Merge "Set correct permissions of redis_webui.conf files"
diff --git a/.kitchen.yml b/.kitchen.yml
index eac7c75..b5493f5 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -18,6 +18,7 @@
- name: linux
repo: git
source: https://github.com/salt-formulas/salt-formula-linux
+ branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
state_top:
base:
"*":
@@ -48,28 +49,16 @@
sudo: true
docker_images:
- - &trusty-20163 <%=ENV['IMAGE_TRUSTY_20163'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-trusty-salt-2016.3/salt:2018_11_19'%>
- &trusty-20177 <%=ENV['IMAGE_TRUSTY_20177'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-trusty-salt-2017.7/salt:2018_11_19'%>
- - &xenial-20163 <%=ENV['IMAGE_XENIAL_20163'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2016.3/salt:2018_11_19'%>
- &xenial-20177 <%=ENV['IMAGE_XENIAL_20177'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-2017.7/salt:2018_11_19'%>
- &xenial-stable <%=ENV['IMAGE_XENIAL_STABLE'] || 'docker-dev-local.docker.mirantis.net/epcim/salt/saltstack-ubuntu-xenial-salt-stable/salt:2018_11_19'%>
platforms:
- - name: trusty-2016.3
- driver_config:
- image: *trusty-20163
- platform: ubuntu
-
- name: trusty-2017.7
driver_config:
image: *trusty-20177
platform: ubuntu
- - name: xenial-2016.3
- driver_config:
- image: *xenial-20163
- platform: ubuntu
-
- name: xenial-2017.7
driver_config:
image: *xenial-20177
@@ -93,9 +82,8 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/single40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- - trusty-2016.3
- trusty-2017.7
- name: analytics3
@@ -110,9 +98,8 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/analytics40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- - trusty-2016.3
- trusty-2017.7
- name: control3
@@ -127,9 +114,8 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/control40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- - trusty-2016.3
- trusty-2017.7
- name: cluster3
@@ -144,9 +130,8 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/cluster40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- - trusty-2016.3
- trusty-2017.7
# - name: tor3
@@ -159,7 +144,7 @@
# provisioner:
# pillars-from-files:
# opencontrail.sls: tests/pillar/tor40.sls
- # linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ # linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
- name: vrouter3
provisioner:
@@ -167,7 +152,6 @@
opencontrail.sls: tests/pillar/vrouter3.sls
linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc323.sls
excludes:
- - trusty-2016.3
- trusty-2017.7
- name: vrouter40
@@ -176,9 +160,8 @@
init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/vrouter40.sls
- linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc40.sls
+ linux_repo_opencontrail.sls: tests/pillar/repo_opencontrail_oc41.sls
excludes:
- - trusty-2016.3
- trusty-2017.7
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/README.rst b/README.rst
index b936776..36034ca 100644
--- a/README.rst
+++ b/README.rst
@@ -56,6 +56,7 @@
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -93,6 +94,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -181,6 +183,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -205,6 +208,7 @@
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -250,6 +254,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -355,6 +360,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -375,6 +381,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -420,6 +427,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -497,6 +505,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -515,6 +524,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -589,6 +599,7 @@
version: 2.2
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/_modules/contrail.py b/_modules/contrail.py
index c9741e3..f36c4ce 100644
--- a/_modules/contrail.py
+++ b/_modules/contrail.py
@@ -73,7 +73,7 @@
use_ssl = False
auth_host = kwargs.get('auth_host_ip')
vnc_lib = vnc_api.VncApi(user, password, tenant_name,
- api_host, api_port, api_base_url, wait_for_connect=True,
+ api_host, api_port, api_base_url, wait_for_connect=False,
api_server_use_ssl=use_ssl, auth_host=auth_host)
return vnc_lib
@@ -116,13 +116,6 @@
return str(IPNetwork(ip_w_pfx).ip)
-def _create_floating_ip_pool(name, vn_obj, **kwargs):
- vnc_client = _auth(**kwargs)
- # create floating ip pool
- fip_obj = FloatingIpPool(name=name, parent_obj=vn_obj)
- vnc_client.floating_ip_pool_create(fip_obj)
-
-
def virtual_router_list(**kwargs):
'''
Return a list of all Contrail virtual routers
@@ -733,7 +726,11 @@
.. code-block:: bash
- salt '*' contrail.global_vrouter_config_create name=global-vrouter-config parent_type=global-system-config encap_priority="MPLSoUDP,MPLSoGRE" vxlan_vn_id_mode="automatic" fq_names="['default-global-system-config', 'default-global-vrouter-config']"
+ salt '*' contrail.global_vrouter_config_create \
+ name=global-vrouter-config parent_type=global-system-config \
+ encap_priority="MPLSoUDP,MPLSoGRE" vxlan_vn_id_mode="automatic" \
+ flow_export_rate=None \
+ fq_names="['default-global-system-config', 'default-global-vrouter-config']"
'''
ret = {'name': name,
'changes': {},
@@ -1561,33 +1558,39 @@
return ret
-def virtual_network_create(name, conf=None, **kwargs):
+def virtual_network_create(name, domain='default-domain', project='admin',
+ ipam_domain='default-domain',
+ ipam_project='default-project',
+ ipam_name='default-network-ipam',
+ router_external=None, route_target_list=None,
+ subnet_conf=None, vntype_conf=None, **kwargs):
'''
Create Contrail virtual network
CLI Example:
.. code-block:: bash
- salt '*' contrail.virtual_network_create name
- salt.cmdRun(pepperEnv, 'ntw01*', 'salt-call contrail.virtual_network_create
- "testicek" "{"external":"True","ip":"172.16.111.0","prefix":24,
- "asn":64512,"target":10000}" ')
+ salt -C 'I@opencontrail:control:role:primary'
+ contrail.virtual_network_create public router_external=True
+ route_target_list=["target:64512:10000"]
+ subnet_conf=["ip_prefix":"172.16.111.0","ip_prefix_len":24]
Parameters:
- name required - name of the new network
-
- conf (dict) optional:
- domain (string) optional - which domain use for vn creation
- project (string) optional - which project use for vn creation
- ipam_domain (string) optional - domain for ipam
- ipam_project (string) optional - project for ipam
- ipam_name (string) optional - ipam name
+ name (str): name of the network (required)
+ domain (str): name of domain (optional)
+ project (str): name of project (optional)
+ ipam_domain (str): domain for ipam (optional)
+ ipam_project (str): project for ipam (optional)
+ ipam_name (str): name of IP Address Management (optional)
+ router_external (bool): When true, this virtual network is openstack router
+ external network. (optional)
+ route_target_list (list): route target list - format is
+ ['target:<asn>:<target>']
+ subnet_conf (dict):
ip_prefix (string) optional - format is xxx.xxx.xxx.xxx
ip_prefix_len (int) optional - format is xx
- asn (int) optional - autonomus system number
- target (int) optional - route target number
- external (boolean) optional - set if network is external
-
+ vntype_conf (dict):
allow_transit (boolean) optional - enable allow transit
+ vxlan_network_identifier (int) - VxLAN VNI value for network
forwarding_mode (any of ['l2_l3','l2','l3']) optional
- packet forwarding mode for this virtual network
rpf (any of ['enabled','disabled']) optional
@@ -1596,112 +1599,164 @@
mirror_destination (boolean) optional
- Mark the vn as mirror destination network
'''
- if conf is None:
- conf = {}
-
- # check for domain, is missing set to default-domain
- if 'domain' in conf:
- vn_domain = str(conf['domain'])
- else:
- vn_domain = 'default-domain'
- # check for project, is missing set to admin
- if 'project' in conf:
- vn_project = str(conf['project'])
- else:
- vn_project = 'admin'
- # check for ipam domain,default is default-domain
- if 'ipam_domain' in conf:
- ipam_domain = str(conf['ipam_domain'])
- else:
- ipam_domain = 'default-domain'
- # check for ipam domain,default is default-domain
- if 'ipam_project' in conf:
- ipam_project = str(conf['ipam_project'])
- else:
- ipam_project = 'default-project'
-
- if 'ipam_name' in conf:
- ipam_name = conf['ipam_name']
- else:
- ipam_name = 'default-network-ipam'
-
ret = {'name': name,
'changes': {},
'result': True,
'comment': ''}
- # list of existing vn networks
- vn_networks = []
vnc_client = _auth(**kwargs)
- prj_obj = vnc_client.project_read(fq_name=[vn_domain,
- vn_project])
- # check if the network exists
- vn_networks_list = vnc_client._objects_list('virtual_network')
- fq = [vn_domain, vn_project, name]
- for network in vn_networks_list['virtual-networks']:
- if fq == network['fq_name']:
- ret['comment'] = ("Virtual network with name "
- + name + " already exists")
- return ret
+ fq_name = [domain, project, name]
+ prj_obj = vnc_client.project_read(fq_name=[domain,
+ project])
+ ipam_obj = vnc_client.network_ipam_read(fq_name=[ipam_domain,
+ ipam_project,
+ ipam_name])
+ if route_target_list:
+ route_target_list = RouteTargetList(route_target_list)
+ if subnet_conf:
+ if 'ip_prefix' in subnet_conf and 'ip_prefix_len' in subnet_conf:
+ ipam_sn = IpamSubnetType(subnet=SubnetType(
+ ip_prefix=subnet_conf['ip_prefix'],
+ ip_prefix_len=subnet_conf['ip_prefix_len']))
- vn_obj = VirtualNetwork(name, prj_obj)
- vn_type_obj = VirtualNetworkType()
- # get ipam from default project and domain
- ipam = vnc_client.network_ipam_read(fq_name=[ipam_domain,
- ipam_project,
- ipam_name])
+ # Check if the network exists
+ vn_obj_list = vnc_client.virtual_networks_list(parent_id=prj_obj.uuid)
+ if name in list(map(lambda x: x['fq_name'][2],
+ vn_obj_list['virtual-networks'])):
+ changes = {}
+ vn_obj = vnc_client.virtual_network_read(fq_name=fq_name)
- # create subnet
- if 'ip_prefix' in conf and 'ip_prefix_len' in conf:
- ipam_subnet_type = IpamSubnetType(subnet=SubnetType(
- ip_prefix=conf['ip_prefix'],
- ip_prefix_len=conf['ip_prefix_len']))
+ # Update IPAM properties
+ ipam_refs = vn_obj.get_network_ipam_refs()
+ subnet_detected = False
+ if subnet_conf and ipam_refs:
+ for ipam in ipam_refs:
+ if ipam_obj.get_uuid() == ipam['uuid']:
+ ipam_subnet_list = ipam['attr'].get_ipam_subnets()
+ for ipam_subnet_type in ipam_subnet_list:
+ subnet_obj = ipam_subnet_type.get_subnet()
+ ip_prefix = subnet_obj.get_ip_prefix()
+ ip_prefix_len = subnet_obj.get_ip_prefix_len()
+ if subnet_conf['ip_prefix'] == ip_prefix and \
+ subnet_conf['ip_prefix_len'] == ip_prefix_len:
+ subnet_detected = True
+ if subnet_conf and not subnet_detected:
+ changes['ipam_subnet'] = \
+ {'added': '{0}/{1}'.format(subnet_conf['ip_prefix'],
+ subnet_conf['ip_prefix_len'])}
+ vn_obj.add_network_ipam(ipam_obj,
+ VnSubnetsType(ipam_subnets=[ipam_sn]))
- vn_subnets_type_obj = VnSubnetsType(ipam_subnets=[ipam_subnet_type])
- vn_obj.add_network_ipam(ipam, vn_subnets_type_obj)
+ # Update VirtualNetwork properties
+ external = vn_obj.get_router_external()
+ if router_external is not None and router_external != external:
+ changes['router_external'] = {'from': external,
+ 'to': router_external}
+ vn_obj.set_router_external(router_external)
+ if route_target_list:
+ changes['router_list'] = \
+ {'from': str(vn_obj.get_route_target_list()),
+ 'to': str(route_target_list)}
+ vn_obj.set_route_target_list(route_target_list)
- # add route target to the network
- if 'asn' in conf and 'target' in conf:
- route_target_list_obj = RouteTargetList(["target:{0}:{1}"
- .format(conf['asn'],
- conf['target'])])
- vn_obj.set_route_target_list(route_target_list_obj)
+ # Update VirtualNetworkType properties
+ if vntype_conf:
+ vn_type_obj = vn_obj.get_virtual_network_properties()
+ if vn_type_obj is None:
+ vn_type_obj = VirtualNetworkType()
- if 'external' in conf:
- vn_obj.set_router_external(conf['external'])
+ if 'allow_transit' in vntype_conf:
+ allow_transit_attr = vn_type_obj.get_allow_transit()
+ if vntype_conf['allow_transit'] != allow_transit_attr:
+ changes['allow_transit'] = \
+ {'from': allow_transit_attr,
+ 'to': vntype_conf['allow_transit']}
+ vn_type_obj.set_allow_transit(vntype_conf['allow_transit'])
+ if 'vxlan_network_identifier' in vntype_conf:
+ vxlan_net_id = vn_type_obj.get_vxlan_network_identifier()
+ if vntype_conf['vxlan_network_identifier'] != vxlan_net_id:
+ vn_type_obj.set_vxlan_network_identifier(
+ vntype_conf['vxlan_network_identifier'])
+ changes['vxlan_network_identifier'] = \
+ {'from': vxlan_net_id,
+ 'to': vntype_conf['vxlan_network_identifier']}
+ if 'forwarding_mode' in vntype_conf:
+ forwarding_mode_attr = vn_type_obj.get_forwarding_mode()
+ if vntype_conf['forwarding_mode'] in ['l2_l3', 'l2', 'l3'] and \
+ vntype_conf['forwarding_mode'] != forwarding_mode_attr:
+ changes['forwarding_mode'] = \
+ {'from': forwarding_mode_attr,
+ 'to': vntype_conf['forwarding_mode']}
+ vn_type_obj.set_forwarding_mode(
+ vntype_conf['forwarding_mode'])
+ if 'mirror_destination' in vntype_conf:
+ mirror_dst_attr = vn_type_obj.get_mirror_destination()
+ if vntype_conf['mirror_destination'] != mirror_dst_attr:
+ changes['mirror_destination'] = \
+ {'from': mirror_dst_attr,
+ 'to': vntype_conf['mirror_destination']}
+ vn_type_obj.set_mirror_destination(
+ vntype_conf['mirror_destination'])
+ if 'rpf' in vntype_conf:
+ rpf_attr = vn_type_obj.get_rpf()
+ if vntype_conf['rpf'] != rpf_attr:
+ changes['rpf'] = \
+ {'from': rpf_attr,
+ 'to': vntype_conf['rpf']}
+ vn_type_obj.set_rpf(vntype_conf['rpf'])
+ vn_obj.set_virtual_network_properties(vn_type_obj)
- if 'allow_transit' in conf:
- vn_type_obj.set_allow_transit(conf['allow_transit'])
-
- if 'forwarding_mode' in conf:
- if conf['forwarding_mode'] in ['l2_l3', 'l2', 'l3']:
- vn_type_obj.set_forwarding_mode(conf['forwarding_mode'])
-
- if 'rpf' in conf:
- vn_type_obj.set_rpf(conf['rpf'])
-
- if 'mirror_destination' in conf:
- vn_type_obj.set_mirror_destination(conf['mirror_destination'])
-
- vn_obj.set_virtual_network_properties(vn_type_obj)
-
- # create virtual network
- if __opts__['test']:
- ret['result'] = None
- ret['comment'] = ("Virtual network with name {0} will be created"
- .format(name))
+ if changes:
+ ret['changes'] = changes
+ if __opts__['test']:
+ ret['result'] = None
+ ret['comment'] = "Virtual network " + name + " will be updated"
+ else:
+ ret['comment'] = "VirtualNetwork " + name + " has been updated"
+ vnc_client.virtual_network_update(vn_obj)
+ else:
+ ret['comment'] = 'Virtual network ' + name + \
+ ' already exists and is updated'
else:
- vnc_client.virtual_network_create(vn_obj)
- # if network is external create floating ip pool
- if 'external' in conf:
- if conf['external']:
- pool_name = 'default'
- _create_floating_ip_pool(pool_name,
- vn_obj,
- **kwargs)
+ vn_obj = VirtualNetwork(name, prj_obj)
- ret['comment'] = ("Virtual network with name {0} was created"
- .format(name))
+ # Configure IPAM properties
+ if subnet_conf:
+ if 'ip_prefix' in subnet_conf and 'ip_prefix_len' in subnet_conf:
+ vn_obj.add_network_ipam(ipam_obj,
+ VnSubnetsType(ipam_subnets=[ipam_sn]))
+
+ # Configure VirtualNetwork properties
+ if router_external is not None:
+ vn_obj.set_router_external(router_external)
+ if route_target_list is not None:
+ vn_obj.set_route_target_list(route_target_list)
+
+ # Configure VirtualNetworkType properties
+ if vntype_conf:
+ vn_type_obj = VirtualNetworkType()
+ if 'allow_transit' in vntype_conf:
+ vn_type_obj.set_allow_transit(vntype_conf['allow_transit'])
+ if 'vxlan_network_identifier' in vntype_conf:
+ vn_type_obj.set_vxlan_network_identifier(
+ vntype_conf['vxlan_network_identifier'])
+ if 'forwarding_mode' in vntype_conf:
+ if vntype_conf['forwarding_mode'] in ['l2_l3', 'l2', 'l3']:
+ vn_type_obj.set_forwarding_mode(
+ vntype_conf['forwarding_mode'])
+ if 'mirror_destination' in vntype_conf:
+ vn_type_obj.set_mirror_destination(vntype_conf['mirror_destination'])
+ if 'rpf' in vntype_conf:
+ vn_type_obj.set_rpf(vntype_conf['rpf'])
+ vn_obj.set_virtual_network_properties(vn_type_obj)
+
+ if __opts__['test']:
+ ret['result'] = None
+ ret['comment'] = "VirtualNetwork " + name + " will be created"
+ else:
+ vnc_client.virtual_network_create(vn_obj)
+ ret['comment'] = "VirtualNetwork " + name + " has been created"
+ ret['changes'] = {'VirtualNetwork': {'created': name}}
return ret
diff --git a/_states/contrail.py b/_states/contrail.py
index 21a1d35..0d1a0bd 100644
--- a/_states/contrail.py
+++ b/_states/contrail.py
@@ -348,22 +348,6 @@
virtual_network_create:
contrail.virtual_network_present:
- name: virtual_network_name
- - conf:
- domain: domain name
- project: domain project
- ipam_domain: ipam domain name
- ipam_project: ipam project name
- ipam_name: ipam name
- ip_prefix: xxx.xxx.xxx.xxx
- ip_prefix_len: 24
- asn: 64512
- target: 10000
- external: False
- allow_transit: False
- forwading_mode: 'l2_l3'
- rpf: 'disabled'
- mirror_destination: False
-
Enforce Floating Ip Pool configuration
@@ -834,17 +818,52 @@
return ret
-def virtual_network_present(name, conf=None, **kwargs):
+def virtual_network_present(name, domain='default-domain', project='admin',
+ ipam_domain='default-domain',
+ ipam_project='default-project',
+ ipam_name='default-network-ipam',
+ router_external=None, route_target_list=None,
+ subnet_conf=None, vntype_conf=None, **kwargs):
'''
Ensure that the virtual network exists.
- :param name: Name of the virtual network
- :param conf: Key:Value pairs used for network creation
+ :param name (str): name of the network (required)
+ :param domain (str): name of domain (optional)
+ :param project (str): name of project (optional)
+ :param ipam_domain (str): domain for ipam (optional)
+ :param ipam_project (str): project for ipam (optional)
+ :param ipam_name (str): name of IP Address Management (optional)
+ :param router_external (bool): When true, this virtual network is openstack
+ router external network. (optional)
+ :param route_target_list (list): route target list - format is
+ ['target:<asn>:<target>']
+ :param subnet_conf (dict):
+ ip_prefix (string) optional - format is xxx.xxx.xxx.xxx
+ ip_prefix_len (int) optional - format is xx
+ :param vntype_conf (dict):
+ allow_transit (boolean) optional - enable allow transit
+ vxlan_network_identifier (int) - VxLAN VNI value for network
+ forwarding_mode (any of ['l2_l3','l2','l3']) optional
+ - packet forwarding mode for this virtual network
+ rpf (any of ['enabled','disabled']) optional
+ - Enable or disable Reverse Path Forwarding check
+ for this network
+ mirror_destination (boolean) optional
+ - Mark the vn as mirror destination network
'''
- ret = __salt__['contrail.virtual_network_create'](name, conf, **kwargs)
+ ret = __salt__['contrail.virtual_network_create'](
+ name, domain='default-domain', project='admin',
+ ipam_domain='default-domain',
+ ipam_project='default-project',
+ ipam_name='default-network-ipam',
+ router_external=None, route_target_list=None,
+ subnet_conf=None, vntype_conf=None, **kwargs)
+ if len(ret['changes']) == 0:
+ pass
return ret
+
def floating_ip_pool_present(vn_name,
vn_project,
vn_domain=None,
diff --git a/metadata/service/client/cluster.yml b/metadata/service/client/cluster.yml
index 337e9d0..91043a9 100644
--- a/metadata/service/client/cluster.yml
+++ b/metadata/service/client/cluster.yml
@@ -3,6 +3,7 @@
parameters:
_param:
opencontrail_version: 3.0
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
openstack_control_address: 127.0.0.1
@@ -14,6 +15,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:openstack_control_address}
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
diff --git a/metadata/service/client/single.yml b/metadata/service/client/single.yml
index 8d3a509..2e14591 100644
--- a/metadata/service/client/single.yml
+++ b/metadata/service/client/single.yml
@@ -3,6 +3,7 @@
parameters:
_param:
opencontrail_version: 3.0
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -13,6 +14,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_local_address}
port: ${_param:opencontrail_identity_port}
version: ${_param:opencontrail_identity_version}
diff --git a/metadata/service/control/analytics.yml b/metadata/service/control/analytics.yml
index be71d6d..936e5f7 100644
--- a/metadata/service/control/analytics.yml
+++ b/metadata/service/control/analytics.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -54,6 +56,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 8b9eaf7..2450352 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +59,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -123,6 +126,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -188,6 +192,7 @@
identity:
engine: keystone
version: ${_param:opencontrail_identity_version}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/control.yml b/metadata/service/control/control.yml
index 728e53a..3d618f2 100644
--- a/metadata/service/control/control.yml
+++ b/metadata/service/control/control.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +59,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -150,6 +153,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:cluster_vip_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index 73ce29b..5478d5c 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -5,6 +5,7 @@
parameters:
_param:
opencontrail_version: 2.2
+ opencontrail_identity_protocol: http
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_password: 'none'
@@ -17,6 +18,7 @@
version: ${_param:opencontrail_version}
identity:
engine: keystone
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
token: '${_param:keystone_service_token}'
@@ -57,6 +59,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: ${_param:openstack_region}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -103,6 +106,7 @@
engine: keystone
version: ${_param:opencontrail_identity_version}
region: RegionOne
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
@@ -158,6 +162,7 @@
identity:
engine: keystone
version: ${_param:opencontrail_identity_version}
+ protocol: ${_param:opencontrail_identity_protocol}
host: ${_param:single_address}
port: ${_param:opencontrail_identity_port}
user: ${_param:opencontrail_admin_user}
diff --git a/opencontrail/collector.sls b/opencontrail/collector.sls
index 63f7d86..88f1cb5 100644
--- a/opencontrail/collector.sls
+++ b/opencontrail/collector.sls
@@ -49,6 +49,11 @@
- source: salt://opencontrail/files/{{ collector.version }}/redis.conf
- template: jinja
- makedirs: True
+ - mode: 640
+{%- if collector.version < 4.0 %}
+ - user: redis
+ - group: redis
+{%- endif %}
/etc/contrail/contrail-collector.conf:
file.managed:
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
index 752c469..1593abb 100644
--- a/opencontrail/compute.sls
+++ b/opencontrail/compute.sls
@@ -240,4 +240,13 @@
- onlyif: /bin/false
{%- endif %}
+{%- if pillar.get('telegraf', {}).get('agent', {}).get('enabled', False) %}
+/usr/local/bin/curl_detect_metadata.sh:
+ file.managed:
+ - source: salt://opencontrail/files/curl_detect_metadata_http.sh
+ - template: jinja
+ - mode: 755
+
+{%- endif %}
+
{%- endif %}
diff --git a/opencontrail/files/3.0/check_contrail_health.py b/opencontrail/files/3.0/check_contrail_health.py
new file mode 100644
index 0000000..8449f40
--- /dev/null
+++ b/opencontrail/files/3.0/check_contrail_health.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+import subprocess
+import sys
+
+
+CMD = "contrail-status"
+
+SERVICE_EXTRA_STATES = {'contrail-schema': 'backup',
+ 'contrail-svc-monitor': 'backup',
+ 'contrail-device-manager': 'backup'}
+
+
+def check(output=sys.stdout):
+ cmd = subprocess.check_output(CMD.split(' '))
+ result = {}
+ for l in [l.strip() for l in cmd.split('\n') if l.strip() != '']:
+ if l.startswith('=='):
+ # role detected
+ role = l.strip('==').strip().replace(' ', '_')
+ result[role] = []
+ else:
+ state_info = [a for a in l.split(' ') if a != '']
+ service = state_info[0].split(':')[0]
+ status = ("%s %s" % (state_info[1], " ".join(state_info[2:]))
+ if len(state_info) > 2 else state_info[1])
+ if status != 'active' and SERVICE_EXTRA_STATES.get(service) != status:
+ exit_code = 1
+ else:
+ exit_code = 0
+ result[role].append({'service': service, 'status': status,
+ 'exit_code': exit_code})
+ # output all collected info
+ # NOTE(ivasilevskaya) ignore contrail database in favor of supervisor
+ # database
+ result.pop('Contrail_Database', None)
+ for role, services in result.iteritems():
+ for info in services:
+ output.write(("%(workload)s,contrail_service=%(service)s,role=%(role)s "
+ "exit_code=%(exit_code)s\n") %
+ {'workload': 'contrail_health',
+ 'service': info['service'],
+ 'exit_code': info['exit_code'],
+ 'role': role})
+ return result
+
+
+if __name__ == "__main__":
+ check()
diff --git a/opencontrail/files/3.0/check_global_vrouter_config.py b/opencontrail/files/3.0/check_global_vrouter_config.py
new file mode 100644
index 0000000..12d4d8f
--- /dev/null
+++ b/opencontrail/files/3.0/check_global_vrouter_config.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+import sys
+from vnc_api import vnc_api
+
+
+def check(output=sys.stdout):
+ try:
+ vnc_cli = vnc_api.VncApi(conf_file='/etc/contrail/vnc_api_lib.ini')
+ out = vnc_cli._objects_list('global-vrouter-config')
+ exit_code = 0 if len(out.get('global-vrouter-configs', [])) == 1 else 1
+ # XXX FIXME narrow down exception type
+ except Exception:
+ exit_code = 1
+ res = {'workload': 'contrail_global_vrouter_config',
+ 'exit_code': exit_code}
+ # output result
+ output.write('%(workload)s exit_code=%(exit_code)s\n' % res)
+
+
+if __name__ == "__main__":
+ check()
diff --git a/opencontrail/files/3.0/client_vnc_api_lib.ini b/opencontrail/files/3.0/client_vnc_api_lib.ini
index 40bfbb3..5779c21 100644
--- a/opencontrail/files/3.0/client_vnc_api_lib.ini
+++ b/opencontrail/files/3.0/client_vnc_api_lib.ini
@@ -11,7 +11,7 @@
; Authentication settings (optional)
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ client.identity.protocol }}
AUTHN_SERVER= {{ client.identity.host }}
AUTHN_PORT = {{ client.identity.port }}
AUTHN_TENANT = {{ client.identity.tenant }}
diff --git a/opencontrail/files/3.0/config.global.js b/opencontrail/files/3.0/config.global.js
index e4397c3..70cf9b5 100644
--- a/opencontrail/files/3.0/config.global.js
+++ b/opencontrail/files/3.0/config.global.js
@@ -97,7 +97,7 @@
config.imageManager = {};
config.imageManager.ip = '{{ web.identity.host }}';
config.imageManager.port = '9292';
-config.imageManager.authProtocol = 'http';
+config.imageManager.authProtocol = '{{ web.identity.protocol }}';
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = '';
@@ -105,7 +105,7 @@
config.computeManager = {};
config.computeManager.ip = '{{ web.identity.host }}';
config.computeManager.port = '8774';
-config.computeManager.authProtocol = 'http';
+config.computeManager.authProtocol = '{{ web.identity.protocol }}';
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = '';
@@ -113,7 +113,7 @@
config.identityManager = {};
config.identityManager.ip = '{{ web.identity.host }}';
config.identityManager.port = '5000';
-config.identityManager.authProtocol = 'http';
+config.identityManager.authProtocol = '{{ web.identity.protocol }}';
/******************************************************************************
* Note: config.identityManager.apiVersion is not controlled by boolean flag
* config.serviceEndPointFromConfig. If specified apiVersion here, then these
@@ -128,7 +128,7 @@
config.storageManager = {};
config.storageManager.ip = '{{ web.identity.host }}';
config.storageManager.port = '8776';
-config.storageManager.authProtocol = 'http';
+config.storageManager.authProtocol = '{{ web.identity.protocol }}';
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
diff --git a/opencontrail/files/3.0/contrail-alarm-gen.conf b/opencontrail/files/3.0/contrail-alarm-gen.conf
index 026a903..b5e9dd0 100644
--- a/opencontrail/files/3.0/contrail-alarm-gen.conf
+++ b/opencontrail/files/3.0/contrail-alarm-gen.conf
@@ -34,7 +34,7 @@
{%- if common.identity.engine == "keystone" and not common.get('k8s_enabled', False) %}
[KEYSTONE]
auth_host={{ common.identity.host }}
-auth_protocol=http
+auth_protocol={{ common.identity.protocol }}
auth_port={{ common.identity.port }}
admin_user={{ common.identity.get('user', "admin") }}
admin_password={{ common.identity.password }}
diff --git a/opencontrail/files/3.0/contrail-keystone-auth.conf b/opencontrail/files/3.0/contrail-keystone-auth.conf
index 8b37f27..f19dab4 100644
--- a/opencontrail/files/3.0/contrail-keystone-auth.conf
+++ b/opencontrail/files/3.0/contrail-keystone-auth.conf
@@ -1,7 +1,7 @@
{%- from "opencontrail/map.jinja" import config with context -%}
[KEYSTONE]
auth_host={{ config.identity.host }}
-auth_protocol=http
+auth_protocol={{ config.identity.protocol }}
auth_port={{ config.identity.port }}
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
@@ -14,7 +14,7 @@
{%- if config.identity.version == "3" %}
project_name={{ config.identity.tenant }}
project_domain_name={{ config.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- else %}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
{%- endif %}
diff --git a/opencontrail/files/3.0/contrail-snmp-collector.conf b/opencontrail/files/3.0/contrail-snmp-collector.conf
index d57251a..0056352 100644
--- a/opencontrail/files/3.0/contrail-snmp-collector.conf
+++ b/opencontrail/files/3.0/contrail-snmp-collector.conf
@@ -26,7 +26,7 @@
[KEYSTONE]
{%- if collector.get('identity', {}).get('engine') == 'keystone' %}
auth_host={{ collector.identity.host }}
-auth_protocol=http
+auth_protocol={{ collector.identity.protocol }}
auth_port={{ collector.identity.port }}
admin_user={{ collector.identity.user }}
admin_password={{ collector.identity.password }}
@@ -39,8 +39,8 @@
{%- if collector.identity.version == "3" %}
project_name={{ collector.identity.tenant }}
project_domain_name={{ collector.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
{%- else %}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
{%- endif %}
{%- endif %}
diff --git a/opencontrail/files/3.0/vnc_api_lib.ini b/opencontrail/files/3.0/vnc_api_lib.ini
index 9795760..bdf16b6 100644
--- a/opencontrail/files/3.0/vnc_api_lib.ini
+++ b/opencontrail/files/3.0/vnc_api_lib.ini
@@ -14,7 +14,7 @@
{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ config.identity.protocol }}
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_TENANT = {{ config.identity.tenant }}
diff --git a/opencontrail/files/4.0/check_contrail_health.py b/opencontrail/files/4.0/check_contrail_health.py
new file mode 100644
index 0000000..3617553
--- /dev/null
+++ b/opencontrail/files/4.0/check_contrail_health.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+import subprocess
+import sys
+
+CMD = "doctrail all contrail-status"
+
+SERVICE_EXTRA_STATES = {'contrail-schema': 'backup',
+ 'contrail-svc-monitor': 'backup',
+ 'contrail-device-manager': 'backup'}
+
+
+def check(output=sys.stdout):
+ cmd = subprocess.check_output(CMD.split(' '))
+ result = {}
+ for l in [l.strip() for l in cmd.split('\n') if l.strip() != '']:
+ if l.startswith("FOR NODE") or l.startswith("*******"):
+ continue
+ if l.startswith('=='):
+ # role detected
+ role = l.strip('==').strip().replace(' ', '_')
+ result[role] = []
+ else:
+ state_info = [a for a in l.split(' ') if a != '']
+ service = state_info[0].split(':')[0]
+ status = ("%s %s" % (state_info[1], " ".join(state_info[2:]))
+ if len(state_info) > 2 else state_info[1])
+ if status != 'active' and SERVICE_EXTRA_STATES.get(service) != status:
+ exit_code = 1
+ else:
+ exit_code = 0
+ result[role].append({'service': service, 'status': status,
+ 'exit_code': exit_code})
+ # output all collected info
+ # NOTE(ivasilevskaya) ignore contrail database in favor of supervisor
+ # database
+ # result.pop('Contrail_Database', None)
+ for role, services in result.iteritems():
+ for info in services:
+ output.write(("%(workload)s,contrail_service=%(service)s,role=%(role)s "
+ "exit_code=%(exit_code)s\n") %
+ {'workload': 'contrail_health',
+ 'service': info['service'],
+ 'exit_code': info['exit_code'],
+ 'role': role})
+ return result
+
+
+if __name__ == "__main__":
+ check()
diff --git a/opencontrail/files/4.0/check_global_vrouter_config.py b/opencontrail/files/4.0/check_global_vrouter_config.py
new file mode 100644
index 0000000..12d4d8f
--- /dev/null
+++ b/opencontrail/files/4.0/check_global_vrouter_config.py
@@ -0,0 +1,21 @@
+#!/usr/bin/env python
+import sys
+from vnc_api import vnc_api
+
+
+def check(output=sys.stdout):
+ try:
+ vnc_cli = vnc_api.VncApi(conf_file='/etc/contrail/vnc_api_lib.ini')
+ out = vnc_cli._objects_list('global-vrouter-config')
+ exit_code = 0 if len(out.get('global-vrouter-configs', [])) == 1 else 1
+ # XXX FIXME narrow down exception type
+ except Exception:
+ exit_code = 1
+ res = {'workload': 'contrail_global_vrouter_config',
+ 'exit_code': exit_code}
+ # output result
+ output.write('%(workload)s exit_code=%(exit_code)s\n' % res)
+
+
+if __name__ == "__main__":
+ check()
diff --git a/opencontrail/files/4.0/client_vnc_api_lib.ini b/opencontrail/files/4.0/client_vnc_api_lib.ini
index 77e3b92..eeef174 100644
--- a/opencontrail/files/4.0/client_vnc_api_lib.ini
+++ b/opencontrail/files/4.0/client_vnc_api_lib.ini
@@ -13,7 +13,7 @@
{%- if client.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ client.identity.protocol }}
AUTHN_SERVER= {{ client.identity.host }}
AUTHN_PORT = {{ client.identity.port }}
AUTHN_TENANT = {{ client.identity.tenant }}
diff --git a/opencontrail/files/4.0/collector/contrail-keystone-auth.conf b/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
index 4af7b62..a691491 100644
--- a/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
+++ b/opencontrail/files/4.0/collector/contrail-keystone-auth.conf
@@ -1,7 +1,7 @@
{%- from "opencontrail/map.jinja" import collector with context -%}
[KEYSTONE]
auth_host={{ collector.identity.host }}
-auth_protocol=http
+auth_protocol={{ collector.identity.protocol }}
auth_port={{ collector.identity.port }}
admin_user={{ collector.identity.user }}
admin_password={{ collector.identity.password }}
@@ -14,7 +14,7 @@
{%- if collector.identity.version == "3" %}
project_name={{ collector.identity.tenant }}
project_domain_name={{ collector.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v3
{%- else %}
-auth_url=http://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
+auth_url={{ collector.identity.protocol }}://{{ collector.identity.host }}:{{ collector.identity.port }}/v2.0
{%- endif %}
diff --git a/opencontrail/files/4.0/config.global.js b/opencontrail/files/4.0/config.global.js
index 2dd1b64..01da5df 100644
--- a/opencontrail/files/4.0/config.global.js
+++ b/opencontrail/files/4.0/config.global.js
@@ -75,7 +75,7 @@
config.regions = {};
{%- if web.identity.engine != "none" %}
-config.regions['{{ web.identity.get("region", "RegionOne") }}'] = 'http://{{ web.identity.host }}:5000/v{{ web.identity.version }}';
+config.regions['{{ web.identity.get("region", "RegionOne") }}'] = '{{ web.identity.protocol }}://{{ web.identity.host }}:5000/v{{ web.identity.version }}';
{%- endif %}
/****************************************************************************
@@ -139,7 +139,7 @@
config.imageManager = {};
config.imageManager.ip = '{{ web.identity.host }}';
config.imageManager.port = '9292';
-config.imageManager.authProtocol = 'http';
+config.imageManager.authProtocol = '{{ web.identity.protocol }};
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = '';
@@ -147,7 +147,7 @@
config.computeManager = {};
config.computeManager.ip = '{{ web.identity.host }}';
config.computeManager.port = '8774';
-config.computeManager.authProtocol = 'http';
+config.computeManager.authProtocol = '{{ web.identity.protocol }}';
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = '';
@@ -155,7 +155,7 @@
config.identityManager = {};
config.identityManager.ip = '{{ web.identity.host }}';
config.identityManager.port = '5000';
-config.identityManager.authProtocol = 'http';
+config.identityManager.authProtocol = '{{ web.identity.protocol }}';
/******************************************************************************
* Note: config.identityManager.apiVersion is not controlled by boolean flag
* config.serviceEndPointFromConfig. If specified apiVersion here, then these
@@ -170,7 +170,7 @@
config.storageManager = {};
config.storageManager.ip = '{{ web.identity.host }}';
config.storageManager.port = '8776';
-config.storageManager.authProtocol = 'http';
+config.storageManager.authProtocol = '{{ web.identity.protocol }}';
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = '';
diff --git a/opencontrail/files/4.0/contrail-keystone-auth.conf b/opencontrail/files/4.0/contrail-keystone-auth.conf
index 5912436..cbcf836 100644
--- a/opencontrail/files/4.0/contrail-keystone-auth.conf
+++ b/opencontrail/files/4.0/contrail-keystone-auth.conf
@@ -5,7 +5,7 @@
{%- if config.identity.engine != "none" %}
auth_host={{ config.identity.host }}
-auth_protocol=http
+auth_protocol={{ config.identity.protocol }}
auth_port={{ config.identity.port }}
admin_user={{ config.identity.user }}
admin_password={{ config.identity.password }}
@@ -19,9 +19,9 @@
{%- if config.identity.version == "3" %}
project_name={{ config.identity.tenant }}
project_domain_name={{ config.identity.get('domain', 'default')|lower}}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v3
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v3
{%- else %}
-auth_url=http://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
+auth_url={{ config.identity.protocol }}://{{ config.identity.host }}:{{ config.identity.port }}/v2.0
{%- endif %}
{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/vnc_api_lib.ini b/opencontrail/files/4.0/vnc_api_lib.ini
index 9795760..bdf16b6 100644
--- a/opencontrail/files/4.0/vnc_api_lib.ini
+++ b/opencontrail/files/4.0/vnc_api_lib.ini
@@ -14,7 +14,7 @@
{%- if config.identity.engine == "keystone" %}
[auth]
AUTHN_TYPE = keystone
-AUTHN_PROTOCOL = http
+AUTHN_PROTOCOL = {{ config.identity.protocol }}
AUTHN_SERVER= {{ config.identity.host }}
AUTHN_PORT = {{ config.identity.port }}
AUTHN_TENANT = {{ config.identity.tenant }}
diff --git a/opencontrail/files/curl_detect_metadata_http.sh b/opencontrail/files/curl_detect_metadata_http.sh
new file mode 100644
index 0000000..39805d7
--- /dev/null
+++ b/opencontrail/files/curl_detect_metadata_http.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- set bind_addr=compute.interface.address|replace('0.0.0.0', '127.0.0.1') %}
+
+metadata=$(curl --silent http://{{ bind_addr|default('127.0.0.1') }}:8085/Snh_LinkLocalServiceInfo | grep -c 169.254.169.254 )
+echo "{ \"contrail_instance_metadata_present\": $metadata }"
diff --git a/opencontrail/init.sls b/opencontrail/init.sls
index ee862a7..09a204a 100644
--- a/opencontrail/init.sls
+++ b/opencontrail/init.sls
@@ -23,4 +23,9 @@
{%- endif %}
{% if pillar.opencontrail.common is defined %}
- opencontrail.common
-{% endif %}
\ No newline at end of file
+{% endif %}
+{%- if pillar.opencontrail.collector is defined or
+ pillar.opencontrail.control is defined or
+ pillar.opencontrail.database is defined %}
+- opencontrail.monitoring
+{%- endif %}
diff --git a/opencontrail/map.jinja b/opencontrail/map.jinja
index 064808f..def00f4 100644
--- a/opencontrail/map.jinja
+++ b/opencontrail/map.jinja
@@ -93,7 +93,11 @@
Debian:
pkgs:
- 'contrail-config-openstack'
+ {%- if version < 4.0 %}
+ {%- if ifmap == 'irond' %}
- 'ifmap-server'
+ {%- endif %}
+ {%- endif %}
services:
{%- if version < 4.0 %}
{%- if ifmap == 'irond' %}
@@ -460,15 +464,6 @@
'vrouter_dns_xmpp_sessions_variation_threshold': 5,
'vrouter_lls_too_high_threshold': 10,
'vrouter_lls_variation_threshold': 5,
- 'vrouter_flows_active_too_high_threshold': 100,
- 'vrouter_flows_discard_too_high_threshold': 0.1,
- 'vrouter_flows_flow_action_drop_too_high_threshold': 0.2,
- 'vrouter_flows_frag_err_too_high_threshold': 100,
- 'vrouter_flows_invalid_nh_too_high_threshold': 0.1,
- 'vrouter_flows_composite_invalid_interface_too_high_threshold': 0.05,
- 'vrouter_flows_invalid_label_too_high_threshold': 100,
- 'vrouter_flows_flow_queue_limit_exceeded_too_high_threshold': 0.1,
- 'vrouter_flows_flow_table_full_too_high_threshold': 100,
'services_failed_warning_threshold_percent': 0.3,
'services_failed_critical_threshold_percent': 0.6,
},
diff --git a/opencontrail/meta/prometheus.yml b/opencontrail/meta/prometheus.yml
index d08b385..7f8ef15 100644
--- a/opencontrail/meta/prometheus.yml
+++ b/opencontrail/meta/prometheus.yml
@@ -133,6 +133,42 @@
{%- raw %}
summary: "{{ $labels.name }} service outage"
description: "All {{ $labels.process_name }} processes are down."
+ ContrailHealthCheckDisabled:
+ if: >-
+ absent(contrail_health_exit_code) == 1
+ labels:
+ severity: critical
+ service: contrail
+ annotations:
+ summary: "Contrail healthcheck disabled"
+ description: "Contrail healthcheck is disabled."
+ ContrailHealthCheckFailed:
+ if: >-
+ contrail_health_exit_code != 0
+ labels:
+ severity: critical
+ service: contrail
+ annotations:
+ summary: "Contrail healthcheck failed"
+ description: "Contrail healthcheck failed for the {{ $labels.contrail_service }} on the {{ $labels.host }} node."
+ ContrailGlobalVrouterConfigCheckDisabled:
+ if: >-
+ absent(contrail_global_vrouter_config_exit_code) == 1
+ labels:
+ severity: critical
+ service: contrail
+ annotations:
+ summary: "Contrail global vrouter config check disabled"
+ description: "Contrail global vrouter config check is disabled."
+ ContrailGlobalVrouterConfigCheckFailed:
+ if: >-
+ contrail_global_vrouter_config_exit_code != 0
+ labels:
+ severity: critical
+ service: contrail
+ annotations:
+ summary: "Contrail global vrouter config check failed"
+ description: "Contrail global vrouter config check failed on the {{ $labels.host }} node."
ContrailBGPSessionsNoEstablished:
if: >-
max(contrail_bgp_session_count) by (host) == 0
@@ -163,6 +199,16 @@
annotations:
summary: "OpenContrail BGP sessions are down"
description: "{{ $value }} OpenContrail BGP sessions on the {{ $labels.host }} node are down for 2 minutes."
+ ContrailMetadataCheck:
+ if: >-
+ min(exec_contrail_instance_metadata_present) by (host) == 0
+ for: 15m
+ labels:
+ severity: critical
+ service: contrail
+ annotations:
+ summary: "OpenContrail metadata is unavailable"
+ description: "The OpenContrail metadata on the {{ $labels.host }} node is unavailable for 15 minutes."
ContrailXMPPSessionsMissingEstablished:
if: >-
count(contrail_vrouter_xmpp) * 2 - sum(contrail_xmpp_session_up_count) > 0
@@ -318,124 +364,6 @@
summary: "OpenContrail vRouter LLS sessions changes reached the limit of {%- endraw %} {{ vrouter_lls_variation_threshold }}{%- raw %}"
description: "The OpenContrail vRouter LLS sessions on the {{ $labels.host }} node have changed {{ $value }} times."
{%- endraw %}
- ContrailFlowsActiveTooHigh:
- if: >-
- {%- set vrouter_flows_active_toohigh_threshold = monitoring.vrouter_flows_active_too_high_threshold %}
- deriv(contrail_vrouter_flows_active[5m]) >= {{ vrouter_flows_active_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter active flows reached the limit of {%- endraw %} {{ vrouter_flows_active_toohigh_threshold }}{%- raw %}"
- description: "{{ $value }} OpenContrail vRouter flows per second on the {{ $labels.host }} node are active for 2 minutes."
-{%- endraw %}
- ContrailFlowsDiscardedTooHigh:
- if: >-
- {%- set vrouter_flows_discard_toohigh_threshold = monitoring.vrouter_flows_discard_too_high_threshold %}
- rate(contrail_vrouter_flows_discard[5m]) >= {{ vrouter_flows_discard_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter discarded flows reached the limit of {%- endraw %} {{ vrouter_flows_discard_toohigh_threshold }}{%- raw %}/s"
- description: "The average per-second rate of discarded OpenContrail vRouter flows on the {{ $labels.host }} node is {{ $value }} for 2 minutes."
-{%- endraw %}
- ContrailFlowsDroppedTooHigh:
- enabled: false
- if: >-
- {%- set vrouter_flows_flow_action_drop_toohigh_threshold = monitoring.vrouter_flows_flow_action_drop_too_high_threshold %}
- rate(contrail_vrouter_flows_flow_action_drop[5m]) >= {{ vrouter_flows_flow_action_drop_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter dropped flows reached the limit of {%- endraw %} {{ vrouter_flows_flow_action_drop_toohigh_threshold }}{%- raw %}/s"
- description: "The average per-second rate of dropped OpenContrail vRouter flows on the {{ $labels.host }} node is {{ $value }} for 2 minutes."
-{%- endraw %}
- ContrailFlowsFragErrTooHigh:
- if: >-
- {%- set vrouter_flows_frag_err_toohigh_threshold = monitoring.vrouter_flows_frag_err_too_high_threshold %}
- min(contrail_vrouter_flows_frag_err) by (host) >= {{ vrouter_flows_frag_err_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter flows with fragment errors reached the limit of {%- endraw %} {{ vrouter_flows_flow_action_drop_toohigh_threshold }}{%- raw %}"
- description: "{{ $value }} OpenContrail vRouter flows on the {{ $labels.host }} node had fragment errors for 2 minutes."
-{%- endraw %}
- ContrailFlowsNextHopInvalidTooHigh:
- if: >-
- {%- set vrouter_flows_invalid_nh_toohigh_threshold = monitoring.vrouter_flows_invalid_nh_too_high_threshold %}
- rate(contrail_vrouter_flows_invalid_nh[5m]) >= {{ vrouter_flows_invalid_nh_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter flows with an invalid next hop reached the limit of {%- endraw %} {{ vrouter_flows_invalid_nh_toohigh_threshold }}{%- raw %}/s"
- description: "The average per-second rate of OpenContrail vRouter flows with an invalid next hop on the {{ $labels.host }} node is {{ $value }} for 2 minutes."
-{%- endraw %}
- ContrailFlowsInterfaceInvalidTooHigh:
- if: >-
- {%- set vrouter_flows_composite_invalid_interface_toohigh_threshold = monitoring.vrouter_flows_composite_invalid_interface_too_high_threshold %}
- rate(contrail_vrouter_flows_composite_invalid_interface[5m]) >= {{ vrouter_flows_composite_invalid_interface_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter flows with an invalid composite interface reached the limit of {%- endraw %} {{ vrouter_flows_composite_invalid_interface_toohigh_threshold }}{%- raw %}/s"
- description: "The average per-second rate of OpenContrail vRouter flows with an invalid composite interface on the {{ $labels.host }} node is {{ $value }} for 2 minutes."
-{%- endraw %}
- ContrailFlowsLabelInvalidTooHigh:
- if: >-
- {%- set vrouter_flows_invalid_label_toohigh_threshold = monitoring.vrouter_flows_invalid_label_too_high_threshold %}
- min(contrail_vrouter_flows_invalid_label) by (host) >= {{ vrouter_flows_invalid_label_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter flows with an invalid label reached the limit of {%- endraw %} {{ vrouter_flows_invalid_label_toohigh_threshold }}{%- raw %}"
- description: "{{ $value }} OpenContrail vRouter flows on the {{ $labels.host }} node had an invalid composite interface for 2 minutes."
-{%- endraw %}
- ContrailFlowsQueueSizeExceededTooHigh:
- if: >-
- {%- set vrouter_flows_flow_queue_limit_exceeded_toohigh_threshold = monitoring.vrouter_flows_flow_queue_limit_exceeded_too_high_threshold %}
- rate(contrail_vrouter_flows_flow_queue_limit_exceeded[5m]) >= {{ vrouter_flows_flow_queue_limit_exceeded_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter flows exceeding the queue size reached the limit of {%- endraw %} {{ vrouter_flows_flow_queue_limit_exceeded_toohigh_threshold }}{%- raw %}/s"
- description: "The average per-second rate of OpenContrail vRouter flows exceeding the queue size on the {{ $labels.host }} node is {{ $value }} for 2 minutes."
-{%- endraw %}
- ContrailFlowsTableFullTooHigh:
- if: >-
- {%- set vrouter_flows_flow_table_full_toohigh_threshold = monitoring.vrouter_flows_flow_table_full_too_high_threshold %}
- min(contrail_vrouter_flows_flow_table_full) by (host) >= {{ vrouter_flows_flow_table_full_toohigh_threshold }}
-{%- raw %}
- for: 2m
- labels:
- severity: warning
- service: contrail
- annotations:
- summary: "OpenContrail vRouter flows with full table reached the limit of {%- endraw %} {{ vrouter_flows_flow_table_full_toohigh_threshold }}{%- raw %}"
- description: "{{ $value }} OpenContrail vRouter flows on the {{ $labels.host }} node had a full table for 2 minutes."
-{%- endraw %}
{%- if web.get('enabled', False) and web.get('cache', {}).get('engine', '') == 'redis' %}
{%- raw %}
RedisServiceDown:
diff --git a/opencontrail/meta/telegraf.yml b/opencontrail/meta/telegraf.yml
index f4736f6..21cc5d3 100644
--- a/opencontrail/meta/telegraf.yml
+++ b/opencontrail/meta/telegraf.yml
@@ -4,6 +4,32 @@
input:
{%- if collector.get('enabled', False) or database.get('enabled', False) or control.get('enabled', False)
or web.get('enabled', False) or compute.get('enabled', False) %}
+ {%- if compute.get('enabled', False) %}
+ exec:
+ commands:
+ - "/usr/local/bin/curl_detect_metadata.sh"
+ interval: "30s"
+ data_format: "json"
+ timeout: "10s"
+ {%- endif %}
+ {%- if pillar.opencontrail.collector is defined or
+ pillar.opencontrail.control is defined or
+ pillar.opencontrail.database is defined %}
+ monitor_contrail_health:
+ template: telegraf/files/input/exec.conf
+ commands:
+ - /usr/local/bin/check_contrail_health.py
+ data_format: influx
+ interval: 30s
+ {%- endif %}
+ {%- if pillar.opencontrail.control is defined %}
+ monitor_global_vrouter_config:
+ template: telegraf/files/input/exec.conf
+ commands:
+ - /usr/local/bin/check_global_vrouter_config.py
+ data_format: influx
+ interval: 30s
+ {%- endif %}
procstat:
process:
{%- if collector.get('enabled', False) %}
diff --git a/opencontrail/monitoring.sls b/opencontrail/monitoring.sls
new file mode 100644
index 0000000..30a0bf1
--- /dev/null
+++ b/opencontrail/monitoring.sls
@@ -0,0 +1,31 @@
+{%- if pillar.opencontrail is defined and pillar.telegraf is defined %}
+ {%- if pillar.opencontrail.collector is defined %}
+ {%- set version = pillar.opencontrail.collector.version %}
+ {%- endif %}
+ {%- if pillar.opencontrail.control is defined %}
+ {%- set version = pillar.opencontrail.control.version %}
+ {%- endif %}
+ {%- if pillar.opencontrail.database is defined %}
+ {%- set version = pillar.opencontrail.database.version %}
+ {%- endif %}
+
+ {%- if pillar.opencontrail.collector is defined or
+ pillar.opencontrail.control is defined or
+ pillar.opencontrail.database is defined %}
+contrail_control_status_check_telegraf_script:
+ file.managed:
+ - name: /usr/local/bin/check_contrail_health.py
+ - source: salt://opencontrail/files/{{ version }}/check_contrail_health.py
+ - template: jinja
+ - mode: 755
+ {%- endif %}
+
+ {%- if pillar.opencontrail.control is defined %}
+contrail_control_vrouter_check_telegraf_script:
+ file.managed:
+ - name: /usr/local/bin/check_global_vrouter_config.py
+ - source: salt://opencontrail/files/{{ version }}/check_global_vrouter_config.py
+ - template: jinja
+ - mode: 755
+ {%- endif %}
+{%- endif %}
diff --git a/tests/pillar/analytics3.sls b/tests/pillar/analytics3.sls
index 2afcd1c..13713f2 100644
--- a/tests/pillar/analytics3.sls
+++ b/tests/pillar/analytics3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/tests/pillar/analytics40.sls b/tests/pillar/analytics40.sls
index 34bc5eb..047e59e 100644
--- a/tests/pillar/analytics40.sls
+++ b/tests/pillar/analytics40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -17,6 +18,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster3.sls b/tests/pillar/cluster3.sls
index 54c9d41..a23557c 100644
--- a/tests/pillar/cluster3.sls
+++ b/tests/pillar/cluster3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -49,6 +50,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -160,6 +162,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/cluster40.sls b/tests/pillar/cluster40.sls
index 4cdac34..5bc81b5 100644
--- a/tests/pillar/cluster40.sls
+++ b/tests/pillar/cluster40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -53,6 +54,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -102,6 +104,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -194,6 +197,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control3.sls b/tests/pillar/control3.sls
index dff472e..d2c9f4e 100644
--- a/tests/pillar/control3.sls
+++ b/tests/pillar/control3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -52,6 +53,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -145,6 +147,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/control40.sls b/tests/pillar/control40.sls
index f98a28f..d7d9bb5 100644
--- a/tests/pillar/control40.sls
+++ b/tests/pillar/control40.sls
@@ -4,6 +4,7 @@
config_only: true
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -54,6 +55,7 @@
version: '2.0'
region: RegionOne
host: 127.0.0.1
+ protocol: http
port: 35357
user: admin
password: password
@@ -160,6 +162,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/repo_opencontrail_oc40.sls b/tests/pillar/repo_opencontrail_oc40.sls
deleted file mode 100644
index 98f3056..0000000
--- a/tests/pillar/repo_opencontrail_oc40.sls
+++ /dev/null
@@ -1,12 +0,0 @@
-linux:
- system:
- enabled: true
- repo:
- mcp_opencontrail_repo:
- source: "deb [arch=amd64] http://apt.mirantis.com/{{ grains.get('oscodename') }}/ nightly oc40 extra"
- architectures: amd64
- key_url: "http://apt.mirantis.com/public.gpg"
- pin:
- - pin: 'release a=nightly'
- priority: 1100
- package: '*'
diff --git a/tests/pillar/repo_opencontrail_oc41.sls b/tests/pillar/repo_opencontrail_oc41.sls
new file mode 100644
index 0000000..99896e2
--- /dev/null
+++ b/tests/pillar/repo_opencontrail_oc41.sls
@@ -0,0 +1,29 @@
+linux:
+ system:
+ enabled: true
+ repo:
+ mcp_opencontrail_repo:
+ source: "deb [arch=amd64] http://mirror.mirantis.com/nightly/opencontrail-4.1/{{ grains.get('oscodename') }} {{ grains.get('oscodename') }} main"
+ architectures: amd64
+ key_url: "http://mirror.mirantis.com/nightly/opencontrail-4.1/{{ grains.get('oscodename') }}/archive-opencontrail-4.1.key"
+ pin:
+ - pin: 'release a=nightly'
+ priority: 1100
+ package: '*'
+ mcp_extra_repo:
+ source: "deb [arch=amd64] http://mirror.mirantis.com/nightly/extra/{{ grains.get('oscodename') }} {{ grains.get('oscodename') }} main"
+ architectures: amd64
+ key_url: "http://mirror.mirantis.com/nightly/extra/{{ grains.get('oscodename') }}/archive-extra.key"
+ pin:
+ - pin: 'release a=nightly'
+ priority: 1100
+ package: '*'
+ # TODO: deprecate repos on fuel-infra (use mirror.mirantis.com), at the moment tests use same repos as for docker images
+ mcp_ocata_fuel_infra:
+ source: "deb [arch=amd64] http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }} ocata main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/{{ grains.get('oscodename') }}/archive-mcpocata.key"
+ pin:
+ - pin: 'release a=ocata'
+ priority: 1100
+ package: '*'
diff --git a/tests/pillar/single3.sls b/tests/pillar/single3.sls
index 43f6dd6..045eb7a 100644
--- a/tests/pillar/single3.sls
+++ b/tests/pillar/single3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
@@ -41,6 +42,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -127,6 +129,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/single40.sls b/tests/pillar/single40.sls
index 2e8c430..c064f37 100644
--- a/tests/pillar/single40.sls
+++ b/tests/pillar/single40.sls
@@ -2,6 +2,7 @@
common:
version: 4.0
identity:
+ protocol: http
engine: keystone
host: 127.0.0.1
port: 35357
@@ -43,6 +44,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -78,6 +80,7 @@
engine: keystone
version: '2.0'
region: RegionOne
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
@@ -148,6 +151,7 @@
identity:
engine: keystone
version: '2.0'
+ protocol: http
host: 127.0.0.1
port: 35357
user: admin
diff --git a/tests/pillar/vrouter-dpdk3.sls b/tests/pillar/vrouter-dpdk3.sls
index 283abab..1ffcd72 100644
--- a/tests/pillar/vrouter-dpdk3.sls
+++ b/tests/pillar/vrouter-dpdk3.sls
@@ -3,6 +3,7 @@
version: 3.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token
diff --git a/tests/pillar/vrouter40.sls b/tests/pillar/vrouter40.sls
index e1ebc84..a810b82 100644
--- a/tests/pillar/vrouter40.sls
+++ b/tests/pillar/vrouter40.sls
@@ -3,6 +3,7 @@
version: 4.0
identity:
engine: keystone
+ protocol: http
host: 127.0.0.1
port: 35357
token: token