Merge "Contrail 3.1.1 fix for discovery to static assignement"
diff --git a/.kitchen.yml b/.kitchen.yml
index 11a029b..b5493f5 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -18,6 +18,7 @@
- name: linux
repo: git
source: https://github.com/salt-formulas/salt-formula-linux
+ branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
state_top:
base:
"*":
@@ -81,7 +82,7 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/single40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- trusty-2017.7
@@ -97,7 +98,7 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/analytics40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- trusty-2017.7
@@ -113,7 +114,7 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/control40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- trusty-2017.7
@@ -129,7 +130,7 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/cluster40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- trusty-2017.7
@@ -143,7 +144,7 @@
# provisioner:
# pillars-from-files:
# opencontrail.sls: tests/pillar/tor40.sls
- # linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ # linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
- name: vrouter3
provisioner:
@@ -159,7 +160,7 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/vrouter40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- trusty-2017.7
diff --git a/README.rst b/README.rst
index b936776..202569d 100644
--- a/README.rst
+++ b/README.rst
@@ -56,6 +56,7 @@
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -93,6 +94,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -181,6 +183,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -205,6 +208,7 @@
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -250,6 +254,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -355,6 +360,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -375,6 +381,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -420,6 +427,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -497,6 +505,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -515,6 +524,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -589,6 +599,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -633,18 +644,23 @@
opencontrail:
compute:
- enabled: true
+ enabled: True
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: True
agent:
tor01:
id: 0
- port: 6632
- host: 127.0.0.1
address: 127.0.0.1
-
+ tor_name: TOR1
+ tor_ip: 10.11.0.100
+ tor_ovs_port: 6640
+ tor_ovs_protocol: tcp
+ http_server_port: 9090
+ tsn_ip: 127.0.0.1
+ tor_tunnel_ip: 10.10.0.100
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
Set up metadata secret for the Vrouter
--------------------------------------
diff --git a/_modules/contrail.py b/_modules/contrail.py
index d8a5114..f36c4ce 100644
--- a/_modules/contrail.py
+++ b/_modules/contrail.py
@@ -726,7 +726,11 @@
.. code-block:: bash
- salt '*' contrail.global_vrouter_config_create name=global-vrouter-config parent_type=global-system-config encap_priority="MPLSoUDP,MPLSoGRE" vxlan_vn_id_mode="automatic" fq_names="['default-global-system-config', 'default-global-vrouter-config']"
+ salt '*' contrail.global_vrouter_config_create \
+ name=global-vrouter-config parent_type=global-system-config \
+ encap_priority="MPLSoUDP,MPLSoGRE" vxlan_vn_id_mode="automatic" \
+ flow_export_rate=None \
+ fq_names="['default-global-system-config', 'default-global-vrouter-config']"
'''
ret = {'name': name,
'changes': {},
diff --git a/metadata/service/client/cluster.yml b/metadata/service/client/cluster.yml
index 337e9d0..91043a9 100644
--- a/metadata/service/client/cluster.yml
+++ b/metadata/service/client/cluster.yml
@@ -3,6 +3,7 @@
parameters:
_param:
opencontrail_version: 3.0
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
openstack_control_address: 127.0.0.1
@@ -14,6 +15,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:openstack_control_address}
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index 8d3a509..2e14591 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -3,6 +3,7 @@
parameters:
_param:
opencontrail_version: 3.0
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -13,6 +14,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_local_address}
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
diff --git a/metadata/service/compute/tor/cluster.yml b/metadata/service/compute/tor/cluster.yml
index 5115598..e913cb4 100644
--- a/metadata/service/compute/tor/cluster.yml
+++ b/metadata/service/compute/tor/cluster.yml
@@ -4,13 +4,18 @@
opencontrail:
compute:
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: True
agent:
tor01:
id: 0
- address: ${_param:single_address}
- port: 6632
- ssl:
- enabled: True
+ address: ${_param:cluster_local_address}
+ tor_name: TOR01
+ tor_ip: 127.0.0.1
+ tor_ovs_port: 6640
+ tor_ovs_protocol: tcp
+ http_server_port: 9090
+ tsn_ip: ${_param:cluster_vip_address}
+ tor_tunnel_ip: 127.0.0.1
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
diff --git a/metadata/service/compute/tor/single.yml b/metadata/service/compute/tor/single.yml
index 969b1ef..dcd4e80 100644
--- a/metadata/service/compute/tor/single.yml
+++ b/metadata/service/compute/tor/single.yml
@@ -4,12 +4,18 @@
opencontrail:
compute:
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: True
agent:
tor01:
id: 0
- port: 6632
- host: ${_param:tor_device01_address}
address: ${_param:single_address}
+ tor_name: TOR01
+ tor_ip: 127.0.0.1
+ tor_ovs_port: 6640
+ tor_ovs_protocol: tcp
+ http_server_port: 9090
+ tsn_ip: ${_param:single_address}
+ tor_tunnel_ip: 127.0.0.1
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index be71d6d..936e5f7 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -54,6 +56,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 8b9eaf7..2450352 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +59,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -123,6 +126,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -188,6 +192,7 @@
identity:
engine: keystone
version: ${_param:opencontrail_identity_version}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index 728e53a..3d618f2 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +59,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -150,6 +153,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index 73ce29b..5478d5c 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +59,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -103,6 +106,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -158,6 +162,7 @@
identity:
engine: keystone
version: ${_param:opencontrail_identity_version}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
index 1593abb..6e4e179 100644
--- a/opencontrail/compute.sls
+++ b/opencontrail/compute.sls
@@ -206,6 +206,8 @@
{%- if compute.get('tor', {}).get('enabled', False) %}
+{%- if compute.version < 4.0 %}
+
{% for agent_name, agent in compute.tor.agent.iteritems() %}
/etc/contrail/contrail-tor-agent-{{ agent.id }}.conf:
@@ -217,7 +219,7 @@
- watch_in:
- service: opencontrail_compute_services
-{%- if compute.version < 4.0 or grains.get('init') != 'systemd' %}
+{%- if grains.get('init') != 'systemd' %}
/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ agent.id }}.ini:
file.managed:
@@ -229,8 +231,20 @@
- service: opencontrail_compute_services
{%- endif %}
-
{%- endfor %}
+
+{%- else %}
+
+provision_tor_agents:
+ cmd.script:
+ - source: "salt://opencontrail/files/{{ compute.version }}/tor/provision_tor_agents.sh"
+ - template: jinja
+ - cwd: /
+ - require:
+ - pkg: opencontrail_vrouter_package_vrouter_agent
+
+{%- endif %}
+
{%- endif %}
opencontrail_compute_services:
diff --git a/opencontrail/files/3.0/client_vnc_api_lib.ini b/opencontrail/files/3.0/client_vnc_api_lib.ini
index 40bfbb3..5779c21 100644
--- a/opencontrail/files/3.0/client_vnc_api_lib.ini
+++ b/opencontrail/files/3.0/client_vnc_api_lib.ini
@@ -11,7 +11,7 @@
; Authentication settings (optional)
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ client.identity.protocol }}
AUTHN_SERVER= {{ client.identity.host }}
AUTHN_PORT = {{ client.identity.port }}
AUTHN_TENANT = {{ client.identity.tenant }}
diff --git a/opencontrail/files/3.0/config.global.js b/opencontrail/files/3.0/config.global.js
index e4397c3..70cf9b5 100644
--- a/opencontrail/files/3.0/config.global.js
+++ b/opencontrail/files/3.0/config.global.js
@@ -97,7 +97,7 @@
config.imageManager = {};
config.imageManager.ip = '{{ web.identity.host }}';
config.imageManager.port = '9292';
-config.imageManager.authProtocol = 'http';
+config.imageManager.authProtocol = '{{ web.identity.protocol }}';
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = '';
@@ -105,7 +105,7 @@
config.computeManager = {};
config.computeManager.ip = '{{ web.identity.host }}';
config.computeManager.port = '8774';
-config.computeManager.authProtocol = 'http';
+config.computeManager.authProtocol = '{{ web.identity.protocol }}';
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = '';
@@ -113,7 +113,7 @@
config.identityManager = {};
config.identityManager.ip = '{{ web.identity.host }}';
config.identityManager.port = '5000';
-config.identityManager.authProtocol = 'http';
+config.identityManager.authProtocol = '{{ web.identity.protocol }}';
/******************************************************************************
* Note: config.identityManager.apiVersion is not controlled by boolean flag
* config.serviceEndPointFromConfig. If specified apiVersion here, then these
@@ -128,7 +128,7 @@
config.storageManager = {};
config.storageManager.ip = '{{ web.identity.host }}';
config.storageManager.port = '8776';
-config.storageManager.authProtocol = 'http';
+config.storageManager.authProtocol = '{{ web.identity.protocol }}';
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
diff --git a/opencontrail/files/3.0/contrail-alarm-gen.conf b/opencontrail/files/3.0/contrail-alarm-gen.conf
index 026a903..b5e9dd0 100644
--- a/opencontrail/files/3.0/contrail-alarm-gen.conf
+++ b/opencontrail/files/3.0/contrail-alarm-gen.conf
@@ -34,7 +34,7 @@
{%- if common.identity.engine == "keystone" and not common.get('k8s_enabled', False) %}
[KEYSTONE]
auth_host={{ common.identity.host }}
-auth_protocol=http
+auth_protocol={{ common.identity.protocol }}
auth_port={{ common.identity.port }}
admin_user={{ common.identity.get('user', "admin") }}
admin_password={{ common.identity.password }}
diff --git a/opencontrail/files/3.0/contrail-keystone-auth.conf b/opencontrail/files/3.0/contrail-keystone-auth.conf
index 8b37f27..f19dab4 100644
--- a/opencontrail/files/3.0/contrail-keystone-auth.conf
+++ b/opencontrail/files/3.0/contrail-keystone-auth.conf
@@ -1,7 +1,7 @@
{%- from "opencontrail/map.jinja" import config with context -%}
[KEYSTONE]
auth_host={{ config.identity.host }}
-auth_protocol=http
+auth_protocol={{ config.identity.protocol }}
auth_port={{ config.identity.port }}
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
@@ -14,7 +14,7 @@
{%- if config.identity.version == "3" %}
project_name={{ config.identity.tenant }}
project_domain_name={{ config.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- else %}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
{%- endif %}
diff --git a/opencontrail/files/3.0/contrail-snmp-collector.conf b/opencontrail/files/3.0/contrail-snmp-collector.conf
index d57251a..0056352 100644
--- a/opencontrail/files/3.0/contrail-snmp-collector.conf
+++ b/opencontrail/files/3.0/contrail-snmp-collector.conf
@@ -26,7 +26,7 @@
[KEYSTONE]
{%- if collector.get('identity', {}).get('engine') == 'keystone' %}
auth_host={{ collector.identity.host }}
-auth_protocol=http
+auth_protocol={{ collector.identity.protocol }}
auth_port={{ collector.identity.port }}
admin_user={{ collector.identity.user }}
admin_password={{ collector.identity.password }}
@@ -39,8 +39,8 @@
{%- if collector.identity.version == "3" %}
project_name={{ collector.identity.tenant }}
project_domain_name={{ collector.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
{%- else %}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
{%- endif %}
{%- endif %}
diff --git a/opencontrail/files/3.0/vnc_api_lib.ini b/opencontrail/files/3.0/vnc_api_lib.ini
index 9795760..62c9066 100644
--- a/opencontrail/files/3.0/vnc_api_lib.ini
+++ b/opencontrail/files/3.0/vnc_api_lib.ini
@@ -14,7 +14,7 @@
{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ config.identity.protocol }}
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_TENANT = {{ config.identity.tenant }}
@@ -25,6 +25,7 @@
{%- else %}
AUTHN_URL = /v2.0/tokens
{%- endif %}
+insecure = true
{%- endif %}
diff --git a/opencontrail/files/4.0/client_vnc_api_lib.ini b/opencontrail/files/4.0/client_vnc_api_lib.ini
index 77e3b92..eeef174 100644
--- a/opencontrail/files/4.0/client_vnc_api_lib.ini
+++ b/opencontrail/files/4.0/client_vnc_api_lib.ini
@@ -13,7 +13,7 @@
{%- if client.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ client.identity.protocol }}
AUTHN_SERVER= {{ client.identity.host }}
AUTHN_PORT = {{ client.identity.port }}
AUTHN_TENANT = {{ client.identity.tenant }}
diff --git a/opencontrail/files/4.0/collector/contrail-keystone-auth.conf b/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
index 4af7b62..a691491 100644
--- a/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
+++ b/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
@@ -1,7 +1,7 @@
{%- from "opencontrail/map.jinja" import collector with context -%}
[KEYSTONE]
auth_host={{ collector.identity.host }}
-auth_protocol=http
+auth_protocol={{ collector.identity.protocol }}
auth_port={{ collector.identity.port }}
admin_user={{ collector.identity.user }}
admin_password={{ collector.identity.password }}
@@ -14,7 +14,7 @@
{%- if collector.identity.version == "3" %}
project_name={{ collector.identity.tenant }}
project_domain_name={{ collector.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
{%- else %}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
{%- endif %}
diff --git a/opencontrail/files/4.0/config.global.js b/opencontrail/files/4.0/config.global.js
index 2dd1b64..ade860a 100644
--- a/opencontrail/files/4.0/config.global.js
+++ b/opencontrail/files/4.0/config.global.js
@@ -75,7 +75,7 @@
config.regions = {};
{%- if web.identity.engine != "none" %}
-config.regions['{{ web.identity.get("region", "RegionOne") }}'] = 'http://{{ web.identity.host }}:5000/v{{ web.identity.version }}';
+config.regions['{{ web.identity.get("region", "RegionOne") }}'] = '{{ web.identity.protocol }}://{{ web.identity.host }}:5000/v{{ web.identity.version }}';
{%- endif %}
/****************************************************************************
@@ -139,7 +139,7 @@
config.imageManager = {};
config.imageManager.ip = '{{ web.identity.host }}';
config.imageManager.port = '9292';
-config.imageManager.authProtocol = 'http';
+config.imageManager.authProtocol = '{{ web.identity.protocol }}';
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = '';
@@ -147,7 +147,7 @@
config.computeManager = {};
config.computeManager.ip = '{{ web.identity.host }}';
config.computeManager.port = '8774';
-config.computeManager.authProtocol = 'http';
+config.computeManager.authProtocol = '{{ web.identity.protocol }}';
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = '';
@@ -155,7 +155,7 @@
config.identityManager = {};
config.identityManager.ip = '{{ web.identity.host }}';
config.identityManager.port = '5000';
-config.identityManager.authProtocol = 'http';
+config.identityManager.authProtocol = '{{ web.identity.protocol }}';
/******************************************************************************
* Note: config.identityManager.apiVersion is not controlled by boolean flag
* config.serviceEndPointFromConfig. If specified apiVersion here, then these
@@ -170,7 +170,7 @@
config.storageManager = {};
config.storageManager.ip = '{{ web.identity.host }}';
config.storageManager.port = '8776';
-config.storageManager.authProtocol = 'http';
+config.storageManager.authProtocol = '{{ web.identity.protocol }}';
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
diff --git a/opencontrail/files/4.0/contrail-keystone-auth.conf b/opencontrail/files/4.0/contrail-keystone-auth.conf
index 5912436..cbcf836 100644
--- a/opencontrail/files/4.0/contrail-keystone-auth.conf
+++ b/opencontrail/files/4.0/contrail-keystone-auth.conf
@@ -5,7 +5,7 @@
{%- if config.identity.engine != "none" %}
auth_host={{ config.identity.host }}
-auth_protocol=http
+auth_protocol={{ config.identity.protocol }}
auth_port={{ config.identity.port }}
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
@@ -19,9 +19,9 @@
{%- if config.identity.version == "3" %}
project_name={{ config.identity.tenant }}
project_domain_name={{ config.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- else %}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
{%- endif %}
{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/contrail-tor-agent.conf b/opencontrail/files/4.0/contrail-tor-agent.conf
deleted file mode 100644
index cc8c05d..0000000
--- a/opencontrail/files/4.0/contrail-tor-agent.conf
+++ /dev/null
@@ -1,111 +0,0 @@
-{%- from "opencontrail/map.jinja" import compute with context %}
-
-{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
-{%- set port = compute.tor.bind.port + agent.id %}
-# Vnswad configuration options
-#
-
-[CONTROL-NODE]
-# IP address to be used to connect to control-node. Maximum of 2 IP addresses
-# (separated by a space) can be provided. If no IP is configured then the
-# value provided by discovery service will be used. (optional)
-# server=10.0.0.1 10.0.0.2
-
-[DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
-# Everything in this section is optional
-
-# IP address and port to be used to connect to collector. If these are not
-# configured, value provided by discovery service will be used. Multiple
-# IP:port strings separated by space can be provided
-# collectors=127.0.0.1:8086
-
-# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
-# debug=0
-
-# Aging time for flow-records in seconds
-# flow_cache_timeout=0
-
-# Hostname of compute-node. If this is not configured value from `hostname`
-# will be taken
-# hostname=
-
-# Category for logging. Default value is '*'
-# log_category=
-
-# Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
-
-# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
-# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
-# log_level=SYS_DEBUG
-
-# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
-# log_local=0
-
-# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
-# log_flow=0
-# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
-# tunnel_type=
-
-# Enable/Disable headless mode for agent. In headless mode agent retains last
-# known good configuration from control node when all control nodes are lost.
-# Possible values are true(enable) and false(disable)
-# headless_mode=
-
-# Define agent mode. Only supported value is "tor"
-agent_mode=tor
-
-
-# Http server port for inspecting vnswad state (useful for debugging)
-# http_server_port=8085
-http_server_port={{ port }}
-
-[DNS]
-# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
-# (separated by a space) can be provided. If no IP is configured then the
-# value provided by discovery service will be used. (Optional)
-# server=10.0.0.1 10.0.0.2
-
-[NETWORKS]
-# control-channel IP address used by WEB-UI to connect to vnswad to fetch
-# required information (Optional)
-{%- if compute.bind is defined %}
-control_network_ip={{ compute.bind.address }}
-{%- else %}
-control_network_ip={{ compute.interface.address }}
-{%- endif %}
-
-[TOR]
-{%- if agent.ssl is not defined %}
-# IP address of the TOR to manage
-tor_ip={{ agent.host }}
-{%- endif %}
-
-# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ agent.id }}
-
-# ToR management scheme is based on this type. Only supported value is "ovs"
-tor_type=ovs
-
-# OVS server port number on the ToR
-tor_ovs_port={{ agent.get('port', 6632) }}
-
-# IP-Transport protocol used to connect to tor. Only supported value is "tcp"
-{%- if agent.ssl is defined %}
-tor_ovs_protocol=pssl
-{%- else %}
-tor_ovs_protocol=tcp
-{%- endif %}
-
-tsn_ip={{ compute.interface.address }}
-
-tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
-
-{%- if agent.ssl is defined %}
-ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
-
-ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
-
-ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
-{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/tor/contrail-tor-agent.ini b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
deleted file mode 100644
index 22a8918..0000000
--- a/opencontrail/files/4.0/tor/contrail-tor-agent.ini
+++ /dev/null
@@ -1,14 +0,0 @@
-{%- from "opencontrail/map.jinja" import compute with context %}
-{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
-[program:contrail-tor-agent-{{ agent.id }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
-priority=420
-autostart=true
-killasgroup=true
-stopsignal=KILL
-stdout_capture_maxbytes=1MB
-redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
-stderr_logfile=/dev/null
-startsecs=5
-exitcodes=0 ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/4.0/tor/provision_tor_agents.sh b/opencontrail/files/4.0/tor/provision_tor_agents.sh
new file mode 100644
index 0000000..5681a94
--- /dev/null
+++ b/opencontrail/files/4.0/tor/provision_tor_agents.sh
@@ -0,0 +1,33 @@
+{%- from "opencontrail/map.jinja" import client, compute with context -%}
+
+{%- for agent_name, agent in compute.tor.agent.iteritems() %}
+
+contrail-toragent-setup --cfgm_ip {{ client.api.host }} \
+--self_ip {{ agent.address }} \
+--control-nodes {% for member in compute.control.members %}{{ member.host }}{% if not loop.last %} {% endif %}{% endfor %} \
+--collectors {% for member in compute.collector.members %}{{ member.host }}{% if not loop.last %} {% endif %}{% endfor %} \
+--authserver_ip {{ client.identity.host }} \
+--admin_user {{ client.identity.user }} \
+--admin_password {{ client.identity.password }} \
+--admin_tenant_name {{ client.identity.tenant }} \
+--auth_protocol http \
+--tor_name {{ agent.tor_name }} \
+--http_server_port {{ agent.http_server_port }} \
+--tor_ip {{ agent.tor_ip }} \
+--tor_id {{ agent.id }} \
+--tsn_ip {{ agent.tsn_ip }} \
+--tor_tunnel_ip {{ agent.tor_tunnel_ip }} \
+{%- if agent.get('xmpp_auth_enable', False) == True %}
+--xmpp_auth_enable \
+{%- endif %}
+{%- if agent.get('xmpp_dns_auth_enable', False) == True %}
+--xmpp_dns_auth_enable \
+{%- endif %}
+--tor_ovs_port {{ agent.tor_ovs_port }} \
+--tor_ovs_protocol {{ agent.tor_ovs_protocol }} \
+{%- if agent.tor_product_name is defined %}
+----tor_product_name {{ agent.tor_product_name }} \
+{%- endif %}
+--tor_vendor_name {{ agent.tor_vendor_name }}
+
+{%- endfor %}
diff --git a/opencontrail/files/4.0/vnc_api_lib.ini b/opencontrail/files/4.0/vnc_api_lib.ini
index 9795760..62c9066 100644
--- a/opencontrail/files/4.0/vnc_api_lib.ini
+++ b/opencontrail/files/4.0/vnc_api_lib.ini
@@ -14,7 +14,7 @@
{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ config.identity.protocol }}
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_TENANT = {{ config.identity.tenant }}
@@ -25,6 +25,7 @@
{%- else %}
AUTHN_URL = /v2.0/tokens
{%- endif %}
+insecure = true
{%- endif %}
diff --git a/opencontrail/map.jinja b/opencontrail/map.jinja
index 41f837b..def00f4 100644
--- a/opencontrail/map.jinja
+++ b/opencontrail/map.jinja
@@ -93,7 +93,11 @@
Debian:
pkgs:
- 'contrail-config-openstack'
+ {%- if version < 4.0 %}
+ {%- if ifmap == 'irond' %}
- 'ifmap-server'
+ {%- endif %}
+ {%- endif %}
services:
{%- if version < 4.0 %}
{%- if ifmap == 'irond' %}
diff --git a/opencontrail/web.sls b/opencontrail/web.sls
index 376ae1c..4b65d35 100644
--- a/opencontrail/web.sls
+++ b/opencontrail/web.sls
@@ -27,6 +27,11 @@
- source: salt://opencontrail/files/{{ web.version }}/redis_webui.conf
- template: jinja
- makedirs: True
+ - mode: 640
+{%- if web.version < 4.0 %}
+ - user: redis
+ - group: redis
+{%- endif %}
{%- if not web.get('config_only', False) %}
diff --git a/tests/pillar/analytics3.sls b/tests/pillar/analytics3.sls
index 2afcd1c..13713f2 100644
--- a/tests/pillar/analytics3.sls
+++ b/tests/pillar/analytics3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/tests/pillar/analytics40.sls b/tests/pillar/analytics40.sls
index 34bc5eb..047e59e 100644
--- a/tests/pillar/analytics40.sls
+++ b/tests/pillar/analytics40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -17,6 +18,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster3.sls b/tests/pillar/cluster3.sls
index 54c9d41..a23557c 100644
--- a/tests/pillar/cluster3.sls
+++ b/tests/pillar/cluster3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -49,6 +50,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -160,6 +162,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster40.sls b/tests/pillar/cluster40.sls
index 4cdac34..5bc81b5 100644
--- a/tests/pillar/cluster40.sls
+++ b/tests/pillar/cluster40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -53,6 +54,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -102,6 +104,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -194,6 +197,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control3.sls b/tests/pillar/control3.sls
index dff472e..d2c9f4e 100644
--- a/tests/pillar/control3.sls
+++ b/tests/pillar/control3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -52,6 +53,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -145,6 +147,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control40.sls b/tests/pillar/control40.sls
index f98a28f..d7d9bb5 100644
--- a/tests/pillar/control40.sls
+++ b/tests/pillar/control40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -54,6 +55,7 @@
version: '2.0'
region: RegionOne
host: 127.0.0.1
+ protocol: http
port: 35357
user: admin
password: password
@@ -160,6 +162,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/repo_opencontrail_oc40.sls b/tests/pillar/repo_opencontrail_oc40.sls
deleted file mode 100644
index 98f3056..0000000
--- a/tests/pillar/repo_opencontrail_oc40.sls
+++ /dev/null
@@ -1,12 +0,0 @@
-linux:
- system:
- enabled: true
- repo:
- mcp_opencontrail_repo:
- source: "deb [arch=amd64] http://apt.mirantis.com/{{ grains.get('oscodename') }}/ nightly oc40 extra"
- architectures: amd64
- key_url: "http://apt.mirantis.com/public.gpg"
- pin:
- - pin: 'release a=nightly'
- priority: 1100
- package: '*'
diff --git a/tests/pillar/repo_opencontrail_oc41.sls b/tests/pillar/repo_opencontrail_oc41.sls
new file mode 100644
index 0000000..99896e2
--- /dev/null
+++ b/tests/pillar/repo_opencontrail_oc41.sls
@@ -0,0 +1,29 @@
+linux:
+ system:
+ enabled: true
+ repo:
+ mcp_opencontrail_repo:
+ source: "deb [arch=amd64] http://mirror.mirantis.com/nightly/opencontrail-4.1/{{ grains.get('oscodename') }} {{ grains.get('oscodename') }} main"
+ architectures: amd64
+ key_url: "http://mirror.mirantis.com/nightly/opencontrail-4.1/{{ grains.get('oscodename') }}/archive-opencontrail-4.1.key"
+ pin:
+ - pin: 'release a=nightly'
+ priority: 1100
+ package: '*'
+ mcp_extra_repo:
+ source: "deb [arch=amd64] http://mirror.mirantis.com/nightly/extra/{{ grains.get('oscodename') }} {{ grains.get('oscodename') }} main"
+ architectures: amd64
+ key_url: "http://mirror.mirantis.com/nightly/extra/{{ grains.get('oscodename') }}/archive-extra.key"
+ pin:
+ - pin: 'release a=nightly'
+ priority: 1100
+ package: '*'
+ # TODO: deprecate repos on fuel-infra (use mirror.mirantis.com), at the moment tests use same repos as for docker images
+ mcp_ocata_fuel_infra:
+ source: "deb [arch=amd64] http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+ pin:
+ - pin: 'release a=ocata'
+ priority: 1100
+ package: '*'
diff --git a/tests/pillar/single3.sls b/tests/pillar/single3.sls
index 43f6dd6..045eb7a 100644
--- a/tests/pillar/single3.sls
+++ b/tests/pillar/single3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -41,6 +42,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -127,6 +129,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/single40.sls b/tests/pillar/single40.sls
index 2e8c430..c064f37 100644
--- a/tests/pillar/single40.sls
+++ b/tests/pillar/single40.sls
@@ -2,6 +2,7 @@
common:
version: 4.0
identity:
+ protocol: http
engine: keystone
host: 127.0.0.1
port: 35357
@@ -43,6 +44,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -78,6 +80,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -148,6 +151,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/vrouter-dpdk3.sls b/tests/pillar/vrouter-dpdk3.sls
index 283abab..1ffcd72 100644
--- a/tests/pillar/vrouter-dpdk3.sls
+++ b/tests/pillar/vrouter-dpdk3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/tests/pillar/vrouter40.sls b/tests/pillar/vrouter40.sls
index e1ebc84..b77c2ca 100644
--- a/tests/pillar/vrouter40.sls
+++ b/tests/pillar/vrouter40.sls
@@ -3,6 +3,7 @@
version: 4.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -11,6 +12,14 @@
engine: neutron
host: 127.0.0.1
port: 9696
+ client:
+ api:
+ host: 127.0.0.1
+ identity:
+ host: 127.0.0.1
+ user: contrail
+ password: contrail
+ tenant: admin
compute:
version: 4.0
enabled: True
@@ -34,16 +43,21 @@
dns: 127.0.0.1
mtu: 9000
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: false
agent:
tor01:
id: 0
address: 127.0.0.1
- port: 6632
- ssl:
- enabled: True
+ tor_name: TOR01
+ tor_ip: 127.0.0.1
+ tor_ovs_protocol: tcp
+ tor_ovs_port: 6640
+ http_server_port: 9090
+ tsn_ip: 127.0.0.1
+ tor_tunnel_ip: 127.0.0.1
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
lbaas:
enabled: true
secret_manager: