SW Installation in Single Server Deployment
Cloud Execution Environment

Contents

1Introduction
1.1Prerequisites
1.2Time Required

2
Pre-Installation Steps

3
Temporary pre-Installation Steps
3.1Audit Log Contains Several Unfiltered CM-HA Related Events

4
Install CEE Software in Server System

5
Temporary Installation Steps

6
Post-Installation Steps

7
Temporary post-Installation Steps

8
Post-Installation Activities

9
Error Handling
Appendix

10
Flavor Metadata

11
CA and NBI Certificates for Secure HTTPS Access

Reference List

1   Introduction

This document is part of the installation flow for the Cloud Execution Environment (CEE) single server deployment and describes how to install CEE software in a CEE region. Complete this procedure when directed here from CEE Installation:

  1. Start the procedure in CEE Installation.
  2. Continue with this document when directed here from CEE Installation.
  3. Return to CEE Installation and carry out the remaining steps.

For the complete installation flow, refer to section Installation Flow in CEE Installation.

This instruction assumes that a kickstart server is used. For the installation and testing of the kickstart server, refer to Preparation of Kickstart Server.

1.1   Prerequisites

This section describes the prerequisites that must be fulfilled before CEE software can be installed.

1.1.1   Documents

Activities in the following documents must be performed before the steps in this instruction are performed:

1.1.2   Hardware and Software Required

Before starting this procedure, make sure that the following software and hardware is available:

The recommended installation method described in this document is using a kickstart server with Linux OS. For more information, refer to Preparation of Kickstart Server.

1.1.3   Tools

The following hardware tools are required:

1.1.4   Installation Data

The following data is needed:

Table 1    Installation Data

Data Type

Description

Passwords

Initial vFuel server root user password is r00tme (used for installation only)

Certificates

Certificates for the vCIC and Atlas Northbound Interfaces (NBIs), see Section 11


Obtain certificates for the NBIs from an authorized Certification Authority (CA) before starting the installation process, because after installation it is not possible to replace certificates with ones issued on a different domain name.

yaml files

Site-specific config.yaml in /mnt/cee_config, refer to Preparation of Kickstart Server and Configuration File Guide

Host networking configuration file (CEE_RELEASE/host_net_templates/host_nw_dell-single_server.yaml)

Neutron configuration file (CEE_RELEASE/neutron/neutron_ericsson_user_spec.yaml)

IP addresses

The local version of IP and VLAN Plan updated with customer and site-specific values

IP address for the kickstart server

IP addresses for vFuel in networks fuel_ctrl_sp and subrack_ctrl_sp, refer to the site-specific IP and VLAN Plan

1.2   Time Required

The expected execution time for the installation procedure is around three hours, in case all prerequisites are available.

2   Pre-Installation Steps

There are no pre-installation procedures in the current release for single server deployment.

3   Temporary pre-Installation Steps

This section describes temporary pre-installation workarounds that are needed for this release. Carry out these workarounds before starting the installation.

3.1   Audit Log Contains Several Unfiltered CM-HA Related Events

Note:  
This prerequisite is applicable for HPE, Dell, BSP, single server, and HDS hardware platforms.

Excessive audit logging is triggered when CM-HA logs to the infrastructure nodes, because all program executions during shell initialization are logged, not only the session start / end events. The information in these logs is not useful, and therefore not intended for the audit trail.

Associated trouble report: HW74686.

Workaround: Do the following:

Before CEE deployment, adjust the audit configuration template /var/www/nailgun/plugins/ericsson_logging-1.0/deployment_scripts/puppet/modules/ericsson_audit_logging/templates/auditd/audit.rules.erb on vFuel:

  1. Insert the below lines before the line that begins with # Monitoring for all :

    -a exit,never -F auid=1100 -F arch=b64 -S execve

    -a exit,never -F auid=1100 -F arch=b32 -S execve

This will exclude auditing program executions for the CM-HA user having UID of 1100 on all CEE systems.

4   Install CEE Software in Server System

This section describes how to install CEE in the server system.

  1. Log on to the kickstart server.
  2. Check that vFuel is running in the kickstart server:

    virsh list --all

    Examples:

       
    root@fuelhost:~# virsh list --all

     Id    Name                           State

    ----------------------------------------------------

     2     fuel_master                     running

    root@fuelhost:~# virsh list --all

     Id    Name                           State

    ----------------------------------------------------

     -     fuel_master               shut off

    In case vFuel is in shut off state, start vFuel and wait until booting is complete:

    virsh start fuel_master

  3. Log on to vFuel using SSH:

    ssh root@<vfuel-ip-address-in-network-fuel_ctrl_sp>

  4. Verify that the correct time zone, time and date have been set by using the below command:

    date

  5. Change the working directory to /opt/ecs-fuel-utils with following command:

    cd /opt/ecs-fuel-utils

  6. Set up a screen session to ensure that the installation process is not interrupted:

    # screen -S installcee -L

    If the connection to vFuel is lost, log on to vFuel again and reattach the screen session with the below command:

    # screen -r installcee

    Note:  
    The nohup option can cause installation failure and must not be used.

  7. Execute the following:

    ./installcee.sh

    The time required for command execution is approximately two hours.

    Check that the printout is the following:

    Ericsson CEE installed successfully

5   Temporary Installation Steps

There are no temporary installation procedures in the current release.

6   Post-Installation Steps

There are no post-installation procedures in the current release for single server deployment.

7   Temporary post-Installation Steps

There are no temporary post-installation procedures in the current release.

Depending on the CEE release and configuration, workarounds can apply to newly deployed CEE regions. Verify that all relevant workarounds in Limitations and Workarounds for Cloud Execution Environment (CEE), Reference [1] are considered and performed.

8   Post-Installation Activities

Execute the following steps after the installation:

  1. Verify the version of CEE by executing the command cat /etc/cee_version.txt on the Fuel master node.

    The output has the following format:

    RELEASE=CEE CXC1737883_4-<build_number>
NAME=Mitaka on Ubuntu 14.04
VERSION=R6-<r-state>-<specific_build_number>-9.0

    An example of the output is the following:

    [root@fuel ~]# cat /etc/cee_version.txt
RELEASE=CEE CXC1737883_4-4280
NAME=Mitaka on Ubuntu 14.04
VERSION=R6-R4A02-35547a3-9.0

[root@fuel ~]#

    Verify the CEE version by comparing build_number and r-state to the Product Revision Information for Cloud Execution Environment (CEE), Reference [4].

  2. After installation, there is an active NeLS Server Communication Problem alarm, because the NeLS server is not configured and not available.
    1. To configure the connection to the NeLS server, follow the instructions in the Runtime Configuration Guide.
    2. If the alarm is not cleared, follow the instructions in the NeLS Server Communication Problem alarm OPI.
  3. For disaster recovery purposes, after deployment, the installation media must be backed up outside the CEE region. For more information, refer to the document Disaster Recovery.
  4. Continue with the relevant sections of CEE Installation.

9   Error Handling

In case of any errors during the installation procedure, follow the below steps:

  1. Check the console for failure messages or reference to any logs that possibly contain failure messages. Refer to the Configuration File Guide for the location of logs.
  2. Fix possible problems.
  3. Copy the original network templates to the /mnt/cee_config directory.
    Note:  
    If this step is missed, VLANs and interfaces from the previous run will be used, which causes the newer configuration options to be skipped.

    On the vFuel node issue the following command:

    cp CEE_RELEASE/host_net_templates/host_nw_*.yaml /mnt/cee_config/

  4. Rerun installcee.sh and collect logs:

    ./installcee.sh 2>&1 | tee <file_name>.log

    Note:  
    The installcee script does not automatically delete an existing CEE Region (Fuel environment), so installation attempts with an existing Fuel environment will fail. In this case reinstall CEE with the below command:

    ./installcee.sh --force


  5. The following scenarios are possible:
    • The cause of failure is identified, fixed, or the install succeeds.

      In this case, exit this procedure.

    • Or the cause of failure is not identified, fixed, or the install still fails for presumably the same reason.

      In this case, proceed to Step 6.

  6. Perform data collection according to the Data Collection Guideline.
  7. Contact the next level of support.

Appendix

10   Flavor Metadata

In single server deployment of CEE, VNF instantiation requires special flavor metadata settings. For more information on single server flavor settings (flavor metadata extra specs), refer to section Limitations for Single Server Deployment in OpenStack Compute API in CEE.

11   CA and NBI Certificates for Secure HTTPS Access

Certification Authority (CA) and Northbound Interface (NBI) certificates are required for secure HTTPS access to CEE.

Make sure to perform the following tasks before starting the installation process:

  1. Choose a unique hostname for the vCIC NBI.
  2. Choose a unique hostname for the Atlas NBI.
  3. Obtain certificates for the NBIs from an authorized Certification Authority (CA).
    Note:  
    It is not possible to replace the certificates with ones issued on a different domain name after installation.

    The following certificate files are needed:

    • CA certificate (or chain of certificates) of the organization issuing the Atlas NBI
    • CA certificate (or chain of certificates) of the organization issuing the vCIC NBI
    • Atlas NBI certificate
    • vCIC NBI certificate
    Note:  
    Atlas and vCIC certificates can be issued by the same CA, or by two separate CAs.

    The Common Name (CN) and at least one DNS entry in the Subject Alternate Name (SAN) attribute must contain the publicly known hostname chosen for the NBI, so that the certificate refers to this publicly known hostname. The private key belonging to the certificate cannot be encrypted.

  4. Concatenate the vCIC NBI certificate and private key into a single PEM format under /mnt/cee_config on vFuel. Perform the same for the Atlas NBI.

    ASCII format is preferred for the individual certificates.

    Note:  
    The pkcs12 binary format is commonly used. This output format contains multiple entities in a single binary file and uses encryption. Issue the below command to convert it to PEM format:

    openssl pkcs12 -in <input_file> -out <output_file> -nodes

    -nodes is needed to save the private key in unencrypted format.

    In case other binary formats need to be converted, refer to Reference [2] or Reference [3].


  5. Update the config.yaml file with the necessary information. Refer to the Configuration File Guide for updating the publicly known hostname and other relevant options in the config.yaml file.
  6. Update the DNS resolver to contain the hostname and IP address pairs for the NBI.

Reference List

[1] Limitations and Workarounds for Cloud Execution Environment (CEE) 6.6, 5/109 21-AZE 102 01/5-12
[2] SSL Support. https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
[3] Thawte Licensing. https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO26449
[4] Product Revision Information for Cloud Execution Environment (CEE) 6.6, 109 21-AZE 102 01/5-12 Uen
Legal | © Ericsson AB 2018