Initial commit
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
new file mode 100644
index 0000000..7940936
--- /dev/null
+++ b/CHANGELOG.rst
@@ -0,0 +1,6 @@
+opencontrail formula
+====================
+
+0.0.1 (2015-08-03)
+
+- Initial formula setup
\ No newline at end of file
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..8e80b12
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,13 @@
+Copyright (c) 2014-2015 tcp cloud a. s.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
diff --git a/README.rst b/README.rst
new file mode 100644
index 0000000..00f152f
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,72 @@
+============
+OpenContrail
+============
+
+Contrail Controller is an open, standards-based software solution that delivers network virtualization and service automation for federated cloud networks. It provides self-service provisioning, improves network troubleshooting and diagnostics, and enables service chaining for dynamic application environments across enterprise virtual private cloud (VPC), managed Infrastructure as a Service (IaaS), and Networks Functions Virtualization (NFV) use cases.
+
+Sample pillars
+==============
+
+Usage
+=====
+
+Basic installation
+==================
+
+Add control BGP
+===============
+
+ python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
+
+Compute node installation
+=========================
+
+.. code-block:: yaml
+
+ yum install contrail-vrouter contrail-openstack-vrouter
+
+ salt-call state.sls nova,opencontrail
+
+Add virtual router
+==================
+
+.. code-block:: yaml
+
+ python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
+
+ /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
+
+ reboot
+
+Service debugging
+=================
+
+Display vhost XMPP connection status
+
+You should see the correct controller_ip and state should be established.
+
+ http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
+
+Display vrouter interface status
+
+When vrf_name = ---ERROR--- then something goes wrong
+
+ http://<compute-node>:8085/Snh_ItfReq?name=
+
+Display IF MAP table
+
+Look for neighbours, if VM has 2, it's ok
+
+ http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
+
+Trace XMPP requests
+
+ http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
+
+Read more
+=========
+
+* http://opencontrail.org
+* http://juniper.github.io/contrail-vnc/README.html
+* http://www.juniper.net/techpubs/en_US/contrail1.0/information-products/topic-collections/release-notes/index.html
+* http://www.juniper.net/support/downloads/?p=contrail#sw
diff --git a/VERSION b/VERSION
new file mode 100644
index 0000000..3b04cfb
--- /dev/null
+++ b/VERSION
@@ -0,0 +1 @@
+0.2
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..1168156
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,11 @@
+salt-formula-opencontrail (0.2) trusty; urgency=medium
+
+ * First public release
+
+ -- Filip Pytloun <filip.pytloun@tcpcloud.eu> Tue, 06 Oct 2015 16:38:50 +0200
+
+salt-formula-opencontrail (0.1) trusty; urgency=medium
+
+ * Initial release
+
+ -- Jakub Pavlik <jakub.pavlik@tcpcloud.eu> Thu, 13 Aug 2015 23:23:41 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..ec63514
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+9
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..dd9c460
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,15 @@
+Source: salt-formula-opencontrail
+Maintainer: Jakub Pavlik <jakub.pavlik@tcpcloud.eu>
+Section: admin
+Priority: optional
+Build-Depends: debhelper (>= 9)
+Standards-Version: 3.9.6
+Homepage: http://www.tcpcloud.eu
+Vcs-Browser: https://github.com/tcpcloud/salt-formula-opencontrail
+Vcs-Git: https://github.com/tcpcloud/salt-formula-opencontrail.git
+
+Package: salt-formula-opencontrail
+Architecture: all
+Depends: ${misc:Depends}, salt-master, reclass
+Description: OpenContrail Salt formula
+ Install and configure OpenContrail server and client.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..fd37cf6
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,15 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: salt-formula-opencontrail
+Upstream-Contact: Jakub Pavlik <jakub.pavlik@tcpcloud.eu>
+Source: https://github.com/tcpcloud/salt-formula-opencontrail
+
+Files: *
+Copyright: 2014-2015 tcp cloud
+License: Apache-2.0
+ Copyright (C) 2014-2015 tcp cloud
+ .
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ .
+ On a Debian system you can find a copy of this license in
+ /usr/share/common-licenses/Apache-2.0.
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..d585829
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1,3 @@
+README.rst
+CHANGELOG.rst
+VERSION
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..7ec414f
--- /dev/null
+++ b/debian/install
@@ -0,0 +1,2 @@
+opencontrail/* /usr/share/salt-formulas/env/opencontrail/
+metadata/service/* /usr/share/salt-formulas/reclass/service/opencontrail/
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..abde6ef
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,5 @@
+#!/usr/bin/make -f
+
+%:
+ dh $@
+
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
new file mode 100644
index 0000000..ca3ec15
--- /dev/null
+++ b/metadata/service/control/analytics.yml
@@ -0,0 +1,60 @@
+applications:
+- opencontrail
+parameters:
+ _param:
+ opencontrail_version: 2.2
+ opencontrail:
+ common:
+ version: ${_param:opencontrail_version}
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ token: '${_param:keystone_service_token}'
+ password: '${_param:keystone_admin_password}'
+ network:
+ engine: neutron
+ host: ${_param:network_vip_address}
+ port: 9696
+ collector:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ bind:
+ address: ${_param:cluster_local_address}
+ master:
+ host: ${_param:cluster_local_address}
+ discovery:
+ host: ${_param:network_vip_address}
+ data_ttl: 1
+ database:
+ members:
+ - host: ${_param:cluster_node01_address}
+ port: 9160
+ - host: ${_param:cluster_node02_address}
+ port: 9160
+ - host: ${_param:cluster_node03_address}
+ port: 9160
+ database:
+ version: ${_param:opencontrail_version}
+ cassandra:
+ version: 2
+ enabled: true
+ name: 'Contrail'
+ minimum_disk: 10
+ original_token: 0
+ data_dirs:
+ - /var/lib/cassandra
+ id: ${_param:opencontrail_database_id}
+ discovery:
+ host: ${_param:network_vip_address}
+ bind:
+ host: ${_param:cluster_local_address}
+ port: 9042
+ rpc_port: 9160
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
new file mode 100644
index 0000000..5f28ecb
--- /dev/null
+++ b/metadata/service/control/cluster.yml
@@ -0,0 +1,150 @@
+applications:
+- opencontrail
+parameters:
+ _param:
+ opencontrail_version: 2.2
+ opencontrail:
+ common:
+ version: ${_param:opencontrail_version}
+ source:
+ engine: pkg
+ address: http://mirror.robotice.cz/contrail-havana/
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ token: '${_param:keystone_service_token}'
+ password: '${_param:keystone_admin_password}'
+ network:
+ engine: neutron
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ config:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ network:
+ engine: neutron
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ discovery:
+ host: ${_param:cluster_vip_address}
+ analytics:
+ host: ${_param:cluster_vip_address}
+ bind:
+ address: ${_param:cluster_local_address}
+ message_queue:
+ engine: rabbitmq
+ host: ${_param:cluster_vip_address}
+ port: 5672
+ database:
+ members:
+ - host: ${_param:cluster_node01_address}
+ port: 9160
+ - host: ${_param:cluster_node02_address}
+ port: 9160
+ - host: ${_param:cluster_node03_address}
+ port: 9160
+ cache:
+ host: ${_param:cluster_local_address}
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: admin
+ password: '${_param:keystone_admin_password}'
+ token: '${_param:keystone_service_token}'
+ tenant: admin
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ control:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ bind:
+ address: ${_param:cluster_local_address}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ master:
+ host: ${_param:cluster_local_address}
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ collector:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ bind:
+ address: ${_param:cluster_local_address}
+ master:
+ host: ${_param:cluster_local_address}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ data_ttl: 1
+ database:
+ members:
+ - host: ${_param:cluster_node01_address}
+ port: 9160
+ - host: ${_param:cluster_node02_address}
+ port: 9160
+ - host: ${_param:cluster_node03_address}
+ port: 9160
+ database:
+ version: ${_param:opencontrail_version}
+ cassandra:
+ version: 2
+ enabled: true
+ name: 'Contrail'
+ minimum_disk: 10
+ original_token: 0
+ data_dirs:
+ - /var/lib/cassandra
+ id: ${_param:opencontrail_database_id}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ bind:
+ host: ${_param:cluster_local_address}
+ port: 9042
+ rpc_port: 9160
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ web:
+ version: ${_param:opencontrail_version}
+ enabled: True
+ bind:
+ address: ${_param:cluster_local_address}
+ master:
+ host: ${_param:cluster_vip_address}
+ analytics:
+ host: ${_param:cluster_vip_address}
+ cache:
+ engine: redis
+ host: ${_param:cluster_local_address}
+ port: 6379
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: admin
+ password: '${_param:keystone_admin_password}'
+ token: '${_param:keystone_service_token}'
+ tenant: admin
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
new file mode 100644
index 0000000..a45d39e
--- /dev/null
+++ b/metadata/service/control/control.yml
@@ -0,0 +1,129 @@
+applications:
+- opencontrail
+parameters:
+ _param:
+ opencontrail_version: 2.2
+ opencontrail:
+ common:
+ version: ${_param:opencontrail_version}
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ token: '${_param:keystone_service_token}'
+ password: '${_param:keystone_admin_password}'
+ network:
+ engine: neutron
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ config:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ network:
+ engine: neutron
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ discovery:
+ host: ${_param:cluster_vip_address}
+ analytics:
+ host: ${_param:analytics_vip_address}
+ bind:
+ address: ${_param:cluster_local_address}
+ message_queue:
+ engine: rabbitmq
+ host: ${_param:cluster_vip_address}
+ port: 5672
+ database:
+ members:
+ - host: ${_param:cluster_node01_address}
+ port: 9160
+ - host: ${_param:cluster_node02_address}
+ port: 9160
+ - host: ${_param:cluster_node03_address}
+ port: 9160
+ cache:
+ host: ${_param:cluster_local_address}
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: admin
+ password: '${_param:keystone_admin_password}'
+ token: '${_param:keystone_service_token}'
+ tenant: admin
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ control:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ bind:
+ address: ${_param:cluster_local_address}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ master:
+ host: ${_param:cluster_local_address}
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ database:
+ version: ${_param:opencontrail_version}
+ cassandra:
+ version: 2
+ enabled: true
+ name: 'Contrail'
+ minimum_disk: 10
+ original_token: 0
+ data_dirs:
+ - /var/lib/cassandra
+ id: ${_param:opencontrail_database_id}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ bind:
+ host: ${_param:cluster_local_address}
+ port: 9042
+ rpc_port: 9160
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ web:
+ version: ${_param:opencontrail_version}
+ enabled: True
+ bind:
+ address: ${_param:cluster_local_address}
+ analytics:
+ host: ${_param:analytics_vip_address}
+ master:
+ host: ${_param:cluster_vip_address}
+ cache:
+ engine: redis
+ host: ${_param:cluster_local_address}
+ port: 6379
+ members:
+ - host: ${_param:cluster_node01_address}
+ id: 1
+ - host: ${_param:cluster_node02_address}
+ id: 2
+ - host: ${_param:cluster_node03_address}
+ id: 3
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: admin
+ password: '${_param:keystone_admin_password}'
+ token: '${_param:keystone_service_token}'
+ tenant: admin
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
new file mode 100644
index 0000000..fa80c65
--- /dev/null
+++ b/metadata/service/control/single.yml
@@ -0,0 +1,126 @@
+applications:
+- opencontrail
+parameters:
+ _param:
+ opencontrail_version: 2.2
+ opencontrail:
+ common:
+ version: ${_param:opencontrail_version}
+ source:
+ engine: pkg
+ address: http://mirror.robotice.cz/contrail-havana/
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ token: '${_param:keystone_service_token}'
+ password: '${_param:keystone_admin_password}'
+ network:
+ engine: neutron
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ config:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ network:
+ engine: neutron
+ host: ${_param:cluster_vip_address}
+ port: 9696
+ discovery:
+ host: ${_param:cluster_vip_address}
+ analytics:
+ host: ${_param:cluster_vip_address}
+ bind:
+ address: ${_param:cluster_local_address}
+ message_queue:
+ engine: rabbitmq
+ host: ${_param:cluster_vip_address}
+ port: 5672
+ database:
+ members:
+ - host: ${_param:cluster_local_address}
+ port: 9160
+ cache:
+ host: ${_param:cluster_local_address}
+ identity:
+ engine: keystone
+ region: RegionOne
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: admin
+ password: '${_param:keystone_admin_password}'
+ token: '${_param:keystone_service_token}'
+ tenant: admin
+ members:
+ - host: ${_param:cluster_local_address}
+ id: 1
+ control:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ bind:
+ address: ${_param:cluster_local_address}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ master:
+ host: ${_param:cluster_local_address}
+ members:
+ - host: ${_param:cluster_local_address}
+ id: 1
+ collector:
+ version: ${_param:opencontrail_version}
+ enabled: true
+ bind:
+ address: ${_param:cluster_local_address}
+ master:
+ host: ${_param:cluster_local_address}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ data_ttl: 2
+ database:
+ members:
+ - host: ${_param:cluster_local_address}
+ port: 9160
+ database:
+ version: ${_param:opencontrail_version}
+ cassandra:
+ version: 2
+ enabled: true
+ minimum_disk: 10
+ name: 'Contrail'
+ original_token: 0
+ data_dirs:
+ - /var/lib/cassandra
+ id: ${_param:opencontrail_database_id}
+ discovery:
+ host: ${_param:cluster_vip_address}
+ bind:
+ host: ${_param:cluster_local_address}
+ port: 9042
+ rpc_port: 9160
+ members:
+ - host: ${_param:cluster_local_address}
+ id: 1
+ web:
+ version: ${_param:opencontrail_version}
+ enabled: True
+ bind:
+ address: ${_param:cluster_local_address}
+ analytics:
+ host: ${_param:cluster_vip_address}
+ master:
+ host: ${_param:cluster_vip_address}
+ cache:
+ engine: redis
+ host: ${_param:cluster_local_address}
+ port: 6379
+ members:
+ - host: ${_param:cluster_local_address}
+ id: 1
+ identity:
+ engine: keystone
+ host: ${_param:cluster_vip_address}
+ port: 35357
+ user: admin
+ password: '${_param:keystone_admin_password}'
+ token: '${_param:keystone_service_token}'
+ tenant: admin
diff --git a/metadata/service/tor/single.yml b/metadata/service/tor/single.yml
new file mode 100644
index 0000000..b57c9c2
--- /dev/null
+++ b/metadata/service/tor/single.yml
@@ -0,0 +1,17 @@
+applications:
+- opencontrail
+parameters:
+ _param:
+ opencontrail_version: 2.2
+ opencontrail_tor_agents: 1
+ opencontrail:
+ tor:
+ enabled: true
+ version: ${_param:opencontrail_version}
+ agents: ${_param:opencontrail_tor_agents}
+ control:
+ address: ${_param:single_address}
+ interface:
+ address: ${_param:single_address}
+ device:
+ host: ${_param:tor_device_address}
\ No newline at end of file
diff --git a/opencontrail/collector.sls b/opencontrail/collector.sls
new file mode 100644
index 0000000..0b082cc
--- /dev/null
+++ b/opencontrail/collector.sls
@@ -0,0 +1,88 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+{%- if collector.enabled %}
+
+include:
+- opencontrail.common
+
+opencontrail_collector_packages:
+ pkg.installed:
+ - names: {{ collector.pkgs }}
+
+{% if collector.version == 2.2 %}
+
+/etc/contrail/contrail-analytics-nodemgr.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-analytics-nodemgr.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+ - watch_in:
+ - service: opencontrail_collector_services
+
+/etc/contrail/contrail-alarm-gen.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-alarm-gen.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+ - watch_in:
+ - service: opencontrail_collector_services
+
+/etc/contrail/contrail-snmp-collector.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-snmp-collector.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+ - watch_in:
+ - service: opencontrail_collector_services
+
+/etc/contrail/contrail-topology.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-topology.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+ - watch_in:
+ - service: opencontrail_collector_services
+
+{% endif %}
+
+/etc/redis/redis.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/collector/redis.conf
+ - require:
+ - pkg: opencontrail_collector_packages
+
+/etc/contrail/contrail-collector.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-collector.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+
+/etc/contrail/contrail-query-engine.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-query-engine.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+
+/etc/contrail/contrail-analytics-api.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ collector.version }}/contrail-analytics-api.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_collector_packages
+
+opencontrail_collector_services:
+ service.running:
+ - enable: true
+ - names: {{ collector.services }}
+ - watch:
+ - file: /etc/contrail/contrail-analytics-api.conf
+ - file: /etc/contrail/contrail-query-engine.conf
+ - file: /etc/contrail/contrail-collector.conf
+ - file: /etc/redis/redis.conf
+
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/common.sls b/opencontrail/common.sls
new file mode 100644
index 0000000..6e82855
--- /dev/null
+++ b/opencontrail/common.sls
@@ -0,0 +1,113 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+
+opencontrail_common_packages:
+ pkg.installed:
+ - names: {{ common.pkgs }}
+
+iptables:
+ service.dead:
+ - enable: false
+ - name: iptables
+
+/var/crashes:
+ file.directory
+
+net.ipv4.ip_forward:
+ sysctl.present:
+ - value: 1
+
+kernel.core_pattern:
+ sysctl.present:
+ - value: "/var/crashes/core.%e.%p.%h.%t"
+
+net.netfilter.nf_conntrack_max:
+ sysctl.present:
+ - value: 256000
+
+{% if not pillar.opencontrail.compute is defined %}
+
+net.netfilter.nf_conntrack_tcp_timeout_time_wait:
+ sysctl.present:
+ - value: 30
+
+{% endif %}
+
+net.ipv4.tcp_syncookies:
+ sysctl.present:
+ - value: 1
+
+net.ipv4.tcp_tw_recycle:
+ sysctl.present:
+ - value: 1
+
+net.ipv4.tcp_tw_reuse:
+ sysctl.present:
+ - value: 1
+
+net.ipv4.tcp_fin_timeout:
+ sysctl.present:
+ - value: 30
+
+net.unix.max_dgram_qlen:
+ sysctl.present:
+ - value: 1000
+
+net.ipv4.tcp_keepalive_time:
+ sysctl.present:
+ - value: 5
+
+net.ipv4.tcp_keepalive_probes:
+ sysctl.present:
+ - value: 5
+
+net.ipv4.tcp_keepalive_intvl:
+ sysctl.present:
+ - value: 1
+
+fs.file-max:
+ sysctl.present:
+ - value: 65535
+
+security_limits_conf:
+ cmd.run:
+ - names:
+ - sed -i '/^root\s*soft\s*nproc\s*.*/d' /etc/security/limits.conf && printf printf "root soft nofile 65535\n" >> /etc/security/limits.conf
+ - sed -i '/^*\s*hard\s*nofile\s*.*/d' /etc/security/limits.conf && printf "* hard nofile 65535\n" >> /etc/security/limits.conf
+ - sed -i '/^*\s*soft\s*nofile\s*.*/d' /etc/security/limits.conf && printf "* soft nofile 65535\n" >> /etc/security/limits.conf
+ - sed -i '/^*\s*hard\s*nproc\s*.*/d' /etc/security/limits.conf && printf "* hard nproc 65535\n" >> /etc/security/limits.conf
+ - sed -i '/^*\s*soft\s*nproc\s*.*/d' /etc/security/limits.conf && printf "* soft nofile 65535\n" >> /etc/security/limits.conf
+ - onlyif: test -e /etc/security/limits.conf
+
+vm.overcommit_memory:
+ sysctl.present:
+ - value: 1
+
+/etc/contrail:
+ file.directory
+
+/etc/contrail/service.token:
+ file.managed:
+ - contents: "{{ common.identity.token }}"
+ - require:
+ - file: /etc/contrail
+
+/etc/contrail/ctrl-details:
+ file.managed:
+ - source: salt://opencontrail/files/{{ common.version }}/ctrl-details
+ - template: jinja
+ - require:
+ - file: /etc/contrail
+
+/etc/contrail/openstackrc:
+ file.managed:
+ - source: salt://opencontrail/files/{{ common.version }}/openstackrc
+ - template: jinja
+ - require:
+ - file: /etc/contrail
+
+/etc/contrail/keystonerc:
+ file.managed:
+ - source: salt://opencontrail/files/{{ common.version }}/keystonerc
+ - template: jinja
+ - require:
+ - file: /etc/contrail
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
new file mode 100644
index 0000000..7b73c2c
--- /dev/null
+++ b/opencontrail/compute.sls
@@ -0,0 +1,130 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- from "linux/map.jinja" import network with context %}
+{%- if compute.enabled %}
+
+include:
+- opencontrail.common
+
+opencontrail_compute_packages:
+ pkg.installed:
+ - names: {{ compute.pkgs }}
+
+{% if compute.version == 2.2 %}
+
+/etc/contrail/contrail-vrouter-nodemgr.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ compute.version }}/contrail-vrouter-nodemgr.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_compute_packages
+ - watch_in:
+ - service: opencontrail_compute_services
+
+{% endif %}
+
+/etc/contrail/vrouter_nodemgr_param:
+ file.managed:
+ - source: salt://opencontrail/files/{{ compute.version }}/vrouter_nodemgr_param
+ - template: jinja
+ - require:
+ - pkg: opencontrail_compute_packages
+
+/etc/contrail/agent_param:
+ file.managed:
+ - source: salt://opencontrail/files/{{ compute.version }}/agent_param
+ - template: jinja
+ - require:
+ - pkg: opencontrail_compute_packages
+
+/etc/contrail/contrail-vrouter-agent.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ compute.version }}/contrail-vrouter-agent.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_compute_packages
+ - watch_in:
+ - service: opencontrail_compute_services
+
+/usr/local/bin/findns:
+ file.managed:
+ - source: salt://opencontrail/files/findns
+ - mode: 755
+
+{%- if network.interface.get('vhost0', {}).get('enabled', False) %}
+
+{%- macro set_param(param_name, param_dict) -%}
+{%- if param_dict.get(param_name, False) -%}
+- {{ param_name }}: {{ param_dict[param_name] }}
+{%- endif -%}
+{%- endmacro -%}
+
+contrail_load_vrouter_kernel_module:
+ cmd.run:
+ - name: modprobe vrouter
+ - unless: "lsmod | grep vrouter"
+ - cwd: /root
+ - require:
+ - pkg: opencontrail_compute_packages
+
+{% set interface_params = [
+ 'gateway',
+ 'mtu',
+ 'up_cmds',
+ 'pre_up_cmds',
+ 'post_up_cmds',
+ 'down_cmds',
+ 'pre_down_cmds',
+ 'post_down_cmds',
+ 'master',
+ 'slaves',
+ 'mode',
+ 'lacp_rate'
+] %}
+
+{%- for interface_name, interface in network.interface.iteritems() %}
+{%- if interface_name in ['vhost0', 'bond0', 'p3p1', 'p3p2'] %}
+
+contrail_interface_{{ interface_name }}:
+ network.managed:
+ - enabled: {{ interface.enabled }}
+ - name: {{ interface_name }}
+ - type: {{ interface.type }}
+ - proto: {{ interface.get('proto', 'static') }}
+ {%- if interface.address is defined %}
+ - ipaddr: {{ interface.address }}
+ - netmask: {{ interface.netmask }}
+ {%- endif %}
+ {%- if interface.name_servers is defined %}
+ - dns: {{ interface.name_servers }}
+ {%- endif %}
+ {%- for param in interface_params %}
+ {{ set_param(param, interface) }}
+ {%- endfor %}
+ {%- if interface.type == 'bridge' %}
+ - bridge: {{ interface_name }}
+ - delay: 0
+ - bypassfirewall: True
+ - use:
+ {%- for network in interface.use_interfaces %}
+ - network: {{ network }}
+ {%- endfor %}
+ - ports: {% for network in interface.use_interfaces %}{{ network }} {% endfor %}
+ {%- endif %}
+ - require:
+ {%- for network in interface.get('use_interfaces', []) %}
+ - network: linux_interface_{{ network }}
+ {%- endfor %}
+ - cmd: contrail_load_vrouter_kernel_module
+ - watch_in:
+ - service: opencontrail_compute_services
+
+{%- endif %}
+{%- endfor %}
+
+{%- endif %}
+
+opencontrail_compute_services:
+ service.enabled:
+ - names: {{ compute.services }}
+
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/config.sls b/opencontrail/config.sls
new file mode 100644
index 0000000..1d1d5fd
--- /dev/null
+++ b/opencontrail/config.sls
@@ -0,0 +1,154 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+{%- if config.enabled %}
+
+include:
+- opencontrail.common
+
+opencontrail_config_packages:
+ pkg.installed:
+ - names: {{ config.pkgs }}
+
+/etc/ifmap-server/authorization.properties:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/authorization.properties
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/ifmap-server/publisher.properties:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/publisher.properties
+ - unless: test -e /etc/ifmap-server/deployed
+ - require:
+ - pkg: opencontrail_config_packages
+
+publisher_init:
+ cmd.run:
+ - name: touch /etc/ifmap-server/deployed
+ - unless: test -e /etc/ifmap-server/deployed
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/ifmap-server/log4j.properties:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/log4j.properties
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/ifmap-server/basicauthusers.properties:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/basicauthusers.properties
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/supervisord_config_files/contrail-api.ini:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/contrail-api.ini
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/supervisord_config_files/contrail-discovery.ini:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/contrail-discovery.ini
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/init.d/contrail-api:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/contrail-api
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/init.d/contrail-discovery:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/contrail-discovery
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/contrail-api.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-api.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/contrail-discovery.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-discovery.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/vnc_api_lib.ini:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/vnc_api_lib.ini
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/contrail-device-manager.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-device-manager.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+ - watch_in:
+ - service: opencontrail_config_services
+
+{% if config.version == 2.2 %}
+
+/etc/contrail/contrail-config-nodemgr.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-config-nodemgr.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+ - watch_in:
+ - service: opencontrail_config_services
+
+{% endif %}
+
+/etc/sudoers.d/contrail_sudoers:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/config/contrail_sudoers
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/contrail-keystone-auth.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-keystone-auth.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/contrail-schema.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-schema.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+/etc/contrail/contrail-svc-monitor.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ config.version }}/contrail-svc-monitor.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_config_packages
+
+opencontrail_config_services:
+ service.running:
+ - enable: true
+ - names: {{ config.services }}
+ - watch:
+ - file: /etc/contrail/contrail-discovery.conf
+ - file: /etc/contrail/contrail-svc-monitor.conf
+ - file: /etc/contrail/contrail-schema.conf
+ - file: /etc/contrail/contrail-api.conf
+ - file: /etc/contrail/vnc_api_lib.ini
+ - file: /etc/ifmap-server/basicauthusers.properties
+ - file: /etc/contrail/contrail-keystone-auth.conf
+ - file: /etc/sudoers.d/contrail_sudoers
+
+
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/control.sls b/opencontrail/control.sls
new file mode 100644
index 0000000..50c1fa2
--- /dev/null
+++ b/opencontrail/control.sls
@@ -0,0 +1,60 @@
+{%- from "opencontrail/map.jinja" import control with context %}
+{%- if control.enabled %}
+
+include:
+- opencontrail.common
+
+opencontrail_control_packages:
+ pkg.installed:
+ - names: {{ control.pkgs }}
+
+{% if control.version == 2.2 %}
+
+/etc/contrail/contrail-control-nodemgr.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ control.version }}/contrail-control-nodemgr.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_control_packages
+ - watch_in:
+ - service: opencontrail_control_services
+
+{% endif %}
+
+/etc/contrail/contrail-control.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ control.version }}/contrail-control.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_control_packages
+
+/etc/contrail/contrail-dns.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ control.version }}/contrail-dns.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_control_packages
+
+/etc/contrail/dns:
+ file.directory:
+ - user: contrail
+ - group: contrail
+ - require:
+ - pkg: opencontrail_control_packages
+
+/etc/contrail/dns/contrail-rndc.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ control.version }}/control/contrail-rndc.conf
+ - require:
+ - pkg: opencontrail_control_packages
+
+opencontrail_control_services:
+ service.running:
+ - enable: true
+ - names: {{ control.services }}
+ - watch:
+ - file: /etc/contrail/dns/contrail-rndc.conf
+ - file: /etc/contrail/contrail-dns.conf
+ - file: /etc/contrail/contrail-control.conf
+
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/database.sls b/opencontrail/database.sls
new file mode 100644
index 0000000..520b425
--- /dev/null
+++ b/opencontrail/database.sls
@@ -0,0 +1,113 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+{%- if database.enabled %}
+
+include:
+- opencontrail.common
+
+opencontrail_database_packages:
+ pkg.installed:
+ - names: {{ database.pkgs }}
+
+{% if database.cassandra.version == 1 %}
+
+/etc/cassandra/cassandra.yaml:
+ file.managed:
+ - source: salt://opencontrail/files/cassandra.yaml.1
+ - template: jinja
+ - require:
+ - pkg: opencontrail_database_packages
+
+/etc/cassandra/cassandra-env.sh:
+ file.managed:
+ - source: salt://opencontrail/files/cassandra-env.sh.1
+ - require:
+ - pkg: opencontrail_database_packages
+
+{% else %}
+
+/etc/cassandra/cassandra.yaml:
+ file.managed:
+ - source: salt://opencontrail/files/{{ database.version }}/cassandra.yaml
+ - template: jinja
+ - require:
+ - pkg: opencontrail_database_packages
+
+/etc/cassandra/cassandra-env.sh:
+ file.managed:
+ - source: salt://opencontrail/files/{{ database.version }}/database/cassandra-env.sh
+ - template: jinja
+ - require:
+ - pkg: opencontrail_database_packages
+
+{% endif %}
+
+/etc/zookeeper/conf/log4j.properties:
+ file.managed:
+ - source: salt://opencontrail/files/{{ database.version }}/database/log4j.properties
+ - require:
+ - pkg: opencontrail_database_packages
+
+{% if database.version != 2.2 %}
+
+/etc/contrail/database_nodemgr_param:
+ file.managed:
+ - source: salt://opencontrail/files/{{ database.version }}/database_nodemgr_param
+ - template: jinja
+ - require:
+ - pkg: opencontrail_database_packages
+
+{% endif %}
+
+/etc/contrail/contrail-database-nodemgr.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ database.version }}/contrail-database-nodemgr.conf
+ - template: jinja
+ - require:
+ - pkg: opencontrail_database_packages
+
+/etc/zookeeper/conf/zoo.cfg:
+ file.managed:
+ - source: salt://opencontrail/files/{{ database.version }}/zoo.cfg
+ - template: jinja
+ - require:
+ - pkg: opencontrail_database_packages
+
+/var/lib/zookeeper/myid:
+ file.managed:
+ - contents: '{{ database.id }}'
+
+{% if database.cassandra.version != 1 %}
+
+{%- if salt['cmd.run']('test -e /var/lib/cassandra/.cassandra_bootstrap; echo $?') != '0' %}
+
+cleanup_directory_before_first_run:
+ cmd.run:
+ - name: 'rm -rf /var/lib/cassandra/*'
+ - require_in:
+ - service: opencontrail_database_services
+
+cassandra_bootstrap_finish_flag:
+ file.touch:
+ - name: /var/lib/cassandra/.cassandra_bootstrap
+ - require:
+ - cmd: cleanup_directory_before_first_run
+ - require_in:
+ - service: opencontrail_database_services
+
+{%- endif %}
+
+{% endif %}
+
+opencontrail_database_services:
+ service.running:
+ - enable: true
+ - name: supervisor-database
+ - watch:
+ - file: /etc/cassandra/cassandra.yaml
+ - file: /etc/cassandra/cassandra-env.sh
+ - file: /etc/zookeeper/conf/zoo.cfg
+ - file: /etc/contrail/contrail-database-nodemgr.conf
+ - file: /var/lib/zookeeper/myid
+ - file: /etc/zookeeper/conf/log4j.properties
+
+{%- endif %}
diff --git a/opencontrail/files/2.1/agent_param b/opencontrail/files/2.1/agent_param
new file mode 100644
index 0000000..9e3cdae
--- /dev/null
+++ b/opencontrail/files/2.1/agent_param
@@ -0,0 +1,12 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+LOG=/var/log/contrail.log
+CONFIG=/etc/contrail/agent.conf
+prog=/usr/bin/contrail-vrouter-agent
+kmod=vrouter
+pname=contrail-vrouter-agent
+LIBDIR=/usr/lib64
+DEVICE=vhost0
+dev={{ compute.interface.dev }}
+vgw_subnet_ip=__VGW_SUBNET_IP__
+vgw_intf=__VGW_INTF_LIST__
+LOGFILE=--log-file=/var/log/contrail/vrouter.log
diff --git a/opencontrail/files/2.1/basicauthusers.properties b/opencontrail/files/2.1/basicauthusers.properties
new file mode 100644
index 0000000..7d62559
--- /dev/null
+++ b/opencontrail/files/2.1/basicauthusers.properties
@@ -0,0 +1,39 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+
+test:test
+test2:test2
+test3:test3
+api-server:api-server
+schema-transformer:schema-transformer
+svc-monitor:svc-monitor
+control-user:control-user-passwd
+control-node-1:control-node-1
+control-node-2:control-node-2
+control-node-3:control-node-3
+control-node-4:control-node-4
+control-node-5:control-node-5
+control-node-6:control-node-6
+control-node-7:control-node-7
+control-node-8:control-node-8
+control-node-9:control-node-9
+control-node-10:control-node-10
+dhcp:dhcp
+visual:visual
+sensor:sensor
+
+# compliance testsuite users
+mapclient:mapclient
+helper:mapclient
+
+# This is a read-only MAPC
+reader:reader
+{%- for member in config.members %}
+{{ member.host }}:{{ member.host }}
+{{ member.host }}.dns:{{ member.host }}.dns
+{%- endfor %}
+#10.0.102.31:10.0.102.31
+#10.0.102.31.dns:10.0.102.31.dns
+#10.0.102.32:10.0.102.32
+#10.0.102.32.dns:10.0.102.32.dns
+#10.0.102.33:10.0.102.33
+#10.0.102.33.dns:10.0.102.33.dns
diff --git a/opencontrail/files/2.1/cassandra.yaml b/opencontrail/files/2.1/cassandra.yaml
new file mode 100644
index 0000000..f2fe355
--- /dev/null
+++ b/opencontrail/files/2.1/cassandra.yaml
@@ -0,0 +1,795 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+# Cassandra storage config YAML
+
+# NOTE:
+# See http://wiki.apache.org/cassandra/StorageConfiguration for
+# full explanations of configuration directives
+# /NOTE
+
+# The name of the cluster. This is mainly used to prevent machines in
+# one logical cluster from joining another.
+cluster_name: '{{ database.name }}'
+
+# This defines the number of tokens randomly assigned to this node on the ring
+# The more tokens, relative to other nodes, the larger the proportion of data
+# that this node will store. You probably want all nodes to have the same number
+# of tokens assuming they have equal hardware capability.
+#
+# If you leave this unspecified, Cassandra will use the default of 1 token for legacy compatibility,
+# and will use the initial_token as described below.
+#
+# Specifying initial_token will override this setting on the node's initial start,
+# on subsequent starts, this setting will apply even if initial token is set.
+#
+# If you already have a cluster with 1 token per node, and wish to migrate to
+# multiple tokens per node, see http://wiki.apache.org/cassandra/Operations
+num_tokens: 256
+
+# initial_token allows you to specify tokens manually. While you can use # it with
+# vnodes (num_tokens > 1, above) -- in which case you should provide a
+# comma-separated list -- it's primarily used when adding nodes # to legacy clusters
+# that do not have vnodes enabled.
+# initial_token:
+
+# See http://wiki.apache.org/cassandra/HintedHandoff
+# May either be "true" or "false" to enable globally, or contain a list
+# of data centers to enable per-datacenter.
+# hinted_handoff_enabled: DC1,DC2
+hinted_handoff_enabled: true
+# this defines the maximum amount of time a dead host will have hints
+# generated. After it has been dead this long, new hints for it will not be
+# created until it has been seen alive and gone down again.
+max_hint_window_in_ms: 10800000 # 3 hours
+# Maximum throttle in KBs per second, per delivery thread. This will be
+# reduced proportionally to the number of nodes in the cluster. (If there
+# are two nodes in the cluster, each delivery thread will use the maximum
+# rate; if there are three, each will throttle to half of the maximum,
+# since we expect two nodes to be delivering hints simultaneously.)
+hinted_handoff_throttle_in_kb: 1024
+# Number of threads with which to deliver hints;
+# Consider increasing this number when you have multi-dc deployments, since
+# cross-dc handoff tends to be slower
+max_hints_delivery_threads: 2
+
+# Maximum throttle in KBs per second, total. This will be
+# reduced proportionally to the number of nodes in the cluster.
+batchlog_replay_throttle_in_kb: 1024
+
+# Authentication backend, implementing IAuthenticator; used to identify users
+# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthenticator,
+# PasswordAuthenticator}.
+#
+# - AllowAllAuthenticator performs no checks - set it to disable authentication.
+# - PasswordAuthenticator relies on username/password pairs to authenticate
+# users. It keeps usernames and hashed passwords in system_auth.credentials table.
+# Please increase system_auth keyspace replication factor if you use this authenticator.
+authenticator: AllowAllAuthenticator
+
+# Authorization backend, implementing IAuthorizer; used to limit access/provide permissions
+# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthorizer,
+# CassandraAuthorizer}.
+#
+# - AllowAllAuthorizer allows any action to any user - set it to disable authorization.
+# - CassandraAuthorizer stores permissions in system_auth.permissions table. Please
+# increase system_auth keyspace replication factor if you use this authorizer.
+authorizer: AllowAllAuthorizer
+
+# Validity period for permissions cache (fetching permissions can be an
+# expensive operation depending on the authorizer, CassandraAuthorizer is
+# one example). Defaults to 2000, set to 0 to disable.
+# Will be disabled automatically for AllowAllAuthorizer.
+permissions_validity_in_ms: 2000
+
+# Refresh interval for permissions cache (if enabled).
+# After this interval, cache entries become eligible for refresh. Upon next
+# access, an async reload is scheduled and the old value returned until it
+# completes. If permissions_validity_in_ms is non-zero, then this must be
+# also.
+# Defaults to the same value as permissions_validity_in_ms.
+# permissions_update_interval_in_ms: 1000
+
+# The partitioner is responsible for distributing groups of rows (by
+# partition key) across nodes in the cluster. You should leave this
+# alone for new clusters. The partitioner can NOT be changed without
+# reloading all data, so when upgrading you should set this to the
+# same partitioner you were already using.
+#
+# Besides Murmur3Partitioner, partitioners included for backwards
+# compatibility include RandomPartitioner, ByteOrderedPartitioner, and
+# OrderPreservingPartitioner.
+#
+partitioner: org.apache.cassandra.dht.Murmur3Partitioner
+
+# Directories where Cassandra should store data on disk. Cassandra
+# will spread data evenly across them, subject to the granularity of
+# the configured compaction strategy.
+# If not set, the default directory is $CASSANDRA_HOME/data/data.
+data_file_directories:
+ - /var/lib/cassandra/data
+
+# commit log. when running on magnetic HDD, this should be a
+# separate spindle than the data directories.
+# If not set, the default directory is $CASSANDRA_HOME/data/commitlog.
+commitlog_directory: /var/lib/cassandra/commitlog
+
+# policy for data disk failures:
+# die: shut down gossip and Thrift and kill the JVM for any fs errors or
+# single-sstable errors, so the node can be replaced.
+# stop_paranoid: shut down gossip and Thrift even for single-sstable errors.
+# stop: shut down gossip and Thrift, leaving the node effectively dead, but
+# can still be inspected via JMX.
+# best_effort: stop using the failed disk and respond to requests based on
+# remaining available sstables. This means you WILL see obsolete
+# data at CL.ONE!
+# ignore: ignore fatal errors and let requests fail, as in pre-1.2 Cassandra
+disk_failure_policy: stop
+
+# policy for commit disk failures:
+# die: shut down gossip and Thrift and kill the JVM, so the node can be replaced.
+# stop: shut down gossip and Thrift, leaving the node effectively dead, but
+# can still be inspected via JMX.
+# stop_commit: shutdown the commit log, letting writes collect but
+# continuing to service reads, as in pre-2.0.5 Cassandra
+# ignore: ignore fatal errors and let the batches fail
+commit_failure_policy: stop
+
+# Maximum size of the key cache in memory.
+#
+# Each key cache hit saves 1 seek and each row cache hit saves 2 seeks at the
+# minimum, sometimes more. The key cache is fairly tiny for the amount of
+# time it saves, so it's worthwhile to use it at large numbers.
+# The row cache saves even more time, but must contain the entire row,
+# so it is extremely space-intensive. It's best to only use the
+# row cache if you have hot rows or static rows.
+#
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is empty to make it "auto" (min(5% of Heap (in MB), 100MB)). Set to 0 to disable key cache.
+key_cache_size_in_mb:
+
+# Duration in seconds after which Cassandra should
+# save the key cache. Caches are saved to saved_caches_directory as
+# specified in this configuration file.
+#
+# Saved caches greatly improve cold-start speeds, and is relatively cheap in
+# terms of I/O for the key cache. Row cache saving is much more expensive and
+# has limited use.
+#
+# Default is 14400 or 4 hours.
+key_cache_save_period: 14400
+
+# Number of keys from the key cache to save
+# Disabled by default, meaning all keys are going to be saved
+# key_cache_keys_to_save: 100
+
+# Maximum size of the row cache in memory.
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is 0, to disable row caching.
+row_cache_size_in_mb: 0
+
+# Duration in seconds after which Cassandra should
+# save the row cache. Caches are saved to saved_caches_directory as specified
+# in this configuration file.
+#
+# Saved caches greatly improve cold-start speeds, and is relatively cheap in
+# terms of I/O for the key cache. Row cache saving is much more expensive and
+# has limited use.
+#
+# Default is 0 to disable saving the row cache.
+row_cache_save_period: 0
+
+# Number of keys from the row cache to save
+# Disabled by default, meaning all keys are going to be saved
+# row_cache_keys_to_save: 100
+
+# Maximum size of the counter cache in memory.
+#
+# Counter cache helps to reduce counter locks' contention for hot counter cells.
+# In case of RF = 1 a counter cache hit will cause Cassandra to skip the read before
+# write entirely. With RF > 1 a counter cache hit will still help to reduce the duration
+# of the lock hold, helping with hot counter cell updates, but will not allow skipping
+# the read entirely. Only the local (clock, count) tuple of a counter cell is kept
+# in memory, not the whole counter, so it's relatively cheap.
+#
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is empty to make it "auto" (min(2.5% of Heap (in MB), 50MB)). Set to 0 to disable counter cache.
+# NOTE: if you perform counter deletes and rely on low gcgs, you should disable the counter cache.
+counter_cache_size_in_mb:
+
+# Duration in seconds after which Cassandra should
+# save the counter cache (keys only). Caches are saved to saved_caches_directory as
+# specified in this configuration file.
+#
+# Default is 7200 or 2 hours.
+counter_cache_save_period: 7200
+
+# Number of keys from the counter cache to save
+# Disabled by default, meaning all keys are going to be saved
+# counter_cache_keys_to_save: 100
+
+# The off-heap memory allocator. Affects storage engine metadata as
+# well as caches. Experiments show that JEMAlloc saves some memory
+# than the native GCC allocator (i.e., JEMalloc is more
+# fragmentation-resistant).
+#
+# Supported values are: NativeAllocator, JEMallocAllocator
+#
+# If you intend to use JEMallocAllocator you have to install JEMalloc as library and
+# modify cassandra-env.sh as directed in the file.
+#
+# Defaults to NativeAllocator
+# memory_allocator: NativeAllocator
+
+# saved caches
+# If not set, the default directory is $CASSANDRA_HOME/data/saved_caches.
+saved_caches_directory: /var/lib/cassandra/saved_caches
+
+# commitlog_sync may be either "periodic" or "batch."
+#
+# When in batch mode, Cassandra won't ack writes until the commit log
+# has been fsynced to disk. It will wait
+# commitlog_sync_batch_window_in_ms milliseconds between fsyncs.
+# This window should be kept short because the writer threads will
+# be unable to do extra work while waiting. (You may need to increase
+# concurrent_writes for the same reason.)
+#
+# commitlog_sync: batch
+# commitlog_sync_batch_window_in_ms: 2
+#
+# the other option is "periodic" where writes may be acked immediately
+# and the CommitLog is simply synced every commitlog_sync_period_in_ms
+# milliseconds.
+commitlog_sync: periodic
+commitlog_sync_period_in_ms: 10000
+
+# The size of the individual commitlog file segments. A commitlog
+# segment may be archived, deleted, or recycled once all the data
+# in it (potentially from each columnfamily in the system) has been
+# flushed to sstables.
+#
+# The default size is 32, which is almost always fine, but if you are
+# archiving commitlog segments (see commitlog_archiving.properties),
+# then you probably want a finer granularity of archiving; 8 or 16 MB
+# is reasonable.
+commitlog_segment_size_in_mb: 32
+
+# any class that implements the SeedProvider interface and has a
+# constructor that takes a Map<String, String> of parameters will do.
+seed_provider:
+ # Addresses of hosts that are deemed contact points.
+ # Cassandra nodes use this list of hosts to find each other and learn
+ # the topology of the ring. You must change this if you are running
+ # multiple nodes!
+ - class_name: org.apache.cassandra.locator.SimpleSeedProvider
+ parameters:
+ # seeds is actually a comma-delimited list of addresses.
+ # Ex: "<ip1>,<ip2>,<ip3>"
+ - seeds: "{%- for member in database.members %}{{ member.host }},{%- endfor %}"
+
+# For workloads with more data than can fit in memory, Cassandra's
+# bottleneck will be reads that need to fetch data from
+# disk. "concurrent_reads" should be set to (16 * number_of_drives) in
+# order to allow the operations to enqueue low enough in the stack
+# that the OS and drives can reorder them. Same applies to
+# "concurrent_counter_writes", since counter writes read the current
+# values before incrementing and writing them back.
+#
+# On the other hand, since writes are almost never IO bound, the ideal
+# number of "concurrent_writes" is dependent on the number of cores in
+# your system; (8 * number_of_cores) is a good rule of thumb.
+concurrent_reads: 32
+concurrent_writes: 32
+concurrent_counter_writes: 32
+
+
+# Total memory to use for sstable-reading buffers. Defaults to
+# the smaller of 1/4 of heap or 512MB.
+# file_cache_size_in_mb: 512
+
+# Total permitted memory to use for memtables. Cassandra will stop
+# accepting writes when the limit is exceeded until a flush completes,
+# and will trigger a flush based on memtable_cleanup_threshold
+# If omitted, Cassandra will set both to 1/4 the size of the heap.
+# memtable_heap_space_in_mb: 2048
+# memtable_offheap_space_in_mb: 2048
+
+# Ratio of occupied non-flushing memtable size to total permitted size
+# that will trigger a flush of the largest memtable. Lager mct will
+# mean larger flushes and hence less compaction, but also less concurrent
+# flush activity which can make it difficult to keep your disks fed
+# under heavy write load.
+#
+# memtable_cleanup_threshold defaults to 1 / (memtable_flush_writers + 1)
+# memtable_cleanup_threshold: 0.11
+
+# Specify the way Cassandra allocates and manages memtable memory.
+# Options are:
+# heap_buffers: on heap nio buffers
+# offheap_buffers: off heap (direct) nio buffers
+# offheap_objects: native memory, eliminating nio buffer heap overhead
+memtable_allocation_type: heap_buffers
+
+# Total space to use for commitlogs. Since commitlog segments are
+# mmapped, and hence use up address space, the default size is 32
+# on 32-bit JVMs, and 8192 on 64-bit JVMs.
+#
+# If space gets above this value (it will round up to the next nearest
+# segment multiple), Cassandra will flush every dirty CF in the oldest
+# segment and remove it. So a small total commitlog space will tend
+# to cause more flush activity on less-active columnfamilies.
+# commitlog_total_space_in_mb: 8192
+
+# This sets the amount of memtable flush writer threads. These will
+# be blocked by disk io, and each one will hold a memtable in memory
+# while blocked.
+#
+# memtable_flush_writers defaults to the smaller of (number of disks,
+# number of cores), with a minimum of 2 and a maximum of 8.
+#
+# If your data directories are backed by SSD, you should increase this
+# to the number of cores.
+#memtable_flush_writers: 8
+
+# A fixed memory pool size in MB for for SSTable index summaries. If left
+# empty, this will default to 5% of the heap size. If the memory usage of
+# all index summaries exceeds this limit, SSTables with low read rates will
+# shrink their index summaries in order to meet this limit. However, this
+# is a best-effort process. In extreme conditions Cassandra may need to use
+# more than this amount of memory.
+index_summary_capacity_in_mb:
+
+# How frequently index summaries should be resampled. This is done
+# periodically to redistribute memory from the fixed-size pool to sstables
+# proportional their recent read rates. Setting to -1 will disable this
+# process, leaving existing index summaries at their current sampling level.
+index_summary_resize_interval_in_minutes: 60
+
+# Whether to, when doing sequential writing, fsync() at intervals in
+# order to force the operating system to flush the dirty
+# buffers. Enable this to avoid sudden dirty buffer flushing from
+# impacting read latencies. Almost always a good idea on SSDs; not
+# necessarily on platters.
+trickle_fsync: false
+trickle_fsync_interval_in_kb: 10240
+
+# TCP port, for commands and data
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+storage_port: 7000
+
+# SSL port, for encrypted communication. Unused unless enabled in
+# encryption_options
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+ssl_storage_port: 7001
+
+# Address or interface to bind to and tell other Cassandra nodes to connect to.
+# You _must_ change this if you want multiple nodes to be able to communicate!
+#
+# Set listen_address OR listen_interface, not both. Interfaces must correspond
+# to a single address, IP aliasing is not supported.
+#
+# Leaving it blank leaves it up to InetAddress.getLocalHost(). This
+# will always do the Right Thing _if_ the node is properly configured
+# (hostname, name resolution, etc), and the Right Thing is to use the
+# address associated with the hostname (it might not be).
+#
+# Setting listen_address to 0.0.0.0 is always wrong.
+#
+# If you choose to specify the interface by name and the interface has an ipv4 and an ipv6 address
+# you can specify which should be chosen using listen_interface_prefer_ipv6. If false the first ipv4
+# address will be used. If true the first ipv6 address will be used. Defaults to false preferring
+# ipv4. If there is only one address it will be selected regardless of ipv4/ipv6.
+listen_address: {{ database.bind.host }}
+# listen_interface: eth0
+# listen_interface_prefer_ipv6: false
+
+# Address to broadcast to other Cassandra nodes
+# Leaving this blank will set it to the same value as listen_address
+# broadcast_address: 1.2.3.4
+
+# Internode authentication backend, implementing IInternodeAuthenticator;
+# used to allow/disallow connections from peer nodes.
+# internode_authenticator: org.apache.cassandra.auth.AllowAllInternodeAuthenticator
+
+# Whether to start the native transport server.
+# Please note that the address on which the native transport is bound is the
+# same as the rpc_address. The port however is different and specified below.
+start_native_transport: true
+# port for the CQL native transport to listen for clients on
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+native_transport_port: 9042
+# The maximum threads for handling requests when the native transport is used.
+# This is similar to rpc_max_threads though the default differs slightly (and
+# there is no native_transport_min_threads, idle threads will always be stopped
+# after 30 seconds).
+# native_transport_max_threads: 128
+#
+# The maximum size of allowed frame. Frame (requests) larger than this will
+# be rejected as invalid. The default is 256MB.
+# native_transport_max_frame_size_in_mb: 256
+
+# The maximum number of concurrent client connections.
+# The default is -1, which means unlimited.
+# native_transport_max_concurrent_connections: -1
+
+# The maximum number of concurrent client connections per source ip.
+# The default is -1, which means unlimited.
+# native_transport_max_concurrent_connections_per_ip: -1
+
+# Whether to start the thrift rpc server.
+start_rpc: true
+
+# The address or interface to bind the Thrift RPC service and native transport
+# server to.
+#
+# Set rpc_address OR rpc_interface, not both. Interfaces must correspond
+# to a single address, IP aliasing is not supported.
+#
+# Leaving rpc_address blank has the same effect as on listen_address
+# (i.e. it will be based on the configured hostname of the node).
+#
+# Note that unlike listen_address, you can specify 0.0.0.0, but you must also
+# set broadcast_rpc_address to a value other than 0.0.0.0.
+#
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+#
+# If you choose to specify the interface by name and the interface has an ipv4 and an ipv6 address
+# you can specify which should be chosen using rpc_interface_prefer_ipv6. If false the first ipv4
+# address will be used. If true the first ipv6 address will be used. Defaults to false preferring
+# ipv4. If there is only one address it will be selected regardless of ipv4/ipv6.
+rpc_address: {{ database.bind.host }}
+# port for Thrift to listen for clients on
+rpc_port: {{ database.bind.rpc_port }}
+
+# RPC address to broadcast to drivers and other Cassandra nodes. This cannot
+# be set to 0.0.0.0. If left blank, this will be set to the value of
+# rpc_address. If rpc_address is set to 0.0.0.0, broadcast_rpc_address must
+# be set.
+# broadcast_rpc_address: 1.2.3.4
+
+# enable or disable keepalive on rpc/native connections
+rpc_keepalive: true
+
+# Cassandra provides two out-of-the-box options for the RPC Server:
+#
+# sync -> One thread per thrift connection. For a very large number of clients, memory
+# will be your limiting factor. On a 64 bit JVM, 180KB is the minimum stack size
+# per thread, and that will correspond to your use of virtual memory (but physical memory
+# may be limited depending on use of stack space).
+#
+# hsha -> Stands for "half synchronous, half asynchronous." All thrift clients are handled
+# asynchronously using a small number of threads that does not vary with the amount
+# of thrift clients (and thus scales well to many clients). The rpc requests are still
+# synchronous (one thread per active request). If hsha is selected then it is essential
+# that rpc_max_threads is changed from the default value of unlimited.
+#
+# The default is sync because on Windows hsha is about 30% slower. On Linux,
+# sync/hsha performance is about the same, with hsha of course using less memory.
+#
+# Alternatively, can provide your own RPC server by providing the fully-qualified class name
+# of an o.a.c.t.TServerFactory that can create an instance of it.
+rpc_server_type: sync
+
+# Uncomment rpc_min|max_thread to set request pool size limits.
+#
+# Regardless of your choice of RPC server (see above), the number of maximum requests in the
+# RPC thread pool dictates how many concurrent requests are possible (but if you are using the sync
+# RPC server, it also dictates the number of clients that can be connected at all).
+#
+# The default is unlimited and thus provides no protection against clients overwhelming the server. You are
+# encouraged to set a maximum that makes sense for you in production, but do keep in mind that
+# rpc_max_threads represents the maximum number of client requests this server may execute concurrently.
+#
+# rpc_min_threads: 16
+# rpc_max_threads: 2048
+
+# uncomment to set socket buffer sizes on rpc connections
+# rpc_send_buff_size_in_bytes:
+# rpc_recv_buff_size_in_bytes:
+
+# Uncomment to set socket buffer size for internode communication
+# Note that when setting this, the buffer size is limited by net.core.wmem_max
+# and when not setting it it is defined by net.ipv4.tcp_wmem
+# See:
+# /proc/sys/net/core/wmem_max
+# /proc/sys/net/core/rmem_max
+# /proc/sys/net/ipv4/tcp_wmem
+# /proc/sys/net/ipv4/tcp_wmem
+# and: man tcp
+# internode_send_buff_size_in_bytes:
+# internode_recv_buff_size_in_bytes:
+
+# Frame size for thrift (maximum message length).
+thrift_framed_transport_size_in_mb: 15
+
+# Set to true to have Cassandra create a hard link to each sstable
+# flushed or streamed locally in a backups/ subdirectory of the
+# keyspace data. Removing these links is the operator's
+# responsibility.
+incremental_backups: false
+
+# Whether or not to take a snapshot before each compaction. Be
+# careful using this option, since Cassandra won't clean up the
+# snapshots for you. Mostly useful if you're paranoid when there
+# is a data format change.
+snapshot_before_compaction: false
+
+# Whether or not a snapshot is taken of the data before keyspace truncation
+# or dropping of column families. The STRONGLY advised default of true
+# should be used to provide data safety. If you set this flag to false, you will
+# lose data on truncation or drop.
+auto_snapshot: true
+
+# When executing a scan, within or across a partition, we need to keep the
+# tombstones seen in memory so we can return them to the coordinator, which
+# will use them to make sure other replicas also know about the deleted rows.
+# With workloads that generate a lot of tombstones, this can cause performance
+# problems and even exaust the server heap.
+# (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets)
+# Adjust the thresholds here if you understand the dangers and want to
+# scan more tombstones anyway. These thresholds may also be adjusted at runtime
+# using the StorageService mbean.
+tombstone_warn_threshold: 1000
+tombstone_failure_threshold: 100000
+
+# Granularity of the collation index of rows within a partition.
+# Increase if your rows are large, or if you have a very large
+# number of rows per partition. The competing goals are these:
+# 1) a smaller granularity means more index entries are generated
+# and looking up rows withing the partition by collation column
+# is faster
+# 2) but, Cassandra will keep the collation index in memory for hot
+# rows (as part of the key cache), so a larger granularity means
+# you can cache more hot rows
+column_index_size_in_kb: 64
+
+
+# Log WARN on any batch size exceeding this value. 5kb per batch by default.
+# Caution should be taken on increasing the size of this threshold as it can lead to node instability.
+batch_size_warn_threshold_in_kb: 5
+
+# Number of simultaneous compactions to allow, NOT including
+# validation "compactions" for anti-entropy repair. Simultaneous
+# compactions can help preserve read performance in a mixed read/write
+# workload, by mitigating the tendency of small sstables to accumulate
+# during a single long running compactions. The default is usually
+# fine and if you experience problems with compaction running too
+# slowly or too fast, you should look at
+# compaction_throughput_mb_per_sec first.
+#
+# concurrent_compactors defaults to the smaller of (number of disks,
+# number of cores), with a minimum of 2 and a maximum of 8.
+#
+# If your data directories are backed by SSD, you should increase this
+# to the number of cores.
+#concurrent_compactors: 1
+
+# Throttles compaction to the given total throughput across the entire
+# system. The faster you insert data, the faster you need to compact in
+# order to keep the sstable count down, but in general, setting this to
+# 16 to 32 times the rate you are inserting data is more than sufficient.
+# Setting this to 0 disables throttling. Note that this account for all types
+# of compaction, including validation compaction.
+compaction_throughput_mb_per_sec: 16
+
+# When compacting, the replacement sstable(s) can be opened before they
+# are completely written, and used in place of the prior sstables for
+# any range that has been written. This helps to smoothly transfer reads
+# between the sstables, reducing page cache churn and keeping hot rows hot
+sstable_preemptive_open_interval_in_mb: 50
+
+# Throttles all outbound streaming file transfers on this node to the
+# given total throughput in Mbps. This is necessary because Cassandra does
+# mostly sequential IO when streaming data during bootstrap or repair, which
+# can lead to saturating the network connection and degrading rpc performance.
+# When unset, the default is 200 Mbps or 25 MB/s.
+# stream_throughput_outbound_megabits_per_sec: 200
+
+# Throttles all streaming file transfer between the datacenters,
+# this setting allows users to throttle inter dc stream throughput in addition
+# to throttling all network stream traffic as configured with
+# stream_throughput_outbound_megabits_per_sec
+# inter_dc_stream_throughput_outbound_megabits_per_sec:
+
+# How long the coordinator should wait for read operations to complete
+read_request_timeout_in_ms: 10000
+# How long the coordinator should wait for seq or index scans to complete
+range_request_timeout_in_ms: 10000
+# How long the coordinator should wait for writes to complete
+write_request_timeout_in_ms: 10000
+# How long the coordinator should wait for counter writes to complete
+counter_write_request_timeout_in_ms: 5000
+# How long a coordinator should continue to retry a CAS operation
+# that contends with other proposals for the same row
+cas_contention_timeout_in_ms: 1000
+# How long the coordinator should wait for truncates to complete
+# (This can be much longer, because unless auto_snapshot is disabled
+# we need to flush first so we can snapshot before removing the data.)
+truncate_request_timeout_in_ms: 60000
+# The default timeout for other, miscellaneous operations
+request_timeout_in_ms: 10000
+
+# Enable operation timeout information exchange between nodes to accurately
+# measure request timeouts. If disabled, replicas will assume that requests
+# were forwarded to them instantly by the coordinator, which means that
+# under overload conditions we will waste that much extra time processing
+# already-timed-out requests.
+#
+# Warning: before enabling this property make sure to ntp is installed
+# and the times are synchronized between the nodes.
+cross_node_timeout: false
+
+# Enable socket timeout for streaming operation.
+# When a timeout occurs during streaming, streaming is retried from the start
+# of the current file. This _can_ involve re-streaming an important amount of
+# data, so you should avoid setting the value too low.
+# Default value is 0, which never timeout streams.
+# streaming_socket_timeout_in_ms: 0
+
+# phi value that must be reached for a host to be marked down.
+# most users should never need to adjust this.
+# phi_convict_threshold: 8
+
+# endpoint_snitch -- Set this to a class that implements
+# IEndpointSnitch. The snitch has two functions:
+# - it teaches Cassandra enough about your network topology to route
+# requests efficiently
+# - it allows Cassandra to spread replicas around your cluster to avoid
+# correlated failures. It does this by grouping machines into
+# "datacenters" and "racks." Cassandra will do its best not to have
+# more than one replica on the same "rack" (which may not actually
+# be a physical location)
+#
+# IF YOU CHANGE THE SNITCH AFTER DATA IS INSERTED INTO THE CLUSTER,
+# YOU MUST RUN A FULL REPAIR, SINCE THE SNITCH AFFECTS WHERE REPLICAS
+# ARE PLACED.
+#
+# Out of the box, Cassandra provides
+# - SimpleSnitch:
+# Treats Strategy order as proximity. This can improve cache
+# locality when disabling read repair. Only appropriate for
+# single-datacenter deployments.
+# - GossipingPropertyFileSnitch
+# This should be your go-to snitch for production use. The rack
+# and datacenter for the local node are defined in
+# cassandra-rackdc.properties and propagated to other nodes via
+# gossip. If cassandra-topology.properties exists, it is used as a
+# fallback, allowing migration from the PropertyFileSnitch.
+# - PropertyFileSnitch:
+# Proximity is determined by rack and data center, which are
+# explicitly configured in cassandra-topology.properties.
+# - Ec2Snitch:
+# Appropriate for EC2 deployments in a single Region. Loads Region
+# and Availability Zone information from the EC2 API. The Region is
+# treated as the datacenter, and the Availability Zone as the rack.
+# Only private IPs are used, so this will not work across multiple
+# Regions.
+# - Ec2MultiRegionSnitch:
+# Uses public IPs as broadcast_address to allow cross-region
+# connectivity. (Thus, you should set seed addresses to the public
+# IP as well.) You will need to open the storage_port or
+# ssl_storage_port on the public IP firewall. (For intra-Region
+# traffic, Cassandra will switch to the private IP after
+# establishing a connection.)
+# - RackInferringSnitch:
+# Proximity is determined by rack and data center, which are
+# assumed to correspond to the 3rd and 2nd octet of each node's IP
+# address, respectively. Unless this happens to match your
+# deployment conventions, this is best used as an example of
+# writing a custom Snitch class and is provided in that spirit.
+#
+# You can use a custom Snitch by setting this to the full class name
+# of the snitch, which will be assumed to be on your classpath.
+endpoint_snitch: SimpleSnitch
+
+# controls how often to perform the more expensive part of host score
+# calculation
+dynamic_snitch_update_interval_in_ms: 100
+# controls how often to reset all host scores, allowing a bad host to
+# possibly recover
+dynamic_snitch_reset_interval_in_ms: 600000
+# if set greater than zero and read_repair_chance is < 1.0, this will allow
+# 'pinning' of replicas to hosts in order to increase cache capacity.
+# The badness threshold will control how much worse the pinned host has to be
+# before the dynamic snitch will prefer other replicas over it. This is
+# expressed as a double which represents a percentage. Thus, a value of
+# 0.2 means Cassandra would continue to prefer the static snitch values
+# until the pinned host was 20% worse than the fastest.
+dynamic_snitch_badness_threshold: 0.1
+
+# request_scheduler -- Set this to a class that implements
+# RequestScheduler, which will schedule incoming client requests
+# according to the specific policy. This is useful for multi-tenancy
+# with a single Cassandra cluster.
+# NOTE: This is specifically for requests from the client and does
+# not affect inter node communication.
+# org.apache.cassandra.scheduler.NoScheduler - No scheduling takes place
+# org.apache.cassandra.scheduler.RoundRobinScheduler - Round robin of
+# client requests to a node with a separate queue for each
+# request_scheduler_id. The scheduler is further customized by
+# request_scheduler_options as described below.
+request_scheduler: org.apache.cassandra.scheduler.NoScheduler
+
+# Scheduler Options vary based on the type of scheduler
+# NoScheduler - Has no options
+# RoundRobin
+# - throttle_limit -- The throttle_limit is the number of in-flight
+# requests per client. Requests beyond
+# that limit are queued up until
+# running requests can complete.
+# The value of 80 here is twice the number of
+# concurrent_reads + concurrent_writes.
+# - default_weight -- default_weight is optional and allows for
+# overriding the default which is 1.
+# - weights -- Weights are optional and will default to 1 or the
+# overridden default_weight. The weight translates into how
+# many requests are handled during each turn of the
+# RoundRobin, based on the scheduler id.
+#
+# request_scheduler_options:
+# throttle_limit: 80
+# default_weight: 5
+# weights:
+# Keyspace1: 1
+# Keyspace2: 5
+
+# request_scheduler_id -- An identifier based on which to perform
+# the request scheduling. Currently the only valid option is keyspace.
+# request_scheduler_id: keyspace
+
+# Enable or disable inter-node encryption
+# Default settings are TLS v1, RSA 1024-bit keys (it is imperative that
+# users generate their own keys) TLS_RSA_WITH_AES_128_CBC_SHA as the cipher
+# suite for authentication, key exchange and encryption of the actual data transfers.
+# Use the DHE/ECDHE ciphers if running in FIPS 140 compliant mode.
+# NOTE: No custom encryption options are enabled at the moment
+# The available internode options are : all, none, dc, rack
+#
+# If set to dc cassandra will encrypt the traffic between the DCs
+# If set to rack cassandra will encrypt the traffic between the racks
+#
+# The passwords used in these options must match the passwords used when generating
+# the keystore and truststore. For instructions on generating these files, see:
+# http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
+#
+server_encryption_options:
+ internode_encryption: none
+ keystore: conf/.keystore
+ keystore_password: cassandra
+ truststore: conf/.truststore
+ truststore_password: cassandra
+ # More advanced defaults below:
+ # protocol: TLS
+ # algorithm: SunX509
+ # store_type: JKS
+ # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
+ # require_client_auth: false
+
+# enable or disable client/server encryption.
+client_encryption_options:
+ enabled: false
+ keystore: conf/.keystore
+ keystore_password: cassandra
+ # require_client_auth: false
+ # Set trustore and truststore_password if require_client_auth is true
+ # truststore: conf/.truststore
+ # truststore_password: cassandra
+ # More advanced defaults below:
+ # protocol: TLS
+ # algorithm: SunX509
+ # store_type: JKS
+ # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
+
+# internode_compression controls whether traffic between nodes is
+# compressed.
+# can be: all - all traffic is compressed
+# dc - traffic between different datacenters is compressed
+# none - nothing is compressed.
+internode_compression: all
+
+# Enable or disable tcp_nodelay for inter-dc communication.
+# Disabling it will result in larger (but fewer) network packets being sent,
+# reducing overhead from the TCP protocol itself, at the cost of increasing
+# latency if you block for cross-datacenter responses.
+inter_dc_tcp_nodelay: true
diff --git a/opencontrail/files/2.1/collector/redis.conf b/opencontrail/files/2.1/collector/redis.conf
new file mode 100644
index 0000000..6687a28
--- /dev/null
+++ b/opencontrail/files/2.1/collector/redis.conf
@@ -0,0 +1,643 @@
+# Redis configuration file example
+
+# Note on units: when memory size is needed, it is possible to specify
+# it in the usual form of 1k 5GB 4M and so forth:
+#
+# 1k => 1000 bytes
+# 1kb => 1024 bytes
+# 1m => 1000000 bytes
+# 1mb => 1024*1024 bytes
+# 1g => 1000000000 bytes
+# 1gb => 1024*1024*1024 bytes
+#
+# units are case insensitive so 1GB 1Gb 1gB are all the same.
+
+# By default Redis does not run as a daemon. Use 'yes' if you need it.
+# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+daemonize yes
+
+# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
+# default. You can specify a custom pid file location here.
+pidfile /var/run/redis/redis-server.pid
+
+# Accept connections on the specified port, default is 6379.
+# If port 0 is specified Redis will not listen on a TCP socket.
+port 6379
+
+# If you want you can bind a single interface, if the bind option is not
+# specified all the interfaces will listen for incoming connections.
+#
+#bind 127.0.0.1
+
+# Specify the path for the unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+# unixsocket /var/run/redis/redis.sock
+# unixsocketperm 755
+
+# Close the connection after a client is idle for N seconds (0 to disable)
+timeout 0
+
+# TCP keepalive.
+#
+# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
+# of communication. This is useful for two reasons:
+#
+# 1) Detect dead peers.
+# 2) Take the connection alive from the point of view of network
+# equipment in the middle.
+#
+# On Linux, the specified value (in seconds) is the period used to send ACKs.
+# Note that to close the connection the double of the time is needed.
+# On other kernels the period depends on the kernel configuration.
+#
+# A reasonable value for this option is 60 seconds.
+tcp-keepalive 0
+
+# Specify the server verbosity level.
+# This can be one of:
+# debug (a lot of information, useful for development/testing)
+# verbose (many rarely useful info, but not a mess like the debug level)
+# notice (moderately verbose, what you want in production probably)
+# warning (only very important / critical messages are logged)
+loglevel notice
+
+# Specify the log file name. Also 'stdout' can be used to force
+# Redis to log on the standard output. Note that if you use standard
+# output for logging but daemonize, logs will be sent to /dev/null
+logfile /var/log/redis/redis-server.log
+
+# To enable logging to the system logger, just set 'syslog-enabled' to yes,
+# and optionally update the other syslog parameters to suit your needs.
+# syslog-enabled no
+
+# Specify the syslog identity.
+# syslog-ident redis
+
+# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
+# syslog-facility local0
+
+# Set the number of databases. The default database is DB 0, you can select
+# a different one on a per-connection basis using SELECT <dbid> where
+# dbid is a number between 0 and 'databases'-1
+databases 16
+
+################################ SNAPSHOTTING #################################
+#
+# Save the DB on disk:
+#
+# save <seconds> <changes>
+#
+# Will save the DB if both the given number of seconds and the given
+# number of write operations against the DB occurred.
+#
+# In the example below the behaviour will be to save:
+# after 900 sec (15 min) if at least 1 key changed
+# after 300 sec (5 min) if at least 10 keys changed
+# after 60 sec if at least 10000 keys changed
+#
+# Note: you can disable saving at all commenting all the "save" lines.
+#
+# It is also possible to remove all the previously configured save
+# points by adding a save directive with a single empty string argument
+# like in the following example:
+#
+# save ""
+
+save 900 1
+save 300 10
+save 60 10000
+
+# By default Redis will stop accepting writes if RDB snapshots are enabled
+# (at least one save point) and the latest background save failed.
+# This will make the user aware (in an hard way) that data is not persisting
+# on disk properly, otherwise chances are that no one will notice and some
+# distater will happen.
+#
+# If the background saving process will start working again Redis will
+# automatically allow writes again.
+#
+# However if you have setup your proper monitoring of the Redis server
+# and persistence, you may want to disable this feature so that Redis will
+# continue to work as usually even if there are problems with disk,
+# permissions, and so forth.
+stop-writes-on-bgsave-error yes
+
+# Compress string objects using LZF when dump .rdb databases?
+# For default that's set to 'yes' as it's almost always a win.
+# If you want to save some CPU in the saving child set it to 'no' but
+# the dataset will likely be bigger if you have compressible values or keys.
+rdbcompression yes
+
+# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
+# This makes the format more resistant to corruption but there is a performance
+# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
+# for maximum performances.
+#
+# RDB files created with checksum disabled have a checksum of zero that will
+# tell the loading code to skip the check.
+rdbchecksum yes
+
+# The filename where to dump the DB
+dbfilename dump.rdb
+
+# The working directory.
+#
+# The DB will be written inside this directory, with the filename specified
+# above using the 'dbfilename' configuration directive.
+#
+# The Append Only File will also be created inside this directory.
+#
+# Note that you must specify a directory here, not a file name.
+dir /var/lib/redis
+
+################################# REPLICATION #################################
+
+# Master-Slave replication. Use slaveof to make a Redis instance a copy of
+# another Redis server. Note that the configuration is local to the slave
+# so for example it is possible to configure the slave to save the DB with a
+# different interval, or to listen to another port, and so on.
+#
+# slaveof <masterip> <masterport>
+
+# If the master is password protected (using the "requirepass" configuration
+# directive below) it is possible to tell the slave to authenticate before
+# starting the replication synchronization process, otherwise the master will
+# refuse the slave request.
+#
+# masterauth <master-password>
+
+# When a slave loses its connection with the master, or when the replication
+# is still in progress, the slave can act in two different ways:
+#
+# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
+# still reply to client requests, possibly with out of date data, or the
+# data set may just be empty if this is the first synchronization.
+#
+# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
+# an error "SYNC with master in progress" to all the kind of commands
+# but to INFO and SLAVEOF.
+#
+slave-serve-stale-data yes
+
+# You can configure a slave instance to accept writes or not. Writing against
+# a slave instance may be useful to store some ephemeral data (because data
+# written on a slave will be easily deleted after resync with the master) but
+# may also cause problems if clients are writing to it because of a
+# misconfiguration.
+#
+# Since Redis 2.6 by default slaves are read-only.
+#
+# Note: read only slaves are not designed to be exposed to untrusted clients
+# on the internet. It's just a protection layer against misuse of the instance.
+# Still a read only slave exports by default all the administrative commands
+# such as CONFIG, DEBUG, and so forth. To a limited extend you can improve
+# security of read only slaves using 'rename-command' to shadow all the
+# administrative / dangerous commands.
+slave-read-only yes
+
+# Slaves send PINGs to server in a predefined interval. It's possible to change
+# this interval with the repl_ping_slave_period option. The default value is 10
+# seconds.
+#
+# repl-ping-slave-period 10
+
+# The following option sets a timeout for both Bulk transfer I/O timeout and
+# master data or ping response timeout. The default value is 60 seconds.
+#
+# It is important to make sure that this value is greater than the value
+# specified for repl-ping-slave-period otherwise a timeout will be detected
+# every time there is low traffic between the master and the slave.
+#
+# repl-timeout 60
+
+# Disable TCP_NODELAY on the slave socket after SYNC?
+#
+# If you select "yes" Redis will use a smaller number of TCP packets and
+# less bandwidth to send data to slaves. But this can add a delay for
+# the data to appear on the slave side, up to 40 milliseconds with
+# Linux kernels using a default configuration.
+#
+# If you select "no" the delay for data to appear on the slave side will
+# be reduced but more bandwidth will be used for replication.
+#
+# By default we optimize for low latency, but in very high traffic conditions
+# or when the master and slaves are many hops away, turning this to "yes" may
+# be a good idea.
+repl-disable-tcp-nodelay no
+
+# The slave priority is an integer number published by Redis in the INFO output.
+# It is used by Redis Sentinel in order to select a slave to promote into a
+# master if the master is no longer working correctly.
+#
+# A slave with a low priority number is considered better for promotion, so
+# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
+# pick the one wtih priority 10, that is the lowest.
+#
+# However a special priority of 0 marks the slave as not able to perform the
+# role of master, so a slave with priority of 0 will never be selected by
+# Redis Sentinel for promotion.
+#
+# By default the priority is 100.
+slave-priority 100
+
+################################## SECURITY ###################################
+
+# Require clients to issue AUTH <PASSWORD> before processing any other
+# commands. This might be useful in environments in which you do not trust
+# others with access to the host running redis-server.
+#
+# This should stay commented out for backward compatibility and because most
+# people do not need auth (e.g. they run their own servers).
+#
+# Warning: since Redis is pretty fast an outside user can try up to
+# 150k passwords per second against a good box. This means that you should
+# use a very strong password otherwise it will be very easy to break.
+#
+# requirepass foobared
+
+# Command renaming.
+#
+# It is possible to change the name of dangerous commands in a shared
+# environment. For instance the CONFIG command may be renamed into something
+# hard to guess so that it will still be available for internal-use tools
+# but not available for general clients.
+#
+# Example:
+#
+# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
+#
+# It is also possible to completely kill a command by renaming it into
+# an empty string:
+#
+# rename-command CONFIG ""
+#
+# Please note that changing the name of commands that are logged into the
+# AOF file or transmitted to slaves may cause problems.
+
+################################### LIMITS ####################################
+
+# Set the max number of connected clients at the same time. By default
+# this limit is set to 10000 clients, however if the Redis server is not
+# able to configure the process file limit to allow for the specified limit
+# the max number of allowed clients is set to the current file limit
+# minus 32 (as Redis reserves a few file descriptors for internal uses).
+#
+# Once the limit is reached Redis will close all the new connections sending
+# an error 'max number of clients reached'.
+#
+# maxclients 10000
+
+# Don't use more memory than the specified amount of bytes.
+# When the memory limit is reached Redis will try to remove keys
+# accordingly to the eviction policy selected (see maxmemmory-policy).
+#
+# If Redis can't remove keys according to the policy, or if the policy is
+# set to 'noeviction', Redis will start to reply with errors to commands
+# that would use more memory, like SET, LPUSH, and so on, and will continue
+# to reply to read-only commands like GET.
+#
+# This option is usually useful when using Redis as an LRU cache, or to set
+# an hard memory limit for an instance (using the 'noeviction' policy).
+#
+# WARNING: If you have slaves attached to an instance with maxmemory on,
+# the size of the output buffers needed to feed the slaves are subtracted
+# from the used memory count, so that network problems / resyncs will
+# not trigger a loop where keys are evicted, and in turn the output
+# buffer of slaves is full with DELs of keys evicted triggering the deletion
+# of more keys, and so forth until the database is completely emptied.
+#
+# In short... if you have slaves attached it is suggested that you set a lower
+# limit for maxmemory so that there is some free RAM on the system for slave
+# output buffers (but this is not needed if the policy is 'noeviction').
+#
+# maxmemory <bytes>
+
+# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
+# is reached. You can select among five behaviors:
+#
+# volatile-lru -> remove the key with an expire set using an LRU algorithm
+# allkeys-lru -> remove any key accordingly to the LRU algorithm
+# volatile-random -> remove a random key with an expire set
+# allkeys-random -> remove a random key, any key
+# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
+# noeviction -> don't expire at all, just return an error on write operations
+#
+# Note: with any of the above policies, Redis will return an error on write
+# operations, when there are not suitable keys for eviction.
+#
+# At the date of writing this commands are: set setnx setex append
+# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
+# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
+# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
+# getset mset msetnx exec sort
+#
+# The default is:
+#
+# maxmemory-policy volatile-lru
+
+# LRU and minimal TTL algorithms are not precise algorithms but approximated
+# algorithms (in order to save memory), so you can select as well the sample
+# size to check. For instance for default Redis will check three keys and
+# pick the one that was used less recently, you can change the sample size
+# using the following configuration directive.
+#
+# maxmemory-samples 3
+
+############################## APPEND ONLY MODE ###############################
+
+# By default Redis asynchronously dumps the dataset on disk. This mode is
+# good enough in many applications, but an issue with the Redis process or
+# a power outage may result into a few minutes of writes lost (depending on
+# the configured save points).
+#
+# The Append Only File is an alternative persistence mode that provides
+# much better durability. For instance using the default data fsync policy
+# (see later in the config file) Redis can lose just one second of writes in a
+# dramatic event like a server power outage, or a single write if something
+# wrong with the Redis process itself happens, but the operating system is
+# still running correctly.
+#
+# AOF and RDB persistence can be enabled at the same time without problems.
+# If the AOF is enabled on startup Redis will load the AOF, that is the file
+# with the better durability guarantees.
+#
+# Please check http://redis.io/topics/persistence for more information.
+
+appendonly no
+
+# The name of the append only file (default: "appendonly.aof")
+appendfilename "appendonly.aof"
+
+# The fsync() call tells the Operating System to actually write data on disk
+# instead to wait for more data in the output buffer. Some OS will really flush
+# data on disk, some other OS will just try to do it ASAP.
+#
+# Redis supports three different modes:
+#
+# no: don't fsync, just let the OS flush the data when it wants. Faster.
+# always: fsync after every write to the append only log . Slow, Safest.
+# everysec: fsync only one time every second. Compromise.
+#
+# The default is "everysec", as that's usually the right compromise between
+# speed and data safety. It's up to you to understand if you can relax this to
+# "no" that will let the operating system flush the output buffer when
+# it wants, for better performances (but if you can live with the idea of
+# some data loss consider the default persistence mode that's snapshotting),
+# or on the contrary, use "always" that's very slow but a bit safer than
+# everysec.
+#
+# More details please check the following article:
+# http://antirez.com/post/redis-persistence-demystified.html
+#
+# If unsure, use "everysec".
+
+# appendfsync always
+appendfsync everysec
+# appendfsync no
+
+# When the AOF fsync policy is set to always or everysec, and a background
+# saving process (a background save or AOF log background rewriting) is
+# performing a lot of I/O against the disk, in some Linux configurations
+# Redis may block too long on the fsync() call. Note that there is no fix for
+# this currently, as even performing fsync in a different thread will block
+# our synchronous write(2) call.
+#
+# In order to mitigate this problem it's possible to use the following option
+# that will prevent fsync() from being called in the main process while a
+# BGSAVE or BGREWRITEAOF is in progress.
+#
+# This means that while another child is saving, the durability of Redis is
+# the same as "appendfsync none". In practical terms, this means that it is
+# possible to lose up to 30 seconds of log in the worst scenario (with the
+# default Linux settings).
+#
+# If you have latency problems turn this to "yes". Otherwise leave it as
+# "no" that is the safest pick from the point of view of durability.
+no-appendfsync-on-rewrite no
+
+# Automatic rewrite of the append only file.
+# Redis is able to automatically rewrite the log file implicitly calling
+# BGREWRITEAOF when the AOF log size grows by the specified percentage.
+#
+# This is how it works: Redis remembers the size of the AOF file after the
+# latest rewrite (if no rewrite has happened since the restart, the size of
+# the AOF at startup is used).
+#
+# This base size is compared to the current size. If the current size is
+# bigger than the specified percentage, the rewrite is triggered. Also
+# you need to specify a minimal size for the AOF file to be rewritten, this
+# is useful to avoid rewriting the AOF file even if the percentage increase
+# is reached but it is still pretty small.
+#
+# Specify a percentage of zero in order to disable the automatic AOF
+# rewrite feature.
+
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+
+################################ LUA SCRIPTING ###############################
+
+# Max execution time of a Lua script in milliseconds.
+#
+# If the maximum execution time is reached Redis will log that a script is
+# still in execution after the maximum allowed time and will start to
+# reply to queries with an error.
+#
+# When a long running script exceed the maximum execution time only the
+# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
+# used to stop a script that did not yet called write commands. The second
+# is the only way to shut down the server in the case a write commands was
+# already issue by the script but the user don't want to wait for the natural
+# termination of the script.
+#
+# Set it to 0 or a negative value for unlimited execution without warnings.
+lua-time-limit 5000
+
+################################## SLOW LOG ###################################
+
+# The Redis Slow Log is a system to log queries that exceeded a specified
+# execution time. The execution time does not include the I/O operations
+# like talking with the client, sending the reply and so forth,
+# but just the time needed to actually execute the command (this is the only
+# stage of command execution where the thread is blocked and can not serve
+# other requests in the meantime).
+#
+# You can configure the slow log with two parameters: one tells Redis
+# what is the execution time, in microseconds, to exceed in order for the
+# command to get logged, and the other parameter is the length of the
+# slow log. When a new command is logged the oldest one is removed from the
+# queue of logged commands.
+
+# The following time is expressed in microseconds, so 1000000 is equivalent
+# to one second. Note that a negative number disables the slow log, while
+# a value of zero forces the logging of every command.
+slowlog-log-slower-than 10000
+
+# There is no limit to this length. Just be aware that it will consume memory.
+# You can reclaim memory used by the slow log with SLOWLOG RESET.
+slowlog-max-len 128
+
+############################# Event notification ##############################
+
+# Redis can notify Pub/Sub clients about events happening in the key space.
+# This feature is documented at http://redis.io/topics/keyspace-events
+#
+# For instance if keyspace events notification is enabled, and a client
+# performs a DEL operation on key "foo" stored in the Database 0, two
+# messages will be published via Pub/Sub:
+#
+# PUBLISH __keyspace@0__:foo del
+# PUBLISH __keyevent@0__:del foo
+#
+# It is possible to select the events that Redis will notify among a set
+# of classes. Every class is identified by a single character:
+#
+# K Keyspace events, published with __keyspace@<db>__ prefix.
+# E Keyevent events, published with __keyevent@<db>__ prefix.
+# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
+# $ String commands
+# l List commands
+# s Set commands
+# h Hash commands
+# z Sorted set commands
+# x Expired events (events generated every time a key expires)
+# e Evicted events (events generated when a key is evicted for maxmemory)
+# A Alias for g$lshzxe, so that the "AKE" string means all the events.
+#
+# The "notify-keyspace-events" takes as argument a string that is composed
+# by zero or multiple characters. The empty string means that notifications
+# are disabled at all.
+#
+# Example: to enable list and generic events, from the point of view of the
+# event name, use:
+#
+# notify-keyspace-events Elg
+#
+# Example 2: to get the stream of the expired keys subscribing to channel
+# name __keyevent@0__:expired use:
+#
+# notify-keyspace-events Ex
+#
+# By default all notifications are disabled because most users don't need
+# this feature and the feature has some overhead. Note that if you don't
+# specify at least one of K or E, no events will be delivered.
+notify-keyspace-events ""
+
+############################### ADVANCED CONFIG ###############################
+
+# Hashes are encoded using a memory efficient data structure when they have a
+# small number of entries, and the biggest entry does not exceed a given
+# threshold. These thresholds can be configured using the following directives.
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+
+# Similarly to hashes, small lists are also encoded in a special way in order
+# to save a lot of space. The special representation is only used when
+# you are under the following limits:
+list-max-ziplist-entries 512
+list-max-ziplist-value 64
+
+# Sets have a special encoding in just one case: when a set is composed
+# of just strings that happens to be integers in radix 10 in the range
+# of 64 bit signed integers.
+# The following configuration setting sets the limit in the size of the
+# set in order to use this special memory saving encoding.
+set-max-intset-entries 512
+
+# Similarly to hashes and lists, sorted sets are also specially encoded in
+# order to save a lot of space. This encoding is only used when the length and
+# elements of a sorted set are below the following limits:
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+
+# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
+# order to help rehashing the main Redis hash table (the one mapping top-level
+# keys to values). The hash table implementation Redis uses (see dict.c)
+# performs a lazy rehashing: the more operation you run into an hash table
+# that is rehashing, the more rehashing "steps" are performed, so if the
+# server is idle the rehashing is never complete and some more memory is used
+# by the hash table.
+#
+# The default is to use this millisecond 10 times every second in order to
+# active rehashing the main dictionaries, freeing memory when possible.
+#
+# If unsure:
+# use "activerehashing no" if you have hard latency requirements and it is
+# not a good thing in your environment that Redis can reply form time to time
+# to queries with 2 milliseconds delay.
+#
+# use "activerehashing yes" if you don't have such hard requirements but
+# want to free memory asap when possible.
+activerehashing yes
+
+# The client output buffer limits can be used to force disconnection of clients
+# that are not reading data from the server fast enough for some reason (a
+# common reason is that a Pub/Sub client can't consume messages as fast as the
+# publisher can produce them).
+#
+# The limit can be set differently for the three different classes of clients:
+#
+# normal -> normal clients
+# slave -> slave clients and MONITOR clients
+# pubsub -> clients subcribed to at least one pubsub channel or pattern
+#
+# The syntax of every client-output-buffer-limit directive is the following:
+#
+# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
+#
+# A client is immediately disconnected once the hard limit is reached, or if
+# the soft limit is reached and remains reached for the specified number of
+# seconds (continuously).
+# So for instance if the hard limit is 32 megabytes and the soft limit is
+# 16 megabytes / 10 seconds, the client will get disconnected immediately
+# if the size of the output buffers reach 32 megabytes, but will also get
+# disconnected if the client reaches 16 megabytes and continuously overcomes
+# the limit for 10 seconds.
+#
+# By default normal clients are not limited because they don't receive data
+# without asking (in a push way), but just after a request, so only
+# asynchronous clients may create a scenario where data is requested faster
+# than it can read.
+#
+# Instead there is a default limit for pubsub and slave clients, since
+# subscribers and slaves receive data in a push fashion.
+#
+# Both the hard or the soft limit can be disabled by setting them to zero.
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+
+# Redis calls an internal function to perform many background tasks, like
+# closing connections of clients in timeot, purging expired keys that are
+# never requested, and so forth.
+#
+# Not all tasks are perforemd with the same frequency, but Redis checks for
+# tasks to perform accordingly to the specified "hz" value.
+#
+# By default "hz" is set to 10. Raising the value will use more CPU when
+# Redis is idle, but at the same time will make Redis more responsive when
+# there are many keys expiring at the same time, and timeouts may be
+# handled with more precision.
+#
+# The range is between 1 and 500, however a value over 100 is usually not
+# a good idea. Most users should use the default of 10 and raise this up to
+# 100 only in environments where very low latency is required.
+hz 10
+
+# When a child rewrites the AOF file, if the following option is enabled
+# the file will be fsync-ed every 32 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+aof-rewrite-incremental-fsync yes
+
+################################## INCLUDES ###################################
+
+# Include one or more other config files here. This is useful if you
+# have a standard template that goes to all Redis server but also need
+# to customize a few per-server settings. Include files can include
+# other files, so use this wisely.
+#
+# include /path/to/local.conf
+# include /path/to/other.conf
diff --git a/opencontrail/files/2.1/config.global.js b/opencontrail/files/2.1/config.global.js
new file mode 100644
index 0000000..0089237
--- /dev/null
+++ b/opencontrail/files/2.1/config.global.js
@@ -0,0 +1,252 @@
+{%- from "opencontrail/map.jinja" import web with context %}
+/*
+ * Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+ */
+
+var config = {};
+
+config.orchestration = {};
+config.orchestration.Manager = 'openstack'
+
+/****************************************************************************
+ * This boolean flag indicates to communicate with Orchestration
+ * modules(networkManager, imageManager, computeManager, identityManager,
+ * storageManager), should the webServer communicate using the
+ * ip/port/authProtocol/apiVersion as specified in this file, or as returned
+ * from auth catalog list.
+ * Note: config.identityManager.apiVersion is not controlled by this boolean
+ * flag.
+ *
+ * true - These values should be taken from this config
+ * file.
+ * false - These values should be taken from auth catalog list
+ *
+*****************************************************************************/
+config.serviceEndPointFromConfig = true;
+
+/****************************************************************************
+ * This boolean flag indicates if serviceEndPointFromConfig is set as false,
+ * then to take IP/Port/Protocol/Version information from auth catalog,
+ * should publicURL OR internalURL will be used.
+ *
+ * true - publicURL in endpoint will be used to retrieve IP/Port/Protocol/
+ * Version information
+ * false - internalURL in endpoint will be used to retrieve
+ * IP/Port/Protocol/Version information
+ *
+ * NOTE: if config.serviceEndPointFromConfig is set as true, then this flag
+ * does not have any effect.
+ *
+*****************************************************************************/
+config.serviceEndPointTakePublicURL = true;
+
+/****************************************************************************
+ * Below are the config options for all Orchestration Modules below:
+ * - networkManager
+ * - imageManager
+ * - computeManager
+ * - identityManager
+ * - storageManager
+ * - cnfg
+ * - analytics
+ *
+ * Options:
+ * ip:
+ * IP to connect to for this Server.
+ * port:
+ * Port to connect to for this server
+ * authProtocol:
+ * Specify authProtocol either 'http' or 'https'
+ * apiVersion:
+ * REST API Version for this server to connect to.
+ * Specify a list of Versions in array notation.
+ * Below are the supported list of apiVersion for the modules as of now:
+ * imageManager - ['v1', 'v2']
+ * computeManager - ['v1.1', 'v2']
+ * identityManager - ['v2.0']
+ * storageManager - ['v1']
+ *
+ * Not applicable for cnfg/analytics as of now
+ * strictSSL:
+ * If true, requires certificates to be valid
+ * ca:
+ * An authority certificate to check the remote host against,
+ * if you do not want to specify then use ''
+*****************************************************************************/
+config.networkManager = {};
+config.networkManager.ip = '{{ web.master.host }}';
+config.networkManager.port = '9696'
+config.networkManager.authProtocol = 'http';
+config.networkManager.apiVersion = [];
+config.networkManager.strictSSL = false;
+config.networkManager.ca = '';
+
+config.imageManager = {};
+config.imageManager.ip = '{{ web.identity.host }}';
+config.imageManager.port = '9292';
+config.imageManager.authProtocol = 'http';
+config.imageManager.apiVersion = ['v1', 'v2'];
+config.imageManager.strictSSL = false;
+config.imageManager.ca = '';
+
+config.computeManager = {};
+config.computeManager.ip = '{{ web.identity.host }}';
+config.computeManager.port = '8774';
+config.computeManager.authProtocol = 'http';
+config.computeManager.apiVersion = ['v1.1', 'v2'];
+config.computeManager.strictSSL = false;
+config.computeManager.ca = '';
+
+config.identityManager = {};
+config.identityManager.ip = '{{ web.identity.host }}';
+config.identityManager.port = '5000';
+config.identityManager.authProtocol = 'http';
+/******************************************************************************
+ * Note: config.identityManager.apiVersion is not controlled by boolean flag
+ * config.serviceEndPointFromConfig. If specified apiVersion here, then these
+ * API versions will be used while using REST API to identityManager.
+ * If want to use with default apiVersion(v2.0), then can specify it as
+ * empty array.
+******************************************************************************/
+config.identityManager.apiVersion = ['v2.0'];
+config.identityManager.strictSSL = false;
+config.identityManager.ca = '';
+
+config.storageManager = {};
+config.storageManager.ip = '{{ web.identity.host }}';
+config.storageManager.port = '8776';
+config.storageManager.authProtocol = 'http';
+config.storageManager.apiVersion = ['v1'];
+config.storageManager.strictSSL = false;
+config.storageManager.ca = '';
+
+// VNConfig API server and port.
+config.cnfg = {};
+config.cnfg.server_ip = '{{ web.master.host }}';
+config.cnfg.server_port = '8082';
+config.cnfg.authProtocol = 'http';
+config.cnfg.strictSSL = false;
+config.cnfg.ca = '';
+
+// Analytics API server and port.
+config.analytics = {};
+config.analytics.server_ip = '{{ web.master.host }}';
+config.analytics.server_port = '8081';
+config.analytics.authProtocol = 'http';
+config.analytics.strictSSL = false;
+config.analytics.ca = '';
+
+// vcenter related parameters
+config.vcenter = {};
+config.vcenter.server_ip = '127.0.0.1'; //vCenter IP
+config.vcenter.server_port = '443'; //Port
+config.vcenter.authProtocol = 'https'; //http or https
+config.vcenter.datacenter = 'vcenter'; //datacenter name
+config.vcenter.dvsswitch = 'vswitch'; //dvsswitch name
+config.vcenter.strictSSL = false; //Validate the certificate or ignore
+config.vcenter.ca = ''; //specify the certificate key file
+config.vcenter.wsdl = '/usr/src/contrail/contrail-web-core/webroot/js/vim.wsdl';
+
+/* Discovery Service */
+config.discoveryService = {};
+config.discoveryService.server_port = '5998';
+/* Specifiy true if subscription to discovery server should be enabled, else
+ * specify false. Other than true/false value here is treated as true
+ */
+config.discoveryService.enable = true;
+
+/* Job Server */
+config.jobServer = {};
+config.jobServer.server_ip = '127.0.0.1';
+config.jobServer.server_port = '3000';
+
+/* Upload/Download Directory */
+config.files = {};
+config.files.download_path = '/tmp';
+
+/* WebUI Redis Server */
+config.redis_server_port = '6379';
+config.redis_server_ip = '127.0.0.1';
+config.redis_dump_file = '/var/lib/redis/dump-webui.rdb';
+config.redis_password = '';
+
+/* Cassandra Server */
+config.cassandra = {};
+config.cassandra.server_ips = [{%- for member in web.members %}'{{ member.host }}'{% if not loop.last %},{% endif %}{%- endfor %}];
+config.cassandra.server_port = '9160';
+config.cassandra.enable_edit = false;
+
+/* KUE Job Scheduler */
+config.kue = {};
+config.kue.ui_port = '3002'
+
+/* IP List to listen on */
+config.webui_addresses = ['0.0.0.0'];
+
+/* Is insecure access to WebUI?
+ * If set as false, then all http request will be redirected
+ * to https, if set true, then no https request will be processed, but only http
+ * request
+ */
+config.insecure_access = false;
+
+// HTTP port for NodeJS Server.
+config.http_port = '8080';
+
+// HTTPS port for NodeJS Server.
+config.https_port = '8143';
+
+// Activate/Deactivate Login.
+config.require_auth = false;
+
+/* Number of node worker processes for cluster. */
+config.node_worker_count = 1;
+
+/* Number of Parallel Active Jobs with same type */
+config.maxActiveJobs = 10;
+
+/* Redis DB index for Web-UI */
+config.redisDBIndex = 3;
+
+/* Logo File: Use complete path of logo file location */
+config.logo_file = '/usr/src/contrail/contrail-web-core/webroot/img/opencontrail-logo.png';
+
+/* Favicon File: Use complete path of favicon file location */
+config.favicon_file = '/usr/src/contrail/contrail-web-core/webroot/img/juniper-networks-favicon.ico';
+
+config.featurePkg = {};
+/* Add new feature Package Config details below */
+config.featurePkg.webController = {};
+config.featurePkg.webController.path = '/usr/src/contrail/contrail-web-controller';
+config.featurePkg.webController.enable = true;
+
+/* Enable/disable Stat Query Links in Sidebar*/
+config.qe = {};
+config.qe.enable_stat_queries = false;
+
+/* Configure level of logs, supported log levels are:
+ debug, info, notice, warning, error, crit, alert, emerg
+ */
+config.logs = {};
+config.logs.level = 'debug';
+
+/******************************************************************************
+ * Boolean flag getDomainProjectsFromApiServer indicates wheather the project
+ * list should come from API Server or Identity Manager.
+ * If Set
+ * - true, then project list will come from API Server
+ * - false, then project list will come from Identity Manager
+ * Default: false
+ *
+******************************************************************************/
+config.getDomainProjectsFromApiServer = false;
+/*****************************************************************************
+* Boolean flag L2_enable indicates the default forwarding-mode of a network.
+* Allowed values : true / false
+* Set this flag to true if all the networks are to be L2 networks,
+* set to false otherwise.
+*****************************************************************************/
+config.network = {};
+config.network.L2_enable = false;
+// Export this as a module.
+module.exports = config;
diff --git a/opencontrail/files/2.1/config/authorization.properties b/opencontrail/files/2.1/config/authorization.properties
new file mode 100644
index 0000000..d04f4f6
--- /dev/null
+++ b/opencontrail/files/2.1/config/authorization.properties
@@ -0,0 +1,3 @@
+
+# The MAPC with basic auth username 'reader' has read only access.
+reader=ro
diff --git a/opencontrail/files/2.1/config/contrail-api b/opencontrail/files/2.1/config/contrail-api
new file mode 100644
index 0000000..64da831
--- /dev/null
+++ b/opencontrail/files/2.1/config/contrail-api
@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+# chkconfig: 2345 99 01
+# description: Juniper Network Virtualization API
+
+supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`
+
+#supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}`
\ No newline at end of file
diff --git a/opencontrail/files/2.1/config/contrail-api.ini b/opencontrail/files/2.1/config/contrail-api.ini
new file mode 100644
index 0000000..edd0a37
--- /dev/null
+++ b/opencontrail/files/2.1/config/contrail-api.ini
@@ -0,0 +1,14 @@
+
+[program:contrail-api]
+command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --listen_port 910%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile= /var/log/contrail/contrail-api-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=440
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
+
diff --git a/opencontrail/files/2.1/config/contrail-discovery b/opencontrail/files/2.1/config/contrail-discovery
new file mode 100644
index 0000000..cf9cbbd
--- /dev/null
+++ b/opencontrail/files/2.1/config/contrail-discovery
@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+# chkconfig: 2345 99 01
+# description: Juniper Network Virtualization API
+
+supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`
+
+#supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}`
diff --git a/opencontrail/files/2.1/config/contrail-discovery.ini b/opencontrail/files/2.1/config/contrail-discovery.ini
new file mode 100644
index 0000000..5e84cbf
--- /dev/null
+++ b/opencontrail/files/2.1/config/contrail-discovery.ini
@@ -0,0 +1,14 @@
+
+[program:contrail-discovery]
+command=/usr/bin/contrail-discovery --conf_file /etc/contrail/contrail-discovery.conf --listen_port 911%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile= /var/log/contrail/contrail-discovery-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=430
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
+
diff --git a/opencontrail/files/2.1/config/contrail_sudoers b/opencontrail/files/2.1/config/contrail_sudoers
new file mode 100644
index 0000000..a65cc42
--- /dev/null
+++ b/opencontrail/files/2.1/config/contrail_sudoers
@@ -0,0 +1,6 @@
+
+Defaults:contrail !requiretty
+
+Cmnd_Alias CONFIGRESTART = /usr/sbin/service supervisor-config restart
+
+contrail ALL = (root) NOPASSWD:CONFIGRESTART
diff --git a/opencontrail/files/2.1/config/log4j.properties b/opencontrail/files/2.1/config/log4j.properties
new file mode 100644
index 0000000..6c55393
--- /dev/null
+++ b/opencontrail/files/2.1/config/log4j.properties
@@ -0,0 +1,27 @@
+
+# Set root logger level to DEBUG and its only appender to CONSOLE
+log4j.rootLogger=TRACE, CONSOLE
+log4j.error
+
+log4j.logger.de.fhhannover.inform.irond.proc=TRACE, A1, A2
+log4j.additivity.de.fhhannover.inform.irond.proc=false
+
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.appender.A2=org.apache.log4j.FileAppender
+log4j.appender.A2.File=/var/log/contrail/ifmap-server.log
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.logger.de.fhhannover.inform.irond.rawrequests=TRACE, A3
+log4j.additivity.de.fhhannover.inform.irond.rawrequests=false
+log4j.appender.A3=org.apache.log4j.FileAppender
+log4j.appender.A3.file=irond_raw.log
+log4j.appender.A3.layout=org.apache.log4j.PatternLayout
+log4j.appender.A3.layout.ConversionPattern=%d %-5p %x - %m%n
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-8r [%t] %-5p %C{1} %x - %m%n
diff --git a/opencontrail/files/2.1/config/publisher.properties b/opencontrail/files/2.1/config/publisher.properties
new file mode 100644
index 0000000..9a34093
--- /dev/null
+++ b/opencontrail/files/2.1/config/publisher.properties
@@ -0,0 +1,17 @@
+
+#Sun May 27 15:47:44 PDT 2012
+visual=visual--1877135140-1
+test=test--1870931913-1
+test2=test2--1870931914-1
+test3=test3--1870931915-1
+api-server=api-server-1--0000000001-1
+control-node-1=control-node-1--1870931921-1
+control-node-2=control-node-1--1870931922-1
+control-node-3=control-node-1--1870931923-1
+control-node-4=control-node-1--1870931924-1
+control-node-5=control-node-1--1870931925-1
+control-node-6=control-node-1--1870931926-1
+control-node-7=control-node-1--1870931927-1
+control-node-8=control-node-1--1870931928-1
+control-node-9=control-node-1--1870931929-1
+control-node-10=control-node-10--1870931930-1
diff --git a/opencontrail/files/2.1/contrail-analytics-api.conf b/opencontrail/files/2.1/contrail-analytics-api.conf
new file mode 100644
index 0000000..6b04bc7
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-analytics-api.conf
@@ -0,0 +1,21 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+[DEFAULTS]
+host_ip = {{ collector.bind.address }}
+cassandra_server_list={% for member in collector.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+collectors = {{ collector.bind.address }}:8086
+http_server_port = 8090
+rest_api_port = 9081
+rest_api_ip = 0.0.0.0
+log_local = 1
+log_level = SYS_NOTICE
+log_category =
+log_file = /var/log/contrail/contrail-analytics-api.log
+
+[DISCOVERY]
+disc_server_ip = {{ collector.discovery.host }}
+disc_server_port = 5998
+
+[REDIS]
+redis_server_port = 6379
+redis_query_port = 6379
+
diff --git a/opencontrail/files/2.1/contrail-api.conf b/opencontrail/files/2.1/contrail-api.conf
new file mode 100644
index 0000000..ef1192e
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-api.conf
@@ -0,0 +1,39 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+ifmap_server_ip={{ config.bind.address }}
+ifmap_server_port=8443
+ifmap_username=api-server
+ifmap_password=api-server
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+listen_ip_addr=0.0.0.0
+listen_port=8082
+multi_tenancy=True
+log_file=/var/log/contrail/contrail-api.log
+log_local=1
+log_level=SYS_NOTICE
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+#zk_server_ip=10.0.102.31:2181,10.0.102.32:2181,10.0.102.33:2181
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+redis_server_ip=$__contrail_redis_ip__
+rabbit_server={{ config.message_queue.host }}
+rabbit_port={{ config.message_queue.port }}
+auth=keystone
+#rabbit_port=5673{{ config.message_queue.port }}
+
+[SECURITY]
+use_certs=False
+keyfile=/etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile=/etc/contrail/ssl/certs/apiserver.pem
+ca_certs=/etc/contrail/ssl/certs/ca.pem
+
+[KEYSTONE]
+auth_host={{ config.identity.host }}
+auth_protocol=http
+auth_port={{ config.identity.port }}
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
+insecure=True
+
diff --git a/opencontrail/files/2.1/contrail-collector.conf b/opencontrail/files/2.1/contrail-collector.conf
new file mode 100644
index 0000000..d203459
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-collector.conf
@@ -0,0 +1,47 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# Control-node configuration options
+#
+
+[DEFAULT]
+# Everything in this section is optional
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+ analytics_data_ttl={{ collector.data_ttl }}
+ analytics_config_audit_ttl={{ collector.data_ttl }}
+ analytics_statistics_ttl={{ collector.data_ttl }}
+ analytics_flow_ttl={{ collector.data_ttl }}
+
+ cassandra_server_list={% for member in collector.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+# dup=0
+ hostip={{ collector.bind.address }} # Resolved IP of `hostname`
+# hostname= # Retrieved as `hostname`
+ http_server_port=8089
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-collector.log
+# log_files_count=10
+# log_file_size=1048576 # 1MB
+ log_level=SYS_NOTICE
+ log_local=1
+ syslog_port=-1
+# test_mode=0
+
+[COLLECTOR]
+ port=8086
+# server= 0.0.0.0
+
+[DISCOVERY]
+# port=5998
+ server={{ collector.discovery.host }} # discovery_server IP address
+
+[REDIS]
+ port=6379
+ server=127.0.0.1
+
diff --git a/opencontrail/files/2.1/contrail-control.conf b/opencontrail/files/2.1/contrail-control.conf
new file mode 100644
index 0000000..4fd07dd
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-control.conf
@@ -0,0 +1,35 @@
+{%- from "opencontrail/map.jinja" import control with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# Control-node configuration options
+#
+
+[DEFAULT]
+# bgp_config_file=bgp_config.xml
+# bgp_port=179
+# collectors= # Provided by discovery server
+ hostip={{ control.bind.address }} # Resolved IP of `hostname`
+ #hostname=ctl-oc-1 # Retrieved as `hostname`
+ hostname={{ pillar.linux.system.name }}
+# http_server_port=8083
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-control.log
+# log_files_count=10
+# log_file_size=10485760 # 10MB
+ log_level=SYS_NOTICE
+ log_local=1
+# test_mode=0
+# xmpp_server_port=5269
+
+[DISCOVERY]
+# port=5998
+ server={{ control.discovery.host }} # discovery-server IP address
+
+[IFMAP]
+ certs_store=
+ password={{ control.bind.address }}
+# server_url= # Provided by discovery server, e.g. https://127.0.0.1:8443
+ user={{ control.bind.address }}
+
diff --git a/opencontrail/files/2.1/contrail-database-nodemgr.conf b/opencontrail/files/2.1/contrail-database-nodemgr.conf
new file mode 100644
index 0000000..4f11b7e
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-database-nodemgr.conf
@@ -0,0 +1,3 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+[DISCOVERY]
+server={{ database.discovery.host }}
diff --git a/opencontrail/files/2.1/contrail-device-manager.conf b/opencontrail/files/2.1/contrail-device-manager.conf
new file mode 100644
index 0000000..515179e
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-device-manager.conf
@@ -0,0 +1,13 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+rabbit_server={{ config.message_queue.host }}
+rabbit_port={{ config.message_queue.port }}
+api_server_ip={{ config.discovery.host }}
+api_server_port=8082
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+log_file=/var/log/contrail/contrail-device-manager.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+log_local=1
+log_level=SYS_NOTICE
diff --git a/opencontrail/files/2.1/contrail-discovery.conf b/opencontrail/files/2.1/contrail-discovery.conf
new file mode 100644
index 0000000..c46afd8
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-discovery.conf
@@ -0,0 +1,42 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+zk_server_ip={% for member in config.database.members %}{{ member.host }}{% if not loop.last %},{% endif %}{% endfor %}
+zk_server_port=2181
+listen_ip_addr=0.0.0.0
+listen_port=5998
+log_local=True
+log_file=/var/log/contrail/discovery.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+log_level=SYS_NOTICE
+
+# minimim time to allow client to cache service information (seconds)
+ttl_min=300
+
+# maximum time to allow client to cache service information (seconds)
+ttl_max=1800
+
+# health check ping interval <=0 for disabling
+hc_interval=5
+
+# maximum hearbeats to miss before server will declare publisher out of
+# service.
+hc_max_miss=3
+
+# use short TTL for agressive rescheduling if all services are not up
+ttl_short=1
+
+# for DNS service, we use fixed policy
+# even when the cluster has more than two control nodes, only two of these
+# should provide the DNS service
+[DNS-SERVER]
+policy = fixed
+
+######################################################################
+# Other service specific knobs ...
+
+# use short TTL for agressive rescheduling if all services are not up
+# ttl_short=1
+
+# specify policy to use when assigning services
+# policy = [load-balance | round-robin | fixed]
+######################################################################
diff --git a/opencontrail/files/2.1/contrail-dns.conf b/opencontrail/files/2.1/contrail-dns.conf
new file mode 100644
index 0000000..ab8e816
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-dns.conf
@@ -0,0 +1,33 @@
+{%- from "opencontrail/map.jinja" import control with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# DNS configuration options
+#
+
+[DEFAULT]
+# collectors= # Provided by discovery server
+# dns_config_file=dns_config.xml
+ hostip={{ control.bind.address }} # Resolved IP of `hostname`
+ hostname={{ pillar.linux.system.name }} # Retrieved as `hostname`
+# http_server_port=8092
+# dns_server_port=53
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-dns.log
+# log_files_count=10
+# log_file_size=1048576 # 1MB
+ log_level=SYS_NOTICE
+ log_local=1
+# test_mode=0
+
+[DISCOVERY]
+# port=5998
+ server={{ control.discovery.host }} # discovery-server IP address
+
+[IFMAP]
+ certs_store=
+ password={{ control.bind.address }}.dns
+# server_url= # Provided by discovery server, e.g. https://127.0.0.1:8443
+ user={{ control.bind.address }}.dns
+
diff --git a/opencontrail/files/2.1/contrail-keystone-auth.conf b/opencontrail/files/2.1/contrail-keystone-auth.conf
new file mode 100644
index 0000000..c4ca1d1
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-keystone-auth.conf
@@ -0,0 +1,12 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[KEYSTONE]
+auth_host={{ config.identity.host }}
+auth_protocol=http
+auth_port={{ config.identity.port }}
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
+insecure=True
+#memcache_servers=127.0.0.1:11211
+memcache_servers={% for member in config.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{% endfor %}
diff --git a/opencontrail/files/2.1/contrail-query-engine.conf b/opencontrail/files/2.1/contrail-query-engine.conf
new file mode 100644
index 0000000..2220223
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-query-engine.conf
@@ -0,0 +1,31 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# Query-Engine configuration options
+#
+
+[DEFAULT]
+# analytics_data_ttl=48
+ cassandra_server_list={% for member in collector.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+ collectors=127.0.0.1:8086
+ hostip=$__contrail_host_ip__ # Resolved IP of `hostname`
+# hostname= # Retrieved as `hostname`
+ http_server_port=8091
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-query-engine.log
+# log_files_count=10
+# log_file_size=1048576 # 1MB
+ log_level=SYS_NOTICE
+ log_local=0
+# test_mode=0
+
+[DISCOVERY]
+# port=5998
+# server= # discovery_server IP address
+
+[REDIS]
+ port=6379
+ server=127.0.0.1
+
diff --git a/opencontrail/files/2.1/contrail-schema.conf b/opencontrail/files/2.1/contrail-schema.conf
new file mode 100644
index 0000000..d9b8e6f
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-schema.conf
@@ -0,0 +1,28 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+ifmap_server_ip={{ config.bind.address }}
+ifmap_server_port=8443
+ifmap_username=schema-transformer
+ifmap_password=schema-transformer
+api_server_ip={{ config.discovery.host }}
+api_server_port=8082
+#zk_server_ip=10.0.102.31:2181,10.0.102.32:2181,10.0.102.33:2181
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+log_file=/var/log/contrail/schema.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+log_local=1
+log_level=SYS_NOTICE
+
+[SECURITY]
+use_certs=False
+keyfile=/etc/contrail/ssl/private_keys/schema_xfer_key.pem
+certfile=/etc/contrail/ssl/certs/schema_xfer.pem
+ca_certs=/etc/contrail/ssl/certs/ca.pem
+
+[KEYSTONE]
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
diff --git a/opencontrail/files/2.1/contrail-svc-monitor.conf b/opencontrail/files/2.1/contrail-svc-monitor.conf
new file mode 100644
index 0000000..2e78b5e
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-svc-monitor.conf
@@ -0,0 +1,38 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+
+[DEFAULTS]
+ifmap_server_ip={{ config.bind.address }}
+ifmap_server_port=8443
+ifmap_username=svc-monitor
+ifmap_password=svc-monitor
+api_server_ip={{ config.discovery.host }}
+api_server_port=8082
+#zk_server_ip=10.0.102.31:2181,10.0.102.32:2181,10.0.102.33:2181
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+log_file=/var/log/contrail/svc-monitor.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+region_name=RegionOne
+log_local=1
+log_level=SYS_NOTICE
+
+[SCHEDULER]
+analytics_server_ip={{ config.discovery.host }}
+analytics_server_port=8081
+
+[SECURITY]
+use_certs=False
+keyfile=/etc/contrail/ssl/private_keys/svc_monitor_key.pem
+certfile=/etc/contrail/ssl/certs/svc_monitor.pem
+ca_certs=/etc/contrail/ssl/certs/ca.pem
+
+[KEYSTONE]
+auth_host={{ config.identity.host }}
+auth_protocol=http
+auth_port={{ config.identity.port }}
+auth_insecure=True
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
diff --git a/opencontrail/files/2.1/contrail-vrouter-agent.conf b/opencontrail/files/2.1/contrail-vrouter-agent.conf
new file mode 100644
index 0000000..76b6d5f
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-vrouter-agent.conf
@@ -0,0 +1,160 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server=10.0.0.1 10.0.0.2
+
+[DEFAULT]
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors=127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug=0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout=0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname=
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port=8085
+
+# Category for logging. Default value is '*'
+# log_category=
+
+# Local log file name
+log_file=/var/log/contrail/contrail-vrouter-agent.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level=SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+log_local=1
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type=
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode=
+headless_mode=true
+
+[DISCOVERY]
+# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is
+# mandatory. Else this section is optional
+
+# IP address of discovery server
+server={{ compute.discovery.host }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+max_control_nodes=2
+
+[DNS]
+# IP address and port to be used to connect to dns-node. Maximum of 2 IP
+# addresses (separated by a space) can be provided. If no IP is configured then
+# the value provided by discovery service will be used.
+# server=10.0.0.1:53 10.0.0.2:53
+
+[HYPERVISOR]
+# Everything in this section is optional
+
+# Hypervisor type. Possible values are kvm, xen and vmware
+type=kvm
+#vmware_mode=
+# Link-local IP address and prefix in ip/prefix_len format (for xen)
+# xen_ll_ip=
+
+# Link-local interface name when hypervisor type is Xen
+# xen_ll_interface=
+
+# Physical interface name when hypervisor type is vmware
+vmware_physical_interface=
+
+[FLOWS]
+# Everything in this section is optional
+
+# Maximum flows allowed per VM (given as % of maximum system flows)
+# max_vm_flows=100
+# Maximum number of link-local flows allowed across all VMs
+# max_system_linklocal_flows=4096
+# Maximum number of link-local flows allowed per VM
+# max_vm_linklocal_flows=1024
+
+[METADATA]
+# Shared secret for metadata proxy service (Optional)
+# metadata_proxy_secret=contrail
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip={{ compute.interface.address }}
+
+[VIRTUAL-HOST-INTERFACE]
+# Everything in this section is mandatory
+
+# name of virtual host interface
+name=vhost0
+
+# IP address and prefix in ip/prefix_len format
+ip={{ compute.interface.address }}/{{ compute.interface.mask }}
+
+# Gateway IP address for virtual host
+gateway={{ compute.interface.gateway }}
+
+# Physical interface name to which virtual host interface maps to
+physical_interface={{ compute.interface.dev }}
+
+# We can have multiple gateway sections with different indices in the
+# following format
+# [GATEWAY-0]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance=default-domain:admin:public:public
+
+# Gateway interface name
+# interface=vgw
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks=1.1.1.1/24
+
+# [GATEWAY-1]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance=default-domain:admin:public1:public1
+
+# Gateway interface name
+# interface=vgw1
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks=2.2.1.0/24 2.2.2.0/24
+
+# Routes to be exported in routing_instance. Each route is represented as
+# ip/prefix. Multiple routes are represented by separating each with a space
+# routes=10.10.10.1/24 11.11.11.1/24
+
+[SERVICE-INSTANCE]
+# Path to the script which handles the netns commands
+netns_command=/usr/bin/opencontrail-vrouter-netns
+
+# Number of workers that will be used to start netns commands
+#netns_workers=1
+
+# Timeout for each netns command, when the timeout is reached, the netns
+# command is killed.
+#netns_timeout=30
\ No newline at end of file
diff --git a/opencontrail/files/2.1/contrail-webui-userauth.js b/opencontrail/files/2.1/contrail-webui-userauth.js
new file mode 100644
index 0000000..e1a19d7
--- /dev/null
+++ b/opencontrail/files/2.1/contrail-webui-userauth.js
@@ -0,0 +1,15 @@
+{%- from "opencontrail/map.jinja" import web with context %}
+/*
+ * Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+ */
+
+/****************************************************************************
+ * Specify the authentication parameters for admin user
+ ****************************************************************************/
+var auth = {};
+auth.admin_user = '{{ web.identity.user }}';
+auth.admin_password = '{{ web.identity.password }}';
+auth.admin_token = '{{ web.identity.token }}';
+auth.admin_tenant_name = '{{ web.identity.tenant }}';
+
+module.exports = auth;
diff --git a/opencontrail/files/2.1/control/contrail-named.conf b/opencontrail/files/2.1/control/contrail-named.conf
new file mode 100644
index 0000000..18ef5af
--- /dev/null
+++ b/opencontrail/files/2.1/control/contrail-named.conf
@@ -0,0 +1,44 @@
+options {
+ directory "/etc/contrail/dns/";
+ managed-keys-directory "/etc/contrail/dns/";
+ empty-zones-enable no;
+ pid-file "/etc/contrail/dns/named.pid";
+ listen-on port 53 { any; };
+ allow-query { any; };
+ allow-recursion { any; };
+ allow-query-cache { any; };
+};
+
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "xvysmOR8lnUQRBcunkC6vg==";
+};
+
+controls {
+ inet 127.0.0.1 port 8094
+ allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+
+logging {
+ channel debug_log {
+ file "/var/log/contrail/contrail-named.log" versions 3 size 5m;
+ severity debug;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+ category default {
+ debug_log;
+ };
+ category queries {
+ debug_log;
+ };
+};
+
+view "_default_view_" {
+ match-clients {any;};
+ match-destinations {any;};
+ match-recursive-only no;
+ forwarders {10.0.110.18; };
+};
+
diff --git a/opencontrail/files/2.1/control/contrail-rndc.conf b/opencontrail/files/2.1/control/contrail-rndc.conf
new file mode 100644
index 0000000..5a820a1
--- /dev/null
+++ b/opencontrail/files/2.1/control/contrail-rndc.conf
@@ -0,0 +1,11 @@
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "xvysmOR8lnUQRBcunkC6vg==";
+};
+
+options {
+ default-key "rndc-key";
+ default-server 127.0.0.1;
+ default-port 8094;
+};
+
diff --git a/opencontrail/files/2.1/ctrl-details b/opencontrail/files/2.1/ctrl-details
new file mode 100644
index 0000000..0d6ff4c
--- /dev/null
+++ b/opencontrail/files/2.1/ctrl-details
@@ -0,0 +1,12 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+CONTROLLER_MGMT={{ common.identity.host }}
+SERVICE_TOKEN={{ common.identity.token }}
+ADMIN_TOKEN={{ common.identity.password }}
+CONTROLLER={{ common.identity.host }}
+QUANTUM={{ common.network.host }}
+QUANTUM_PORT={{ common.network.port }}
+COMPUTE=None
+AUTH_PROTOCOL=http
+QUANTUM_PROTOCOL=http
+AMQP_SERVER={{ common.identity.host }}
+INTERNAL_VIP={{ common.identity.host }}
diff --git a/opencontrail/files/2.1/database/cassandra-env.sh b/opencontrail/files/2.1/database/cassandra-env.sh
new file mode 100644
index 0000000..011c84c
--- /dev/null
+++ b/opencontrail/files/2.1/database/cassandra-env.sh
@@ -0,0 +1,301 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+calculate_heap_sizes()
+{
+ case "`uname`" in
+ Linux)
+ system_memory_in_mb=`free -m | awk '/:/ {print $2;exit}'`
+ system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo`
+ ;;
+ FreeBSD)
+ system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'`
+ system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
+ system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
+ ;;
+ SunOS)
+ system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'`
+ system_cpu_cores=`psrinfo | wc -l`
+ ;;
+ Darwin)
+ system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'`
+ system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
+ system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
+ ;;
+ *)
+ # assume reasonable defaults for e.g. a modern desktop or
+ # cheap server
+ system_memory_in_mb="2048"
+ system_cpu_cores="2"
+ ;;
+ esac
+
+ # some systems like the raspberry pi don't report cores, use at least 1
+ if [ "$system_cpu_cores" -lt "1" ]
+ then
+ system_cpu_cores="1"
+ fi
+
+ # set max heap size based on the following
+ # max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB))
+ # calculate 1/2 ram and cap to 1024MB
+ # calculate 1/4 ram and cap to 8192MB
+ # pick the max
+ half_system_memory_in_mb=`expr $system_memory_in_mb / 2`
+ quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2`
+ if [ "$half_system_memory_in_mb" -gt "1024" ]
+ then
+ half_system_memory_in_mb="1024"
+ fi
+ if [ "$quarter_system_memory_in_mb" -gt "8192" ]
+ then
+ quarter_system_memory_in_mb="8192"
+ fi
+ if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ]
+ then
+ max_heap_size_in_mb="$half_system_memory_in_mb"
+ else
+ max_heap_size_in_mb="$quarter_system_memory_in_mb"
+ fi
+ MAX_HEAP_SIZE="${max_heap_size_in_mb}M"
+
+ # Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size)
+ max_sensible_yg_per_core_in_mb="100"
+ max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores`
+
+ desired_yg_in_mb=`expr $max_heap_size_in_mb / 4`
+
+ if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ]
+ then
+ HEAP_NEWSIZE="${max_sensible_yg_in_mb}M"
+ else
+ HEAP_NEWSIZE="${desired_yg_in_mb}M"
+ fi
+}
+
+# Determine the sort of JVM we'll be running on.
+
+java_ver_output=`"${JAVA:-java}" -version 2>&1`
+
+jvmver=`echo "$java_ver_output" | grep '[openjdk|java] version' | awk -F'"' 'NR==1 {print $2}'`
+JVM_VERSION=${jvmver%_*}
+JVM_PATCH_VERSION=${jvmver#*_}
+
+if [ "$JVM_VERSION" \< "1.7" ] ; then
+ echo "Cassandra 2.0 and later require Java 7u25 or later."
+ exit 1;
+fi
+
+if [ "$JVM_VERSION" \< "1.8" ] && [ "$JVM_PATCH_VERSION" \< "25" ] ; then
+ echo "Cassandra 2.0 and later require Java 7u25 or later."
+ exit 1;
+fi
+
+
+jvm=`echo "$java_ver_output" | grep -A 1 'java version' | awk 'NR==2 {print $1}'`
+case "$jvm" in
+ OpenJDK)
+ JVM_VENDOR=OpenJDK
+ # this will be "64-Bit" or "32-Bit"
+ JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $2}'`
+ ;;
+ "Java(TM)")
+ JVM_VENDOR=Oracle
+ # this will be "64-Bit" or "32-Bit"
+ JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $3}'`
+ ;;
+ *)
+ # Help fill in other JVM values
+ JVM_VENDOR=other
+ JVM_ARCH=unknown
+ ;;
+esac
+
+
+# Override these to set the amount of memory to allocate to the JVM at
+# start-up. For production use you may wish to adjust this for your
+# environment. MAX_HEAP_SIZE is the total amount of memory dedicated
+# to the Java heap; HEAP_NEWSIZE refers to the size of the young
+# generation. Both MAX_HEAP_SIZE and HEAP_NEWSIZE should be either set
+# or not (if you set one, set the other).
+#
+# The main trade-off for the young generation is that the larger it
+# is, the longer GC pause times will be. The shorter it is, the more
+# expensive GC will be (usually).
+#
+# The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause
+# times. If in doubt, and if you do not particularly want to tweak, go with
+# 100 MB per physical CPU core.
+
+#MAX_HEAP_SIZE="4G"
+#HEAP_NEWSIZE="800M"
+
+# Set this to control the amount of arenas per-thread in glibc
+#export MALLOC_ARENA_MAX=4
+
+if [ "x$MAX_HEAP_SIZE" = "x" ] && [ "x$HEAP_NEWSIZE" = "x" ]; then
+ calculate_heap_sizes
+else
+ if [ "x$MAX_HEAP_SIZE" = "x" ] || [ "x$HEAP_NEWSIZE" = "x" ]; then
+ echo "please set or unset MAX_HEAP_SIZE and HEAP_NEWSIZE in pairs (see cassandra-env.sh)"
+ exit 1
+ fi
+fi
+
+if [ "x$MALLOC_ARENA_MAX" = "x" ]
+then
+ export MALLOC_ARENA_MAX=4
+fi
+
+# Specifies the default port over which Cassandra will be available for
+# JMX connections.
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+JMX_PORT="7199"
+
+
+# Here we create the arguments that will get passed to the jvm when
+# starting cassandra.
+
+# enable assertions. disabling this in production will give a modest
+# performance benefit (around 5%).
+JVM_OPTS="$JVM_OPTS -ea"
+
+# add the jamm javaagent
+JVM_OPTS="$JVM_OPTS -javaagent:$CASSANDRA_HOME/lib/jamm-0.3.0.jar"
+
+# some JVMs will fill up their heap when accessed via JMX, see CASSANDRA-6541
+JVM_OPTS="$JVM_OPTS -XX:+CMSClassUnloadingEnabled"
+
+# enable thread priorities, primarily so we can give periodic tasks
+# a lower priority to avoid interfering with client workload
+JVM_OPTS="$JVM_OPTS -XX:+UseThreadPriorities"
+# allows lowering thread priority without being root. see
+# http://tech.stolsvik.com/2010/01/linux-java-thread-priorities-workaround.html
+JVM_OPTS="$JVM_OPTS -XX:ThreadPriorityPolicy=42"
+
+# min and max heap sizes should be set to the same value to avoid
+# stop-the-world GC pauses during resize, and so that we can lock the
+# heap in memory on startup to prevent any of it from being swapped
+# out.
+JVM_OPTS="$JVM_OPTS -Xms${MAX_HEAP_SIZE}"
+JVM_OPTS="$JVM_OPTS -Xmx${MAX_HEAP_SIZE}"
+JVM_OPTS="$JVM_OPTS -Xmn${HEAP_NEWSIZE}"
+JVM_OPTS="$JVM_OPTS -XX:+HeapDumpOnOutOfMemoryError"
+
+# set jvm HeapDumpPath with CASSANDRA_HEAPDUMP_DIR
+if [ "x$CASSANDRA_HEAPDUMP_DIR" != "x" ]; then
+ JVM_OPTS="$JVM_OPTS -XX:HeapDumpPath=$CASSANDRA_HEAPDUMP_DIR/cassandra-`date +%s`-pid$$.hprof"
+fi
+
+
+startswith() { [ "${1#$2}" != "$1" ]; }
+
+# Per-thread stack size.
+JVM_OPTS="$JVM_OPTS -Xss256k"
+
+# Larger interned string table, for gossip's benefit (CASSANDRA-6410)
+JVM_OPTS="$JVM_OPTS -XX:StringTableSize=1000003"
+
+# GC tuning options
+JVM_OPTS="$JVM_OPTS -XX:+UseParNewGC"
+JVM_OPTS="$JVM_OPTS -XX:+UseConcMarkSweepGC"
+JVM_OPTS="$JVM_OPTS -XX:+CMSParallelRemarkEnabled"
+JVM_OPTS="$JVM_OPTS -XX:SurvivorRatio=8"
+JVM_OPTS="$JVM_OPTS -XX:MaxTenuringThreshold=1"
+JVM_OPTS="$JVM_OPTS -XX:CMSInitiatingOccupancyFraction=75"
+JVM_OPTS="$JVM_OPTS -XX:+UseCMSInitiatingOccupancyOnly"
+JVM_OPTS="$JVM_OPTS -XX:+UseTLAB"
+JVM_OPTS="$JVM_OPTS -XX:CompileCommandFile=$CASSANDRA_CONF/hotspot_compiler"
+JVM_OPTS="$JVM_OPTS -XX:CMSWaitDuration=10000"
+
+# note: bash evals '1.7.x' as > '1.7' so this is really a >= 1.7 jvm check
+if { [ "$JVM_VERSION" \> "1.7" ] && [ "$JVM_VERSION" \< "1.8.0" ] && [ "$JVM_PATCH_VERSION" -ge "60" ]; } || [ "$JVM_VERSION" \> "1.8" ] ; then
+ JVM_OPTS="$JVM_OPTS -XX:+CMSParallelInitialMarkEnabled -XX:+CMSEdenChunksRecordAlways -XX:CMSWaitDuration=10000"
+fi
+
+if [ "$JVM_ARCH" = "64-Bit" ] ; then
+ JVM_OPTS="$JVM_OPTS -XX:+UseCondCardMark"
+fi
+
+# GC logging options -- uncomment to enable
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCDetails"
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCDateStamps"
+JVM_OPTS="$JVM_OPTS -XX:+PrintHeapAtGC"
+JVM_OPTS="$JVM_OPTS -XX:+PrintTenuringDistribution"
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCApplicationStoppedTime"
+JVM_OPTS="$JVM_OPTS -XX:+PrintPromotionFailure"
+JVM_OPTS="$JVM_OPTS -XX:PrintFLSStatistics=1"
+JVM_OPTS="$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log"
+# If you are using JDK 6u34 7u2 or later you can enable GC log rotation
+# don't stick the date in the log name if rotation is on.
+# JVM_OPTS="$JVM_OPTS -Xloggc:/var/log/cassandra/gc.log"
+# JVM_OPTS="$JVM_OPTS -XX:+UseGCLogFileRotation"
+# JVM_OPTS="$JVM_OPTS -XX:NumberOfGCLogFiles=10"
+# JVM_OPTS="$JVM_OPTS -XX:GCLogFileSize=10M"
+
+# Configure the following for JEMallocAllocator and if jemalloc is not available in the system
+# library path (Example: /usr/local/lib/). Usually "make install" will do the right thing.
+# export LD_LIBRARY_PATH=<JEMALLOC_HOME>/lib/
+# JVM_OPTS="$JVM_OPTS -Djava.library.path=<JEMALLOC_HOME>/lib/"
+
+# uncomment to have Cassandra JVM listen for remote debuggers/profilers on port 1414
+# JVM_OPTS="$JVM_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=1414"
+
+# uncomment to have Cassandra JVM log internal method compilation (developers only)
+# JVM_OPTS="$JVM_OPTS -XX:+UnlockDiagnosticVMOptions -XX:+LogCompilation"
+
+# Prefer binding to IPv4 network intefaces (when net.ipv6.bindv6only=1). See
+# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6342561 (short version:
+# comment out this entry to enable IPv6 support).
+JVM_OPTS="$JVM_OPTS -Djava.net.preferIPv4Stack=true"
+
+# jmx: metrics and administration interface
+#
+# add this if you're having trouble connecting:
+# JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=<public name>"
+#
+# see
+# https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
+# for more on configuring JMX through firewalls, etc. (Short version:
+# get it working with no firewall first.)
+#
+# Cassandra ships with JMX accessible *only* from localhost.
+# To enable remote JMX connections, uncomment lines below
+# with authentication and/or ssl enabled. See https://wiki.apache.org/cassandra/JmxSecurity
+#
+LOCAL_JMX=yes
+
+if [ "$LOCAL_JMX" = "yes" ]; then
+ JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT -XX:+DisableExplicitGC"
+else
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password"
+fi
+
+# To use mx4j, an HTML interface for JMX, add mx4j-tools.jar to the lib/
+# directory.
+# See http://wiki.apache.org/cassandra/Operations#Monitoring_with_MX4J
+# By default mx4j listens on 0.0.0.0:8081. Uncomment the following lines
+# to control its listen address and port.
+#MX4J_ADDRESS="-Dmx4jaddress=127.0.0.1"
+#MX4J_PORT="-Dmx4jport=8081"
+
+JVM_OPTS="$JVM_OPTS $MX4J_ADDRESS"
+JVM_OPTS="$JVM_OPTS $MX4J_PORT"
+JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS"
diff --git a/opencontrail/files/2.1/database/log4j.properties b/opencontrail/files/2.1/database/log4j.properties
new file mode 100644
index 0000000..0d4c4e7
--- /dev/null
+++ b/opencontrail/files/2.1/database/log4j.properties
@@ -0,0 +1,51 @@
+#
+# ZooKeeper Logging Configuration
+#
+
+# Format is "<default threshold> (, <appender>)+
+
+log4j.rootLogger=${zookeeper.root.logger}
+
+# Example: console appender only
+# log4j.rootLogger=INFO, CONSOLE
+
+# Example with rolling log file
+#log4j.rootLogger=DEBUG, CONSOLE, ROLLINGFILE
+
+# Example with rolling log file and tracing
+#log4j.rootLogger=TRACE, CONSOLE, ROLLINGFILE, TRACEFILE
+
+#
+# Log INFO level and above messages to the console
+#
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+#
+# Add ROLLINGFILE to rootLogger to get log file output
+# Log DEBUG level and above messages to a log file
+log4j.appender.ROLLINGFILE=org.apache.log4j.RollingFileAppender
+log4j.appender.ROLLINGFILE.Threshold=DEBUG
+log4j.appender.ROLLINGFILE.File=${zookeeper.log.dir}/zookeeper.log
+
+# Max log file size of 10MB
+log4j.appender.ROLLINGFILE.MaxFileSize=10MB
+# uncomment the next line to limit number of backup files
+log4j.appender.ROLLINGFILE.MaxBackupIndex=10
+
+log4j.appender.ROLLINGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.ROLLINGFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+
+#
+# Add TRACEFILE to rootLogger to get log file output
+# Log DEBUG level and above messages to a log file
+log4j.appender.TRACEFILE=org.apache.log4j.FileAppender
+log4j.appender.TRACEFILE.Threshold=TRACE
+log4j.appender.TRACEFILE.File=${zookeeper.log.dir}/zookeeper_trace.log
+
+log4j.appender.TRACEFILE.layout=org.apache.log4j.PatternLayout
+### Notice we are including log4j's NDC here (%x)
+log4j.appender.TRACEFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L][%x] - %m%n
diff --git a/opencontrail/files/2.1/database_nodemgr_param b/opencontrail/files/2.1/database_nodemgr_param
new file mode 100644
index 0000000..6cdb496
--- /dev/null
+++ b/opencontrail/files/2.1/database_nodemgr_param
@@ -0,0 +1,2 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+DISCOVERY={{ database.discovery.host }}
diff --git a/opencontrail/files/2.1/default_pmac b/opencontrail/files/2.1/default_pmac
new file mode 100644
index 0000000..874d3ee
--- /dev/null
+++ b/opencontrail/files/2.1/default_pmac
@@ -0,0 +1,2 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+{{ compute.interface.default_pmac }}
\ No newline at end of file
diff --git a/opencontrail/files/2.1/keystonerc b/opencontrail/files/2.1/keystonerc
new file mode 100644
index 0000000..b665fac
--- /dev/null
+++ b/opencontrail/files/2.1/keystonerc
@@ -0,0 +1,4 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+export OS_USERNAME=admin
+export SERVICE_TOKEN={{ common.identity.token }}
+export OS_SERVICE_ENDPOINT=http://{{ common.identity.host }}:{{ common.identity.port }}/v2.0
diff --git a/opencontrail/files/2.1/openstackrc b/opencontrail/files/2.1/openstackrc
new file mode 100644
index 0000000..7c8ef03
--- /dev/null
+++ b/opencontrail/files/2.1/openstackrc
@@ -0,0 +1,6 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+export OS_USERNAME=admin
+export OS_PASSWORD={{ common.identity.password }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://{{ common.identity.host }}:5000/v2.0/
+export OS_NO_CACHE=1
diff --git a/opencontrail/files/2.1/vnc_api_lib.ini b/opencontrail/files/2.1/vnc_api_lib.ini
new file mode 100644
index 0000000..9465554
--- /dev/null
+++ b/opencontrail/files/2.1/vnc_api_lib.ini
@@ -0,0 +1,17 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[global]
+;WEB_SERVER = 127.0.0.1
+;WEB_PORT = 9696 ; connection through quantum plugin
+
+WEB_SERVER = 127.0.0.1
+WEB_PORT = 8082 ; connection to api-server directly
+BASE_URL = /
+;BASE_URL = /tenants/infra ; common-prefix for all URLs
+
+; Authentication settings (optional)
+[auth]
+AUTHN_TYPE = keystone
+AUTHN_PROTOCOL = http
+AUTHN_SERVER= {{ config.identity.host }}
+AUTHN_PORT = {{ config.identity.port }}
+AUTHN_URL = /v2.0/tokens
diff --git a/opencontrail/files/2.1/vrouter_nodemgr_param b/opencontrail/files/2.1/vrouter_nodemgr_param
new file mode 100644
index 0000000..f8d803f
--- /dev/null
+++ b/opencontrail/files/2.1/vrouter_nodemgr_param
@@ -0,0 +1,2 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+DISCOVERY={{ compute.discovery.host }}
diff --git a/opencontrail/files/2.1/zoo.cfg b/opencontrail/files/2.1/zoo.cfg
new file mode 100644
index 0000000..c2e245e
--- /dev/null
+++ b/opencontrail/files/2.1/zoo.cfg
@@ -0,0 +1,61 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+# http://hadoop.apache.org/zookeeper/docs/current/zookeeperAdmin.html
+
+# The number of milliseconds of each tick
+tickTime=2000
+# The number of ticks that the initial
+# synchronization phase can take
+initLimit=10
+# The number of ticks that can pass between
+# sending a request and getting an acknowledgement
+syncLimit=5
+# the directory where the snapshot is stored.
+dataDir=/var/lib/zookeeper
+# Place the dataLogDir to a separate physical disc for better performance
+# dataLogDir=/disk2/zookeeper
+
+# the port at which the clients will connect
+clientPort=2181
+
+# specify all zookeeper servers
+# The fist port is used by followers to connect to the leader
+# The second one is used for leader election
+#server.1=zookeeper1:2888:3888
+#server.2=zookeeper2:2888:3888
+#server.3=zookeeper3:2888:3888
+
+
+# To avoid seeks ZooKeeper allocates space in the transaction log file in
+# blocks of preAllocSize kilobytes. The default block size is 64M. One reason
+# for changing the size of the blocks is to reduce the block size if snapshots
+# are taken more often. (Also, see snapCount).
+#preAllocSize=65536
+
+# Clients can submit requests faster than ZooKeeper can process them,
+# especially if there are a lot of clients. To prevent ZooKeeper from running
+# out of memory due to queued requests, ZooKeeper will throttle clients so that
+# there is no more than globalOutstandingLimit outstanding requests in the
+# system. The default limit is 1,000.ZooKeeper logs transactions to a
+# transaction log. After snapCount transactions are written to a log file a
+# snapshot is started and a new transaction log file is started. The default
+# snapCount is 10,000.
+#snapCount=1000
+
+# If this option is defined, requests will be will logged to a trace file named
+# traceFile.year.month.day.
+#traceFile=
+
+# Leader accepts client connections. Default value is "yes". The leader machine
+# coordinates updates. For higher update throughput at thes slight expense of
+# read throughput the leader can be configured to not accept clients and focus
+# on coordination.
+#leaderServes=yes
+
+maxSessionTimeout=120000
+autopurge.purgeInterval=3
+{%- for member in database.members %}
+server.{{ member.id }}={{ member.host }}:2888:3888
+{%- endfor %}
+#server.1=10.0.222.2:2888:3888
+#server.2=10.0.222.3:2888:3888
+#server.3=10.0.222.4:2888:3888
diff --git a/opencontrail/files/2.2/agent_param b/opencontrail/files/2.2/agent_param
new file mode 100644
index 0000000..5e2f602
--- /dev/null
+++ b/opencontrail/files/2.2/agent_param
@@ -0,0 +1,12 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+LOG=/var/log/contrail.log
+CONFIG=/etc/contrail/contrail-vrouter-agent.conf
+prog=/usr/bin/contrail-vrouter-agent
+kmod=vrouter
+pname=contrail-vrouter-agent
+LIBDIR=/usr/lib64
+DEVICE=vhost0
+dev={{ compute.interface.dev }}
+vgw_subnet_ip=__VGW_SUBNET_IP__
+vgw_intf=__VGW_INTF_LIST__
+LOGFILE=--log-file=/var/log/contrail/vrouter.log
diff --git a/opencontrail/files/2.2/basicauthusers.properties b/opencontrail/files/2.2/basicauthusers.properties
new file mode 100644
index 0000000..7d62559
--- /dev/null
+++ b/opencontrail/files/2.2/basicauthusers.properties
@@ -0,0 +1,39 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+
+test:test
+test2:test2
+test3:test3
+api-server:api-server
+schema-transformer:schema-transformer
+svc-monitor:svc-monitor
+control-user:control-user-passwd
+control-node-1:control-node-1
+control-node-2:control-node-2
+control-node-3:control-node-3
+control-node-4:control-node-4
+control-node-5:control-node-5
+control-node-6:control-node-6
+control-node-7:control-node-7
+control-node-8:control-node-8
+control-node-9:control-node-9
+control-node-10:control-node-10
+dhcp:dhcp
+visual:visual
+sensor:sensor
+
+# compliance testsuite users
+mapclient:mapclient
+helper:mapclient
+
+# This is a read-only MAPC
+reader:reader
+{%- for member in config.members %}
+{{ member.host }}:{{ member.host }}
+{{ member.host }}.dns:{{ member.host }}.dns
+{%- endfor %}
+#10.0.102.31:10.0.102.31
+#10.0.102.31.dns:10.0.102.31.dns
+#10.0.102.32:10.0.102.32
+#10.0.102.32.dns:10.0.102.32.dns
+#10.0.102.33:10.0.102.33
+#10.0.102.33.dns:10.0.102.33.dns
diff --git a/opencontrail/files/2.2/cassandra.yaml b/opencontrail/files/2.2/cassandra.yaml
new file mode 100644
index 0000000..f2fe355
--- /dev/null
+++ b/opencontrail/files/2.2/cassandra.yaml
@@ -0,0 +1,795 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+# Cassandra storage config YAML
+
+# NOTE:
+# See http://wiki.apache.org/cassandra/StorageConfiguration for
+# full explanations of configuration directives
+# /NOTE
+
+# The name of the cluster. This is mainly used to prevent machines in
+# one logical cluster from joining another.
+cluster_name: '{{ database.name }}'
+
+# This defines the number of tokens randomly assigned to this node on the ring
+# The more tokens, relative to other nodes, the larger the proportion of data
+# that this node will store. You probably want all nodes to have the same number
+# of tokens assuming they have equal hardware capability.
+#
+# If you leave this unspecified, Cassandra will use the default of 1 token for legacy compatibility,
+# and will use the initial_token as described below.
+#
+# Specifying initial_token will override this setting on the node's initial start,
+# on subsequent starts, this setting will apply even if initial token is set.
+#
+# If you already have a cluster with 1 token per node, and wish to migrate to
+# multiple tokens per node, see http://wiki.apache.org/cassandra/Operations
+num_tokens: 256
+
+# initial_token allows you to specify tokens manually. While you can use # it with
+# vnodes (num_tokens > 1, above) -- in which case you should provide a
+# comma-separated list -- it's primarily used when adding nodes # to legacy clusters
+# that do not have vnodes enabled.
+# initial_token:
+
+# See http://wiki.apache.org/cassandra/HintedHandoff
+# May either be "true" or "false" to enable globally, or contain a list
+# of data centers to enable per-datacenter.
+# hinted_handoff_enabled: DC1,DC2
+hinted_handoff_enabled: true
+# this defines the maximum amount of time a dead host will have hints
+# generated. After it has been dead this long, new hints for it will not be
+# created until it has been seen alive and gone down again.
+max_hint_window_in_ms: 10800000 # 3 hours
+# Maximum throttle in KBs per second, per delivery thread. This will be
+# reduced proportionally to the number of nodes in the cluster. (If there
+# are two nodes in the cluster, each delivery thread will use the maximum
+# rate; if there are three, each will throttle to half of the maximum,
+# since we expect two nodes to be delivering hints simultaneously.)
+hinted_handoff_throttle_in_kb: 1024
+# Number of threads with which to deliver hints;
+# Consider increasing this number when you have multi-dc deployments, since
+# cross-dc handoff tends to be slower
+max_hints_delivery_threads: 2
+
+# Maximum throttle in KBs per second, total. This will be
+# reduced proportionally to the number of nodes in the cluster.
+batchlog_replay_throttle_in_kb: 1024
+
+# Authentication backend, implementing IAuthenticator; used to identify users
+# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthenticator,
+# PasswordAuthenticator}.
+#
+# - AllowAllAuthenticator performs no checks - set it to disable authentication.
+# - PasswordAuthenticator relies on username/password pairs to authenticate
+# users. It keeps usernames and hashed passwords in system_auth.credentials table.
+# Please increase system_auth keyspace replication factor if you use this authenticator.
+authenticator: AllowAllAuthenticator
+
+# Authorization backend, implementing IAuthorizer; used to limit access/provide permissions
+# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthorizer,
+# CassandraAuthorizer}.
+#
+# - AllowAllAuthorizer allows any action to any user - set it to disable authorization.
+# - CassandraAuthorizer stores permissions in system_auth.permissions table. Please
+# increase system_auth keyspace replication factor if you use this authorizer.
+authorizer: AllowAllAuthorizer
+
+# Validity period for permissions cache (fetching permissions can be an
+# expensive operation depending on the authorizer, CassandraAuthorizer is
+# one example). Defaults to 2000, set to 0 to disable.
+# Will be disabled automatically for AllowAllAuthorizer.
+permissions_validity_in_ms: 2000
+
+# Refresh interval for permissions cache (if enabled).
+# After this interval, cache entries become eligible for refresh. Upon next
+# access, an async reload is scheduled and the old value returned until it
+# completes. If permissions_validity_in_ms is non-zero, then this must be
+# also.
+# Defaults to the same value as permissions_validity_in_ms.
+# permissions_update_interval_in_ms: 1000
+
+# The partitioner is responsible for distributing groups of rows (by
+# partition key) across nodes in the cluster. You should leave this
+# alone for new clusters. The partitioner can NOT be changed without
+# reloading all data, so when upgrading you should set this to the
+# same partitioner you were already using.
+#
+# Besides Murmur3Partitioner, partitioners included for backwards
+# compatibility include RandomPartitioner, ByteOrderedPartitioner, and
+# OrderPreservingPartitioner.
+#
+partitioner: org.apache.cassandra.dht.Murmur3Partitioner
+
+# Directories where Cassandra should store data on disk. Cassandra
+# will spread data evenly across them, subject to the granularity of
+# the configured compaction strategy.
+# If not set, the default directory is $CASSANDRA_HOME/data/data.
+data_file_directories:
+ - /var/lib/cassandra/data
+
+# commit log. when running on magnetic HDD, this should be a
+# separate spindle than the data directories.
+# If not set, the default directory is $CASSANDRA_HOME/data/commitlog.
+commitlog_directory: /var/lib/cassandra/commitlog
+
+# policy for data disk failures:
+# die: shut down gossip and Thrift and kill the JVM for any fs errors or
+# single-sstable errors, so the node can be replaced.
+# stop_paranoid: shut down gossip and Thrift even for single-sstable errors.
+# stop: shut down gossip and Thrift, leaving the node effectively dead, but
+# can still be inspected via JMX.
+# best_effort: stop using the failed disk and respond to requests based on
+# remaining available sstables. This means you WILL see obsolete
+# data at CL.ONE!
+# ignore: ignore fatal errors and let requests fail, as in pre-1.2 Cassandra
+disk_failure_policy: stop
+
+# policy for commit disk failures:
+# die: shut down gossip and Thrift and kill the JVM, so the node can be replaced.
+# stop: shut down gossip and Thrift, leaving the node effectively dead, but
+# can still be inspected via JMX.
+# stop_commit: shutdown the commit log, letting writes collect but
+# continuing to service reads, as in pre-2.0.5 Cassandra
+# ignore: ignore fatal errors and let the batches fail
+commit_failure_policy: stop
+
+# Maximum size of the key cache in memory.
+#
+# Each key cache hit saves 1 seek and each row cache hit saves 2 seeks at the
+# minimum, sometimes more. The key cache is fairly tiny for the amount of
+# time it saves, so it's worthwhile to use it at large numbers.
+# The row cache saves even more time, but must contain the entire row,
+# so it is extremely space-intensive. It's best to only use the
+# row cache if you have hot rows or static rows.
+#
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is empty to make it "auto" (min(5% of Heap (in MB), 100MB)). Set to 0 to disable key cache.
+key_cache_size_in_mb:
+
+# Duration in seconds after which Cassandra should
+# save the key cache. Caches are saved to saved_caches_directory as
+# specified in this configuration file.
+#
+# Saved caches greatly improve cold-start speeds, and is relatively cheap in
+# terms of I/O for the key cache. Row cache saving is much more expensive and
+# has limited use.
+#
+# Default is 14400 or 4 hours.
+key_cache_save_period: 14400
+
+# Number of keys from the key cache to save
+# Disabled by default, meaning all keys are going to be saved
+# key_cache_keys_to_save: 100
+
+# Maximum size of the row cache in memory.
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is 0, to disable row caching.
+row_cache_size_in_mb: 0
+
+# Duration in seconds after which Cassandra should
+# save the row cache. Caches are saved to saved_caches_directory as specified
+# in this configuration file.
+#
+# Saved caches greatly improve cold-start speeds, and is relatively cheap in
+# terms of I/O for the key cache. Row cache saving is much more expensive and
+# has limited use.
+#
+# Default is 0 to disable saving the row cache.
+row_cache_save_period: 0
+
+# Number of keys from the row cache to save
+# Disabled by default, meaning all keys are going to be saved
+# row_cache_keys_to_save: 100
+
+# Maximum size of the counter cache in memory.
+#
+# Counter cache helps to reduce counter locks' contention for hot counter cells.
+# In case of RF = 1 a counter cache hit will cause Cassandra to skip the read before
+# write entirely. With RF > 1 a counter cache hit will still help to reduce the duration
+# of the lock hold, helping with hot counter cell updates, but will not allow skipping
+# the read entirely. Only the local (clock, count) tuple of a counter cell is kept
+# in memory, not the whole counter, so it's relatively cheap.
+#
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is empty to make it "auto" (min(2.5% of Heap (in MB), 50MB)). Set to 0 to disable counter cache.
+# NOTE: if you perform counter deletes and rely on low gcgs, you should disable the counter cache.
+counter_cache_size_in_mb:
+
+# Duration in seconds after which Cassandra should
+# save the counter cache (keys only). Caches are saved to saved_caches_directory as
+# specified in this configuration file.
+#
+# Default is 7200 or 2 hours.
+counter_cache_save_period: 7200
+
+# Number of keys from the counter cache to save
+# Disabled by default, meaning all keys are going to be saved
+# counter_cache_keys_to_save: 100
+
+# The off-heap memory allocator. Affects storage engine metadata as
+# well as caches. Experiments show that JEMAlloc saves some memory
+# than the native GCC allocator (i.e., JEMalloc is more
+# fragmentation-resistant).
+#
+# Supported values are: NativeAllocator, JEMallocAllocator
+#
+# If you intend to use JEMallocAllocator you have to install JEMalloc as library and
+# modify cassandra-env.sh as directed in the file.
+#
+# Defaults to NativeAllocator
+# memory_allocator: NativeAllocator
+
+# saved caches
+# If not set, the default directory is $CASSANDRA_HOME/data/saved_caches.
+saved_caches_directory: /var/lib/cassandra/saved_caches
+
+# commitlog_sync may be either "periodic" or "batch."
+#
+# When in batch mode, Cassandra won't ack writes until the commit log
+# has been fsynced to disk. It will wait
+# commitlog_sync_batch_window_in_ms milliseconds between fsyncs.
+# This window should be kept short because the writer threads will
+# be unable to do extra work while waiting. (You may need to increase
+# concurrent_writes for the same reason.)
+#
+# commitlog_sync: batch
+# commitlog_sync_batch_window_in_ms: 2
+#
+# the other option is "periodic" where writes may be acked immediately
+# and the CommitLog is simply synced every commitlog_sync_period_in_ms
+# milliseconds.
+commitlog_sync: periodic
+commitlog_sync_period_in_ms: 10000
+
+# The size of the individual commitlog file segments. A commitlog
+# segment may be archived, deleted, or recycled once all the data
+# in it (potentially from each columnfamily in the system) has been
+# flushed to sstables.
+#
+# The default size is 32, which is almost always fine, but if you are
+# archiving commitlog segments (see commitlog_archiving.properties),
+# then you probably want a finer granularity of archiving; 8 or 16 MB
+# is reasonable.
+commitlog_segment_size_in_mb: 32
+
+# any class that implements the SeedProvider interface and has a
+# constructor that takes a Map<String, String> of parameters will do.
+seed_provider:
+ # Addresses of hosts that are deemed contact points.
+ # Cassandra nodes use this list of hosts to find each other and learn
+ # the topology of the ring. You must change this if you are running
+ # multiple nodes!
+ - class_name: org.apache.cassandra.locator.SimpleSeedProvider
+ parameters:
+ # seeds is actually a comma-delimited list of addresses.
+ # Ex: "<ip1>,<ip2>,<ip3>"
+ - seeds: "{%- for member in database.members %}{{ member.host }},{%- endfor %}"
+
+# For workloads with more data than can fit in memory, Cassandra's
+# bottleneck will be reads that need to fetch data from
+# disk. "concurrent_reads" should be set to (16 * number_of_drives) in
+# order to allow the operations to enqueue low enough in the stack
+# that the OS and drives can reorder them. Same applies to
+# "concurrent_counter_writes", since counter writes read the current
+# values before incrementing and writing them back.
+#
+# On the other hand, since writes are almost never IO bound, the ideal
+# number of "concurrent_writes" is dependent on the number of cores in
+# your system; (8 * number_of_cores) is a good rule of thumb.
+concurrent_reads: 32
+concurrent_writes: 32
+concurrent_counter_writes: 32
+
+
+# Total memory to use for sstable-reading buffers. Defaults to
+# the smaller of 1/4 of heap or 512MB.
+# file_cache_size_in_mb: 512
+
+# Total permitted memory to use for memtables. Cassandra will stop
+# accepting writes when the limit is exceeded until a flush completes,
+# and will trigger a flush based on memtable_cleanup_threshold
+# If omitted, Cassandra will set both to 1/4 the size of the heap.
+# memtable_heap_space_in_mb: 2048
+# memtable_offheap_space_in_mb: 2048
+
+# Ratio of occupied non-flushing memtable size to total permitted size
+# that will trigger a flush of the largest memtable. Lager mct will
+# mean larger flushes and hence less compaction, but also less concurrent
+# flush activity which can make it difficult to keep your disks fed
+# under heavy write load.
+#
+# memtable_cleanup_threshold defaults to 1 / (memtable_flush_writers + 1)
+# memtable_cleanup_threshold: 0.11
+
+# Specify the way Cassandra allocates and manages memtable memory.
+# Options are:
+# heap_buffers: on heap nio buffers
+# offheap_buffers: off heap (direct) nio buffers
+# offheap_objects: native memory, eliminating nio buffer heap overhead
+memtable_allocation_type: heap_buffers
+
+# Total space to use for commitlogs. Since commitlog segments are
+# mmapped, and hence use up address space, the default size is 32
+# on 32-bit JVMs, and 8192 on 64-bit JVMs.
+#
+# If space gets above this value (it will round up to the next nearest
+# segment multiple), Cassandra will flush every dirty CF in the oldest
+# segment and remove it. So a small total commitlog space will tend
+# to cause more flush activity on less-active columnfamilies.
+# commitlog_total_space_in_mb: 8192
+
+# This sets the amount of memtable flush writer threads. These will
+# be blocked by disk io, and each one will hold a memtable in memory
+# while blocked.
+#
+# memtable_flush_writers defaults to the smaller of (number of disks,
+# number of cores), with a minimum of 2 and a maximum of 8.
+#
+# If your data directories are backed by SSD, you should increase this
+# to the number of cores.
+#memtable_flush_writers: 8
+
+# A fixed memory pool size in MB for for SSTable index summaries. If left
+# empty, this will default to 5% of the heap size. If the memory usage of
+# all index summaries exceeds this limit, SSTables with low read rates will
+# shrink their index summaries in order to meet this limit. However, this
+# is a best-effort process. In extreme conditions Cassandra may need to use
+# more than this amount of memory.
+index_summary_capacity_in_mb:
+
+# How frequently index summaries should be resampled. This is done
+# periodically to redistribute memory from the fixed-size pool to sstables
+# proportional their recent read rates. Setting to -1 will disable this
+# process, leaving existing index summaries at their current sampling level.
+index_summary_resize_interval_in_minutes: 60
+
+# Whether to, when doing sequential writing, fsync() at intervals in
+# order to force the operating system to flush the dirty
+# buffers. Enable this to avoid sudden dirty buffer flushing from
+# impacting read latencies. Almost always a good idea on SSDs; not
+# necessarily on platters.
+trickle_fsync: false
+trickle_fsync_interval_in_kb: 10240
+
+# TCP port, for commands and data
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+storage_port: 7000
+
+# SSL port, for encrypted communication. Unused unless enabled in
+# encryption_options
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+ssl_storage_port: 7001
+
+# Address or interface to bind to and tell other Cassandra nodes to connect to.
+# You _must_ change this if you want multiple nodes to be able to communicate!
+#
+# Set listen_address OR listen_interface, not both. Interfaces must correspond
+# to a single address, IP aliasing is not supported.
+#
+# Leaving it blank leaves it up to InetAddress.getLocalHost(). This
+# will always do the Right Thing _if_ the node is properly configured
+# (hostname, name resolution, etc), and the Right Thing is to use the
+# address associated with the hostname (it might not be).
+#
+# Setting listen_address to 0.0.0.0 is always wrong.
+#
+# If you choose to specify the interface by name and the interface has an ipv4 and an ipv6 address
+# you can specify which should be chosen using listen_interface_prefer_ipv6. If false the first ipv4
+# address will be used. If true the first ipv6 address will be used. Defaults to false preferring
+# ipv4. If there is only one address it will be selected regardless of ipv4/ipv6.
+listen_address: {{ database.bind.host }}
+# listen_interface: eth0
+# listen_interface_prefer_ipv6: false
+
+# Address to broadcast to other Cassandra nodes
+# Leaving this blank will set it to the same value as listen_address
+# broadcast_address: 1.2.3.4
+
+# Internode authentication backend, implementing IInternodeAuthenticator;
+# used to allow/disallow connections from peer nodes.
+# internode_authenticator: org.apache.cassandra.auth.AllowAllInternodeAuthenticator
+
+# Whether to start the native transport server.
+# Please note that the address on which the native transport is bound is the
+# same as the rpc_address. The port however is different and specified below.
+start_native_transport: true
+# port for the CQL native transport to listen for clients on
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+native_transport_port: 9042
+# The maximum threads for handling requests when the native transport is used.
+# This is similar to rpc_max_threads though the default differs slightly (and
+# there is no native_transport_min_threads, idle threads will always be stopped
+# after 30 seconds).
+# native_transport_max_threads: 128
+#
+# The maximum size of allowed frame. Frame (requests) larger than this will
+# be rejected as invalid. The default is 256MB.
+# native_transport_max_frame_size_in_mb: 256
+
+# The maximum number of concurrent client connections.
+# The default is -1, which means unlimited.
+# native_transport_max_concurrent_connections: -1
+
+# The maximum number of concurrent client connections per source ip.
+# The default is -1, which means unlimited.
+# native_transport_max_concurrent_connections_per_ip: -1
+
+# Whether to start the thrift rpc server.
+start_rpc: true
+
+# The address or interface to bind the Thrift RPC service and native transport
+# server to.
+#
+# Set rpc_address OR rpc_interface, not both. Interfaces must correspond
+# to a single address, IP aliasing is not supported.
+#
+# Leaving rpc_address blank has the same effect as on listen_address
+# (i.e. it will be based on the configured hostname of the node).
+#
+# Note that unlike listen_address, you can specify 0.0.0.0, but you must also
+# set broadcast_rpc_address to a value other than 0.0.0.0.
+#
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+#
+# If you choose to specify the interface by name and the interface has an ipv4 and an ipv6 address
+# you can specify which should be chosen using rpc_interface_prefer_ipv6. If false the first ipv4
+# address will be used. If true the first ipv6 address will be used. Defaults to false preferring
+# ipv4. If there is only one address it will be selected regardless of ipv4/ipv6.
+rpc_address: {{ database.bind.host }}
+# port for Thrift to listen for clients on
+rpc_port: {{ database.bind.rpc_port }}
+
+# RPC address to broadcast to drivers and other Cassandra nodes. This cannot
+# be set to 0.0.0.0. If left blank, this will be set to the value of
+# rpc_address. If rpc_address is set to 0.0.0.0, broadcast_rpc_address must
+# be set.
+# broadcast_rpc_address: 1.2.3.4
+
+# enable or disable keepalive on rpc/native connections
+rpc_keepalive: true
+
+# Cassandra provides two out-of-the-box options for the RPC Server:
+#
+# sync -> One thread per thrift connection. For a very large number of clients, memory
+# will be your limiting factor. On a 64 bit JVM, 180KB is the minimum stack size
+# per thread, and that will correspond to your use of virtual memory (but physical memory
+# may be limited depending on use of stack space).
+#
+# hsha -> Stands for "half synchronous, half asynchronous." All thrift clients are handled
+# asynchronously using a small number of threads that does not vary with the amount
+# of thrift clients (and thus scales well to many clients). The rpc requests are still
+# synchronous (one thread per active request). If hsha is selected then it is essential
+# that rpc_max_threads is changed from the default value of unlimited.
+#
+# The default is sync because on Windows hsha is about 30% slower. On Linux,
+# sync/hsha performance is about the same, with hsha of course using less memory.
+#
+# Alternatively, can provide your own RPC server by providing the fully-qualified class name
+# of an o.a.c.t.TServerFactory that can create an instance of it.
+rpc_server_type: sync
+
+# Uncomment rpc_min|max_thread to set request pool size limits.
+#
+# Regardless of your choice of RPC server (see above), the number of maximum requests in the
+# RPC thread pool dictates how many concurrent requests are possible (but if you are using the sync
+# RPC server, it also dictates the number of clients that can be connected at all).
+#
+# The default is unlimited and thus provides no protection against clients overwhelming the server. You are
+# encouraged to set a maximum that makes sense for you in production, but do keep in mind that
+# rpc_max_threads represents the maximum number of client requests this server may execute concurrently.
+#
+# rpc_min_threads: 16
+# rpc_max_threads: 2048
+
+# uncomment to set socket buffer sizes on rpc connections
+# rpc_send_buff_size_in_bytes:
+# rpc_recv_buff_size_in_bytes:
+
+# Uncomment to set socket buffer size for internode communication
+# Note that when setting this, the buffer size is limited by net.core.wmem_max
+# and when not setting it it is defined by net.ipv4.tcp_wmem
+# See:
+# /proc/sys/net/core/wmem_max
+# /proc/sys/net/core/rmem_max
+# /proc/sys/net/ipv4/tcp_wmem
+# /proc/sys/net/ipv4/tcp_wmem
+# and: man tcp
+# internode_send_buff_size_in_bytes:
+# internode_recv_buff_size_in_bytes:
+
+# Frame size for thrift (maximum message length).
+thrift_framed_transport_size_in_mb: 15
+
+# Set to true to have Cassandra create a hard link to each sstable
+# flushed or streamed locally in a backups/ subdirectory of the
+# keyspace data. Removing these links is the operator's
+# responsibility.
+incremental_backups: false
+
+# Whether or not to take a snapshot before each compaction. Be
+# careful using this option, since Cassandra won't clean up the
+# snapshots for you. Mostly useful if you're paranoid when there
+# is a data format change.
+snapshot_before_compaction: false
+
+# Whether or not a snapshot is taken of the data before keyspace truncation
+# or dropping of column families. The STRONGLY advised default of true
+# should be used to provide data safety. If you set this flag to false, you will
+# lose data on truncation or drop.
+auto_snapshot: true
+
+# When executing a scan, within or across a partition, we need to keep the
+# tombstones seen in memory so we can return them to the coordinator, which
+# will use them to make sure other replicas also know about the deleted rows.
+# With workloads that generate a lot of tombstones, this can cause performance
+# problems and even exaust the server heap.
+# (http://www.datastax.com/dev/blog/cassandra-anti-patterns-queues-and-queue-like-datasets)
+# Adjust the thresholds here if you understand the dangers and want to
+# scan more tombstones anyway. These thresholds may also be adjusted at runtime
+# using the StorageService mbean.
+tombstone_warn_threshold: 1000
+tombstone_failure_threshold: 100000
+
+# Granularity of the collation index of rows within a partition.
+# Increase if your rows are large, or if you have a very large
+# number of rows per partition. The competing goals are these:
+# 1) a smaller granularity means more index entries are generated
+# and looking up rows withing the partition by collation column
+# is faster
+# 2) but, Cassandra will keep the collation index in memory for hot
+# rows (as part of the key cache), so a larger granularity means
+# you can cache more hot rows
+column_index_size_in_kb: 64
+
+
+# Log WARN on any batch size exceeding this value. 5kb per batch by default.
+# Caution should be taken on increasing the size of this threshold as it can lead to node instability.
+batch_size_warn_threshold_in_kb: 5
+
+# Number of simultaneous compactions to allow, NOT including
+# validation "compactions" for anti-entropy repair. Simultaneous
+# compactions can help preserve read performance in a mixed read/write
+# workload, by mitigating the tendency of small sstables to accumulate
+# during a single long running compactions. The default is usually
+# fine and if you experience problems with compaction running too
+# slowly or too fast, you should look at
+# compaction_throughput_mb_per_sec first.
+#
+# concurrent_compactors defaults to the smaller of (number of disks,
+# number of cores), with a minimum of 2 and a maximum of 8.
+#
+# If your data directories are backed by SSD, you should increase this
+# to the number of cores.
+#concurrent_compactors: 1
+
+# Throttles compaction to the given total throughput across the entire
+# system. The faster you insert data, the faster you need to compact in
+# order to keep the sstable count down, but in general, setting this to
+# 16 to 32 times the rate you are inserting data is more than sufficient.
+# Setting this to 0 disables throttling. Note that this account for all types
+# of compaction, including validation compaction.
+compaction_throughput_mb_per_sec: 16
+
+# When compacting, the replacement sstable(s) can be opened before they
+# are completely written, and used in place of the prior sstables for
+# any range that has been written. This helps to smoothly transfer reads
+# between the sstables, reducing page cache churn and keeping hot rows hot
+sstable_preemptive_open_interval_in_mb: 50
+
+# Throttles all outbound streaming file transfers on this node to the
+# given total throughput in Mbps. This is necessary because Cassandra does
+# mostly sequential IO when streaming data during bootstrap or repair, which
+# can lead to saturating the network connection and degrading rpc performance.
+# When unset, the default is 200 Mbps or 25 MB/s.
+# stream_throughput_outbound_megabits_per_sec: 200
+
+# Throttles all streaming file transfer between the datacenters,
+# this setting allows users to throttle inter dc stream throughput in addition
+# to throttling all network stream traffic as configured with
+# stream_throughput_outbound_megabits_per_sec
+# inter_dc_stream_throughput_outbound_megabits_per_sec:
+
+# How long the coordinator should wait for read operations to complete
+read_request_timeout_in_ms: 10000
+# How long the coordinator should wait for seq or index scans to complete
+range_request_timeout_in_ms: 10000
+# How long the coordinator should wait for writes to complete
+write_request_timeout_in_ms: 10000
+# How long the coordinator should wait for counter writes to complete
+counter_write_request_timeout_in_ms: 5000
+# How long a coordinator should continue to retry a CAS operation
+# that contends with other proposals for the same row
+cas_contention_timeout_in_ms: 1000
+# How long the coordinator should wait for truncates to complete
+# (This can be much longer, because unless auto_snapshot is disabled
+# we need to flush first so we can snapshot before removing the data.)
+truncate_request_timeout_in_ms: 60000
+# The default timeout for other, miscellaneous operations
+request_timeout_in_ms: 10000
+
+# Enable operation timeout information exchange between nodes to accurately
+# measure request timeouts. If disabled, replicas will assume that requests
+# were forwarded to them instantly by the coordinator, which means that
+# under overload conditions we will waste that much extra time processing
+# already-timed-out requests.
+#
+# Warning: before enabling this property make sure to ntp is installed
+# and the times are synchronized between the nodes.
+cross_node_timeout: false
+
+# Enable socket timeout for streaming operation.
+# When a timeout occurs during streaming, streaming is retried from the start
+# of the current file. This _can_ involve re-streaming an important amount of
+# data, so you should avoid setting the value too low.
+# Default value is 0, which never timeout streams.
+# streaming_socket_timeout_in_ms: 0
+
+# phi value that must be reached for a host to be marked down.
+# most users should never need to adjust this.
+# phi_convict_threshold: 8
+
+# endpoint_snitch -- Set this to a class that implements
+# IEndpointSnitch. The snitch has two functions:
+# - it teaches Cassandra enough about your network topology to route
+# requests efficiently
+# - it allows Cassandra to spread replicas around your cluster to avoid
+# correlated failures. It does this by grouping machines into
+# "datacenters" and "racks." Cassandra will do its best not to have
+# more than one replica on the same "rack" (which may not actually
+# be a physical location)
+#
+# IF YOU CHANGE THE SNITCH AFTER DATA IS INSERTED INTO THE CLUSTER,
+# YOU MUST RUN A FULL REPAIR, SINCE THE SNITCH AFFECTS WHERE REPLICAS
+# ARE PLACED.
+#
+# Out of the box, Cassandra provides
+# - SimpleSnitch:
+# Treats Strategy order as proximity. This can improve cache
+# locality when disabling read repair. Only appropriate for
+# single-datacenter deployments.
+# - GossipingPropertyFileSnitch
+# This should be your go-to snitch for production use. The rack
+# and datacenter for the local node are defined in
+# cassandra-rackdc.properties and propagated to other nodes via
+# gossip. If cassandra-topology.properties exists, it is used as a
+# fallback, allowing migration from the PropertyFileSnitch.
+# - PropertyFileSnitch:
+# Proximity is determined by rack and data center, which are
+# explicitly configured in cassandra-topology.properties.
+# - Ec2Snitch:
+# Appropriate for EC2 deployments in a single Region. Loads Region
+# and Availability Zone information from the EC2 API. The Region is
+# treated as the datacenter, and the Availability Zone as the rack.
+# Only private IPs are used, so this will not work across multiple
+# Regions.
+# - Ec2MultiRegionSnitch:
+# Uses public IPs as broadcast_address to allow cross-region
+# connectivity. (Thus, you should set seed addresses to the public
+# IP as well.) You will need to open the storage_port or
+# ssl_storage_port on the public IP firewall. (For intra-Region
+# traffic, Cassandra will switch to the private IP after
+# establishing a connection.)
+# - RackInferringSnitch:
+# Proximity is determined by rack and data center, which are
+# assumed to correspond to the 3rd and 2nd octet of each node's IP
+# address, respectively. Unless this happens to match your
+# deployment conventions, this is best used as an example of
+# writing a custom Snitch class and is provided in that spirit.
+#
+# You can use a custom Snitch by setting this to the full class name
+# of the snitch, which will be assumed to be on your classpath.
+endpoint_snitch: SimpleSnitch
+
+# controls how often to perform the more expensive part of host score
+# calculation
+dynamic_snitch_update_interval_in_ms: 100
+# controls how often to reset all host scores, allowing a bad host to
+# possibly recover
+dynamic_snitch_reset_interval_in_ms: 600000
+# if set greater than zero and read_repair_chance is < 1.0, this will allow
+# 'pinning' of replicas to hosts in order to increase cache capacity.
+# The badness threshold will control how much worse the pinned host has to be
+# before the dynamic snitch will prefer other replicas over it. This is
+# expressed as a double which represents a percentage. Thus, a value of
+# 0.2 means Cassandra would continue to prefer the static snitch values
+# until the pinned host was 20% worse than the fastest.
+dynamic_snitch_badness_threshold: 0.1
+
+# request_scheduler -- Set this to a class that implements
+# RequestScheduler, which will schedule incoming client requests
+# according to the specific policy. This is useful for multi-tenancy
+# with a single Cassandra cluster.
+# NOTE: This is specifically for requests from the client and does
+# not affect inter node communication.
+# org.apache.cassandra.scheduler.NoScheduler - No scheduling takes place
+# org.apache.cassandra.scheduler.RoundRobinScheduler - Round robin of
+# client requests to a node with a separate queue for each
+# request_scheduler_id. The scheduler is further customized by
+# request_scheduler_options as described below.
+request_scheduler: org.apache.cassandra.scheduler.NoScheduler
+
+# Scheduler Options vary based on the type of scheduler
+# NoScheduler - Has no options
+# RoundRobin
+# - throttle_limit -- The throttle_limit is the number of in-flight
+# requests per client. Requests beyond
+# that limit are queued up until
+# running requests can complete.
+# The value of 80 here is twice the number of
+# concurrent_reads + concurrent_writes.
+# - default_weight -- default_weight is optional and allows for
+# overriding the default which is 1.
+# - weights -- Weights are optional and will default to 1 or the
+# overridden default_weight. The weight translates into how
+# many requests are handled during each turn of the
+# RoundRobin, based on the scheduler id.
+#
+# request_scheduler_options:
+# throttle_limit: 80
+# default_weight: 5
+# weights:
+# Keyspace1: 1
+# Keyspace2: 5
+
+# request_scheduler_id -- An identifier based on which to perform
+# the request scheduling. Currently the only valid option is keyspace.
+# request_scheduler_id: keyspace
+
+# Enable or disable inter-node encryption
+# Default settings are TLS v1, RSA 1024-bit keys (it is imperative that
+# users generate their own keys) TLS_RSA_WITH_AES_128_CBC_SHA as the cipher
+# suite for authentication, key exchange and encryption of the actual data transfers.
+# Use the DHE/ECDHE ciphers if running in FIPS 140 compliant mode.
+# NOTE: No custom encryption options are enabled at the moment
+# The available internode options are : all, none, dc, rack
+#
+# If set to dc cassandra will encrypt the traffic between the DCs
+# If set to rack cassandra will encrypt the traffic between the racks
+#
+# The passwords used in these options must match the passwords used when generating
+# the keystore and truststore. For instructions on generating these files, see:
+# http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
+#
+server_encryption_options:
+ internode_encryption: none
+ keystore: conf/.keystore
+ keystore_password: cassandra
+ truststore: conf/.truststore
+ truststore_password: cassandra
+ # More advanced defaults below:
+ # protocol: TLS
+ # algorithm: SunX509
+ # store_type: JKS
+ # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
+ # require_client_auth: false
+
+# enable or disable client/server encryption.
+client_encryption_options:
+ enabled: false
+ keystore: conf/.keystore
+ keystore_password: cassandra
+ # require_client_auth: false
+ # Set trustore and truststore_password if require_client_auth is true
+ # truststore: conf/.truststore
+ # truststore_password: cassandra
+ # More advanced defaults below:
+ # protocol: TLS
+ # algorithm: SunX509
+ # store_type: JKS
+ # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
+
+# internode_compression controls whether traffic between nodes is
+# compressed.
+# can be: all - all traffic is compressed
+# dc - traffic between different datacenters is compressed
+# none - nothing is compressed.
+internode_compression: all
+
+# Enable or disable tcp_nodelay for inter-dc communication.
+# Disabling it will result in larger (but fewer) network packets being sent,
+# reducing overhead from the TCP protocol itself, at the cost of increasing
+# latency if you block for cross-datacenter responses.
+inter_dc_tcp_nodelay: true
diff --git a/opencontrail/files/2.2/collector/redis.conf b/opencontrail/files/2.2/collector/redis.conf
new file mode 100644
index 0000000..a3b2c90
--- /dev/null
+++ b/opencontrail/files/2.2/collector/redis.conf
@@ -0,0 +1,633 @@
+# Redis configuration file example
+
+# Note on units: when memory size is needed, it is possible to specify
+# it in the usual form of 1k 5GB 4M and so forth:
+#
+# 1k => 1000 bytes
+# 1kb => 1024 bytes
+# 1m => 1000000 bytes
+# 1mb => 1024*1024 bytes
+# 1g => 1000000000 bytes
+# 1gb => 1024*1024*1024 bytes
+#
+# units are case insensitive so 1GB 1Gb 1gB are all the same.
+
+# By default Redis does not run as a daemon. Use 'yes' if you need it.
+# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
+daemonize yes
+
+# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
+# default. You can specify a custom pid file location here.
+pidfile /var/run/redis/redis-server.pid
+
+# Accept connections on the specified port, default is 6379.
+# If port 0 is specified Redis will not listen on a TCP socket.
+port 6379
+
+# If you want you can bind a single interface, if the bind option is not
+# specified all the interfaces will listen for incoming connections.
+#
+#bind 127.0.0.1
+
+# Specify the path for the unix socket that will be used to listen for
+# incoming connections. There is no default, so Redis will not listen
+# on a unix socket when not specified.
+#
+# unixsocket /var/run/redis/redis.sock
+# unixsocketperm 755
+
+# Close the connection after a client is idle for N seconds (0 to disable)
+timeout 0
+
+# TCP keepalive.
+#
+# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
+# of communication. This is useful for two reasons:
+#
+# 1) Detect dead peers.
+# 2) Take the connection alive from the point of view of network
+# equipment in the middle.
+#
+# On Linux, the specified value (in seconds) is the period used to send ACKs.
+# Note that to close the connection the double of the time is needed.
+# On other kernels the period depends on the kernel configuration.
+#
+# A reasonable value for this option is 60 seconds.
+tcp-keepalive 0
+
+# Specify the server verbosity level.
+# This can be one of:
+# debug (a lot of information, useful for development/testing)
+# verbose (many rarely useful info, but not a mess like the debug level)
+# notice (moderately verbose, what you want in production probably)
+# warning (only very important / critical messages are logged)
+loglevel notice
+
+# Specify the log file name. Also 'stdout' can be used to force
+# Redis to log on the standard output. Note that if you use standard
+# output for logging but daemonize, logs will be sent to /dev/null
+logfile /var/log/redis/redis-server.log
+
+# To enable logging to the system logger, just set 'syslog-enabled' to yes,
+# and optionally update the other syslog parameters to suit your needs.
+# syslog-enabled no
+
+# Specify the syslog identity.
+# syslog-ident redis
+
+# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
+# syslog-facility local0
+
+# Set the number of databases. The default database is DB 0, you can select
+# a different one on a per-connection basis using SELECT <dbid> where
+# dbid is a number between 0 and 'databases'-1
+databases 16
+
+################################ SNAPSHOTTING #################################
+#
+# Save the DB on disk:
+#
+# save <seconds> <changes>
+#
+# Will save the DB if both the given number of seconds and the given
+# number of write operations against the DB occurred.
+#
+# In the example below the behaviour will be to save:
+# after 900 sec (15 min) if at least 1 key changed
+# after 300 sec (5 min) if at least 10 keys changed
+# after 60 sec if at least 10000 keys changed
+#
+# Note: you can disable saving at all commenting all the "save" lines.
+#
+# It is also possible to remove all the previously configured save
+# points by adding a save directive with a single empty string argument
+# like in the following example:
+#
+# save ""
+
+save 900 1
+save 300 10
+save 60 10000
+
+# By default Redis will stop accepting writes if RDB snapshots are enabled
+# (at least one save point) and the latest background save failed.
+# This will make the user aware (in an hard way) that data is not persisting
+# on disk properly, otherwise chances are that no one will notice and some
+# distater will happen.
+#
+# If the background saving process will start working again Redis will
+# automatically allow writes again.
+#
+# However if you have setup your proper monitoring of the Redis server
+# and persistence, you may want to disable this feature so that Redis will
+# continue to work as usually even if there are problems with disk,
+# permissions, and so forth.
+stop-writes-on-bgsave-error yes
+
+# Compress string objects using LZF when dump .rdb databases?
+# For default that's set to 'yes' as it's almost always a win.
+# If you want to save some CPU in the saving child set it to 'no' but
+# the dataset will likely be bigger if you have compressible values or keys.
+rdbcompression yes
+
+# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
+# This makes the format more resistant to corruption but there is a performance
+# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
+# for maximum performances.
+#
+# RDB files created with checksum disabled have a checksum of zero that will
+# tell the loading code to skip the check.
+rdbchecksum yes
+
+# The filename where to dump the DB
+dbfilename dump.rdb
+
+# The working directory.
+#
+# The DB will be written inside this directory, with the filename specified
+# above using the 'dbfilename' configuration directive.
+#
+# The Append Only File will also be created inside this directory.
+#
+# Note that you must specify a directory here, not a file name.
+dir /var/lib/redis
+
+################################# REPLICATION #################################
+
+# Master-Slave replication. Use slaveof to make a Redis instance a copy of
+# another Redis server. Note that the configuration is local to the slave
+# so for example it is possible to configure the slave to save the DB with a
+# different interval, or to listen to another port, and so on.
+#
+# slaveof <masterip> <masterport>
+
+# If the master is password protected (using the "requirepass" configuration
+# directive below) it is possible to tell the slave to authenticate before
+# starting the replication synchronization process, otherwise the master will
+# refuse the slave request.
+#
+# masterauth <master-password>
+
+# When a slave loses its connection with the master, or when the replication
+# is still in progress, the slave can act in two different ways:
+#
+# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
+# still reply to client requests, possibly with out of date data, or the
+# data set may just be empty if this is the first synchronization.
+#
+# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
+# an error "SYNC with master in progress" to all the kind of commands
+# but to INFO and SLAVEOF.
+#
+slave-serve-stale-data yes
+
+# You can configure a slave instance to accept writes or not. Writing against
+# a slave instance may be useful to store some ephemeral data (because data
+# written on a slave will be easily deleted after resync with the master) but
+# may also cause problems if clients are writing to it because of a
+# misconfiguration.
+#
+# Since Redis 2.6 by default slaves are read-only.
+#
+# Note: read only slaves are not designed to be exposed to untrusted clients
+# on the internet. It's just a protection layer against misuse of the instance.
+# Still a read only slave exports by default all the administrative commands
+# such as CONFIG, DEBUG, and so forth. To a limited extend you can improve
+# security of read only slaves using 'rename-command' to shadow all the
+# administrative / dangerous commands.
+slave-read-only yes
+
+# Slaves send PINGs to server in a predefined interval. It's possible to change
+# this interval with the repl_ping_slave_period option. The default value is 10
+# seconds.
+#
+# repl-ping-slave-period 10
+
+# The following option sets a timeout for both Bulk transfer I/O timeout and
+# master data or ping response timeout. The default value is 60 seconds.
+#
+# It is important to make sure that this value is greater than the value
+# specified for repl-ping-slave-period otherwise a timeout will be detected
+# every time there is low traffic between the master and the slave.
+#
+# repl-timeout 60
+
+# Disable TCP_NODELAY on the slave socket after SYNC?
+#
+# If you select "yes" Redis will use a smaller number of TCP packets and
+# less bandwidth to send data to slaves. But this can add a delay for
+# the data to appear on the slave side, up to 40 milliseconds with
+# Linux kernels using a default configuration.
+#
+# If you select "no" the delay for data to appear on the slave side will
+# be reduced but more bandwidth will be used for replication.
+#
+# By default we optimize for low latency, but in very high traffic conditions
+# or when the master and slaves are many hops away, turning this to "yes" may
+# be a good idea.
+repl-disable-tcp-nodelay no
+
+# The slave priority is an integer number published by Redis in the INFO output.
+# It is used by Redis Sentinel in order to select a slave to promote into a
+# master if the master is no longer working correctly.
+#
+# A slave with a low priority number is considered better for promotion, so
+# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
+# pick the one wtih priority 10, that is the lowest.
+#
+# However a special priority of 0 marks the slave as not able to perform the
+# role of master, so a slave with priority of 0 will never be selected by
+# Redis Sentinel for promotion.
+#
+# By default the priority is 100.
+slave-priority 100
+
+################################## SECURITY ###################################
+
+# Require clients to issue AUTH <PASSWORD> before processing any other
+# commands. This might be useful in environments in which you do not trust
+# others with access to the host running redis-server.
+#
+# This should stay commented out for backward compatibility and because most
+# people do not need auth (e.g. they run their own servers).
+#
+# Warning: since Redis is pretty fast an outside user can try up to
+# 150k passwords per second against a good box. This means that you should
+# use a very strong password otherwise it will be very easy to break.
+#
+# requirepass foobared
+
+# Command renaming.
+#
+# It is possible to change the name of dangerous commands in a shared
+# environment. For instance the CONFIG command may be renamed into something
+# hard to guess so that it will still be available for internal-use tools
+# but not available for general clients.
+#
+# Example:
+#
+# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
+#
+# It is also possible to completely kill a command by renaming it into
+# an empty string:
+#
+# rename-command CONFIG ""
+#
+# Please note that changing the name of commands that are logged into the
+# AOF file or transmitted to slaves may cause problems.
+
+################################### LIMITS ####################################
+
+# Set the max number of connected clients at the same time. By default
+# this limit is set to 10000 clients, however if the Redis server is not
+# able to configure the process file limit to allow for the specified limit
+# the max number of allowed clients is set to the current file limit
+# minus 32 (as Redis reserves a few file descriptors for internal uses).
+#
+# Once the limit is reached Redis will close all the new connections sending
+# an error 'max number of clients reached'.
+#
+# maxclients 10000
+
+# Don't use more memory than the specified amount of bytes.
+# When the memory limit is reached Redis will try to remove keys
+# accordingly to the eviction policy selected (see maxmemmory-policy).
+#
+# If Redis can't remove keys according to the policy, or if the policy is
+# set to 'noeviction', Redis will start to reply with errors to commands
+# that would use more memory, like SET, LPUSH, and so on, and will continue
+# to reply to read-only commands like GET.
+#
+# This option is usually useful when using Redis as an LRU cache, or to set
+# an hard memory limit for an instance (using the 'noeviction' policy).
+#
+# WARNING: If you have slaves attached to an instance with maxmemory on,
+# the size of the output buffers needed to feed the slaves are subtracted
+# from the used memory count, so that network problems / resyncs will
+# not trigger a loop where keys are evicted, and in turn the output
+# buffer of slaves is full with DELs of keys evicted triggering the deletion
+# of more keys, and so forth until the database is completely emptied.
+#
+# In short... if you have slaves attached it is suggested that you set a lower
+# limit for maxmemory so that there is some free RAM on the system for slave
+# output buffers (but this is not needed if the policy is 'noeviction').
+#
+# maxmemory <bytes>
+
+# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
+# is reached. You can select among five behaviors:
+#
+# volatile-lru -> remove the key with an expire set using an LRU algorithm
+# allkeys-lru -> remove any key accordingly to the LRU algorithm
+# volatile-random -> remove a random key with an expire set
+# allkeys-random -> remove a random key, any key
+# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
+# noeviction -> don't expire at all, just return an error on write operations
+#
+# Note: with any of the above policies, Redis will return an error on write
+# operations, when there are not suitable keys for eviction.
+#
+# At the date of writing this commands are: set setnx setex append
+# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
+# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
+# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
+# getset mset msetnx exec sort
+#
+# The default is:
+#
+# maxmemory-policy volatile-lru
+
+# LRU and minimal TTL algorithms are not precise algorithms but approximated
+# algorithms (in order to save memory), so you can select as well the sample
+# size to check. For instance for default Redis will check three keys and
+# pick the one that was used less recently, you can change the sample size
+# using the following configuration directive.
+#
+# maxmemory-samples 3
+
+############################## APPEND ONLY MODE ###############################
+
+# By default Redis asynchronously dumps the dataset on disk. This mode is
+# good enough in many applications, but an issue with the Redis process or
+# a power outage may result into a few minutes of writes lost (depending on
+# the configured save points).
+#
+# The Append Only File is an alternative persistence mode that provides
+# much better durability. For instance using the default data fsync policy
+# (see later in the config file) Redis can lose just one second of writes in a
+# dramatic event like a server power outage, or a single write if something
+# wrong with the Redis process itself happens, but the operating system is
+# still running correctly.
+#
+# AOF and RDB persistence can be enabled at the same time without problems.
+# If the AOF is enabled on startup Redis will load the AOF, that is the file
+# with the better durability guarantees.
+#
+# Please check http://redis.io/topics/persistence for more information.
+
+appendonly no
+
+# The name of the append only file (default: "appendonly.aof")
+appendfilename "appendonly.aof"
+
+# The fsync() call tells the Operating System to actually write data on disk
+# instead to wait for more data in the output buffer. Some OS will really flush
+# data on disk, some other OS will just try to do it ASAP.
+#
+# Redis supports three different modes:
+#
+# no: don't fsync, just let the OS flush the data when it wants. Faster.
+# always: fsync after every write to the append only log . Slow, Safest.
+# everysec: fsync only one time every second. Compromise.
+#
+# The default is "everysec", as that's usually the right compromise between
+# speed and data safety. It's up to you to understand if you can relax this to
+# "no" that will let the operating system flush the output buffer when
+# it wants, for better performances (but if you can live with the idea of
+# some data loss consider the default persistence mode that's snapshotting),
+# or on the contrary, use "always" that's very slow but a bit safer than
+# everysec.
+#
+# More details please check the following article:
+# http://antirez.com/post/redis-persistence-demystified.html
+#
+# If unsure, use "everysec".
+
+# appendfsync always
+appendfsync everysec
+# appendfsync no
+
+# When the AOF fsync policy is set to always or everysec, and a background
+# saving process (a background save or AOF log background rewriting) is
+# performing a lot of I/O against the disk, in some Linux configurations
+# Redis may block too long on the fsync() call. Note that there is no fix for
+# this currently, as even performing fsync in a different thread will block
+# our synchronous write(2) call.
+#
+# In order to mitigate this problem it's possible to use the following option
+# that will prevent fsync() from being called in the main process while a
+# BGSAVE or BGREWRITEAOF is in progress.
+#
+# This means that while another child is saving, the durability of Redis is
+# the same as "appendfsync none". In practical terms, this means that it is
+# possible to lose up to 30 seconds of log in the worst scenario (with the
+# default Linux settings).
+#
+# If you have latency problems turn this to "yes". Otherwise leave it as
+# "no" that is the safest pick from the point of view of durability.
+no-appendfsync-on-rewrite no
+
+# Automatic rewrite of the append only file.
+# Redis is able to automatically rewrite the log file implicitly calling
+# BGREWRITEAOF when the AOF log size grows by the specified percentage.
+#
+# This is how it works: Redis remembers the size of the AOF file after the
+# latest rewrite (if no rewrite has happened since the restart, the size of
+# the AOF at startup is used).
+#
+# This base size is compared to the current size. If the current size is
+# bigger than the specified percentage, the rewrite is triggered. Also
+# you need to specify a minimal size for the AOF file to be rewritten, this
+# is useful to avoid rewriting the AOF file even if the percentage increase
+# is reached but it is still pretty small.
+#
+# Specify a percentage of zero in order to disable the automatic AOF
+# rewrite feature.
+
+auto-aof-rewrite-percentage 100
+auto-aof-rewrite-min-size 64mb
+
+################################ LUA SCRIPTING ###############################
+
+# Max execution time of a Lua script in milliseconds.
+#
+# If the maximum execution time is reached Redis will log that a script is
+# still in execution after the maximum allowed time and will start to
+# reply to queries with an error.
+#
+# When a long running script exceed the maximum execution time only the
+# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
+# used to stop a script that did not yet called write commands. The second
+# is the only way to shut down the server in the case a write commands was
+# already issue by the script but the user don't want to wait for the natural
+# termination of the script.
+#
+# Set it to 0 or a negative value for unlimited execution without warnings.
+lua-time-limit 5000
+
+################################## SLOW LOG ###################################
+
+# The Redis Slow Log is a system to log queries that exceeded a specified
+# execution time. The execution time does not include the I/O operations
+# like talking with the client, sending the reply and so forth,
+# but just the time needed to actually execute the command (this is the only
+# stage of command execution where the thread is blocked and can not serve
+# other requests in the meantime).
+#
+# You can configure the slow log with two parameters: one tells Redis
+# what is the execution time, in microseconds, to exceed in order for the
+# command to get logged, and the other parameter is the length of the
+# slow log. When a new command is logged the oldest one is removed from the
+# queue of logged commands.
+
+# The following time is expressed in microseconds, so 1000000 is equivalent
+# to one second. Note that a negative number disables the slow log, while
+# a value of zero forces the logging of every command.
+slowlog-log-slower-than 10000
+
+# There is no limit to this length. Just be aware that it will consume memory.
+# You can reclaim memory used by the slow log with SLOWLOG RESET.
+slowlog-max-len 128
+
+############################# Event notification ##############################
+
+# Redis can notify Pub/Sub clients about events happening in the key space.
+# This feature is documented at http://redis.io/topics/keyspace-events
+#
+# For instance if keyspace events notification is enabled, and a client
+# performs a DEL operation on key "foo" stored in the Database 0, two
+# messages will be published via Pub/Sub:
+#
+# PUBLISH __keyspace@0__:foo del
+# PUBLISH __keyevent@0__:del foo
+#
+# It is possible to select the events that Redis will notify among a set
+# of classes. Every class is identified by a single character:
+#
+# K Keyspace events, published with __keyspace@<db>__ prefix.
+# E Keyevent events, published with __keyevent@<db>__ prefix.
+# g Generic commands (non-type specific) like DEL, EXPIRE, RENAME, ...
+# $ String commands
+# l List commands
+# s Set commands
+# h Hash commands
+# z Sorted set commands
+# x Expired events (events generated every time a key expires)
+# e Evicted events (events generated when a key is evicted for maxmemory)
+# A Alias for g$lshzxe, so that the "AKE" string means all the events.
+#
+# The "notify-keyspace-events" takes as argument a string that is composed
+# by zero or multiple characters. The empty string means that notifications
+# are disabled at all.
+#
+# Example: to enable list and generic events, from the point of view of the
+# event name, use:
+#
+# notify-keyspace-events Elg
+#
+# Example 2: to get the stream of the expired keys subscribing to channel
+# name __keyevent@0__:expired use:
+#
+# notify-keyspace-events Ex
+#
+# By default all notifications are disabled because most users don't need
+# this feature and the feature has some overhead. Note that if you don't
+# specify at least one of K or E, no events will be delivered.
+notify-keyspace-events ""
+
+############################### ADVANCED CONFIG ###############################
+
+# Hashes are encoded using a memory efficient data structure when they have a
+# small number of entries, and the biggest entry does not exceed a given
+# threshold. These thresholds can be configured using the following directives.
+hash-max-ziplist-entries 512
+hash-max-ziplist-value 64
+
+# Similarly to hashes, small lists are also encoded in a special way in order
+# to save a lot of space. The special representation is only used when
+# you are under the following limits:
+list-max-ziplist-entries 512
+list-max-ziplist-value 64
+
+# Sets have a special encoding in just one case: when a set is composed
+# of just strings that happens to be integers in radix 10 in the range
+# of 64 bit signed integers.
+# The following configuration setting sets the limit in the size of the
+# set in order to use this special memory saving encoding.
+set-max-intset-entries 512
+
+# Similarly to hashes and lists, sorted sets are also specially encoded in
+# order to save a lot of space. This encoding is only used when the length and
+# elements of a sorted set are below the following limits:
+zset-max-ziplist-entries 128
+zset-max-ziplist-value 64
+
+# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
+# order to help rehashing the main Redis hash table (the one mapping top-level
+# keys to values). The hash table implementation Redis uses (see dict.c)
+# performs a lazy rehashing: the more operation you run into an hash table
+# that is rehashing, the more rehashing "steps" are performed, so if the
+# server is idle the rehashing is never complete and some more memory is used
+# by the hash table.
+#
+# The default is to use this millisecond 10 times every second in order to
+# active rehashing the main dictionaries, freeing memory when possible.
+#
+# If unsure:
+# use "activerehashing no" if you have hard latency requirements and it is
+# not a good thing in your environment that Redis can reply form time to time
+# to queries with 2 milliseconds delay.
+#
+# use "activerehashing yes" if you don't have such hard requirements but
+# want to free memory asap when possible.
+activerehashing yes
+
+# The client output buffer limits can be used to force disconnection of clients
+# that are not reading data from the server fast enough for some reason (a
+# common reason is that a Pub/Sub client can't consume messages as fast as the
+# publisher can produce them).
+#
+# The limit can be set differently for the three different classes of clients:
+#
+# normal -> normal clients
+# slave -> slave clients and MONITOR clients
+# pubsub -> clients subcribed to at least one pubsub channel or pattern
+#
+# The syntax of every client-output-buffer-limit directive is the following:
+#
+# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
+#
+# A client is immediately disconnected once the hard limit is reached, or if
+# the soft limit is reached and remains reached for the specified number of
+# seconds (continuously).
+# So for instance if the hard limit is 32 megabytes and the soft limit is
+# 16 megabytes / 10 seconds, the client will get disconnected immediately
+# if the size of the output buffers reach 32 megabytes, but will also get
+# disconnected if the client reaches 16 megabytes and continuously overcomes
+# the limit for 10 seconds.
+#
+# By default normal clients are not limited because they don't receive data
+# without asking (in a push way), but just after a request, so only
+# asynchronous clients may create a scenario where data is requested faster
+# than it can read.
+#
+# Instead there is a default limit for pubsub and slave clients, since
+# subscribers and slaves receive data in a push fashion.
+#
+# Both the hard or the soft limit can be disabled by setting them to zero.
+client-output-buffer-limit normal 0 0 0
+client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit pubsub 32mb 8mb 60
+
+# Redis calls an internal function to perform many background tasks, like
+# closing connections of clients in timeot, purging expired keys that are
+# never requested, and so forth.
+#
+# Not all tasks are perforemd with the same frequency, but Redis checks for
+# tasks to perform accordingly to the specified "hz" value.
+#
+# By default "hz" is set to 10. Raising the value will use more CPU when
+# Redis is idle, but at the same time will make Redis more responsive when
+# there are many keys expiring at the same time, and timeouts may be
+# handled with more precision.
+#
+# The range is between 1 and 500, however a value over 100 is usually not
+# a good idea. Most users should use the default of 10 and raise this up to
+# 100 only in environments where very low latency is required.
+hz 10
+
+# When a child rewrites the AOF file, if the following option is enabled
+# the file will be fsync-ed every 32 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+aof-rewrite-incremental-fsync yes
diff --git a/opencontrail/files/2.2/config.global.js b/opencontrail/files/2.2/config.global.js
new file mode 100644
index 0000000..0e3f952
--- /dev/null
+++ b/opencontrail/files/2.2/config.global.js
@@ -0,0 +1,267 @@
+{%- from "opencontrail/map.jinja" import web with context %}
+/*
+ * Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+ */
+
+var config = {};
+
+config.orchestration = {};
+config.orchestration.Manager = 'openstack'
+
+/****************************************************************************
+ * This boolean flag indicates to communicate with Orchestration
+ * modules(networkManager, imageManager, computeManager, identityManager,
+ * storageManager), should the webServer communicate using the
+ * ip/port/authProtocol/apiVersion as specified in this file, or as returned
+ * from auth catalog list.
+ * Note: config.identityManager.apiVersion is not controlled by this boolean
+ * flag.
+ *
+ * true - These values should be taken from this config
+ * file.
+ * false - These values should be taken from auth catalog list
+ *
+*****************************************************************************/
+config.serviceEndPointFromConfig = true;
+
+/****************************************************************************
+ * This boolean flag indicates if serviceEndPointFromConfig is set as false,
+ * then to take IP/Port/Protocol/Version information from auth catalog,
+ * should publicURL OR internalURL will be used.
+ *
+ * true - publicURL in endpoint will be used to retrieve IP/Port/Protocol/
+ * Version information
+ * false - internalURL in endpoint will be used to retrieve
+ * IP/Port/Protocol/Version information
+ *
+ * NOTE: if config.serviceEndPointFromConfig is set as true, then this flag
+ * does not have any effect.
+ *
+*****************************************************************************/
+config.serviceEndPointTakePublicURL = true;
+
+/****************************************************************************
+ * Below are the config options for all Orchestration Modules below:
+ * - networkManager
+ * - imageManager
+ * - computeManager
+ * - identityManager
+ * - storageManager
+ * - cnfg
+ * - analytics
+ *
+ * Options:
+ * ip:
+ * IP to connect to for this Server.
+ * port:
+ * Port to connect to for this server
+ * authProtocol:
+ * Specify authProtocol either 'http' or 'https'
+ * apiVersion:
+ * REST API Version for this server to connect to.
+ * Specify a list of Versions in array notation.
+ * Below are the supported list of apiVersion for the modules as of now:
+ * imageManager - ['v1', 'v2']
+ * computeManager - ['v1.1', 'v2']
+ * identityManager - ['v2.0']
+ * storageManager - ['v1']
+ *
+ * Not applicable for cnfg/analytics as of now
+ * strictSSL:
+ * If true, requires certificates to be valid
+ * ca:
+ * An authority certificate to check the remote host against,
+ * if you do not want to specify then use ''
+*****************************************************************************/
+config.networkManager = {};
+config.networkManager.ip = '{{ web.master.host }}';
+config.networkManager.port = '9696'
+config.networkManager.authProtocol = 'http';
+config.networkManager.apiVersion = [];
+config.networkManager.strictSSL = false;
+config.networkManager.ca = '';
+
+config.imageManager = {};
+config.imageManager.ip = '{{ web.identity.host }}';
+config.imageManager.port = '9292';
+config.imageManager.authProtocol = 'http';
+config.imageManager.apiVersion = ['v1', 'v2'];
+config.imageManager.strictSSL = false;
+config.imageManager.ca = '';
+
+config.computeManager = {};
+config.computeManager.ip = '{{ web.identity.host }}';
+config.computeManager.port = '8774';
+config.computeManager.authProtocol = 'http';
+config.computeManager.apiVersion = ['v1.1', 'v2'];
+config.computeManager.strictSSL = false;
+config.computeManager.ca = '';
+
+config.identityManager = {};
+config.identityManager.ip = '{{ web.identity.host }}';
+config.identityManager.port = '5000';
+config.identityManager.authProtocol = 'http';
+/******************************************************************************
+ * Note: config.identityManager.apiVersion is not controlled by boolean flag
+ * config.serviceEndPointFromConfig. If specified apiVersion here, then these
+ * API versions will be used while using REST API to identityManager.
+ * If want to use with default apiVersion(v2.0), then can specify it as
+ * empty array.
+******************************************************************************/
+config.identityManager.apiVersion = ['v2.0'];
+config.identityManager.strictSSL = false;
+config.identityManager.ca = '';
+
+config.storageManager = {};
+config.storageManager.ip = '{{ web.identity.host }}';
+config.storageManager.port = '8776';
+config.storageManager.authProtocol = 'http';
+config.storageManager.apiVersion = ['v1'];
+config.storageManager.strictSSL = false;
+config.storageManager.ca = '';
+
+// VNConfig API server and port.
+config.cnfg = {};
+config.cnfg.server_ip = '{{ web.master.host }}';
+config.cnfg.server_port = '8082';
+config.cnfg.authProtocol = 'http';
+config.cnfg.strictSSL = false;
+config.cnfg.ca = '';
+
+// Analytics API server and port.
+config.analytics = {};
+config.analytics.server_ip = '{{ web.analytics.host }}';
+config.analytics.server_port = '9081';
+config.analytics.authProtocol = 'http';
+config.analytics.strictSSL = false;
+config.analytics.ca = '';
+
+// vcenter related parameters
+config.vcenter = {};
+config.vcenter.server_ip = '127.0.0.1'; //vCenter IP
+config.vcenter.server_port = '443'; //Port
+config.vcenter.authProtocol = 'https'; //http or https
+config.vcenter.datacenter = 'vcenter'; //datacenter name
+config.vcenter.dvsswitch = 'vswitch'; //dvsswitch name
+config.vcenter.strictSSL = false; //Validate the certificate or ignore
+config.vcenter.ca = ''; //specify the certificate key file
+config.vcenter.wsdl = '/var/lib/contrail-webui/contrail-web-core/webroot/js/vim.wsdl';
+
+/* Discovery Service */
+config.discoveryService = {};
+config.discoveryService.server_port = '5998';
+/* Specifiy true if subscription to discovery server should be enabled, else
+ * specify false. Other than true/false value here is treated as true
+ */
+config.discoveryService.enable = true;
+
+/* Job Server */
+config.jobServer = {};
+config.jobServer.server_ip = '127.0.0.1';
+config.jobServer.server_port = '3000';
+
+/* Upload/Download Directory */
+config.files = {};
+config.files.download_path = '/tmp';
+
+/* WebUI Redis Server */
+config.redis_server_port = '6379';
+config.redis_server_ip = '127.0.0.1';
+config.redis_dump_file = '/var/lib/redis/dump-webui.rdb';
+config.redis_password = '';
+
+/* Cassandra Server */
+config.cassandra = {};
+config.cassandra.server_ips = [{%- for member in web.members %}'{{ member.host }}'{% if not loop.last %},{% endif %}{%- endfor %}];
+config.cassandra.server_port = '9160';
+config.cassandra.enable_edit = false;
+
+/* KUE Job Scheduler */
+config.kue = {};
+config.kue.ui_port = '3002'
+
+/* IP List to listen on */
+config.webui_addresses = ['0.0.0.0'];
+
+/* Is insecure access to WebUI?
+ * If set as false, then all http request will be redirected
+ * to https, if set true, then no https request will be processed, but only http
+ * request
+ */
+config.insecure_access = false;
+
+// HTTP port for NodeJS Server.
+config.http_port = '8080';
+
+// HTTPS port for NodeJS Server.
+config.https_port = '8143';
+
+// Activate/Deactivate Login.
+config.require_auth = false;
+
+/* Number of node worker processes for cluster. */
+config.node_worker_count = 1;
+
+/* Number of Parallel Active Jobs with same type */
+config.maxActiveJobs = 10;
+
+/* Redis DB index for Web-UI */
+config.redisDBIndex = 3;
+
+/* Logo File: Use complete path of logo file location */
+config.logo_file = '/var/lib/contrail-webui/contrail-web-core/webroot/img/opencontrail-logo.png';
+
+/* Favicon File: Use complete path of favicon file location */
+config.favicon_file = '/var/lib/contrail-webui/contrail-web-core/webroot/img/juniper-networks-favicon.ico';
+
+config.featurePkg = {};
+/* Add new feature Package Config details below */
+config.featurePkg.webController = {};
+config.featurePkg.webController.path = '/var/lib/contrail-webui/contrail-web-controller';
+config.featurePkg.webController.enable = true;
+
+/* Enable/disable Stat Query Links in Sidebar*/
+config.qe = {};
+config.qe.enable_stat_queries = false;
+
+/* Configure level of logs, supported log levels are:
+ debug, info, notice, warning, error, crit, alert, emerg
+ */
+config.logs = {};
+config.logs.level = 'debug';
+
+/******************************************************************************
+ * Boolean flag getDomainProjectsFromApiServer indicates wheather the project
+ * list should come from API Server or Identity Manager.
+ * If Set
+ * - true, then project list will come from API Server
+ * - false, then project list will come from Identity Manager
+ * Default: false
+ *
+******************************************************************************/
+config.getDomainProjectsFromApiServer = false;
+/*****************************************************************************
+* Boolean flag L2_enable indicates the default forwarding-mode of a network.
+* Allowed values : true / false
+* Set this flag to true if all the networks are to be L2 networks,
+* set to false otherwise.
+*****************************************************************************/
+config.network = {};
+config.network.L2_enable = false;
+
+/******************************************************************************
+ * Boolean flag getDomainsFromApiServer indicates wheather the domain
+ * list should come from API Server or Identity Manager.
+ * If Set
+ * - true, then domain list will come from API Server
+ * - false, then domain list will come from Identity Manager
+ * Default: true
+ * NOTE: if config.identityManager.apiVersion is set as v2.0, then this flag
+ * does not have any effect, in that case the domain list is retrieved
+ * from API Server.
+ *
+ *****************************************************************************/
+config.getDomainsFromApiServer = false;
+
+// Export this as a module.
+module.exports = config;
diff --git a/opencontrail/files/2.2/config/authorization.properties b/opencontrail/files/2.2/config/authorization.properties
new file mode 100644
index 0000000..d04f4f6
--- /dev/null
+++ b/opencontrail/files/2.2/config/authorization.properties
@@ -0,0 +1,3 @@
+
+# The MAPC with basic auth username 'reader' has read only access.
+reader=ro
diff --git a/opencontrail/files/2.2/config/contrail-api b/opencontrail/files/2.2/config/contrail-api
new file mode 100644
index 0000000..64da831
--- /dev/null
+++ b/opencontrail/files/2.2/config/contrail-api
@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+# chkconfig: 2345 99 01
+# description: Juniper Network Virtualization API
+
+supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`
+
+#supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}`
\ No newline at end of file
diff --git a/opencontrail/files/2.2/config/contrail-api.ini b/opencontrail/files/2.2/config/contrail-api.ini
new file mode 100644
index 0000000..edd0a37
--- /dev/null
+++ b/opencontrail/files/2.2/config/contrail-api.ini
@@ -0,0 +1,14 @@
+
+[program:contrail-api]
+command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --listen_port 910%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile= /var/log/contrail/contrail-api-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=440
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
+
diff --git a/opencontrail/files/2.2/config/contrail-discovery b/opencontrail/files/2.2/config/contrail-discovery
new file mode 100644
index 0000000..cf9cbbd
--- /dev/null
+++ b/opencontrail/files/2.2/config/contrail-discovery
@@ -0,0 +1,9 @@
+
+#!/bin/sh
+
+# chkconfig: 2345 99 01
+# description: Juniper Network Virtualization API
+
+supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`
+
+#supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}`
diff --git a/opencontrail/files/2.2/config/contrail-discovery.ini b/opencontrail/files/2.2/config/contrail-discovery.ini
new file mode 100644
index 0000000..5e84cbf
--- /dev/null
+++ b/opencontrail/files/2.2/config/contrail-discovery.ini
@@ -0,0 +1,14 @@
+
+[program:contrail-discovery]
+command=/usr/bin/contrail-discovery --conf_file /etc/contrail/contrail-discovery.conf --listen_port 911%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile= /var/log/contrail/contrail-discovery-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=430
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
+
diff --git a/opencontrail/files/2.2/config/contrail_sudoers b/opencontrail/files/2.2/config/contrail_sudoers
new file mode 100644
index 0000000..a65cc42
--- /dev/null
+++ b/opencontrail/files/2.2/config/contrail_sudoers
@@ -0,0 +1,6 @@
+
+Defaults:contrail !requiretty
+
+Cmnd_Alias CONFIGRESTART = /usr/sbin/service supervisor-config restart
+
+contrail ALL = (root) NOPASSWD:CONFIGRESTART
diff --git a/opencontrail/files/2.2/config/log4j.properties b/opencontrail/files/2.2/config/log4j.properties
new file mode 100644
index 0000000..6c55393
--- /dev/null
+++ b/opencontrail/files/2.2/config/log4j.properties
@@ -0,0 +1,27 @@
+
+# Set root logger level to DEBUG and its only appender to CONSOLE
+log4j.rootLogger=TRACE, CONSOLE
+log4j.error
+
+log4j.logger.de.fhhannover.inform.irond.proc=TRACE, A1, A2
+log4j.additivity.de.fhhannover.inform.irond.proc=false
+
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.appender.A2=org.apache.log4j.FileAppender
+log4j.appender.A2.File=/var/log/contrail/ifmap-server.log
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.logger.de.fhhannover.inform.irond.rawrequests=TRACE, A3
+log4j.additivity.de.fhhannover.inform.irond.rawrequests=false
+log4j.appender.A3=org.apache.log4j.FileAppender
+log4j.appender.A3.file=irond_raw.log
+log4j.appender.A3.layout=org.apache.log4j.PatternLayout
+log4j.appender.A3.layout.ConversionPattern=%d %-5p %x - %m%n
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-8r [%t] %-5p %C{1} %x - %m%n
diff --git a/opencontrail/files/2.2/config/publisher.properties b/opencontrail/files/2.2/config/publisher.properties
new file mode 100644
index 0000000..9a34093
--- /dev/null
+++ b/opencontrail/files/2.2/config/publisher.properties
@@ -0,0 +1,17 @@
+
+#Sun May 27 15:47:44 PDT 2012
+visual=visual--1877135140-1
+test=test--1870931913-1
+test2=test2--1870931914-1
+test3=test3--1870931915-1
+api-server=api-server-1--0000000001-1
+control-node-1=control-node-1--1870931921-1
+control-node-2=control-node-1--1870931922-1
+control-node-3=control-node-1--1870931923-1
+control-node-4=control-node-1--1870931924-1
+control-node-5=control-node-1--1870931925-1
+control-node-6=control-node-1--1870931926-1
+control-node-7=control-node-1--1870931927-1
+control-node-8=control-node-1--1870931928-1
+control-node-9=control-node-1--1870931929-1
+control-node-10=control-node-10--1870931930-1
diff --git a/opencontrail/files/2.2/contrail-alarm-gen.conf b/opencontrail/files/2.2/contrail-alarm-gen.conf
new file mode 100644
index 0000000..0a754e3
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-alarm-gen.conf
@@ -0,0 +1,18 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+[DEFAULTS]
+#host_ip = 127.0.0.1
+#collectors = 127.0.0.1:8086
+#http_server_port = 5995
+log_local = 1
+log_level = SYS_NOTICE
+#log_category =
+log_file = /var/log/contrail/contrail-alarm-gen.log
+#kafka_broker_list = xx.xx.xx.xx:9092
+#zk_list = xx.xx.xx.xx:2181
+
+[DISCOVERY]
+#disc_server_ip =
+#disc_server_port = 5998
+
+[REDIS]
+#redis_server_port=6379
diff --git a/opencontrail/files/2.2/contrail-analytics-api.conf b/opencontrail/files/2.2/contrail-analytics-api.conf
new file mode 100644
index 0000000..05ee4dd
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-analytics-api.conf
@@ -0,0 +1,32 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+[DEFAULTS]
+host_ip = {{ collector.bind.address }}
+cassandra_server_list={% for member in collector.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+collectors = {{ collector.bind.address }}:8086
+http_server_port = 8090
+rest_api_port = 9081
+rest_api_ip = 0.0.0.0
+log_local = 1
+log_level = SYS_NOTICE
+log_category =
+log_file = /var/log/contrail/contrail-analytics-api.log
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl={{ collector.data_ttl }}
+analytics_config_audit_ttl={{ collector.data_ttl }}
+analytics_statistics_ttl={{ collector.data_ttl }}
+analytics_flow_ttl={{ collector.data_ttl }}
+
+
+[DISCOVERY]
+disc_server_ip = {{ collector.discovery.host }}
+disc_server_port = 5998
+
+[REDIS]
+redis_server_port = 6379
+redis_query_port = 6379
+
diff --git a/opencontrail/files/2.2/contrail-analytics-nodemgr.conf b/opencontrail/files/2.2/contrail-analytics-nodemgr.conf
new file mode 100644
index 0000000..452e425
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-analytics-nodemgr.conf
@@ -0,0 +1,7 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+[DISCOVERY]
+server={{ collector.discovery.host }}
+port=5998
+
+[COLLECTOR]
+#server_list=ip1:port1 ip2:port2
diff --git a/opencontrail/files/2.2/contrail-api.conf b/opencontrail/files/2.2/contrail-api.conf
new file mode 100644
index 0000000..ef1192e
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-api.conf
@@ -0,0 +1,39 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+ifmap_server_ip={{ config.bind.address }}
+ifmap_server_port=8443
+ifmap_username=api-server
+ifmap_password=api-server
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+listen_ip_addr=0.0.0.0
+listen_port=8082
+multi_tenancy=True
+log_file=/var/log/contrail/contrail-api.log
+log_local=1
+log_level=SYS_NOTICE
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+#zk_server_ip=10.0.102.31:2181,10.0.102.32:2181,10.0.102.33:2181
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+redis_server_ip=$__contrail_redis_ip__
+rabbit_server={{ config.message_queue.host }}
+rabbit_port={{ config.message_queue.port }}
+auth=keystone
+#rabbit_port=5673{{ config.message_queue.port }}
+
+[SECURITY]
+use_certs=False
+keyfile=/etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile=/etc/contrail/ssl/certs/apiserver.pem
+ca_certs=/etc/contrail/ssl/certs/ca.pem
+
+[KEYSTONE]
+auth_host={{ config.identity.host }}
+auth_protocol=http
+auth_port={{ config.identity.port }}
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
+insecure=True
+
diff --git a/opencontrail/files/2.2/contrail-collector.conf b/opencontrail/files/2.2/contrail-collector.conf
new file mode 100644
index 0000000..6437f20
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-collector.conf
@@ -0,0 +1,64 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# Control-node configuration options
+#
+
+[DEFAULT]
+# Everything in this section is optional
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+ analytics_data_ttl={{ collector.data_ttl }}
+ analytics_config_audit_ttl={{ collector.data_ttl }}
+ analytics_statistics_ttl={{ collector.data_ttl }}
+ analytics_flow_ttl={{ collector.data_ttl }}
+
+ cassandra_server_list={% for member in collector.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+
+# IP address and port to be used to connect to kafka.
+# Multiple IP:port strings separated by space can be provided
+ kafka_broker_list=
+
+# dup=0
+ hostip={{ collector.bind.address }} # Resolved IP of `hostname`
+# hostname= # Retrieved as `hostname`
+ http_server_port=8089
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-collector.log
+# log_files_count=10
+# log_file_size=1048576 # 1MB
+ log_level=SYS_NOTICE
+ log_local=1
+
+# TCP and UDP ports to listen on for receiving syslog messages. -1 to disable.
+ syslog_port=-1
+
+# UDP port to listen on for receiving sFlow messages. -1 to disable.
+# sflow_port=6343
+
+# UDP port to listen on for receiving ipfix messages. -1 to disable.
+# ipfix_port=4739
+
+# test_mode=0
+
+[COLLECTOR]
+ port=8086
+# server= 0.0.0.0
+
+# UDP port to listen on for receiving Google Protocol Buffer messages
+# protobuf_port=3333
+
+[DISCOVERY]
+# port=5998
+ server={{ collector.discovery.host }} # discovery_server IP address
+
+[REDIS]
+ port=6379
+ server=127.0.0.1
+
diff --git a/opencontrail/files/2.2/contrail-config-nodemgr.conf b/opencontrail/files/2.2/contrail-config-nodemgr.conf
new file mode 100644
index 0000000..e996f42
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-config-nodemgr.conf
@@ -0,0 +1,7 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DISCOVERY]
+server={{ config.discovery.host }}
+port=5998
+
+[COLLECTOR]
+#server_list=ip1:port1 ip2:port2
diff --git a/opencontrail/files/2.2/contrail-control-nodemgr.conf b/opencontrail/files/2.2/contrail-control-nodemgr.conf
new file mode 100644
index 0000000..c815ba7
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-control-nodemgr.conf
@@ -0,0 +1,7 @@
+{%- from "opencontrail/map.jinja" import control with context %}
+[DISCOVERY]
+server={{ control.discovery.host }}
+port=5998
+
+[COLLECTOR]
+#server_list=ip1:port1 ip2:port2
diff --git a/opencontrail/files/2.2/contrail-control.conf b/opencontrail/files/2.2/contrail-control.conf
new file mode 100644
index 0000000..4fd07dd
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-control.conf
@@ -0,0 +1,35 @@
+{%- from "opencontrail/map.jinja" import control with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# Control-node configuration options
+#
+
+[DEFAULT]
+# bgp_config_file=bgp_config.xml
+# bgp_port=179
+# collectors= # Provided by discovery server
+ hostip={{ control.bind.address }} # Resolved IP of `hostname`
+ #hostname=ctl-oc-1 # Retrieved as `hostname`
+ hostname={{ pillar.linux.system.name }}
+# http_server_port=8083
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-control.log
+# log_files_count=10
+# log_file_size=10485760 # 10MB
+ log_level=SYS_NOTICE
+ log_local=1
+# test_mode=0
+# xmpp_server_port=5269
+
+[DISCOVERY]
+# port=5998
+ server={{ control.discovery.host }} # discovery-server IP address
+
+[IFMAP]
+ certs_store=
+ password={{ control.bind.address }}
+# server_url= # Provided by discovery server, e.g. https://127.0.0.1:8443
+ user={{ control.bind.address }}
+
diff --git a/opencontrail/files/2.2/contrail-database-nodemgr.conf b/opencontrail/files/2.2/contrail-database-nodemgr.conf
new file mode 100644
index 0000000..117c751
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-database-nodemgr.conf
@@ -0,0 +1,11 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+[DEFAULT]
+hostip={{ database.bind.host }}
+minimum_diskGB={{ database.minimum_disk }}
+
+[DISCOVERY]
+server={{ database.discovery.host }}
+port=5998
+
+[COLLECTOR]
+#server_list=ip1:port1 ip2:port2
diff --git a/opencontrail/files/2.2/contrail-device-manager.conf b/opencontrail/files/2.2/contrail-device-manager.conf
new file mode 100644
index 0000000..515179e
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-device-manager.conf
@@ -0,0 +1,13 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+rabbit_server={{ config.message_queue.host }}
+rabbit_port={{ config.message_queue.port }}
+api_server_ip={{ config.discovery.host }}
+api_server_port=8082
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+log_file=/var/log/contrail/contrail-device-manager.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+log_local=1
+log_level=SYS_NOTICE
diff --git a/opencontrail/files/2.2/contrail-discovery.conf b/opencontrail/files/2.2/contrail-discovery.conf
new file mode 100644
index 0000000..c46afd8
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-discovery.conf
@@ -0,0 +1,42 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+zk_server_ip={% for member in config.database.members %}{{ member.host }}{% if not loop.last %},{% endif %}{% endfor %}
+zk_server_port=2181
+listen_ip_addr=0.0.0.0
+listen_port=5998
+log_local=True
+log_file=/var/log/contrail/discovery.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+log_level=SYS_NOTICE
+
+# minimim time to allow client to cache service information (seconds)
+ttl_min=300
+
+# maximum time to allow client to cache service information (seconds)
+ttl_max=1800
+
+# health check ping interval <=0 for disabling
+hc_interval=5
+
+# maximum hearbeats to miss before server will declare publisher out of
+# service.
+hc_max_miss=3
+
+# use short TTL for agressive rescheduling if all services are not up
+ttl_short=1
+
+# for DNS service, we use fixed policy
+# even when the cluster has more than two control nodes, only two of these
+# should provide the DNS service
+[DNS-SERVER]
+policy = fixed
+
+######################################################################
+# Other service specific knobs ...
+
+# use short TTL for agressive rescheduling if all services are not up
+# ttl_short=1
+
+# specify policy to use when assigning services
+# policy = [load-balance | round-robin | fixed]
+######################################################################
diff --git a/opencontrail/files/2.2/contrail-dns.conf b/opencontrail/files/2.2/contrail-dns.conf
new file mode 100644
index 0000000..db5de80
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-dns.conf
@@ -0,0 +1,38 @@
+{%- from "opencontrail/map.jinja" import control with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# DNS configuration options
+#
+
+[DEFAULT]
+# collectors= # Provided by discovery server
+# dns_config_file=dns_config.xml
+# named_config_file=contrail-named.conf # named config file
+# named_config_directory=/etc/contrail/dns # named config directory
+# named_log_file=/var/log/contrail/contrail-named.log # named log file
+# rndc_config_file=contrail-rndc.conf # rndc config file
+# rndc_secret=secretkey # rndc secret
+ hostip={{ control.bind.address }} # Resolved IP of `hostname`
+ hostname={{ pillar.linux.system.name }} # Retrieved as `hostname`
+# http_server_port=8092
+# dns_server_port=53
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-dns.log
+# log_files_count=10
+# log_file_size=1048576 # 1MB
+ log_level=SYS_NOTICE
+ log_local=1
+# test_mode=0
+
+[DISCOVERY]
+# port=5998
+ server={{ control.discovery.host }} # discovery-server IP address
+
+[IFMAP]
+ certs_store=
+ password={{ control.bind.address }}.dns
+# server_url= # Provided by discovery server, e.g. https://127.0.0.1:8443
+ user={{ control.bind.address }}.dns
+
diff --git a/opencontrail/files/2.2/contrail-keystone-auth.conf b/opencontrail/files/2.2/contrail-keystone-auth.conf
new file mode 100644
index 0000000..c4ca1d1
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-keystone-auth.conf
@@ -0,0 +1,12 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[KEYSTONE]
+auth_host={{ config.identity.host }}
+auth_protocol=http
+auth_port={{ config.identity.port }}
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
+insecure=True
+#memcache_servers=127.0.0.1:11211
+memcache_servers={% for member in config.members %}{{ member.host }}:11211{% if not loop.last %},{% endif %}{% endfor %}
diff --git a/opencontrail/files/2.2/contrail-query-engine.conf b/opencontrail/files/2.2/contrail-query-engine.conf
new file mode 100644
index 0000000..724685e
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-query-engine.conf
@@ -0,0 +1,31 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+#
+# Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+#
+# Query-Engine configuration options
+#
+
+[DEFAULT]
+# analytics_data_ttl=48
+ cassandra_server_list={% for member in collector.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+ collectors=127.0.0.1:8086
+ hostip=$__contrail_host_ip__ # Resolved IP of `hostname`
+# hostname= # Retrieved as `hostname`
+ http_server_port=8091
+# log_category=
+# log_disable=0
+ log_file=/var/log/contrail/contrail-query-engine.log
+# log_files_count=10
+# log_file_size=1048576 # 1MB
+ log_level=SYS_NOTICE
+ log_local=1
+# test_mode=0
+
+[DISCOVERY]
+# port=5998
+# server= # discovery_server IP address
+
+[REDIS]
+ port=6379
+ server=127.0.0.1
+
diff --git a/opencontrail/files/2.2/contrail-schema.conf b/opencontrail/files/2.2/contrail-schema.conf
new file mode 100644
index 0000000..14290f0
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-schema.conf
@@ -0,0 +1,28 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[DEFAULTS]
+ifmap_server_ip={{ config.bind.address }}
+ifmap_server_port=8443
+ifmap_username=schema-transformer
+ifmap_password=schema-transformer
+api_server_ip={{ config.discovery.host }}
+api_server_port=8082
+#zk_server_ip=10.0.102.31:2181,10.0.102.32:2181,10.0.102.33:2181
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+log_file=/var/log/contrail/contrail-schema.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+log_local=1
+log_level=SYS_NOTICE
+
+[SECURITY]
+use_certs=False
+keyfile=/etc/contrail/ssl/private_keys/schema_xfer_key.pem
+certfile=/etc/contrail/ssl/certs/schema_xfer.pem
+ca_certs=/etc/contrail/ssl/certs/ca.pem
+
+[KEYSTONE]
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
diff --git a/opencontrail/files/2.2/contrail-snmp-collector.conf b/opencontrail/files/2.2/contrail-snmp-collector.conf
new file mode 100644
index 0000000..7beb090
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-snmp-collector.conf
@@ -0,0 +1,33 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+[DEFAULTS]
+#api_server=127.0.0.1:8082
+
+#collectors=127.0.0.1:8086
+
+#fast_scan_frequency=60
+
+#http_server_port=5920
+
+log_local=1
+log_level=SYS_NOTICE
+log_file=/var/log/contrail/contrail-snmp-collector.log
+zookeeper = {% for member in collector.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+
+#scan_frequency=600
+
+#zookeeper=127.0.0.1:2181
+
+[DISCOVERY]
+disc_server_ip = {{ collector.discovery.host }}
+disc_server_port = 5998
+#disc_server_ip=127.0.0.1
+#disc_server_port=5998
+
+[KEYSTONE]
+#keystone parameters come from contrail-keystone-auth.conf
+#auth_host=127.0.0.1
+#auth_protocol=http
+#auth_port=35357
+#admin_user=user1
+#admin_password=password1
+#admin_tenant_name=default-domain
diff --git a/opencontrail/files/2.2/contrail-svc-monitor.conf b/opencontrail/files/2.2/contrail-svc-monitor.conf
new file mode 100644
index 0000000..13fbd5b
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-svc-monitor.conf
@@ -0,0 +1,40 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+
+[DEFAULTS]
+ifmap_server_ip={{ config.bind.address }}
+ifmap_server_port=8443
+ifmap_username=svc-monitor
+ifmap_password=svc-monitor
+api_server_ip={{ config.discovery.host }}
+api_server_port=8082
+#zk_server_ip=10.0.102.31:2181,10.0.102.32:2181,10.0.102.33:2181
+zk_server_ip={% for member in config.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+log_file=/var/log/contrail/contrail-svc-monitor.log
+cassandra_server_list={% for member in config.database.members %}{{ member.host }}:{{ member.port }} {% endfor %}
+disc_server_ip={{ config.discovery.host }}
+disc_server_port=5998
+region_name=RegionOne
+log_local=1
+log_level=SYS_NOTICE
+rabbit_server={{ config.message_queue.host }}
+rabbit_port={{ config.message_queue.port }}
+
+[SCHEDULER]
+analytics_server_ip={{ config.analytics.host }}
+analytics_server_port=8081
+
+[SECURITY]
+use_certs=False
+keyfile=/etc/contrail/ssl/private_keys/svc_monitor_key.pem
+certfile=/etc/contrail/ssl/certs/svc_monitor.pem
+ca_certs=/etc/contrail/ssl/certs/ca.pem
+
+[KEYSTONE]
+auth_host={{ config.identity.host }}
+auth_protocol=http
+auth_port={{ config.identity.port }}
+auth_insecure=True
+admin_user={{ config.identity.user }}
+admin_password={{ config.identity.password }}
+admin_token={{ config.identity.token }}
+admin_tenant_name={{ config.identity.tenant }}
diff --git a/opencontrail/files/2.2/contrail-topology.conf b/opencontrail/files/2.2/contrail-topology.conf
new file mode 100644
index 0000000..9adaba4
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-topology.conf
@@ -0,0 +1,15 @@
+{%- from "opencontrail/map.jinja" import collector with context %}
+[DEFAULTS]
+#analytics_api=127.0.0.1:8081
+#collectors=127.0.0.1:8086
+
+#http_server_port=5921
+
+log_local=1
+log_level=SYS_NOTICE
+log_file=/var/log/contrail/contrail-topology.log
+zookeeper = {% for member in collector.database.members %}{{ member.host }}:2181{% if not loop.last %},{% endif %}{% endfor %}
+
+#scan_frequency=60
+
+#zookeeper=127.0.0.1:2181
diff --git a/opencontrail/files/2.2/contrail-tor-agent.conf b/opencontrail/files/2.2/contrail-tor-agent.conf
new file mode 100644
index 0000000..bfdfa68
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-tor-agent.conf
@@ -0,0 +1,105 @@
+{%- from "opencontrail/map.jinja" import tor with context %}
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- from "linux/map.jinja" import system with context %}
+{%- set port = tor.bind.port + number %}
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (optional)
+# server=10.0.0.1 10.0.0.2
+
+[DEFAULT]
+agent_name={{ system.name }}-{{ number }}
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors=127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug=0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout=0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname=
+
+# Category for logging. Default value is '*'
+# log_category=
+
+# Local log file name
+log_file=/var/log/contrail/contrail-tor-agent-{{ number }}.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+# log_level=SYS_DEBUG
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+# log_local=0
+
+# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
+# log_flow=0
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type=
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode=
+
+# Define agent mode. Only supported value is "tor"
+ agent_mode=tor
+
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port=8085
+http_server_port={{ port }}
+
+[DISCOVERY]
+#If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this
+#section is mandatory. Else this section is optional
+
+# IP address of discovery server
+server={{ compute.discovery.host }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+# max_control_nodes=1
+
+[DNS]
+# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server=10.0.0.1 10.0.0.2
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip={{ tor.control.address }}
+
+[TOR]
+# IP address of the TOR to manage
+tor_ip={{ tor.device.host }}
+
+# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
+tor_id={{ number }}
+
+# ToR management scheme is based on this type. Only supported value is "ovs"
+tor_type=ovs
+
+# OVS server port number on the ToR
+tor_ovs_port=6632
+
+# IP-Transport protocol used to connect to tor. Only supported value is "tcp"
+tor_ovs_protocol=tcp
+
+tsn_ip={{ tor.interface.address }}
+
+
diff --git a/opencontrail/files/2.2/contrail-vrouter-agent.conf b/opencontrail/files/2.2/contrail-vrouter-agent.conf
new file mode 100644
index 0000000..b548d70
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-vrouter-agent.conf
@@ -0,0 +1,173 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server=10.0.0.1 10.0.0.2
+
+[DEFAULT]
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors=127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug=0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout=0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname=
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port=8085
+
+# Category for logging. Default value is '*'
+# log_category=
+
+# Local log file name
+log_file=/var/log/contrail/contrail-vrouter-agent.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level=SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+log_local=1
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type=
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode=
+headless_mode=true
+
+# DHCP relay mode (true or false) to determine if a DHCP request in fabric
+# interface with an unconfigured IP should be relayed or not
+# dhcp_relay_mode=
+
+# DPDK or legacy work mode
+platform=default
+
+# Physical address of PCI used by dpdk
+physical_interface_address=
+
+# MAC address of device used by dpdk
+
+
+[DISCOVERY]
+# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is
+# mandatory. Else this section is optional
+
+# IP address of discovery server
+server={{ compute.discovery.host }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+max_control_nodes=2
+
+[DNS]
+# IP address and port to be used to connect to dns-node. Maximum of 2 IP
+# addresses (separated by a space) can be provided. If no IP is configured then
+# the value provided by discovery service will be used.
+# server=10.0.0.1:53 10.0.0.2:53
+
+[HYPERVISOR]
+# Everything in this section is optional
+
+# Hypervisor type. Possible values are kvm, xen and vmware
+type=kvm
+#vmware_mode=
+# Link-local IP address and prefix in ip/prefix_len format (for xen)
+# xen_ll_ip=
+
+# Link-local interface name when hypervisor type is Xen
+# xen_ll_interface=
+
+# Physical interface name when hypervisor type is vmware
+vmware_physical_interface=
+
+[FLOWS]
+# Everything in this section is optional
+
+# Maximum flows allowed per VM (given as % of maximum system flows)
+# max_vm_flows=100
+# Maximum number of link-local flows allowed across all VMs
+# max_system_linklocal_flows=4096
+# Maximum number of link-local flows allowed per VM
+# max_vm_linklocal_flows=1024
+
+[METADATA]
+# Shared secret for metadata proxy service (Optional)
+# metadata_proxy_secret=contrail
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip={{ compute.interface.address }}
+
+[VIRTUAL-HOST-INTERFACE]
+# Everything in this section is mandatory
+
+# name of virtual host interface
+name=vhost0
+
+# IP address and prefix in ip/prefix_len format
+ip={{ compute.interface.address }}/{{ compute.interface.mask }}
+
+# Gateway IP address for virtual host
+gateway={{ compute.interface.gateway }}
+
+# Physical interface name to which virtual host interface maps to
+physical_interface={{ compute.interface.dev }}
+
+# We can have multiple gateway sections with different indices in the
+# following format
+# [GATEWAY-0]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance=default-domain:admin:public:public
+
+# Gateway interface name
+# interface=vgw
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks=1.1.1.1/24
+
+# [GATEWAY-1]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance=default-domain:admin:public1:public1
+
+# Gateway interface name
+# interface=vgw1
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks=2.2.1.0/24 2.2.2.0/24
+
+# Routes to be exported in routing_instance. Each route is represented as
+# ip/prefix. Multiple routes are represented by separating each with a space
+# routes=10.10.10.1/24 11.11.11.1/24
+
+[SERVICE-INSTANCE]
+# Path to the script which handles the netns commands
+netns_command=/usr/bin/opencontrail-vrouter-netns
+
+# Number of workers that will be used to start netns commands
+#netns_workers=1
+
+# Timeout for each netns command, when the timeout is reached, the netns
+# command is killed.
+#netns_timeout=30
\ No newline at end of file
diff --git a/opencontrail/files/2.2/contrail-vrouter-nodemgr.conf b/opencontrail/files/2.2/contrail-vrouter-nodemgr.conf
new file mode 100644
index 0000000..e3f1957
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-vrouter-nodemgr.conf
@@ -0,0 +1,7 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+[DISCOVERY]
+server={{ compute.discovery.host }}
+port=5998
+
+[COLLECTOR]
+#server_list=ip1:port1 ip2:port2
diff --git a/opencontrail/files/2.2/contrail-webui-userauth.js b/opencontrail/files/2.2/contrail-webui-userauth.js
new file mode 100644
index 0000000..e1a19d7
--- /dev/null
+++ b/opencontrail/files/2.2/contrail-webui-userauth.js
@@ -0,0 +1,15 @@
+{%- from "opencontrail/map.jinja" import web with context %}
+/*
+ * Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
+ */
+
+/****************************************************************************
+ * Specify the authentication parameters for admin user
+ ****************************************************************************/
+var auth = {};
+auth.admin_user = '{{ web.identity.user }}';
+auth.admin_password = '{{ web.identity.password }}';
+auth.admin_token = '{{ web.identity.token }}';
+auth.admin_tenant_name = '{{ web.identity.tenant }}';
+
+module.exports = auth;
diff --git a/opencontrail/files/2.2/control/contrail-named.conf b/opencontrail/files/2.2/control/contrail-named.conf
new file mode 100644
index 0000000..18ef5af
--- /dev/null
+++ b/opencontrail/files/2.2/control/contrail-named.conf
@@ -0,0 +1,44 @@
+options {
+ directory "/etc/contrail/dns/";
+ managed-keys-directory "/etc/contrail/dns/";
+ empty-zones-enable no;
+ pid-file "/etc/contrail/dns/named.pid";
+ listen-on port 53 { any; };
+ allow-query { any; };
+ allow-recursion { any; };
+ allow-query-cache { any; };
+};
+
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "xvysmOR8lnUQRBcunkC6vg==";
+};
+
+controls {
+ inet 127.0.0.1 port 8094
+ allow { 127.0.0.1; } keys { "rndc-key"; };
+};
+
+logging {
+ channel debug_log {
+ file "/var/log/contrail/contrail-named.log" versions 3 size 5m;
+ severity debug;
+ print-time yes;
+ print-severity yes;
+ print-category yes;
+ };
+ category default {
+ debug_log;
+ };
+ category queries {
+ debug_log;
+ };
+};
+
+view "_default_view_" {
+ match-clients {any;};
+ match-destinations {any;};
+ match-recursive-only no;
+ forwarders {10.0.110.18; };
+};
+
diff --git a/opencontrail/files/2.2/control/contrail-rndc.conf b/opencontrail/files/2.2/control/contrail-rndc.conf
new file mode 100644
index 0000000..5a820a1
--- /dev/null
+++ b/opencontrail/files/2.2/control/contrail-rndc.conf
@@ -0,0 +1,11 @@
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "xvysmOR8lnUQRBcunkC6vg==";
+};
+
+options {
+ default-key "rndc-key";
+ default-server 127.0.0.1;
+ default-port 8094;
+};
+
diff --git a/opencontrail/files/2.2/ctrl-details b/opencontrail/files/2.2/ctrl-details
new file mode 100644
index 0000000..b9ded57
--- /dev/null
+++ b/opencontrail/files/2.2/ctrl-details
@@ -0,0 +1,18 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+CONTROLLER_MGMT={{ common.identity.host }}
+SERVICE_TOKEN={{ common.identity.token }}
+ADMIN_TOKEN={{ common.identity.password }}
+CONTROLLER={{ common.identity.host }}
+QUANTUM={{ common.network.host }}
+QUANTUM_PORT={{ common.network.port }}
+COMPUTE=None
+AUTH_PROTOCOL=http
+QUANTUM_PROTOCOL=http
+AMQP_SERVER={{ common.identity.host }}
+INTERNAL_VIP={{ common.identity.host }}
+HYPERVISOR=libvirt
+NOVA_PASSWORD={{ common.identity.password }}
+NEUTRON_PASSWORD={{ common.identity.password }}
+SERVICE_TENANT_NAME=service
+
+
diff --git a/opencontrail/files/2.2/database/cassandra-env.sh b/opencontrail/files/2.2/database/cassandra-env.sh
new file mode 100644
index 0000000..2ca323e
--- /dev/null
+++ b/opencontrail/files/2.2/database/cassandra-env.sh
@@ -0,0 +1,308 @@
+{%- from "opencontrail/map.jinja" import database with context %}# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+calculate_heap_sizes()
+{
+ case "`uname`" in
+ Linux)
+ system_memory_in_mb=`free -m | awk '/:/ {print $2;exit}'`
+ system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo`
+ ;;
+ FreeBSD)
+ system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'`
+ system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
+ system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
+ ;;
+ SunOS)
+ system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'`
+ system_cpu_cores=`psrinfo | wc -l`
+ ;;
+ Darwin)
+ system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'`
+ system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
+ system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
+ ;;
+ *)
+ # assume reasonable defaults for e.g. a modern desktop or
+ # cheap server
+ system_memory_in_mb="2048"
+ system_cpu_cores="2"
+ ;;
+ esac
+
+ # some systems like the raspberry pi don't report cores, use at least 1
+ if [ "$system_cpu_cores" -lt "1" ]
+ then
+ system_cpu_cores="1"
+ fi
+
+ # set max heap size based on the following
+ # max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB))
+ # calculate 1/2 ram and cap to 1024MB
+ # calculate 1/4 ram and cap to 8192MB
+ # pick the max
+ half_system_memory_in_mb=`expr $system_memory_in_mb / 2`
+ quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2`
+ if [ "$half_system_memory_in_mb" -gt "1024" ]
+ then
+ half_system_memory_in_mb="1024"
+ fi
+ if [ "$quarter_system_memory_in_mb" -gt "8192" ]
+ then
+ quarter_system_memory_in_mb="8192"
+ fi
+ if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ]
+ then
+ max_heap_size_in_mb="$half_system_memory_in_mb"
+ else
+ max_heap_size_in_mb="$quarter_system_memory_in_mb"
+ fi
+ MAX_HEAP_SIZE="${max_heap_size_in_mb}M"
+
+ # Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size)
+ max_sensible_yg_per_core_in_mb="100"
+ max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores`
+
+ desired_yg_in_mb=`expr $max_heap_size_in_mb / 4`
+
+ if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ]
+ then
+ HEAP_NEWSIZE="${max_sensible_yg_in_mb}M"
+ else
+ HEAP_NEWSIZE="${desired_yg_in_mb}M"
+ fi
+}
+
+# Determine the sort of JVM we'll be running on.
+
+java_ver_output=`"${JAVA:-java}" -version 2>&1`
+
+jvmver=`echo "$java_ver_output" | grep '[openjdk|java] version' | awk -F'"' 'NR==1 {print $2}'`
+JVM_VERSION=${jvmver%_*}
+JVM_PATCH_VERSION=${jvmver#*_}
+
+if [ "$JVM_VERSION" \< "1.7" ] ; then
+ echo "Cassandra 2.0 and later require Java 7u25 or later."
+ exit 1;
+fi
+
+if [ "$JVM_VERSION" \< "1.8" ] && [ "$JVM_PATCH_VERSION" \< "25" ] ; then
+ echo "Cassandra 2.0 and later require Java 7u25 or later."
+ exit 1;
+fi
+
+
+jvm=`echo "$java_ver_output" | grep -A 1 'java version' | awk 'NR==2 {print $1}'`
+case "$jvm" in
+ OpenJDK)
+ JVM_VENDOR=OpenJDK
+ # this will be "64-Bit" or "32-Bit"
+ JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $2}'`
+ ;;
+ "Java(TM)")
+ JVM_VENDOR=Oracle
+ # this will be "64-Bit" or "32-Bit"
+ JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $3}'`
+ ;;
+ *)
+ # Help fill in other JVM values
+ JVM_VENDOR=other
+ JVM_ARCH=unknown
+ ;;
+esac
+
+
+# Override these to set the amount of memory to allocate to the JVM at
+# start-up. For production use you may wish to adjust this for your
+# environment. MAX_HEAP_SIZE is the total amount of memory dedicated
+# to the Java heap; HEAP_NEWSIZE refers to the size of the young
+# generation. Both MAX_HEAP_SIZE and HEAP_NEWSIZE should be either set
+# or not (if you set one, set the other).
+#
+# The main trade-off for the young generation is that the larger it
+# is, the longer GC pause times will be. The shorter it is, the more
+# expensive GC will be (usually).
+#
+# The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause
+# times. If in doubt, and if you do not particularly want to tweak, go with
+# 100 MB per physical CPU core.
+
+#MAX_HEAP_SIZE="4G"
+#HEAP_NEWSIZE="800M"
+
+{%- if database.max_heap_size is defined %}
+MAX_HEAP_SIZE="{{ database.max_heap_size }}"
+{%- endif %}
+{%- if database.heap_newsize is defined %}
+HEAP_NEWSIZE="{{ database.heap_newsize }}"
+{%- endif %}
+
+# Set this to control the amount of arenas per-thread in glibc
+#export MALLOC_ARENA_MAX=4
+
+if [ "x$MAX_HEAP_SIZE" = "x" ] && [ "x$HEAP_NEWSIZE" = "x" ]; then
+ calculate_heap_sizes
+else
+ if [ "x$MAX_HEAP_SIZE" = "x" ] || [ "x$HEAP_NEWSIZE" = "x" ]; then
+ echo "please set or unset MAX_HEAP_SIZE and HEAP_NEWSIZE in pairs (see cassandra-env.sh)"
+ exit 1
+ fi
+fi
+
+if [ "x$MALLOC_ARENA_MAX" = "x" ]
+then
+ export MALLOC_ARENA_MAX=4
+fi
+
+# Specifies the default port over which Cassandra will be available for
+# JMX connections.
+# For security reasons, you should not expose this port to the internet. Firewall it if needed.
+JMX_PORT="7199"
+
+
+# Here we create the arguments that will get passed to the jvm when
+# starting cassandra.
+
+# enable assertions. disabling this in production will give a modest
+# performance benefit (around 5%).
+JVM_OPTS="$JVM_OPTS -ea"
+
+# add the jamm javaagent
+JVM_OPTS="$JVM_OPTS -javaagent:$CASSANDRA_HOME/lib/jamm-0.3.0.jar"
+
+# some JVMs will fill up their heap when accessed via JMX, see CASSANDRA-6541
+JVM_OPTS="$JVM_OPTS -XX:+CMSClassUnloadingEnabled"
+
+# enable thread priorities, primarily so we can give periodic tasks
+# a lower priority to avoid interfering with client workload
+JVM_OPTS="$JVM_OPTS -XX:+UseThreadPriorities"
+# allows lowering thread priority without being root. see
+# http://tech.stolsvik.com/2010/01/linux-java-thread-priorities-workaround.html
+JVM_OPTS="$JVM_OPTS -XX:ThreadPriorityPolicy=42"
+
+# min and max heap sizes should be set to the same value to avoid
+# stop-the-world GC pauses during resize, and so that we can lock the
+# heap in memory on startup to prevent any of it from being swapped
+# out.
+JVM_OPTS="$JVM_OPTS -Xms${MAX_HEAP_SIZE}"
+JVM_OPTS="$JVM_OPTS -Xmx${MAX_HEAP_SIZE}"
+JVM_OPTS="$JVM_OPTS -Xmn${HEAP_NEWSIZE}"
+JVM_OPTS="$JVM_OPTS -XX:+HeapDumpOnOutOfMemoryError"
+
+# set jvm HeapDumpPath with CASSANDRA_HEAPDUMP_DIR
+if [ "x$CASSANDRA_HEAPDUMP_DIR" != "x" ]; then
+ JVM_OPTS="$JVM_OPTS -XX:HeapDumpPath=$CASSANDRA_HEAPDUMP_DIR/cassandra-`date +%s`-pid$$.hprof"
+fi
+
+
+startswith() { [ "${1#$2}" != "$1" ]; }
+
+# Per-thread stack size.
+JVM_OPTS="$JVM_OPTS -Xss256k"
+
+# Larger interned string table, for gossip's benefit (CASSANDRA-6410)
+JVM_OPTS="$JVM_OPTS -XX:StringTableSize=1000003"
+
+# GC tuning options
+JVM_OPTS="$JVM_OPTS -XX:+UseParNewGC"
+JVM_OPTS="$JVM_OPTS -XX:+UseConcMarkSweepGC"
+JVM_OPTS="$JVM_OPTS -XX:+CMSParallelRemarkEnabled"
+JVM_OPTS="$JVM_OPTS -XX:SurvivorRatio=8"
+JVM_OPTS="$JVM_OPTS -XX:MaxTenuringThreshold=1"
+JVM_OPTS="$JVM_OPTS -XX:CMSInitiatingOccupancyFraction=75"
+JVM_OPTS="$JVM_OPTS -XX:+UseCMSInitiatingOccupancyOnly"
+JVM_OPTS="$JVM_OPTS -XX:+UseTLAB"
+JVM_OPTS="$JVM_OPTS -XX:CompileCommandFile=$CASSANDRA_CONF/hotspot_compiler"
+JVM_OPTS="$JVM_OPTS -XX:CMSWaitDuration=10000"
+
+# note: bash evals '1.7.x' as > '1.7' so this is really a >= 1.7 jvm check
+if { [ "$JVM_VERSION" \> "1.7" ] && [ "$JVM_VERSION" \< "1.8.0" ] && [ "$JVM_PATCH_VERSION" -ge "60" ]; } || [ "$JVM_VERSION" \> "1.8" ] ; then
+ JVM_OPTS="$JVM_OPTS -XX:+CMSParallelInitialMarkEnabled -XX:+CMSEdenChunksRecordAlways -XX:CMSWaitDuration=10000"
+fi
+
+if [ "$JVM_ARCH" = "64-Bit" ] ; then
+ JVM_OPTS="$JVM_OPTS -XX:+UseCondCardMark"
+fi
+
+# GC logging options -- uncomment to enable
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCDetails"
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCDateStamps"
+JVM_OPTS="$JVM_OPTS -XX:+PrintHeapAtGC"
+JVM_OPTS="$JVM_OPTS -XX:+PrintTenuringDistribution"
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCApplicationStoppedTime"
+JVM_OPTS="$JVM_OPTS -XX:+PrintPromotionFailure"
+JVM_OPTS="$JVM_OPTS -XX:PrintFLSStatistics=1"
+JVM_OPTS="$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log"
+# If you are using JDK 6u34 7u2 or later you can enable GC log rotation
+# don't stick the date in the log name if rotation is on.
+# JVM_OPTS="$JVM_OPTS -Xloggc:/var/log/cassandra/gc.log"
+# JVM_OPTS="$JVM_OPTS -XX:+UseGCLogFileRotation"
+# JVM_OPTS="$JVM_OPTS -XX:NumberOfGCLogFiles=10"
+# JVM_OPTS="$JVM_OPTS -XX:GCLogFileSize=10M"
+
+# Configure the following for JEMallocAllocator and if jemalloc is not available in the system
+# library path (Example: /usr/local/lib/). Usually "make install" will do the right thing.
+# export LD_LIBRARY_PATH=<JEMALLOC_HOME>/lib/
+# JVM_OPTS="$JVM_OPTS -Djava.library.path=<JEMALLOC_HOME>/lib/"
+
+# uncomment to have Cassandra JVM listen for remote debuggers/profilers on port 1414
+# JVM_OPTS="$JVM_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=1414"
+
+# uncomment to have Cassandra JVM log internal method compilation (developers only)
+# JVM_OPTS="$JVM_OPTS -XX:+UnlockDiagnosticVMOptions -XX:+LogCompilation"
+
+# Prefer binding to IPv4 network intefaces (when net.ipv6.bindv6only=1). See
+# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6342561 (short version:
+# comment out this entry to enable IPv6 support).
+JVM_OPTS="$JVM_OPTS -Djava.net.preferIPv4Stack=true"
+
+# jmx: metrics and administration interface
+#
+# add this if you're having trouble connecting:
+# JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=<public name>"
+#
+# see
+# https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
+# for more on configuring JMX through firewalls, etc. (Short version:
+# get it working with no firewall first.)
+#
+# Cassandra ships with JMX accessible *only* from localhost.
+# To enable remote JMX connections, uncomment lines below
+# with authentication and/or ssl enabled. See https://wiki.apache.org/cassandra/JmxSecurity
+#
+LOCAL_JMX=yes
+
+if [ "$LOCAL_JMX" = "yes" ]; then
+ JVM_OPTS="$JVM_OPTS -Dcassandra.jmx.local.port=$JMX_PORT -XX:+DisableExplicitGC"
+else
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=true"
+ JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.password.file=/etc/cassandra/jmxremote.password"
+fi
+
+# To use mx4j, an HTML interface for JMX, add mx4j-tools.jar to the lib/
+# directory.
+# See http://wiki.apache.org/cassandra/Operations#Monitoring_with_MX4J
+# By default mx4j listens on 0.0.0.0:8081. Uncomment the following lines
+# to control its listen address and port.
+#MX4J_ADDRESS="-Dmx4jaddress=127.0.0.1"
+#MX4J_PORT="-Dmx4jport=8081"
+
+JVM_OPTS="$JVM_OPTS $MX4J_ADDRESS"
+JVM_OPTS="$JVM_OPTS $MX4J_PORT"
+JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS"
diff --git a/opencontrail/files/2.2/database/log4j.properties b/opencontrail/files/2.2/database/log4j.properties
new file mode 100644
index 0000000..0d4c4e7
--- /dev/null
+++ b/opencontrail/files/2.2/database/log4j.properties
@@ -0,0 +1,51 @@
+#
+# ZooKeeper Logging Configuration
+#
+
+# Format is "<default threshold> (, <appender>)+
+
+log4j.rootLogger=${zookeeper.root.logger}
+
+# Example: console appender only
+# log4j.rootLogger=INFO, CONSOLE
+
+# Example with rolling log file
+#log4j.rootLogger=DEBUG, CONSOLE, ROLLINGFILE
+
+# Example with rolling log file and tracing
+#log4j.rootLogger=TRACE, CONSOLE, ROLLINGFILE, TRACEFILE
+
+#
+# Log INFO level and above messages to the console
+#
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=INFO
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+#
+# Add ROLLINGFILE to rootLogger to get log file output
+# Log DEBUG level and above messages to a log file
+log4j.appender.ROLLINGFILE=org.apache.log4j.RollingFileAppender
+log4j.appender.ROLLINGFILE.Threshold=DEBUG
+log4j.appender.ROLLINGFILE.File=${zookeeper.log.dir}/zookeeper.log
+
+# Max log file size of 10MB
+log4j.appender.ROLLINGFILE.MaxFileSize=10MB
+# uncomment the next line to limit number of backup files
+log4j.appender.ROLLINGFILE.MaxBackupIndex=10
+
+log4j.appender.ROLLINGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.ROLLINGFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L] - %m%n
+
+
+#
+# Add TRACEFILE to rootLogger to get log file output
+# Log DEBUG level and above messages to a log file
+log4j.appender.TRACEFILE=org.apache.log4j.FileAppender
+log4j.appender.TRACEFILE.Threshold=TRACE
+log4j.appender.TRACEFILE.File=${zookeeper.log.dir}/zookeeper_trace.log
+
+log4j.appender.TRACEFILE.layout=org.apache.log4j.PatternLayout
+### Notice we are including log4j's NDC here (%x)
+log4j.appender.TRACEFILE.layout.ConversionPattern=%d{ISO8601} - %-5p [%t:%C{1}@%L][%x] - %m%n
diff --git a/opencontrail/files/2.2/default_pmac b/opencontrail/files/2.2/default_pmac
new file mode 100644
index 0000000..874d3ee
--- /dev/null
+++ b/opencontrail/files/2.2/default_pmac
@@ -0,0 +1,2 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+{{ compute.interface.default_pmac }}
\ No newline at end of file
diff --git a/opencontrail/files/2.2/keystonerc b/opencontrail/files/2.2/keystonerc
new file mode 100644
index 0000000..b665fac
--- /dev/null
+++ b/opencontrail/files/2.2/keystonerc
@@ -0,0 +1,4 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+export OS_USERNAME=admin
+export SERVICE_TOKEN={{ common.identity.token }}
+export OS_SERVICE_ENDPOINT=http://{{ common.identity.host }}:{{ common.identity.port }}/v2.0
diff --git a/opencontrail/files/2.2/openstackrc b/opencontrail/files/2.2/openstackrc
new file mode 100644
index 0000000..7c8ef03
--- /dev/null
+++ b/opencontrail/files/2.2/openstackrc
@@ -0,0 +1,6 @@
+{%- from "opencontrail/map.jinja" import common with context %}
+export OS_USERNAME=admin
+export OS_PASSWORD={{ common.identity.password }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://{{ common.identity.host }}:5000/v2.0/
+export OS_NO_CACHE=1
diff --git a/opencontrail/files/2.2/tor/contrail-tor-agent.ini b/opencontrail/files/2.2/tor/contrail-tor-agent.ini
new file mode 100644
index 0000000..3443c3a
--- /dev/null
+++ b/opencontrail/files/2.2/tor/contrail-tor-agent.ini
@@ -0,0 +1,14 @@
+{%- from "opencontrail/map.jinja" import tor with context %}
+
+[program:contrail-tor-agent-{{ number }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ number }}.conf
+priority=420
+autostart=true
+killasgroup=true
+stopsignal=KILL
+stdout_capture_maxbytes=1MB
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ number }}-stdout.log
+stderr_logfile=/dev/null
+startsecs=5
+exitcodes=0 ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/2.2/vnc_api_lib.ini b/opencontrail/files/2.2/vnc_api_lib.ini
new file mode 100644
index 0000000..9465554
--- /dev/null
+++ b/opencontrail/files/2.2/vnc_api_lib.ini
@@ -0,0 +1,17 @@
+{%- from "opencontrail/map.jinja" import config with context %}
+[global]
+;WEB_SERVER = 127.0.0.1
+;WEB_PORT = 9696 ; connection through quantum plugin
+
+WEB_SERVER = 127.0.0.1
+WEB_PORT = 8082 ; connection to api-server directly
+BASE_URL = /
+;BASE_URL = /tenants/infra ; common-prefix for all URLs
+
+; Authentication settings (optional)
+[auth]
+AUTHN_TYPE = keystone
+AUTHN_PROTOCOL = http
+AUTHN_SERVER= {{ config.identity.host }}
+AUTHN_PORT = {{ config.identity.port }}
+AUTHN_URL = /v2.0/tokens
diff --git a/opencontrail/files/2.2/vrouter_nodemgr_param b/opencontrail/files/2.2/vrouter_nodemgr_param
new file mode 100644
index 0000000..f8d803f
--- /dev/null
+++ b/opencontrail/files/2.2/vrouter_nodemgr_param
@@ -0,0 +1,2 @@
+{%- from "opencontrail/map.jinja" import compute with context %}
+DISCOVERY={{ compute.discovery.host }}
diff --git a/opencontrail/files/2.2/zoo.cfg b/opencontrail/files/2.2/zoo.cfg
new file mode 100644
index 0000000..c2e245e
--- /dev/null
+++ b/opencontrail/files/2.2/zoo.cfg
@@ -0,0 +1,61 @@
+{%- from "opencontrail/map.jinja" import database with context %}
+# http://hadoop.apache.org/zookeeper/docs/current/zookeeperAdmin.html
+
+# The number of milliseconds of each tick
+tickTime=2000
+# The number of ticks that the initial
+# synchronization phase can take
+initLimit=10
+# The number of ticks that can pass between
+# sending a request and getting an acknowledgement
+syncLimit=5
+# the directory where the snapshot is stored.
+dataDir=/var/lib/zookeeper
+# Place the dataLogDir to a separate physical disc for better performance
+# dataLogDir=/disk2/zookeeper
+
+# the port at which the clients will connect
+clientPort=2181
+
+# specify all zookeeper servers
+# The fist port is used by followers to connect to the leader
+# The second one is used for leader election
+#server.1=zookeeper1:2888:3888
+#server.2=zookeeper2:2888:3888
+#server.3=zookeeper3:2888:3888
+
+
+# To avoid seeks ZooKeeper allocates space in the transaction log file in
+# blocks of preAllocSize kilobytes. The default block size is 64M. One reason
+# for changing the size of the blocks is to reduce the block size if snapshots
+# are taken more often. (Also, see snapCount).
+#preAllocSize=65536
+
+# Clients can submit requests faster than ZooKeeper can process them,
+# especially if there are a lot of clients. To prevent ZooKeeper from running
+# out of memory due to queued requests, ZooKeeper will throttle clients so that
+# there is no more than globalOutstandingLimit outstanding requests in the
+# system. The default limit is 1,000.ZooKeeper logs transactions to a
+# transaction log. After snapCount transactions are written to a log file a
+# snapshot is started and a new transaction log file is started. The default
+# snapCount is 10,000.
+#snapCount=1000
+
+# If this option is defined, requests will be will logged to a trace file named
+# traceFile.year.month.day.
+#traceFile=
+
+# Leader accepts client connections. Default value is "yes". The leader machine
+# coordinates updates. For higher update throughput at thes slight expense of
+# read throughput the leader can be configured to not accept clients and focus
+# on coordination.
+#leaderServes=yes
+
+maxSessionTimeout=120000
+autopurge.purgeInterval=3
+{%- for member in database.members %}
+server.{{ member.id }}={{ member.host }}:2888:3888
+{%- endfor %}
+#server.1=10.0.222.2:2888:3888
+#server.2=10.0.222.3:2888:3888
+#server.3=10.0.222.4:2888:3888
diff --git a/opencontrail/files/cassandra-env.sh.1 b/opencontrail/files/cassandra-env.sh.1
new file mode 100644
index 0000000..875c463
--- /dev/null
+++ b/opencontrail/files/cassandra-env.sh.1
@@ -0,0 +1,247 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+calculate_heap_sizes()
+{
+ case "`uname`" in
+ Linux)
+ system_memory_in_mb=`free -m | awk '/Mem:/ {print $2}'`
+ system_cpu_cores=`egrep -c 'processor([[:space:]]+):.*' /proc/cpuinfo`
+ ;;
+ FreeBSD)
+ system_memory_in_bytes=`sysctl hw.physmem | awk '{print $2}'`
+ system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
+ system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
+ ;;
+ SunOS)
+ system_memory_in_mb=`prtconf | awk '/Memory size:/ {print $3}'`
+ system_cpu_cores=`psrinfo | wc -l`
+ ;;
+ Darwin)
+ system_memory_in_bytes=`sysctl hw.memsize | awk '{print $2}'`
+ system_memory_in_mb=`expr $system_memory_in_bytes / 1024 / 1024`
+ system_cpu_cores=`sysctl hw.ncpu | awk '{print $2}'`
+ ;;
+ *)
+ # assume reasonable defaults for e.g. a modern desktop or
+ # cheap server
+ system_memory_in_mb="2048"
+ system_cpu_cores="2"
+ ;;
+ esac
+
+ # some systems like the raspberry pi don't report cores, use at least 1
+ if [ "$system_cpu_cores" -lt "1" ]
+ then
+ system_cpu_cores="1"
+ fi
+
+ # set max heap size based on the following
+ # max(min(1/2 ram, 1024MB), min(1/4 ram, 8GB))
+ # calculate 1/2 ram and cap to 1024MB
+ # calculate 1/4 ram and cap to 8192MB
+ # pick the max
+ half_system_memory_in_mb=`expr $system_memory_in_mb / 2`
+ quarter_system_memory_in_mb=`expr $half_system_memory_in_mb / 2`
+ if [ "$half_system_memory_in_mb" -gt "1024" ]
+ then
+ half_system_memory_in_mb="1024"
+ fi
+ if [ "$quarter_system_memory_in_mb" -gt "8192" ]
+ then
+ quarter_system_memory_in_mb="8192"
+ fi
+ if [ "$half_system_memory_in_mb" -gt "$quarter_system_memory_in_mb" ]
+ then
+ max_heap_size_in_mb="$half_system_memory_in_mb"
+ else
+ max_heap_size_in_mb="$quarter_system_memory_in_mb"
+ fi
+ MAX_HEAP_SIZE="${max_heap_size_in_mb}M"
+
+ # Young gen: min(max_sensible_per_modern_cpu_core * num_cores, 1/4 * heap size)
+ max_sensible_yg_per_core_in_mb="100"
+ max_sensible_yg_in_mb=`expr $max_sensible_yg_per_core_in_mb "*" $system_cpu_cores`
+
+ desired_yg_in_mb=`expr $max_heap_size_in_mb / 4`
+
+ if [ "$desired_yg_in_mb" -gt "$max_sensible_yg_in_mb" ]
+ then
+ HEAP_NEWSIZE="${max_sensible_yg_in_mb}M"
+ else
+ HEAP_NEWSIZE="${desired_yg_in_mb}M"
+ fi
+}
+
+# Determine the sort of JVM we'll be running on.
+
+java_ver_output=`"${JAVA:-java}" -version 2>&1`
+
+jvmver=`echo "$java_ver_output" | awk -F'"' 'NR==1 {print $2}'`
+JVM_VERSION=${jvmver%_*}
+JVM_PATCH_VERSION=${jvmver#*_}
+
+jvm=`echo "$java_ver_output" | awk 'NR==2 {print $1}'`
+case "$jvm" in
+ OpenJDK)
+ JVM_VENDOR=OpenJDK
+ # this will be "64-Bit" or "32-Bit"
+ JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $2}'`
+ ;;
+ "Java(TM)")
+ JVM_VENDOR=Oracle
+ # this will be "64-Bit" or "32-Bit"
+ JVM_ARCH=`echo "$java_ver_output" | awk 'NR==3 {print $3}'`
+ ;;
+ *)
+ # Help fill in other JVM values
+ JVM_VENDOR=other
+ JVM_ARCH=unknown
+ ;;
+esac
+
+
+# Override these to set the amount of memory to allocate to the JVM at
+# start-up. For production use you may wish to adjust this for your
+# environment. MAX_HEAP_SIZE is the total amount of memory dedicated
+# to the Java heap; HEAP_NEWSIZE refers to the size of the young
+# generation. Both MAX_HEAP_SIZE and HEAP_NEWSIZE should be either set
+# or not (if you set one, set the other).
+#
+# The main trade-off for the young generation is that the larger it
+# is, the longer GC pause times will be. The shorter it is, the more
+# expensive GC will be (usually).
+#
+# The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause
+# times. If in doubt, and if you do not particularly want to tweak, go with
+# 100 MB per physical CPU core.
+
+#MAX_HEAP_SIZE="4G"
+#HEAP_NEWSIZE="800M"
+
+if [ "x$MAX_HEAP_SIZE" = "x" ] && [ "x$HEAP_NEWSIZE" = "x" ]; then
+ calculate_heap_sizes
+else
+ if [ "x$MAX_HEAP_SIZE" = "x" ] || [ "x$HEAP_NEWSIZE" = "x" ]; then
+ echo "please set or unset MAX_HEAP_SIZE and HEAP_NEWSIZE in pairs (see cassandra-env.sh)"
+ exit 1
+ fi
+fi
+
+# Specifies the default port over which Cassandra will be available for
+# JMX connections.
+JMX_PORT="7199"
+
+
+# Here we create the arguments that will get passed to the jvm when
+# starting cassandra.
+
+# enable assertions. disabling this in production will give a modest
+# performance benefit (around 5%).
+JVM_OPTS="$JVM_OPTS -ea"
+
+# add the jamm javaagent
+if [ "$JVM_VENDOR" != "OpenJDK" -o "$JVM_VERSION" \> "1.6.0" ] \
+ || [ "$JVM_VERSION" = "1.6.0" -a "$JVM_PATCH_VERSION" -ge 23 ]
+then
+ JVM_OPTS="$JVM_OPTS -javaagent:$CASSANDRA_HOME/lib/jamm-0.2.5.jar"
+fi
+
+# enable thread priorities, primarily so we can give periodic tasks
+# a lower priority to avoid interfering with client workload
+JVM_OPTS="$JVM_OPTS -XX:+UseThreadPriorities"
+# allows lowering thread priority without being root. see
+# http://tech.stolsvik.com/2010/01/linux-java-thread-priorities-workaround.html
+JVM_OPTS="$JVM_OPTS -XX:ThreadPriorityPolicy=42"
+
+# min and max heap sizes should be set to the same value to avoid
+# stop-the-world GC pauses during resize, and so that we can lock the
+# heap in memory on startup to prevent any of it from being swapped
+# out.
+JVM_OPTS="$JVM_OPTS -Xms${MAX_HEAP_SIZE}"
+JVM_OPTS="$JVM_OPTS -Xmx${MAX_HEAP_SIZE}"
+JVM_OPTS="$JVM_OPTS -Xmn${HEAP_NEWSIZE}"
+JVM_OPTS="$JVM_OPTS -XX:+HeapDumpOnOutOfMemoryError"
+
+# set jvm HeapDumpPath with CASSANDRA_HEAPDUMP_DIR
+if [ "x$CASSANDRA_HEAPDUMP_DIR" != "x" ]; then
+ JVM_OPTS="$JVM_OPTS -XX:HeapDumpPath=$CASSANDRA_HEAPDUMP_DIR/cassandra-`date +%s`-pid$$.hprof"
+fi
+
+
+startswith() { [ "${1#$2}" != "$1" ]; }
+
+if [ "`uname`" = "Linux" ] ; then
+ # reduce the per-thread stack size to minimize the impact of Thrift
+ # thread-per-client. (Best practice is for client connections to
+ # be pooled anyway.) Only do so on Linux where it is known to be
+ # supported.
+ # u34 and greater need 180k
+ JVM_OPTS="$JVM_OPTS -Xss512k"
+fi
+echo "xss = $JVM_OPTS"
+
+# GC tuning options
+JVM_OPTS="$JVM_OPTS -XX:+UseParNewGC"
+JVM_OPTS="$JVM_OPTS -XX:+UseConcMarkSweepGC"
+JVM_OPTS="$JVM_OPTS -XX:+CMSParallelRemarkEnabled"
+JVM_OPTS="$JVM_OPTS -XX:SurvivorRatio=8"
+JVM_OPTS="$JVM_OPTS -XX:MaxTenuringThreshold=1"
+JVM_OPTS="$JVM_OPTS -XX:CMSInitiatingOccupancyFraction=75"
+JVM_OPTS="$JVM_OPTS -XX:+UseCMSInitiatingOccupancyOnly"
+JVM_OPTS="$JVM_OPTS -XX:+UseTLAB"
+# note: bash evals '1.7.x' as > '1.7' so this is really a >= 1.7 jvm check
+if [ "$JVM_VERSION" \> "1.7" ] ; then
+ JVM_OPTS="$JVM_OPTS -XX:+UseCondCardMark"
+fi
+
+# GC logging options -- uncomment to enable
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCDetails"
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCDateStamps"
+JVM_OPTS="$JVM_OPTS -XX:+PrintHeapAtGC"
+JVM_OPTS="$JVM_OPTS -XX:+PrintTenuringDistribution"
+JVM_OPTS="$JVM_OPTS -XX:+PrintGCApplicationStoppedTime"
+JVM_OPTS="$JVM_OPTS -XX:+PrintPromotionFailure"
+JVM_OPTS="$JVM_OPTS -XX:PrintFLSStatistics=1"
+JVM_OPTS="$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log"
+# If you are using JDK 6u34 7u2 or later you can enable GC log rotation
+# don't stick the date in the log name if rotation is on.
+# JVM_OPTS="$JVM_OPTS -Xloggc:/var/log/cassandra/gc.log"
+# JVM_OPTS="$JVM_OPTS -XX:+UseGCLogFileRotation"
+# JVM_OPTS="$JVM_OPTS -XX:NumberOfGCLogFiles=10"
+# JVM_OPTS="$JVM_OPTS -XX:GCLogFileSize=10M"
+
+# uncomment to have Cassandra JVM listen for remote debuggers/profilers on port 1414
+# JVM_OPTS="$JVM_OPTS -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=1414"
+
+# Prefer binding to IPv4 network intefaces (when net.ipv6.bindv6only=1). See
+# http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6342561 (short version:
+# comment out this entry to enable IPv6 support).
+JVM_OPTS="$JVM_OPTS -Djava.net.preferIPv4Stack=true"
+
+# jmx: metrics and administration interface
+#
+# add this if you're having trouble connecting:
+# JVM_OPTS="$JVM_OPTS -Djava.rmi.server.hostname=<public name>"
+#
+# see
+# https://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
+# for more on configuring JMX through firewalls, etc. (Short version:
+# get it working with no firewall first.)
+JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.port=$JMX_PORT"
+JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.ssl=false"
+JVM_OPTS="$JVM_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
+JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS"
diff --git a/opencontrail/files/cassandra.yaml.1 b/opencontrail/files/cassandra.yaml.1
new file mode 100644
index 0000000..b41fee8
--- /dev/null
+++ b/opencontrail/files/cassandra.yaml.1
@@ -0,0 +1,705 @@
+{% from "opencontrail/map.jinja" import database with context %}
+# Cassandra storage config YAML
+
+# NOTE:
+# See http://wiki.apache.org/cassandra/StorageConfiguration for
+# full explanations of configuration directives
+# /NOTE
+
+# The name of the cluster. This is mainly used to prevent machines in
+# one logical cluster from joining another.
+cluster_name: '{{ database.name }}'
+
+# This defines the number of tokens randomly assigned to this node on the ring
+# The more tokens, relative to other nodes, the larger the proportion of data
+# that this node will store. You probably want all nodes to have the same number
+# of tokens assuming they have equal hardware capability.
+#
+# If you leave this unspecified, Cassandra will use the default of 1 token for legacy compatibility,
+# and will use the initial_token as described below.
+#
+# Specifying initial_token will override this setting.
+#
+# If you already have a cluster with 1 token per node, and wish to migrate to
+# multiple tokens per node, see http://wiki.apache.org/cassandra/Operations
+num_tokens: 256
+
+# If you haven't specified num_tokens, or have set it to the default of 1 then
+# you should always specify InitialToken when setting up a production
+# cluster for the first time, and often when adding capacity later.
+# The principle is that each node should be given an equal slice of
+# the token ring; see http://wiki.apache.org/cassandra/Operations
+# for more details.
+#
+# If blank, Cassandra will request a token bisecting the range of
+# the heaviest-loaded existing node. If there is no load information
+# available, such as is the case with a new cluster, it will pick
+# a random token, which will lead to hot spots.
+# initial_token:
+
+# See http://wiki.apache.org/cassandra/HintedHandoff
+hinted_handoff_enabled: true
+# this defines the maximum amount of time a dead host will have hints
+# generated. After it has been dead this long, new hints for it will not be
+# created until it has been seen alive and gone down again.
+max_hint_window_in_ms: 10800000 # 3 hours
+# Maximum throttle in KBs per second, per delivery thread. This will be
+# reduced proportionally to the number of nodes in the cluster. (If there
+# are two nodes in the cluster, each delivery thread will use the maximum
+# rate; if there are three, each will throttle to half of the maximum,
+# since we expect two nodes to be delivering hints simultaneously.)
+hinted_handoff_throttle_in_kb: 1024
+# Number of threads with which to deliver hints;
+# Consider increasing this number when you have multi-dc deployments, since
+# cross-dc handoff tends to be slower
+max_hints_delivery_threads: 2
+
+# The following setting populates the page cache on memtable flush and compaction
+# WARNING: Enable this setting only when the whole node's data fits in memory.
+# Defaults to: false
+# populate_io_cache_on_flush: false
+
+# Authentication backend, implementing IAuthenticator; used to identify users
+# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthenticator,
+# PasswordAuthenticator}.
+#
+# - AllowAllAuthenticator performs no checks - set it to disable authentication.
+# - PasswordAuthenticator relies on username/password pairs to authenticate
+# users. It keeps usernames and hashed passwords in system_auth.credentials table.
+# Please increase system_auth keyspace replication factor if you use this authenticator.
+authenticator: AllowAllAuthenticator
+
+# Authorization backend, implementing IAuthorizer; used to limit access/provide permissions
+# Out of the box, Cassandra provides org.apache.cassandra.auth.{AllowAllAuthorizer,
+# CassandraAuthorizer}.
+#
+# - AllowAllAuthorizer allows any action to any user - set it to disable authorization.
+# - CassandraAuthorizer stores permissions in system_auth.permissions table. Please
+# increase system_auth keyspace replication factor if you use this authorizer.
+authorizer: AllowAllAuthorizer
+
+# Validity period for permissions cache (fetching permissions can be an
+# expensive operation depending on the authorizer, CassandraAuthorizer is
+# one example). Defaults to 2000, set to 0 to disable.
+# Will be disabled automatically for AllowAllAuthorizer.
+permissions_validity_in_ms: 2000
+
+# The partitioner is responsible for distributing rows (by key) across
+# nodes in the cluster. Any IPartitioner may be used, including your
+# own as long as it is on the classpath. Out of the box, Cassandra
+# provides org.apache.cassandra.dht.{Murmur3Partitioner, RandomPartitioner
+# ByteOrderedPartitioner, OrderPreservingPartitioner (deprecated)}.
+#
+# - RandomPartitioner distributes rows across the cluster evenly by md5.
+# This is the default prior to 1.2 and is retained for compatibility.
+# - Murmur3Partitioner is similar to RandomPartioner but uses Murmur3_128
+# Hash Function instead of md5. When in doubt, this is the best option.
+# - ByteOrderedPartitioner orders rows lexically by key bytes. BOP allows
+# scanning rows in key order, but the ordering can generate hot spots
+# for sequential insertion workloads.
+# - OrderPreservingPartitioner is an obsolete form of BOP, that stores
+# - keys in a less-efficient format and only works with keys that are
+# UTF8-encoded Strings.
+# - CollatingOPP collates according to EN,US rules rather than lexical byte
+# ordering. Use this as an example if you need custom collation.
+#
+# See http://wiki.apache.org/cassandra/Operations for more on
+# partitioners and token selection.
+partitioner: org.apache.cassandra.dht.Murmur3Partitioner
+
+# Directories where Cassandra should store data on disk. Cassandra
+# will spread data evenly across them, subject to the granularity of
+# the configured compaction strategy.
+data_file_directories:
+ - /home/cassandra/data
+
+# commit log
+commitlog_directory: /home/cassandra/commitlog
+
+# policy for data disk failures:
+# stop: shut down gossip and Thrift, leaving the node effectively dead, but
+# can still be inspected via JMX.
+# best_effort: stop using the failed disk and respond to requests based on
+# remaining available sstables. This means you WILL see obsolete
+# data at CL.ONE!
+# ignore: ignore fatal errors and let requests fail, as in pre-1.2 Cassandra
+disk_failure_policy: stop
+
+# Maximum size of the key cache in memory.
+#
+# Each key cache hit saves 1 seek and each row cache hit saves 2 seeks at the
+# minimum, sometimes more. The key cache is fairly tiny for the amount of
+# time it saves, so it's worthwhile to use it at large numbers.
+# The row cache saves even more time, but must contain the entire row,
+# so it is extremely space-intensive. It's best to only use the
+# row cache if you have hot rows or static rows.
+#
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is empty to make it "auto" (min(5% of Heap (in MB), 100MB)). Set to 0 to disable key cache.
+key_cache_size_in_mb:
+
+# Duration in seconds after which Cassandra should
+# save the key cache. Caches are saved to saved_caches_directory as
+# specified in this configuration file.
+#
+# Saved caches greatly improve cold-start speeds, and is relatively cheap in
+# terms of I/O for the key cache. Row cache saving is much more expensive and
+# has limited use.
+#
+# Default is 14400 or 4 hours.
+key_cache_save_period: 14400
+
+# Number of keys from the key cache to save
+# Disabled by default, meaning all keys are going to be saved
+# key_cache_keys_to_save: 100
+
+# Maximum size of the row cache in memory.
+# NOTE: if you reduce the size, you may not get you hottest keys loaded on startup.
+#
+# Default value is 0, to disable row caching.
+row_cache_size_in_mb: 0
+
+# Duration in seconds after which Cassandra should
+# safe the row cache. Caches are saved to saved_caches_directory as specified
+# in this configuration file.
+#
+# Saved caches greatly improve cold-start speeds, and is relatively cheap in
+# terms of I/O for the key cache. Row cache saving is much more expensive and
+# has limited use.
+#
+# Default is 0 to disable saving the row cache.
+row_cache_save_period: 0
+
+# Number of keys from the row cache to save
+# Disabled by default, meaning all keys are going to be saved
+# row_cache_keys_to_save: 100
+
+# The provider for the row cache to use.
+#
+# Supported values are: ConcurrentLinkedHashCacheProvider, SerializingCacheProvider
+#
+# SerializingCacheProvider serialises the contents of the row and stores
+# it in native memory, i.e., off the JVM Heap. Serialized rows take
+# significantly less memory than "live" rows in the JVM, so you can cache
+# more rows in a given memory footprint. And storing the cache off-heap
+# means you can use smaller heap sizes, reducing the impact of GC pauses.
+# Note however that when a row is requested from the row cache, it must be
+# deserialized into the heap for use.
+#
+# It is also valid to specify the fully-qualified class name to a class
+# that implements org.apache.cassandra.cache.IRowCacheProvider.
+#
+# Defaults to SerializingCacheProvider
+row_cache_provider: SerializingCacheProvider
+
+# saved caches
+saved_caches_directory: /home/cassandra/saved_caches
+
+# commitlog_sync may be either "periodic" or "batch."
+# When in batch mode, Cassandra won't ack writes until the commit log
+# has been fsynced to disk. It will wait up to
+# commitlog_sync_batch_window_in_ms milliseconds for other writes, before
+# performing the sync.
+#
+# commitlog_sync: batch
+# commitlog_sync_batch_window_in_ms: 50
+#
+# the other option is "periodic" where writes may be acked immediately
+# and the CommitLog is simply synced every commitlog_sync_period_in_ms
+# milliseconds. By default this allows 1024*(CPU cores) pending
+# entries on the commitlog queue. If you are writing very large blobs,
+# you should reduce that; 16*cores works reasonably well for 1MB blobs.
+# It should be at least as large as the concurrent_writes setting.
+commitlog_sync: periodic
+commitlog_sync_period_in_ms: 10000
+# commitlog_periodic_queue_size:
+
+# The size of the individual commitlog file segments. A commitlog
+# segment may be archived, deleted, or recycled once all the data
+# in it (potentially from each columnfamily in the system) has been
+# flushed to sstables.
+#
+# The default size is 32, which is almost always fine, but if you are
+# archiving commitlog segments (see commitlog_archiving.properties),
+# then you probably want a finer granularity of archiving; 8 or 16 MB
+# is reasonable.
+commitlog_segment_size_in_mb: 32
+
+# any class that implements the SeedProvider interface and has a
+# constructor that takes a Map<String, String> of parameters will do.
+seed_provider:
+ # Addresses of hosts that are deemed contact points.
+ # Cassandra nodes use this list of hosts to find each other and learn
+ # the topology of the ring. You must change this if you are running
+ # multiple nodes!
+ - class_name: org.apache.cassandra.locator.SimpleSeedProvider
+ parameters:
+ # seeds is actually a comma-delimited list of addresses.
+ # Ex: "<ip1>,<ip2>,<ip3>"
+ - seeds: "{%- for member in database.members %}{{ member.host }},{%- endfor %}"
+
+# emergency pressure valve: each time heap usage after a full (CMS)
+# garbage collection is above this fraction of the max, Cassandra will
+# flush the largest memtables.
+#
+# Set to 1.0 to disable. Setting this lower than
+# CMSInitiatingOccupancyFraction is not likely to be useful.
+#
+# RELYING ON THIS AS YOUR PRIMARY TUNING MECHANISM WILL WORK POORLY:
+# it is most effective under light to moderate load, or read-heavy
+# workloads; under truly massive write load, it will often be too
+# little, too late.
+flush_largest_memtables_at: 0.75
+
+# emergency pressure valve #2: the first time heap usage after a full
+# (CMS) garbage collection is above this fraction of the max,
+# Cassandra will reduce cache maximum _capacity_ to the given fraction
+# of the current _size_. Should usually be set substantially above
+# flush_largest_memtables_at, since that will have less long-term
+# impact on the system.
+#
+# Set to 1.0 to disable. Setting this lower than
+# CMSInitiatingOccupancyFraction is not likely to be useful.
+reduce_cache_sizes_at: 0.85
+reduce_cache_capacity_to: 0.6
+
+# For workloads with more data than can fit in memory, Cassandra's
+# bottleneck will be reads that need to fetch data from
+# disk. "concurrent_reads" should be set to (16 * number_of_drives) in
+# order to allow the operations to enqueue low enough in the stack
+# that the OS and drives can reorder them.
+#
+# On the other hand, since writes are almost never IO bound, the ideal
+# number of "concurrent_writes" is dependent on the number of cores in
+# your system; (8 * number_of_cores) is a good rule of thumb.
+concurrent_reads: 32
+concurrent_writes: 32
+
+# Total memory to use for memtables. Cassandra will flush the largest
+# memtable when this much memory is used.
+# If omitted, Cassandra will set it to 1/3 of the heap.
+# memtable_total_space_in_mb: 2048
+
+# Total space to use for commitlogs. Since commitlog segments are
+# mmapped, and hence use up address space, the default size is 32
+# on 32-bit JVMs, and 1024 on 64-bit JVMs.
+#
+# If space gets above this value (it will round up to the next nearest
+# segment multiple), Cassandra will flush every dirty CF in the oldest
+# segment and remove it. So a small total commitlog space will tend
+# to cause more flush activity on less-active columnfamilies.
+# commitlog_total_space_in_mb: 4096
+
+# This sets the amount of memtable flush writer threads. These will
+# be blocked by disk io, and each one will hold a memtable in memory
+# while blocked. If you have a large heap and many data directories,
+# you can increase this value for better flush performance.
+# By default this will be set to the amount of data directories defined.
+#memtable_flush_writers: 1
+
+# the number of full memtables to allow pending flush, that is,
+# waiting for a writer thread. At a minimum, this should be set to
+# the maximum number of secondary indexes created on a single CF.
+memtable_flush_queue_size: 4
+
+# Whether to, when doing sequential writing, fsync() at intervals in
+# order to force the operating system to flush the dirty
+# buffers. Enable this to avoid sudden dirty buffer flushing from
+# impacting read latencies. Almost always a good idea on SSDs; not
+# necessarily on platters.
+trickle_fsync: false
+trickle_fsync_interval_in_kb: 10240
+
+# TCP port, for commands and data
+storage_port: 7000
+
+# SSL port, for encrypted communication. Unused unless enabled in
+# encryption_options
+ssl_storage_port: 7001
+
+# Address to bind to and tell other Cassandra nodes to connect to. You
+# _must_ change this if you want multiple nodes to be able to
+# communicate!
+#
+# Leaving it blank leaves it up to InetAddress.getLocalHost(). This
+# will always do the Right Thing _if_ the node is properly configured
+# (hostname, name resolution, etc), and the Right Thing is to use the
+# address associated with the hostname (it might not be).
+#
+# Setting this to 0.0.0.0 is always wrong.
+listen_address: {{ database.bind.host }}
+
+# Address to broadcast to other Cassandra nodes
+# Leaving this blank will set it to the same value as listen_address
+# broadcast_address: 1.2.3.4
+
+# Internode authentication backend, implementing IInternodeAuthenticator;
+# used to allow/disallow connections from peer nodes.
+# internode_authenticator: org.apache.cassandra.auth.AllowAllInternodeAuthenticator
+
+# Whether to start the native transport server.
+# Please note that the address on which the native transport is bound is the
+# same as the rpc_address. The port however is different and specified below.
+start_native_transport: true
+# port for the CQL native transport to listen for clients on
+native_transport_port: 9042
+# The minimum and maximum threads for handling requests when the native
+# transport is used. They are similar to rpc_min_threads and rpc_max_threads,
+# though the defaults differ slightly.
+# NOTE: native_transport_min_threads is now deprecated and ignored (but kept
+# in the 1.2.x series for compatibility sake).
+# native_transport_min_threads: 16
+# native_transport_max_threads: 128
+
+# Whether to start the thrift rpc server.
+start_rpc: true
+
+# The address to bind the Thrift RPC service and native transport
+# server -- clients connect here.
+#
+# Leaving this blank has the same effect it does for ListenAddress,
+# (i.e. it will be based on the configured hostname of the node).
+#
+# Note that unlike ListenAddress above, it is allowed to specify 0.0.0.0
+# here if you want to listen on all interfaces, but that will break clients
+# that rely on node auto-discovery.
+rpc_address: {{ database.bind.host }}
+# port for Thrift to listen for clients on
+rpc_port: {{ database.bind.rpc_port }}
+
+# enable or disable keepalive on rpc connections
+rpc_keepalive: true
+
+# Cassandra provides three out-of-the-box options for the RPC Server:
+#
+# sync -> One thread per thrift connection. For a very large number of clients, memory
+# will be your limiting factor. On a 64 bit JVM, 180KB is the minimum stack size
+# per thread, and that will correspond to your use of virtual memory (but physical memory
+# may be limited depending on use of stack space).
+#
+# hsha -> Stands for "half synchronous, half asynchronous." All thrift clients are handled
+# asynchronously using a small number of threads that does not vary with the amount
+# of thrift clients (and thus scales well to many clients). The rpc requests are still
+# synchronous (one thread per active request).
+#
+# The default is sync because on Windows hsha is about 30% slower. On Linux,
+# sync/hsha performance is about the same, with hsha of course using less memory.
+#
+# Alternatively, can provide your own RPC server by providing the fully-qualified class name
+# of an o.a.c.t.TServerFactory that can create an instance of it.
+rpc_server_type: sync
+
+# Uncomment rpc_min|max_thread to set request pool size limits.
+#
+# Regardless of your choice of RPC server (see above), the number of maximum requests in the
+# RPC thread pool dictates how many concurrent requests are possible (but if you are using the sync
+# RPC server, it also dictates the number of clients that can be connected at all).
+#
+# The default is unlimited and thus provides no protection against clients overwhelming the server. You are
+# encouraged to set a maximum that makes sense for you in production, but do keep in mind that
+# rpc_max_threads represents the maximum number of client requests this server may execute concurrently.
+#
+# rpc_min_threads: 16
+# rpc_max_threads: 2048
+
+# uncomment to set socket buffer sizes on rpc connections
+# rpc_send_buff_size_in_bytes:
+# rpc_recv_buff_size_in_bytes:
+
+# Uncomment to set socket buffer size for internode communication
+# Note that when setting this, the buffer size is limited by net.core.wmem_max
+# and when not setting it it is defined by net.ipv4.tcp_wmem
+# See:
+# /proc/sys/net/core/wmem_max
+# /proc/sys/net/core/rmem_max
+# /proc/sys/net/ipv4/tcp_wmem
+# /proc/sys/net/ipv4/tcp_wmem
+# and: man tcp
+# internode_send_buff_size_in_bytes:
+# internode_recv_buff_size_in_bytes:
+
+# Frame size for thrift (maximum message length).
+thrift_framed_transport_size_in_mb: 15
+
+# Set to true to have Cassandra create a hard link to each sstable
+# flushed or streamed locally in a backups/ subdirectory of the
+# keyspace data. Removing these links is the operator's
+# responsibility.
+incremental_backups: false
+
+# Whether or not to take a snapshot before each compaction. Be
+# careful using this option, since Cassandra won't clean up the
+# snapshots for you. Mostly useful if you're paranoid when there
+# is a data format change.
+snapshot_before_compaction: false
+
+# Whether or not a snapshot is taken of the data before keyspace truncation
+# or dropping of column families. The STRONGLY advised default of true
+# should be used to provide data safety. If you set this flag to false, you will
+# lose data on truncation or drop.
+auto_snapshot: true
+
+# Log a debug message if more than this many tombstones are scanned
+# in a single-partition query. Set the threshold on SliceQueryFilter
+# to debug to enable.
+tombstone_debug_threshold: 10000
+
+# Add column indexes to a row after its contents reach this size.
+# Increase if your column values are large, or if you have a very large
+# number of columns. The competing causes are, Cassandra has to
+# deserialize this much of the row to read a single column, so you want
+# it to be small - at least if you do many partial-row reads - but all
+# the index data is read for each access, so you don't want to generate
+# that wastefully either.
+column_index_size_in_kb: 64
+
+# Size limit for rows being compacted in memory. Larger rows will spill
+# over to disk and use a slower two-pass compaction process. A message
+# will be logged specifying the row key.
+in_memory_compaction_limit_in_mb: 64
+
+# Number of simultaneous compactions to allow, NOT including
+# validation "compactions" for anti-entropy repair. Simultaneous
+# compactions can help preserve read performance in a mixed read/write
+# workload, by mitigating the tendency of small sstables to accumulate
+# during a single long running compactions. The default is usually
+# fine and if you experience problems with compaction running too
+# slowly or too fast, you should look at
+# compaction_throughput_mb_per_sec first.
+#
+# concurrent_compactors defaults to the number of cores.
+# Uncomment to make compaction mono-threaded, the pre-0.8 default.
+#concurrent_compactors: 1
+
+# Multi-threaded compaction. When enabled, each compaction will use
+# up to one thread per core, plus one thread per sstable being merged.
+# This is usually only useful for SSD-based hardware: otherwise,
+# your concern is usually to get compaction to do LESS i/o (see:
+# compaction_throughput_mb_per_sec), not more.
+multithreaded_compaction: false
+
+# Throttles compaction to the given total throughput across the entire
+# system. The faster you insert data, the faster you need to compact in
+# order to keep the sstable count down, but in general, setting this to
+# 16 to 32 times the rate you are inserting data is more than sufficient.
+# Setting this to 0 disables throttling. Note that this account for all types
+# of compaction, including validation compaction.
+compaction_throughput_mb_per_sec: 16
+
+# Track cached row keys during compaction, and re-cache their new
+# positions in the compacted sstable. Disable if you use really large
+# key caches.
+compaction_preheat_key_cache: true
+
+# Throttles all outbound streaming file transfers on this node to the
+# given total throughput in Mbps. This is necessary because Cassandra does
+# mostly sequential IO when streaming data during bootstrap or repair, which
+# can lead to saturating the network connection and degrading rpc performance.
+# When unset, the default is 200 Mbps or 25 MB/s.
+# stream_throughput_outbound_megabits_per_sec: 200
+
+# How long the coordinator should wait for read operations to complete
+read_request_timeout_in_ms: 10000
+# How long the coordinator should wait for seq or index scans to complete
+range_request_timeout_in_ms: 10000
+# How long the coordinator should wait for writes to complete
+write_request_timeout_in_ms: 10000
+# How long the coordinator should wait for truncates to complete
+# (This can be much longer, because unless auto_snapshot is disabled
+# we need to flush first so we can snapshot before removing the data.)
+truncate_request_timeout_in_ms: 60000
+# The default timeout for other, miscellaneous operations
+request_timeout_in_ms: 10000
+
+# Enable operation timeout information exchange between nodes to accurately
+# measure request timeouts, If disabled cassandra will assuming the request
+# was forwarded to the replica instantly by the coordinator
+#
+# Warning: before enabling this property make sure to ntp is installed
+# and the times are synchronized between the nodes.
+cross_node_timeout: false
+
+# Enable socket timeout for streaming operation.
+# When a timeout occurs during streaming, streaming is retried from the start
+# of the current file. This _can_ involve re-streaming an important amount of
+# data, so you should avoid setting the value too low.
+# Default value is 0, which never timeout streams.
+# streaming_socket_timeout_in_ms: 0
+
+# phi value that must be reached for a host to be marked down.
+# most users should never need to adjust this.
+# phi_convict_threshold: 8
+
+# endpoint_snitch -- Set this to a class that implements
+# IEndpointSnitch. The snitch has two functions:
+# - it teaches Cassandra enough about your network topology to route
+# requests efficiently
+# - it allows Cassandra to spread replicas around your cluster to avoid
+# correlated failures. It does this by grouping machines into
+# "datacenters" and "racks." Cassandra will do its best not to have
+# more than one replica on the same "rack" (which may not actually
+# be a physical location)
+#
+# IF YOU CHANGE THE SNITCH AFTER DATA IS INSERTED INTO THE CLUSTER,
+# YOU MUST RUN A FULL REPAIR, SINCE THE SNITCH AFFECTS WHERE REPLICAS
+# ARE PLACED.
+#
+# Out of the box, Cassandra provides
+# - SimpleSnitch:
+# Treats Strategy order as proximity. This improves cache locality
+# when disabling read repair, which can further improve throughput.
+# Only appropriate for single-datacenter deployments.
+# - PropertyFileSnitch:
+# Proximity is determined by rack and data center, which are
+# explicitly configured in cassandra-topology.properties.
+# - GossipingPropertyFileSnitch
+# The rack and datacenter for the local node are defined in
+# cassandra-rackdc.properties and propagated to other nodes via gossip. If
+# cassandra-topology.properties exists, it is used as a fallback, allowing
+# migration from the PropertyFileSnitch.
+# - RackInferringSnitch:
+# Proximity is determined by rack and data center, which are
+# assumed to correspond to the 3rd and 2nd octet of each node's
+# IP address, respectively. Unless this happens to match your
+# deployment conventions (as it did Facebook's), this is best used
+# as an example of writing a custom Snitch class.
+# - Ec2Snitch:
+# Appropriate for EC2 deployments in a single Region. Loads Region
+# and Availability Zone information from the EC2 API. The Region is
+# treated as the datacenter, and the Availability Zone as the rack.
+# Only private IPs are used, so this will not work across multiple
+# Regions.
+# - Ec2MultiRegionSnitch:
+# Uses public IPs as broadcast_address to allow cross-region
+# connectivity. (Thus, you should set seed addresses to the public
+# IP as well.) You will need to open the storage_port or
+# ssl_storage_port on the public IP firewall. (For intra-Region
+# traffic, Cassandra will switch to the private IP after
+# establishing a connection.)
+#
+# You can use a custom Snitch by setting this to the full class name
+# of the snitch, which will be assumed to be on your classpath.
+endpoint_snitch: SimpleSnitch
+
+# controls how often to perform the more expensive part of host score
+# calculation
+dynamic_snitch_update_interval_in_ms: 100
+# controls how often to reset all host scores, allowing a bad host to
+# possibly recover
+dynamic_snitch_reset_interval_in_ms: 600000
+# if set greater than zero and read_repair_chance is < 1.0, this will allow
+# 'pinning' of replicas to hosts in order to increase cache capacity.
+# The badness threshold will control how much worse the pinned host has to be
+# before the dynamic snitch will prefer other replicas over it. This is
+# expressed as a double which represents a percentage. Thus, a value of
+# 0.2 means Cassandra would continue to prefer the static snitch values
+# until the pinned host was 20% worse than the fastest.
+dynamic_snitch_badness_threshold: 0.1
+
+# request_scheduler -- Set this to a class that implements
+# RequestScheduler, which will schedule incoming client requests
+# according to the specific policy. This is useful for multi-tenancy
+# with a single Cassandra cluster.
+# NOTE: This is specifically for requests from the client and does
+# not affect inter node communication.
+# org.apache.cassandra.scheduler.NoScheduler - No scheduling takes place
+# org.apache.cassandra.scheduler.RoundRobinScheduler - Round robin of
+# client requests to a node with a separate queue for each
+# request_scheduler_id. The scheduler is further customized by
+# request_scheduler_options as described below.
+request_scheduler: org.apache.cassandra.scheduler.NoScheduler
+
+# Scheduler Options vary based on the type of scheduler
+# NoScheduler - Has no options
+# RoundRobin
+# - throttle_limit -- The throttle_limit is the number of in-flight
+# requests per client. Requests beyond
+# that limit are queued up until
+# running requests can complete.
+# The value of 80 here is twice the number of
+# concurrent_reads + concurrent_writes.
+# - default_weight -- default_weight is optional and allows for
+# overriding the default which is 1.
+# - weights -- Weights are optional and will default to 1 or the
+# overridden default_weight. The weight translates into how
+# many requests are handled during each turn of the
+# RoundRobin, based on the scheduler id.
+#
+# request_scheduler_options:
+# throttle_limit: 80
+# default_weight: 5
+# weights:
+# Keyspace1: 1
+# Keyspace2: 5
+
+# request_scheduler_id -- An identifier based on which to perform
+# the request scheduling. Currently the only valid option is keyspace.
+# request_scheduler_id: keyspace
+
+# index_interval controls the sampling of entries from the primrary
+# row index in terms of space versus time. The larger the interval,
+# the smaller and less effective the sampling will be. In technicial
+# terms, the interval coresponds to the number of index entries that
+# are skipped between taking each sample. All the sampled entries
+# must fit in memory. Generally, a value between 128 and 512 here
+# coupled with a large key cache size on CFs results in the best trade
+# offs. This value is not often changed, however if you have many
+# very small rows (many to an OS page), then increasing this will
+# often lower memory usage without a impact on performance.
+index_interval: 128
+
+# Enable or disable inter-node encryption
+# Default settings are TLS v1, RSA 1024-bit keys (it is imperative that
+# users generate their own keys) TLS_RSA_WITH_AES_128_CBC_SHA as the cipher
+# suite for authentication, key exchange and encryption of the actual data transfers.
+# NOTE: No custom encryption options are enabled at the moment
+# The available internode options are : all, none, dc, rack
+#
+# If set to dc cassandra will encrypt the traffic between the DCs
+# If set to rack cassandra will encrypt the traffic between the racks
+#
+# The passwords used in these options must match the passwords used when generating
+# the keystore and truststore. For instructions on generating these files, see:
+# http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
+#
+server_encryption_options:
+ internode_encryption: none
+ keystore: conf/.keystore
+ keystore_password: cassandra
+ truststore: conf/.truststore
+ truststore_password: cassandra
+ # More advanced defaults below:
+ # protocol: TLS
+ # algorithm: SunX509
+ # store_type: JKS
+ # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
+ # require_client_auth: false
+
+# enable or disable client/server encryption.
+client_encryption_options:
+ enabled: false
+ keystore: conf/.keystore
+ keystore_password: cassandra
+ # require_client_auth: false
+ # Set trustore and truststore_password if require_client_auth is true
+ # truststore: conf/.truststore
+ # truststore_password: cassandra
+ # More advanced defaults below:
+ # protocol: TLS
+ # algorithm: SunX509
+ # store_type: JKS
+ # cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA]
+
+# internode_compression controls whether traffic between nodes is
+# compressed.
+# can be: all - all traffic is compressed
+# dc - traffic between different datacenters is compressed
+# none - nothing is compressed.
+internode_compression: all
+
+# Enable or disable tcp_nodelay for inter-dc communication.
+# Disabling it will result in larger (but fewer) network packets being sent,
+# reducing overhead from the TCP protocol itself, at the cost of increasing
+# latency if you block for cross-datacenter responses.
+inter_dc_tcp_nodelay: true
diff --git a/opencontrail/files/findns b/opencontrail/files/findns
new file mode 100644
index 0000000..567fec5
--- /dev/null
+++ b/opencontrail/files/findns
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+exit_usage() {
+ echo "Usage: $0 <address>"
+ exit 1
+}
+
+[ -z $1 ] && exit_usage
+
+WC=$(ip netns | wc -l)
+for ((i=1;i<$WC+1;i++))
+do
+ NAMESPACE=$(ip netns | sed -n "$i"p)
+ if [ `ip netns exec $NAMESPACE ip a | grep $1 | wc -l` -gt 0 ]
+ then
+ echo $NAMESPACE
+ fi
+done
\ No newline at end of file
diff --git a/opencontrail/files/sensu.conf b/opencontrail/files/sensu.conf
new file mode 100644
index 0000000..9c230d6
--- /dev/null
+++ b/opencontrail/files/sensu.conf
@@ -0,0 +1,48 @@
+local_system_cassandra_proc:
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -a '/usr/share/cassandra' -u root -c 1:1"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-database
+local_contrail_ifmap_proc:
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_procs -C ifmap-server -u contrail -c 1:1"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-config
+local_contrail_analytics:
+ command: "PATH=$PATH:/etc/sensu/plugins check_contrail_analytics.sh"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-collector
+local_contrail_database:
+ command: "PATH=$PATH:/etc/sensu/plugins check_contrail_database.sh"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-database
+local_contrail_config:
+ command: "PATH=$PATH:/etc/sensu/plugins check_contrail_config.sh"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-config
+local_contrail_control:
+ command: "PATH=$PATH:/etc/sensu/plugins check_contrail_control.sh"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-control
+local_contrail_vrouter:
+ command: "PATH=$PATH:/etc/sensu/plugins check_vrouter.sh"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-compute
+local_contrail_api:
+ command: "PATH=$PATH:/usr/lib64/nagios/plugins:/usr/lib/nagios/plugins check_http -H 0.0.0.0 -p 9100 -w 5 -c 10 -e 401"
+ interval: 60
+ occurrences: 1
+ subscribers:
+ - local-opencontrail-config
diff --git a/opencontrail/init.sls b/opencontrail/init.sls
new file mode 100644
index 0000000..eb0c60c
--- /dev/null
+++ b/opencontrail/init.sls
@@ -0,0 +1,26 @@
+
+include:
+{% if pillar.opencontrail.collector is defined %}
+- opencontrail.collector
+{% endif %}
+{% if pillar.opencontrail.compute is defined %}
+- opencontrail.compute
+{% endif %}
+{% if pillar.opencontrail.config is defined %}
+- opencontrail.config
+{% endif %}
+{% if pillar.opencontrail.control is defined %}
+- opencontrail.control
+{% endif %}
+{% if pillar.opencontrail.database is defined %}
+- opencontrail.database
+{% endif %}
+{% if pillar.opencontrail.web is defined %}
+- opencontrail.web
+{% endif %}
+{% if pillar.opencontrail.tor is defined %}
+- opencontrail.tor
+{% endif %}
+{% if pillar.opencontrail.common is defined %}
+- opencontrail.common
+{% endif %}
\ No newline at end of file
diff --git a/opencontrail/map.jinja b/opencontrail/map.jinja
new file mode 100644
index 0000000..0b1eb8d
--- /dev/null
+++ b/opencontrail/map.jinja
@@ -0,0 +1,85 @@
+
+{% set common = salt['grains.filter_by']({
+ 'Debian': {
+ 'source': {'engine': 'pkg', 'address': 'http://'},
+ 'pkgs': ['dpkg-dev','contrail-utils'],
+ },
+ 'RedHat': {
+ 'source': {'engine': 'pkg', 'address': 'http://'},
+ },
+}, merge=salt['pillar.get']('opencontrail:common')) %}
+
+{% set collector = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['contrail-analytics'],
+ 'services': ['supervisor-analytics','redis-server']
+ },
+ 'RedHat': {
+ 'pkgs': ['contrail-analytics'],
+ 'services': ['supervisor-analytics']
+ },
+}, merge=salt['pillar.get']('opencontrail:collector')) %}
+
+{% set compute = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['contrail-vrouter','contrail-vrouter-dkms', 'iproute2', 'haproxy','contrail-nova-driver'],
+ 'services': ['supervisor-vrouter']
+ },
+ 'RedHat': {
+ 'pkgs': ['contrail-vrouter'],
+ 'services': ['supervisor-vrouter']
+ },
+}, merge=salt['pillar.get']('opencontrail:compute')) %}
+
+{% set config = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['contrail-config-openstack','ifmap-server'],
+ 'services': ['zookeeper', 'supervisor-config']
+ },
+ 'RedHat': {
+ 'pkgs': ['contrail-config-openstack'],
+ 'services': ['zookeeper', 'supervisor-config']
+ },
+}, merge=salt['pillar.get']('opencontrail:config')) %}
+
+{% set control = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['contrail-control','contrail-dns'],
+ 'services': ['contrail-control', 'supervisor-control']
+ },
+ 'RedHat': {
+ 'pkgs': ['contrail-control'],
+ 'services': ['contrail-control', 'supervisor-control']
+ },
+}, merge=salt['pillar.get']('opencontrail:control')) %}
+
+{% set database = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['cassandra', 'zookeeper', 'supervisor', 'openjdk-7-jre-headless','contrail-database'],
+ 'services': ['supervisord-contrail-database','zookeeper']
+ },
+ 'RedHat': {
+ 'pkgs': ['cassandra', 'zookeeper', 'supervisor', 'openjdk-7-jre-headless'],
+ 'services': ['supervisord-contrail-database','zookeeper']
+ },
+}, merge=salt['pillar.get']('opencontrail:database')) %}
+
+{% set web = salt['grains.filter_by']({
+ 'Debian': {
+ 'pkgs': ['contrail-web-controller'],
+ 'services': ['contrail-webui-webserver','contrail-webui-jobserver']
+ },
+ 'RedHat': {
+ 'pkgs': ['contrail-web-controller'],
+ 'services': ['contrail-webui-webserver','contrail-webui-jobserver']
+ },
+}, merge=salt['pillar.get']('opencontrail:web')) %}
+
+{% set tor = salt['grains.filter_by']({
+ 'Debian': {
+ 'agents': 1,
+ 'bind': {
+ 'port': 8086
+ }
+ },
+}, merge=salt['pillar.get']('opencontrail:tor')) %}
\ No newline at end of file
diff --git a/opencontrail/tor.sls b/opencontrail/tor.sls
new file mode 100644
index 0000000..f425087
--- /dev/null
+++ b/opencontrail/tor.sls
@@ -0,0 +1,24 @@
+{%- from "opencontrail/map.jinja" import tor with context %}
+{%- if tor.enabled %}
+
+include:
+- opencontrail.common
+
+{% for number in range(tor.agents) %}
+
+/etc/contrail/contrail-tor-agent-{{ number }}.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ tor.version }}/contrail-tor-agent.conf
+ - template: jinja
+ - defaults:
+ number: {{ number }}
+
+/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ number }}.ini:
+ file.managed:
+ - source: salt://opencontrail/files/{{ tor.version }}/tor/contrail-tor-agent.ini
+ - template: jinja
+ - defaults:
+ number: {{ number }}
+
+{%- endfor %}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/web.sls b/opencontrail/web.sls
new file mode 100644
index 0000000..aad2251
--- /dev/null
+++ b/opencontrail/web.sls
@@ -0,0 +1,34 @@
+{%- from "opencontrail/map.jinja" import web with context %}
+{%- if web.enabled %}
+
+include:
+- opencontrail.common
+
+opencontrail_web_packages:
+ pkg.installed:
+ - names: {{ web.pkgs }}
+
+/etc/contrail/config.global.js:
+ file.managed:
+ - source: salt://opencontrail/files/{{ web.version }}/config.global.js
+ - template: jinja
+ - require:
+ - pkg: opencontrail_web_packages
+
+/etc/contrail/contrail-webui-userauth.js:
+ file.managed:
+ - source: salt://opencontrail/files/{{ web.version }}/contrail-webui-userauth.js
+ - template: jinja
+ - require:
+ - pkg: opencontrail_web_packages
+ - watch_in:
+ - service: opencontrail_web_services
+
+opencontrail_web_services:
+ service.running:
+ - enable: true
+ - names: {{ web.services }}
+ - watch:
+ - file: /etc/contrail/config.global.js
+
+{%- endif %}