IF-MAP configuration changes
OC32 implements internal IF-MAP server to replace irond.
This patch adds support for such configuration.
Monitoring changes to telegraf, collectd, prometheus and heka
to disable check of running irond process when the IF-MAP
engine is set to internal.
Enable a possibility to set IF-MAP server for contrail-control
statically instead of using contrail discovery service.
PROD-18175
Change-Id: Ic30e8e8c0c276eecba15177201fa4b86e4665305
diff --git a/README.rst b/README.rst
index 5612133..b308fe2 100644
--- a/README.rst
+++ b/README.rst
@@ -1098,7 +1098,7 @@
vip: -1
Enforcing physical routers
-h
+
.. code-block:: yaml
opencontrail:
@@ -1257,6 +1257,39 @@
- 8.8.4.4
....
+Contrail IF-MAP server configuration
+------------------------------------
+
+Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
+by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
+``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
+same process as contrail-api and will generate security certificates in specified folder.
+
+.. code-block:: yaml
+
+ config:
+ ....
+ ifmap:
+ engine: internal
+ cert_dir: /etc/contrail/ssl/certs/ # default
+ basename_cert: ifmap.crt # default
+ basename_key: ifmap.key # default
+ ....
+
+To set static configuration of the IF-MAP server for contrail-control instead of using
+discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
+is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
+
+.. code-block:: yaml
+ control:
+ ....
+ ifmap
+ bind:
+ host: 127.0.0.1
+ port: 8443
+ ....
+
+
Usage
=====
diff --git a/opencontrail/config.sls b/opencontrail/config.sls
index ea996df..50e4901 100644
--- a/opencontrail/config.sls
+++ b/opencontrail/config.sls
@@ -61,6 +61,29 @@
- require:
- pkg: opencontrail_config_packages
+{% set ifmap = config.get('ifmap', {}) %}
+{% if ifmap.get('engine', 'irond') != 'irond' %}
+irond_stop_and_disable:
+ service.dead:
+ - name: ifmap-server
+ - enable: False
+ - watch_in:
+ - service: opencontrail_config_services
+
+{% if ifmap.get('engine', 'irond') == 'internal' %}
+internal_ifmap_ssl_dir:
+ file.directory:
+ - name: {{ ifmap.get('cert_dir', '/etc/contrail/ssl/certs/') }}
+ - makedirs: True
+ - dir_mode: 750
+ - require:
+ - pkg: opencontrail_config_packages
+ - watch_in:
+ - service: opencontrail_config_services
+{% endif %}
+
+{% endif %}
+
{%- if grains.get('init') != 'systemd' %}
/etc/contrail/supervisord_config_files/contrail-discovery.ini:
diff --git a/opencontrail/files/3.0/basicauthusers.properties b/opencontrail/files/3.0/basicauthusers.properties
index 33fb3ca..66cb6e6 100644
--- a/opencontrail/files/3.0/basicauthusers.properties
+++ b/opencontrail/files/3.0/basicauthusers.properties
@@ -40,7 +40,7 @@
#10.0.102.33:10.0.102.33
#10.0.102.33.dns:10.0.102.33.dns
{%- if config.ifmap is defined %}
-{%- for member in config.ifmap.members %}
+{%- for member in config.ifmap.get('members', []) %}
{{ member.user }}:{{ member.password }}
{{ member.user }}.dns:{{ member.password }}.dns
{%- endfor %}
diff --git a/opencontrail/files/3.0/contrail-api.conf b/opencontrail/files/3.0/contrail-api.conf
index 0e2e097..9664de1 100644
--- a/opencontrail/files/3.0/contrail-api.conf
+++ b/opencontrail/files/3.0/contrail-api.conf
@@ -1,9 +1,12 @@
{%- from "opencontrail/map.jinja" import config with context %}
+{%- set ifmap = config.get('ifmap', {}) -%}
[DEFAULTS]
ifmap_server_ip={{ config.bind.address }}
ifmap_server_port=8443
+{% if ifmap.get('engine', 'irond') != 'internal' -%}
ifmap_username=api-server
ifmap_password=api-server
+{% endif -%}
cassandra_server_list={% for member in config.database.members %}{{ member.host }}:9160 {% endfor %}
listen_ip_addr=0.0.0.0
listen_port={{ config.bind.get('api_port', '8082') }}
@@ -94,6 +97,14 @@
{%- endif %}
{%- endif %}
+{% if ifmap.get('engine', 'irond') == 'internal' %}
+[IFMAP_SERVER]
+ifmap_listen_ip={{ ifmap.get('bind', {}).get('host', '0.0.0.0') }}
+ifmap_listen_port={{ ifmap.get('bind', {}).get('port', 8443) }}
+ifmap_credentials=test:test test2:test2 test3:test3 api-server:api-server schema-transformer:schema-transformer svc-monitor:svc-monitor control-user:control-user-passwd control-node-0:control-node-0 control-node-1:control-node-1 control-node-2:control-node-2 control-node-3:control-node-3 control-node-4:control-node-4 control-node-5:control-node-5 control-node-6:control-node-6 control-node-7:control-node-7 control-node-8:control-node-8 control-node-9:control-node-9 control-node-10:control-node-10 control-node-1.dns:control-node-1.dns control-node-2.dns:control-node-2.dns control-node-3.dns:control-node-3.dns control-node-4.dns:control-node-4.dns control-node-5.dns:control-node-5.dns dhcp:dhcp visual:visual sensor:sensor mapclient:mapclient helper:mapclient reader:reader {% for member in ifmap.get('members', []) %}{{ member.user }}:{{ member.password }} {{ member.user }}.dns:{{ member.password }}.dns {% endfor %}
+ifmap_key_path={{ ifmap.get('cert_dir', '/etc/contrail/ssl/certs/') }}{{ ifmap.get('basename_key', 'ifmap.key') }}
+ifmap_cert_path={{ ifmap.get('cert_dir', '/etc/contrail/ssl/certs/') }}{{ ifmap.get('basename_crt', 'ifmap.crt') }}
+{%- endif %}
+
[KEYSTONE]
keystone_sync_on_demand={{ config.identity.get('sync_on_demand', 'true') }}
-
diff --git a/opencontrail/files/3.0/contrail-control.conf b/opencontrail/files/3.0/contrail-control.conf
index 58154c1..ef85dc4 100644
--- a/opencontrail/files/3.0/contrail-control.conf
+++ b/opencontrail/files/3.0/contrail-control.conf
@@ -43,4 +43,6 @@
# server_url= # Provided by discovery server, e.g. https://127.0.0.1:8443
{%- if grains.get('virtual_subtype', None) == "Docker" %}
server_url=https://{{ control.discovery.host }}:8443
+{%- elif control.get('ifmap', {}).get('bind') %}
+ server_url=https://{{ control.ifmap.bind.get('host', '127.0.0.1') }}:{{ control.ifmap.bind.get('port', 8443) }}
{%- endif %}
diff --git a/opencontrail/map.jinja b/opencontrail/map.jinja
index a54a124..89c7bc1 100644
--- a/opencontrail/map.jinja
+++ b/opencontrail/map.jinja
@@ -1,5 +1,6 @@
{%- set vendor = salt['pillar.get']('opencontrail:common:vendor', 'opencontrail') %}
{%- set version = salt['pillar.get']('opencontrail:common:version') %}
+{%- set ifmap = salt['pillar.get']('opencontrail:config:ifmap:engine', 'irond') %}
{%- load_yaml as base_defaults %}
{%- if vendor in ['opencontrail'] %}
@@ -69,10 +70,14 @@
config:
Debian:
pkgs:
- ['contrail-config-openstack', 'ifmap-server']
+ - 'contrail-config-openstack'
+ - 'ifmap-server'
services:
{%- if version < 4.0 %}
- ['ifmap-server', 'supervisor-config']
+ {%- if ifmap == 'irond' %}
+ - 'ifmap-server'
+ {%- endif %}
+ - 'supervisor-config'
{%- else %}
['contrail-api', 'contrail-schema', 'contrail-svc-monitor', 'contrail-device-manager', 'contrail-config-nodemgr']
{%- endif %}
diff --git a/opencontrail/meta/collectd.yml b/opencontrail/meta/collectd.yml
index fd5deb9..1e94d6e 100644
--- a/opencontrail/meta/collectd.yml
+++ b/opencontrail/meta/collectd.yml
@@ -184,10 +184,12 @@
match: 'python.*contrail-discovery'
contrail-dns:
match: 'contrail-dns'
+ {%- if config.get('ifmap', {}).get('engine', 'irond') == 'irond' %}
contrail-ifmap-server:
match: 'sh.*ifmap-server'
contrail-irond:
match: 'java.*irond'
+ {%- endif %}
contrail-job-server:
match: 'node.*jobServerStart'
contrail-named:
diff --git a/opencontrail/meta/heka.yml b/opencontrail/meta/heka.yml
index 43bf89b..0667088 100644
--- a/opencontrail/meta/heka.yml
+++ b/opencontrail/meta/heka.yml
@@ -15,12 +15,15 @@
{%- if control.get('enabled', False) %}
{%- set control_processes = (
'contrail-api', 'contrail-control', 'contrail-device-manager',
- 'contrail-discovery', 'contrail-dns', 'contrail-ifmap-server',
- 'contrail-irond', 'contrail-job-server', 'contrail-named',
- 'contrail-nodemgr-config', 'contrail-nodemgr-control',
- 'contrail-schema', 'contrail-supervisord-config',
- 'contrail-supervisord-control', 'contrail-svc-monitor',
+ 'contrail-discovery', 'contrail-dns', 'contrail-job-server',
+ 'contrail-named', 'contrail-nodemgr-config',
+ 'contrail-nodemgr-control', 'contrail-schema',
+ 'contrail-supervisord-config', 'contrail-supervisord-control',
+ 'contrail-svc-monitor',
) %}
+ {%- if config.get('ifmap', {}).get('engine', 'irond') == 'irond' %}
+ {%- set control_processes += ('contrail-ifmap-server', 'contrail-irond',) %}
+ {%- endif %}
{%- endif %}
{%- if database.get('enabled', False) %}
{%- set database_processes = (
diff --git a/opencontrail/meta/prometheus.yml b/opencontrail/meta/prometheus.yml
index 46782c0..ab254af 100644
--- a/opencontrail/meta/prometheus.yml
+++ b/opencontrail/meta/prometheus.yml
@@ -38,14 +38,19 @@
{%- if control.get('enabled', False) %}
{%- set control_apis = ( 'contrail.api', 'contrail.discovery' ) %}
+
{%- set control_processes = (
- 'contrail-api', 'contrail-control', 'contrail-device-manager',
- 'contrail-discovery', 'contrail-dns', 'contrail-ifmap-server',
- 'contrail-irond', 'contrail-job-server', 'contrail-named',
- 'contrail-nodemgr-config', 'contrail-nodemgr-control',
- 'contrail-schema', 'contrail-supervisord-config',
- 'contrail-supervisord-control', 'contrail-svc-monitor',
- ) %}
+ 'contrail-api', 'contrail-control', 'contrail-device-manager',
+ 'contrail-discovery', 'contrail-dns', 'contrail-job-server',
+ 'contrail-named', 'contrail-nodemgr-config',
+ 'contrail-nodemgr-control', 'contrail-schema',
+ 'contrail-supervisord-config', 'contrail-supervisord-control',
+ 'contrail-svc-monitor',
+ ) %}
+
+ {%- if config.get('ifmap', {}).get('engine', 'irond') == 'irond' %}
+ {%- set control_processes += ('contrail-ifmap-server', 'contrail-irond',) %}
+ {%- endif %}
{%- for api in control_apis %}
{% do all_contrail_apis.append(api) %}
diff --git a/opencontrail/meta/telegraf.yml b/opencontrail/meta/telegraf.yml
index 51f7a40..0e2e342 100644
--- a/opencontrail/meta/telegraf.yml
+++ b/opencontrail/meta/telegraf.yml
@@ -47,10 +47,12 @@
pattern: 'python.*contrail-discovery'
contrail-dns:
pattern: 'contrail-dns'
+ {%- if config.get('ifmap', {}).get('engine', 'irond') == 'irond' %}
contrail-ifmap-server:
pattern: 'sh.*ifmap-server'
contrail-irond:
pattern: 'java.*irond'
+ {%- endif %}
contrail-job-server:
pattern: 'node.*jobServerStart'
contrail-named: