Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / opencontrail / c22184c6ffeff7dcdfddeeeb9f048c3eac7aa04f / . / README.rst
blob: ba0d7b412a2853aa41bed59e188630fefa39ba54 [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]1====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]4
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]5Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]12
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]13
Petr Michalec579e64d2017-03-24 12:54:29 +0100[diff] [blame]14Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]16
Petr Michalec579e64d2017-03-24 12:54:29 +0100[diff] [blame]17Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]36Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]37==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]39Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]89 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]92 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300[diff] [blame]105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
125 discovery:
126 host: 127.0.0.1
127 data_ttl: 2
128 database:
129 members:
130 - host: 127.0.0.1
131 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]132 message_queue:
133 members:
134 - host: 127.0.0.1
135 - host: 127.0.0.1
136 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]137 database:
138 version: 2.2
139 cassandra:
140 version: 2
141 enabled: true
142 minimum_disk: 10
143 name: 'Contrail'
144 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300[diff] [blame]145 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300[diff] [blame]146 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]147 data_dirs:
148 - /var/lib/cassandra
149 id: 1
150 discovery:
151 host: 127.0.0.1
152 bind:
153 host: 127.0.0.1
154 port: 9042
155 rpc_port: 9160
156 members:
157 - host: 127.0.0.1
158 id: 1
159 web:
160 version: 2.2
161 enabled: True
162 bind:
163 address: 127.0.0.1
164 analytics:
165 host: 127.0.0.1
166 master:
167 host: 127.0.0.1
168 cache:
169 engine: redis
170 host: 127.0.0.1
171 port: 6379
172 members:
173 - host: 127.0.0.1
174 id: 1
175 identity:
176 engine: keystone
177 version: '2.0'
178 host: 127.0.0.1
179 port: 35357
180 user: admin
181 password: password
182 token: token
183 tenant: admin
184
185
186All-in-one cluster
187~~~~~~~~~~~~~~~~~~
188
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]189Config, control, analytics, database, web -- altogether, clustered on multiple
190nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]191
192.. code-block:: yaml
193
194 opencontrail:
195 common:
196 version: 2.2
197 source:
198 engine: pkg
199 address: http://mirror.robotice.cz/contrail-havana/
200 identity:
201 engine: keystone
202 host: 127.0.0.1
203 port: 35357
204 token: token
205 password: password
206 network:
207 engine: neutron
208 host: 127.0.0.1
209 port: 9696
210 config:
211 version: 2.2
212 enabled: true
213 network:
214 engine: neutron
215 host: 127.0.0.1
216 port: 9696
217 discovery:
218 host: 127.0.0.1
219 analytics:
220 host: 127.0.0.1
221 bind:
222 address: 127.0.0.1
223 message_queue:
224 engine: rabbitmq
225 host: 127.0.0.1
226 port: 5672
227 database:
228 members:
229 - host: 127.0.0.1
230 port: 9160
231 - host: 127.0.0.1
232 port: 9160
233 - host: 127.0.0.1
234 port: 9160
235 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]236 members:
237 - host: 127.0.0.1
238 port: 11211
239 - host: 127.0.0.1
240 port: 11211
241 - host: 127.0.0.1
242 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]243 identity:
244 engine: keystone
245 version: '2.0'
246 region: RegionOne
247 host: 127.0.0.1
248 port: 35357
249 user: admin
250 password: password
251 token: token
252 tenant: admin
253 members:
254 - host: 127.0.0.1
255 id: 1
256 - host: 127.0.0.1
257 id: 2
258 - host: 127.0.0.1
259 id: 3
260 control:
261 version: 2.2
262 enabled: true
263 bind:
264 address: 127.0.0.1
265 discovery:
266 host: 127.0.0.1
267 master:
268 host: 127.0.0.1
269 members:
270 - host: 127.0.0.1
271 id: 1
272 - host: 127.0.0.1
273 id: 2
274 - host: 127.0.0.1
275 id: 3
276 collector:
277 version: 2.2
278 enabled: true
279 bind:
280 address: 127.0.0.1
281 master:
282 host: 127.0.0.1
283 discovery:
284 host: 127.0.0.1
285 data_ttl: 1
286 database:
287 members:
288 - host: 127.0.0.1
289 port: 9160
290 - host: 127.0.0.1
291 port: 9160
292 - host: 127.0.0.1
293 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]294 message_queue:
295 members:
296 - host: 127.0.0.1
297 - host: 127.0.0.1
298 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]299 database:
300 version: 2.2
301 cassandra:
302 version: 2
303 enabled: true
304 name: 'Contrail'
305 minimum_disk: 10
306 original_token: 0
307 data_dirs:
308 - /var/lib/cassandra
309 id: 1
310 discovery:
311 host: 127.0.0.1
312 bind:
313 host: 127.0.0.1
314 port: 9042
315 rpc_port: 9160
316 members:
317 - host: 127.0.0.1
318 id: 1
319 - host: 127.0.0.1
320 id: 2
321 - host: 127.0.0.1
322 id: 3
323 web:
324 version: 2.2
325 enabled: True
326 bind:
327 address: 127.0.0.1
328 master:
329 host: 127.0.0.1
330 analytics:
331 host: 127.0.0.1
332 cache:
333 engine: redis
334 host: 127.0.0.1
335 port: 6379
336 members:
337 - host: 127.0.0.1
338 id: 1
339 - host: 127.0.0.1
340 id: 2
341 - host: 127.0.0.1
342 id: 3
343 identity:
344 engine: keystone
345 version: '2.0'
346 host: 127.0.0.1
347 port: 35357
348 user: admin
349 password: password
350 token: token
351 tenant: admin
352
353
354Separated analytics from control and config
355~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
356
357Config, control, database, web.
358
359.. code-block:: yaml
360
361 opencontrail:
362 common:
363 version: 2.2
364 identity:
365 engine: keystone
366 host: 127.0.0.1
367 port: 35357
368 token: token
369 password: password
370 network:
371 engine: neutron
372 host: 127.0.0.1
373 port: 9696
374 config:
375 version: 2.2
376 enabled: true
377 network:
378 engine: neutron
379 host: 127.0.0.1
380 port: 9696
381 discovery:
382 host: 127.0.0.1
383 analytics:
384 host: 127.0.0.1
385 bind:
386 address: 127.0.0.1
387 message_queue:
388 engine: rabbitmq
389 host: 127.0.0.1
390 port: 5672
391 database:
392 members:
393 - host: 127.0.0.1
394 port: 9160
395 - host: 127.0.0.1
396 port: 9160
397 - host: 127.0.0.1
398 port: 9160
399 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200[diff] [blame]400 members:
401 - host: 127.0.0.1
402 port: 11211
403 - host: 127.0.0.1
404 port: 11211
405 - host: 127.0.0.1
406 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]407 identity:
408 engine: keystone
409 version: '2.0'
410 region: RegionOne
411 host: 127.0.0.1
412 port: 35357
413 user: admin
414 password: password
415 token: token
416 tenant: admin
417 members:
418 - host: 127.0.0.1
419 id: 1
420 - host: 127.0.0.1
421 id: 2
422 - host: 127.0.0.1
423 id: 3
424 control:
425 version: 2.2
426 enabled: true
427 bind:
428 address: 127.0.0.1
429 discovery:
430 host: 127.0.0.1
431 master:
432 host: 127.0.0.1
433 members:
434 - host: 127.0.0.1
435 id: 1
436 - host: 127.0.0.1
437 id: 2
438 - host: 127.0.0.1
439 id: 3
440 database:
441 version: 127.0.0.1
442 cassandra:
443 version: 2
444 enabled: true
445 name: 'Contrail'
446 minimum_disk: 10
447 original_token: 0
448 data_dirs:
449 - /var/lib/cassandra
450 id: 1
451 discovery:
452 host: 127.0.0.1
453 bind:
454 host: 127.0.0.1
455 port: 9042
456 rpc_port: 9160
457 members:
458 - host: 127.0.0.1
459 id: 1
460 - host: 127.0.0.1
461 id: 2
462 - host: 127.0.0.1
463 id: 3
464 web:
465 version: 2.2
466 enabled: True
467 bind:
468 address: 127.0.0.1
469 analytics:
470 host: 127.0.0.1
471 master:
472 host: 127.0.0.1
473 cache:
474 engine: redis
475 host: 127.0.0.1
476 port: 6379
477 members:
478 - host: 127.0.0.1
479 id: 1
480 - host: 127.0.0.1
481 id: 2
482 - host: 127.0.0.1
483 id: 3
484 identity:
485 engine: keystone
486 version: '2.0'
487 host: 127.0.0.1
488 port: 35357
489 user: admin
490 password: password
491 token: token
492 tenant: admin
493
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]494Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]495
496Analytics and database on an analytic node(s)
497
498.. code-block:: yaml
499
500 opencontrail:
501 common:
502 version: 2.2
503 identity:
504 engine: keystone
505 host: 127.0.0.1
506 port: 35357
507 token: token
508 password: password
509 network:
510 engine: neutron
511 host: 127.0.0.1
512 port: 9696
513 collector:
514 version: 2.2
515 enabled: true
516 bind:
517 address: 127.0.0.1
518 master:
519 host: 127.0.0.1
520 discovery:
521 host: 127.0.0.1
522 data_ttl: 1
523 database:
524 members:
525 - host: 127.0.0.1
526 port: 9160
527 - host: 127.0.0.1
528 port: 9160
529 - host: 127.0.0.1
530 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300[diff] [blame]531 message_queue:
532 members:
533 - host: 127.0.0.1
534 - host: 127.0.0.1
535 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]536 database:
537 version: 2.2
538 cassandra:
539 version: 2
540 enabled: true
541 name: 'Contrail'
542 minimum_disk: 10
543 original_token: 0
544 data_dirs:
545 - /var/lib/cassandra
546 id: 1
547 discovery:
548 host: 127.0.0.1
549 bind:
550 host: 127.0.0.1
551 port: 9042
552 rpc_port: 9160
553 members:
554 - host: 127.0.0.1
555 id: 1
556 - host: 127.0.0.1
557 id: 2
558 - host: 127.0.0.1
559 id: 3
560
561
562Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]563-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]564
565Vrouter configuration on a compute node(s)
566
567.. code-block:: yaml
568
569 opencontrail:
570 common:
571 version: 2.2
572 identity:
573 engine: keystone
574 host: 127.0.0.1
575 port: 35357
576 token: token
577 password: password
578 network:
579 engine: neutron
580 host: 127.0.0.1
581 port: 9696
582 compute:
583 version: 2.2
584 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300[diff] [blame]585 hostname: node-12.domain.tld
Jiri Konecny463dee52016-03-03 11:08:46 +0100[diff] [blame]586 discovery:
587 host: 127.0.0.1
588 interface:
589 address: 127.0.0.1
590 dev: eth0
591 gateway: 127.0.0.1
592 mask: /24
593 dns: 127.0.0.1
594 mtu: 9000
595
Petr Jediný5f3008a2017-07-31 15:04:05 +0200[diff] [blame]596
597Compute nodes with gateway_mode
598-------------------------------
599
600Gateway mode: can be server/ vcpe (default is none)
601
602.. code-block:: yaml
603
604 opencontrail:
605 compute:
606 gateway_mode: server
607
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]608TSN nodes
609---------
610
611Configure TSN nodes
612
613.. code-block:: yaml
614
615 opencontrail:
616 compute:
617 enabled: true
618 tor:
619 enabled: true
620 bind:
621 port: 8086
622 agent:
623 tor01:
624 id: 0
625 port: 6632
626 host: 127.0.0.1
627 address: 127.0.0.1
628
Petr Jediný5f3008a2017-07-31 15:04:05 +0200[diff] [blame]629
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]630Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]631--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]632
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]633In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500[diff] [blame]634instance metadata, metadata_proxy_secret in the Vrouter agent config
635should match the value in nova.conf. The administrator should define
636it in the pillar:
637
638.. code-block:: yaml
639
640 opencontrail:
641 compute:
642 metadata:
643 secret: opencontrail
644
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200[diff] [blame]645Add auth info for Barbican on compute nodes
646-------------------------------------------
647
648.. code-block:: yaml
649
650 opencontrail:
651 compute:
652 lbaas:
653 enabled: true
654 secret_manager:
655 engine: barbican
656 identity:
657 user: admin
658 password: "supersecretpassword123"
659 tenant: admin
660
661
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]662Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]663-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]664
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200[diff] [blame]665To enable support for keystone v3 in opencontrail, there must be defined
666version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100[diff] [blame]667
668.. code-block:: yaml
669
670 opencontrail:
671 config:
672 version: 2.2
673 enabled: true
674 ...
675 identity:
676 engine: keystone
677 version: '3'
678 ...
679
680 opencontrail:
681 web:
682 version: 2.2
683 enabled: true
684 ...
685 identity:
686 engine: keystone
687 version: '3'
688 ...
689
marco10cc2212016-04-03 14:21:54 +0200[diff] [blame]690Without Keystone
691----------------
692
693.. code-block:: yaml
694
695 opencontrail:
696 ...
697 common:
698 ...
699 identity:
700 engine: none
701 token: none
702 password: none
703 ...
704 config:
705 ...
706 identity:
707 engine: none
708 password: none
709 token: none
710 ...
711 web:
712 ...
713 identity:
714 engine: none
715 password: none
716 token: none
717 ...
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]718
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]719Kubernetes support
720------------------
721
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]722Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200[diff] [blame]723
724Vrouter configuration on a kubernetes node(s)
725
726.. code-block:: yaml
727
728 opencontrail:
729 ...
730 compute:
731 engine: kubernetes
732 ...
733
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100[diff] [blame]734vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100[diff] [blame]735
736Separate XMPP traffic from dataplane interface.
737
738.. code-block:: yaml
739
740 opencontrail:
741 compute:
742 bind:
743 address: 172.16.0.50
744 ...
745
Petr Jediný439fab32017-07-10 14:33:09 +0200[diff] [blame]746Override RPF default in Contrail API
747------------------------------------
748
749From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
750created virtual networks. This can be useful for usecases like running
751Calico and K8S in overlay. The `override_rpf_default_by` has valid values
752`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
753default - currently `enable`.
754
755.. code-block:: yaml
756
757 opencontrail:
758 ...
759 config:
760 override_rpf_default_by: 'disable'
761 ...
762
Petr Jediný01c18822017-11-15 12:30:53 +0100[diff] [blame]763Cassandra GC logging
764--------------------
765
766From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
767The behavior is controlled by `cassandra_gc_logging`. Valid values are
768'rotation' (default), 'legacy' and false.
769
770- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
771files automatically.
772- 'legacy' is a way to support older JDKs and you will need to handle logs by
773other means. This can be handled for example by using
774`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
775- false will disable the cassandra gc logging
776
777.. code-block:: yaml
778
779 opencontrail:
780 ...
781 database:
782 cassandra_gc_logging: false
783 ...
784
Petr Jediný439fab32017-07-10 14:33:09 +0200[diff] [blame]785
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]786Disable Contrail API authentication
787-----------------------------------
788
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]789Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]790
791.. code-block:: yaml
792
793 opencontrail:
794 ...
795 config:
796 multi_tenancy: false
797 ...
798
Marek Celoudae98c642018-01-31 12:43:42 +0100[diff] [blame]799Enable RBAC
800-----------
801
802
803.. code-block:: yaml
804
805 opencontrail:
806 ...
807 config:
808 aaa_mode: rbac
809 cloud_admin_role: admin
810 global_read_only_role: member
811 ...
812
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]813Switch from on demand to periodic keystone sync
814-----------------------------------------------
815
816This can be useful when you want to sync projects from OpenStack to Contrail
817automatically. The period of sync is 60s.
818
819.. code-block:: yaml
820
821 opencontrail:
822 ...
823 config:
824 identity:
825 sync_on_demand: false
826 ...
827
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]828Cassandra listen interface
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]829--------------------------
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]830
831.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]832
marco2502e052016-05-31 22:53:54 +0200[diff] [blame]833 database:
834 ....
835 bind:
836 interface: eth0
837 port: 9042
838 rpc_port: 9160
839 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200[diff] [blame]840
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]841OpenContrail WebUI version >= 3.1.1
842-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]843For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]844
845For appropriate node at class level:
846
847.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]848
Petr Jedinýffbe2082017-03-07 00:56:47 +0100[diff] [blame]849 opencontrail:
850 ....
851 web:
852 database:
853 port: 9042
854 ....
855
856
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100[diff] [blame]857RabbitMQ HA hosts
858------------------
859
860.. code-block:: yaml
861
862 opencontrail:
863 config:
864 message_queue:
865 engine: rabbitmq
866 members:
867 - host: 10.0.16.1
868 - host: 10.0.16.2
869 - host: 10.0.16.3
870 port: 5672
871
872.. code-block:: yaml
873
874 database:
875 ....
876 bind:
877 interface: eth0
878 port: 9042
879 rpc_port: 9160
880 ....
881
Jakub Pavlike3590062017-02-20 23:32:57 +0100[diff] [blame]882DPDK vRouter
883-------------
884
885.. code-block:: yaml
886
887 opencontrail:
888 compute:
889 dpdk:
890 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100[diff] [blame]891 taskset: "0x0000003C00003C"
892 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100[diff] [blame]893 interface:
894 mac_address: 90:e2:ba:7c:22:e1
895 pci: 0000:81:00.1
896 ...
897
Petr Jedinýe9960762018-05-04 17:36:59 +0200[diff] [blame]898Increase number of contrail-api workers
899---------------------------------------
900
901.. code-block:: yaml
902
903 opencontrail:
904 ...
905 config:
906 api_workers: 3
907 ...
908
Marek Celouddbba7ed2017-12-07 10:36:24 +0100[diff] [blame]909Increase number of alarm-gen workers
910------------------------------------
911
912Port prefix will increment used ports by workers starting with 5901.
913
914.. code-block:: yaml
915
916 collector:
917 alarm_gen:
918 workers: 1
919 port_prefix: 59
920
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]921Contrail client
922---------------
923
924Basic parameters with identity and host configs
925
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]926.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]927
928 opencontrail:
929 client:
930 identity:
931 user: admin
932 project: admin
933 password: adminpass
934 host: keystone_host
935 config:
936 host: contrail_api_host
937 port: contrail_api_ort
938
939Enforcing virtual routers
940
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]941.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]942
943 opencontrail:
944 client:
945 ...
946 virtual_router:
947 cmp01:
948 ip_address: 172.16.0.11
949 dpdk_enabled: True
950 cmp02:
951 ip_address: 172.16.0.12
952 dpdk_enabled: True
953
psvimbersky3c84e272018-01-02 10:34:29 +0100[diff] [blame]954
955Enforcing global system config
956
957.. code-block:: yaml
958
959 opencontrail:
960 client:
961 ...
962 global_system_config:
963 name: default-global-system-config
964 asn: 64512
965 grp:
966 enable: true
967 restart_time: 60
968 end_of_rib_timeout: 30
969 bgp_helper_enable: false
970 xmpp_helper_enable: false
971 long_lived_restart_time: 300
972
973
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200[diff] [blame]974Enforcing global vrouter config
975
976.. code-block:: yaml
977
978 opencontrail:
979 client:
980 ...
981 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +0100[diff] [blame]982 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200[diff] [blame]983 parent_type: global-system-config
984 encap_priority: "MPLSoUDP,MPLSoGRE"
985 vxlan_vn_id_mode: automatic
986 fq_names:
987 - 'default-global-system-config'
988 - 'default-global-vrouter-config'
989
psvimbersky3c84e272018-01-02 10:34:29 +0100[diff] [blame]990
991
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]992Enforcing control nodes
993
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]994.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]995
996 opencontrail:
997 client:
998 ...
999 bgp_router:
1000 ntw01:
1001 type: control-node
1002 ip_address: 172.16.0.11
1003 nwt02:
1004 type: control-node
1005 ip_address: 172.16.0.12
1006 nwt03:
1007 type: control-node
1008 ip_address: 172.16.0.13
1009
1010
1011Enforcing edge BGP routers
1012
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1013.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1014
1015 opencontrail:
1016 client:
1017 ...
1018 bgp_router:
1019 mx01:
1020 type: router
1021 ip_address: 172.16.0.21
1022 asn: 64512
1023 mx02:
1024 type: router
1025 ip_address: 172.16.0.22
1026 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +0100[diff] [blame]1027 key_type: md5
1028 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1029
1030Enforcing config nodes
1031
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1032.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1033
1034 opencontrail:
1035 client:
1036 ...
1037 config_node:
1038 ctl01:
1039 ip_address: 172.16.0.21
1040 ctl02:
1041 ip_address: 172.16.0.22
1042
1043Enforcing database nodes
1044
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1045.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1046
1047 opencontrail:
1048 client:
1049 ...
1050 database_node:
1051 ntw01:
1052 ip_address: 172.16.0.21
1053 ntw02:
1054 ip_address: 172.16.0.22
1055
1056Enforcing analytics nodes
1057
Petr Jediný78e6f422017-06-01 13:24:49 +0200[diff] [blame]1058.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1059
1060 opencontrail:
1061 client:
1062 ...
1063 analytics_node:
1064 nal01:
1065 ip_address: 172.16.0.31
1066 nal02:
1067 ip_address: 172.16.0.32
1068
Petr Jediný5f3efe32017-05-26 17:55:09 +0200[diff] [blame]1069Enforcing Link Local Services
1070
1071.. code-block:: yaml
1072
1073 opencontrail:
1074 client:
1075 ...
1076 linklocal_service:
1077 # example with dns name address (only one permited)
1078 meta1:
1079 lls_ip: 10.0.0.23
1080 lls_port: 80
1081 ipf_addresses: "meta.example.com"
1082 ipf_port: 80
1083 # example with multiple ip addresses
1084 meta2:
1085 lls_ip: 10.0.0.23
1086 lls_port: 80
1087 ipf_addresses:
1088 - 10.10.10.10
1089 - 10.20.20.20
1090 - 10.30.30.30
1091 ipf_port: 80
1092 # example with one ip address
1093 meta3:
1094 lls_ip: 10.0.0.23
1095 lls_port: 80
1096 ipf_addresses:
1097 - 10.10.10.10
1098 ipf_port: 80
1099 # example with name override
1100 lls_meta4:
1101 name: meta4
1102 lls_ip: 10.0.0.23
1103 lls_port: 80
1104 ipf_addresses:
1105 - 10.10.10.10
1106 ipf_port: 80
1107
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1108
Michel Nederloff5bccda2017-11-20 13:31:38 +0100[diff] [blame]1109Configuring OpenStack default quotasx
1110
1111.. code-block:: yaml
1112 config:
1113 quota:
1114 network: 5
1115 subnet: 10
1116 router: 10
1117 floating_ip: 100
1118 secgroup: 1000
1119 secgroup_rule: 1000
1120 port: 1000
1121 pool: -1
1122 member: -1
1123 health_monitor: -1
1124 vip: -1
1125
1126Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +0200[diff] [blame]1127
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1128.. code-block:: yaml
1129
1130 opencontrail:
1131 client:
1132 ...
1133 physical_router:
1134 router1:
1135 name: router1
1136 dataplane_ip: 1.2.3.4
1137 management_ip: 1.2.3.4
1138 vendor_name: ovs
1139 product_name: ovs
1140 agents:
1141 - tsn0-0
1142 - tsn0
1143
1144Enforcing physical/logical interfaces for routers
1145
1146
1147.. code-block:: yaml
1148
1149 opencontrail
1150 client:
1151 ...
1152 physical_router:
1153 router1:
1154 ...
1155 interface:
1156 port1:
1157 name: port1
1158 logical_interface:
1159 port1_l:
1160 name: 'port1.0'
1161 vlan_tag: 0
1162 interface_type: L2
1163 virtual_machine_interface:
1164 port1_port:
1165 name: port1_port
1166 ip_address: 192.168.90.107
1167 mac_address: '2e:92:a8:af:c2:21'
1168 security_group: 'default'
1169 virtual_network: 'virtual-network'
1170
Jan Cachebfed1c2018-01-09 17:21:35 +0100[diff] [blame]1171Enforcing virtual networks
1172
1173
1174.. code-block:: yaml
1175
1176 opencontrail:
1177 client:
1178 virtual_networks:
1179 net01:
1180 name: 'network01'
1181 ip_address: '172.16.111.0'
1182 ip_prefix: 24
1183 asn: 64512
1184 route_target: 10000
1185 external: True
1186 allow_transit: False
1187 forwarding_mode: 'l2_l3'
1188 rpf: 'disable'
1189 mirror_destination: False
1190 domain: 'default-domain'
1191 project: 'admin'
1192 ipam_domain: 'default-domain'
1193 ipam_project: 'default-project'
1194 ipam_name: 'default-network-ipam'
1195 net02:
1196 name: 'network02'
1197 net03:
1198 name: 'network03'
1199
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1200
Jan Cachb3092722018-01-31 12:46:16 +0100[diff] [blame]1201Enforcing floating ip pool setings.
1202
1203Virtual network with flag external needs to be created before managing the floating ip pool.
1204Param vn_name is the name of the external network.
1205
1206.. code-block:: yaml
1207
1208 opencontrail:
1209 client:
1210 floating_ip_pools:
1211 pool1:
1212 vn_name: external-network
1213 vn_project: admin
1214 vn_domain: default-domain
1215 owner_access: 7
1216 global_access: 0
1217 list_of_projects:
1218 - [tenant1, 7]
1219 - [tenant2, 7]
1220 - [tenant3, 7]
1221 pool2:
1222 vn_name: floating-ips
1223 vn_project: admin
1224 vn_domain: default-domain
1225 owner_access: 7
1226 global_access: 0
1227 list_of_projects:
1228 - [tenant3, 7]
1229
1230
1231If you want to remove all shares from the ip floating pool, define only empty list in
1232list of projects, like this:
1233
1234.. code-block:: yaml
1235
1236 opencontrail:
1237 client:
1238 floating_ip_pools:
1239 pool1:
1240 vn_name: external-network
1241 vn_project: admin
1242 vn_domain: default-domain
1243 owner_access: 7
1244 global_access: 0
1245 list_of_projects: []
1246
1247
Michel Nederlof5364ab62017-12-11 15:02:25 +0100[diff] [blame]1248Contrail DNS custom forwarders
1249------------------------------
1250
1251By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1252This can have some side-affects, like resolving internal DNS entries on you public instances.
1253
1254In order to overrule this default set, you can configure nameservers using pillar data.
1255The formula is then responsible for configuring and generating a alternate resolv.conf file.
1256
1257Note: this has been patched recently in the Contrail distribution of Mirantis:
1258https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1259https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1260
1261
1262To change forwarders for the default-dns option (which is handled by compute nodes):
1263
1264.. code-block:: yaml
1265
1266 compute:
1267 ....
1268 dns:
1269 forwarders:
1270 - 8.8.8.8
1271 - 8.8.4.4
1272 ....
1273
1274To change forwarders for vDNS zones (handled by control nodes):
1275
1276.. code-block:: yaml
1277
1278 control:
1279 ....
1280 dns:
1281 forwarders:
1282 - 8.8.8.8
1283 - 8.8.4.4
1284 ....
1285
Petr Jediný04bed9b2018-05-03 19:44:10 +0200[diff] [blame]1286Contrail IF-MAP server configuration
1287------------------------------------
1288
1289Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1290by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1291``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1292same process as contrail-api and will generate security certificates in specified folder.
1293
1294.. code-block:: yaml
1295
1296 config:
1297 ....
1298 ifmap:
1299 engine: internal
1300 cert_dir: /etc/contrail/ssl/certs/ # default
1301 basename_cert: ifmap.crt # default
1302 basename_key: ifmap.key # default
1303 ....
1304
1305To set static configuration of the IF-MAP server for contrail-control instead of using
1306discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1307is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1308
1309.. code-block:: yaml
1310 control:
1311 ....
1312 ifmap
1313 bind:
1314 host: 127.0.0.1
1315 port: 8443
1316 ....
1317
1318
Michel Nederloff5bccda2017-11-20 13:31:38 +0100[diff] [blame]1319
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1320Usage
1321=====
1322
1323Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1324------------------
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1325
1326Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1327
1328.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1329
1330 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1331
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1332Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1333
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1334.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1335
1336 yum install contrail-vrouter contrail-openstack-vrouter
1337
1338 salt-call state.sls nova,opencontrail
1339
1340Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1341
Ales Komarekad46d2e2017-03-09 17:16:38 +0100[diff] [blame]1342.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1343
1344 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1345
1346 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1347
1348 reboot
1349
Aleš Komáreka3314b22017-04-11 13:46:06 +0200[diff] [blame]1350Debugging
1351---------
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1352
1353Display vhost XMPP connection status
1354
1355You should see the correct controller_ip and state should be established.
1356
1357 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1358
1359Display vrouter interface status
1360
1361When vrf_name = ---ERROR--- then something goes wrong
1362
1363 http://<compute-node>:8085/Snh_ItfReq?name=
1364
1365Display IF MAP table
1366
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300[diff] [blame]1367Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +0200[diff] [blame]1368
1369 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1370
1371Trace XMPP requests
1372
1373 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
1374
Filip Pytlounf6b79d42017-02-02 13:02:03 +0100[diff] [blame]1375
1376Documentation and Bugs
1377======================
1378
1379To learn how to install and update salt-formulas, consult the documentation
1380available online at:
1381
1382 http://salt-formulas.readthedocs.io/
1383
1384In the unfortunate event that bugs are discovered, they should be reported to
1385the appropriate issue tracker. Use Github issue tracker for specific salt
1386formula:
1387
1388 https://github.com/salt-formulas/salt-formula-opencontrail/issues
1389
1390For feature requests, bug reports or blueprints affecting entire ecosystem,
1391use Launchpad salt-formulas project:
1392
1393 https://launchpad.net/salt-formulas
1394
1395You can also join salt-formulas-users team and subscribe to mailing list:
1396
1397 https://launchpad.net/~salt-formulas-users
1398
1399Developers wishing to work on the salt-formulas projects should always base
1400their work on master branch and submit pull request against specific formula.
1401
1402 https://github.com/salt-formulas/salt-formula-opencontrail
1403
1404Any questions or feedback is always welcome so feel free to join our IRC
1405channel:
1406
1407 #salt-formulas @ irc.freenode.net