diff options
| author |   chenshuai@huawei.com <chenshuai@huawei.com> | 2015-11-26 19:39:56 +0800 |
|---|---|---|
| committer | chenshuai@huawei.com <chenshuai@huawei.com> | 2015-12-02 10:05:25 +0800 |
| commit | fd5db7e03c9595c14df71a49e778a3bdda89e344 (patch) | |
| tree | b4534b95f5739f49a7238703d4f82f497854af6a | |
| parent | 3c48d787b3caa3a12153257abf66e3211109b8f5 (diff) | |
OpenContrail intergration
JIRA: COMPASS-168
Change-Id: I0fe22568fb28019a0085e8bbf9b600acfa9e8f45
Signed-off-by: chenshuai@huawei.com <chenshuai@huawei.com>
72 files changed, 3258 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml index 58774e4b..c4084880 100644 --- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml +++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml @@ -50,6 +50,12 @@ roles: - onos_cluster +#- hosts: all +# remote_user: root +# sudo: True +# roles: +# - open-contrail + - hosts: controller remote_user: root sudo: True diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem new file mode 100755 index 00000000..66f82c5d --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 1 (0x1) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47) + Validity + Not Before: Sep 15 04:35:47 2015 GMT + Not After : Sep 12 04:35:47 2025 GMT + Subject: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47) + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:98:04:9b:9f:2e:e2:0b:4a:59:9d:00:74:dc:b4: + cb:fc:8d:c4:7d:32:35:e5:1c:ee:94:f0:13:e6:54: + 1c:2e:47:47:f0:bd:f2:7f:ae:cb:6a:2f:ec:74:5c: + 14:39:80:bf:7b:d1:83:90:ec:7a:7d:02:8c:fc:67: + de:99:53:69:1f:5c:61:d5:0a:7f:93:df:02:d4:16: + d3:55:b8:28:5c:fd:32:5b:6c:af:03:c1:23:92:00: + 0e:2b:eb:32:07:00:99:64:14:32:e4:f8:76:b3:06: + e1:d0:54:5a:fc:92:cd:5e:e5:b7:85:43:9e:b8:79: + e4:23:a6:3c:0c:42:78:f4:d3:7e:33:1c:f2:5a:24: + ac:24:61:2f:72:b3:b1:e7:99:4e:ef:2d:85:26:de: + b6:59:16:25:1a:65:ce:95:9c:fd:c7:3c:30:44:1d: + 4c:3b:34:dd:8d:ad:1f:ee:06:8e:b1:2d:b1:bb:a6: + 68:62:52:98:c2:2d:a3:14:75:a7:5f:24:10:4f:74: + 4f:94:0b:61:bd:c5:f1:6b:78:fa:48:89:27:3b:04: + 4d:25:50:d1:4f:63:3d:4b:3c:cc:fa:df:20:f1:0c: + 3f:1d:44:9d:c2:3e:d4:12:07:72:a4:6a:11:03:2f: + 1d:71:d5:b2:de:b4:a6:d8:ad:7a:ac:c9:c7:8e:12: + 4d:47 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 28:3f:32:46:dd:a9:c0:30:46:9a:29:ec:90:36:14:aa:a7:0c: + dc:67:a0:ec:81:dc:f9:34:35:c5:e4:9b:48:dd:c6:5a:ed:30: + 78:99:6c:32:8c:60:59:ab:dc:7a:86:bb:94:8b:98:db:62:33: + bd:4f:16:40:50:12:db:e9:b6:0c:f2:0b:0d:90:9d:b7:7a:ae: + b4:36:46:33:c5:ea:6a:37:ec:fe:6e:12:f1:98:10:89:48:fe: + 8a:68:11:1c:96:37:92:d9:cc:8a:ef:93:c3:53:6c:61:f7:f0: + 0b:2c:78:49:8e:e3:19:46:2b:1d:1c:65:c5:d9:6d:5d:04:54: + e7:e0:c7:aa:49:78:7d:2d:35:11:7e:05:b1:47:e4:96:39:97: + b5:5b:2b:6e:06:51:86:32:85:6a:7b:5f:63:08:85:31:6e:c3: + 12:0e:a0:ad:3a:d0:3f:db:e2:1b:6d:24:3a:bb:e7:61:5b:ba: + 1f:34:eb:34:07:e5:09:fe:0b:ba:76:48:49:6e:57:d4:14:76: + 11:af:52:39:9e:73:a7:e3:2a:5a:5c:fa:79:d7:7f:81:fd:80: + a7:d4:92:07:ef:a6:05:60:f9:b4:81:cb:8e:cb:b5:9e:2c:5d: + 40:fb:dc:c1:63:95:82:0b:2f:aa:8c:38:1d:96:63:ed:c9:1b: + ce:d2:d2:e7 +-----BEGIN CERTIFICATE----- +MIIDeDCCAmACAQEwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl +cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNTQ3WhcNMjUwOTEyMDQzNTQ3WjCB +gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0 +Y2gxETAPBgNVBAsTCHN3aXRjaGNhMTswOQYDVQQDEzJPVlMgc3dpdGNoY2EgQ0Eg +Q2VydGlmaWNhdGUgKDIwMTUgU2VwIDE1IDEzOjM1OjQ3KTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAJgEm58u4gtKWZ0AdNy0y/yNxH0yNeUc7pTwE+ZU +HC5HR/C98n+uy2ov7HRcFDmAv3vRg5Dsen0CjPxn3plTaR9cYdUKf5PfAtQW01W4 +KFz9MltsrwPBI5IADivrMgcAmWQUMuT4drMG4dBUWvySzV7lt4VDnrh55COmPAxC +ePTTfjMc8lokrCRhL3KzseeZTu8thSbetlkWJRplzpWc/cc8MEQdTDs03Y2tH+4G +jrEtsbumaGJSmMItoxR1p18kEE90T5QLYb3F8Wt4+kiJJzsETSVQ0U9jPUs8zPrf +IPEMPx1EncI+1BIHcqRqEQMvHXHVst60ptiteqzJx44STUcCAwEAATANBgkqhkiG +9w0BAQQFAAOCAQEAKD8yRt2pwDBGminskDYUqqcM3Geg7IHc+TQ1xeSbSN3GWu0w +eJlsMoxgWavceoa7lIuY22IzvU8WQFAS2+m2DPILDZCdt3qutDZGM8Xqajfs/m4S +8ZgQiUj+imgRHJY3ktnMiu+Tw1NsYffwCyx4SY7jGUYrHRxlxdltXQRU5+DHqkl4 +fS01EX4FsUfkljmXtVsrbgZRhjKFantfYwiFMW7DEg6grTrQP9viG20kOrvnYVu6 +HzTrNAflCf4LunZISW5X1BR2Ea9SOZ5zp+MqWlz6edd/gf2Ap9SSB++mBWD5tIHL +jsu1nixdQPvcwWOVggsvqow4HZZj7ckbztLS5w== +-----END CERTIFICATE----- diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch new file mode 100755 index 00000000..04bf42f3 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch @@ -0,0 +1,14 @@ +*** a/compute.filters Mon Sep 28 15:13:48 2015 +--- b/compute.filters Mon Sep 28 15:16:06 2015 +*************** +*** 83,88 **** +--- 83,91 ---- + # nova/network/linux_net.py: 'ovs-vsctl', .... + ovs-vsctl: CommandFilter, ovs-vsctl, root + ++ # nova/virt/libvirt/vif.py: 'vrouter-port-control', ... ++ vrouter-port-control: CommandFilter, vrouter-port-control, root ++ + # nova/network/linux_net.py: 'ovs-ofctl', .... + ovs-ofctl: CommandFilter, ovs-ofctl, root + diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch new file mode 100755 index 00000000..7f7f7c6f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch @@ -0,0 +1,12 @@ +*** a/model.py Mon Sep 28 15:05:29 2015 +--- b/model.py Mon Sep 28 15:17:32 2015 +*************** +*** 39,44 **** +--- 39,45 ---- + VIF_TYPE_HW_VEB = 'hw_veb' + VIF_TYPE_MLNX_DIRECT = 'mlnx_direct' + VIF_TYPE_MIDONET = 'midonet' ++ VIF_TYPE_VROUTER = 'vrouter' + VIF_TYPE_OTHER = 'other' + + # Constants for dictionary keys in the 'vif_details' field in the VIF diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch new file mode 100755 index 00000000..3e12c72a --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch @@ -0,0 +1,70 @@ +*** a/test_vif.py Mon Sep 28 15:12:56 2015 +--- b/test_vif.py Mon Sep 28 15:19:20 2015 +*************** +*** 235,240 **** +--- 235,253 ---- + subnets=[subnet_bridge_4], + interface='eth0') + ++ network_vrouter = network_model.Network(id='network-id-xxx-yyy-zzz', ++ label=None, ++ bridge=None, ++ subnets=[subnet_bridge_4, ++ subnet_bridge_6], ++ interface='eth0') ++ ++ vif_vrouter = network_model.VIF(id='vif-xxx-yyy-zzz', ++ address='ca:fe:de:ad:be:ef', ++ network=network_vrouter, ++ type=network_model.VIF_TYPE_VROUTER, ++ devname='tap-xxx-yyy-zzz') ++ + vif_mlnx = network_model.VIF(id='vif-xxx-yyy-zzz', + address='ca:fe:de:ad:be:ef', + network=network_mlnx, +*************** +*** 796,801 **** +--- 809,851 ---- + self.vif_mlnx) + self.assertEqual(0, execute.call_count) + ++ def test_unplug_vrouter_with_details(self): ++ d = vif.LibvirtGenericVIFDriver() ++ with mock.patch.object(utils, 'execute') as execute: ++ d.unplug_vrouter(None, self.vif_vrouter) ++ execute.assert_called_once_with( ++ 'vrouter-port-control', ++ '--oper=delete --uuid=vif-xxx-yyy-zzz', ++ run_as_root=True) ++ ++ def test_plug_vrouter_with_details(self): ++ d = vif.LibvirtGenericVIFDriver() ++ instance = mock.Mock() ++ instance.name = 'instance-name' ++ instance.uuid = '46a4308b-e75a-4f90-a34a-650c86ca18b2' ++ instance.project_id = 'b168ea26fa0c49c1a84e1566d9565fa5' ++ instance.display_name = 'instance1' ++ with mock.patch.object(utils, 'execute') as execute: ++ d.plug_vrouter(instance, self.vif_vrouter) ++ execute.assert_has_calls([ ++ mock.call('ip', 'tuntap', 'add', 'tap-xxx-yyy-zzz', 'mode', ++ 'tap', run_as_root=True, check_exit_code=[0, 2, 254]), ++ mock.call('ip', 'link', 'set', 'tap-xxx-yyy-zzz', 'up', ++ run_as_root=True, check_exit_code=[0, 2, 254]), ++ mock.call('vrouter-port-control', ++ '--oper=add --uuid=vif-xxx-yyy-zzz ' ++ '--instance_uuid=46a4308b-e75a-4f90-a34a-650c86ca18b2 ' ++ '--vn_uuid=network-id-xxx-yyy-zzz ' ++ '--vm_project_uuid=b168ea26fa0c49c1a84e1566d9565fa5 ' ++ '--ip_address=0.0.0.0 ' ++ '--ipv6_address=None ' ++ '--vm_name=instance1 ' ++ '--mac=ca:fe:de:ad:be:ef ' ++ '--tap_name=tap-xxx-yyy-zzz ' ++ '--port_type=NovaVMPort ' ++ '--tx_vlan_id=-1 ' ++ '--rx_vlan_id=-1', run_as_root=True)]) ++ + def test_ivs_ethernet_driver(self): + d = vif.LibvirtGenericVIFDriver(self._get_conn(ver=9010)) + self._check_ivs_ethernet_driver(d, diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch new file mode 100755 index 00000000..103f084a --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch @@ -0,0 +1,91 @@ +*** a/vif.py Mon Sep 28 15:13:30 2015 +--- b/vif.py Mon Sep 28 15:21:30 2015 +*************** +*** 332,337 **** +--- 332,347 ---- + + return conf + ++ def get_config_vrouter(self, instance, vif, image_meta, ++ inst_type, virt_type): ++ conf = self.get_base_config(instance, vif, image_meta, ++ inst_type, virt_type) ++ dev = self.get_vif_devname(vif) ++ designer.set_vif_host_backend_ethernet_config(conf, dev) ++ ++ designer.set_vif_bandwidth_config(conf, inst_type) ++ return conf ++ + def get_config(self, instance, vif, image_meta, + inst_type, virt_type): + vif_type = vif['type'] +*************** +*** 526,531 **** +--- 536,580 ---- + except processutils.ProcessExecutionError: + LOG.exception(_LE("Failed while plugging vif"), instance=instance) + ++ def plug_vrouter(self, instance, vif): ++ """Plug into Contrail's network port ++ Bind the vif to a Contrail virtual port. ++ """ ++ dev = self.get_vif_devname(vif) ++ ip_addr = '0.0.0.0' ++ ip6_addr = None ++ subnets = vif['network']['subnets'] ++ for subnet in subnets: ++ if not subnet['ips']: ++ continue ++ ips = subnet['ips'][0] ++ if not ips['address']: ++ continue ++ if (ips['version'] == 4): ++ if ips['address'] is not None: ++ ip_addr = ips['address'] ++ if (ips['version'] == 6): ++ if ips['address'] is not None: ++ ip6_addr = ips['address'] ++ ++ ptype = 'NovaVMPort' ++ if (cfg.CONF.libvirt.virt_type == 'lxc'): ++ ptype = 'NameSpacePort' ++ ++ cmd_args = ("--oper=add --uuid=%s --instance_uuid=%s --vn_uuid=%s " ++ "--vm_project_uuid=%s --ip_address=%s --ipv6_address=%s" ++ " --vm_name=%s --mac=%s --tap_name=%s --port_type=%s " ++ "--tx_vlan_id=%d --rx_vlan_id=%d" % (vif['id'], ++ instance.uuid, vif['network']['id'], ++ instance.project_id, ip_addr, ip6_addr, ++ instance.display_name, vif['address'], ++ vif['devname'], ptype, -1, -1)) ++ try: ++ linux_net.create_tap_dev(dev) ++ utils.execute('vrouter-port-control', cmd_args, run_as_root=True) ++ except processutils.ProcessExecutionError: ++ LOG.exception(_LE("Failed while plugging vif"), instance=instance) ++ + def plug(self, instance, vif): + vif_type = vif['type'] + +*************** +*** 679,684 **** +--- 728,746 ---- + LOG.exception(_LE("Failed while unplugging vif"), + instance=instance) + ++ def unplug_vrouter(self, instance, vif): ++ """Unplug Contrail's network port ++ Unbind the vif from a Contrail virtual port. ++ """ ++ dev = self.get_vif_devname(vif) ++ cmd_args = ("--oper=delete --uuid=%s" % (vif['id'])) ++ try: ++ utils.execute('vrouter-port-control', cmd_args, run_as_root=True) ++ linux_net.delete_net_dev(dev) ++ except processutils.ProcessExecutionError: ++ LOG.exception( ++ _LE("Failed while unplugging vif"), instance=instance) ++ + def unplug(self, instance, vif): + vif_type = vif['type'] + diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem new file mode 100755 index 00000000..dc354d33 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem @@ -0,0 +1,70 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: 2 (0x2) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47) + Validity + Not Before: Sep 15 04:36:00 2015 GMT + Not After : Sep 12 04:36:00 2025 GMT + Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=vtep id:b55b8c06-9593-4406-8a85-f7edd09a1ea9 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:ca:57:ec:4d:a3:79:6c:a4:cd:21:c7:52:a8:9f: + 61:85:ee:a5:91:79:4a:f3:80:ac:1b:ac:1a:6d:0b: + 96:b9:cf:1f:a6:23:1f:45:ff:62:de:35:8f:e8:8d: + 4a:63:23:70:d5:1e:78:72:86:04:08:e2:fd:66:04: + e0:1e:ce:57:03:98:f7:a5:92:5a:f1:cc:3c:24:37: + 22:4e:97:0d:65:4b:98:08:5b:cd:1c:eb:67:f5:9c: + c0:ba:86:94:2a:15:dc:5d:47:6e:45:49:03:62:a3: + 37:5f:54:58:42:49:6d:a3:4c:c6:21:f6:08:36:8c: + 69:20:6a:f8:7c:5d:82:30:14:1a:15:ad:b9:42:ba: + 5d:13:99:e2:6f:aa:10:e4:e1:25:58:90:66:a7:e7: + bc:c7:e4:5c:79:2a:1b:b2:b3:d1:7b:4d:78:a6:28: + 66:bc:ee:97:6b:b4:3d:a0:65:16:10:04:fb:e9:4e: + 82:ac:88:c2:6a:a4:0e:d6:e5:ad:ee:bc:50:a7:73: + 97:6d:12:96:46:cb:ee:4d:15:ad:d4:a3:b5:95:82: + 2e:e7:1b:69:70:1d:b5:c9:06:47:44:2b:55:84:23: + 5b:75:56:86:c4:a7:b9:1d:46:9e:fa:8a:a5:dc:f9: + 70:16:6a:87:ee:20:1b:02:d1:2d:83:65:e0:7c:24: + 99:e9 + Exponent: 65537 (0x10001) + Signature Algorithm: md5WithRSAEncryption + 50:bf:af:aa:b5:a7:3c:67:2e:34:92:8a:b8:cc:b9:96:a8:b8: + 16:cd:d5:5d:d3:b6:1c:44:b4:08:c5:89:ea:17:97:88:a4:e4: + 89:b9:69:2b:71:36:77:05:dc:0a:50:fe:2d:8f:8c:72:a5:b9: + b1:45:23:0d:d3:7a:80:c8:9e:66:74:e2:42:ee:96:19:e5:88: + 3d:e3:ea:3c:d4:51:1e:e0:34:1f:0c:d3:9a:f7:99:9b:af:0b: + 23:57:87:f0:dc:8c:32:1c:e9:63:65:f3:cd:e5:22:ed:ea:fe: + 4f:be:0e:23:0d:8e:3e:09:aa:5e:20:2b:1a:4f:70:92:4a:a9: + 24:6e:a0:c6:86:b5:14:7d:52:71:cf:b8:5c:75:d4:6a:92:06: + 30:cf:71:72:ff:44:63:22:10:79:38:53:ec:6f:19:3d:63:92: + 69:3f:f2:f4:28:d4:ef:dd:af:32:84:c5:a0:c0:c9:5f:1f:02: + 47:76:bd:85:85:4e:7c:58:61:1a:ce:4c:03:45:d7:5c:dd:59: + 6c:22:e0:cb:2c:2d:b1:44:4c:03:dd:21:ff:58:6e:f7:09:4f: + 34:e0:24:3a:67:b1:33:ae:4a:bc:85:db:4b:12:ef:21:66:6a: + f0:b9:ea:90:72:b1:0b:34:9a:8d:be:f3:d1:02:56:0f:d7:bb: + 0a:eb:c2:f1 +-----BEGIN CERTIFICATE----- +MIIDgDCCAmgCAQIwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl +cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNjAwWhcNMjUwOTEyMDQzNjAwWjCB +iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0 +Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxNTAzBgNVBAMTLHZ0 +ZXAgaWQ6YjU1YjhjMDYtOTU5My00NDA2LThhODUtZjdlZGQwOWExZWE5MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK +84CsG6wabQuWuc8fpiMfRf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa +8cw8JDciTpcNZUuYCFvNHOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYI +NoxpIGr4fF2CMBQaFa25QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihm +vO6Xa7Q9oGUWEAT76U6CrIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtp +cB21yQZHRCtVhCNbdVaGxKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQAB +MA0GCSqGSIb3DQEBBAUAA4IBAQBQv6+qtac8Zy40koq4zLmWqLgWzdVd07YcRLQI +xYnqF5eIpOSJuWkrcTZ3BdwKUP4tj4xypbmxRSMN03qAyJ5mdOJC7pYZ5Yg94+o8 +1FEe4DQfDNOa95mbrwsjV4fw3IwyHOljZfPN5SLt6v5Pvg4jDY4+CapeICsaT3CS +SqkkbqDGhrUUfVJxz7hcddRqkgYwz3Fy/0RjIhB5OFPsbxk9Y5JpP/L0KNTv3a8y +hMWgwMlfHwJHdr2FhU58WGEazkwDRddc3VlsIuDLLC2xREwD3SH/WG73CU804CQ6 +Z7Ezrkq8hdtLEu8hZmrwueqQcrELNJqNvvPRAlYP17sK68Lx +-----END CERTIFICATE----- diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem new file mode 100755 index 00000000..673f4242 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK84CsG6wabQuWuc8fpiMf +Rf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa8cw8JDciTpcNZUuYCFvN +HOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYINoxpIGr4fF2CMBQaFa25 +QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihmvO6Xa7Q9oGUWEAT76U6C +rIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtpcB21yQZHRCtVhCNbdVaG +xKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQABAoIBAQCKDMya98J7PkD6 +H8ykYQEfaH+rrc5WLd6+joAFD9gI82hLaEEI98HTi0Wgyu0KkH6F2OEieY69JWjv +NrpWKj8xpCap3x2PROFvb/JHHkW0a4vRgBiD95QY/ZZ8bB8gS4PqXDa+rJ7TqDm6 +H4iLyR81P8caGorl9Iww4uqfpwiQlZ7A/dMexufQgMQXKqDXSKk+TJ36CBRJyLlk +U6GrHIF9obHZyGelNhkkMu/czT54U/gKiufL5tYpOVyjCr8H2a713ovEfYzEFxJq +Z8C0ySIskXsyhZ/pC0+pviMB2R20Nh8kRXiKCvNNbFShEMujB5gUVo7rqUZKFKMz +FCfbcXrRAoGBAPeRwU5zU5nbiSQlB7YQibtFC/sMDzbbOjulN46UeDvkcVh80j4r +FIPYLAPvA/e9OtRV89B6Tc7rZSWYZotszvJVlObs0/ll+L1pUX7PAEligoZCXufR +GUyT0gZunGO8+FEgYIu89S1xN77WIbqopjjEyGQJeN2UX9bPo9AGTU0VAoGBANE7 +5nwtdsR1hjgxBqzgAFEFqCggHR+D050OtQgkLjHkXRT1uHeJZZu4D0x6vEnJknYi +/OCujz196KLDGEQbREIdARtgemy07GoJuBXTwPuvbkw9vjoqDrIKVtMeTf4HSyzO +2ej2pm280A/VI6GyahDIFSUZmFBqMeTUzB5UXNaFAoGAe61RCMQMa7yE0o29QHMa +m3du+MeZgioa+VkcXBpHxoPlK/OPhIc5BHSl6IErVkQuc41M9EVlQY3PRezQra55 +5A5lCMgfTWRn0xgeIl9/ISoZUsEtcFnBbcQbFCOF9T2eP8kQ8j4/raf11VxcFUfT +YmDMS02AGBHbnxC0IWREkdECgYBDaXQyEAfS9jZ/RjRrYGRZtmPeQbKAY927HXDw +JZAInRXsWdrMEKV/DUdIkca2U05v54fn7/XQjw9z2T2pO8u7LVMc+fGXspb09xqr +VaU4seXshHwUi1ZewHwG2x2vubPbxO1qZIVsl8fFQhuPzkbkD0LYyC1Nw1k9692z +6+RZbQKBgH/6OqqsHLnpzQD0drcOjbXws53g3/eECPXCMNzzw0AiSkyrGWzSonMD ++uSMrG0f7DwvHxZ09bn4qqFqCE7yhoCWWUYSBZKEDYzpxTq9krahPmaJznaBXyFi +K2rfym1sYEZvDT9nS5TROtiIW0uANHOjI9yw+a8TQEyQu8CH2/C0 +-----END RSA PRIVATE KEY----- diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-collector.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-collector.yml new file mode 100755 index 00000000..02bc7f81 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-collector.yml @@ -0,0 +1,16 @@ +--- +#- hosts: collector +# sudo: yes +# tasks: + +- name: "temporary disable supervisor analytics" + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/supervisor-analytics.override" + +- name: "install contrail openstack analytics package" +# apt: +# name: "contrail-openstack-analytics" + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: collector_packages diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-common.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-common.yml new file mode 100755 index 00000000..ea08e49b --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-common.yml @@ -0,0 +1,84 @@ +--- +#- hosts: all +# sudo: yes +# tasks: +- name: "copy contrail install package temporary" +# sudo: True + copy: + src: "files/{{ package }}" + dest: "/tmp/{{ package }}" + +- name: "install contrail install package" +# sudo: True + apt: + deb: "/tmp/{{ package }}" + +- name: "delete temporary contrail install package" +# sudo: True + file: + dest: "/tmp/{{ package }}" + state: "absent" + +- name: "make directory for contrail binary files" +# sudo: True + file: + path: "/opt/contrail/bin" + state: "directory" + +- name: "make directory for contrail repository" +# sudo: True + file: + path: "/opt/contrail/contrail_install_repo" + state: "directory" + +- name: "unarchive contrail packages" +# sudo: True + unarchive: + src: "/opt/contrail/contrail_packages/contrail_debs.tgz" + dest: "/opt/contrail/contrail_install_repo" + copy: no + +- name: "find required packages in advance" +# sudo: True + shell: "find /opt/contrail/contrail_install_repo -name binutils_*.deb -or -name make_*.deb -or -name libdpkg-perl_*.deb -or -name dpkg-dev_*.deb -or -name patch_*.deb -type f" + register: required_packages + changed_when: no + +- name: "install required packages" +# sudo: True + apt: + deb: "{{ item }}" + with_items: required_packages.stdout_lines + +- name: modify source list +# sudo: True + lineinfile: + dest: "/etc/apt/sources.list" + line: "deb file:/opt/contrail/contrail_install_repo ./" + insertbefore: "BOF" + +- name: "modify apt configuration" +# sudo: True + lineinfile: + dest: "/etc/apt/apt.conf" + line: "APT::Get::AllowUnauthenticated \"true\";" + create: "yes" + +- name: "copy apt preferences file" +# sudo: True + shell: "cp /opt/contrail/contrail_packages/preferences /etc/apt/preferences" + args: + creates: "/etc/apt/preferences" + +- name: create contrail packages list +# sudo: True + shell: "dpkg-scanpackages . | gzip -9c > Packages.gz" + args: + chdir: "/opt/contrail/contrail_install_repo" + creates: "Packages.gz" + +- name: install contrail setup package + sudo: True + apt: + name: "contrail-setup" + update_cache: yes diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-compute.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-compute.yml new file mode 100755 index 00000000..12b6ad28 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-compute.yml @@ -0,0 +1,47 @@ +--- +#- hosts: [compute, tsn] +# sudo: yes +# tasks: +- name: "temporary disable supervisor vrouter" +# sudo: True + template: + src: "install/override.j2" + dest: "/etc/init/supervisor-vrouter.override" + +# - name: "install nova-compute for contrail package" +# apt: +# name: "nova-compute" +# when: install_nova + +- name: "install contrail vrouter 3.13.0-40 package" +# apt: +# name: "contrail-vrouter-3.13.0-40-generic" +# when: ansible_kernel == "3.13.0-40-generic" +# sudo: True + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: vrouter_packages + when: ansible_kernel == kernel_required + +- name: "install contrail vrouter dkms package" +# apt: +# name: "contrail-vrouter-dkms" +# when: ansible_kernel != "3.13.0-40-generic" +# sudo: True + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: dkms_packages + when: ansible_kernel != kernel_required + +# - name: "install contrail vrouter common package" +# apt: +# name: "contrail-vrouter-common" + +# - name: "install contrail nova vif package" +# apt: +# name: "contrail-nova-vif" + +- name: "install contrail vrouter common & nova vif package" +# sudo: True + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: compute_packages | union(compute_packages_noarch) + + diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-config.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-config.yml new file mode 100755 index 00000000..52459eb8 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-config.yml @@ -0,0 +1,24 @@ +--- +#- hosts: config +# sudo: yes +# tasks: +- name: "temporary disable supervisor config" +# sudo: True + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/supervisor-config.override" + +- name: "temporary disable neutron server" +# sudo: True + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/neutron-server.override" + +- name: "install contrail openstack config package" +# sudo: True +# apt: +# name: "contrail-openstack-config" + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: config_packages diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-control.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-control.yml new file mode 100755 index 00000000..6bb7fb25 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-control.yml @@ -0,0 +1,24 @@ +--- +#- hosts: control +# sudo: yes +# tasks: +- name: "temporary disable supervisor control" +# sudo: True + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/supervisor-control.override" + +- name: "temporary disable supervisor dns" +# sudo: True + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/supervisor-dns.override" + +- name: "install contrail openstack control package" +# sudo: True +# apt: +# name: "contrail-openstack-control" + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: control_packages diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-database.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-database.yml new file mode 100755 index 00000000..fea4cef7 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-database.yml @@ -0,0 +1,17 @@ +--- +#- hosts: database +# sudo: yes +# tasks: +- name: "temporary disable supervisor database" +# sudo: True + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/supervisor-database.override" + +- name: "install contrail openstack database package" +# sudo: True +# apt: +# name: "contrail-openstack-database" + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: database_packages diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-interface.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-interface.yml new file mode 100755 index 00000000..4e914749 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-interface.yml @@ -0,0 +1,22 @@ +--- +#- hosts: all +# sudo: yes +# tasks: +- name: "configure interface" +# sudo: True + lineinfile: + dest: "/etc/network/interfaces" + line: "{{ item }}" + with_items: + - "auto {{ contrail_device }}" + - "iface {{ contrail_device }} inet static" + - "\taddress {{ contrail_address }}" + - "\tnetmask {{ contrail_netmask }}" + +- name: "set interface address" +# sudo: True + shell: "ifconfig {{ contrail_device }} {{ contrail_address }} netmask {{ contrail_netmask }}" + +- name: "up interface" +# sudo: True + shell: "ifconfig {{ contrail_device }} up" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-kernel.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-kernel.yml new file mode 100755 index 00000000..6d4ca035 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-kernel.yml @@ -0,0 +1,51 @@ +--- +#- hosts: all +# sudo: yes +# tasks: +- name: "install Ubuntu kernel" +# sudo: True +# apt: +# name: "linux-headers-3.13.0-40" +# name: "linux-headers-3.13.0-40-generic" +# name: "linux-image-3.13.0-40-generic" +# name: "linux-image-extra-3.13.0-40-generic" +# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic") + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: kernel_packages | union(kernel_packages_noarch) + when: (kernel_install) and (ansible_kernel != kernel_required) + +- name: "setup grub" +# sudo: True + lineinfile: + dest: "/etc/default/grub" + regexp: "GRUB_DEFAULT=.*" + line: "GRUB_DEFAULT='Advanced options for Ubuntu>Ubuntu, with Linux 3.13.0-40-generic'" +# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic") + when: (kernel_install) and (ansible_kernel != kernel_required) + +- name: "reflect grub" +# sudo: True + shell: "update-grub2" +# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic") + when: (kernel_install) and (ansible_kernel != kernel_required) + +- name: "reboot Server" +# sudo: True + shell: "shutdown -r now" + async: 0 + poll: 0 + ignore_errors: true + notify: Wait for server to come back +# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic") + when: (kernel_install) and (ansible_kernel != kernel_required) + +handlers: +- name: "Wait for server to come back" + local_action: + module: wait_for + host={{ inventory_hostname }} + port=22 + delay=30 + timeout=600 +# when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic") + when: (kernel_install) and (ansible_kernel != kernel_required) diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-webui.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-webui.yml new file mode 100755 index 00000000..d66af675 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-webui.yml @@ -0,0 +1,18 @@ +--- +#- hosts: webui +# sudo: yes +# tasks: + +- name: "temporary disable supervisor webui" +# sudo: True + template: +# src: "templates/override.j2" + src: "install/override.j2" + dest: "/etc/init/supervisor-webui.override" + +- name: "install contrail openstack webui package" +# sudo: True +# apt: +# name: "contrail-openstack-webui" + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: webui_packages diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/main.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/main.yml new file mode 100755 index 00000000..94b41557 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/main.yml @@ -0,0 +1,125 @@ +--- + +- include_vars: "{{ ansible_os_family }}.yml" + +- name: Install common on all hosts for Open Contrail + include: install/install-common.yml + when: groups['opencontrail_control']|length !=0 + # Compass install OpenStack with not only OpenContrail but also ODL or ONOS, and sometimes user just installs OpenStack, so item 'opencontrail_control' is kind of a mark that whether Compass install OpenContrail or not. + +- name: Install kernal on all hosts for Open Contrail + include: install/install-kernal.yml + when: groups['opencontrail_control']|length !=0 + +- name: Install database for Open Contrail + include: install/install-database.yml + when: inventory_hostname in groups['opencontrail_database'] + +- name: Install config for Open Contrail + include: install/install-config.yml + when: inventory_hostname in groups['opencontrail_config'] + +- name: Install config for Open Contrail + include: install/install-control.yml + when: inventory_hostname in groups['opencontrail_control'] + +- name: Install collector for Open Contrail + include: install/install-collector.yml + when: inventory_hostname in groups['opencontrail_collector'] + +- name: Install webui for Open Contrail + include: install/install-webui.yml + when: inventory_hostname in groups['opencontrail_webui'] + +- name: Install compute for Open Contrail + include: install/install-compute.yml + when: inventory_hostname in groups['opencontrail_compute'] or inventory_hostname in groups['opencontrail_tsn'] + + +# Compass adapter: use OpenStack management network "mgmt" +#- name: Install interface on all hosts for Open Contrail +# include: install/install-interface.yml +# when: groups['opencontrail_control']|length !=0 + +#- include: install/install-common.yml +#- include: install/install-kernel.yml +#- include: install/install-database.yml +#- include: install/install-config.yml +#- include: install/install-control.yml +#- include: install/install-collector.yml +#- include: install/install-webui.yml +#- include: install/install-compute.yml +#- include: install/install-interface.yml + + +- name: Provision route on all hosts for Open Contrail + include: provision/provision-route.yml + when: groups['opencontrail_control']|length !=0 + + +#- name: Provision rabbitmq on config for Open Contrail +# include: provision/provision-rabbitmq.yml +# when: inventory_hostname in groups['opencontrail_config'] + + +- name: Provision increase limits for Open Contrail + include: provision/provision-increase-limits.yml + when: inventory_hostname in groups['opencontrail_control'] or inventory_hostname in groups['opencontrail_config'] or inventory_hostname in groups['opencontrail_collector'] or inventory_hostname in groups['opencontrail_database'] + + +- name: Provision database for Open Contrail + include: provision/provision-database.yml + when: inventory_hostname in groups['opencontrail_database'] + + +- name: Provision config for Open Contrail + include: provision/provision-config.yml + when: inventory_hostname in groups['opencontrail_config'] + + +- name: Provision control for Open Contrail + include: provision/provision-control.yml + when: inventory_hostname in groups['opencontrail_control'] + + +- name: Provision collector for Open Contrail + include: provision/provision-collector.yml + when: inventory_hostname in groups['opencontrail_collector'] + + +- name: Provision add nodes for Open Contrail + include: provision/provision-add-nodes.yml + when: groups['opencontrail_control']|length !=0 + + +- name: Provision webui for Open Contrail + include: provision/provision-webui.yml + when: inventory_hostname in groups['opencontrail_webui'] + + +- name: Provision compute for Open Contrail + include: provision/provision-compute.yml + when: inventory_hostname in groups['opencontrail_compute'] + + +#- name: Provision tsn for Open Contrail +# include: provision/provision-tsn.yml +# when: inventory_hostname in groups['opencontrail_tsn'] + + +#- name: Provision toragent for Open Contrail +# include: provision/provision-toragent.yml +# when: inventory_hostname in groups['opencontrail_tsn'] + +#- include: provision/provision-route.yml +#- include: provision/provision-rabbitmq.yml +#- include: provision/provision-increase-limits.yml +#- include: provision/provision-database.yml +#- include: provision/provision-config.yml +#- include: provision/provision-control.yml +#- include: provision/provision-collector.yml +#- include: provision/provision-add-nodes.yml +#- include: provision/provision-webui.yml +#- include: provision/provision-compute.yml +#- include: provision/provision-tsn.yml +#- include: provision/provision-toragent.yml diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml new file mode 100755 index 00000000..f16a8500 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml @@ -0,0 +1,20 @@ +--- +- name: "disable ufw" + ufw: + state: "disabled" + +- name: "change value of kernel.core_pattern" + sysctl: + name: "kernel.core_pattern" + value: "/var/crashes/core.%e.%p.%h.%t" + +- name: "change value of net.ipv4.ip_forward" + sysctl: + name: "net.ipv4.ip_forward" + value: "1" + +- name: "make crashes directory" + file: + path: "/var/crashes" + state: "directory" + mode: 0777 diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml new file mode 100755 index 00000000..ec6b2fe0 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml @@ -0,0 +1,30 @@ +--- +- name: 'stop rabbitmq server' + service: + name: 'rabbitmq-server' + state: 'stopped' + +- name: 'check beam process' + shell: 'ps ax | grep -v grep | grep beam' + register: beam_process + changed_when: no + ignore_errors: yes + +- name: 'kill beam processes' + shell: 'pkill -9 beam' + when: beam_process.stdout + +- name: 'check epmd process' + shell: 'ps ax | grep -v grep | grep epmd' + register: epmd_process + changed_when: no + ignore_errors: yes + +- name: 'kill epmd processes' + shell: 'pkill -9 epmd' + when: epmd_process.stdout + +- name: 'remove mnesia directory' + file: + name: '/var/lib/rabbitmq/mnesia' + state: 'absent' diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml new file mode 100755 index 00000000..d7776af2 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml @@ -0,0 +1,26 @@ +--- +- name: "stop redis server" + service: + name: "redis-server" + state: "stopped" + +- name: "modify redis server configuration" + replace: + dest: "/etc/redis/redis.conf" + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" + with_items: + - { regexp: "^\\s*bind", replace: "#bind" } + - { regexp: "^\\s*save", replace: "#save" } + - { regexp: "^\\s*dbfilename", replace: "#dbfilename" } + - { regexp: "^\\s*lua-time-limit\\s*\\d*", replace: "lua-time-limit 15000" } + +- name: "delete redis dump" + file: + dest: "/var/lib/redis/dump.rdb" + state: "absent" + +- name: "start redis server" + service: + name: "redis-server" + state: "started" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml new file mode 100755 index 00000000..77ee20e3 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml @@ -0,0 +1,95 @@ +--- +- name: "change owner nova log directory" + file: + dest: "/var/log/nova" + state: "directory" + owner: "nova" + group: "nova" + recurse: yes + +- name: "delete values from nova config" + ini_file: + dest: "/etc/nova/nova.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + with_items: + - { section: "DEFAULT", option: "sql_connection" } + - { section: "DEFAULT", option: "quantum_admin_tenant_name" } + - { section: "DEFAULT", option: "quantum_admin_username" } + - { section: "DEFAULT", option: "quantum_admin_password" } + - { section: "DEFAULT", option: "quantum_admin_auth_url" } + - { section: "DEFAULT", option: "quantum_auth_strategy" } + - { section: "DEFAULT", option: "quantum_url" } + +- name: "set values to nova config" + ini_file: + dest: "/etc/nova/nova.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - { section: "DEFAULT", option: "auth_strategy", value: "keystone" } + - { section: "DEFAULT", option: "libvirt_nonblocking", value: "True" } + - { section: "DEFAULT", option: "libvirt_inject_partition", value: "-1" } + - { section: "DEFAULT", option: "rabbit_host", value: "{{ hostvars[groups['config'][0]]['contrail_address'] }}" } + - { section: "DEFAULT", option: "rabbit_port", value: "5672" } + - { section: "DEFAULT", option: "glance_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" } + - { section: "DEFAULT", option: "glance_port", value: "9292" } + - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" } + - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" } + - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" } + - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_address'] }}:35357/v2.0/" } + - { section: "DEFAULT", option: "neutron_url", value: "http://{{ hostvars[groups['config'][0]]['contrail_address'] }}:9696/" } + - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" } + - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" } + - { section: "DEFAULT", option: "compute_driver", value: "libvirt.LibvirtDriver" } + - { section: "DEFAULT", option: "network_api_class", value: " nova_contrail_vif.contrailvif.ContrailNetworkAPI" } + - { section: "DEFAULT", option: "ec2_private_dns_show_ip", value: "False" } + - { section: "DEFAULT", option: "novncproxy_base_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_mgmt_address'] }}:5999/vnc_auto.html" } + - { section: "DEFAULT", option: "vncserver_enabled", value: "True" } + - { section: "DEFAULT", option: "vncserver_listen", value: "{{ contrail_address }}" } + - { section: "DEFAULT", option: "vncserver_proxyclient_address", value: "{{ contrail_address }}" } + - { section: "DEFAULT", option: "security_group_api", value: "neutron" } + - { section: "DEFAULT", option: "heal_instance_info_cache_interval", value: "0" } + - { section: "DEFAULT", option: "image_cache_manager_interval", value: "0" } + - { section: "DEFAULT", option: "libvirt_cpu_mode", value: "none" } + - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" } + - { section: "database", option: "connection", value: "mysql://nova:nova@{{ hostvars[groups['openstack'][0]]['contrail_address'] }}/nova?charset=utf8" } + - { section: "database", option: "idle_timeout", value: "180" } + - { section: "database", option: "max_retries", value: "-1" } + - { section: "keystone_authtoken", option: "admin_tenant_name", value: "service" } + - { section: "keystone_authtoken", option: "admin_user", value: "nova" } + - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" } + - { section: "keystone_authtoken", option: "auth_protocol", value: "http" } + - { section: "keystone_authtoken", option: "auth_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" } + - { section: "keystone_authtoken", option: "signing_dir", value: "/tmp/keystone-signing-nova" } + +- name: "change database address if same node as first openstack node" + ini_file: + dest: "/etc/nova/nova.conf" + section: "database" + option: "connection" + value: "mysql://nova:nova@127.0.0.1/nova?charset=utf8" + when: groups['openstack'][0] == inventory_hostname + +- name: "add respawn to nova compute config" + lineinfile: + dest: "/etc/init/nova-compute.conf" + line: "respawn" + insertbefore: "pre-start script" + +- name: "add respawn limit to nova compute config" + lineinfile: + dest: "/etc/init/nova-compute.conf" + line: "respawn limit 10 90" + insertafter: "respawn" + +- name: "restart nova compute" + service: + name: "nova-compute" + state: "restarted" + +- name: "delete nova sqlite database" + file: + dest: "/var/lib/nova/nova.sqlite" + state: "absent" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml new file mode 100755 index 00000000..8245c046 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml @@ -0,0 +1,39 @@ +--- +- hosts: config + sudo: yes + tasks: + - name: "provision config node" + shell: "python /opt/contrail/utils/provision_config_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" + +- hosts: database + sudo: yes + tasks: + - name: "provision database node" + shell: "python /opt/contrail/utils/provision_database_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" + +- hosts: collector + sudo: yes + tasks: + - name: "provision collector node" + shell: "python /opt/contrail/utils/provision_analytics_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" + +- hosts: control + sudo: yes + tasks: + - name: "provision control node" + shell: "python /opt/contrail/utils/provision_control.py --api_server_ip {{ contrail_haproxy_address }} --api_server_port 8082 --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_asn {{ contrail_router_asn }}" + +- hosts: config + sudo: yes + tasks: + - name: "provision metadata services" + shell: "python /opt/contrail/utils/provision_linklocal.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --ipfabric_service_ip 10.84.50.1 --ipfabric_service_port 8775 --linklocal_service_name metadata --linklocal_service_ip 169.254.169.254 --linklocal_service_port 80" + run_once: yes + + +- hosts: config + sudo: yes + tasks: + - name: "provision encap" + shell: "python /opt/contrail/utils/provision_encap.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --oper add --encap_priority MPLSoUDP,MPLSoGRE,VXLAN" + run_once: yes diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml new file mode 100755 index 00000000..5dd72d77 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml @@ -0,0 +1,98 @@ +--- +#- hosts: collector +# sudo: yes +# tasks: + +- name: "enable supervisor analytics" + file: + path: "/etc/init/supervisor-analytics.override" + state: "absent" + + +- name: "redis-setup" + include: -redis-setup.yml + + +- name: "node-common" + include: -node-common.yml + + +- name: "fix up contrail collector config" + template: + src: "provision/contrail-collector-conf.j2" + dest: "/etc/contrail/contrail-collector.conf" + + +- name: "fix up contrail query engine config" + template: + src: "provision/contrail-query-engine-conf.j2" + dest: "/etc/contrail/contrail-query-engine.conf" + + +- name: "fix up contrail analytics api config" + template: + src: "provision/contrail-analytics-api-conf.j2" + dest: "/etc/contrail/contrail-analytics-api.conf" + + +- name: "modify contrail analytics nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-analytics-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + + +- name: "fix up contrail keystone auth config" + template: + src: "provision/contrail-keystone-auth-conf.j2" + dest: "/etc/contrail/contrail-keystone-auth.conf" + force: no + + +- name: "delete contrail alarm gen supervisord config file" + file: + dest: "/etc/contrail/supervisord_analytics_files/contrail-alarm-gen.ini" + state: "absent" + + +- name: "modify contrail snmp collector config file" + ini_file: + dest: "/etc/contrail/contrail-snmp-collector.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - { section: "DEFAULTS", option: "zookeeper", value: "{{ contrail_address }}:2128" } + - { section: "DISCOVERY", option: "disc_server_ip", value: "{{ contrail_haproxy_address }}" } + - { section: "DISCOVERY", option: "disc_server_port", value: "5998" } + + +- name: "modify contrail snmp collector ini file" + ini_file: + dest: "/etc/contrail/supervisord_analytics_files/contrail-snmp-collector.ini" + section: "program:contrail-snmp-collector" + option: "command" + value: "/usr/bin/contrail-snmp-collector --conf_file /etc/contrail/contrail-snmp-collector.conf --conf_file /etc/contrail/contrail-keystone-auth.conf" + + +- name: "modify contrail topology config file" + ini_file: + dest: "/etc/contrail/contrail-topology.conf" + section: "DEFAULTS" + option: "zookeeper" + value: "{{ contrail_address }}" + + +- name: "modify contrail topology ini file" + ini_file: + dest: "/etc/contrail/supervisord_analytics_files/contrail-topology.ini" + section: "program:contrail-topology" + option: "command" + value: "/usr/bin/contrail-topology --conf_file /etc/contrail/contrail-topology.conf" + + +- name: "restart supervisor analytics" + service: + name: "supervisor-analytics" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml new file mode 100755 index 00000000..41ea5c25 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml @@ -0,0 +1,175 @@ +--- +#- hosts: compute +# sudo: yes +# tasks: +- name: "enable supervisor vrouter" + file: + path: "/etc/init/supervisor-vrouter.override" + state: "absent" + +- include: -node-common.yml + +- name: "check cgroup device acl in qemu conf" + shell: "grep -q '^\\s*cgroup_device_acl' /etc/libvirt/qemu.conf" + register: deviceacl + ignore_errors: yes + changed_when: no + +- name: "create cgroup device acl for qemu conf" + template: + src: "provision/qemu-device-acl-conf.j2" + dest: "/tmp/qemu-device-acl.conf" + when: deviceacl | failed + +- name: "combination of the qemu configuration" + shell: "cat /tmp/qemu-device-acl.conf >> /etc/libvirt/qemu.conf" + when: deviceacl | failed + +- name: "delete temporary configuration file" + file: + dest: "/tmp/qemu-device-acl.conf" + state: "absent" + when: deviceacl | failed + +- name: "fix up vrouter nodemgr param" + template: + src: "provision/vrouter-nodemgr-param.j2" + dest: "/etc/contrail/vrouter_nodemgr_param" + +- name: "set contrail device name for ansible" + set_fact: + contrail_ansible_device: "ansible_{{ contrail_device }}" + +- name: "fix up default pmac" + template: + src: "provision/default-pmac.j2" + dest: "/etc/contrail/default_pmac" + +- name: "copy agent param config from template" + shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param" + +- name: "modify agent param config" + lineinfile: + dest: "/etc/contrail/agent_param" + regexp: "dev=__DEVICE__" + line: "dev={{ contrail_device }}" + +- name: "fix up contrail vrouter agent config" + template: + src: "provision/contrail-vrouter-agent-conf.j2" + dest: "/etc/contrail/contrail-vrouter-agent.conf" + +- name: "delete lines for contrail interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "delete lines for vrouter interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "configure interface" + lineinfile: + dest: "/etc/network/interfaces" + line: "{{ item }}" + state: "present" + with_items: + - "auto {{ contrail_device }}" + - "iface {{ contrail_device }} inet manual" + - "\tpre-up ifconfig {{ contrail_device }} up" + - "\tpost-down ifconfig {{ contrail_device }} down" + - "auto vhost0" + - "iface vhost0 inet static" + - "\tpre-up /opt/contrail/bin/if-vhost0" + - "\tnetwork_name application" + - "\taddress {{ contrail_address }}" + - "\tnetmask {{ contrail_netmask }}" + +- name: "delete temporary files" + file: + dest: "{{ item }}" + state: "absent" + with_items: + - "/tmp/contrail-interfaces-top" + - "/tmp/contrail-interfaces-bottom" + +- name: "fix up contrail vrouter nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-vrouter-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "restart libvirt bin" + service: + name: "libvirt-bin" + state: "restarted" + +#- name: "set value of nova to nova config" +# template: +# src: "provision/nova.j2" +# dest: "/etc/nova/nova.conf" +# when: install_nova + +#- name: "delete values from nova config" +# ini_file: +# dest: "/etc/nova/nova.conf" +# section: "{{ item.section }}" +# option: "{{ item.option }}" +# with_items: +# - { section: "DEFAULT", option: "quantum_auth_strategy" } +# - { section: "DEFAULT", option: "quantum_admin_auth_url" } +# - { section: "DEFAULT", option: "quantum_admin_tenant_name" } +# - { section: "DEFAULT", option: "quantum_admin_username" } +# - { section: "DEFAULT", option: "quantum_admin_password" } +# - { section: "DEFAULT", option: "quantum_url" } + +#- name: "set values of neutron to nova config" +# ini_file: +# dest: "/etc/nova/nova.conf" +# section: "{{ item.section }}" +# option: "{{ item.option }}" +# value: "{{ item.value }}" +# state: "present" +# with_items: +# - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ contrail_keystone_address }}:5000/v2.0" } +# - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" } +# - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" } +# - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" } +# - { section: "DEFAULT", option: "neutron_url", value: "http://{{ contrail_haproxy_address }}:9696/" } +# - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" } +# - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" } +# - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" } + +#- name: "restart nova compute" +# service: +# name: "nova-compute" +# state: "restarted" + +#- name: "add vrouter to contrail" +# shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}" +# +#- name: "reboot Server" +# shell: "shutdown -r now" +# async: 0 +# poll: 0 +# ignore_errors: true +# notify: Wait for server to come back +# +#handlers: +#- name: "Wait for server to come back" +# local_action: +# module: wait_for +# host={{ inventory_hostname }} +# port=22 +# delay=30 +# timeout=600 diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml new file mode 100755 index 00000000..8aa8f43b --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml @@ -0,0 +1,280 @@ +--- +#- hosts: config +# sudo: yes +# tasks: +- name: "enable supervisor config" + file: + path: "/etc/init/supervisor-config.override" + state: "absent" + +- name: "enable neutron server" + file: + path: "/etc/init/neutron-server.override" + state: "absent" + +# Compass is using this +#- name: "enable haproxy" +# replace: +# dest: "/etc/default/haproxy" +# regexp: "^ENABLED\\s*=.*$" +# replace: "ENABLED=1" + +# Compass is using this +#- name: "modify haproxy global configuration" +# lineinfile: +# dest: "/etc/haproxy/haproxy.cfg" +# regexp: "{{ item.regexp }}" +# line: "{{ item.line }}" +# insertafter: "^global" +# with_items: +# - { regexp: "^\\s*tune.bufsize", line: "\ttune.bufsize 16384" } +# - { regexp: "^\\s*tune.maxrewrite", line: "\ttune.maxrewrite 1024" } + +- name: "delete haproxy configuration for contrail" + shell: "sed -i -e '/^#contrail-marker-start/,/^#contrail-marker-end/d' /etc/haproxy/haproxy.cfg" + +- name: "create haproxy configuration for contrail" + template: + src: "provision/haproxy-contrail-cfg.j2" + dest: "/tmp/haproxy-contrail.cfg" + +- name: "combination of the haproxy configuration" + shell: "cat /tmp/haproxy-contrail.cfg >> /etc/haproxy/haproxy.cfg" + +- name: "delete temporary configuration file" + file: + dest: "/tmp/haproxy-contrail.cfg" + state: "absent" + +- name: "restart haproxy" + service: + name: "haproxy" + state: "restarted" + +# Compass is using this +#- name: "create keepalived configuration" +# template: +# src: "provision/keepalived-conf.j2" +# dest: "/etc/keepalived/keepalived.conf" +# with_indexed_items: groups['opencontrail_config'] +# when: contrail_keepalived and item.1 == inventory_hostname + +#- name: "restart keepalived" +# service: +# name: "keepalived" +# state: "restarted" +# when: contrail_keepalived + +- name: "node-common" + include: -node-common.yml + +- name: "fix up contrail keystone auth config" + template: + src: "provision/contrail-keystone-auth-conf.j2" + dest: "/etc/contrail/contrail-keystone-auth.conf" + +- name: "fix up ifmap server log4j properties" + template: + src: "provision/ifmap-log4j-properties.j2" + dest: "/etc/ifmap-server/log4j.properties" + +- name: "fix up ifmap server authorization properties" + template: + src: "provision/ifmap-authorization-properties.j2" + dest: "/etc/ifmap-server/authorization.properties" + +- name: "fix up ifmap server basicauthusers properties" + template: + src: "provision/ifmap-basicauthusers-properties.j2" + dest: "/etc/ifmap-server/basicauthusers.properties" + +- name: "fix up ifmap server publisher properties" + template: + src: "provision/ifmap-publisher-properties.j2" + dest: "/etc/ifmap-server/publisher.properties" + +- name: "fix up contrail api config" + template: + src: "provision/contrail-api-conf.j2" + dest: "/etc/contrail/contrail-api.conf" + +- name: "fix up contrail api supervisord config" + template: + src: "provision/contrail-api-supervisord-conf.j2" + dest: "/etc/contrail/supervisord_config_files/contrail-api.ini" + +- name: "modify contrail api init script" + lineinfile: + dest: "/etc/init.d/contrail-api" + regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock" + line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`" + +- name: "fix up contrail schema config" + template: + src: "provision/contrail-schema-conf.j2" + dest: "/etc/contrail/contrail-schema.conf" + +- name: "fix up contrail device manager config" + template: + src: "provision/contrail-device-manager-conf.j2" + dest: "/etc/contrail/contrail-device-manager.conf" + +- name: "fix up contrail svc monitor config" + template: + src: "provision/contrail-svc-monitor-conf.j2" + dest: "/etc/contrail/contrail-svc-monitor.conf" + +- name: "fix up contrail discovery supervisord config" + template: + src: "provision/contrail-discovery-supervisord-conf.j2" + dest: "/etc/contrail/supervisord_config_files/contrail-discovery.ini" + +- name: "fix up contrail discovery config" + template: + src: "provision/contrail-discovery-conf.j2" + dest: "/etc/contrail/contrail-discovery.conf" + +- name: "modify contrail discovery init script" + lineinfile: + dest: "/etc/init.d/contrail-discovery" + regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock" + line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`" + +- name: "fix up contrail vnc api library config" + template: + src: "provision/contrail-vnc-api-lib-ini.j2" + dest: "/etc/contrail/vnc_api_lib.ini" + +- name: "fix up contrail config nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-config-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "fix up contrail sudoers" + template: + src: "provision/contrail-sudoers.j2" + dest: "/etc/sudoers.d/contrail_sudoers" + mode: 0440 + +- name: "create directory for neutron plugins" + file: + dest: "/etc/neutron/plugins/opencontrail" + state: "directory" + +- name: "fix up contrail plugin for nuetron" + template: + src: "provision/neutron-contrail-plugin-ini.j2" + dest: "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini" + +- name: "modify neutron server configuration" + lineinfile: + dest: "/etc/default/neutron-server" + regexp: "NEUTRON_PLUGIN_CONFIG=" + line: "NEUTRON_PLUGIN_CONFIG=\"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini\"" + +#- name: "change owner neutron log directory" +# file: +# dest: "/var/log/neutron" +# state: "directory" +# owner: "neutron" +# group: "neutron" +# recurse: yes + +#- name: "set values to neutron config" +# ini_file: +# dest: "/etc/neutron/neutron.conf" +# section: "{{ item.section }}" +# option: "{{ item.option }}" +# value: "{{ item.value }}" +# with_items: +# - { section: "DEFAULT", option: "bind_port", value: "9697" } +# - { section: "DEFAULT", option: "auth_strategy", value: "keystone" } +# - { section: "DEFAULT", option: "allow_overlapping_ips", value: "True" } +# - { section: "DEFAULT", option: "core_plugin", value: "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" } +# - { section: "DEFAULT", option: "api_extensions_path", value: "extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions" } +# - { section: "DEFAULT", option: "rabbit_host", value: "{{ contrail_haproxy_address }}" } +# - { section: "DEFAULT", option: "rabbit_port", value: "5673" } +# - { section: "DEFAULT", option: "service_plugins", value: "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin" } +# - { section: "service_providers", option: "service_provider", value: "LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default" } +# - { section: "quotas", option: "quota_driver", value: "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver" } +# - { section: "quotas", option: "quota_network", value: "-1" } +# - { section: "quotas", option: "quota_subnet", value: "-1" } +# - { section: "quotas", option: "quota_port", value: "-1" } +# - { section: "keystone_authtoken", option: "admin_tenant_name", value: "admin" } +# - { section: "keystone_authtoken", option: "admin_user", value: "{{ contrail_admin_user }}" } +# - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" } +# - { section: "keystone_authtoken", option: "auth_host", value: "{{ contrail_keystone_address }}" } +# - { section: "keystone_authtoken", option: "auth_protocol", value: "http" } + +#- name: "add respawn to neutron server config" +# lineinfile: +# dest: "/etc/init/neutron-server.conf" +# line: "respawn" +# insertbefore: "pre-start script" + +#- name: "add respawn limit to neutron server config" +# lineinfile: +# dest: "/etc/init/neutron-server.conf" +# line: "respawn limit 10 90" +# insertafter: "respawn" + +- name: "restart supervisor config" + service: + name: "supervisor-config" + state: "restarted" + + +#- name: "restart neutron-server" +# service: +# name: "neutron-server" +# state: "restarted" + +# Compass configured +#- name: "add neutron service" +# shell: "keystone service-get 'neutron' || keystone service-create --name 'neutron' --type 'network' --description 'Neutron Network Service'" +# environment: +# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0" +# OS_USERNAME: "{{ contrail_admin_user }}" +# OS_PASSWORD: "{{ contrail_admin_password }}" +# OS_TENANT_NAME: "admin" +# run_once: yes +# when: keystone_provision +# +# +# Compass configured +#- name: "add neutron endpoint" +# shell: "keystone endpoint-list | grep -q $(keystone service-get 'neutron' | grep '| *id *|' | awk '{print $4}') || keystone endpoint-create --region 'RegionOne' --service 'neutron' --publicurl 'http://{{ contrail_haproxy_address }}:9696' --internal 'http://{{ contrail_haproxy_address }}:9696' --adminurl 'http://{{ contrail_haproxy_address }}:9696'" +# environment: +# OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0" +# OS_USERNAME: "{{ contrail_admin_user }}" +# OS_PASSWORD: "{{ contrail_admin_password }}" +# OS_TENANT_NAME: "admin" +# run_once: yes +# when: keystone_provision +# +#- name: "add neutron user" +# keystone_user: +# user: "neutron" +# password: "{{ contrail_admin_password }}" +# email: "neutron@example.com" +# tenant: "service" +# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0" +# login_user: "{{ contrail_admin_user }}" +# login_password: "{{ contrail_admin_password }}" +# login_tenant_name: "admin" +# run_once: yes +# when: keystone_provision +# +#- name: "apply role to user" +# keystone_user: +# tenant: "service" +# user: "neutron" +# role: "admin" +# endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0" +# login_user: "{{ contrail_admin_user }}" +# login_password: "{{ contrail_admin_password }}" +# login_tenant_name: "admin" +# run_once: yes +# when: keystone_provision diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml new file mode 100755 index 00000000..e36d8f22 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml @@ -0,0 +1,59 @@ +--- +#- hosts: control +# sudo: yes +# tasks: +- name: "enable supervisor control" + file: + path: "/etc/init/supervisor-control.override" + state: "absent" + +- name: "enable supervisor dns" + file: + path: "/etc/init/supervisor-dns.override" + state: "absent" + +- name: "modify ifmap server basicauthusers properties for control" + lineinfile: + dest: "/etc/ifmap-server/basicauthusers.properties" + line: "{{ hostvars[item]['contrail_address' ] }}:{{ hostvars[item]['contrail_address' ] }}" + with_items: groups['opencontrail_control'] + +- name: "modify ifmap server basicauthusers properties for dns" + lineinfile: + dest: "/etc/ifmap-server/basicauthusers.properties" + line: "{{ hostvars[item]['contrail_address' ] }}.dns:{{ hostvars[item]['contrail_address' ] }}.dns" + with_items: groups['opencontrail_control'] + +- name: "node-common" + include: -node-common.yml + +- name: "fix up contrail control config" + template: + src: "provision/contrail-control-conf.j2" + dest: "/etc/contrail/contrail-control.conf" + +- name: "fix up contrail dns config" + template: + src: "provision/contrail-dns-conf.j2" + dest: "/etc/contrail/contrail-dns.conf" + +- name: "fix up contrail control nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-control-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "modify dns configuration" + replace: + dest: "/etc/contrail/dns/{{ item }}" + regexp: "secret \"secret123\"" + replace: "secret \"xvysmOR8lnUQRBcunkC6vg==\"" + with_items: + - "contrail-rndc.conf" + - "contrail-named.conf" + +- name: "restart supervisor control" + service: + name: "supervisor-control" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml new file mode 100755 index 00000000..6807d7d4 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml @@ -0,0 +1,190 @@ +--- +#- hosts: database +# sudo: yes +# tasks: + + +- name: "enable supervisor database" +# sudo: True + file: + path: "/etc/init/supervisor-database.override" + state: "absent" + + +- name: "-node-common" +# sudo: True + include: -node-common.yml + + +- name: "update hosts" +# sudo: True + lineinfile: + dest: "/etc/hosts" + regexp: "^{{ contrail_address }}\t{{ ansible_hostname }}( .*)?$" + line: "{{ contrail_address }}\t{{ ansible_hostname }}\\1" + backrefs: yes + + +- name: "make directory for contrail analytics" +# sudo: True + file: + path: "/var/lib/cassandra/data/ContrailAnalytics" + state: "directory" + + +- name: "modify cassandra conf" +# sudo: True + lineinfile: + dest: "/etc/cassandra/cassandra.yaml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^(#(\\s*)?)?listen_address:", line: "listen_address: {{ contrail_address }}"} + - { regexp: "^(#(\\s*)?)?cluster_name:", line: "cluster_name: \"Contrail\"" } + - { regexp: "^(#(\\s*)?)?rpc_address:", line: "rpc_address: {{ contrail_address }}" } + - { regexp: "^(#(\\s*)?)?num_tokens:", line: "num_tokens: 256" } + - { regexp: "^(#(\\s*)?)?initial_token:", line: "# initial_token:" } + + +- name: "set first database host seed" +# sudo: True + set_fact: + dbseeds: "{{ hostvars[item.1]['contrail_address'] }}" + with_indexed_items: groups['database'] + when: item.0 == 0 + + +- name: "set second database host seed" +# sudo: True + set_fact: + dbseeds: "{{ dbseeds }},{{ hostvars[item.1]['contrail_address'] }}" + with_indexed_items: groups['database'] + when: item.0 == 1 + + +- name: "modify seeds list in cassandra conf" +# sudo: True + replace: + dest: "/etc/cassandra/cassandra.yaml" + regexp: "- seeds:.*$" + replace: "- seeds: {{ dbseeds }}" + + +- name: "modify cassandra env" +# sudo: True + replace: + dest: "/etc/cassandra/cassandra-env.sh" + regexp: "{{ item.regexp }}" + replace: "{{ item.replace }}" + with_items: + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDetails\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDetails\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xss\\d+k\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xss512k\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDateStamps\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDateStamps\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintHeapAtGC\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintHeapAtGC\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintTenuringDistribution\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintTenuringDistribution\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCApplicationStoppedTime\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCApplicationStoppedTime\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintPromotionFailure\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintPromotionFailure\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:PrintFLSStatistics=1\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:PrintFLSStatistics=1\"" } + - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date \\+%s`\\.log\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log\"" } + + +- name: "modify zookeeper conf" +# sudo: True + lineinfile: + dest: "/etc/zookeeper/conf/zoo.cfg" + line: "{{ item }}" + with_items: + - "maxSessionTimeout=120000" + - "autopurge.purgeInterval=3" + + +- name: "modify zookeeper log4j properties" +# sudo: True + lineinfile: + dest: "/etc/zookeeper/conf/log4j.properties" + regexp: "(log4j.appender.ROLLINGFILE.MaxBackupIndex=.*)$" + line: "\\1" + backrefs: yes + + +- name: "add server addresses to zookeeper config" +# sudo: True + lineinfile: + dest: "/etc/zookeeper/conf/zoo.cfg" + regexp: "server.{{ item.0 + 1 }}=" + line: "server.{{ item.0 + 1 }}={{ hostvars[item.1]['contrail_address'] }}:2888:3888" + with_indexed_items: groups['database'] + + +- name: "set zookeeper unique id" +# sudo: True + template: + src: "templates/zookeeper-unique-id.j2" + dest: "/var/lib/zookeeper/myid" + with_indexed_items: groups['database'] + when: item.1 == inventory_hostname + + +- name: "remove kafka ini file" +# sudo: True + file: + path: "/etc/contrail/supervisord_database_files/kafka.ini" + state: "absent" + + +- name: "set first zookeeper host address" +# sudo: True + set_fact: + zkaddrs: "{{ hostvars[item.1]['contrail_address'] }}:2181" + with_indexed_items: groups['database'] + when: item.0 == 0 + + +- name: "set second or more zookeeper host addresses" +# sudo: True + set_fact: + zkaddrs: "{{ zkaddrs }},{{ hostvars[item.1]['contrail_address'] }}:2181" + with_indexed_items: groups['database'] + when: item.0 > 0 + + +- name: "modify zookeeper host addresses in kafka properties" +# sudo: True + lineinfile: + dest: "/usr/share/kafka/config/server.properties" + regexp: "zookeeper.connect=" + line: "zookeeper.connect={{ zkaddrs }}" + + +- name: "modify kafka properties" +# sudo: True + lineinfile: + dest: "/usr/share/kafka/config/server.properties" + regexp: "default.replication.factor=" + line: "default.replication.factor=2" + + +- name: "fix up contrail database nodemgr config" +# sudo: True + ini_file: + dest: "/etc/contrail/contrail-database-nodemgr.conf" + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + with_items: + - { section: "DEFAULT", option: "hostip", value: "{{ contrail_address }}" } + - { section: "DISCOVERY", option: "server", value: "{{ contrail_haproxy_address }}" } + + +- name: "restart zookeeper" +# sudo: True + service: + name: "zookeeper" + state: "restarted" + + +- name: "restart supervisor database" +# sudo: True + service: + name: "supervisor-database" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml new file mode 100755 index 00000000..1a78e832 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml @@ -0,0 +1,52 @@ +--- +#- hosts: [database, config, control, collector] +# sudo: yes +# tasks: +- name: "delete line" +# sudo: True + lineinfile: + dest: "/etc/limits.conf" + regexp: "^root\\s*soft\\s*nproc\\s*.*" + state: "absent" + +- name: "check EOF" +# sudo: True + lineinfile: + dest: "/etc/security/limits.conf" + regexp: "^# End of file" + line: "# End of file" + +- name: "add lines" +# sudo: True + lineinfile: + dest: "/etc/security/limits.conf" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + insertbefore: "^# End of file" + with_items: + - { regexp: "^root\\s*hard\\s*nofile\\s*.*", line: "root hard nofile 65535" } + - { regexp: "^root\\s*soft\\s*nofile\\s*.*", line: "root soft nofile 65535" } + - { regexp: "^\\*\\s*hard\\s*nofile\\s*.*", line: "* hard nofile 65535" } + - { regexp: "^\\*\\s*soft\\s*nofile\\s*.*", line: "* soft nofile 65535" } + - { regexp: "^\\*\\s*hard\\s*nproc\\s*.*", line: "* hard nproc 65535" } + - { regexp: "^\\*\\s*soft\\s*nproc\\s*.*", line: "* soft nproc 65535" } + +- name: change value of sysctl fs.file-max +# sudo: True + sysctl: + name: "fs.file-max" + value: "65535" + +- name: "find supervisord conf files" +# sudo: True + shell: "find /etc/contrail -name supervisor*.conf -type f" + register: supervisordconfs + changed_when: no + +- name: "modify supervisord conf" +# sudo: True + replace: + dest: "{{ item }}" + regexp: "^minfds=\\d*" + replace: "minfds=10240" + with_items: supervisordconfs.stdout_lines diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml new file mode 100755 index 00000000..b2785d8f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml @@ -0,0 +1,103 @@ +--- +#- hosts: config +# sudo: yes +# tasks: +- name: "start supervisor support service" +# sudo: True + service: + name: "supervisor-support-service" + state: "started" + + + +- name: "stop rabbitmq server via supervisor" +# sudo: True + supervisorctl: + name: "rabbitmq-server" + state: "stopped" + server_url: "unix:///tmp/supervisord_support_service.sock" + + + +- name: "-rabbitmq-stop" +# sudo: True + include: -rabbitmq-stop.yml + + + +- name: "update hosts" +# sudo: True + lineinfile: + dest: "/etc/hosts" + line: "{{ hostvars[item]['contrail_address'] }}\t{{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'] }}-ctrl" + with_items: groups['opencontrail_config'] + + + +- name: "fix up rabbitmq env" +# sudo: True + template: + src: "provision/rabbitmq-env-conf.j2" + dest: "/etc/rabbitmq/rabbitmq-env.conf" + + + +- name: "fix up rabbitmq config for single node" +# sudo: True + template: + src: "provision/rabbitmq-conf-single.j2" + dest: "/etc/rabbitmq/rabbitmq.config" + when: groups['opencontrail_config'][1] is not defined + + + +- name: fix up rabbitmq config for multi nodes +# sudo: True + template: + src: "provision/rabbitmq-conf.j2" + dest: "/etc/rabbitmq/rabbitmq.config" + when: groups['opencontrail_config'][1] is defined + + + +- name: "-rabbitmq-stop" +# sudo: True + include: -rabbitmq-stop.yml + + + +- name: "create cookie uuid temporary" +# sudo: True + local_action: + module: "template" + src: "provision/rabbitmq-cookie.j2" + dest: "/tmp/tmp-rabbitmq-cookie" + run_once: yes + + +- name: "update cookie uuid" +# sudo: True + copy: + src: "/tmp/tmp-rabbitmq-cookie" + dest: "/var/lib/rabbitmq/.erlang.cookie" + owner: "rabbitmq" + group: "rabbitmq" + mode: 0400 + + + +- name: "delete temporary cookie uuid" +# sudo: True + local_action: + module: "file" + dest: "/tmp/tmp-rabbitmq-cookie" + state: "absent" + run_once: yes + + + +- name: "start rabbitmq server" +# sudo: True + service: + name: "rabbitmq-server" + state: "started" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml new file mode 100755 index 00000000..edf829ec --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml @@ -0,0 +1,42 @@ +--- +#- hosts: all +# sudo: yes +# tasks: +- name: "delete existing route file" +# sudo: True + file: + path: "/etc/network/if-up.d/routes" + state: absent + when: contrail_route + +- name: "create route file" +# sudo: True + file: + path: "/etc/network/if-up.d/routes" + owner: "root" + mode: 0755 + state: touch + when: contrail_route + + +- name: "add template" +# sudo: True + lineinfile: + dest: "/etc/network/if-up.d/routes" + line: "{{ item }}" + with_items: + - "#!/bin/bash" + - "[ \"$IFACE\" != {{ contrail_route[0].device }} ] && exit 0" + when: contrail_route + + +- name: "add static route" +# sudo: True + lineinfile: + dest: "/etc/network/if-up.d/routes" + line: "ip route add {{ item.ip }} via {{ item.gw }} dev {{ item.device }}" + state: "present" + with_items: + - "{{ contrail_route }}" + when: contrail_route + diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml new file mode 100755 index 00000000..87810732 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml @@ -0,0 +1,77 @@ +--- +#- hosts: tsn +# sudo: yes +# tasks: +- name: "create temporary directory for ssl files" + local_action: + module: "file" + dest: "/tmp/tmp-toragent-{{ item }}" + state: "directory" + with_items: + - "certs" + - "private" + run_once: yes + +- name: "create ssl files" + local_action: "shell openssl req -new -x509 -days 3650 -text -sha256 -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/O={{ item.1.vendor_name }}/CN={{ ansible_fqdn }}\" -keyout /tmp/tmp-toragent-private/tor.{{ item.0 }}.privkey.pem -out /tmp/tmp-toragent-certs/tor.{{ item.0 }}.cert.pem" + with_indexed_items: contrail_tor_agents + run_once: yes + +- name: "set tor agent list" + set_fact: + toragent_index: "{{ item.0 }}" + toragent_params: "{{ item.1 }}" + register: contrail_toragent_list + with_indexed_items: contrail_tor_agents + when: inventory_hostname in item.1.tsn_names + +- name: "fix up tor agent conf" + template: + src: "templates/contrail-tor-agent-conf.j2" + dest: "/etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf" + with_items: contrail_toragent_list.results + +- name: "fix up tor agent ini" + template: + src: "provision/contrail-tor-agent-ini.j2" + dest: "/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.ini" + with_items: contrail_toragent_list.results + +- name: "copy init script" + shell: "cp /etc/init.d/contrail-vrouter-agent /etc/init.d/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}" + with_items: contrail_toragent_list.results + +- name: "copy ssl certs" + copy: + src: "/tmp/tmp-toragent-certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem" + dest: "/etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem" + with_items: contrail_toragent_list.results + +- name: "copy ssl private" + copy: + src: "/tmp/tmp-toragent-private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem" + dest: "/etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem" + with_items: contrail_toragent_list.results + +- name: "copy ca cert" + copy: + src: "files/cacert.pem" + dest: "/etc/contrail/ssl/certs/cacert.pem" + +- name: "delete temporary directory" + local_action: + module: "file" + dest: "/tmp/tmp-toragent-{{ item }}" + state: "absent" + with_items: + - "certs" + - "private" + run_once: yes + +- name: "add tor agent to contrail" + shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --host_ip {{ contrail_address }} --router_type tor-agent" + with_items: contrail_toragent_list.results + +- name: "add device to contrail" + shell: "python /opt/contrail/utils/provision_physical_device.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --device_name {{ item.ansible_facts.toragent_params.name }} --vendor_name {{ item.ansible_facts.toragent_params.vendor_name }} --product_name {{ item.ansible_facts.toragent_params.product_name }} --device_mgmt_ip {{ item.ansible_facts.toragent_params.address }} --device_tunnel_ip {{ item.ansible_facts.toragent_params.tunnel_address }} --device_tor_agent {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --device_tsn {{ ansible_hostname }}" + with_items: contrail_toragent_list.results diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml new file mode 100755 index 00000000..058be18a --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml @@ -0,0 +1,96 @@ +--- +#- hosts: tsn +# sudo: yes +# tasks: + +- name: "enable supervisor vrouter" + file: + path: "/etc/init/supervisor-vrouter.override" + state: "absent" + +- include: -node-common.yml + +- name: "fix up vrouter nodemgr param" + template: + src: "provision/vrouter-nodemgr-param.j2" + dest: "/etc/contrail/vrouter_nodemgr_param" + +- name: "set contrail device name for ansible" + set_fact: + contrail_ansible_device: "ansible_{{ contrail_device }}" + +- name: "fix up default pmac" + template: + src: "provision/default-pmac.j2" + dest: "/etc/contrail/default_pmac" + +- name: "copy agent param config from template" + shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param" + +- name: "modify agent param config" + lineinfile: + dest: "/etc/contrail/agent_param" + regexp: "dev=__DEVICE__" + line: "dev={{ contrail_device }}" + +- name: "set vrouter agent mode" + set_fact: + contrail_vrouter_mode: "tsn" + +- name: "fix up contrail vrouter agent config" + template: + src: "provision/contrail-vrouter-agent-conf.j2" + dest: "/etc/contrail/contrail-vrouter-agent.conf" + +- name: "delete lines for contrail interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "delete lines for vrouter interface" + shell: "{{ item }}" + with_items: + - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top" + - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom" + - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom" + - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom" + - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces" + +- name: "configure interface" + lineinfile: + dest: "/etc/network/interfaces" + line: "{{ item }}" + state: "present" + with_items: + - "auto {{ contrail_device }}" + - "iface {{ contrail_device }} inet manual" + - "\tpre-up ifconfig {{ contrail_device }} up" + - "\tpost-down ifconfig {{ contrail_device }} down" + - "auto vhost0" + - "iface vhost0 inet static" + - "\tpre-up /opt/contrail/bin/if-vhost0" + - "\tnetwork_name application" + - "\taddress {{ contrail_address }}" + - "\tnetmask {{ contrail_netmask }}" + +- name: "delete temporary files" + file: + dest: "{{ item }}" + state: "absent" + with_items: + - "/tmp/contrail-interfaces-top" + - "/tmp/contrail-interfaces-bottom" + +- name: "fix up contrail vrouter nodemgr config" + ini_file: + dest: "/etc/contrail/contrail-vrouter-nodemgr.conf" + section: "DISCOVERY" + option: "server" + value: "{{ contrail_haproxy_address }}" + +- name: "add tsn to contrail" + shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_type tor-service-node" diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml new file mode 100755 index 00000000..eb6301b2 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml @@ -0,0 +1,63 @@ +--- +#- hosts: webui +# sudo: yes +# tasks: + +- name: "enable supervisor webui" + file: + path: "/etc/init/supervisor-webui.override" + state: "absent" + +- name: "redis-setup" + include: -redis-setup.yml + +- name: "node-common" + include: -node-common.yml + +- name: "set first cassandra host address" + set_fact: + cassandra_addrs: "'{{ hostvars[item.1]['contrail_address'] }}'" + with_indexed_items: groups['opencontrail_database'] + when: item.0 == 0 + +- name: "set second or more cassandra host addresses" + set_fact: + cassandra_addrs: "{{ cassandra_addrs }}, '{{ hostvars[item.1]['contrail_address'] }}'" + with_indexed_items: groups['opencontrail_database'] + when: item.0 > 0 + +- name: "modify webui global js" + lineinfile: + dest: "/etc/contrail/config.global.js" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^\\s*config.networkManager.ip", line: "config.networkManager.ip = '{{ contrail_haproxy_address }}';" } + - { regexp: "^\\s*config.imageManager.ip", line: "config.imageManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.computeManager.ip", line: "config.computeManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.identityManager.ip", line: "config.identityManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.storageManager.ip", line: "config.storageManager.ip = '{{ contrail_keystone_address }}';" } + - { regexp: "^\\s*config.cnfg.server_ip", line: "config.cnfg.server_ip = '{{ contrail_haproxy_address }}';" } + - { regexp: "^\\s*config.analytics.server_ip", line: "config.analytics.server_ip = '{{ contrail_haproxy_address }}';" } + - { regexp: "^\\s*config.cassandra.server_ips", line: "config.cassandra.server_ips = [{{ cassandra_addrs }}];" } + +- name: "modify webui userauth js" + lineinfile: + dest: "/etc/contrail/contrail-webui-userauth.js" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: "^\\s*auth.admin_user", line: "auth.admin_user = '{{ contrail_admin_user }}';" } + - { regexp: "^\\s*auth.admin_password", line: "auth.admin_password = '{{ contrail_admin_password }}';" } + - { regexp: "^\\s*auth.admin_tenant_name", line: "auth.admin_tenant_name = 'admin';" } + +- name: "create symbolic link from nodejs to node" + file: + src: "/usr/bin/node" + dest: "/usr/bin/nodejs" + state: "link" + +- name: "restart supervisor webui" + service: + name: "supervisor-webui" + state: "restarted" diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2 new file mode 100755 index 00000000..2905494b --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2 @@ -0,0 +1 @@ +manual diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2 new file mode 100755 index 00000000..18192f19 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2 @@ -0,0 +1,29 @@ +[DEFAULTS] +host_ip = {{ contrail_address }} +rest_api_ip = 0.0.0.0 +rest_api_port = 9081 +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +collectors = {{ contrail_address }}:8086 +http_server_port = 8090 +log_file = /var/log/contrail/contrail-analytics-api.log +log_level = SYS_NOTICE +log_local = 1 + +# Time-to-live in hours of the various data stored by collector into +# cassandra +# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl +# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl +# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl +analytics_data_ttl = 48 +analytics_config_audit_ttl = -1 +analytics_statistics_ttl = -1 +analytics_flow_ttl = -1 + +[DISCOVERY] +disc_server_ip = {{ contrail_haproxy_address }} +disc_server_port = 5998 + +[REDIS] +redis_server_port = 6379 +redis_query_port = 6379 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2 new file mode 100755 index 00000000..1eefacfb --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2 @@ -0,0 +1,27 @@ +[DEFAULTS] +listen_ip_addr = 0.0.0.0 +listen_port = 8082 +ifmap_server_ip = {{ contrail_address }} +ifmap_server_port = 8443 +ifmap_username = api-server +ifmap_password = api-server +zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %} + +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +disc_server_ip = {{ contrail_haproxy_address }} +disc_server_port = 5998 +rabbit_server = {{ contrail_haproxy_address }} +rabbit_port = 5673 +multi_tenancy = True +list_optimization_enabled = True +log_file = /var/log/contrail/contrail-api.log +log_level = SYS_NOTICE +log_local = 1 +auth = keystone + +[SECURITY] +use_certs = False +keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem +certfile = /etc/contrail/ssl/certs/apiserver.pem +ca_certs = /etc/contrail/ssl/certs/ca.pem diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2 new file mode 100755 index 00000000..94da3d71 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2 @@ -0,0 +1,12 @@ +[program:contrail-api] +command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --listen_port 910%(process_num)01d --worker_id %(process_num)s +numprocs=1 +process_name=%(process_num)s +redirect_stderr=true +stdout_logfile=/var/log/contrail/contrail-api-%(process_num)s-stdout.log +stderr_logfile=/dev/null +priority=440 +autostart=true +killasgroup=true +stopsignal=KILL +exitcodes=0 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2 new file mode 100755 index 00000000..e6242346 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2 @@ -0,0 +1,86 @@ +[DEFAULT] +# Everything in this section is optional + +# Time-to-live in hours of the various data stored by collector into +# cassandra +# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl +# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl +# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl +analytics_data_ttl = 48 +analytics_config_audit_ttl = -1 +analytics_statistics_ttl = -1 +analytics_flow_ttl = -1 + +# IP address and port to be used to connect to cassandra. +# Multiple IP:port strings separated by space can be provided +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + + +# IP address and port to be used to connect to kafka. +# Multiple IP:port strings separated by space can be provided +kafka_broker_list = + +# IP address of analytics node. Resolved IP of 'hostname' +hostip = {{ contrail_address }} + +# Hostname of analytics node. If this is not configured value from `hostname` +# will be taken +# hostname = + +# Http server port for inspecting collector state (useful for debugging) +http_server_port = 8089 + +# Category for logging. Default value is '*' +# log_category = + +# Local log file name +log_file = /var/log/contrail/contrail-collector.log + +# Maximum log file rollover index +# log_files_count = 10 + +# Maximum log file size +# log_file_size = 1048576 # 1MB + +# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT, +# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG +log_level = SYS_NOTICE + +# Enable/Disable local file logging. Possible values are 0 (disable) and +# 1 (enable) +log_local = 1 + +# TCP and UDP ports to listen on for receiving syslog messages. -1 to disable. +syslog_port = -1 + +# UDP port to listen on for receiving sFlow messages. -1 to disable. +# sflow_port = 6343 + +# UDP port to listen on for receiving ipfix messages. -1 to disable. +# ipfix_port = 4739 + +[COLLECTOR] +# Everything in this section is optional + +# Port to listen on for receiving Sandesh messages +port = 8086 + +# IP address to bind to for listening +# server = 0.0.0.0 + +# UDP port to listen on for receiving Google Protocol Buffer messages +# protobuf_port = 3333 + +[DISCOVERY] +# Port to connect to for communicating with discovery server +# port = 5998 + +# IP address of discovery server +server = {{ contrail_haproxy_address }} + +[REDIS] +# Port to connect to for communicating with redis-server +port = 6379 + +# IP address of redis-server +server = 127.0.0.1 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2 new file mode 100755 index 00000000..83792b2c --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2 @@ -0,0 +1,15 @@ +[DEFAULT] +hostip = {{ contrail_address }} +hostname = {{ ansible_hostname }} +log_file = /var/log/contrail/contrail-control.log +log_level = SYS_NOTICE +log_local = 1 + +[DISCOVERY] +server = {{ contrail_haproxy_address }} +port = 5998 + +[IFMAP] +certs_store = +user = {{ contrail_address }} +password = {{ contrail_address }} diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2 new file mode 100755 index 00000000..77bcc95f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2 @@ -0,0 +1,14 @@ +[DEFAULTS] +api_server_ip = {{ contrail_haproxy_address }} +api_server_port = 8082 +zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %} + +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +disc_server_ip = {{ contrail_haproxy_address }} +disc_server_port = 5998 +rabbit_server = {{ contrail_haproxy_address }} +rabbit_port = 5673 +log_file = /var/log/contrail/contrail-device-manager.log +log_level = SYS_NOTICE +log_local = 1 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2 new file mode 100755 index 00000000..84e6317f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2 @@ -0,0 +1,43 @@ +[DEFAULTS] +listen_ip_addr = 0.0.0.0 +listen_port = 5998 +zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}{% if not loop.last %}, {% endif %}{% endfor %} + +zk_server_port = 2181 +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +log_file = /var/log/contrail/contrail-discovery.log +log_level = SYS_NOTICE +log_local = 1 + +# minimim time to allow client to cache service information (seconds) +ttl_min = 300 + +# maximum time to allow client to cache service information (seconds) +ttl_max = 1800 + +# health check ping interval < = 0 for disabling +hc_interval = 5 + +# maximum hearbeats to miss before server will declare publisher out of +# service. +hc_max_miss = 3 + +# use short TTL for agressive rescheduling if all services are not up +ttl_short = 1 + +# for DNS service, we use fixed policy +# even when the cluster has more than two control nodes, only two of these +# should provide the DNS service +[DNS-SERVER] +policy = fixed + +###################################################################### +# Other service specific knobs ... + +# use short TTL for agressive rescheduling if all services are not up +# ttl_short = 1 + +# specify policy to use when assigning services +# policy = [load-balance | round-robin | fixed] +###################################################################### diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2 new file mode 100755 index 00000000..5f0a698d --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2 @@ -0,0 +1,12 @@ +[program:contrail-discovery] +command=/usr/bin/contrail-discovery --conf_file /etc/contrail/contrail-discovery.conf --listen_port 911%(process_num)01d --worker_id %(process_num)s +numprocs=1 +process_name=%(process_num)s +redirect_stderr=true +stdout_logfile=/var/log/contrail/contrail-discovery-%(process_num)s-stdout.log +stderr_logfile=/dev/null +priority=430 +autostart=true +killasgroup=true +stopsignal=KILL +exitcodes=0 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2 new file mode 100755 index 00000000..0a2ab433 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2 @@ -0,0 +1,15 @@ +[DEFAULT] +hostip = {{ contrail_address }} +hostname = {{ ansible_hostname }} +log_file = /var/log/contrail/contrail-dns.log +log_level = SYS_NOTICE +log_local = 1 + +[DISCOVERY] +server = {{ contrail_haproxy_address }} +port = 5998 + +[IFMAP] +certs_store = +user = {{ contrail_address }}.dns +password = {{ contrail_address }}.dns diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2 new file mode 100755 index 00000000..f362ef45 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2 @@ -0,0 +1,9 @@ +[KEYSTONE] +auth_protocol = http +auth_host = {{ contrail_keystone_address }} +auth_port = 35357 +admin_tenant_name = admin +admin_user = {{ contrail_admin_user }} +admin_password = {{ contrail_admin_password }} +insecure = False + diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2 new file mode 100755 index 00000000..e051b7ec --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2 @@ -0,0 +1,13 @@ +[DEFAULT] +hostip = {{ contrail_address }} +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +collectors = {{ contrail_address }}:8086 +http_server_port = 8091 +log_file = /var/log/contrail/contrail-query-engine.log +log_level = SYS_NOTICE +log_local = 1 + +[REDIS] +server = 127.0.0.1 +port = 6379 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2 new file mode 100755 index 00000000..2bb4ab79 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2 @@ -0,0 +1,22 @@ +[DEFAULTS] +ifmap_server_ip = {{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }} +ifmap_server_port = 8443 +ifmap_username = schema-transformer +ifmap_password = schema-transformer +api_server_ip = {{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }} +api_server_port = 8082 +zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %} + +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +disc_server_ip = {{ contrail_haproxy_address }} +disc_server_port = 5998 +log_file = /var/log/contrail/contrail-schema.log +log_level = SYS_NOTICE +log_local = 1 + +[SECURITY] +use_certs = False +keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem +certfile = /etc/contrail/ssl/certs/apiserver.pem +ca_certs = /etc/contrail/ssl/certs/ca.pem diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2 new file mode 100755 index 00000000..1ff43563 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2 @@ -0,0 +1,5 @@ +Defaults:contrail !requiretty + +Cmnd_Alias CONFIGRESTART = /usr/sbin/service supervisor-config restart + +contrail ALL = (root) NOPASSWD:CONFIGRESTART diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2 new file mode 100755 index 00000000..4b4221d7 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2 @@ -0,0 +1,29 @@ +[DEFAULTS] +ifmap_server_ip = {{ contrail_address }} +ifmap_server_port = 8443 +ifmap_username = svc-monitor +ifmap_password = svc-monitor +api_server_ip = {{ contrail_haproxy_address }} +api_server_port = 8082 +zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %} + +cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %} + +disc_server_ip = {{ contrail_haproxy_address }} +disc_server_port = 5998 +rabbit_server = {{ contrail_haproxy_address }} +rabbit_port = 5673 +region_name = RegionOne +log_file = /var/log/contrail/contrail-svc-monitor.log +log_level = SYS_NOTICE +log_local = 1 + +[SECURITY] +use_certs = False +keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem +certfile = /etc/contrail/ssl/certs/apiserver.pem +ca_certs = /etc/contrail/ssl/certs/ca.pem + +[SCHEDULER] +analytics_server_ip = {{ contrail_haproxy_address }} +analytics_server_port = 8081 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2 new file mode 100755 index 00000000..fb483c3e --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2 @@ -0,0 +1,111 @@ +# +# Vnswad configuration options +# + +[CONTROL-NODE] +# IP address to be used to connect to control-node. Maximum of 2 IP addresses +# (separated by a space) can be provided. If no IP is configured then the +# value provided by discovery service will be used. (optional) +# server = 10.0.0.1 10.0.0.2 + +[DEFAULT] +agent_name = {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} +# Everything in this section is optional + +# IP address and port to be used to connect to collector. If these are not +# configured, value provided by discovery service will be used. Multiple +# IP:port strings separated by space can be provided +# collectors = 127.0.0.1:8086 + +# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable) +# debug = 0 + +# Aging time for flow-records in seconds +# flow_cache_timeout = 0 + +# Hostname of compute-node. If this is not configured value from `hostname` +# will be taken +# hostname = + +# Category for logging. Default value is '*' +# log_category = + +# Local log file name +log_file = /var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.log + +# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT, +# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG +# log_level = SYS_DEBUG + +# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable) +# log_local = 0 + +# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable) +# log_flow = 0 + +# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN +# tunnel_type = + +# Enable/Disable headless mode for agent. In headless mode agent retains last +# known good configuration from control node when all control nodes are lost. +# Possible values are true(enable) and false(disable) +# headless_mode = + +# Define agent mode. Only supported value is "tor" +agent_mode = tor + +# Http server port for inspecting vnswad state (useful for debugging) +# http_server_port = 8085 +http_server_port = {{ item.ansible_facts.toragent_params.http_server_port }} + +[DISCOVERY] +#If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this +#section is mandatory. Else this section is optional + +# IP address of discovery server +server = {{ contrail_haproxy_address }} + +# Number of control-nodes info to be provided by Discovery service. Possible +# values are 1 and 2 +# max_control_nodes = 1 + +[DNS] +# IP address to be used to connect to dns-node. Maximum of 2 IP addresses +# (separated by a space) can be provided. If no IP is configured then the +# value provided by discovery service will be used. (Optional) +# server = 10.0.0.1 10.0.0.2 + +[NETWORKS] +# control-channel IP address used by WEB-UI to connect to vnswad to fetch +# required information (Optional) +control_network_ip = {{ contrail_address }} + +[TOR] +# IP address of the TOR to manage +tor_ip = {{ item.ansible_facts.toragent_params.address }} + +# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name +tor_id = {{ item.ansible_facts.toragent_index }} + +# ToR management scheme is based on this type. Only supported value is "ovs" +tor_type = ovs + +# OVS server port number on the ToR +tor_ovs_port = {{ item.ansible_facts.toragent_params.ovs_port }} + +# IP-Transport protocol used to connect to tor. Supported values are "tcp", "pssl" +tor_ovs_protocol = {{ item.ansible_facts.toragent_params.ovs_protocol }} + +# Path to ssl certificate for tor-agent, needed for pssl +ssl_cert = /etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem + +# Path to ssl private-key for tor-agent, needed for pssl +ssl_privkey = /etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem + +# Path to ssl cacert for tor-agent, needed for pssl +ssl_cacert = /etc/contrail/ssl/certs/cacert.pem + +tsn_ip = {{ contrail_address }} + +# OVS keep alive timer interval in milliseconds +tor_keepalive_interval = 10000 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2 new file mode 100755 index 00000000..db6944c9 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2 @@ -0,0 +1,12 @@ +[program:contrail-tor-agent-{{ item.ansible_facts.toragent_index }}] +command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf +priority=420 +autostart=true +killasgroup=true +stopsignal=KILL +stdout_capture_maxbytes=1MB +redirect_stderr=true +stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}-stdout.log +stderr_logfile=/dev/null +startsecs=5 +exitcodes=0 ; 'expected' exit codes for process (default 0,2) diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2 new file mode 100755 index 00000000..85a7b63a --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2 @@ -0,0 +1,11 @@ +[global] +WEB_SERVER=127.0.0.1 +WEB_PORT=8082 ; connection to api-server directly +BASE_URL=/ + +[auth] +AUTHN_TYPE=keystone +AUTHN_PROTOCOL=http +AUTHN_SERVER={{ contrail_keystone_address }} +AUTHN_PORT=35357 +AUTHN_URL=/v2.0/tokens diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2 new file mode 100755 index 00000000..207509e5 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2 @@ -0,0 +1,177 @@ +# +# Vnswad configuration options +# + +[CONTROL-NODE] +# IP address to be used to connect to control-node. Maximum of 2 IP addresses +# (separated by a space) can be provided. If no IP is configured then the +# value provided by discovery service will be used. (Optional) +# server = 10.0.0.1 10.0.0.2 + +[DEFAULT] +# Everything in this section is optional + +# IP address and port to be used to connect to collector. If these are not +# configured, value provided by discovery service will be used. Multiple +# IP:port strings separated by space can be provided +# collectors = 127.0.0.1:8086 + +# Agent mode : can be vrouter / tsn / tor (default is vrouter) +{% if contrail_vrouter_mode is defined %}agent_mode = {{ contrail_vrouter_mode }} +{% else %}# agent_mode = +{% endif %} + +# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable) +# debug = 0 + +# Aging time for flow-records in seconds +# flow_cache_timeout = 0 + +# Hostname of compute-node. If this is not configured value from `hostname` +# will be taken +# hostname = + +# Http server port for inspecting vnswad state (useful for debugging) +# http_server_port = 8085 + +# Category for logging. Default value is '*' +# log_category = + +# Local log file name +log_file = /var/log/contrail/contrail-vrouter-agent.log + +# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT, +# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG +log_level = SYS_NOTICE + +# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable) +log_local = 1 + +# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN +# tunnel_type = + +# Enable/Disable headless mode for agent. In headless mode agent retains last +# known good configuration from control node when all control nodes are lost. +# Possible values are true(enable) and false(disable) +# headless_mode = + +# DHCP relay mode (true or false) to determine if a DHCP request in fabric +# interface with an unconfigured IP should be relayed or not +# dhcp_relay_mode = + +# DPDK or legacy work mode +platform = default + +# Physical address of PCI used by dpdk +physical_interface_address = + +# MAC address of device used by dpdk +physical_interface_mac = {{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }} + +[DISCOVERY] +# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is +# mandatory. Else this section is optional + +# IP address of discovery server +server = {{ contrail_haproxy_address }} + +# Number of control-nodes info to be provided by Discovery service. Possible +# values are 1 and 2 +max_control_nodes = {{ groups['opencontrail_control'] | length }} + +[DNS] +# IP address and port to be used to connect to dns-node. Maximum of 2 IP +# addresses (separated by a space) can be provided. If no IP is configured then +# the value provided by discovery service will be used. +# server = 10.0.0.1:53 10.0.0.2:53 + +[HYPERVISOR] +# Everything in this section is optional + +# Hypervisor type. Possible values are kvm, xen and vmware +type = kvm +vmware_mode = + +# Link-local IP address and prefix in ip/prefix_len format (for xen) +# xen_ll_ip = + +# Link-local interface name when hypervisor type is Xen +# xen_ll_interface = + +# Physical interface name when hypervisor type is vmware +vmware_physical_interface = + +[FLOWS] +# Everything in this section is optional + +# Maximum flows allowed per VM (given as % of maximum system flows) +# max_vm_flows = 100 +# Maximum number of link-local flows allowed across all VMs +# max_system_linklocal_flows = 4096 +# Maximum number of link-local flows allowed per VM +# max_vm_linklocal_flows = 1024 + +[METADATA] +# Shared secret for metadata proxy service (Optional) +# metadata_proxy_secret = contrail + +[NETWORKS] +# control-channel IP address used by WEB-UI to connect to vnswad to fetch +# required information (Optional) +control_network_ip = {{ contrail_address }} + +[VIRTUAL-HOST-INTERFACE] +# Everything in this section is mandatory + +# name of virtual host interface +name = vhost0 + +# IP address and prefix in ip/prefix_len format +ip = {{ contrail_address }}/{{ contrail_prefixlen }} + +# Gateway IP address for virtual host +gateway = {{ contrail_gateway }} + +# Physical interface name to which virtual host interface maps to +physical_interface = {{ contrail_device }} + +# We can have multiple gateway sections with different indices in the +# following format +# [GATEWAY-0] +# Name of the routing_instance for which the gateway is being configured +# routing_instance = default-domain:admin:public:public + +# Gateway interface name +# interface = vgw + +# Virtual network ip blocks for which gateway service is required. Each IP +# block is represented as ip/prefix. Multiple IP blocks are represented by +# separating each with a space +# ip_blocks = 1.1.1.1/24 + +# [GATEWAY-1] +# Name of the routing_instance for which the gateway is being configured +# routing_instance = default-domain:admin:public1:public1 + +# Gateway interface name +# interface = vgw1 + +# Virtual network ip blocks for which gateway service is required. Each IP +# block is represented as ip/prefix. Multiple IP blocks are represented by +# separating each with a space +# ip_blocks = 2.2.1.0/24 2.2.2.0/24 + +# Routes to be exported in routing_instance. Each route is represented as +# ip/prefix. Multiple routes are represented by separating each with a space +# routes = 10.10.10.1/24 11.11.11.1/24 + +[SERVICE-INSTANCE] +# Path to the script which handles the netns commands +netns_command = /usr/bin/opencontrail-vrouter-netns + +# Number of workers that will be used to start netns commands +#netns_workers = 1 + +# Timeout for each netns command, when the timeout is reached, the netns +# command is killed. +#netns_timeout = 30 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2 new file mode 100755 index 00000000..dac56d1d --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2 @@ -0,0 +1 @@ +{{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }} diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2 new file mode 100755 index 00000000..6aa4d06e --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2 @@ -0,0 +1,66 @@ +#contrail-marker-start + +listen contrail-stats + bind *:5937 + mode http + stats enable + stats uri / + stats auth haproxy:contrail123 + +listen neutron-server + bind *:9696 + balance roundrobin + option nolinger +{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9697 check inter 2000 rise 2 fall 3 +{% endfor %} + +listen contrail-api + bind *:8082 + balance roundrobin + option nolinger + timeout client 3m + timeout server 3m +{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9100 check inter 2000 rise 2 fall 3 +{% endfor %} + +listen contrail-discovery + bind *:5998 + balance roundrobin + option nolinger +{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9110 check inter 2000 rise 2 fall 3 +{% endfor %} + +listen contrail-analytics-api + bind *:8081 + balance roundrobin + option nolinger + option tcp-check + tcp-check connect port 6379 + default-server error-limit 1 on-error mark-down +{% for cur_host in groups['opencontrail_collector'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9081 check inter 2000 rise 2 fall 3 +{% endfor %} + +{% if contrail_tor_agents is defined %}listen contrail-tor-agent + bind {% for cur_agent in contrail_tor_agents %}*:{{ cur_agent['ovs_port'] }}{% if not loop.last %},{% endif %}{% endfor %} + + mode tcp + balance leastconn + option tcplog + option tcpka +{% for cur_host in groups['opencontrail_tsn'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }} check inter 2000 +{% endfor %}{% endif %} + +listen rabbitmq + bind *:5673 + mode tcp + balance roundrobin + maxconn 10000 + option tcplog + option tcpka + option redispatch + timeout client 48h + timeout server 48h +{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:5672 check inter 2000 rise 2 fall 3 weight 1 maxconn 500 +{% endfor %} + +#contrail-marker-end diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2 new file mode 100755 index 00000000..41a1c649 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2 @@ -0,0 +1,2 @@ +# The MAPC with basic auth username 'reader' has read only access. +reader=ro diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2 new file mode 100755 index 00000000..6ca38a29 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2 @@ -0,0 +1,30 @@ +test:test +test2:test2 +test3:test3 +dhcp:dhcp +visual:visual +sensor:sensor + +# compliance testsuite users +mapclient:mapclient +helper:mapclient + +# This is a read-only MAPC +reader:reader + +# OpenContrail users +api-server:api-server +schema-transformer:schema-transformer +svc-monitor:svc-monitor + +control-user:control-user-passwd +control-node-1:control-node-1 +control-node-2:control-node-2 +control-node-3:control-node-3 +control-node-4:control-node-4 +control-node-5:control-node-5 +control-node-6:control-node-6 +control-node-7:control-node-7 +control-node-8:control-node-8 +control-node-9:control-node-9 +control-node-10:control-node-10 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2 new file mode 100755 index 00000000..ebd0b483 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2 @@ -0,0 +1,26 @@ +# Set root logger level to DEBUG and its only appender to CONSOLE +log4j.rootLogger=TRACE, CONSOLE +log4j.error + +log4j.logger.de.fhhannover.inform.irond.proc=TRACE, A1, A2 +log4j.additivity.de.fhhannover.inform.irond.proc=false + +log4j.appender.A1=org.apache.log4j.ConsoleAppender +log4j.appender.A1.layout=org.apache.log4j.PatternLayout +log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %x - %m%n + +log4j.appender.A2=org.apache.log4j.FileAppender +log4j.appender.A2.File=/var/log/contrail/ifmap-server.log +log4j.appender.A2.layout=org.apache.log4j.PatternLayout +log4j.appender.A2.layout.ConversionPattern=%d [%t] %-5p %x - %m%n + +log4j.logger.de.fhhannover.inform.irond.rawrequests=TRACE, A3 +log4j.additivity.de.fhhannover.inform.irond.rawrequests=false +log4j.appender.A3=org.apache.log4j.FileAppender +log4j.appender.A3.file=irond_raw.log +log4j.appender.A3.layout=org.apache.log4j.PatternLayout +log4j.appender.A3.layout.ConversionPattern=%d %-5p %x - %m%n + +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=%-8r [%t] %-5p %C{1} %x - %m%n diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2 new file mode 100755 index 00000000..90d2a887 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2 @@ -0,0 +1,16 @@ +#Sun May 27 15:47:44 PDT 2012 +visual=visual--1877135140-1 +test=test--1870931913-1 +test2=test2--1870931914-1 +test3=test3--1870931915-1 +api-server=api-server-1--0000000001-1 +control-node-1=control-node-1--1870931921-1 +control-node-2=control-node-1--1870931922-1 +control-node-3=control-node-1--1870931923-1 +control-node-4=control-node-1--1870931924-1 +control-node-5=control-node-1--1870931925-1 +control-node-6=control-node-1--1870931926-1 +control-node-7=control-node-1--1870931927-1 +control-node-8=control-node-1--1870931928-1 +control-node-9=control-node-1--1870931929-1 +control-node-10=control-node-10--1870931930-1 diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2 new file mode 100755 index 00000000..b16c4a25 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2 @@ -0,0 +1,29 @@ +vrrp_script chk_haproxy { + script "killall -0 haproxy" + interval 1 + timeout 3 + rise 2 + fall 2 +} + +vrrp_instance INTERNAL_1 { + interface {{ contrail_device }} + state MASTER + preemt_delay 7 + grap_master_delay 5 + grap_master_repeat 3 + grap_master_refresh 1 + advert_int 1 + virtual_router_id 85 + vmac_xmit_base + priority 10{{ item.0 }} + virtual_ipaddress { + {{ contrail_haproxy_address }} dev {{ contrail_device }} + } + track_script { + chk_haproxy + } + track_interface { + {{ contrail_device }} + } +} diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2 new file mode 100755 index 00000000..13e5965a --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2 @@ -0,0 +1,15 @@ +[APISERVER] +api_server_ip={{ contrail_haproxy_address }} +api_server_port=8082 +multi_tenancy=True +contrail_extensions=ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None + +[COLLECTOR] +analytics_api_ip={{ contrail_haproxy_address }} +analytics_api_port=8081 + +[KEYSTONE] +auth_url=http://{{ contrail_keystone_address }}:35357/v2.0 +admin_tenant_name=admin +admin_user={{ contrail_admin_user }} +admin_password={{ contrail_admin_password }} diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2 new file mode 100755 index 00000000..ea4dbbad --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2 @@ -0,0 +1,58 @@ +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lib/nova/tmp +force_dhcp_release=True +libvirt_use_virtio_for_bridges=True +verbose=True +ec2_private_dns_show_ip=False +auth_strategy = keystone +libvirt_nonblocking = True +libvirt_inject_partition = -1 +compute_driver = libvirt.LibvirtDriver +novncproxy_base_url = http://{{ contrail_keystone_address }}:6080/vnc_auto.html +vncserver_enabled = true +vncserver_listen = {{ contrail_address }} +vncserver_proxyclient_address = {{ contrail_address }} +security_group_api = neutron +heal_instance_info_cache_interval = 0 +image_cache_manager_interval = 0 +libvirt_cpu_mode = none +libvirt_vif_driver = nova_contrail_vif.contrailvif.VRouterVIFDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +glance_host = {{ contrail_keystone_address }} +glance_port = 9292 +glance_num_retries = 10 +rabbit_host = {{ contrail_keystone_address }} +rabbit_port = 5672 +rabbit_password = {{ rabbit_password }} +rabbit_retry_interval = 1 +rabbit_retry_backoff = 2 +rabbit_max_retries = 0 +rabbit_ha_queues = True +rpc_cast_timeout = 30 +rpc_conn_pool_size = 40 +rpc_response_timeout = 60 +rpc_thread_pool_size = 70 +report_interval = 15 +novncproxy_port = 6080 +vnc_port = 5900 +vnc_port_total = 100 +resume_guests_state_on_host_boot = True +service_down_time = 300 +periodic_fuzzy_delay = 30 +disable_process_locking = True +neutron_admin_auth_url = + +[keystone_authtoken] +admin_tenant_name = service +admin_user = nova +admin_password = {{ contrail_admin_password }} +auth_host = {{ contrail_keystone_address }} +auth_protocol = http +auth_port = 5000 +signing_dir = /tmp/keystone-signing-nova + + diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2 new file mode 100755 index 00000000..53dfbba2 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2 @@ -0,0 +1,6 @@ +cgroup_device_acl = [ + "/dev/null", "/dev/full", "/dev/zero", + "/dev/random", "/dev/urandom", + "/dev/ptmx", "/dev/kvm", "/dev/kqemu", + "/dev/rtc", "/dev/hpet","/dev/net/tun" +] diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2 new file mode 100755 index 00000000..a276d3e2 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2 @@ -0,0 +1,6 @@ +[ + {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]}, + {loopback_users, []}, + {log_levels,[{connection, info},{mirroring, info}]} ] + } +]. diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2 new file mode 100755 index 00000000..c8cbe63f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2 @@ -0,0 +1,25 @@ +[ + {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]}, {cluster_partition_handling, autoheal},{loopback_users, []}, + {cluster_nodes, {[{% for cur_host in groups['opencontrail_config'] %}'rabbit@{{ cur_host }}-ctrl'{% if not loop.last %}, {% endif %}{% endfor %}], disc}}, + {vm_memory_high_watermark, 0.4}, + {disk_free_limit,50000000}, + {log_levels,[{connection, info},{mirroring, info}]}, + {heartbeat,10}, + {delegate_count,20}, + {channel_max,5000}, + {tcp_listen_options, + [binary, + {packet, raw}, + {reuseaddr, true}, + {backlog, 128}, + {nodelay, true}, + {exit_on_close, false}, + {keepalive, true} + ] + }, + {collect_statistics_interval, 60000} + ] + }, + {rabbitmq_management_agent, [ {force_fine_statistics, true} ] }, + {kernel, [{net_ticktime, 30}]} +]. diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2 new file mode 100755 index 00000000..838d0332 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2 @@ -0,0 +1 @@ +{{ ansible_date_time.iso8601_micro | to_uuid }} diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2 new file mode 100755 index 00000000..1b3e60f7 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2 @@ -0,0 +1,2 @@ +NODE_IP_ADDRESS={{ contrail_address }} +NODENAME=rabbit@{{ ansible_hostname }}-ctrl diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2 new file mode 100755 index 00000000..7eee51ba --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2 @@ -0,0 +1 @@ +DISCOVERY={{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }} diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2 new file mode 100755 index 00000000..ec0033b3 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2 @@ -0,0 +1 @@ +{{ item.0 + 1 }} diff --git a/deploy/adapters/ansible/roles/open-contrail/vars/Debian.yml b/deploy/adapters/ansible/roles/open-contrail/vars/Debian.yml new file mode 100755 index 00000000..c64f238f --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/vars/Debian.yml @@ -0,0 +1,40 @@ +--- + +package: "contrail-install-packages_2.21-102~juno_all.deb" + +common_packages: + - contrail-setup + +kernel_packages: + - linux-headers-3.13.0-40 + - linux-headers-3.13.0-40-generic + - linux-image-3.13.0-40-generic + - linux-image-extra-3.13.0-40-generic + +kernel_required: "3.13.0-40-generic" + +database_packages: + - contrail-openstack-database + +config_packages: + - contrail-openstack-config + +control_packages: + - contrail-openstack-control + +collector_packages: + - contrail-openstack-analytics + +webui_packages: + - contrail-openstack-webui + +vrouter_packages: + - contrail-vrouter-3.13.0-40-generic + +dkms_packages: + - contrail-vrouter-dkms + +compute_packages: + - contrail-vrouter-common + - contrail-nova-vif + diff --git a/deploy/adapters/ansible/roles/open-contrail/vars/RedHat.yml b/deploy/adapters/ansible/roles/open-contrail/vars/RedHat.yml new file mode 100755 index 00000000..ed97d539 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/vars/RedHat.yml @@ -0,0 +1 @@ +--- diff --git a/deploy/adapters/ansible/roles/open-contrail/vars/main.yml b/deploy/adapters/ansible/roles/open-contrail/vars/main.yml new file mode 100755 index 00000000..015c99b7 --- /dev/null +++ b/deploy/adapters/ansible/roles/open-contrail/vars/main.yml @@ -0,0 +1,56 @@ +--- +#package: "contrail-install-packages_2.21-102~juno_all.deb" # mv to {os}.yml +kernel_install: no +ansible_ssh_user: "root" +ansible_ssh_pass: "root" + +contrail_keystone_address: "{{ internal_vip.ip }}" +contrail_admin_user: "keystone" +contrail_admin_password: "{{ keystone_PASS }}" + +contrail_keepalived: no +contrail_haproxy_address: "10.0.0.22" # 10.0.0.80 +contrail_netmask: "255.255.255.0" +contrail_prefixlen: "24" +contrail_gateway: "10.0.0.1" + +contrail_router_asn: "64512" + +### Modify when need openstack provisioning +keystone_provision: no +install_nova: no +rabbit_password: "password" + +contrail_tor_agents: + - name: "test01" + address: "10.0.0.81" + ovs_protocol: "pssl" + ovs_port: "9991" + tunnel_address: "10.0.0.81" + http_server_port: "9011" + vendor_name: "Juniper" + product_name: "QFX5100" + tsn_names: [ "system002" ] + - name: "test02" + address: "10.0.0.82" + ovs_protocol: "pssl" + ovs_port: "9992" + tunnel_address: "10.0.0.82" + http_server_port: "9012" + vendor_name: "Juniper" + product_name: "QFX5100" + tsn_names: [ "system002" ] + + +# adapter for compass +kernel_packages_noarch: [] + +compute_packages_noarch: [] + +# network infor adapter for compass +contrail_device: "mgmt" +contrail_address: "{{ internal_ip }}" +contrail_netmask: "255.255.255.0" +#contrail_gateway: "10.84.50.254" +contrail_gateway: +#contrail_mgmt_address: "172.27.113.91" |