blob: 825b1c0b2bc936b801e70ec785ed290a07351940 [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +02001====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +02004
Jakub Pavlik01fe5372016-05-20 11:23:28 +02005Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +020012
Jiri Konecny463dee52016-03-03 11:08:46 +010013
Petr Michalec579e64d2017-03-24 12:54:29 +010014Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +020016
Petr Michalec579e64d2017-03-24 12:54:29 +010017Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +020036Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +020037==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +010039Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +020089 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +010092 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
125 discovery:
126 host: 127.0.0.1
127 data_ttl: 2
128 database:
129 members:
130 - host: 127.0.0.1
131 port: 9160
132 database:
133 version: 2.2
134 cassandra:
135 version: 2
136 enabled: true
137 minimum_disk: 10
138 name: 'Contrail'
139 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300140 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300141 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100142 data_dirs:
143 - /var/lib/cassandra
144 id: 1
145 discovery:
146 host: 127.0.0.1
147 bind:
148 host: 127.0.0.1
149 port: 9042
150 rpc_port: 9160
151 members:
152 - host: 127.0.0.1
153 id: 1
154 web:
155 version: 2.2
156 enabled: True
157 bind:
158 address: 127.0.0.1
159 analytics:
160 host: 127.0.0.1
161 master:
162 host: 127.0.0.1
163 cache:
164 engine: redis
165 host: 127.0.0.1
166 port: 6379
167 members:
168 - host: 127.0.0.1
169 id: 1
170 identity:
171 engine: keystone
172 version: '2.0'
173 host: 127.0.0.1
174 port: 35357
175 user: admin
176 password: password
177 token: token
178 tenant: admin
179
180
181All-in-one cluster
182~~~~~~~~~~~~~~~~~~
183
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200184Config, control, analytics, database, web -- altogether, clustered on multiple
185nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100186
187.. code-block:: yaml
188
189 opencontrail:
190 common:
191 version: 2.2
192 source:
193 engine: pkg
194 address: http://mirror.robotice.cz/contrail-havana/
195 identity:
196 engine: keystone
197 host: 127.0.0.1
198 port: 35357
199 token: token
200 password: password
201 network:
202 engine: neutron
203 host: 127.0.0.1
204 port: 9696
205 config:
206 version: 2.2
207 enabled: true
208 network:
209 engine: neutron
210 host: 127.0.0.1
211 port: 9696
212 discovery:
213 host: 127.0.0.1
214 analytics:
215 host: 127.0.0.1
216 bind:
217 address: 127.0.0.1
218 message_queue:
219 engine: rabbitmq
220 host: 127.0.0.1
221 port: 5672
222 database:
223 members:
224 - host: 127.0.0.1
225 port: 9160
226 - host: 127.0.0.1
227 port: 9160
228 - host: 127.0.0.1
229 port: 9160
230 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200231 members:
232 - host: 127.0.0.1
233 port: 11211
234 - host: 127.0.0.1
235 port: 11211
236 - host: 127.0.0.1
237 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100238 identity:
239 engine: keystone
240 version: '2.0'
241 region: RegionOne
242 host: 127.0.0.1
243 port: 35357
244 user: admin
245 password: password
246 token: token
247 tenant: admin
248 members:
249 - host: 127.0.0.1
250 id: 1
251 - host: 127.0.0.1
252 id: 2
253 - host: 127.0.0.1
254 id: 3
255 control:
256 version: 2.2
257 enabled: true
258 bind:
259 address: 127.0.0.1
260 discovery:
261 host: 127.0.0.1
262 master:
263 host: 127.0.0.1
264 members:
265 - host: 127.0.0.1
266 id: 1
267 - host: 127.0.0.1
268 id: 2
269 - host: 127.0.0.1
270 id: 3
271 collector:
272 version: 2.2
273 enabled: true
274 bind:
275 address: 127.0.0.1
276 master:
277 host: 127.0.0.1
278 discovery:
279 host: 127.0.0.1
280 data_ttl: 1
281 database:
282 members:
283 - host: 127.0.0.1
284 port: 9160
285 - host: 127.0.0.1
286 port: 9160
287 - host: 127.0.0.1
288 port: 9160
289 database:
290 version: 2.2
291 cassandra:
292 version: 2
293 enabled: true
294 name: 'Contrail'
295 minimum_disk: 10
296 original_token: 0
297 data_dirs:
298 - /var/lib/cassandra
299 id: 1
300 discovery:
301 host: 127.0.0.1
302 bind:
303 host: 127.0.0.1
304 port: 9042
305 rpc_port: 9160
306 members:
307 - host: 127.0.0.1
308 id: 1
309 - host: 127.0.0.1
310 id: 2
311 - host: 127.0.0.1
312 id: 3
313 web:
314 version: 2.2
315 enabled: True
316 bind:
317 address: 127.0.0.1
318 master:
319 host: 127.0.0.1
320 analytics:
321 host: 127.0.0.1
322 cache:
323 engine: redis
324 host: 127.0.0.1
325 port: 6379
326 members:
327 - host: 127.0.0.1
328 id: 1
329 - host: 127.0.0.1
330 id: 2
331 - host: 127.0.0.1
332 id: 3
333 identity:
334 engine: keystone
335 version: '2.0'
336 host: 127.0.0.1
337 port: 35357
338 user: admin
339 password: password
340 token: token
341 tenant: admin
342
343
344Separated analytics from control and config
345~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
346
347Config, control, database, web.
348
349.. code-block:: yaml
350
351 opencontrail:
352 common:
353 version: 2.2
354 identity:
355 engine: keystone
356 host: 127.0.0.1
357 port: 35357
358 token: token
359 password: password
360 network:
361 engine: neutron
362 host: 127.0.0.1
363 port: 9696
364 config:
365 version: 2.2
366 enabled: true
367 network:
368 engine: neutron
369 host: 127.0.0.1
370 port: 9696
371 discovery:
372 host: 127.0.0.1
373 analytics:
374 host: 127.0.0.1
375 bind:
376 address: 127.0.0.1
377 message_queue:
378 engine: rabbitmq
379 host: 127.0.0.1
380 port: 5672
381 database:
382 members:
383 - host: 127.0.0.1
384 port: 9160
385 - host: 127.0.0.1
386 port: 9160
387 - host: 127.0.0.1
388 port: 9160
389 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200390 members:
391 - host: 127.0.0.1
392 port: 11211
393 - host: 127.0.0.1
394 port: 11211
395 - host: 127.0.0.1
396 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100397 identity:
398 engine: keystone
399 version: '2.0'
400 region: RegionOne
401 host: 127.0.0.1
402 port: 35357
403 user: admin
404 password: password
405 token: token
406 tenant: admin
407 members:
408 - host: 127.0.0.1
409 id: 1
410 - host: 127.0.0.1
411 id: 2
412 - host: 127.0.0.1
413 id: 3
414 control:
415 version: 2.2
416 enabled: true
417 bind:
418 address: 127.0.0.1
419 discovery:
420 host: 127.0.0.1
421 master:
422 host: 127.0.0.1
423 members:
424 - host: 127.0.0.1
425 id: 1
426 - host: 127.0.0.1
427 id: 2
428 - host: 127.0.0.1
429 id: 3
430 database:
431 version: 127.0.0.1
432 cassandra:
433 version: 2
434 enabled: true
435 name: 'Contrail'
436 minimum_disk: 10
437 original_token: 0
438 data_dirs:
439 - /var/lib/cassandra
440 id: 1
441 discovery:
442 host: 127.0.0.1
443 bind:
444 host: 127.0.0.1
445 port: 9042
446 rpc_port: 9160
447 members:
448 - host: 127.0.0.1
449 id: 1
450 - host: 127.0.0.1
451 id: 2
452 - host: 127.0.0.1
453 id: 3
454 web:
455 version: 2.2
456 enabled: True
457 bind:
458 address: 127.0.0.1
459 analytics:
460 host: 127.0.0.1
461 master:
462 host: 127.0.0.1
463 cache:
464 engine: redis
465 host: 127.0.0.1
466 port: 6379
467 members:
468 - host: 127.0.0.1
469 id: 1
470 - host: 127.0.0.1
471 id: 2
472 - host: 127.0.0.1
473 id: 3
474 identity:
475 engine: keystone
476 version: '2.0'
477 host: 127.0.0.1
478 port: 35357
479 user: admin
480 password: password
481 token: token
482 tenant: admin
483
Jiri Konecny463dee52016-03-03 11:08:46 +0100484Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100485
486Analytics and database on an analytic node(s)
487
488.. code-block:: yaml
489
490 opencontrail:
491 common:
492 version: 2.2
493 identity:
494 engine: keystone
495 host: 127.0.0.1
496 port: 35357
497 token: token
498 password: password
499 network:
500 engine: neutron
501 host: 127.0.0.1
502 port: 9696
503 collector:
504 version: 2.2
505 enabled: true
506 bind:
507 address: 127.0.0.1
508 master:
509 host: 127.0.0.1
510 discovery:
511 host: 127.0.0.1
512 data_ttl: 1
513 database:
514 members:
515 - host: 127.0.0.1
516 port: 9160
517 - host: 127.0.0.1
518 port: 9160
519 - host: 127.0.0.1
520 port: 9160
521 database:
522 version: 2.2
523 cassandra:
524 version: 2
525 enabled: true
526 name: 'Contrail'
527 minimum_disk: 10
528 original_token: 0
529 data_dirs:
530 - /var/lib/cassandra
531 id: 1
532 discovery:
533 host: 127.0.0.1
534 bind:
535 host: 127.0.0.1
536 port: 9042
537 rpc_port: 9160
538 members:
539 - host: 127.0.0.1
540 id: 1
541 - host: 127.0.0.1
542 id: 2
543 - host: 127.0.0.1
544 id: 3
545
546
547Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200548-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100549
550Vrouter configuration on a compute node(s)
551
552.. code-block:: yaml
553
554 opencontrail:
555 common:
556 version: 2.2
557 identity:
558 engine: keystone
559 host: 127.0.0.1
560 port: 35357
561 token: token
562 password: password
563 network:
564 engine: neutron
565 host: 127.0.0.1
566 port: 9696
567 compute:
568 version: 2.2
569 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300570 hostname: node-12.domain.tld
Jiri Konecny463dee52016-03-03 11:08:46 +0100571 discovery:
572 host: 127.0.0.1
573 interface:
574 address: 127.0.0.1
575 dev: eth0
576 gateway: 127.0.0.1
577 mask: /24
578 dns: 127.0.0.1
579 mtu: 9000
580
Petr Jediný5f3008a2017-07-31 15:04:05 +0200581
582Compute nodes with gateway_mode
583-------------------------------
584
585Gateway mode: can be server/ vcpe (default is none)
586
587.. code-block:: yaml
588
589 opencontrail:
590 compute:
591 gateway_mode: server
592
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300593TSN nodes
594---------
595
596Configure TSN nodes
597
598.. code-block:: yaml
599
600 opencontrail:
601 compute:
602 enabled: true
603 tor:
604 enabled: true
605 bind:
606 port: 8086
607 agent:
608 tor01:
609 id: 0
610 port: 6632
611 host: 127.0.0.1
612 address: 127.0.0.1
613
Petr Jediný5f3008a2017-07-31 15:04:05 +0200614
Andreyeff77ac2017-08-25 12:14:06 -0500615Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200616--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500617
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200618In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500619instance metadata, metadata_proxy_secret in the Vrouter agent config
620should match the value in nova.conf. The administrator should define
621it in the pillar:
622
623.. code-block:: yaml
624
625 opencontrail:
626 compute:
627 metadata:
628 secret: opencontrail
629
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200630Add auth info for Barbican on compute nodes
631-------------------------------------------
632
633.. code-block:: yaml
634
635 opencontrail:
636 compute:
637 lbaas:
638 enabled: true
639 secret_manager:
640 engine: barbican
641 identity:
642 user: admin
643 password: "supersecretpassword123"
644 tenant: admin
645
646
Jakub Pavlik735005f2016-02-26 15:54:53 +0100647Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200648-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100649
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200650To enable support for keystone v3 in opencontrail, there must be defined
651version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100652
653.. code-block:: yaml
654
655 opencontrail:
656 config:
657 version: 2.2
658 enabled: true
659 ...
660 identity:
661 engine: keystone
662 version: '3'
663 ...
664
665 opencontrail:
666 web:
667 version: 2.2
668 enabled: true
669 ...
670 identity:
671 engine: keystone
672 version: '3'
673 ...
674
marco10cc2212016-04-03 14:21:54 +0200675Without Keystone
676----------------
677
678.. code-block:: yaml
679
680 opencontrail:
681 ...
682 common:
683 ...
684 identity:
685 engine: none
686 token: none
687 password: none
688 ...
689 config:
690 ...
691 identity:
692 engine: none
693 password: none
694 token: none
695 ...
696 web:
697 ...
698 identity:
699 engine: none
700 password: none
701 token: none
702 ...
marcof5461712016-04-04 20:49:36 +0200703
Aleš Komáreka3314b22017-04-11 13:46:06 +0200704Kubernetes support
705------------------
706
marcof5461712016-04-04 20:49:36 +0200707Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200708
709Vrouter configuration on a kubernetes node(s)
710
711.. code-block:: yaml
712
713 opencontrail:
714 ...
715 compute:
716 engine: kubernetes
717 ...
718
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100719vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100720
721Separate XMPP traffic from dataplane interface.
722
723.. code-block:: yaml
724
725 opencontrail:
726 compute:
727 bind:
728 address: 172.16.0.50
729 ...
730
Petr Jediný439fab32017-07-10 14:33:09 +0200731Override RPF default in Contrail API
732------------------------------------
733
734From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
735created virtual networks. This can be useful for usecases like running
736Calico and K8S in overlay. The `override_rpf_default_by` has valid values
737`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
738default - currently `enable`.
739
740.. code-block:: yaml
741
742 opencontrail:
743 ...
744 config:
745 override_rpf_default_by: 'disable'
746 ...
747
Petr Jediný01c18822017-11-15 12:30:53 +0100748Cassandra GC logging
749--------------------
750
751From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
752The behavior is controlled by `cassandra_gc_logging`. Valid values are
753'rotation' (default), 'legacy' and false.
754
755- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
756files automatically.
757- 'legacy' is a way to support older JDKs and you will need to handle logs by
758other means. This can be handled for example by using
759`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
760- false will disable the cassandra gc logging
761
762.. code-block:: yaml
763
764 opencontrail:
765 ...
766 database:
767 cassandra_gc_logging: false
768 ...
769
Petr Jediný439fab32017-07-10 14:33:09 +0200770
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200771Disable Contrail API authentication
772-----------------------------------
773
Petr Jediný78e6f422017-06-01 13:24:49 +0200774Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200775
776.. code-block:: yaml
777
778 opencontrail:
779 ...
780 config:
781 multi_tenancy: false
782 ...
783
Marek Celoudae98c642018-01-31 12:43:42 +0100784Enable RBAC
785-----------
786
787
788.. code-block:: yaml
789
790 opencontrail:
791 ...
792 config:
793 aaa_mode: rbac
794 cloud_admin_role: admin
795 global_read_only_role: member
796 ...
797
Petr Jediný78e6f422017-06-01 13:24:49 +0200798Switch from on demand to periodic keystone sync
799-----------------------------------------------
800
801This can be useful when you want to sync projects from OpenStack to Contrail
802automatically. The period of sync is 60s.
803
804.. code-block:: yaml
805
806 opencontrail:
807 ...
808 config:
809 identity:
810 sync_on_demand: false
811 ...
812
marco2502e052016-05-31 22:53:54 +0200813Cassandra listen interface
Petr Jedinýffbe2082017-03-07 00:56:47 +0100814--------------------------
marco2502e052016-05-31 22:53:54 +0200815
816.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300817
marco2502e052016-05-31 22:53:54 +0200818 database:
819 ....
820 bind:
821 interface: eth0
822 port: 9042
823 rpc_port: 9160
824 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200825
Petr Jedinýffbe2082017-03-07 00:56:47 +0100826OpenContrail WebUI version >= 3.1.1
827-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200828For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100829
830For appropriate node at class level:
831
832.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200833
Petr Jedinýffbe2082017-03-07 00:56:47 +0100834 opencontrail:
835 ....
836 web:
837 database:
838 port: 9042
839 ....
840
841
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100842RabbitMQ HA hosts
843------------------
844
845.. code-block:: yaml
846
847 opencontrail:
848 config:
849 message_queue:
850 engine: rabbitmq
851 members:
852 - host: 10.0.16.1
853 - host: 10.0.16.2
854 - host: 10.0.16.3
855 port: 5672
856
857.. code-block:: yaml
858
859 database:
860 ....
861 bind:
862 interface: eth0
863 port: 9042
864 rpc_port: 9160
865 ....
866
Jakub Pavlike3590062017-02-20 23:32:57 +0100867DPDK vRouter
868-------------
869
870.. code-block:: yaml
871
872 opencontrail:
873 compute:
874 dpdk:
875 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100876 taskset: "0x0000003C00003C"
877 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100878 interface:
879 mac_address: 90:e2:ba:7c:22:e1
880 pci: 0000:81:00.1
881 ...
882
Petr Jedinýe9960762018-05-04 17:36:59 +0200883Increase number of contrail-api workers
884---------------------------------------
885
886.. code-block:: yaml
887
888 opencontrail:
889 ...
890 config:
891 api_workers: 3
892 ...
893
Marek Celouddbba7ed2017-12-07 10:36:24 +0100894Increase number of alarm-gen workers
895------------------------------------
896
897Port prefix will increment used ports by workers starting with 5901.
898
899.. code-block:: yaml
900
901 collector:
902 alarm_gen:
903 workers: 1
904 port_prefix: 59
905
Ales Komarekad46d2e2017-03-09 17:16:38 +0100906Contrail client
907---------------
908
909Basic parameters with identity and host configs
910
Petr Jediný78e6f422017-06-01 13:24:49 +0200911.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100912
913 opencontrail:
914 client:
915 identity:
916 user: admin
917 project: admin
918 password: adminpass
919 host: keystone_host
920 config:
921 host: contrail_api_host
922 port: contrail_api_ort
923
924Enforcing virtual routers
925
Petr Jediný78e6f422017-06-01 13:24:49 +0200926.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100927
928 opencontrail:
929 client:
930 ...
931 virtual_router:
932 cmp01:
933 ip_address: 172.16.0.11
934 dpdk_enabled: True
935 cmp02:
936 ip_address: 172.16.0.12
937 dpdk_enabled: True
938
psvimbersky3c84e272018-01-02 10:34:29 +0100939
940Enforcing global system config
941
942.. code-block:: yaml
943
944 opencontrail:
945 client:
946 ...
947 global_system_config:
948 name: default-global-system-config
949 asn: 64512
950 grp:
951 enable: true
952 restart_time: 60
953 end_of_rib_timeout: 30
954 bgp_helper_enable: false
955 xmpp_helper_enable: false
956 long_lived_restart_time: 300
957
958
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200959Enforcing global vrouter config
960
961.. code-block:: yaml
962
963 opencontrail:
964 client:
965 ...
966 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +0100967 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +0200968 parent_type: global-system-config
969 encap_priority: "MPLSoUDP,MPLSoGRE"
970 vxlan_vn_id_mode: automatic
971 fq_names:
972 - 'default-global-system-config'
973 - 'default-global-vrouter-config'
974
psvimbersky3c84e272018-01-02 10:34:29 +0100975
976
Ales Komarekad46d2e2017-03-09 17:16:38 +0100977Enforcing control nodes
978
Petr Jediný78e6f422017-06-01 13:24:49 +0200979.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100980
981 opencontrail:
982 client:
983 ...
984 bgp_router:
985 ntw01:
986 type: control-node
987 ip_address: 172.16.0.11
988 nwt02:
989 type: control-node
990 ip_address: 172.16.0.12
991 nwt03:
992 type: control-node
993 ip_address: 172.16.0.13
994
995
996Enforcing edge BGP routers
997
Petr Jediný78e6f422017-06-01 13:24:49 +0200998.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +0100999
1000 opencontrail:
1001 client:
1002 ...
1003 bgp_router:
1004 mx01:
1005 type: router
1006 ip_address: 172.16.0.21
1007 asn: 64512
1008 mx02:
1009 type: router
1010 ip_address: 172.16.0.22
1011 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +01001012 key_type: md5
1013 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +01001014
1015Enforcing config nodes
1016
Petr Jediný78e6f422017-06-01 13:24:49 +02001017.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001018
1019 opencontrail:
1020 client:
1021 ...
1022 config_node:
1023 ctl01:
1024 ip_address: 172.16.0.21
1025 ctl02:
1026 ip_address: 172.16.0.22
1027
1028Enforcing database nodes
1029
Petr Jediný78e6f422017-06-01 13:24:49 +02001030.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001031
1032 opencontrail:
1033 client:
1034 ...
1035 database_node:
1036 ntw01:
1037 ip_address: 172.16.0.21
1038 ntw02:
1039 ip_address: 172.16.0.22
1040
1041Enforcing analytics nodes
1042
Petr Jediný78e6f422017-06-01 13:24:49 +02001043.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001044
1045 opencontrail:
1046 client:
1047 ...
1048 analytics_node:
1049 nal01:
1050 ip_address: 172.16.0.31
1051 nal02:
1052 ip_address: 172.16.0.32
1053
Petr Jediný5f3efe32017-05-26 17:55:09 +02001054Enforcing Link Local Services
1055
1056.. code-block:: yaml
1057
1058 opencontrail:
1059 client:
1060 ...
1061 linklocal_service:
1062 # example with dns name address (only one permited)
1063 meta1:
1064 lls_ip: 10.0.0.23
1065 lls_port: 80
1066 ipf_addresses: "meta.example.com"
1067 ipf_port: 80
1068 # example with multiple ip addresses
1069 meta2:
1070 lls_ip: 10.0.0.23
1071 lls_port: 80
1072 ipf_addresses:
1073 - 10.10.10.10
1074 - 10.20.20.20
1075 - 10.30.30.30
1076 ipf_port: 80
1077 # example with one ip address
1078 meta3:
1079 lls_ip: 10.0.0.23
1080 lls_port: 80
1081 ipf_addresses:
1082 - 10.10.10.10
1083 ipf_port: 80
1084 # example with name override
1085 lls_meta4:
1086 name: meta4
1087 lls_ip: 10.0.0.23
1088 lls_port: 80
1089 ipf_addresses:
1090 - 10.10.10.10
1091 ipf_port: 80
1092
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001093
Michel Nederloff5bccda2017-11-20 13:31:38 +01001094Configuring OpenStack default quotasx
1095
1096.. code-block:: yaml
1097 config:
1098 quota:
1099 network: 5
1100 subnet: 10
1101 router: 10
1102 floating_ip: 100
1103 secgroup: 1000
1104 secgroup_rule: 1000
1105 port: 1000
1106 pool: -1
1107 member: -1
1108 health_monitor: -1
1109 vip: -1
1110
1111Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +02001112
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001113.. code-block:: yaml
1114
1115 opencontrail:
1116 client:
1117 ...
1118 physical_router:
1119 router1:
1120 name: router1
1121 dataplane_ip: 1.2.3.4
1122 management_ip: 1.2.3.4
1123 vendor_name: ovs
1124 product_name: ovs
1125 agents:
1126 - tsn0-0
1127 - tsn0
1128
1129Enforcing physical/logical interfaces for routers
1130
1131
1132.. code-block:: yaml
1133
1134 opencontrail
1135 client:
1136 ...
1137 physical_router:
1138 router1:
1139 ...
1140 interface:
1141 port1:
1142 name: port1
1143 logical_interface:
1144 port1_l:
1145 name: 'port1.0'
1146 vlan_tag: 0
1147 interface_type: L2
1148 virtual_machine_interface:
1149 port1_port:
1150 name: port1_port
1151 ip_address: 192.168.90.107
1152 mac_address: '2e:92:a8:af:c2:21'
1153 security_group: 'default'
1154 virtual_network: 'virtual-network'
1155
Jan Cachebfed1c2018-01-09 17:21:35 +01001156Enforcing virtual networks
1157
1158
1159.. code-block:: yaml
1160
1161 opencontrail:
1162 client:
1163 virtual_networks:
1164 net01:
1165 name: 'network01'
1166 ip_address: '172.16.111.0'
1167 ip_prefix: 24
1168 asn: 64512
1169 route_target: 10000
1170 external: True
1171 allow_transit: False
1172 forwarding_mode: 'l2_l3'
1173 rpf: 'disable'
1174 mirror_destination: False
1175 domain: 'default-domain'
1176 project: 'admin'
1177 ipam_domain: 'default-domain'
1178 ipam_project: 'default-project'
1179 ipam_name: 'default-network-ipam'
1180 net02:
1181 name: 'network02'
1182 net03:
1183 name: 'network03'
1184
Ales Komarekad46d2e2017-03-09 17:16:38 +01001185
Jan Cachb3092722018-01-31 12:46:16 +01001186Enforcing floating ip pool setings.
1187
1188Virtual network with flag external needs to be created before managing the floating ip pool.
1189Param vn_name is the name of the external network.
1190
1191.. code-block:: yaml
1192
1193 opencontrail:
1194 client:
1195 floating_ip_pools:
1196 pool1:
1197 vn_name: external-network
1198 vn_project: admin
1199 vn_domain: default-domain
1200 owner_access: 7
1201 global_access: 0
1202 list_of_projects:
1203 - [tenant1, 7]
1204 - [tenant2, 7]
1205 - [tenant3, 7]
1206 pool2:
1207 vn_name: floating-ips
1208 vn_project: admin
1209 vn_domain: default-domain
1210 owner_access: 7
1211 global_access: 0
1212 list_of_projects:
1213 - [tenant3, 7]
1214
1215
1216If you want to remove all shares from the ip floating pool, define only empty list in
1217list of projects, like this:
1218
1219.. code-block:: yaml
1220
1221 opencontrail:
1222 client:
1223 floating_ip_pools:
1224 pool1:
1225 vn_name: external-network
1226 vn_project: admin
1227 vn_domain: default-domain
1228 owner_access: 7
1229 global_access: 0
1230 list_of_projects: []
1231
1232
Michel Nederlof5364ab62017-12-11 15:02:25 +01001233Contrail DNS custom forwarders
1234------------------------------
1235
1236By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1237This can have some side-affects, like resolving internal DNS entries on you public instances.
1238
1239In order to overrule this default set, you can configure nameservers using pillar data.
1240The formula is then responsible for configuring and generating a alternate resolv.conf file.
1241
1242Note: this has been patched recently in the Contrail distribution of Mirantis:
1243https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1244https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1245
1246
1247To change forwarders for the default-dns option (which is handled by compute nodes):
1248
1249.. code-block:: yaml
1250
1251 compute:
1252 ....
1253 dns:
1254 forwarders:
1255 - 8.8.8.8
1256 - 8.8.4.4
1257 ....
1258
1259To change forwarders for vDNS zones (handled by control nodes):
1260
1261.. code-block:: yaml
1262
1263 control:
1264 ....
1265 dns:
1266 forwarders:
1267 - 8.8.8.8
1268 - 8.8.4.4
1269 ....
1270
Petr Jediný04bed9b2018-05-03 19:44:10 +02001271Contrail IF-MAP server configuration
1272------------------------------------
1273
1274Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1275by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1276``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1277same process as contrail-api and will generate security certificates in specified folder.
1278
1279.. code-block:: yaml
1280
1281 config:
1282 ....
1283 ifmap:
1284 engine: internal
1285 cert_dir: /etc/contrail/ssl/certs/ # default
1286 basename_cert: ifmap.crt # default
1287 basename_key: ifmap.key # default
1288 ....
1289
1290To set static configuration of the IF-MAP server for contrail-control instead of using
1291discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1292is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1293
1294.. code-block:: yaml
1295 control:
1296 ....
1297 ifmap
1298 bind:
1299 host: 127.0.0.1
1300 port: 8443
1301 ....
1302
1303
Michel Nederloff5bccda2017-11-20 13:31:38 +01001304
Filip Pytloun27930402015-10-06 16:28:32 +02001305Usage
1306=====
1307
1308Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +01001309------------------
Filip Pytloun27930402015-10-06 16:28:32 +02001310
1311Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +01001312
1313.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001314
1315 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1316
Ales Komarekad46d2e2017-03-09 17:16:38 +01001317Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +02001318
Ales Komarekad46d2e2017-03-09 17:16:38 +01001319.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001320
1321 yum install contrail-vrouter contrail-openstack-vrouter
1322
1323 salt-call state.sls nova,opencontrail
1324
1325Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +02001326
Ales Komarekad46d2e2017-03-09 17:16:38 +01001327.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001328
1329 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1330
1331 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1332
1333 reboot
1334
Aleš Komáreka3314b22017-04-11 13:46:06 +02001335Debugging
1336---------
Filip Pytloun27930402015-10-06 16:28:32 +02001337
1338Display vhost XMPP connection status
1339
1340You should see the correct controller_ip and state should be established.
1341
1342 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1343
1344Display vrouter interface status
1345
1346When vrf_name = ---ERROR--- then something goes wrong
1347
1348 http://<compute-node>:8085/Snh_ItfReq?name=
1349
1350Display IF MAP table
1351
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001352Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +02001353
1354 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1355
1356Trace XMPP requests
1357
1358 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
1359
Filip Pytlounf6b79d42017-02-02 13:02:03 +01001360
1361Documentation and Bugs
1362======================
1363
1364To learn how to install and update salt-formulas, consult the documentation
1365available online at:
1366
1367 http://salt-formulas.readthedocs.io/
1368
1369In the unfortunate event that bugs are discovered, they should be reported to
1370the appropriate issue tracker. Use Github issue tracker for specific salt
1371formula:
1372
1373 https://github.com/salt-formulas/salt-formula-opencontrail/issues
1374
1375For feature requests, bug reports or blueprints affecting entire ecosystem,
1376use Launchpad salt-formulas project:
1377
1378 https://launchpad.net/salt-formulas
1379
1380You can also join salt-formulas-users team and subscribe to mailing list:
1381
1382 https://launchpad.net/~salt-formulas-users
1383
1384Developers wishing to work on the salt-formulas projects should always base
1385their work on master branch and submit pull request against specific formula.
1386
1387 https://github.com/salt-formulas/salt-formula-opencontrail
1388
1389Any questions or feedback is always welcome so feel free to join our IRC
1390channel:
1391
1392 #salt-formulas @ irc.freenode.net