blob: 36034ca2ce21f220438b05215bde09125ca80469 [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +02001====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +02004
Jakub Pavlik01fe5372016-05-20 11:23:28 +02005Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +020012
Jiri Konecny463dee52016-03-03 11:08:46 +010013
Petr Michalec579e64d2017-03-24 12:54:29 +010014Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +020016
Petr Michalec579e64d2017-03-24 12:54:29 +010017Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +020036Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +020037==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +010039Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
ibumarskov57563252019-04-16 00:15:00 +040059 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +010060 host: 127.0.0.1
61 port: 35357
62 token: token
63 password: password
64 network:
65 engine: neutron
66 host: 127.0.0.1
67 port: 9696
68 config:
69 version: 2.2
70 enabled: true
71 network:
72 engine: neutron
73 host: 127.0.0.1
74 port: 9696
75 discovery:
76 host: 127.0.0.1
77 analytics:
78 host: 127.0.0.1
79 bind:
80 address: 127.0.0.1
81 message_queue:
82 engine: rabbitmq
83 host: 127.0.0.1
84 port: 5672
85 database:
86 members:
87 - host: 127.0.0.1
88 port: 9160
89 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +020090 members:
91 - host: 127.0.0.1
92 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +010093 identity:
94 engine: keystone
95 version: '2.0'
96 region: RegionOne
ibumarskov57563252019-04-16 00:15:00 +040097 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +010098 host: 127.0.0.1
99 port: 35357
100 user: admin
101 password: password
102 token: token
103 tenant: admin
104 members:
105 - host: 127.0.0.1
106 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300107 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100108 control:
109 version: 2.2
110 enabled: true
111 bind:
112 address: 127.0.0.1
113 discovery:
114 host: 127.0.0.1
115 master:
116 host: 127.0.0.1
117 members:
118 - host: 127.0.0.1
119 id: 1
120 collector:
121 version: 2.2
122 enabled: true
123 bind:
124 address: 127.0.0.1
125 master:
126 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400127 contrail_cache:
128 engine: redis
129 host: 127.0.0.1
130 port: 6379
131 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100132 discovery:
133 host: 127.0.0.1
134 data_ttl: 2
135 database:
136 members:
137 - host: 127.0.0.1
138 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300139 message_queue:
140 members:
141 - host: 127.0.0.1
142 - host: 127.0.0.1
143 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100144 database:
145 version: 2.2
146 cassandra:
147 version: 2
148 enabled: true
149 minimum_disk: 10
150 name: 'Contrail'
151 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300152 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300153 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100154 data_dirs:
155 - /var/lib/cassandra
156 id: 1
157 discovery:
158 host: 127.0.0.1
159 bind:
160 host: 127.0.0.1
161 port: 9042
162 rpc_port: 9160
163 members:
164 - host: 127.0.0.1
165 id: 1
166 web:
167 version: 2.2
168 enabled: True
169 bind:
170 address: 127.0.0.1
171 analytics:
172 host: 127.0.0.1
173 master:
174 host: 127.0.0.1
175 cache:
176 engine: redis
177 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400178 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100179 port: 6379
180 members:
181 - host: 127.0.0.1
182 id: 1
183 identity:
184 engine: keystone
185 version: '2.0'
ibumarskov57563252019-04-16 00:15:00 +0400186 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100187 host: 127.0.0.1
188 port: 35357
189 user: admin
190 password: password
191 token: token
192 tenant: admin
193
194
195All-in-one cluster
196~~~~~~~~~~~~~~~~~~
197
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200198Config, control, analytics, database, web -- altogether, clustered on multiple
199nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100200
201.. code-block:: yaml
202
203 opencontrail:
204 common:
205 version: 2.2
206 source:
207 engine: pkg
208 address: http://mirror.robotice.cz/contrail-havana/
209 identity:
210 engine: keystone
ibumarskov57563252019-04-16 00:15:00 +0400211 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100212 host: 127.0.0.1
213 port: 35357
214 token: token
215 password: password
216 network:
217 engine: neutron
218 host: 127.0.0.1
219 port: 9696
220 config:
221 version: 2.2
222 enabled: true
223 network:
224 engine: neutron
225 host: 127.0.0.1
226 port: 9696
227 discovery:
228 host: 127.0.0.1
229 analytics:
230 host: 127.0.0.1
231 bind:
232 address: 127.0.0.1
233 message_queue:
234 engine: rabbitmq
235 host: 127.0.0.1
236 port: 5672
237 database:
238 members:
239 - host: 127.0.0.1
240 port: 9160
241 - host: 127.0.0.1
242 port: 9160
243 - host: 127.0.0.1
244 port: 9160
245 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200246 members:
247 - host: 127.0.0.1
248 port: 11211
249 - host: 127.0.0.1
250 port: 11211
251 - host: 127.0.0.1
252 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100253 identity:
254 engine: keystone
255 version: '2.0'
256 region: RegionOne
ibumarskov57563252019-04-16 00:15:00 +0400257 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100258 host: 127.0.0.1
259 port: 35357
260 user: admin
261 password: password
262 token: token
263 tenant: admin
264 members:
265 - host: 127.0.0.1
266 id: 1
267 - host: 127.0.0.1
268 id: 2
269 - host: 127.0.0.1
270 id: 3
271 control:
272 version: 2.2
273 enabled: true
274 bind:
275 address: 127.0.0.1
276 discovery:
277 host: 127.0.0.1
278 master:
279 host: 127.0.0.1
280 members:
281 - host: 127.0.0.1
282 id: 1
283 - host: 127.0.0.1
284 id: 2
285 - host: 127.0.0.1
286 id: 3
287 collector:
288 version: 2.2
289 enabled: true
290 bind:
291 address: 127.0.0.1
292 master:
293 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400294 contrail_cache:
295 engine: redis
296 host: 127.0.0.1
297 port: 6379
298 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100299 discovery:
300 host: 127.0.0.1
301 data_ttl: 1
302 database:
303 members:
304 - host: 127.0.0.1
305 port: 9160
306 - host: 127.0.0.1
307 port: 9160
308 - host: 127.0.0.1
309 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300310 message_queue:
311 members:
312 - host: 127.0.0.1
313 - host: 127.0.0.1
314 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100315 database:
316 version: 2.2
317 cassandra:
318 version: 2
319 enabled: true
320 name: 'Contrail'
321 minimum_disk: 10
322 original_token: 0
323 data_dirs:
324 - /var/lib/cassandra
325 id: 1
326 discovery:
327 host: 127.0.0.1
328 bind:
329 host: 127.0.0.1
330 port: 9042
331 rpc_port: 9160
332 members:
333 - host: 127.0.0.1
334 id: 1
335 - host: 127.0.0.1
336 id: 2
337 - host: 127.0.0.1
338 id: 3
339 web:
340 version: 2.2
341 enabled: True
342 bind:
343 address: 127.0.0.1
344 master:
345 host: 127.0.0.1
346 analytics:
347 host: 127.0.0.1
348 cache:
349 engine: redis
350 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400351 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100352 port: 6379
353 members:
354 - host: 127.0.0.1
355 id: 1
356 - host: 127.0.0.1
357 id: 2
358 - host: 127.0.0.1
359 id: 3
360 identity:
361 engine: keystone
362 version: '2.0'
ibumarskov57563252019-04-16 00:15:00 +0400363 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100364 host: 127.0.0.1
365 port: 35357
366 user: admin
367 password: password
368 token: token
369 tenant: admin
370
371
372Separated analytics from control and config
373~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
374
375Config, control, database, web.
376
377.. code-block:: yaml
378
379 opencontrail:
380 common:
381 version: 2.2
382 identity:
383 engine: keystone
ibumarskov57563252019-04-16 00:15:00 +0400384 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100385 host: 127.0.0.1
386 port: 35357
387 token: token
388 password: password
389 network:
390 engine: neutron
391 host: 127.0.0.1
392 port: 9696
393 config:
394 version: 2.2
395 enabled: true
396 network:
397 engine: neutron
398 host: 127.0.0.1
399 port: 9696
400 discovery:
401 host: 127.0.0.1
402 analytics:
403 host: 127.0.0.1
404 bind:
405 address: 127.0.0.1
406 message_queue:
407 engine: rabbitmq
408 host: 127.0.0.1
409 port: 5672
410 database:
411 members:
412 - host: 127.0.0.1
413 port: 9160
414 - host: 127.0.0.1
415 port: 9160
416 - host: 127.0.0.1
417 port: 9160
418 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200419 members:
420 - host: 127.0.0.1
421 port: 11211
422 - host: 127.0.0.1
423 port: 11211
424 - host: 127.0.0.1
425 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100426 identity:
427 engine: keystone
428 version: '2.0'
429 region: RegionOne
ibumarskov57563252019-04-16 00:15:00 +0400430 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100431 host: 127.0.0.1
432 port: 35357
433 user: admin
434 password: password
435 token: token
436 tenant: admin
437 members:
438 - host: 127.0.0.1
439 id: 1
440 - host: 127.0.0.1
441 id: 2
442 - host: 127.0.0.1
443 id: 3
444 control:
445 version: 2.2
446 enabled: true
447 bind:
448 address: 127.0.0.1
449 discovery:
450 host: 127.0.0.1
451 master:
452 host: 127.0.0.1
453 members:
454 - host: 127.0.0.1
455 id: 1
456 - host: 127.0.0.1
457 id: 2
458 - host: 127.0.0.1
459 id: 3
460 database:
461 version: 127.0.0.1
462 cassandra:
463 version: 2
464 enabled: true
465 name: 'Contrail'
466 minimum_disk: 10
467 original_token: 0
468 data_dirs:
469 - /var/lib/cassandra
470 id: 1
471 discovery:
472 host: 127.0.0.1
473 bind:
474 host: 127.0.0.1
475 port: 9042
476 rpc_port: 9160
477 members:
478 - host: 127.0.0.1
479 id: 1
480 - host: 127.0.0.1
481 id: 2
482 - host: 127.0.0.1
483 id: 3
484 web:
485 version: 2.2
486 enabled: True
487 bind:
488 address: 127.0.0.1
489 analytics:
490 host: 127.0.0.1
491 master:
492 host: 127.0.0.1
493 cache:
494 engine: redis
495 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400496 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100497 port: 6379
498 members:
499 - host: 127.0.0.1
500 id: 1
501 - host: 127.0.0.1
502 id: 2
503 - host: 127.0.0.1
504 id: 3
505 identity:
506 engine: keystone
507 version: '2.0'
ibumarskov57563252019-04-16 00:15:00 +0400508 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100509 host: 127.0.0.1
510 port: 35357
511 user: admin
512 password: password
513 token: token
514 tenant: admin
515
Jiri Konecny463dee52016-03-03 11:08:46 +0100516Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100517
518Analytics and database on an analytic node(s)
519
520.. code-block:: yaml
521
522 opencontrail:
523 common:
524 version: 2.2
525 identity:
526 engine: keystone
ibumarskov57563252019-04-16 00:15:00 +0400527 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100528 host: 127.0.0.1
529 port: 35357
530 token: token
531 password: password
532 network:
533 engine: neutron
534 host: 127.0.0.1
535 port: 9696
536 collector:
537 version: 2.2
538 enabled: true
539 bind:
540 address: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400541 contrail_cache:
542 engine: redis
543 host: 127.0.0.1
544 password: guest
545 port: 6379
Jiri Konecny463dee52016-03-03 11:08:46 +0100546 master:
547 host: 127.0.0.1
548 discovery:
549 host: 127.0.0.1
550 data_ttl: 1
551 database:
552 members:
553 - host: 127.0.0.1
554 port: 9160
555 - host: 127.0.0.1
556 port: 9160
557 - host: 127.0.0.1
558 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300559 message_queue:
560 members:
561 - host: 127.0.0.1
562 - host: 127.0.0.1
563 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100564 database:
565 version: 2.2
566 cassandra:
567 version: 2
568 enabled: true
569 name: 'Contrail'
570 minimum_disk: 10
571 original_token: 0
572 data_dirs:
573 - /var/lib/cassandra
574 id: 1
575 discovery:
576 host: 127.0.0.1
577 bind:
578 host: 127.0.0.1
579 port: 9042
580 rpc_port: 9160
581 members:
582 - host: 127.0.0.1
583 id: 1
584 - host: 127.0.0.1
585 id: 2
586 - host: 127.0.0.1
587 id: 3
588
589
590Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200591-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100592
593Vrouter configuration on a compute node(s)
594
595.. code-block:: yaml
596
597 opencontrail:
598 common:
599 version: 2.2
600 identity:
601 engine: keystone
ibumarskov57563252019-04-16 00:15:00 +0400602 protocol: http
Jiri Konecny463dee52016-03-03 11:08:46 +0100603 host: 127.0.0.1
604 port: 35357
605 token: token
606 password: password
607 network:
608 engine: neutron
609 host: 127.0.0.1
610 port: 9696
611 compute:
612 version: 2.2
613 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300614 hostname: node-12.domain.tld
Danysa144f292018-06-26 16:08:50 +0200615 flow_hold_limit: 0
Jiri Konecny463dee52016-03-03 11:08:46 +0100616 discovery:
617 host: 127.0.0.1
618 interface:
619 address: 127.0.0.1
620 dev: eth0
621 gateway: 127.0.0.1
622 mask: /24
623 dns: 127.0.0.1
624 mtu: 9000
625
Petr Jediný5f3008a2017-07-31 15:04:05 +0200626
627Compute nodes with gateway_mode
628-------------------------------
629
630Gateway mode: can be server/ vcpe (default is none)
631
632.. code-block:: yaml
633
634 opencontrail:
635 compute:
636 gateway_mode: server
637
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300638TSN nodes
639---------
640
641Configure TSN nodes
642
643.. code-block:: yaml
644
645 opencontrail:
646 compute:
647 enabled: true
648 tor:
649 enabled: true
650 bind:
651 port: 8086
652 agent:
653 tor01:
654 id: 0
655 port: 6632
656 host: 127.0.0.1
657 address: 127.0.0.1
658
Petr Jediný5f3008a2017-07-31 15:04:05 +0200659
Andreyeff77ac2017-08-25 12:14:06 -0500660Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200661--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500662
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200663In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500664instance metadata, metadata_proxy_secret in the Vrouter agent config
665should match the value in nova.conf. The administrator should define
666it in the pillar:
667
668.. code-block:: yaml
669
670 opencontrail:
671 compute:
672 metadata:
673 secret: opencontrail
674
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200675Add auth info for Barbican on compute nodes
676-------------------------------------------
677
678.. code-block:: yaml
679
680 opencontrail:
681 compute:
682 lbaas:
683 enabled: true
684 secret_manager:
685 engine: barbican
686 identity:
687 user: admin
688 password: "supersecretpassword123"
689 tenant: admin
690
691
Jakub Pavlik735005f2016-02-26 15:54:53 +0100692Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200693-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100694
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200695To enable support for keystone v3 in opencontrail, there must be defined
696version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100697
698.. code-block:: yaml
699
700 opencontrail:
701 config:
702 version: 2.2
703 enabled: true
704 ...
705 identity:
706 engine: keystone
707 version: '3'
708 ...
709
710 opencontrail:
711 web:
712 version: 2.2
713 enabled: true
714 ...
715 identity:
716 engine: keystone
717 version: '3'
718 ...
719
marco10cc2212016-04-03 14:21:54 +0200720Without Keystone
721----------------
722
723.. code-block:: yaml
724
725 opencontrail:
726 ...
727 common:
728 ...
729 identity:
730 engine: none
731 token: none
732 password: none
733 ...
734 config:
735 ...
736 identity:
737 engine: none
738 password: none
739 token: none
740 ...
741 web:
742 ...
743 identity:
744 engine: none
745 password: none
746 token: none
747 ...
marcof5461712016-04-04 20:49:36 +0200748
Pavel Cizinsky14eb00e2018-11-09 15:15:07 +0100749XMPP Encryption
750---------------
751
752Configure encryption of XMPP
753
754Computes nodes
755~~~~~~~~~~~~~~
756
757.. code-block:: yaml
758
759 opencontrail:
760 compute:
761 xmpp:
762 tls:
763 enabled: False
764 auth:
765 enabled: False
766 (optional) cert_file: /etc/contrail/server.pem
767 (optional) key_file: /etc/contrail/privkey.pem
768 (optional) ca_cert_file: /etc/contrail/ca-cert.pem
769
770Control nodes
771~~~~~~~~~~~~~
772
773.. code-block:: yaml
774
775 opencontrail:
776 control:
777 xmpp:
778 tls:
779 enabled: False
780 auth:
781 enabled: False
782 (optional) cert_file: /etc/contrail/server.pem
783 (optional) key_file: /etc/contrail/privkey.pem
784 (optional) ca_cert_file: /etc/contrail/ca-cert.pem
785
Aleš Komáreka3314b22017-04-11 13:46:06 +0200786Kubernetes support
787------------------
788
marcof5461712016-04-04 20:49:36 +0200789Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200790
791Vrouter configuration on a kubernetes node(s)
792
793.. code-block:: yaml
794
795 opencontrail:
796 ...
797 compute:
798 engine: kubernetes
799 ...
800
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100801vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100802
803Separate XMPP traffic from dataplane interface.
804
805.. code-block:: yaml
806
807 opencontrail:
808 compute:
809 bind:
810 address: 172.16.0.50
811 ...
812
Petr Jediný439fab32017-07-10 14:33:09 +0200813Override RPF default in Contrail API
814------------------------------------
815
816From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
817created virtual networks. This can be useful for usecases like running
818Calico and K8S in overlay. The `override_rpf_default_by` has valid values
819`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
820default - currently `enable`.
821
822.. code-block:: yaml
823
824 opencontrail:
825 ...
826 config:
827 override_rpf_default_by: 'disable'
828 ...
829
Petr Jediný01c18822017-11-15 12:30:53 +0100830Cassandra GC logging
831--------------------
832
833From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
834The behavior is controlled by `cassandra_gc_logging`. Valid values are
835'rotation' (default), 'legacy' and false.
836
837- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
838files automatically.
839- 'legacy' is a way to support older JDKs and you will need to handle logs by
840other means. This can be handled for example by using
841`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
842- false will disable the cassandra gc logging
843
844.. code-block:: yaml
845
846 opencontrail:
847 ...
848 database:
849 cassandra_gc_logging: false
850 ...
851
Petr Jediný439fab32017-07-10 14:33:09 +0200852
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200853Disable Contrail API authentication
854-----------------------------------
855
Petr Jediný78e6f422017-06-01 13:24:49 +0200856Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200857
858.. code-block:: yaml
859
860 opencontrail:
861 ...
862 config:
863 multi_tenancy: false
864 ...
865
Marek Celoudae98c642018-01-31 12:43:42 +0100866Enable RBAC
867-----------
868
869
870.. code-block:: yaml
871
872 opencontrail:
873 ...
874 config:
875 aaa_mode: rbac
876 cloud_admin_role: admin
877 global_read_only_role: member
878 ...
879
Petr Jediný78e6f422017-06-01 13:24:49 +0200880Switch from on demand to periodic keystone sync
881-----------------------------------------------
882
883This can be useful when you want to sync projects from OpenStack to Contrail
884automatically. The period of sync is 60s.
885
886.. code-block:: yaml
887
888 opencontrail:
889 ...
890 config:
891 identity:
892 sync_on_demand: false
893 ...
894
Petr Jediný03027902018-07-17 20:32:52 +0200895Cassandra listen configuration
896------------------------------
897
898Interface example:
marco2502e052016-05-31 22:53:54 +0200899
900.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300901
marco2502e052016-05-31 22:53:54 +0200902 database:
903 ....
904 bind:
905 interface: eth0
906 port: 9042
907 rpc_port: 9160
908 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200909
Petr Jediný03027902018-07-17 20:32:52 +0200910For running config and analytics db clusters on same hosts, you will need to
911change ports not to collide. The host is required.
912
913 database:
914 ....
915 bind:
916 host: 127.0.0.1
917 port: 9042
918 rpc_port: 9160
919 # for containers we need to move configdb to neighbouring ports
920 port_configdb: 9041
921 rpc_port_configdb: 9161
922 ....
923
924
Petr Jedinýffbe2082017-03-07 00:56:47 +0100925OpenContrail WebUI version >= 3.1.1
926-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200927For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100928
929For appropriate node at class level:
930
931.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200932
Petr Jedinýffbe2082017-03-07 00:56:47 +0100933 opencontrail:
934 ....
935 web:
936 database:
937 port: 9042
938 ....
939
940
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100941RabbitMQ HA hosts
942------------------
943
944.. code-block:: yaml
945
946 opencontrail:
947 config:
948 message_queue:
949 engine: rabbitmq
950 members:
951 - host: 10.0.16.1
952 - host: 10.0.16.2
953 - host: 10.0.16.3
954 port: 5672
955
956.. code-block:: yaml
957
958 database:
959 ....
960 bind:
961 interface: eth0
962 port: 9042
963 rpc_port: 9160
964 ....
965
Jakub Pavlike3590062017-02-20 23:32:57 +0100966DPDK vRouter
967-------------
968
969.. code-block:: yaml
970
971 opencontrail:
972 compute:
973 dpdk:
974 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100975 taskset: "0x0000003C00003C"
976 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100977 interface:
978 mac_address: 90:e2:ba:7c:22:e1
979 pci: 0000:81:00.1
980 ...
981
Petr Jedinýe9960762018-05-04 17:36:59 +0200982Increase number of contrail-api workers
983---------------------------------------
984
985.. code-block:: yaml
986
987 opencontrail:
988 ...
989 config:
Svimbaca9fa5b2018-09-19 14:31:34 +0200990 api:
991 workers_count: 3
Petr Jedinýe9960762018-05-04 17:36:59 +0200992 ...
993
Marek Celouddbba7ed2017-12-07 10:36:24 +0100994Increase number of alarm-gen workers
995------------------------------------
996
997Port prefix will increment used ports by workers starting with 5901.
998
999.. code-block:: yaml
1000
1001 collector:
1002 alarm_gen:
1003 workers: 1
1004 port_prefix: 59
1005
Ales Komarekad46d2e2017-03-09 17:16:38 +01001006Contrail client
1007---------------
1008
1009Basic parameters with identity and host configs
1010
Petr Jediný78e6f422017-06-01 13:24:49 +02001011.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001012
1013 opencontrail:
1014 client:
1015 identity:
1016 user: admin
1017 project: admin
1018 password: adminpass
1019 host: keystone_host
1020 config:
1021 host: contrail_api_host
1022 port: contrail_api_ort
1023
1024Enforcing virtual routers
1025
Petr Jediný78e6f422017-06-01 13:24:49 +02001026.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001027
1028 opencontrail:
1029 client:
1030 ...
1031 virtual_router:
1032 cmp01:
1033 ip_address: 172.16.0.11
1034 dpdk_enabled: True
1035 cmp02:
1036 ip_address: 172.16.0.12
1037 dpdk_enabled: True
1038
psvimbersky3c84e272018-01-02 10:34:29 +01001039
1040Enforcing global system config
1041
1042.. code-block:: yaml
1043
1044 opencontrail:
1045 client:
1046 ...
1047 global_system_config:
1048 name: default-global-system-config
1049 asn: 64512
1050 grp:
1051 enable: true
1052 restart_time: 60
1053 end_of_rib_timeout: 30
1054 bgp_helper_enable: false
1055 xmpp_helper_enable: false
1056 long_lived_restart_time: 300
1057
1058
Pavel Svimbersky13cda442017-09-14 14:46:13 +02001059Enforcing global vrouter config
1060
1061.. code-block:: yaml
1062
1063 opencontrail:
1064 client:
1065 ...
1066 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +01001067 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +02001068 parent_type: global-system-config
1069 encap_priority: "MPLSoUDP,MPLSoGRE"
1070 vxlan_vn_id_mode: automatic
1071 fq_names:
1072 - 'default-global-system-config'
1073 - 'default-global-vrouter-config'
1074
psvimbersky3c84e272018-01-02 10:34:29 +01001075
1076
Ales Komarekad46d2e2017-03-09 17:16:38 +01001077Enforcing control nodes
1078
Petr Jediný78e6f422017-06-01 13:24:49 +02001079.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001080
1081 opencontrail:
1082 client:
1083 ...
1084 bgp_router:
1085 ntw01:
1086 type: control-node
1087 ip_address: 172.16.0.11
1088 nwt02:
1089 type: control-node
1090 ip_address: 172.16.0.12
1091 nwt03:
1092 type: control-node
1093 ip_address: 172.16.0.13
1094
1095
1096Enforcing edge BGP routers
1097
Petr Jediný78e6f422017-06-01 13:24:49 +02001098.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001099
1100 opencontrail:
1101 client:
1102 ...
1103 bgp_router:
1104 mx01:
1105 type: router
1106 ip_address: 172.16.0.21
1107 asn: 64512
1108 mx02:
1109 type: router
1110 ip_address: 172.16.0.22
1111 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +01001112 key_type: md5
1113 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +01001114
1115Enforcing config nodes
1116
Petr Jediný78e6f422017-06-01 13:24:49 +02001117.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001118
1119 opencontrail:
1120 client:
1121 ...
1122 config_node:
1123 ctl01:
1124 ip_address: 172.16.0.21
1125 ctl02:
1126 ip_address: 172.16.0.22
1127
1128Enforcing database nodes
1129
Petr Jediný78e6f422017-06-01 13:24:49 +02001130.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001131
1132 opencontrail:
1133 client:
1134 ...
1135 database_node:
1136 ntw01:
1137 ip_address: 172.16.0.21
1138 ntw02:
1139 ip_address: 172.16.0.22
1140
1141Enforcing analytics nodes
1142
Petr Jediný78e6f422017-06-01 13:24:49 +02001143.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001144
1145 opencontrail:
1146 client:
1147 ...
1148 analytics_node:
1149 nal01:
1150 ip_address: 172.16.0.31
1151 nal02:
1152 ip_address: 172.16.0.32
1153
Petr Jediný5f3efe32017-05-26 17:55:09 +02001154Enforcing Link Local Services
1155
1156.. code-block:: yaml
1157
1158 opencontrail:
1159 client:
1160 ...
1161 linklocal_service:
1162 # example with dns name address (only one permited)
1163 meta1:
1164 lls_ip: 10.0.0.23
1165 lls_port: 80
1166 ipf_addresses: "meta.example.com"
1167 ipf_port: 80
1168 # example with multiple ip addresses
1169 meta2:
1170 lls_ip: 10.0.0.23
1171 lls_port: 80
1172 ipf_addresses:
1173 - 10.10.10.10
1174 - 10.20.20.20
1175 - 10.30.30.30
1176 ipf_port: 80
1177 # example with one ip address
1178 meta3:
1179 lls_ip: 10.0.0.23
1180 lls_port: 80
1181 ipf_addresses:
1182 - 10.10.10.10
1183 ipf_port: 80
1184 # example with name override
1185 lls_meta4:
1186 name: meta4
1187 lls_ip: 10.0.0.23
1188 lls_port: 80
1189 ipf_addresses:
1190 - 10.10.10.10
1191 ipf_port: 80
1192
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001193
Michel Nederloff5bccda2017-11-20 13:31:38 +01001194Configuring OpenStack default quotasx
1195
1196.. code-block:: yaml
1197 config:
1198 quota:
1199 network: 5
1200 subnet: 10
1201 router: 10
1202 floating_ip: 100
1203 secgroup: 1000
1204 secgroup_rule: 1000
1205 port: 1000
1206 pool: -1
1207 member: -1
1208 health_monitor: -1
1209 vip: -1
1210
1211Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +02001212
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001213.. code-block:: yaml
1214
1215 opencontrail:
1216 client:
1217 ...
1218 physical_router:
1219 router1:
1220 name: router1
1221 dataplane_ip: 1.2.3.4
1222 management_ip: 1.2.3.4
1223 vendor_name: ovs
1224 product_name: ovs
1225 agents:
1226 - tsn0-0
1227 - tsn0
1228
1229Enforcing physical/logical interfaces for routers
1230
1231
1232.. code-block:: yaml
1233
1234 opencontrail
1235 client:
1236 ...
1237 physical_router:
1238 router1:
1239 ...
1240 interface:
1241 port1:
1242 name: port1
1243 logical_interface:
1244 port1_l:
1245 name: 'port1.0'
1246 vlan_tag: 0
1247 interface_type: L2
1248 virtual_machine_interface:
1249 port1_port:
1250 name: port1_port
1251 ip_address: 192.168.90.107
1252 mac_address: '2e:92:a8:af:c2:21'
1253 security_group: 'default'
1254 virtual_network: 'virtual-network'
1255
Jan Cachebfed1c2018-01-09 17:21:35 +01001256Enforcing virtual networks
1257
1258
1259.. code-block:: yaml
1260
1261 opencontrail:
1262 client:
1263 virtual_networks:
1264 net01:
1265 name: 'network01'
1266 ip_address: '172.16.111.0'
1267 ip_prefix: 24
1268 asn: 64512
1269 route_target: 10000
1270 external: True
1271 allow_transit: False
1272 forwarding_mode: 'l2_l3'
1273 rpf: 'disable'
1274 mirror_destination: False
1275 domain: 'default-domain'
1276 project: 'admin'
1277 ipam_domain: 'default-domain'
1278 ipam_project: 'default-project'
1279 ipam_name: 'default-network-ipam'
1280 net02:
1281 name: 'network02'
1282 net03:
1283 name: 'network03'
1284
Ales Komarekad46d2e2017-03-09 17:16:38 +01001285
Jan Cachb3092722018-01-31 12:46:16 +01001286Enforcing floating ip pool setings.
1287
1288Virtual network with flag external needs to be created before managing the floating ip pool.
1289Param vn_name is the name of the external network.
1290
1291.. code-block:: yaml
1292
1293 opencontrail:
1294 client:
1295 floating_ip_pools:
1296 pool1:
1297 vn_name: external-network
1298 vn_project: admin
1299 vn_domain: default-domain
1300 owner_access: 7
1301 global_access: 0
1302 list_of_projects:
1303 - [tenant1, 7]
1304 - [tenant2, 7]
1305 - [tenant3, 7]
1306 pool2:
1307 vn_name: floating-ips
1308 vn_project: admin
1309 vn_domain: default-domain
1310 owner_access: 7
1311 global_access: 0
1312 list_of_projects:
1313 - [tenant3, 7]
1314
1315
Pavel Cizinsky14eb00e2018-11-09 15:15:07 +01001316If you want to remove all shares from the ip floating pool, define only empty list in
Jan Cachb3092722018-01-31 12:46:16 +01001317list of projects, like this:
1318
1319.. code-block:: yaml
1320
1321 opencontrail:
1322 client:
1323 floating_ip_pools:
1324 pool1:
1325 vn_name: external-network
1326 vn_project: admin
1327 vn_domain: default-domain
1328 owner_access: 7
1329 global_access: 0
1330 list_of_projects: []
1331
1332
Michel Nederlof5364ab62017-12-11 15:02:25 +01001333Contrail DNS custom forwarders
1334------------------------------
1335
1336By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1337This can have some side-affects, like resolving internal DNS entries on you public instances.
1338
1339In order to overrule this default set, you can configure nameservers using pillar data.
1340The formula is then responsible for configuring and generating a alternate resolv.conf file.
1341
1342Note: this has been patched recently in the Contrail distribution of Mirantis:
1343https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1344https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1345
1346
1347To change forwarders for the default-dns option (which is handled by compute nodes):
1348
1349.. code-block:: yaml
1350
1351 compute:
1352 ....
1353 dns:
1354 forwarders:
1355 - 8.8.8.8
1356 - 8.8.4.4
1357 ....
1358
1359To change forwarders for vDNS zones (handled by control nodes):
1360
1361.. code-block:: yaml
1362
1363 control:
1364 ....
1365 dns:
1366 forwarders:
1367 - 8.8.8.8
1368 - 8.8.4.4
1369 ....
1370
Petr Jediný04bed9b2018-05-03 19:44:10 +02001371Contrail IF-MAP server configuration
1372------------------------------------
1373
1374Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1375by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1376``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1377same process as contrail-api and will generate security certificates in specified folder.
1378
1379.. code-block:: yaml
1380
1381 config:
1382 ....
1383 ifmap:
1384 engine: internal
1385 cert_dir: /etc/contrail/ssl/certs/ # default
1386 basename_cert: ifmap.crt # default
1387 basename_key: ifmap.key # default
1388 ....
1389
1390To set static configuration of the IF-MAP server for contrail-control instead of using
1391discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1392is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1393
1394.. code-block:: yaml
1395 control:
1396 ....
1397 ifmap
1398 bind:
1399 host: 127.0.0.1
1400 port: 8443
1401 ....
1402
Jan Cach2f99ae82018-10-03 19:50:09 +02001403Configure TCP_TW_RECYCLE in kernel
1404------------------------------------
Petr Jediný04bed9b2018-05-03 19:44:10 +02001405
Jan Cach2f99ae82018-10-03 19:50:09 +02001406Enable fast recycling of TIME-WAIT sockets. To enable set parameter to 1, which is
1407default value in formula. To turn off this option set parameter to 0:
1408
1409.. code-block:: yaml
1410
1411 opencontrail:
1412 ....
1413 common
1414 ....
1415 tcp_tw_recycle: 0
1416 ....
Michel Nederloff5bccda2017-11-20 13:31:38 +01001417
Anton Samoylov28ad4fa2018-10-02 14:45:41 +04001418Define extra states for contrail services health check
1419------------------------------------------------------
1420
1421Service health check procedure verifies that all available contrail services are in ``active``
1422state.
1423Additional states could be defined for every service as expected states for validation procedure.
1424
1425.. code-block:: yaml
1426
1427 config:
1428 ....
1429 services_extra_states:
1430 contrail-schema:
1431 - backup
1432 contrail-device-manager
1433 - backup
1434 contrail-svc-monitor:
1435 - backup
1436 ....
1437
1438``contrail-schema``, ``contrail-device-manager`` and ``contrail-svc-monitor`` config services already
1439have additional ``backup`` state by default.
1440
Filip Pytloun27930402015-10-06 16:28:32 +02001441Usage
1442=====
1443
1444Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +01001445------------------
Filip Pytloun27930402015-10-06 16:28:32 +02001446
1447Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +01001448
1449.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001450
1451 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1452
Ales Komarekad46d2e2017-03-09 17:16:38 +01001453Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +02001454
Ales Komarekad46d2e2017-03-09 17:16:38 +01001455.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001456
1457 yum install contrail-vrouter contrail-openstack-vrouter
1458
1459 salt-call state.sls nova,opencontrail
1460
1461Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +02001462
Ales Komarekad46d2e2017-03-09 17:16:38 +01001463.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001464
1465 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1466
1467 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1468
1469 reboot
1470
Aleš Komáreka3314b22017-04-11 13:46:06 +02001471Debugging
1472---------
Filip Pytloun27930402015-10-06 16:28:32 +02001473
1474Display vhost XMPP connection status
1475
1476You should see the correct controller_ip and state should be established.
1477
1478 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1479
1480Display vrouter interface status
1481
1482When vrf_name = ---ERROR--- then something goes wrong
1483
1484 http://<compute-node>:8085/Snh_ItfReq?name=
1485
1486Display IF MAP table
1487
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001488Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +02001489
1490 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1491
1492Trace XMPP requests
1493
1494 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace