This YaST module enables you to configure all networks within the cloud, to set up additional repositories and to manage the Crowbar users. This module is automatically started when installing SUSE Cloud. To start it manually after the installation, either run yast crowbar or choose Miscellaneous > Crowbar in YaST.
3.9.1 User Settings
On this tab you can manage users for the Crowbar Web interface. The user crowbar
(password crowbar) is preconfigured. Use the Add, Edit and Delete buttons to man- age user accounts. Users configured here have no relations to existing system users on the Administration Server.
Figure 3.1: YaST Crowbar Setup: User Settings
3.9.2 Networks
Use the Networks tab to change the default network setup (described in Section 2.1, “Network” (page 7)). Change the IP address assignment for each network under Edit Ranges. You may also add a bridge (Add Bridge) or a VLAN (Use VLAN, VLAN ID) to a network. Only change the latter two settings if you really know what you require; sticking with the defaults is recommended.
Figure 3.2: YaST Crowbar Setup: Network Settings
IMPORTANT: VLAN Settings
As of SUSE Cloud 5, using a VLAN for the admin network is only support- ed on a native/untagged VLAN. If you need VLAN support for the admin net- work, it must be handled at switch level.
When deploying Compute Nodes with Microsoft Hyper-V or Windows Serv- er, you must not use openvswitch with gre, but rather openvswitch with VLAN (recommended) or linuxbridge as a plugin for Neutron.
When changing the network configuration with YaST or by editing /etc/ crowbar/network.json you can define VLAN settings for each network. For the networks nova-fixed and nova-floating, however, special rules apply:
nova-fixed: The USE VLAN setting will be ignored. However, VLANs will au- tomatically be used if deploying Neutron with VLAN support (using the plu- gins linuxbridge, openvswitch plus VLAN or cisco plus VLAN). In this case, you need to specify a correct VLAN ID for this network.
nova-floating: When using a VLAN for nova-floating (which is the de- fault), the USE VLAN and VLAN ID setttings for nova-floating and public need to be the same. When not using a VLAN for nova-floating, it needs to use a different physical network interface than the nova_fixed network.
WARNING: No Network Changes After Having Run the Cloud Installation Script
After you have run the cloud installation script, you cannot change the net- work setup anymore. If you did, you would need to completely set up the Ad- ministration Server again.
Other, more flexible network mode setups can be configured by manually editing the Crowbar network configuration files. See Appendix D, The Network Barclamp Template File (page 189) for more information. SUSE or a partner can assist you in creating a custom setup within the scope of a consulting services agreement (see
http://www.suse.com/consulting/ for more information on SUSE con-
sulting).
3.9.2.1 Separating the Admin and the BMC
Network
If you want to separate the admin and the BMC network, you must change the set- tings for the networks bmc and bmc_vlan. The bmc_vlan is used to generate a VLAN tagged interface on the Administration Server that can access the bmc network. The
bmc_vlan needs to be in the same ranges as bmc, and bmc needs to have VLAN en- abled.
Table 3.1: Separate BMC Network Example Configuration
bmc bmc_vlan Subnet 192.168.128.0 Netmask 255.255.255.0 Router 192.168.128.1 Broadcast 192.168.128.255 Host Range 192.168.128.10 - 192.168.128.100 192.168.128.101 - 192.168.128.101 VLAN yes
bmc bmc_vlan
VLAN ID 100
Bridge no
Figure 3.3: YaST Crowbar Setup: Network Settings for the BMC Network
3.9.3 Network Mode
On the Network Mode tab you can choose between single, dual, and team mode. When choosing team, you also need to set the Bonding Policy. See Section 2.1.2, “Network Modes” (page 14) for details on SUSE Cloud and network modes. In- depth information about the Bonding Policy (also known as bonding modes) is avail- able at https://www.kernel.org/doc/Documentation/network ing/bonding.txt in section 2, Bonding Driver Options, under mode.
3.9.3.1 Setting Up a Bastion Network
The Network Mode tab of the YaST Crowbar module also lets you set up a Bastion network. As outlined in Section 2.1, “Network” (page 7), one way to access the Ad- ministration Server from a defined external network is via a Bastion network and a second network card (as opposed to providing an external gateway).
To set up the Bastion network, you need to have a static IP address for the Adminis- tration Server from the external network. The example configuration used below as- sumes that the external network from which to access the admin network has the fol- lowing addresses. You need to adjust them according to your needs.
Table 3.2: Example Addresses for a Bastion Network
Subnet 10.10.1.0
Netmask 255.255.255.0
Broadcast 10.10.1.255
Gateway 10.10.1.1
Static Administration Server address 10.10.1.125
In addition to the values above, you need to enter the Physical Interface Mapping. With this value you specify the Ethernet card that is used for the bastion network. See Section D.4, “Network Conduits” (page 193) for details on the syntax. The default value ?1g2 matches the second interface (“eth1”) of the system.
IMPORTANT: Accessing Nodes From Outside the Bastion Network The example configuration from above allows to access SUSE Cloud nodes from within the bastion network. If you want to access nodes from outside the bastion network, you need to make the router for the bastion network the de- fault router for the Administration Server. This is achieved by setting the val- ue for the bastion network's Router preference entry to a lower value than the corresponding entry for the admin network. By default no router preference is set for the Administration Server—in this case, set the preference for the bas- tion network to 5.
If you use a Linux gateway between the outside and the bastion network, you also need to disable route verification (rp_filter) on the Administration Server. Do so by running the following command on the Administration Server:
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
That command disables route verification for the current session, so the setting will not “survive” a reboot. Make it permanent by editing /etc/ sysctl.conf and setting the value for net.ipv4.conf.all.rp_filter to 0. WARNING: No Network Changes After Having Run the Cloud Installation Script
After you have run the cloud installation script, you cannot change the net- work setup anymore. If you did, you would need to completely set up the Ad- ministration Server again.
3.9.4 Repositories
Enter URLs to remote repositories on the Repositories tab. This is only necessary if you want to use repositories from an external SMT or SUSE Manager server. Refer to Table A.1, “SMT Repositories for SUSE Cloud” (page 179) or Table 4.2, “SUSE Manager Channels and URLs” (page 64) for a list of URLs that need to be entered.
To change an existing URL for a repository, select an entry and enter the complete
Repository URL. Activating Ask On Error will ensure that you will be informed, in case a repository will not be available during node deployment (otherwise errors will
be silently ignored). See Section 2.5.2, “Product and Update Repositories” (page 28) for an explanation of the Repository Names.
Figure 3.5: YaST Crowbar Setup: Repository Settings
NOTE: Configuring Custom Repositories
This dialog also allows to add additional repositories. See Question: How to make custom software repositories from an external server (for exam- ple a remote SMT or SUSE Manager server) available for the nodes? (page 167) for instructions.