blob: b308fe2784242d276e286ddd42b75de8d90b2852 [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +02001====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +02004
Jakub Pavlik01fe5372016-05-20 11:23:28 +02005Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +020012
Jiri Konecny463dee52016-03-03 11:08:46 +010013
Petr Michalec579e64d2017-03-24 12:54:29 +010014Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +020016
Petr Michalec579e64d2017-03-24 12:54:29 +010017Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +020036Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +020037==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +010039Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +020089 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +010092 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
125 discovery:
126 host: 127.0.0.1
127 data_ttl: 2
128 database:
129 members:
130 - host: 127.0.0.1
131 port: 9160
132 database:
133 version: 2.2
134 cassandra:
135 version: 2
136 enabled: true
137 minimum_disk: 10
138 name: 'Contrail'
139 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300140 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300141 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100142 data_dirs:
143 - /var/lib/cassandra
144 id: 1
145 discovery:
146 host: 127.0.0.1
147 bind:
148 host: 127.0.0.1
149 port: 9042
150 rpc_port: 9160
151 members:
152 - host: 127.0.0.1
153 id: 1
154 web:
155 version: 2.2
156 enabled: True
157 bind:
158 address: 127.0.0.1
159 analytics:
160 host: 127.0.0.1
161 master:
162 host: 127.0.0.1
163 cache:
164 engine: redis
165 host: 127.0.0.1
166 port: 6379
167 members:
168 - host: 127.0.0.1
169 id: 1
170 identity:
171 engine: keystone
172 version: '2.0'
173 host: 127.0.0.1
174 port: 35357
175 user: admin
176 password: password
177 token: token
178 tenant: admin
179
180
181All-in-one cluster
182~~~~~~~~~~~~~~~~~~
183
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200184Config, control, analytics, database, web -- altogether, clustered on multiple
185nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100186
187.. code-block:: yaml
188
189 opencontrail:
190 common:
191 version: 2.2
192 source:
193 engine: pkg
194 address: http://mirror.robotice.cz/contrail-havana/
195 identity:
196 engine: keystone
197 host: 127.0.0.1
198 port: 35357
199 token: token
200 password: password
201 network:
202 engine: neutron
203 host: 127.0.0.1
204 port: 9696
205 config:
206 version: 2.2
207 enabled: true
208 network:
209 engine: neutron
210 host: 127.0.0.1
211 port: 9696
212 discovery:
213 host: 127.0.0.1
214 analytics:
215 host: 127.0.0.1
216 bind:
217 address: 127.0.0.1
218 message_queue:
219 engine: rabbitmq
220 host: 127.0.0.1
221 port: 5672
222 database:
223 members:
224 - host: 127.0.0.1
225 port: 9160
226 - host: 127.0.0.1
227 port: 9160
228 - host: 127.0.0.1
229 port: 9160
230 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200231 members:
232 - host: 127.0.0.1
233 port: 11211
234 - host: 127.0.0.1
235 port: 11211
236 - host: 127.0.0.1
237 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100238 identity:
239 engine: keystone
240 version: '2.0'
241 region: RegionOne
242 host: 127.0.0.1
243 port: 35357
244 user: admin
245 password: password
246 token: token
247 tenant: admin
248 members:
249 - host: 127.0.0.1
250 id: 1
251 - host: 127.0.0.1
252 id: 2
253 - host: 127.0.0.1
254 id: 3
255 control:
256 version: 2.2
257 enabled: true
258 bind:
259 address: 127.0.0.1
260 discovery:
261 host: 127.0.0.1
262 master:
263 host: 127.0.0.1
264 members:
265 - host: 127.0.0.1
266 id: 1
267 - host: 127.0.0.1
268 id: 2
269 - host: 127.0.0.1
270 id: 3
271 collector:
272 version: 2.2
273 enabled: true
274 bind:
275 address: 127.0.0.1
276 master:
277 host: 127.0.0.1
278 discovery:
279 host: 127.0.0.1
280 data_ttl: 1
281 database:
282 members:
283 - host: 127.0.0.1
284 port: 9160
285 - host: 127.0.0.1
286 port: 9160
287 - host: 127.0.0.1
288 port: 9160
289 database:
290 version: 2.2
291 cassandra:
292 version: 2
293 enabled: true
294 name: 'Contrail'
295 minimum_disk: 10
296 original_token: 0
297 data_dirs:
298 - /var/lib/cassandra
299 id: 1
300 discovery:
301 host: 127.0.0.1
302 bind:
303 host: 127.0.0.1
304 port: 9042
305 rpc_port: 9160
306 members:
307 - host: 127.0.0.1
308 id: 1
309 - host: 127.0.0.1
310 id: 2
311 - host: 127.0.0.1
312 id: 3
313 web:
314 version: 2.2
315 enabled: True
316 bind:
317 address: 127.0.0.1
318 master:
319 host: 127.0.0.1
320 analytics:
321 host: 127.0.0.1
322 cache:
323 engine: redis
324 host: 127.0.0.1
325 port: 6379
326 members:
327 - host: 127.0.0.1
328 id: 1
329 - host: 127.0.0.1
330 id: 2
331 - host: 127.0.0.1
332 id: 3
333 identity:
334 engine: keystone
335 version: '2.0'
336 host: 127.0.0.1
337 port: 35357
338 user: admin
339 password: password
340 token: token
341 tenant: admin
342
343
344Separated analytics from control and config
345~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
346
347Config, control, database, web.
348
349.. code-block:: yaml
350
351 opencontrail:
352 common:
353 version: 2.2
354 identity:
355 engine: keystone
356 host: 127.0.0.1
357 port: 35357
358 token: token
359 password: password
360 network:
361 engine: neutron
362 host: 127.0.0.1
363 port: 9696
364 config:
365 version: 2.2
366 enabled: true
367 network:
368 engine: neutron
369 host: 127.0.0.1
370 port: 9696
371 discovery:
372 host: 127.0.0.1
373 analytics:
374 host: 127.0.0.1
375 bind:
376 address: 127.0.0.1
377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 database:
382 members:
383 - host: 127.0.0.1
384 port: 9160
385 - host: 127.0.0.1
386 port: 9160
387 - host: 127.0.0.1
388 port: 9160
389 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200390 members:
391 - host: 127.0.0.1
392 port: 11211
393 - host: 127.0.0.1
394 port: 11211
395 - host: 127.0.0.1
396 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100397 identity:
398 engine: keystone
399 version: '2.0'
400 region: RegionOne
401 host: 127.0.0.1
402 port: 35357
403 user: admin
404 password: password
405 token: token
406 tenant: admin
407 members:
408 - host: 127.0.0.1
409 id: 1
410 - host: 127.0.0.1
411 id: 2
412 - host: 127.0.0.1
413 id: 3
414 control:
415 version: 2.2
416 enabled: true
417 bind:
418 address: 127.0.0.1
419 discovery:
420 host: 127.0.0.1
421 master:
422 host: 127.0.0.1
423 members:
424 - host: 127.0.0.1
425 id: 1
426 - host: 127.0.0.1
427 id: 2
428 - host: 127.0.0.1
429 id: 3
430 database:
431 version: 127.0.0.1
432 cassandra:
433 version: 2
434 enabled: true
435 name: 'Contrail'
436 minimum_disk: 10
437 original_token: 0
438 data_dirs:
439 - /var/lib/cassandra
440 id: 1
441 discovery:
442 host: 127.0.0.1
443 bind:
444 host: 127.0.0.1
445 port: 9042
446 rpc_port: 9160
447 members:
448 - host: 127.0.0.1
449 id: 1
450 - host: 127.0.0.1
451 id: 2
452 - host: 127.0.0.1
453 id: 3
454 web:
455 version: 2.2
456 enabled: True
457 bind:
458 address: 127.0.0.1
459 analytics:
460 host: 127.0.0.1
461 master:
462 host: 127.0.0.1
463 cache:
464 engine: redis
465 host: 127.0.0.1
466 port: 6379
467 members:
468 - host: 127.0.0.1
469 id: 1
470 - host: 127.0.0.1
471 id: 2
472 - host: 127.0.0.1
473 id: 3
474 identity:
475 engine: keystone
476 version: '2.0'
477 host: 127.0.0.1
478 port: 35357
479 user: admin
480 password: password
481 token: token
482 tenant: admin
483
Jiri Konecny463dee52016-03-03 11:08:46 +0100484Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100485
486Analytics and database on an analytic node(s)
487
488.. code-block:: yaml
489
490 opencontrail:
491 common:
492 version: 2.2
493 identity:
494 engine: keystone
495 host: 127.0.0.1
496 port: 35357
497 token: token
498 password: password
499 network:
500 engine: neutron
501 host: 127.0.0.1
502 port: 9696
503 collector:
504 version: 2.2
505 enabled: true
506 bind:
507 address: 127.0.0.1
508 master:
509 host: 127.0.0.1
510 discovery:
511 host: 127.0.0.1
512 data_ttl: 1
513 database:
514 members:
515 - host: 127.0.0.1
516 port: 9160
517 - host: 127.0.0.1
518 port: 9160
519 - host: 127.0.0.1
520 port: 9160
521 database:
522 version: 2.2
523 cassandra:
524 version: 2
525 enabled: true
526 name: 'Contrail'
527 minimum_disk: 10
528 original_token: 0
529 data_dirs:
530 - /var/lib/cassandra
531 id: 1
532 discovery:
533 host: 127.0.0.1
534 bind:
535 host: 127.0.0.1
536 port: 9042
537 rpc_port: 9160
538 members:
539 - host: 127.0.0.1
540 id: 1
541 - host: 127.0.0.1
542 id: 2
543 - host: 127.0.0.1
544 id: 3
545
546
547Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200548-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100549
550Vrouter configuration on a compute node(s)
551
552.. code-block:: yaml
553
554 opencontrail:
555 common:
556 version: 2.2
557 identity:
558 engine: keystone
559 host: 127.0.0.1
560 port: 35357
561 token: token
562 password: password
563 network:
564 engine: neutron
565 host: 127.0.0.1
566 port: 9696
567 compute:
568 version: 2.2
569 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300570 hostname: node-12.domain.tld
Jiri Konecny463dee52016-03-03 11:08:46 +0100571 discovery:
572 host: 127.0.0.1
573 interface:
574 address: 127.0.0.1
575 dev: eth0
576 gateway: 127.0.0.1
577 mask: /24
578 dns: 127.0.0.1
579 mtu: 9000
580
Petr Jediný5f3008a2017-07-31 15:04:05 +0200581
582Compute nodes with gateway_mode
583-------------------------------
584
585Gateway mode: can be server/ vcpe (default is none)
586
587.. code-block:: yaml
588
589 opencontrail:
590 compute:
591 gateway_mode: server
592
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300593TSN nodes
594---------
595
596Configure TSN nodes
597
598.. code-block:: yaml
599
600 opencontrail:
601 compute:
602 enabled: true
603 tor:
604 enabled: true
605 bind:
606 port: 8086
607 agent:
608 tor01:
609 id: 0
610 port: 6632
611 host: 127.0.0.1
612 address: 127.0.0.1
613
Petr Jediný5f3008a2017-07-31 15:04:05 +0200614
Andreyeff77ac2017-08-25 12:14:06 -0500615Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200616--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500617
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200618In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500619instance metadata, metadata_proxy_secret in the Vrouter agent config
620should match the value in nova.conf. The administrator should define
621it in the pillar:
622
623.. code-block:: yaml
624
625 opencontrail:
626 compute:
627 metadata:
628 secret: opencontrail
629
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200630Add auth info for Barbican on compute nodes
631-------------------------------------------
632
633.. code-block:: yaml
634
635 opencontrail:
636 compute:
637 lbaas:
638 enabled: true
639 secret_manager:
640 engine: barbican
641 identity:
642 user: admin
643 password: "supersecretpassword123"
644 tenant: admin
645
646
Jakub Pavlik735005f2016-02-26 15:54:53 +0100647Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200648-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100649
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200650To enable support for keystone v3 in opencontrail, there must be defined
651version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100652
653.. code-block:: yaml
654
655 opencontrail:
656 config:
657 version: 2.2
658 enabled: true
659 ...
660 identity:
661 engine: keystone
662 version: '3'
663 ...
664
665 opencontrail:
666 web:
667 version: 2.2
668 enabled: true
669 ...
670 identity:
671 engine: keystone
672 version: '3'
673 ...
674
marco10cc2212016-04-03 14:21:54 +0200675Without Keystone
676----------------
677
678.. code-block:: yaml
679
680 opencontrail:
681 ...
682 common:
683 ...
684 identity:
685 engine: none
686 token: none
687 password: none
688 ...
689 config:
690 ...
691 identity:
692 engine: none
693 password: none
694 token: none
695 ...
696 web:
697 ...
698 identity:
699 engine: none
700 password: none
701 token: none
702 ...
marcof5461712016-04-04 20:49:36 +0200703
Aleš Komáreka3314b22017-04-11 13:46:06 +0200704Kubernetes support
705------------------
706
marcof5461712016-04-04 20:49:36 +0200707Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200708
709Vrouter configuration on a kubernetes node(s)
710
711.. code-block:: yaml
712
713 opencontrail:
714 ...
715 compute:
716 engine: kubernetes
717 ...
718
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100719vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100720
721Separate XMPP traffic from dataplane interface.
722
723.. code-block:: yaml
724
725 opencontrail:
726 compute:
727 bind:
728 address: 172.16.0.50
729 ...
730
Petr Jediný439fab32017-07-10 14:33:09 +0200731Override RPF default in Contrail API
732------------------------------------
733
734From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
735created virtual networks. This can be useful for usecases like running
736Calico and K8S in overlay. The `override_rpf_default_by` has valid values
737`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
738default - currently `enable`.
739
740.. code-block:: yaml
741
742 opencontrail:
743 ...
744 config:
745 override_rpf_default_by: 'disable'
746 ...
747
Petr Jediný01c18822017-11-15 12:30:53 +0100748Cassandra GC logging
749--------------------
750
751From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
752The behavior is controlled by `cassandra_gc_logging`. Valid values are
753'rotation' (default), 'legacy' and false.
754
755- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
756files automatically.
757- 'legacy' is a way to support older JDKs and you will need to handle logs by
758other means. This can be handled for example by using
759`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
760- false will disable the cassandra gc logging
761
762.. code-block:: yaml
763
764 opencontrail:
765 ...
766 database:
767 cassandra_gc_logging: false
768 ...
769
Petr Jediný439fab32017-07-10 14:33:09 +0200770
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200771Disable Contrail API authentication
772-----------------------------------
773
Petr Jediný78e6f422017-06-01 13:24:49 +0200774Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200775
776.. code-block:: yaml
777
778 opencontrail:
779 ...
780 config:
781 multi_tenancy: false
782 ...
783
Marek Celoudae98c642018-01-31 12:43:42 +0100784Enable RBAC
785-----------
786
787
788.. code-block:: yaml
789
790 opencontrail:
791 ...
792 config:
793 aaa_mode: rbac
794 cloud_admin_role: admin
795 global_read_only_role: member
796 ...
797
Petr Jediný78e6f422017-06-01 13:24:49 +0200798Switch from on demand to periodic keystone sync
799-----------------------------------------------
800
801This can be useful when you want to sync projects from OpenStack to Contrail
802automatically. The period of sync is 60s.
803
804.. code-block:: yaml
805
806 opencontrail:
807 ...
808 config:
809 identity:
810 sync_on_demand: false
811 ...
812
marco2502e052016-05-31 22:53:54 +0200813Cassandra listen interface
Petr Jedinýffbe2082017-03-07 00:56:47 +0100814--------------------------
marco2502e052016-05-31 22:53:54 +0200815
816.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300817
marco2502e052016-05-31 22:53:54 +0200818 database:
819 ....
820 bind:
821 interface: eth0
822 port: 9042
823 rpc_port: 9160
824 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200825
Petr Jedinýffbe2082017-03-07 00:56:47 +0100826OpenContrail WebUI version >= 3.1.1
827-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200828For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100829
830For appropriate node at class level:
831
832.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200833
Petr Jedinýffbe2082017-03-07 00:56:47 +0100834 opencontrail:
835 ....
836 web:
837 database:
838 port: 9042
839 ....
840
841
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100842RabbitMQ HA hosts
843------------------
844
845.. code-block:: yaml
846
847 opencontrail:
848 config:
849 message_queue:
850 engine: rabbitmq
851 members:
852 - host: 10.0.16.1
853 - host: 10.0.16.2
854 - host: 10.0.16.3
855 port: 5672
856
857.. code-block:: yaml
858
859 database:
860 ....
861 bind:
862 interface: eth0
863 port: 9042
864 rpc_port: 9160
865 ....
866
Jakub Pavlike3590062017-02-20 23:32:57 +0100867DPDK vRouter
868-------------
869
870.. code-block:: yaml
871
872 opencontrail:
873 compute:
874 dpdk:
875 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100876 taskset: "0x0000003C00003C"
877 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100878 interface:
879 mac_address: 90:e2:ba:7c:22:e1
880 pci: 0000:81:00.1
881 ...
882
Marek Celouddbba7ed2017-12-07 10:36:24 +0100883Increase number of alarm-gen workers
884------------------------------------
885
886Port prefix will increment used ports by workers starting with 5901.
887
888.. code-block:: yaml
889
890 collector:
891 alarm_gen:
892 workers: 1
893 port_prefix: 59
894
Ales Komarekad46d2e2017-03-09 17:16:38 +0100895Contrail client
896---------------
897
898Basic parameters with identity and host configs
899
Petr Jediný78e6f422017-06-01 13:24:49 +0200900.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100901
902 opencontrail:
903 client:
904 identity:
905 user: admin
906 project: admin
907 password: adminpass
908 host: keystone_host
909 config:
910 host: contrail_api_host
911 port: contrail_api_ort
912
913Enforcing virtual routers
914
Petr Jediný78e6f422017-06-01 13:24:49 +0200915.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100916
917 opencontrail:
918 client:
919 ...
920 virtual_router:
921 cmp01:
922 ip_address: 172.16.0.11
923 dpdk_enabled: True
924 cmp02:
925 ip_address: 172.16.0.12
926 dpdk_enabled: True
927
psvimbersky3c84e272018-01-02 10:34:29 +0100928
929Enforcing global system config
930
931.. code-block:: yaml
932
933 opencontrail:
934 client:
935 ...
936 global_system_config:
937 name: default-global-system-config
938 asn: 64512
939 grp:
940 enable: true
941 restart_time: 60
942 end_of_rib_timeout: 30
943 bgp_helper_enable: false
944 xmpp_helper_enable: false
945 long_lived_restart_time: 300
946
947
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200948Enforcing global vrouter config
949
950.. code-block:: yaml
951
952 opencontrail:
953 client:
954 ...
955 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +0100956 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200957 parent_type: global-system-config
958 encap_priority: "MPLSoUDP,MPLSoGRE"
959 vxlan_vn_id_mode: automatic
960 fq_names:
961 - 'default-global-system-config'
962 - 'default-global-vrouter-config'
963
psvimbersky3c84e272018-01-02 10:34:29 +0100964
965
Ales Komarekad46d2e2017-03-09 17:16:38 +0100966Enforcing control nodes
967
Petr Jediný78e6f422017-06-01 13:24:49 +0200968.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100969
970 opencontrail:
971 client:
972 ...
973 bgp_router:
974 ntw01:
975 type: control-node
976 ip_address: 172.16.0.11
977 nwt02:
978 type: control-node
979 ip_address: 172.16.0.12
980 nwt03:
981 type: control-node
982 ip_address: 172.16.0.13
983
984
985Enforcing edge BGP routers
986
Petr Jediný78e6f422017-06-01 13:24:49 +0200987.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100988
989 opencontrail:
990 client:
991 ...
992 bgp_router:
993 mx01:
994 type: router
995 ip_address: 172.16.0.21
996 asn: 64512
997 mx02:
998 type: router
999 ip_address: 172.16.0.22
1000 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +01001001 key_type: md5
1002 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +01001003
1004Enforcing config nodes
1005
Petr Jediný78e6f422017-06-01 13:24:49 +02001006.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001007
1008 opencontrail:
1009 client:
1010 ...
1011 config_node:
1012 ctl01:
1013 ip_address: 172.16.0.21
1014 ctl02:
1015 ip_address: 172.16.0.22
1016
1017Enforcing database nodes
1018
Petr Jediný78e6f422017-06-01 13:24:49 +02001019.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001020
1021 opencontrail:
1022 client:
1023 ...
1024 database_node:
1025 ntw01:
1026 ip_address: 172.16.0.21
1027 ntw02:
1028 ip_address: 172.16.0.22
1029
1030Enforcing analytics nodes
1031
Petr Jediný78e6f422017-06-01 13:24:49 +02001032.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001033
1034 opencontrail:
1035 client:
1036 ...
1037 analytics_node:
1038 nal01:
1039 ip_address: 172.16.0.31
1040 nal02:
1041 ip_address: 172.16.0.32
1042
Petr Jediný5f3efe32017-05-26 17:55:09 +02001043Enforcing Link Local Services
1044
1045.. code-block:: yaml
1046
1047 opencontrail:
1048 client:
1049 ...
1050 linklocal_service:
1051 # example with dns name address (only one permited)
1052 meta1:
1053 lls_ip: 10.0.0.23
1054 lls_port: 80
1055 ipf_addresses: "meta.example.com"
1056 ipf_port: 80
1057 # example with multiple ip addresses
1058 meta2:
1059 lls_ip: 10.0.0.23
1060 lls_port: 80
1061 ipf_addresses:
1062 - 10.10.10.10
1063 - 10.20.20.20
1064 - 10.30.30.30
1065 ipf_port: 80
1066 # example with one ip address
1067 meta3:
1068 lls_ip: 10.0.0.23
1069 lls_port: 80
1070 ipf_addresses:
1071 - 10.10.10.10
1072 ipf_port: 80
1073 # example with name override
1074 lls_meta4:
1075 name: meta4
1076 lls_ip: 10.0.0.23
1077 lls_port: 80
1078 ipf_addresses:
1079 - 10.10.10.10
1080 ipf_port: 80
1081
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001082
Michel Nederloff5bccda2017-11-20 13:31:38 +01001083Configuring OpenStack default quotasx
1084
1085.. code-block:: yaml
1086 config:
1087 quota:
1088 network: 5
1089 subnet: 10
1090 router: 10
1091 floating_ip: 100
1092 secgroup: 1000
1093 secgroup_rule: 1000
1094 port: 1000
1095 pool: -1
1096 member: -1
1097 health_monitor: -1
1098 vip: -1
1099
1100Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +02001101
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001102.. code-block:: yaml
1103
1104 opencontrail:
1105 client:
1106 ...
1107 physical_router:
1108 router1:
1109 name: router1
1110 dataplane_ip: 1.2.3.4
1111 management_ip: 1.2.3.4
1112 vendor_name: ovs
1113 product_name: ovs
1114 agents:
1115 - tsn0-0
1116 - tsn0
1117
1118Enforcing physical/logical interfaces for routers
1119
1120
1121.. code-block:: yaml
1122
1123 opencontrail
1124 client:
1125 ...
1126 physical_router:
1127 router1:
1128 ...
1129 interface:
1130 port1:
1131 name: port1
1132 logical_interface:
1133 port1_l:
1134 name: 'port1.0'
1135 vlan_tag: 0
1136 interface_type: L2
1137 virtual_machine_interface:
1138 port1_port:
1139 name: port1_port
1140 ip_address: 192.168.90.107
1141 mac_address: '2e:92:a8:af:c2:21'
1142 security_group: 'default'
1143 virtual_network: 'virtual-network'
1144
Jan Cachebfed1c2018-01-09 17:21:35 +01001145Enforcing virtual networks
1146
1147
1148.. code-block:: yaml
1149
1150 opencontrail:
1151 client:
1152 virtual_networks:
1153 net01:
1154 name: 'network01'
1155 ip_address: '172.16.111.0'
1156 ip_prefix: 24
1157 asn: 64512
1158 route_target: 10000
1159 external: True
1160 allow_transit: False
1161 forwarding_mode: 'l2_l3'
1162 rpf: 'disable'
1163 mirror_destination: False
1164 domain: 'default-domain'
1165 project: 'admin'
1166 ipam_domain: 'default-domain'
1167 ipam_project: 'default-project'
1168 ipam_name: 'default-network-ipam'
1169 net02:
1170 name: 'network02'
1171 net03:
1172 name: 'network03'
1173
Ales Komarekad46d2e2017-03-09 17:16:38 +01001174
Jan Cachb3092722018-01-31 12:46:16 +01001175Enforcing floating ip pool setings.
1176
1177Virtual network with flag external needs to be created before managing the floating ip pool.
1178Param vn_name is the name of the external network.
1179
1180.. code-block:: yaml
1181
1182 opencontrail:
1183 client:
1184 floating_ip_pools:
1185 pool1:
1186 vn_name: external-network
1187 vn_project: admin
1188 vn_domain: default-domain
1189 owner_access: 7
1190 global_access: 0
1191 list_of_projects:
1192 - [tenant1, 7]
1193 - [tenant2, 7]
1194 - [tenant3, 7]
1195 pool2:
1196 vn_name: floating-ips
1197 vn_project: admin
1198 vn_domain: default-domain
1199 owner_access: 7
1200 global_access: 0
1201 list_of_projects:
1202 - [tenant3, 7]
1203
1204
1205If you want to remove all shares from the ip floating pool, define only empty list in
1206list of projects, like this:
1207
1208.. code-block:: yaml
1209
1210 opencontrail:
1211 client:
1212 floating_ip_pools:
1213 pool1:
1214 vn_name: external-network
1215 vn_project: admin
1216 vn_domain: default-domain
1217 owner_access: 7
1218 global_access: 0
1219 list_of_projects: []
1220
1221
Michel Nederlof5364ab62017-12-11 15:02:25 +01001222Contrail DNS custom forwarders
1223------------------------------
1224
1225By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1226This can have some side-affects, like resolving internal DNS entries on you public instances.
1227
1228In order to overrule this default set, you can configure nameservers using pillar data.
1229The formula is then responsible for configuring and generating a alternate resolv.conf file.
1230
1231Note: this has been patched recently in the Contrail distribution of Mirantis:
1232https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1233https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1234
1235
1236To change forwarders for the default-dns option (which is handled by compute nodes):
1237
1238.. code-block:: yaml
1239
1240 compute:
1241 ....
1242 dns:
1243 forwarders:
1244 - 8.8.8.8
1245 - 8.8.4.4
1246 ....
1247
1248To change forwarders for vDNS zones (handled by control nodes):
1249
1250.. code-block:: yaml
1251
1252 control:
1253 ....
1254 dns:
1255 forwarders:
1256 - 8.8.8.8
1257 - 8.8.4.4
1258 ....
1259
Petr Jediný04bed9b2018-05-03 19:44:10 +02001260Contrail IF-MAP server configuration
1261------------------------------------
1262
1263Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1264by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1265``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1266same process as contrail-api and will generate security certificates in specified folder.
1267
1268.. code-block:: yaml
1269
1270 config:
1271 ....
1272 ifmap:
1273 engine: internal
1274 cert_dir: /etc/contrail/ssl/certs/ # default
1275 basename_cert: ifmap.crt # default
1276 basename_key: ifmap.key # default
1277 ....
1278
1279To set static configuration of the IF-MAP server for contrail-control instead of using
1280discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1281is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1282
1283.. code-block:: yaml
1284 control:
1285 ....
1286 ifmap
1287 bind:
1288 host: 127.0.0.1
1289 port: 8443
1290 ....
1291
1292
Michel Nederloff5bccda2017-11-20 13:31:38 +01001293
Filip Pytloun27930402015-10-06 16:28:32 +02001294Usage
1295=====
1296
1297Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +01001298------------------
Filip Pytloun27930402015-10-06 16:28:32 +02001299
1300Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +01001301
1302.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001303
1304 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1305
Ales Komarekad46d2e2017-03-09 17:16:38 +01001306Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +02001307
Ales Komarekad46d2e2017-03-09 17:16:38 +01001308.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001309
1310 yum install contrail-vrouter contrail-openstack-vrouter
1311
1312 salt-call state.sls nova,opencontrail
1313
1314Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +02001315
Ales Komarekad46d2e2017-03-09 17:16:38 +01001316.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001317
1318 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1319
1320 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1321
1322 reboot
1323
Aleš Komáreka3314b22017-04-11 13:46:06 +02001324Debugging
1325---------
Filip Pytloun27930402015-10-06 16:28:32 +02001326
1327Display vhost XMPP connection status
1328
1329You should see the correct controller_ip and state should be established.
1330
1331 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1332
1333Display vrouter interface status
1334
1335When vrf_name = ---ERROR--- then something goes wrong
1336
1337 http://<compute-node>:8085/Snh_ItfReq?name=
1338
1339Display IF MAP table
1340
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001341Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +02001342
1343 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1344
1345Trace XMPP requests
1346
1347 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
1348
Filip Pytlounf6b79d42017-02-02 13:02:03 +01001349
1350Documentation and Bugs
1351======================
1352
1353To learn how to install and update salt-formulas, consult the documentation
1354available online at:
1355
1356 http://salt-formulas.readthedocs.io/
1357
1358In the unfortunate event that bugs are discovered, they should be reported to
1359the appropriate issue tracker. Use Github issue tracker for specific salt
1360formula:
1361
1362 https://github.com/salt-formulas/salt-formula-opencontrail/issues
1363
1364For feature requests, bug reports or blueprints affecting entire ecosystem,
1365use Launchpad salt-formulas project:
1366
1367 https://launchpad.net/salt-formulas
1368
1369You can also join salt-formulas-users team and subscribe to mailing list:
1370
1371 https://launchpad.net/~salt-formulas-users
1372
1373Developers wishing to work on the salt-formulas projects should always base
1374their work on master branch and submit pull request against specific formula.
1375
1376 https://github.com/salt-formulas/salt-formula-opencontrail
1377
1378Any questions or feedback is always welcome so feel free to join our IRC
1379channel:
1380
1381 #salt-formulas @ irc.freenode.net