Contrail Controller is an open, standards-based software solution that delivers network virtualization and service automation for federated cloud networks. It provides self-service provisioning, improves network troubleshooting and diagnostics, and enables service chaining for dynamic application environments across enterprise virtual private cloud (VPC), managed Infrastructure as a Service (IaaS), and Networks Functions Virtualization (NFV) use cases.
Formula support OpenContrail as well as Juniper Contrail package repository in the backend.
Differences withing the configuration and state run are controlled by
opencontrail.common.vendor: [opencontrail|juniper] pillar attribute.
Default value is set to opencontrail.
- Juniper releases tested with this formula:
- 3.0.2.x
To use Juniper Contrail repository as a source of packages override pillar as in this example:
opencontrail:
common:
vendor: juniperThere are several scenarios for OpenContrail control plane.
Config, control, analytics, database, web -- altogether on one node.
opencontrail:
common:
version: 2.2
source:
engine: pkg
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
host: 127.0.0.1
port: 35357
token: token
password: password
network:
engine: neutron
host: 127.0.0.1
port: 9696
config:
version: 2.2
enabled: true
network:
engine: neutron
host: 127.0.0.1
port: 9696
discovery:
host: 127.0.0.1
analytics:
host: 127.0.0.1
bind:
address: 127.0.0.1
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
database:
members:
- host: 127.0.0.1
port: 9160
cache:
members:
- host: 127.0.0.1
port: 11211
identity:
engine: keystone
version: '2.0'
region: RegionOne
host: 127.0.0.1
port: 35357
user: admin
password: password
token: token
tenant: admin
members:
- host: 127.0.0.1
id: 1
rootlogger: "INFO, CONSOLE"
control:
version: 2.2
enabled: true
bind:
address: 127.0.0.1
discovery:
host: 127.0.0.1
master:
host: 127.0.0.1
members:
- host: 127.0.0.1
id: 1
collector:
version: 2.2
enabled: true
bind:
address: 127.0.0.1
master:
host: 127.0.0.1
discovery:
host: 127.0.0.1
data_ttl: 2
database:
members:
- host: 127.0.0.1
port: 9160
database:
version: 2.2
cassandra:
version: 2
enabled: true
minimum_disk: 10
name: 'Contrail'
original_token: 0
compaction_throughput_mb_per_sec: 16
concurrent_compactors: 1
data_dirs:
- /var/lib/cassandra
id: 1
discovery:
host: 127.0.0.1
bind:
host: 127.0.0.1
port: 9042
rpc_port: 9160
members:
- host: 127.0.0.1
id: 1
web:
version: 2.2
enabled: True
bind:
address: 127.0.0.1
analytics:
host: 127.0.0.1
master:
host: 127.0.0.1
cache:
engine: redis
host: 127.0.0.1
port: 6379
members:
- host: 127.0.0.1
id: 1
identity:
engine: keystone
version: '2.0'
host: 127.0.0.1
port: 35357
user: admin
password: password
token: token
tenant: adminConfig, control, analytics, database, web -- altogether, clustered on multiple nodes.
opencontrail:
common:
version: 2.2
source:
engine: pkg
address: http://mirror.robotice.cz/contrail-havana/
identity:
engine: keystone
host: 127.0.0.1
port: 35357
token: token
password: password
network:
engine: neutron
host: 127.0.0.1
port: 9696
config:
version: 2.2
enabled: true
network:
engine: neutron
host: 127.0.0.1
port: 9696
discovery:
host: 127.0.0.1
analytics:
host: 127.0.0.1
bind:
address: 127.0.0.1
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
database:
members:
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
cache:
members:
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
identity:
engine: keystone
version: '2.0'
region: RegionOne
host: 127.0.0.1
port: 35357
user: admin
password: password
token: token
tenant: admin
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
control:
version: 2.2
enabled: true
bind:
address: 127.0.0.1
discovery:
host: 127.0.0.1
master:
host: 127.0.0.1
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
collector:
version: 2.2
enabled: true
bind:
address: 127.0.0.1
master:
host: 127.0.0.1
discovery:
host: 127.0.0.1
data_ttl: 1
database:
members:
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
database:
version: 2.2
cassandra:
version: 2
enabled: true
name: 'Contrail'
minimum_disk: 10
original_token: 0
data_dirs:
- /var/lib/cassandra
id: 1
discovery:
host: 127.0.0.1
bind:
host: 127.0.0.1
port: 9042
rpc_port: 9160
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
web:
version: 2.2
enabled: True
bind:
address: 127.0.0.1
master:
host: 127.0.0.1
analytics:
host: 127.0.0.1
cache:
engine: redis
host: 127.0.0.1
port: 6379
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
identity:
engine: keystone
version: '2.0'
host: 127.0.0.1
port: 35357
user: admin
password: password
token: token
tenant: adminConfig, control, database, web.
opencontrail:
common:
version: 2.2
identity:
engine: keystone
host: 127.0.0.1
port: 35357
token: token
password: password
network:
engine: neutron
host: 127.0.0.1
port: 9696
config:
version: 2.2
enabled: true
network:
engine: neutron
host: 127.0.0.1
port: 9696
discovery:
host: 127.0.0.1
analytics:
host: 127.0.0.1
bind:
address: 127.0.0.1
message_queue:
engine: rabbitmq
host: 127.0.0.1
port: 5672
database:
members:
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
cache:
members:
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
- host: 127.0.0.1
port: 11211
identity:
engine: keystone
version: '2.0'
region: RegionOne
host: 127.0.0.1
port: 35357
user: admin
password: password
token: token
tenant: admin
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
control:
version: 2.2
enabled: true
bind:
address: 127.0.0.1
discovery:
host: 127.0.0.1
master:
host: 127.0.0.1
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
database:
version: 127.0.0.1
cassandra:
version: 2
enabled: true
name: 'Contrail'
minimum_disk: 10
original_token: 0
data_dirs:
- /var/lib/cassandra
id: 1
discovery:
host: 127.0.0.1
bind:
host: 127.0.0.1
port: 9042
rpc_port: 9160
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
web:
version: 2.2
enabled: True
bind:
address: 127.0.0.1
analytics:
host: 127.0.0.1
master:
host: 127.0.0.1
cache:
engine: redis
host: 127.0.0.1
port: 6379
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3
identity:
engine: keystone
version: '2.0'
host: 127.0.0.1
port: 35357
user: admin
password: password
token: token
tenant: adminAnalytic nodes
Analytics and database on an analytic node(s)
opencontrail:
common:
version: 2.2
identity:
engine: keystone
host: 127.0.0.1
port: 35357
token: token
password: password
network:
engine: neutron
host: 127.0.0.1
port: 9696
collector:
version: 2.2
enabled: true
bind:
address: 127.0.0.1
master:
host: 127.0.0.1
discovery:
host: 127.0.0.1
data_ttl: 1
database:
members:
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
- host: 127.0.0.1
port: 9160
database:
version: 2.2
cassandra:
version: 2
enabled: true
name: 'Contrail'
minimum_disk: 10
original_token: 0
data_dirs:
- /var/lib/cassandra
id: 1
discovery:
host: 127.0.0.1
bind:
host: 127.0.0.1
port: 9042
rpc_port: 9160
members:
- host: 127.0.0.1
id: 1
- host: 127.0.0.1
id: 2
- host: 127.0.0.1
id: 3Vrouter configuration on a compute node(s)
opencontrail:
common:
version: 2.2
identity:
engine: keystone
host: 127.0.0.1
port: 35357
token: token
password: password
network:
engine: neutron
host: 127.0.0.1
port: 9696
compute:
version: 2.2
enabled: True
hostname: node-12.domain.tld
discovery:
host: 127.0.0.1
interface:
address: 127.0.0.1
dev: eth0
gateway: 127.0.0.1
mask: /24
dns: 127.0.0.1
mtu: 9000Gateway mode: can be server/ vcpe (default is none)
opencontrail:
compute:
gateway_mode: serverIn order to get cloud-init within the instance to properly fetch instance metadata, metadata_proxy_secret in the Vrouter agent config should match the value in nova.conf. The administrator should define it in the pillar:
opencontrail:
compute:
metadata:
secret: opencontrailTo enable support for keystone v3 in opencontrail, there must be defined version for config and web role.
opencontrail:
config:
version: 2.2
enabled: true
...
identity:
engine: keystone
version: '3'
...
opencontrail:
web:
version: 2.2
enabled: true
...
identity:
engine: keystone
version: '3'
...opencontrail:
...
common:
...
identity:
engine: none
token: none
password: none
...
config:
...
identity:
engine: none
password: none
token: none
...
web:
...
identity:
engine: none
password: none
token: none
...Kubernetes vrouter nodes
Vrouter configuration on a kubernetes node(s)
opencontrail:
...
compute:
engine: kubernetes
...vRouter with separated control plane
Separate XMPP traffic from dataplane interface.
opencontrail:
compute:
bind:
address: 172.16.0.50
...From MCP1.1 with OpenContrail >= 3.1.1 you can override RPF default for newly created virtual networks. This can be useful for usecases like running Calico and K8S in overlay. The override_rpf_default_by has valid values disable, enable. If not defined, the configuration fallbacks to Contrail default - currently enable.
opencontrail:
...
config:
override_rpf_default_by: 'disable'
...Contrail version must >= 3.0. It is useful especially for Keystone v3.
opencontrail:
...
config:
multi_tenancy: false
...This can be useful when you want to sync projects from OpenStack to Contrail automatically. The period of sync is 60s.
opencontrail:
...
config:
identity:
sync_on_demand: false
...database:
....
bind:
interface: eth0
port: 9042
rpc_port: 9160
....For OpenContrail version >= 3.1.1 and Cassandra >= 2.1 we should override WebUI's cassandra port from 9160 to 9042.
For appropriate node at class level:
opencontrail:
....
web:
database:
port: 9042
....opencontrail:
config:
message_queue:
engine: rabbitmq
members:
- host: 10.0.16.1
- host: 10.0.16.2
- host: 10.0.16.3
port: 5672database:
....
bind:
interface: eth0
port: 9042
rpc_port: 9160
....opencontrail:
compute:
dpdk:
enabled: true
taskset: "0x0000003C00003C"
socket_mem: "1024,1024"
interface:
mac_address: 90:e2:ba:7c:22:e1
pci: 0000:81:00.1
...Basic parameters with identity and host configs
opencontrail:
client:
identity:
user: admin
project: admin
password: adminpass
host: keystone_host
config:
host: contrail_api_host
port: contrail_api_ortEnforcing virtual routers
opencontrail:
client:
...
virtual_router:
cmp01:
ip_address: 172.16.0.11
dpdk_enabled: True
cmp02:
ip_address: 172.16.0.12
dpdk_enabled: TrueEnforcing control nodes
opencontrail:
client:
...
bgp_router:
ntw01:
type: control-node
ip_address: 172.16.0.11
nwt02:
type: control-node
ip_address: 172.16.0.12
nwt03:
type: control-node
ip_address: 172.16.0.13Enforcing edge BGP routers
opencontrail:
client:
...
bgp_router:
mx01:
type: router
ip_address: 172.16.0.21
asn: 64512
mx02:
type: router
ip_address: 172.16.0.22
asn: 64512Enforcing config nodes
opencontrail:
client:
...
config_node:
ctl01:
ip_address: 172.16.0.21
ctl02:
ip_address: 172.16.0.22Enforcing database nodes
opencontrail:
client:
...
database_node:
ntw01:
ip_address: 172.16.0.21
ntw02:
ip_address: 172.16.0.22Enforcing analytics nodes
opencontrail:
client:
...
analytics_node:
nal01:
ip_address: 172.16.0.31
nal02:
ip_address: 172.16.0.32Enforcing Link Local Services
opencontrail:
client:
...
linklocal_service:
# example with dns name address (only one permited)
meta1:
lls_ip: 10.0.0.23
lls_port: 80
ipf_addresses: "meta.example.com"
ipf_port: 80
# example with multiple ip addresses
meta2:
lls_ip: 10.0.0.23
lls_port: 80
ipf_addresses:
- 10.10.10.10
- 10.20.20.20
- 10.30.30.30
ipf_port: 80
# example with one ip address
meta3:
lls_ip: 10.0.0.23
lls_port: 80
ipf_addresses:
- 10.10.10.10
ipf_port: 80
# example with name override
lls_meta4:
name: meta4
lls_ip: 10.0.0.23
lls_port: 80
ipf_addresses:
- 10.10.10.10
ipf_port: 80Add control BGP
python /etc/contrail/provision_control.py --api_server_ip 192.168.1.11 --api_server_port 8082 --host_name network1.contrail.domain.com --host_ip 192.168.1.11 --router_asn 64512Install compute node
yum install contrail-vrouter contrail-openstack-vrouter
salt-call state.sls nova,opencontrailAdd virtual router
python /etc/contrail/provision_vrouter.py --host_name hostnode1.intra.domain.com --host_ip 10.0.100.101 --api_server_ip 10.0.100.30 --oper add --admin_user admin --admin_password cloudlab --admin_tenant_name admin
/etc/sysconfig/network-scripts/ifcfg-bond0 -- comment GATEWAY,NETMASK,IPADDR
rebootDisplay vhost XMPP connection status
You should see the correct controller_ip and state should be established.
http://<compute-node>:8085/Snh_AgentXmppConnectionStatusReq?
Display vrouter interface status
When vrf_name = ---ERROR--- then something goes wrong
http://<compute-node>:8085/Snh_ItfReq?name=
Display IF MAP table
Look for neighbours, if VM has 2, it's ok
http://<control-node>:8083/Snh_IFMapTableShowReq?table_name=
Trace XMPP requests
http://<compute-node>:8085/Snh_SandeshTraceRequest?x=XmppMessageTrace
To learn how to install and update salt-formulas, consult the documentation available online at:
http://salt-formulas.readthedocs.io/
In the unfortunate event that bugs are discovered, they should be reported to the appropriate issue tracker. Use Github issue tracker for specific salt formula:
https://github.com/salt-formulas/salt-formula-opencontrail/issues
For feature requests, bug reports or blueprints affecting entire ecosystem, use Launchpad salt-formulas project:
https://launchpad.net/salt-formulas
You can also join salt-formulas-users team and subscribe to mailing list:
https://launchpad.net/~salt-formulas-users
Developers wishing to work on the salt-formulas projects should always base their work on master branch and submit pull request against specific formula.
https://github.com/salt-formulas/salt-formula-opencontrail
Any questions or feedback is always welcome so feel free to join our IRC channel:
#salt-formulas @ irc.freenode.net