Contrail TSN node tasks

Change-Id: I8a0bf78bd9056edfeb44678367ebc435c3534c07
Signed-off-by: Illia Polliul <ipolliul@mirantis.com>

deployment_scripts/puppet/manifests/contrail-tsn-provision.pp

@@ -0,0 +1,18 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+notice('MODULAR: contrail/contrail-tsn-provision.pp')
+
+include contrail
+class { 'contrail::provision::tsn': }

deployment_scripts/puppet/manifests/reconfigure-contrail-tsn-vrouter.pp

@@ -0,0 +1,18 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+notice('MODULAR: contrail/reconfigure-contrail-tsn-vrouter.pp')
+
+include contrail
+class { 'contrail::tsn': }

deployment_scripts/puppet/modules/contrail/manifests/init.pp

@@ -110,6 +110,14 @@ class contrail {
   $dpdk_vf_number        = 0
   $sriov_hash            = get_sriov_devices($compute_dpkd_on_vf, $phys_dev)
 
+  # ToR agent settings
+  $enable_tor_agents  = $settings['enable_tor_agents']
+  $tor_agents_ssl  = $settings['tor_agents_ssl']
+  if $enable_tor_agents == true {
+    $tor_agents_configurations = parseyaml($settings['tor_agents_configurations'])
+  }
+
+
   # Custom mount point for contrail-db
   $cassandra_path = '/var/lib/contrail_db'
 

deployment_scripts/puppet/modules/contrail/manifests/provision/tor_agent.pp

@@ -0,0 +1,69 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+define contrail::provision::tor_agent(
+  $ovs_port,
+  $ovs_protocol,
+  $tor_device_name,
+  $tor_vendor_name,
+  $tor_mgmt_ip,
+  $tor_tun_ip,
+  $contrail_dev_ip           = $::contrail::address,
+  $tsn_vip_ip                = $::contrail::address,
+  $tor_id                    = $name,
+  $contrail_discovery_server = $::contrail::contrail_private_vip,
+)
+{
+
+  Exec {
+    provider => 'shell',
+    path     => '/bin:/sbin:/usr/bin:/usr/sbin',
+  }
+
+  exec { "provision-tor-agent-${name}":
+    command => "contrail-provision-vrouter \
+--api_server_ip ${::contrail::contrail_mgmt_vip} \
+--api_server_port 8082 \
+--openstack_ip ${::contrail::keystone_address} \
+--oper add \
+--host_name '${::fqdn}-${tor_id}' \
+--host_ip ${::contrail::address} \
+--admin_user '${::contrail::neutron_user}' \
+--admin_tenant_name '${::contrail::service_tenant}' \
+--admin_password '${::contrail::service_token}' \
+--router_type tor-agent \
+&& touch /opt/contrail/provision-tor-agent-${name}-DONE",
+    creates => "/opt/contrail/provision-tor-agent-${name}-DONE",
+  }
+
+  exec { "provision-tor-${name}":
+    command => "python /opt/contrail/utils/provision_physical_device.py \
+--device_name ${tor_device_name} \
+--vendor_name ${tor_vendor_name} \
+--device_mgmt_ip ${tor_mgmt_ip} \
+--device_tunnel_ip ${tor_tun_ip} \
+--device_tor_agent ${::fqdn}-${tor_id} \
+--device_tsn ${::fqdn} \
+--oper add \
+--admin_user '${::contrail::neutron_user}' \
+--admin_tenant_name '${::contrail::service_tenant}' \
+--admin_password '${::contrail::service_token}' \
+--api_server_ip ${::contrail::contrail_mgmt_vip} \
+--api_server_port 8082 \
+--openstack_ip ${::contrail::keystone_address} \
+&& touch /opt/contrail/provision-tor-${name}-DONE",
+    creates => "/opt/contrail/provision-tor-${name}-DONE",
+    require => Exec["provision-tor-agent-${name}"],
+  }
+}

deployment_scripts/puppet/modules/contrail/manifests/provision/tsn.pp

@@ -0,0 +1,48 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+class contrail::provision::tsn {
+
+  Exec {
+    provider => 'shell',
+    path     => '/bin:/sbin:/usr/bin:/usr/sbin',
+  }
+
+  package { 'contrail-utils':
+    ensure => present,
+  } ->
+  file { '/etc/contrail/vnc_api_lib.ini':
+    content => template('contrail/vnc_api_lib.ini.erb')
+  } ->
+  file { '/opt/contrail':
+    ensure => 'directory',
+  }
+
+  exec { 'provision-tsn-vrouter':
+    command => "contrail-provision-vrouter \
+--api_server_ip ${::contrail::contrail_mgmt_vip} \
+--api_server_port 8082 \
+--openstack_ip ${::contrail::keystone_address} \
+--oper add \
+--host_name ${::fqdn} \
+--host_ip ${::contrail::address} \
+--admin_user '${::contrail::neutron_user}' \
+--admin_tenant_name '${::contrail::service_tenant}' \
+--admin_password '${::contrail::service_token}' \
+--router_type tor-service-node \
+&& touch /opt/contrail/provision-vrouter-DONE",
+    creates => '/opt/contrail/provision-vrouter-DONE',
+    require => File['/opt/contrail'],
+  }
+}

deployment_scripts/puppet/modules/contrail/manifests/tor_agent.pp

@@ -0,0 +1,46 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+define contrail::tor_agent (
+  $ovs_port,
+  $ovs_protocol,
+  $tor_device_name,
+  $tor_vendor_name,
+  $tor_mgmt_ip,
+  $tor_tun_ip,
+  $contrail_dev_ip           = $::contrail::address,
+  $tsn_vip_ip                = $::contrail::address,
+  $tor_id                    = $name,
+  $contrail_discovery_server = $::contrail::contrail_private_vip,
+)
+{
+
+  file{"/etc/contrail/contrail-tor-agent-${name}.conf":
+    content => template('contrail/contrail-tor-agent.conf.erb')
+  }
+
+  file{"/etc/contrail/supervisord_vrouter_files/contrail-tor-agent-${name}.ini":
+    content => template('contrail/contrail-tor-agent.ini.erb')
+  }
+
+  if $ovs_protocol == 'pssl' {
+    exec { "generate_tor-${name}_cert":
+      provider => 'shell',
+      path     => '/usr/bin:/bin:/sbin',
+      cwd      => '/etc/contrail/',
+      command  => "ovs-pki req+sign tor-${name}",
+      creates  => "/etc/contrail/tor-${name}-cert.pem",
+      require  => Exec['generate_ca_cert'],
+    }
+  }
+}

deployment_scripts/puppet/modules/contrail/manifests/tsn.pp

@@ -0,0 +1,61 @@
+#    Copyright 2016 Mirantis, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+class contrail::tsn () {
+
+if $::contrail::enable_tor_agents == true {
+
+  if $::contrail::tor_agents_ssl == false {
+    $default_ovs_protocol = 'tcp'
+  } else {
+    $default_ovs_protocol = 'pssl'
+  }
+  package {'openvswitch-common':
+      ensure => present
+  }
+
+  exec { 'generate_ca_cert':
+    provider => 'shell',
+    path     => '/usr/bin:/bin:/sbin',
+    command  => 'ovs-pki init --force',
+    creates  => '/var/lib/openvswitch/pki/switchca/cacert.pem',
+    require  => Package['openvswitch-common'],
+  }
+
+  service {'nova-compute':
+    ensure => stopped
+  } ->
+
+  ini_setting {'set_tsn_vrouter':
+    ensure  => present,
+    path    => '/etc/contrail/contrail-vrouter-agent.conf',
+    section => 'DEFAULT',
+    setting => 'agent_mode',
+    value   => 'tsn',
+  } ~>
+
+  service {'supervisor-vrouter':
+    ensure => 'running'
+  }
+
+  $tor_agents_defaults = {
+    'notify'       => 'Service[supervisor-vrouter]',
+    'ovs_protocol' => $default_ovs_protocol,
+  }
+
+  create_resources(::contrail::tor_agent, $::contrail::tor_agents_configurations, $tor_agents_defaults)
+  create_resources(::contrail::provision::tor_agent, $::contrail::tor_agents_configurations)
+}
+
+
+}

deployment_scripts/puppet/modules/contrail/templates/contrail-tor-agent.conf.erb

@@ -0,0 +1,117 @@
+#
+# Vnswad configuration options
+#
+
+[CONTROL-NODE]
+# IP address to be used to connect to control-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (optional)
+# server=10.0.0.1 10.0.0.2
+
+[DEFAULT]
+agent_name=<%= @fqdn -%>-<%= @tor_id %>
+
+# Everything in this section is optional
+
+# IP address and port to be used to connect to collector. If these are not
+# configured, value provided by discovery service will be used. Multiple
+# IP:port strings separated by space can be provided
+# collectors=127.0.0.1:8086
+
+# Enable/disable debug logging. Possible values are 0 (disable) and 1 (enable)
+# debug=0
+
+# Aging time for flow-records in seconds
+# flow_cache_timeout=0
+
+# Hostname of compute-node. If this is not configured value from `hostname`
+# will be taken
+# hostname=
+
+# Category for logging. Default value is '*'
+# log_category=
+
+# Local log file name
+log_file=/var/log/contrail/contrail-tor-agent-<%= @tor_id -%>.log
+
+# Log severity levels. Possible values are SYS_EMERG, SYS_ALERT, SYS_CRIT,
+# SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO and SYS_DEBUG. Default is SYS_DEBUG
+# log_level=SYS_DEBUG
+
+# Enable/Disable local file logging. Possible values are 0 (disable) and 1 (enable)
+# log_local=0
+
+# Enable/Disable local flow message logging. Possible values are 0 (disable) and 1 (enable)
+# log_flow=0
+
+# Encapsulation type for tunnel. Possible values are MPLSoGRE, MPLSoUDP, VXLAN
+# tunnel_type=
+
+# Enable/Disable headless mode for agent. In headless mode agent retains last
+# known good configuration from control node when all control nodes are lost.
+# Possible values are true(enable) and false(disable)
+# headless_mode=
+
+# Define agent mode. Only supported value is "tor"
+agent_mode=tor
+
+
+
+# Http server port for inspecting vnswad state (useful for debugging)
+# http_server_port=8085
+http_server_port=<%= @tor_id +8084 %>
+
+[DISCOVERY]
+#If DEFAULT.collectors and/or CONTROL-NODE and/or DNS is not specified this
+#section is mandatory. Else this section is optional
+
+# IP address of discovery server
+server=<%= @contrail_discovery_server %>
+
+# Number of control-nodes info to be provided by Discovery service. Possible
+# values are 1 and 2
+# max_control_nodes=1
+
+[DNS]
+# IP address to be used to connect to dns-node. Maximum of 2 IP addresses
+# (separated by a space) can be provided. If no IP is configured then the
+# value provided by discovery service will be used. (Optional)
+# server=10.0.0.1 10.0.0.2
+
+[NETWORKS]
+# control-channel IP address used by WEB-UI to connect to vnswad to fetch
+# required information (Optional)
+control_network_ip=<%= @contrail_dev_ip %>
+
+[TOR]
+# IP address of the TOR to manage
+tor_ip=<%= @tor_mgmt_ip %>
+
+# Identifier for ToR. Agent will subscribe to ifmap-configuration by this name
+tor_id=<%= @tor_id %>
+
+# ToR management scheme is based on this type. Only supported value is "ovs"
+tor_type=ovs
+
+# OVS server port number on the ToR
+tor_ovs_port=<%=@ovs_port%>
+
+# IP-Transport protocol used to connect to tor. Supported values are "tcp", "pssl"
+tor_ovs_protocol=<%=@ovs_protocol%>
+
+
+<% if @ovs_protocol == 'pssl' -%>
+# Path to ssl certificate for tor-agent, needed for pssl
+ssl_cert=/etc/contrail/tor-<%= @tor_id -%>-cert.pem
+
+# Path to ssl private-key for tor-agent, needed for pssl
+ssl_privkey=/etc/contrail/tor-<%= @tor_id -%>-privkey.pem
+
+# Path to ssl cacert for tor-agent, needed for pssl
+ssl_cacert=/var/lib/openvswitch/pki/switchca/cacert.pem
+<% end -%>
+
+tsn_ip=<%= @tsn_vip_ip %>
+
+# OVS keep alive timer interval in milliseconds
+tor_keepalive_interval=10000

deployment_scripts/puppet/modules/contrail/templates/contrail-tor-agent.ini.erb

@@ -0,0 +1,13 @@
+
+[program:contrail-tor-agent-<%= @tor_id -%>]
+command=/usr/bin/contrail-tor-agent --config_file /etc/contrail/contrail-tor-agent-<%= @tor_id -%>.conf
+priority=420
+autostart=true
+killasgroup=true
+stopsignal=KILL
+stdout_capture_maxbytes=1MB
+redirect_stderr=true
+stdout_logfile=/var/log/contrail/contrail-tor-agent-<%= @tor_id -%>-stdout.log
+stderr_logfile=/dev/null
+startsecs=5
+exitcodes=0                   ; 'expected' exit codes for process (default 0,2)

deployment_tasks.yaml

@@ -61,6 +61,17 @@
   parameters:
     strategy:
       type: parallel
+
+- id: contrail-tsn
+  type: group
+  role: [contrail-tsn]
+  tasks: [hiera, globals, tools, logging, netconfig, hosts, deploy_start]
+  required_for: [deploy_end]
+  requires: [deploy_start, primary-contrail-control]
+  parameters:
+    strategy:
+      type: parallel
+
 #
 # Group for post-deployment tasks
 - id: contrail-post-deploy
@@ -335,6 +346,54 @@
     puppet_modules: puppet/modules:/etc/puppet/modules
     timeout: 720
 
+##############################################################
+#  TSN tasks section
+##############################################################
+
+# Set proper apt pin for Contrail repository
+- id: contrail-repository-tsn
+  type: puppet
+  groups: [contrail-tsn]
+  required_for: [tools]
+  requires: [deploy_start, globals]
+  parameters:
+    puppet_manifest: puppet/manifests/contrail-compute-repo.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 720
+
+- id: contrail-tsn-vrouter
+  type: puppet
+  role: [contrail-tsn]
+  requires: [post_deployment_start]
+  required_for: [reconfigure-contrail-tsn-vrouter]
+  parameters:
+    puppet_manifest: puppet/manifests/contrail-compute-vrouter.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 720
+
+- id: reconfigure-contrail-tsn-vrouter
+  type: puppet
+  role: [contrail-tsn]
+  requires: [contrail-tsn-vrouter]
+  required_for: [provision-tsn-vrouter]
+  parameters:
+    puppet_manifest: puppet/manifests/reconfigure-contrail-tsn-vrouter.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 720
+
+
+- id: provision-tsn-vrouter
+  type: puppet
+  role: [contrail-tsn]
+  required_for: [post_deployment_end]
+  requires: [reconfigure-contrail-tsn-vrouter]
+  parameters:
+    puppet_manifest: puppet/manifests/contrail-tsn-provision.pp
+    puppet_modules: puppet/modules:/etc/puppet/modules
+    timeout: 720
+
+
+
 ##############################################################
 #  Compute tasks section
 ##############################################################

environment_config.yaml

@@ -141,3 +141,30 @@ attributes:
     restrictions:
       - action: hide
         condition: not (settings:contrail.contrail_global_sriov.value == true)
+  enable_tor_agents:
+    value: false
+    label: "Enable ToR agents"
+    description: "Enable this option to unlock the Tor Agent configuration feature."
+    weight: 230
+    type: "checkbox"
+  tor_agents_ssl:
+    value: false
+    label: "Enable ToR agents ssl mode"
+    description: "Enable this option to generate ssl certificates and configure them for tor agents."
+    weight: 240
+    type: "checkbox"
+    restrictions:
+      - condition: "settings:contrail.enable_tor_agents.value == false"
+        action: "hide"
+  tor_agents_configurations:
+    value: ""
+    label: "Configuration for TOR agents"
+    description: "Provide here configuration data for ToR agents in YAML format"
+    weight: 250
+    type: "textarea"
+    regex:
+      source: '.'
+      error: "Provide information for ToR agents"
+    restrictions:
+      - condition: "settings:contrail.enable_tor_agents.value == false"
+        action: "hide"

node_roles.yaml

@@ -37,6 +37,19 @@ contrail-control:
     - ceph-osd
     - cinder
 
+contrail-tsn:
+  name: Contrail - TSN node
+  description: >
+    Contrail TSN role. Provides Control TSN and TOR agent components of Contrail.
+  has_primary: false
+  public_ip_required: false
+  weight: 100
+  conflicts:
+    - controller
+    - compute
+    - ceph-osd
+    - cinder
+
 dpdk:
   name: DPDK compute
   description: >