-
Notifications
You must be signed in to change notification settings - Fork 388
OpenContrail bring up and provisioning
The contrail software consists of multiple modules:
- configuration
- analytics
- control plane
- compute node
- web-ui
Binaries built from source packages are available on https://launchpad.net/~opencontrail/+archive/ppa
- zookeeper
- cassandra
- rabbitmq
- ntp
Zookeeper: recommend odd number of nodes.
Cassandra: recommend a multi-node cluster configuration.
If rabbitmq is being used for openstack, we recommend that one uses the same service with a "vhost" for open contrail.
Servers running control-node components should be time synchronized.
apt-get install ifmap-server
- The ifmap-server works with default config when running on all the nodes that api-server runs; the config examples above assume that.
- Authentication is defined in /etc/irond/basicauthusers.properties Each ifmap client requires a different username; typically api-server connects to local ifmap-server but control-nodes default to connecting to ifmap-server via discovery; in this case all control-nodes should have unique if map client ids.
service ifmap-server start
apt-get install contrail-config
Example: /etc/contrail/contrail-api.conf
[DEFAULTS]
log_file = /var/log/contrail/contrail-api.log
ifmap_username = api-server
ifmap_password = api-server
cassandra_server_list = x.x.x.x:9160
auth = keystone
multi_tenancy = True
disc_server_ip = x.x.x.x
zk_server_ip = x.x.x.x:2181
rabbit_server = x.x.x.x
rabbit_password = xxxxxxxxxxxxxxxxxxxx
[KEYSTONE]
auth_host = x.x.x.x
auth_port = 35357
auth_protocol = http
admin_user = neutron
admin_password = xxxxxxxxxxxxxxxxxxxx
admin_token =
admin_tenant_name = service
- disc_server_ip should be the load balancer address. The LB should front-end port 5998 which is served by the discovery process. Only a single discovery server answers requires (master election via zookeeper); defaults to localhost.
- cassandra_server_list is a space separated list in the form: "x.x.x.x:9160 y.y.y.y:9160".
- zk_server_ip is a comma separated list in the form "x.x.x.x:2181,y.y.y.y:2181" and defaults to localhost.
service contrail-api start
Before contrail-api will listen on 8082 it has to be able to connect to rabbitmq, cassandra, zookeeper and the ifmap-server. You can check by
netstat -ntop|grep $(ps auxw|grep [c]ontrail-api|awk '{print $2}')
There you can see if the contrail-api process actually connects to those services. The log might not always say that it cannot connect.
When multi_tenancy is enabled the http request to the api server requires a keystone auth_token. The command should return a list of several projects, including the project that contrail creates internally as well as all projects currently visible in keystone tenant-list.
If contrail-api is listening on TCP/8082 you can verfiy the service by
curl -s -H "X-Auth-Token: $(keystone token-get | awk '/ id / {print $4}')" localhost:8082/projects | python -mjson.tool
The result will be something like this
{
"projects": [
{
"fq_name": [
"default-domain",
"admin"
],
"href": "http://localhost:8082/project/61e4177f-d495-4a99-a5da-773dbb7769bf",
"uuid": "61e4177f-d495-4a99-a5da-773dbb7769bf"
},
{
"fq_name": [
"default-domain",
"default-project"
],
"href": "http://localhost:8082/project/66823993-6175-4318-b9d2-77e3cbf8b069",
"uuid": "66823993-6175-4318-b9d2-77e3cbf8b069"
},
{
"fq_name": [
"default-domain",
"services"
],
"href": "http://localhost:8082/project/7ca8dc77-b965-44c1-b7ae-e1580286cbb5",
"uuid": "7ca8dc77-b965-44c1-b7ae-e1580286cbb5"
}
]
}
apt-get install contrail-config
- Example: /etc/contrail/contrail-schema.conf
[DEFAULTS]
log_file = /var/log/contrail/contrail-schema.log
cassandra_server_list = x.x.x.x:9160
zk_server_ip = x.x.x.x
disc_server_ip = x.x.x.x
[KEYSTONE]
admin_user = neutron
admin_password = xxxxxxxxxxxxxxxxxxxx
admin_tenant_name = service
Parameters should be the same as api-server.conf.
- Example: /etc/contrail/vnc_api_lib.ini
[auth]
AUTHN_TYPE = keystone
AUTHN_SERVER=x.x.x.x
AUTHN_PORT = 35357
AUTHN_URL = /v2.0/tokens
vnc_api_lib.ini is required in the systems that run schema-transformer and neutron-server plugin. It is accessed from the neutron process.
service contrail-schema start
- Example: /etc/contrail/contrail-discovery.conf
[DEFAULTS]
zk_server_ip = x.x.x.x
- api-server (port 8082).
- discovery (port 5998).
curl http://api-server-address:8082/projects | python -mjson.tool
When multi_tenancy is enabled the http request to the api server requires a keystone auth_token. The command should return a list of several projects, including the project that contrail creates internally as well as all projects currently visible in keystone tenant-list.
http://x.x.x.x:5998/services
Displays the services registered in the discovery server. Only one of the discovery servers will answer API requests in a multi node configuration. The others are in standby mode. The output should show one or more entries for: ApiServer, IfmapServer, Collector and xmpp-server.
Cassandra cluster addresses can be provided as space separated list of :, e.g '10.10.10.10:9160 10.10.10.11:9160', to the analytics processes through the respective dot conf file.
The redis-server version should be (>= 2.6.13). It is expected 2 instances of redis-server are instantiated on the local node that are used by analytics processes [this is done by creating redis-uve.conf and redis-query.conf with appropriate parameters]. The ports are configurable through dot conf file, with defaults being 6380 and 6381.
contrail collector collects information across the system through sandesh protocol and stores them in analytics database
- Example /etc/contrail/contrail-collector.conf
[DEFAULT]
# analytics_data_ttl=48
# cassandra_server_list=127.0.0.1:9160
# dup=0
# hostip= # Resolved IP of `hostname`
# hostname= # Retrieved as `hostname`
# http_server_port=8089
# log_category=
# log_disable=0
# log_file=<stdout>
# log_files_count=10
# log_file_size=1048576 # 1MB
# log_level=SYS_NOTICE
# log_local=0
# syslog_port=0
# test_mode=0
[COLLECTOR]
# port=8086
# server=0.0.0.0
[DISCOVERY]
# port=5998
# server=0.0.0.0
[REDIS]
# port=6381
# server=127.0.0.1
contrail-query-engine is the helper process in the analytics node to do queries in an optimized way and return the results to contrail-analytics-api process
- Example: /etc/contrail/contrail-query-engine.conf
[DEFAULT]
# analytics_data_ttl=48
# cassandra_server_list=127.0.0.1:9160
# collectors= # Provided by discovery server
# hostip= # Resolved IP of `hostname`
# hostname= # Retrieved as `hostname`
# http_server_port=8089
# log_category=
# log_disable=0
# log_file=<stdout>
# log_files_count=10
# log_file_size=1048576 # 1MB
# log_level=SYS_NOTICE
# log_local=0
# max_slice=100
# max_tasks=16
# start_time=0
# test_mode=0
[DISCOVERY]
# port=5998
# server=127.0.0.1 # discovery_server IP address
[REDIS]
# port=6380
# server=127.0.0.1
contrail-analytics-api is the operation REST API server and provides operational state and the historic data through REST API
- Example: /etc/contrail/contrail-analytics-api.conf
[DEFAULTS]
#host_ip = 127.0.0.1
#collectors = 127.0.0.1:8086
#http_server_port = 8090
#rest_api_port = 8081
#rest_api_ip = 0.0.0.0
#log_local = 0
#log_level = SYS_DEBUG
#log_category =
#log_file = stdout
[DISCOVERY]
#disc_server_ip =
#disc_server_port = 5998
[REDIS]
#server=127.0.0.1
#redis_server_port=6381
#redis_query_port=6380
- Use "contrail-logs" to query the analytics api and verify that it answers correctly.
- contrail-webui gets much of the info from contrail-analytics-api and hence can be used to verify analytics functionality
It is expected an instance of redis-server is instantiated on the local node that is used by webui processes [this is done by creating redis-webui.conf with appropriate parameters]. The ports are configurable through the webui conf file - /etc/contrail/config.global.js, with default being 6383.
The configurable parameters for the webui processes are given through /etc/contrail/config.global.js And by default, the webui console is accessible through :8080
- Example: /etc/contrail/config.global.js
var config = {};
config.orchestration = {};
config.orchestration.Manager = 'openstack'
...
config.networkManager = {};
config.networkManager.ip = '10.84.13.45';
config.networkManager.port = '9696'
config.networkManager.authProtocol = 'http';
...
/* Configure level of logs, supported log levels are:
debug, info, notice, warning, error, crit, alert, emerg
*/
config.logs = {};
config.logs.level = 'debug';
// Export this as a module.
module.exports = config;
Example: /etc/contrail/control-node.conf
[DISCOVERY]
server = x.x.x.x
[IFMAP]
user=control-node-<N>
password=control-node-<N>
Where N should be the instance-id (e.g. 1, 2, ...)
For diagnostics check whether the control-node process has an established TCP session to port 8443 using "netstat -ntap".
- dns deamon
Recommendation: 2 control-nodes.
- vrouter agent
- vrouter kernel module
modprobe vrouter
- for CentOS /etc/modprobe.conf (otherwise kernel panic)
alias bridge off
- nova vif driver
- /etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.quantumv2.api.API
libvirt_vif_driver = nova_contrail_vif.contrailvif.VRouterVIFDriver
- Example /etc/network/interfaces
auto eth1
iface eth1 inet static
address 0.0.0.0
up ifconfig $IFACE up
down ifconfig $IFACE down
auto vhost0
iface vhost0 inet static
pre-up vif --create vhost0 --mac $(cat /sys/class/net/eth1/address)
pre-up vif --add vhost0 --mac $(cat /sys/class/net/eth1/address) --vrf 0 --mode x --type vhost
address 192.168.2.252
netmask 255.255.254.0
In the example above eth1 is used as VM data interface.
- neutron opencontrail plugin neutron-plugin-contrail package
- Requires the following configuration in neutron.conf
core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrailplugin.ContrailPlugin
api_extensions_path = extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions
- /etc/neutron/plugins/opencontrail/ContrailPlugin.ini
[APISERVER]
multi_tenancy = True
[KEYSTONE]
admin_user = neutron
admin_password =
admin_tenant_name = service
auth_url = http://x.x.x.x:35357/v2.0