Configuring Contrail Command
The Contrail Command user interface (UI) is supported starting with Contrail Release 5.0.1. Contrail Command is an intuitive, wizard-based UI which provides automated work flows such as the following:
Contrail cluster deployment (Kolla-based OpenStack cluster)
Automating the data center IP fabric
Orchestrating virtual machines and bare metal servers
Requirements
The system requirements to install the Contrail Command server are:
A VM or physical server with:
8 vCPUs
64 GB RAM
300 GB disk out of which 256 GB is allocated to /root directory.
Internet access to and from the physical server, hereafter referred to as the Contrail Command server
(Recommended) x86 server with CentOS 7.5 as the base OS to install Contrail Command
Overview
Contrail Command is an intuitive, wizard-based user interface (UI) to manage private and public clouds, physical and virtual workloads and devices.
Configuration
Prerequisite
docker-py is obsolete in Contrail Release 5.0.2.
You must remove docker-py and docker Python
packages from all the nodes where you want to install the Contrail
Command UI.
pip uninstall docker-py docker
Procedure
Step-by-Step Procedure
Perform the following steps to configure and install Contrail Command.
Install Docker on the Contrail Command server. These packages are necessary to automate the deployment of Contrail Command software.
yum install -y yum-utils device-mapper-persistent-data lvm2yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repoyum install -y docker-cesystemctl start dockerDownload the contrail-command-deployer Docker container image to deploy contrail-command (contrail_command, contrail_mysql containers) from hub.juniper.net. Allow Docker to connect to the private secure registry.
docker login hub.juniper.net --username <container_registry_username> --password <container_registry_password>Pull Contrail-Command-Deployer Container from the private secure registry.
docker pull hub.juniper.net/contrail/contrail-command-deployer:<container_tag>Example, for container_tag: 5.0.1-0.214, use the following command:
docker pull hub.juniper.net/contrail/contrail-command-deployer:5.0.1-0.214Create the input configuration command_servers.yml file.
Use the Sample command_servers.yml File to create the command_servers.yml file.
Start the Contrail_Command_Deployer container to deploy the Contrail-Command server.
docker run -t --net host -v ABSOLUTE_PATH_TO_COMMAND_SERVERS_FILE:/command_servers.yml -d --privileged --name contrail_command_deployer hub.juniper.net/contrail/contrail-command-deployer:<container_tag>ABSOLUTE_PATH_TO_COMMAND_SERVERS_FILE—path to the command_servers.yml file that you created in step 3.Example, for container_tag: 5.0.1-0.214, use the following command:
docker run -t --net host -v /root/command_servers.yml:/command_servers.yml -d --privileged --name contrail_command_deployer hub.juniper.net/contrail/contrail-command-deployer:5.0.1-0.214The
contrail_commandandcontrail_mysqContrail Command containers are deployed.(Optional) You can also upgrade Contrail-Command UI without deleting existing database information. To update contrail_command container and not make changes to the database container, use the following command.
docker run -t --net host -e delete_db=no -v <ABSOLUTE_PATH_TO_COMMAND_SERVERS_FILE>:/command_servers.yml -d --privileged --name contrail_command_deployer hub.juniper.net/contrail/contrail-command-deployer:<container_tag>Note:Code changes that involve schema modifications require updating the database container as well. Step 5 is recommended only if the UI application requires an update.
(Optional) Track the progress of Step 4.
docker logs -f contrail_command_deployerOnce the playbook execution completes, log in to Contrail Command using https://Contrail-Command-Server-IP-Address:9091. Use the same user name and password that was entered in 3. Default username is admin and password is contrail123.
Sample command_servers.yml File
---
command_servers:
server1:
ip: <IP Address>
connection: ssh
ssh_user: root
ssh_pass: <contrail command server password>
sudo_pass: <contrail command server root password>
ntpserver: <NTP Server address>
# Specify either container_path
#container_path: /root/contrail-command-051618.tar
# or registry details and container_name
# registry_insecure: true
# container_registry: ci-repo.englab.juniper.net:5010
registry_insecure: false
container_registry: hub.juniper.net/contrail
container_name: contrail-command
container_tag: 5.0.2-0.349
container_registry_username: <registry username>
container_registry_password: <registry password>
config_dir: /etc/contrail
# contrail command container configurations given here go to /etc/contrail/contrail.yml
contrail_config:
# Database configuration. MySQL/PostgreSQL supported
database:
# MySQL example
type: mysql
dialect: mysql
host: localhost
user: root
password: contrail123
name: contrail_test
# Postgres example
#connection: "user=root dbname=contrail_test sslmode=disable"
#type: postgres
#dialect: postgres
# Max Open Connections for DB Server
max_open_conn: 100
connection_retries: 10
retry_period: 3s
# Log Level
log_level: debug
# Server configuration
server:
enabled: true
read_timeout: 10
write_timeout: 5
log_api: true
address: ":9091"
# TLS Configuration
tls:
enabled: true
key_file: /usr/share/contrail/ssl/cs-key.pem
cert_file: /usr/share/contrail/ssl/cs-cert.pem
# Enable GRPC or not
enable_grpc: false
# Static file config
# key: URL path
# value: file path. (absolute path recommended in production)
static_files:
/: /usr/share/contrail/public
# API Proxy configuration
# key: URL path
# value: String list of backend host
#proxy:
# /contrail:
# - http://localhost:8082
notify_etcd: false
# Keystone configuration
keystone:
local: true
assignment:
type: static
data:
domains:
default: &default
id: default
name: default
projects:
admin: &admin
id: admin
name: admin
domain: *default
demo: &demo
id: demo
name: demo
domain: *default
users:
admin:
id: admin
name: Admin
domain: *default
password: contrail123
email: admin@juniper.nets
roles:
- id: admin
name: Admin
project: *admin
bob:
id: bob
name: Bob
domain: *default
password: bob_password
email: bob@juniper.net
roles:
- id: Member
name: Member
project: *demo
store:
type: memory
expire: 36000
insecure: true
authurl: https://localhost:9091/keystone/v3
# disable authentication with no_auth true and comment out keystone configuraion.
#no_auth: true
insecure: true
etcd:
endpoints:
- localhost:2379
username: ""
password: ""
path: contrail
watcher:
enabled: false
storage: json
client:
id: admin
password: contrail123
project_name: admin
domain_id: default
schema_root: /
endpoint: https://localhost:9091
compilation:
enabled: false
# Global configuration
plugin_directory: 'etc/plugins/'
number_of_workers: 4
max_job_queue_len: 5
msg_queue_lock_time: 30
msg_index_string: 'MsgIndex'
read_lock_string: "MsgReadLock"
master_election: true
# Plugin configuration
plugin:
handlers:
create_handler: 'HandleCreate'
update_handler: 'HandleUpdate'
delete_handler: 'HandleDelete'
agent:
enabled: true
backend: file
watcher: polling
log_level: debug
# The following are optional parameters used to patch/cherrypick
# revisions into the contrail-ansible-deployer sandbox. These configs
# go into the /etc/contrail/contrail-cluster.tmpl file
# cluster_config:
# ansible_fetch_url: "https://review.opencontrail.org/Juniper/contrail-ansible-deployer refs/changes/80/40780/20"
# ansible_cherry_pick_revision: FETCH_HEAD
# ansible_revision: GIT_COMMIT_HASH