
|
18 |
ConfD |
External 3 |
No for A/A set |
Limited to ESC node IPs 4 |
TCP |
4565 |
19 |
PostgreSQL |
External 5 |
No for A/A set |
Limited to ESC node IPs6 |
TCP |
7878 |
20 |
ESCManager RMI Registry7 |
External |
No for A/A set |
Limited to ESC node IPs |
TCP |
8679 |
21 |
ESCManager RMI Service8 |
External |
No for A/A set |
Limited to ESC node IPs |
TCP |
8680 |
22 |
ESCManager Prometheus Metrics |
External9 |
Yes. (application.properties) |
0.0.0.0 |
TCP |
8088 |
23 |
MONA Prometheus |
External10 |
Yes. (application.properties) |
0.0.0.0 |
TCP |
8092 |
24 |
VIMManager Prometheus Metrics |
External11 |
Yes. (application.properties) |
0.0.0.0 |
TCP |
8097 |
25 |
DHCP |
External DHCP is limited to resolving IP addresses for ESC interfaces. |
No |
0.0.0.0 |
UDP |
66,67 |