blob: b93677635503856f1a6d57acadfdba5dd363217f [file] [log] [blame]
Aleš Komáreka3314b22017-04-11 13:46:06 +02001====================
2OpenContrail Formula
3====================
Filip Pytloun27930402015-10-06 16:28:32 +02004
Jakub Pavlik01fe5372016-05-20 11:23:28 +02005Contrail Controller is an open, standards-based software solution that
6delivers network virtualization and service automation for federated cloud
7networks. It provides self-service provisioning, improves network
8troubleshooting and diagnostics, and enables service chaining for dynamic
9application environments across enterprise virtual private cloud (VPC),
10managed Infrastructure as a Service (IaaS), and Networks Functions
11Virtualization (NFV) use cases.
Filip Pytloun27930402015-10-06 16:28:32 +020012
Jiri Konecny463dee52016-03-03 11:08:46 +010013
Petr Michalec579e64d2017-03-24 12:54:29 +010014Package source
15==============
Aleš Komáreka3314b22017-04-11 13:46:06 +020016
Petr Michalec579e64d2017-03-24 12:54:29 +010017Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
18
19Differences withing the configuration and state run are controlled by
20``opencontrail.common.vendor: [opencontrail|juniper]`` pillar attribute.
21
22Default value is set to ``opencontrail``.
23
24Juniper releases tested with this formula:
25 - 3.0.2.x
26
27To use Juniper Contrail repository as a source of packages override pillar as in this example:
28
29.. code-block:: yaml
30
31 opencontrail:
32 common:
33 vendor: juniper
34
35
Aleš Komáreka3314b22017-04-11 13:46:06 +020036Sample Pillars
Filip Pytloun27930402015-10-06 16:28:32 +020037==============
38
Jiri Konecny463dee52016-03-03 11:08:46 +010039Controller nodes
40----------------
41
42There are several scenarios for OpenContrail control plane.
43
44All-in-one single
45~~~~~~~~~~~~~~~~~
46
47Config, control, analytics, database, web -- altogether on one node.
48
49.. code-block:: yaml
50
51 opencontrail:
52 common:
53 version: 2.2
54 source:
55 engine: pkg
56 address: http://mirror.robotice.cz/contrail-havana/
57 identity:
58 engine: keystone
59 host: 127.0.0.1
60 port: 35357
61 token: token
62 password: password
63 network:
64 engine: neutron
65 host: 127.0.0.1
66 port: 9696
67 config:
68 version: 2.2
69 enabled: true
70 network:
71 engine: neutron
72 host: 127.0.0.1
73 port: 9696
74 discovery:
75 host: 127.0.0.1
76 analytics:
77 host: 127.0.0.1
78 bind:
79 address: 127.0.0.1
80 message_queue:
81 engine: rabbitmq
82 host: 127.0.0.1
83 port: 5672
84 database:
85 members:
86 - host: 127.0.0.1
87 port: 9160
88 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +020089 members:
90 - host: 127.0.0.1
91 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +010092 identity:
93 engine: keystone
94 version: '2.0'
95 region: RegionOne
96 host: 127.0.0.1
97 port: 35357
98 user: admin
99 password: password
100 token: token
101 tenant: admin
102 members:
103 - host: 127.0.0.1
104 id: 1
Dmitry Stremkovskiy841fee32017-09-01 18:08:41 +0300105 rootlogger: "INFO, CONSOLE"
Jiri Konecny463dee52016-03-03 11:08:46 +0100106 control:
107 version: 2.2
108 enabled: true
109 bind:
110 address: 127.0.0.1
111 discovery:
112 host: 127.0.0.1
113 master:
114 host: 127.0.0.1
115 members:
116 - host: 127.0.0.1
117 id: 1
118 collector:
119 version: 2.2
120 enabled: true
121 bind:
122 address: 127.0.0.1
123 master:
124 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400125 contrail_cache:
126 engine: redis
127 host: 127.0.0.1
128 port: 6379
129 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100130 discovery:
131 host: 127.0.0.1
132 data_ttl: 2
133 database:
134 members:
135 - host: 127.0.0.1
136 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300137 message_queue:
138 members:
139 - host: 127.0.0.1
140 - host: 127.0.0.1
141 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100142 database:
143 version: 2.2
144 cassandra:
145 version: 2
146 enabled: true
147 minimum_disk: 10
148 name: 'Contrail'
149 original_token: 0
Dmitry Stremkovskiy2a079c72017-07-12 23:11:18 +0300150 compaction_throughput_mb_per_sec: 16
Dmitry Stremkovskiy71b310a2017-08-11 20:39:11 +0300151 concurrent_compactors: 1
Jiri Konecny463dee52016-03-03 11:08:46 +0100152 data_dirs:
153 - /var/lib/cassandra
154 id: 1
155 discovery:
156 host: 127.0.0.1
157 bind:
158 host: 127.0.0.1
159 port: 9042
160 rpc_port: 9160
161 members:
162 - host: 127.0.0.1
163 id: 1
164 web:
165 version: 2.2
166 enabled: True
167 bind:
168 address: 127.0.0.1
169 analytics:
170 host: 127.0.0.1
171 master:
172 host: 127.0.0.1
173 cache:
174 engine: redis
175 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400176 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100177 port: 6379
178 members:
179 - host: 127.0.0.1
180 id: 1
181 identity:
182 engine: keystone
183 version: '2.0'
184 host: 127.0.0.1
185 port: 35357
186 user: admin
187 password: password
188 token: token
189 tenant: admin
190
191
192All-in-one cluster
193~~~~~~~~~~~~~~~~~~
194
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200195Config, control, analytics, database, web -- altogether, clustered on multiple
196nodes.
Jiri Konecny463dee52016-03-03 11:08:46 +0100197
198.. code-block:: yaml
199
200 opencontrail:
201 common:
202 version: 2.2
203 source:
204 engine: pkg
205 address: http://mirror.robotice.cz/contrail-havana/
206 identity:
207 engine: keystone
208 host: 127.0.0.1
209 port: 35357
210 token: token
211 password: password
212 network:
213 engine: neutron
214 host: 127.0.0.1
215 port: 9696
216 config:
217 version: 2.2
218 enabled: true
219 network:
220 engine: neutron
221 host: 127.0.0.1
222 port: 9696
223 discovery:
224 host: 127.0.0.1
225 analytics:
226 host: 127.0.0.1
227 bind:
228 address: 127.0.0.1
229 message_queue:
230 engine: rabbitmq
231 host: 127.0.0.1
232 port: 5672
233 database:
234 members:
235 - host: 127.0.0.1
236 port: 9160
237 - host: 127.0.0.1
238 port: 9160
239 - host: 127.0.0.1
240 port: 9160
241 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200242 members:
243 - host: 127.0.0.1
244 port: 11211
245 - host: 127.0.0.1
246 port: 11211
247 - host: 127.0.0.1
248 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100249 identity:
250 engine: keystone
251 version: '2.0'
252 region: RegionOne
253 host: 127.0.0.1
254 port: 35357
255 user: admin
256 password: password
257 token: token
258 tenant: admin
259 members:
260 - host: 127.0.0.1
261 id: 1
262 - host: 127.0.0.1
263 id: 2
264 - host: 127.0.0.1
265 id: 3
266 control:
267 version: 2.2
268 enabled: true
269 bind:
270 address: 127.0.0.1
271 discovery:
272 host: 127.0.0.1
273 master:
274 host: 127.0.0.1
275 members:
276 - host: 127.0.0.1
277 id: 1
278 - host: 127.0.0.1
279 id: 2
280 - host: 127.0.0.1
281 id: 3
282 collector:
283 version: 2.2
284 enabled: true
285 bind:
286 address: 127.0.0.1
287 master:
288 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400289 contrail_cache:
290 engine: redis
291 host: 127.0.0.1
292 port: 6379
293 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100294 discovery:
295 host: 127.0.0.1
296 data_ttl: 1
297 database:
298 members:
299 - host: 127.0.0.1
300 port: 9160
301 - host: 127.0.0.1
302 port: 9160
303 - host: 127.0.0.1
304 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300305 message_queue:
306 members:
307 - host: 127.0.0.1
308 - host: 127.0.0.1
309 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100310 database:
311 version: 2.2
312 cassandra:
313 version: 2
314 enabled: true
315 name: 'Contrail'
316 minimum_disk: 10
317 original_token: 0
318 data_dirs:
319 - /var/lib/cassandra
320 id: 1
321 discovery:
322 host: 127.0.0.1
323 bind:
324 host: 127.0.0.1
325 port: 9042
326 rpc_port: 9160
327 members:
328 - host: 127.0.0.1
329 id: 1
330 - host: 127.0.0.1
331 id: 2
332 - host: 127.0.0.1
333 id: 3
334 web:
335 version: 2.2
336 enabled: True
337 bind:
338 address: 127.0.0.1
339 master:
340 host: 127.0.0.1
341 analytics:
342 host: 127.0.0.1
343 cache:
344 engine: redis
345 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400346 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100347 port: 6379
348 members:
349 - host: 127.0.0.1
350 id: 1
351 - host: 127.0.0.1
352 id: 2
353 - host: 127.0.0.1
354 id: 3
355 identity:
356 engine: keystone
357 version: '2.0'
358 host: 127.0.0.1
359 port: 35357
360 user: admin
361 password: password
362 token: token
363 tenant: admin
364
365
366Separated analytics from control and config
367~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
368
369Config, control, database, web.
370
371.. code-block:: yaml
372
373 opencontrail:
374 common:
375 version: 2.2
376 identity:
377 engine: keystone
378 host: 127.0.0.1
379 port: 35357
380 token: token
381 password: password
382 network:
383 engine: neutron
384 host: 127.0.0.1
385 port: 9696
386 config:
387 version: 2.2
388 enabled: true
389 network:
390 engine: neutron
391 host: 127.0.0.1
392 port: 9696
393 discovery:
394 host: 127.0.0.1
395 analytics:
396 host: 127.0.0.1
397 bind:
398 address: 127.0.0.1
399 message_queue:
400 engine: rabbitmq
401 host: 127.0.0.1
402 port: 5672
403 database:
404 members:
405 - host: 127.0.0.1
406 port: 9160
407 - host: 127.0.0.1
408 port: 9160
409 - host: 127.0.0.1
410 port: 9160
411 cache:
Jakub Pavlikd1a059e2016-07-13 23:08:33 +0200412 members:
413 - host: 127.0.0.1
414 port: 11211
415 - host: 127.0.0.1
416 port: 11211
417 - host: 127.0.0.1
418 port: 11211
Jiri Konecny463dee52016-03-03 11:08:46 +0100419 identity:
420 engine: keystone
421 version: '2.0'
422 region: RegionOne
423 host: 127.0.0.1
424 port: 35357
425 user: admin
426 password: password
427 token: token
428 tenant: admin
429 members:
430 - host: 127.0.0.1
431 id: 1
432 - host: 127.0.0.1
433 id: 2
434 - host: 127.0.0.1
435 id: 3
436 control:
437 version: 2.2
438 enabled: true
439 bind:
440 address: 127.0.0.1
441 discovery:
442 host: 127.0.0.1
443 master:
444 host: 127.0.0.1
445 members:
446 - host: 127.0.0.1
447 id: 1
448 - host: 127.0.0.1
449 id: 2
450 - host: 127.0.0.1
451 id: 3
452 database:
453 version: 127.0.0.1
454 cassandra:
455 version: 2
456 enabled: true
457 name: 'Contrail'
458 minimum_disk: 10
459 original_token: 0
460 data_dirs:
461 - /var/lib/cassandra
462 id: 1
463 discovery:
464 host: 127.0.0.1
465 bind:
466 host: 127.0.0.1
467 port: 9042
468 rpc_port: 9160
469 members:
470 - host: 127.0.0.1
471 id: 1
472 - host: 127.0.0.1
473 id: 2
474 - host: 127.0.0.1
475 id: 3
476 web:
477 version: 2.2
478 enabled: True
479 bind:
480 address: 127.0.0.1
481 analytics:
482 host: 127.0.0.1
483 master:
484 host: 127.0.0.1
485 cache:
486 engine: redis
487 host: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400488 password: guest
Jiri Konecny463dee52016-03-03 11:08:46 +0100489 port: 6379
490 members:
491 - host: 127.0.0.1
492 id: 1
493 - host: 127.0.0.1
494 id: 2
495 - host: 127.0.0.1
496 id: 3
497 identity:
498 engine: keystone
499 version: '2.0'
500 host: 127.0.0.1
501 port: 35357
502 user: admin
503 password: password
504 token: token
505 tenant: admin
506
Jiri Konecny463dee52016-03-03 11:08:46 +0100507Analytic nodes
Jiri Konecny463dee52016-03-03 11:08:46 +0100508
509Analytics and database on an analytic node(s)
510
511.. code-block:: yaml
512
513 opencontrail:
514 common:
515 version: 2.2
516 identity:
517 engine: keystone
518 host: 127.0.0.1
519 port: 35357
520 token: token
521 password: password
522 network:
523 engine: neutron
524 host: 127.0.0.1
525 port: 9696
526 collector:
527 version: 2.2
528 enabled: true
529 bind:
530 address: 127.0.0.1
Gleb Zimin27521c12018-08-21 14:48:37 +0400531 contrail_cache:
532 engine: redis
533 host: 127.0.0.1
534 password: guest
535 port: 6379
Jiri Konecny463dee52016-03-03 11:08:46 +0100536 master:
537 host: 127.0.0.1
538 discovery:
539 host: 127.0.0.1
540 data_ttl: 1
541 database:
542 members:
543 - host: 127.0.0.1
544 port: 9160
545 - host: 127.0.0.1
546 port: 9160
547 - host: 127.0.0.1
548 port: 9160
Sergey Kreysfd017c12018-05-04 18:35:37 +0300549 message_queue:
550 members:
551 - host: 127.0.0.1
552 - host: 127.0.0.1
553 - host: 127.0.0.1
Jiri Konecny463dee52016-03-03 11:08:46 +0100554 database:
555 version: 2.2
556 cassandra:
557 version: 2
558 enabled: true
559 name: 'Contrail'
560 minimum_disk: 10
561 original_token: 0
562 data_dirs:
563 - /var/lib/cassandra
564 id: 1
565 discovery:
566 host: 127.0.0.1
567 bind:
568 host: 127.0.0.1
569 port: 9042
570 rpc_port: 9160
571 members:
572 - host: 127.0.0.1
573 id: 1
574 - host: 127.0.0.1
575 id: 2
576 - host: 127.0.0.1
577 id: 3
578
579
580Compute nodes
Aleš Komáreka3314b22017-04-11 13:46:06 +0200581-------------
Jiri Konecny463dee52016-03-03 11:08:46 +0100582
583Vrouter configuration on a compute node(s)
584
585.. code-block:: yaml
586
587 opencontrail:
588 common:
589 version: 2.2
590 identity:
591 engine: keystone
592 host: 127.0.0.1
593 port: 35357
594 token: token
595 password: password
596 network:
597 engine: neutron
598 host: 127.0.0.1
599 port: 9696
600 compute:
601 version: 2.2
602 enabled: True
Dmitry Stremkovskiy0cb5c562017-07-26 00:32:51 +0300603 hostname: node-12.domain.tld
Danysa144f292018-06-26 16:08:50 +0200604 flow_hold_limit: 0
Jiri Konecny463dee52016-03-03 11:08:46 +0100605 discovery:
606 host: 127.0.0.1
607 interface:
608 address: 127.0.0.1
609 dev: eth0
610 gateway: 127.0.0.1
611 mask: /24
612 dns: 127.0.0.1
613 mtu: 9000
614
Petr Jediný5f3008a2017-07-31 15:04:05 +0200615
616Compute nodes with gateway_mode
617-------------------------------
618
619Gateway mode: can be server/ vcpe (default is none)
620
621.. code-block:: yaml
622
623 opencontrail:
624 compute:
625 gateway_mode: server
626
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300627TSN nodes
628---------
629
630Configure TSN nodes
631
632.. code-block:: yaml
633
634 opencontrail:
635 compute:
636 enabled: true
637 tor:
638 enabled: true
639 bind:
640 port: 8086
641 agent:
642 tor01:
643 id: 0
644 port: 6632
645 host: 127.0.0.1
646 address: 127.0.0.1
647
Petr Jediný5f3008a2017-07-31 15:04:05 +0200648
Andreyeff77ac2017-08-25 12:14:06 -0500649Set up metadata secret for the Vrouter
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200650--------------------------------------
Andreyeff77ac2017-08-25 12:14:06 -0500651
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200652In order to get cloud-init within the instance to properly fetch
Andreyeff77ac2017-08-25 12:14:06 -0500653instance metadata, metadata_proxy_secret in the Vrouter agent config
654should match the value in nova.conf. The administrator should define
655it in the pillar:
656
657.. code-block:: yaml
658
659 opencontrail:
660 compute:
661 metadata:
662 secret: opencontrail
663
Petr Jedinýfe51c6a2017-09-05 18:30:31 +0200664Add auth info for Barbican on compute nodes
665-------------------------------------------
666
667.. code-block:: yaml
668
669 opencontrail:
670 compute:
671 lbaas:
672 enabled: true
673 secret_manager:
674 engine: barbican
675 identity:
676 user: admin
677 password: "supersecretpassword123"
678 tenant: admin
679
680
Jakub Pavlik735005f2016-02-26 15:54:53 +0100681Keystone v3
Aleš Komáreka3314b22017-04-11 13:46:06 +0200682-----------
Jakub Pavlik735005f2016-02-26 15:54:53 +0100683
Jakub Pavlik01fe5372016-05-20 11:23:28 +0200684To enable support for keystone v3 in opencontrail, there must be defined
685version for config and web role.
Jakub Pavlik735005f2016-02-26 15:54:53 +0100686
687.. code-block:: yaml
688
689 opencontrail:
690 config:
691 version: 2.2
692 enabled: true
693 ...
694 identity:
695 engine: keystone
696 version: '3'
697 ...
698
699 opencontrail:
700 web:
701 version: 2.2
702 enabled: true
703 ...
704 identity:
705 engine: keystone
706 version: '3'
707 ...
708
marco10cc2212016-04-03 14:21:54 +0200709Without Keystone
710----------------
711
712.. code-block:: yaml
713
714 opencontrail:
715 ...
716 common:
717 ...
718 identity:
719 engine: none
720 token: none
721 password: none
722 ...
723 config:
724 ...
725 identity:
726 engine: none
727 password: none
728 token: none
729 ...
730 web:
731 ...
732 identity:
733 engine: none
734 password: none
735 token: none
736 ...
marcof5461712016-04-04 20:49:36 +0200737
Pavel Cizinsky14eb00e2018-11-09 15:15:07 +0100738XMPP Encryption
739---------------
740
741Configure encryption of XMPP
742
743Computes nodes
744~~~~~~~~~~~~~~
745
746.. code-block:: yaml
747
748 opencontrail:
749 compute:
750 xmpp:
751 tls:
752 enabled: False
753 auth:
754 enabled: False
755 (optional) cert_file: /etc/contrail/server.pem
756 (optional) key_file: /etc/contrail/privkey.pem
757 (optional) ca_cert_file: /etc/contrail/ca-cert.pem
758
759Control nodes
760~~~~~~~~~~~~~
761
762.. code-block:: yaml
763
764 opencontrail:
765 control:
766 xmpp:
767 tls:
768 enabled: False
769 auth:
770 enabled: False
771 (optional) cert_file: /etc/contrail/server.pem
772 (optional) key_file: /etc/contrail/privkey.pem
773 (optional) ca_cert_file: /etc/contrail/ca-cert.pem
774
Aleš Komáreka3314b22017-04-11 13:46:06 +0200775Kubernetes support
776------------------
777
marcof5461712016-04-04 20:49:36 +0200778Kubernetes vrouter nodes
marcof5461712016-04-04 20:49:36 +0200779
780Vrouter configuration on a kubernetes node(s)
781
782.. code-block:: yaml
783
784 opencontrail:
785 ...
786 compute:
787 engine: kubernetes
788 ...
789
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100790vRouter with separated control plane
Jakub Pavlik0d1f67e2016-11-30 10:04:13 +0100791
792Separate XMPP traffic from dataplane interface.
793
794.. code-block:: yaml
795
796 opencontrail:
797 compute:
798 bind:
799 address: 172.16.0.50
800 ...
801
Petr Jediný439fab32017-07-10 14:33:09 +0200802Override RPF default in Contrail API
803------------------------------------
804
805From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly
806created virtual networks. This can be useful for usecases like running
807Calico and K8S in overlay. The `override_rpf_default_by` has valid values
808`disable`, `enable`. If not defined, the configuration fallbacks to Contrail
809default - currently `enable`.
810
811.. code-block:: yaml
812
813 opencontrail:
814 ...
815 config:
816 override_rpf_default_by: 'disable'
817 ...
818
Petr Jediný01c18822017-11-15 12:30:53 +0100819Cassandra GC logging
820--------------------
821
822From Contrail version 3 you can set a way you want to handle Cassandra GC logs.
823The behavior is controlled by `cassandra_gc_logging`. Valid values are
824'rotation' (default), 'legacy' and false.
825
826- 'rotation' is supported by JDK 6u34 7u2 or later and handles rotation of log
827files automatically.
828- 'legacy' is a way to support older JDKs and you will need to handle logs by
829other means. This can be handled for example by using
830`- service.opencontrail.database.cassandra_log_cleanup` in your reclass model.
831- false will disable the cassandra gc logging
832
833.. code-block:: yaml
834
835 opencontrail:
836 ...
837 database:
838 cassandra_gc_logging: false
839 ...
840
Petr Jediný439fab32017-07-10 14:33:09 +0200841
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200842Disable Contrail API authentication
843-----------------------------------
844
Petr Jediný78e6f422017-06-01 13:24:49 +0200845Contrail version must >= 3.0. It is useful especially for Keystone v3.
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200846
847.. code-block:: yaml
848
849 opencontrail:
850 ...
851 config:
852 multi_tenancy: false
853 ...
854
Marek Celoudae98c642018-01-31 12:43:42 +0100855Enable RBAC
856-----------
857
858
859.. code-block:: yaml
860
861 opencontrail:
862 ...
863 config:
864 aaa_mode: rbac
865 cloud_admin_role: admin
866 global_read_only_role: member
867 ...
868
Petr Jediný78e6f422017-06-01 13:24:49 +0200869Switch from on demand to periodic keystone sync
870-----------------------------------------------
871
872This can be useful when you want to sync projects from OpenStack to Contrail
873automatically. The period of sync is 60s.
874
875.. code-block:: yaml
876
877 opencontrail:
878 ...
879 config:
880 identity:
881 sync_on_demand: false
882 ...
883
Petr Jediný03027902018-07-17 20:32:52 +0200884Cassandra listen configuration
885------------------------------
886
887Interface example:
marco2502e052016-05-31 22:53:54 +0200888
889.. code-block:: yaml
Vasyl Saienkob10b7202017-09-05 14:19:03 +0300890
marco2502e052016-05-31 22:53:54 +0200891 database:
892 ....
893 bind:
894 interface: eth0
895 port: 9042
896 rpc_port: 9160
897 ....
Jakub Pavlik6d90f362016-04-19 20:34:37 +0200898
Petr Jediný03027902018-07-17 20:32:52 +0200899For running config and analytics db clusters on same hosts, you will need to
900change ports not to collide. The host is required.
901
902 database:
903 ....
904 bind:
905 host: 127.0.0.1
906 port: 9042
907 rpc_port: 9160
908 # for containers we need to move configdb to neighbouring ports
909 port_configdb: 9041
910 rpc_port_configdb: 9161
911 ....
912
913
Petr Jedinýffbe2082017-03-07 00:56:47 +0100914OpenContrail WebUI version >= 3.1.1
915-----------------------------------
Petr Jediný78e6f422017-06-01 13:24:49 +0200916For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
Petr Jedinýffbe2082017-03-07 00:56:47 +0100917
918For appropriate node at class level:
919
920.. code-block:: yaml
Aleš Komáreka3314b22017-04-11 13:46:06 +0200921
Petr Jedinýffbe2082017-03-07 00:56:47 +0100922 opencontrail:
923 ....
924 web:
925 database:
926 port: 9042
927 ....
928
929
Jakub Pavlik9a4de012016-12-14 13:23:55 +0100930RabbitMQ HA hosts
931------------------
932
933.. code-block:: yaml
934
935 opencontrail:
936 config:
937 message_queue:
938 engine: rabbitmq
939 members:
940 - host: 10.0.16.1
941 - host: 10.0.16.2
942 - host: 10.0.16.3
943 port: 5672
944
945.. code-block:: yaml
946
947 database:
948 ....
949 bind:
950 interface: eth0
951 port: 9042
952 rpc_port: 9160
953 ....
954
Jakub Pavlike3590062017-02-20 23:32:57 +0100955DPDK vRouter
956-------------
957
958.. code-block:: yaml
959
960 opencontrail:
961 compute:
962 dpdk:
963 enabled: true
Jakub Pavlik54761d82017-03-08 11:22:37 +0100964 taskset: "0x0000003C00003C"
965 socket_mem: "1024,1024"
Jakub Pavlike3590062017-02-20 23:32:57 +0100966 interface:
967 mac_address: 90:e2:ba:7c:22:e1
968 pci: 0000:81:00.1
969 ...
970
Petr Jedinýe9960762018-05-04 17:36:59 +0200971Increase number of contrail-api workers
972---------------------------------------
973
974.. code-block:: yaml
975
976 opencontrail:
977 ...
978 config:
Svimbaca9fa5b2018-09-19 14:31:34 +0200979 api:
980 workers_count: 3
Petr Jedinýe9960762018-05-04 17:36:59 +0200981 ...
982
Marek Celouddbba7ed2017-12-07 10:36:24 +0100983Increase number of alarm-gen workers
984------------------------------------
985
986Port prefix will increment used ports by workers starting with 5901.
987
988.. code-block:: yaml
989
990 collector:
991 alarm_gen:
992 workers: 1
993 port_prefix: 59
994
Ales Komarekad46d2e2017-03-09 17:16:38 +0100995Contrail client
996---------------
997
998Basic parameters with identity and host configs
999
Petr Jediný78e6f422017-06-01 13:24:49 +02001000.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001001
1002 opencontrail:
1003 client:
1004 identity:
1005 user: admin
1006 project: admin
1007 password: adminpass
1008 host: keystone_host
1009 config:
1010 host: contrail_api_host
1011 port: contrail_api_ort
1012
1013Enforcing virtual routers
1014
Petr Jediný78e6f422017-06-01 13:24:49 +02001015.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001016
1017 opencontrail:
1018 client:
1019 ...
1020 virtual_router:
1021 cmp01:
1022 ip_address: 172.16.0.11
1023 dpdk_enabled: True
1024 cmp02:
1025 ip_address: 172.16.0.12
1026 dpdk_enabled: True
1027
psvimbersky3c84e272018-01-02 10:34:29 +01001028
1029Enforcing global system config
1030
1031.. code-block:: yaml
1032
1033 opencontrail:
1034 client:
1035 ...
1036 global_system_config:
1037 name: default-global-system-config
1038 asn: 64512
1039 grp:
1040 enable: true
1041 restart_time: 60
1042 end_of_rib_timeout: 30
1043 bgp_helper_enable: false
1044 xmpp_helper_enable: false
1045 long_lived_restart_time: 300
1046
1047
Pavel Svimbersky13cda442017-09-14 14:46:13 +02001048Enforcing global vrouter config
1049
1050.. code-block:: yaml
1051
1052 opencontrail:
1053 client:
1054 ...
1055 global_vrouter_config:
Petr Jediný554d0412018-01-04 22:35:48 +01001056 name: default-global-vrouter-config
Pavel Svimbersky13cda442017-09-14 14:46:13 +02001057 parent_type: global-system-config
1058 encap_priority: "MPLSoUDP,MPLSoGRE"
1059 vxlan_vn_id_mode: automatic
1060 fq_names:
1061 - 'default-global-system-config'
1062 - 'default-global-vrouter-config'
1063
psvimbersky3c84e272018-01-02 10:34:29 +01001064
1065
Ales Komarekad46d2e2017-03-09 17:16:38 +01001066Enforcing control nodes
1067
Petr Jediný78e6f422017-06-01 13:24:49 +02001068.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001069
1070 opencontrail:
1071 client:
1072 ...
1073 bgp_router:
1074 ntw01:
1075 type: control-node
1076 ip_address: 172.16.0.11
1077 nwt02:
1078 type: control-node
1079 ip_address: 172.16.0.12
1080 nwt03:
1081 type: control-node
1082 ip_address: 172.16.0.13
1083
1084
1085Enforcing edge BGP routers
1086
Petr Jediný78e6f422017-06-01 13:24:49 +02001087.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001088
1089 opencontrail:
1090 client:
1091 ...
1092 bgp_router:
1093 mx01:
1094 type: router
1095 ip_address: 172.16.0.21
1096 asn: 64512
1097 mx02:
1098 type: router
1099 ip_address: 172.16.0.22
1100 asn: 64512
Marek Celoud3097e5b2018-01-09 13:52:14 +01001101 key_type: md5
1102 key: password
Ales Komarekad46d2e2017-03-09 17:16:38 +01001103
1104Enforcing config nodes
1105
Petr Jediný78e6f422017-06-01 13:24:49 +02001106.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001107
1108 opencontrail:
1109 client:
1110 ...
1111 config_node:
1112 ctl01:
1113 ip_address: 172.16.0.21
1114 ctl02:
1115 ip_address: 172.16.0.22
1116
1117Enforcing database nodes
1118
Petr Jediný78e6f422017-06-01 13:24:49 +02001119.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001120
1121 opencontrail:
1122 client:
1123 ...
1124 database_node:
1125 ntw01:
1126 ip_address: 172.16.0.21
1127 ntw02:
1128 ip_address: 172.16.0.22
1129
1130Enforcing analytics nodes
1131
Petr Jediný78e6f422017-06-01 13:24:49 +02001132.. code-block:: yaml
Ales Komarekad46d2e2017-03-09 17:16:38 +01001133
1134 opencontrail:
1135 client:
1136 ...
1137 analytics_node:
1138 nal01:
1139 ip_address: 172.16.0.31
1140 nal02:
1141 ip_address: 172.16.0.32
1142
Petr Jediný5f3efe32017-05-26 17:55:09 +02001143Enforcing Link Local Services
1144
1145.. code-block:: yaml
1146
1147 opencontrail:
1148 client:
1149 ...
1150 linklocal_service:
1151 # example with dns name address (only one permited)
1152 meta1:
1153 lls_ip: 10.0.0.23
1154 lls_port: 80
1155 ipf_addresses: "meta.example.com"
1156 ipf_port: 80
1157 # example with multiple ip addresses
1158 meta2:
1159 lls_ip: 10.0.0.23
1160 lls_port: 80
1161 ipf_addresses:
1162 - 10.10.10.10
1163 - 10.20.20.20
1164 - 10.30.30.30
1165 ipf_port: 80
1166 # example with one ip address
1167 meta3:
1168 lls_ip: 10.0.0.23
1169 lls_port: 80
1170 ipf_addresses:
1171 - 10.10.10.10
1172 ipf_port: 80
1173 # example with name override
1174 lls_meta4:
1175 name: meta4
1176 lls_ip: 10.0.0.23
1177 lls_port: 80
1178 ipf_addresses:
1179 - 10.10.10.10
1180 ipf_port: 80
1181
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001182
Michel Nederloff5bccda2017-11-20 13:31:38 +01001183Configuring OpenStack default quotasx
1184
1185.. code-block:: yaml
1186 config:
1187 quota:
1188 network: 5
1189 subnet: 10
1190 router: 10
1191 floating_ip: 100
1192 secgroup: 1000
1193 secgroup_rule: 1000
1194 port: 1000
1195 pool: -1
1196 member: -1
1197 health_monitor: -1
1198 vip: -1
1199
1200Enforcing physical routers
Petr Jediný04bed9b2018-05-03 19:44:10 +02001201
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001202.. code-block:: yaml
1203
1204 opencontrail:
1205 client:
1206 ...
1207 physical_router:
1208 router1:
1209 name: router1
1210 dataplane_ip: 1.2.3.4
1211 management_ip: 1.2.3.4
1212 vendor_name: ovs
1213 product_name: ovs
1214 agents:
1215 - tsn0-0
1216 - tsn0
1217
1218Enforcing physical/logical interfaces for routers
1219
1220
1221.. code-block:: yaml
1222
1223 opencontrail
1224 client:
1225 ...
1226 physical_router:
1227 router1:
1228 ...
1229 interface:
1230 port1:
1231 name: port1
1232 logical_interface:
1233 port1_l:
1234 name: 'port1.0'
1235 vlan_tag: 0
1236 interface_type: L2
1237 virtual_machine_interface:
1238 port1_port:
1239 name: port1_port
1240 ip_address: 192.168.90.107
1241 mac_address: '2e:92:a8:af:c2:21'
1242 security_group: 'default'
1243 virtual_network: 'virtual-network'
1244
Jan Cachebfed1c2018-01-09 17:21:35 +01001245Enforcing virtual networks
1246
1247
1248.. code-block:: yaml
1249
1250 opencontrail:
1251 client:
1252 virtual_networks:
1253 net01:
1254 name: 'network01'
1255 ip_address: '172.16.111.0'
1256 ip_prefix: 24
1257 asn: 64512
1258 route_target: 10000
1259 external: True
1260 allow_transit: False
1261 forwarding_mode: 'l2_l3'
1262 rpf: 'disable'
1263 mirror_destination: False
1264 domain: 'default-domain'
1265 project: 'admin'
1266 ipam_domain: 'default-domain'
1267 ipam_project: 'default-project'
1268 ipam_name: 'default-network-ipam'
1269 net02:
1270 name: 'network02'
1271 net03:
1272 name: 'network03'
1273
Ales Komarekad46d2e2017-03-09 17:16:38 +01001274
Jan Cachb3092722018-01-31 12:46:16 +01001275Enforcing floating ip pool setings.
1276
1277Virtual network with flag external needs to be created before managing the floating ip pool.
1278Param vn_name is the name of the external network.
1279
1280.. code-block:: yaml
1281
1282 opencontrail:
1283 client:
1284 floating_ip_pools:
1285 pool1:
1286 vn_name: external-network
1287 vn_project: admin
1288 vn_domain: default-domain
1289 owner_access: 7
1290 global_access: 0
1291 list_of_projects:
1292 - [tenant1, 7]
1293 - [tenant2, 7]
1294 - [tenant3, 7]
1295 pool2:
1296 vn_name: floating-ips
1297 vn_project: admin
1298 vn_domain: default-domain
1299 owner_access: 7
1300 global_access: 0
1301 list_of_projects:
1302 - [tenant3, 7]
1303
1304
Pavel Cizinsky14eb00e2018-11-09 15:15:07 +01001305If you want to remove all shares from the ip floating pool, define only empty list in
Jan Cachb3092722018-01-31 12:46:16 +01001306list of projects, like this:
1307
1308.. code-block:: yaml
1309
1310 opencontrail:
1311 client:
1312 floating_ip_pools:
1313 pool1:
1314 vn_name: external-network
1315 vn_project: admin
1316 vn_domain: default-domain
1317 owner_access: 7
1318 global_access: 0
1319 list_of_projects: []
1320
1321
Michel Nederlof5364ab62017-12-11 15:02:25 +01001322Contrail DNS custom forwarders
1323------------------------------
1324
1325By default Contrail uses the /etc/resolv.conf file to determine the upstream DNS servers.
1326This can have some side-affects, like resolving internal DNS entries on you public instances.
1327
1328In order to overrule this default set, you can configure nameservers using pillar data.
1329The formula is then responsible for configuring and generating a alternate resolv.conf file.
1330
1331Note: this has been patched recently in the Contrail distribution of Mirantis:
1332https://github.com/Mirantis/contrail-controller/commit/ed9a25ccbcfebd7d079a93aecc5a1a7bf1265ea4
1333https://github.com/Mirantis/contrail-controller/commit/94c844cf2e9bcfcd48587aec03d10b869e737ade
1334
1335
1336To change forwarders for the default-dns option (which is handled by compute nodes):
1337
1338.. code-block:: yaml
1339
1340 compute:
1341 ....
1342 dns:
1343 forwarders:
1344 - 8.8.8.8
1345 - 8.8.4.4
1346 ....
1347
1348To change forwarders for vDNS zones (handled by control nodes):
1349
1350.. code-block:: yaml
1351
1352 control:
1353 ....
1354 dns:
1355 forwarders:
1356 - 8.8.8.8
1357 - 8.8.4.4
1358 ....
1359
Petr Jediný04bed9b2018-05-03 19:44:10 +02001360Contrail IF-MAP server configuration
1361------------------------------------
1362
1363Contrail 3.2 contains internal IF-MAP server implementation. This implementation can be enabled
1364by setting ``config:ifmap:engine`` to internal. Currently supported engines are ``internal`` and
1365``irond`` (default). The ``internal`` will configure contrail-api to run as a IF-MAP server in the
1366same process as contrail-api and will generate security certificates in specified folder.
1367
1368.. code-block:: yaml
1369
1370 config:
1371 ....
1372 ifmap:
1373 engine: internal
1374 cert_dir: /etc/contrail/ssl/certs/ # default
1375 basename_cert: ifmap.crt # default
1376 basename_key: ifmap.key # default
1377 ....
1378
1379To set static configuration of the IF-MAP server for contrail-control instead of using
1380discovery service, you can use ``control:ifmap:bind:host`` and ``port``. The static configuration
1381is triggered by existence of non-empty value of ``control:ifmap:bind`` key.
1382
1383.. code-block:: yaml
1384 control:
1385 ....
1386 ifmap
1387 bind:
1388 host: 127.0.0.1
1389 port: 8443
1390 ....
1391
Jan Cach2f99ae82018-10-03 19:50:09 +02001392Configure TCP_TW_RECYCLE in kernel
1393------------------------------------
Petr Jediný04bed9b2018-05-03 19:44:10 +02001394
Jan Cach2f99ae82018-10-03 19:50:09 +02001395Enable fast recycling of TIME-WAIT sockets. To enable set parameter to 1, which is
1396default value in formula. To turn off this option set parameter to 0:
1397
1398.. code-block:: yaml
1399
1400 opencontrail:
1401 ....
1402 common
1403 ....
1404 tcp_tw_recycle: 0
1405 ....
Michel Nederloff5bccda2017-11-20 13:31:38 +01001406
Anton Samoylov28ad4fa2018-10-02 14:45:41 +04001407Define extra states for contrail services health check
1408------------------------------------------------------
1409
1410Service health check procedure verifies that all available contrail services are in ``active``
1411state.
1412Additional states could be defined for every service as expected states for validation procedure.
1413
1414.. code-block:: yaml
1415
1416 config:
1417 ....
1418 services_extra_states:
1419 contrail-schema:
1420 - backup
1421 contrail-device-manager
1422 - backup
1423 contrail-svc-monitor:
1424 - backup
1425 ....
1426
1427``contrail-schema``, ``contrail-device-manager`` and ``contrail-svc-monitor`` config services already
1428have additional ``backup`` state by default.
1429
Filip Pytloun27930402015-10-06 16:28:32 +02001430Usage
1431=====
1432
1433Basic installation
Ales Komarekad46d2e2017-03-09 17:16:38 +01001434------------------
Filip Pytloun27930402015-10-06 16:28:32 +02001435
1436Add control BGP
Ales Komarekad46d2e2017-03-09 17:16:38 +01001437
1438.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001439
1440 python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512
1441
Ales Komarekad46d2e2017-03-09 17:16:38 +01001442Install compute node
Filip Pytloun27930402015-10-06 16:28:32 +02001443
Ales Komarekad46d2e2017-03-09 17:16:38 +01001444.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001445
1446 yum install contrail-vrouter contrail-openstack-vrouter
1447
1448 salt-call state.sls nova,opencontrail
1449
1450Add virtual router
Filip Pytloun27930402015-10-06 16:28:32 +02001451
Ales Komarekad46d2e2017-03-09 17:16:38 +01001452.. code-block:: bash
Filip Pytloun27930402015-10-06 16:28:32 +02001453
1454 python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
1455
1456 /etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
1457
1458 reboot
1459
Aleš Komáreka3314b22017-04-11 13:46:06 +02001460Debugging
1461---------
Filip Pytloun27930402015-10-06 16:28:32 +02001462
1463Display vhost XMPP connection status
1464
1465You should see the correct controller_ip and state should be established.
1466
1467 http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
1468
1469Display vrouter interface status
1470
1471When vrf_name = ---ERROR--- then something goes wrong
1472
1473 http://<compute-node>:8085/Snh_ItfReq?name=
1474
1475Display IF MAP table
1476
Vasyl Saienkob10b7202017-09-05 14:19:03 +03001477Look for neighbours, if VM has 2, it's ok
Filip Pytloun27930402015-10-06 16:28:32 +02001478
1479 http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
1480
1481Trace XMPP requests
1482
1483 http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace