OpenContrail intergration

JIRA: COMPASS-168

Change-Id: I0fe22568fb28019a0085e8bbf9b600acfa9e8f45
Signed-off-by: chenshuai@huawei.com <chenshuai@huawei.com>

diff --git a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
index 58774e4..c408488 100644 (file)
--- a/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack/HA-ansible-multinodes.yml
@@ -50,6 +50,12 @@
   roles:
     - onos_cluster
 
+#- hosts: all
+#  remote_user: root
+#  sudo: True
+#  roles:
+#    - open-contrail
+
 - hosts: controller
   remote_user: root
   sudo: True

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem
new file mode 100755 (executable)
index 0000000..66f82c5
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/cacert.pem
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 1 (0x1)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+        Validity
+            Not Before: Sep 15 04:35:47 2015 GMT
+            Not After : Sep 12 04:35:47 2025 GMT
+        Subject: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:98:04:9b:9f:2e:e2:0b:4a:59:9d:00:74:dc:b4:
+                    cb:fc:8d:c4:7d:32:35:e5:1c:ee:94:f0:13:e6:54:
+                    1c:2e:47:47:f0:bd:f2:7f:ae:cb:6a:2f:ec:74:5c:
+                    14:39:80:bf:7b:d1:83:90:ec:7a:7d:02:8c:fc:67:
+                    de:99:53:69:1f:5c:61:d5:0a:7f:93:df:02:d4:16:
+                    d3:55:b8:28:5c:fd:32:5b:6c:af:03:c1:23:92:00:
+                    0e:2b:eb:32:07:00:99:64:14:32:e4:f8:76:b3:06:
+                    e1:d0:54:5a:fc:92:cd:5e:e5:b7:85:43:9e:b8:79:
+                    e4:23:a6:3c:0c:42:78:f4:d3:7e:33:1c:f2:5a:24:
+                    ac:24:61:2f:72:b3:b1:e7:99:4e:ef:2d:85:26:de:
+                    b6:59:16:25:1a:65:ce:95:9c:fd:c7:3c:30:44:1d:
+                    4c:3b:34:dd:8d:ad:1f:ee:06:8e:b1:2d:b1:bb:a6:
+                    68:62:52:98:c2:2d:a3:14:75:a7:5f:24:10:4f:74:
+                    4f:94:0b:61:bd:c5:f1:6b:78:fa:48:89:27:3b:04:
+                    4d:25:50:d1:4f:63:3d:4b:3c:cc:fa:df:20:f1:0c:
+                    3f:1d:44:9d:c2:3e:d4:12:07:72:a4:6a:11:03:2f:
+                    1d:71:d5:b2:de:b4:a6:d8:ad:7a:ac:c9:c7:8e:12:
+                    4d:47
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+         28:3f:32:46:dd:a9:c0:30:46:9a:29:ec:90:36:14:aa:a7:0c:
+         dc:67:a0:ec:81:dc:f9:34:35:c5:e4:9b:48:dd:c6:5a:ed:30:
+         78:99:6c:32:8c:60:59:ab:dc:7a:86:bb:94:8b:98:db:62:33:
+         bd:4f:16:40:50:12:db:e9:b6:0c:f2:0b:0d:90:9d:b7:7a:ae:
+         b4:36:46:33:c5:ea:6a:37:ec:fe:6e:12:f1:98:10:89:48:fe:
+         8a:68:11:1c:96:37:92:d9:cc:8a:ef:93:c3:53:6c:61:f7:f0:
+         0b:2c:78:49:8e:e3:19:46:2b:1d:1c:65:c5:d9:6d:5d:04:54:
+         e7:e0:c7:aa:49:78:7d:2d:35:11:7e:05:b1:47:e4:96:39:97:
+         b5:5b:2b:6e:06:51:86:32:85:6a:7b:5f:63:08:85:31:6e:c3:
+         12:0e:a0:ad:3a:d0:3f:db:e2:1b:6d:24:3a:bb:e7:61:5b:ba:
+         1f:34:eb:34:07:e5:09:fe:0b:ba:76:48:49:6e:57:d4:14:76:
+         11:af:52:39:9e:73:a7:e3:2a:5a:5c:fa:79:d7:7f:81:fd:80:
+         a7:d4:92:07:ef:a6:05:60:f9:b4:81:cb:8e:cb:b5:9e:2c:5d:
+         40:fb:dc:c1:63:95:82:0b:2f:aa:8c:38:1d:96:63:ed:c9:1b:
+         ce:d2:d2:e7
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmACAQEwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
+YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl
+cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNTQ3WhcNMjUwOTEyMDQzNTQ3WjCB
+gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
+Y2gxETAPBgNVBAsTCHN3aXRjaGNhMTswOQYDVQQDEzJPVlMgc3dpdGNoY2EgQ0Eg
+Q2VydGlmaWNhdGUgKDIwMTUgU2VwIDE1IDEzOjM1OjQ3KTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJgEm58u4gtKWZ0AdNy0y/yNxH0yNeUc7pTwE+ZU
+HC5HR/C98n+uy2ov7HRcFDmAv3vRg5Dsen0CjPxn3plTaR9cYdUKf5PfAtQW01W4
+KFz9MltsrwPBI5IADivrMgcAmWQUMuT4drMG4dBUWvySzV7lt4VDnrh55COmPAxC
+ePTTfjMc8lokrCRhL3KzseeZTu8thSbetlkWJRplzpWc/cc8MEQdTDs03Y2tH+4G
+jrEtsbumaGJSmMItoxR1p18kEE90T5QLYb3F8Wt4+kiJJzsETSVQ0U9jPUs8zPrf
+IPEMPx1EncI+1BIHcqRqEQMvHXHVst60ptiteqzJx44STUcCAwEAATANBgkqhkiG
+9w0BAQQFAAOCAQEAKD8yRt2pwDBGminskDYUqqcM3Geg7IHc+TQ1xeSbSN3GWu0w
+eJlsMoxgWavceoa7lIuY22IzvU8WQFAS2+m2DPILDZCdt3qutDZGM8Xqajfs/m4S
+8ZgQiUj+imgRHJY3ktnMiu+Tw1NsYffwCyx4SY7jGUYrHRxlxdltXQRU5+DHqkl4
+fS01EX4FsUfkljmXtVsrbgZRhjKFantfYwiFMW7DEg6grTrQP9viG20kOrvnYVu6
+HzTrNAflCf4LunZISW5X1BR2Ea9SOZ5zp+MqWlz6edd/gf2Ap9SSB++mBWD5tIHL
+jsu1nixdQPvcwWOVggsvqow4HZZj7ckbztLS5w==
+-----END CERTIFICATE-----

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch
new file mode 100755 (executable)
index 0000000..04bf42f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/compute.filters.patch
@@ -0,0 +1,14 @@
+*** a/compute.filters  Mon Sep 28 15:13:48 2015
+--- b/compute.filters  Mon Sep 28 15:16:06 2015
+***************
+*** 83,88 ****
+--- 83,91 ----
+  # nova/network/linux_net.py: 'ovs-vsctl', ....
+  ovs-vsctl: CommandFilter, ovs-vsctl, root
+  
++ # nova/virt/libvirt/vif.py: 'vrouter-port-control', ...
++ vrouter-port-control: CommandFilter, vrouter-port-control, root
++ 
+  # nova/network/linux_net.py: 'ovs-ofctl', ....
+  ovs-ofctl: CommandFilter, ovs-ofctl, root
+  

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch
new file mode 100755 (executable)
index 0000000..7f7f7c6
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/model.py.patch
@@ -0,0 +1,12 @@
+*** a/model.py Mon Sep 28 15:05:29 2015
+--- b/model.py Mon Sep 28 15:17:32 2015
+***************
+*** 39,44 ****
+--- 39,45 ----
+  VIF_TYPE_HW_VEB = 'hw_veb'
+  VIF_TYPE_MLNX_DIRECT = 'mlnx_direct'
+  VIF_TYPE_MIDONET = 'midonet'
++ VIF_TYPE_VROUTER = 'vrouter'
+  VIF_TYPE_OTHER = 'other'
+  
+  # Constants for dictionary keys in the 'vif_details' field in the VIF

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch
new file mode 100755 (executable)
index 0000000..3e12c72
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/test_vif.py.patch
@@ -0,0 +1,70 @@
+*** a/test_vif.py      Mon Sep 28 15:12:56 2015
+--- b/test_vif.py      Mon Sep 28 15:19:20 2015
+***************
+*** 235,240 ****
+--- 235,253 ----
+                                              subnets=[subnet_bridge_4],
+                                              interface='eth0')
+  
++     network_vrouter = network_model.Network(id='network-id-xxx-yyy-zzz',
++                                             label=None,
++                                             bridge=None,
++                                             subnets=[subnet_bridge_4,
++                                                      subnet_bridge_6],
++                                             interface='eth0')
++ 
++     vif_vrouter = network_model.VIF(id='vif-xxx-yyy-zzz',
++                                     address='ca:fe:de:ad:be:ef',
++                                     network=network_vrouter,
++                                     type=network_model.VIF_TYPE_VROUTER,
++                                     devname='tap-xxx-yyy-zzz')
++ 
+      vif_mlnx = network_model.VIF(id='vif-xxx-yyy-zzz',
+                                   address='ca:fe:de:ad:be:ef',
+                                   network=network_mlnx,
+***************
+*** 796,801 ****
+--- 809,851 ----
+                                self.vif_mlnx)
+              self.assertEqual(0, execute.call_count)
+  
++     def test_unplug_vrouter_with_details(self):
++         d = vif.LibvirtGenericVIFDriver()
++         with mock.patch.object(utils, 'execute') as execute:
++             d.unplug_vrouter(None, self.vif_vrouter)
++             execute.assert_called_once_with(
++                 'vrouter-port-control',
++                 '--oper=delete --uuid=vif-xxx-yyy-zzz',
++                 run_as_root=True)
++ 
++     def test_plug_vrouter_with_details(self):
++         d = vif.LibvirtGenericVIFDriver()
++         instance = mock.Mock()
++         instance.name = 'instance-name'
++         instance.uuid = '46a4308b-e75a-4f90-a34a-650c86ca18b2'
++         instance.project_id = 'b168ea26fa0c49c1a84e1566d9565fa5'
++         instance.display_name = 'instance1'
++         with mock.patch.object(utils, 'execute') as execute:
++             d.plug_vrouter(instance, self.vif_vrouter)
++             execute.assert_has_calls([
++                 mock.call('ip', 'tuntap', 'add', 'tap-xxx-yyy-zzz', 'mode',
++                     'tap', run_as_root=True, check_exit_code=[0, 2, 254]),
++                 mock.call('ip', 'link', 'set', 'tap-xxx-yyy-zzz', 'up',
++                     run_as_root=True, check_exit_code=[0, 2, 254]),
++                 mock.call('vrouter-port-control',
++                     '--oper=add --uuid=vif-xxx-yyy-zzz '
++                     '--instance_uuid=46a4308b-e75a-4f90-a34a-650c86ca18b2 '
++                     '--vn_uuid=network-id-xxx-yyy-zzz '
++                     '--vm_project_uuid=b168ea26fa0c49c1a84e1566d9565fa5 '
++                     '--ip_address=0.0.0.0 '
++                     '--ipv6_address=None '
++                     '--vm_name=instance1 '
++                     '--mac=ca:fe:de:ad:be:ef '
++                     '--tap_name=tap-xxx-yyy-zzz '
++                     '--port_type=NovaVMPort '
++                     '--tx_vlan_id=-1 '
++                     '--rx_vlan_id=-1', run_as_root=True)])
++ 
+      def test_ivs_ethernet_driver(self):
+          d = vif.LibvirtGenericVIFDriver(self._get_conn(ver=9010))
+          self._check_ivs_ethernet_driver(d,

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch b/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch
new file mode 100755 (executable)
index 0000000..103f084
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vif.py.patch
@@ -0,0 +1,91 @@
+*** a/vif.py   Mon Sep 28 15:13:30 2015
+--- b/vif.py   Mon Sep 28 15:21:30 2015
+***************
+*** 332,337 ****
+--- 332,347 ----
+  
+          return conf
+  
++     def get_config_vrouter(self, instance, vif, image_meta,
++                            inst_type, virt_type):
++         conf = self.get_base_config(instance, vif, image_meta,
++                                     inst_type, virt_type)
++         dev = self.get_vif_devname(vif)
++         designer.set_vif_host_backend_ethernet_config(conf, dev)
++ 
++         designer.set_vif_bandwidth_config(conf, inst_type)
++         return conf
++ 
+      def get_config(self, instance, vif, image_meta,
+                     inst_type, virt_type):
+          vif_type = vif['type']
+***************
+*** 526,531 ****
+--- 536,580 ----
+          except processutils.ProcessExecutionError:
+              LOG.exception(_LE("Failed while plugging vif"), instance=instance)
+  
++     def plug_vrouter(self, instance, vif):
++         """Plug into Contrail's network port
++         Bind the vif to a Contrail virtual port.
++         """
++         dev = self.get_vif_devname(vif)
++         ip_addr = '0.0.0.0'
++         ip6_addr = None
++         subnets = vif['network']['subnets']
++         for subnet in subnets:
++             if not subnet['ips']:
++                 continue
++             ips = subnet['ips'][0]
++             if not ips['address']:
++                 continue
++             if (ips['version'] == 4):
++                 if ips['address'] is not None:
++                     ip_addr = ips['address']
++             if (ips['version'] == 6):
++                 if ips['address'] is not None:
++                     ip6_addr = ips['address']
++ 
++         ptype = 'NovaVMPort'
++         if (cfg.CONF.libvirt.virt_type == 'lxc'):
++             ptype = 'NameSpacePort'
++ 
++         cmd_args = ("--oper=add --uuid=%s --instance_uuid=%s --vn_uuid=%s "
++                     "--vm_project_uuid=%s --ip_address=%s --ipv6_address=%s"
++                     " --vm_name=%s --mac=%s --tap_name=%s --port_type=%s "
++                     "--tx_vlan_id=%d --rx_vlan_id=%d" % (vif['id'],
++                     instance.uuid, vif['network']['id'],
++                     instance.project_id, ip_addr, ip6_addr,
++                     instance.display_name, vif['address'],
++                     vif['devname'], ptype, -1, -1))
++         try:
++             linux_net.create_tap_dev(dev)
++             utils.execute('vrouter-port-control', cmd_args, run_as_root=True)
++         except processutils.ProcessExecutionError:
++             LOG.exception(_LE("Failed while plugging vif"), instance=instance)
++ 
+      def plug(self, instance, vif):
+          vif_type = vif['type']
+  
+***************
+*** 679,684 ****
+--- 728,746 ----
+              LOG.exception(_LE("Failed while unplugging vif"),
+                            instance=instance)
+  
++     def unplug_vrouter(self, instance, vif):
++         """Unplug Contrail's network port
++         Unbind the vif from a Contrail virtual port.
++         """
++         dev = self.get_vif_devname(vif)
++         cmd_args = ("--oper=delete --uuid=%s" % (vif['id']))
++         try:
++             utils.execute('vrouter-port-control', cmd_args, run_as_root=True)
++             linux_net.delete_net_dev(dev)
++         except processutils.ProcessExecutionError:
++             LOG.exception(
++                 _LE("Failed while unplugging vif"), instance=instance)
++ 
+      def unplug(self, instance, vif):
+          vif_type = vif['type']
+  

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem
new file mode 100755 (executable)
index 0000000..dc354d3
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-cert.pem
@@ -0,0 +1,70 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number: 2 (0x2)
+    Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2015 Sep 15 13:35:47)
+        Validity
+            Not Before: Sep 15 04:36:00 2015 GMT
+            Not After : Sep 12 04:36:00 2025 GMT
+        Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=vtep id:b55b8c06-9593-4406-8a85-f7edd09a1ea9
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Public-Key: (2048 bit)
+                Modulus:
+                    00:ca:57:ec:4d:a3:79:6c:a4:cd:21:c7:52:a8:9f:
+                    61:85:ee:a5:91:79:4a:f3:80:ac:1b:ac:1a:6d:0b:
+                    96:b9:cf:1f:a6:23:1f:45:ff:62:de:35:8f:e8:8d:
+                    4a:63:23:70:d5:1e:78:72:86:04:08:e2:fd:66:04:
+                    e0:1e:ce:57:03:98:f7:a5:92:5a:f1:cc:3c:24:37:
+                    22:4e:97:0d:65:4b:98:08:5b:cd:1c:eb:67:f5:9c:
+                    c0:ba:86:94:2a:15:dc:5d:47:6e:45:49:03:62:a3:
+                    37:5f:54:58:42:49:6d:a3:4c:c6:21:f6:08:36:8c:
+                    69:20:6a:f8:7c:5d:82:30:14:1a:15:ad:b9:42:ba:
+                    5d:13:99:e2:6f:aa:10:e4:e1:25:58:90:66:a7:e7:
+                    bc:c7:e4:5c:79:2a:1b:b2:b3:d1:7b:4d:78:a6:28:
+                    66:bc:ee:97:6b:b4:3d:a0:65:16:10:04:fb:e9:4e:
+                    82:ac:88:c2:6a:a4:0e:d6:e5:ad:ee:bc:50:a7:73:
+                    97:6d:12:96:46:cb:ee:4d:15:ad:d4:a3:b5:95:82:
+                    2e:e7:1b:69:70:1d:b5:c9:06:47:44:2b:55:84:23:
+                    5b:75:56:86:c4:a7:b9:1d:46:9e:fa:8a:a5:dc:f9:
+                    70:16:6a:87:ee:20:1b:02:d1:2d:83:65:e0:7c:24:
+                    99:e9
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: md5WithRSAEncryption
+         50:bf:af:aa:b5:a7:3c:67:2e:34:92:8a:b8:cc:b9:96:a8:b8:
+         16:cd:d5:5d:d3:b6:1c:44:b4:08:c5:89:ea:17:97:88:a4:e4:
+         89:b9:69:2b:71:36:77:05:dc:0a:50:fe:2d:8f:8c:72:a5:b9:
+         b1:45:23:0d:d3:7a:80:c8:9e:66:74:e2:42:ee:96:19:e5:88:
+         3d:e3:ea:3c:d4:51:1e:e0:34:1f:0c:d3:9a:f7:99:9b:af:0b:
+         23:57:87:f0:dc:8c:32:1c:e9:63:65:f3:cd:e5:22:ed:ea:fe:
+         4f:be:0e:23:0d:8e:3e:09:aa:5e:20:2b:1a:4f:70:92:4a:a9:
+         24:6e:a0:c6:86:b5:14:7d:52:71:cf:b8:5c:75:d4:6a:92:06:
+         30:cf:71:72:ff:44:63:22:10:79:38:53:ec:6f:19:3d:63:92:
+         69:3f:f2:f4:28:d4:ef:dd:af:32:84:c5:a0:c0:c9:5f:1f:02:
+         47:76:bd:85:85:4e:7c:58:61:1a:ce:4c:03:45:d7:5c:dd:59:
+         6c:22:e0:cb:2c:2d:b1:44:4c:03:dd:21:ff:58:6e:f7:09:4f:
+         34:e0:24:3a:67:b1:33:ae:4a:bc:85:db:4b:12:ef:21:66:6a:
+         f0:b9:ea:90:72:b1:0b:34:9a:8d:be:f3:d1:02:56:0f:d7:bb:
+         0a:eb:c2:f1
+-----BEGIN CERTIFICATE-----
+MIIDgDCCAmgCAQIwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
+VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
+YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE1IFNl
+cCAxNSAxMzozNTo0NykwHhcNMTUwOTE1MDQzNjAwWhcNMjUwOTEyMDQzNjAwWjCB
+iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
+Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxNTAzBgNVBAMTLHZ0
+ZXAgaWQ6YjU1YjhjMDYtOTU5My00NDA2LThhODUtZjdlZGQwOWExZWE5MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK
+84CsG6wabQuWuc8fpiMfRf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa
+8cw8JDciTpcNZUuYCFvNHOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYI
+NoxpIGr4fF2CMBQaFa25QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihm
+vO6Xa7Q9oGUWEAT76U6CrIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtp
+cB21yQZHRCtVhCNbdVaGxKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQAB
+MA0GCSqGSIb3DQEBBAUAA4IBAQBQv6+qtac8Zy40koq4zLmWqLgWzdVd07YcRLQI
+xYnqF5eIpOSJuWkrcTZ3BdwKUP4tj4xypbmxRSMN03qAyJ5mdOJC7pYZ5Yg94+o8
+1FEe4DQfDNOa95mbrwsjV4fw3IwyHOljZfPN5SLt6v5Pvg4jDY4+CapeICsaT3CS
+SqkkbqDGhrUUfVJxz7hcddRqkgYwz3Fy/0RjIhB5OFPsbxk9Y5JpP/L0KNTv3a8y
+hMWgwMlfHwJHdr2FhU58WGEazkwDRddc3VlsIuDLLC2xREwD3SH/WG73CU804CQ6
+Z7Ezrkq8hdtLEu8hZmrwueqQcrELNJqNvvPRAlYP17sK68Lx
+-----END CERTIFICATE-----

diff --git a/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem
new file mode 100755 (executable)
index 0000000..673f424
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/files/provision/vtep-privkey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAylfsTaN5bKTNIcdSqJ9hhe6lkXlK84CsG6wabQuWuc8fpiMf
+Rf9i3jWP6I1KYyNw1R54coYECOL9ZgTgHs5XA5j3pZJa8cw8JDciTpcNZUuYCFvN
+HOtn9ZzAuoaUKhXcXUduRUkDYqM3X1RYQklto0zGIfYINoxpIGr4fF2CMBQaFa25
+QrpdE5nib6oQ5OElWJBmp+e8x+RceSobsrPRe014pihmvO6Xa7Q9oGUWEAT76U6C
+rIjCaqQO1uWt7rxQp3OXbRKWRsvuTRWt1KO1lYIu5xtpcB21yQZHRCtVhCNbdVaG
+xKe5HUae+oql3PlwFmqH7iAbAtEtg2XgfCSZ6QIDAQABAoIBAQCKDMya98J7PkD6
+H8ykYQEfaH+rrc5WLd6+joAFD9gI82hLaEEI98HTi0Wgyu0KkH6F2OEieY69JWjv
+NrpWKj8xpCap3x2PROFvb/JHHkW0a4vRgBiD95QY/ZZ8bB8gS4PqXDa+rJ7TqDm6
+H4iLyR81P8caGorl9Iww4uqfpwiQlZ7A/dMexufQgMQXKqDXSKk+TJ36CBRJyLlk
+U6GrHIF9obHZyGelNhkkMu/czT54U/gKiufL5tYpOVyjCr8H2a713ovEfYzEFxJq
+Z8C0ySIskXsyhZ/pC0+pviMB2R20Nh8kRXiKCvNNbFShEMujB5gUVo7rqUZKFKMz
+FCfbcXrRAoGBAPeRwU5zU5nbiSQlB7YQibtFC/sMDzbbOjulN46UeDvkcVh80j4r
+FIPYLAPvA/e9OtRV89B6Tc7rZSWYZotszvJVlObs0/ll+L1pUX7PAEligoZCXufR
+GUyT0gZunGO8+FEgYIu89S1xN77WIbqopjjEyGQJeN2UX9bPo9AGTU0VAoGBANE7
+5nwtdsR1hjgxBqzgAFEFqCggHR+D050OtQgkLjHkXRT1uHeJZZu4D0x6vEnJknYi
+/OCujz196KLDGEQbREIdARtgemy07GoJuBXTwPuvbkw9vjoqDrIKVtMeTf4HSyzO
+2ej2pm280A/VI6GyahDIFSUZmFBqMeTUzB5UXNaFAoGAe61RCMQMa7yE0o29QHMa
+m3du+MeZgioa+VkcXBpHxoPlK/OPhIc5BHSl6IErVkQuc41M9EVlQY3PRezQra55
+5A5lCMgfTWRn0xgeIl9/ISoZUsEtcFnBbcQbFCOF9T2eP8kQ8j4/raf11VxcFUfT
+YmDMS02AGBHbnxC0IWREkdECgYBDaXQyEAfS9jZ/RjRrYGRZtmPeQbKAY927HXDw
+JZAInRXsWdrMEKV/DUdIkca2U05v54fn7/XQjw9z2T2pO8u7LVMc+fGXspb09xqr
+VaU4seXshHwUi1ZewHwG2x2vubPbxO1qZIVsl8fFQhuPzkbkD0LYyC1Nw1k9692z
+6+RZbQKBgH/6OqqsHLnpzQD0drcOjbXws53g3/eECPXCMNzzw0AiSkyrGWzSonMD
++uSMrG0f7DwvHxZ09bn4qqFqCE7yhoCWWUYSBZKEDYzpxTq9krahPmaJznaBXyFi
+K2rfym1sYEZvDT9nS5TROtiIW0uANHOjI9yw+a8TQEyQu8CH2/C0
+-----END RSA PRIVATE KEY-----

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-collector.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-collector.yml
new file mode 100755 (executable)
index 0000000..02bc7f8
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-collector.yml
@@ -0,0 +1,16 @@
+---
+#- hosts: collector
+#  sudo: yes
+#  tasks:
+ 
+- name: "temporary disable supervisor analytics"
+  template:
+#    src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-analytics.override"
+
+- name: "install contrail openstack analytics package"
+#   apt:
+#   name: "contrail-openstack-analytics"
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: collector_packages

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-common.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-common.yml
new file mode 100755 (executable)
index 0000000..ea08e49
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-common.yml
@@ -0,0 +1,84 @@
+---
+#- hosts: all
+#  sudo: yes
+#  tasks:
+- name: "copy contrail install package temporary"
+#  sudo: True
+  copy:
+    src: "files/{{ package }}"
+    dest: "/tmp/{{ package }}"
+
+- name: "install contrail install package"
+#  sudo: True
+  apt:
+    deb: "/tmp/{{ package }}"
+
+- name: "delete temporary contrail install package"
+#  sudo: True
+  file:
+      dest: "/tmp/{{ package }}"
+      state: "absent"
+
+- name: "make directory for contrail binary files"
+#  sudo: True
+  file:
+    path: "/opt/contrail/bin"
+    state: "directory"
+
+- name: "make directory for contrail repository"
+#  sudo: True
+  file:
+    path: "/opt/contrail/contrail_install_repo"
+    state: "directory"
+
+- name: "unarchive contrail packages"
+#  sudo: True
+  unarchive:
+    src: "/opt/contrail/contrail_packages/contrail_debs.tgz"
+    dest: "/opt/contrail/contrail_install_repo"
+    copy: no
+
+- name: "find required packages in advance"
+#  sudo: True
+  shell: "find /opt/contrail/contrail_install_repo -name binutils_*.deb -or -name make_*.deb -or -name libdpkg-perl_*.deb -or -name dpkg-dev_*.deb -or -name patch_*.deb -type f"
+  register: required_packages
+  changed_when: no
+
+- name: "install required packages"
+#  sudo: True
+  apt:
+    deb: "{{ item }}"
+  with_items: required_packages.stdout_lines
+
+- name: modify source list
+#  sudo: True
+  lineinfile:
+    dest: "/etc/apt/sources.list"
+    line: "deb file:/opt/contrail/contrail_install_repo ./"
+    insertbefore: "BOF"
+
+- name: "modify apt configuration"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/apt/apt.conf"
+    line: "APT::Get::AllowUnauthenticated \"true\";"
+    create: "yes"
+
+- name: "copy apt preferences file"
+#  sudo: True
+  shell: "cp /opt/contrail/contrail_packages/preferences /etc/apt/preferences"
+  args:
+    creates: "/etc/apt/preferences"
+
+- name: create contrail packages list
+#  sudo: True
+  shell: "dpkg-scanpackages . | gzip -9c > Packages.gz"
+  args:
+    chdir: "/opt/contrail/contrail_install_repo"
+    creates: "Packages.gz"
+
+- name: install contrail setup package
+  sudo: True
+  apt:
+    name: "contrail-setup"
+    update_cache: yes

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-compute.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-compute.yml
new file mode 100755 (executable)
index 0000000..12b6ad2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-compute.yml
@@ -0,0 +1,47 @@
+---
+#- hosts: [compute, tsn]
+#  sudo: yes
+#  tasks:
+- name: "temporary disable supervisor vrouter"
+#  sudo: True
+  template:
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-vrouter.override"
+
+#    - name: "install nova-compute for contrail package"
+#      apt:
+#        name: "nova-compute"
+#      when: install_nova
+
+- name: "install contrail vrouter 3.13.0-40 package"
+#      apt:
+#        name: "contrail-vrouter-3.13.0-40-generic"
+#      when: ansible_kernel == "3.13.0-40-generic"
+#  sudo: True
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: vrouter_packages
+  when: ansible_kernel == kernel_required
+
+- name: "install contrail vrouter dkms package"
+#      apt:
+#        name: "contrail-vrouter-dkms"
+#      when: ansible_kernel != "3.13.0-40-generic"
+#  sudo: True
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: dkms_packages
+  when: ansible_kernel != kernel_required
+
+#    - name: "install contrail vrouter common package"
+#      apt:
+#        name: "contrail-vrouter-common"
+
+#    - name: "install contrail nova vif package"
+#      apt:
+#        name: "contrail-nova-vif"
+
+- name: "install contrail vrouter common & nova vif package"
+#  sudo: True
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: compute_packages | union(compute_packages_noarch)
+
+

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-config.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-config.yml
new file mode 100755 (executable)
index 0000000..52459eb
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-config.yml
@@ -0,0 +1,24 @@
+---
+#- hosts: config
+#  sudo: yes
+#  tasks:
+- name: "temporary disable supervisor config"
+#  sudo: True
+  template:
+#        src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-config.override"
+
+- name: "temporary disable neutron server"
+#  sudo: True
+  template:
+#        src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/neutron-server.override"
+
+- name: "install contrail openstack config package"
+#  sudo: True
+#      apt:
+#        name: "contrail-openstack-config"
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: config_packages

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-control.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-control.yml
new file mode 100755 (executable)
index 0000000..6bb7fb2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-control.yml
@@ -0,0 +1,24 @@
+---
+#- hosts: control
+#  sudo: yes
+#  tasks:
+- name: "temporary disable supervisor control"
+#  sudo: True
+  template:
+#        src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-control.override"
+
+- name: "temporary disable supervisor dns"
+#  sudo: True
+  template:
+#        src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-dns.override"
+
+- name: "install contrail openstack control package"
+#  sudo: True
+#      apt:
+#        name: "contrail-openstack-control"
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: control_packages

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-database.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-database.yml
new file mode 100755 (executable)
index 0000000..fea4cef
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-database.yml
@@ -0,0 +1,17 @@
+---
+#- hosts: database
+#  sudo: yes
+#  tasks:
+- name: "temporary disable supervisor database"
+#  sudo: True
+  template:
+#        src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-database.override"
+
+- name: "install contrail openstack database package"
+#  sudo: True
+#      apt:
+#        name: "contrail-openstack-database"
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: database_packages 

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-interface.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-interface.yml
new file mode 100755 (executable)
index 0000000..4e91474
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-interface.yml
@@ -0,0 +1,22 @@
+---
+#- hosts: all
+#  sudo: yes
+#  tasks:
+- name: "configure interface"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/network/interfaces"
+    line: "{{ item }}"
+  with_items:
+    - "auto {{ contrail_device }}"
+    - "iface {{ contrail_device }} inet static"
+    - "\taddress {{ contrail_address }}"
+    - "\tnetmask {{ contrail_netmask }}"
+
+- name: "set interface address"
+#  sudo: True
+  shell: "ifconfig {{ contrail_device }} {{ contrail_address }} netmask {{ contrail_netmask }}"
+
+- name: "up interface"
+#  sudo: True
+  shell: "ifconfig {{ contrail_device }} up"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-kernel.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-kernel.yml
new file mode 100755 (executable)
index 0000000..6d4ca03
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-kernel.yml
@@ -0,0 +1,51 @@
+---
+#- hosts: all 
+#  sudo: yes
+#  tasks:
+- name: "install Ubuntu kernel"
+#  sudo: True
+#      apt:
+#        name: "linux-headers-3.13.0-40"
+#        name: "linux-headers-3.13.0-40-generic"
+#        name: "linux-image-3.13.0-40-generic"
+#        name: "linux-image-extra-3.13.0-40-generic"
+#      when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: kernel_packages | union(kernel_packages_noarch)
+  when: (kernel_install) and (ansible_kernel != kernel_required)
+
+- name: "setup grub"
+#  sudo: True
+  lineinfile: 
+    dest: "/etc/default/grub"
+    regexp: "GRUB_DEFAULT=.*"
+    line: "GRUB_DEFAULT='Advanced options for Ubuntu>Ubuntu, with Linux 3.13.0-40-generic'"
+#      when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+  when: (kernel_install) and (ansible_kernel != kernel_required)
+
+- name: "reflect grub"
+#  sudo: True
+  shell: "update-grub2"
+#      when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+  when: (kernel_install) and (ansible_kernel != kernel_required)
+
+- name: "reboot Server"
+#  sudo: True
+  shell: "shutdown -r now"
+  async: 0
+  poll: 0
+  ignore_errors: true
+  notify: Wait for server to come back
+#      when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+  when: (kernel_install) and (ansible_kernel != kernel_required)
+
+handlers:
+- name: "Wait for server to come back"
+  local_action:
+    module: wait_for
+      host={{ inventory_hostname }}
+      port=22
+      delay=30
+      timeout=600
+#      when: (kernel_install) and (ansible_kernel != "3.13.0-40-generic")
+  when: (kernel_install) and (ansible_kernel != kernel_required)

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-webui.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-webui.yml
new file mode 100755 (executable)
index 0000000..d66af67
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/install/install-webui.yml
@@ -0,0 +1,18 @@
+---
+#- hosts: webui
+#  sudo: yes
+#  tasks:
+
+- name: "temporary disable supervisor webui"
+#  sudo: True
+  template:
+#        src: "templates/override.j2"
+    src: "install/override.j2"
+    dest: "/etc/init/supervisor-webui.override"
+
+- name: "install contrail openstack webui package"
+#  sudo: True
+#      apt:
+#        name: "contrail-openstack-webui"
+  action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+  with_items: webui_packages

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/main.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/main.yml
new file mode 100755 (executable)
index 0000000..94b4155
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/main.yml
@@ -0,0 +1,125 @@
+---
+
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: Install common on all hosts for Open Contrail
+  include: install/install-common.yml
+  when: groups['opencontrail_control']|length !=0
+  # Compass install OpenStack with not only OpenContrail but also ODL or ONOS, and sometimes user just installs OpenStack, so item 'opencontrail_control' is kind of a mark that whether Compass install OpenContrail or not.
+
+- name: Install kernal on all hosts for Open Contrail
+  include: install/install-kernal.yml
+  when: groups['opencontrail_control']|length !=0
+
+- name: Install database for Open Contrail
+  include: install/install-database.yml
+  when: inventory_hostname in groups['opencontrail_database']
+
+- name: Install config for Open Contrail
+  include: install/install-config.yml
+  when: inventory_hostname in groups['opencontrail_config']
+
+- name: Install config for Open Contrail
+  include: install/install-control.yml
+  when: inventory_hostname in groups['opencontrail_control']
+
+- name: Install collector for Open Contrail
+  include: install/install-collector.yml
+  when: inventory_hostname in groups['opencontrail_collector']
+
+- name: Install webui for Open Contrail
+  include: install/install-webui.yml
+  when: inventory_hostname in groups['opencontrail_webui']
+
+- name: Install compute for Open Contrail
+  include: install/install-compute.yml
+  when: inventory_hostname in groups['opencontrail_compute'] or inventory_hostname in groups['opencontrail_tsn']
+
+
+# Compass adapter: use OpenStack management network "mgmt"
+#- name: Install interface on all hosts for Open Contrail
+#  include: install/install-interface.yml
+#  when: groups['opencontrail_control']|length !=0
+
+#- include: install/install-common.yml
+#- include: install/install-kernel.yml
+#- include: install/install-database.yml
+#- include: install/install-config.yml
+#- include: install/install-control.yml
+#- include: install/install-collector.yml
+#- include: install/install-webui.yml
+#- include: install/install-compute.yml
+#- include: install/install-interface.yml
+
+
+- name: Provision route on all hosts for Open Contrail
+  include: provision/provision-route.yml
+  when: groups['opencontrail_control']|length !=0
+
+
+#- name: Provision rabbitmq on config for Open Contrail
+#  include: provision/provision-rabbitmq.yml
+#  when: inventory_hostname in groups['opencontrail_config']
+
+
+- name: Provision increase limits for Open Contrail
+  include: provision/provision-increase-limits.yml
+  when: inventory_hostname in groups['opencontrail_control'] or inventory_hostname in groups['opencontrail_config'] or inventory_hostname in groups['opencontrail_collector'] or inventory_hostname in groups['opencontrail_database']
+
+
+- name: Provision database for Open Contrail
+  include: provision/provision-database.yml
+  when: inventory_hostname in groups['opencontrail_database']
+
+
+- name: Provision config for Open Contrail
+  include: provision/provision-config.yml
+  when: inventory_hostname in groups['opencontrail_config']
+
+
+- name: Provision control for Open Contrail
+  include: provision/provision-control.yml
+  when: inventory_hostname in groups['opencontrail_control']
+
+
+- name: Provision collector for Open Contrail
+  include: provision/provision-collector.yml
+  when: inventory_hostname in groups['opencontrail_collector']
+
+
+- name: Provision add nodes for Open Contrail
+  include: provision/provision-add-nodes.yml
+  when: groups['opencontrail_control']|length !=0
+
+
+- name: Provision webui for Open Contrail
+  include: provision/provision-webui.yml
+  when: inventory_hostname in groups['opencontrail_webui']
+
+
+- name: Provision compute for Open Contrail
+  include: provision/provision-compute.yml
+  when: inventory_hostname in groups['opencontrail_compute']
+
+
+#- name: Provision tsn for Open Contrail
+#  include: provision/provision-tsn.yml
+#  when: inventory_hostname in groups['opencontrail_tsn']
+
+
+#- name: Provision toragent for Open Contrail
+#  include: provision/provision-toragent.yml
+#  when: inventory_hostname in groups['opencontrail_tsn']
+
+#- include: provision/provision-route.yml
+#- include: provision/provision-rabbitmq.yml
+#- include: provision/provision-increase-limits.yml
+#- include: provision/provision-database.yml
+#- include: provision/provision-config.yml
+#- include: provision/provision-control.yml
+#- include: provision/provision-collector.yml
+#- include: provision/provision-add-nodes.yml
+#- include: provision/provision-webui.yml
+#- include: provision/provision-compute.yml
+#- include: provision/provision-tsn.yml
+#- include: provision/provision-toragent.yml

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml
new file mode 100755 (executable)
index 0000000..f16a850
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-node-common.yml
@@ -0,0 +1,20 @@
+---
+- name: "disable ufw"
+  ufw:
+    state: "disabled"
+
+- name: "change value of kernel.core_pattern"
+  sysctl:
+    name: "kernel.core_pattern"
+    value: "/var/crashes/core.%e.%p.%h.%t"
+
+- name: "change value of net.ipv4.ip_forward"
+  sysctl:
+    name: "net.ipv4.ip_forward"
+    value: "1"
+
+- name: "make crashes directory"
+  file:
+    path: "/var/crashes"
+    state: "directory"
+    mode: 0777

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml
new file mode 100755 (executable)
index 0000000..ec6b2fe
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-rabbitmq-stop.yml
@@ -0,0 +1,30 @@
+---
+- name: 'stop rabbitmq server'
+  service:
+    name: 'rabbitmq-server'
+    state: 'stopped'
+
+- name: 'check beam process'
+  shell: 'ps ax | grep -v grep | grep beam'
+  register: beam_process
+  changed_when: no
+  ignore_errors: yes
+
+- name: 'kill beam processes'
+  shell: 'pkill -9 beam'
+  when: beam_process.stdout
+
+- name: 'check epmd process'
+  shell: 'ps ax | grep -v grep | grep epmd'
+  register: epmd_process
+  changed_when: no
+  ignore_errors: yes
+
+- name: 'kill epmd processes'
+  shell: 'pkill -9 epmd'
+  when: epmd_process.stdout
+
+- name: 'remove mnesia directory'
+  file:
+    name: '/var/lib/rabbitmq/mnesia'
+    state: 'absent'

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml
new file mode 100755 (executable)
index 0000000..d7776af
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-redis-setup.yml
@@ -0,0 +1,26 @@
+---
+- name: "stop redis server"
+  service:
+    name: "redis-server"
+    state: "stopped"
+
+- name: "modify redis server configuration"
+  replace:
+    dest: "/etc/redis/redis.conf"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  with_items:
+    - { regexp: "^\\s*bind", replace: "#bind" }
+    - { regexp: "^\\s*save", replace: "#save" }
+    - { regexp: "^\\s*dbfilename", replace: "#dbfilename" }
+    - { regexp: "^\\s*lua-time-limit\\s*\\d*", replace: "lua-time-limit 15000" }
+
+- name: "delete redis dump"
+  file:
+    dest: "/var/lib/redis/dump.rdb"
+    state: "absent"
+
+- name: "start redis server"
+  service:
+    name: "redis-server"
+    state: "started"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml
new file mode 100755 (executable)
index 0000000..77ee20e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/-vrouter-compute-setup.yml
@@ -0,0 +1,95 @@
+---
+- name: "change owner nova log directory"
+  file:
+    dest: "/var/log/nova"
+    state: "directory"
+    owner: "nova"
+    group: "nova"
+    recurse: yes
+
+- name: "delete values from nova config"
+  ini_file:
+    dest: "/etc/nova/nova.conf"
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+  with_items:
+    - { section: "DEFAULT", option: "sql_connection" }
+    - { section: "DEFAULT", option: "quantum_admin_tenant_name" }
+    - { section: "DEFAULT", option: "quantum_admin_username" }
+    - { section: "DEFAULT", option: "quantum_admin_password" }
+    - { section: "DEFAULT", option: "quantum_admin_auth_url" }
+    - { section: "DEFAULT", option: "quantum_auth_strategy" }
+    - { section: "DEFAULT", option: "quantum_url" }
+
+- name: "set values to nova config"
+  ini_file:
+    dest: "/etc/nova/nova.conf"
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  with_items:
+    - { section: "DEFAULT", option: "auth_strategy", value: "keystone" }
+    - { section: "DEFAULT", option: "libvirt_nonblocking", value: "True" }
+    - { section: "DEFAULT", option: "libvirt_inject_partition", value: "-1" }
+    - { section: "DEFAULT", option: "rabbit_host", value: "{{ hostvars[groups['config'][0]]['contrail_address'] }}" }
+    - { section: "DEFAULT", option: "rabbit_port", value: "5672" }
+    - { section: "DEFAULT", option: "glance_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" }
+    - { section: "DEFAULT", option: "glance_port", value: "9292" }  
+    - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" }
+    - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" }
+    - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" }
+    - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_address'] }}:35357/v2.0/" }
+    - { section: "DEFAULT", option: "neutron_url", value: "http://{{ hostvars[groups['config'][0]]['contrail_address'] }}:9696/" }
+    - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" }
+    - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" }
+    - { section: "DEFAULT", option: "compute_driver", value: "libvirt.LibvirtDriver" }
+    - { section: "DEFAULT", option: "network_api_class", value: " nova_contrail_vif.contrailvif.ContrailNetworkAPI" }
+    - { section: "DEFAULT", option: "ec2_private_dns_show_ip", value: "False" }
+    - { section: "DEFAULT", option: "novncproxy_base_url", value: "http://{{ hostvars[groups['openstack'][0]]['contrail_mgmt_address'] }}:5999/vnc_auto.html" }
+    - { section: "DEFAULT", option: "vncserver_enabled", value: "True" }
+    - { section: "DEFAULT", option: "vncserver_listen", value: "{{ contrail_address }}" }
+    - { section: "DEFAULT", option: "vncserver_proxyclient_address", value: "{{ contrail_address }}" }
+    - { section: "DEFAULT", option: "security_group_api", value: "neutron" }
+    - { section: "DEFAULT", option: "heal_instance_info_cache_interval", value: "0" }
+    - { section: "DEFAULT", option: "image_cache_manager_interval", value: "0" }
+    - { section: "DEFAULT", option: "libvirt_cpu_mode", value: "none" }
+    - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" }
+    - { section: "database", option: "connection", value: "mysql://nova:nova@{{ hostvars[groups['openstack'][0]]['contrail_address'] }}/nova?charset=utf8" }
+    - { section: "database", option: "idle_timeout", value: "180" }
+    - { section: "database", option: "max_retries", value: "-1" }
+    - { section: "keystone_authtoken", option: "admin_tenant_name", value: "service" }
+    - { section: "keystone_authtoken", option: "admin_user", value: "nova" }
+    - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" }
+    - { section: "keystone_authtoken", option: "auth_protocol", value: "http" }
+    - { section: "keystone_authtoken", option: "auth_host", value: "{{ hostvars[groups['openstack'][0]]['contrail_address'] }}" }
+    - { section: "keystone_authtoken", option: "signing_dir", value: "/tmp/keystone-signing-nova" }
+
+- name: "change database address if same node as first openstack node"
+  ini_file:
+    dest: "/etc/nova/nova.conf"
+    section: "database"
+    option: "connection"
+    value: "mysql://nova:nova@127.0.0.1/nova?charset=utf8"
+  when: groups['openstack'][0] == inventory_hostname
+
+- name: "add respawn to nova compute config"
+  lineinfile:
+    dest: "/etc/init/nova-compute.conf"
+    line: "respawn"
+    insertbefore: "pre-start script"
+
+- name: "add respawn limit to nova compute config"
+  lineinfile:
+    dest: "/etc/init/nova-compute.conf"
+    line: "respawn limit 10 90"
+    insertafter: "respawn"
+
+- name: "restart nova compute"
+  service:
+    name: "nova-compute"
+    state: "restarted"
+
+- name: "delete nova sqlite database"
+  file:
+    dest: "/var/lib/nova/nova.sqlite"
+    state: "absent"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml
new file mode 100755 (executable)
index 0000000..8245c04
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-add-nodes.yml
@@ -0,0 +1,39 @@
+---
+- hosts: config
+  sudo: yes
+  tasks:
+    - name: "provision config node"
+      shell: "python /opt/contrail/utils/provision_config_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+- hosts: database
+  sudo: yes
+  tasks:
+    - name: "provision database node"
+      shell: "python /opt/contrail/utils/provision_database_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+- hosts: collector
+  sudo: yes
+  tasks:
+    - name: "provision collector node"
+      shell: "python /opt/contrail/utils/provision_analytics_node.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+
+- hosts: control
+  sudo: yes
+  tasks:
+    - name: "provision control node"
+      shell: "python /opt/contrail/utils/provision_control.py --api_server_ip {{ contrail_haproxy_address }} --api_server_port 8082 --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_asn {{ contrail_router_asn }}"
+
+- hosts: config
+  sudo: yes
+  tasks:
+    - name: "provision metadata services"
+      shell: "python /opt/contrail/utils/provision_linklocal.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --oper add --ipfabric_service_ip 10.84.50.1 --ipfabric_service_port 8775 --linklocal_service_name metadata --linklocal_service_ip 169.254.169.254 --linklocal_service_port 80"
+      run_once: yes
+    
+
+- hosts: config
+  sudo: yes
+  tasks:
+    - name: "provision encap"
+      shell: "python /opt/contrail/utils/provision_encap.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --oper add --encap_priority MPLSoUDP,MPLSoGRE,VXLAN"
+      run_once: yes

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml
new file mode 100755 (executable)
index 0000000..5dd72d7
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-collector.yml
@@ -0,0 +1,98 @@
+---
+#- hosts: collector
+#  sudo: yes
+#  tasks:
+
+- name: "enable supervisor analytics"
+  file:
+    path: "/etc/init/supervisor-analytics.override"
+    state: "absent"
+
+
+- name: "redis-setup"
+  include: -redis-setup.yml
+
+
+- name: "node-common"
+  include: -node-common.yml
+
+
+- name: "fix up contrail collector config"
+  template:
+    src: "provision/contrail-collector-conf.j2"
+    dest: "/etc/contrail/contrail-collector.conf"
+
+
+- name: "fix up contrail query engine config"
+  template:
+    src: "provision/contrail-query-engine-conf.j2"
+    dest: "/etc/contrail/contrail-query-engine.conf"
+
+
+- name: "fix up contrail analytics api config"
+  template:
+    src: "provision/contrail-analytics-api-conf.j2"
+    dest: "/etc/contrail/contrail-analytics-api.conf"
+
+
+- name: "modify contrail analytics nodemgr config"
+  ini_file:
+    dest: "/etc/contrail/contrail-analytics-nodemgr.conf"
+    section: "DISCOVERY"
+    option: "server"
+    value: "{{ contrail_haproxy_address }}"
+
+
+- name: "fix up contrail keystone auth config"
+  template:
+    src: "provision/contrail-keystone-auth-conf.j2"
+    dest: "/etc/contrail/contrail-keystone-auth.conf"
+    force: no
+
+
+- name: "delete contrail alarm gen supervisord config file"
+  file:
+    dest: "/etc/contrail/supervisord_analytics_files/contrail-alarm-gen.ini"
+    state: "absent"
+
+
+- name: "modify contrail snmp collector config file"
+  ini_file:
+    dest: "/etc/contrail/contrail-snmp-collector.conf"
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  with_items:
+    - { section: "DEFAULTS", option: "zookeeper", value: "{{ contrail_address }}:2128" }
+    - { section: "DISCOVERY", option: "disc_server_ip", value: "{{ contrail_haproxy_address }}" }
+    - { section: "DISCOVERY", option: "disc_server_port", value: "5998" }
+
+
+- name: "modify contrail snmp collector ini file"
+  ini_file:
+    dest: "/etc/contrail/supervisord_analytics_files/contrail-snmp-collector.ini"
+    section: "program:contrail-snmp-collector"
+    option: "command"
+    value: "/usr/bin/contrail-snmp-collector --conf_file /etc/contrail/contrail-snmp-collector.conf --conf_file /etc/contrail/contrail-keystone-auth.conf"
+
+
+- name: "modify contrail topology config file"
+  ini_file:
+    dest: "/etc/contrail/contrail-topology.conf"
+    section: "DEFAULTS"
+    option: "zookeeper"
+    value: "{{ contrail_address }}"
+
+
+- name: "modify contrail topology ini file"
+  ini_file:
+    dest: "/etc/contrail/supervisord_analytics_files/contrail-topology.ini"
+    section: "program:contrail-topology"
+    option: "command"
+    value: "/usr/bin/contrail-topology --conf_file /etc/contrail/contrail-topology.conf"
+
+
+- name: "restart supervisor analytics"
+  service:
+    name: "supervisor-analytics"
+    state: "restarted"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml
new file mode 100755 (executable)
index 0000000..41ea5c2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-compute.yml
@@ -0,0 +1,175 @@
+---
+#- hosts: compute
+#  sudo: yes
+#  tasks:
+- name: "enable supervisor vrouter"
+  file:
+    path: "/etc/init/supervisor-vrouter.override"
+    state: "absent"
+
+- include: -node-common.yml
+
+- name: "check cgroup device acl in qemu conf"
+  shell: "grep -q '^\\s*cgroup_device_acl' /etc/libvirt/qemu.conf"
+  register: deviceacl
+  ignore_errors: yes
+  changed_when: no
+
+- name: "create cgroup device acl for qemu conf"
+  template:
+    src: "provision/qemu-device-acl-conf.j2"
+    dest: "/tmp/qemu-device-acl.conf"
+  when: deviceacl | failed
+
+- name: "combination of the qemu configuration"
+  shell: "cat /tmp/qemu-device-acl.conf >> /etc/libvirt/qemu.conf"
+  when: deviceacl | failed
+
+- name: "delete temporary configuration file"
+  file:
+    dest: "/tmp/qemu-device-acl.conf"
+    state: "absent"
+  when: deviceacl | failed
+
+- name: "fix up vrouter nodemgr param"
+  template:
+    src: "provision/vrouter-nodemgr-param.j2"
+    dest: "/etc/contrail/vrouter_nodemgr_param"
+
+- name: "set contrail device name for ansible"
+  set_fact:
+    contrail_ansible_device: "ansible_{{ contrail_device }}"
+
+- name: "fix up default pmac"
+  template:
+    src: "provision/default-pmac.j2"
+    dest: "/etc/contrail/default_pmac"
+
+- name: "copy agent param config from template"
+  shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param"
+
+- name: "modify agent param config"
+  lineinfile:
+    dest: "/etc/contrail/agent_param"
+    regexp: "dev=__DEVICE__"
+    line: "dev={{ contrail_device }}"
+
+- name: "fix up contrail vrouter agent config"
+  template:
+    src: "provision/contrail-vrouter-agent-conf.j2"
+    dest: "/etc/contrail/contrail-vrouter-agent.conf"
+
+- name: "delete lines for contrail interface"
+  shell: "{{ item }}"
+  with_items:
+    - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+    - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+    - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom"
+    - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+    - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "delete lines for vrouter interface"
+  shell: "{{ item }}"
+  with_items:
+    - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+    - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+    - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom"
+    - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+    - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "configure interface"
+  lineinfile:
+    dest: "/etc/network/interfaces"
+    line: "{{ item }}"
+    state: "present"
+  with_items:
+    - "auto {{ contrail_device }}"
+    - "iface {{ contrail_device }} inet manual"
+    - "\tpre-up ifconfig {{ contrail_device }} up"
+    - "\tpost-down ifconfig {{ contrail_device }} down"
+    - "auto vhost0"
+    - "iface vhost0 inet static"
+    - "\tpre-up /opt/contrail/bin/if-vhost0"
+    - "\tnetwork_name application"
+    - "\taddress {{ contrail_address }}"
+    - "\tnetmask {{ contrail_netmask }}"
+
+- name: "delete temporary files"
+  file:
+    dest: "{{ item }}"
+    state: "absent"
+  with_items:
+    - "/tmp/contrail-interfaces-top"
+    - "/tmp/contrail-interfaces-bottom"
+
+- name: "fix up contrail vrouter nodemgr config"
+  ini_file:
+    dest: "/etc/contrail/contrail-vrouter-nodemgr.conf"
+    section: "DISCOVERY"
+    option: "server"
+    value: "{{ contrail_haproxy_address }}"
+
+- name: "restart libvirt bin"
+  service:
+    name: "libvirt-bin"
+    state: "restarted"
+
+#- name: "set value of nova to nova config"
+#  template:
+#    src: "provision/nova.j2"
+#    dest: "/etc/nova/nova.conf"
+#  when: install_nova 
+
+#- name: "delete values from nova config"
+#  ini_file:
+#    dest: "/etc/nova/nova.conf"
+#    section: "{{ item.section }}"
+#    option: "{{ item.option }}"
+#  with_items:
+#    - { section: "DEFAULT", option: "quantum_auth_strategy" }
+#    - { section: "DEFAULT", option: "quantum_admin_auth_url" }
+#    - { section: "DEFAULT", option: "quantum_admin_tenant_name" }
+#    - { section: "DEFAULT", option: "quantum_admin_username" }
+#    - { section: "DEFAULT", option: "quantum_admin_password" }
+#    - { section: "DEFAULT", option: "quantum_url" }
+
+#- name: "set values of neutron to nova config"
+#  ini_file:
+#    dest: "/etc/nova/nova.conf"
+#    section: "{{ item.section }}"
+#    option: "{{ item.option }}"
+#    value: "{{ item.value }}"
+#    state: "present"
+#  with_items:
+#    - { section: "DEFAULT", option: "neutron_admin_auth_url", value: "http://{{ contrail_keystone_address }}:5000/v2.0" }
+#    - { section: "DEFAULT", option: "neutron_admin_username", value: "neutron" }
+#    - { section: "DEFAULT", option: "neutron_admin_password", value: "{{ contrail_admin_password }}" }
+#    - { section: "DEFAULT", option: "neutron_admin_tenant_name", value: "service" }
+#    - { section: "DEFAULT", option: "neutron_url", value: "http://{{ contrail_haproxy_address }}:9696/" }
+#    - { section: "DEFAULT", option: "neutron_url_timeout", value: "300" }
+#    - { section: "DEFAULT", option: "network_api_class", value: "nova.network.neutronv2.api.API" }
+#    - { section: "DEFAULT", option: "libvirt_vif_driver", value: "nova_contrail_vif.contrailvif.VRouterVIFDriver" }
+
+#- name: "restart nova compute"
+#  service:
+#    name: "nova-compute"
+#    state: "restarted"
+
+#- name: "add vrouter to contrail"
+#  shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }}"
+#
+#- name: "reboot Server"
+#  shell: "shutdown -r now"
+#  async: 0
+#  poll: 0
+#  ignore_errors: true
+#  notify: Wait for server to come back
+#
+#handlers:
+#- name: "Wait for server to come back"
+#  local_action:
+#    module: wait_for
+#      host={{ inventory_hostname }}
+#      port=22
+#      delay=30
+#      timeout=600

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml
new file mode 100755 (executable)
index 0000000..8aa8f43
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-config.yml
@@ -0,0 +1,280 @@
+---
+#- hosts: config
+#  sudo: yes
+#  tasks:
+- name: "enable supervisor config"
+  file:
+    path: "/etc/init/supervisor-config.override"
+    state: "absent"
+
+- name: "enable neutron server"
+  file:
+    path: "/etc/init/neutron-server.override"
+    state: "absent"
+
+# Compass is using this
+#- name: "enable haproxy"
+#  replace:
+#    dest: "/etc/default/haproxy"
+#    regexp: "^ENABLED\\s*=.*$"
+#    replace: "ENABLED=1"
+
+# Compass is using this
+#- name: "modify haproxy global configuration"
+#  lineinfile:
+#    dest: "/etc/haproxy/haproxy.cfg"
+#    regexp: "{{ item.regexp }}"
+#    line: "{{ item.line }}"
+#    insertafter: "^global"
+#  with_items:
+#    - { regexp: "^\\s*tune.bufsize", line: "\ttune.bufsize 16384" }
+#    - { regexp: "^\\s*tune.maxrewrite", line: "\ttune.maxrewrite 1024" }
+
+- name: "delete haproxy configuration for contrail"
+  shell: "sed -i -e '/^#contrail-marker-start/,/^#contrail-marker-end/d' /etc/haproxy/haproxy.cfg"
+
+- name: "create haproxy configuration for contrail"
+  template:
+    src: "provision/haproxy-contrail-cfg.j2"
+    dest: "/tmp/haproxy-contrail.cfg"
+
+- name: "combination of the haproxy configuration"
+  shell: "cat /tmp/haproxy-contrail.cfg >> /etc/haproxy/haproxy.cfg"
+
+- name: "delete temporary configuration file"
+  file:
+    dest: "/tmp/haproxy-contrail.cfg"
+    state: "absent"
+
+- name: "restart haproxy"
+  service:
+    name: "haproxy"
+    state: "restarted"
+
+# Compass is using this
+#- name: "create keepalived configuration"
+#  template:
+#    src: "provision/keepalived-conf.j2"
+#    dest: "/etc/keepalived/keepalived.conf"
+#  with_indexed_items: groups['opencontrail_config']
+#  when: contrail_keepalived and item.1 == inventory_hostname
+
+#- name: "restart keepalived"
+#  service:
+#    name: "keepalived"
+#    state: "restarted"
+#  when: contrail_keepalived
+
+- name: "node-common"
+  include: -node-common.yml
+
+- name: "fix up contrail keystone auth config"
+  template:
+    src: "provision/contrail-keystone-auth-conf.j2"
+    dest: "/etc/contrail/contrail-keystone-auth.conf"
+
+- name: "fix up ifmap server log4j properties"
+  template:
+    src: "provision/ifmap-log4j-properties.j2"
+    dest: "/etc/ifmap-server/log4j.properties"
+
+- name: "fix up ifmap server authorization properties"
+  template:
+    src: "provision/ifmap-authorization-properties.j2"
+    dest: "/etc/ifmap-server/authorization.properties"
+
+- name: "fix up ifmap server basicauthusers properties"
+  template:
+    src: "provision/ifmap-basicauthusers-properties.j2"
+    dest: "/etc/ifmap-server/basicauthusers.properties"
+
+- name: "fix up ifmap server publisher properties"
+  template:
+    src: "provision/ifmap-publisher-properties.j2"
+    dest: "/etc/ifmap-server/publisher.properties"
+
+- name: "fix up contrail api config"
+  template:
+    src: "provision/contrail-api-conf.j2"
+    dest: "/etc/contrail/contrail-api.conf"
+
+- name: "fix up contrail api supervisord config"
+  template:
+    src: "provision/contrail-api-supervisord-conf.j2"
+    dest: "/etc/contrail/supervisord_config_files/contrail-api.ini"
+
+- name: "modify contrail api init script"
+  lineinfile:
+    dest: "/etc/init.d/contrail-api"
+    regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock"
+    line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`"
+
+- name: "fix up contrail schema config"
+  template:
+    src: "provision/contrail-schema-conf.j2"
+    dest: "/etc/contrail/contrail-schema.conf"
+
+- name: "fix up contrail device manager config"
+  template:
+    src: "provision/contrail-device-manager-conf.j2"
+    dest: "/etc/contrail/contrail-device-manager.conf"
+
+- name: "fix up contrail svc monitor config"
+  template:
+    src: "provision/contrail-svc-monitor-conf.j2"
+    dest: "/etc/contrail/contrail-svc-monitor.conf"
+
+- name: "fix up contrail discovery supervisord config"
+  template:
+    src: "provision/contrail-discovery-supervisord-conf.j2"
+    dest: "/etc/contrail/supervisord_config_files/contrail-discovery.ini"
+
+- name: "fix up contrail discovery config"
+  template:
+    src: "provision/contrail-discovery-conf.j2"
+    dest: "/etc/contrail/contrail-discovery.conf"
+
+- name: "modify contrail discovery init script"
+  lineinfile:
+    dest: "/etc/init.d/contrail-discovery"
+    regexp: "supervisorctl -s unix:///tmp/supervisord_config.sock"
+    line: "supervisorctl -s unix:///tmp/supervisord_config.sock ${1} `basename ${0}:0`"
+
+- name: "fix up contrail vnc api library config"
+  template:
+    src: "provision/contrail-vnc-api-lib-ini.j2"
+    dest: "/etc/contrail/vnc_api_lib.ini"
+
+- name: "fix up contrail config nodemgr config"
+  ini_file:
+    dest: "/etc/contrail/contrail-config-nodemgr.conf"
+    section: "DISCOVERY"
+    option: "server"
+    value: "{{ contrail_haproxy_address }}"
+
+- name: "fix up contrail sudoers"
+  template:
+    src: "provision/contrail-sudoers.j2"
+    dest: "/etc/sudoers.d/contrail_sudoers"
+    mode: 0440
+
+- name: "create directory for neutron plugins"
+  file:
+    dest: "/etc/neutron/plugins/opencontrail"
+    state: "directory"
+
+- name: "fix up contrail plugin for nuetron"
+  template:
+    src: "provision/neutron-contrail-plugin-ini.j2"
+    dest: "/etc/neutron/plugins/opencontrail/ContrailPlugin.ini"
+
+- name: "modify neutron server configuration"
+  lineinfile:
+    dest: "/etc/default/neutron-server"
+    regexp: "NEUTRON_PLUGIN_CONFIG="
+    line: "NEUTRON_PLUGIN_CONFIG=\"/etc/neutron/plugins/opencontrail/ContrailPlugin.ini\""
+
+#- name: "change owner neutron log directory"
+#  file:
+#    dest: "/var/log/neutron"
+#    state: "directory"
+#    owner: "neutron"
+#    group: "neutron"
+#    recurse: yes
+
+#- name: "set values to neutron config"
+#  ini_file:
+#    dest: "/etc/neutron/neutron.conf"
+#    section: "{{ item.section }}"
+#    option: "{{ item.option }}"
+#    value: "{{ item.value }}"
+#  with_items:
+#    - { section: "DEFAULT", option: "bind_port", value: "9697" }
+#    - { section: "DEFAULT", option: "auth_strategy", value: "keystone" }
+#    - { section: "DEFAULT", option: "allow_overlapping_ips", value: "True" }
+#    - { section: "DEFAULT", option: "core_plugin", value: "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" }
+#    - { section: "DEFAULT", option: "api_extensions_path", value: "extensions:/usr/lib/python2.7/dist-packages/neutron_plugin_contrail/extensions" }
+#    - { section: "DEFAULT", option: "rabbit_host", value: "{{ contrail_haproxy_address }}" }
+#    - { section: "DEFAULT", option: "rabbit_port", value: "5673" }
+#    - { section: "DEFAULT", option: "service_plugins", value: "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin" }
+#    - { section: "service_providers", option: "service_provider", value: "LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default" }
+#    - { section: "quotas", option: "quota_driver", value: "neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver" }
+#    - { section: "quotas", option: "quota_network", value: "-1" }
+#    - { section: "quotas", option: "quota_subnet", value: "-1" }
+#    - { section: "quotas", option: "quota_port", value: "-1" }
+#    - { section: "keystone_authtoken", option: "admin_tenant_name", value: "admin" }
+#    - { section: "keystone_authtoken", option: "admin_user", value: "{{ contrail_admin_user }}" }
+#    - { section: "keystone_authtoken", option: "admin_password", value: "{{ contrail_admin_password }}" }
+#    - { section: "keystone_authtoken", option: "auth_host", value: "{{ contrail_keystone_address }}" }
+#    - { section: "keystone_authtoken", option: "auth_protocol", value: "http" }
+
+#- name: "add respawn to neutron server config"
+#  lineinfile:
+#    dest: "/etc/init/neutron-server.conf"
+#    line: "respawn"
+#    insertbefore: "pre-start script"
+
+#- name: "add respawn limit to neutron server config"
+#  lineinfile:
+#    dest: "/etc/init/neutron-server.conf"
+#    line: "respawn limit 10 90"
+#    insertafter: "respawn"
+
+- name: "restart supervisor config"
+  service:
+    name: "supervisor-config"
+    state: "restarted"
+
+
+#- name: "restart neutron-server"
+#  service:
+#    name: "neutron-server"
+#    state: "restarted"
+
+# Compass configured
+#- name: "add neutron service"
+#  shell: "keystone service-get 'neutron' || keystone service-create --name 'neutron' --type 'network' --description 'Neutron Network Service'"
+#  environment:
+#    OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0"
+#    OS_USERNAME: "{{ contrail_admin_user }}"
+#    OS_PASSWORD: "{{ contrail_admin_password }}"
+#    OS_TENANT_NAME: "admin"
+#  run_once: yes
+#  when: keystone_provision 
+#
+#
+# Compass configured
+#- name: "add neutron endpoint"
+#  shell: "keystone endpoint-list | grep -q $(keystone service-get 'neutron' | grep '| *id *|' | awk '{print $4}') || keystone endpoint-create --region 'RegionOne' --service 'neutron' --publicurl 'http://{{ contrail_haproxy_address }}:9696' --internal 'http://{{ contrail_haproxy_address }}:9696' --adminurl 'http://{{ contrail_haproxy_address }}:9696'"
+#  environment:
+#    OS_AUTH_URL: "http://{{ contrail_keystone_address }}:35357/v2.0"
+#    OS_USERNAME: "{{ contrail_admin_user }}"
+#    OS_PASSWORD: "{{ contrail_admin_password }}"
+#    OS_TENANT_NAME: "admin"
+#  run_once: yes
+#  when: keystone_provision 
+#
+#- name: "add neutron user"
+#  keystone_user:
+#    user: "neutron"
+#    password: "{{ contrail_admin_password }}"
+#    email: "neutron@example.com"
+#    tenant: "service"
+#    endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0"
+#    login_user: "{{ contrail_admin_user }}"
+#    login_password: "{{ contrail_admin_password }}"
+#    login_tenant_name: "admin"
+#  run_once: yes
+#  when: keystone_provision 
+#
+#- name: "apply role to user"
+#  keystone_user:
+#    tenant: "service"
+#    user: "neutron"
+#    role: "admin"
+#    endpoint: "http://{{ contrail_keystone_address }}:35357/v2.0"
+#    login_user: "{{ contrail_admin_user }}"
+#    login_password: "{{ contrail_admin_password }}"
+#    login_tenant_name: "admin"
+#  run_once: yes
+#  when: keystone_provision 

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml
new file mode 100755 (executable)
index 0000000..e36d8f2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-control.yml
@@ -0,0 +1,59 @@
+---
+#- hosts: control
+#  sudo: yes
+#  tasks:
+- name: "enable supervisor control"
+  file:
+    path: "/etc/init/supervisor-control.override"
+    state: "absent"
+
+- name: "enable supervisor dns"
+  file:
+    path: "/etc/init/supervisor-dns.override"
+    state: "absent"
+
+- name: "modify ifmap server basicauthusers properties for control"
+  lineinfile:
+    dest: "/etc/ifmap-server/basicauthusers.properties"
+    line: "{{ hostvars[item]['contrail_address' ] }}:{{ hostvars[item]['contrail_address' ] }}"
+  with_items: groups['opencontrail_control']
+
+- name: "modify ifmap server basicauthusers properties for dns"
+  lineinfile:
+    dest: "/etc/ifmap-server/basicauthusers.properties"
+    line: "{{ hostvars[item]['contrail_address' ] }}.dns:{{ hostvars[item]['contrail_address' ] }}.dns"
+  with_items: groups['opencontrail_control']
+
+- name: "node-common"
+  include: -node-common.yml
+
+- name: "fix up contrail control config"
+  template:
+    src: "provision/contrail-control-conf.j2"
+    dest: "/etc/contrail/contrail-control.conf"
+
+- name: "fix up contrail dns config"
+  template:
+    src: "provision/contrail-dns-conf.j2"
+    dest: "/etc/contrail/contrail-dns.conf"
+
+- name: "fix up contrail control nodemgr config"
+  ini_file:
+    dest: "/etc/contrail/contrail-control-nodemgr.conf"
+    section: "DISCOVERY"
+    option: "server"
+    value: "{{ contrail_haproxy_address }}"
+
+- name: "modify dns configuration"
+  replace:
+    dest: "/etc/contrail/dns/{{ item }}"
+    regexp: "secret \"secret123\""
+    replace: "secret \"xvysmOR8lnUQRBcunkC6vg==\""
+  with_items:
+    - "contrail-rndc.conf"
+    - "contrail-named.conf"
+
+- name: "restart supervisor control"
+  service:
+    name: "supervisor-control"
+    state: "restarted"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml
new file mode 100755 (executable)
index 0000000..6807d7d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-database.yml
@@ -0,0 +1,190 @@
+---
+#- hosts: database
+#  sudo: yes
+#  tasks:
+
+
+- name: "enable supervisor database"
+#  sudo: True
+  file:
+    path: "/etc/init/supervisor-database.override"
+    state: "absent"
+
+
+- name: "-node-common"
+#  sudo: True
+  include: -node-common.yml
+
+
+- name: "update hosts"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/hosts"
+    regexp: "^{{ contrail_address }}\t{{ ansible_hostname }}( .*)?$"
+    line: "{{ contrail_address }}\t{{ ansible_hostname }}\\1"
+    backrefs: yes
+
+
+- name: "make directory for contrail analytics"
+#  sudo: True
+  file:
+    path: "/var/lib/cassandra/data/ContrailAnalytics"
+    state: "directory"
+
+
+- name: "modify cassandra conf"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/cassandra/cassandra.yaml"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: "^(#(\\s*)?)?listen_address:", line: "listen_address: {{ contrail_address }}"}
+    - { regexp: "^(#(\\s*)?)?cluster_name:", line: "cluster_name: \"Contrail\"" }
+    - { regexp: "^(#(\\s*)?)?rpc_address:", line: "rpc_address: {{ contrail_address }}" }
+    - { regexp: "^(#(\\s*)?)?num_tokens:", line: "num_tokens: 256" }
+    - { regexp: "^(#(\\s*)?)?initial_token:", line: "# initial_token:" }
+
+
+- name: "set first database host seed"
+#  sudo: True
+  set_fact:
+    dbseeds: "{{ hostvars[item.1]['contrail_address'] }}"
+  with_indexed_items: groups['database']
+  when: item.0 == 0
+
+
+- name: "set second database host seed"
+#  sudo: True
+  set_fact:
+    dbseeds: "{{ dbseeds }},{{ hostvars[item.1]['contrail_address'] }}"
+  with_indexed_items: groups['database']
+  when: item.0 == 1
+
+
+- name: "modify seeds list in cassandra conf"
+#  sudo: True
+  replace:
+    dest: "/etc/cassandra/cassandra.yaml"
+    regexp: "- seeds:.*$"
+    replace: "- seeds: {{ dbseeds }}"
+
+
+- name: "modify cassandra env"
+#  sudo: True
+  replace:
+    dest: "/etc/cassandra/cassandra-env.sh"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  with_items:
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDetails\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDetails\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xss\\d+k\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xss512k\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCDateStamps\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCDateStamps\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintHeapAtGC\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintHeapAtGC\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintTenuringDistribution\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintTenuringDistribution\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintGCApplicationStoppedTime\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintGCApplicationStoppedTime\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:\\+PrintPromotionFailure\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:+PrintPromotionFailure\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -XX:PrintFLSStatistics=1\"", replace: "JVM_OPTS=\"$JVM_OPTS -XX:PrintFLSStatistics=1\"" }
+    - { regexp: "(#(\\s*)?)?JVM_OPTS=\"\\$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date \\+%s`\\.log\"", replace: "JVM_OPTS=\"$JVM_OPTS -Xloggc:/var/log/cassandra/gc-`date +%s`.log\"" }
+
+
+- name: "modify zookeeper conf"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/zookeeper/conf/zoo.cfg"
+    line: "{{ item }}"
+  with_items:
+    - "maxSessionTimeout=120000"
+    - "autopurge.purgeInterval=3"
+
+
+- name: "modify zookeeper log4j properties"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/zookeeper/conf/log4j.properties"
+    regexp: "(log4j.appender.ROLLINGFILE.MaxBackupIndex=.*)$"
+    line: "\\1"
+    backrefs: yes
+
+
+- name: "add server addresses to zookeeper config"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/zookeeper/conf/zoo.cfg"
+    regexp: "server.{{ item.0 + 1 }}="
+    line: "server.{{ item.0 + 1 }}={{ hostvars[item.1]['contrail_address'] }}:2888:3888"
+  with_indexed_items: groups['database']
+
+
+- name: "set zookeeper unique id"
+#  sudo: True
+  template:
+    src: "templates/zookeeper-unique-id.j2"
+    dest: "/var/lib/zookeeper/myid"
+  with_indexed_items: groups['database']
+  when: item.1 == inventory_hostname
+
+
+- name: "remove kafka ini file"
+#  sudo: True
+  file:
+    path: "/etc/contrail/supervisord_database_files/kafka.ini"
+    state: "absent"
+
+
+- name: "set first zookeeper host address"
+#  sudo: True
+  set_fact:
+    zkaddrs: "{{ hostvars[item.1]['contrail_address'] }}:2181"
+  with_indexed_items: groups['database']
+  when: item.0 == 0
+
+
+- name: "set second or more zookeeper host addresses"
+#  sudo: True
+  set_fact:
+    zkaddrs: "{{ zkaddrs }},{{ hostvars[item.1]['contrail_address'] }}:2181"
+  with_indexed_items: groups['database']
+  when: item.0 > 0
+
+
+- name: "modify zookeeper host addresses in kafka properties"
+#  sudo: True
+  lineinfile:
+    dest: "/usr/share/kafka/config/server.properties"
+    regexp: "zookeeper.connect="
+    line: "zookeeper.connect={{ zkaddrs }}"
+
+
+- name: "modify kafka properties"
+#  sudo: True
+  lineinfile:
+    dest: "/usr/share/kafka/config/server.properties"
+    regexp: "default.replication.factor="
+    line: "default.replication.factor=2"
+
+
+- name: "fix up contrail database nodemgr config"
+#  sudo: True
+  ini_file:
+    dest: "/etc/contrail/contrail-database-nodemgr.conf"
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+  with_items:
+    - { section: "DEFAULT", option: "hostip", value: "{{ contrail_address }}" }
+    - { section: "DISCOVERY", option: "server", value: "{{ contrail_haproxy_address }}" }
+
+
+- name: "restart zookeeper"
+#  sudo: True
+  service:
+    name: "zookeeper"
+    state: "restarted"
+
+
+- name: "restart supervisor database"
+#  sudo: True
+  service:
+    name: "supervisor-database"
+    state: "restarted"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml
new file mode 100755 (executable)
index 0000000..1a78e83
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-increase-limits.yml
@@ -0,0 +1,52 @@
+---
+#- hosts: [database, config, control, collector]
+#  sudo: yes
+#  tasks:
+- name: "delete line"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/limits.conf"
+    regexp: "^root\\s*soft\\s*nproc\\s*.*"
+    state: "absent"
+
+- name: "check EOF"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/security/limits.conf"
+    regexp: "^# End of file"
+    line: "# End of file"
+
+- name: "add lines"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/security/limits.conf"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+    insertbefore: "^# End of file"
+  with_items:
+    - { regexp: "^root\\s*hard\\s*nofile\\s*.*", line: "root hard nofile 65535" }
+    - { regexp: "^root\\s*soft\\s*nofile\\s*.*", line: "root soft nofile 65535" }
+    - { regexp: "^\\*\\s*hard\\s*nofile\\s*.*", line: "* hard nofile 65535" }
+    - { regexp: "^\\*\\s*soft\\s*nofile\\s*.*", line: "* soft nofile 65535" }
+    - { regexp: "^\\*\\s*hard\\s*nproc\\s*.*", line: "* hard nproc 65535" }
+    - { regexp: "^\\*\\s*soft\\s*nproc\\s*.*", line: "* soft nproc 65535" }
+
+- name: change value of sysctl fs.file-max
+#  sudo: True
+  sysctl:
+    name: "fs.file-max"
+    value: "65535"
+
+- name: "find supervisord conf files"
+#  sudo: True
+  shell: "find /etc/contrail -name supervisor*.conf -type f"
+  register: supervisordconfs
+  changed_when: no
+
+- name: "modify supervisord conf"
+#  sudo: True
+  replace:
+    dest: "{{ item }}"
+    regexp: "^minfds=\\d*"
+    replace: "minfds=10240"
+  with_items: supervisordconfs.stdout_lines

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml
new file mode 100755 (executable)
index 0000000..b2785d8
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-rabbitmq.yml
@@ -0,0 +1,103 @@
+---
+#- hosts: config
+#  sudo: yes
+#  tasks:
+- name: "start supervisor support service"
+#  sudo: True
+  service:
+    name: "supervisor-support-service"
+    state: "started"
+
+
+
+- name: "stop rabbitmq server via supervisor"
+#  sudo: True
+  supervisorctl:
+    name: "rabbitmq-server"
+    state: "stopped"
+    server_url: "unix:///tmp/supervisord_support_service.sock"
+
+
+
+- name: "-rabbitmq-stop"
+#  sudo: True
+  include: -rabbitmq-stop.yml
+
+
+
+- name: "update hosts"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/hosts"
+    line: "{{ hostvars[item]['contrail_address'] }}\t{{ hostvars[item]['ansible_hostname'] }} {{ hostvars[item]['ansible_hostname'] }}-ctrl"
+  with_items: groups['opencontrail_config']
+
+
+
+- name: "fix up rabbitmq env"
+#  sudo: True
+  template:
+    src: "provision/rabbitmq-env-conf.j2"
+    dest: "/etc/rabbitmq/rabbitmq-env.conf"
+
+
+
+- name: "fix up rabbitmq config for single node"
+#  sudo: True
+  template:
+    src: "provision/rabbitmq-conf-single.j2"
+    dest: "/etc/rabbitmq/rabbitmq.config"
+  when: groups['opencontrail_config'][1] is not defined
+
+
+
+- name: fix up rabbitmq config for multi nodes
+#  sudo: True
+  template:
+    src: "provision/rabbitmq-conf.j2"
+    dest: "/etc/rabbitmq/rabbitmq.config"
+  when: groups['opencontrail_config'][1] is defined
+
+
+
+- name: "-rabbitmq-stop"
+#  sudo: True
+  include: -rabbitmq-stop.yml
+  
+  
+
+- name: "create cookie uuid temporary"
+#  sudo: True
+  local_action:
+    module: "template"
+    src: "provision/rabbitmq-cookie.j2"
+    dest: "/tmp/tmp-rabbitmq-cookie"
+  run_once: yes
+
+
+- name: "update cookie uuid"
+#  sudo: True
+  copy:
+    src: "/tmp/tmp-rabbitmq-cookie"
+    dest: "/var/lib/rabbitmq/.erlang.cookie"
+    owner: "rabbitmq"
+    group: "rabbitmq"
+    mode: 0400
+
+
+
+- name: "delete temporary cookie uuid"
+#  sudo: True
+  local_action:
+    module: "file"
+    dest: "/tmp/tmp-rabbitmq-cookie"
+    state: "absent"
+  run_once: yes
+
+
+
+- name: "start rabbitmq server"
+#  sudo: True
+  service:
+    name: "rabbitmq-server"
+    state: "started"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml
new file mode 100755 (executable)
index 0000000..edf829e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-route.yml
@@ -0,0 +1,42 @@
+---
+#- hosts: all
+#  sudo: yes
+#  tasks:
+- name: "delete existing route file"
+#  sudo: True
+  file:
+    path: "/etc/network/if-up.d/routes"
+    state: absent
+  when: contrail_route
+
+- name: "create route file"
+#  sudo: True
+  file:
+    path: "/etc/network/if-up.d/routes"
+    owner: "root"
+    mode: 0755
+    state: touch 
+  when: contrail_route
+
+
+- name: "add template"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/network/if-up.d/routes"
+    line: "{{ item }}"
+  with_items:
+    - "#!/bin/bash" 
+    - "[ \"$IFACE\" != {{ contrail_route[0].device }} ] && exit 0" 
+  when: contrail_route
+
+  
+- name: "add static route"
+#  sudo: True
+  lineinfile:
+    dest: "/etc/network/if-up.d/routes"
+    line: "ip route add {{ item.ip }} via {{ item.gw }} dev {{ item.device }}"
+    state: "present"
+  with_items:
+    - "{{ contrail_route }}"
+  when: contrail_route
+    

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml
new file mode 100755 (executable)
index 0000000..8781073
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-toragent.yml
@@ -0,0 +1,77 @@
+---
+#- hosts: tsn
+#  sudo: yes
+#  tasks:
+- name: "create temporary directory for ssl files"
+  local_action:
+    module: "file"
+    dest: "/tmp/tmp-toragent-{{ item }}"
+    state: "directory"
+  with_items:
+    - "certs"
+    - "private"
+  run_once: yes
+
+- name: "create ssl files"
+  local_action: "shell openssl req -new -x509 -days 3650 -text -sha256 -newkey rsa:4096 -nodes -subj \"/C=US/ST=Global/O={{ item.1.vendor_name }}/CN={{ ansible_fqdn }}\" -keyout /tmp/tmp-toragent-private/tor.{{ item.0 }}.privkey.pem -out /tmp/tmp-toragent-certs/tor.{{ item.0 }}.cert.pem"
+  with_indexed_items: contrail_tor_agents
+  run_once: yes
+
+- name: "set tor agent list"
+  set_fact:
+    toragent_index: "{{ item.0 }}"
+    toragent_params:  "{{ item.1 }}"
+  register: contrail_toragent_list
+  with_indexed_items: contrail_tor_agents
+  when: inventory_hostname in item.1.tsn_names
+
+- name: "fix up tor agent conf"
+  template:
+    src: "templates/contrail-tor-agent-conf.j2"
+    dest: "/etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf"
+  with_items: contrail_toragent_list.results
+
+- name: "fix up tor agent ini"
+  template:
+    src: "provision/contrail-tor-agent-ini.j2"
+    dest: "/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.ini"
+  with_items: contrail_toragent_list.results
+
+- name: "copy init script"
+  shell: "cp /etc/init.d/contrail-vrouter-agent /etc/init.d/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}"
+  with_items: contrail_toragent_list.results
+
+- name: "copy ssl certs"
+  copy:
+    src: "/tmp/tmp-toragent-certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem"
+    dest: "/etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem"
+  with_items: contrail_toragent_list.results
+
+- name: "copy ssl private"
+  copy:
+    src: "/tmp/tmp-toragent-private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem"
+    dest: "/etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem"
+  with_items: contrail_toragent_list.results
+
+- name: "copy ca cert"
+  copy:
+    src: "files/cacert.pem"
+    dest: "/etc/contrail/ssl/certs/cacert.pem"
+
+- name: "delete temporary directory"
+  local_action:
+    module: "file"
+    dest: "/tmp/tmp-toragent-{{ item }}"
+    state: "absent"
+  with_items:
+    - "certs"
+    - "private"
+  run_once: yes
+
+- name: "add tor agent to contrail"
+  shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --host_ip {{ contrail_address }} --router_type tor-agent"
+  with_items: contrail_toragent_list.results
+
+- name: "add device to contrail"
+  shell: "python /opt/contrail/utils/provision_physical_device.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --device_name {{ item.ansible_facts.toragent_params.name }} --vendor_name {{ item.ansible_facts.toragent_params.vendor_name }} --product_name {{ item.ansible_facts.toragent_params.product_name }} --device_mgmt_ip {{ item.ansible_facts.toragent_params.address }} --device_tunnel_ip {{ item.ansible_facts.toragent_params.tunnel_address }} --device_tor_agent {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }} --device_tsn {{ ansible_hostname }}"
+  with_items: contrail_toragent_list.results

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml
new file mode 100755 (executable)
index 0000000..058be18
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-tsn.yml
@@ -0,0 +1,96 @@
+---
+#- hosts: tsn
+#  sudo: yes
+#  tasks:
+
+- name: "enable supervisor vrouter"
+  file:
+    path: "/etc/init/supervisor-vrouter.override"
+    state: "absent"
+
+- include: -node-common.yml
+
+- name: "fix up vrouter nodemgr param"
+  template:
+    src: "provision/vrouter-nodemgr-param.j2"
+    dest: "/etc/contrail/vrouter_nodemgr_param"
+
+- name: "set contrail device name for ansible"
+  set_fact:
+    contrail_ansible_device: "ansible_{{ contrail_device }}"
+
+- name: "fix up default pmac"
+  template:
+    src: "provision/default-pmac.j2"
+    dest: "/etc/contrail/default_pmac"
+
+- name: "copy agent param config from template"
+  shell: "cp /etc/contrail/agent_param.tmpl /etc/contrail/agent_param"
+
+- name: "modify agent param config"
+  lineinfile:
+    dest: "/etc/contrail/agent_param"
+    regexp: "dev=__DEVICE__"
+    line: "dev={{ contrail_device }}"
+
+- name: "set vrouter agent mode"
+  set_fact:
+    contrail_vrouter_mode: "tsn"
+
+- name: "fix up contrail vrouter agent config"
+  template:
+    src: "provision/contrail-vrouter-agent-conf.j2"
+    dest: "/etc/contrail/contrail-vrouter-agent.conf"
+
+- name: "delete lines for contrail interface"
+  shell: "{{ item }}"
+  with_items:
+    - "sed -e '/auto {{ contrail_device }}/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+    - "sed -n -e '/auto {{ contrail_device }}/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+    - "sed -i -e '/auto {{ contrail_device }}/d' /tmp/contrail-interfaces-bottom"
+    - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+    - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "delete lines for vrouter interface"
+  shell: "{{ item }}"
+  with_items:
+    - "sed -e '/auto vhost0/,$d' /etc/network/interfaces > /tmp/contrail-interfaces-top"
+    - "sed -n -e '/auto vhost0/,$p' /etc/network/interfaces > /tmp/contrail-interfaces-bottom"
+    - "sed -i -e '/auto vhost0/d' /tmp/contrail-interfaces-bottom"
+    - "sed -i -n -e '/auto .*/,$p' /tmp/contrail-interfaces-bottom"
+    - "cat /tmp/contrail-interfaces-top /tmp/contrail-interfaces-bottom > /etc/network/interfaces"
+
+- name: "configure interface"
+  lineinfile:
+    dest: "/etc/network/interfaces"
+    line: "{{ item }}"
+    state: "present"
+  with_items:
+    - "auto {{ contrail_device }}"
+    - "iface {{ contrail_device }} inet manual"
+    - "\tpre-up ifconfig {{ contrail_device }} up"
+    - "\tpost-down ifconfig {{ contrail_device }} down"
+    - "auto vhost0"
+    - "iface vhost0 inet static"
+    - "\tpre-up /opt/contrail/bin/if-vhost0"
+    - "\tnetwork_name application"
+    - "\taddress {{ contrail_address }}"
+    - "\tnetmask {{ contrail_netmask }}"
+
+- name: "delete temporary files"
+  file:
+    dest: "{{ item }}"
+    state: "absent"
+  with_items:
+    - "/tmp/contrail-interfaces-top"
+    - "/tmp/contrail-interfaces-bottom"
+
+- name: "fix up contrail vrouter nodemgr config"
+  ini_file:
+    dest: "/etc/contrail/contrail-vrouter-nodemgr.conf"
+    section: "DISCOVERY"
+    option: "server"
+    value: "{{ contrail_haproxy_address }}"
+
+- name: "add tsn to contrail"
+  shell: "python /opt/contrail/utils/provision_vrouter.py --api_server_ip {{ contrail_haproxy_address }} --admin_user {{ contrail_admin_user }} --admin_password {{ contrail_admin_password }} --admin_tenant_name admin --openstack_ip {{ contrail_keystone_address }} --oper add --host_name {{ ansible_hostname }} --host_ip {{ contrail_address }} --router_type tor-service-node"

diff --git a/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml
new file mode 100755 (executable)
index 0000000..eb6301b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/tasks/provision/provision-webui.yml
@@ -0,0 +1,63 @@
+---
+#- hosts: webui
+#  sudo: yes
+#  tasks:
+
+- name: "enable supervisor webui"
+  file:
+    path: "/etc/init/supervisor-webui.override"
+    state: "absent"
+
+- name: "redis-setup"
+  include: -redis-setup.yml
+
+- name: "node-common"
+  include: -node-common.yml
+
+- name: "set first cassandra host address"
+  set_fact:
+    cassandra_addrs: "'{{ hostvars[item.1]['contrail_address'] }}'"
+  with_indexed_items: groups['opencontrail_database']
+  when: item.0 == 0
+
+- name: "set second or more cassandra host addresses"
+  set_fact:
+    cassandra_addrs: "{{ cassandra_addrs }}, '{{ hostvars[item.1]['contrail_address'] }}'"
+  with_indexed_items: groups['opencontrail_database']
+  when: item.0 > 0
+
+- name: "modify webui global js"
+  lineinfile:
+    dest: "/etc/contrail/config.global.js"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: "^\\s*config.networkManager.ip", line: "config.networkManager.ip = '{{ contrail_haproxy_address }}';" }
+    - { regexp: "^\\s*config.imageManager.ip", line: "config.imageManager.ip = '{{ contrail_keystone_address }}';" }
+    - { regexp: "^\\s*config.computeManager.ip", line: "config.computeManager.ip = '{{ contrail_keystone_address }}';" }
+    - { regexp: "^\\s*config.identityManager.ip", line: "config.identityManager.ip = '{{ contrail_keystone_address }}';" }
+    - { regexp: "^\\s*config.storageManager.ip", line: "config.storageManager.ip = '{{ contrail_keystone_address }}';" }
+    - { regexp: "^\\s*config.cnfg.server_ip", line: "config.cnfg.server_ip = '{{ contrail_haproxy_address }}';" }
+    - { regexp: "^\\s*config.analytics.server_ip", line: "config.analytics.server_ip = '{{ contrail_haproxy_address }}';" }
+    - { regexp: "^\\s*config.cassandra.server_ips", line: "config.cassandra.server_ips = [{{ cassandra_addrs }}];" }
+
+- name: "modify webui userauth js"
+  lineinfile:
+    dest: "/etc/contrail/contrail-webui-userauth.js"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: "^\\s*auth.admin_user", line: "auth.admin_user = '{{ contrail_admin_user }}';" }
+    - { regexp: "^\\s*auth.admin_password", line: "auth.admin_password = '{{ contrail_admin_password }}';" }
+    - { regexp: "^\\s*auth.admin_tenant_name", line: "auth.admin_tenant_name = 'admin';" }
+
+- name: "create symbolic link from nodejs to node"
+  file:
+    src: "/usr/bin/node"
+    dest: "/usr/bin/nodejs"
+    state: "link"
+
+- name: "restart supervisor webui"
+  service:
+    name: "supervisor-webui"
+    state: "restarted"

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2
new file mode 100755 (executable)
index 0000000..2905494
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/install/override.j2
@@ -0,0 +1 @@
+manual

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2
new file mode 100755 (executable)
index 0000000..18192f1
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-analytics-api-conf.j2
@@ -0,0 +1,29 @@
+[DEFAULTS]
+host_ip = {{ contrail_address }}
+rest_api_ip = 0.0.0.0
+rest_api_port = 9081
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+collectors = {{ contrail_address }}:8086
+http_server_port = 8090
+log_file = /var/log/contrail/contrail-analytics-api.log
+log_level = SYS_NOTICE
+log_local = 1
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl = 48
+analytics_config_audit_ttl = -1
+analytics_statistics_ttl = -1
+analytics_flow_ttl = -1
+
+[DISCOVERY]
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+
+[REDIS]
+redis_server_port = 6379
+redis_query_port = 6379

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2
new file mode 100755 (executable)
index 0000000..1eefacf
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-conf.j2
@@ -0,0 +1,27 @@
+[DEFAULTS]
+listen_ip_addr = 0.0.0.0
+listen_port = 8082
+ifmap_server_ip = {{ contrail_address }}
+ifmap_server_port = 8443
+ifmap_username = api-server
+ifmap_password = api-server
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5673
+multi_tenancy = True
+list_optimization_enabled = True
+log_file = /var/log/contrail/contrail-api.log
+log_level = SYS_NOTICE
+log_local = 1
+auth = keystone
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2
new file mode 100755 (executable)
index 0000000..94da3d7
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-api-supervisord-conf.j2
@@ -0,0 +1,12 @@
+[program:contrail-api]
+command=/usr/bin/contrail-api --conf_file /etc/contrail/contrail-api.conf --conf_file /etc/contrail/contrail-keystone-auth.conf --listen_port 910%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-api-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=440
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2
new file mode 100755 (executable)
index 0000000..e624234
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-collector-conf.j2
@@ -0,0 +1,86 @@
+[DEFAULT]
+# Everything in this section is optional
+
+# Time-to-live in hours of the various data stored by collector into
+# cassandra
+# analytics_config_audit_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_statistics_ttl, if not set (or set to -1), defaults to analytics_data_ttl
+# analytics_flow_ttl, if not set (or set to -1), defaults to analytics_statsdata_ttl
+analytics_data_ttl = 48
+analytics_config_audit_ttl = -1
+analytics_statistics_ttl = -1
+analytics_flow_ttl = -1
+
+# IP address and port to be used to connect to cassandra.
+# Multiple IP:port strings separated by space can be provided
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+
+# IP address and port to be used to connect to kafka.
+# Multiple IP:port strings separated by space can be provided
+kafka_broker_list =
+
+# IP address of analytics node. Resolved IP of 'hostname'
+hostip = {{ contrail_address }}
+
+# Hostname of analytics node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Http server port for inspecting collector state (useful for debugging)
+http_server_port = 8089
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-collector.log
+
+# Maximum log file rollover index
+# log_files_count = 10
+
+# Maximum log file size
+# log_file_size = 1048576 # 1MB
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level = SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and
+# 1 (enable)
+log_local = 1
+
+# TCP and UDP ports to listen on for receiving syslog messages. -1 to disable.
+syslog_port = -1
+
+# UDP port to listen on for receiving sFlow messages. -1 to disable.
+# sflow_port = 6343
+
+# UDP port to listen on for receiving ipfix messages. -1 to disable.
+# ipfix_port = 4739
+
+[COLLECTOR]
+# Everything in this section is optional
+
+# Port to listen on for receiving Sandesh messages
+port = 8086
+
+# IP address to bind to for listening
+# server = 0.0.0.0
+
+# UDP port to listen on for receiving Google Protocol Buffer messages
+# protobuf_port = 3333
+
+[DISCOVERY]
+# Port to connect to for communicating with discovery server
+# port = 5998
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+[REDIS]
+# Port to connect to for communicating with redis-server
+port = 6379
+
+# IP address of redis-server
+server = 127.0.0.1

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2
new file mode 100755 (executable)
index 0000000..83792b2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-control-conf.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+hostname = {{ ansible_hostname }}
+log_file = /var/log/contrail/contrail-control.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[DISCOVERY]
+server = {{ contrail_haproxy_address }}
+port = 5998
+
+[IFMAP]
+certs_store = 
+user = {{ contrail_address }}
+password = {{ contrail_address }}

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2
new file mode 100755 (executable)
index 0000000..77bcc95
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-device-manager-conf.j2
@@ -0,0 +1,14 @@
+[DEFAULTS]
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5673
+log_file = /var/log/contrail/contrail-device-manager.log
+log_level = SYS_NOTICE
+log_local = 1

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2
new file mode 100755 (executable)
index 0000000..84e6317
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-conf.j2
@@ -0,0 +1,43 @@
+[DEFAULTS]
+listen_ip_addr = 0.0.0.0
+listen_port = 5998
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}{% if not loop.last %}, {% endif %}{% endfor %}
+
+zk_server_port = 2181
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+log_file = /var/log/contrail/contrail-discovery.log
+log_level = SYS_NOTICE
+log_local = 1
+
+# minimim time to allow client to cache service information (seconds)
+ttl_min = 300
+
+# maximum time to allow client to cache service information (seconds)
+ttl_max = 1800
+
+# health check ping interval < = 0 for disabling
+hc_interval = 5
+
+# maximum hearbeats to miss before server will declare publisher out of
+# service.
+hc_max_miss = 3
+
+# use short TTL for agressive rescheduling if all services are not up
+ttl_short = 1
+
+# for DNS service, we use fixed policy
+# even when the cluster has more than two control nodes, only two of these
+# should provide the DNS service
+[DNS-SERVER]
+policy = fixed
+
+######################################################################
+# Other service specific knobs ...
+
+# use short TTL for agressive rescheduling if all services are not up
+# ttl_short = 1
+
+# specify policy to use when assigning services
+# policy = [load-balance | round-robin | fixed]
+######################################################################

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2
new file mode 100755 (executable)
index 0000000..5f0a698
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-discovery-supervisord-conf.j2
@@ -0,0 +1,12 @@
+[program:contrail-discovery]
+command=/usr/bin/contrail-discovery --conf_file /etc/contrail/contrail-discovery.conf --listen_port 911%(process_num)01d --worker_id %(process_num)s
+numprocs=1
+process_name=%(process_num)s
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-discovery-%(process_num)s-stdout.log
+stderr_logfile=/dev/null
+priority=430
+autostart=true
+killasgroup=true
+stopsignal=KILL
+exitcodes=0

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2
new file mode 100755 (executable)
index 0000000..0a2ab43
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-dns-conf.j2
@@ -0,0 +1,15 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+hostname = {{ ansible_hostname }}
+log_file = /var/log/contrail/contrail-dns.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[DISCOVERY]
+server = {{ contrail_haproxy_address }}
+port = 5998
+
+[IFMAP]
+certs_store = 
+user = {{ contrail_address }}.dns
+password = {{ contrail_address }}.dns

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2
new file mode 100755 (executable)
index 0000000..f362ef4
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-keystone-auth-conf.j2
@@ -0,0 +1,9 @@
+[KEYSTONE]
+auth_protocol = http
+auth_host = {{ contrail_keystone_address }}
+auth_port = 35357
+admin_tenant_name = admin
+admin_user = {{ contrail_admin_user }}
+admin_password = {{ contrail_admin_password }}
+insecure = False
+

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2
new file mode 100755 (executable)
index 0000000..e051b7e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-query-engine-conf.j2
@@ -0,0 +1,13 @@
+[DEFAULT]
+hostip = {{ contrail_address }}
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+collectors = {{ contrail_address }}:8086
+http_server_port = 8091
+log_file = /var/log/contrail/contrail-query-engine.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[REDIS]
+server = 127.0.0.1
+port = 6379

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2
new file mode 100755 (executable)
index 0000000..2bb4ab7
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-schema-conf.j2
@@ -0,0 +1,22 @@
+[DEFAULTS]
+ifmap_server_ip = {{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }}
+ifmap_server_port = 8443
+ifmap_username = schema-transformer
+ifmap_password = schema-transformer
+api_server_ip = {{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+log_file = /var/log/contrail/contrail-schema.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2
new file mode 100755 (executable)
index 0000000..1ff4356
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-sudoers.j2
@@ -0,0 +1,5 @@
+Defaults:contrail !requiretty
+
+Cmnd_Alias CONFIGRESTART = /usr/sbin/service supervisor-config restart
+
+contrail ALL = (root) NOPASSWD:CONFIGRESTART

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2
new file mode 100755 (executable)
index 0000000..4b4221d
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-svc-monitor-conf.j2
@@ -0,0 +1,29 @@
+[DEFAULTS]
+ifmap_server_ip = {{ contrail_address }}
+ifmap_server_port = 8443
+ifmap_username = svc-monitor
+ifmap_password = svc-monitor
+api_server_ip = {{ contrail_haproxy_address }}
+api_server_port = 8082
+zk_server_ip = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:2181{% if not loop.last %}, {% endif %}{% endfor %}
+
+cassandra_server_list = {% for cur_host in groups['opencontrail_database'] %}{{ hostvars[cur_host]['contrail_address'] }}:9160{% if not loop.last %} {% endif %}{% endfor %}
+
+disc_server_ip = {{ contrail_haproxy_address }}
+disc_server_port = 5998
+rabbit_server = {{ contrail_haproxy_address }}
+rabbit_port = 5673
+region_name = RegionOne
+log_file = /var/log/contrail/contrail-svc-monitor.log
+log_level = SYS_NOTICE
+log_local = 1
+
+[SECURITY]
+use_certs = False
+keyfile = /etc/contrail/ssl/private_keys/apiserver_key.pem
+certfile = /etc/contrail/ssl/certs/apiserver.pem
+ca_certs = /etc/contrail/ssl/certs/ca.pem
+
+[SCHEDULER]
+analytics_server_ip = {{ contrail_haproxy_address }}
+analytics_server_port = 8081

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2
new file mode 100755 (executable)
index 0000000..fb483c3
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-conf.j2
@@ -0,0 +1,111 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (optional)
+# server = 10.0.0.1 10.0.0.2
+
+[DEFAULT]
+agent_name = {{ ansible_hostname }}-{{ item.ansible_facts.toragent_index }}
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors = 127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug = 0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout = 0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+# log_level = SYS_DEBUG
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+# log_local = 0
+
+# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
+# log_flow = 0
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type =
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode =
+
+# Define agent mode. Only supported value is "tor"
+agent_mode = tor
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port = 8085
+http_server_port = {{ item.ansible_facts.toragent_params.http_server_port }}
+
+[DISCOVERY]
+#If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this
+#section is mandatory. Else this section is optional
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+# max_control_nodes = 1
+
+[DNS]
+# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server = 10.0.0.1 10.0.0.2
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip = {{ contrail_address }}
+
+[TOR]
+# IP address of the TOR to manage
+tor_ip = {{ item.ansible_facts.toragent_params.address }}
+
+# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
+tor_id = {{ item.ansible_facts.toragent_index }}
+
+# ToR management scheme is based on this type. Only supported value is "ovs"
+tor_type = ovs
+
+# OVS server port number on the ToR
+tor_ovs_port = {{ item.ansible_facts.toragent_params.ovs_port }}
+
+# IP-Transport protocol used to connect to tor. Supported values are "tcp", "pssl"
+tor_ovs_protocol = {{ item.ansible_facts.toragent_params.ovs_protocol }}
+
+# Path to ssl certificate for tor-agent, needed for pssl
+ssl_cert = /etc/contrail/ssl/certs/tor.{{ item.ansible_facts.toragent_index }}.cert.pem
+
+# Path to ssl private-key for tor-agent, needed for pssl
+ssl_privkey = /etc/contrail/ssl/private/tor.{{ item.ansible_facts.toragent_index }}.privkey.pem
+
+# Path to ssl cacert for tor-agent, needed for pssl
+ssl_cacert = /etc/contrail/ssl/certs/cacert.pem
+
+tsn_ip = {{ contrail_address }}
+
+# OVS keep alive timer interval in milliseconds
+tor_keepalive_interval = 10000

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2
new file mode 100755 (executable)
index 0000000..db6944c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-tor-agent-ini.j2
@@ -0,0 +1,12 @@
+[program:contrail-tor-agent-{{ item.ansible_facts.toragent_index }}]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}.conf
+priority=420
+autostart=true
+killasgroup=true
+stopsignal=KILL
+stdout_capture_maxbytes=1MB
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-tor-agent-{{ item.ansible_facts.toragent_index }}-stdout.log
+stderr_logfile=/dev/null
+startsecs=5
+exitcodes=0                   ; 'expected' exit codes for process (default 0,2)

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2
new file mode 100755 (executable)
index 0000000..85a7b63
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vnc-api-lib-ini.j2
@@ -0,0 +1,11 @@
+[global]
+WEB_SERVER=127.0.0.1
+WEB_PORT=8082 ; connection to api-server directly
+BASE_URL=/
+
+[auth]
+AUTHN_TYPE=keystone
+AUTHN_PROTOCOL=http
+AUTHN_SERVER={{ contrail_keystone_address }}
+AUTHN_PORT=35357
+AUTHN_URL=/v2.0/tokens

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2
new file mode 100755 (executable)
index 0000000..207509e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/contrail-vrouter-agent-conf.j2
@@ -0,0 +1,177 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server = 10.0.0.1 10.0.0.2
+
+[DEFAULT]
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors = 127.0.0.1:8086
+
+# Agent mode : can be vrouter / tsn / tor (default is vrouter)
+{% if contrail_vrouter_mode is defined %}agent_mode = {{ contrail_vrouter_mode }}
+{% else %}# agent_mode =
+{% endif %}
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug = 0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout = 0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname =
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port = 8085
+
+# Category for logging. Default value is '*'
+# log_category =
+
+# Local log file name
+log_file = /var/log/contrail/contrail-vrouter-agent.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+log_level = SYS_NOTICE
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+log_local = 1
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type =
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode =
+
+# DHCP relay mode (true or false) to determine if a DHCP request in fabric
+# interface with an unconfigured IP should be relayed or not
+# dhcp_relay_mode =
+
+# DPDK or legacy work mode
+platform = default
+
+# Physical address of PCI used by dpdk
+physical_interface_address =
+
+# MAC address of device used by dpdk
+physical_interface_mac = {{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }}
+
+[DISCOVERY]
+# If COLLECTOR and/or CONTROL-NODE and/or DNS is not specified this section is
+# mandatory. Else this section is optional
+
+# IP address of discovery server
+server = {{ contrail_haproxy_address }}
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+max_control_nodes = {{ groups['opencontrail_control'] | length }}
+
+[DNS]
+# IP address and port to be used to connect to dns-node. Maximum of 2 IP
+# addresses (separated by a space) can be provided. If no IP is configured then
+# the value provided by discovery service will be used.
+# server = 10.0.0.1:53 10.0.0.2:53
+
+[HYPERVISOR]
+# Everything in this section is optional
+
+# Hypervisor type. Possible values are kvm, xen and vmware
+type = kvm
+vmware_mode =
+
+# Link-local IP address and prefix in ip/prefix_len format (for xen)
+# xen_ll_ip =
+
+# Link-local interface name when hypervisor type is Xen
+# xen_ll_interface =
+
+# Physical interface name when hypervisor type is vmware
+vmware_physical_interface =
+
+[FLOWS]
+# Everything in this section is optional
+
+# Maximum flows allowed per VM (given as % of maximum system flows)
+# max_vm_flows = 100
+# Maximum number of link-local flows allowed across all VMs
+# max_system_linklocal_flows = 4096
+# Maximum number of link-local flows allowed per VM
+# max_vm_linklocal_flows = 1024
+
+[METADATA]
+# Shared secret for metadata proxy service (Optional)
+# metadata_proxy_secret = contrail
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip = {{ contrail_address }}
+
+[VIRTUAL-HOST-INTERFACE]
+# Everything in this section is mandatory
+
+# name of virtual host interface
+name = vhost0
+
+# IP address and prefix in ip/prefix_len format
+ip = {{ contrail_address }}/{{ contrail_prefixlen }}
+
+# Gateway IP address for virtual host
+gateway = {{ contrail_gateway }}
+
+# Physical interface name to which virtual host interface maps to
+physical_interface = {{ contrail_device }}
+
+# We can have multiple gateway sections with different indices in the
+# following format
+# [GATEWAY-0]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance = default-domain:admin:public:public
+
+# Gateway interface name
+# interface = vgw
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks = 1.1.1.1/24
+
+# [GATEWAY-1]
+# Name of the routing_instance for which the gateway is being configured
+# routing_instance = default-domain:admin:public1:public1
+
+# Gateway interface name
+# interface = vgw1
+
+# Virtual network ip blocks for which gateway service is required. Each IP
+# block is represented as ip/prefix. Multiple IP blocks are represented by
+# separating each with a space
+# ip_blocks = 2.2.1.0/24 2.2.2.0/24
+
+# Routes to be exported in routing_instance. Each route is represented as
+# ip/prefix. Multiple routes are represented by separating each with a space
+# routes = 10.10.10.1/24 11.11.11.1/24
+
+[SERVICE-INSTANCE]
+# Path to the script which handles the netns commands
+netns_command = /usr/bin/opencontrail-vrouter-netns
+
+# Number of workers that will be used to start netns commands
+#netns_workers = 1
+
+# Timeout for each netns command, when the timeout is reached, the netns
+# command is killed.
+#netns_timeout = 30

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2
new file mode 100755 (executable)
index 0000000..dac56d1
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/default-pmac.j2
@@ -0,0 +1 @@
+{{ hostvars[inventory_hostname][contrail_ansible_device]['macaddress'] }}

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2
new file mode 100755 (executable)
index 0000000..6aa4d06
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/haproxy-contrail-cfg.j2
@@ -0,0 +1,66 @@
+#contrail-marker-start
+
+listen contrail-stats
+       bind *:5937
+       mode http
+       stats enable
+       stats uri /
+       stats auth haproxy:contrail123
+
+listen neutron-server
+       bind *:9696
+       balance roundrobin
+       option nolinger
+{% for cur_host in groups['opencontrail_config'] %}    server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9697 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen contrail-api
+       bind *:8082
+       balance roundrobin
+       option nolinger
+       timeout client 3m
+       timeout server 3m
+{% for cur_host in groups['opencontrail_config'] %}    server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9100 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen contrail-discovery
+       bind *:5998
+       balance roundrobin
+       option nolinger
+{% for cur_host in groups['opencontrail_config'] %}    server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9110 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+listen contrail-analytics-api
+       bind *:8081
+       balance roundrobin
+       option nolinger
+       option tcp-check
+       tcp-check connect port 6379
+       default-server error-limit 1 on-error mark-down
+{% for cur_host in groups['opencontrail_collector'] %} server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:9081 check inter 2000 rise 2 fall 3
+{% endfor %}
+
+{% if contrail_tor_agents is defined %}listen contrail-tor-agent
+       bind {% for cur_agent in contrail_tor_agents %}*:{{ cur_agent['ovs_port'] }}{% if not loop.last %},{% endif %}{% endfor %}
+
+       mode tcp
+       balance leastconn
+       option tcplog
+       option tcpka
+{% for cur_host in groups['opencontrail_tsn'] %}       server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }} check inter 2000
+{% endfor %}{% endif %}
+
+listen rabbitmq
+       bind *:5673
+       mode tcp
+       balance roundrobin
+       maxconn 10000
+       option tcplog
+       option tcpka
+       option redispatch
+       timeout client 48h
+       timeout server 48h
+{% for cur_host in groups['opencontrail_config'] %}    server {{ hostvars[cur_host]['contrail_address'] }} {{ hostvars[cur_host]['contrail_address'] }}:5672 check inter 2000 rise 2 fall 3 weight 1 maxconn 500
+{% endfor %}
+
+#contrail-marker-end

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2
new file mode 100755 (executable)
index 0000000..41a1c64
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-authorization-properties.j2
@@ -0,0 +1,2 @@
+# The MAPC with basic auth username 'reader' has read only access.
+reader=ro

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2
new file mode 100755 (executable)
index 0000000..6ca38a2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-basicauthusers-properties.j2
@@ -0,0 +1,30 @@
+test:test
+test2:test2
+test3:test3
+dhcp:dhcp
+visual:visual
+sensor:sensor
+
+# compliance testsuite users
+mapclient:mapclient
+helper:mapclient
+
+# This is a read-only MAPC
+reader:reader
+
+# OpenContrail users
+api-server:api-server
+schema-transformer:schema-transformer
+svc-monitor:svc-monitor
+
+control-user:control-user-passwd
+control-node-1:control-node-1
+control-node-2:control-node-2
+control-node-3:control-node-3
+control-node-4:control-node-4
+control-node-5:control-node-5
+control-node-6:control-node-6
+control-node-7:control-node-7
+control-node-8:control-node-8
+control-node-9:control-node-9
+control-node-10:control-node-10

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2
new file mode 100755 (executable)
index 0000000..ebd0b48
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-log4j-properties.j2
@@ -0,0 +1,26 @@
+# Set root logger level to DEBUG and its only appender to CONSOLE
+log4j.rootLogger=TRACE, CONSOLE
+log4j.error
+
+log4j.logger.de.fhhannover.inform.irond.proc=TRACE, A1, A2
+log4j.additivity.de.fhhannover.inform.irond.proc=false
+
+log4j.appender.A1=org.apache.log4j.ConsoleAppender
+log4j.appender.A1.layout=org.apache.log4j.PatternLayout
+log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.appender.A2=org.apache.log4j.FileAppender
+log4j.appender.A2.File=/var/log/contrail/ifmap-server.log
+log4j.appender.A2.layout=org.apache.log4j.PatternLayout
+log4j.appender.A2.layout.ConversionPattern=%d [%t] %-5p %x - %m%n
+
+log4j.logger.de.fhhannover.inform.irond.rawrequests=TRACE, A3
+log4j.additivity.de.fhhannover.inform.irond.rawrequests=false
+log4j.appender.A3=org.apache.log4j.FileAppender
+log4j.appender.A3.file=irond_raw.log
+log4j.appender.A3.layout=org.apache.log4j.PatternLayout
+log4j.appender.A3.layout.ConversionPattern=%d %-5p %x - %m%n
+
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=%-8r [%t] %-5p %C{1} %x - %m%n

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2
new file mode 100755 (executable)
index 0000000..90d2a88
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/ifmap-publisher-properties.j2
@@ -0,0 +1,16 @@
+#Sun May 27 15:47:44 PDT 2012
+visual=visual--1877135140-1
+test=test--1870931913-1
+test2=test2--1870931914-1
+test3=test3--1870931915-1
+api-server=api-server-1--0000000001-1
+control-node-1=control-node-1--1870931921-1
+control-node-2=control-node-1--1870931922-1
+control-node-3=control-node-1--1870931923-1
+control-node-4=control-node-1--1870931924-1
+control-node-5=control-node-1--1870931925-1
+control-node-6=control-node-1--1870931926-1
+control-node-7=control-node-1--1870931927-1
+control-node-8=control-node-1--1870931928-1
+control-node-9=control-node-1--1870931929-1
+control-node-10=control-node-10--1870931930-1

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2
new file mode 100755 (executable)
index 0000000..b16c4a2
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/keepalived-conf.j2
@@ -0,0 +1,29 @@
+vrrp_script chk_haproxy {
+       script "killall -0 haproxy"
+       interval 1
+       timeout 3
+       rise 2
+       fall 2
+}
+
+vrrp_instance INTERNAL_1 {
+       interface {{ contrail_device }}
+       state MASTER
+       preemt_delay 7
+       grap_master_delay 5
+       grap_master_repeat 3
+       grap_master_refresh 1
+       advert_int 1
+       virtual_router_id 85
+       vmac_xmit_base
+       priority 10{{ item.0 }}
+       virtual_ipaddress {
+               {{ contrail_haproxy_address }} dev {{ contrail_device }}
+       }
+       track_script {
+               chk_haproxy
+       }
+       track_interface {
+               {{ contrail_device }}
+       }
+}

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2
new file mode 100755 (executable)
index 0000000..13e5965
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/neutron-contrail-plugin-ini.j2
@@ -0,0 +1,15 @@
+[APISERVER]
+api_server_ip={{ contrail_haproxy_address }}
+api_server_port=8082
+multi_tenancy=True
+contrail_extensions=ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None
+
+[COLLECTOR]
+analytics_api_ip={{ contrail_haproxy_address }}
+analytics_api_port=8081
+
+[KEYSTONE]
+auth_url=http://{{ contrail_keystone_address }}:35357/v2.0
+admin_tenant_name=admin
+admin_user={{ contrail_admin_user }}
+admin_password={{ contrail_admin_password }}

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2
new file mode 100755 (executable)
index 0000000..ea4dbba
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/nova.j2
@@ -0,0 +1,58 @@
+[DEFAULT]
+dhcpbridge_flagfile=/etc/nova/nova.conf
+dhcpbridge=/usr/bin/nova-dhcpbridge
+logdir=/var/log/nova
+state_path=/var/lib/nova
+lock_path=/var/lib/nova/tmp
+force_dhcp_release=True
+libvirt_use_virtio_for_bridges=True
+verbose=True
+ec2_private_dns_show_ip=False
+auth_strategy = keystone
+libvirt_nonblocking = True
+libvirt_inject_partition = -1
+compute_driver = libvirt.LibvirtDriver
+novncproxy_base_url = http://{{ contrail_keystone_address }}:6080/vnc_auto.html
+vncserver_enabled = true
+vncserver_listen = {{ contrail_address }}
+vncserver_proxyclient_address = {{ contrail_address }}
+security_group_api = neutron
+heal_instance_info_cache_interval = 0
+image_cache_manager_interval = 0
+libvirt_cpu_mode = none
+libvirt_vif_driver = nova_contrail_vif.contrailvif.VRouterVIFDriver
+firewall_driver = nova.virt.firewall.NoopFirewallDriver
+glance_host = {{ contrail_keystone_address }}
+glance_port = 9292
+glance_num_retries = 10
+rabbit_host = {{ contrail_keystone_address }}
+rabbit_port = 5672
+rabbit_password = {{ rabbit_password  }}
+rabbit_retry_interval = 1
+rabbit_retry_backoff = 2
+rabbit_max_retries = 0
+rabbit_ha_queues = True
+rpc_cast_timeout = 30
+rpc_conn_pool_size = 40
+rpc_response_timeout = 60
+rpc_thread_pool_size = 70
+report_interval = 15
+novncproxy_port = 6080
+vnc_port = 5900
+vnc_port_total = 100
+resume_guests_state_on_host_boot = True
+service_down_time = 300
+periodic_fuzzy_delay = 30
+disable_process_locking = True
+neutron_admin_auth_url =
+
+[keystone_authtoken]
+admin_tenant_name = service
+admin_user = nova
+admin_password = {{ contrail_admin_password }}
+auth_host = {{ contrail_keystone_address }}
+auth_protocol = http
+auth_port = 5000
+signing_dir = /tmp/keystone-signing-nova
+
+

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2
new file mode 100755 (executable)
index 0000000..53dfbba
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/qemu-device-acl-conf.j2
@@ -0,0 +1,6 @@
+cgroup_device_acl = [
+    "/dev/null", "/dev/full", "/dev/zero",
+    "/dev/random", "/dev/urandom",
+    "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+    "/dev/rtc", "/dev/hpet","/dev/net/tun"
+]

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2
new file mode 100755 (executable)
index 0000000..a276d3e
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf-single.j2
@@ -0,0 +1,6 @@
+[
+   {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]},
+   {loopback_users, []},
+   {log_levels,[{connection, info},{mirroring, info}]} ]
+    }
+].

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2
new file mode 100755 (executable)
index 0000000..c8cbe63
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-conf.j2
@@ -0,0 +1,25 @@
+[
+   {rabbit, [ {tcp_listeners, [{"{{ contrail_address }}", 5672}]}, {cluster_partition_handling, autoheal},{loopback_users, []},
+              {cluster_nodes, {[{% for cur_host in groups['opencontrail_config'] %}'rabbit@{{ cur_host }}-ctrl'{% if not loop.last %}, {% endif %}{% endfor %}], disc}},
+              {vm_memory_high_watermark, 0.4},
+              {disk_free_limit,50000000},
+              {log_levels,[{connection, info},{mirroring, info}]},
+              {heartbeat,10},
+              {delegate_count,20},
+              {channel_max,5000},
+              {tcp_listen_options,
+                        [binary,
+                          {packet, raw},
+                          {reuseaddr, true},
+                          {backlog, 128},
+                          {nodelay, true},
+                          {exit_on_close, false},
+                          {keepalive, true}
+                         ]
+              },
+              {collect_statistics_interval, 60000}
+            ]
+   },
+   {rabbitmq_management_agent, [ {force_fine_statistics, true} ] },
+   {kernel, [{net_ticktime,  30}]}
+].

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2
new file mode 100755 (executable)
index 0000000..838d033
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-cookie.j2
@@ -0,0 +1 @@
+{{ ansible_date_time.iso8601_micro | to_uuid }}

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2
new file mode 100755 (executable)
index 0000000..1b3e60f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/rabbitmq-env-conf.j2
@@ -0,0 +1,2 @@
+NODE_IP_ADDRESS={{ contrail_address }}
+NODENAME=rabbit@{{ ansible_hostname }}-ctrl

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2
new file mode 100755 (executable)
index 0000000..7eee51b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/vrouter-nodemgr-param.j2
@@ -0,0 +1 @@
+DISCOVERY={{ hostvars[groups['opencontrail_config'][0]]['contrail_address'] }}

diff --git a/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2 b/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2
new file mode 100755 (executable)
index 0000000..ec0033b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/templates/provision/zookeeper-unique-id.j2
@@ -0,0 +1 @@
+{{ item.0 + 1 }}

diff --git a/deploy/adapters/ansible/roles/open-contrail/vars/Debian.yml b/deploy/adapters/ansible/roles/open-contrail/vars/Debian.yml
new file mode 100755 (executable)
index 0000000..c64f238
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/vars/Debian.yml
@@ -0,0 +1,40 @@
+---
+
+package: "contrail-install-packages_2.21-102~juno_all.deb"
+
+common_packages:
+  - contrail-setup
+
+kernel_packages:
+  - linux-headers-3.13.0-40
+  - linux-headers-3.13.0-40-generic
+  - linux-image-3.13.0-40-generic
+  - linux-image-extra-3.13.0-40-generic
+
+kernel_required: "3.13.0-40-generic"
+
+database_packages:
+  - contrail-openstack-database
+
+config_packages:
+  - contrail-openstack-config
+
+control_packages:
+  - contrail-openstack-control
+
+collector_packages:
+  - contrail-openstack-analytics
+
+webui_packages:
+  - contrail-openstack-webui
+
+vrouter_packages:
+  - contrail-vrouter-3.13.0-40-generic
+
+dkms_packages:
+  - contrail-vrouter-dkms
+
+compute_packages:
+  - contrail-vrouter-common
+  - contrail-nova-vif
+

diff --git a/deploy/adapters/ansible/roles/open-contrail/vars/RedHat.yml b/deploy/adapters/ansible/roles/open-contrail/vars/RedHat.yml
new file mode 100755 (executable)
index 0000000..ed97d53
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/vars/RedHat.yml
@@ -0,0 +1 @@
+---

diff --git a/deploy/adapters/ansible/roles/open-contrail/vars/main.yml b/deploy/adapters/ansible/roles/open-contrail/vars/main.yml
new file mode 100755 (executable)
index 0000000..015c99b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/open-contrail/vars/main.yml
@@ -0,0 +1,56 @@
+---
+#package: "contrail-install-packages_2.21-102~juno_all.deb" # mv to {os}.yml
+kernel_install: no
+ansible_ssh_user: "root"
+ansible_ssh_pass: "root"
+
+contrail_keystone_address: "{{ internal_vip.ip }}"
+contrail_admin_user: "keystone"
+contrail_admin_password: "{{ keystone_PASS }}"
+
+contrail_keepalived: no 
+contrail_haproxy_address: "10.0.0.22" # 10.0.0.80
+contrail_netmask: "255.255.255.0"
+contrail_prefixlen: "24"
+contrail_gateway: "10.0.0.1"
+
+contrail_router_asn: "64512"
+
+### Modify when need openstack provisioning
+keystone_provision: no
+install_nova: no
+rabbit_password: "password"
+
+contrail_tor_agents:
+  - name: "test01"
+    address: "10.0.0.81"
+    ovs_protocol: "pssl"
+    ovs_port: "9991"
+    tunnel_address: "10.0.0.81"
+    http_server_port: "9011"
+    vendor_name: "Juniper"
+    product_name: "QFX5100"
+    tsn_names: [ "system002" ]
+  - name: "test02"
+    address: "10.0.0.82"
+    ovs_protocol: "pssl"
+    ovs_port: "9992"
+    tunnel_address: "10.0.0.82"
+    http_server_port: "9012"
+    vendor_name: "Juniper"
+    product_name: "QFX5100"
+    tsn_names: [ "system002" ]
+
+
+# adapter for compass
+kernel_packages_noarch: []
+
+compute_packages_noarch: []
+
+# network infor adapter for compass
+contrail_device: "mgmt"
+contrail_address: "{{ internal_ip }}"
+contrail_netmask: "255.255.255.0"
+#contrail_gateway: "10.84.50.254"
+contrail_gateway:
+#contrail_mgmt_address: "172.27.113.91"