Installing Contrail with OpenStack by Using Juju Charms
You can deploy Contrail by using Juju Charms. Juju helps you deploy, configure, and efficiently manage applications on private clouds and public clouds. Juju accesses the cloud with the help of a Juju controller. A Charm is a module containing a collection of scripts and metadata and is used with Juju to deploy Contrail.
Contrail supports the following charms:
contrail-agent
contrail-analytics
contrail-analyticsdb
contrail-controller
contrail-keystone-auth
contrail-openstack
These topics describe how to deploy Contrail by using Juju Charms.
Preparing to Deploy Contrail by Using Juju Charms
Follow these steps to prepare for deployment:
- Install Juju.content_copy zoom_out_map
sudo apt-get update sudo apt-get upgrade sudo apt-get install juju
- Configure Juju.
You can add a cloud to Juju, identify clouds supported by Juju, and also manage clouds already added to Juju.
Adding a cloud—Juju recognizes a wide range of cloud types. You can use any one of the following methods to add a cloud to Juju:
Adding a Cloud by Using Interactive Command
Example: Adding an MAAS cloud to Juju
content_copy zoom_out_mapjuju add-cloud
content_copy zoom_out_mapCloud Types maas manual openstack oracle vsphere Select cloud type: maas Enter a name for your maas cloud: maas-cloud Enter the API endpoint url: http://<ip-address>:<node>/MAAS Cloud "maas-cloud" successfully added You may bootstrap with 'juju bootstrap maas-cloud'
NoteJuju 2.x is compatible with MAAS series 1.x and 2.x.
Adding a Cloud Manually
You use a YAML configuration file to add a cloud manually. Enter the following command:
content_copy zoom_out_mapjuju add-cloud <cloud-name> juju add-credential <cloud name>
For an example, to add the cloud junmaas, assuming that the name of the configuration file in the directory is
maas-clouds.yaml, you run the following command:content_copy zoom_out_mapjuju add-cloud junmaas maas-clouds.yaml
The following is the format of the YAML configuration file:
content_copy zoom_out_mapclouds: <cloud_name>: type: <type_of_cloud> auth-types: [<authenticaton_types>] regions: <region-name>: endpoint: <http://<ip-address>:<node>/MAAS>NoteThe
auth-typesfor a MAAS cloud type isoauth1.
Identifying a supported cloud
Juju recognizes the cloud types given below. You use the
juju cloudscommand to list cloud types that are supported by Juju.content_copy zoom_out_map$ juju clouds Cloud Regions Default Type Description aws 15 us-east-1 ec2 Amazon Web Services aws-china 1 cn-north-1 ec2 Amazon China aws-gov 1 us-gov-west-1 ec2 Amazon (USA Government) azure 26 centralus azure Microsoft Azure azure-china 2 chinaeast azure Microsoft Azure China cloudsigma 5 hnl cloudsigma CloudSigma Cloud google 13 us-east1 gce Google Cloud Platform joyent 6 eu-ams-1 joyent Joyent Cloud oracle 5 uscom-central-1 oracle Oracle Cloud rackspace 6 dfw rackspace Rackspace Cloud localhost 1 localhost lxd LXD Container Hypervisor
- Create a Juju controller.content_copy zoom_out_map
juju bootstrap --bootstrap-series=xenial <cloud name> <controller name>
NoteA Juju controller manages and keeps track of applications in the Juju cloud environment.
Deploying Contrail Charms
You can deploy Contrail Charms in a bundle or manually.
Deploy Contrail Charms in a Bundle
Follow these steps to deploy Contrail Charms in a bundle.
- Deploy Contrail Charms.
To deploy Contrail Charms in a bundle, use the
juju deploy <bundle_yaml_file>command.The following example shows you how to use
bundle_yaml_fileto deploy Contrail on Amazon Web Services (AWS) Cloud.content_copy zoom_out_mapseries: bionic variables: openstack-origin: &openstack-origin distro #vhost-gateway: &vhost-gateway "192.x.40.254" data-network: &data-network "192.x.40.0/24" control-network: &control-network "192.x.30.0/24" virtioforwarder-coremask: &virtioforwarder-coremask "1,2" agilio-registry: &agilio-registry "netronomesystems" agilio-image-tag: &agilio-image-tag "latest-ubuntu-queens" agilio-user: &agilio-user "<agilio-username>" agilio-password: &agilio-password "<agilio-password>" agilio-insecure: &agilio-insecure false agilio-phy: &agilio-phy "nfp_p0" docker-registry: &docker-registry "<registry-directory>" #docker-user: &docker-user "<docker_username>" #docker-password: &docker-password "<docker_password>" image-tag: &image-tag "2008.121" docker-registry-insecure: &docker-registry-insecure "true" dockerhub-registry: &dockerhub-registry "https://index.docker.io/v1/" machines: "1": constraints: tags=controller series: bionic "2": constraints: tags=compute series: bionic "3": constraints: tags=neutron series: bionic services: ubuntu: charm: cs:ubuntu num_units: 1 to: [ "1" ] ntp: charm: cs:ntp num_units: 0 options: #source: ntp.ubuntu.com source: 10.204.217.158 mysql: charm: cs:percona-cluster num_units: 1 options: dataset-size: 15% max-connections: 10000 root-password: <password> sst-password: <password> min-cluster-size: 1 to: [ "lxd:1" ] rabbitmq-server: num_units: 1 options: min-cluster-size: 1 to: [ "lxd:1" ] heat: charm: cs:heat num_units: 1 expose: true options: debug: true openstack-origin: *openstack-origin to: [ "lxd:1" ] keystone: charm: cs:keystone expose: true num_units: 1 options: admin-password: <password> admin-role: admin openstack-origin: *openstack-origin preferred-api-version: 3 nova-cloud-controller: charm: cs:nova-cloud-controller num_units: 1 expose: true options: network-manager: Neutron openstack-origin: *openstack-origin to: [ "lxd:1" ] neutron-api: charm: cs:neutron-api expose: true num_units: 1 series: bionic options: manage-neutron-plugin-legacy-mode: false openstack-origin: *openstack-origin to: [ "3" ] glance: charm: cs:glance expose: true num_units: 1 options: openstack-origin: *openstack-origin to: [ "lxd:1" ] openstack-dashboard: charm: cs:openstack-dashboard expose: true num_units: 1 options: openstack-origin: *openstack-origin to: [ "lxd:1" ] nova-compute: charm: cs:nova-compute num_units: 0 expose: true options: openstack-origin: *openstack-origin nova-compute-dpdk: charm: cs:nova-compute num_units: 0 expose: true options: openstack-origin: *openstack-origin nova-compute-accel: charm: cs:nova-compute num_units: 2 expose: true options: openstack-origin: *openstack-origin to: [ "2" ] contrail-openstack: charm: ./tf-charms/contrail-openstack series: bionic expose: true num_units: 0 options: docker-registry: *docker-registry #docker-user: *docker-user #docker-password: *docker-password image-tag: *image-tag docker-registry-insecure: *docker-registry-insecure contrail-agent: charm: ./tf-charms/contrail-agent num_units: 0 series: bionic expose: true options: log-level: "SYS_DEBUG" docker-registry: *docker-registry #docker-user: *docker-user #docker-password: *docker-password image-tag: *image-tag docker-registry-insecure: *docker-registry-insecure #vhost-gateway: *vhost-gateway physical-interface: *agilio-phy contrail-agent-dpdk: charm: ./tf-charms/contrail-agent num_units: 0 series: bionic expose: true options: log-level: "SYS_DEBUG" docker-registry: *docker-registry #docker-user: *docker-user #docker-password: *docker-password image-tag: *image-tag docker-registry-insecure: *docker-registry-insecure dpdk: true dpdk-main-mempool-size: "65536" dpdk-pmd-txd-size: "2048" dpdk-pmd-rxd-size: "2048" dpdk-driver: "" dpdk-coremask: "1-4" #vhost-gateway: *vhost-gateway physical-interface: "nfp_p0" contrail-analytics: charm: ./tf-charms/contrail-analytics num_units: 1 series: bionic expose: true options: log-level: "SYS_DEBUG" docker-registry: *docker-registry #docker-user: *docker-user #docker-password: *docker-password image-tag: *image-tag control-network: *control-network docker-registry-insecure: *docker-registry-insecure to: [ "1" ] contrail-analyticsdb: charm: ./tf-charms/contrail-analyticsdb num_units: 1 series: bionic expose: true options: log-level: "SYS_DEBUG" cassandra-minimum-diskgb: "4" cassandra-jvm-extra-opts: "-Xms8g -Xmx8g" docker-registry: *docker-registry #docker-user: *docker-user #docker-password: *docker-password image-tag: *image-tag control-network: *control-network docker-registry-insecure: *docker-registry-insecure to: [ "1" ] contrail-controller: charm: ./tf-charms/contrail-controller series: bionic expose: true num_units: 1 options: log-level: "SYS_DEBUG" cassandra-minimum-diskgb: "4" cassandra-jvm-extra-opts: "-Xms8g -Xmx8g" docker-registry: *docker-registry #docker-user: *docker-user #docker-password: *docker-password image-tag: *image-tag docker-registry-insecure: *docker-registry-insecure control-network: *control-network data-network: *data-network auth-mode: no-auth to: [ "1" ] contrail-keystone-auth: charm: ./tf-charms/contrail-keystone-auth series: bionic expose: true num_units: 1 to: [ "lxd:1" ] agilio-vrouter5: charm: ./charm-agilio-vrt-5-37 expose: true options: virtioforwarder-coremask: *virtioforwarder-coremask agilio-registry: *agilio-registry agilio-insecure: *agilio-insecure agilio-image-tag: *agilio-image-tag agilio-user: *agilio-user agilio-password: *agilio-password relations: - [ "ubuntu", "ntp" ] - [ "neutron-api", "ntp" ] - [ "keystone", "mysql" ] - [ "glance", "mysql" ] - [ "glance", "keystone" ] - [ "nova-cloud-controller:shared-db", "mysql:shared-db" ] - [ "nova-cloud-controller:amqp", "rabbitmq-server:amqp" ] - [ "nova-cloud-controller", "keystone" ] - [ "nova-cloud-controller", "glance" ] - [ "neutron-api", "mysql" ] - [ "neutron-api", "rabbitmq-server" ] - [ "neutron-api", "nova-cloud-controller" ] - [ "neutron-api", "keystone" ] - [ "nova-compute:amqp", "rabbitmq-server:amqp" ] - [ "nova-compute", "glance" ] - [ "nova-compute", "nova-cloud-controller" ] - [ "nova-compute", "ntp" ] - [ "openstack-dashboard:identity-service", "keystone" ] - [ "contrail-keystone-auth", "keystone" ] - [ "contrail-controller", "contrail-keystone-auth" ] - [ "contrail-analytics", "contrail-analyticsdb" ] - [ "contrail-controller", "contrail-analytics" ] - [ "contrail-controller", "contrail-analyticsdb" ] - [ "contrail-openstack", "nova-compute" ] - [ "contrail-openstack", "neutron-api" ] - [ "contrail-openstack", "contrail-controller" ] - [ "contrail-agent:juju-info", "nova-compute:juju-info" ] - [ "contrail-agent", "contrail-controller"] - [ "contrail-agent-dpdk:juju-info", "nova-compute-dpdk:juju-info" ] - [ "contrail-agent-dpdk", "contrail-controller"] - [ "nova-compute-dpdk:amqp", "rabbitmq-server:amqp" ] - [ "nova-compute-dpdk", "glance" ] - [ "nova-compute-dpdk", "nova-cloud-controller" ] - [ "nova-compute-dpdk", "ntp" ] - [ "contrail-openstack", "nova-compute-dpdk" ] - [ "contrail-agent:juju-info", "nova-compute-accel:juju-info" ] - [ "nova-compute-accel:amqp", "rabbitmq-server:amqp" ] - [ "nova-compute-accel", "glance" ] - [ "nova-compute-accel", "nova-cloud-controller" ] - [ "nova-compute-accel", "ntp" ] - [ "contrail-openstack", "nova-compute-accel" ] - [ "agilio-vrouter5:juju-info", "nova-compute-accel:juju-info" ]You can create or modify the Contrail Charm deployment bundle YAML file to:
Point to machines or instances where the Contrail Charms must be deployed.
Include the options you need.
Each Contrail Charm has a specific set of options. The options you choose depend on the charms you select. For more information on the options that are available, see Options for Juju Charms.
- (Optional) Check the status of deployment.
You can check the status of the deployment by using the
juju statuscommand. - Enable configuration statements.
Based on your deployment requirements, you can enable the following configuration statements:
contrail-agentFor more information, see https://jaas.ai/u/juniper-os-software/contrail-agent/.
contrail-analyticsFor more information, see https://jaas.ai/u/juniper-os-software/contrail-analytics.
contrail-analyticsdbFor more information, see https://jaas.ai/u/juniper-os-software/contrail-analyticsdb.
contrail-controllerFor more information, see https://jaas.ai/u/juniper-os-software/contrail-controller.
contrail-keystone-authFor more information, see https://jaas.ai/u/juniper-os-software/contrail-keystone-auth.
contrail-openstackFor more information see, https://jaas.ai/u/juniper-os-software/contrail-openstack.
Deploying Juju Charms with OpenStack Manually
Before you begin deployment, ensure that you have:
Installed and configured Juju
Created a Juju controller
Ubuntu 16.04 or Ubuntu 18.04 installed
Follow these steps to deploy Juju Charms manually:
- Create machine instances for OpenStack, compute, and Contrail.content_copy zoom_out_map
juju add-machine --constraints mem=8G cores=2 root-disk=40G --series=xenial #for openstack machine(s) 0
content_copy zoom_out_mapjuju add-machine --constraints mem=7G cores=4 root-disk=40G --series=xenial #for compute machine(s) 1,(3)
content_copy zoom_out_mapjuju add-machine --constraints mem=15G cores=2 root-disk=300G --series=xenial #for contrail machine 2
- Deploy OpenStack services.
You can deploy OpenStack services by using any one of the following methods:
By specifying the OpenStack parameters in a YAML file
The following is an example of a YAML-formatted (
nova-compute-config.yaml) file.content_copy zoom_out_mapnova-compute: openstack-origin: cloud:xenial-ocata virt-type: qemu enable-resize: True enable-live-migration: True migration-auth-type: sshUse this command to deploy OpenStack services by using a YAML-formatted file:
content_copy zoom_out_mapjuju deploy cs:xenial/nova-compute --config ./nova-compute-config.yaml
By using CLI
To deploy OpenStack services through the CLI:
content_copy zoom_out_mapjuju deploy cs:xenial/nova-cloud-controller --config console-access-protocol=novnc --config openstack-origin=cloud:xenial-ocata
By using a combination of YAML-formatted file and CLI
To deploy OpenStack services by using a combination of YAML-formatted file and CLI:
NoteUse the
--to <machine number>command to point to a machine or container where you want the application to be deployed.content_copy zoom_out_mapjuju deploy cs:xenial/ntp juju deploy cs:xenial/rabbitmq-server --to lxd:0 juju deploy cs:xenial/percona-cluster mysql --config root-password=<root-password> --config max-connections=1500 --to lxd:0 juju deploy cs:xenial/openstack-dashboard --config openstack-origin=cloud:xenial-ocata --to lxd:0 juju deploy cs:xenial/nova-cloud-controller --config console-access-protocol=novnc --config openstack-origin=cloud:xenial-ocata --config network-manager=Neutron --to lxd:0 juju deploy cs:xenial/neutron-api --config manage-neutron-plugin-legacy-mode=false --config openstack-origin=cloud:xenial-ocata --config neutron-security-groups=true --to lxd:0 juju deploy cs:xenial/glance --config openstack-origin=cloud:xenial-ocata --to lxd:0 juju deploy cs:xenial/keystone --config admin-password=<admin-password> --config admin-role=admin --config openstack-origin=cloud:xenial-ocata --to lxd:0
NoteYou set OpenStack services on different machines or on different containers to prevent HAProxy conflicts from applications.
- Deploy and configure nova-compute.content_copy zoom_out_map
juju deploy cs:xenial/nova-compute --config ./nova-compute-config.yaml --to 1
NoteYou can deploy nova-compute to more than one compute machine.
(Optional) To add additional computes:
content_copy zoom_out_mapjuju add-unit nova-compute --to 3 # Add one more unit
- Deploy and configure Contrail services.content_copy zoom_out_map
juju deploy --series=xenial $CHARMS_DIRECTORY/contrail-charms/contrail-keystone-auth --to 2 juju deploy --series=xenial $CHARMS_DIRECTORY/contrail-charms/contrail-controller --config auth-mode=rbac --config cassandra-minimum-diskgb=4 --config cassandra-jvm-extra-opts="-Xms1g -Xmx2g" --to 2 juju deploy --series=xenial $CHARMS_DIRECTORY/contrail-charms/contrail-analyticsdb cassandra-minimum-diskgb=4 --config cassandra-jvm-extra-opts="-Xms1g -Xmx2g" --to 2 juju deploy --series=xenial $CHARMS_DIRECTORY/contrail-charms/contrail-analytics --to 2 juju deploy --series=xenial $CHARMS_DIRECTORY/contrail-charms/contrail-openstack juju deploy --series=xenial $CHARMS_DIRECTORY/contrail-charms/contrail-agent
- Enable applications to be available to external traffic:content_copy zoom_out_map
juju expose openstack-dashboard juju expose nova-cloud-controller juju expose neutron-api juju expose glance juju expose keystone
- Enable contrail-controller
and contrail-analytics services to be available to external traffic
if you do not use HAProxy.content_copy zoom_out_map
juju expose contrail-controller juju expose contrail-analytics
- Apply SSL.
You can apply SSL if needed. To use SSL with Contrail services, deploy easy-rsa service and
add-relationcommand to create relations to contrail-controller service and contrail-agent services.content_copy zoom_out_mapjuju deploy cs:~containers/xenial/easyrsa --to 0 juju add-relation easyrsa contrail-controller juju add-relation easyrsa contrail-agent
- (Optional) HA configuration.
If you use more than one controller, follow the HA solution given below:
- Deploy HAProxy and Keepalived services.
HAProxy charm is deployed on machines with Contrail controllers. HAProxy charm must have
peering_modeset toactive-active. Ifpeering_modeis set toactive-passive, HAProxy creates additional listeners on the same ports as other Contrail services. This leads to port conflicts.Keepalived charm does not require
tooption.content_copy zoom_out_mapjuju deploy cs:xenial/haproxy --to <first contrail-controller machine> --config peering_mode=active-active juju add-unit haproxy --to <another contrail-controller machine> juju deploy cs:~boucherv29/keepalived-19 --config virtual_ip=<vip>
- Enable HAProxy to be available to external traffic.content_copy zoom_out_map
juju expose haproxy
NoteIf you enable HAProxy to be available to external traffic, do not follow step 6.
- Add HAProxy and Keepalived relations.content_copy zoom_out_map
juju add-relation haproxy:juju-info keepalived:juju-info juju add-relation contrail-analytics:http-services haproxy juju add-relation contrail-controller:http-services haproxy juju add-relation contrail-controller:https-services haproxy
- Configure contrail-controller service with VIP.content_copy zoom_out_map
juju set contrail-controller vip=<vip>
- Deploy HAProxy and Keepalived services.
- Add other necessary relations.content_copy zoom_out_map
juju add-relation keystone:shared-db mysql:shared-db juju add-relation glance:shared-db mysql:shared-db juju add-relation keystone:identity-service glance:identity-service juju add-relation nova-cloud-controller:image-service glance:image-service juju add-relation nova-cloud-controller:identity-service keystone:identity-service juju add-relation nova-cloud-controller:cloud-compute nova-compute:cloud-compute juju add-relation nova-compute:image-service glance:image-service juju add-relation nova-compute:amqp rabbitmq-server:amqp juju add-relation nova-cloud-controller:shared-db mysql:shared-db juju add-relation nova-cloud-controller:amqp rabbitmq-server:amqp juju add-relation openstack-dashboard:identity-service keystone juju add-relation neutron-api:shared-db mysql:shared-db juju add-relation neutron-api:neutron-api nova-cloud-controller:neutron-api juju add-relation neutron-api:identity-service keystone:identity-service juju add-relation neutron-api:amqp rabbitmq-server:amqp juju add-relation contrail-controller ntp juju add-relation nova-compute:juju info ntp:juju info juju add-relation contrail-controller contrail-keystone-auth juju add-relation contrail-keystone-auth keystone juju add-relation contrail-controller contrail-analytics juju add-relation contrail-controller contrail-analyticsdb juju add-relation contrail-analytics contrail-analyticsdb juju add-relation contrail-openstack neutron-api juju add-relation contrail-openstack nova-compute juju add-relation contrail-openstack contrail-controller juju add-relation contrail-agent:juju info nova-compute:juju info juju add-relation contrail-agent contrail-controller
Options for Juju Charms
Each Contrail Charm has a specific set of options. The options you choose depend on the charms you select. The following tables list the various options you can choose:
Options for contrail-agent Charms.
Table 1: Options for contrail-agent
Option
Default option
Description
physical-interfaceSpecify the interface where you want to install vhost0 on. If you do not specify an interface, vhost0 is installed on the default gateway interface.
vhost-gatewayautoSpecify the gateway for vhost0. You can enter either an IP address or the keyword (auto) to automatically set a gateway based on the existing vhost routes.
remove-juju-bridgetrueTo install vhost0 directly on the interface, enable this option to remove any bridge created to deploy LXD/LXC and KVM workloads.
dpdkfalseSpecify DPDK vRouter.
dpdk-driveruio_pci_genericSpecify DPDK driver for the physical interface.
dpdk-hugepages70%Specify the percentage of huge pages reserved for DPDK vRouter and OpenStack instances.
dpdk-coremask1Specify the vRouter CPU affinity mask to determine on which CPU the DPDK vRouter will run.
dpdk-main-mempool-sizeSpecify the main packet pool size.
dpdk-pmd-txd-sizeSpecify the DPDK PMD Tx Descriptor size.
dpdk-pmd-rxd-sizeSpecify the DPDK PMD Rx Descriptor size.
docker-registryopencontrailnightlySpecify the URL of the docker-registry.
docker-registry-insecurefalseSpecify if the docker-registry should be configured.
docker-userLog in to the docker registry.
docker-passwordSpecify the docker-registry password.
image-taglatestSpecify the docker image tag.
log-levelSYS_NOTICESpecify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUGhttp_proxySpecify URL.
https_proxySpecify URL.
kernel-hugepages-1gParameter not enabled by default.
Note: 2MB huge pages for kernel-mode vRouters are enabled by default.
Specify the number of 1G huge pages for use with vRouters in kernel mode.
You can enable huge pages to avoid compute node reboots during software upgrades.
This parameter must be specified at initial deployment. It cannot be modified in an active deployment. If you need to migrate to huge page usage in an active deployment, use 2MB huge pages if suitable for your environment.
We recommend allotting 2GB of memory—either using the default 1024x2MB huge page size setting or the 2x1GB size setting—for huge pages. Other huge page size settings should only be set by expert users in specialized circumstances.
1GB and 2MB huge pages cannot be enabled simultaneously in environments using Juju. If you are using this command parameter to enable 1GB huge pages, you must also disable 2MB huge pages. 2MB huge pages can be disabled by entering the juju config contrail-agent kernel-hugepages-2m=““ command with an empty value.
A compute node reboot is required to enable a huge page setting configuration change. After this initial reboot, compute nodes can complete software upgrades without a reboot.
Huge pages are disabled for kernel-mode vRouters if the
kernel-hugepages-1gand thekernel-hugepages-2moptions are not set.This parameter was introduced in Contrail Networking Release 2005.
kernel-hugepages-2m1024Specify the number of 2MB huge pages for use with vRouters in kernel mode. Huge pages in Contrail Networking are used primarily to allocate flow and bridge table memory within the vRouter. Huge pages for kernel-mode vRouters provide enough flow and bridge table memory to avoid compute node reboots to complete future Contrail Networking software upgrades.
1024x2MB huge pages are configured by default starting in Contrail Networking Release 2005. A compute node reboot is required to enable a kernel-mode vRouter huge page setting configuration change, however, so this huge page setting is not enabled on a compute node until the compute node is rebooted.
After a compute node is rebooted to enable a vRouter huge page setting, compute nodes can complete software upgrades without a reboot.
We recommend allotting 2GB of memory—either using the default 1024x2MB huge page size setting or the 2x1GB size setting—for kernel-mode vRouter huge pages. Other huge page size settings should only be set by expert users in specialized circumstances.
1GB and 2MB huge pages cannot be enabled simultaneously in environments using Juju. If you are using this command parameter to enable 2MB huge pages, you must also disable 1GB huge pages. 1GB huge pages are disabled by default and can also be disabled by entering the juju config contrail-agent kernel-hugepages-1g=““ command with an empty value. 1GB huge pages can only be enabled at initial deployment; you cannot initially enable 1GB huge pages in an active deployment.
Huge pages are disabled for kernel-mode vRouters if the
kernel-hugepages-1gand thekernel-hugepages-2moptions are not set.no_proxySpecify the list of destinations that must be directly accessed.
Options for contrail-analytics Charms.
Table 2: Options for contrail-analytics
Option
Default option
Description
control-networkSpecify the IP address and network mask of the control network.
docker-registrySpecify the URL of the docker-registry.
docker-registry-insecurefalseSpecify if the docker-registry should be configured.
docker-userLog in to the docker registry.
docker-passwordSpecify the docker-registry password.
image-tagSpecify the docker image tag.
log-levelSYS_NOTICESpecify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUGhttp_proxySpecify URL.
https_proxySpecify URL.
no_proxySpecify the list of destinations that must be directly accessed.
Options for contrail-analyticsdb Charms.
Table 3: Options for contrail-analyticsdb
Option
Default option
Description
control-networkSpecify the IP address and network mask of the control network.
cassandra-minimum-diskgb256Specify the minimum disk requirement.
cassandra-jvm-extra-optsSpecify the memory limit.
docker-registrySpecify the URL of the docker-registry.
docker-registry-insecurefalseSpecify if the docker-registry should be configured.
docker-userLog in to the docker registry.
docker-passwordSpecify the docker-registry password.
image-tagSpecify the docker image tag.
log-levelSYS_NOTICESpecify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUGhttp_proxySpecify URL.
https_proxySpecify URL.
no_proxySpecify the list of destinations that must be directly accessed.
Options for contrail-controller Charms.
Table 4: Options for contrail-controller
Option
Default option
Description
control-networkSpecify the IP address and network mask of the control network.
auth-moderbacSpecify the authentication mode.
Options:
rbsc,cloud-admin,no-auth.For more information, see https://github.com/Juniper/contrail-controller/wiki/RBAC.
cassandra-minimum-diskgb20Specify the minimum disk requirement.
cassandra-jvm-extra-optsSpecify the memory limit.
cloud-admin-roleadminSpecify the role name in keystone for users who have admin-level access.
In environments using Canonical orchestration with Contrail Networking, you should change the cloud-admin-role to Admin with a capital A in most scenarios. The default cloud admin role in Contrail Networking is admin and the default cloud admin role in Canonical is Admin. These cloud admin role names must match to grant users admin-level access. You can ensure this matching by setting this field to Admin in environments using the default settings.
global-read-only-roleSpecify the role name in keystone for users who have read-only access.
vipSpecify if the Contrail API VIP is used for configuring client-side software. If not specified, private IP of the first Contrail API VIP unit will be used.
use-external-rabbitmqfalseTo enable the Charm to use the internal RabbitMQ server, set
use-external-rabbitmqtofalse.To use an external AMQP server, set
use-external-rabbitmqtotrue.Note: Do not change the flag after deployment.
flow-export-rate0Specify how many flow records are exported by vRouter agent to the Contrail Collector when a flow is created or deleted.
docker-registrySpecify the URL of the docker-registry.
docker-registry-insecurefalseSpecify if the docker-registry should be configured.
docker-userLog in to the docker registry.
docker-passwordSpecify the docker-registry password.
image-tagSpecify the docker image tag.
log-levelSYS_NOTICESpecify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUGhttp_proxySpecify URL.
https_proxySpecify URL.
no_proxySpecify the list of destinations that must be directly accessed.
Options for contrail-keystone-auth Charms.
Table 5: Options for contrail-keystone-auth
Option
Default option
Description
ssl_caSpecify if the base64-encoded SSL CA certificate is provided to Contrail keystone clients.
Note: This certificate is required if you use a privately signed ssl_cert and ssl_key.
Options for contrail-openstack Charms.
Table 6: Options for contrail-controller
Option
Default option
Description
enable-metadata-servertrueSet
enable-metadata-servertotrueto configure metadata and enable nova to run a local instance ofnova-api-metadatafor virtual machinesuse-internal-endpointsfalseSet
use-internal-endpointstotruefor OpenStack to configure services to use internal endpoints.heat-plugin-dirs/usr/lib64/heat,/usr
/lib/heat/usr/lib/
python2.7/dist-packages/
vnc_api/gen/heat/
resourcesSpecify the heat plugin directories.
docker-registrySpecify the URL of the docker-registry.
docker-registry-insecurefalseSpecify if the docker-registry should be configured.
docker-userLog in to the docker registry.
docker-passwordSpecify the docker-registry password.
image-tagSpecify the docker image tag.
log-levelSYS_NOTICESpecify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUGhttp_proxySpecify URL.
https_proxySpecify URL.
no_proxySpecify the list of destinations that must be directly accessed.
Ironic Support with Juju
Contrail Networking Release 2011.L1 supports new charms for Ironic from OpenStack Train version 15.x.x. Ironic is an OpenStack project that manages Bare Metal Servers (BMS) as if they are virtual machines (VM)s. For more information about Contrail and BMS, see Bare Metal Server Management.
Contrail Networking Release 2011.L2 supports OpenStack Ussuri with Ironic deployed on Ubuntu version 20.04 (Focal Fossa).
The updated options are shown in the example bundle_yaml_file. Before deploying the updated yaml file, you should have Ceph installed.
If not, see Installing Ceph.
For information about deploying the bundle_yaml_file, see Deploying Contrail Charms.
Following is an example bundle_yaml_file with the additional options highlighted. ceph-radosgw and its related options are required to support the new Ironic charms.
series: bionic
applications:
barbican:
charm: cs:barbican-31
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
openstack-origin: cloud:bionic-train
region: RegionOne
use-internal-endpoints: true
vip: 10.92.76.133 192.168.2.11
worker-multiplier: 0.25
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
certificates: oam-space
cluster: oam-space
ha: oam-space
hsm: oam-space
identity-service: oam-space
internal: oam-space
public: public-space
secrets: oam-space
shared-db: oam-space
barbican-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
barbican-vault:
charm: cs:barbican-vault-12
bindings:
"": oam-space
certificates: oam-space
juju-info: oam-space
secrets: oam-space
secrets-storage: oam-space
ceph-mon:
charm: cs:ceph-mon-51
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
constraints: spaces=oam-space
bindings:
"": alpha
admin: alpha
bootstrap-source: alpha
client: alpha
cluster: oam-space
mds: alpha
mon: alpha
nrpe-external-master: alpha
osd: alpha
prometheus: alpha
public: oam-space
radosgw: alpha
rbd-mirror: alpha
ceph-osd:
charm: cs:ceph-osd-306
num_units: 3
to:
- "17"
- "21"
- "19"
options:
osd-devices: /dev/sdb
bindings:
"": alpha
cluster: oam-space
mon: alpha
nrpe-external-master: alpha
public: oam-space
secrets-storage: alpha
ceph-radosgw:
charm: cs:ceph-radosgw-292
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
admin-roles: admin
loglevel: 10
namespace-tenants: true
operator-roles: member
source: cloud:bionic-train/proposed
vip: 10.92.76.127 192.168.2.190
constraints: spaces=oam-space,public-space
bindings:
"": alpha
admin: alpha
certificates: alpha
cluster: alpha
gateway: alpha
ha: alpha
identity-service: alpha
internal: oam-space
master: alpha
mon: alpha
nrpe-external-master: alpha
object-store: alpha
public: public-space
slave: alpha
contrail-agent:
charm: local:bionic/contrail-agent-1
options:
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-user: JNPR-FieldUser367
image-tag: "2008.121"
log-level: SYS_INFO
physical-interface: bond0.4010
vhost-gateway: auto
bindings:
"": alpha
agent-cluster: alpha
contrail-controller: alpha
juju-info: alpha
nrpe-external-master: alpha
tls-certificates: alpha
vrouter-plugin: alpha
contrail-agent-csn:
charm: local:bionic/contrail-agent-3
options:
csn-mode: tsn-no-forwarding
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-user: JNPR-FieldUser367
image-tag: "2008.121"
physical-interface: bond0.4010
vhost-gateway: auto
bindings:
"": alpha
agent-cluster: alpha
contrail-controller: alpha
juju-info: alpha
nrpe-external-master: alpha
tls-certificates: alpha
vrouter-plugin: alpha
contrail-analytics:
charm: local:bionic/contrail-analytics-1
num_units: 4
to:
- kvm:0
- kvm:1
- kvm:2
- kvm:13
options:
control-network: 192.168.2.0/24
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-user: JNPR-FieldUser367
haproxy-http-mode: https
image-tag: "2008.121"
log-level: SYS_DEBUG
min-cluster-size: 3
vip: 10.92.77.18
constraints: cpu-cores=16 mem=32768 root-disk=102400 spaces=oam-space,overlay-space
bindings:
"": oam-space
analytics-cluster: oam-space
contrail-analytics: oam-space
contrail-analyticsdb: oam-space
http-services: oam-space
nrpe-external-master: oam-space
tls-certificates: oam-space
contrail-analyticsdb:
charm: local:bionic/contrail-analyticsdb-1
num_units: 4
to:
- kvm:0
- kvm:1
- kvm:2
- kvm:13
options:
cassandra-jvm-extra-opts: -Xms16g -Xmx24g
cassandra-minimum-diskgb: "4"
control-network: 192.168.2.0/24
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-user: JNPR-FieldUser367
image-tag: "2008.121"
log-level: SYS_DEBUG
min-cluster-size: 3
constraints: cpu-cores=16 mem=65536 root-disk=512000 spaces=oam-space,overlay-space
bindings:
"": oam-space
analyticsdb-cluster: oam-space
contrail-analyticsdb: oam-space
nrpe-external-master: oam-space
tls-certificates: oam-space
contrail-command:
charm: local:bionic/contrail-command-0
num_units: 1
to:
- "9"
options:
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-registry-insecure: true
docker-user: JNPR-FieldUser367
image-tag: "2008.121"
constraints: tags=command
bindings:
"": alpha
contrail-controller: alpha
contrail-controller:
charm: local:bionic/contrail-controller-1
num_units: 4
to:
- kvm:0
- kvm:2
- kvm:1
- kvm:13
options:
auth-mode: rbac
cassandra-jvm-extra-opts: -Xms16g -Xmx24g
cassandra-minimum-diskgb: "4"
control-network: 192.168.2.0/24
data-network: 172.30.0.0/16
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-user: JNPR-FieldUser367
haproxy-http-mode: https
haproxy-https-mode: http
image-tag: "2008.121"
local-rabbitmq-hostname-resolution: true
log-level: SYS_DEBUG
min-cluster-size: 3
vip: 10.92.77.18
constraints: cpu-cores=16 mem=65536 root-disk=102400 spaces=oam-space,overlay-space,public-space
bindings:
"": oam-space
contrail-analytics: oam-space
contrail-analyticsdb: oam-space
contrail-auth: oam-space
contrail-controller: oam-space
contrail-issu: oam-space
controller-cluster: oam-space
http-services: oam-space
https-services: oam-space
nrpe-external-master: oam-space
tls-certificates: oam-space
contrail-haproxy:
charm: cs:haproxy-55
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
default_timeouts: queue 60000, connect 5000, client 120000, server 120000
enable_monitoring: true
peering_mode: active-active
services: ""
source: backports
ssl_cert: SELFSIGNED
sysctl: '{fs.file-max: 10240}'
bindings:
"": oam-space
local-monitors: oam-space
munin: oam-space
nrpe-external-master: oam-space
peer: oam-space
public: public-space
reverseproxy: oam-space
statistics: oam-space
website: public-space
contrail-keepalived:
charm: cs:~containers/keepalived-28
options:
network_interface: eth0
port: 8143
virtual_ip: 10.92.77.18
bindings:
"": alpha
juju-info: alpha
lb-sink: alpha
loadbalancer: alpha
website: alpha
contrail-keystone-auth:
charm: local:bionic/contrail-keystone-auth-1
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
constraints: spaces=oam-space,overlay-space
bindings:
"": oam-space
contrail-auth: oam-space
identity-admin: oam-space
nrpe-external-master: oam-space
contrail-openstack:
charm: local:bionic/contrail-openstack-3
options:
docker-password: <docker password>
docker-registry: hub.juniper.net/contrail
docker-user: JNPR-FieldUser367
image-tag: "2008.121"
use-internal-endpoints: true
bindings:
"": alpha
cluster: alpha
contrail-controller: alpha
heat-plugin: alpha
juju-info: alpha
neutron-api: alpha
nova-compute: alpha
dashboard-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
easyrsa:
charm: cs:~containers/easyrsa-303
num_units: 1
to:
- lxd:0
bindings:
"": oam-space
client: oam-space
etcd:
charm: cs:etcd-521
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
channel: 3.1/stable
bindings:
"": oam-space
certificates: oam-space
cluster: oam-space
db: oam-space
nrpe-external-master: oam-space
proxy: oam-space
external-policy-routing:
charm: cs:~canonical-bootstack/policy-routing-3
options:
cidr: 10.92.76.0/23
gateway: 10.92.77.254
bindings:
"": alpha
juju-info: alpha
glance:
charm: cs:~openstack-charmers-next/glance-442
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
openstack-origin: cloud:bionic-train
region: RegionOne
restrict-ceph-pools: false
use-internal-endpoints: true
vip: 10.92.77.12 192.168.2.12
worker-multiplier: 0.25
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
ceph: oam-space
certificates: oam-space
cinder-volume-service: oam-space
cluster: oam-space
ha: oam-space
identity-service: oam-space
image-service: oam-space
internal: oam-space
nrpe-external-master: oam-space
object-store: oam-space
public: public-space
shared-db: oam-space
storage-backend: oam-space
glance-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
glance-simplestreams-sync:
charm: cs:glance-simplestreams-sync-33
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
source: ppa:simplestreams-dev/trunk
use_swift: false
bindings:
"": oam-space
amqp: oam-space
certificates: oam-space
identity-service: oam-space
image-modifier: oam-space
nrpe-external-master: oam-space
simplestreams-image-service: oam-space
heat:
charm: cs:heat-271
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
openstack-origin: cloud:bionic-train
region: RegionOne
use-internal-endpoints: true
vip: 10.92.77.13 192.168.2.13
worker-multiplier: 0.25
constraints: cpu-cores=6 mem=32768 root-disk=65536 spaces=oam-space,public-space,overlay-space
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
certificates: oam-space
cluster: oam-space
ha: oam-space
heat-plugin-subordinate: overlay-space
identity-service: oam-space
internal: oam-space
public: public-space
shared-db: oam-space
heat-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
ironic-api:
charm: cs:~openstack-charmers-next/ironic-api-8
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
openstack-origin: cloud:bionic-train/proposed
vip: 10.92.76.130 192.168.2.189
constraints: spaces=oam-space,public-space
bindings:
"": alpha
admin: alpha
amqp: alpha
certificates: alpha
cluster: alpha
ha: alpha
identity-service: alpha
internal: alpha
ironic-api: alpha
public: alpha
shared-db: oam-space
ironic-api-hacluster:
charm: cs:hacluster-72
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
ironic-conductor:
charm: cs:~openstack-charmers-next/ironic-conductor-5
num_units: 1
to:
- "14"
options:
cleaning-network: ironic
default-deploy-interface: direct
default-network-interface: neutron
disable-secure-erase: true
enabled-deploy-interfaces: direct
enabled-network-interfaces: noop,flat,neutron
max-tftp-block-size: 1418
openstack-origin: cloud:bionic-train/proposed
provisioning-network: ironic
use-ipxe: false
bindings:
"": alpha
amqp: alpha
certificates: alpha
cleaning: alpha
deployment: alpha
identity-credentials: alpha
internal: alpha
ironic-api: alpha
shared-db: alpha
keystone:
charm: cs:keystone-309
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
admin-password: c0ntrail123
admin-role: admin
openstack-origin: cloud:bionic-train
preferred-api-version: 3
region: RegionOne
token-provider: fernet
vip: 10.92.77.14 192.168.2.14
worker-multiplier: 0.25
bindings:
"": oam-space
admin: oam-space
certificates: oam-space
cluster: oam-space
domain-backend: oam-space
ha: oam-space
identity-admin: oam-space
identity-credentials: oam-space
identity-notifications: oam-space
identity-service: oam-space
internal: oam-space
keystone-fid-service-provider: oam-space
keystone-middleware: oam-space
nrpe-external-master: oam-space
public: public-space
shared-db: oam-space
websso-trusted-dashboard: oam-space
keystone-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
memcached:
charm: cs:memcached-26
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
allow-ufw-ip6-softfail: true
constraints: spaces=oam-space
bindings:
"": oam-space
cache: oam-space
cluster: oam-space
local-monitors: oam-space
monitors: oam-space
munin: oam-space
nrpe-external-master: oam-space
mysql:
charm: cs:percona-cluster-281
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
enable-binlogs: true
innodb-buffer-pool-size: 512M
max-connections: 2000
min-cluster-size: 3
performance-schema: true
source: cloud:bionic-train
tuning-level: safest
vip: 192.168.2.17
wait-timeout: 3600
wsrep-slave-threads: 48
bindings:
"": oam-space
access: oam-space
cluster: oam-space
db: oam-space
db-admin: oam-space
ha: oam-space
master: oam-space
nrpe-external-master: oam-space
shared-db: oam-space
slave: oam-space
mysql-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
ncc-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
neutron-api:
charm: cs:neutron-api-281
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
default-tenant-network-type: vlan
dhcp-agents-per-network: 2
enable-l3ha: true
enable-ml2-port-security: true
global-physnet-mtu: 9000
l2-population: true
manage-neutron-plugin-legacy-mode: false
neutron-security-groups: true
openstack-origin: cloud:bionic-train
overlay-network-type: ""
region: RegionOne
use-internal-endpoints: true
vip: 10.92.77.15 192.168.2.15
worker-multiplier: 0.25
constraints: cpu-cores=8 mem=32768 root-disk=262144 spaces=oam-space,public-space,overlay-space
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
certificates: oam-space
cluster: oam-space
etcd-proxy: oam-space
external-dns: oam-space
ha: oam-space
identity-service: oam-space
infoblox-neutron: oam-space
internal: oam-space
midonet: oam-space
neutron-api: oam-space
neutron-load-balancer: oam-space
neutron-plugin-api: oam-space
neutron-plugin-api-subordinate: overlay-space
nrpe-external-master: oam-space
public: public-space
shared-db: oam-space
vsd-rest-api: oam-space
neutron-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
nova-cloud-controller:
charm: cs:nova-cloud-controller-339
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
console-access-protocol: novnc
console-proxy-ip: local
cpu-allocation-ratio: 4
network-manager: Neutron
openstack-origin: cloud:bionic-train
ram-allocation-ratio: 0.999999
region: RegionOne
use-internal-endpoints: true
vip: 10.92.77.16 192.168.2.16
worker-multiplier: 0.25
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
amqp-cell: oam-space
certificates: oam-space
cinder-volume-service: oam-space
cloud-compute: oam-space
cloud-controller: oam-space
cluster: oam-space
ha: oam-space
identity-service: oam-space
image-service: oam-space
internal: oam-space
memcache: oam-space
neutron-api: oam-space
nova-cell-api: oam-space
nova-vmware: oam-space
nrpe-external-master: oam-space
placement: oam-space
public: public-space
quantum-network-service: oam-space
shared-db: oam-space
shared-db-cell: oam-space
nova-compute:
charm: cs:nova-compute-309
num_units: 5
to:
- "3"
- "4"
- "5"
- "6"
- "15"
options:
openstack-origin: cloud:bionic-train
os-internal-network: 192.168.2.0/24
bindings:
"": alpha
amqp: alpha
ceph: alpha
ceph-access: alpha
cloud-compute: alpha
cloud-credentials: alpha
compute-peer: alpha
ephemeral-backend: alpha
image-service: alpha
internal: alpha
lxd: alpha
neutron-plugin: alpha
nova-ceilometer: alpha
nrpe-external-master: alpha
secrets-storage: alpha
nova-ironic:
charm: cs:~openstack-charmers-next/nova-compute-524
num_units: 1
to:
- "22"
options:
enable-live-migration: false
enable-resize: false
openstack-origin: cloud:bionic-train/proposed
virt-type: ironic
bindings:
"": alpha
amqp: alpha
ceph: alpha
ceph-access: alpha
cloud-compute: alpha
cloud-credentials: alpha
compute-peer: alpha
ephemeral-backend: alpha
image-service: alpha
internal: alpha
ironic-api: alpha
lxd: alpha
migration: alpha
neutron-plugin: alpha
nova-ceilometer: alpha
nrpe-external-master: alpha
secrets-storage: alpha
ntp:
charm: cs:ntp-36
options:
source: ntp.juniper.net
bindings:
"": alpha
juju-info: alpha
master: alpha
nrpe-external-master: alpha
ntp-peers: alpha
ntpmaster: alpha
octavia:
charm: cs:~apavlov-e/octavia-3
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
amp-ssh-key-name: octavia
amp-ssh-pub-key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDa0N0SzJCWk01TC90VGdoM3J3L2FpR2ZEQzlzOEI4alFiS2VzQzJqTHRWcFNYbGlFellqQTNGNjEyalpwdERjOXdhOEF3eStxbEl0L1Frak5TVjhPMVpvNXZlc2RMREhvQjJrMzV5ZEFvMXhQRkFmV3lsSjh6VnJrd0U5aU1tWEVYZTd1VjdDdkgyZmdmSnlGeXJKaFR2ZjBWdTZGK1M5RHl1MnkxMUdXWEsrSDAyR3ZneHVzamZ3QlhoZ3IxNU1kZCt4RkJsbkpYRGtkQjVYVit4azZhYkJsRVJUc0N6c09EdXVOQTg4aVhqeHkvZzJpb2NtNWhtcVhUeDRMT2gzam9NbEFHUW5RQ2FXdFNSenpWM3dKT3JLeW5zU1pObVRmUnluRDdaaGl1WlZLNUZURWhQaXZUaVAwaHdLeTRMZGZUM0NsSkJSWmdMVVJZYUtSYlFwYkQgdWJ1bnR1QGp1bXBob3N0Cg==
create-mgmt-network: false
lb-mgmt-controller-cacert: |-
<certificate>
lb-mgmt-controller-cert: |-
<certificate>
lb-mgmt-issuing-ca-key-passphrase: <passphrase>
lb-mgmt-issuing-ca-private-key: |-
<private key>
lb-mgmt-issuing-cacert: |-
<certificate>
loadbalancer-topology: ACTIVE_STANDBY
openstack-origin: cloud:bionic-train
region: RegionOne
use-internal-endpoints: true
vip: 10.92.76.135 192.168.2.18
worker-multiplier: 0.25
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
certificates: oam-space
cluster: oam-space
ha: oam-space
identity-service: oam-space
internal: oam-space
neutron-api: oam-space
neutron-openvswitch: oam-space
ovsdb-cms: oam-space
ovsdb-subordinate: oam-space
public: public-space
shared-db: oam-space
octavia-dashboard:
charm: cs:octavia-dashboard-17
bindings:
"": alpha
certificates: alpha
dashboard: alpha
octavia-diskimage-retrofit:
charm: cs:octavia-diskimage-retrofit-12
options:
amp-image-tag: octavia-amphora
retrofit-uca-pocket: train
bindings:
"": oam-space
certificates: oam-space
identity-credentials: oam-space
juju-info: oam-space
octavia-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
openstack-dashboard:
charm: cs:openstack-dashboard-295
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
cinder-backup: false
endpoint-type: publicURL
neutron-network-firewall: false
neutron-network-l3ha: true
neutron-network-lb: true
openstack-origin: cloud:bionic-train
password-retrieve: true
secret: encryptcookieswithme
vip: 10.92.77.11
webroot: /
constraints: spaces=oam-space
bindings:
"": public-space
certificates: public-space
cluster: public-space
dashboard-plugin: public-space
ha: public-space
identity-service: public-space
nrpe-external-master: public-space
public: public-space
shared-db: oam-space
website: public-space
websso-fid-service-provider: public-space
websso-trusted-dashboard: public-space
placement:
charm: cs:placement-11
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
openstack-origin: cloud:bionic-train
region: RegionOne
use-internal-endpoints: true
vip: 10.92.77.19 192.168.2.19
bindings:
"": oam-space
admin: oam-space
amqp: oam-space
certificates: oam-space
cluster: oam-space
ha: oam-space
identity-service: oam-space
internal: oam-space
placement: oam-space
public: public-space
shared-db: oam-space
placement-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
rabbitmq-server:
charm: cs:rabbitmq-server-97
num_units: 4
to:
- lxd:0
- lxd:1
- lxd:2
- lxd:13
options:
min-cluster-size: 3
source: cloud:bionic-train
bindings:
"": oam-space
amqp: oam-space
ceph: oam-space
certificates: oam-space
cluster: oam-space
ha: oam-space
nrpe-external-master: oam-space
radosgw-hacluster:
charm: cs:hacluster-72
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
ubuntu:
charm: cs:ubuntu-15
num_units: 4
to:
- "0"
- "1"
- "2"
- "13"
bindings:
"": alpha
vault:
charm: cs:vault-39
num_units: 3
to:
- lxd:0
- lxd:1
- lxd:2
options:
vip: 192.168.2.20
bindings:
"": oam-space
access: oam-space
certificates: oam-space
cluster: oam-space
db: oam-space
etcd: oam-space
external: oam-space
ha: oam-space
nrpe-external-master: oam-space
secrets: oam-space
shared-db: oam-space
vault-hacluster:
charm: cs:hacluster-62
options:
cluster_count: 3
bindings:
"": alpha
ha: alpha
hanode: alpha
juju-info: alpha
nrpe-external-master: alpha
pacemaker-remote: alpha
peer-availability: alpha
machines:
"0":
constraints: tags=controller1
"1":
constraints: tags=controller2
"2":
constraints: tags=controller3
"3":
constraints: tags=compute1
"4":
constraints: tags=compute2
"5":
constraints: tags=compute3
"6":
constraints: tags=compute4
"9":
constraints: tags=command
"13":
constraints: tags=controller4
"14":
constraints: tags=controller5
"15":
constraints: tags=compute5
"17":
constraints: tags=CEPH
"19":
constraints: tags=CEPH
"21":
constraints: tags=CEPH
"22":
constraints: tags=CSN
relations:
- - ubuntu:juju-info
- ntp:juju-info
- - mysql:ha
- mysql-hacluster:ha
- - keystone:shared-db
- mysql:shared-db
- - keystone:ha
- keystone-hacluster:ha
- - glance:shared-db
- mysql:shared-db
- - glance:identity-service
- keystone:identity-service
- - nova-cloud-controller:shared-db
- mysql:shared-db
- - nova-cloud-controller:identity-service
- keystone:identity-service
- - nova-cloud-controller:image-service
- glance:image-service
- - nova-cloud-controller:ha
- ncc-hacluster:ha
- - neutron-api:shared-db
- mysql:shared-db
- - neutron-api:neutron-api
- nova-cloud-controller:neutron-api
- - neutron-api:identity-service
- keystone:identity-service
- - neutron-api:ha
- neutron-hacluster:ha
- - nova-compute:image-service
- glance:image-service
- - nova-compute:cloud-compute
- nova-cloud-controller:cloud-compute
- - nova-compute:juju-info
- ntp:juju-info
- - openstack-dashboard:identity-service
- keystone:identity-service
- - openstack-dashboard:ha
- dashboard-hacluster:ha
- - heat:shared-db
- mysql:shared-db
- - heat:identity-service
- keystone:identity-service
- - heat:ha
- heat-hacluster:ha
- - placement:shared-db
- mysql:shared-db
- - placement:identity-service
- keystone:identity-service
- - placement:placement
- nova-cloud-controller:placement
- - contrail-controller:contrail-controller
- contrail-agent:contrail-controller
- - contrail-agent:juju-info
- nova-compute:juju-info
- - contrail-analytics:contrail-analyticsdb
- contrail-analyticsdb:contrail-analyticsdb
- - contrail-analytics:contrail-analytics
- contrail-controller:contrail-analytics
- - contrail-analytics:http-services
- contrail-haproxy:reverseproxy
- - contrail-analyticsdb:contrail-analyticsdb
- contrail-controller:contrail-analyticsdb
- - contrail-controller:contrail-auth
- contrail-keystone-auth:contrail-auth
- - contrail-controller:http-services
- contrail-haproxy:reverseproxy
- - contrail-controller:https-services
- contrail-haproxy:reverseproxy
- - contrail-keystone-auth:identity-admin
- keystone:identity-admin
- - contrail-openstack:nova-compute
- nova-compute:neutron-plugin
- - contrail-openstack:neutron-api
- neutron-api:neutron-plugin-api-subordinate
- - contrail-openstack:heat-plugin
- heat:heat-plugin-subordinate
- - contrail-openstack:contrail-controller
- contrail-controller:contrail-controller
- - contrail-haproxy:juju-info
- contrail-keepalived:juju-info
- - nova-cloud-controller:memcache
- memcached:cache
- - external-policy-routing:juju-info
- openstack-dashboard:juju-info
- - external-policy-routing:juju-info
- glance:juju-info
- - external-policy-routing:juju-info
- heat:juju-info
- - external-policy-routing:juju-info
- keystone:juju-info
- - external-policy-routing:juju-info
- neutron-api:juju-info
- - external-policy-routing:juju-info
- nova-cloud-controller:juju-info
- - external-policy-routing:juju-info
- contrail-haproxy:juju-info
- - ntp:juju-info
- contrail-controller:juju-info
- - ntp:juju-info
- contrail-analytics:juju-info
- - ntp:juju-info
- contrail-analyticsdb:juju-info
- - ntp:juju-info
- neutron-api:juju-info
- - ntp:juju-info
- heat:juju-info
- - contrail-command:contrail-controller
- contrail-controller:contrail-controller
- - glance:ha
- glance-hacluster:ha
- - placement:ha
- placement-hacluster:ha
- - mysql:shared-db
- octavia:shared-db
- - mysql:shared-db
- barbican:shared-db
- - mysql:shared-db
- vault:shared-db
- - keystone:identity-service
- octavia:identity-service
- - keystone:identity-service
- barbican:identity-service
- - neutron-api:neutron-load-balancer
- octavia:neutron-api
- - openstack-dashboard:dashboard-plugin
- octavia-dashboard:dashboard
- - barbican-vault:secrets
- barbican:secrets
- - vault:secrets
- barbican-vault:secrets-storage
- - glance-simplestreams-sync:juju-info
- octavia-diskimage-retrofit:juju-info
- - keystone:identity-service
- glance-simplestreams-sync:identity-service
- - keystone:identity-credentials
- octavia-diskimage-retrofit:identity-credentials
- - contrail-openstack:nova-compute
- octavia:neutron-openvswitch
- - vault:ha
- vault-hacluster:ha
- - etcd:certificates
- easyrsa:client
- - etcd:db
- vault:etcd
- - barbican:ha
- barbican-hacluster:ha
- - octavia:ha
- octavia-hacluster:ha
- - rabbitmq-server:amqp
- barbican:amqp
- - rabbitmq-server:amqp
- glance-simplestreams-sync:amqp
- - rabbitmq-server:amqp
- heat:amqp
- - rabbitmq-server:amqp
- neutron-api:amqp
- - rabbitmq-server:amqp
- nova-cloud-controller:amqp
- - rabbitmq-server:amqp
- nova-compute:amqp
- - rabbitmq-server:amqp
- octavia:amqp
- - ceph-mon:osd
- ceph-osd:mon
- - ceph-radosgw:juju-info
- external-policy-routing:juju-info
- - ceph-radosgw:ha
- radosgw-hacluster:ha
- - ceph-radosgw:mon
- ceph-mon:radosgw
- - ceph-radosgw:identity-service
- keystone:identity-service
- - vault:certificates
- ceph-radosgw:certificates
- - ceph-radosgw:object-store
- glance:object-store
- - ceph-mon:client
- glance:ceph
- - ironic-conductor:amqp
- rabbitmq-server:amqp
- - ironic-conductor:identity-credentials
- keystone:identity-credentials
- - ironic-conductor:shared-db
- mysql:shared-db
- - vault:certificates
- ironic-conductor:certificates
- - nova-ironic:amqp
- rabbitmq-server:amqp
- - nova-ironic:image-service
- glance:image-service
- - nova-ironic:cloud-credentials
- keystone:identity-credentials
- - nova-ironic:cloud-compute
- nova-cloud-controller:cloud-compute
- - ceph-mon:client
- nova-ironic:ceph
- - nova-ironic:juju-info
- ntp:juju-info
- - contrail-agent-csn:juju-info
- nova-ironic:juju-info
- - contrail-agent-csn:contrail-controller
- contrail-controller:contrail-controller
- - ironic-api:ha
- ironic-api-hacluster:ha
- - ironic-conductor:ironic-api
- ironic-api:ironic-api
- - ironic-api:amqp
- rabbitmq-server:amqp
- - ironic-api:identity-service
- keystone:identity-service
- - ironic-api:shared-db
- mysql:shared-db
- - vault:certificates
- ironic-api:certificates
- - nova-ironic:ironic-api
- ironic-api:ironic-api
