Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / opencontrail / 361c6125505354dd41d12a855ac21cc312772956 / . / README.rst
blob: 3507284261d6272b36e7f1eeaade9ead3f1344ba [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]1====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]5Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]12
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]13
Petr Michalec579e64d2017-03-24 12:54:29 +0100[diff] [blame]14Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]16
Petr Michalec579e64d2017-03-24 12:54:29 +0100[diff] [blame]17Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]36Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]37==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]39Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]89 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]92 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300[diff] [blame]105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
125 discovery:
126 host: 127.0.0.1
127 data_ttl: 2
128 database:
129 members:
130 - host: 127.0.0.1
131 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]132 message_queue:
133 members:
134 - host: 127.0.0.1
135 - host: 127.0.0.1
136 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]137 database:
138 version: 2.2
139 cassandra:
140 version: 2
141 enabled: true
142 minimum_disk: 10
143 name: 'Contrail'
144 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300[diff] [blame]145 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300[diff] [blame]146 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]147 data_dirs:
148 - /var/lib/cassandra
149 id: 1
150 discovery:
151 host: 127.0.0.1
152 bind:
153 host: 127.0.0.1
154 port: 9042
155 rpc_port: 9160
156 members:
157 - host: 127.0.0.1
158 id: 1
159 web:
160 version: 2.2
161 enabled: True
162 bind:
163 address: 127.0.0.1
164 analytics:
165 host: 127.0.0.1
166 master:
167 host: 127.0.0.1
168 cache:
169 engine: redis
170 host: 127.0.0.1
Gleb Ziminaa4f2742018-08-21 14:48:37 +0400[diff] [blame]171 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]172 port: 6379
173 members:
174 - host: 127.0.0.1
175 id: 1
176 identity:
177 engine: keystone
178 version: '2.0'
179 host: 127.0.0.1
180 port: 35357
181 user: admin
182 password: password
183 token: token
184 tenant: admin
185
186
187All-in-one cluster
188~~~~~~~~~~~~~~~~~~
189
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]190Config, control, analytics, database, web -- altogether, clustered on multiple
191nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]192
193.. code-block:: yaml
194
195 opencontrail:
196 common:
197 version: 2.2
198 source:
199 engine: pkg
200 address: http://mirror.robotice.cz/contrail-havana/
201 identity:
202 engine: keystone
203 host: 127.0.0.1
204 port: 35357
205 token: token
206 password: password
207 network:
208 engine: neutron
209 host: 127.0.0.1
210 port: 9696
211 config:
212 version: 2.2
213 enabled: true
214 network:
215 engine: neutron
216 host: 127.0.0.1
217 port: 9696
218 discovery:
219 host: 127.0.0.1
220 analytics:
221 host: 127.0.0.1
222 bind:
223 address: 127.0.0.1
224 message_queue:
225 engine: rabbitmq
226 host: 127.0.0.1
227 port: 5672
228 database:
229 members:
230 - host: 127.0.0.1
231 port: 9160
232 - host: 127.0.0.1
233 port: 9160
234 - host: 127.0.0.1
235 port: 9160
236 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]237 members:
238 - host: 127.0.0.1
239 port: 11211
240 - host: 127.0.0.1
241 port: 11211
242 - host: 127.0.0.1
243 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]244 identity:
245 engine: keystone
246 version: '2.0'
247 region: RegionOne
248 host: 127.0.0.1
249 port: 35357
250 user: admin
251 password: password
252 token: token
253 tenant: admin
254 members:
255 - host: 127.0.0.1
256 id: 1
257 - host: 127.0.0.1
258 id: 2
259 - host: 127.0.0.1
260 id: 3
261 control:
262 version: 2.2
263 enabled: true
264 bind:
265 address: 127.0.0.1
266 discovery:
267 host: 127.0.0.1
268 master:
269 host: 127.0.0.1
270 members:
271 - host: 127.0.0.1
272 id: 1
273 - host: 127.0.0.1
274 id: 2
275 - host: 127.0.0.1
276 id: 3
277 collector:
278 version: 2.2
279 enabled: true
280 bind:
281 address: 127.0.0.1
282 master:
283 host: 127.0.0.1
284 discovery:
285 host: 127.0.0.1
286 data_ttl: 1
287 database:
288 members:
289 - host: 127.0.0.1
290 port: 9160
291 - host: 127.0.0.1
292 port: 9160
293 - host: 127.0.0.1
294 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]295 message_queue:
296 members:
297 - host: 127.0.0.1
298 - host: 127.0.0.1
299 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]300 database:
301 version: 2.2
302 cassandra:
303 version: 2
304 enabled: true
305 name: 'Contrail'
306 minimum_disk: 10
307 original_token: 0
308 data_dirs:
309 - /var/lib/cassandra
310 id: 1
311 discovery:
312 host: 127.0.0.1
313 bind:
314 host: 127.0.0.1
315 port: 9042
316 rpc_port: 9160
317 members:
318 - host: 127.0.0.1
319 id: 1
320 - host: 127.0.0.1
321 id: 2
322 - host: 127.0.0.1
323 id: 3
324 web:
325 version: 2.2
326 enabled: True
327 bind:
328 address: 127.0.0.1
329 master:
330 host: 127.0.0.1
331 analytics:
332 host: 127.0.0.1
333 cache:
334 engine: redis
335 host: 127.0.0.1
Gleb Ziminaa4f2742018-08-21 14:48:37 +0400[diff] [blame]336 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]337 port: 6379
338 members:
339 - host: 127.0.0.1
340 id: 1
341 - host: 127.0.0.1
342 id: 2
343 - host: 127.0.0.1
344 id: 3
345 identity:
346 engine: keystone
347 version: '2.0'
348 host: 127.0.0.1
349 port: 35357
350 user: admin
351 password: password
352 token: token
353 tenant: admin
354
355
356Separated analytics from control and config
357~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
358
359Config, control, database, web.
360
361.. code-block:: yaml
362
363 opencontrail:
364 common:
365 version: 2.2
366 identity:
367 engine: keystone
368 host: 127.0.0.1
369 port: 35357
370 token: token
371 password: password
372 network:
373 engine: neutron
374 host: 127.0.0.1
375 port: 9696
376 config:
377 version: 2.2
378 enabled: true
379 network:
380 engine: neutron
381 host: 127.0.0.1
382 port: 9696
383 discovery:
384 host: 127.0.0.1
385 analytics:
386 host: 127.0.0.1
387 bind:
388 address: 127.0.0.1
389 message_queue:
390 engine: rabbitmq
391 host: 127.0.0.1
392 port: 5672
393 database:
394 members:
395 - host: 127.0.0.1
396 port: 9160
397 - host: 127.0.0.1
398 port: 9160
399 - host: 127.0.0.1
400 port: 9160
401 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]402 members:
403 - host: 127.0.0.1
404 port: 11211
405 - host: 127.0.0.1
406 port: 11211
407 - host: 127.0.0.1
408 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]409 identity:
410 engine: keystone
411 version: '2.0'
412 region: RegionOne
413 host: 127.0.0.1
414 port: 35357
415 user: admin
416 password: password
417 token: token
418 tenant: admin
419 members:
420 - host: 127.0.0.1
421 id: 1
422 - host: 127.0.0.1
423 id: 2
424 - host: 127.0.0.1
425 id: 3
426 control:
427 version: 2.2
428 enabled: true
429 bind:
430 address: 127.0.0.1
431 discovery:
432 host: 127.0.0.1
433 master:
434 host: 127.0.0.1
435 members:
436 - host: 127.0.0.1
437 id: 1
438 - host: 127.0.0.1
439 id: 2
440 - host: 127.0.0.1
441 id: 3
442 database:
443 version: 127.0.0.1
444 cassandra:
445 version: 2
446 enabled: true
447 name: 'Contrail'
448 minimum_disk: 10
449 original_token: 0
450 data_dirs:
451 - /var/lib/cassandra
452 id: 1
453 discovery:
454 host: 127.0.0.1
455 bind:
456 host: 127.0.0.1
457 port: 9042
458 rpc_port: 9160
459 members:
460 - host: 127.0.0.1
461 id: 1
462 - host: 127.0.0.1
463 id: 2
464 - host: 127.0.0.1
465 id: 3
466 web:
467 version: 2.2
468 enabled: True
469 bind:
470 address: 127.0.0.1
471 analytics:
472 host: 127.0.0.1
473 master:
474 host: 127.0.0.1
475 cache:
476 engine: redis
477 host: 127.0.0.1
Gleb Ziminaa4f2742018-08-21 14:48:37 +0400[diff] [blame]478 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]479 port: 6379
480 members:
481 - host: 127.0.0.1
482 id: 1
483 - host: 127.0.0.1
484 id: 2
485 - host: 127.0.0.1
486 id: 3
487 identity:
488 engine: keystone
489 version: '2.0'
490 host: 127.0.0.1
491 port: 35357
492 user: admin
493 password: password
494 token: token
495 tenant: admin
496
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]497Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]498
499Analytics and database on an analytic node(s)
500
501.. code-block:: yaml
502
503 opencontrail:
504 common:
505 version: 2.2
506 identity:
507 engine: keystone
508 host: 127.0.0.1
509 port: 35357
510 token: token
511 password: password
512 network:
513 engine: neutron
514 host: 127.0.0.1
515 port: 9696
516 collector:
517 version: 2.2
518 enabled: true
519 bind:
520 address: 127.0.0.1
521 master:
522 host: 127.0.0.1
523 discovery:
524 host: 127.0.0.1
525 data_ttl: 1
526 database:
527 members:
528 - host: 127.0.0.1
529 port: 9160
530 - host: 127.0.0.1
531 port: 9160
532 - host: 127.0.0.1
533 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]534 message_queue:
535 members:
536 - host: 127.0.0.1
537 - host: 127.0.0.1
538 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]539 database:
540 version: 2.2
541 cassandra:
542 version: 2
543 enabled: true
544 name: 'Contrail'
545 minimum_disk: 10
546 original_token: 0
547 data_dirs:
548 - /var/lib/cassandra
549 id: 1
550 discovery:
551 host: 127.0.0.1
552 bind:
553 host: 127.0.0.1
554 port: 9042
555 rpc_port: 9160
556 members:
557 - host: 127.0.0.1
558 id: 1
559 - host: 127.0.0.1
560 id: 2
561 - host: 127.0.0.1
562 id: 3
563
564
565Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]566-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]567
568Vrouter configuration on a compute node(s)
569
570.. code-block:: yaml
571
572 opencontrail:
573 common:
574 version: 2.2
575 identity:
576 engine: keystone
577 host: 127.0.0.1
578 port: 35357
579 token: token
580 password: password
581 network:
582 engine: neutron
583 host: 127.0.0.1
584 port: 9696
585 compute:
586 version: 2.2
587 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300[diff] [blame]588 hostname: node-12.domain.tld
Danysa144f292018-06-26 16:08:50 +0200[diff] [blame]589 flow_hold_limit: 0
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]590 discovery:
591 host: 127.0.0.1
592 interface:
593 address: 127.0.0.1
594 dev: eth0
595 gateway: 127.0.0.1
596 mask: /24
597 dns: 127.0.0.1
598 mtu: 9000
599
Petr Jediný5f3008a2017-07-31 15:04:05 +0200[diff] [blame]600
601Compute nodes with gateway_mode
602-------------------------------
603
604Gateway mode: can be server/ vcpe (default is none)
605
606.. code-block:: yaml
607
608 opencontrail:
609 compute:
610 gateway_mode: server
611
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]612TSN nodes
613---------
614
615Configure TSN nodes
616
617.. code-block:: yaml
618
619 opencontrail:
620 compute:
621 enabled: true
622 tor:
623 enabled: true
624 bind:
625 port: 8086
626 agent:
627 tor01:
628 id: 0
629 port: 6632
630 host: 127.0.0.1
631 address: 127.0.0.1
632
Petr Jediný5f3008a2017-07-31 15:04:05 +0200[diff] [blame]633
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]634Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]635--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]636
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]637In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]638instance metadata, metadata_proxy_secret in the Vrouter agent config
639should match the value in nova.conf. The administrator should define
640it in the pillar:
641
642.. code-block:: yaml
643
644 opencontrail:
645 compute:
646 metadata:
647 secret: opencontrail
648
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]649Add auth info for Barbican on compute nodes
650-------------------------------------------
651
652.. code-block:: yaml
653
654 opencontrail:
655 compute:
656 lbaas:
657 enabled: true
658 secret_manager:
659 engine: barbican
660 identity:
661 user: admin
662 password: "supersecretpassword123"
663 tenant: admin
664
665
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]666Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]667-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]668
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]669To enable support for keystone v3 in opencontrail, there must be defined
670version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]671
672.. code-block:: yaml
673
674 opencontrail:
675 config:
676 version: 2.2
677 enabled: true
678 ...
679 identity:
680 engine: keystone
681 version: '3'
682 ...
683
684 opencontrail:
685 web:
686 version: 2.2
687 enabled: true
688 ...
689 identity:
690 engine: keystone
691 version: '3'
692 ...
693
marco10cc2212016-04-03 14:21:54 +0200[diff] [blame]694Without Keystone
695----------------
696
697.. code-block:: yaml
698
699 opencontrail:
700 ...
701 common:
702 ...
703 identity:
704 engine: none
705 token: none
706 password: none
707 ...
708 config:
709 ...
710 identity:
711 engine: none
712 password: none
713 token: none
714 ...
715 web:
716 ...
717 identity:
718 engine: none
719 password: none
720 token: none
721 ...
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]722
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]723Kubernetes support
724------------------
725
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]726Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]727
728Vrouter configuration on a kubernetes node(s)
729
730.. code-block:: yaml
731
732 opencontrail:
733 ...
734 compute:
735 engine: kubernetes
736 ...
737
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100[diff] [blame]738vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100[diff] [blame]739
740Separate XMPP traffic from dataplane interface.
741
742.. code-block:: yaml
743
744 opencontrail:
745 compute:
746 bind:
747 address: 172.16.0.50
748 ...
749
Petr Jediný439fab32017-07-10 14:33:09 +0200[diff] [blame]750Override RPF default in Contrail API
751------------------------------------
752
753From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
754created virtual networks. This can be useful for usecases like running
755Calico and K8S in overlay. The `override_rpf_default_by` has valid values
756`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
757default - currently `enable`.
758
759.. code-block:: yaml
760
761 opencontrail:
762 ...
763 config:
764 override_rpf_default_by: 'disable'
765 ...
766
Petr Jediný01c18822017-11-15 12:30:53 +0100[diff] [blame]767Cassandra GC logging
768--------------------
769
770From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
771The behavior is controlled by `cassandra_gc_logging`. Valid values are
772'rotation' (default), 'legacy' and false.
773
774- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
775files automatically.
776- 'legacy' is a way to support older JDKs and you will need to handle logs by
777other means. This can be handled for example by using
778`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
779- false will disable the cassandra gc logging
780
781.. code-block:: yaml
782
783 opencontrail:
784 ...
785 database:
786 cassandra_gc_logging: false
787 ...
788
Petr Jediný439fab32017-07-10 14:33:09 +0200[diff] [blame]789
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]790Disable Contrail API authentication
791-----------------------------------
792
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]793Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]794
795.. code-block:: yaml
796
797 opencontrail:
798 ...
799 config:
800 multi_tenancy: false
801 ...
802
Marek Celoudae98c642018-01-31 12:43:42 +0100[diff] [blame]803Enable RBAC
804-----------
805
806
807.. code-block:: yaml
808
809 opencontrail:
810 ...
811 config:
812 aaa_mode: rbac
813 cloud_admin_role: admin
814 global_read_only_role: member
815 ...
816
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]817Switch from on demand to periodic keystone sync
818-----------------------------------------------
819
820This can be useful when you want to sync projects from OpenStack to Contrail
821automatically. The period of sync is 60s.
822
823.. code-block:: yaml
824
825 opencontrail:
826 ...
827 config:
828 identity:
829 sync_on_demand: false
830 ...
831
Petr Jediný03027902018-07-17 20:32:52 +0200[diff] [blame]832Cassandra listen configuration
833------------------------------
834
835Interface example:
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]836
837.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]838
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]839 database:
840 ....
841 bind:
842 interface: eth0
843 port: 9042
844 rpc_port: 9160
845 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]846
Petr Jediný03027902018-07-17 20:32:52 +0200[diff] [blame]847For running config and analytics db clusters on same hosts, you will need to
848change ports not to collide. The host is required.
849
850 database:
851 ....
852 bind:
853 host: 127.0.0.1
854 port: 9042
855 rpc_port: 9160
856 # for containers we need to move configdb to neighbouring ports
857 port_configdb: 9041
858 rpc_port_configdb: 9161
859 ....
860
861
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]862OpenContrail WebUI version >= 3.1.1
863-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]864For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]865
866For appropriate node at class level:
867
868.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]869
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]870 opencontrail:
871 ....
872 web:
873 database:
874 port: 9042
875 ....
876
877
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100[diff] [blame]878RabbitMQ HA hosts
879------------------
880
881.. code-block:: yaml
882
883 opencontrail:
884 config:
885 message_queue:
886 engine: rabbitmq
887 members:
888 - host: 10.0.16.1
889 - host: 10.0.16.2
890 - host: 10.0.16.3
891 port: 5672
892
893.. code-block:: yaml
894
895 database:
896 ....
897 bind:
898 interface: eth0
899 port: 9042
900 rpc_port: 9160
901 ....
902
Jakub Pavlike3590062017-02-20 23:32:57 +0100[diff] [blame]903DPDK vRouter
904-------------
905
906.. code-block:: yaml
907
908 opencontrail:
909 compute:
910 dpdk:
911 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100[diff] [blame]912 taskset: "0x0000003C00003C"
913 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100[diff] [blame]914 interface:
915 mac_address: 90:e2:ba:7c:22:e1
916 pci: 0000:81:00.1
917 ...
918
Petr Jedinýe9960762018-05-04 17:36:59 +0200[diff] [blame]919Increase number of contrail-api workers
920---------------------------------------
921
922.. code-block:: yaml
923
924 opencontrail:
925 ...
926 config:
927 api_workers: 3
928 ...
929
Marek Celouddbba7ed2017-12-07 10:36:24 +0100[diff] [blame]930Increase number of alarm-gen workers
931------------------------------------
932
933Port prefix will increment used ports by workers starting with 5901.
934
935.. code-block:: yaml
936
937 collector:
938 alarm_gen:
939 workers: 1
940 port_prefix: 59
941
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]942Contrail client
943---------------
944
945Basic parameters with identity and host configs
946
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]947.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]948
949 opencontrail:
950 client:
951 identity:
952 user: admin
953 project: admin
954 password: adminpass
955 host: keystone_host
956 config:
957 host: contrail_api_host
958 port: contrail_api_ort
959
960Enforcing virtual routers
961
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]962.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]963
964 opencontrail:
965 client:
966 ...
967 virtual_router:
968 cmp01:
969 ip_address: 172.16.0.11
970 dpdk_enabled: True
971 cmp02:
972 ip_address: 172.16.0.12
973 dpdk_enabled: True
974
psvimbersky3c84e272018-01-02 10:34:29 +0100[diff] [blame]975
976Enforcing global system config
977
978.. code-block:: yaml
979
980 opencontrail:
981 client:
982 ...
983 global_system_config:
984 name: default-global-system-config
985 asn: 64512
986 grp:
987 enable: true
988 restart_time: 60
989 end_of_rib_timeout: 30
990 bgp_helper_enable: false
991 xmpp_helper_enable: false
992 long_lived_restart_time: 300
993
994
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200[diff] [blame]995Enforcing global vrouter config
996
997.. code-block:: yaml
998
999 opencontrail:
1000 client:
1001 ...
1002 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +0100[diff] [blame]1003 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200[diff] [blame]1004 parent_type: global-system-config
1005 encap_priority: "MPLSoUDP,MPLSoGRE"
1006 vxlan_vn_id_mode: automatic
1007 fq_names:
1008 - 'default-global-system-config'
1009 - 'default-global-vrouter-config'
1010
psvimbersky3c84e272018-01-02 10:34:29 +0100[diff] [blame]1011
1012
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1013Enforcing control nodes
1014
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1015.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1016
1017 opencontrail:
1018 client:
1019 ...
1020 bgp_router:
1021 ntw01:
1022 type: control-node
1023 ip_address: 172.16.0.11
1024 nwt02:
1025 type: control-node
1026 ip_address: 172.16.0.12
1027 nwt03:
1028 type: control-node
1029 ip_address: 172.16.0.13
1030
1031
1032Enforcing edge BGP routers
1033
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1034.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1035
1036 opencontrail:
1037 client:
1038 ...
1039 bgp_router:
1040 mx01:
1041 type: router
1042 ip_address: 172.16.0.21
1043 asn: 64512
1044 mx02:
1045 type: router
1046 ip_address: 172.16.0.22
1047 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +0100[diff] [blame]1048 key_type: md5
1049 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1050
1051Enforcing config nodes
1052
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1053.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1054
1055 opencontrail:
1056 client:
1057 ...
1058 config_node:
1059 ctl01:
1060 ip_address: 172.16.0.21
1061 ctl02:
1062 ip_address: 172.16.0.22
1063
1064Enforcing database nodes
1065
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1066.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1067
1068 opencontrail:
1069 client:
1070 ...
1071 database_node:
1072 ntw01:
1073 ip_address: 172.16.0.21
1074 ntw02:
1075 ip_address: 172.16.0.22
1076
1077Enforcing analytics nodes
1078
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1079.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1080
1081 opencontrail:
1082 client:
1083 ...
1084 analytics_node:
1085 nal01:
1086 ip_address: 172.16.0.31
1087 nal02:
1088 ip_address: 172.16.0.32
1089
Petr Jediný5f3efe32017-05-26 17:55:09 +0200[diff] [blame]1090Enforcing Link Local Services
1091
1092.. code-block:: yaml
1093
1094 opencontrail:
1095 client:
1096 ...
1097 linklocal_service:
1098 # example with dns name address (only one permited)
1099 meta1:
1100 lls_ip: 10.0.0.23
1101 lls_port: 80
1102 ipf_addresses: "meta.example.com"
1103 ipf_port: 80
1104 # example with multiple ip addresses
1105 meta2:
1106 lls_ip: 10.0.0.23
1107 lls_port: 80
1108 ipf_addresses:
1109 - 10.10.10.10
1110 - 10.20.20.20
1111 - 10.30.30.30
1112 ipf_port: 80
1113 # example with one ip address
1114 meta3:
1115 lls_ip: 10.0.0.23
1116 lls_port: 80
1117 ipf_addresses:
1118 - 10.10.10.10
1119 ipf_port: 80
1120 # example with name override
1121 lls_meta4:
1122 name: meta4
1123 lls_ip: 10.0.0.23
1124 lls_port: 80
1125 ipf_addresses:
1126 - 10.10.10.10
1127 ipf_port: 80
1128
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1129
Michel Nederloff5bccda2017-11-20 13:31:38 +0100[diff] [blame]1130Configuring OpenStack default quotasx
1131
1132.. code-block:: yaml
1133 config:
1134 quota:
1135 network: 5
1136 subnet: 10
1137 router: 10
1138 floating_ip: 100
1139 secgroup: 1000
1140 secgroup_rule: 1000
1141 port: 1000
1142 pool: -1
1143 member: -1
1144 health_monitor: -1
1145 vip: -1
1146
1147Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +0200[diff] [blame]1148
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1149.. code-block:: yaml
1150
1151 opencontrail:
1152 client:
1153 ...
1154 physical_router:
1155 router1:
1156 name: router1
1157 dataplane_ip: 1.2.3.4
1158 management_ip: 1.2.3.4
1159 vendor_name: ovs
1160 product_name: ovs
1161 agents:
1162 - tsn0-0
1163 - tsn0
1164
1165Enforcing physical/logical interfaces for routers
1166
1167
1168.. code-block:: yaml
1169
1170 opencontrail
1171 client:
1172 ...
1173 physical_router:
1174 router1:
1175 ...
1176 interface:
1177 port1:
1178 name: port1
1179 logical_interface:
1180 port1_l:
1181 name: 'port1.0'
1182 vlan_tag: 0
1183 interface_type: L2
1184 virtual_machine_interface:
1185 port1_port:
1186 name: port1_port
1187 ip_address: 192.168.90.107
1188 mac_address: '2e:92:a8:af:c2:21'
1189 security_group: 'default'
1190 virtual_network: 'virtual-network'
1191
Jan Cachebfed1c2018-01-09 17:21:35 +0100[diff] [blame]1192Enforcing virtual networks
1193
1194
1195.. code-block:: yaml
1196
1197 opencontrail:
1198 client:
1199 virtual_networks:
1200 net01:
1201 name: 'network01'
1202 ip_address: '172.16.111.0'
1203 ip_prefix: 24
1204 asn: 64512
1205 route_target: 10000
1206 external: True
1207 allow_transit: False
1208 forwarding_mode: 'l2_l3'
1209 rpf: 'disable'
1210 mirror_destination: False
1211 domain: 'default-domain'
1212 project: 'admin'
1213 ipam_domain: 'default-domain'
1214 ipam_project: 'default-project'
1215 ipam_name: 'default-network-ipam'
1216 net02:
1217 name: 'network02'
1218 net03:
1219 name: 'network03'
1220
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1221
Jan Cachb3092722018-01-31 12:46:16 +0100[diff] [blame]1222Enforcing floating ip pool setings.
1223
1224Virtual network with flag external needs to be created before managing the floating ip pool.
1225Param vn_name is the name of the external network.
1226
1227.. code-block:: yaml
1228
1229 opencontrail:
1230 client:
1231 floating_ip_pools:
1232 pool1:
1233 vn_name: external-network
1234 vn_project: admin
1235 vn_domain: default-domain
1236 owner_access: 7
1237 global_access: 0
1238 list_of_projects:
1239 - [tenant1, 7]
1240 - [tenant2, 7]
1241 - [tenant3, 7]
1242 pool2:
1243 vn_name: floating-ips
1244 vn_project: admin
1245 vn_domain: default-domain
1246 owner_access: 7
1247 global_access: 0
1248 list_of_projects:
1249 - [tenant3, 7]
1250
1251
1252If you want to remove all shares from the ip floating pool, define only empty list in
1253list of projects, like this:
1254
1255.. code-block:: yaml
1256
1257 opencontrail:
1258 client:
1259 floating_ip_pools:
1260 pool1:
1261 vn_name: external-network
1262 vn_project: admin
1263 vn_domain: default-domain
1264 owner_access: 7
1265 global_access: 0
1266 list_of_projects: []
1267
1268
Michel Nederlof5364ab62017-12-11 15:02:25 +0100[diff] [blame]1269Contrail DNS custom forwarders
1270------------------------------
1271
1272By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1273This can have some side-affects, like resolving internal DNS entries on you public instances.
1274
1275In order to overrule this default set, you can configure nameservers using pillar data.
1276The formula is then responsible for configuring and generating a alternate resolv.conf file.
1277
1278Note: this has been patched recently in the Contrail distribution of Mirantis:
1279https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1280https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1281
1282
1283To change forwarders for the default-dns option (which is handled by compute nodes):
1284
1285.. code-block:: yaml
1286
1287 compute:
1288 ....
1289 dns:
1290 forwarders:
1291 - 8.8.8.8
1292 - 8.8.4.4
1293 ....
1294
1295To change forwarders for vDNS zones (handled by control nodes):
1296
1297.. code-block:: yaml
1298
1299 control:
1300 ....
1301 dns:
1302 forwarders:
1303 - 8.8.8.8
1304 - 8.8.4.4
1305 ....
1306
Petr Jediný04bed9b2018-05-03 19:44:10 +0200[diff] [blame]1307Contrail IF-MAP server configuration
1308------------------------------------
1309
1310Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1311by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1312``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1313same process as contrail-api and will generate security certificates in specified folder.
1314
1315.. code-block:: yaml
1316
1317 config:
1318 ....
1319 ifmap:
1320 engine: internal
1321 cert_dir: /etc/contrail/ssl/certs/ # default
1322 basename_cert: ifmap.crt # default
1323 basename_key: ifmap.key # default
1324 ....
1325
1326To set static configuration of the IF-MAP server for contrail-control instead of using
1327discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1328is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1329
1330.. code-block:: yaml
1331 control:
1332 ....
1333 ifmap
1334 bind:
1335 host: 127.0.0.1
1336 port: 8443
1337 ....
1338
1339
Michel Nederloff5bccda2017-11-20 13:31:38 +0100[diff] [blame]1340
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1341Usage
1342=====
1343
1344Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1345------------------
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1346
1347Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1348
1349.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1350
1351 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1352
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1353Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1354
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1355.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1356
1357 yum install contrail-vrouter contrail-openstack-vrouter
1358
1359 salt-call state.sls nova,opencontrail
1360
1361Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1362
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1363.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1364
1365 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1366
1367 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1368
1369 reboot
1370
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]1371Debugging
1372---------
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1373
1374Display vhost XMPP connection status
1375
1376You should see the correct controller_ip and state should be established.
1377
1378 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1379
1380Display vrouter interface status
1381
1382When vrf_name = ---ERROR--- then something goes wrong
1383
1384 http://<compute-node>:8085/Snh_ItfReq?name=
1385
1386Display IF MAP table
1387
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1388Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1389
1390 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1391
1392Trace XMPP requests
1393
1394 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
1395
Filip Pytlounf6b79d42017-02-02 13:02:03 +0100[diff] [blame]1396
1397Documentation and Bugs
1398======================
1399
1400To learn how to install and update salt-formulas, consult the documentation
1401available online at:
1402
1403 http://salt-formulas.readthedocs.io/
1404
1405In the unfortunate event that bugs are discovered, they should be reported to
1406the appropriate issue tracker. Use Github issue tracker for specific salt
1407formula:
1408
1409 https://github.com/salt-formulas/salt-formula-opencontrail/issues
1410
1411For feature requests, bug reports or blueprints affecting entire ecosystem,
1412use Launchpad salt-formulas project:
1413
1414 https://launchpad.net/salt-formulas
1415
1416You can also join salt-formulas-users team and subscribe to mailing list:
1417
1418 https://launchpad.net/~salt-formulas-users
1419
1420Developers wishing to work on the salt-formulas projects should always base
1421their work on master branch and submit pull request against specific formula.
1422
1423 https://github.com/salt-formulas/salt-formula-opencontrail
1424
1425Any questions or feedback is always welcome so feel free to join our IRC
1426channel:
1427
1428 #salt-formulas @ irc.freenode.net