Add tor agents support for OC 4.X version

- added tor agent provisioning
- refactored tor metadata

Change-Id: Ic7c034f647639d037dfa9b9c2c0eac65d4121d19
Related-PROD: PROD-29061
(cherry picked from commit 2a301f959ad09a20c893b355a4cb5c95f84a026a)
diff --git a/README.rst b/README.rst
index 36034ca..202569d 100644
--- a/README.rst
+++ b/README.rst
@@ -644,18 +644,23 @@
 
   opencontrail:
     compute:
-      enabled: true
+      enabled: True
       tor:
-        enabled: true
-        bind:
-          port: 8086
+        enabled: True
         agent:
           tor01:
             id: 0
-            port: 6632
-            host: 127.0.0.1
             address: 127.0.0.1
-
+            tor_name: TOR1
+            tor_ip: 10.11.0.100
+            tor_ovs_port: 6640
+            tor_ovs_protocol: tcp
+            http_server_port: 9090
+            tsn_ip: 127.0.0.1
+            tor_tunnel_ip: 10.10.0.100
+            tor_vendor_name: ovs
+            xmpp_auth_enable: False
+            xmpp_dns_auth_enable: False
 
 Set up metadata secret for the Vrouter
 --------------------------------------
diff --git a/metadata/service/compute/tor/cluster.yml b/metadata/service/compute/tor/cluster.yml
index 5115598..e913cb4 100644
--- a/metadata/service/compute/tor/cluster.yml
+++ b/metadata/service/compute/tor/cluster.yml
@@ -4,13 +4,18 @@
   opencontrail:
     compute:
       tor:
-        enabled: true
-        bind:
-          port: 8086
+        enabled: True
         agent:
           tor01:
             id: 0
-            address: ${_param:single_address}
-            port: 6632
-            ssl:
-              enabled: True
+            address: ${_param:cluster_local_address}
+            tor_name: TOR01
+            tor_ip: 127.0.0.1
+            tor_ovs_port: 6640
+            tor_ovs_protocol: tcp
+            http_server_port: 9090
+            tsn_ip: ${_param:cluster_vip_address}
+            tor_tunnel_ip: 127.0.0.1
+            tor_vendor_name: ovs
+            xmpp_auth_enable: False
+            xmpp_dns_auth_enable: False
diff --git a/metadata/service/compute/tor/single.yml b/metadata/service/compute/tor/single.yml
index 969b1ef..dcd4e80 100644
--- a/metadata/service/compute/tor/single.yml
+++ b/metadata/service/compute/tor/single.yml
@@ -4,12 +4,18 @@
   opencontrail:
     compute:
       tor:
-        enabled: true
-        bind:
-          port: 8086
+        enabled: True
         agent:
           tor01:
             id: 0
-            port: 6632
-            host: ${_param:tor_device01_address}
             address: ${_param:single_address}
+            tor_name: TOR01
+            tor_ip: 127.0.0.1
+            tor_ovs_port: 6640
+            tor_ovs_protocol: tcp
+            http_server_port: 9090
+            tsn_ip: ${_param:single_address}
+            tor_tunnel_ip: 127.0.0.1
+            tor_vendor_name: ovs
+            xmpp_auth_enable: False
+            xmpp_dns_auth_enable: False
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
index 1593abb..6e4e179 100644
--- a/opencontrail/compute.sls
+++ b/opencontrail/compute.sls
@@ -206,6 +206,8 @@
 
 {%- if compute.get('tor', {}).get('enabled', False) %}
 
+{%- if compute.version < 4.0 %}
+
 {% for agent_name, agent in compute.tor.agent.iteritems() %}
 
 /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf:
@@ -217,7 +219,7 @@
   - watch_in:
     - service: opencontrail_compute_services
 
-{%- if compute.version < 4.0 or grains.get('init') != 'systemd' %}
+{%- if grains.get('init') != 'systemd' %}
 
 /etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ agent.id }}.ini:
   file.managed:
@@ -229,8 +231,20 @@
     - service: opencontrail_compute_services
 
 {%- endif %}
-
 {%- endfor %}
+
+{%- else %}
+
+provision_tor_agents:
+  cmd.script:
+  - source: "salt://opencontrail/files/{{ compute.version }}/tor/provision_tor_agents.sh"
+  - template: jinja
+  - cwd: /
+  - require:
+    - pkg: opencontrail_vrouter_package_vrouter_agent
+
+{%- endif %}
+
 {%- endif %}
 
 opencontrail_compute_services:
diff --git a/opencontrail/files/4.0/contrail-tor-agent.conf b/opencontrail/files/4.0/contrail-tor-agent.conf
deleted file mode 100644
index cc8c05d..0000000
--- a/opencontrail/files/4.0/contrail-tor-agent.conf
+++ /dev/null
@@ -1,111 +0,0 @@
-{%- from "opencontrail/map.jinja" import compute with context %}
-
-{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
-{%- set port = compute.tor.bind.port + agent.id %}
-# Vnswad configuration options
-#
-
-[CONTROL-NODE]
-# IP address to be used to connect to control-node. Maximum of 2 IP addresses
-# (separated by a space) can be provided. If no IP is configured then the
-# value provided by discovery service will be used. (optional)
-# server=10.0.0.1 10.0.0.2
-
-[DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
-# Everything in this section is optional
-
-# IP address and port to be used to connect to collector. If these are not
-# configured, value provided by discovery service will be used. Multiple
-# IP:port strings separated by space can be provided
-# collectors=127.0.0.1:8086
-
-# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
-# debug=0
-
-# Aging time for flow-records in seconds
-# flow_cache_timeout=0
-
-# Hostname of compute-node. If this is not configured value from `hostname`
-# will be taken
-# hostname=
-
-# Category for logging. Default value is '*'
-# log_category=
-
-# Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
-
-# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
-# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
-# log_level=SYS_DEBUG
-
-# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
-# log_local=0
-
-# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
-# log_flow=0
-# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
-# tunnel_type=
-
-# Enable/Disable headless mode for agent. In headless mode agent retains last
-# known good configuration from control node when all control nodes are lost.
-# Possible values are true(enable) and false(disable)
-# headless_mode=
-
-# Define agent mode. Only supported value is "tor"
-agent_mode=tor
-
-
-# Http server port for inspecting vnswad state (useful for debugging)
-# http_server_port=8085
-http_server_port={{ port }}
-
-[DNS]
-# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
-# (separated by a space) can be provided. If no IP is configured then the
-# value provided by discovery service will be used. (Optional)
-# server=10.0.0.1 10.0.0.2
-
-[NETWORKS]
-# control-channel IP address used by WEB-UI to connect to vnswad to fetch
-# required information (Optional)
-{%- if compute.bind is defined %}
-control_network_ip={{ compute.bind.address }}
-{%- else %}
-control_network_ip={{ compute.interface.address }}
-{%- endif %}
-
-[TOR]
-{%- if agent.ssl is not defined %}
-# IP address of the TOR to manage
-tor_ip={{ agent.host }}
-{%- endif %}
-
-# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ agent.id }}
-
-# ToR management scheme is based on this type. Only supported value is "ovs"
-tor_type=ovs
-
-# OVS server port number on the ToR
-tor_ovs_port={{ agent.get('port', 6632) }}
-
-# IP-Transport protocol used to connect to tor. Only supported value is "tcp"
-{%- if agent.ssl is defined %}
-tor_ovs_protocol=pssl
-{%- else %}
-tor_ovs_protocol=tcp
-{%- endif %}
-
-tsn_ip={{ compute.interface.address }}
-
-tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
-
-{%- if agent.ssl is defined %}
-ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
-
-ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
-
-ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
-{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/tor/contrail-tor-agent.ini b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
deleted file mode 100644
index 22a8918..0000000
--- a/opencontrail/files/4.0/tor/contrail-tor-agent.ini
+++ /dev/null
@@ -1,14 +0,0 @@
-{%- from "opencontrail/map.jinja" import compute with context %}
-{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
-[program:contrail-tor-agent-{{ agent.id }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
-priority=420
-autostart=true
-killasgroup=true
-stopsignal=KILL
-stdout_capture_maxbytes=1MB
-redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
-stderr_logfile=/dev/null
-startsecs=5
-exitcodes=0                   ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/4.0/tor/provision_tor_agents.sh b/opencontrail/files/4.0/tor/provision_tor_agents.sh
new file mode 100644
index 0000000..5681a94
--- /dev/null
+++ b/opencontrail/files/4.0/tor/provision_tor_agents.sh
@@ -0,0 +1,33 @@
+{%- from "opencontrail/map.jinja" import client, compute with context -%}
+
+{%- for agent_name, agent in compute.tor.agent.iteritems() %}
+
+contrail-toragent-setup --cfgm_ip {{ client.api.host }} \
+--self_ip {{ agent.address }} \
+--control-nodes {% for member in compute.control.members %}{{ member.host }}{% if not loop.last %} {% endif %}{% endfor %} \
+--collectors {% for member in compute.collector.members %}{{ member.host }}{% if not loop.last %} {% endif %}{% endfor %} \
+--authserver_ip {{ client.identity.host }} \
+--admin_user {{ client.identity.user }} \
+--admin_password {{ client.identity.password }} \
+--admin_tenant_name {{ client.identity.tenant }} \
+--auth_protocol http \
+--tor_name {{ agent.tor_name }} \
+--http_server_port {{ agent.http_server_port }} \
+--tor_ip {{ agent.tor_ip }} \
+--tor_id {{ agent.id }} \
+--tsn_ip {{ agent.tsn_ip }} \
+--tor_tunnel_ip {{ agent.tor_tunnel_ip }} \
+{%- if agent.get('xmpp_auth_enable', False) == True %}
+--xmpp_auth_enable \
+{%- endif %}
+{%- if agent.get('xmpp_dns_auth_enable', False) == True %}
+--xmpp_dns_auth_enable \
+{%- endif %}
+--tor_ovs_port {{ agent.tor_ovs_port }} \
+--tor_ovs_protocol {{ agent.tor_ovs_protocol }} \
+{%- if agent.tor_product_name is defined %}
+----tor_product_name {{ agent.tor_product_name }} \
+{%- endif %}
+--tor_vendor_name {{ agent.tor_vendor_name }}
+
+{%- endfor %}
diff --git a/tests/pillar/vrouter40.sls b/tests/pillar/vrouter40.sls
index a810b82..b77c2ca 100644
--- a/tests/pillar/vrouter40.sls
+++ b/tests/pillar/vrouter40.sls
@@ -12,6 +12,14 @@
       engine: neutron
       host: 127.0.0.1
       port: 9696
+  client:
+    api:
+      host: 127.0.0.1
+    identity:
+      host: 127.0.0.1
+      user: contrail
+      password: contrail
+      tenant: admin
   compute:
     version: 4.0
     enabled: True
@@ -35,16 +43,21 @@
       dns: 127.0.0.1
       mtu: 9000
     tor:
-      enabled: true
-      bind:
-        port: 8086
+      enabled: false
       agent:
         tor01:
           id: 0
           address: 127.0.0.1
-          port: 6632
-          ssl:
-            enabled: True
+          tor_name: TOR01
+          tor_ip: 127.0.0.1
+          tor_ovs_protocol: tcp
+          tor_ovs_port: 6640
+          http_server_port: 9090
+          tsn_ip: 127.0.0.1
+          tor_tunnel_ip: 127.0.0.1
+          tor_vendor_name: ovs
+          xmpp_auth_enable: False
+          xmpp_dns_auth_enable: False
     lbaas:
       enabled: true
       secret_manager: