Add tor agents support for OC 4.X version
- added tor agent provisioning
- refactored tor metadata
Change-Id: Ic7c034f647639d037dfa9b9c2c0eac65d4121d19
Related-PROD: PROD-29061
(cherry picked from commit 2a301f959ad09a20c893b355a4cb5c95f84a026a)
diff --git a/README.rst b/README.rst
index 36034ca..202569d 100644
--- a/README.rst
+++ b/README.rst
@@ -644,18 +644,23 @@
opencontrail:
compute:
- enabled: true
+ enabled: True
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: True
agent:
tor01:
id: 0
- port: 6632
- host: 127.0.0.1
address: 127.0.0.1
-
+ tor_name: TOR1
+ tor_ip: 10.11.0.100
+ tor_ovs_port: 6640
+ tor_ovs_protocol: tcp
+ http_server_port: 9090
+ tsn_ip: 127.0.0.1
+ tor_tunnel_ip: 10.10.0.100
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
Set up metadata secret for the Vrouter
--------------------------------------
diff --git a/metadata/service/compute/tor/cluster.yml b/metadata/service/compute/tor/cluster.yml
index 5115598..e913cb4 100644
--- a/metadata/service/compute/tor/cluster.yml
+++ b/metadata/service/compute/tor/cluster.yml
@@ -4,13 +4,18 @@
opencontrail:
compute:
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: True
agent:
tor01:
id: 0
- address: ${_param:single_address}
- port: 6632
- ssl:
- enabled: True
+ address: ${_param:cluster_local_address}
+ tor_name: TOR01
+ tor_ip: 127.0.0.1
+ tor_ovs_port: 6640
+ tor_ovs_protocol: tcp
+ http_server_port: 9090
+ tsn_ip: ${_param:cluster_vip_address}
+ tor_tunnel_ip: 127.0.0.1
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
diff --git a/metadata/service/compute/tor/single.yml b/metadata/service/compute/tor/single.yml
index 969b1ef..dcd4e80 100644
--- a/metadata/service/compute/tor/single.yml
+++ b/metadata/service/compute/tor/single.yml
@@ -4,12 +4,18 @@
opencontrail:
compute:
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: True
agent:
tor01:
id: 0
- port: 6632
- host: ${_param:tor_device01_address}
address: ${_param:single_address}
+ tor_name: TOR01
+ tor_ip: 127.0.0.1
+ tor_ovs_port: 6640
+ tor_ovs_protocol: tcp
+ http_server_port: 9090
+ tsn_ip: ${_param:single_address}
+ tor_tunnel_ip: 127.0.0.1
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
index 1593abb..6e4e179 100644
--- a/opencontrail/compute.sls
+++ b/opencontrail/compute.sls
@@ -206,6 +206,8 @@
{%- if compute.get('tor', {}).get('enabled', False) %}
+{%- if compute.version < 4.0 %}
+
{% for agent_name, agent in compute.tor.agent.iteritems() %}
/etc/contrail/contrail-tor-agent-{{ agent.id }}.conf:
@@ -217,7 +219,7 @@
- watch_in:
- service: opencontrail_compute_services
-{%- if compute.version < 4.0 or grains.get('init') != 'systemd' %}
+{%- if grains.get('init') != 'systemd' %}
/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ agent.id }}.ini:
file.managed:
@@ -229,8 +231,20 @@
- service: opencontrail_compute_services
{%- endif %}
-
{%- endfor %}
+
+{%- else %}
+
+provision_tor_agents:
+ cmd.script:
+ - source: "salt://opencontrail/files/{{ compute.version }}/tor/provision_tor_agents.sh"
+ - template: jinja
+ - cwd: /
+ - require:
+ - pkg: opencontrail_vrouter_package_vrouter_agent
+
+{%- endif %}
+
{%- endif %}
opencontrail_compute_services:
diff --git a/opencontrail/files/4.0/contrail-tor-agent.conf b/opencontrail/files/4.0/contrail-tor-agent.conf
deleted file mode 100644
index cc8c05d..0000000
--- a/opencontrail/files/4.0/contrail-tor-agent.conf
+++ /dev/null
@@ -1,111 +0,0 @@
-{%- from "opencontrail/map.jinja" import compute with context %}
-
-{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
-{%- set port = compute.tor.bind.port + agent.id %}
-# Vnswad configuration options
-#
-
-[CONTROL-NODE]
-# IP address to be used to connect to control-node. Maximum of 2 IP addresses
-# (separated by a space) can be provided. If no IP is configured then the
-# value provided by discovery service will be used. (optional)
-# server=10.0.0.1 10.0.0.2
-
-[DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
-# Everything in this section is optional
-
-# IP address and port to be used to connect to collector. If these are not
-# configured, value provided by discovery service will be used. Multiple
-# IP:port strings separated by space can be provided
-# collectors=127.0.0.1:8086
-
-# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
-# debug=0
-
-# Aging time for flow-records in seconds
-# flow_cache_timeout=0
-
-# Hostname of compute-node. If this is not configured value from `hostname`
-# will be taken
-# hostname=
-
-# Category for logging. Default value is '*'
-# log_category=
-
-# Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
-
-# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
-# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
-# log_level=SYS_DEBUG
-
-# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
-# log_local=0
-
-# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
-# log_flow=0
-# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
-# tunnel_type=
-
-# Enable/Disable headless mode for agent. In headless mode agent retains last
-# known good configuration from control node when all control nodes are lost.
-# Possible values are true(enable) and false(disable)
-# headless_mode=
-
-# Define agent mode. Only supported value is "tor"
-agent_mode=tor
-
-
-# Http server port for inspecting vnswad state (useful for debugging)
-# http_server_port=8085
-http_server_port={{ port }}
-
-[DNS]
-# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
-# (separated by a space) can be provided. If no IP is configured then the
-# value provided by discovery service will be used. (Optional)
-# server=10.0.0.1 10.0.0.2
-
-[NETWORKS]
-# control-channel IP address used by WEB-UI to connect to vnswad to fetch
-# required information (Optional)
-{%- if compute.bind is defined %}
-control_network_ip={{ compute.bind.address }}
-{%- else %}
-control_network_ip={{ compute.interface.address }}
-{%- endif %}
-
-[TOR]
-{%- if agent.ssl is not defined %}
-# IP address of the TOR to manage
-tor_ip={{ agent.host }}
-{%- endif %}
-
-# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ agent.id }}
-
-# ToR management scheme is based on this type. Only supported value is "ovs"
-tor_type=ovs
-
-# OVS server port number on the ToR
-tor_ovs_port={{ agent.get('port', 6632) }}
-
-# IP-Transport protocol used to connect to tor. Only supported value is "tcp"
-{%- if agent.ssl is defined %}
-tor_ovs_protocol=pssl
-{%- else %}
-tor_ovs_protocol=tcp
-{%- endif %}
-
-tsn_ip={{ compute.interface.address }}
-
-tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
-
-{%- if agent.ssl is defined %}
-ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
-
-ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
-
-ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
-{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/tor/contrail-tor-agent.ini b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
deleted file mode 100644
index 22a8918..0000000
--- a/opencontrail/files/4.0/tor/contrail-tor-agent.ini
+++ /dev/null
@@ -1,14 +0,0 @@
-{%- from "opencontrail/map.jinja" import compute with context %}
-{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
-[program:contrail-tor-agent-{{ agent.id }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
-priority=420
-autostart=true
-killasgroup=true
-stopsignal=KILL
-stdout_capture_maxbytes=1MB
-redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
-stderr_logfile=/dev/null
-startsecs=5
-exitcodes=0 ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/4.0/tor/provision_tor_agents.sh b/opencontrail/files/4.0/tor/provision_tor_agents.sh
new file mode 100644
index 0000000..5681a94
--- /dev/null
+++ b/opencontrail/files/4.0/tor/provision_tor_agents.sh
@@ -0,0 +1,33 @@
+{%- from "opencontrail/map.jinja" import client, compute with context -%}
+
+{%- for agent_name, agent in compute.tor.agent.iteritems() %}
+
+contrail-toragent-setup --cfgm_ip {{ client.api.host }} \
+--self_ip {{ agent.address }} \
+--control-nodes {% for member in compute.control.members %}{{ member.host }}{% if not loop.last %} {% endif %}{% endfor %} \
+--collectors {% for member in compute.collector.members %}{{ member.host }}{% if not loop.last %} {% endif %}{% endfor %} \
+--authserver_ip {{ client.identity.host }} \
+--admin_user {{ client.identity.user }} \
+--admin_password {{ client.identity.password }} \
+--admin_tenant_name {{ client.identity.tenant }} \
+--auth_protocol http \
+--tor_name {{ agent.tor_name }} \
+--http_server_port {{ agent.http_server_port }} \
+--tor_ip {{ agent.tor_ip }} \
+--tor_id {{ agent.id }} \
+--tsn_ip {{ agent.tsn_ip }} \
+--tor_tunnel_ip {{ agent.tor_tunnel_ip }} \
+{%- if agent.get('xmpp_auth_enable', False) == True %}
+--xmpp_auth_enable \
+{%- endif %}
+{%- if agent.get('xmpp_dns_auth_enable', False) == True %}
+--xmpp_dns_auth_enable \
+{%- endif %}
+--tor_ovs_port {{ agent.tor_ovs_port }} \
+--tor_ovs_protocol {{ agent.tor_ovs_protocol }} \
+{%- if agent.tor_product_name is defined %}
+----tor_product_name {{ agent.tor_product_name }} \
+{%- endif %}
+--tor_vendor_name {{ agent.tor_vendor_name }}
+
+{%- endfor %}
diff --git a/tests/pillar/vrouter40.sls b/tests/pillar/vrouter40.sls
index a810b82..b77c2ca 100644
--- a/tests/pillar/vrouter40.sls
+++ b/tests/pillar/vrouter40.sls
@@ -12,6 +12,14 @@
engine: neutron
host: 127.0.0.1
port: 9696
+ client:
+ api:
+ host: 127.0.0.1
+ identity:
+ host: 127.0.0.1
+ user: contrail
+ password: contrail
+ tenant: admin
compute:
version: 4.0
enabled: True
@@ -35,16 +43,21 @@
dns: 127.0.0.1
mtu: 9000
tor:
- enabled: true
- bind:
- port: 8086
+ enabled: false
agent:
tor01:
id: 0
address: 127.0.0.1
- port: 6632
- ssl:
- enabled: True
+ tor_name: TOR01
+ tor_ip: 127.0.0.1
+ tor_ovs_protocol: tcp
+ tor_ovs_port: 6640
+ http_server_port: 9090
+ tsn_ip: 127.0.0.1
+ tor_tunnel_ip: 127.0.0.1
+ tor_vendor_name: ovs
+ xmpp_auth_enable: False
+ xmpp_dns_auth_enable: False
lbaas:
enabled: true
secret_manager: