Skip to content

OpenContrail bring up and provisioning

Jump to bottom
Pedro Marques edited this page May 15, 2014 · 67 revisions

The contrail software consists of multiple modules:

  • configuration
  • analytics
  • control plane
  • compute node
  • web-ui

Binaries built from source packages are available on https://launchpad.net/~opencontrail/+archive/ppa

Configuration

Services

  • zookeeper
  • cassandra
  • rabbitmq
  • ntp

Zookeeper: recommend odd number of nodes.

Cassandra: recommend a multi-node cluster configuration.

If rabbitmq is being used for openstack, we recommend that one uses the same service with a "vhost" for open contrail.

Servers running control-node components should be time synchronized.

Processes

api-server

Example: /etc/contrail/contrail-api.conf

[DEFAULTS]
log_file = /var/log/contrail/contrail-api.log
ifmap_username = api-server
ifmap_password = api-server
cassandra_server_list = x.x.x.x:9160
auth = keystone
multi_tenancy = True
disc_server_ip = x.x.x.x
zk_server_ip = x.x.x.x:2181
rabbit_server = x.x.x.x
rabbit_password = xxxxxxxxxxxxxxxxxxxx

[KEYSTONE]
auth_host = x.x.x.x
auth_port = 35357
auth_protocol = http
admin_user = neutron
admin_password = xxxxxxxxxxxxxxxxxxxx
admin_token = 
admin_tenant_name = service
  • disc_server_ip should be the load balancer address. The LB should front-end port 5998 which is served by the discovery process. Only a single discovery server answers requires (master election via zookeeper); defaults to localhost.
  • cassandra_server_list is a space separated list in the form: "x.x.x.x:9160 y.y.y.y:9160".
  • zk_server_ip is a comma separated list in the form "x.x.x.x:2181,y.y.y.y:2181" and defaults to localhost.

schema-transformer

  • Example: /etc/contrail/contrail-schema.conf
[DEFAULTS]
log_file = /var/log/contrail/contrail-schema.log
cassandra_server_list = x.x.x.x:9160
zk_server_ip = x.x.x.x
disc_server_ip = x.x.x.x

[KEYSTONE]
admin_user = neutron
admin_password = xxxxxxxxxxxxxxxxxxxx
admin_tenant_name = service

Parameters should be the same as api-server.conf.

  • Example: /etc/contrail/vnc_api_lib.ini
[auth]
AUTHN_TYPE = keystone
AUTHN_SERVER=x.x.x.x
AUTHN_PORT = 35357
AUTHN_URL = /v2.0/tokens

vnc_api_lib.ini is required in the systems that run schema-transformer and neutron-server plugin. It is accessed from the neutron process.

discovery

  • Example: /etc/contrail/contrail-discovery.conf
[DEFAULTS]
zk_server_ip = x.x.x.x

ifmap-server

  • The ifmap-server works with default config when running on all the nodes that api-server runs; the config examples above assume that.
  • Authentication is defined in /etc/irond/basicauthusers.properties Each ifmap client requires a different username; typically api-server connects to local ifmap-server but control-nodes default to connecting to ifmap-server via discovery; in this case all control-nodes should have unique if map client ids.

Load balanced services

  • api-server (port 8082).
  • discovery (port 5998).

Diagnostics

curl http://api-server-address:8082/projects | python -mjson.tool

When multi_tenancy is enabled the http request to the api server requires a keystone auth_token. The command should return a list of several projects, including the project that contrail creates internally as well as all projects currently visible in keystone tenant-list.

http://x.x.x.x:5998/services

Displays the services registered in the discovery server. Only one of the discovery servers will answer API requests in a multi node configuration. The others are in standby mode. The output should show one or more entries for: ApiServer, IfmapServer, Collector and xmpp-server.

Analytics

Services

  • zookeeper
  • cassandra
  • redis

Processes

  • collector
  • query-engine
  • query-api (?)

Control plane

Processes

control-node

Example: /etc/contrail/control-node.conf

[DISCOVERY]
server = x.x.x.x

[IFMAP]
user=control-node-<N>
password=control-node-<N>

Where N should be the instance-id (e.g. 1, 2, ...)

For diagnostics check whether the control-node process has an established TCP session to port 8443 using "netstat -ntap".

  • dns deamon

Recommendation: 2 control-nodes.

Compute node

  • vrouter agent
  • vrouter kernel module
modprobe vrouter
  • nova vif driver
  • /etc/nova/nova.conf
[DEFAULT]
network_api_class = nova.network.quantumv2.api.API
libvirt_vif_driver = nova_contrail_vif.contrailvif.VRouterVIFDriver
  • Example /etc/network/interfaces
auto eth1
iface eth1 inet static
      address 0.0.0.0
      up ifconfig $IFACE up
      down ifconfig $IFACE down

auto vhost0
iface vhost0 inet static
        pre-up vif --create vhost0 --mac $(cat /sys/class/net/eth1/address)
        pre-up vif --add vhost0 --mac $(cat /sys/class/net/eth1/address) --vrf 0 --mode x --type vhost
        address 192.168.2.252
        netmask 255.255.254.0

In the example above eth1 is used as VM data interface.

Neutron

  • neutron opencontrail plugin neutron-plugin-contrail package
  • Requires the following configuration in neutron.conf
core_plugin = neutron_plugin_contrail.plugins.opencontrail.contrailplugin.ContrailPlugin
api_extensions_path = extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions
Clone this wiki locally