Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / opencontrail / 27521c16561d1219a5900f5b1077160d3675e5cf / . / README.rst
blob: c8724e41d13ceec13c3f9dabb6333be4348b689e [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]1====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]5Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]12
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]13
Petr Michalec579e64d2017-03-24 12:54:29 +0100[diff] [blame]14Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]16
Petr Michalec579e64d2017-03-24 12:54:29 +0100[diff] [blame]17Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]36Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]37==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]39Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]89 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]92 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300[diff] [blame]105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400[diff] [blame^]125 contrail_cache:
126 engine: redis
127 host: 127.0.0.1
128 port: 6379
129 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]130 discovery:
131 host: 127.0.0.1
132 data_ttl: 2
133 database:
134 members:
135 - host: 127.0.0.1
136 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]137 message_queue:
138 members:
139 - host: 127.0.0.1
140 - host: 127.0.0.1
141 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]142 database:
143 version: 2.2
144 cassandra:
145 version: 2
146 enabled: true
147 minimum_disk: 10
148 name: 'Contrail'
149 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300[diff] [blame]150 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300[diff] [blame]151 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]152 data_dirs:
153 - /var/lib/cassandra
154 id: 1
155 discovery:
156 host: 127.0.0.1
157 bind:
158 host: 127.0.0.1
159 port: 9042
160 rpc_port: 9160
161 members:
162 - host: 127.0.0.1
163 id: 1
164 web:
165 version: 2.2
166 enabled: True
167 bind:
168 address: 127.0.0.1
169 analytics:
170 host: 127.0.0.1
171 master:
172 host: 127.0.0.1
173 cache:
174 engine: redis
175 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400[diff] [blame^]176 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]177 port: 6379
178 members:
179 - host: 127.0.0.1
180 id: 1
181 identity:
182 engine: keystone
183 version: '2.0'
184 host: 127.0.0.1
185 port: 35357
186 user: admin
187 password: password
188 token: token
189 tenant: admin
190
191
192All-in-one cluster
193~~~~~~~~~~~~~~~~~~
194
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]195Config, control, analytics, database, web -- altogether, clustered on multiple
196nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]197
198.. code-block:: yaml
199
200 opencontrail:
201 common:
202 version: 2.2
203 source:
204 engine: pkg
205 address: http://mirror.robotice.cz/contrail-havana/
206 identity:
207 engine: keystone
208 host: 127.0.0.1
209 port: 35357
210 token: token
211 password: password
212 network:
213 engine: neutron
214 host: 127.0.0.1
215 port: 9696
216 config:
217 version: 2.2
218 enabled: true
219 network:
220 engine: neutron
221 host: 127.0.0.1
222 port: 9696
223 discovery:
224 host: 127.0.0.1
225 analytics:
226 host: 127.0.0.1
227 bind:
228 address: 127.0.0.1
229 message_queue:
230 engine: rabbitmq
231 host: 127.0.0.1
232 port: 5672
233 database:
234 members:
235 - host: 127.0.0.1
236 port: 9160
237 - host: 127.0.0.1
238 port: 9160
239 - host: 127.0.0.1
240 port: 9160
241 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]242 members:
243 - host: 127.0.0.1
244 port: 11211
245 - host: 127.0.0.1
246 port: 11211
247 - host: 127.0.0.1
248 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]249 identity:
250 engine: keystone
251 version: '2.0'
252 region: RegionOne
253 host: 127.0.0.1
254 port: 35357
255 user: admin
256 password: password
257 token: token
258 tenant: admin
259 members:
260 - host: 127.0.0.1
261 id: 1
262 - host: 127.0.0.1
263 id: 2
264 - host: 127.0.0.1
265 id: 3
266 control:
267 version: 2.2
268 enabled: true
269 bind:
270 address: 127.0.0.1
271 discovery:
272 host: 127.0.0.1
273 master:
274 host: 127.0.0.1
275 members:
276 - host: 127.0.0.1
277 id: 1
278 - host: 127.0.0.1
279 id: 2
280 - host: 127.0.0.1
281 id: 3
282 collector:
283 version: 2.2
284 enabled: true
285 bind:
286 address: 127.0.0.1
287 master:
288 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400[diff] [blame^]289 contrail_cache:
290 engine: redis
291 host: 127.0.0.1
292 port: 6379
293 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]294 discovery:
295 host: 127.0.0.1
296 data_ttl: 1
297 database:
298 members:
299 - host: 127.0.0.1
300 port: 9160
301 - host: 127.0.0.1
302 port: 9160
303 - host: 127.0.0.1
304 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]305 message_queue:
306 members:
307 - host: 127.0.0.1
308 - host: 127.0.0.1
309 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]310 database:
311 version: 2.2
312 cassandra:
313 version: 2
314 enabled: true
315 name: 'Contrail'
316 minimum_disk: 10
317 original_token: 0
318 data_dirs:
319 - /var/lib/cassandra
320 id: 1
321 discovery:
322 host: 127.0.0.1
323 bind:
324 host: 127.0.0.1
325 port: 9042
326 rpc_port: 9160
327 members:
328 - host: 127.0.0.1
329 id: 1
330 - host: 127.0.0.1
331 id: 2
332 - host: 127.0.0.1
333 id: 3
334 web:
335 version: 2.2
336 enabled: True
337 bind:
338 address: 127.0.0.1
339 master:
340 host: 127.0.0.1
341 analytics:
342 host: 127.0.0.1
343 cache:
344 engine: redis
345 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400[diff] [blame^]346 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]347 port: 6379
348 members:
349 - host: 127.0.0.1
350 id: 1
351 - host: 127.0.0.1
352 id: 2
353 - host: 127.0.0.1
354 id: 3
355 identity:
356 engine: keystone
357 version: '2.0'
358 host: 127.0.0.1
359 port: 35357
360 user: admin
361 password: password
362 token: token
363 tenant: admin
364
365
366Separated analytics from control and config
367~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
368
369Config, control, database, web.
370
371.. code-block:: yaml
372
373 opencontrail:
374 common:
375 version: 2.2
376 identity:
377 engine: keystone
378 host: 127.0.0.1
379 port: 35357
380 token: token
381 password: password
382 network:
383 engine: neutron
384 host: 127.0.0.1
385 port: 9696
386 config:
387 version: 2.2
388 enabled: true
389 network:
390 engine: neutron
391 host: 127.0.0.1
392 port: 9696
393 discovery:
394 host: 127.0.0.1
395 analytics:
396 host: 127.0.0.1
397 bind:
398 address: 127.0.0.1
399 message_queue:
400 engine: rabbitmq
401 host: 127.0.0.1
402 port: 5672
403 database:
404 members:
405 - host: 127.0.0.1
406 port: 9160
407 - host: 127.0.0.1
408 port: 9160
409 - host: 127.0.0.1
410 port: 9160
411 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]412 members:
413 - host: 127.0.0.1
414 port: 11211
415 - host: 127.0.0.1
416 port: 11211
417 - host: 127.0.0.1
418 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]419 identity:
420 engine: keystone
421 version: '2.0'
422 region: RegionOne
423 host: 127.0.0.1
424 port: 35357
425 user: admin
426 password: password
427 token: token
428 tenant: admin
429 members:
430 - host: 127.0.0.1
431 id: 1
432 - host: 127.0.0.1
433 id: 2
434 - host: 127.0.0.1
435 id: 3
436 control:
437 version: 2.2
438 enabled: true
439 bind:
440 address: 127.0.0.1
441 discovery:
442 host: 127.0.0.1
443 master:
444 host: 127.0.0.1
445 members:
446 - host: 127.0.0.1
447 id: 1
448 - host: 127.0.0.1
449 id: 2
450 - host: 127.0.0.1
451 id: 3
452 database:
453 version: 127.0.0.1
454 cassandra:
455 version: 2
456 enabled: true
457 name: 'Contrail'
458 minimum_disk: 10
459 original_token: 0
460 data_dirs:
461 - /var/lib/cassandra
462 id: 1
463 discovery:
464 host: 127.0.0.1
465 bind:
466 host: 127.0.0.1
467 port: 9042
468 rpc_port: 9160
469 members:
470 - host: 127.0.0.1
471 id: 1
472 - host: 127.0.0.1
473 id: 2
474 - host: 127.0.0.1
475 id: 3
476 web:
477 version: 2.2
478 enabled: True
479 bind:
480 address: 127.0.0.1
481 analytics:
482 host: 127.0.0.1
483 master:
484 host: 127.0.0.1
485 cache:
486 engine: redis
487 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400[diff] [blame^]488 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]489 port: 6379
490 members:
491 - host: 127.0.0.1
492 id: 1
493 - host: 127.0.0.1
494 id: 2
495 - host: 127.0.0.1
496 id: 3
497 identity:
498 engine: keystone
499 version: '2.0'
500 host: 127.0.0.1
501 port: 35357
502 user: admin
503 password: password
504 token: token
505 tenant: admin
506
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]507Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]508
509Analytics and database on an analytic node(s)
510
511.. code-block:: yaml
512
513 opencontrail:
514 common:
515 version: 2.2
516 identity:
517 engine: keystone
518 host: 127.0.0.1
519 port: 35357
520 token: token
521 password: password
522 network:
523 engine: neutron
524 host: 127.0.0.1
525 port: 9696
526 collector:
527 version: 2.2
528 enabled: true
529 bind:
530 address: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400[diff] [blame^]531 contrail_cache:
532 engine: redis
533 host: 127.0.0.1
534 password: guest
535 port: 6379
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]536 master:
537 host: 127.0.0.1
538 discovery:
539 host: 127.0.0.1
540 data_ttl: 1
541 database:
542 members:
543 - host: 127.0.0.1
544 port: 9160
545 - host: 127.0.0.1
546 port: 9160
547 - host: 127.0.0.1
548 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]549 message_queue:
550 members:
551 - host: 127.0.0.1
552 - host: 127.0.0.1
553 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]554 database:
555 version: 2.2
556 cassandra:
557 version: 2
558 enabled: true
559 name: 'Contrail'
560 minimum_disk: 10
561 original_token: 0
562 data_dirs:
563 - /var/lib/cassandra
564 id: 1
565 discovery:
566 host: 127.0.0.1
567 bind:
568 host: 127.0.0.1
569 port: 9042
570 rpc_port: 9160
571 members:
572 - host: 127.0.0.1
573 id: 1
574 - host: 127.0.0.1
575 id: 2
576 - host: 127.0.0.1
577 id: 3
578
579
580Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]581-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]582
583Vrouter configuration on a compute node(s)
584
585.. code-block:: yaml
586
587 opencontrail:
588 common:
589 version: 2.2
590 identity:
591 engine: keystone
592 host: 127.0.0.1
593 port: 35357
594 token: token
595 password: password
596 network:
597 engine: neutron
598 host: 127.0.0.1
599 port: 9696
600 compute:
601 version: 2.2
602 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300[diff] [blame]603 hostname: node-12.domain.tld
Danysa144f292018-06-26 16:08:50 +0200[diff] [blame]604 flow_hold_limit: 0
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]605 discovery:
606 host: 127.0.0.1
607 interface:
608 address: 127.0.0.1
609 dev: eth0
610 gateway: 127.0.0.1
611 mask: /24
612 dns: 127.0.0.1
613 mtu: 9000
614
Petr Jediný5f3008a2017-07-31 15:04:05 +0200[diff] [blame]615
616Compute nodes with gateway_mode
617-------------------------------
618
619Gateway mode: can be server/ vcpe (default is none)
620
621.. code-block:: yaml
622
623 opencontrail:
624 compute:
625 gateway_mode: server
626
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]627TSN nodes
628---------
629
630Configure TSN nodes
631
632.. code-block:: yaml
633
634 opencontrail:
635 compute:
636 enabled: true
637 tor:
638 enabled: true
639 bind:
640 port: 8086
641 agent:
642 tor01:
643 id: 0
644 port: 6632
645 host: 127.0.0.1
646 address: 127.0.0.1
647
Petr Jediný5f3008a2017-07-31 15:04:05 +0200[diff] [blame]648
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]649Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]650--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]651
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]652In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]653instance metadata, metadata_proxy_secret in the Vrouter agent config
654should match the value in nova.conf. The administrator should define
655it in the pillar:
656
657.. code-block:: yaml
658
659 opencontrail:
660 compute:
661 metadata:
662 secret: opencontrail
663
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]664Add auth info for Barbican on compute nodes
665-------------------------------------------
666
667.. code-block:: yaml
668
669 opencontrail:
670 compute:
671 lbaas:
672 enabled: true
673 secret_manager:
674 engine: barbican
675 identity:
676 user: admin
677 password: "supersecretpassword123"
678 tenant: admin
679
680
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]681Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]682-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]683
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]684To enable support for keystone v3 in opencontrail, there must be defined
685version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]686
687.. code-block:: yaml
688
689 opencontrail:
690 config:
691 version: 2.2
692 enabled: true
693 ...
694 identity:
695 engine: keystone
696 version: '3'
697 ...
698
699 opencontrail:
700 web:
701 version: 2.2
702 enabled: true
703 ...
704 identity:
705 engine: keystone
706 version: '3'
707 ...
708
marco10cc2212016-04-03 14:21:54 +0200[diff] [blame]709Without Keystone
710----------------
711
712.. code-block:: yaml
713
714 opencontrail:
715 ...
716 common:
717 ...
718 identity:
719 engine: none
720 token: none
721 password: none
722 ...
723 config:
724 ...
725 identity:
726 engine: none
727 password: none
728 token: none
729 ...
730 web:
731 ...
732 identity:
733 engine: none
734 password: none
735 token: none
736 ...
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]737
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]738Kubernetes support
739------------------
740
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]741Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]742
743Vrouter configuration on a kubernetes node(s)
744
745.. code-block:: yaml
746
747 opencontrail:
748 ...
749 compute:
750 engine: kubernetes
751 ...
752
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100[diff] [blame]753vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100[diff] [blame]754
755Separate XMPP traffic from dataplane interface.
756
757.. code-block:: yaml
758
759 opencontrail:
760 compute:
761 bind:
762 address: 172.16.0.50
763 ...
764
Petr Jediný439fab32017-07-10 14:33:09 +0200[diff] [blame]765Override RPF default in Contrail API
766------------------------------------
767
768From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
769created virtual networks. This can be useful for usecases like running
770Calico and K8S in overlay. The `override_rpf_default_by` has valid values
771`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
772default - currently `enable`.
773
774.. code-block:: yaml
775
776 opencontrail:
777 ...
778 config:
779 override_rpf_default_by: 'disable'
780 ...
781
Petr Jediný01c18822017-11-15 12:30:53 +0100[diff] [blame]782Cassandra GC logging
783--------------------
784
785From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
786The behavior is controlled by `cassandra_gc_logging`. Valid values are
787'rotation' (default), 'legacy' and false.
788
789- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
790files automatically.
791- 'legacy' is a way to support older JDKs and you will need to handle logs by
792other means. This can be handled for example by using
793`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
794- false will disable the cassandra gc logging
795
796.. code-block:: yaml
797
798 opencontrail:
799 ...
800 database:
801 cassandra_gc_logging: false
802 ...
803
Petr Jediný439fab32017-07-10 14:33:09 +0200[diff] [blame]804
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]805Disable Contrail API authentication
806-----------------------------------
807
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]808Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]809
810.. code-block:: yaml
811
812 opencontrail:
813 ...
814 config:
815 multi_tenancy: false
816 ...
817
Marek Celoudae98c642018-01-31 12:43:42 +0100[diff] [blame]818Enable RBAC
819-----------
820
821
822.. code-block:: yaml
823
824 opencontrail:
825 ...
826 config:
827 aaa_mode: rbac
828 cloud_admin_role: admin
829 global_read_only_role: member
830 ...
831
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]832Switch from on demand to periodic keystone sync
833-----------------------------------------------
834
835This can be useful when you want to sync projects from OpenStack to Contrail
836automatically. The period of sync is 60s.
837
838.. code-block:: yaml
839
840 opencontrail:
841 ...
842 config:
843 identity:
844 sync_on_demand: false
845 ...
846
Petr Jediný03027902018-07-17 20:32:52 +0200[diff] [blame]847Cassandra listen configuration
848------------------------------
849
850Interface example:
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]851
852.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]853
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]854 database:
855 ....
856 bind:
857 interface: eth0
858 port: 9042
859 rpc_port: 9160
860 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]861
Petr Jediný03027902018-07-17 20:32:52 +0200[diff] [blame]862For running config and analytics db clusters on same hosts, you will need to
863change ports not to collide. The host is required.
864
865 database:
866 ....
867 bind:
868 host: 127.0.0.1
869 port: 9042
870 rpc_port: 9160
871 # for containers we need to move configdb to neighbouring ports
872 port_configdb: 9041
873 rpc_port_configdb: 9161
874 ....
875
876
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]877OpenContrail WebUI version >= 3.1.1
878-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]879For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]880
881For appropriate node at class level:
882
883.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]884
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]885 opencontrail:
886 ....
887 web:
888 database:
889 port: 9042
890 ....
891
892
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100[diff] [blame]893RabbitMQ HA hosts
894------------------
895
896.. code-block:: yaml
897
898 opencontrail:
899 config:
900 message_queue:
901 engine: rabbitmq
902 members:
903 - host: 10.0.16.1
904 - host: 10.0.16.2
905 - host: 10.0.16.3
906 port: 5672
907
908.. code-block:: yaml
909
910 database:
911 ....
912 bind:
913 interface: eth0
914 port: 9042
915 rpc_port: 9160
916 ....
917
Jakub Pavlike3590062017-02-20 23:32:57 +0100[diff] [blame]918DPDK vRouter
919-------------
920
921.. code-block:: yaml
922
923 opencontrail:
924 compute:
925 dpdk:
926 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100[diff] [blame]927 taskset: "0x0000003C00003C"
928 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100[diff] [blame]929 interface:
930 mac_address: 90:e2:ba:7c:22:e1
931 pci: 0000:81:00.1
932 ...
933
Petr Jedinýe9960762018-05-04 17:36:59 +0200[diff] [blame]934Increase number of contrail-api workers
935---------------------------------------
936
937.. code-block:: yaml
938
939 opencontrail:
940 ...
941 config:
942 api_workers: 3
943 ...
944
Marek Celouddbba7ed2017-12-07 10:36:24 +0100[diff] [blame]945Increase number of alarm-gen workers
946------------------------------------
947
948Port prefix will increment used ports by workers starting with 5901.
949
950.. code-block:: yaml
951
952 collector:
953 alarm_gen:
954 workers: 1
955 port_prefix: 59
956
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]957Contrail client
958---------------
959
960Basic parameters with identity and host configs
961
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]962.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]963
964 opencontrail:
965 client:
966 identity:
967 user: admin
968 project: admin
969 password: adminpass
970 host: keystone_host
971 config:
972 host: contrail_api_host
973 port: contrail_api_ort
974
975Enforcing virtual routers
976
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]977.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]978
979 opencontrail:
980 client:
981 ...
982 virtual_router:
983 cmp01:
984 ip_address: 172.16.0.11
985 dpdk_enabled: True
986 cmp02:
987 ip_address: 172.16.0.12
988 dpdk_enabled: True
989
psvimbersky3c84e272018-01-02 10:34:29 +0100[diff] [blame]990
991Enforcing global system config
992
993.. code-block:: yaml
994
995 opencontrail:
996 client:
997 ...
998 global_system_config:
999 name: default-global-system-config
1000 asn: 64512
1001 grp:
1002 enable: true
1003 restart_time: 60
1004 end_of_rib_timeout: 30
1005 bgp_helper_enable: false
1006 xmpp_helper_enable: false
1007 long_lived_restart_time: 300
1008
1009
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200[diff] [blame]1010Enforcing global vrouter config
1011
1012.. code-block:: yaml
1013
1014 opencontrail:
1015 client:
1016 ...
1017 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +0100[diff] [blame]1018 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200[diff] [blame]1019 parent_type: global-system-config
1020 encap_priority: "MPLSoUDP,MPLSoGRE"
1021 vxlan_vn_id_mode: automatic
1022 fq_names:
1023 - 'default-global-system-config'
1024 - 'default-global-vrouter-config'
1025
psvimbersky3c84e272018-01-02 10:34:29 +0100[diff] [blame]1026
1027
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1028Enforcing control nodes
1029
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1030.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1031
1032 opencontrail:
1033 client:
1034 ...
1035 bgp_router:
1036 ntw01:
1037 type: control-node
1038 ip_address: 172.16.0.11
1039 nwt02:
1040 type: control-node
1041 ip_address: 172.16.0.12
1042 nwt03:
1043 type: control-node
1044 ip_address: 172.16.0.13
1045
1046
1047Enforcing edge BGP routers
1048
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1049.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1050
1051 opencontrail:
1052 client:
1053 ...
1054 bgp_router:
1055 mx01:
1056 type: router
1057 ip_address: 172.16.0.21
1058 asn: 64512
1059 mx02:
1060 type: router
1061 ip_address: 172.16.0.22
1062 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +0100[diff] [blame]1063 key_type: md5
1064 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1065
1066Enforcing config nodes
1067
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1068.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1069
1070 opencontrail:
1071 client:
1072 ...
1073 config_node:
1074 ctl01:
1075 ip_address: 172.16.0.21
1076 ctl02:
1077 ip_address: 172.16.0.22
1078
1079Enforcing database nodes
1080
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1081.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1082
1083 opencontrail:
1084 client:
1085 ...
1086 database_node:
1087 ntw01:
1088 ip_address: 172.16.0.21
1089 ntw02:
1090 ip_address: 172.16.0.22
1091
1092Enforcing analytics nodes
1093
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1094.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1095
1096 opencontrail:
1097 client:
1098 ...
1099 analytics_node:
1100 nal01:
1101 ip_address: 172.16.0.31
1102 nal02:
1103 ip_address: 172.16.0.32
1104
Petr Jediný5f3efe32017-05-26 17:55:09 +0200[diff] [blame]1105Enforcing Link Local Services
1106
1107.. code-block:: yaml
1108
1109 opencontrail:
1110 client:
1111 ...
1112 linklocal_service:
1113 # example with dns name address (only one permited)
1114 meta1:
1115 lls_ip: 10.0.0.23
1116 lls_port: 80
1117 ipf_addresses: "meta.example.com"
1118 ipf_port: 80
1119 # example with multiple ip addresses
1120 meta2:
1121 lls_ip: 10.0.0.23
1122 lls_port: 80
1123 ipf_addresses:
1124 - 10.10.10.10
1125 - 10.20.20.20
1126 - 10.30.30.30
1127 ipf_port: 80
1128 # example with one ip address
1129 meta3:
1130 lls_ip: 10.0.0.23
1131 lls_port: 80
1132 ipf_addresses:
1133 - 10.10.10.10
1134 ipf_port: 80
1135 # example with name override
1136 lls_meta4:
1137 name: meta4
1138 lls_ip: 10.0.0.23
1139 lls_port: 80
1140 ipf_addresses:
1141 - 10.10.10.10
1142 ipf_port: 80
1143
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1144
Michel Nederloff5bccda2017-11-20 13:31:38 +0100[diff] [blame]1145Configuring OpenStack default quotasx
1146
1147.. code-block:: yaml
1148 config:
1149 quota:
1150 network: 5
1151 subnet: 10
1152 router: 10
1153 floating_ip: 100
1154 secgroup: 1000
1155 secgroup_rule: 1000
1156 port: 1000
1157 pool: -1
1158 member: -1
1159 health_monitor: -1
1160 vip: -1
1161
1162Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +0200[diff] [blame]1163
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1164.. code-block:: yaml
1165
1166 opencontrail:
1167 client:
1168 ...
1169 physical_router:
1170 router1:
1171 name: router1
1172 dataplane_ip: 1.2.3.4
1173 management_ip: 1.2.3.4
1174 vendor_name: ovs
1175 product_name: ovs
1176 agents:
1177 - tsn0-0
1178 - tsn0
1179
1180Enforcing physical/logical interfaces for routers
1181
1182
1183.. code-block:: yaml
1184
1185 opencontrail
1186 client:
1187 ...
1188 physical_router:
1189 router1:
1190 ...
1191 interface:
1192 port1:
1193 name: port1
1194 logical_interface:
1195 port1_l:
1196 name: 'port1.0'
1197 vlan_tag: 0
1198 interface_type: L2
1199 virtual_machine_interface:
1200 port1_port:
1201 name: port1_port
1202 ip_address: 192.168.90.107
1203 mac_address: '2e:92:a8:af:c2:21'
1204 security_group: 'default'
1205 virtual_network: 'virtual-network'
1206
Jan Cachebfed1c2018-01-09 17:21:35 +0100[diff] [blame]1207Enforcing virtual networks
1208
1209
1210.. code-block:: yaml
1211
1212 opencontrail:
1213 client:
1214 virtual_networks:
1215 net01:
1216 name: 'network01'
1217 ip_address: '172.16.111.0'
1218 ip_prefix: 24
1219 asn: 64512
1220 route_target: 10000
1221 external: True
1222 allow_transit: False
1223 forwarding_mode: 'l2_l3'
1224 rpf: 'disable'
1225 mirror_destination: False
1226 domain: 'default-domain'
1227 project: 'admin'
1228 ipam_domain: 'default-domain'
1229 ipam_project: 'default-project'
1230 ipam_name: 'default-network-ipam'
1231 net02:
1232 name: 'network02'
1233 net03:
1234 name: 'network03'
1235
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1236
Jan Cachb3092722018-01-31 12:46:16 +0100[diff] [blame]1237Enforcing floating ip pool setings.
1238
1239Virtual network with flag external needs to be created before managing the floating ip pool.
1240Param vn_name is the name of the external network.
1241
1242.. code-block:: yaml
1243
1244 opencontrail:
1245 client:
1246 floating_ip_pools:
1247 pool1:
1248 vn_name: external-network
1249 vn_project: admin
1250 vn_domain: default-domain
1251 owner_access: 7
1252 global_access: 0
1253 list_of_projects:
1254 - [tenant1, 7]
1255 - [tenant2, 7]
1256 - [tenant3, 7]
1257 pool2:
1258 vn_name: floating-ips
1259 vn_project: admin
1260 vn_domain: default-domain
1261 owner_access: 7
1262 global_access: 0
1263 list_of_projects:
1264 - [tenant3, 7]
1265
1266
1267If you want to remove all shares from the ip floating pool, define only empty list in
1268list of projects, like this:
1269
1270.. code-block:: yaml
1271
1272 opencontrail:
1273 client:
1274 floating_ip_pools:
1275 pool1:
1276 vn_name: external-network
1277 vn_project: admin
1278 vn_domain: default-domain
1279 owner_access: 7
1280 global_access: 0
1281 list_of_projects: []
1282
1283
Michel Nederlof5364ab62017-12-11 15:02:25 +0100[diff] [blame]1284Contrail DNS custom forwarders
1285------------------------------
1286
1287By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1288This can have some side-affects, like resolving internal DNS entries on you public instances.
1289
1290In order to overrule this default set, you can configure nameservers using pillar data.
1291The formula is then responsible for configuring and generating a alternate resolv.conf file.
1292
1293Note: this has been patched recently in the Contrail distribution of Mirantis:
1294https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1295https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1296
1297
1298To change forwarders for the default-dns option (which is handled by compute nodes):
1299
1300.. code-block:: yaml
1301
1302 compute:
1303 ....
1304 dns:
1305 forwarders:
1306 - 8.8.8.8
1307 - 8.8.4.4
1308 ....
1309
1310To change forwarders for vDNS zones (handled by control nodes):
1311
1312.. code-block:: yaml
1313
1314 control:
1315 ....
1316 dns:
1317 forwarders:
1318 - 8.8.8.8
1319 - 8.8.4.4
1320 ....
1321
Petr Jediný04bed9b2018-05-03 19:44:10 +0200[diff] [blame]1322Contrail IF-MAP server configuration
1323------------------------------------
1324
1325Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1326by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1327``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1328same process as contrail-api and will generate security certificates in specified folder.
1329
1330.. code-block:: yaml
1331
1332 config:
1333 ....
1334 ifmap:
1335 engine: internal
1336 cert_dir: /etc/contrail/ssl/certs/ # default
1337 basename_cert: ifmap.crt # default
1338 basename_key: ifmap.key # default
1339 ....
1340
1341To set static configuration of the IF-MAP server for contrail-control instead of using
1342discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1343is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1344
1345.. code-block:: yaml
1346 control:
1347 ....
1348 ifmap
1349 bind:
1350 host: 127.0.0.1
1351 port: 8443
1352 ....
1353
1354
Michel Nederloff5bccda2017-11-20 13:31:38 +0100[diff] [blame]1355
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1356Usage
1357=====
1358
1359Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1360------------------
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1361
1362Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1363
1364.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1365
1366 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1367
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1368Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1369
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1370.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1371
1372 yum install contrail-vrouter contrail-openstack-vrouter
1373
1374 salt-call state.sls nova,opencontrail
1375
1376Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1377
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1378.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1379
1380 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1381
1382 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1383
1384 reboot
1385
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]1386Debugging
1387---------
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1388
1389Display vhost XMPP connection status
1390
1391You should see the correct controller_ip and state should be established.
1392
1393 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1394
1395Display vrouter interface status
1396
1397When vrf_name = ---ERROR--- then something goes wrong
1398
1399 http://<compute-node>:8085/Snh_ItfReq?name=
1400
1401Display IF MAP table
1402
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1403Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1404
1405 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1406
1407Trace XMPP requests
1408
1409 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
1410
Filip Pytlounf6b79d42017-02-02 13:02:03 +0100[diff] [blame]1411
1412Documentation and Bugs
1413======================
1414
1415To learn how to install and update salt-formulas, consult the documentation
1416available online at:
1417
1418 http://salt-formulas.readthedocs.io/
1419
1420In the unfortunate event that bugs are discovered, they should be reported to
1421the appropriate issue tracker. Use Github issue tracker for specific salt
1422formula:
1423
1424 https://github.com/salt-formulas/salt-formula-opencontrail/issues
1425
1426For feature requests, bug reports or blueprints affecting entire ecosystem,
1427use Launchpad salt-formulas project:
1428
1429 https://launchpad.net/salt-formulas
1430
1431You can also join salt-formulas-users team and subscribe to mailing list:
1432
1433 https://launchpad.net/~salt-formulas-users
1434
1435Developers wishing to work on the salt-formulas projects should always base
1436their work on master branch and submit pull request against specific formula.
1437
1438 https://github.com/salt-formulas/salt-formula-opencontrail
1439
1440Any questions or feedback is always welcome so feel free to join our IRC
1441channel:
1442
1443 #salt-formulas @ irc.freenode.net