Merge "refactor TSN"
diff --git a/.kitchen.yml b/.kitchen.yml
index 113ee81..e9ab514 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -72,10 +72,10 @@
# provisioner:
# pillars-from-files:
# opencontrail.sls: tests/pillar/cluster<%= ENV['OC_VERSION'] || '' %>.sls
- - name: tor<%= ENV['OC_VERSION'] || '' %>
- provisioner:
- pillars-from-files:
- opencontrail.sls: tests/pillar/tor<%= ENV['OC_VERSION'] || '' %>.sls
+ # - name: tor<%= ENV['OC_VERSION'] || '' %>
+ # provisioner:
+ # pillars-from-files:
+ # opencontrail.sls: tests/pillar/tor<%= ENV['OC_VERSION'] || '' %>.sls
- name: vrouter<%= ENV['OC_VERSION'] || '' %>
provisioner:
pillars-from-files:
diff --git a/metadata/service/compute/tor/cluster.yml b/metadata/service/compute/tor/cluster.yml
new file mode 100644
index 0000000..5115598
--- /dev/null
+++ b/metadata/service/compute/tor/cluster.yml
@@ -0,0 +1,16 @@
+applications:
+- opencontrail
+parameters:
+ opencontrail:
+ compute:
+ tor:
+ enabled: true
+ bind:
+ port: 8086
+ agent:
+ tor01:
+ id: 0
+ address: ${_param:single_address}
+ port: 6632
+ ssl:
+ enabled: True
diff --git a/metadata/service/compute/tor/single.yml b/metadata/service/compute/tor/single.yml
new file mode 100644
index 0000000..969b1ef
--- /dev/null
+++ b/metadata/service/compute/tor/single.yml
@@ -0,0 +1,15 @@
+applications:
+- opencontrail
+parameters:
+ opencontrail:
+ compute:
+ tor:
+ enabled: true
+ bind:
+ port: 8086
+ agent:
+ tor01:
+ id: 0
+ port: 6632
+ host: ${_param:tor_device01_address}
+ address: ${_param:single_address}
diff --git a/metadata/service/tor/single.yml b/metadata/service/tor/single.yml
deleted file mode 100644
index 7dc070c..0000000
--- a/metadata/service/tor/single.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-applications:
-- opencontrail
-parameters:
- _param:
- opencontrail_version: 2.2
- opencontrail_tor_agents: 1
- opencontrail:
- common:
- version: ${_param:opencontrail_version}
- identity:
- engine: keystone
- host: 127.0.0.1
- port: 35357
- token: token
- password: password
- network:
- engine: neutron
- host: 127.0.0.1
- port: 9696
- tor:
- enabled: true
- version: ${_param:opencontrail_version}
- agents: ${_param:opencontrail_tor_agents}
- control:
- address: ${_param:single_address}
- interface:
- address: ${_param:single_address}
- device:
- host: ${_param:tor_device_address}
\ No newline at end of file
diff --git a/opencontrail/compute.sls b/opencontrail/compute.sls
index 7df9d2b..bf4fde2 100644
--- a/opencontrail/compute.sls
+++ b/opencontrail/compute.sls
@@ -151,6 +151,31 @@
{%- endif %}
{%- endif %}
+{%- if compute.get('tor', {}).get('enabled', False) %}
+
+{% for agent_name, agent in compute.tor.agent.iteritems() %}
+
+/etc/contrail/contrail-tor-agent-{{ agent.id }}.conf:
+ file.managed:
+ - source: salt://opencontrail/files/{{ compute.version }}/contrail-tor-agent.conf
+ - template: jinja
+ - defaults:
+ agent_name: {{ agent_name }}
+ - watch_in:
+ - service: opencontrail_compute_services
+
+/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ agent.id }}.ini:
+ file.managed:
+ - source: salt://opencontrail/files/{{ compute.version }}/tor/contrail-tor-agent.ini
+ - template: jinja
+ - defaults:
+ agent_name: {{ agent_name }}
+ - watch_in:
+ - service: opencontrail_compute_services
+
+{%- endfor %}
+{%- endif %}
+
opencontrail_compute_services:
service.enabled:
- names: {{ compute.services }}
diff --git a/opencontrail/files/3.0/contrail-tor-agent.conf b/opencontrail/files/3.0/contrail-tor-agent.conf
index 598a6d5..bb19a6c 100644
--- a/opencontrail/files/3.0/contrail-tor-agent.conf
+++ b/opencontrail/files/3.0/contrail-tor-agent.conf
@@ -1,7 +1,7 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
{%- from "opencontrail/map.jinja" import compute with context %}
-{%- set port = tor.bind.port + number %}
-#
+
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+{%- set port = compute.tor.bind.port + agent.id %}
# Vnswad configuration options
#
@@ -12,7 +12,7 @@
# server=10.0.0.1 10.0.0.2
[DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ number }}
+agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
# Everything in this section is optional
# IP address and port to be used to connect to collector. If these are not
@@ -34,7 +34,7 @@
# log_category=
# Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ number }}.log
+log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
@@ -54,7 +54,7 @@
# headless_mode=
# Define agent mode. Only supported value is "tor"
- agent_mode=tor
+agent_mode=tor
# Http server port for inspecting vnswad state (useful for debugging)
@@ -81,24 +81,42 @@
[NETWORKS]
# control-channel IP address used by WEB-UI to connect to vnswad to fetch
# required information (Optional)
-control_network_ip={{ tor.control.address }}
+{%- if compute.bind is defined %}
+control_network_ip={{ compute.bind.address }}
+{%- else %}
+control_network_ip={{ compute.interface.address }}
+{%- endif %}
[TOR]
+{%- if agent.ssl is not defined %}
# IP address of the TOR to manage
-tor_ip={{ tor.device.host }}
+tor_ip={{ agent.host }}
+{%- endif %}
# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ number }}
+tor_id={{ agent.id }}
# ToR management scheme is based on this type. Only supported value is "ovs"
tor_type=ovs
# OVS server port number on the ToR
-tor_ovs_port=6632
+tor_ovs_port={{ agent.port }}
# IP-Transport protocol used to connect to tor. Only supported value is "tcp"
+{%- if agent.ssl is defined %}
+tor_ovs_protocol=pssl
+{%- else %}
tor_ovs_protocol=tcp
+{%- endif %}
-tsn_ip={{ tor.interface.address }}
+tsn_ip={{ compute.interface.address }}
+tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
+{%- if agent.ssl is defined %}
+ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
+
+ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
+
+ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/3.0/contrail-vrouter-agent.conf b/opencontrail/files/3.0/contrail-vrouter-agent.conf
index c3f94d4..75bfd4d 100644
--- a/opencontrail/files/3.0/contrail-vrouter-agent.conf
+++ b/opencontrail/files/3.0/contrail-vrouter-agent.conf
@@ -81,7 +81,7 @@
# DHCP relay mode (true or false) to determine if a DHCP request in fabric
# interface with an unconfigured IP should be relayed or not
# dhcp_relay_mode=
-{%- if pillar.opencontrail.tor is defined %}
+{%- if compute.get('tor', {}).get('enabled', False) %}
agent_mode = tsn
{%- endif %}
diff --git a/opencontrail/files/3.0/tor/contrail-tor-agent.ini b/opencontrail/files/3.0/tor/contrail-tor-agent.ini
index 3443c3a..22a8918 100644
--- a/opencontrail/files/3.0/tor/contrail-tor-agent.ini
+++ b/opencontrail/files/3.0/tor/contrail-tor-agent.ini
@@ -1,14 +1,14 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
-
-[program:contrail-tor-agent-{{ number }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ number }}.conf
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+[program:contrail-tor-agent-{{ agent.id }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
priority=420
autostart=true
killasgroup=true
stopsignal=KILL
stdout_capture_maxbytes=1MB
redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ number }}-stdout.log
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
stderr_logfile=/dev/null
startsecs=5
exitcodes=0 ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/files/4.0/contrail-tor-agent.conf b/opencontrail/files/4.0/contrail-tor-agent.conf
index b239bc7..cc8c05d 100644
--- a/opencontrail/files/4.0/contrail-tor-agent.conf
+++ b/opencontrail/files/4.0/contrail-tor-agent.conf
@@ -1,7 +1,7 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
{%- from "opencontrail/map.jinja" import compute with context %}
-{%- set port = tor.bind.port + number %}
-#
+
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+{%- set port = compute.tor.bind.port + agent.id %}
# Vnswad configuration options
#
@@ -12,7 +12,7 @@
# server=10.0.0.1 10.0.0.2
[DEFAULT]
-agent_name={{ pillar.linux.system.name }}-{{ number }}
+agent_name={{ pillar.linux.system.name }}-{{ agent.id }}
# Everything in this section is optional
# IP address and port to be used to connect to collector. If these are not
@@ -34,7 +34,7 @@
# log_category=
# Local log file name
-log_file=/var/log/contrail/contrail-tor-agent-{{ number }}.log
+log_file=/var/log/contrail/contrail-tor-agent-{{ agent.id }}.log
# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
@@ -54,7 +54,7 @@
# headless_mode=
# Define agent mode. Only supported value is "tor"
- agent_mode=tor
+agent_mode=tor
# Http server port for inspecting vnswad state (useful for debugging)
@@ -70,24 +70,42 @@
[NETWORKS]
# control-channel IP address used by WEB-UI to connect to vnswad to fetch
# required information (Optional)
-control_network_ip={{ tor.control.address }}
+{%- if compute.bind is defined %}
+control_network_ip={{ compute.bind.address }}
+{%- else %}
+control_network_ip={{ compute.interface.address }}
+{%- endif %}
[TOR]
+{%- if agent.ssl is not defined %}
# IP address of the TOR to manage
-tor_ip={{ tor.device.host }}
+tor_ip={{ agent.host }}
+{%- endif %}
# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
-tor_id={{ number }}
+tor_id={{ agent.id }}
# ToR management scheme is based on this type. Only supported value is "ovs"
tor_type=ovs
# OVS server port number on the ToR
-tor_ovs_port=6632
+tor_ovs_port={{ agent.get('port', 6632) }}
# IP-Transport protocol used to connect to tor. Only supported value is "tcp"
+{%- if agent.ssl is defined %}
+tor_ovs_protocol=pssl
+{%- else %}
tor_ovs_protocol=tcp
+{%- endif %}
-tsn_ip={{ tor.interface.address }}
+tsn_ip={{ compute.interface.address }}
+tor_keepalive_interval={{ agent.get('tor_keepalive_interval', 10000) }}
+{%- if agent.ssl is defined %}
+ssl_cert={{ agent.ssl.get('cert', '/etc/contrail/ssl/certs/tor.crt') }}
+
+ssl_privkey={{ agent.ssl.get('key', '/etc/contrail/ssl/certs/tor.key') }}
+
+ssl_cacert={{ agent.ssl.get('ca', '/etc/contrail/ssl/certs/ca.crt') }}
+{%- endif %}
\ No newline at end of file
diff --git a/opencontrail/files/4.0/contrail-vrouter-agent.conf b/opencontrail/files/4.0/contrail-vrouter-agent.conf
index 94d170d..f23e22b 100644
--- a/opencontrail/files/4.0/contrail-vrouter-agent.conf
+++ b/opencontrail/files/4.0/contrail-vrouter-agent.conf
@@ -17,7 +17,7 @@
# Agent mode : can be vrouter / tsn / tor (default is vrouter)
# agent_mode=
-{%- if pillar.opencontrail.tor is defined %}
+{%- if compute.get('tor', {}).get('enabled', False) %}
agent_mode = tsn
{%- endif %}
diff --git a/opencontrail/files/4.0/tor/contrail-tor-agent.ini b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
index 3443c3a..22a8918 100644
--- a/opencontrail/files/4.0/tor/contrail-tor-agent.ini
+++ b/opencontrail/files/4.0/tor/contrail-tor-agent.ini
@@ -1,14 +1,14 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
-
-[program:contrail-tor-agent-{{ number }}]
-command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ number }}.conf
+{%- from "opencontrail/map.jinja" import compute with context %}
+{%- set agent = salt['pillar.get']('opencontrail:compute:tor:agent:'+agent_name) %}
+[program:contrail-tor-agent-{{ agent.id }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ agent.id }}.conf
priority=420
autostart=true
killasgroup=true
stopsignal=KILL
stdout_capture_maxbytes=1MB
redirect_stderr=true
-stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ number }}-stdout.log
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ agent.id }}-stdout.log
stderr_logfile=/dev/null
startsecs=5
exitcodes=0 ; 'expected' exit codes for process (default 0,2)
\ No newline at end of file
diff --git a/opencontrail/init.sls b/opencontrail/init.sls
index 863a72d..ee862a7 100644
--- a/opencontrail/init.sls
+++ b/opencontrail/init.sls
@@ -18,9 +18,6 @@
{% if pillar.opencontrail.web is defined %}
- opencontrail.web
{% endif %}
-{% if pillar.opencontrail.tor is defined %}
-- opencontrail.tor
-{% endif %}
{%- if pillar.opencontrail.client is defined %}
- opencontrail.client
{%- endif %}
diff --git a/opencontrail/map.jinja b/opencontrail/map.jinja
index e98c2f4..8c95fe0 100644
--- a/opencontrail/map.jinja
+++ b/opencontrail/map.jinja
@@ -107,11 +107,6 @@
RedHat:
pkgs:
[]
-tor:
- Debian:
- agents: 1
- bind:
- port: 8086
{%- elif vendor == 'juniper' -%}
@@ -220,11 +215,6 @@
RedHat:
pkgs:
[]
-tor:
- Debian:
- agents: 1
- bind:
- port: 8086
{%- endif %}
{%- endload %}
@@ -237,7 +227,6 @@
{% set database = salt['grains.filter_by'](base_defaults['database'], merge=salt['pillar.get']('opencontrail:database', {}), base='database') %}
{% set web = salt['grains.filter_by'](base_defaults['web'], merge=salt['pillar.get']('opencontrail:web', {}), base='web') %}
{% set client = salt['grains.filter_by'](base_defaults['client'], merge=salt['pillar.get']('opencontrail:client', {}), base='client') %}
-{% set tor = salt['grains.filter_by'](base_defaults['tor'], merge=salt['pillar.get']('opencontrail:tor', {}), base='tor') %}
{% set monitoring = salt['grains.filter_by']({
'default': {
diff --git a/opencontrail/tor.sls b/opencontrail/tor.sls
deleted file mode 100644
index f425087..0000000
--- a/opencontrail/tor.sls
+++ /dev/null
@@ -1,24 +0,0 @@
-{%- from "opencontrail/map.jinja" import tor with context %}
-{%- if tor.enabled %}
-
-include:
-- opencontrail.common
-
-{% for number in range(tor.agents) %}
-
-/etc/contrail/contrail-tor-agent-{{ number }}.conf:
- file.managed:
- - source: salt://opencontrail/files/{{ tor.version }}/contrail-tor-agent.conf
- - template: jinja
- - defaults:
- number: {{ number }}
-
-/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ number }}.ini:
- file.managed:
- - source: salt://opencontrail/files/{{ tor.version }}/tor/contrail-tor-agent.ini
- - template: jinja
- - defaults:
- number: {{ number }}
-
-{%- endfor %}
-{%- endif %}
\ No newline at end of file
diff --git a/tests/pillar/tor.sls b/tests/pillar/tor.sls
deleted file mode 100644
index 04ecba0..0000000
--- a/tests/pillar/tor.sls
+++ /dev/null
@@ -1,35 +0,0 @@
-opencontrail:
- common:
- version: 3.0
- identity:
- engine: keystone
- host: 127.0.0.1
- port: 35357
- token: token
- password: password
- network:
- engine: neutron
- host: 127.0.0.1
- port: 9696
- tor:
- enabled: true
- version: 3.0
- agents: 1
- control:
- address: 127.0.0.1
- interface:
- address: 127.0.0.1
- device:
- host: 127.0.0.1
- compute:
- enabled: true
- version: 3.0
- discovery:
- host: 127.0.0.1
- interface:
- address: 127.0.0.1
- dev: eth0
- gateway: 127.0.0.1
- mask: /24
- dns: 127.0.0.1
- mtu: 9000
diff --git a/tests/pillar/tor4_0.sls b/tests/pillar/tor4_0.sls
deleted file mode 100644
index 16b59fc..0000000
--- a/tests/pillar/tor4_0.sls
+++ /dev/null
@@ -1,43 +0,0 @@
-opencontrail:
- common:
- version: 4.0
- identity:
- engine: keystone
- host: 127.0.0.1
- port: 35357
- token: token
- password: password
- network:
- engine: neutron
- host: 127.0.0.1
- port: 9696
- tor:
- enabled: true
- version: 4.0
- agents: 1
- control:
- address: 127.0.0.1
- interface:
- address: 127.0.0.1
- device:
- host: 127.0.0.1
- compute:
- enabled: true
- version: 4.0
- collector:
- members:
- - host: 127.0.0.1
- - host: 127.0.0.1
- - host: 127.0.0.1
- control:
- members:
- - host: 127.0.0.1
- - host: 127.0.0.1
- - host: 127.0.0.1
- interface:
- address: 127.0.0.1
- dev: eth0
- gateway: 127.0.0.1
- mask: /24
- dns: 127.0.0.1
- mtu: 9000
diff --git a/tests/pillar/vrouter.sls b/tests/pillar/vrouter.sls
index 45418a0..13e05e5 100644
--- a/tests/pillar/vrouter.sls
+++ b/tests/pillar/vrouter.sls
@@ -25,3 +25,14 @@
mask: /24
dns: 127.0.0.1
mtu: 9000
+ tor:
+ enabled: true
+ bind:
+ port: 8086
+ agent:
+ tor01:
+ id: 0
+ address: 127.0.0.1
+ port: 6632
+ ssl:
+ enabled: True
\ No newline at end of file
diff --git a/tests/pillar/vrouter4_0.sls b/tests/pillar/vrouter4_0.sls
index c875642..f19ce4e 100644
--- a/tests/pillar/vrouter4_0.sls
+++ b/tests/pillar/vrouter4_0.sls
@@ -33,3 +33,14 @@
mask: /24
dns: 127.0.0.1
mtu: 9000
+ tor:
+ enabled: true
+ bind:
+ port: 8086
+ agent:
+ tor01:
+ id: 0
+ address: 127.0.0.1
+ port: 6632
+ ssl:
+ enabled: True