summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/open-contrail/files/provision
diff options
context:
space:
mode:
authorchenshuai@huawei.com <chenshuai@huawei.com>2015-11-26 19:39:56 +0800
committerchenshuai@huawei.com <chenshuai@huawei.com>2015-12-02 10:05:25 +0800
commitfd5db7e03c9595c14df71a49e778a3bdda89e344 (patch)
treeb4534b95f5739f49a7238703d4f82f497854af6a /deploy/adapters/ansible/roles/open-contrail/files/provision
parent3c48d787b3caa3a12153257abf66e3211109b8f5 (diff)
OpenContrail intergration
JIRA: COMPASS-168 Change-Id: I0fe22568fb28019a0085e8bbf9b600acfa9e8f45 Signed-off-by: chenshuai@huawei.com <chenshuai@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/open-contrail/files/provision')
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem70
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch14
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch12
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch70
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch91
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem70
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem27
7 files changed, 354 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem
new file mode 100755
index 00000000..66f82c5d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem
@@ -0,0 +1,70 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+ Validity
+ Not Before: Sep 15 04:35:47 2015 GMT
+ Not After : Sep 12 04:35:47 2025 GMT
+ Subject: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:98:04:9b:9f:2e:e2:0b:4a:59:9d:00:74:dc:b4:
+ cb:fc:8d:c4:7d:32:35:e5:1c:ee:94:f0:13:e6:54:
+ 1c:2e:47:47:f0:bd:f2:7f:ae:cb:6a:2f:ec:74:5c:
+ 14:39:80:bf:7b:d1:83:90:ec:7a:7d:02:8c:fc:67:
+ de:99:53:69:1f:5c:61:d5:0a:7f:93:df:02:d4:16:
+ d3:55:b8:28:5c:fd:32:5b:6c:af:03:c1:23:92:00:
+ 0e:2b:eb:32:07:00:99:64:14:32:e4:f8:76:b3:06:
+ e1:d0:54:5a:fc:92:cd:5e:e5:b7:85:43:9e:b8:79:
+ e4:23:a6:3c:0c:42:78:f4:d3:7e:33:1c:f2:5a:24:
+ ac:24:61:2f:72:b3:b1:e7:99:4e:ef:2d:85:26:de:
+ b6:59:16:25:1a:65:ce:95:9c:fd:c7:3c:30:44:1d:
+ 4c:3b:34:dd:8d:ad:1f:ee:06:8e:b1:2d:b1:bb:a6:
+ 68:62:52:98:c2:2d:a3:14:75:a7:5f:24:10:4f:74:
+ 4f:94:0b:61:bd:c5:f1:6b:78:fa:48:89:27:3b:04:
+ 4d:25:50:d1:4f:63:3d:4b:3c:cc:fa:df:20:f1:0c:
+ 3f:1d:44:9d:c2:3e:d4:12:07:72:a4:6a:11:03:2f:
+ 1d:71:d5:b2:de:b4:a6:d8:ad:7a:ac:c9:c7:8e:12:
+ 4d:47
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 28:3f:32:46:dd:a9:c0:30:46:9a:29:ec:90:36:14:aa:a7:0c:
+ dc:67:a0:ec:81:dc:f9:34:35:c5:e4:9b:48:dd:c6:5a:ed:30:
+ 78:99:6c:32:8c:60:59:ab:dc:7a:86:bb:94:8b:98:db:62:33:
+ bd:4f:16:40:50:12:db:e9:b6:0c:f2:0b:0d:90:9d:b7:7a:ae:
+ b4:36:46:33:c5:ea:6a:37:ec:fe:6e:12:f1:98:10:89:48:fe:
+ 8a:68:11:1c:96:37:92:d9:cc:8a:ef:93:c3:53:6c:61:f7:f0:
+ 0b:2c:78:49:8e:e3:19:46:2b:1d:1c:65:c5:d9:6d:5d:04:54:
+ e7:e0:c7:aa:49:78:7d:2d:35:11:7e:05:b1:47:e4:96:39:97:
+ b5:5b:2b:6e:06:51:86:32:85:6a:7b:5f:63:08:85:31:6e:c3:
+ 12:0e:a0:ad:3a:d0:3f:db:e2:1b:6d:24:3a:bb:e7:61:5b:ba:
+ 1f:34:eb:34:07:e5:09:fe:0b:ba:76:48:49:6e:57:d4:14:76:
+ 11:af:52:39:9e:73:a7:e3:2a:5a:5c:fa:79:d7:7f:81:fd:80:
+ a7:d4:92:07:ef:a6:05:60:f9:b4:81:cb:8e:cb:b5:9e:2c:5d:
+ 40:fb:dc:c1:63:95:82:0b:2f:aa:8c:38:1d:96:63:ed:c9:1b:
+ ce:d2:d2:e7
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmACAQEwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
+YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl
+cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNTQ3WhcNMjUwOTEyMDQzNTQ3WjCB
+gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
+Y2gxETAPBgNVBAsTCHN3aXRjaGNhMTswOQYDVQQDEzJPVlMgc3dpdGNoY2EgQ0Eg
+Q2VydGlmaWNhdGUgKDIwMTUgU2VwIDE1IDEzOjM1OjQ3KTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJgEm58u4gtKWZ0AdNy0y/yNxH0yNeUc7pTwE+ZU
+HC5HR/C98n+uy2ov7HRcFDmAv3vRg5Dsen0CjPxn3plTaR9cYdUKf5PfAtQW01W4
+KFz9MltsrwPBI5IADivrMgcAmWQUMuT4drMG4dBUWvySzV7lt4VDnrh55COmPAxC
+ePTTfjMc8lokrCRhL3KzseeZTu8thSbetlkWJRplzpWc/cc8MEQdTDs03Y2tH+4G
+jrEtsbumaGJSmMItoxR1p18kEE90T5QLYb3F8Wt4+kiJJzsETSVQ0U9jPUs8zPrf
+IPEMPx1EncI+1BIHcqRqEQMvHXHVst60ptiteqzJx44STUcCAwEAATANBgkqhkiG
+9w0BAQQFAAOCAQEAKD8yRt2pwDBGminskDYUqqcM3Geg7IHc+TQ1xeSbSN3GWu0w
+eJlsMoxgWavceoa7lIuY22IzvU8WQFAS2+m2DPILDZCdt3qutDZGM8Xqajfs/m4S
+8ZgQiUj+imgRHJY3ktnMiu+Tw1NsYffwCyx4SY7jGUYrHRxlxdltXQRU5+DHqkl4
+fS01EX4FsUfkljmXtVsrbgZRhjKFantfYwiFMW7DEg6grTrQP9viG20kOrvnYVu6
+HzTrNAflCf4LunZISW5X1BR2Ea9SOZ5zp+MqWlz6edd/gf2Ap9SSB++mBWD5tIHL
+jsu1nixdQPvcwWOVggsvqow4HZZj7ckbztLS5w==
+-----END CERTIFICATE-----
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch
new file mode 100755
index 00000000..04bf42f3
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch
@@ -0,0 +1,14 @@
+*** a/compute.filters Mon Sep 28 15:13:48 2015
+--- b/compute.filters Mon Sep 28 15:16:06 2015
+***************
+*** 83,88 ****
+--- 83,91 ----
+ # nova/network/linux_net.py: 'ovs-vsctl', ....
+ ovs-vsctl: CommandFilter, ovs-vsctl, root
+
++ # nova/virt/libvirt/vif.py: 'vrouter-port-control', ...
++ vrouter-port-control: CommandFilter, vrouter-port-control, root
++
+ # nova/network/linux_net.py: 'ovs-ofctl', ....
+ ovs-ofctl: CommandFilter, ovs-ofctl, root
+
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch
new file mode 100755
index 00000000..7f7f7c6f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch
@@ -0,0 +1,12 @@
+*** a/model.py Mon Sep 28 15:05:29 2015
+--- b/model.py Mon Sep 28 15:17:32 2015
+***************
+*** 39,44 ****
+--- 39,45 ----
+ VIF_TYPE_HW_VEB = 'hw_veb'
+ VIF_TYPE_MLNX_DIRECT = 'mlnx_direct'
+ VIF_TYPE_MIDONET = 'midonet'
++ VIF_TYPE_VROUTER = 'vrouter'
+ VIF_TYPE_OTHER = 'other'
+
+ # Constants for dictionary keys in the 'vif_details' field in the VIF
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch
new file mode 100755
index 00000000..3e12c72a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch
@@ -0,0 +1,70 @@
+*** a/test_vif.py Mon Sep 28 15:12:56 2015
+--- b/test_vif.py Mon Sep 28 15:19:20 2015
+***************
+*** 235,240 ****
+--- 235,253 ----
+ subnets=[subnet_bridge_4],
+ interface='eth0')
+
++ network_vrouter = network_model.Network(id='network-id-xxx-yyy-zzz',
++ label=None,
++ bridge=None,
++ subnets=[subnet_bridge_4,
++ subnet_bridge_6],
++ interface='eth0')
++
++ vif_vrouter = network_model.VIF(id='vif-xxx-yyy-zzz',
++ address='ca:fe:de:ad:be:ef',
++ network=network_vrouter,
++ type=network_model.VIF_TYPE_VROUTER,
++ devname='tap-xxx-yyy-zzz')
++
+ vif_mlnx = network_model.VIF(id='vif-xxx-yyy-zzz',
+ address='ca:fe:de:ad:be:ef',
+ network=network_mlnx,
+***************
+*** 796,801 ****
+--- 809,851 ----
+ self.vif_mlnx)
+ self.assertEqual(0, execute.call_count)
+
++ def test_unplug_vrouter_with_details(self):
++ d = vif.LibvirtGenericVIFDriver()
++ with mock.patch.object(utils, 'execute') as execute:
++ d.unplug_vrouter(None, self.vif_vrouter)
++ execute.assert_called_once_with(
++ 'vrouter-port-control',
++ '--oper=delete --uuid=vif-xxx-yyy-zzz',
++ run_as_root=True)
++
++ def test_plug_vrouter_with_details(self):
++ d = vif.LibvirtGenericVIFDriver()
++ instance = mock.Mock()
++ instance.name = 'instance-name'
++ instance.uuid = '46a4308b-e75a-4f90-a34a-650c86ca18b2'
++ instance.project_id = 'b168ea26fa0c49c1a84e1566d9565fa5'
++ instance.display_name = 'instance1'
++ with mock.patch.object(utils, 'execute') as execute:
++ d.plug_vrouter(instance, self.vif_vrouter)
++ execute.assert_has_calls([
++ mock.call('ip', 'tuntap', 'add', 'tap-xxx-yyy-zzz', 'mode',
++ 'tap', run_as_root=True, check_exit_code=[0, 2, 254]),
++ mock.call('ip', 'link', 'set', 'tap-xxx-yyy-zzz', 'up',
++ run_as_root=True, check_exit_code=[0, 2, 254]),
++ mock.call('vrouter-port-control',
++ '--oper=add --uuid=vif-xxx-yyy-zzz '
++ '--instance_uuid=46a4308b-e75a-4f90-a34a-650c86ca18b2 '
++ '--vn_uuid=network-id-xxx-yyy-zzz '
++ '--vm_project_uuid=b168ea26fa0c49c1a84e1566d9565fa5 '
++ '--ip_address=0.0.0.0 '
++ '--ipv6_address=None '
++ '--vm_name=instance1 '
++ '--mac=ca:fe:de:ad:be:ef '
++ '--tap_name=tap-xxx-yyy-zzz '
++ '--port_type=NovaVMPort '
++ '--tx_vlan_id=-1 '
++ '--rx_vlan_id=-1', run_as_root=True)])
++
+ def test_ivs_ethernet_driver(self):
+ d = vif.LibvirtGenericVIFDriver(self._get_conn(ver=9010))
+ self._check_ivs_ethernet_driver(d,
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch
new file mode 100755
index 00000000..103f084a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch
@@ -0,0 +1,91 @@
+*** a/vif.py Mon Sep 28 15:13:30 2015
+--- b/vif.py Mon Sep 28 15:21:30 2015
+***************
+*** 332,337 ****
+--- 332,347 ----
+
+ return conf
+
++ def get_config_vrouter(self, instance, vif, image_meta,
++ inst_type, virt_type):
++ conf = self.get_base_config(instance, vif, image_meta,
++ inst_type, virt_type)
++ dev = self.get_vif_devname(vif)
++ designer.set_vif_host_backend_ethernet_config(conf, dev)
++
++ designer.set_vif_bandwidth_config(conf, inst_type)
++ return conf
++
+ def get_config(self, instance, vif, image_meta,
+ inst_type, virt_type):
+ vif_type = vif['type']
+***************
+*** 526,531 ****
+--- 536,580 ----
+ except processutils.ProcessExecutionError:
+ LOG.exception(_LE("Failed while plugging vif"), instance=instance)
+
++ def plug_vrouter(self, instance, vif):
++ """Plug into Contrail's network port
++ Bind the vif to a Contrail virtual port.
++ """
++ dev = self.get_vif_devname(vif)
++ ip_addr = '0.0.0.0'
++ ip6_addr = None
++ subnets = vif['network']['subnets']
++ for subnet in subnets:
++ if not subnet['ips']:
++ continue
++ ips = subnet['ips'][0]
++ if not ips['address']:
++ continue
++ if (ips['version'] == 4):
++ if ips['address'] is not None:
++ ip_addr = ips['address']
++ if (ips['version'] == 6):
++ if ips['address'] is not None:
++ ip6_addr = ips['address']
++
++ ptype = 'NovaVMPort'
++ if (cfg.CONF.libvirt.virt_type == 'lxc'):
++ ptype = 'NameSpacePort'
++
++ cmd_args = ("--oper=add --uuid=%s --instance_uuid=%s --vn_uuid=%s "
++ "--vm_project_uuid=%s --ip_address=%s --ipv6_address=%s"
++ " --vm_name=%s --mac=%s --tap_name=%s --port_type=%s "
++ "--tx_vlan_id=%d --rx_vlan_id=%d" % (vif['id'],
++ instance.uuid, vif['network']['id'],
++ instance.project_id, ip_addr, ip6_addr,
++ instance.display_name, vif['address'],
++ vif['devname'], ptype, -1, -1))
++ try:
++ linux_net.create_tap_dev(dev)
++ utils.execute('vrouter-port-control', cmd_args, run_as_root=True)
++ except processutils.ProcessExecutionError:
++ LOG.exception(_LE("Failed while plugging vif"), instance=instance)
++
+ def plug(self, instance, vif):
+ vif_type = vif['type']
+
+***************
+*** 679,684 ****
+--- 728,746 ----
+ LOG.exception(_LE("Failed while unplugging vif"),
+ instance=instance)
+
++ def unplug_vrouter(self, instance, vif):
++ """Unplug Contrail's network port
++ Unbind the vif from a Contrail virtual port.
++ """
++ dev = self.get_vif_devname(vif)
++ cmd_args = ("--oper=delete --uuid=%s" % (vif['id']))
++ try:
++ utils.execute('vrouter-port-control', cmd_args, run_as_root=True)
++ linux_net.delete_net_dev(dev)
++ except processutils.ProcessExecutionError:
++ LOG.exception(
++ _LE("Failed while unplugging vif"), instance=instance)
++
+ def unplug(self, instance, vif):
+ vif_type = vif['type']
+
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem
new file mode 100755
index 00000000..dc354d33
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem
@@ -0,0 +1,70 @@
+Certificate:
+ Data:
+ Version: 1 (0x0)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+ Validity
+ Not Before: Sep 15 04:36:00 2015 GMT
+ Not After : Sep 12 04:36:00 2025 GMT
+ Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=vtep id:b55b8c06-9593-4406-8a85-f7edd09a1ea9
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:ca:57:ec:4d:a3:79:6c:a4:cd:21:c7:52:a8:9f:
+ 61:85:ee:a5:91:79:4a:f3:80:ac:1b:ac:1a:6d:0b:
+ 96:b9:cf:1f:a6:23:1f:45:ff:62:de:35:8f:e8:8d:
+ 4a:63:23:70:d5:1e:78:72:86:04:08:e2:fd:66:04:
+ e0:1e:ce:57:03:98:f7:a5:92:5a:f1:cc:3c:24:37:
+ 22:4e:97:0d:65:4b:98:08:5b:cd:1c:eb:67:f5:9c:
+ c0:ba:86:94:2a:15:dc:5d:47:6e:45:49:03:62:a3:
+ 37:5f:54:58:42:49:6d:a3:4c:c6:21:f6:08:36:8c:
+ 69:20:6a:f8:7c:5d:82:30:14:1a:15:ad:b9:42:ba:
+ 5d:13:99:e2:6f:aa:10:e4:e1:25:58:90:66:a7:e7:
+ bc:c7:e4:5c:79:2a:1b:b2:b3:d1:7b:4d:78:a6:28:
+ 66:bc:ee:97:6b:b4:3d:a0:65:16:10:04:fb:e9:4e:
+ 82:ac:88:c2:6a:a4:0e:d6:e5:ad:ee:bc:50:a7:73:
+ 97:6d:12:96:46:cb:ee:4d:15:ad:d4:a3:b5:95:82:
+ 2e:e7:1b:69:70:1d:b5:c9:06:47:44:2b:55:84:23:
+ 5b:75:56:86:c4:a7:b9:1d:46:9e:fa:8a:a5:dc:f9:
+ 70:16:6a:87:ee:20:1b:02:d1:2d:83:65:e0:7c:24:
+ 99:e9
+ Exponent: 65537 (0x10001)
+ Signature Algorithm: md5WithRSAEncryption
+ 50:bf:af:aa:b5:a7:3c:67:2e:34:92:8a:b8:cc:b9:96:a8:b8:
+ 16:cd:d5:5d:d3:b6:1c:44:b4:08:c5:89:ea:17:97:88:a4:e4:
+ 89:b9:69:2b:71:36:77:05:dc:0a:50:fe:2d:8f:8c:72:a5:b9:
+ b1:45:23:0d:d3:7a:80:c8:9e:66:74:e2:42:ee:96:19:e5:88:
+ 3d:e3:ea:3c:d4:51:1e:e0:34:1f:0c:d3:9a:f7:99:9b:af:0b:
+ 23:57:87:f0:dc:8c:32:1c:e9:63:65:f3:cd:e5:22:ed:ea:fe:
+ 4f:be:0e:23:0d:8e:3e:09:aa:5e:20:2b:1a:4f:70:92:4a:a9:
+ 24:6e:a0:c6:86:b5:14:7d:52:71:cf:b8:5c:75:d4:6a:92:06:
+ 30:cf:71:72:ff:44:63:22:10:79:38:53:ec:6f:19:3d:63:92:
+ 69:3f:f2:f4:28:d4:ef:dd:af:32:84:c5:a0:c0:c9:5f:1f:02:
+ 47:76:bd:85:85:4e:7c:58:61:1a:ce:4c:03:45:d7:5c:dd:59:
+ 6c:22:e0:cb:2c:2d:b1:44:4c:03:dd:21:ff:58:6e:f7:09:4f:
+ 34:e0:24:3a:67:b1:33:ae:4a:bc:85:db:4b:12:ef:21:66:6a:
+ f0:b9:ea:90:72:b1:0b:34:9a:8d:be:f3:d1:02:56:0f:d7:bb:
+ 0a:eb:c2:f1
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmgCAQIwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
+YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl
+cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNjAwWhcNMjUwOTEyMDQzNjAwWjCB
+iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
+Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxNTAzBgNVBAMTLHZ0
+ZXAgaWQ6YjU1YjhjMDYtOTU5My00NDA2LThhODUtZjdlZGQwOWExZWE5MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK
+84CsG6wabQuWuc8fpiMfRf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa
+8cw8JDciTpcNZUuYCFvNHOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYI
+NoxpIGr4fF2CMBQaFa25QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihm
+vO6Xa7Q9oGUWEAT76U6CrIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtp
+cB21yQZHRCtVhCNbdVaGxKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQAB
+MA0GCSqGSIb3DQEBBAUAA4IBAQBQv6+qtac8Zy40koq4zLmWqLgWzdVd07YcRLQI
+xYnqF5eIpOSJuWkrcTZ3BdwKUP4tj4xypbmxRSMN03qAyJ5mdOJC7pYZ5Yg94+o8
+1FEe4DQfDNOa95mbrwsjV4fw3IwyHOljZfPN5SLt6v5Pvg4jDY4+CapeICsaT3CS
+SqkkbqDGhrUUfVJxz7hcddRqkgYwz3Fy/0RjIhB5OFPsbxk9Y5JpP/L0KNTv3a8y
+hMWgwMlfHwJHdr2FhU58WGEazkwDRddc3VlsIuDLLC2xREwD3SH/WG73CU804CQ6
+Z7Ezrkq8hdtLEu8hZmrwueqQcrELNJqNvvPRAlYP17sK68Lx
+-----END CERTIFICATE-----
diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem
new file mode 100755
index 00000000..673f4242
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK84CsG6wabQuWuc8fpiMf
+Rf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa8cw8JDciTpcNZUuYCFvN
+HOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYINoxpIGr4fF2CMBQaFa25
+QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihmvO6Xa7Q9oGUWEAT76U6C
+rIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtpcB21yQZHRCtVhCNbdVaG
+xKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQABAoIBAQCKDMya98J7PkD6
+H8ykYQEfaH+rrc5WLd6+joAFD9gI82hLaEEI98HTi0Wgyu0KkH6F2OEieY69JWjv
+NrpWKj8xpCap3x2PROFvb/JHHkW0a4vRgBiD95QY/ZZ8bB8gS4PqXDa+rJ7TqDm6
+H4iLyR81P8caGorl9Iww4uqfpwiQlZ7A/dMexufQgMQXKqDXSKk+TJ36CBRJyLlk
+U6GrHIF9obHZyGelNhkkMu/czT54U/gKiufL5tYpOVyjCr8H2a713ovEfYzEFxJq
+Z8C0ySIskXsyhZ/pC0+pviMB2R20Nh8kRXiKCvNNbFShEMujB5gUVo7rqUZKFKMz
+FCfbcXrRAoGBAPeRwU5zU5nbiSQlB7YQibtFC/sMDzbbOjulN46UeDvkcVh80j4r
+FIPYLAPvA/e9OtRV89B6Tc7rZSWYZotszvJVlObs0/ll+L1pUX7PAEligoZCXufR
+GUyT0gZunGO8+FEgYIu89S1xN77WIbqopjjEyGQJeN2UX9bPo9AGTU0VAoGBANE7
+5nwtdsR1hjgxBqzgAFEFqCggHR+D050OtQgkLjHkXRT1uHeJZZu4D0x6vEnJknYi
+/OCujz196KLDGEQbREIdARtgemy07GoJuBXTwPuvbkw9vjoqDrIKVtMeTf4HSyzO
+2ej2pm280A/VI6GyahDIFSUZmFBqMeTUzB5UXNaFAoGAe61RCMQMa7yE0o29QHMa
+m3du+MeZgioa+VkcXBpHxoPlK/OPhIc5BHSl6IErVkQuc41M9EVlQY3PRezQra55
+5A5lCMgfTWRn0xgeIl9/ISoZUsEtcFnBbcQbFCOF9T2eP8kQ8j4/raf11VxcFUfT
+YmDMS02AGBHbnxC0IWREkdECgYBDaXQyEAfS9jZ/RjRrYGRZtmPeQbKAY927HXDw
+JZAInRXsWdrMEKV/DUdIkca2U05v54fn7/XQjw9z2T2pO8u7LVMc+fGXspb09xqr
+VaU4seXshHwUi1ZewHwG2x2vubPbxO1qZIVsl8fFQhuPzkbkD0LYyC1Nw1k9692z
+6+RZbQKBgH/6OqqsHLnpzQD0drcOjbXws53g3/eECPXCMNzzw0AiSkyrGWzSonMD
++uSMrG0f7DwvHxZ09bn4qqFqCE7yhoCWWUYSBZKEDYzpxTq9krahPmaJznaBXyFi
+K2rfym1sYEZvDT9nS5TROtiIW0uANHOjI9yw+a8TQEyQu8CH2/C0
+-----END RSA PRIVATE KEY-----