blob: f672f8fec84115e4fc2278832c0c7736e3da536f [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +02001====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +02004
Jakub Pavlik01fe5372016-05-20 11:23:28 +02005Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +020012
Jiri Konecny463dee52016-03-03 11:08:46 +010013
Petr Michalec579e64d2017-03-24 12:54:29 +010014Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +020016
Petr Michalec579e64d2017-03-24 12:54:29 +010017Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +020036Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +020037==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +010039Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +020089 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +010092 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
125 discovery:
126 host: 127.0.0.1
127 data_ttl: 2
128 database:
129 members:
130 - host: 127.0.0.1
131 port: 9160
132 database:
133 version: 2.2
134 cassandra:
135 version: 2
136 enabled: true
137 minimum_disk: 10
138 name: 'Contrail'
139 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300140 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300141 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100142 data_dirs:
143 - /var/lib/cassandra
144 id: 1
145 discovery:
146 host: 127.0.0.1
147 bind:
148 host: 127.0.0.1
149 port: 9042
150 rpc_port: 9160
151 members:
152 - host: 127.0.0.1
153 id: 1
154 web:
155 version: 2.2
156 enabled: True
157 bind:
158 address: 127.0.0.1
159 analytics:
160 host: 127.0.0.1
161 master:
162 host: 127.0.0.1
163 cache:
164 engine: redis
165 host: 127.0.0.1
166 port: 6379
167 members:
168 - host: 127.0.0.1
169 id: 1
170 identity:
171 engine: keystone
172 version: '2.0'
173 host: 127.0.0.1
174 port: 35357
175 user: admin
176 password: password
177 token: token
178 tenant: admin
179
180
181All-in-one cluster
182~~~~~~~~~~~~~~~~~~
183
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200184Config, control, analytics, database, web -- altogether, clustered on multiple
185nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100186
187.. code-block:: yaml
188
189 opencontrail:
190 common:
191 version: 2.2
192 source:
193 engine: pkg
194 address: http://mirror.robotice.cz/contrail-havana/
195 identity:
196 engine: keystone
197 host: 127.0.0.1
198 port: 35357
199 token: token
200 password: password
201 network:
202 engine: neutron
203 host: 127.0.0.1
204 port: 9696
205 config:
206 version: 2.2
207 enabled: true
208 network:
209 engine: neutron
210 host: 127.0.0.1
211 port: 9696
212 discovery:
213 host: 127.0.0.1
214 analytics:
215 host: 127.0.0.1
216 bind:
217 address: 127.0.0.1
218 message_queue:
219 engine: rabbitmq
220 host: 127.0.0.1
221 port: 5672
222 database:
223 members:
224 - host: 127.0.0.1
225 port: 9160
226 - host: 127.0.0.1
227 port: 9160
228 - host: 127.0.0.1
229 port: 9160
230 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200231 members:
232 - host: 127.0.0.1
233 port: 11211
234 - host: 127.0.0.1
235 port: 11211
236 - host: 127.0.0.1
237 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100238 identity:
239 engine: keystone
240 version: '2.0'
241 region: RegionOne
242 host: 127.0.0.1
243 port: 35357
244 user: admin
245 password: password
246 token: token
247 tenant: admin
248 members:
249 - host: 127.0.0.1
250 id: 1
251 - host: 127.0.0.1
252 id: 2
253 - host: 127.0.0.1
254 id: 3
255 control:
256 version: 2.2
257 enabled: true
258 bind:
259 address: 127.0.0.1
260 discovery:
261 host: 127.0.0.1
262 master:
263 host: 127.0.0.1
264 members:
265 - host: 127.0.0.1
266 id: 1
267 - host: 127.0.0.1
268 id: 2
269 - host: 127.0.0.1
270 id: 3
271 collector:
272 version: 2.2
273 enabled: true
274 bind:
275 address: 127.0.0.1
276 master:
277 host: 127.0.0.1
278 discovery:
279 host: 127.0.0.1
280 data_ttl: 1
281 database:
282 members:
283 - host: 127.0.0.1
284 port: 9160
285 - host: 127.0.0.1
286 port: 9160
287 - host: 127.0.0.1
288 port: 9160
289 database:
290 version: 2.2
291 cassandra:
292 version: 2
293 enabled: true
294 name: 'Contrail'
295 minimum_disk: 10
296 original_token: 0
297 data_dirs:
298 - /var/lib/cassandra
299 id: 1
300 discovery:
301 host: 127.0.0.1
302 bind:
303 host: 127.0.0.1
304 port: 9042
305 rpc_port: 9160
306 members:
307 - host: 127.0.0.1
308 id: 1
309 - host: 127.0.0.1
310 id: 2
311 - host: 127.0.0.1
312 id: 3
313 web:
314 version: 2.2
315 enabled: True
316 bind:
317 address: 127.0.0.1
318 master:
319 host: 127.0.0.1
320 analytics:
321 host: 127.0.0.1
322 cache:
323 engine: redis
324 host: 127.0.0.1
325 port: 6379
326 members:
327 - host: 127.0.0.1
328 id: 1
329 - host: 127.0.0.1
330 id: 2
331 - host: 127.0.0.1
332 id: 3
333 identity:
334 engine: keystone
335 version: '2.0'
336 host: 127.0.0.1
337 port: 35357
338 user: admin
339 password: password
340 token: token
341 tenant: admin
342
343
344Separated analytics from control and config
345~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
346
347Config, control, database, web.
348
349.. code-block:: yaml
350
351 opencontrail:
352 common:
353 version: 2.2
354 identity:
355 engine: keystone
356 host: 127.0.0.1
357 port: 35357
358 token: token
359 password: password
360 network:
361 engine: neutron
362 host: 127.0.0.1
363 port: 9696
364 config:
365 version: 2.2
366 enabled: true
367 network:
368 engine: neutron
369 host: 127.0.0.1
370 port: 9696
371 discovery:
372 host: 127.0.0.1
373 analytics:
374 host: 127.0.0.1
375 bind:
376 address: 127.0.0.1
377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 database:
382 members:
383 - host: 127.0.0.1
384 port: 9160
385 - host: 127.0.0.1
386 port: 9160
387 - host: 127.0.0.1
388 port: 9160
389 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200390 members:
391 - host: 127.0.0.1
392 port: 11211
393 - host: 127.0.0.1
394 port: 11211
395 - host: 127.0.0.1
396 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100397 identity:
398 engine: keystone
399 version: '2.0'
400 region: RegionOne
401 host: 127.0.0.1
402 port: 35357
403 user: admin
404 password: password
405 token: token
406 tenant: admin
407 members:
408 - host: 127.0.0.1
409 id: 1
410 - host: 127.0.0.1
411 id: 2
412 - host: 127.0.0.1
413 id: 3
414 control:
415 version: 2.2
416 enabled: true
417 bind:
418 address: 127.0.0.1
419 discovery:
420 host: 127.0.0.1
421 master:
422 host: 127.0.0.1
423 members:
424 - host: 127.0.0.1
425 id: 1
426 - host: 127.0.0.1
427 id: 2
428 - host: 127.0.0.1
429 id: 3
430 database:
431 version: 127.0.0.1
432 cassandra:
433 version: 2
434 enabled: true
435 name: 'Contrail'
436 minimum_disk: 10
437 original_token: 0
438 data_dirs:
439 - /var/lib/cassandra
440 id: 1
441 discovery:
442 host: 127.0.0.1
443 bind:
444 host: 127.0.0.1
445 port: 9042
446 rpc_port: 9160
447 members:
448 - host: 127.0.0.1
449 id: 1
450 - host: 127.0.0.1
451 id: 2
452 - host: 127.0.0.1
453 id: 3
454 web:
455 version: 2.2
456 enabled: True
457 bind:
458 address: 127.0.0.1
459 analytics:
460 host: 127.0.0.1
461 master:
462 host: 127.0.0.1
463 cache:
464 engine: redis
465 host: 127.0.0.1
466 port: 6379
467 members:
468 - host: 127.0.0.1
469 id: 1
470 - host: 127.0.0.1
471 id: 2
472 - host: 127.0.0.1
473 id: 3
474 identity:
475 engine: keystone
476 version: '2.0'
477 host: 127.0.0.1
478 port: 35357
479 user: admin
480 password: password
481 token: token
482 tenant: admin
483
Jiri Konecny463dee52016-03-03 11:08:46 +0100484Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100485
486Analytics and database on an analytic node(s)
487
488.. code-block:: yaml
489
490 opencontrail:
491 common:
492 version: 2.2
493 identity:
494 engine: keystone
495 host: 127.0.0.1
496 port: 35357
497 token: token
498 password: password
499 network:
500 engine: neutron
501 host: 127.0.0.1
502 port: 9696
503 collector:
504 version: 2.2
505 enabled: true
506 bind:
507 address: 127.0.0.1
508 master:
509 host: 127.0.0.1
510 discovery:
511 host: 127.0.0.1
512 data_ttl: 1
513 database:
514 members:
515 - host: 127.0.0.1
516 port: 9160
517 - host: 127.0.0.1
518 port: 9160
519 - host: 127.0.0.1
520 port: 9160
521 database:
522 version: 2.2
523 cassandra:
524 version: 2
525 enabled: true
526 name: 'Contrail'
527 minimum_disk: 10
528 original_token: 0
529 data_dirs:
530 - /var/lib/cassandra
531 id: 1
532 discovery:
533 host: 127.0.0.1
534 bind:
535 host: 127.0.0.1
536 port: 9042
537 rpc_port: 9160
538 members:
539 - host: 127.0.0.1
540 id: 1
541 - host: 127.0.0.1
542 id: 2
543 - host: 127.0.0.1
544 id: 3
545
546
547Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200548-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100549
550Vrouter configuration on a compute node(s)
551
552.. code-block:: yaml
553
554 opencontrail:
555 common:
556 version: 2.2
557 identity:
558 engine: keystone
559 host: 127.0.0.1
560 port: 35357
561 token: token
562 password: password
563 network:
564 engine: neutron
565 host: 127.0.0.1
566 port: 9696
567 compute:
568 version: 2.2
569 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300570 hostname: node-12.domain.tld
Jiri Konecny463dee52016-03-03 11:08:46 +0100571 discovery:
572 host: 127.0.0.1
573 interface:
574 address: 127.0.0.1
575 dev: eth0
576 gateway: 127.0.0.1
577 mask: /24
578 dns: 127.0.0.1
579 mtu: 9000
580
Petr Jediný5f3008a2017-07-31 15:04:05 +0200581
582Compute nodes with gateway_mode
583-------------------------------
584
585Gateway mode: can be server/ vcpe (default is none)
586
587.. code-block:: yaml
588
589 opencontrail:
590 compute:
591 gateway_mode: server
592
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300593TSN nodes
594---------
595
596Configure TSN nodes
597
598.. code-block:: yaml
599
600 opencontrail:
601 compute:
602 enabled: true
603 tor:
604 enabled: true
605 bind:
606 port: 8086
607 agent:
608 tor01:
609 id: 0
610 port: 6632
611 host: 127.0.0.1
612 address: 127.0.0.1
613
Petr Jediný5f3008a2017-07-31 15:04:05 +0200614
Andreyeff77ac2017-08-25 12:14:06 -0500615Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200616--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500617
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200618In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500619instance metadata, metadata_proxy_secret in the Vrouter agent config
620should match the value in nova.conf. The administrator should define
621it in the pillar:
622
623.. code-block:: yaml
624
625 opencontrail:
626 compute:
627 metadata:
628 secret: opencontrail
629
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200630Add auth info for Barbican on compute nodes
631-------------------------------------------
632
633.. code-block:: yaml
634
635 opencontrail:
636 compute:
637 lbaas:
638 enabled: true
639 secret_manager:
640 engine: barbican
641 identity:
642 user: admin
643 password: "supersecretpassword123"
644 tenant: admin
645
646
Jakub Pavlik735005f2016-02-26 15:54:53 +0100647Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200648-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100649
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200650To enable support for keystone v3 in opencontrail, there must be defined
651version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100652
653.. code-block:: yaml
654
655 opencontrail:
656 config:
657 version: 2.2
658 enabled: true
659 ...
660 identity:
661 engine: keystone
662 version: '3'
663 ...
664
665 opencontrail:
666 web:
667 version: 2.2
668 enabled: true
669 ...
670 identity:
671 engine: keystone
672 version: '3'
673 ...
674
marco10cc2212016-04-03 14:21:54 +0200675Without Keystone
676----------------
677
678.. code-block:: yaml
679
680 opencontrail:
681 ...
682 common:
683 ...
684 identity:
685 engine: none
686 token: none
687 password: none
688 ...
689 config:
690 ...
691 identity:
692 engine: none
693 password: none
694 token: none
695 ...
696 web:
697 ...
698 identity:
699 engine: none
700 password: none
701 token: none
702 ...
marcof5461712016-04-04 20:49:36 +0200703
Aleš Komáreka3314b22017-04-11 13:46:06 +0200704Kubernetes support
705------------------
706
marcof5461712016-04-04 20:49:36 +0200707Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200708
709Vrouter configuration on a kubernetes node(s)
710
711.. code-block:: yaml
712
713 opencontrail:
714 ...
715 compute:
716 engine: kubernetes
717 ...
718
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100719vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100720
721Separate XMPP traffic from dataplane interface.
722
723.. code-block:: yaml
724
725 opencontrail:
726 compute:
727 bind:
728 address: 172.16.0.50
729 ...
730
Petr Jediný439fab32017-07-10 14:33:09 +0200731Override RPF default in Contrail API
732------------------------------------
733
734From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
735created virtual networks. This can be useful for usecases like running
736Calico and K8S in overlay. The `override_rpf_default_by` has valid values
737`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
738default - currently `enable`.
739
740.. code-block:: yaml
741
742 opencontrail:
743 ...
744 config:
745 override_rpf_default_by: 'disable'
746 ...
747
Petr Jediný01c18822017-11-15 12:30:53 +0100748Cassandra GC logging
749--------------------
750
751From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
752The behavior is controlled by `cassandra_gc_logging`. Valid values are
753'rotation' (default), 'legacy' and false.
754
755- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
756files automatically.
757- 'legacy' is a way to support older JDKs and you will need to handle logs by
758other means. This can be handled for example by using
759`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
760- false will disable the cassandra gc logging
761
762.. code-block:: yaml
763
764 opencontrail:
765 ...
766 database:
767 cassandra_gc_logging: false
768 ...
769
Petr Jediný439fab32017-07-10 14:33:09 +0200770
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200771Disable Contrail API authentication
772-----------------------------------
773
Petr Jediný78e6f422017-06-01 13:24:49 +0200774Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200775
776.. code-block:: yaml
777
778 opencontrail:
779 ...
780 config:
781 multi_tenancy: false
782 ...
783
Petr Jediný78e6f422017-06-01 13:24:49 +0200784Switch from on demand to periodic keystone sync
785-----------------------------------------------
786
787This can be useful when you want to sync projects from OpenStack to Contrail
788automatically. The period of sync is 60s.
789
790.. code-block:: yaml
791
792 opencontrail:
793 ...
794 config:
795 identity:
796 sync_on_demand: false
797 ...
798
marco2502e052016-05-31 22:53:54 +0200799Cassandra listen interface
Petr Jedinýffbe2082017-03-07 00:56:47 +0100800--------------------------
marco2502e052016-05-31 22:53:54 +0200801
802.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300803
marco2502e052016-05-31 22:53:54 +0200804 database:
805 ....
806 bind:
807 interface: eth0
808 port: 9042
809 rpc_port: 9160
810 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200811
Petr Jedinýffbe2082017-03-07 00:56:47 +0100812OpenContrail WebUI version >= 3.1.1
813-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200814For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100815
816For appropriate node at class level:
817
818.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200819
Petr Jedinýffbe2082017-03-07 00:56:47 +0100820 opencontrail:
821 ....
822 web:
823 database:
824 port: 9042
825 ....
826
827
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100828RabbitMQ HA hosts
829------------------
830
831.. code-block:: yaml
832
833 opencontrail:
834 config:
835 message_queue:
836 engine: rabbitmq
837 members:
838 - host: 10.0.16.1
839 - host: 10.0.16.2
840 - host: 10.0.16.3
841 port: 5672
842
843.. code-block:: yaml
844
845 database:
846 ....
847 bind:
848 interface: eth0
849 port: 9042
850 rpc_port: 9160
851 ....
852
Jakub Pavlike3590062017-02-20 23:32:57 +0100853DPDK vRouter
854-------------
855
856.. code-block:: yaml
857
858 opencontrail:
859 compute:
860 dpdk:
861 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100862 taskset: "0x0000003C00003C"
863 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100864 interface:
865 mac_address: 90:e2:ba:7c:22:e1
866 pci: 0000:81:00.1
867 ...
868
Marek Celouddbba7ed2017-12-07 10:36:24 +0100869Increase number of alarm-gen workers
870------------------------------------
871
872Port prefix will increment used ports by workers starting with 5901.
873
874.. code-block:: yaml
875
876 collector:
877 alarm_gen:
878 workers: 1
879 port_prefix: 59
880
Ales Komarekad46d2e2017-03-09 17:16:38 +0100881Contrail client
882---------------
883
884Basic parameters with identity and host configs
885
Petr Jediný78e6f422017-06-01 13:24:49 +0200886.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100887
888 opencontrail:
889 client:
890 identity:
891 user: admin
892 project: admin
893 password: adminpass
894 host: keystone_host
895 config:
896 host: contrail_api_host
897 port: contrail_api_ort
898
899Enforcing virtual routers
900
Petr Jediný78e6f422017-06-01 13:24:49 +0200901.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100902
903 opencontrail:
904 client:
905 ...
906 virtual_router:
907 cmp01:
908 ip_address: 172.16.0.11
909 dpdk_enabled: True
910 cmp02:
911 ip_address: 172.16.0.12
912 dpdk_enabled: True
913
psvimbersky3c84e272018-01-02 10:34:29 +0100914
915Enforcing global system config
916
917.. code-block:: yaml
918
919 opencontrail:
920 client:
921 ...
922 global_system_config:
923 name: default-global-system-config
924 asn: 64512
925 grp:
926 enable: true
927 restart_time: 60
928 end_of_rib_timeout: 30
929 bgp_helper_enable: false
930 xmpp_helper_enable: false
931 long_lived_restart_time: 300
932
933
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200934Enforcing global vrouter config
935
936.. code-block:: yaml
937
938 opencontrail:
939 client:
940 ...
941 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +0100942 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200943 parent_type: global-system-config
944 encap_priority: "MPLSoUDP,MPLSoGRE"
945 vxlan_vn_id_mode: automatic
946 fq_names:
947 - 'default-global-system-config'
948 - 'default-global-vrouter-config'
949
psvimbersky3c84e272018-01-02 10:34:29 +0100950
951
Ales Komarekad46d2e2017-03-09 17:16:38 +0100952Enforcing control nodes
953
Petr Jediný78e6f422017-06-01 13:24:49 +0200954.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100955
956 opencontrail:
957 client:
958 ...
959 bgp_router:
960 ntw01:
961 type: control-node
962 ip_address: 172.16.0.11
963 nwt02:
964 type: control-node
965 ip_address: 172.16.0.12
966 nwt03:
967 type: control-node
968 ip_address: 172.16.0.13
969
970
971Enforcing edge BGP routers
972
Petr Jediný78e6f422017-06-01 13:24:49 +0200973.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100974
975 opencontrail:
976 client:
977 ...
978 bgp_router:
979 mx01:
980 type: router
981 ip_address: 172.16.0.21
982 asn: 64512
983 mx02:
984 type: router
985 ip_address: 172.16.0.22
986 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +0100987 key_type: md5
988 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +0100989
990Enforcing config nodes
991
Petr Jediný78e6f422017-06-01 13:24:49 +0200992.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100993
994 opencontrail:
995 client:
996 ...
997 config_node:
998 ctl01:
999 ip_address: 172.16.0.21
1000 ctl02:
1001 ip_address: 172.16.0.22
1002
1003Enforcing database nodes
1004
Petr Jediný78e6f422017-06-01 13:24:49 +02001005.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001006
1007 opencontrail:
1008 client:
1009 ...
1010 database_node:
1011 ntw01:
1012 ip_address: 172.16.0.21
1013 ntw02:
1014 ip_address: 172.16.0.22
1015
1016Enforcing analytics nodes
1017
Petr Jediný78e6f422017-06-01 13:24:49 +02001018.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001019
1020 opencontrail:
1021 client:
1022 ...
1023 analytics_node:
1024 nal01:
1025 ip_address: 172.16.0.31
1026 nal02:
1027 ip_address: 172.16.0.32
1028
Petr Jediný5f3efe32017-05-26 17:55:09 +02001029Enforcing Link Local Services
1030
1031.. code-block:: yaml
1032
1033 opencontrail:
1034 client:
1035 ...
1036 linklocal_service:
1037 # example with dns name address (only one permited)
1038 meta1:
1039 lls_ip: 10.0.0.23
1040 lls_port: 80
1041 ipf_addresses: "meta.example.com"
1042 ipf_port: 80
1043 # example with multiple ip addresses
1044 meta2:
1045 lls_ip: 10.0.0.23
1046 lls_port: 80
1047 ipf_addresses:
1048 - 10.10.10.10
1049 - 10.20.20.20
1050 - 10.30.30.30
1051 ipf_port: 80
1052 # example with one ip address
1053 meta3:
1054 lls_ip: 10.0.0.23
1055 lls_port: 80
1056 ipf_addresses:
1057 - 10.10.10.10
1058 ipf_port: 80
1059 # example with name override
1060 lls_meta4:
1061 name: meta4
1062 lls_ip: 10.0.0.23
1063 lls_port: 80
1064 ipf_addresses:
1065 - 10.10.10.10
1066 ipf_port: 80
1067
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001068
Michel Nederloff5bccda2017-11-20 13:31:38 +01001069Configuring OpenStack default quotasx
1070
1071.. code-block:: yaml
1072 config:
1073 quota:
1074 network: 5
1075 subnet: 10
1076 router: 10
1077 floating_ip: 100
1078 secgroup: 1000
1079 secgroup_rule: 1000
1080 port: 1000
1081 pool: -1
1082 member: -1
1083 health_monitor: -1
1084 vip: -1
1085
1086Enforcing physical routers
1087h
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001088.. code-block:: yaml
1089
1090 opencontrail:
1091 client:
1092 ...
1093 physical_router:
1094 router1:
1095 name: router1
1096 dataplane_ip: 1.2.3.4
1097 management_ip: 1.2.3.4
1098 vendor_name: ovs
1099 product_name: ovs
1100 agents:
1101 - tsn0-0
1102 - tsn0
1103
1104Enforcing physical/logical interfaces for routers
1105
1106
1107.. code-block:: yaml
1108
1109 opencontrail
1110 client:
1111 ...
1112 physical_router:
1113 router1:
1114 ...
1115 interface:
1116 port1:
1117 name: port1
1118 logical_interface:
1119 port1_l:
1120 name: 'port1.0'
1121 vlan_tag: 0
1122 interface_type: L2
1123 virtual_machine_interface:
1124 port1_port:
1125 name: port1_port
1126 ip_address: 192.168.90.107
1127 mac_address: '2e:92:a8:af:c2:21'
1128 security_group: 'default'
1129 virtual_network: 'virtual-network'
1130
Jan Cachebfed1c2018-01-09 17:21:35 +01001131Enforcing virtual networks
1132
1133
1134.. code-block:: yaml
1135
1136 opencontrail:
1137 client:
1138 virtual_networks:
1139 net01:
1140 name: 'network01'
1141 ip_address: '172.16.111.0'
1142 ip_prefix: 24
1143 asn: 64512
1144 route_target: 10000
1145 external: True
1146 allow_transit: False
1147 forwarding_mode: 'l2_l3'
1148 rpf: 'disable'
1149 mirror_destination: False
1150 domain: 'default-domain'
1151 project: 'admin'
1152 ipam_domain: 'default-domain'
1153 ipam_project: 'default-project'
1154 ipam_name: 'default-network-ipam'
1155 net02:
1156 name: 'network02'
1157 net03:
1158 name: 'network03'
1159
Ales Komarekad46d2e2017-03-09 17:16:38 +01001160
Jan Cachb3092722018-01-31 12:46:16 +01001161Enforcing floating ip pool setings.
1162
1163Virtual network with flag external needs to be created before managing the floating ip pool.
1164Param vn_name is the name of the external network.
1165
1166.. code-block:: yaml
1167
1168 opencontrail:
1169 client:
1170 floating_ip_pools:
1171 pool1:
1172 vn_name: external-network
1173 vn_project: admin
1174 vn_domain: default-domain
1175 owner_access: 7
1176 global_access: 0
1177 list_of_projects:
1178 - [tenant1, 7]
1179 - [tenant2, 7]
1180 - [tenant3, 7]
1181 pool2:
1182 vn_name: floating-ips
1183 vn_project: admin
1184 vn_domain: default-domain
1185 owner_access: 7
1186 global_access: 0
1187 list_of_projects:
1188 - [tenant3, 7]
1189
1190
1191If you want to remove all shares from the ip floating pool, define only empty list in
1192list of projects, like this:
1193
1194.. code-block:: yaml
1195
1196 opencontrail:
1197 client:
1198 floating_ip_pools:
1199 pool1:
1200 vn_name: external-network
1201 vn_project: admin
1202 vn_domain: default-domain
1203 owner_access: 7
1204 global_access: 0
1205 list_of_projects: []
1206
1207
Michel Nederlof5364ab62017-12-11 15:02:25 +01001208Contrail DNS custom forwarders
1209------------------------------
1210
1211By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1212This can have some side-affects, like resolving internal DNS entries on you public instances.
1213
1214In order to overrule this default set, you can configure nameservers using pillar data.
1215The formula is then responsible for configuring and generating a alternate resolv.conf file.
1216
1217Note: this has been patched recently in the Contrail distribution of Mirantis:
1218https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1219https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1220
1221
1222To change forwarders for the default-dns option (which is handled by compute nodes):
1223
1224.. code-block:: yaml
1225
1226 compute:
1227 ....
1228 dns:
1229 forwarders:
1230 - 8.8.8.8
1231 - 8.8.4.4
1232 ....
1233
1234To change forwarders for vDNS zones (handled by control nodes):
1235
1236.. code-block:: yaml
1237
1238 control:
1239 ....
1240 dns:
1241 forwarders:
1242 - 8.8.8.8
1243 - 8.8.4.4
1244 ....
1245
Michel Nederloff5bccda2017-11-20 13:31:38 +01001246
Filip Pytloun27930402015-10-06 16:28:32 +02001247Usage
1248=====
1249
1250Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +01001251------------------
Filip Pytloun27930402015-10-06 16:28:32 +02001252
1253Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +01001254
1255.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001256
1257 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1258
Ales Komarekad46d2e2017-03-09 17:16:38 +01001259Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +02001260
Ales Komarekad46d2e2017-03-09 17:16:38 +01001261.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001262
1263 yum install contrail-vrouter contrail-openstack-vrouter
1264
1265 salt-call state.sls nova,opencontrail
1266
1267Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +02001268
Ales Komarekad46d2e2017-03-09 17:16:38 +01001269.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001270
1271 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1272
1273 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1274
1275 reboot
1276
Aleš Komáreka3314b22017-04-11 13:46:06 +02001277Debugging
1278---------
Filip Pytloun27930402015-10-06 16:28:32 +02001279
1280Display vhost XMPP connection status
1281
1282You should see the correct controller_ip and state should be established.
1283
1284 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1285
1286Display vrouter interface status
1287
1288When vrf_name = ---ERROR--- then something goes wrong
1289
1290 http://<compute-node>:8085/Snh_ItfReq?name=
1291
1292Display IF MAP table
1293
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001294Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +02001295
1296 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1297
1298Trace XMPP requests
1299
1300 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
1301
Filip Pytlounf6b79d42017-02-02 13:02:03 +01001302
1303Documentation and Bugs
1304======================
1305
1306To learn how to install and update salt-formulas, consult the documentation
1307available online at:
1308
1309 http://salt-formulas.readthedocs.io/
1310
1311In the unfortunate event that bugs are discovered, they should be reported to
1312the appropriate issue tracker. Use Github issue tracker for specific salt
1313formula:
1314
1315 https://github.com/salt-formulas/salt-formula-opencontrail/issues
1316
1317For feature requests, bug reports or blueprints affecting entire ecosystem,
1318use Launchpad salt-formulas project:
1319
1320 https://launchpad.net/salt-formulas
1321
1322You can also join salt-formulas-users team and subscribe to mailing list:
1323
1324 https://launchpad.net/~salt-formulas-users
1325
1326Developers wishing to work on the salt-formulas projects should always base
1327their work on master branch and submit pull request against specific formula.
1328
1329 https://github.com/salt-formulas/salt-formula-opencontrail
1330
1331Any questions or feedback is always welcome so feel free to join our IRC
1332channel:
1333
1334 #salt-formulas @ irc.freenode.net