Deploying Contrail Multicloud using REST API
This section explains how to deploy Contrail Multicloud using REST API.
Prerequisites and Assumptions
The following are the assumptions for Contrail Multicloud deployment:
Contrail Controller cluster is already deployed on the on-premise side. On-premise implies that the software is installed locally on the organization or data center servers.
All nodes on the on-premise side have a management IP (declared in node object as
ip_addressfield) control/data IP as a child port objectip_addressfield.Ensure that static routes are added in the on-premise multicloud gateway, Contrail controller, and top-of-rack (TOR) node.
Ensure that the on-premise Contrail cluster and multicloud gateway are in two different subnets.
contrail-api is listening on the control-date IP.
Understand the
contrail-go-apiserver tools and concepts.
Objective and Workflow
The deployment consists of the following steps:
Create an entire public cloud infrastructure that includes Virtual Private Cloud (VPC)/virtual network, virtual machines, routes, and so on.
Deploy multicloud gateway roles for both on-premise site and public cloud sites.
Deploy Contrail and Kubernetes components needed on the public cloud site.
Establish connectivity between on-premise site and public cloud.
Deploying the Public Cloud Infrastructure
When deploying the following example deploy_public_cloud_infra.yml file, multiple resources for Amazon Web Services (AWS) infrastructure
are created. Summarized are important resources created using this
yaml file.
One VPC (
192.168.100.0/24)One private subnet (
192.168.100.128/25).Two security group rules.
Two Elastic Compute Cloud (EC2) instances (gateway and compute)
Verify that the correct access key and secret key are entered
in the cloud_user object.
Example: deploy_public_cloud_infra.yml
---
resources:
- data:
name: public_cloud_tag
uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
fq_name:
- public_cloud_tag
tag_type_name: label
tag_value: public_cloud_provider_aws
kind: tag
operation: CREATE
- data:
name: public_cloud_key
uuid: 4e77005b-b7ba-489b-9891-8472cee8ghts
parent_type: global-system-config
fq_name:
- default-global-system-config
- public_cloud_key
kind: keypair
operation: CREATE
- data:
name: public_cloud_credential
uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
parent_type: global-system-config
fq_name:
- default-global-system-config
- public_cloud_credential
ssh_user: ec2-user
keypair_refs:
- uuid: 4e77005b-b7ba-489b-9891-8472cee8ghts
kind: credential
operation: CREATE
- data:
uuid: 4e77005b-b7ba-489b-9891-8472cee9eadf
name: public_cloud_user
fq_name:
- public_cloud_user
perms2:
owner: admin
aws_credential:
access_key: xxxxxxxxx
secret_key: YYYYYYYYYYYYYYYYYYYYYY
credential_refs:
- uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
kind: cloud_user
operation: CREATE
- data:
provisioning_state: CREATED
uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc
name: public_cloud
fq_name:
- public_cloud
perms2:
owner: admin
organization: test
project: 5.0.3
cloud_user_refs:
- uuid: 4e77005b-b7ba-489b-9891-8472cee9eadf
kind: cloud
operation: CREATE
- data:
name: public_cloud_provider
parent_type: cloud
fq_name:
- public_cloud
- public_cloud_provider
perms2:
owner: admin
type: aws
kind: cloud_provider
operation: CREATE
- data:
name: us-west-1
parent_type: cloud-provider
fq_name:
- public_cloud
- public_cloud_provider
- public_cloud_region
display_name: public_cloud_region
perms2:
owner: admin
kind: cloud_region
operation: CREATE
- data:
name: publc_virtual_cloud
parent_type: cloud-region
fq_name:
- public_cloud
- public_cloud_provider
- public_cloud_region
- publc_virtual_cloud
perms2:
owner: admin
cidr_block: 192.168.100.0/24
tag_refs:
- uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
kind: virtual_cloud
operation: CREATE
- data:
uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
name: public_cloud_private_subnet
parent_type: virtual-cloud
fq_name:
- public_cloud
- public_cloud_provider
- public_cloud_region
- publc_virtual_cloud
- public_cloud_private_subnet
perms2:
owner: admin
cidr_block: 192.168.100.128/25
availability_zone: a
kind: cloud_private_subnet
operation: CREATE
- data:
uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
name: public_cloud_security_group
parent_type: virtual-cloud
fq_name:
- public_cloud
- public_cloud_provider
- public_cloud_region
- publc_virtual_cloud
- public_cloud_security_group
perms2:
owner: admin
kind: cloud_security_group
operation: CREATE
- data:
name: public_cloud_security_group_rule_ingress
parent_type: cloud-security-group
fq_name:
- public_cloud
- public_cloud_provider
- public_cloud_region
- publc_virtual_cloud
- public_cloud_security_group
- public_cloud_security_group_rule_ingress
perms2:
owner: admin
direction: ingress
protocol: "-1"
from_port: 0
to_port: 0
cidr_block: 0.0.0.0/0
kind: cloud_security_group_rule
operation: CREATE
- data:
name: public_cloud_security_group_rule_egress
parent_type: cloud-security-group
fq_name:
- public_cloud
- public_cloud_provider
- public_cloud_region
- publc_virtual_cloud
- public_cloud_security_group
- public_cloud_security_group_rule_egress
perms2:
owner: admin
direction: egress
protocol: "-1"
from_port: 0
to_port: 0
cidr_block: 0.0.0.0/0
kind: cloud_security_group_rule
operation: CREATE
- data:
uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43526
name: public_gateway_node
parent_type: global-system-config
fq_name:
- default-global-system-config
- public_gateway_node
perms2:
owner: admin
hostname: gateway
interface_name: eth1
type: private
cloud_info:
availability_zone: a
machine_id: ami-18726478
instance_type: t2.xlarge
roles:
- gateway
cloud_private_subnet_refs:
- uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
credential_refs:
- uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
cloud_security_group_refs:
- uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
tag_refs:
- uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
kind: node
operation: CREATE
- data:
uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634
name: public_compute_node
parent_type: global-system-config
fq_name:
- default-global-system-config
- public_compute_node
perms2:
owner: admin
hostname: compute
interface_name: eth0
type: private
cloud_info:
availability_zone: a
machine_id: ami-18726478
instance_type: t2.xlarge
volume_size: 24
roles:
- compute
cloud_private_subnet_refs:
- uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
credential_refs:
- uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
cloud_security_group_refs:
- uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
tag_refs:
- uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
kind: node
operation: CREATE
Creating Contrail Roles Specific to Public Cloud Instances
Use these guidelines in the create_contrail_roles_for_cloud_objects.yml file in this procedure:
a5063dde-2681-11e9-8021-0050568a3bf0is thecontrail_clusterUUID. Alsoa50635c8-2681-11e9-8021-0050568a3bf0is thekubernetes_clusterUUID. It is assumed that both UUIDs are already created.node_refsis the UUID of the nodes that were created in the previous topic “Deploy Public Cloud Infrastructure.”parent_uuidis the UUID of thekubernetes_clusterfor thekubernetes_noderole object.For
contrail_multicloud_gw_nodeandcontrail_vrouter_noderole, objectparent_uuidis thecontrail_clusterobjects UUID.
To create Contrail roles specific to public cloud instances, perform the following steps:
Enter these requests to locate the Contrail and Kubernetes cluster UUIDs.
contrailcli list contrail_cluster | grep uuid contrailcli list kubernetes_cluster | grep uuid
Use the following request payload to create the contrail roles for cloud objects.
Example:
create_contrail_roles_for_cloud_objects.yml--- resources: - data: name: public_contrail_multicloud_gw_node node_refs: - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43526 protocols_mode: - ssl_server - ipsec_server - ipsec_client parent_type: contrail-cluster parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0 kind: contrail_multicloud_gw_node operation: CREATE - data: name: public_kubernetes_node node_refs: - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634 parent_type: kubernetes-cluster parent_uuid: a50635c8-2681-11e9-8021-0050568a3bf0 kind: kubernetes_node operation: CREATE - data: name: public_contrail_vrouter_node node_refs: - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634 parent_type: contrail-cluster parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0 kind: contrail_vrouter_node operation: CREATEUpdate the
provisioning_stateof cloud object to NOSTATE to trigger the deployment of the public cloud.- data: provisioning_state: NOSTATE uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc kind: cloud Operation: UPDATEWait for the cloud deployment logs in /var/log/contrail/cloud.log to complete before proceeding to the next steps. When completed, the
provisioning_stateof the cloud resource change from NOSTATE to either UPDATED or UPDATE_FAILED.
Creating On-Premise Cloud Objects
In the following create_onprem_pvt_port.yml file, node objects were already created. You are updating the cloud_private_subnet and tag_refs. Per the requirement, you need to have multicloud gateway and other
roles on the on-premise cluster (Contrail controller, Kubernetes nodes,
OpenStack nodes) on two different networks connected through a TOR.
Hence, in the following yaml file there are two private subnets created.
Be careful when adding the cloud_private_subnet_refs to the nodes.
To create on-premise cloud objects:
Create the private port.
If the private interface is not already created for the on-premise cluster nodes by using the UI, create them here. In the following example file, you are using the UUID of each on-premise cluster node resource.
Example:
create_onprem_pvt_port.yml--- resources: # Create private interface for onprem compute node - data: parent_type: node parent_uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634 name: bond0 ip_address: 192.168.1.2 pxe_enabled: false kind: port # Create private interface for onprem controller - data: parent_type: node parent_uuid: c8d9d4ec-2f4a-11e9-bfac-0050568a3bf0 name: bond0 ip_address: 192.168.1.1 pxe_enabled: false kind: portCreate
onpremtag. This is used later to link on-premise nodes to the on-premisevirtual_cloud.Example:
create_onprem_tag.yml--- resources: - data: name: onprem_cloud_tag uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93 fq_name: - onprem_cloud_tag tag_type_name: label tag_value: onprem_cloud_provider kind: tag Operation: CREATEUpdate the on-premise credential with the public cloud keypair reference.
Use the UUID of the already created credential resource. List the credentials using the following requests to obtain the UUID.
contrailcli list contrail_control_node -d | grep -A 1 node_refs contrailcli show node <uuidOfNodeRefsFromPreviousCommand> | grep -A 1 credential_refs
In
keypair_refsuse the UUID of the keypair created as part of deploying public cloud in the previous topic “Deploy Public Cloud Infrastructure.”Example:
update_onprem_keypair.yml--- resources: - data: uuid: c8d9bf8e-2f4a-11e9-bfac-0050568a3bf0 keypair_refs: - uuid: 4e77005b-b7ba-489b-9891-8472cee8ghts kind: credential operation: UPDATE
Create the on-premise
cloud_userwith thecredential_refspointing to the on-premise credential UUID, that was updated in Step 3.Example:
create_onprem_clouduser.yml--- resources: - data: uuid: 4e77005b-b7ba-489b-9891-aGFjawo9eadf name: onprem_cloud_user fq_name: - onprem_user credential_refs: - uuid: c8d9bf8e-2f4a-11e9-bfac-0050568a3bf0 perms2: owner: admin kind: cloud_user operation: CREATECreate the on-premise cloud objects.
Cloud object refers to
cloud_usercreated in Step 4 and thevirtual_cloudreference tag created in Step 2.Example:
create_onprem_cloud_objects.yml--- resources: - data: provisioning_state: CREATED uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg name: onprem_cloud fq_name: - onprem_cloud perms2: owner: admin organization: juniper project: juniper-private cloud_user_refs: - uuid: 4e77005b-b7ba-489b-9891-aGFjawo9eadf kind: cloud operation: CREATE - data: name: onprem_cloud_provider parent_type: cloud fq_name: - onprem_cloud - onprem_cloud_provider perms2: owner: admin type: private kind: cloud_provider operation: CREATE - data: name: onprem_cloud_region parent_type: cloud-provider fq_name: - onprem_cloud - onprem_cloud_provider - onprem_cloud_region perms2: owner: admin kind: cloud_region operation: CREATE - data: name: onprem_virtual_cloud parent_type: cloud-region fq_name: - onprem_cloud - onprem_cloud_provider - onprem_cloud_region - onprem_virtual_cloud perms2: owner: admin tag_refs: - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93 kind: virtual_cloud operation: CREATE - data: name: onprem_cloud_private_subnet uuid: 5ecfeb06-2e7c-11e9-b210-d663bd873d93 parent_type: virtual-cloud fq_name: - onprem_cloud - onprem_cloud_provider - onprem_cloud_region - onprem_virtual_cloud - onprem_cloud_private_subnet perms2: owner: admin cidr_block: 192.168.1.0/24 kind: cloud_private_subnet operation: CREATE - data: name: onprem_cloud_private_subnet_gw uuid: 3defeb06-2e7c-11e9-b210-d663bd873d93 parent_type: virtual-cloud fq_name: - onprem_cloud - onprem_cloud_provider - onprem_cloud_region - onprem_virtual_cloud - onprem_cloud_private_subnet_gw perms2: owner: admin cidr_block: 192.168.2.0/24 kind: cloud_private_subnet operation: CREATECreate the on-premise gateway node.
tag_refs,credential_refs, andcloud_private_subnet_refsare the UUID of the respective resources created or updated in Step 2, Step 3, and Step 5 respectively.cloud_private_subnet_refsis specifically from thecloud_private_subnetcreated for the on-premise gateway.
Example:
create_onprem_mcgw_node.yml--- resources: - data: uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953 name: onprem_gateway type: private hostname: onprem_gateway ip_address: 10.87.74.132 interface_name: eno1 fq_name: - default-global-system-config - onpre_virtual_cloud parent_type: global-system-config tag_refs: - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93 credential_refs: - uuid: c8d9bf8e-2f4a-11e9-bfac-0050568a3bf0 cloud_private_subnet_refs: - uuid: 3defeb06-2e7c-11e9-b210-d663bd873d93 kind: node # Create private interface for onprem gateway - data: parent_type: node parent_uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953 name: bond0 ip_address: 192.168.2.1 pxe_enabled: false kind: portCreate the on-premise
contrail_multicloud_gateway_noderole and updateparent_uuidwithcontrail_clusterUUID.Use the following request to get the
contrail_clusterUUID:contrailcli list contrail_cluster | grep uuid
Update
node_refsUUID with the gateway node created earlier in this step.Example:
create_onprem_mcgw_node_role.yml--- resources: - data: name: onprem_contrail_multicloud_gw_node node_refs: - uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953 protocols_mode: - ssl_client default_gateway: 192.168.2.254 parent_type: contrail-cluster parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0 kind: contrail_multicloud_gw_nodeUpdate the on-premise compute and controller node.
Link the on-premise cluster nodes (compute/controller) to the
virtual_cloudcreated for the on-premise cluster using tag. Use the UUID of the node object created using the UI as part of the Contrail cluster deployment.Use the following request to get the node UUID:
contrailcli list contrail_control_node | grep uuid contrailcli list contrail_vrouter_node | grep uuid
tag_refs, andcloud_private_subnet_refsare the UUID of the respective resources created or updated in Step 2 and Step 5.Example:
update_onprem_nodes.yml--- resources: #Link onprem cluster nodes to the virtaul_cloud created for onprem cluster - data: uuid: c8d9d4ec-2f4a-11e9-bfac-0050568a3bf0 cloud_private_subnet_refs: - uuid: 5ecfeb06-2e7c-11e9-b210-d663bd873d93 tag_refs: - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93 kind: node operation: UPDATE - data: uuid: c8d9c1b4-2f4a-11e9-bfac-0050568a3bf0 cloud_private_subnet_refs: - uuid: 5ecfeb06-2e7c-11e9-b210-d663bd873d93 tag_refs: - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93 kind: node operation: UPDATEUpdate the on-premise cloud state with NOSTATE to trigger deployment of the on-premise cloud. Use the
onprem_cloudobjects UUID created in Step 5.--- resources: - data: provisioning_state: NOSTATE uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg kind: cloud operation: UPDATEWait for the cloud deployment logs in /var/log/contrail/cloud.log to complete before proceeding to the next steps. When completed, the
provisioning_stateof the cloud resource changes from NOSTATE to either UPDATED or UPDATE_FAILED.
Extending On-Premise Contrail Cluster to Public Cloud
To extend the on-premise Contrail cluster to the public cloud:
Use the following request to get the cloud UUIDs.
contrailcli list cloud | grep uuid
Use the following request to get the UUID of the
contrail_cluster.contrailcli list contrail_cluster | grep uuid
Run the following request payload to extend the on-premise Contrail cluster to the public cloud.
Example:
extend_onprem_to_coud.yml--- resources: - data: uuid: a5063dde-2681-11e9-8021-0050568a3bf0 provisioning_state: NOSTATE provisioning_action: ADD_CLOUD cloud_refs: - uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg - uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc mc_gw_info: AS: 65000 openvpn_port: 443 vpn_lo_network: 100.65.0.0/16 vpn_network: 100.64.0.0/16 bfd_interval: 200ms bfd_multiplier: 5 bfd_interval_multihop: 500ms bfd_multiplier_multihop: 5 kind: contrail_cluster operation: UPDATEWith this request, you trigger the Contrail multicloud Ansible playbooks to start deploying Contrail roles on the public cloud, which includes the Contrail multicloud gateway role.
Wait for the cloud deployment logs in /var/log/contrail/cloud.log to complete before proceeding to the next steps. When completed, the
provisioning_stateof the cloud resource changes from NOSTATE to either UPDATED or UPDATE_FAILED.