Installing Contrail Command
Use this example to install the Contrail Command Docker container images.
Contrail Command is the GUI for Contrail Cloud and Contrail Enterprise Multicloud solutions. It represents the single management touchpoint for the fabric underlay, the overlay networks and virtual endpoints, and the AppFormix performance and resource monitoring application for cloud services.
Contrail Command also simplifies the configuration of OpenStack clusters and the integration of Contrail within those clusters. By providing a workflow to facilitate integration with orchestrators, initially providing support for OpenStack Kolla, Contrail Command makes integration a straightforward task.
After you integrate Contrail Command with your orchestrator, you can use Contrail Command to perform typical tasks such as creating overlay networks, creating flavors, spinning up workloads, attaching workloads to overlay networks, and setting up firewall permissions to control communication paths. For these typical tasks, it is not necessary for you to use the orchestrator’s UI (e.g. OpenStack dashboard).
In general, you can use Contrail Command to perform automated workflows such as the following:
deploy Contrail and Kolla-based OpenStack clusters.
monitor and manage underlay and physical devices, overlays and virtual endpoints, end to end policy and control.
orchestrate workloads running on bare metal servers, virtual machines, and containers.
discover and manage the data center IP fabric.
Most workflows are intent-based, meaning that you configure the workflows using templates and wizards where applicable.
Requirements
The system requirements for the Contrail Command server are:
A VM or physical x86 server with:
4 vCPUs
32 GB RAM
100 GB disk with all user storage in the “/” partition (that is, remove the “/home” partition if it exists, and increase the “/” partition by the amount of freed storage)
Internet access to and from the VM or physical server, hereafter referred to as the Contrail Command server
Runs a version of CentOS that supports your version of Contrail Networking.
We perform regular testing of Contrail Command on CentOS 7 but Contrail Command should work on other common versions of Linux. For a list of CentOS versions that are supported with Contrail Networking and orchestration platform combinations, see Contrail Networking Supported Platforms List.
You can install CentOS with updated packages using the
yum updatecommand.An IP interface attached to the management network. Contrail Command manages Contrail and OpenStack clusters over this interface.
SSH access
Access to the hub.juniper.net registry. See README Access to Contrail Registry 19XX for more information.
<container_tag> See README Access to Contrail Registry 19XX for more information..
Overview
Installation
Contrail Command deploys as a pair of Docker containers.
You install Contrail Command by downloading and running the contrail-command-deployer image, which runs in its own container and exits when the Contrail
Command installation is complete.
Before you begin, set up a CentOS 7 server that meets the specified requirements. For a list of supported platforms, see https://www.juniper.net/documentation/en_US/release-independent/contrail/topics/reference/contrail-supported-platforms.pdf.
Additionally, remove any installed Python Docker (docker and docker-py) libraries from the server. The contrail-command-deployer automatically installs all necessary libraries. If you are using
a freshly installed minimal CentOS 7 server, then these Python Docker
libraries do not yet exist on the server and you do not have to take
any action.
pip uninstall docker docker-py
There is no harm if you issue the above command when no Python Docker libraries are installed.
Procedure
Step-by-Step Procedure
Perform the following steps on a CentOS 7 server to configure and install Contrail Command.
Install and start the Docker Engine. The following set of commands adds the Docker repository and installs and starts Docker Community Edition version 18.06 as an example.
yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo \ https://download.docker.com/linux/centos/docker-ce.repo yum install -y docker-ce-18.06.0.ce systemctl start docker
Pull the
contrail-command-deployerDocker image from hub.juniper.net.See README Access to Contrail Registry 19XX for information on how to get credentials to access the secure hub.juniper.net registry and for the name of the container tag to use.
Log in to the hub.juniper.net registry.
docker login hub.juniper.net \ --username <container_registry_username> \ --password <container_registry_password>
Retrieve the
contrail-command-deployerDocker image.docker pull hub.juniper.net/contrail/contrail-command-deployer:<container_tag>
where <container_tag> is the container tag for the Contrail Command (UI) container deployment for the release that you want to install. See README Access to Contrail Registry 19XX to obtain the <container_tag> for any Contrail Networking Release 19 software.
Create the command_servers.yml configuration file.
The command_servers.yml file contains information of the server where you plan to install Contrail Command as well as information of the container registry and other configuration parameters. Contrail Command runs on a single server, typically the same server where you run the
contrail-command-deployer(that is, the server used in this procedure).When you run the
contrail-command-deployer, it reads and processes the command_servers.yml file. Examples of this file are shown in #sample-command-servers__sample-command-servers-51 and #sample-command-servers__sample-command-servers-50.Note:If you want to deploy AppFormix, add the following two lines to the
command_servers.ymlfile. They must be placed outside of the “command_servers” hierarchy, either immediately after the "---" at the very top of the file or as the last two lines at the very bottom of the file. The following shows an example where the two lines are added at the top of the file:--- user_command_volumes: - /opt/software/appformix:/opt/software/appformix command_servers: server1: ip:Run the
contrail-command-deployercontainer to deploy Contrail Command.To perform a fresh installation:
docker run -td --net host -v \ <ABSOLUTE_PATH_TO_command_servers.yml_FILE>:/command_servers.yml \ --privileged \ --name contrail_command_deployer \ hub.juniper.net/contrail/contrail-command-deployer:<container_tag>
where <ABSOLUTE_PATH_TO_command_servers.yml_FILE> is the absolute path to the command_servers.yml file that you created in step 3, and <container_tag> is the container tag for the Contrail Command (UI) container deployment for the release that you want to install.
(Optional) Track the progress of step 4.
docker logs -f contrail_command_deployer
After the installation is complete, verify that the Contrail Command containers are running.
[root@centos254 ~]# docker ps -a CONTAINER ID IMAGE <trimmed> STATUS <trimmed> NAMES 2e62e778aa91 hub.juniper.net/... Up <trimmed> contrail_command c8442860e462 circleci/postgre... Up <trimmed> contrail_psql 57a666e93d1a hub.juniper.net/... Exited <trimmed> contrail_command_deployer
The
contrail_commandcontainer is the GUI and thecontrail_psqlcontainer is the database. Both containers should have a STATUS of Up.The
contrail-command-deployercontainer should have a STATUS of Exited because it exits when the installation is complete.-
Log in to Contrail Command using https://<Contrail-Command-Server-IP-Address>:9091. Use the username and password that you specified in the command_servers.yml file in step 3. If you use the sample command_servers.yml files in Sample command_servers.yml Files, the username is admin and the password is contrail123.
Sample command_servers.yml Files
Minimal command_servers.yml file
The following sample file has the minimum configuration that you need when you install Contrail Command.
Note: Passwords are provided in this output for illustrative purposes only. We suggest using unique passwords in accordance with your organization’s security guidelines in your environment.
---
command_servers:
server1:
ip: <IP Address> # IP address of server where you want to install Contrail Command
connection: ssh
ssh_user: root
ssh_pass: <contrail command server password>
sudo_pass: <contrail command server root password>
ntpserver: <NTP Server address>
registry_insecure: false
container_registry: hub.juniper.net/contrail
container_tag: <container_tag>
container_registry_username: <registry username>
container_registry_password: <registry password>
config_dir: /etc/contrail
contrail_config:
database:
type: postgres
dialect: postgres
password: contrail123
keystone:
assignment:
data:
users:
admin:
password: contrail123
insecure: true
client:
password: contrail123
Complete command_servers.yml File
The following sample file has an exhaustive list of configurations and supporting parameters that you can use when you install Contrail Command.
Note: Passwords are provided in this output for illustrative purposes only. We suggest using unique passwords in accordance with your organization’s security guidelines in your environment.
---
# User defined volumes
#user_command_volumes:
# - /var/tmp/contrail:/var/tmp/contrail
command_servers:
server1:
ip: <IP Address>
connection: ssh
ssh_user: root
ssh_pass: <contrail command server password>
sudo_pass: <contrail command server root password>
ntpserver: <NTP Server address>
# Specify either container_path
#container_path: /root/contrail-command-051618.tar
# or registry details and container_name
registry_insecure: false
container_registry: hub.juniper.net/contrail
container_name: contrail-command
container_tag: <container_tag>
container_registry_username: <registry username>
container_registry_password: <registry password>
config_dir: /etc/contrail
# contrail command container configurations given here go to /etc/contrail/contrail.yml
contrail_config:
# Database configuration. PostgreSQL supported
database:
type: postgres
dialect: postgres
host: localhost
user: root
password: contrail123
name: contrail_test
# Max Open Connections for DB Server
max_open_conn: 100
connection_retries: 10
retry_period: 3s
# Log Level
log_level: debug
# Cache configuration
cache:
enabled: true
timeout: 10s
max_history: 100000
rdbms:
enabled: true
# Server configuration
server:
enabled: true
read_timeout: 10
write_timeout: 5
log_api: true
address: ":9091"
# TLS Configuration
tls:
enabled: true
key_file: /usr/share/contrail/ssl/cs-key.pem
cert_file: /usr/share/contrail/ssl/cs-cert.pem
# Enable GRPC or not
enable_grpc: false
# Static file config
# key: URL path
# value: file path. (absolute path recommended in production)
static_files:
/: /usr/share/contrail/public
# API Proxy configuration
# key: URL path
# value: String list of backend host
#proxy:
# /contrail:
# - http://localhost:8082
notify_etcd: false
# VNC Replication
enable_vnc_replication: true
# Keystone configuration
keystone:
local: true
assignment:
type: static
data:
domains:
default: &default
id: default
name: default
projects:
admin: &admin
id: admin
name: admin
domain: *default
demo: &demo
id: demo
name: demo
domain: *default
users:
admin:
id: admin
name: Admin
domain: *default
password: contrail123
email: admin@juniper.nets
roles:
- id: admin
name: admin
project: *admin
bob:
id: bob
name: Bob
domain: *default
password: bob_password
email: bob@juniper.net
roles:
- id: Member
name: Member
project: *demo
store:
type: memory
expire: 36000
insecure: true
authurl: https://localhost:9091/keystone/v3
# disable authentication with no_auth true and comment out keystone configuraion.
#no_auth: true
insecure: true
etcd:
endpoints:
- localhost:2379
username: ""
password: ""
path: contrail
watcher:
enabled: false
storage: json
client:
id: admin
password: contrail123
project_name: admin
domain_id: default
schema_root: /
endpoint: https://localhost:9091
compilation:
enabled: false
# Global configuration
plugin_directory: 'etc/plugins/'
number_of_workers: 4
max_job_queue_len: 5
msg_queue_lock_time: 30
msg_index_string: 'MsgIndex'
read_lock_string: "MsgReadLock"
master_election: true
# Plugin configuration
plugin:
handlers:
create_handler: 'HandleCreate'
update_handler: 'HandleUpdate'
delete_handler: 'HandleDelete'
agent:
enabled: true
backend: file
watcher: polling
log_level: debug
# The following are optional parameters used to patch/cherrypick
# revisions into the contrail-ansible-deployer sandbox. These configs
# go into the /etc/contrail/contrail-deploy-config.tmpl file
# cluster_config:
# ansible_fetch_url: "https://review.opencontrail.org/Juniper/contrail-ansible-deployer refs/changes/80/40780/20"
# ansible_cherry_pick_revision: FETCH_HEAD
# ansible_revision: GIT_COMMIT_HASH