├── .gitignore ├── .gitreview ├── LICENSE.md ├── Makefile ├── README.md ├── app_build.sh ├── create_repo.sh ├── docker ├── agent │ ├── centos7 │ │ └── Dockerfile.j2 │ ├── redhat7 │ │ └── Dockerfile.j2 │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── analytics │ ├── centos7 │ │ └── Dockerfile.j2 │ ├── redhat7 │ │ └── Dockerfile.j2 │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── analyticsdb │ ├── centos7 │ │ └── Dockerfile.j2 │ ├── redhat7 │ │ └── Dockerfile.j2 │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── build.sh ├── ceph-controller │ ├── redhat7 │ │ └── Dockerfile.j2 │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── common.sh ├── contrail-base │ ├── centos7 │ │ └── Dockerfile │ ├── redhat7 │ │ ├── Dockerfile │ │ └── contrail-install.repo │ ├── ubuntu14.04 │ │ └── Dockerfile │ └── ubuntu16.04 │ │ └── Dockerfile ├── contrail-repo │ ├── centos7 │ │ ├── Dockerfile │ │ ├── install_repo.sh │ │ └── nginx_site.conf │ ├── redhat7 │ │ ├── Dockerfile │ │ └── install_repo.sh │ ├── ubuntu14.04 │ │ ├── Dockerfile │ │ ├── install_repo.sh │ │ └── nginx_site.conf │ └── ubuntu16.04 │ │ ├── Dockerfile │ │ ├── install_repo.sh │ │ └── nginx_site.conf ├── contrail-ubuntu-mirror.key ├── controller │ ├── centos7 │ │ ├── Dockerfile.j2 │ │ └── supervisor_configs │ │ │ ├── config │ │ │ ├── contrail-api.ini │ │ │ └── contrail-config-nodemgr.ini │ │ │ └── main │ │ │ ├── config.ini │ │ │ ├── control.ini │ │ │ ├── supervisord.conf │ │ │ └── webui.ini │ ├── redhat7 │ │ ├── Dockerfile.j2 │ │ └── supervisor_configs │ │ │ └── main │ │ │ ├── config.ini │ │ │ ├── control.ini │ │ │ ├── supervisord.conf │ │ │ └── webui.ini │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ ├── entrypoint.sh │ │ └── supervisor_configs │ │ │ └── main │ │ │ ├── config.ini │ │ │ ├── control.ini │ │ │ ├── issu.ini │ │ │ ├── supervisord.conf │ │ │ └── webui.ini │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── kube-manager │ ├── centos7 │ │ └── Dockerfile.j2 │ ├── redhat7 │ │ └── Dockerfile.j2 │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── kubernetes-agent │ ├── redhat7 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh ├── lb │ ├── centos7 │ │ └── Dockerfile.j2 │ ├── redhat7 │ │ └── Dockerfile.j2 │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── mesos-manager │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 ├── pyj2.py ├── vcenter-plugin │ ├── ubuntu14.04 │ │ ├── Dockerfile.j2 │ │ └── entrypoint.sh │ └── ubuntu16.04 │ │ └── Dockerfile.j2 └── vrouter-compiler │ └── centos7 │ ├── Dockerfile.j2 │ └── entrypoint.sh ├── kolla-patches ├── 99contrail ├── Makefile ├── iscsi_tcp_sudoers ├── kolla-build.conf ├── swift_tcp_sudoers └── template-overrides.j2 ├── kubernetes ├── helm │ └── contrail │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ ├── NOTES.txt │ │ ├── agent-ds.yaml │ │ ├── analytics-ds.yaml │ │ ├── analyticsdb-ds.yaml │ │ ├── contrail-cm.yaml │ │ ├── contrail-rbac.yaml │ │ ├── contrailctl │ │ │ ├── _agent.tpl │ │ │ ├── _analytics.tpl │ │ │ ├── _analyticsdb.tpl │ │ │ ├── _check-input-conf.tpl │ │ │ ├── _controller.tpl │ │ │ ├── _kubernetes.tpl │ │ │ └── common │ │ │ │ ├── _cassandra.tpl │ │ │ │ ├── _global.tpl │ │ │ │ ├── _logport.tpl │ │ │ │ └── _rabbitmq.tpl │ │ ├── controller-ds.yaml │ │ └── kubemanager-ds.yaml │ │ └── values.yaml └── manifests │ ├── contrail-host-centos-nested.yml │ ├── contrail-host-centos.yaml │ ├── contrail-host-ubuntu-ha-independent-k8s.yaml │ ├── contrail-host-ubuntu-ha.yaml │ ├── contrail-host-ubuntu-nested.yaml │ ├── contrail-host-ubuntu.yaml │ └── tiller.yaml ├── specs ├── ansible-unit-test-implementation.md ├── contrail-docker.md ├── contrailctl-config-schema-implementation.md ├── contrailctl.md ├── docker-HA.md ├── docker-build.md └── images │ ├── contrail-containers-network-diagram.png │ └── contrailctl.jpg └── tools └── python-contrailctl ├── README.md ├── contrailctl ├── __init__.py ├── cmd.py ├── config.py ├── k8s_modify_config.py ├── map.py └── runner.py ├── examples └── configs │ ├── agent.conf │ ├── analytics.conf │ ├── analyticsdb.conf │ ├── cephcontroller.conf │ ├── controller.conf │ ├── kubemanager.conf │ └── lb.conf ├── requirements.txt ├── schema ├── agent.json ├── analytics.json ├── analyticsdb.json ├── cephcontroller.json ├── contrailissu.json ├── controller.json ├── definitions.json ├── kubemanager.json ├── kubernetesagent.json ├── lb.json └── vcenterplugin.json └── setup.py /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2013 Juniper Networks, Inc. All rights reserved. 3 | # 4 | # OpenContrail Code Review System 5 | # 6 | # Please visit opencontrail.org additional information. 7 | # 8 | # e.g. After changes are complete and commited to a local branch, do 9 | # 'git review' to submit changeset to review.opencontrail.org Code Review 10 | # (gerrit) System. 11 | # 12 | [gerrit] 13 | host=review.opencontrail.org 14 | port=29418 15 | project=Juniper/contrail-docker.git 16 | defaultbranch=master 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # contrail-docker 2 | Effort on containerizing contrail applications 3 | 4 | # Build containers 5 | 6 | All container image building logic is inside Dockerfile in appropriate component 7 | directory under docker directory (e.g docker/config/Dockerfile). Build stage handle 8 | installing all packages and to make/run any common config/tasks. 9 | -------------------------------------------------------------------------------- /app_build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright (c) 2017 Juniper Networks, Inc. 4 | # All rights reserved 5 | 6 | target=${1:-all} 7 | [[ -z $1 ]] && echo "WARN: no target given, defaulting to \"all\"" 8 | 9 | function find_tgz() { 10 | tgz=$1 11 | if [[ -f $BUILD_WORKAREA/$tgz ]]; then 12 | echo $BUILD_WORKAREA/$tgz 13 | elif [[ -f $BUILD_WORKAREA/$BUILD_SANDBOX/build/artifacts/$tgz ]]; then 14 | echo $BUILD_WORKAREA/$BUILD_SANDBOX/build/artifacts/$tgz 15 | elif [[ -f $BUILD_WORKAREA/$BUILD_SANDBOX/build/artifacts_extra/$tgz ]]; then 16 | echo $BUILD_WORKAREA/$BUILD_SANDBOX/build/artifacts_extra/$tgz 17 | fi 18 | } 19 | 20 | # These settings work for JB env and CI build env. 21 | # TODO: extend them to handle dev env 22 | # Longer term: migrate these into docker/Makefile 23 | # 24 | BUILD_ID=${BUILD_ID:-$ZUUL_CHANGE.$ZUUL_PATCHSET} 25 | BUILD_WORKAREA=${BUILD_WORKAREA:-$WORKSPACE} 26 | BUILD_SANDBOX=${BUILD_SANDBOX:-repo} 27 | BUILD_SKU=${BUILD_SKU:-$OPENSTACK_RELEASE} 28 | BUILD_PLATFORM=${BUILD_PLATFORM:-${OS_TYPE2}} 29 | 30 | case $BUILD_PLATFORM in 31 | ubuntu-14-04|ubuntu1404) OS=ubuntu14.04 ;; 32 | ubuntu-16-04|ubuntu1604) OS=ubuntu16.04 ;; 33 | centos71|centoslinux71) OS=centos7 ;; 34 | redhat70|redhatenterpriselinuxserver70) OS=redhat7 ;; 35 | *) echo "WARN: Do not know how to build app containers for BUILD_PLATFORM=\"$BUILD_PLATFORM\", skipping" 36 | exit 0 37 | ;; 38 | esac 39 | 40 | # If we are running as Continous or Official Build, use -j 41 | # flag (allowing for it to be pre-set). 42 | [[ -n $BUILD_SCRIPT_UTILS ]] && BUILD_J=${BUILD_J:-"-j12"} 43 | 44 | # TODO: this should use ssh key w/ no passphrase 45 | export SSHPASS=c0ntrail123 46 | 47 | build_version="$(cat $BUILD_WORKAREA/$BUILD_SANDBOX/controller/src/base/version.info)-$BUILD_ID" 48 | 49 | container_build_workspace=$BUILD_WORKAREA/$BUILD_SANDBOX/tools/docker 50 | container_save_location=$BUILD_WORKAREA/$BUILD_SANDBOX/build/artifacts 51 | docker_ip=$(ip addr show docker0 | grep 'inet ' | sed -e 's/.*inet \([^ /]*\).*/\1/' 2>/dev/null) 52 | 53 | tar_url=ssh://$docker_ip/$(find_tgz contrail-install-packages_$build_version-$BUILD_SKU.tgz) 54 | if [[ $OS = redhat7 ]]; then 55 | tar_url="$tar_url,ssh://$docker_ip/$(find_tgz contrail-thirdparty-packages_$build_version-$BUILD_SKU.tgz)" 56 | fi 57 | ansible_tgz=$(find_tgz contrail-ansible-internal-$build_version.tar.gz) 58 | 59 | log_location=$BUILD_WORKAREA/$BUILD_SANDBOX/build-info 60 | log=$log_location/container-apps-${target}.log 61 | mkdir -p $log_location 62 | 63 | MAKE_ARGS="CONTRAIL_INSTALL_PACKAGE_TAR_URL=$tar_url" 64 | MAKE_ARGS="$MAKE_ARGS CONTRAIL_VERSION=$build_version" 65 | MAKE_ARGS="$MAKE_ARGS CONTRAIL_ANSIBLE_ARTIFACT=$ansible_tgz" 66 | MAKE_ARGS="$MAKE_ARGS CONTAINER_REGISTRY=${REGISTRY_SERVER:-10.84.34.155}:5000" 67 | MAKE_ARGS="$MAKE_ARGS CONTAINER_SAVE_LOCATION=$container_save_location" 68 | MAKE_ARGS="$MAKE_ARGS CONTRAIL_SKU=$BUILD_SKU" 69 | 70 | cd $container_build_workspace 71 | set -o pipefail # So that we exit with make's exit status, not tee's 72 | make $BUILD_J OS=$OS $MAKE_ARGS $target 2>&1 | tee -a $log 73 | exit $? 74 | -------------------------------------------------------------------------------- /create_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ## Script to create yum/deb repo for a given list of TGZs 3 | 4 | set -x 5 | 6 | function xtrace_status () { 7 | set | grep -q SHELLOPTS=.*:xtrace 8 | return $? 9 | } 10 | 11 | function ssh_download () { 12 | # convert space seperated args into variables 13 | eval ${@// /;} 14 | 15 | tgz_file_name=${tgz_file_path##*/} 16 | export sshuser=${sshuser:-root} 17 | export SSHPASS=${sshpass:-passwd} 18 | if [[ -z $tgz_file_path ]]; then 19 | echo "ERROR: Empty TGZ path @ ssh_download" 20 | return 1 21 | fi 22 | 23 | server=$(echo $tgz_file_path | sed 's/ssh:\/\///;s|\/.*||') 24 | path=$(echo $tgz_file_path | sed -r 's#ssh://[a-zA-Z0-9_\.\-]+##') 25 | [[ xtrace_status ]] && set +x 26 | sshpass -e scp \ 27 | -o StrictHostKeyChecking=no \ 28 | -o UserKnownHostsFile=/dev/null \ 29 | ${sshuser}@${server}:${path} ${dest_file_path} 30 | if [ $? != 0 ]; then 31 | echo "ERROR: Download ( $tgz_file_path ) failed using sshpass" 32 | return 1 33 | fi 34 | set -x 35 | } 36 | 37 | # Required Args: 38 | # tgz_file_path - Http file path of TGZ 39 | # dest_file_path - Download destination 40 | # 41 | function wget_download () { 42 | # convert space seperated args into variables 43 | eval ${@// /;} 44 | 45 | if [[ -z $tgz_file_path ]] || [[ -z $dest_file_path ]]; then 46 | echo "ERROR: One or more required params are missing" 47 | echo "ERROR: Required Args: tgz_file_path=($tgz_file_path) dest_file_path=($dest_file_path)" 48 | fi 49 | wget $tgz_file_path -O $dest_file_path 50 | if [ $? != 0 ]; then 51 | echo "ERROR: Download ( $tgz_file_path ) to ( $dest_file_path ) failed using wget" 52 | return 1 53 | fi 54 | } 55 | 56 | function create_yum_repo () { 57 | # convert space seperated args into variables 58 | eval ${@// /;} 59 | 60 | repo_name=$repo_dir 61 | createrepo $repo_name 62 | } 63 | 64 | function create_deb_repo () { 65 | # convert space seperated args into variables 66 | eval ${@// /;} 67 | 68 | repo_name=$repo_dir 69 | (cd $repo_name && dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz) 70 | } 71 | 72 | function get_repo_type () { 73 | # convert space seperated args into variables 74 | eval ${@// /;} 75 | 76 | repo_dir=$(readlink -f $repo_dir) 77 | if [ ! -r $repo_dir ]; then 78 | echo "ERROR: Repo Dir ( $repo_dir ) is not accessible" 79 | return 1 80 | fi 81 | rpms=$(ls -1 $repo_dir/*.rpm 2>/dev/null | wc -l) 82 | debs=$(ls -1 $repo_dir/*.deb 2>/dev/null | wc -l) 83 | if ( [[ $rpms != 0 ]] && [[ $debs != 0 ]] ) || \ 84 | ( [[ $rpms == 0 ]] && [[ $debs == 0 ]] ); then 85 | echo "ERROR: deb and rpms are mixed or none found; Unsupported Repo type" 86 | return 1 87 | fi 88 | [ $rpms != 0 ] && echo yum 89 | [ $debs != 0 ] && echo deb 90 | } 91 | 92 | # Required Args: 93 | # tgz_files 94 | # repo_dir 95 | # 96 | function create_repo () { 97 | # convert space seperated args into variables 98 | eval ${@// /;} 99 | 100 | tgz_file_paths=$tgz_files 101 | repo_name=$repo_dir 102 | for tgz_file_path in $tgz_file_paths; do 103 | tgz_file_name=${tgz_file_path##*/} 104 | tempdir=$(mktemp -d) 105 | dest_file_path=${tempdir}/${tgz_file_name} 106 | if [[ $tgz_file_path =~ ^http[s]*:// ]]; then 107 | wget_download tgz_file_path=$tgz_file_path dest_file_path=$dest_file_path 108 | elif [[ $tgz_file_path =~ ^ssh:// ]]; then 109 | ssh_download tgz_file_path=$tgz_file_path dest_file_path=$tempdir/${tgz_file_name} \ 110 | sshpass=$sshpass sshuser=$sshuser 111 | else 112 | echo "ERROR, Unknown url format, only http[s], ssh supported" 113 | return 1 114 | fi 115 | tar -xzf $dest_file_path -C $repo_name 116 | if [ $? != 0 ]; then 117 | echo "ERROR: Untar ( $dest_file_path ) failed" 118 | return 1 119 | fi 120 | rm -rf ${tempdir} 121 | repo_type=$(get_repo_type repo_dir=$repo_name) 122 | if [ "$repo_type" == "yum" ]; then 123 | create_yum_repo repo_dir=$repo_name 124 | elif [ "$repo_type" == "deb" ]; then 125 | create_deb_repo repo_dir=$repo_name 126 | else 127 | echo "ERROR: Unknown Repo Type: %s" % repo_type 128 | return 1 129 | fi 130 | 131 | if [ $? != 0 ]; then 132 | echo "ERROR: create_repo at ( ${repo_name} ) failed" 133 | return 1 134 | fi 135 | done 136 | } 137 | 138 | # Required Args 139 | # repo_dir 140 | # package_urls 141 | # 142 | function create_pkg_repo() { 143 | # convert space seperated args into variables 144 | eval ${@// /;} 145 | 146 | if [[ -z $package_urls ]] || [[ -z $repo_dir ]]; then 147 | echo "ERROR: One or more required params are missing" 148 | echo "ERROR: Required Args: package_urls=($package_urls) repo_dir=($repo_dir)" 149 | exit 1 150 | fi 151 | 152 | package_urls=$(echo $package_urls | tr "," " ") 153 | create_repo tgz_files=$package_urls repo_dir=$repo_dir && echo "Repo Created Successfully" 154 | } 155 | -------------------------------------------------------------------------------- /docker/agent/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-agent-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=agent \ 7 | Description="Dockerimage for Contrail Vrouter Agent" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE agent 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8085 9090 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | -------------------------------------------------------------------------------- /docker/agent/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-agent-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=agent \ 7 | Description="Dockerimage for Contrail Vrouter Agent" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE agent 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8085 9090 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | -------------------------------------------------------------------------------- /docker/agent/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | LABEL Name=contrail-agent-$OS \ 4 | Version="$CONTRAIL_VERSION" \ 5 | contrail.role=agent \ 6 | Description="Contrail Vrouter Agent" Vendor="Juniper Networks" 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE agent 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | EXPOSE 8085 9090 14 | RUN cp -rf /usr/src/ /usr/src.orig/ 15 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 16 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 17 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 18 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 19 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 20 | RUN apt-get clean; apt-get update; echo 0 21 | -------------------------------------------------------------------------------- /docker/agent/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | DAEMON=/usr/bin/supervisord 6 | SERVICE=vrouter 7 | NAME=supervisord_${SERVICE} 8 | DESC=supervisor_${SERVICE} 9 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 10 | 11 | test -x $DAEMON || exit 1 12 | 13 | LOG=/var/log/supervisor_${SERVICE} 14 | SOCKETFILE=$(awk '/^file=/ {print $1}' /etc/contrail/supervisord_${SERVICE}.conf | cut -f2 -d=) 15 | 16 | # Include supervisor defaults if available 17 | if [ -f /etc/default/supervisor_${SERVICE} ] ; then 18 | . /etc/default/supervisor_${SERVICE} 19 | fi 20 | DAEMON_OPTS="-n -c /etc/contrail/supervisord_${SERVICE}.conf $DAEMON_OPTS" 21 | 22 | function cleanup() { 23 | supervisorctl -s unix://${SOCKETFILE} stop all 24 | supervisorctl -s unix://${SOCKETFILE} shutdown 25 | rm -f $SOCKETFILE 26 | } 27 | 28 | trap cleanup SIGHUP SIGINT SIGTERM 29 | 30 | ulimit -s unlimited 31 | ulimit -c unlimited 32 | ulimit -d unlimited 33 | ulimit -v unlimited 34 | ulimit -n 4096 35 | contrailctl config sync -c agent -F -v -t configure 36 | $DAEMON $DAEMON_OPTS 2>&1 | tee -a $LOG & 37 | child=$! 38 | 39 | # run contrailctl to run code to make sure services are running 40 | contrailctl config sync -c agent -F -v -t service,provision 41 | wait "$child" 42 | -------------------------------------------------------------------------------- /docker/agent/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-{{ OS }}:{{ contrail_version }} 2 | LABEL Name=contrail-agent-{{ OS }}\ 3 | Version={{ CONTRAIL_VERSION }} \ 4 | contrail.role=agent \ 5 | Description="Contrail Vrouter Agent" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE agent 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t package 9 | RUN contrailctl config sync -F -v -t install 10 | EXPOSE 8085 9090 11 | RUN cp -rf /usr/src/ /usr/src.orig/ 12 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 13 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 14 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 15 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 16 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 17 | RUN apt-get clean; apt-get update; echo 0 18 | -------------------------------------------------------------------------------- /docker/analytics/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-analytics-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=analytics \ 7 | Description="Dockerimage for Contrail Analytics" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE analytics 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8081 8086 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | 20 | -------------------------------------------------------------------------------- /docker/analytics/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-analytics-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=analytics \ 7 | Description="Dockerimage for Contrail Analytics" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE analytics 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8081 8086 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | 20 | -------------------------------------------------------------------------------- /docker/analytics/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | LABEL Name=contrail-analytics-$OS \ 4 | Version="$CONTRAIL_VERSION" \ 5 | contrail.role=analytics \ 6 | Description="Contrail Analytics" Vendor="Juniper Networks" 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE analytics 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | EXPOSE 8081 8086 14 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 16 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 18 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 19 | RUN apt-get clean; apt-get update; echo 0 20 | -------------------------------------------------------------------------------- /docker/analytics/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | DAEMON=/usr/bin/supervisord 6 | SERVICE=analytics 7 | NAME=supervisord_${SERVICE} 8 | DESC=supervisor_${SERVICE} 9 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 10 | 11 | test -x $DAEMON || exit 1 12 | 13 | LOG=/var/log/supervisor_${SERVICE} 14 | SOCKETFILE=$(awk '/^file=/ {print $1}' /etc/contrail/supervisord_${SERVICE}.conf | cut -f2 -d=) 15 | 16 | # Include supervisor defaults if available 17 | if [ -f /etc/default/supervisor_${SERVICE} ] ; then 18 | . /etc/default/supervisor_${SERVICE} 19 | fi 20 | DAEMON_OPTS="-n -c /etc/contrail/supervisord_${SERVICE}.conf $DAEMON_OPTS" 21 | 22 | function cleanup() { 23 | supervisorctl -s unix://${SOCKETFILE} stop all 24 | supervisorctl -s unix://${SOCKETFILE} shutdown 25 | rm -f $SOCKETFILE 26 | } 27 | 28 | trap cleanup SIGHUP SIGINT SIGTERM 29 | 30 | ulimit -s unlimited 31 | ulimit -c unlimited 32 | ulimit -d unlimited 33 | ulimit -v unlimited 34 | ulimit -n 4096 35 | contrailctl config sync -c analytics -F -v -t configure 36 | $DAEMON $DAEMON_OPTS 2>&1 | tee -a $LOG & 37 | child=$! 38 | 39 | # run contrailctl to run code to make sure services are running 40 | contrailctl config sync -c analytics -F -v -t service,provision 41 | wait "$child" 42 | -------------------------------------------------------------------------------- /docker/analytics/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-analytics-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=analytics \ 5 | Description="Contrail Analytics" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE analytics 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t package 9 | RUN contrailctl config sync -F -v -t install 10 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 11 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 12 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 13 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 14 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 15 | RUN apt-get clean; apt-get update; echo 0 16 | -------------------------------------------------------------------------------- /docker/analyticsdb/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-analyticsdb-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=analyticsdb \ 7 | Description="Dockerimage for Contrail AnalyticsDB" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE analyticsdb 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 9141 9161 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | 20 | -------------------------------------------------------------------------------- /docker/analyticsdb/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-analyticsdb-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=analyticsdb \ 7 | Description="Dockerimage for Contrail AnalyticsDB" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE analyticsdb 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 9141 9161 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | 20 | -------------------------------------------------------------------------------- /docker/analyticsdb/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | LABEL Name=contrail-analyticsdb-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=analyticsdb \ 5 | Description="Contrail AnalyticsDB" Vendor="Juniper Networks" 6 | COPY entrypoint.sh / 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE analyticsdb 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | EXPOSE 9161 9141 14 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 16 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 18 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 19 | RUN apt-get clean; apt-get update; echo 0 20 | -------------------------------------------------------------------------------- /docker/analyticsdb/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | DAEMON=/usr/bin/supervisord 6 | SERVICE=database 7 | NAME=supervisord_${SERVICE} 8 | DESC=supervisor_${SERVICE} 9 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 10 | 11 | test -x $DAEMON || exit 1 12 | 13 | LOG=/var/log/supervisor_${SERVICE} 14 | SOCKETFILE=$(awk '/^file=/ {print $1}' /etc/contrail/supervisord_${SERVICE}.conf | cut -f2 -d=) 15 | 16 | # Include supervisor defaults if available 17 | if [ -f /etc/default/supervisor_${SERVICE} ] ; then 18 | . /etc/default/supervisor_${SERVICE} 19 | fi 20 | DAEMON_OPTS="-n -c /etc/contrail/supervisord_${SERVICE}.conf $DAEMON_OPTS" 21 | 22 | function cleanup() { 23 | supervisorctl -s unix://${SOCKETFILE} stop all 24 | supervisorctl -s unix://${SOCKETFILE} shutdown 25 | rm -f $SOCKETFILE 26 | } 27 | 28 | trap cleanup SIGHUP SIGINT SIGTERM 29 | 30 | ulimit -s unlimited 31 | ulimit -c unlimited 32 | ulimit -d unlimited 33 | ulimit -v unlimited 34 | ulimit -n 4096 35 | contrailctl config sync -c analyticsdb -F -v -t configure 36 | $DAEMON $DAEMON_OPTS 2>&1 | tee -a $LOG & 37 | child=$! 38 | 39 | # run contrailctl to run code to make sure services are running 40 | contrailctl config sync -c analyticsdb -F -v -t service,provision 41 | wait "$child" 42 | -------------------------------------------------------------------------------- /docker/analyticsdb/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-analyticsdb-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=analyticsdb \ 5 | Description="Contrail AnalyticsDB" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE analyticsdb 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t package 9 | RUN contrailctl config sync -F -v -t install 10 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 11 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 12 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 13 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 14 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 15 | RUN apt-get clean; apt-get update; echo 0 16 | -------------------------------------------------------------------------------- /docker/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | temp=`mktemp -d` 4 | component=$1 5 | package_url=${2:-http://nodei16/contrail-install-packages_3.0.2.0-35~liberty_all.deb} 6 | #image_path=${3:-/cs-shared/images/docker-images/contrail/} 7 | registry=${4:-10.84.34.155:5000} 8 | if [[ $package_url =~ (ssh|http|https)*://.*/contrail-install-packages_[0-9\.\-]+~[a-zA-Z]+_all.deb ]]; then 9 | contrail_version=`echo ${package_url##*/} | sed 's/contrail-install-packages_\([0-9\.\-]*\).*/\1/'` 10 | openstack_release=`echo ${package_url##*/} | sed 's/contrail-install-packages_[0-9\.\-]*~\([a-zA-Z]*\).*/\1/'` 11 | else 12 | echo -e "Not able to extract contrail-version and SKU from contrail package url\nBad contrail package url, it should match regex http[s]*://.*/contrail-install-packages_[0-9\.\-]+~[a-zA-Z]+_all.deb" 13 | exit 1 14 | fi 15 | cp -r common.sh pyj2.py $component/* $temp 16 | cd $temp 17 | docker build --build-arg CONTRAIL_INSTALL_PACKAGE_URL=$package_url -t ${registry}/contrail-${component}-${openstack_release}:${contrail_version} .; rv=$? 18 | docker push ${registry}/contrail-${component}-${openstack_release}:${contrail_version} 19 | #if [[ $rv == 0 ]]; then 20 | # docker save contrail-${component}-${openstack_release}:${contrail_version} | gzip -c > ${image_path}/contrail-${component}-${openstack_release}-${contrail_version}.tar.gz 21 | #else 22 | # echo "Docker build failed" 23 | #fi -------------------------------------------------------------------------------- /docker/ceph-controller/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-ceph-controller-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=ceph-controller \ 7 | Description="Dockerimage for Contrail Ceph Controller" Vendor="Juniper Networks" 8 | 9 | RUN contrailctl config sync -c cephcontroller -F -v -t install 10 | EXPOSE 6789 6005 6006 11 | 12 | # Repo cleanup 13 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 14 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 15 | yum clean all ; yum clean expire-cache ;\ 16 | echo pass 17 | -------------------------------------------------------------------------------- /docker/ceph-controller/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | LABEL Name=contrail-ceph-controller-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=ceph-controller \ 5 | Description="Dockerimage for Contrail Ceph Controller" Vendor="Juniper Networks" 6 | COPY entrypoint.sh / 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE cephcontroller 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 6789 5005 5006 13 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 14 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 16 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 18 | RUN apt-get clean; apt-get update; echo 0 19 | -------------------------------------------------------------------------------- /docker/ceph-controller/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | 6 | # configure services and start them using ansible code within contrail-ansible 7 | contrailctl config sync -c cephcontroller -F -v 8 | 9 | HOSTNAME=`hostname`-storage 10 | 11 | stats_daemon_enabled=`cat /etc/contrailctl/cephcontroller.conf |grep enable_stats | grep True | wc -l` 12 | if [ "$stats_daemon_enabled" == "1" ]; then 13 | /usr/bin/python /usr/bin/contrail-storage-stats --conf_file /etc/contrail/contrail-storage-nodemgr.conf & 14 | fi 15 | 16 | sudo -u ceph /usr/bin/ceph-mon --cluster=ceph -i $HOSTNAME -f --setuser ceph --setgroup ceph & 17 | sudo -u ceph /usr/bin/ceph-rest-api -c /etc/ceph/ceph.conf -n client.admin & 18 | 19 | ceph_pid=`ps -ef|grep ceph-mon|grep -v grep|grep sudo| awk '{print $2}'` 20 | 21 | wait "$ceph_pid" 22 | -------------------------------------------------------------------------------- /docker/ceph-controller/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-ceph-controller-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=ceph-controller \ 5 | Description="Dockerimage for Contrail Ceph Controller" Vendor="Juniper Networks" 6 | RUN contrailctl config sync -c cephcontroller -F -v -t install 7 | EXPOSE 6789 5005 5006 8 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 9 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 10 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 11 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 12 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 13 | RUN apt-get clean; apt-get update; echo 0 14 | -------------------------------------------------------------------------------- /docker/common.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -a # Export all variables below this statement 4 | export PATH=$PATH:/opt/contrail/bin:/usr/share/contrail-utils/ 5 | 6 | primary_if=$(ip route list | awk '/default/ {if (NR==1); print $5}') 7 | gateway=$(ip route list | awk '/default/ {if (NR==1); print $3}') 8 | primary_ip=$(ifconfig $primary_if | awk '/inet.addr:/ {print $2}' | cut -f2 -d:) 9 | KEYSTONE_SERVER=${KEYSTONE_SERVER:-$primary_ip} 10 | KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-"http"} 11 | KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357} 12 | KEYSTONE_INSECURE=${KEYSTONE_INSECURE:-False} 13 | MYHOSTNAME=$(hostname -s) 14 | 15 | function fail() { 16 | echo "$@" 17 | exit 1 18 | 19 | } 20 | 21 | function webui_config() { 22 | # NOTE: This function should be called with all quotes escaped. It will not add any quotes for you. 23 | # For example, if you want my_key = 'value1' in your config.global.js file, you would need to escape 24 | # Quotes in 'value1' so that it will be like this "'value1'" 25 | key=$1 26 | value="$2" 27 | sed -i "/^$key *=/{h;s/=.*/= $value;/};\${x;/^\$/{s//$key = $value;/;H};x}" /etc/contrail/config.global.js 28 | } 29 | 30 | function ipof() { 31 | name=$1 32 | getent hosts ${name} | awk '{print $1}' 33 | } 34 | 35 | function setini() { 36 | param=$1; shift 37 | value=$@ 38 | section=$SECTION 39 | config_file=$CONFIG_FILE 40 | crudini --set $config_file $section $param "$value" 41 | } 42 | 43 | function setcfg() { 44 | CONFIG_FILE=$1 45 | touch $CONFIG_FILE 46 | } 47 | 48 | function setsection() { 49 | SECTION=$1 50 | } 51 | 52 | function setup_keystone_auth_config() { 53 | # Setup contrail-keystone-auth.conf 54 | setcfg "/etc/contrail/contrail-keystone-auth.conf" 55 | setsection "KEYSTONE" 56 | setini auth_host $KEYSTONE_SERVER 57 | setini auth_protocol $KEYSTONE_AUTH_PROTOCOL 58 | setini auth_port $KEYSTONE_AUTH_PORT 59 | setini admin_user $KEYSTONE_ADMIN_USER 60 | setini admin_password $KEYSTONE_ADMIN_PASSWORD 61 | setini admin_tenant_name $KEYSTONE_ADMIN_TENANT 62 | setini insecure $KEYSTONE_INSECURE 63 | setini memcache_servers $KEYSTONE_MEMCACHE_SERVERS 64 | # END contrail-keystone-auth.conf 65 | } 66 | 67 | function setup_vnc_api_lib() { 68 | # Setup vnc_api_lib.ini 69 | setcfg "/etc/contrail/vnc_api_lib.ini" 70 | setsection "global" 71 | setini WEB_SERVER "127.0.0.1" 72 | setini WEB_PORT 8082 73 | setini BASE_URL "/" 74 | 75 | setsection "auth" 76 | setini AUTHN_TYPE "keystone" 77 | setini AUTHN_PROTOCOL $KEYSTONE_AUTH_PROTOCOL 78 | setini AUTHN_SERVER $KEYSTONE_SERVER 79 | setini AUTHN_PORT $KEYSTONE_AUTH_PORT 80 | setini AUTHN_URL "/v2.0/tokens" 81 | setini insecure $KEYSTONE_INSECURE 82 | # END vnc_api_lib.ini setup 83 | } 84 | 85 | function check_port() { 86 | ip=$1 87 | port=$2 88 | 3 | ARG CONTRAIL_REPO_URL 4 | ARG CONTRAIL_ANSIBLE_TAR 5 | ARG CONTRAIL_VERSION 6 | ARG OS 7 | ENV ANSIBLE_INVENTORY="all-in-one" 8 | ARG ANSIBLE_PACKAGES="ansible" 9 | LABEL Name=contrail-base-$OS \ 10 | Version="$CONTRAIL_VERSION" \ 11 | Description="Base Docker Image for Contrail" Vendor="Juniper Networks" 12 | 13 | # Contrail Install Repo; This repo file will removed after contrail 14 | # installation at the app containers 15 | RUN echo -e "[contrail-install-repo]\nname=contrail-install-repo\nbaseurl=$CONTRAIL_REPO_URL\ngpgcheck=0\nenabled=1\npriority=1" > /etc/yum.repos.d/contrail-install.repo && \ 16 | yum clean all && \ 17 | yum clean expire-cache && \ 18 | yum repolist 19 | 20 | # Copy required files to Docker 21 | COPY python-contrailctl /python-contrailctl 22 | 23 | RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 24 | rm -f /lib/systemd/system/multi-user.target.wants/*;\ 25 | rm -f /etc/systemd/system/*.wants/*;\ 26 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 27 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 28 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 29 | rm -f /lib/systemd/system/basic.target.wants/*;\ 30 | rm -f /lib/systemd/system/anaconda.target.wants/*; 31 | 32 | RUN yum -y install --disablerepo=* --enablerepo=contrail-install-repo \ 33 | yum-plugin-priorities python-setuptools $ANSIBLE_PACKAGES \ 34 | iproute net-tools openssh-clients wget tar telnet vim which initscripts gcc \ 35 | tcpdump sudo kexec-tools less 36 | 37 | RUN cd /python-contrailctl/; python setup.py install 38 | ADD $CONTRAIL_ANSIBLE_TAR / 39 | RUN systemctl set-default multi-user.target 40 | ENV init /lib/systemd/systemd 41 | ENTRYPOINT ["/lib/systemd/systemd"] 42 | CMD ["systemd.unit=multi-user.target"] 43 | 44 | RUN yum clean all ; yum clean expire-cache; echo pass 45 | -------------------------------------------------------------------------------- /docker/contrail-base/redhat7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/contrail-base-os-images-rhel7:7.4 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_REPO_URL 4 | ARG CONTRAIL_ANSIBLE_TAR 5 | ARG CONTRAIL_VERSION 6 | ARG OS 7 | ENV ANSIBLE_INVENTORY="all-in-one" 8 | ARG ANSIBLE_PACKAGES="ansible" 9 | LABEL Name=contrail-base-$OS \ 10 | Version="$CONTRAIL_VERSION" \ 11 | Description="Base Docker Image for Contrail" Vendor="Juniper Networks" 12 | 13 | # Contrail Install Repo; This repo file will removed after contrail 14 | # installation at the app containers 15 | COPY contrail-install.repo /etc/yum.repos.d/contrail-install.repo 16 | 17 | # Copy required files to Docker 18 | COPY python-contrailctl /python-contrailctl 19 | 20 | RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ 21 | rm -f /lib/systemd/system/multi-user.target.wants/*;\ 22 | rm -f /etc/systemd/system/*.wants/*;\ 23 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 24 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 25 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 26 | rm -f /lib/systemd/system/basic.target.wants/*;\ 27 | rm -f /lib/systemd/system/anaconda.target.wants/*; 28 | 29 | RUN echo $CONTRAIL_REPO_URL && \ 30 | sed -i "s#baseurl=baseurl#baseurl=$CONTRAIL_REPO_URL#" /etc/yum.repos.d/contrail-install.repo && \ 31 | yum clean all && yum clean expire-cache && \ 32 | yum repolist 33 | RUN yum -y install \ 34 | yum-plugin-priorities python-setuptools $ANSIBLE_PACKAGES \ 35 | iproute net-tools openssh-clients wget tar telnet vim which initscripts \ 36 | sudo kexec-tools less file gcc make python-devel python-setuptools \ 37 | libyaml-devel openssl-devel libtool libffi-devel; 38 | 39 | RUN cd /python-contrailctl/; python setup.py install 40 | ADD $CONTRAIL_ANSIBLE_TAR / 41 | RUN systemctl set-default multi-user.target 42 | ENV init /lib/systemd/systemd 43 | ENTRYPOINT ["/lib/systemd/systemd"] 44 | CMD ["systemd.unit=multi-user.target"] 45 | 46 | RUN yum clean all ; yum clean expire-cache; echo pass 47 | -------------------------------------------------------------------------------- /docker/contrail-base/redhat7/contrail-install.repo: -------------------------------------------------------------------------------- 1 | [contrail-install-repo] 2 | name=contrail-install-repo 3 | baseurl=baseurl 4 | enabled=1 5 | priority=1 6 | gpgcheck=0 7 | -------------------------------------------------------------------------------- /docker/contrail-base/ubuntu14.04/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/ubuntu:14.04.5 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_REPO_URL 4 | ARG CONTRAIL_ANSIBLE_TAR 5 | ARG http_proxy 6 | ARG https_proxy 7 | ARG no_proxy 8 | ARG CONTRAIL_VERSION 9 | ARG OS=ubuntu14.04 10 | ENV CONTRAIL_VERSION $CONTRAIL_VERSION 11 | ENV OS=$OS 12 | ARG DEBIAN_FRONTEND=noninteractive 13 | ARG apt_install="apt-get install -yq --force-yes --no-install-recommends --no-install-suggests " 14 | ENV ANSIBLE_INVENTORY="all-in-one" 15 | ARG PACKAGES_ANSIBLE="ansible python-configparser ssh-client" 16 | ARG CONTRAIL_REPO_MIRROR_SNAPSHOT=12032016 17 | COPY contrail-ubuntu-mirror.key / 18 | RUN apt-key add /contrail-ubuntu-mirror.key;\ 19 | echo > /etc/apt/sources.list ;\ 20 | echo "deb $CONTRAIL_REPO_URL ./" > /etc/apt/sources.list.d/contrail-local.list;\ 21 | echo "deb [arch=amd64] http://10.84.34.201:8080/trusty/$CONTRAIL_REPO_MIRROR_SNAPSHOT/ trusty main universe" > /etc/apt/sources.list.d/trusty.list ;\ 22 | echo "deb [arch=amd64] http://10.84.34.201:8080/trusty-updates/$CONTRAIL_REPO_MIRROR_SNAPSHOT/ trusty-updates main universe" > /etc/apt/sources.list.d/trusty-updates.list ;\ 23 | echo "deb [arch=amd64] http://10.84.34.201:8080/trusty-security/$CONTRAIL_REPO_MIRROR_SNAPSHOT/ trusty-security main universe" > /etc/apt/sources.list.d/trusty-security.list ;\ 24 | echo "deb [arch=all] http://10.84.34.201:8080/contrail-ansible-packages-trusty/01172017/ trusty main" > /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 25 | RUN var1=$(echo $CONTRAIL_REPO_URL | sed -r 's#http[s]?://([[:digit:]\.]+):.*#\1#') ; \ 26 | echo "Package: *\nPin: origin \"$var1\"\nPin-Priority: 1001" > /etc/apt/preferences 27 | RUN echo "APT::Get::AllowUnauthenticated \"true\";" > /etc/apt/apt.conf.d/99allowunauth 28 | RUN apt-get update -qy && \ 29 | $apt_install $PACKAGES_ANSIBLE && \ 30 | apt-get autoremove -yq &&\ 31 | rm -fr /usr/share/doc/* /usr/share/man/* 32 | RUN mkdir -p /etc/contrailctl/ 33 | COPY python-contrailctl /python-contrailctl 34 | RUN cd /python-contrailctl/; python setup.py install 35 | ADD $CONTRAIL_ANSIBLE_TAR / 36 | -------------------------------------------------------------------------------- /docker/contrail-base/ubuntu16.04/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/contrail-base-os-images-ubuntu:16.04.2 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_REPO_URL 4 | ARG CONTRAIL_ANSIBLE_TAR 5 | ARG http_proxy 6 | ARG https_proxy 7 | ARG no_proxy 8 | ARG OS=ubuntu16.04 9 | ARG CONTRAIL_VERSION 10 | ENV CONTRAIL_VERSION $CONTRAIL_VERSION 11 | ENV OS=$OS 12 | ARG DEBIAN_FRONTEND=noninteractive 13 | ARG apt_install="apt-get install -yq --force-yes --no-install-recommends --no-install-suggests " 14 | ENV ANSIBLE_INVENTORY="all-in-one" 15 | ARG PACKAGES_ANSIBLE="ansible iproute2 python-configparser vim ssh-client iputils-ping less sudo" 16 | ARG CONTRAIL_REPO_MIRROR_SNAPSHOT=04042017 17 | COPY contrail-ubuntu-mirror.key / 18 | RUN apt-key add /contrail-ubuntu-mirror.key;\ 19 | echo > /etc/apt/sources.list ;\ 20 | echo "deb $CONTRAIL_REPO_URL ./" > /etc/apt/sources.list.d/contrail-local.list;\ 21 | echo "deb [arch=amd64] http://10.84.34.201:8080/xenial/$CONTRAIL_REPO_MIRROR_SNAPSHOT/ xenial main universe" > /etc/apt/sources.list.d/xenial.list ;\ 22 | echo "deb [arch=amd64] http://10.84.34.201:8080/xenial-updates/$CONTRAIL_REPO_MIRROR_SNAPSHOT/ xenial-updates main universe" > /etc/apt/sources.list.d/xenial-updates.list ;\ 23 | echo "deb [arch=amd64] http://10.84.34.201:8080/xenial-security/$CONTRAIL_REPO_MIRROR_SNAPSHOT/ xenial-security main universe" > /etc/apt/sources.list.d/xenial-security.list ;\ 24 | echo "deb [arch=all] http://10.84.34.201:8080/contrail-ansible-packages-xenial/01172017/ xenial main" > /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 25 | RUN var1=$(echo $CONTRAIL_REPO_URL | sed -r 's#http[s]?://([[:digit:]\.]+):.*#\1#') ; \ 26 | echo "Package: *\nPin: origin \"$var1\"\nPin-Priority: 1001" > /etc/apt/preferences 27 | RUN echo "APT::Get::AllowUnauthenticated \"true\";" > /etc/apt/apt.conf.d/99allowunauth 28 | RUN apt-get update -qy && \ 29 | $apt_install $PACKAGES_ANSIBLE && \ 30 | apt-get autoremove -yq &&\ 31 | rm -fr /usr/share/doc/* /usr/share/man/* 32 | RUN cd /lib/systemd/system/sysinit.target.wants/; ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 \ 33 | rm -f /lib/systemd/system/multi-user.target.wants/*;\ 34 | rm -f /etc/systemd/system/*.wants/*;\ 35 | rm -f /lib/systemd/system/local-fs.target.wants/*; \ 36 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ 37 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ 38 | rm -f /lib/systemd/system/basic.target.wants/*;\ 39 | rm -f /lib/systemd/system/anaconda.target.wants/*; \ 40 | rm -f /lib/systemd/system/plymouth*; \ 41 | rm -f /lib/systemd/system/systemd-update-utmp*; 42 | RUN systemctl set-default multi-user.target 43 | ENV init /lib/systemd/systemd 44 | COPY python-contrailctl /python-contrailctl 45 | RUN cd /python-contrailctl/; python setup.py install 46 | ADD $CONTRAIL_ANSIBLE_TAR / 47 | ENTRYPOINT ["/lib/systemd/systemd"] 48 | CMD ["systemd.unit=multi-user.target"] 49 | -------------------------------------------------------------------------------- /docker/contrail-repo/centos7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/contrail-base-os-images-centos7:7.3 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_INSTALL_PACKAGE_TAR_URL 4 | ARG CONTRAIL_REPO_PORT 5 | ARG CONTRAIL_REPO_DIR 6 | ARG CONTRAIL_VERSION 7 | ARG OS 8 | ARG SSHPASS 9 | ARG SSHUSER=root 10 | LABEL Name=contrail-repo-$OS \ 11 | Version="$CONTRAIL_VERSION" \ 12 | Description="Dockerimage for Contrail Repo" Vendor="Juniper Networks" 13 | 14 | RUN mkdir -p /opt/contrail/contrail_install_repo 15 | COPY $CONTRAIL_REPO_DIR /opt/contrail/contrail_install_repo/ 16 | RUN echo "echo \"Repo is up on port $CONTRAIL_REPO_PORT, Create repo file with baseurl=http://:$CONTRAIL_REPO_PORT \"; cd /opt/contrail/contrail_install_repo && python -m SimpleHTTPServer $CONTRAIL_REPO_PORT" > /entrypoint.sh; \ 17 | chmod +x /entrypoint.sh 18 | EXPOSE $CONTRAIL_REPO_PORT 19 | ENTRYPOINT /entrypoint.sh 20 | -------------------------------------------------------------------------------- /docker/contrail-repo/centos7/install_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | function try_wget () { 5 | wget -q --spider $1; 6 | return $? 7 | } 8 | 9 | xtrace_status() { 10 | set | grep -q SHELLOPTS=.*:xtrace 11 | return $? 12 | } 13 | 14 | yum_install="yum install -y " 15 | $yum_install epel-release 16 | 17 | if [[ -z $CONTRAIL_INSTALL_PACKAGE_TAR_URL ]]; then 18 | echo "ERROR CONTRAIL_INSTALL_PACKAGE_TAR_URL undefined" 19 | exit 1 20 | fi 21 | 22 | if [[ $CONTRAIL_INSTALL_PACKAGE_TAR_URL =~ ^http[s]*:// ]]; then 23 | $yum_install wget tar 24 | if try_wget $CONTRAIL_INSTALL_PACKAGE_TAR_URL; then 25 | wget -q $CONTRAIL_INSTALL_PACKAGE_TAR_URL -O /tmp/contrail-install-packages.tar.gz 26 | else 27 | echo "ERROR! $CONTRAIL_INSTALL_PACKAGE_TAR_URL is not accessible" 28 | exit 1 29 | fi 30 | elif [[ $CONTRAIL_INSTALL_PACKAGE_TAR_URL =~ ^ssh:// ]]; then 31 | server=` echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL | sed 's/ssh:\/\///;s|\/.*||'` 32 | path=`echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL |sed -r 's#ssh://[a-zA-Z0-9_\.\-]+##'` 33 | export SSHUSER=${SSHUSER:-root} 34 | if xtrace_status; then 35 | set +x 36 | xtrace=1 37 | fi 38 | export SSHPASS=${SSHPASS:-passwd} 39 | [[ -n $xtrace ]] && set -x 40 | $yum_install sshpass openssh-clients tar 41 | sshpass -e scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${SSHUSER}@${server}:${path} /tmp/contrail-install-packages.tar.gz 42 | else 43 | echo "ERROR, Unknown url format, only http[s], ssh supported" 44 | exit 1 45 | fi 46 | 47 | mkdir -p /opt/contrail/contrail_install_repo 48 | cd /opt/contrail/contrail_install_repo 49 | tar zxf /tmp/contrail-install-packages.tar.gz 50 | rm -f /tmp/contrail-install-packages.tar.gz 51 | $yum_install $PACKAGES_CONTRAIL_REPO 52 | createrepo -v /opt/contrail/contrail_install_repo 53 | -------------------------------------------------------------------------------- /docker/contrail-repo/centos7/nginx_site.conf: -------------------------------------------------------------------------------- 1 | # For more information on configuration, see: 2 | # * Official English Documentation: http://nginx.org/en/docs/ 3 | # * Official Russian Documentation: http://nginx.org/ru/docs/ 4 | daemon off; 5 | user nginx; 6 | worker_processes auto; 7 | error_log /var/log/nginx/error.log; 8 | pid /run/nginx.pid; 9 | 10 | # Load dynamic modules. See /usr/share/nginx/README.dynamic. 11 | include /usr/share/nginx/modules/*.conf; 12 | 13 | events { 14 | worker_connections 1024; 15 | } 16 | 17 | http { 18 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 19 | '$status $body_bytes_sent "$http_referer" ' 20 | '"$http_user_agent" "$http_x_forwarded_for"'; 21 | 22 | access_log /var/log/nginx/access.log main; 23 | 24 | sendfile on; 25 | tcp_nopush on; 26 | tcp_nodelay on; 27 | keepalive_timeout 65; 28 | types_hash_max_size 2048; 29 | 30 | include /etc/nginx/mime.types; 31 | default_type application/octet-stream; 32 | 33 | # Load modular configuration files from the /etc/nginx/conf.d directory. 34 | # See http://nginx.org/en/docs/ngx_core_module.html#include 35 | # for more information. 36 | include /etc/nginx/conf.d/*.conf; 37 | 38 | server { 39 | listen 1567 default_server; 40 | server_name _; 41 | root /usr/share/nginx/html; 42 | index index.html index.htm; 43 | 44 | # Load configuration files for the default server block. 45 | include /etc/nginx/default.d/*.conf; 46 | 47 | location / { 48 | root /opt/contrail/contrail_install_repo; 49 | } 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /docker/contrail-repo/redhat7/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/contrail-base-os-images-rhel7:7.2 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_INSTALL_PACKAGE_TAR_URL 4 | ARG CONTRAIL_REPO_PORT 5 | ARG CONTRAIL_VERSION 6 | ARG OS 7 | ARG http_proxy 8 | ARG https_proxy 9 | ARG SSHPASS 10 | ARG SSHUSER=root 11 | LABEL Name=contrail-repo-$OS \ 12 | Version="$CONTRAIL_VERSION" \ 13 | Description="Dockerimage for Contrail Repo" Vendor="Juniper Networks" 14 | 15 | COPY install_repo.sh / 16 | RUN bash -x /install_repo.sh 17 | RUN echo "echo \"Repo is up on port $CONTRAIL_REPO_PORT, Create repo file with baseurl=http://:$CONTRAIL_REPO_PORT \"; cd /opt/contrail/contrail_install_repo && python -m SimpleHTTPServer $CONTRAIL_REPO_PORT" > /entrypoint.sh; \ 18 | chmod +x /entrypoint.sh 19 | EXPOSE $CONTRAIL_REPO_PORT 20 | ENTRYPOINT /entrypoint.sh 21 | -------------------------------------------------------------------------------- /docker/contrail-repo/redhat7/install_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | ## Script to create yum repo for a given list of TGZs 3 | 4 | set -x 5 | 6 | function xtrace_status () { 7 | set | grep -q SHELLOPTS=.*:xtrace 8 | return $? 9 | } 10 | 11 | function ssh_download () { 12 | tgz_file_path=$1 13 | dest_file_path=$2 14 | tgz_file_name=${tgz_file_path##*/} 15 | export SSHUSER=${SSHUSER:-root} 16 | export SSHPASS=${SSHPASS:-passwd} 17 | if [[ -z $tgz_file_path ]]; then 18 | echo "ERROR: Empty TGZ path @ ssh_download" 19 | exit 1 20 | fi 21 | 22 | server=$(echo $tgz_file_path | sed 's/ssh:\/\///;s|\/.*||') 23 | path=$(echo $tgz_file_path | sed -r 's#ssh://[a-zA-Z0-9_\.\-]+##') 24 | [[ xtrace_status ]] && set +x 25 | sshpass -e scp \ 26 | -o StrictHostKeyChecking=no \ 27 | -o UserKnownHostsFile=/dev/null \ 28 | ${SSHUSER}@${server}:${path} ${dest_file_path} 29 | if [ $? != 0 ]; then 30 | echo "ERROR: Download ( $tgz_file_path ) failed using sshpass" 31 | exit 1 32 | fi 33 | set -x 34 | } 35 | 36 | function wget_download () { 37 | tgz_file_path=$1 38 | dest_file_path=$2 39 | wget $tgz_file_path -O ${tempdir}/${tgz_file_name} 40 | if [ $? != 0 ]; then 41 | echo "ERROR: Download ( $tgz_file_path ) failed using wget" 42 | exit 1 43 | fi 44 | } 45 | 46 | function create_yum_repo () { 47 | tgz_file_path=$1 48 | tgz_file_name=${tgz_file_path##*/} 49 | repo_name=/opt/contrail/contrail_install_repo 50 | tempdir=$(mktemp -d) 51 | if [[ $tgz_file_path =~ ^http[s]*:// ]]; then 52 | wget_download $tgz_file_path ${tempdir}/${tgz_file_name} 53 | elif [[ $tgz_file_path =~ ^ssh:// ]]; then 54 | ssh_download $tgz_file_path $tempdir/${tgz_file_name} 55 | else 56 | echo "ERROR, Unknown url format, only http[s], ssh supported" 57 | exit 1 58 | fi 59 | mkdir -p $repo_name 60 | tar -xzf ${tempdir}/${tgz_file_name} -C $repo_name 61 | if [ $? != 0 ]; then 62 | echo "ERROR: Untar ( ${tempdir}/${tgz_file_name} ) failed" 63 | exit 1 64 | fi 65 | rm -rf ${tempdir} 66 | createrepo $repo_name 67 | if [ $? != 0 ]; then 68 | echo "ERROR: createrepo at ( ${repo_name} ) failed" 69 | exit 1 70 | fi 71 | } 72 | 73 | ## Main 74 | 75 | if [[ -z $CONTRAIL_INSTALL_PACKAGE_TAR_URL ]]; then 76 | echo "ERROR CONTRAIL_INSTALL_PACKAGE_TAR_URL undefined" 77 | exit 1 78 | else 79 | CONTRAIL_INSTALL_PACKAGE_TAR_URL=$(echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL | tr "," " ") 80 | fi 81 | 82 | for each in $CONTRAIL_INSTALL_PACKAGE_TAR_URL; do 83 | create_yum_repo $each 84 | if [ $? == 0 ]; then 85 | echo "Successfully created repo for ( $each )" 86 | else 87 | echo "ERROR: Repo creation for ( $each ) failed" 88 | exit 1 89 | fi 90 | done 91 | -------------------------------------------------------------------------------- /docker/contrail-repo/ubuntu14.04/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/ubuntu:14.04.5 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_INSTALL_PACKAGE_TAR_URL 4 | ARG http_proxy 5 | ARG https_proxy 6 | ARG OS=ubuntu14.04 7 | ARG CONTRAIL_VERSION 8 | ARG SSHPASS 9 | ARG SSHUSER=root 10 | ARG DEBIAN_FRONTEND=noninteractive 11 | ARG PACKAGES_CONTRAIL_REPO="nginx" 12 | LABEL Name=contrail-repo-$OS \ 13 | Version="$CONTRAIL_VERSION" \ 14 | Description="Contrail Repo" Vendor="Juniper Networks" 15 | COPY install_repo.sh / 16 | RUN bash -x /install_repo.sh 17 | COPY nginx_site.conf /etc/nginx/sites-enabled/default 18 | RUN echo "server_names_hash_bucket_size 64;" > /etc/nginx/conf.d/server_names_hash_bucket_size.conf 19 | RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf 20 | RUN echo "echo \"Repo is up on port 1567, point apt source.list to 'deb http://:1567 ./'\"; /usr/sbin/nginx" > /entrypoint.sh; \ 21 | chmod +x /entrypoint.sh 22 | ENTRYPOINT /entrypoint.sh 23 | -------------------------------------------------------------------------------- /docker/contrail-repo/ubuntu14.04/install_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | function try_wget () { 5 | wget -q --spider $1; 6 | return $? 7 | } 8 | 9 | xtrace_status() { 10 | set | grep -q SHELLOPTS=.*:xtrace 11 | return $? 12 | } 13 | 14 | apt_install="apt-get install -yq --force-yes --no-install-recommends --no-install-suggests " 15 | apt_update="apt-get update -qy" 16 | 17 | if [[ -z $CONTRAIL_INSTALL_PACKAGE_TAR_URL ]]; then 18 | echo "ERROR CONTRAIL_INSTALL_PACKAGE_TAR_URL undefined" 19 | exit 1 20 | fi 21 | 22 | if [[ $CONTRAIL_INSTALL_PACKAGE_TAR_URL =~ ^http[s]*:// ]]; then 23 | $apt_update; $apt_install wget 24 | if try_wget $CONTRAIL_INSTALL_PACKAGE_TAR_URL; then 25 | wget -q $CONTRAIL_INSTALL_PACKAGE_TAR_URL -O /tmp/contrail-install-packages.tar.gz 26 | else 27 | echo "ERROR! $CONTRAIL_INSTALL_PACKAGE_TAR_URL is not accessible" 28 | exit 1 29 | fi 30 | elif [[ $CONTRAIL_INSTALL_PACKAGE_TAR_URL =~ ^ssh:// ]]; then 31 | server=` echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL | sed 's/ssh:\/\///;s|\/.*||'` 32 | path=`echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL |sed -r 's#ssh://[a-zA-Z0-9_\.\-]+##'` 33 | export SSHUSER=${SSHUSER:-root} 34 | if xtrace_status; then 35 | set +x 36 | xtrace=1 37 | fi 38 | export SSHPASS=${SSHPASS:-passwd} 39 | [[ -n $xtrace ]] && set -x 40 | $apt_update; $apt_install sshpass openssh-client 41 | sshpass -e scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${SSHUSER}@${server}:${path} /tmp/contrail-install-packages.tar.gz 42 | else 43 | echo "ERROR, Unknown url format, only http[s], ssh supported" 44 | exit 1 45 | fi 46 | 47 | mkdir -p /opt/contrail/contrail_install_repo 48 | cd /opt/contrail/contrail_install_repo 49 | tar zxf /tmp/contrail-install-packages.tar.gz 50 | rm -f /tmp/contrail-install-packages.tar.gz 51 | $apt_install $PACKAGES_CONTRAIL_REPO dpkg-dev 52 | cd /opt/contrail/contrail_install_repo/ 53 | dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz 54 | apt-get purge -yq dpkg-dev sshpass wget || true 55 | apt-get autoremove -yq 56 | apt-get clean -yq 57 | rm -fr /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* 58 | -------------------------------------------------------------------------------- /docker/contrail-repo/ubuntu14.04/nginx_site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 1567 default_server; 3 | listen [::]:1567 default_server ipv6only=on; 4 | root /usr/share/nginx/html; 5 | index index.html index.htm; 6 | # Make site accessible from http://localhost/ 7 | server_name localhost; 8 | location / { 9 | root /opt/contrail/contrail_install_repo; 10 | index index.html; 11 | } 12 | } -------------------------------------------------------------------------------- /docker/contrail-repo/ubuntu16.04/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM 10.84.34.155:5000/ubuntu:14.04.5 2 | MAINTAINER Juniper Contrail 3 | ARG CONTRAIL_INSTALL_PACKAGE_TAR_URL 4 | ARG http_proxy 5 | ARG https_proxy 6 | ARG SSHPASS 7 | ARG OS=ubuntu16.04 8 | ARG SSHUSER=root 9 | ARG CONTRAIL_VERSION 10 | ARG DEBIAN_FRONTEND=noninteractive 11 | ARG PACKAGES_CONTRAIL_REPO="nginx" 12 | LABEL Name=contrail-repo-$OS \ 13 | Version="$CONTRAIL_VERSION" \ 14 | Description="Contrail Repo" Vendor="Juniper Networks" 15 | COPY install_repo.sh / 16 | RUN bash -x /install_repo.sh 17 | COPY nginx_site.conf /etc/nginx/sites-enabled/default 18 | RUN echo "server_names_hash_bucket_size 64;" > /etc/nginx/conf.d/server_names_hash_bucket_size.conf 19 | RUN sed -i '1idaemon off;' /etc/nginx/nginx.conf 20 | RUN echo "echo \"Repo is up on port 1567, point apt source.list to 'deb http://:1567 ./'\"; /usr/sbin/nginx" > /entrypoint.sh; \ 21 | chmod +x /entrypoint.sh 22 | ENTRYPOINT /entrypoint.sh 23 | -------------------------------------------------------------------------------- /docker/contrail-repo/ubuntu16.04/install_repo.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -e 4 | function try_wget () { 5 | wget -q --spider $1; 6 | return $? 7 | } 8 | 9 | xtrace_status() { 10 | set | grep -q SHELLOPTS=.*:xtrace 11 | return $? 12 | } 13 | 14 | apt_install="apt-get install -yq --force-yes --no-install-recommends --no-install-suggests " 15 | apt_update="apt-get update -qy" 16 | 17 | if [[ -z $CONTRAIL_INSTALL_PACKAGE_TAR_URL ]]; then 18 | echo "ERROR CONTRAIL_INSTALL_PACKAGE_TAR_URL undefined" 19 | exit 1 20 | fi 21 | 22 | if [[ $CONTRAIL_INSTALL_PACKAGE_TAR_URL =~ ^http[s]*:// ]]; then 23 | $apt_update; $apt_install wget 24 | if try_wget $CONTRAIL_INSTALL_PACKAGE_TAR_URL; then 25 | wget -q $CONTRAIL_INSTALL_PACKAGE_TAR_URL -O /tmp/contrail-install-packages.tar.gz 26 | else 27 | echo "ERROR! $CONTRAIL_INSTALL_PACKAGE_TAR_URL is not accessible" 28 | exit 1 29 | fi 30 | elif [[ $CONTRAIL_INSTALL_PACKAGE_TAR_URL =~ ^ssh:// ]]; then 31 | server=` echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL | sed 's/ssh:\/\///;s|\/.*||'` 32 | path=`echo $CONTRAIL_INSTALL_PACKAGE_TAR_URL |sed -r 's#ssh://[a-zA-Z0-9_\.\-]+##'` 33 | export SSHUSER=${SSHUSER:-root} 34 | if xtrace_status; then 35 | set +x 36 | xtrace=1 37 | fi 38 | export SSHPASS=${SSHPASS:-passwd} 39 | [[ -n $xtrace ]] && set -x 40 | $apt_update; $apt_install sshpass openssh-client 41 | sshpass -e scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ${SSHUSER}@${server}:${path} /tmp/contrail-install-packages.tar.gz 42 | else 43 | echo "ERROR, Unknown url format, only http[s], ssh supported" 44 | exit 1 45 | fi 46 | 47 | mkdir -p /opt/contrail/contrail_install_repo 48 | cd /opt/contrail/contrail_install_repo 49 | tar zxf /tmp/contrail-install-packages.tar.gz 50 | rm -f /tmp/contrail-install-packages.tar.gz 51 | $apt_install $PACKAGES_CONTRAIL_REPO dpkg-dev 52 | cd /opt/contrail/contrail_install_repo/ 53 | dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz 54 | apt-get purge -yq dpkg-dev sshpass wget || true 55 | apt-get autoremove -yq 56 | apt-get clean -yq 57 | rm -fr /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* 58 | -------------------------------------------------------------------------------- /docker/contrail-repo/ubuntu16.04/nginx_site.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 1567 default_server; 3 | listen [::]:1567 default_server ipv6only=on; 4 | root /usr/share/nginx/html; 5 | index index.html index.htm; 6 | # Make site accessible from http://localhost/ 7 | server_name localhost; 8 | location / { 9 | root /opt/contrail/contrail_install_repo; 10 | index index.html; 11 | } 12 | } -------------------------------------------------------------------------------- /docker/contrail-ubuntu-mirror.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PGP PUBLIC KEY BLOCK----- 2 | Version: GnuPG v1 3 | 4 | mQENBFfIpgQBCADVVLtHVGzCH3XmtGhA8jmI+Sd68Ux3zs9dHniBM41bi6T6SxrW 5 | Nv/7LV4B/nqr2RReWvqGL+CXW65CWnLVQCVwW50SoMOnMtQbzCj5X4tHgXYi10Wi 6 | xWIadxHuWJj6hLmVpX1Fu6Jx4lrpq8zdyqxJ8QXRNn8JNqygktFt3MPhjKSW1+NB 7 | Lk4CYM8VZ3BzSx0kAJQI/yF+vZoFvfBnGFgCKTmMd6oEAEISN0yT2dHRU7aDh3HJ 8 | Kqh2uMy/FfSV68yMJObIPfEQOFEuNRoRyc2A7sJ8y5WfFeaLsdTMUcngg0kewKGr 9 | qVroy7tT3YsYW1sNRqDXqIES0xmLh8XNo83nABEBAAG0OU9wZW5jb250cmFpbCAo 10 | Rm9yIE9wZW4gQ29udHJhaWwpIDxucGNoYW5kcmFuQGp1bmlwZXIubmV0PokBOAQT 11 | AQIAIgUCV8imBAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQXqcxt017 12 | GNGPBQgAgzBIdOtvF+O3/fqkEr6wMhqhhUB+3jK3jIn2VfsvaYlv8WPyEiO9J/KP 13 | yJP69Myuh0ETi1ih11/+p9hb8DwWd5jSxCaJExlTOWWtQDPyurmZrshYPgMYkus4 14 | Xb0fqrnFcloENvduC0c9n2DpchdUJP7vporEHOCvpQolN+HcYrjDDKDMLOs2Rurq 15 | 57IIJPD7kcUWnuyGNtbwfKWFhmBYPQTJSU3Fp8QTzew5ekdBSu8ZiJxXlWJhiNCn 16 | uvlzQcOx36aq/LTxOCHbVdRnbceribGkBL1yMRs2esX77nvS4gJMzlKh9vxLfqp7 17 | V3iJgFb1QbX5MYoZso7/CwGPdklPFLkBDQRXyKYEAQgA6Z3tOe2Yejz0+AMCbBS+ 18 | GRZKTn6/7b8KeKA8Hk7c3smNlyP15bx77dEQPyTBXKE9gDsSUd4low66+DeRcjN3 19 | +cWYd/78wYwDuiFyBaxsDJS2wPJoy+FjwL3izKiPgFpqcAYzaex9hjwz/eY0SqGZ 20 | cfjef7CRwzIzyQ1lOssJTs/g3CZ0NAr5pfYvnV08ZhFDWuqCLYV97njRvvyWTJ14 21 | PKKyeuOOwkEWd0uvpIqTLMQsa0mhOvmvNp55KFG/34/b88ccVKR5dPY9rG6oM3ip 22 | rEEXjU5sRdlf+3uyOAhIdeb9jObqRQACzVGl4992CiUQUR/3C3lqraT/9ZjaC0Ki 23 | NwARAQABiQEfBBgBAgAJBQJXyKYEAhsMAAoJEF6nMbdNexjRRLwIAIC6z2Ismm8H 24 | rEJNmDR46aRQ+c/P9FHjGYRaho+INiqysvMJ2UR+rK2RrB7wCgsyyjt1yXYwQ97+ 25 | RTuGEhZqw9OIOFZs/0wU5qy4XzZOAqqHi/BO6E/yKelJ4Uweq6U7nq/f0HXkG16G 26 | wmsvC/zDxBBhjZSnfMg1pWlGLOhS0mggemE22bIiqkIY9IlyCJ13hmw2CKXbHViq 27 | KRlGNFzEBsM6wojF0IH2OfZBy1KL/iyADh/3agNbxKdvPyNgTAF2aRFsKz9mQP9O 28 | 23Sr7/Er4nZQPr9cESKSDkXoQXX/SJs3A6izVQ9JAQsgaTx3uOVWr7oGzwLM4AXK 29 | N3oDGjkvlsc= 30 | =Dsaa 31 | -----END PGP PUBLIC KEY BLOCK----- -------------------------------------------------------------------------------- /docker/controller/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-controller-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=controller \ 7 | Description="Dockerimage for Contrail Controller" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE controller 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | 13 | EXPOSE 53 68 123 179 2181 4369 \ 14 | 5269 5672 5997 5998 \ 15 | 8080 8082 8083 8084 8087 8088 8092 8093 8094 8096 8100 8101 8103 8143 8443 8444 \ 16 | 9092 9160 17 | 18 | # Copy Supervisor configs 19 | COPY supervisor_configs/config/ /etc/contrail/supervisord_config_files/ 20 | RUN mkdir -p /etc/contrail/supervisord_files 21 | COPY supervisor_configs/main/supervisord.conf /etc/contrail/ 22 | COPY supervisor_configs/main/*.ini /etc/contrail/supervisord_files/ 23 | 24 | # Repo cleanup 25 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 26 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 27 | yum clean all ; yum clean expire-cache ;\ 28 | echo pass 29 | -------------------------------------------------------------------------------- /docker/controller/centos7/supervisor_configs/config/contrail-api.ini: -------------------------------------------------------------------------------- 1 | [program:contrail-api] 2 | command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --conf_file /etc/contrail/contrail-database.conf --worker_id %(process_num)s 3 | numprocs=1 4 | process_name=%(process_num)s 5 | redirect_stderr=true 6 | stdout_logfile= /var/log/contrail/contrail-api-%(process_num)s-stdout.log 7 | stderr_logfile=/dev/null 8 | priority=440 9 | autostart=true 10 | killasgroup=true 11 | stopsignal=KILL 12 | exitcodes=0 13 | -------------------------------------------------------------------------------- /docker/controller/centos7/supervisor_configs/config/contrail-config-nodemgr.ini: -------------------------------------------------------------------------------- 1 | [eventlistener:contrail-config-nodemgr] 2 | command=/bin/bash -c "exec python /usr/bin/contrail-nodemgr --nodetype=contrail-config" 3 | events=PROCESS_COMMUNICATION,PROCESS_STATE,TICK_60 4 | ;[eventlistener:theeventlistenername] 5 | ;command=/bin/eventlistener ; the program (relative uses PATH, can take args) 6 | ;process_name=%(program_name)s ; process_name expr (default %(program_name)s) 7 | ;numprocs=1 ; number of processes copies to start (def 1) 8 | ;events=EVENT ; event notif. types to subscribe to (req'd) 9 | buffer_size=10000 ; event buffer queue size (default 10) 10 | ;directory=/tmp ; directory to cwd to before exec (def no cwd) 11 | ;umask=022 ; umask for process (default None) 12 | ;priority=-1 ; the relative start priority (default -1) 13 | ;autostart=true ; start at supervisord start (default: true) 14 | ;autorestart=unexpected ; whether/when to restart (default: unexpected) 15 | ;startsecs=1 ; number of secs prog must stay running (def. 1) 16 | ;startretries=3 ; max # of serial start failures (default 3) 17 | ;exitcodes=0,2 ; 'expected' exit codes for process (default 0,2) 18 | ;stopsignal=QUIT ; signal used to kill process (default TERM) 19 | ;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) 20 | ;stopasgroup=false ; send stop signal to the UNIX process group (default false) 21 | ;killasgroup=false ; SIGKILL the UNIX process group (def false) 22 | ;redirect_stderr=true ; redirect proc stderr to stdout (default false) 23 | stdout_logfile=/var/log/contrail/contrail-config-nodemgr-stdout.log ; stdout log path, NONE for none; default AUTO 24 | ;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) 25 | ;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10) 26 | ;stdout_events_enabled=false ; emit events on stdout writes (default false) 27 | stderr_logfile=/var/log/contrail/contrail-config-nodemgr-stderr.log ; stderr log path, NONE for none; default AUTO 28 | ;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) 29 | ;stderr_logfile_backups ; # of stderr logfile backups (default 10) 30 | ;stderr_events_enabled=false ; emit events on stderr writes (default false) 31 | ;environment=A=1,B=2 ; process environment additions 32 | ;serverurl=AUTO ; override serverurl computation (childutils) -------------------------------------------------------------------------------- /docker/controller/centos7/supervisor_configs/main/config.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_config] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_config.conf 3 | priority=100 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-config-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/centos7/supervisor_configs/main/control.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_control] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_control.conf 3 | priority=200 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-control-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/centos7/supervisor_configs/main/supervisord.conf: -------------------------------------------------------------------------------- 1 | [unix_http_server] 2 | file=/var/run/supervisor.sock ; (the path to the socket file) 3 | chmod=0700 ; socket file mode (default 0700) 4 | [supervisord] 5 | logfile=/var/log/contrail/supervisord.log ; (main log file;default $CWD/supervisord.log) 6 | logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) 7 | logfile_backups=3 ; (num of main logfile rotation backups;default 10) 8 | loglevel=info ; (log level;default info; others: debug,warn,trace) 9 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | nodaemon=false ; (start in foreground if true;default false) 11 | minfds=1024 ; (min. avail startup file descriptors;default 1024) 12 | minprocs=200 ; (min. avail process descriptors;default 200) 13 | nocleanup=true ; (don't clean up tempfiles at start;default false) 14 | childlogdir=/var/log/contrail ; ('AUTO' child log dir, default $TEMP) 15 | [rpcinterface:supervisor] 16 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 17 | [supervisorctl] 18 | serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket 19 | [include] 20 | files = /etc/contrail/supervisord_files/*.ini -------------------------------------------------------------------------------- /docker/controller/centos7/supervisor_configs/main/webui.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_webui] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_webui.conf 3 | priority=100 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-webui-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-controller-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=controller \ 7 | Description="Dockerimage for Contrail Controller" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE controller 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | 13 | EXPOSE 53 68 123 179 2181 2182 4369 \ 14 | 5269 5672 5997 5998 \ 15 | 8080 8082 8083 8084 8087 8088 8092 8093 8094 8096 8100 8101 8103 8143 8443 8444 \ 16 | 9092 9160 17 | 18 | # Copy Supervisor configs 19 | RUN mkdir -p /etc/contrail/supervisord_files 20 | COPY supervisor_configs/main/supervisord.conf /etc/contrail/ 21 | COPY supervisor_configs/main/*.ini /etc/contrail/supervisord_files/ 22 | 23 | # Repo cleanup 24 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 25 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 26 | yum clean all ; yum clean expire-cache ;\ 27 | echo pass 28 | -------------------------------------------------------------------------------- /docker/controller/redhat7/supervisor_configs/main/config.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_config] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_config.conf 3 | priority=100 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-config-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/redhat7/supervisor_configs/main/control.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_control] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_control.conf 3 | priority=200 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-control-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/redhat7/supervisor_configs/main/supervisord.conf: -------------------------------------------------------------------------------- 1 | [unix_http_server] 2 | file=/var/run/supervisor.sock ; (the path to the socket file) 3 | chmod=0700 ; socket file mode (default 0700) 4 | [supervisord] 5 | logfile=/var/log/contrail/supervisord.log ; (main log file;default $CWD/supervisord.log) 6 | logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) 7 | logfile_backups=3 ; (num of main logfile rotation backups;default 10) 8 | loglevel=info ; (log level;default info; others: debug,warn,trace) 9 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | nodaemon=false ; (start in foreground if true;default false) 11 | minfds=1024 ; (min. avail startup file descriptors;default 1024) 12 | minprocs=200 ; (min. avail process descriptors;default 200) 13 | nocleanup=true ; (don't clean up tempfiles at start;default false) 14 | childlogdir=/var/log/contrail ; ('AUTO' child log dir, default $TEMP) 15 | [rpcinterface:supervisor] 16 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 17 | [supervisorctl] 18 | serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket 19 | [include] 20 | files = /etc/contrail/supervisord_files/*.ini -------------------------------------------------------------------------------- /docker/controller/redhat7/supervisor_configs/main/webui.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_webui] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_webui.conf 3 | priority=100 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-webui-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | LABEL Name=contrail-controller-$OS \ 4 | Version="$CONTRAIL_VERSION" \ 5 | contrail.role=controller \ 6 | Description="Contrail Controller" Vendor="Juniper Networks" 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE controller 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | EXPOSE 8082 8084 8087 8088 8096 8100 5672 5997 5998 4369 8443 8444 68 123 8103 9160 2181 2182 9092 8092 8093 8094 8101 8083 179 53 5269 8080 8143 14 | RUN mkdir -p /etc/contrail/supervisord_files 15 | COPY supervisor_configs/main/supervisord.conf /etc/contrail/ 16 | COPY supervisor_configs/main/*.ini /etc/contrail/supervisord_files/ 17 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 18 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 19 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 20 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 21 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 22 | RUN apt-get clean; apt-get update; echo 0 23 | -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | DAEMON=/usr/bin/supervisord 6 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 7 | 8 | test -x $DAEMON || exit 1 9 | 10 | LOG=/var/log/supervisord.log 11 | 12 | # Include supervisor defaults if available 13 | if [ -f /etc/default/supervisord ] ; then 14 | . /etc/default/supervisord 15 | fi 16 | DAEMON_OPTS="-n -c /etc/contrail/supervisord.conf $DAEMON_OPTS" 17 | 18 | function cleanup() { 19 | supervisorctl -c /etc/contrail/supervisord.conf stop all 20 | supervisorctl -c /etc/contrail/supervisord.conf shutdown 21 | rm -f $SOCKETFILE 22 | } 23 | 24 | trap cleanup SIGHUP SIGINT SIGTERM 25 | 26 | ulimit -s unlimited 27 | ulimit -c unlimited 28 | ulimit -d unlimited 29 | ulimit -v unlimited 30 | ulimit -n 4096 31 | # configure services and start them using ansible code within contrail-ansible 32 | contrailctl config sync -c controller -F -v -t configure 33 | 34 | $DAEMON $DAEMON_OPTS 2>&1 | tee -a $LOG & 35 | child=$! 36 | sleep 5 37 | 38 | # run contrailctl to run code to make sure services are running 39 | contrailctl config sync -c controller -F -v -t service,provision 40 | 41 | wait "$child" 42 | -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/supervisor_configs/main/config.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_config] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_config.conf 3 | priority=100 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-config-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/supervisor_configs/main/control.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_control] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_control.conf 3 | priority=200 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-control-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/supervisor_configs/main/issu.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_issu] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_issu.conf 3 | priority=100 4 | autostart=false 5 | killasgroup=false 6 | stopsignal=TERM 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-issu-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/supervisor_configs/main/supervisord.conf: -------------------------------------------------------------------------------- 1 | [unix_http_server] 2 | file=/var/run/supervisor.sock ; (the path to the socket file) 3 | chmod=0700 ; socket file mode (default 0700) 4 | [supervisord] 5 | logfile=/var/log/contrail/supervisord.log ; (main log file;default $CWD/supervisord.log) 6 | logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB) 7 | logfile_backups=3 ; (num of main logfile rotation backups;default 10) 8 | loglevel=info ; (log level;default info; others: debug,warn,trace) 9 | pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid) 10 | nodaemon=false ; (start in foreground if true;default false) 11 | minfds=1024 ; (min. avail startup file descriptors;default 1024) 12 | minprocs=200 ; (min. avail process descriptors;default 200) 13 | nocleanup=true ; (don't clean up tempfiles at start;default false) 14 | childlogdir=/var/log/contrail ; ('AUTO' child log dir, default $TEMP) 15 | [rpcinterface:supervisor] 16 | supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface 17 | [supervisorctl] 18 | serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket 19 | [include] 20 | files = /etc/contrail/supervisord_files/*.ini -------------------------------------------------------------------------------- /docker/controller/ubuntu14.04/supervisor_configs/main/webui.ini: -------------------------------------------------------------------------------- 1 | [program:supervisord_webui] 2 | command=/usr/bin/supervisord -n -c /etc/contrail/supervisord_webui.conf 3 | priority=100 4 | autostart=true 5 | killasgroup=true 6 | stopsignal=KILL 7 | stdout_capture_maxbytes=1MB 8 | redirect_stderr=true 9 | stdout_logfile=/var/log/contrail/supervisord-webui-stdout.log 10 | stderr_logfile=/dev/null 11 | startsecs=5 12 | exitcodes=0 ; 'expected' exit codes for process (default 0,2) 13 | #user=contrail 14 | -------------------------------------------------------------------------------- /docker/controller/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-controller-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=controller \ 5 | Description="Contrail Controller" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE controller 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t package 9 | RUN contrailctl config sync -F -v -t install 10 | EXPOSE 8082 8084 8087 8088 8096 8100 5672 5997 5998 4369 8443 8444 68 123 8103 9160 2181 2182 9092 8092 8093 8094 8101 8083 179 53 5269 8080 8143 11 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 12 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 13 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 14 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 15 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 16 | RUN apt-get clean; apt-get update; echo 0 17 | -------------------------------------------------------------------------------- /docker/kube-manager/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-kube-manager-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=kube-manager \ 7 | Description="Contrail Kube manager" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE kubemanager 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8108 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | -------------------------------------------------------------------------------- /docker/kube-manager/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-kube-manager-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=kube-manager \ 7 | Description="Contrail Kube manager" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE kubemanager 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t package 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8108 13 | 14 | # Repo cleanup 15 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 16 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 17 | yum clean all ; yum clean expire-cache ;\ 18 | echo pass 19 | -------------------------------------------------------------------------------- /docker/kube-manager/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | LABEL Name=contrail-kube-manager-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=kube-manager \ 5 | Description="Contrail kube manager" Vendor="Juniper Networks" 6 | COPY entrypoint.sh / 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE kubemanager 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 14 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 16 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 18 | RUN apt-get clean; apt-get update; echo 0 19 | -------------------------------------------------------------------------------- /docker/kube-manager/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | DAEMON=/usr/bin/supervisord 6 | CONFIG=/etc/contrail/contrail-kubernetes.conf 7 | SERVICE=kubernetes 8 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 9 | 10 | test -x $DAEMON || exit 0 11 | 12 | DAEMON_OPTS="-n -c /etc/contrail/supervisord_${SERVICE}.conf $DAEMON_OPTS" 13 | ulimit -s unlimited 14 | ulimit -c unlimited 15 | ulimit -d unlimited 16 | ulimit -v unlimited 17 | ulimit -n 4096 18 | contrailctl config sync -c kubemanager -F -v -t configure 19 | $DAEMON $DAEMON_OPTS 20 | contrailctl config sync -c kubemanager -F -v -t service,provision 21 | -------------------------------------------------------------------------------- /docker/kube-manager/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-kube-manager-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=kube-manager \ 5 | Description="Contrail Kube manager" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE kubemanager 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t package 9 | RUN contrailctl config sync -F -v -t install 10 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 11 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 12 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 13 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 14 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 15 | RUN apt-get clean; apt-get update; echo 0 16 | -------------------------------------------------------------------------------- /docker/kubernetes-agent/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | ARG CONTRAIL_VERSION 4 | ARG OS 5 | LABEL Name=contrail-kubernetes-agent-$OS \ 6 | Version="$CONTRAIL_VERSION" \ 7 | contrail.role=kubernetesagent \ 8 | Description="Dockerimage for Contrail Kubernetes Agent" Vendor="Juniper Networks" 9 | RUN chmod +x /entrypoint.sh 10 | ENTRYPOINT /entrypoint.sh 11 | ENV CONTRAIL_ROLE kubernetesagent 12 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 13 | RUN contrailctl config sync -F -v -t package 14 | RUN contrailctl config sync -F -v -t install 15 | 16 | # Repo cleanup 17 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 18 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 19 | yum clean all ; yum clean expire-cache ;\ 20 | echo pass 21 | -------------------------------------------------------------------------------- /docker/kubernetes-agent/redhat7/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 6 | trap cleanup SIGHUP SIGINT SIGTERM 7 | 8 | ulimit -s unlimited 9 | ulimit -c unlimited 10 | ulimit -d unlimited 11 | ulimit -v unlimited 12 | ulimit -n 4096 13 | 14 | # Variables to cache arguments. 15 | loop=0 16 | 17 | # Parse arguments. 18 | while getopts ":l" arg; do 19 | case $arg in 20 | l) 21 | loop=1 22 | ;; 23 | *) 24 | ;; 25 | esac 26 | done 27 | 28 | contrailctl config sync -c kubernetesagent -F -v -t configure 29 | 30 | # If looping is requested, loop forever. 31 | if [ $loop -eq "1" ]; then 32 | tail -f /dev/null 33 | fi 34 | -------------------------------------------------------------------------------- /docker/kubernetes-agent/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | LABEL Name=contrail-kubernetes-agent-$OS \ 4 | Version="$CONTRAIL_VERSION" \ 5 | contrail.role=kubernetesagent \ 6 | Description="Contrail Kubernetes Agent" Vendor="Juniper Networks" 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE kubernetesagent 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | RUN cp -rf /usr/src/ /usr/src.orig/ 14 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 16 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 18 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 19 | RUN apt-get clean; apt-get update; echo 0 20 | -------------------------------------------------------------------------------- /docker/kubernetes-agent/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 6 | trap cleanup SIGHUP SIGINT SIGTERM 7 | 8 | ulimit -s unlimited 9 | ulimit -c unlimited 10 | ulimit -d unlimited 11 | ulimit -v unlimited 12 | ulimit -n 4096 13 | 14 | # Variables to cache arguments. 15 | loop=0 16 | 17 | # Parse arguments. 18 | while getopts ":l" arg; do 19 | case $arg in 20 | l) 21 | loop=1 22 | ;; 23 | *) 24 | ;; 25 | esac 26 | done 27 | 28 | contrailctl config sync -c kubernetesagent -F -v -t configure 29 | 30 | # If looping is requested, loop forever. 31 | if [ $loop -eq "1" ]; then 32 | tail -f /dev/null 33 | fi 34 | -------------------------------------------------------------------------------- /docker/kubernetes-agent/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-{{ OS }}:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | LABEL Name=contrail-kubernetes-agent-{{ OS }}\ 4 | Version={{ CONTRAIL_VERSION }} \ 5 | contrail.role=kubernetesagent \ 6 | Description="Contrail Kubernetes Agent" Vendor="Juniper Networks" 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE kubernetesagent 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | RUN cp -rf /usr/src/ /usr/src.orig/ 14 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 15 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 16 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 18 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 19 | RUN apt-get clean; apt-get update; echo 0 20 | -------------------------------------------------------------------------------- /docker/kubernetes-agent/ubuntu16.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 6 | trap cleanup SIGHUP SIGINT SIGTERM 7 | 8 | ulimit -s unlimited 9 | ulimit -c unlimited 10 | ulimit -d unlimited 11 | ulimit -v unlimited 12 | ulimit -n 4096 13 | 14 | # Variables to cache arguments. 15 | loop=0 16 | 17 | # Parse arguments. 18 | while getopts ":l" arg; do 19 | case $arg in 20 | l) 21 | loop=1 22 | ;; 23 | *) 24 | ;; 25 | esac 26 | done 27 | 28 | contrailctl config sync -c kubernetesagent -F -v -t configure 29 | 30 | # If looping is requested, loop forever. 31 | if [ $loop -eq "1" ]; then 32 | tail -f /dev/null 33 | fi 34 | -------------------------------------------------------------------------------- /docker/lb/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-lb-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=lb \ 7 | Description="Dockerimage for Contrail LB" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE lb 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t install 11 | EXPOSE 5998 8081 8082 9696 12 | 13 | # Repo cleanup 14 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 15 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 16 | yum clean all ; yum clean expire-cache ;\ 17 | echo pass 18 | -------------------------------------------------------------------------------- /docker/lb/redhat7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-redhat7:{{ contrail_version }} 2 | ARG CONTRAIL_VERSION 3 | ARG OS 4 | LABEL Name=contrail-lb-$OS \ 5 | Version="$CONTRAIL_VERSION" \ 6 | contrail.role=lb \ 7 | Description="Dockerimage for Contrail LB" Vendor="Juniper Networks" 8 | ENV CONTRAIL_ROLE lb 9 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 10 | RUN contrailctl config sync -F -v -t install 11 | EXPOSE 5998 8081 8082 9696 12 | 13 | # Repo cleanup 14 | RUN [ -f /etc/yum.repos.d/contrail-install.repo ] && \ 15 | rm -f /etc/yum.repos.d/contrail-install.repo ; \ 16 | yum clean all ; yum clean expire-cache ;\ 17 | echo pass 18 | -------------------------------------------------------------------------------- /docker/lb/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | LABEL Name=contrail-lb-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=lb \ 5 | Description="Contrail LB" Vendor="Juniper Networks" 6 | COPY entrypoint.sh / 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE lb 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t install 12 | EXPOSE 8082 5998 9696 8081 13 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 14 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 16 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 18 | RUN apt-get clean; apt-get update; echo 0 19 | -------------------------------------------------------------------------------- /docker/lb/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | test -x $DAEMON || exit 0 6 | 7 | # configure services and start them using ansible code within contrail-ansible 8 | contrailctl config sync -c lb -F -v 9 | 10 | ## Setup haproxy 11 | if [ -f /etc/default/haproxy ] ; then 12 | . /etc/default/haproxy 13 | fi 14 | 15 | mkdir -p /var/run/haproxy /var/log/haproxy 16 | chown -R haproxy.haproxy /var/run/haproxy /var/log/haproxy 17 | 18 | ## END Setup haproxy 19 | 20 | DAEMON=/usr/sbin/haproxy 21 | DAEMON_OPTS="-f /etc/haproxy/haproxy.cfg -db" 22 | LOG=/var/log/haproxy/haproxy-stdout.log 23 | 24 | $DAEMON $DAEMON_OPTS 2>&1 | tee -a $LOG & 25 | child=$! 26 | wait "$child" 27 | -------------------------------------------------------------------------------- /docker/lb/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-lb-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=lb \ 5 | Description="Dockerimage for Contrail LB" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE lb 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t install 9 | EXPOSE 8082 5998 9696 8081 10 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 11 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 12 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 13 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 14 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 15 | RUN apt-get clean; apt-get update; echo 0 16 | -------------------------------------------------------------------------------- /docker/mesos-manager/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | LABEL Name=contrail-mesos-manager-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=mesos-manager \ 5 | Description="Contrail Mesos Manager" Vendor="Juniper Networks" 6 | COPY entrypoint.sh / 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE mesosmanager 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t install 12 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 13 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 14 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 15 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 16 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 17 | RUN apt-get clean; apt-get update; echo 0 18 | -------------------------------------------------------------------------------- /docker/mesos-manager/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | DAEMON=/usr/bin/supervisord 6 | SERVICE=mesos 7 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 8 | 9 | test -x $DAEMON || exit 0 10 | 11 | DAEMON_OPTS="-n -c /etc/contrail/supervisord_${SERVICE}.conf $DAEMON_OPTS" 12 | ulimit -s unlimited 13 | ulimit -c unlimited 14 | ulimit -d unlimited 15 | ulimit -v unlimited 16 | ulimit -n 4096 17 | contrailctl config sync -c mesosmanager -F -v -t configure 18 | $DAEMON $DAEMON_OPTS 19 | contrailctl config sync -c mesosmanager -F -v -t service,provision 20 | -------------------------------------------------------------------------------- /docker/mesos-manager/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-mesos-manager-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=mesos-manager \ 5 | Description="Contrail Mesos Manager" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE mesosmanager 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t install 9 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 10 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 11 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 12 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 13 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 14 | RUN apt-get clean; apt-get update; echo 0 15 | -------------------------------------------------------------------------------- /docker/pyj2.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | from jinja2 import Environment, FileSystemLoader 4 | import os 5 | import argparse 6 | import sys 7 | import re 8 | 9 | 10 | def doc_from_template(template, output, append=False, nvars=None): 11 | nvars = nvars or {} 12 | nvars.update(os.environ) 13 | template_abs_path = os.path.abspath(template) 14 | template_dir = os.path.dirname(template_abs_path) 15 | template_file = os.path.basename(template_abs_path) 16 | jenv = Environment(loader=FileSystemLoader(template_dir), 17 | trim_blocks=True) 18 | template = jenv.get_template(template_file) 19 | rendered = template.render(**nvars) 20 | 21 | if append: 22 | mode = 'a' 23 | else: 24 | mode = 'w' 25 | 26 | with open(output, mode) as f: 27 | f.write(rendered) 28 | 29 | 30 | def main(argv=sys.argv[1:]): 31 | ap = argparse.ArgumentParser(description="Extract jinja2 template") 32 | ap.add_argument('-t', '--template', type=str, required=True, 33 | help="template file path") 34 | ap.add_argument('-o', '--output', type=str, required=True, 35 | help="output file") 36 | ap.add_argument('-v', '--variables', nargs='*', 37 | help="Variables to be passed to the template") 38 | ap.add_argument('-a', '--append', action='store_true', default=False) 39 | args = ap.parse_args() 40 | if args.variables: 41 | nvars = {re.split('=', i)[0]: re.split('=', i)[1] for i in args.variables} 42 | else: 43 | nvars = None 44 | doc_from_template(args.template, args.output, append=args.append, nvars=nvars) 45 | return True 46 | 47 | if __name__ == '__main__': 48 | main(sys.argv[1:]) 49 | -------------------------------------------------------------------------------- /docker/vcenter-plugin/ubuntu14.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu14.04:{{ contrail_version }} 2 | COPY entrypoint.sh / 3 | LABEL Name=contrail-vcenter-plugin-$OS \ 4 | Version="$CONTRAIL_VERSION" \ 5 | contrail.role=vcenterplugin \ 6 | Description="Contrail Vcenter Plugin" Vendor="Juniper Networks" 7 | RUN chmod +x /entrypoint.sh 8 | ENTRYPOINT /entrypoint.sh 9 | ENV CONTRAIL_ROLE vcenterplugin 10 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 11 | RUN contrailctl config sync -F -v -t package 12 | RUN contrailctl config sync -F -v -t install 13 | EXPOSE 8234 14 | RUN rm -rf /etc/apt/sources.list.d/trusty.list 15 | RUN rm -rf /etc/apt/sources.list.d/trusty-updates.list 16 | RUN rm -rf /etc/apt/sources.list.d/trusty-security.list 17 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-trusty.list 18 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 19 | RUN apt-get clean; apt-get update; echo 0 20 | -------------------------------------------------------------------------------- /docker/vcenter-plugin/ubuntu14.04/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 5 | SERVICE=contrail-vcenter-plugin 6 | ANSIBLE_INVENTORY=${ANSIBLE_INVENTORY:-"all-in-one"} 7 | ulimit -s unlimited 8 | ulimit -c unlimited 9 | ulimit -d unlimited 10 | ulimit -v unlimited 11 | ulimit -n 4096 12 | contrailctl config sync -c vcenterplugin -F -v -t configure 13 | contrailctl config sync -c vcenterplugin -F -v -t service 14 | child=$(pgrep -f juniper-contrail-vcenter.jar) 15 | while [ -e /proc/$child ]; do sleep 100; done 16 | 17 | -------------------------------------------------------------------------------- /docker/vcenter-plugin/ubuntu16.04/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-ubuntu16.04:{{ contrail_version }} 2 | LABEL Name=contrail-vcenter-plugin-$OS \ 3 | Version="$CONTRAIL_VERSION" \ 4 | contrail.role=vcenterplugin \ 5 | Description="Contrail Vcenter Plugin" Vendor="Juniper Networks" 6 | ENV CONTRAIL_ROLE vcenterplugin 7 | RUN echo $CONTRAIL_ROLE > /etc/contrail-role 8 | RUN contrailctl config sync -F -v -t package 9 | RUN contrailctl config sync -F -v -t install 10 | EXPOSE 8234 11 | RUN rm -rf /etc/apt/sources.list.d/xenial.list 12 | RUN rm -rf /etc/apt/sources.list.d/xenial-updates.list 13 | RUN rm -rf /etc/apt/sources.list.d/xenial-security.list 14 | RUN rm -rf /etc/apt/sources.list.d/contrail-ansible-packages-xenial.list 15 | RUN rm -rf /etc/apt/sources.list.d/contrail-local.list 16 | RUN apt-get clean; apt-get update; echo 0 17 | -------------------------------------------------------------------------------- /docker/vrouter-compiler/centos7/Dockerfile.j2: -------------------------------------------------------------------------------- 1 | FROM contrail-base-centos7:{{ contrail_version }} 2 | MAINTAINER Juniper Contrail 3 | LABEL Name=contrail-vrouter-compiler-$OS \ 4 | Version="$CONTRAIL_VERSION" \ 5 | contrail.role=vrouter-compiler \ 6 | Description="Contrail vrouter compiler" Vendor="Juniper Networks" 7 | ARG CONTRAIL_REPO_URL 8 | ARG CONTRAIL_ANSIBLE_TAR 9 | ARG CONTRAIL_VERSION 10 | ARG OS=centos7 11 | ENV CONTRAIL_VERSION $CONTRAIL_VERSION 12 | ENV OS=$OS 13 | ARG PACKAGES="contrail-vrouter-source" 14 | RUN yum clean all && \ 15 | yum clean expire-cache && \ 16 | yum repolist 17 | RUN yum install -y $PACKAGES 18 | ARG MAKE_PACKAGE="make" 19 | RUN yum install -y $MAKE_PACKAGE 20 | COPY entrypoint.sh / 21 | EXPOSE 8081 8086 22 | RUN cp -rf /usr/src/ /usr/src.orig/ 23 | RUN chmod +x /entrypoint.sh 24 | ENTRYPOINT /entrypoint.sh 25 | -------------------------------------------------------------------------------- /docker/vrouter-compiler/centos7/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -x 3 | set -e 4 | function fail() { 5 | echo "$@" 6 | exit 1 7 | } 8 | 9 | KERNEL_VERSION=$(uname -r) 10 | VROUTER_VERSION=$(rpm -q contrail-vrouter-source | sed -r 's/contrail-vrouter-source-([[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\-[[:digit:]]+).*/\1/') 11 | if [[ $INSTALL_VROUTER_MODULE ]]; then 12 | VROUTER_MODULE_SAVE_PATH="/lib/modules/${KERNEL_VERSION}/kernel/net/contrail/" 13 | else 14 | VROUTER_MODULE_PATH=${VROUTER_MODULE_PATH:-"/opt/contrail/vrouter_modules/"} 15 | VROUTER_MODULE_SAVE_PATH=${VROUTER_MODULE_PATH}/${KERNEL_VERSION}/${VROUTER_VERSION} 16 | fi 17 | if [[ ! -e /lib/modules/${KERNEL_VERSION} ]]; then 18 | fail "No kernel module directory found under /lib/modules for current kernel ($KERNEL_VERSION)" 19 | fi 20 | 21 | if [[ ! -e /usr/src/kernels/$KERNEL_VERSION ]]; then 22 | fail "No kernel build directory found under /usr/src/kernels/ for current kernel ($KERNEL_VERSION)" 23 | fi 24 | 25 | cd /usr/src/modules/contrail-vrouter/ 26 | tar zxvf contrail-vrouter*.tar.gz 27 | make 28 | [[ -e $VROUTER_MODULE_SAVE_PATH ]] || mkdir -p $VROUTER_MODULE_SAVE_PATH 29 | cp vrouter.ko $VROUTER_MODULE_SAVE_PATH || fail "Failed copying vrouter module to $VROUTER_MODULE_SAVE_PATH" 30 | echo "Vrouter kernel module is copied to $VROUTER_MODULE_SAVE_PATH" 31 | -------------------------------------------------------------------------------- /kolla-patches/99contrail: -------------------------------------------------------------------------------- 1 | APT::Get::AllowUnauthenticated "true"; 2 | -------------------------------------------------------------------------------- /kolla-patches/Makefile: -------------------------------------------------------------------------------- 1 | # Simple Makefile to parallelize the "docker save | gzip" operations 2 | # The kolla-* targets in docker/Makefile should migrate to this 3 | # Makefile 4 | 5 | ifndef TARFILE 6 | $(error TARFILE is undefined, set to tgz to build) 7 | endif 8 | 9 | SHELL:=/bin/bash 10 | TEMPDIR:=$(shell mktemp -d $(PWD)/kolla-dockers-XXXX) 11 | KOLLA_IMGS:=$(shell source venv/bin/activate && \ 12 | kolla-build --list-images --base $(DISTRO) --config-file kolla-build.conf | grep -v ^INFO | sed -e 's/.* : //') 13 | 14 | TARGETS=$(patsubst %,$(TEMPDIR)/ubuntu-binary-%.tar.gz,$(KOLLA_IMGS)) 15 | 16 | %.tar.gz: 17 | docker save $(shell docker images -q kolla/$(notdir $*)) | gzip > $@ 18 | 19 | $(TARFILE): $(TARGETS) 20 | @echo "docker images from kolla-build to be packaged:" 21 | @(cd $(TEMPDIR) && ls -l) 22 | (cd $(TEMPDIR) && tar -czf $(TARFILE) $(notdir $(TARGETS))) 23 | rm -rf $(TEMPDIR) 24 | -------------------------------------------------------------------------------- /kolla-patches/iscsi_tcp_sudoers: -------------------------------------------------------------------------------- 1 | ironic ALL=(root) NOPASSWD: /usr/sbin/modprobe iscsi_tcp, /sbin/modprobe iscsi_tcp 2 | -------------------------------------------------------------------------------- /kolla-patches/swift_tcp_sudoers: -------------------------------------------------------------------------------- 1 | swift ALL=(ALL) NOPASSWD: ALL 2 | -------------------------------------------------------------------------------- /kolla-patches/template-overrides.j2: -------------------------------------------------------------------------------- 1 | {% extends parent_template %} 2 | 3 | # Use contrail mirrors - add contrail repo keys 4 | {% block base_header %} 5 | COPY contrail-ubuntu-mirror.key /etc/apt/contrail-ubuntu-mirror.key 6 | RUN apt-key add /etc/apt/contrail-ubuntu-mirror.key && rm -f /etc/apt/contrail-ubuntu-mirror.key 7 | COPY sources.list.{{ base_distro }}.nohttps /etc/apt/sources.list 8 | RUN apt-get update 9 | {% endblock %} 10 | 11 | # Contrail Neutron plugin packages 12 | {% set neutron_server_packages_append = ['neutron-plugin-contrail', 'python-contrail'] %} 13 | 14 | # Horizon packages 15 | {% set horizon_packages_append = ['contrail-openstack-dashboard', 'python-django-horizon'] %} 16 | 17 | # Contrail Heat plugin packages 18 | {% set heat_engine_packages_append = ['contrail-heat', 'python-contrail'] %} 19 | 20 | # Allow Unauthenticated contrail packages 21 | {% block openstack_base_header %} 22 | RUN echo 'APT::Get::AllowUnauthenticated "true";' > /etc/apt/apt.conf.d/99contrail 23 | {% endblock %} 24 | 25 | {% block keepalived_header %} 26 | RUN echo 'APT::Get::AllowUnauthenticated "true";' > /etc/apt/apt.conf.d/99contrail 27 | {% endblock %} 28 | 29 | {% block horizon_header %} 30 | RUN echo 'APT::Get::AllowUnauthenticated "true";' > /etc/apt/apt.conf.d/99contrail 31 | {% endblock %} 32 | 33 | {% block nova_libvirt_header %} 34 | RUN echo 'APT::Get::AllowUnauthenticated "true";' > /etc/apt/apt.conf.d/99contrail 35 | {% endblock %} 36 | 37 | # Copy vrouter-port-control in Nova compute container 38 | {% block nova_compute_header %} 39 | COPY vrouter-port-control /usr/local/bin/vrouter-port-control 40 | RUN chmod +x /usr/local/bin/vrouter-port-control 41 | {% endblock %} 42 | 43 | # Horizon patches 44 | {% block horizon_footer %} 45 | RUN cp -af /usr/lib/python2.7/dist-packages/neutron_lbaas_dashboard/enabled/_1481_project_ng_loadbalancersv2_panel.py /usr/share/openstack-dashboard/openstack_dashboard/enabled/ && \ 46 | echo yes | /usr/share/openstack-dashboard/manage.py collectstatic && \ 47 | /usr/share/openstack-dashboard/manage.py compress 48 | {% endblock %} 49 | 50 | #fix ironic_conductor issue for askpas and notty error 51 | {% block ironic_conductor_footer %} 52 | COPY iscsi_tcp_sudoers /etc/sudoers.d/kolla_iscsi_tcp_sudoers 53 | RUN chmod 440 /etc/sudoers.d/kolla_iscsi_tcp_sudoers 54 | {% endblock %} 55 | 56 | #fix for upstream kolla bug: https://bugs.launchpad.net/kolla/+bug/1537407 57 | 58 | {% set swift_proxy_server_packages_append = ['python-keystonemiddleware'] %} 59 | 60 | #fix for upstream kolla bug: https://bugs.launchpad.net/kolla/+bug/1630425 61 | 62 | {% set swift_object_expirer_packages_append = ['swift-object-expirer'] %} 63 | 64 | #fix swift containers issue for askpas and notty error 65 | 66 | {% block swift_proxy_server_footer %} 67 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 68 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 69 | {% endblock %} 70 | 71 | {% block swift_object_expirer_footer %} 72 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 73 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 74 | {% endblock %} 75 | 76 | {% block swift_object_footer %} 77 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 78 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 79 | {% endblock %} 80 | 81 | {% block swift_container_footer %} 82 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 83 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 84 | {% endblock %} 85 | 86 | {% block swift_account_footer %} 87 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 88 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 89 | {% endblock %} 90 | 91 | {% block swift_rsyncd_footer %} 92 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 93 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 94 | {% endblock %} 95 | 96 | {% block swift_base_footer %} 97 | COPY swift_tcp_sudoers /etc/sudoers.d/kolla_swift_tcp_sudoers 98 | RUN chmod 440 /etc/sudoers.d/kolla_swift_tcp_sudoers 99 | {% endblock %} 100 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/Chart.yaml: -------------------------------------------------------------------------------- 1 | name: Contrail 2 | description: A Helm chart for contrail 3 | version: 4.0.1.0 4 | appVersion: Contrail 4.0.1.0 5 | home: https://github.com/Juniper/contrail-docker/ 6 | sources: 7 | - https://github.com/Juniper/contrail-controller/ 8 | tillerVersion: ">=2.4.0" 9 | keywords: 10 | - Contrail 11 | - SDN 12 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }}. 2 | 3 | Your release is named {{ .Release.Name }}. 4 | 5 | To learn more about this contrail release, try: 6 | 7 | $ helm status {{ .Release.Name }} 8 | $ helm get {{ .Release.Name }} 9 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/agent-ds.yaml: -------------------------------------------------------------------------------- 1 | # hostOs is a mandatory field 2 | {{- $_ := required ".Values.hostOS must be specified, valid values are ubuntu, centos" .Values.hostOs }} 3 | apiVersion: extensions/v1beta1 4 | kind: DaemonSet 5 | metadata: 6 | name: contrail-vrouter-agent 7 | namespace: kube-system 8 | labels: 9 | app: contrail-cni 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | spec: 12 | template: 13 | metadata: 14 | labels: 15 | app: contrail-cni 16 | contrail_function: "contrail-vrouter-agent" 17 | spec: 18 | tolerations: 19 | - key: node-role.kubernetes.io/master 20 | operator: Exists 21 | effect: NoSchedule 22 | hostNetwork: true 23 | automountServiceAccountToken: false 24 | initContainers: 25 | {{- if eq .Values.hostOs "centos" }} 26 | {{- $_ := required ".Values.images.vrouterCompiler must be specified, if hostOS is centos" .Values.images.vrouterCompiler }} 27 | - name: contrail-vrouter-compiler 28 | image: {{ .Values.images.vrouterCompiler | quote }} 29 | imagePullPolicy: {{ default "" .Values.images.imagePullPolicy | quote }} 30 | securityContext: 31 | privileged: true 32 | volumeMounts: 33 | - mountPath: /lib/modules 34 | name: lib-modules 35 | - mountPath: /usr/src/kernels 36 | name: usr-src-kernels 37 | env: 38 | - name: INSTALL_VROUTER_MODULE 39 | value: 'true' 40 | {{- end }} 41 | - name: contrail-kubernetes-agent 42 | image: {{ .Values.images.kubernetesAgent | quote }} 43 | imagePullPolicy: {{ default "" .Values.images.imagePullPolicy | quote }} 44 | securityContext: 45 | privileged: true 46 | volumeMounts: 47 | - mountPath: /tmp/contrailctl 48 | name: tmp-contrail-config 49 | - mountPath: /var/lib/contrail/ 50 | name: contrail-varlib 51 | - mountPath: /host/etc_cni 52 | name: etc-cni 53 | - mountPath: /host/opt_cni_bin 54 | name: opt-cni-bin 55 | - mountPath: /var/log/contrail/cni 56 | name: var-log-contrail-cni 57 | containers: 58 | - name: contrail-agent 59 | image: {{ .Values.images.vrouterAgent | quote }} 60 | imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} 61 | securityContext: 62 | privileged: true 63 | volumeMounts: 64 | - mountPath: /tmp/contrailctl 65 | name: tmp-contrail-config 66 | - mountPath: /tmp/serviceaccount 67 | name: pod-secret 68 | - mountPath: /lib/modules 69 | name: lib-modules 70 | - mountPath: /usr/src 71 | name: usr-src 72 | - mountPath: /host/opt_cni_bin 73 | name: opt-cni-bin 74 | - mountPath: /host/etc_cni 75 | name: etc-cni 76 | - mountPath: /var/lib/contrail/ 77 | name: contrail-varlib 78 | # This is a workaround just to make sure the directory is created on host 79 | - mountPath: /var/log/contrail/cni 80 | name: var-log-contrail-cni 81 | volumes: 82 | - name: tmp-contrail-config 83 | configMap: 84 | name: contrailctl-config 85 | items: 86 | - key: global-config 87 | path: global.conf 88 | - key: agent-config 89 | path: agent.conf 90 | - key: kubemanager-config 91 | path: kubemanager.conf 92 | - key: kubernetes-agent-config 93 | path: kubernetesagent.conf 94 | - name: pod-secret 95 | secret: 96 | secretName: contrail-kube-manager-token 97 | - name: lib-modules 98 | hostPath: 99 | path: /lib/modules 100 | - name: usr-src 101 | hostPath: 102 | path: /usr/src 103 | {{- if eq .Values.hostOs "centos" }} 104 | - name: usr-src-kernels 105 | hostPath: 106 | path: /usr/src/kernels 107 | {{- end }} 108 | - name: opt-cni-bin 109 | hostPath: 110 | path: /opt/cni/bin 111 | - name: etc-cni 112 | hostPath: 113 | path: /etc/cni 114 | - name: contrail-varlib 115 | hostPath: 116 | path: /var/lib/contrail/ 117 | - name: var-log-contrail-cni 118 | hostPath: 119 | path: /var/log/contrail/cni/ 120 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/analytics-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: contrail-analytics 5 | namespace: kube-system 6 | labels: 7 | app: contrail-cni 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | spec: 10 | template: 11 | metadata: 12 | labels: 13 | app: contrail-cni 14 | contrail_function: contrail-analytics 15 | spec: 16 | affinity: 17 | nodeAffinity: 18 | requiredDuringSchedulingIgnoredDuringExecution: 19 | nodeSelectorTerms: 20 | - matchExpressions: 21 | - key: "opencontrail.org/controller" 22 | operator: In 23 | values: 24 | - "true" 25 | - matchExpressions: 26 | - key: "node-role.kubernetes.io/master" 27 | operator: Exists 28 | tolerations: 29 | - key: node-role.kubernetes.io/master 30 | operator: Exists 31 | effect: NoSchedule 32 | hostNetwork: true 33 | containers: 34 | - name: contrail-analytics 35 | image: {{ .Values.images.analytics | quote }} 36 | imagePullPolicy: {{ default "" .Values.images.imagePullPolicy | quote }} 37 | securityContext: 38 | privileged: true 39 | volumeMounts: 40 | - mountPath: /etc/contrailctl 41 | name: contrailctl-analytics 42 | volumes: 43 | - name: contrailctl-analytics 44 | configMap: 45 | name: contrailctl-config 46 | items: 47 | - key: analytics-config 48 | path: analytics.conf 49 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/analyticsdb-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: contrail-analyticsdb 5 | namespace: kube-system 6 | labels: 7 | app: contrail-cni 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | spec: 10 | template: 11 | metadata: 12 | labels: 13 | app: contrail-cni 14 | contrail_function: contrail-analyticsdb 15 | spec: 16 | affinity: 17 | nodeAffinity: 18 | requiredDuringSchedulingIgnoredDuringExecution: 19 | nodeSelectorTerms: 20 | - matchExpressions: 21 | - key: "opencontrail.org/controller" 22 | operator: In 23 | values: 24 | - "true" 25 | - matchExpressions: 26 | - key: "node-role.kubernetes.io/master" 27 | operator: Exists 28 | tolerations: 29 | - key: node-role.kubernetes.io/master 30 | operator: Exists 31 | effect: NoSchedule 32 | hostNetwork: true 33 | containers: 34 | - name: contrail-analyticsdb 35 | image: {{ .Values.images.analyticsdb }} 36 | imagePullPolicy: {{ default "" .Values.images.imagePullPolicy | quote }} 37 | securityContext: 38 | privileged: true 39 | volumeMounts: 40 | - mountPath: /etc/contrailctl 41 | name: contrailctl-analyticsdb 42 | - mountPath: /var/lib/cassandra 43 | name: analyticsdb-data 44 | volumes: 45 | - name: contrailctl-analyticsdb 46 | configMap: 47 | name: contrailctl-config 48 | items: 49 | - key: analyticsdb-config 50 | path: analyticsdb.conf 51 | - name: analyticsdb-data 52 | hostPath: 53 | path: /var/lib/analyticsdb 54 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrail-cm.yaml: -------------------------------------------------------------------------------- 1 | {{- include "contrail.checkInputConfStruct" .Values | trunc 0 -}} 2 | --- 3 | apiVersion: v1 4 | kind: ConfigMap 5 | metadata: 6 | name: contrailctl-config 7 | labels: 8 | app: contrail-cni 9 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 10 | namespace: kube-system 11 | data: 12 | global-config: |- 13 | {{ include "contrail.globalConfig" .Values.conf.global | indent 4 }} 14 | agent-config: |- 15 | {{ include "contrail.agentConfig" .Values | indent 4 }} 16 | controller-config: |- 17 | {{ include "contrail.globalConfig" .Values.conf.global | indent 4 }} 18 | {{ include "contrail.controllerConfig" .Values.conf | indent 4 }} 19 | analyticsdb-config: |- 20 | {{ include "contrail.globalConfig" .Values.conf.global | indent 4 }} 21 | {{ include "contrail.analyticsdbConfig" .Values.conf | indent 4 }} 22 | analytics-config: |- 23 | {{ include "contrail.globalConfig" .Values.conf.global | indent 4 }} 24 | {{ include "contrail.analyticsConfig" .Values.conf | indent 4 }} 25 | kubemanager-config: |- 26 | {{ include "contrail.kubernetesConfig" .Values.conf | indent 4 }} 27 | kubernetes-agent-config: |- 28 | # TO-DO have to check with Dinesh on this 29 | [AGENT] 30 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrail-rbac.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ClusterRole 3 | apiVersion: rbac.authorization.k8s.io/v1beta1 4 | metadata: 5 | name: contrail-kube-manager 6 | namespace: kube-system 7 | rules: 8 | - apiGroups: ["*"] 9 | resources: ["*"] 10 | verbs: ["*"] 11 | --- 12 | apiVersion: v1 13 | kind: ServiceAccount 14 | metadata: 15 | name: contrail-kube-manager 16 | namespace: kube-system 17 | --- 18 | apiVersion: rbac.authorization.k8s.io/v1beta1 19 | kind: ClusterRoleBinding 20 | metadata: 21 | name: contrail-kube-manager 22 | roleRef: 23 | apiGroup: rbac.authorization.k8s.io 24 | kind: ClusterRole 25 | name: contrail-kube-manager 26 | subjects: 27 | - kind: ServiceAccount 28 | name: contrail-kube-manager 29 | namespace: kube-system 30 | --- 31 | apiVersion: v1 32 | kind: Secret 33 | metadata: 34 | name: contrail-kube-manager-token 35 | namespace: kube-system 36 | annotations: 37 | helm.sh/hook: post-install 38 | kubernetes.io/service-account.name: contrail-kube-manager 39 | type: kubernetes.io/service-account-token 40 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/_agent.tpl: -------------------------------------------------------------------------------- 1 | {{/* ================================================================ */}} 2 | {{/* AGENT container specific sections are formed using this template */}} 3 | {{/* ================================================================ */}} 4 | {{- define "contrail.agentConfig" -}} 5 | [AGENT] 6 | 7 | {{ if eq .hostOs "centos" }}compile_vrouter_module = False 8 | {{ else }}compile_vrouter_module = {{ .conf.agent.compileVrouterModule | default "True" }}{{ end }} 9 | 10 | {{ if not .conf.agent.ctrlDataNetwork }}#{{ end }}ctrl_data_network = {{ .conf.agent.ctrlDataNetwork }} 11 | 12 | {{ if not .conf.agent.qosQueueIdList }}{{ $_ := set .conf.agent "qosQueueIdList" list }}{{ end }} 13 | {{ if not .conf.agent.qosQueueIdList }}#{{ end }}qos_queue_id_list = [{{ range .conf.agent.qosQueueIdList }}{{ . | quote }},{{ end }}] 14 | 15 | {{ if not .conf.agent.qosLogicalQueueList }}{{ $_ := set .conf.agent "qosLogicalQueueList" list }}{{ end }} 16 | {{ if not .conf.agent.qosLogicalQueueList }}#{{ end }}qos_logical_queue_list = [{{ range .conf.agent.qosLogicalQueueList }}{{ . | quote }},{{ end }}] 17 | 18 | {{ if not .conf.agent.qosDefaultNicQueue }}#{{ end }}qos_default_nic_queue = {{ .conf.agent.qosDefaultNicQueue }} 19 | 20 | {{ if not .conf.agent.qosPriorityTagging }}#{{ end }}qos_priority_tagging = {{ .conf.agent.qosPriorityTagging }} 21 | 22 | {{ if not .conf.agent.priorityIdList }}{{ $_ := set .conf.agent "priorityIdList" list }}{{ end }} 23 | {{ if not .conf.agent.priorityIdList }}#{{ end }}priority_id_list = [{{ range .conf.agent.priorityIdList }}{{ . | quote }},{{ end }}] 24 | 25 | {{ if not .conf.agent.prioritySchedulingList }}{{ $_ := set .conf.agent "prioritySchedulingList" list }}{{ end }} 26 | {{ if not .conf.agent.prioritySchedulingList }}#{{ end }}priority_scheduling_list = [{{ range .conf.agent.prioritySchedulingList }}{{ . | quote }},{{ end }}] 27 | 28 | {{ if not .conf.agent.priorityBandwidthList }}{{ $_ := set .conf.agent "priorityBandwidthList" list }}{{ end }} 29 | {{ if not .conf.agent.priorityBandwidthList }}#{{ end }}priority_bandwidth_list = [{{ range .conf.agent.priorityBandwidthList }}{{ . | quote }},{{ end }}] 30 | 31 | {{ if not .conf.agent.vrouterModuleParams }}#{{ end }}vrouter_module_params = {{ .conf.agent.vrouterModuleParams }} 32 | [HYPERVISOR] 33 | {{ if not .conf.agent.hypervisor.type }}#{{ end }}type = {{ .conf.agent.hypervisor.type | default "kvm" }} 34 | {{- end -}} 35 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/_analytics.tpl: -------------------------------------------------------------------------------- 1 | {{/* ====================================================================== */}} 2 | {{/* Analytics container specific sections are formed using this template */}} 3 | {{/* ====================================================================== */}} 4 | 5 | {{- define "contrail.analyticsConfig" -}} 6 | 7 | {{/* ================== ANALYTICS_API section ==================== */}} 8 | [ANALYTICS_API] 9 | {{ include "contrail.logPortConfig" .analyticsAPI.logPortInfo }} 10 | 11 | {{ if not .analyticsAPI.aaaMode }}#{{ end }}aaa_mode = {{ .analyticsAPI.aaaMode | default "no-auth" }} 12 | 13 | {{/* ================== ANALYTICS_COLLECTOR section ==================== */}} 14 | [ANALYTICS_COLLECTOR] 15 | {{ include "contrail.logPortConfig" .analyticsCollector.logPortInfo }} 16 | 17 | {{ if not .analyticsCollector.syslogPort }}#{{ end }}syslog_port = {{ .analyticsCollector.syslogPort }} 18 | 19 | {{ if not .analyticsCollector.analyticsFlowTTL }}#{{ end }}analytics_flow_ttl = {{ .analyticsCollector.analyticsFlowTTL | default 48 }} 20 | 21 | {{ if not .analyticsCollector.analyticsStatisticsTTL }}#{{ end }}analytics_statistics_ttl = {{ .analyticsCollector.analyticsStatisticsTTL | default 2160 }} 22 | 23 | {{ if not .analyticsCollector.analyticsConfigAuditTTL }}#{{ end }}analytics_config_audit_ttl = {{ .analyticsCollector.analyticsConfigAuditTTL | default 24 }} 24 | 25 | {{ if not .analyticsCollector.analyticsDataTTL }}#{{ end }}analytics_data_ttl = {{ .analyticsCollector.analyticsDataTTL | default }} 26 | 27 | {{/* ================== ALARM_GEN section ==================== */}} 28 | [ALARM_GEN] 29 | {{ include "contrail.logPortConfig" .alarmGen.logPortInfo }} 30 | {{/* ================== QUERY_ENGINE section ==================== */}} 31 | 32 | [QUERY_ENGINE] 33 | {{ include "contrail.logPortConfig" .queryEngine.logPortInfo }} 34 | 35 | {{/* ================== TOPOLOGY section ==================== */}} 36 | [TOPOLOGY] 37 | {{ include "contrail.logPortConfig" .topology.logPortInfo }} 38 | 39 | {{/* ================== SNMP_COLLECTOR section ==================== */}} 40 | [SNMP_COLLECTOR] 41 | {{ include "contrail.logPortConfig" .snmpCollector.logPortInfo }} 42 | 43 | {{ if not .snmpCollector.scanFreq }}#{{ end }}scan_frequency = {{ .snmpCollector.scanFreq | default 600 }} 44 | 45 | {{ if not .snmpCollector.fastScanFreq }}#{{ end }}fast_scan_frequency = {{ .snmpCollector.fastScanFreq | default 60 }} 46 | 47 | {{/* ==================== RABBITMQ SECTION ======================= */}} 48 | {{ include "contrail.rabbitmqConfig" . }} 49 | 50 | {{- end -}} 51 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/_analyticsdb.tpl: -------------------------------------------------------------------------------- 1 | {{/* ====================================================================== */}} 2 | {{/* Analyticsdb container specific sections are formed using this template */}} 3 | {{/* ====================================================================== */}} 4 | 5 | {{- define "contrail.analyticsdbConfig" -}} 6 | 7 | {{/* ==================== CASSADRA SECTION ======================= */}} 8 | 9 | {{- include "contrail.cassandraConfig" .analyticsdbCassandra -}} 10 | 11 | {{- end -}} 12 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/_check-input-conf.tpl: -------------------------------------------------------------------------------- 1 | {{/* =============================================================== */}} 2 | {{/* Check existence of the input values */}} 3 | {{/* if not defined then set the correct data struct */}} 4 | {{/* =============================================================== */}} 5 | 6 | {{- define "contrail.checkInputConfStruct" -}} 7 | 8 | {{- if not .hostOs -}}{{- set . "hostOs" "ubuntu" -}}{{- end -}} 9 | {{- if not .conf -}}{{- set . "conf" dict -}}{{- end -}} 10 | {{- if not .conf.global -}}{{- set .conf "global" dict -}}{{- end -}} 11 | {{- if not .conf.global.controller -}}{{- set .conf.global "controller" dict -}}{{- end -}} 12 | {{- if not .conf.global.analyticsdb -}}{{- set .conf.global "analyticsdb" dict -}}{{- end -}} 13 | {{- if not .conf.global.analytics -}}{{- set .conf.global "analytics" dict -}}{{- end -}} 14 | {{- if not .conf.global.config -}}{{- set .conf.global "config" dict -}}{{- end -}} 15 | {{- if not .conf.global.webui -}}{{- set .conf.global "webui" dict -}}{{- end -}} 16 | {{- if not .conf.global.external -}}{{- set .conf.global "external" dict -}}{{- end -}} 17 | {{- if not .conf.global.ssl -}}{{- set .conf.global "ssl" dict -}}{{- end -}} 18 | {{- if not .conf.global.apiserver -}}{{- set .conf.global "apiserver" dict -}}{{- end -}} 19 | {{- if not .conf.global.neutron -}}{{- set .conf.global "neutron" dict -}}{{- end -}} 20 | 21 | {{- if not .conf.global.controller.nodes -}}{{- set .conf.global.controller "nodes" list -}}{{- end -}} 22 | {{- if not .conf.global.config.nodes -}}{{- set .conf.global.config "nodes" list -}}{{- end -}} 23 | {{- if not .conf.global.webui.nodes -}}{{- set .conf.global.webui "nodes" list -}}{{- end -}} 24 | {{- if not .conf.global.analytics.nodes -}}{{- set .conf.global.analytics "nodes" list -}}{{- end -}} 25 | {{- if not .conf.global.analyticsdb.nodes -}}{{- set .conf.global.analyticsdb "nodes" list -}}{{- end -}} 26 | 27 | {{- if not .conf.global.external.rabbitmqServers -}}{{- set .conf.global.external "rabbitmqServers" list -}}{{- end -}} 28 | {{- if not .conf.global.external.controllerZookeeperServers -}}{{- set .conf.global.external "controllerZookeeperServers" list -}}{{- end -}} 29 | {{- if not .conf.global.external.analyticsdbZookeeperServers -}}{{- set .conf.global.external "analyticsdbZookeeperServers" list -}}{{- end -}} 30 | 31 | {{- if not .conf.controller -}}{{- set .conf "controller" dict -}}{{- end -}} 32 | {{- if not .conf.control -}}{{- set .conf "control" dict -}}{{- end -}} 33 | {{- if not .conf.control.logPortInfo -}}{{- set .conf.control "log_port_info" dict -}}{{- end -}} 34 | 35 | {{- if not .conf.contrailAPI -}}{{- set .conf "contrail_api" dict -}}{{- end -}} 36 | {{- if not .conf.contrailAPI.logPortInfo -}}{{- set .conf.contrailAPI "log_port_info" dict -}}{{- end -}} 37 | 38 | {{- if not .conf.schema -}}{{- set .conf "schema" dict -}}{{- end -}} 39 | {{- if not .conf.schema.logPortInfo -}}{{- set .conf.schema "log_port_info" dict -}}{{- end -}} 40 | 41 | {{- if not .conf.svcMonitor -}}{{- set .conf "svc_monitor" dict -}}{{- end -}} 42 | {{- if not .conf.svcMonitor.logPortInfo -}}{{- set .conf.svcMonitor "log_port_info" dict -}}{{- end -}} 43 | 44 | {{- if not .conf.deviceManager -}}{{- set .conf "device_manager" dict -}}{{- end -}} 45 | {{- if not .conf.deviceManager.logPortInfo -}}{{- set .conf.deviceManager "log_port_info" dict -}}{{- end -}} 46 | 47 | {{- if not .conf.dns -}}{{- set .conf "dns" dict -}}{{- end -}} 48 | {{- if not .conf.dns.logPortInfo -}}{{- set .conf.dns "log_port_info" dict -}}{{- end -}} 49 | 50 | {{- if not .conf.analyticsAPI -}}{{- set .conf "analytics_api" dict -}}{{- end -}} 51 | {{- if not .conf.analyticsAPI.logPortInfo -}}{{- set .conf.analyticsAPI "log_port_info" dict -}}{{- end -}} 52 | 53 | {{- if not .conf.analyticsCollector -}}{{- set .conf "analytics_colletor" dict -}}{{- end -}} 54 | {{- if not .conf.analyticsCollector.logPortInfo -}}{{- set .conf.analytics_colletor "log_port_info" dict -}}{{- end -}} 55 | 56 | {{- if not .conf.alarmGen -}}{{- set .conf "alarm_gen" dict -}}{{- end -}} 57 | {{- if not .conf.alarmGen.logPortInfo -}}{{- set .conf.alarmGen "log_port_info" dict -}}{{- end -}} 58 | 59 | {{- if not .conf.queryEngine -}}{{- set .conf "query_engine" dict -}}{{- end -}} 60 | {{- if not .conf.queryEngine.logPortInfo -}}{{- set .conf.queryEngine "log_port_info" dict -}}{{- end -}} 61 | 62 | {{- if not .conf.topology -}}{{- set .conf "topology" dict -}}{{- end -}} 63 | {{- if not .conf.topology.logPortInfo -}}{{- set .conf.topology "log_port_info" dict -}}{{- end -}} 64 | 65 | {{- if not .conf.snmpCollector -}}{{- set .conf "snmp_collector" dict -}}{{- end -}} 66 | {{- if not .conf.snmpCollector.logPortInfo -}}{{- set .conf.snmpCollector "log_port_info" dict -}}{{- end -}} 67 | 68 | {{- if not .conf.webui -}}{{- set .conf "webui" dict -}}{{- end -}} 69 | 70 | {{- if not .conf.rabbitmq -}}{{- set .conf "rabbitmq" dict -}}{{- end -}} 71 | 72 | {{- if not .conf.configdb_cassandra -}}{{- set .conf "configdb_cassandra" dict -}}{{- end -}} 73 | 74 | {{- if not .conf.analyticsdb_cassandra -}}{{- set .conf "analyticsdb_cassandra" dict -}}{{- end -}} 75 | 76 | {{- if not .conf.agent -}}{{- set .conf "agent" dict -}}{{- end -}} 77 | {{- if not .conf.agent.hypervisor -}}{{- set .conf.agent "hypervisor" dict -}}{{- end -}} 78 | 79 | {{- if not .conf.kubernetes -}}{{- set .conf "kubernetes" dict -}}{{- end -}} 80 | 81 | {{- if not .conf.kubernetesVNC -}}{{- set .conf "kubernetesVNC" dict -}}{{- end -}} 82 | 83 | {{- end -}} 84 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/_controller.tpl: -------------------------------------------------------------------------------- 1 | {{/* ======================================================================= */}} 2 | {{/* Controller container specific sections are formed using this template */}} 3 | {{/* ======================================================================= */}} 4 | 5 | {{- define "contrail.controllerConfig" -}} 6 | 7 | {{/* ==================== CONTROLLER SECTION ======================= */}} 8 | [CONTROLLER] 9 | {{ if not .controller.encapPriority }}#{{ end }}encap_priority = {{ .controller.encapPriority | default "MPLSoUDP,MPLSoGRE,VXLAN" }} 10 | 11 | {{ if not .controller.externalRoutersList }}#{{ end }}external_routers_list = {{ .controller.externalRoutersList }} 12 | 13 | {{ if not .controller.bgpAsn }}#{{ end }}bgp_asn = {{ .controller.bgpAsn | default 64512 }} 14 | 15 | {{ if not .controller.flowExportRate }}#{{ end }}flow_export_rate = {{ .controller.flowExportRate }} 16 | 17 | 18 | {{/* ==================== CONTROL SECTION ======================= */}} 19 | [CONTROL] 20 | {{ include "contrail.logPortConfig" .control.logPortInfo }} 21 | 22 | {{ if not .control.bgpPort }}#{{ end }}bgp_port = {{ .control.bgpPort | default 179 }} 23 | 24 | {{ if not .control.xmpp_server_port }}#{{ end }}xmpp_server_port = {{ .control.xmpp_server_port | default 5269 }} 25 | 26 | {{/* ==================== API SECTION ======================= */}} 27 | [API] 28 | {{ include "contrail.logPortConfig" .contrailAPI.logPortInfo }} 29 | 30 | {{ if not .contrailAPI.listenAddress }}#{{ end }}listen_address = {{ .contrailAPI.listenAddress | default "0.0.0.0" }} 31 | 32 | {{ if not .contrailAPI.listOptimizationEnabled }}#{{ end }}list_optimization_enabled = {{ .contrailAPI.listOptimizationEnabled | default "true" }} 33 | 34 | {{ if not .contrailAPI.cloudAdminRole }}#{{ end }}cloud_admin_role = {{ .contrailAPI.cloudAdminRole | default "admin" }} 35 | 36 | {{ if not .contrailAPI.globalReadOnlyRole }}#{{ end }}global_read_only_role = {{ .contrailAPI.globalReadOnlyRole }} 37 | 38 | {{ if not .contrailAPI.aaaMode }}#{{ end }}aaa_mode = {{ .contrailAPI.aaaMode | default "no-auth" }} 39 | 40 | {{/* ==================== SCHEMA SECTION ======================= */}} 41 | [SCHEMA] 42 | {{ include "contrail.logPortConfig" .schema.logPortInfo }} 43 | 44 | 45 | {{/* ==================== SVC_MONITOR SECTION ======================= */}} 46 | [SVC_MONITOR] 47 | {{ include "contrail.logPortConfig" .svcMonitor.logPortInfo }} 48 | 49 | {{/* ==================== DEVICE_MANAGER SECTION ======================= */}} 50 | [DEVICE_MANAGER] 51 | {{ include "contrail.logPortConfig" .deviceManager.logPortInfo }} 52 | 53 | {{/* ==================== DNS SECTION ======================= */}} 54 | [DNS] 55 | 56 | {{ include "contrail.logPortConfig" .dns.logPortInfo }} 57 | 58 | {{ if not .dns.namedLogFile }}#{{ end }}named_log_file = {{ .dns.namedLogFile | default "/var/log/contrail/contrail-named.log" | quote }} 59 | 60 | {{ if not .dns.dnsPort }}#{{ end }}dns_server_port = {{ int .dns.dnsPort | default 53 }} 61 | 62 | {{/* ==================== RABBITMQ SECTION ======================= */}} 63 | {{ include "contrail.rabbitmqConfig" . }} 64 | 65 | {{/* ==================== WEBUI SECTION ======================= */}} 66 | [WEBUI] 67 | {{ if not .webui.httpListenPort }}#{{ end }}http_listen_port = {{ .webui.httpListenPort | default 8080 }} 68 | 69 | {{ if not .webui.httpsListenPort }}#{{ end }}https_listen_port = {{ .webui.httpsListenPort | default 8143 }} 70 | 71 | {{ if not .webui.storageEnable }}#{{ end }}webui_storage_enable = {{ .webui.storageEnable | default "false" }} 72 | 73 | {{ if not .webui.enableUnderlay }}#{{ end }}enable_underlay = {{ .webui.enableUnderlay | default "false" }} 74 | 75 | {{ if not .webui.enableMX }}#{{ end }}enable_mx = {{ .webui.enableMX | default "false" }} 76 | 77 | {{ if not .webui.enableUdd }}#{{ end }}enable_udd = {{ .webui.enableUdd | default "false" }} 78 | 79 | {{ if not .webui.serviceEPFromConfig }}#{{ end }}service_endpoint_from_config = {{ .webui.serviceEPFromConfig | default "false" }} 80 | 81 | {{ if not .webui.serverOptionsKeyFile }}#{{ end }}server_options_key_file = {{ .webui.serverOptionsKeyFile }} 82 | 83 | {{ if not .webui.serverOptionsCertFile }}#{{ end }}server_options_cert_file = {{ .webui.serverOptionsCertFile }} 84 | 85 | {{/* ==================== ANALYTICS_API SECTION ======================= */}} 86 | [ANALYTICS_API] 87 | 88 | {{ if not .analyticsAPI.aaaMode }}#{{ end }}aaa_mode = {{ .analyticsAPI.aaaMode | default "no-auth" }} 89 | 90 | {{/* ==================== CASSADRA SECTION ======================= */}} 91 | {{ include "contrail.cassandraConfig" .configdbCassandra }} 92 | 93 | {{- end -}} 94 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/_kubernetes.tpl: -------------------------------------------------------------------------------- 1 | {{/* ====================================================================== */}} 2 | {{/* kubemanager container specific sections are formed using this template */}} 3 | {{/* ====================================================================== */}} 4 | {{- define "contrail.kubernetesConfig" -}} 5 | 6 | [KUBERNETES] 7 | api_server = {{ .kubernetes.apiServer | default "" }} 8 | cluster_name = {{ .kubernetes.clusterName | default "default-cluster" }} 9 | cluster_network = {} 10 | pod_subnets = {{ .kubernetes.podSubnets | default "10.32.0.0/12" }} 11 | service_subnets = {{ .kubernetes.svcSubnets | default "10.96.0.0/12" }} 12 | cluster_project = {{ if not .kubernetes.clusterProject -}}{'domain': 'default-domain', 'project': 'default'}{{ else -}}{{ .kubernetes.clusterProject }}{{- end }} 13 | [KUBERNETES_VNC] 14 | public_fip_pool = {{- if not .kubernetes.publicFipPool -}}{}{{- else -}}{{ .kubernetes.publicFipPool }}{{- end -}} 15 | {{- end -}} 16 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/common/_cassandra.tpl: -------------------------------------------------------------------------------- 1 | {{/* =============================================================== */}} 2 | {{/* Cassandra config for contrailctl is formed using this template */}} 3 | {{/* Below are the defined fields as part of this template */}} 4 | {{/* - commitlog_dir */}} 5 | {{/* - data_dirs */}} 6 | {{/* =============================================================== */}} 7 | 8 | {{- define "contrail.cassandraConfig" -}} 9 | 10 | [CASSANDRA] 11 | {{ if not .commitLogDir }}#{{ end }}commitlog_dir = {{ .commitLogDir | default "/var/lib/cassandra/commitlog" }} 12 | {{ if not .dataDirs }}#{{- $_ := set . "dataDirs" list "/var/lib/cassandra/data" -}}{{ end }}data_dirs = [{{- range .dataDirs -}}{{ . | quote }},{{ end }}] 13 | 14 | {{- end -}} 15 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/common/_global.tpl: -------------------------------------------------------------------------------- 1 | {{/* ================================================================= */}} 2 | {{/* Set default varibles needed by contrail.globalConfig template */}} 3 | {{/* ================================================================= */}} 4 | 5 | {{- define "contrail.setGlobalDefaults" -}} 6 | 7 | {{- $_ := required "Controller_nodes should be given as list in .Values.conf.global.controller.nodes" .controller.nodes -}} 8 | 9 | {{- if not .analyticsdb.nodes -}}{{- $_ := set .analyticsdb "nodes" .controller.nodes -}}{{- end -}} 10 | {{- if not .analytics.nodes -}}{{- $_ := set .analytics "nodes" .controller.nodes -}}{{- end -}} 11 | {{- if not .config.nodes -}}{{- $_ := set .config "nodes" .controller.nodes -}}{{- end -}} 12 | {{- if not .webui.nodes -}}{{- $_ := set .webui "nodes" .controller.nodes -}}{{- end -}} 13 | 14 | {{- if not .controller.virtualIp -}} 15 | {{- $controllerIp := first .controller.nodes -}} 16 | {{- $_ := set .controller "virtualIp" $controllerIp -}} 17 | {{- end -}} 18 | {{- if not .analytics.virtualIp -}} 19 | {{- $analyticsIp := first .analytics.nodes -}} 20 | {{- $_ := set .analytics "virtualIp" $analyticsIp -}} 21 | {{- end -}} 22 | {{- if not .config.virtualIp -}} 23 | {{- $configIp := first .config.nodes -}} 24 | {{- $_ := set .config "virtualIp" $configIp -}} 25 | {{- end -}} 26 | 27 | {{- if not .external.rabbitmqServers -}}{{- $_ := set .external "rabbitmqServers" list -}}{{- end -}} 28 | {{- if not .external.controllerZookeeperServers -}}{{- $_ := set .external "controllerZookeeperServers" list -}}{{- end -}} 29 | {{- if not .external.analyticsdbZookeeperServers -}}{{- $_ := set .external "analyticsdbZookeeperServers" list -}}{{- end -}} 30 | 31 | {{- end -}} 32 | 33 | {{/* =============================================================== */}} 34 | {{/* GLOBAL section of the contrailctl is formed using this template */}} 35 | {{/* =============================================================== */}} 36 | 37 | 38 | {{- define "contrail.globalConfig" -}} 39 | 40 | {{- include "contrail.setGlobalDefaults" . -}} 41 | 42 | [GLOBAL] 43 | controller_nodes = {{ .controller.nodes | join "," }} 44 | analytics_nodes = {{ .analytics.nodes | join "," }} 45 | analyticsdb_nodes = {{ .analyticsdb.nodes | join "," }} 46 | config_nodes = {{ .config.nodes | join "," }} 47 | webui_nodes = {{ .webui.nodes | join "," }} 48 | 49 | controller_ip = {{ .controller.virtualIp }} 50 | config_ip = {{ .config.virtualIp }} 51 | analytics_ip = {{ .analytics.virtualIp }} 52 | 53 | {{ if not .controller.enableControlService }}#{{ end }}enable_control_service = {{ .controller.enableControlService | default "true" }} 54 | {{ if not .webui.enableWebuiService }}#{{ end }}enable_webui_service = {{ .webui.enableWebuiService | default "true" }} 55 | {{ if not .config.enableWebuiService }}#{{ end }}enable_config_service = {{ .webui.enableConfigService | default "true" }} 56 | 57 | {{ if not .config.cassandraUser }}#{{ end }}configdb_cassandra_user = {{ .config.cassandraUser | default "" }} 58 | {{ if not .config.cassandraPassword }}#{{ end }}configdb_cassandra_password = {{ .config.cassandraPassword | default "" }} 59 | {{ if not .analyticsdb.cassandraUser }}#{{ end }}analyticsdb_cassandra_user = {{ .analyticsdb.cassandraUser | default "" }} 60 | {{ if not .analyticsdb.cassandraPassword }}#{{ end }}analyticsdb_cassandra_password = {{ .analyticsdb.cassandraPassword | default "" }} 61 | 62 | {{/* TODO check if the hosts_entries format works */}} 63 | {{ if not .hostsEntries }}#{{ end }}hosts_entries = {{ .hostsEntries | default "" }} 64 | {{ if not .cloudOrchestrator }}#{{ end }}cloud_orchestrator = {{ .cloudOrchestrator | default "kubernetes" }} 65 | 66 | {{ if not .uvePartitionCount }}#{{ end }}uve_partition_count = {{ .uvePartitionCount }} 67 | 68 | {{ if not .external.rabbitmqServers }}#{{ end }}external_rabbitmq_servers = {{ .external.rabbitmqServers | join "," }} 69 | {{ if not .external.controllerZookeeperServers }}#{{ end }}external_zookeeper_servers = {{ .external.controllerZookeeperServers | join "," }} 70 | {{ if not .external.analyticsdbZookeeperServers }}#{{ end }}external_analyticsdb_zookeeper_servers = [{{- range .external.analyticsdbZookeeperServers -}}{{ . | quote }},{{- end }}] 71 | 72 | {{ if not .ssl.xmppAuth }}#{{ end }}xmpp_auth_enable = {{ .ssl.xmppAuth | default "false" }} 73 | {{ if not .ssl.xmppDNSAuth }}#{{ end }}xmpp_dns_auth_enable = {{ .ssl.xmppDNSAuth | default "false" }} 74 | {{ if not .ssl.sandesh }}#{{ end }}sandesh_ssl_enable = {{ .ssl.sandesh | default "false" }} 75 | {{ if not .ssl.introspect }}#{{ end }}introspect_ssl_enable = {{ .ssl.introspect | default "false" }} 76 | 77 | {{ if not .apiserver.authProtocol }}#{{ end }}apiserver_auth_protocol = {{ .apiserver.authProtocol | default "" }} 78 | {{ if not .apiserver.certfile }}#{{ end }}apiserver_certfile = {{ .apiserver.certfile | default "" }} 79 | {{ if not .apiserver.keyfile }}#{{ end }}apiserver_keyfile = {{ .apiserver.keyfile | default "" }} 80 | {{ if not .apiserver.cafile }}#{{ end }}apiserver_cafile = {{ .apiserver.cafile | default "" }} 81 | {{ if not .apiserver.insecure }}#{{ end }}apiserver_insecure = {{ .apiserver.insecure | default "" }} 82 | 83 | {{ if not .neutron.metadataIP }}#{{ end }}neutron_metadata_ip = {{ .neutron.metadataIP | default "" }} 84 | {{ if not .neutron.metadataPort }}#{{ end }}neutron_metadata_port = {{ .neutron.metadataPort | default "" }} 85 | {{ if not .analyticsdbMinDiskGB }}#{{ end }}analyticsdb_minimum_diskgb = {{ .analyticsdbMinDiskGB | default 256 }} 86 | {{ if not .configdbMinDiskGB }}#{{ end }}configdb_minimum_diskgb = {{ .configdbMinDiskGB | default 20 }} 87 | 88 | {{- end -}} 89 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/common/_logport.tpl: -------------------------------------------------------------------------------- 1 | {{/* ============================================================================== */}} 2 | {{/* log and port fields needed by various sections are formed using this template */}} 3 | {{/* ============================================================================== */}} 4 | 5 | {{ define "contrail.logPortConfig" }} 6 | 7 | {{ if not .logFile }}#{{ end }}log = {{ .logFile }} 8 | {{ if not .logLevel }}#{{ end }}log_level = {{ .logLevel | default "SYS_NOTICE" }} 9 | {{ if not .introspectPort }}#{{ end }}introspect_port = {{ .introspectPort }} 10 | {{ if not .listenPort }}#{{ end }}listen_port = {{ .listenPort }} 11 | 12 | {{- end -}} 13 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/contrailctl/common/_rabbitmq.tpl: -------------------------------------------------------------------------------- 1 | {{/* =============================================================== */}} 2 | {{/* RABBITMQ section of the contrailctl is formed using this template */}} 3 | {{/* =============================================================== */}} 4 | 5 | {{- define "contrail.rabbitmqConfig" -}} 6 | 7 | [RABBITMQ] 8 | 9 | {{ if not .rabbitmq.user }}#{{ end }}user = {{ .rabbitmq.user | default "guest" }} 10 | {{ if not .rabbitmq.password }}#{{ end }}password = {{ .rabbitmq.password | default "guest" }} 11 | {{ if not .rabbitmq.vhost }}#{{ end }}vhost = {{ .rabbitmq.vhost | default "/" }} 12 | {{ if not .rabbitmq.owner }}#{{ end }}owner = {{ .rabbitmq.owner }} 13 | {{ if not .rabbitmq.group }}#{{ end }}group = {{ .rabbitmq.group }} 14 | 15 | 16 | {{- end -}} 17 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/controller-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: contrail-controller 5 | namespace: kube-system 6 | labels: 7 | app: contrail-cni 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | spec: 10 | template: 11 | metadata: 12 | labels: 13 | app: contrail-cni 14 | contrail_function: contrail-controller 15 | spec: 16 | affinity: 17 | nodeAffinity: 18 | requiredDuringSchedulingIgnoredDuringExecution: 19 | nodeSelectorTerms: 20 | - matchExpressions: 21 | - key: "opencontrail.org/controller" 22 | operator: In 23 | values: 24 | - "true" 25 | - matchExpressions: 26 | - key: "node-role.kubernetes.io/master" 27 | operator: Exists 28 | tolerations: 29 | - key: node-role.kubernetes.io/master 30 | operator: Exists 31 | effect: NoSchedule 32 | hostNetwork: true 33 | containers: 34 | - name: contrail-controller 35 | image: {{ .Values.images.controller | quote }} 36 | imagePullPolicy: {{ default "" .Values.images.imagePullPolicy | quote }} 37 | securityContext: 38 | privileged: true 39 | volumeMounts: 40 | - mountPath: /etc/contrailctl 41 | name: contrailctl-controller 42 | - mountPath: /var/lib/cassandra 43 | name: configdb-data 44 | - mountPath: /var/lib/zookeeper 45 | name: zookeeper-data 46 | volumes: 47 | - name: contrailctl-controller 48 | configMap: 49 | name: contrailctl-config 50 | items: 51 | - key: controller-config 52 | path: controller.conf 53 | - name: configdb-data 54 | hostPath: 55 | path: /var/lib/configdb 56 | - name: zookeeper-data 57 | hostPath: 58 | path: /var/lib/config_zookeeper_data 59 | -------------------------------------------------------------------------------- /kubernetes/helm/contrail/templates/kubemanager-ds.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | name: contrail-kube-manager 5 | namespace: kube-system 6 | labels: 7 | app: contrail-cni 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | spec: 10 | template: 11 | metadata: 12 | labels: 13 | app: contrail-cni 14 | contrail_function: contrail-kube-manager 15 | spec: 16 | affinity: 17 | nodeAffinity: 18 | requiredDuringSchedulingIgnoredDuringExecution: 19 | nodeSelectorTerms: 20 | - matchExpressions: 21 | - key: "opencontrail.org/controller" 22 | operator: In 23 | values: 24 | - "true" 25 | - matchExpressions: 26 | - key: "node-role.kubernetes.io/master" 27 | operator: Exists 28 | tolerations: 29 | - key: node-role.kubernetes.io/master 30 | operator: Exists 31 | effect: NoSchedule 32 | hostNetwork: true 33 | automountServiceAccountToken: false 34 | containers: 35 | - name: contrail-kube-manager 36 | image: {{ .Values.images.kubemanager | quote }} 37 | imagePullPolicy: {{ default "" .Values.images.imagePullPolicy | quote }} 38 | securityContext: 39 | privileged: true 40 | volumeMounts: 41 | - mountPath: /tmp/contrailctl 42 | name: contrailctl-kube-manager 43 | - mountPath: /tmp/serviceaccount 44 | name: pod-secret 45 | volumes: 46 | - name: contrailctl-kube-manager 47 | configMap: 48 | name: contrailctl-config 49 | items: 50 | - key: kubemanager-config 51 | path: kubemanager.conf 52 | - key: global-config 53 | path: global.conf 54 | - name: pod-secret 55 | secret: 56 | secretName: contrail-kube-manager-token 57 | -------------------------------------------------------------------------------- /kubernetes/manifests/contrail-host-centos-nested.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: contrail-config 6 | namespace: kube-system 7 | data: 8 | global-config: |- 9 | [GLOBAL] 10 | cloud_orchestrator = kubernetes 11 | config_nodes = 10.10.10.1 12 | controller_nodes = 10.10.10.1 13 | analytics_nodes = 10.10.10.2 14 | nested_mode = True 15 | kubemanager-config: |- 16 | [KUBERNETES] 17 | cluster_name = k8s-default 18 | cluster_project = {} 19 | cluster_network = {'domain': 'default-domain', 'project': 'admin', 'name': '__public_network_nested_k8s__'} 20 | service_subnets = 10.96.0.0/12 21 | pod_subnets = 10.32.0.0/12 22 | api_server = 10.84.53.3 23 | [AUTH] 24 | ip = 10.10.10.100 25 | admin_password = c0ntrail123 26 | admin_user = admin 27 | admin_tenant = admin 28 | kubernetes-agent-config: |- 29 | [AGENT] 30 | ip = 10.10.10.101 31 | --- 32 | apiVersion: extensions/v1beta1 33 | kind: DaemonSet 34 | metadata: 35 | name: contrail-kube-manager 36 | namespace: kube-system 37 | labels: 38 | app: contrail-kube-manager 39 | spec: 40 | template: 41 | metadata: 42 | labels: 43 | app: contrail-kube-manager 44 | spec: 45 | affinity: 46 | nodeAffinity: 47 | requiredDuringSchedulingIgnoredDuringExecution: 48 | nodeSelectorTerms: 49 | - matchExpressions: 50 | - key: "opencontrail.org/controller" 51 | operator: In 52 | values: 53 | - "true" 54 | - matchExpressions: 55 | - key: "node-role.kubernetes.io/master" 56 | operator: Exists 57 | tolerations: 58 | - key: node-role.kubernetes.io/master 59 | operator: Exists 60 | effect: NoSchedule 61 | automountServiceAccountToken: false 62 | hostNetwork: true 63 | containers: 64 | - name: contrail-kube-manager 65 | image: "10.84.5.71:5000/contrail-kube-manager-ubuntu14.04:4.0.0.0-20" 66 | imagePullPolicy: "" 67 | securityContext: 68 | privileged: true 69 | volumeMounts: 70 | - mountPath: /tmp/contrailctl 71 | name: tmp-contrail-config 72 | - mountPath: /tmp/serviceaccount 73 | name: pod-secret 74 | volumes: 75 | - name: tmp-contrail-config 76 | configMap: 77 | name: contrail-config 78 | items: 79 | - key: global-config 80 | path: global.conf 81 | - key: kubemanager-config 82 | path: kubemanager.conf 83 | - name: pod-secret 84 | secret: 85 | secretName: contrail-kube-manager-token 86 | --- 87 | apiVersion: extensions/v1beta1 88 | kind: DaemonSet 89 | metadata: 90 | name: contrail-kubernetes-agent 91 | namespace: kube-system 92 | labels: 93 | app: contrail-kubernetes-agent 94 | spec: 95 | template: 96 | metadata: 97 | labels: 98 | app: contrail-kubernetes-agent 99 | spec: 100 | #Disable affinity for single node setup 101 | affinity: 102 | nodeAffinity: 103 | requiredDuringSchedulingIgnoredDuringExecution: 104 | nodeSelectorTerms: 105 | - matchExpressions: 106 | - key: "opencontrail.org/controller" 107 | operator: NotIn 108 | values: 109 | - "true" 110 | - matchExpressions: 111 | - key: "node-role.kubernetes.io/master" 112 | operator: Exists 113 | #Enable tolerations for single node setup 114 | #tolerations: 115 | #- key: node-role.kubernetes.io/master 116 | # operator: Exists 117 | # effect: NoSchedule 118 | automountServiceAccountToken: false 119 | hostNetwork: true 120 | containers: 121 | - name: contrail-kubernetes-agent 122 | image: "10.84.5.71:5000/contrail-kubernetes-agent-ubuntu14.04:4.0.0.0-20" 123 | imagePullPolicy: "" 124 | command: ["/bin/bash", "-c", "/entrypoint.sh -l"] 125 | securityContext: 126 | privileged: true 127 | volumeMounts: 128 | - mountPath: /tmp/contrailctl 129 | name: contrail-config 130 | - mountPath: /var/lib/contrail/ 131 | name: var-lib-contrail 132 | - mountPath: /host/etc_cni 133 | name: etc-cni 134 | - mountPath: /host/opt_cni_bin 135 | name: opt-cni-bin 136 | # This is a workaround just to make sure the directory is created on host 137 | - mountPath: /var/log/contrail/cni 138 | name: var-log-contrail-cni 139 | - mountPath: /tmp/serviceaccount 140 | name: pod-secret 141 | volumes: 142 | - name: contrail-config 143 | configMap: 144 | name: contrail-config 145 | items: 146 | - key: global-config 147 | path: global.conf 148 | - key: kubernetes-agent-config 149 | path: kubernetesagent.conf 150 | - name: var-lib-contrail 151 | hostPath: 152 | path: /var/lib/contrail/ 153 | - name: etc-cni 154 | hostPath: 155 | path: /etc/cni 156 | - name: opt-cni-bin 157 | hostPath: 158 | path: /opt/cni/bin 159 | - name: var-log-contrail-cni 160 | hostPath: 161 | path: /var/log/contrail/cni/ 162 | - name: pod-secret 163 | secret: 164 | secretName: contrail-kube-manager-token 165 | --- 166 | kind: ClusterRole 167 | apiVersion: rbac.authorization.k8s.io/v1beta1 168 | metadata: 169 | name: contrail-kube-manager 170 | namespace: kube-system 171 | rules: 172 | - apiGroups: ["*"] 173 | resources: ["*"] 174 | verbs: ["*"] 175 | --- 176 | apiVersion: v1 177 | kind: ServiceAccount 178 | metadata: 179 | name: contrail-kube-manager 180 | namespace: kube-system 181 | --- 182 | apiVersion: rbac.authorization.k8s.io/v1beta1 183 | kind: ClusterRoleBinding 184 | metadata: 185 | name: contrail-kube-manager 186 | roleRef: 187 | apiGroup: rbac.authorization.k8s.io 188 | kind: ClusterRole 189 | name: contrail-kube-manager 190 | subjects: 191 | - kind: ServiceAccount 192 | name: contrail-kube-manager 193 | namespace: kube-system 194 | --- 195 | apiVersion: v1 196 | kind: Secret 197 | metadata: 198 | name: contrail-kube-manager-token 199 | namespace: kube-system 200 | annotations: 201 | kubernetes.io/service-account.name: contrail-kube-manager 202 | type: kubernetes.io/service-account-token 203 | -------------------------------------------------------------------------------- /kubernetes/manifests/contrail-host-ubuntu-nested.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: contrail-config 6 | namespace: kube-system 7 | data: 8 | global-config: |- 9 | [GLOBAL] 10 | cloud_orchestrator = kubernetes 11 | config_nodes = 10.10.10.1 12 | controller_nodes = 10.10.10.1 13 | analytics_nodes = 10.10.10.2 14 | nested_mode = True 15 | kubernetes_node_data_interface = eth0 16 | kubemanager-config: |- 17 | [KUBERNETES] 18 | cluster_name = k8s-default 19 | cluster_project = {} 20 | cluster_network = {'domain': 'default-domain', 'project': 'admin', 'name': '__public_network_nested_k8s__'} 21 | service_subnets = 10.96.0.0/12 22 | pod_subnets = 10.32.0.0/12 23 | api_server = 10.84.53.3 24 | [AUTH] 25 | ip = 10.10.10.100 26 | admin_password = c0ntrail123 27 | admin_user = admin 28 | admin_tenant = admin 29 | kubernetes-agent-config: |- 30 | [AGENT] 31 | ip = 10.10.10.101 32 | --- 33 | apiVersion: extensions/v1beta1 34 | kind: DaemonSet 35 | metadata: 36 | name: contrail-kube-manager 37 | namespace: kube-system 38 | labels: 39 | app: contrail-kube-manager 40 | spec: 41 | template: 42 | metadata: 43 | labels: 44 | app: contrail-kube-manager 45 | spec: 46 | affinity: 47 | nodeAffinity: 48 | requiredDuringSchedulingIgnoredDuringExecution: 49 | nodeSelectorTerms: 50 | - matchExpressions: 51 | - key: "opencontrail.org/controller" 52 | operator: In 53 | values: 54 | - "true" 55 | - matchExpressions: 56 | - key: "node-role.kubernetes.io/master" 57 | operator: Exists 58 | tolerations: 59 | - key: node-role.kubernetes.io/master 60 | operator: Exists 61 | effect: NoSchedule 62 | automountServiceAccountToken: false 63 | hostNetwork: true 64 | containers: 65 | - name: contrail-kube-manager 66 | image: "docker.io/opencontrail/contrail-kube-manager-ubuntu16.04:4.0.1.0" 67 | imagePullPolicy: "" 68 | securityContext: 69 | privileged: true 70 | volumeMounts: 71 | - mountPath: /tmp/contrailctl 72 | name: tmp-contrail-config 73 | - mountPath: /tmp/serviceaccount 74 | name: pod-secret 75 | volumes: 76 | - name: tmp-contrail-config 77 | configMap: 78 | name: contrail-config 79 | items: 80 | - key: global-config 81 | path: global.conf 82 | - key: kubemanager-config 83 | path: kubemanager.conf 84 | - name: pod-secret 85 | secret: 86 | secretName: contrail-kube-manager-token 87 | --- 88 | apiVersion: extensions/v1beta1 89 | kind: DaemonSet 90 | metadata: 91 | name: contrail-kubernetes-agent 92 | namespace: kube-system 93 | labels: 94 | app: contrail-kubernetes-agent 95 | spec: 96 | template: 97 | metadata: 98 | labels: 99 | app: contrail-kubernetes-agent 100 | spec: 101 | #Disable affinity for single node setup 102 | affinity: 103 | nodeAffinity: 104 | requiredDuringSchedulingIgnoredDuringExecution: 105 | nodeSelectorTerms: 106 | - matchExpressions: 107 | - key: "opencontrail.org/controller" 108 | operator: NotIn 109 | values: 110 | - "true" 111 | - matchExpressions: 112 | - key: "node-role.kubernetes.io/master" 113 | operator: Exists 114 | #Enable tolerations for single node setup 115 | #tolerations: 116 | #- key: node-role.kubernetes.io/master 117 | # operator: Exists 118 | # effect: NoSchedule 119 | automountServiceAccountToken: false 120 | hostNetwork: true 121 | containers: 122 | - name: contrail-kubernetes-agent 123 | image: "docker.io/opencontrail/contrail-kubernetes-agent-ubuntu16.04:4.0.1.0" 124 | imagePullPolicy: "" 125 | command: ["/bin/bash", "-c", "/entrypoint.sh -l"] 126 | securityContext: 127 | privileged: true 128 | volumeMounts: 129 | - mountPath: /tmp/contrailctl 130 | name: contrail-config 131 | - mountPath: /var/lib/contrail/ 132 | name: var-lib-contrail 133 | - mountPath: /host/etc_cni 134 | name: etc-cni 135 | - mountPath: /host/opt_cni_bin 136 | name: opt-cni-bin 137 | # This is a workaround just to make sure the directory is created on host 138 | - mountPath: /var/log/contrail/cni 139 | name: var-log-contrail-cni 140 | - mountPath: /tmp/serviceaccount 141 | name: pod-secret 142 | volumes: 143 | - name: contrail-config 144 | configMap: 145 | name: contrail-config 146 | items: 147 | - key: global-config 148 | path: global.conf 149 | - key: kubernetes-agent-config 150 | path: kubernetesagent.conf 151 | - name: var-lib-contrail 152 | hostPath: 153 | path: /var/lib/contrail/ 154 | - name: etc-cni 155 | hostPath: 156 | path: /etc/cni 157 | - name: opt-cni-bin 158 | hostPath: 159 | path: /opt/cni/bin 160 | - name: var-log-contrail-cni 161 | hostPath: 162 | path: /var/log/contrail/cni/ 163 | - name: pod-secret 164 | secret: 165 | secretName: contrail-kube-manager-token 166 | --- 167 | kind: ClusterRole 168 | apiVersion: rbac.authorization.k8s.io/v1beta1 169 | metadata: 170 | name: contrail-kube-manager 171 | namespace: kube-system 172 | rules: 173 | - apiGroups: ["*"] 174 | resources: ["*"] 175 | verbs: ["*"] 176 | --- 177 | apiVersion: v1 178 | kind: ServiceAccount 179 | metadata: 180 | name: contrail-kube-manager 181 | namespace: kube-system 182 | --- 183 | apiVersion: rbac.authorization.k8s.io/v1beta1 184 | kind: ClusterRoleBinding 185 | metadata: 186 | name: contrail-kube-manager 187 | roleRef: 188 | apiGroup: rbac.authorization.k8s.io 189 | kind: ClusterRole 190 | name: contrail-kube-manager 191 | subjects: 192 | - kind: ServiceAccount 193 | name: contrail-kube-manager 194 | namespace: kube-system 195 | --- 196 | apiVersion: v1 197 | kind: Secret 198 | metadata: 199 | name: contrail-kube-manager-token 200 | namespace: kube-system 201 | annotations: 202 | kubernetes.io/service-account.name: contrail-kube-manager 203 | type: kubernetes.io/service-account-token 204 | -------------------------------------------------------------------------------- /kubernetes/manifests/tiller.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions/v1beta1 2 | kind: DaemonSet 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app: helm 7 | name: tiller 8 | name: tiller-ds 9 | namespace: kube-system 10 | spec: 11 | template: 12 | metadata: 13 | creationTimestamp: null 14 | labels: 15 | app: helm 16 | name: tiller 17 | spec: 18 | nodeSelector: 19 | node-role.kubernetes.io/master: "" 20 | tolerations: 21 | - key: node-role.kubernetes.io/master 22 | effect: NoSchedule 23 | hostNetwork: true 24 | containers: 25 | - env: 26 | - name: TILLER_NAMESPACE 27 | value: kube-system 28 | image: gcr.io/kubernetes-helm/tiller:v2.4.2 29 | imagePullPolicy: IfNotPresent 30 | livenessProbe: 31 | httpGet: 32 | path: /liveness 33 | port: 44135 34 | initialDelaySeconds: 1 35 | timeoutSeconds: 1 36 | name: tiller 37 | ports: 38 | - containerPort: 44134 39 | name: tiller 40 | readinessProbe: 41 | httpGet: 42 | path: /readiness 43 | port: 44135 44 | initialDelaySeconds: 1 45 | timeoutSeconds: 1 46 | resources: {} 47 | serviceAccountName: "tiller" 48 | volumes: null 49 | 50 | --- 51 | apiVersion: v1 52 | kind: Service 53 | metadata: 54 | creationTimestamp: null 55 | labels: 56 | app: helm 57 | name: tiller 58 | name: tiller-ds 59 | namespace: kube-system 60 | spec: 61 | ports: 62 | - name: tiller 63 | nodePort: 0 64 | port: 44134 65 | protocol: "" 66 | targetPort: tiller 67 | selector: 68 | app: helm 69 | name: tiller 70 | type: ClusterIP 71 | clusterIP: None 72 | status: 73 | loadBalancer: {} 74 | --- 75 | kind: ClusterRole 76 | apiVersion: rbac.authorization.k8s.io/v1beta1 77 | metadata: 78 | name: tiller 79 | namespace: kube-system 80 | rules: 81 | - apiGroups: ["*"] 82 | resources: ["*"] 83 | verbs: ["*"] 84 | --- 85 | apiVersion: v1 86 | kind: ServiceAccount 87 | metadata: 88 | name: tiller 89 | namespace: kube-system 90 | --- 91 | apiVersion: rbac.authorization.k8s.io/v1beta1 92 | kind: ClusterRoleBinding 93 | metadata: 94 | name: tiller 95 | roleRef: 96 | apiGroup: rbac.authorization.k8s.io 97 | kind: ClusterRole 98 | name: tiller 99 | subjects: 100 | - kind: ServiceAccount 101 | name: tiller 102 | namespace: kube-system 103 | -------------------------------------------------------------------------------- /specs/docker-HA.md: -------------------------------------------------------------------------------- 1 | # Introduction 2 | The purpose of this document is to describe the requirements and design considerations for deploying 3 | containerized contrail subsystems in High Availability mode. 4 | 5 | Following container subsystems can be deployed in HA mode, 6 | 7 | - **contrail-lb** 8 | - **contrail-controller** 9 | - **contrail-analytics** 10 | - **contrail-analyticsdb** 11 | 12 | 13 | ## contrail-lb 14 | Contrail loadbalancer container **contrail-lb** runs HAProxy and BIRD(http://bird.network.cz/?get_doc&f=bird-6.html) protocol 15 | - **HAProxy**: Used to loadbalance across the mulitple instance of contrail services 16 | - **BIRD**: To deploy **contrail-lb** in Highly Available mode. 17 | 18 | **contrail-lb** containers are expected to be deployed in different set of hosts. However it can also be deployed 19 | in the same hosts where **contrail-controller** containers are deployed. 20 | 21 | 22 | ## contrail-controller 23 | Contrail controller container **contrail-controller** runs following services that can be 24 | scaled/clustered, 25 | 26 | - **contrail-api**: Scaled up; loadbalanced by HAProxy running in the **contrail-lb** containers. 27 | All clients will connect to the Loadbalancer IP to communicate with contrail-api. 28 | 29 | - **contrail-discovery**: Scaled up; loadbalanced by HAProxy running in the **contrail-lb** containers. 30 | All clients will connect to the Loadbalancer IP to communicate with contrail-discovery. 31 | 32 | - **cassandra**: Clustered; cassandra/client libraries has got in-built loadbalancing and failure detection 33 | mechanisam, So no need for cassandra to be behind HAProxy. However mulitple instances needs 34 | to be clustered during depolyment of **contrail-controller** containers. All clients will 35 | connect to list of contrail-controller container ip's to communicate with cassandra. 36 | 37 | - **zookeeper**: Clustered; zookeeper/client libraries has got in-built High avalability using 38 | leader/follower architecture, So no need for zookeeper to be behind HAProxy. However mulitple 39 | instances needs to be clustered during depolyment of **contrail-controller** containers. 40 | All clients will connect to list of contrail-controller container ip's to communicate with zookeeper. 41 | 42 | - **rabbitmq**: Clustered; rabitmq/client libraries can handle multiple rabbit. However mulitple instances needs 43 | to be clustered and mirrorind the Queues during depolyment of **contrail-controller** containers. 44 | All clients will connect to list of contrail-controller container ip's to communicate with rabbitmq. 45 | 46 | **NOTE:** Only ODD number of contrail-controllers are supported as we have a limitation with zookeeper for 47 | leader/follower election. 48 | 49 | 50 | ## contrail-analytics 51 | Contrail analytics container **contrail-analytics** runs **contrail-analytics-api** service that can be 52 | scaled. 53 | 54 | - **contrail-analytica-api**: Scaled up; loadbalanced by HAProxy running in the **contrail-lb** containers. 55 | All clients will connect to the Loadbalancer IP to communicate with to 56 | contrail-analytics-api. 57 | 58 | ## contrail-analyticsdb 59 | Contrail analytcsdb container **contrail-controller** runs following services that can be clustered, 60 | 61 | - **cassandra**: Clustered; cassandra/client libraries has got in-built loadbalancing and failure detection 62 | mechanisam, So no need for cassandra to be behind HAProxy. However mulitple instances needs 63 | to be clustered during depolyment of **contrail-analyticsdb** containers. All clients will 64 | connect to list of contrail-analyticsdb container ip's to communicate with cassandra. 65 | 66 | - **kafka**: Clusterd; Kafka uses zookeeper cluster running in the **contrail-controller** containers. Multiple 67 | instances of kafka needs to be clusters during deployment of **contrail-analyticsdb** containers. 68 | All clients will connect to list of contrail-analyticsdb container ip's to communicate with kafka. 69 | 70 | 71 | ## Related repositories 72 | 73 | https://github.com/Juniper/contrail-docker: This repository will have all container building and supporting code. 74 | 75 | https://github.com/Juniper/contrail-ansible: This repo will have all ansible code to support build, configure and 76 | orchestrate the containers built and overall system setup. 77 | -------------------------------------------------------------------------------- /specs/docker-build.md: -------------------------------------------------------------------------------- 1 | # Contrail-docker image build process 2 | 3 | ## High level requirements and design proposals and decisions 4 | 5 | * All the containers should be built as part of nightly build 6 | * Build process should be as generic as possible to be used in in Juniper contrail build as well as public opencontrail 7 | build process 8 | * Actual container build process should assume to use publically available build mechanism/artifacts - e.g, 9 | contrail-install-packages tar/deb/rpm are only available in juniper contrail, so we should not use it. 10 | * This should be completely self-contained with minimal assumptions 11 | * You may provide existing artifacts as input to the build process, but if they are not available, it 12 | should be able to create those artifacts from publically available sources. E.g Contrail packages or package 13 | repository may be provided, but if not found, it should be able to build them from the source. 14 | * The build workflow should be implemented as make targets 15 | * The end-to-end build workflow should be as much simple as possible in user perspective, so people (even public users) 16 | should be able to build contrail system from scratch without digging much into its technical implementations for both 17 | opencontrail as well juniper contrail. 18 | 19 | ## More into the implementation 20 | 21 | * Complete workflow should be implemented as make targets without minimal external scripts. 22 | * **package-build:** This step is mostly be an optional one and only run automatically if **contrail-repo** fail to 23 | find out the packages or packages tar file. This will build the contrail specific packages from publically available 24 | sources. The idea here is to make the entire build as easy as possible so that one should be able to build juniper 25 | contrail/opencontrail containers with single (or may be couple of) make command[s]. 26 | * **prep:** This step is a preparation step for actual build process 27 | * **contrail-repo:** This step to build a contrail-repo container to be used by rest of the build process 28 | * Moved any juniper contrail specific requirements such as to use contrail-install-packages tar file to a "prep" target 29 | * Create a contrail-repo container[s] in the prep step, which will have all contrail specific packages for a version 30 | and it should be used by further build process to get the packages from instead of making each local package repos. 31 | This should help to make the build process generic to use it by public users for opencontrail build. 32 | * After creating the repo container, prep step should start that container in tbe build node so that it can be used as 33 | local network repo for further container build process. 34 | * All contrail component container build process should use above mentioned container based repo to get the packages. 35 | This repo should have highest priority so that in case of conflicting packages between contrail-repo and other repos, 36 | packages should be selected from contrail-repo 37 | * This step have a dependency on package tar (or packages directory). In case it is not provided or dont have 38 | access to them, it should call a **package-build** step 39 | * **contrail-ansible:** This target will check for any existing artifact provided for contrail-ansible, and if not 40 | provided or not accessible, will create that artifact from git repo and reference provided. Here is the process 41 | of creating this artifact from git repo 42 | * Code will be pulled from provided git repo and checked out to provided reference - reference can be a commit 43 | id, a branch name, or tag. By default it consider master of https://github.com/juniper/contrail-ansible.git 44 | * It will run ansible-galaxy to pull all dependency ansible code which are mentioned in requirements.yml inside 45 | contrail-ansible. Note that It will help to recursively pull all dependency tree and not only the dependencies 46 | provided in the requirements.yml, but the complete dependency tree. 47 | * Then it will create a tar of it and name it after contrail-version (e.g contrail-ansible-3.1.1.0-29.tar.gz) 48 | * **all**: This is the default target and this target will build all contrail container images and make it available 49 | to save it in a tar file or to push it to a docker registry. This is dependent on **prep** so if it did not find 50 | prep is not done already, it will run that step. 51 | * **save**: This is to save the containers to specified archive location. This can either save already built containers 52 | and if it did not find any containers built, it will build them by calling container building targets which will 53 | intern call other targets like **prep** and all if required and then save it in the location provided 54 | * **push**: This one is to push the containers to provided docker registry, it will act same way as **save** 55 | * **clean**: This will cleanup the workspace by doing: 56 | * Remove contrail-repo container 57 | * Remove all temporary files and temporary artifacts created 58 | * Remove all container images created locally - this should be optional, one may choose to keep them locally, so 59 | further image build can be incremental to those images. 60 | 61 | 62 | ## Related repositories 63 | https://github.com/Juniper/contrail-docker: This repository will have all container building and supporting code. 64 | 65 | https://github.com/Juniper/contrail-ansible: This repo will have all ansible code to support build, configure and 66 | orchestrate the containers built and overall system setup. 67 | 68 | Note that there could be bunch of repositories to be added here which are related to package build, which are TBD. 69 | -------------------------------------------------------------------------------- /specs/images/contrail-containers-network-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Juniper/contrail-docker/69e172ab30794b14a405e42df217e696090bd472/specs/images/contrail-containers-network-diagram.png -------------------------------------------------------------------------------- /specs/images/contrailctl.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Juniper/contrail-docker/69e172ab30794b14a405e42df217e696090bd472/specs/images/contrailctl.jpg -------------------------------------------------------------------------------- /tools/python-contrailctl/README.md: -------------------------------------------------------------------------------- 1 | # contrailctl 2 | A tool to manage contrail services configuration running within the container. 3 | -------------------------------------------------------------------------------- /tools/python-contrailctl/contrailctl/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Juniper/contrail-docker/69e172ab30794b14a405e42df217e696090bd472/tools/python-contrailctl/contrailctl/__init__.py -------------------------------------------------------------------------------- /tools/python-contrailctl/contrailctl/config.py: -------------------------------------------------------------------------------- 1 | import ConfigParser 2 | import ast 3 | import re 4 | import os 5 | 6 | 7 | def read_config(config_file): 8 | config = ConfigParser.ConfigParser() 9 | config.read(config_file) 10 | return config 11 | 12 | 13 | class Configurator(object): 14 | 15 | def __init__(self, master_config_file, param_map, component): 16 | """Prepare configuration dict in a form that can be passed to ansible as variables 17 | :param master_config_file: container specific master config file 18 | """ 19 | self.master_config_file = master_config_file 20 | self.master_config = read_config(self.master_config_file) 21 | self.param_map = param_map 22 | self.component = component 23 | 24 | @staticmethod 25 | def eval(data): 26 | if isinstance(data, str): 27 | if re.match(r"^\[.*\]$", data) or re.match(r"^\{.*\}$", data): 28 | return ast.literal_eval(data) 29 | elif data.lower() in ("yes", "true", "no", "false"): 30 | return data.lower() in ("yes", "true") 31 | else: 32 | return data 33 | else: 34 | return data 35 | 36 | def get_config_dict(self): 37 | """ Get the config data as dictionary 38 | :return: config dictionary 39 | """ 40 | config_dict = {} 41 | for section in self.master_config.sections(): 42 | config_dict[section] = {} 43 | for option in self.master_config.options(section): 44 | config_dict[section][option] = self.eval(self.master_config.get(section, option)) 45 | return config_dict 46 | 47 | def map(self, config_dict): 48 | """ 49 | :param config_dict: config dictionary to be populated, the system may have to get multiple instances of 50 | Configurator in which case this config_dict should not be overwritten, so it always get updated 51 | :return: loaded config_dict 52 | """ 53 | cctl_envs={k.replace('CCTL_','').lower(): self.eval(v) for k, v in os.environ.items() if 'CCTL_' in k} 54 | for section in self.master_config.sections(): 55 | for param, value in self.master_config.items(section): 56 | if param in self.param_map.get(section, {}): 57 | config_dict.update({self.param_map[section][param]: self.eval(value)}) 58 | elif section == 'GLOBAL' or section == self.component.upper(): 59 | config_dict.update({param: self.eval(value)}) 60 | else: 61 | config_dict.update({"{}_{}".format(section.lower(), param): self.eval(value)}) 62 | 63 | config_dict.update(cctl_envs) 64 | return config_dict 65 | -------------------------------------------------------------------------------- /tools/python-contrailctl/contrailctl/k8s_modify_config.py: -------------------------------------------------------------------------------- 1 | import ConfigParser 2 | import os 3 | import socket 4 | import time 5 | 6 | CONTRAILCTL_DIR = "/etc/contrailctl/" 7 | TOKEN_FILE = "/tmp/serviceaccount/token" 8 | 9 | AGENT_DATA = ("global", "agent") 10 | KUBEMANAGER_DATA = ("global", "kubemanager") 11 | KUBERNETESAGENT_DATA = ("global", "kubernetesagent") 12 | 13 | DUMMY_IP = "1.1.1.1" 14 | DUMMY_PORT = 80 15 | 16 | class K8sModifyConfig(object): 17 | 18 | def __init__(self, contrail_role, tmp_conf_dir, config_file): 19 | """ Modifies the temporary config given through the single yaml file 20 | to add options like token and pod_ip for the necessary sections 21 | """ 22 | self.component = contrail_role 23 | self.tmp_conf_dir = tmp_conf_dir 24 | self.config_file = config_file 25 | 26 | if not self.tmp_conf_dir.endswith("/"): 27 | self.tmp_conf_dir += "/" 28 | 29 | self._get_filename = lambda data_name: self.tmp_conf_dir + data_name + ".conf" 30 | 31 | if not os.path.exists(CONTRAILCTL_DIR): 32 | os.makedirs(CONTRAILCTL_DIR) 33 | 34 | def _get_config_from_files(self, file_list): 35 | """ Reads ini config from the input file list provided and 36 | returns ConfigParser object 37 | """ 38 | if type(file_list) is not list: 39 | file_list = [file_list] 40 | # Waiting for volume files /tmp/contrailctl/* to be mounted 41 | for count in range(180): 42 | file_exists_list = [os.path.exists(fname) for fname in file_list] 43 | if False in file_exists_list: 44 | time.sleep(1) 45 | continue 46 | else: 47 | break 48 | if False in file_exists_list: 49 | print("One of the file in %s does not exist" %file_list) 50 | return False 51 | 52 | config_object = ConfigParser.ConfigParser() 53 | config_object.read(file_list) 54 | return config_object 55 | 56 | def merge_update_sections_agent(self): 57 | """ Merges the section and update for agent role """ 58 | self.config_files = map(self._get_filename, AGENT_DATA) 59 | agent_config = self._get_config_from_files(self.config_files) 60 | if not agent_config: 61 | return False 62 | if not agent_config.has_option("AGENT", "ctrl_data_network"): 63 | pod_ip = self._get_pod_ip() 64 | agent_config.set("AGENT", "ctrl_data_ip",value=pod_ip) 65 | 66 | # Adding kubernetes section to agent config 67 | agent_config.add_section("KUBERNETES") 68 | k8s_api_server = self._get_k8s_api_server() 69 | agent_config.set("KUBERNETES", "api_server",value=k8s_api_server) 70 | agent_config = self._update_k8s_token(agent_config, "KUBERNETES") 71 | self._write_contrailctl_file(agent_config) 72 | return True 73 | 74 | def merge_update_sections_kubemanager(self): 75 | """ Merges the section and update for kubemanager role """ 76 | self.config_files = map(self._get_filename,KUBEMANAGER_DATA) 77 | kubemanager_config = self._get_config_from_files(self.config_files) 78 | if not kubemanager_config: 79 | return False 80 | kubemanager_config = self._update_k8s_token(kubemanager_config, "KUBERNETES") 81 | self._write_contrailctl_file(kubemanager_config) 82 | return True 83 | 84 | def merge_update_sections_kubernetesagent(self): 85 | """ Merges the section and update for kubernetesagent role """ 86 | self.config_files = map(self._get_filename,KUBERNETESAGENT_DATA) 87 | kubernetesagent_config = self._get_config_from_files(self.config_files) 88 | if not kubernetesagent_config: 89 | return False 90 | self._write_contrailctl_file(kubernetesagent_config) 91 | return True 92 | 93 | def _write_contrailctl_file(self, role_config): 94 | """ Write role config to the contrailcltl file """ 95 | with open(self.config_file, 'w') as contrailctl_file: 96 | role_config.write(contrailctl_file) 97 | 98 | def _update_k8s_token(self, role_config, section): 99 | """ Update config_obj with token value in the given section """ 100 | token = self._get_k8s_token() 101 | role_config.set(section, "token",value=token) 102 | return role_config 103 | 104 | def _get_k8s_token(self): 105 | """ Reads token file and returns token value """ 106 | try: 107 | tf = open(TOKEN_FILE) 108 | token = tf.read() 109 | tf.close() 110 | return token 111 | except Exception as e: 112 | print("Error while getting token from file: %s, error: %s"%(TOKEN_FILE, e)) 113 | return None 114 | 115 | def _get_k8s_api_server(self): 116 | """ Reads kubemanager.conf to get the k8s_api_server""" 117 | kubemanager_file = self.tmp_conf_dir + "kubemanager.conf" 118 | kubemanager_config = self._get_config_from_files(kubemanager_file) 119 | if not kubemanager_config: 120 | return "" 121 | if kubemanager_config.has_option("KUBERNETES", "api_server"): 122 | k8s_api_server = kubemanager_config.get("KUBERNETES", "api_server") 123 | else: 124 | k8s_api_server = "" 125 | return k8s_api_server 126 | 127 | def _get_pod_ip(self): 128 | """ With simple test, gets the default ip address """ 129 | s_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 130 | s_socket.connect((DUMMY_IP, DUMMY_PORT)) 131 | return s_socket.getsockname()[0] 132 | -------------------------------------------------------------------------------- /tools/python-contrailctl/contrailctl/map.py: -------------------------------------------------------------------------------- 1 | # This file contain parameter maps between container specific configuration 2 | # entries and ansible variables. This will be used to write/update ansible 3 | # variables to sync with per container configuration 4 | # 5 | # Here below explained the default parameter mapping behavior: 6 | # 1. Parameter in DEFAULT section is mapped to same name in variable definition 7 | # i.e a parameter controller_list in [GLOBAL] section will be mapped to 8 | # same parameter in ansible variable definition file under group_vars. 9 | # 2. Parameters in Other sections will be appended with the lower cased secion 10 | # names. i.e, a parameter "server_port" in [IFMAP] section is translated to 11 | # ifmap_server_port for ansible variable definition 12 | # 13 | # Default maps doesnt need to be added here, all non-default map must be 14 | # specified here. 15 | 16 | LB_PARAM_MAP = dict( 17 | HAPROXY=dict( 18 | user="haproxy_auth_user", 19 | password="haproxy_auth_password", 20 | ), 21 | HAPROXY_TORAGENT=dict( 22 | haproxy_toragent_config="haproxy_toragent_config" 23 | ) 24 | ) 25 | 26 | CONTROLLER_PARAM_MAP = dict( 27 | CONTROL=dict( 28 | bgp_port="bgp_port", 29 | xmpp_server_port="xmpp_server_port", 30 | sandesh_send_rate_limit="sandesh_send_rate_limit" 31 | ), 32 | DNS=dict( 33 | named_config_file="named_config_file", 34 | named_config_directory="named_config_directory", 35 | named_log_file="named_log_file", 36 | rndc_config_file="rndc_config_file", 37 | rndc_secret="rndc_secret", 38 | dns_server_port="dns_server_port", 39 | ), 40 | API=dict( 41 | list_optimization_enabled="list_optimization_enabled", 42 | ), 43 | WEBUI=dict( 44 | webui_storage_enable="webui_storage_enable", 45 | compute_manager_ip="compute_manager_ip", 46 | image_manager_ip="image_manager_ip", 47 | network_manager_ip='network_manager_ip', 48 | ) 49 | ) 50 | 51 | ANALYTICS_PARAM_MAP = {} 52 | ANALYTICSDB_PARAM_MAP = {} 53 | AGENT_PARAM_MAP = {} 54 | KUBEMANAGER_PARAM_MAP = {} 55 | KUBERNETESAGENT_PARAM_MAP = {} 56 | MESOSMANAGER_PARAM_MAP = {} 57 | CEPHCONTROLLER_PARAM_MAP = dict( 58 | CEPH_CONTROLLER=dict( 59 | cluster_fsid="cluster_fsid", 60 | ceph_monip_list="ceph_monip_list", 61 | ceph_monname_list="ceph_monname_list", 62 | mon_key="mon_key", 63 | osd_key="osd_key", 64 | adm_key="adm_key", 65 | ceph_rest_api_port="ceph_rest_api_port", 66 | enable_stats_daemon="enable_stats_daemon", 67 | ) 68 | ) 69 | CONTRAIL_ISSU_MAP = {} 70 | VCENTER_PLUGIN_MAP = {} 71 | -------------------------------------------------------------------------------- /tools/python-contrailctl/examples/configs/analyticsdb.conf: -------------------------------------------------------------------------------- 1 | [GLOBAL] 2 | # All global configurations which would affect multiple sections or globally 3 | # applicable configurations would be coming here. 4 | # 5 | 6 | # Default log_level 7 | # log_level = SYS_NOTICE 8 | 9 | # cloud_orchestrator - what cloud orchestrator is being used. Valid options: 10 | # kubernetes, openstack, mesos 11 | # cloud_orchestrator = kubernetes 12 | 13 | # hosts_entries: (OPTIONAL) a dict in form of {name1: 1.1.1.1, name2: 1.1.1.2} 14 | # In multi-controller systems, all hosts in the cluster should be reachable 15 | # using its own hostname which is requirement for rabbitmq, so for that /etc/hosts 16 | # entries are required, unless there is an external dns infrastructure to support it 17 | # Alternatively one can write /etc/hosts entries on the host before starting 18 | # the container, in which case container will take those entries. 19 | # hosts_entries = {"host1": "1.1.1.1", "host2": "1.1.1.2"} 20 | 21 | # controller_ip - An IP address using which one can connect to all public 22 | # services within controller container. This can be a virtual IP handled by 23 | # load balancer in case of multi-node controllers. This will be configured 24 | # in various contrail services configurations to connect to other set of 25 | # services like discovery_server_ip. 26 | # controller_ip = 127.0.0.1 27 | # 28 | # controller_nodes - Comma separated list of controller server IP 29 | # addresses - this will be used to configure rabbitmq, zookeeper, cassandra 30 | # servers in various contrail service configurations and configure 31 | # load balancer for variuos contrail services that needed to be loadbalanced 32 | # controller_nodes = 127.0.0.1 33 | # 34 | # analyticsdb_nodes - Comma separated list of analyticsdb server IP addresses. 35 | # IP Addresses on which cassandra is supposed to listen 36 | # analyticsdb_nodes = 192.168.0.10 37 | 38 | # analytics_nodes - Comma separated list of analytics server IP addresses 39 | # analytics_nodes = 127.0.0.1 40 | 41 | # analyticsdb_seed_list is to support adding new nodes to existing cluster, in 42 | # which case analyticsdb_seed_list is the list of existing servers in the cluster 43 | # and this list will be used for various clusters like cassandra 44 | # to join new nodes to them 45 | # analyticsdb_seed_list = ["12.0.0.1"] 46 | 47 | # Enable/Disable ssl for sandesh connection 48 | # sandesh_ssl_enable = False 49 | 50 | # Enable/Disable ssl for introspect connection 51 | # introspect_ssl_enable = False 52 | 53 | # Minimum disk in GB for analytics DB 54 | # analyticsdb_minimum_diskgb = 40 55 | # analyticsdb_cql_port = 9042 56 | 57 | # [KEYSTONE] - Section to get informtion about the keystone to be used by contrail, 58 | # Required only when orchestration is 'openstack' and keystone is managed 59 | # externally out of ansible. 60 | # 61 | #[KEYSTONE] 62 | # version - Version of keystone to be used. 63 | # version = v2.0 64 | 65 | # ip - Ip address of the host running keystone 66 | # ip = 127.0.0.1 67 | 68 | # admin_port - Keystone admin port in which the keystone is listening. 69 | # admin_port = 35357 70 | 71 | # public_port - Keystone public port in which the keystone is listening. 72 | # public_port = 5000 73 | 74 | # auth_protocol - Protocol used by keystone(http/https) 75 | # auth_protocol = http 76 | 77 | # admin_user - Name of the admin user in keystone. 78 | # admin_user = admin 79 | 80 | # admin_password - Password of the keystone admin user. 81 | # admin_password = admin 82 | 83 | # admin_tenant - keystone admin tenant's name. 84 | # admin_tenant = admin 85 | 86 | #insecure - Whether to validate Keystone SSL certificate. 87 | #insecure = False 88 | 89 | #certfile - Keystone SSL certificate to install and use for API ports 90 | #certfile = /etc/contrailctl/ssl/server.pem 91 | 92 | #keyfile - Keystone SSL key to use with certificate. 93 | #keyfile = /etc/contrailctl/ssl/server-privatekey.pem 94 | 95 | #cafile - Keystone SSL CA to use with the certificate and key provided 96 | #Required only if using privately signed certfile and keyfile 97 | #cafile = /etc/contrailctl/ssl/ca-cert.pem 98 | 99 | # Region name for OpenStack communications 100 | # region_name = RegionOne 101 | 102 | [CASSANDRA] 103 | # Cassandra version 104 | # version = 2.2 105 | # version_branch = 2.2 106 | # 107 | # Directory to store commitlogs. In case of any high performance disk mounted, 108 | # it is prefered to use that for this 109 | # commitlog_dir = /var/lib/cassandra/commitlog 110 | # 111 | # The directory location where table key and row caches are stored 112 | # saved_caches_dir = /var/lib/cassandra/saved_caches 113 | # 114 | # data_dirs - A list of directory location where table data is stored (in SSTables). 115 | # This is setup as list representation. Cassandra distributes data evenly across the 116 | # location, subject to the granularity of the configured compaction strategy. 117 | # data_dirs = ["/var/lib/cassandra/data"] 118 | # 119 | # listen_address - This must be an IP address - not 0.0.0.0 120 | # listen_address = 192.168.0.10 ; Default is first found IP address on the machine 121 | # 122 | # JAVA memory configurations 123 | # java_max_heap_size = 512M 124 | # java_max_heap_newsize = 100M 125 | -------------------------------------------------------------------------------- /tools/python-contrailctl/examples/configs/cephcontroller.conf: -------------------------------------------------------------------------------- 1 | [GLOBAL] 2 | # All global configurations which would affect multiple sections or globally 3 | # applicable configurations would be coming here. 4 | # 5 | 6 | # Default log_level 7 | # log_level = SYS_NOTICE 8 | 9 | # analytics_list - An array/list representation of analytics server 10 | # IP addresses, which will be used to configure hproxy backend servers 11 | # for contrail-analytics-api 12 | # analytics_list = ["1.1.1.1", "1.1.1.2", "1.1.1.3"] 13 | 14 | [CEPH_CONTROLLER] 15 | # cluster_fsid - Ceph cluster fsid 16 | # cluster_fsid = 5ff99c19-ef3e-4636-a839-7da66af8820a 17 | # ceph_monip_list - list of ceph monitor ips 18 | # ceph_monip_list = ['1.1.1.1', '1.1.1.2', '1.1.1.3'] 19 | # ceph_monname_list - list of ceph monitor hostnames 20 | # ceph_monname_list = ['ceph-mon1', 'ceph-mon2', 'ceph-mon-3'] 21 | # mon_key - monitor authentication key 22 | # mon_key = AQCnB/hYkDmuEBAATQaGd36bpg+rpSYds6At4w== 23 | # osd_key - bootstrap osd authentication key 24 | # osd_key = AQCnB/hY2+NwERAA1T9N+0Uw0bjXqXCPB48KSA== 25 | # adm_key - admin authentication key 26 | # adm_key = AQCnB/hYwksrEhAAZgJTUpMntPqXq18JFiyNYw== 27 | # ceph_rest_api_port = 5005 28 | # enable_stats_daemon = True 29 | -------------------------------------------------------------------------------- /tools/python-contrailctl/examples/configs/kubemanager.conf: -------------------------------------------------------------------------------- 1 | [GLOBAL] 2 | # All global configurations which would affect multiple sections or globally 3 | # applicable configurations would be coming here. 4 | # 5 | # Default log_level 6 | # log_level = SYS_NOTICE 7 | 8 | # cloud_orchestrator - what cloud orchestrator is being used. Valid options: 9 | # kubernetes, openstack, mesos 10 | # cloud_orchestrator = kubernetes 11 | 12 | # hosts_entries: (OPTIONAL) a dict in form of {name1: 1.1.1.1, name2: 1.1.1.2} 13 | # In multi-controller systems, all hosts in the cluster should be reachable 14 | # using its own hostname which is requirement for rabbitmq, so for that /etc/hosts 15 | # entries are required, unless there is an external dns infrastructure to support it 16 | # Alternatively one can write /etc/hosts entries on the host before starting 17 | # the container, in which case container will take those entries. 18 | # hosts_entries = {"host1": "1.1.1.1", "host2": "1.1.1.2"} 19 | 20 | # controller_ip - An IP address using which one can connect to all public 21 | # services within controller container. This can be a virtual IP handled by 22 | # load balancer in case of multi-node controllers. This will be configured in 23 | # various contrail services configurations to connect to other set of services 24 | # controller_ip = 127.0.0.1 25 | # 26 | # controller_nodes - Comma separated list of controller server IP addresses 27 | # this will be used to configure rabbitmq, zookeeper, cassandra servers in 28 | # various contrail service configurations and configure load balancer for 29 | # variuos contrail services that needed to be loadbalanced 30 | # controller_nodes = 127.0.0.1 31 | 32 | # analytics_nodes - Comma separated list of analytics server IP addresses 33 | # analytics_nodes = 127.0.0.1 34 | 35 | # Enable/Disable ssl for sandesh connection 36 | # sandesh_ssl_enable = False 37 | 38 | # Enable/Disable ssl for introspect connection 39 | # introspect_ssl_enable = False 40 | 41 | # nested_mode - whether to enable nested mode kubernetes True/False 42 | # nested_mode = False 43 | 44 | # token - This is the kubernetes api server access token. 45 | # token = 46 | -------------------------------------------------------------------------------- /tools/python-contrailctl/examples/configs/lb.conf: -------------------------------------------------------------------------------- 1 | [GLOBAL] 2 | # All global configurations which would affect multiple sections or globally 3 | # applicable configurations would be coming here. 4 | # 5 | # 6 | # controller_nodes - Comma separated list of controller server 7 | # IP addresses, which will be used to configure hproxy backend servers 8 | # for api-server, and neutron 9 | # controller_nodes = 1.1.1.1,1.1.1.2,1.1.1.3 10 | 11 | # hosts_entries: (OPTIONAL) a dict in form of {name1: 1.1.1.1, name2: 1.1.1.2} 12 | # In multi-controller systems, all hosts in the cluster should be reachable 13 | # using its own hostname which is requirement for rabbitmq, so for that /etc/hosts 14 | # entries are required, unless there is an external dns infrastructure to support it 15 | # Alternatively one can write /etc/hosts entries on the host before starting 16 | # the container, in which case container will take those entries. 17 | # hosts_entries = {"host1": "1.1.1.1", "host2": "1.1.1.2"} 18 | 19 | # analytics_nodes - Comma separated list of analytics server 20 | # IP addresses, which will be used to configure hproxy backend servers 21 | # for contrail-analytics-api 22 | # analytics_nodes = 1.1.1.1,1.1.1.2,1.1.1.3 23 | 24 | #apiserver_auth_protocol - api-server auth protocol 25 | #apiserver_auth_protocol = http 26 | 27 | #apiserver_insecure - Whether to validate api-server SSL certificate. 28 | #apiserver_insecure = False 29 | 30 | #apiserver_certfile - api-server SSL certificate to install and use for API ports 31 | #apiserver_certfile = /etc/contrailctl/ssl/server.pem 32 | 33 | #apiserver_keyfile - api-server SSL key to use with certificate. 34 | #apiserver_keyfile = /etc/contrailctl/ssl/server-privatekey.pem 35 | 36 | #apiserver_cafile - api-server SSL CA to use with the certificate and key provided 37 | #Required only if using privately signed certfile and keyfile 38 | #apiserver_cafile = /etc/contrailctl/ssl/ca-cert.pem 39 | 40 | [HAPROXY] 41 | # haproxy_auth_user - auth user to access haproxy stats 42 | # haproxy_auth_user = "haproxy" 43 | # haproxy_auth_password - auth user's password to access haproxy stats 44 | # haproxy_auth_password = "secret123" 45 | 46 | [HAPROXY_TORAGENT] 47 | # haproxy_toragent_config - the tor agent dictionary from inventory 48 | # haproxy_toragent_config = {'10.204.216.34': [{'tor_agent_ovs_ka': '1000', 'tor_product_name': 'qfx1', 'tor_vendor_name': 'Juniper', 'tor_http_server_port': '9090', 'tor_agent_id': '1', 'tor_ovs_port': '9999', 'tor_ip': '10.204.221.35', 'tor_tsn_ip': '10.204.221.33', 'tor_name': 'contrail-tor-1', 'tor_tunnel_ip': '10.204.216.54', 'tor_ovs_protocol': 'tcp', 'tor_tsn_name': 'tsn1', 'tor_agent_name': 'agent1'}], '10.204.216.33': [{'tor_agent_ovs_ka': '1000', 'tor_product_name': 'qfx1', 'tor_vendor_name': 'Juniper', 'tor_http_server_port': '9091', 'tor_agent_id': '1', 'tor_ovs_port': '9999', 'tor_ip': '10.204.221.35', 'tor_tsn_ip': '10.204.221.34', 'tor_name': 'contrail-tor-1', 'tor_tunnel_ip': '10.204.216.54', 'tor_ovs_protocol': 'pssl', 'tor_tsn_name': 'tsn2', 'tor_agent_name': 'agent2'}]} 49 | -------------------------------------------------------------------------------- /tools/python-contrailctl/requirements.txt: -------------------------------------------------------------------------------- 1 | ansible 2 | jsonschema 3 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/agent.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail controller configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "KEYSTONE": { 12 | "$ref": "definitions.json#/definitions/keystone_config" 13 | }, 14 | "KUBERNETES": { 15 | "id": "kubernetes", 16 | "type": "object", 17 | "description": "KUBERNETES configuration section", 18 | "additionalProperties": false, 19 | "properties": { 20 | "api_server": { 21 | "description": "kubernetes api server ip", 22 | "type": "string" 23 | }, 24 | "token": { 25 | "description": "aaa token to communicate to kubernetes api server ip", 26 | "type": "string" 27 | } 28 | } 29 | }, 30 | "AGENT": { 31 | "id": "agent", 32 | "type": "object", 33 | "description": "AGENT configuration section", 34 | "additionalProperties": false, 35 | "properties": { 36 | "vrouter_physical_interface": { 37 | "description": "physical interface used by vhost interface", 38 | "type": "string" 39 | }, 40 | "vrouter_physical_interface_detected": { 41 | "description": "physical interface used by vhost interface that is detected by agent container ansible code", 42 | "type": "string" 43 | }, 44 | "ctrl_data_network": { 45 | "description": "Control data network(Optional)", 46 | "type": "string" 47 | }, 48 | "ctrl_data_ip": { 49 | "description": "Control data ip provided (Optional)", 50 | "type": "string" 51 | }, 52 | "compile_vrouter_module": { 53 | "description": "Whether to compile vrouter module or not", 54 | "type": "boolean" 55 | }, 56 | "vrouter_agent_ip": { 57 | "description": "vrouter agent ip", 58 | "type": "string" 59 | }, 60 | "non_mgmt_ip": { 61 | "description": "vrouter non mgmt interface ip", 62 | "type": "string" 63 | }, 64 | "non_mgmt_gw": { 65 | "description": "vrouter non mgmt interface gw", 66 | "type": "string" 67 | }, 68 | "gateway_mode": { 69 | "description": "agent gateway mode", 70 | "type": "string" 71 | }, 72 | "qos_queue_id_list": { 73 | "description": "List of hardware queues id", 74 | "type": "array" 75 | }, 76 | "qos_logical_queue_list": { 77 | "description": "qos logical queue mapping for a hw queue", 78 | "type": "array" 79 | }, 80 | "qos_default_nic_queue": { 81 | "description": "qos default hw queue", 82 | "type": "boolean" 83 | }, 84 | "qos_priority_tagging": { 85 | "description": "qos priority tagging knob", 86 | "type": "boolean" 87 | }, 88 | "priority_id_list": { 89 | "description": "priority group id list", 90 | "type": "array" 91 | }, 92 | "priority_scheduling_list": { 93 | "description": "priority group scheduling algo list", 94 | "type": "array" 95 | }, 96 | "priority_bandwidth_list": { 97 | "description": "priority group bandwidth list", 98 | "type": "array" 99 | }, 100 | "vgw_intf_list": { 101 | "description": "vgw intf list", 102 | "type": "array" 103 | }, 104 | "vgw_public_subnet_list": { 105 | "description": "vgw public subnet list", 106 | "type": "array" 107 | }, 108 | "vgw_public_vn_name_list": { 109 | "description": "vgw public vn name list", 110 | "type": "array" 111 | }, 112 | "vgw_gateway_route_list": { 113 | "description": "vgw gateway route list", 114 | "type": "array" 115 | }, 116 | "vrouter_module_params": { 117 | "description": "vrouter module params", 118 | "type": "string" 119 | }, 120 | "compute_controller_list": { 121 | "description": "list of controller nodes", 122 | "type": "array" 123 | }, 124 | "metadata_ssl_enable": { 125 | "description": "Knob to enable ssl for openstack metadata service", 126 | "type": "boolean" 127 | }, 128 | "tsn_evpn_mode": { 129 | "description": "Knob to enable tor-service-node evpn peering", 130 | "type": "boolean" 131 | }, 132 | "tsn_server_list": { 133 | "description": "list of tsn nodes when agent runs in tsn-no-forwarding mode (tsn ha)", 134 | "type": "array" 135 | }, 136 | "resource_backup_restore": { 137 | "description": "Enable/Disable backup of config and resource files", 138 | "type": "boolean" 139 | }, 140 | "backup_idle_timeout": { 141 | "description": "Agent does not generate backup file if change is detected in this time", 142 | "type": "string" 143 | }, 144 | "restore_audit_timeout": { 145 | "description": "Audit time for config/resource read from file", 146 | "type": "string" 147 | }, 148 | "backup_file_count": { 149 | "description": "Number of backup files", 150 | "type": "string" 151 | }, 152 | "slo_destination_list": { 153 | "description": "Destination to which slo session messages have to be sent: collector, file, syslog", 154 | "type": "string" 155 | }, 156 | "sample_destination_list": { 157 | "description": "Destination to which sample session messages have to be sent: collector, file, syslog", 158 | "type": "string" 159 | } 160 | } 161 | }, 162 | "HYPERVISOR": { 163 | "id": "hypervisor", 164 | "type": "object", 165 | "description": "HYPERVISOR configuration section", 166 | "additionalProperties": false, 167 | "properties": { 168 | "type": { 169 | "description": "Type of hypervisor: kvm, xen, vmware. (optional)", 170 | "type": "string" 171 | } 172 | } 173 | } 174 | } 175 | } 176 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/analytics.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail analytics configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "KEYSTONE": { 12 | "$ref": "definitions.json#/definitions/keystone_config" 13 | }, 14 | "ALARM_GEN": { 15 | "$ref": "definitions.json#/definitions/contrail_log_n_port_config" 16 | }, 17 | "ANALYTICS_API": { 18 | "id": "analytics_api", 19 | "type": "object", 20 | "description": "analytics_api section", 21 | "additionalProperties": false, 22 | "properties": { 23 | "log": { 24 | "description": "log file", 25 | "type": "string" 26 | }, 27 | "log_level": { 28 | "description": "", 29 | "type": "string" 30 | }, 31 | "introspect_port": { 32 | "description": "service introspect port", 33 | "type": "string" 34 | }, 35 | "listen_port": { 36 | "description": "service listen port", 37 | "type": "string" 38 | }, 39 | "aaa_mode": { 40 | "description": "aaa_mode: no-auth - no authentication, cloud-admin - authentication is performed and only cloud-admin role has, rbac RBAC - authentication is performed and access granted based on role", 41 | "type": "string", 42 | "enum": [ 43 | "no-auth", 44 | "cloud-admin", 45 | "rbac" 46 | ] 47 | } 48 | } 49 | }, 50 | "ANALYTICS_COLLECTOR": { 51 | "id": "analytics_collector", 52 | "type": "object", 53 | "description": "analytics collector section", 54 | "additionalProperties": false, 55 | "properties": { 56 | "log": { 57 | "description": "log file", 58 | "type": "string" 59 | }, 60 | "log_level": { 61 | "description": "log level", 62 | "type": "string" 63 | }, 64 | "introspect_port": { 65 | "description": "service introspect port", 66 | "type": "string" 67 | }, 68 | "listen_port": { 69 | "description": "service listen port", 70 | "type": "string" 71 | }, 72 | "syslog_port": { 73 | "description": "remote syslog port", 74 | "type": "string" 75 | }, 76 | "analytics_flow_ttl": { 77 | "description": "analytics flow ttl", 78 | "type": "string" 79 | }, 80 | "analytics_statistics_ttl": { 81 | "description": "analytics statistics ttl", 82 | "type": "string" 83 | }, 84 | "analytics_config_audit_ttl": { 85 | "description": "analytics config audit ttl", 86 | "type": "string" 87 | }, 88 | "analytics_data_ttl": { 89 | "description": "analytics data ttl", 90 | "type": "string" 91 | } 92 | } 93 | }, 94 | "QUERY_ENGINE": { 95 | "$ref": "definitions.json#/definitions/contrail_log_n_port_config" 96 | }, 97 | "SNMP_COLLECTOR": { 98 | "id": "snmp_collector", 99 | "type": "object", 100 | "description": "", 101 | "additionalProperties": false, 102 | "properties": { 103 | "log": { 104 | "description": "log file", 105 | "type": "string" 106 | }, 107 | "log_level": { 108 | "description": "", 109 | "type": "string" 110 | }, 111 | "introspect_port": { 112 | "description": "service introspect port", 113 | "type": "string" 114 | }, 115 | "listen_port": { 116 | "description": "service listen port", 117 | "type": "string" 118 | }, 119 | "scan_frequency": { 120 | "description": "snmp scan frequency", 121 | "type": "string" 122 | }, 123 | "fast_scan_frequency": { 124 | "description": "snmp fast scan frequency", 125 | "type": "string" 126 | } 127 | } 128 | }, 129 | "TOPOLOGY": { 130 | "$ref": "definitions.json#/definitions/contrail_log_n_port_config" 131 | }, 132 | "RABBITMQ": { 133 | "$ref": "definitions.json#/definitions/rabbitmq_config" 134 | } 135 | } 136 | } 137 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/analyticsdb.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail analyticsdb configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "KEYSTONE": { 12 | "$ref": "definitions.json#/definitions/keystone_config" 13 | }, 14 | "CASSANDRA": { 15 | "$ref": "definitions.json#/definitions/cassandra_config" 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/cephcontroller.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Storage ceph controller configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "CEPH_CONTROLLER": { 12 | "id": "ceph_controller", 13 | "type": "object", 14 | "description": "Global values for ceph controller container", 15 | "additionalProperties": false, 16 | "properties": { 17 | "ceph_monname_list": { 18 | "description": "list of ceph monitor hostnames", 19 | "type": "array" 20 | }, 21 | "ceph_monip_list": { 22 | "description": "list of ceph monitor ips", 23 | "type": "array" 24 | }, 25 | "cluster_fsid": { 26 | "description": "Ceph cluster fsid", 27 | "type": "string" 28 | }, 29 | "mon_key": { 30 | "description": "monitor authentication key", 31 | "type": "string" 32 | }, 33 | "adm_key": { 34 | "description": "admin authentication key", 35 | "type": "string" 36 | }, 37 | "osd_key": { 38 | "description": "bootstrap osd authentication key", 39 | "type": "string" 40 | }, 41 | "ceph_rest_api_port": { 42 | "description": "Ceph rest api port", 43 | "type": "string" 44 | }, 45 | "enable_stats_daemon": { 46 | "description": "Enable stats daemon", 47 | "type": "boolean" 48 | } 49 | } 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/contrailissu.json: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/kubemanager.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail kubemanager configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "AUTH": { 12 | "$ref": "definitions.json#/definitions/keystone_config" 13 | }, 14 | "KUBERNETES": { 15 | "id": "kubernetes", 16 | "type": "object", 17 | "description": "kubernetes section", 18 | "additionalProperties": false, 19 | "properties": { 20 | "cluster_name": { 21 | "description": "Name of kubernetes cluster", 22 | "type": "string" 23 | }, 24 | "cluster_network": { 25 | "description": "Virtual Network FQName used by kubernetes cluster.", 26 | "type": "object" 27 | }, 28 | "cluster_project": { 29 | "description": "Project FQName used by kubernetes cluster.", 30 | "type": "object" 31 | }, 32 | "service_subnets": { 33 | "description": "Service CIDR for this kubernetes cluster.", 34 | "type": "string" 35 | }, 36 | "pod_subnets": { 37 | "description": "Pod CIDR for this kubernetes cluster.", 38 | "type": "string" 39 | }, 40 | "api_server": { 41 | "description": "kubernetes api server ip.", 42 | "type": "string" 43 | }, 44 | "token": { 45 | "description": "kubernetes api server access token", 46 | "type": "string" 47 | } 48 | } 49 | }, 50 | "KUBERNETES_VNC": { 51 | "id": "kubernetes_vnc", 52 | "type": "object", 53 | "description": "kubernetes vnc_section", 54 | "additionalProperties": false, 55 | "properties": { 56 | "public_fip_pool": { 57 | "description": "Public FloatingIpPool FQName used by kubernetes cluster.", 58 | "type": "object" 59 | } 60 | } 61 | }, 62 | "RABBITMQ": { 63 | "$ref": "definitions.json#/definitions/rabbitmq_config" 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/kubernetesagent.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail Kubernetes Agent configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "AGENT": { 12 | "id": "agent", 13 | "type": "object", 14 | "description": "AGENT configuration section", 15 | "additionalProperties": false, 16 | "properties": { 17 | "ip": { 18 | "description": "vrouter agent ip", 19 | "type": "string" 20 | } 21 | } 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/lb.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail lb configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "HAPROXY": { 12 | "type": "object", 13 | "description": "HAPROXY config section", 14 | "additionalProperties": false, 15 | "properties": { 16 | "haproxy_auth_user": { 17 | "description": "auth user to access haproxy stats", 18 | "type": "string" 19 | }, 20 | "haproxy_auth_password": { 21 | "description": "auth user's password to access haproxy stats", 22 | "type": "string" 23 | } 24 | } 25 | }, 26 | "HAPROXY_TORAGENT": { 27 | "type": "object", 28 | "description": "HAPROXY Tor Agent specific config section", 29 | "additionalProperties": false, 30 | "properties": { 31 | "haproxy_toragent_config": { 32 | "description": "Tor Agent configuration across all computes", 33 | "type": "object" 34 | } 35 | } 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /tools/python-contrailctl/schema/vcenterplugin.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "http://json-schema.org/draft-04/schema#", 3 | "title": "Contrail vcenter plugin configuration", 4 | "type": "object", 5 | "id": "root", 6 | "additionalProperties": false, 7 | "properties": { 8 | "GLOBAL": { 9 | "$ref": "definitions.json#/definitions/global_config" 10 | }, 11 | "KEYSTONE": { 12 | "$ref": "definitions.json#/definitions/keystone_config" 13 | }, 14 | "VCPLUGIN": { 15 | "properties": { 16 | "vc_url": { 17 | "description": "vcenter sdk url", 18 | "type": "string" 19 | }, 20 | "datacenter": { 21 | "description": "Datacenter name in vcenter", 22 | "type": "string" 23 | }, 24 | "dvs": { 25 | "description": "DVS name used for contrail networking", 26 | "type": "string" 27 | }, 28 | "username": { 29 | "description": "username for connecting to vcenter", 30 | "type": "string" 31 | }, 32 | "password": { 33 | "description": "password for connecting to vcenter", 34 | "type": "string" 35 | }, 36 | "ipfabricpg": { 37 | "description": "fabric portgroup for contrailVM", 38 | "type": "string" 39 | }, 40 | "mode": { 41 | "description": "mode plugin runs, vcenter-only or vc-compute", 42 | "type": "string" 43 | }, 44 | "api_server_ip": { 45 | "description": "api server ip address", 46 | "type": "string" 47 | }, 48 | "api_server_port": { 49 | "description": "api server port", 50 | "type": "string" 51 | }, 52 | "zookeeper_server_list": { 53 | "description": "zookeeper servers for plugin ip:port", 54 | "type": "string" 55 | }, 56 | "introspect_port": { 57 | "description": "plugin introspection port", 58 | "type": "string" 59 | }, 60 | "esxtocomputemap": { 61 | "description": "list of esxihost to computevm mapping ip:ip", 62 | "type": "string" 63 | }, 64 | "vcenter_compute_ip": { 65 | "description": "nova-compute ip paired to this vc-plugin", 66 | "type": "string" 67 | }, 68 | "vc_plugin_ip": { 69 | "description": "ansible hostip of the plugin", 70 | "type": "string" 71 | }, 72 | "clustername": { 73 | "description": "clustername associated with the DVS for vc-compute case", 74 | "type": "string" 75 | } 76 | } 77 | } 78 | } 79 | } 80 | -------------------------------------------------------------------------------- /tools/python-contrailctl/setup.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | # 16 | from setuptools import setup, find_packages 17 | from glob import glob 18 | 19 | schema_files = glob('schema/*') 20 | 21 | with open('requirements.txt', 'r') as fp: 22 | requirements = [x.strip() for x in fp] 23 | 24 | setup( 25 | name='contrailctl', 26 | version='0.1', 27 | long_description=__doc__, 28 | packages=find_packages(), 29 | include_package_data=True, 30 | zip_safe=False, 31 | install_requires=requirements, 32 | tests_require=['mock', 'nose'], 33 | test_suite='nose.collector', 34 | entry_points={'console_scripts': ['contrailctl=contrailctl.cmd:main']}, 35 | data_files=[('/usr/share/contrailctl/schema', schema_files)] 36 | ) 37 | 38 | --------------------------------------------------------------------------------