summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/open-contrail/templates
diff options
context:
space:
mode:
authorchenshuai@huawei.com <chenshuai@huawei.com>2015-11-26 19:39:56 +0800
committerchenshuai@huawei.com <chenshuai@huawei.com>2015-12-02 10:05:25 +0800
commitfd5db7e03c9595c14df71a49e778a3bdda89e344 (patch)
treeb4534b95f5739f49a7238703d4f82f497854af6a /deploy/adapters/ansible/roles/open-contrail/templates
parent3c48d787b3caa3a12153257abf66e3211109b8f5 (diff)
OpenContrail intergration
JIRA: COMPASS-168 Change-Id: I0fe22568fb28019a0085e8bbf9b600acfa9e8f45 Signed-off-by: chenshuai@huawei.com <chenshuai@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/open-contrail/templates')
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/install/override.j21
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j229
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j227
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j212
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j286
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j215
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j214
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j243
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j212
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j215
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j29
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j213
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j222
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j25
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j229
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2111
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j212
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j211
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2177
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j21
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j266
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j22
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j230
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j226
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j216
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j229
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j215
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j258
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j26
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j26
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j225
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j21
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j22
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j21
-rwxr-xr-xdeploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j21
35 files changed, 928 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2
new file mode 100755
index 00000000..2905494b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2
@@ -0,0 +1 @@
+manual
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2
new file mode 100755
index 00000000..18192f19
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2
@@ -0,0 +1,29 @@
+[DEFAULTS]
+host_ip = {{ contrail_address }}
+rest_api_ip = 0.0.0.0
+rest_api_port = 9081
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+collectors = {{ contrail_address }}:8086
+http_server_port = 8090
+log_file = /var/log/contrail/contrail-analytics-api.log
+log_level = SYS_NOTICE
+log_local = 1
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl = 48
+analytics_config_audit_ttl = -1
+analytics_statistics_ttl = -1
+analytics_flow_ttl = -1
+
+[DISCOVERY]
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+
+[REDIS]
+redis_server_port = 6379
+redis_query_port = 6379
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2
new file mode 100755
index 00000000..1eefacfb
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2
@@ -0,0 +1,27 @@
+[DEFAULTS]
+listen_ip_addr = 0.0.0.0
+listen_port = 8082
+ifmap_server_ip = {{ contrail_address }}
+ifmap_server_port = 8443
+ifmap_username = api-server
+ifmap_password = api-server
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5673
+multi_tenancy = True
+list_optimization_enabled = True
+log_file = /var/log/contrail/contrail-api.log
+log_level = SYS_NOTICE
+log_local = 1
+auth = keystone
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2
new file mode 100755
index 00000000..94da3d71
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2
@@ -0,0 +1,12 @@
+[program:contrail-api]
+command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --listen_port 910%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-api-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=440
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2
new file mode 100755
index 00000000..e6242346
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2
@@ -0,0 +1,86 @@
+[DEFAULT]
+# Everything in this section is optional
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl = 48
+analytics_config_audit_ttl = -1
+analytics_statistics_ttl = -1
+analytics_flow_ttl = -1
+
+# IP address and port to be used to connect to cassandra.
+# Multiple IP:port strings separated by space can be provided
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+
+# IP address and port to be used to connect to kafka.
+# Multiple IP:port strings separated by space can be provided
+kafka_broker_list =
+
+# IP address of analytics node. Resolved IP of 'hostname'
+hostip = {{ contrail_address }}
+
+# Hostname of analytics node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Http server port for inspecting collector state (useful for debugging)
+http_server_port = 8089
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-collector.log
+
+# Maximum log file rollover index
+# log_files_count = 10
+
+# Maximum log file size
+# log_file_size = 1048576 # 1MB
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level = SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and
+# 1 (enable)
+log_local = 1
+
+# TCP and UDP ports to listen on for receiving syslog messages. -1 to disable.
+syslog_port = -1
+
+# UDP port to listen on for receiving sFlow messages. -1 to disable.
+# sflow_port = 6343
+
+# UDP port to listen on for receiving ipfix messages. -1 to disable.
+# ipfix_port = 4739
+
+[COLLECTOR]
+# Everything in this section is optional
+
+# Port to listen on for receiving Sandesh messages
+port = 8086
+
+# IP address to bind to for listening
+# server = 0.0.0.0
+
+# UDP port to listen on for receiving Google Protocol Buffer messages
+# protobuf_port = 3333
+
+[DISCOVERY]
+# Port to connect to for communicating with discovery server
+# port = 5998
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+[REDIS]
+# Port to connect to for communicating with redis-server
+port = 6379
+
+# IP address of redis-server
+server = 127.0.0.1
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2
new file mode 100755
index 00000000..83792b2c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+hostname = {{ ansible_hostname }}
+log_file = /var/log/contrail/contrail-control.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[DISCOVERY]
+server = {{ contrail_haproxy_address }}
+port = 5998
+
+[IFMAP]
+certs_store =
+user = {{ contrail_address }}
+password = {{ contrail_address }}
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2
new file mode 100755
index 00000000..77bcc95f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2
@@ -0,0 +1,14 @@
+[DEFAULTS]
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5673
+log_file = /var/log/contrail/contrail-device-manager.log
+log_level = SYS_NOTICE
+log_local = 1
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2
new file mode 100755
index 00000000..84e6317f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2
@@ -0,0 +1,43 @@
+[DEFAULTS]
+listen_ip_addr = 0.0.0.0
+listen_port = 5998
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}{% if not loop.last %}, {% endif %}{% endfor %}
+
+zk_server_port = 2181
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+log_file = /var/log/contrail/contrail-discovery.log
+log_level = SYS_NOTICE
+log_local = 1
+
+# minimim time to allow client to cache service information (seconds)
+ttl_min = 300
+
+# maximum time to allow client to cache service information (seconds)
+ttl_max = 1800
+
+# health check ping interval < = 0 for disabling
+hc_interval = 5
+
+# maximum hearbeats to miss before server will declare publisher out of
+# service.
+hc_max_miss = 3
+
+# use short TTL for agressive rescheduling if all services are not up
+ttl_short = 1
+
+# for DNS service, we use fixed policy
+# even when the cluster has more than two control nodes, only two of these
+# should provide the DNS service
+[DNS-SERVER]
+policy = fixed
+
+######################################################################
+# Other service specific knobs ...
+
+# use short TTL for agressive rescheduling if all services are not up
+# ttl_short = 1
+
+# specify policy to use when assigning services
+# policy = [load-balance | round-robin | fixed]
+######################################################################
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2
new file mode 100755
index 00000000..5f0a698d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2
@@ -0,0 +1,12 @@
+[program:contrail-discovery]
+command=/usr/bin/contrail-discovery --conf_file /etc/contrail/contrail-discovery.conf --listen_port 911%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-discovery-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=430
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2
new file mode 100755
index 00000000..0a2ab433
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+hostname = {{ ansible_hostname }}
+log_file = /var/log/contrail/contrail-dns.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[DISCOVERY]
+server = {{ contrail_haproxy_address }}
+port = 5998
+
+[IFMAP]
+certs_store =
+user = {{ contrail_address }}.dns
+password = {{ contrail_address }}.dns
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2
new file mode 100755
index 00000000..f362ef45
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2
@@ -0,0 +1,9 @@
+[KEYSTONE]
+auth_protocol = http
+auth_host = {{ contrail_keystone_address }}
+auth_port = 35357
+admin_tenant_name = admin
+admin_user = {{ contrail_admin_user }}
+admin_password = {{ contrail_admin_password }}
+insecure = False
+
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2
new file mode 100755
index 00000000..e051b7ec
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2
@@ -0,0 +1,13 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+collectors = {{ contrail_address }}:8086
+http_server_port = 8091
+log_file = /var/log/contrail/contrail-query-engine.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[REDIS]
+server = 127.0.0.1
+port = 6379
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2
new file mode 100755
index 00000000..2bb4ab79
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2
@@ -0,0 +1,22 @@
+[DEFAULTS]
+ifmap_server_ip = {{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }}
+ifmap_server_port = 8443
+ifmap_username = schema-transformer
+ifmap_password = schema-transformer
+api_server_ip = {{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+log_file = /var/log/contrail/contrail-schema.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2
new file mode 100755
index 00000000..1ff43563
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2
@@ -0,0 +1,5 @@
+Defaults:contrail !requiretty
+
+Cmnd_Alias CONFIGRESTART = /usr/sbin/service supervisor-config restart
+
+contrail ALL = (root) NOPASSWD:CONFIGRESTART
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2
new file mode 100755
index 00000000..4b4221d7
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2
@@ -0,0 +1,29 @@
+[DEFAULTS]
+ifmap_server_ip = {{ contrail_address }}
+ifmap_server_port = 8443
+ifmap_username = svc-monitor
+ifmap_password = svc-monitor
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5673
+region_name = RegionOne
+log_file = /var/log/contrail/contrail-svc-monitor.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
+
+[SCHEDULER]
+analytics_server_ip = {{ contrail_haproxy_address }}
+analytics_server_port = 8081
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2
new file mode 100755
index 00000000..fb483c3e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2
@@ -0,0 +1,111 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (optional)
+# server = 10.0.0.1 10.0.0.2
+
+[DEFAULT]
+agent_name = {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }}
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors = 127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug = 0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout = 0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+# log_level = SYS_DEBUG
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+# log_local = 0
+
+# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
+# log_flow = 0
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type =
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode =
+
+# Define agent mode. Only supported value is "tor"
+agent_mode = tor
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port = 8085
+http_server_port = {{ item.ansible_facts.toragent_params.http_server_port }}
+
+[DISCOVERY]
+#If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this
+#section is mandatory. Else this section is optional
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+# max_control_nodes = 1
+
+[DNS]
+# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server = 10.0.0.1 10.0.0.2
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip = {{ contrail_address }}
+
+[TOR]
+# IP address of the TOR to manage
+tor_ip = {{ item.ansible_facts.toragent_params.address }}
+
+# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
+tor_id = {{ item.ansible_facts.toragent_index }}
+
+# ToR management scheme is based on this type. Only supported value is "ovs"
+tor_type = ovs
+
+# OVS server port number on the ToR
+tor_ovs_port = {{ item.ansible_facts.toragent_params.ovs_port }}
+
+# IP-Transport protocol used to connect to tor. Supported values are "tcp", "pssl"
+tor_ovs_protocol = {{ item.ansible_facts.toragent_params.ovs_protocol }}
+
+# Path to ssl certificate for tor-agent, needed for pssl
+ssl_cert = /etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem
+
+# Path to ssl private-key for tor-agent, needed for pssl
+ssl_privkey = /etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem
+
+# Path to ssl cacert for tor-agent, needed for pssl
+ssl_cacert = /etc/contrail/ssl/certs/cacert.pem
+
+tsn_ip = {{ contrail_address }}
+
+# OVS keep alive timer interval in milliseconds
+tor_keepalive_interval = 10000
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2
new file mode 100755
index 00000000..db6944c9
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2
@@ -0,0 +1,12 @@
+[program:contrail-tor-agent-{{ item.ansible_facts.toragent_index }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf
+priority=420
+autostart=true
+killasgroup=true
+stopsignal=KILL
+stdout_capture_maxbytes=1MB
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}-stdout.log
+stderr_logfile=/dev/null
+startsecs=5
+exitcodes=0 ; 'expected' exit codes for process (default 0,2)
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2
new file mode 100755
index 00000000..85a7b63a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2
@@ -0,0 +1,11 @@
+[global]
+WEB_SERVER=127.0.0.1
+WEB_PORT=8082 ; connection to api-server directly
+BASE_URL=/
+
+[auth]
+AUTHN_TYPE=keystone
+AUTHN_PROTOCOL=http
+AUTHN_SERVER={{ contrail_keystone_address }}
+AUTHN_PORT=35357
+AUTHN_URL=/v2.0/tokens
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2
new file mode 100755
index 00000000..207509e5
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2
@@ -0,0 +1,177 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server = 10.0.0.1 10.0.0.2
+
+[DEFAULT]
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors = 127.0.0.1:8086
+
+# Agent mode : can be vrouter / tsn / tor (default is vrouter)
+{% if contrail_vrouter_mode is defined %}agent_mode = {{ contrail_vrouter_mode }}
+{% else %}# agent_mode =
+{% endif %}
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug = 0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout = 0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port = 8085
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-vrouter-agent.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level = SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+log_local = 1
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type =
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode =
+
+# DHCP relay mode (true or false) to determine if a DHCP request in fabric
+# interface with an unconfigured IP should be relayed or not
+# dhcp_relay_mode =
+
+# DPDK or legacy work mode
+platform = default
+
+# Physical address of PCI used by dpdk
+physical_interface_address =
+
+# MAC address of device used by dpdk
+physical_interface_mac = {{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }}
+
+[DISCOVERY]
+# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is
+# mandatory. Else this section is optional
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+max_control_nodes = {{ groups['opencontrail_control'] | length }}
+
+[DNS]
+# IP address and port to be used to connect to dns-node. Maximum of 2 IP
+# addresses (separated by a space) can be provided. If no IP is configured then
+# the value provided by discovery service will be used.
+# server = 10.0.0.1:53 10.0.0.2:53
+
+[HYPERVISOR]
+# Everything in this section is optional
+
+# Hypervisor type. Possible values are kvm, xen and vmware
+type = kvm
+vmware_mode =
+
+# Link-local IP address and prefix in ip/prefix_len format (for xen)
+# xen_ll_ip =
+
+# Link-local interface name when hypervisor type is Xen
+# xen_ll_interface =
+
+# Physical interface name when hypervisor type is vmware
+vmware_physical_interface =
+
+[FLOWS]
+# Everything in this section is optional
+
+# Maximum flows allowed per VM (given as % of maximum system flows)
+# max_vm_flows = 100
+# Maximum number of link-local flows allowed across all VMs
+# max_system_linklocal_flows = 4096
+# Maximum number of link-local flows allowed per VM
+# max_vm_linklocal_flows = 1024
+
+[METADATA]
+# Shared secret for metadata proxy service (Optional)
+# metadata_proxy_secret = contrail
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip = {{ contrail_address }}
+
+[VIRTUAL-HOST-INTERFACE]
+# Everything in this section is mandatory
+
+# name of virtual host interface
+name = vhost0
+
+# IP address and prefix in ip/prefix_len format
+ip = {{ contrail_address }}/{{ contrail_prefixlen }}
+
+# Gateway IP address for virtual host
+gateway = {{ contrail_gateway }}
+
+# Physical interface name to which virtual host interface maps to
+physical_interface = {{ contrail_device }}
+
+# We can have multiple gateway sections with different indices in the
+# following format
+# [GATEWAY-0]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance = default-domain:admin:public:public
+
+# Gateway interface name
+# interface = vgw
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks = 1.1.1.1/24
+
+# [GATEWAY-1]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance = default-domain:admin:public1:public1
+
+# Gateway interface name
+# interface = vgw1
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks = 2.2.1.0/24 2.2.2.0/24
+
+# Routes to be exported in routing_instance. Each route is represented as
+# ip/prefix. Multiple routes are represented by separating each with a space
+# routes = 10.10.10.1/24 11.11.11.1/24
+
+[SERVICE-INSTANCE]
+# Path to the script which handles the netns commands
+netns_command = /usr/bin/opencontrail-vrouter-netns
+
+# Number of workers that will be used to start netns commands
+#netns_workers = 1
+
+# Timeout for each netns command, when the timeout is reached, the netns
+# command is killed.
+#netns_timeout = 30
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2
new file mode 100755
index 00000000..dac56d1d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2
@@ -0,0 +1 @@
+{{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }}
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2
new file mode 100755
index 00000000..6aa4d06e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2
@@ -0,0 +1,66 @@
+#contrail-marker-start
+
+listen contrail-stats
+ bind *:5937
+ mode http
+ stats enable
+ stats uri /
+ stats auth haproxy:contrail123
+
+listen neutron-server
+ bind *:9696
+ balance roundrobin
+ option nolinger
+{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9697 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen contrail-api
+ bind *:8082
+ balance roundrobin
+ option nolinger
+ timeout client 3m
+ timeout server 3m
+{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9100 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen contrail-discovery
+ bind *:5998
+ balance roundrobin
+ option nolinger
+{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9110 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen contrail-analytics-api
+ bind *:8081
+ balance roundrobin
+ option nolinger
+ option tcp-check
+ tcp-check connect port 6379
+ default-server error-limit 1 on-error mark-down
+{% for cur_host in groups['opencontrail_collector'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9081 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+{% if contrail_tor_agents is defined %}listen contrail-tor-agent
+ bind {% for cur_agent in contrail_tor_agents %}*:{{ cur_agent['ovs_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
+
+ mode tcp
+ balance leastconn
+ option tcplog
+ option tcpka
+{% for cur_host in groups['opencontrail_tsn'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }} check inter 2000
+{% endfor %}{% endif %}
+
+listen rabbitmq
+ bind *:5673
+ mode tcp
+ balance roundrobin
+ maxconn 10000
+ option tcplog
+ option tcpka
+ option redispatch
+ timeout client 48h
+ timeout server 48h
+{% for cur_host in groups['opencontrail_config'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:5672 check inter 2000 rise 2 fall 3 weight 1 maxconn 500
+{% endfor %}
+
+#contrail-marker-end
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2
new file mode 100755
index 00000000..41a1c649
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2
@@ -0,0 +1,2 @@
+# The MAPC with basic auth username 'reader' has read only access.
+reader=ro
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2
new file mode 100755
index 00000000..6ca38a29
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2
@@ -0,0 +1,30 @@
+test:test
+test2:test2
+test3:test3
+dhcp:dhcp
+visual:visual
+sensor:sensor
+
+# compliance testsuite users
+mapclient:mapclient
+helper:mapclient
+
+# This is a read-only MAPC
+reader:reader
+
+# OpenContrail users
+api-server:api-server
+schema-transformer:schema-transformer
+svc-monitor:svc-monitor
+
+control-user:control-user-passwd
+control-node-1:control-node-1
+control-node-2:control-node-2
+control-node-3:control-node-3
+control-node-4:control-node-4
+control-node-5:control-node-5
+control-node-6:control-node-6
+control-node-7:control-node-7
+control-node-8:control-node-8
+control-node-9:control-node-9
+control-node-10:control-node-10
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2
new file mode 100755
index 00000000..ebd0b483
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2
@@ -0,0 +1,26 @@
+# Set root logger level to DEBUG and its only appender to CONSOLE
+log4j.rootLogger=TRACE, CONSOLE
+log4j.error
+
+log4j.logger.de.fhhannover.inform.irond.proc=TRACE, A1, A2
+log4j.additivity.de.fhhannover.inform.irond.proc=false
+
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.appender.A2=org.apache.log4j.FileAppender
+log4j.appender.A2.File=/var/log/contrail/ifmap-server.log
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.logger.de.fhhannover.inform.irond.rawrequests=TRACE, A3
+log4j.additivity.de.fhhannover.inform.irond.rawrequests=false
+log4j.appender.A3=org.apache.log4j.FileAppender
+log4j.appender.A3.file=irond_raw.log
+log4j.appender.A3.layout=org.apache.log4j.PatternLayout
+log4j.appender.A3.layout.ConversionPattern=%d %-5p %x - %m%n
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-8r [%t] %-5p %C{1} %x - %m%n
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2
new file mode 100755
index 00000000..90d2a887
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2
@@ -0,0 +1,16 @@
+#Sun May 27 15:47:44 PDT 2012
+visual=visual--1877135140-1
+test=test--1870931913-1
+test2=test2--1870931914-1
+test3=test3--1870931915-1
+api-server=api-server-1--0000000001-1
+control-node-1=control-node-1--1870931921-1
+control-node-2=control-node-1--1870931922-1
+control-node-3=control-node-1--1870931923-1
+control-node-4=control-node-1--1870931924-1
+control-node-5=control-node-1--1870931925-1
+control-node-6=control-node-1--1870931926-1
+control-node-7=control-node-1--1870931927-1
+control-node-8=control-node-1--1870931928-1
+control-node-9=control-node-1--1870931929-1
+control-node-10=control-node-10--1870931930-1
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2
new file mode 100755
index 00000000..b16c4a25
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2
@@ -0,0 +1,29 @@
+vrrp_script chk_haproxy {
+ script "killall -0 haproxy"
+ interval 1
+ timeout 3
+ rise 2
+ fall 2
+}
+
+vrrp_instance INTERNAL_1 {
+ interface {{ contrail_device }}
+ state MASTER
+ preemt_delay 7
+ grap_master_delay 5
+ grap_master_repeat 3
+ grap_master_refresh 1
+ advert_int 1
+ virtual_router_id 85
+ vmac_xmit_base
+ priority 10{{ item.0 }}
+ virtual_ipaddress {
+ {{ contrail_haproxy_address }} dev {{ contrail_device }}
+ }
+ track_script {
+ chk_haproxy
+ }
+ track_interface {
+ {{ contrail_device }}
+ }
+}
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2
new file mode 100755
index 00000000..13e5965a
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2
@@ -0,0 +1,15 @@
+[APISERVER]
+api_server_ip={{ contrail_haproxy_address }}
+api_server_port=8082
+multi_tenancy=True
+contrail_extensions=ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None
+
+[COLLECTOR]
+analytics_api_ip={{ contrail_haproxy_address }}
+analytics_api_port=8081
+
+[KEYSTONE]
+auth_url=http://{{ contrail_keystone_address }}:35357/v2.0
+admin_tenant_name=admin
+admin_user={{ contrail_admin_user }}
+admin_password={{ contrail_admin_password }}
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2
new file mode 100755
index 00000000..ea4dbbad
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2
@@ -0,0 +1,58 @@
+[DEFAULT]
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lib/nova/tmp
+force_dhcp_release=True
+libvirt_use_virtio_for_bridges=True
+verbose=True
+ec2_private_dns_show_ip=False
+auth_strategy = keystone
+libvirt_nonblocking = True
+libvirt_inject_partition = -1
+compute_driver = libvirt.LibvirtDriver
+novncproxy_base_url = http://{{ contrail_keystone_address }}:6080/vnc_auto.html
+vncserver_enabled = true
+vncserver_listen = {{ contrail_address }}
+vncserver_proxyclient_address = {{ contrail_address }}
+security_group_api = neutron
+heal_instance_info_cache_interval = 0
+image_cache_manager_interval = 0
+libvirt_cpu_mode = none
+libvirt_vif_driver = nova_contrail_vif.contrailvif.VRouterVIFDriver
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+glance_host = {{ contrail_keystone_address }}
+glance_port = 9292
+glance_num_retries = 10
+rabbit_host = {{ contrail_keystone_address }}
+rabbit_port = 5672
+rabbit_password = {{ rabbit_password }}
+rabbit_retry_interval = 1
+rabbit_retry_backoff = 2
+rabbit_max_retries = 0
+rabbit_ha_queues = True
+rpc_cast_timeout = 30
+rpc_conn_pool_size = 40
+rpc_response_timeout = 60
+rpc_thread_pool_size = 70
+report_interval = 15
+novncproxy_port = 6080
+vnc_port = 5900
+vnc_port_total = 100
+resume_guests_state_on_host_boot = True
+service_down_time = 300
+periodic_fuzzy_delay = 30
+disable_process_locking = True
+neutron_admin_auth_url =
+
+[keystone_authtoken]
+admin_tenant_name = service
+admin_user = nova
+admin_password = {{ contrail_admin_password }}
+auth_host = {{ contrail_keystone_address }}
+auth_protocol = http
+auth_port = 5000
+signing_dir = /tmp/keystone-signing-nova
+
+
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2
new file mode 100755
index 00000000..53dfbba2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2
@@ -0,0 +1,6 @@
+cgroup_device_acl = [
+ "/dev/null", "/dev/full", "/dev/zero",
+ "/dev/random", "/dev/urandom",
+ "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+ "/dev/rtc", "/dev/hpet","/dev/net/tun"
+]
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2
new file mode 100755
index 00000000..a276d3e2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2
@@ -0,0 +1,6 @@
+[
+ {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]},
+ {loopback_users, []},
+ {log_levels,[{connection, info},{mirroring, info}]} ]
+ }
+].
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2
new file mode 100755
index 00000000..c8cbe63f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2
@@ -0,0 +1,25 @@
+[
+ {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]}, {cluster_partition_handling, autoheal},{loopback_users, []},
+ {cluster_nodes, {[{% for cur_host in groups['opencontrail_config'] %}'rabbit@{{ cur_host }}-ctrl'{% if not loop.last %}, {% endif %}{% endfor %}], disc}},
+ {vm_memory_high_watermark, 0.4},
+ {disk_free_limit,50000000},
+ {log_levels,[{connection, info},{mirroring, info}]},
+ {heartbeat,10},
+ {delegate_count,20},
+ {channel_max,5000},
+ {tcp_listen_options,
+ [binary,
+ {packet, raw},
+ {reuseaddr, true},
+ {backlog, 128},
+ {nodelay, true},
+ {exit_on_close, false},
+ {keepalive, true}
+ ]
+ },
+ {collect_statistics_interval, 60000}
+ ]
+ },
+ {rabbitmq_management_agent, [ {force_fine_statistics, true} ] },
+ {kernel, [{net_ticktime, 30}]}
+].
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2
new file mode 100755
index 00000000..838d0332
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2
@@ -0,0 +1 @@
+{{ ansible_date_time.iso8601_micro | to_uuid }}
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2
new file mode 100755
index 00000000..1b3e60f7
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2
@@ -0,0 +1,2 @@
+NODE_IP_ADDRESS={{ contrail_address }}
+NODENAME=rabbit@{{ ansible_hostname }}-ctrl
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2
new file mode 100755
index 00000000..7eee51ba
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2
@@ -0,0 +1 @@
+DISCOVERY={{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }}
diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2
new file mode 100755
index 00000000..ec0033b3
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2
@@ -0,0 +1 @@
+{{ item.0 + 1 }}