Documentation ¶
Index ¶
- Variables
- func DynamicZookeeperConfig(pods []core.Pod, electionPort, serverPort, clientPort string, ...) (map[string]string, error)
- func EndpointList(ips []string, port int) []string
- func JoinListWithSeparator(items []string, separator string) string
- func JoinListWithSeparatorAndSingleQuotes(items []string, separator string) string
Constants ¶
This section is empty.
Variables ¶
var AnalyticsAlarmgenConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Parse(`
[DEFAULTS]
host_ip={{ .ListenAddress }}
partitions={{ default "30" .AlarmgenPartitions }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port={{ default "5995" .AlarmgenIntrospectListenPort }}
log_file={{ default "/var/log/contrail/tf-alarm-gen.log" .LogFile }}
log_level={{ default "SYS_INFO" .LogLevel }}
log_local={{ default "1" .LogLocal }}
collectors={{ .CollectorServers }}
zk_list={{ .ZookeeperServers }}
[API_SERVER]
api_server_list={{ .ConfigServers }}
api_server_use_ssl=True
[CONFIGDB]
config_db_server_list={{ .ConfigDbServerList }}
config_db_use_ssl=True
config_db_ca_certs={{ .CassandraSslCaCertfile }}
rabbitmq_server_list={{ .RabbitmqServerList }}
rabbitmq_vhost={{ .RabbitmqVhost }}
rabbitmq_user={{ .RabbitmqUser }}
rabbitmq_password={{ .RabbitmqPassword }}
rabbitmq_use_ssl=True
kombu_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
kombu_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
kombu_ssl_ca_certs={{ .CAFilePath }}
kombu_ssl_version=tlsv1_2
[KAFKA]
kafka_broker_list={{ .KafkaServers }}
kafka_ssl_enable=True
kafka_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
kafka_certfile=/etc/certificates/server-{{ .PodIP }}.crt
kafka_ca_cert={{ .CAFilePath }}
[REDIS]
redis_server_port={{ .RedisPort }}
redis_uve_list={{ .RedisServerList }}
redis_password=
redis_use_ssl=True
redis_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
redis_certfile=/etc/certificates/server-{{ .PodIP }}.crt
redis_ca_cert={{ .CAFilePath }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
AnalyticsAlarmgenConfig is a templete for alarm gen config
var AnalyticsSnmpCollectorConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Parse(`
[DEFAULTS]
host_ip={{ .ListenAddress }}
hostname={{ .Hostname }}
scan_frequency={{ default "600" .SnmpCollectorScanFrequency }}
fast_scan_frequency={{ default "60" .SnmpCollectorFastScanFrequency }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port={{ default "5920" .SnmpCollectorIntrospectListenPort }}
log_file={{ default "/var/log/contrail/tf-snmp-collector.log" .LogFile }}
log_level={{ default "SYS_INFO" .LogLevel }}
log_local={{ default "1" .LogLocal }}
collectors={{ .CollectorServers }}
zookeeper={{ .ZookeeperServers }}
[API_SERVER]
api_server_list={{ .ConfigServers }}
api_server_use_ssl=True
[CONFIGDB]
config_db_server_list={{ .ConfigDbServerList }}
config_db_use_ssl=True
config_db_ca_certs={{ .CassandraSslCaCertfile }}
rabbitmq_server_list={{ .RabbitmqServerList }}
rabbitmq_vhost={{ .RabbitmqVhost }}
rabbitmq_user={{ .RabbitmqUser }}
rabbitmq_password={{ .RabbitmqPassword }}
rabbitmq_use_ssl=True
rabbitmq_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
rabbitmq_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
rabbitmq_ssl_ca_certs={{ .CAFilePath }}
rabbitmq_ssl_version=tlsv1_2
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
AnalyticsSnmpCollectorConfig is a templete for snmp collector config
var AnalyticsSnmpTopologyConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Parse(`
[DEFAULTS]
host_ip={{ .ListenAddress }}
scan_frequency={{ default "600" .SnmpTopologyScanFrequency }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port={{ default "5921" .SnmpTopologyIntrospectListenPort }}
log_file={{ default "/var/log/contrail/tf-topology.log" .LogFile }}
log_level={{ default "SYS_INFO" .LogLevel }}
log_local={{ default "1" .LogLocal }}
analytics_api={{ .AnalyticsServers }}
collectors={{ .CollectorServers }}
zookeeper={{ .ZookeeperServers }}
[API_SERVER]
api_server_list={{ .ConfigServers }}
api_server_use_ssl=True
[CONFIGDB]
config_db_server_list={{ .ConfigDbServerList }}
config_db_use_ssl=True
config_db_ca_certs={{ .CassandraSslCaCertfile }}
rabbitmq_server_list={{ .RabbitmqServerList }}
rabbitmq_vhost={{ .RabbitmqVhost }}
rabbitmq_user={{ .RabbitmqUser }}
rabbitmq_password={{ .RabbitmqPassword }}
rabbitmq_use_ssl=True
rabbitmq_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
rabbitmq_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
rabbitmq_ssl_ca_certs={{ .CAFilePath }}
rabbitmq_ssl_version=tlsv1_2
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
AnalyticsSnmpTopologyConfig is a template for snmp topology config
var AnalyticsapiConfig = template.Must(template.New("").Parse(`[DEFAULTS]
host_ip={{ .ListenAddress }}
http_server_port={{ .AnalyticsApiIntrospectPort}}
http_server_ip={{ .InstrospectListenAddress }}
rest_api_port=8081
rest_api_ip={{ .ListenAddress }}
{{ if .QueryEngineEnabled }}
partitions=30
{{ end }}
aaa_mode={{ .AAAMode }}
log_file=/var/log/contrail/contrail-analytics-api.log
log_level={{ .LogLevel }}
log_local=1
# Sandesh send rate limit can be used to throttle system logs transmitted per
# second. System logs are dropped if the sending rate is exceeded
#sandesh_send_rate_limit =
collectors={{ .CollectorServerList}}
api_server={{ .ApiServerList }}
api_server_use_ssl=True
zk_list={{ .ZookeeperServerList }}
analytics_api_ssl_enable = True
analytics_api_insecure_enable = True
analytics_api_ssl_certfile = /etc/certificates/server-{{ .PodIP }}.crt
analytics_api_ssl_keyfile = /etc/certificates/server-key-{{ .PodIP }}.pem
analytics_api_ssl_ca_cert = {{ .CAFilePath }}
[REDIS]
{{ if .QueryEngineEnabled }}
redis_query_port={{ .RedisPort }}
{{ end }}
redis_uve_list={{ .RedisServerList }}
redis_password=
redis_use_ssl=True
redis_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
redis_certfile=/etc/certificates/server-{{ .PodIP }}.crt
redis_ca_cert={{ .CAFilePath }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
AnalyticsapiConfig is the template of the AnalyticsAPI service configuration.
var CassandraCommandTemplate = template.Must(template.New("").Parse(`
function _prepare_keystore() {
local type=$1
rm -f /etc/keystore/${type}-truststore.jks /etc/keystore/${type}-keystore.jks
mkdir -p /etc/keystore
openssl pkcs12 -export -chain -name $type \
-in /etc/certificates/${type}-${POD_IP}.crt \
-inkey /etc/certificates/${type}-key-${POD_IP}.pem \
-CAfile {{ .CAFilePath }} \
-password pass:{{ .TruststorePassword }} \
-out TmpFileKeyStore.$type
openssl pkcs12 -password pass:{{ .TruststorePassword }} -in TmpFileKeyStore.$type -info -chain -nokeys
openssl pkcs12 -info -chain -nokeys -cacerts \
-password pass:{{ .TruststorePassword }} \
-in TmpFileKeyStore.$type 2>/dev/null | sed -n '/-\+BEGIN.*-\+/,/-\+END .*-\+/p' > TmpCA.pem.$type
cat TmpCA.pem.$type
keytool -import -noprompt -alias CARoot \
-keystore /etc/keystore/${type}-truststore.jks \
-keypass {{ .KeystorePassword }} \
-storepass {{ .TruststorePassword }} \
-file TmpCA.pem.$type
keytool -importkeystore -alias $type -noprompt \
-deststoretype PKCS12 \
-deststorepass {{ .KeystorePassword }} \
-destkeypass {{ .KeystorePassword }} \
-destkeystore /etc/keystore/${type}-keystore.jks \
-srcstoretype PKCS12 \
-srcstorepass {{ .TruststorePassword }} \
-srckeystore TmpFileKeyStore.$type
}
# generate server keystore for ssl
_prepare_keystore server
# generate client keystore for ssl
_prepare_keystore client
# for cqlsh cmd tool
ln -sf /etc/contrailconfigmaps/cqlshrc.${POD_IP} /root/.cqlshrc ;
# cassandra docker-entrypoint tries patch the config, and nodemanager uses hardcoded path to
# detect cassandra data path for size checks, this file will contains wrong seeds as entrypoint
# sets it from env variable
rm -f /etc/cassandra/cassandra.yaml ;
cp /etc/contrailconfigmaps/cassandra.${POD_IP}.yaml /etc/cassandra/cassandra.yaml ;
cat /etc/cassandra/cassandra.yaml ;
# reaper configurations
{{ if .ReaperEnabled }}
# for reaper access
ln -sf /etc/contrailconfigmaps/jmxremote.password.${POD_IP} /etc/cassandra/jmxremote.password ;
ln -sf /etc/contrailconfigmaps/jmxremote.access.${POD_IP} /etc/cassandra/jmxremote.access ;
ln -sf /etc/contrailconfigmaps/nodetool-ssl.properties.${POD_IP} ~/.cassandra/nodetool-ssl.properties ;
source /etc/contrailconfigmaps/reaper.${POD_IP}.env
export LOCAL_JMX=no
{{ end }}
# for gracefull shutdown implemented in docker-entrypoint.sh in trap_cassandra_term
export CASSANDRA_JMX_LOCAL_PORT={{ .JmxLocalPort }}
export CASSANDRA_LISTEN_ADDRESS=${POD_IP}
{{ if .ReaperEnabled }}
/run-reaper.sh &
# start service
exec /docker-entrypoint.sh -f -Dcassandra.jmx.local.port={{ .JmxLocalPort }} \
-Dcom.sun.management.jmxremote.access.file=/etc/cassandra/jmxremote.access \
-Dcom.sun.management.jmxremote.ssl=true \
-Dcom.sun.management.jmxremote.ssl.need.client.auth=true \
-Dcassandra.jmx.remote.port={{ .JmxLocalPort }} \
-Dcom.sun.management.jmxremote.rmi.port={{ .JmxLocalPort }} \
-Djavax.net.ssl.keyStore=/etc/keystore/server-keystore.jks \
-Djavax.net.ssl.keyStorePassword={{ .KeystorePassword }} \
-Djavax.net.ssl.trustStore=/etc/keystore/server-truststore.jks \
-Djavax.net.ssl.trustStorePassword={{ .TruststorePassword }} \
-Dcassandra.config=file:///etc/contrailconfigmaps/cassandra.${POD_IP}.yaml
{{ else }}
# start service
exec /docker-entrypoint.sh -f -Dcassandra.jmx.local.port={{ .JmxLocalPort }} -Dcassandra.config=file:///etc/contrailconfigmaps/cassandra.${POD_IP}.yaml
{{ end }}
`))
CassandraCommandTemplate start script
var CassandraConfig = template.Must(template.New("").Parse(`cluster_name: ContrailConfigDB
num_tokens: 256
hinted_handoff_enabled: true
max_hint_window_in_ms: 10800000 # 3 hours
hinted_handoff_throttle_in_kb: 1024
max_hints_delivery_threads: 2
hints_directory: /var/lib/cassandra/hints
hints_flush_period_in_ms: 10000
max_hints_file_size_in_mb: 128
batchlog_replay_throttle_in_kb: 1024
authenticator: AllowAllAuthenticator
authorizer: AllowAllAuthorizer
role_manager: CassandraRoleManager
roles_validity_in_ms: 2000
permissions_validity_in_ms: 2000
credentials_validity_in_ms: 2000
partitioner: org.apache.cassandra.dht.Murmur3Partitioner
data_file_directories:
- /var/lib/cassandra/data
commitlog_directory: /var/lib/cassandra/commitlog
disk_failure_policy: stop
commit_failure_policy: stop
key_cache_size_in_mb:
key_cache_save_period: 14400
row_cache_size_in_mb: 0
row_cache_save_period: 0
counter_cache_size_in_mb:
counter_cache_save_period: 7200
saved_caches_directory: /var/lib/cassandra/saved_caches
commitlog_sync: periodic
commitlog_sync_period_in_ms: 10000
commitlog_segment_size_in_mb: 32
seed_provider:
- class_name: org.apache.cassandra.locator.SimpleSeedProvider
parameters:
- seeds: {{ .Seeds }}
concurrent_reads: {{ or .Parameters.ConcurrentReads 32 }}
concurrent_writes: {{ or .Parameters.ConcurrentWrites 32 }}
concurrent_counter_writes: {{ or .Parameters.ConcurrentCounterWrites 32 }}
concurrent_materialized_view_writes: {{ or .Parameters.ConcurrentMaterializedViewWrites 32 }}
concurrent_compactors: {{ or .Parameters.ConcurrentCompactors 1 }}
memtable_flush_writers: {{ or .Parameters.MemtableFlushWriters 2 }}
disk_optimization_strategy: ssd
memtable_allocation_type: {{ or .Parameters.MemtableAllocationType "heap_buffers" }}
index_summary_capacity_in_mb:
index_summary_resize_interval_in_minutes: 60
trickle_fsync: false
trickle_fsync_interval_in_kb: 10240
storage_port: {{ .StoragePort}}
ssl_storage_port: {{ .SslStoragePort }}
listen_address: {{ .ListenAddress }}
broadcast_address: {{ .BroadcastAddress }}
start_native_transport: true
native_transport_port: {{ .CqlPort }}
start_rpc: {{ .StartRPC }}
rpc_address: {{ .RPCAddress }}
rpc_port: {{ .RPCPort }}
broadcast_rpc_address: {{ .RPCBroadcastAddress}}
rpc_keepalive: true
rpc_server_type: sync
thrift_framed_transport_size_in_mb: 15
incremental_backups: false
snapshot_before_compaction: false
auto_snapshot: true
tombstone_warn_threshold: 1000
tombstone_failure_threshold: 100000
column_index_size_in_kb: 64
batch_size_warn_threshold_in_kb: 5
batch_size_fail_threshold_in_kb: 50
compaction_throughput_mb_per_sec: {{ or .Parameters.CompactionThroughputMbPerSec 16 }}
compaction_large_partition_warning_threshold_mb: 100
sstable_preemptive_open_interval_in_mb: 50
read_request_timeout_in_ms: 5000
range_request_timeout_in_ms: 10000
write_request_timeout_in_ms: 2000
counter_write_request_timeout_in_ms: 5000
cas_contention_timeout_in_ms: 1000
truncate_request_timeout_in_ms: 60000
request_timeout_in_ms: 10000
cross_node_timeout: false
endpoint_snitch: SimpleSnitch
dynamic_snitch_update_interval_in_ms: 100
dynamic_snitch_reset_interval_in_ms: 600000
dynamic_snitch_badness_threshold: 0.1
request_scheduler: org.apache.cassandra.scheduler.NoScheduler
# node-to-node encrypion
server_encryption_options:
internode_encryption: all
keystore: /etc/keystore/server-keystore.jks
keystore_password: {{ .KeystorePassword }}
truststore: /etc/keystore/server-truststore.jks
truststore_password: {{ .TruststorePassword }}
require_client_auth: true
store_type: JKS
# client-to-node encrypion
client_encryption_options:
enabled: true
optional: false
keystore: /etc/keystore/server-keystore.jks
keystore_password: {{ .KeystorePassword }}
truststore: /etc/keystore/server-truststore.jks
truststore_password: {{ .TruststorePassword }}
require_client_auth: false
store_type: JKS
internode_compression: all
inter_dc_tcp_nodelay: false
tracetype_query_ttl: 86400
tracetype_repair_ttl: 604800
gc_warn_threshold_in_ms: 1000
enable_user_defined_functions: false
enable_scripted_user_defined_functions: false
windows_timer_interval: 1
transparent_data_encryption_options:
enabled: false
chunk_length_kb: 64
cipher: AES/CBC/PKCS5Padding
key_alias: testing:1
key_provider:
- class_name: org.apache.cassandra.security.JKSKeyProvider
parameters:
- keystore: conf/.keystore
keystore_password: cassandra
store_type: JCEKS
key_password: cassandra
auto_bootstrap: true
`))
CassandraConfig is the template of a full Cassandra configuration.
var CassandraCqlShrc = template.Must(template.New("").Parse(`
[ssl]
certfile = {{ .CAFilePath }}
version = SSLv23
userkey = /etc/certificates/client-key-{{ .ListenAddress }}.pem
usercert = /etc/certificates/client-{{ .ListenAddress }}.crt
`))
CassandraCqlShrc is a template for cqlsh tool
var CassandraJmxRemoteAccess = template.Must(template.New("").Parse(`
cassandra readwrite
reaperUser readwrite
`))
CassandraJmxRemoteAccess is a template for jmxrempote.access file
var CassandraJmxRemotePassword = template.Must(template.New("").Parse(`
cassandra cassandra
reaperUser reaperPass
`))
CassandraJmxRemotePassword is a template for jmxrempote.password file
var CassandraNodetoolSslProperties = template.Must(template.New("").Parse(`
-Dssl.enable=true
-Djavax.net.ssl.keyStore=/etc/keystore/server-keystore.jks
-Djavax.net.ssl.keyStorePassword={{ .KeystorePassword }}
-Djavax.net.ssl.trustStore=/etc/keystore/server-truststore.jks
-Djavax.net.ssl.trustStorePassword={{ .TruststorePassword }}
`))
CassandraJmxRemoteAccess is a template for jmxrempote.access file
var CollectorConfig = template.Must(template.New("").Parse(`[DEFAULT]
analytics_data_ttl={{ .AnalyticsDataTTL }}
analytics_config_audit_ttl={{ .AnalyticsConfigAuditTTL }}
analytics_statistics_ttl={{ .AnalyticsStatisticsTTL }}
analytics_flow_ttl={{ .AnalyticsFlowTTL }}
partitions=30
hostname={{ .Hostname }}
hostip={{ .ListenAddress }}
http_server_port={{ .CollectorIntrospectPort}}
http_server_ip={{ .InstrospectListenAddress }}
syslog_port=514
sflow_port=6343
ipfix_port=4739
# log_category=
log_file=/var/log/contrail/contrail-collector.log
log_files_count=10
log_file_size=1048576
log_level={{ .LogLevel }}
log_local=1
# sandesh_send_rate_limit=
{{ if .QueryEngineEnabled }}
cassandra_server_list={{ .AnalyticsdbCassandraServerList }}
{{ end }}
zookeeper_server_list={{ .ZookeeperServerList }}
[CASSANDRA]
cassandra_use_ssl=true
cassandra_ca_certs={{ .CAFilePath }}
[COLLECTOR]
port=8086
server={{ .ListenAddress }}
protobuf_port=3333
[STRUCTURED_SYSLOG_COLLECTOR]
# TCP & UDP port to listen on for receiving structured syslog messages
port=3514
# List of external syslog receivers to forward structured syslog messages in ip:port format separated by space
# tcp_forward_destination=10.213.17.53:514
[API_SERVER]
# List of api-servers in ip:port format separated by space
api_server_list={{ .ApiServerList }}
api_server_use_ssl=True
[REDIS]
port={{ .RedisPort }}
server=127.0.0.1
password=
{{ if .KafkaServerList }}
[KAFKA]
kafka_broker_list={{ .KafkaServerList }}
kafka_ssl_enable=True
kafka_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
kafka_certfile=/etc/certificates/client-{{ .PodIP }}.crt
kafka_ca_cert={{ .CAFilePath }}
{{ end }}
[CONFIGDB]
config_db_server_list={{ .CassandraServerList }}
config_db_use_ssl=True
config_db_ca_certs={{ .CAFilePath }}
rabbitmq_server_list={{ .RabbitmqServerList }}
rabbitmq_vhost={{ .RabbitmqVhost }}
rabbitmq_user={{ .RabbitmqUser }}
rabbitmq_password={{ .RabbitmqPassword }}
rabbitmq_use_ssl=True
rabbitmq_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
rabbitmq_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
rabbitmq_ssl_ca_certs={{ .CAFilePath }}
rabbitmq_ssl_version=tlsv1_2
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
{{ if .QueryEngineEnabled }}
[DATABASE]
disk_usage_percentage.high_watermark0=90
disk_usage_percentage.low_watermark0=85
disk_usage_percentage.high_watermark1=80
disk_usage_percentage.low_watermark1=75
disk_usage_percentage.high_watermark2=70
disk_usage_percentage.low_watermark2=60
pending_compaction_tasks.high_watermark0=400
pending_compaction_tasks.low_watermark0=300
pending_compaction_tasks.high_watermark1=200
pending_compaction_tasks.low_watermark1=150
pending_compaction_tasks.high_watermark2=100
pending_compaction_tasks.low_watermark2=80
high_watermark0.message_severity_level=SYS_EMERG
low_watermark0.message_severity_level=SYS_ALERT
high_watermark1.message_severity_level=SYS_ERR
low_watermark1.message_severity_level=SYS_WARN
high_watermark2.message_severity_level=SYS_DEBUG
low_watermark2.message_severity_level=INVALID
{{ end }}
`))
CollectorConfig is the template of the Collector service configuration.
var CommonRunConfig = template.Must(template.New("").Parse(`#!/bin/bash
[[ "$LOG_LEVEL" != "SYS_DEBUG" ]] || set -x
cmd_file="/tmp/command.sh"
pid_file="${cmd_file}.pid"
sig_file="${cmd_file}.sighup"
cat <<\EOF > /tmp/command.sh
#!/bin/bash
[[ "$LOG_LEVEL" != "SYS_DEBUG" ]] || set -x
{{ .Command }}
EOF
chmod +x /tmp/command.sh
function wait_file() {
local src=$1
echo "INFO: $(date): wait for $src"
while [ ! -e $src ] ; do sleep 1; done
echo "INFO: $(date): wait for $src completed"
local hash=$(md5sum $src | awk '{print($1)}')
echo $hash > /tmp/$(basename $src).md5sum
if [[ "$LOG_LEVEL" != "SYS_DEBUG" ]] ; then
echo "INFO: $(date): hash $hash"
else
echo -e "INFO: $(date): hash $hash\n$(cat $src)"
fi
}
function link_file() {
local src=$1
if [[ "${src:0:1}" != "/" ]] ; then
src="{{ .ConfigMapMount }}/$src"
fi
wait_file $src
local dst=$2
if [[ -n "$dst" ]] ; then
if [[ "${dst:0:1}" != "/" ]] ; then
dst={{ .DstConfigPath }}/$dst
fi
echo "INFO: $(date): link $src => $dst"
mkdir -p $(dirname $dst)
ln -sf $src $dst
fi
}
function term_process() {
local pid=$1
local signal=TERM
echo "INFO: $(date): $0: term_command $pid"
if [ -n "$pid" ] ; then
kill -${signal} $pid
echo "INFO: $(date): $0: term_command $pid: wait child job"
for i in {1..20}; do
kill -0 $pid >/dev/null 2>&1 || break
sleep 6
done
if kill -0 $pid >/dev/null 2>&1 ; then
echo "INFO: $(date): $0: term_command $pid: faild to wait child job.. exit to relaunch container"
[ -z "$sig_file" ] || rm -f $sig_file
exit 1
fi
fi
}
function trap_sigterm() {
echo "INFO: $(date): $0: trap_sigterm: start"
local pid=$(cat $pid_file 2>/dev/null)
term_process $pid
echo "INFO: $(date): $0: trap_sigterm: done"
[ -z "$sig_file" ] || rm -f $sig_file
}
function trap_sighup() {
[ -z "$sig_file" ] || touch $sig_file
local pid=$(cat $pid_file 2>/dev/null)
echo "INFO: $(date): $0: trap_sighup: pid=$pid"
kill -HUP $pid
}
function check_hash_impl() {
local src=$1
local new=$(md5sum $src | awk '{print($1)}')
local old=$(cat /tmp/$(basename $src).md5sum)
if [[ "$new" != "$old" ]] ; then
echo "INFO: $(date): File changed $src: old=$old new=$new"
return 1
fi
return 0
}
function check_hash() {
local src=$1
if [[ "${src:0:1}" != "/" ]] ; then
src="{{ .ConfigMapMount }}/$src"
fi
check_hash_impl $src
}
function configs_unchanged() {
local changed=0
{{ range $src, $dst := .Configs }}
check_hash {{ $src }} || changed=1
{{ end }}
check_hash_impl /etc/certificates/server-key-${POD_IP}.pem || changed=1
check_hash_impl /etc/certificates/server-${POD_IP}.crt || changed=1
check_hash_impl /etc/certificates/client-key-${POD_IP}.pem || changed=1
check_hash_impl /etc/certificates/client-${POD_IP}.crt || changed=1
check_hash_impl {{ .CAFilePath }} || changed=1
return $changed
}
{{ if .InitCommand }}
{{ .InitCommand }}
{{ end }}
export -f trap_sighup
export -f trap_sigterm
export -f wait_file
export -f link_file
update_signal={{ .UpdateSignal }}
trap 'trap_sighup' SIGHUP
trap 'trap_sigterm' SIGTERM
touch $sig_file
while [ -e $sig_file ] ; do
wait_file /etc/certificates/server-key-${POD_IP}.pem
wait_file /etc/certificates/server-${POD_IP}.crt
wait_file /etc/certificates/client-key-${POD_IP}.pem
wait_file /etc/certificates/client-${POD_IP}.crt
wait_file {{ .CAFilePath }}
{{ range $src, $dst := .Configs }}
link_file {{ $src }} {{ $dst }}
{{ end }}
while [ -e $sig_file ] ; do
pid=$(cat $pid_file 2>/dev/null)
if [ -z "$pid" ] || ! kill -0 $pid >/dev/null 2>&1 ; then
$cmd_file &
pid=$!
echo $pid > $pid_file
echo "INFO: $(date): command started pid=$pid"
else
if ! configs_unchanged ; then
delay=$(( $RANDOM % 60 ))
echo "INFO: $(date): delay reload for $delay sec"
sleep $delay
if [[ "$update_signal" == 'TERM' ]] ; then
term_process $pid
elif [[ "$update_signal" == 'HUP' ]] ; then
trap_sighup
else
echo "INFO: $(date): unsupported signal $update_signal"
exit 1
fi
break
fi
fi
sleep 10
done
done
`))
CommonRunConfig is the template of the common run service actions
var ConfigAPIConfig = template.Must(template.New("").Parse(`[DEFAULTS]
listen_ip_addr={{ .ListenAddress }}
listen_port={{ .ListenPort }}
http_server_port={{ .ApiIntrospectPort }}
http_server_ip={{ .InstrospectListenAddress }}
log_file=/var/log/contrail/contrail-api-{{ .WorkerId }}.log
log_level={{ .LogLevel }}
log_local=1
list_optimization_enabled=True
auth={{ .AuthMode }}
aaa_mode={{ .AAAMode }}
cloud_admin_role=admin
global_read_only_role=
config_api_ssl_enable=True
config_api_ssl_certfile=/etc/certificates/server-{{ .PodIP }}.crt
config_api_ssl_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
config_api_ssl_ca_cert={{ .CAFilePath }}
cassandra_server_list={{ .CassandraServerList }}
cassandra_use_ssl=true
cassandra_ca_certs={{ .CAFilePath }}
zk_server_ip={{ .ZookeeperServerList }}
admin_port={{ .AdminPort }}
worker_id={{ .WorkerId }}
worker_introspect_ports={{ .IntrospectPortList }}
worker_admin_ports={{ .AdminPortList }}
rabbit_server={{ .RabbitmqServerList }}
rabbit_vhost={{ .RabbitmqVhost }}
rabbit_user={{ .RabbitmqUser }}
rabbit_password={{ .RabbitmqPassword }}
rabbit_use_ssl=True
kombu_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
kombu_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
kombu_ssl_ca_certs={{ .CAFilePath }}
kombu_ssl_version=tlsv1_2
rabbit_health_check_interval=10
collectors={{ .CollectorServerList }}
enable_latency_stats_log=False
enable_api_stats_log=True
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
ConfigAPIConfig is the template of the Config API service configuration.
var ConfigAPIServerConfig = template.Must(template.New("").Parse(`encryption:
ca: {{ .CAFilePath }}
cert: /etc/certificates/server-{{ .PodIP }}.crt
key: /etc/certificates/server-key-{{ .PodIP }}.pem
insecure: false
apiServerList:
{{range .APIServerList}}
- {{ . }}
{{ end }}
apiPort: {{ .ListenPort }}
`))
var ConfigAPIUwsgiIniConfig = template.Must(template.New("").Parse(`[uwsgi]
strict
master
single-interpreter
vacuum
need-app
plugins = python, gevent
workers = {{ .APIWorkerCount }}
gevent = {{ .APIMaxRequests }}
buffer-size = {{ .BufferSize }}
lazy-apps
https-socket = {{ .ListenAddress }}:{{ .ListenPort }},/etc/certificates/server-{{ .PodIP }}.crt,/etc/certificates/server-key-{{ .PodIP }}.pem
module = vnc_cfg_api_server.uwsgi_api_server:get_apiserver()
so-keepalive
reuse-port
`))
ConfigAPIUwsgiIniConfig is uwsgi.conf file, used by api when api worker count is greater than one.
var ConfigAPIVNC = template.Must(template.New("").Funcs(tfFuncs).Parse(`[global]
WEB_SERVER = {{ .APIServerList }}
WEB_PORT = {{ .APIServerPort }} ; connection to api-server directly
BASE_URL = /
use_ssl = True
cafile = {{ .CAFilePath }}
{{ if eq .AuthMode "keystone" }}
[auth]
AUTHN_TYPE = {{ .AuthMode }}
; Authentication settings (optional)
AUTHN_PROTOCOL = {{ .KeystoneAuthParameters.AuthProtocol }}
AUTHN_SERVER = {{ .KeystoneAuthParameters.Address }}
AUTHN_PORT = {{ .KeystoneAuthParameters.AdminPort }}
AUTHN_URL = /v3/auth/tokens
AUTHN_DOMAIN = {{ .KeystoneAuthParameters.ProjectDomainName }}
{{ if eq .KeystoneAuthParameters.AuthProtocol "https" }}
{{ if isEnabled .KeystoneAuthParameters.Insecure }}
insecure = {{ .KeystoneAuthParameters.Insecure }}
{{ else }}
cafile = {{ .CAFilePath }}
keyfile = /etc/certificates/server-key-{{ .PodIP }}.pem
certfile = /etc/certificates/server-{{ .PodIP }}.crt
{{ end }}
{{ end }}
;AUTHN_TOKEN_URL = http://127.0.0.1:35357/v2.0/tokens
{{ else }}
[auth]
AUTHN_TYPE = noauth
{{ end }}
`))
var ConfigDNSMasqBaseConfig = template.Must(template.New("").Parse(`log-facility=/var/log/contrail/dnsmasq.log
bogus-priv
log-dhcp
{{ if not .UseExternalTFTP }}
enable-tftp
tftp-root=/var/lib/tftp
{{ end }}
`))
ConfigDNSMasqBaseConfig is the template of the DNSMasq service configuration.
var ConfigDNSMasqConfig = `conf-dir=/var/lib/dnsmasq/,*.conf
`
ConfigDNSMasqConfig is the template of the main DNSMasq service configuration.
var ConfigDeviceManagerConfig = template.Must(template.New("").Parse(`[DEFAULTS]
host_ip={{ .FabricMgmtIP }}
http_server_ip={{ .InstrospectListenAddress }}
api_server_ip={{ .ApiServerList }}
api_server_port=8082
http_server_port={{ .DeviceManagerIntrospectPort }}
api_server_use_ssl=True
analytics_server_ip={{ .AnalyticsServerList }}
analytics_server_port=8081
push_mode=1
log_file=/var/log/contrail/contrail-device-manager.log
log_level={{ .LogLevel }}
log_local=1
cassandra_server_list={{ .CassandraServerList }}
cassandra_use_ssl=true
cassandra_ca_certs={{ .CAFilePath }}
zk_server_ip={{ .ZookeeperServerList }}
# configure directories for job manager
# the same directories must be mounted to dnsmasq and DM container
dnsmasq_conf_dir=/var/lib/dnsmasq
tftp_dir=/var/lib/tftp
dhcp_leases_file=/var/lib/dnsmasq/dnsmasq.leases
dnsmasq_reload_by_signal=True
rabbit_server={{ .RabbitmqServerList }}
rabbit_vhost={{ .RabbitmqVhost }}
rabbit_user={{ .RabbitmqUser }}
rabbit_password={{ .RabbitmqPassword }}
rabbit_use_ssl=True
kombu_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
kombu_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
kombu_ssl_ca_certs={{ .CAFilePath }}
kombu_ssl_version=tlsv1_2
rabbit_health_check_interval=10
collectors={{ .CollectorServerList }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
ConfigDeviceManagerConfig is the template of the DeviceManager service configuration.
var ConfigKeystoneAuthConf = template.Must(template.New("").Funcs(tfFuncs).Parse(`
{{ if eq .AuthMode "keystone" }}
[KEYSTONE]
admin_password = {{ .KeystoneAuthParameters.AdminPassword }}
admin_tenant_name = {{ .KeystoneAuthParameters.AdminTenant }}
admin_user = {{ .KeystoneAuthParameters.AdminUsername }}
auth_host = {{ .KeystoneAuthParameters.Address }}
auth_port = {{ .KeystoneAuthParameters.AdminPort }}
auth_protocol = {{ .KeystoneAuthParameters.AuthProtocol }}
auth_url = {{ .KeystoneAuthParameters.AuthProtocol }}://{{ .KeystoneAuthParameters.Address }}:{{ .KeystoneAuthParameters.AdminPort }}/v3
auth_type = password
{{ if eq .KeystoneAuthParameters.AuthProtocol "https" }}
{{ if isEnabled .KeystoneAuthParameters.Insecure }}
insecure = {{ .KeystoneAuthParameters.Insecure }}
{{ else }}
cafile = {{ .CAFilePath }}
keyfile = /etc/certificates/server-key-{{ .PodIP }}.pem
certfile = /etc/certificates/server-{{ .PodIP }}.crt
{{ end }}
{{ end }}
user_domain_name = {{ .KeystoneAuthParameters.UserDomainName }}
project_domain_name = {{ .KeystoneAuthParameters.ProjectDomainName }}
region_name = {{ .KeystoneAuthParameters.Region }}
{{ end }}`))
ConfigKeystoneAuthConf is the template of the DeviceManager keystone auth configuration.
var ConfigSchematransformerConfig = template.Must(template.New("").Parse(`[DEFAULTS]
host_ip={{ .ListenAddress }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port={{ .SchemaIntrospectPort}}
api_server_ip={{ .ApiServerList}}
api_server_port=8082
api_server_use_ssl=True
log_file=/var/log/contrail/contrail-schema.log
log_level={{ .LogLevel }}
log_local=1
cassandra_server_list={{ .CassandraServerList }}
cassandra_use_ssl=true
cassandra_ca_certs={{ .CAFilePath }}
zk_server_ip={{ .ZookeeperServerList }}
rabbit_server={{ .RabbitmqServerList }}
rabbit_vhost={{ .RabbitmqVhost }}
rabbit_user={{ .RabbitmqUser }}
rabbit_password={{ .RabbitmqPassword }}
rabbit_use_ssl=True
kombu_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
kombu_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
kombu_ssl_ca_certs={{ .CAFilePath }}
kombu_ssl_version=tlsv1_2
rabbit_health_check_interval=10
collectors={{ .CollectorServerList }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
[SECURITY]
use_certs=True
ca_certs={{ .CAFilePath }}
certfile=/etc/certificates/server-{{ .PodIP }}.crt
keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
`))
ConfigSchematransformerConfig is the template of the SchemaTransformer service configuration.
var ConfigServicemonitorConfig = template.Must(template.New("").Parse(`[DEFAULTS]
host_ip={{ .ListenAddress }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port={{ .SvcMonitorIntrospectPort}}
api_server_ip={{ .ApiServerList }}
api_server_port=8082
api_server_use_ssl=True
log_file=/var/log/contrail/contrail-svc-monitor.log
log_level={{ .LogLevel }}
log_local=1
cassandra_server_list={{ .CassandraServerList }}
cassandra_use_ssl=true
cassandra_ca_certs={{ .CAFilePath }}
zk_server_ip={{ .ZookeeperServerList }}
rabbit_server={{ .RabbitmqServerList }}
rabbit_vhost={{ .RabbitmqVhost }}
rabbit_user={{ .RabbitmqUser }}
rabbit_password={{ .RabbitmqPassword }}
rabbit_use_ssl=True
kombu_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
kombu_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
kombu_ssl_ca_certs={{ .CAFilePath }}
kombu_ssl_version=tlsv1_2
rabbit_health_check_interval=10
collectors={{ .CollectorServerList }}
analytics_api_ssl_enable = True
analytics_api_insecure_enable = False
analytics_api_ssl_certfile = /etc/certificates/server-{{ .PodIP }}.crt
analytics_api_ssl_keyfile = /etc/certificates/server-key-{{ .PodIP }}.pem
analytics_api_ssl_ca_cert = {{ .CAFilePath }}
[SECURITY]
use_certs=True
keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
certfile=/etc/certificates/server-{{ .PodIP }}.crt
ca_certs={{ .CAFilePath }}
[SCHEDULER]
# Analytics server list used to get vrouter status and schedule service instance
analytics_server_list={{ .AnalyticsServerList }}
aaa_mode={{ .AAAMode }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
ConfigServicemonitorConfig is the template of the ServiceMonitor service configuration.
var ContrailCNIConfig = template.Must(template.New("").Parse(`{
"cniVersion": "0.3.1",
"contrail" : {
"cluster-name" : "{{ .KubernetesClusterName }}",
"meta-plugin" : "multus",
"vrouter-ip" : "127.0.0.1",
"vrouter-port" : 9091,
{{ if .MTU }}
"mtu" : {{ .MTU }},
{{ end }}
"config-dir" : "/var/lib/contrail/ports/vm",
"poll-timeout" : 5,
"poll-retries" : 15,
"log-file" : "/var/log/contrail/cni/opencontrail.log",
"log-level" : "4"
},
"name": "contrail-k8s-cni",
"type": "contrail-k8s-cni"
}`))
var ControlControlConfig = template.Must(template.New("").Parse(`[DEFAULT]
# bgp_config_file=bgp_config.xml
bgp_port=179
collectors={{ .CollectorServerList }}
# gr_helper_bgp_disable=0
# gr_helper_xmpp_disable=0
hostname={{ .Hostname }}
hostip={{ .ListenAddress }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port=8083
log_file=/var/log/contrail/contrail-control.log
log_level={{ .LogLevel }}
log_local=1
# log_files_count=10
# log_file_size=10485760 # 10MB
# log_category=
# log_disable=0
xmpp_server_port=5269
xmpp_auth_enable=True
xmpp_server_cert=/etc/certificates/server-{{ .PodIP }}.crt
xmpp_server_key=/etc/certificates/server-key-{{ .PodIP }}.pem
xmpp_ca_cert={{ .CAFilePath }}
# Sandesh send rate limit can be used to throttle system logs transmitted per
# second. System logs are dropped if the sending rate is exceeded
# sandesh_send_rate_limit=
[CONFIGDB]
config_db_server_list={{ .CassandraServerList }}
# config_db_username=
# config_db_password=
config_db_use_ssl=True
config_db_ca_certs={{ .CAFilePath }}
rabbitmq_server_list={{ .RabbitmqServerList }}
rabbitmq_vhost={{ .RabbitmqVhost }}
rabbitmq_user={{ .RabbitmqUser }}
rabbitmq_password={{ .RabbitmqPassword }}
rabbitmq_use_ssl=True
rabbitmq_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
rabbitmq_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
rabbitmq_ssl_ca_certs={{ .CAFilePath }}
rabbitmq_ssl_version=tlsv1_2
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
ControlControlConfig is the template of the Control service configuration.
var ControlDNSConfig = template.Must(template.New("").Parse(`[DEFAULT]
collectors={{ .CollectorServerList }}
named_config_file = contrail-named.conf
named_config_directory = /etc/contrail/dns
named_log_file = /var/log/contrail/contrail-named.log
rndc_config_file = contrail-rndc.conf
named_max_cache_size=32M # max-cache-size (bytes) per view, can be in K or M
named_max_retransmissions=12
named_retransmission_interval=1000 # msec
hostname={{ .Hostname }}
hostip={{ .ListenAddress }}
http_server_port=8092
http_server_ip={{ .InstrospectListenAddress }}
dns_server_port=53
log_file=/var/log/contrail/contrail-dns.log
log_level={{ .LogLevel }}
log_local=1
# log_files_count=10
# log_file_size=10485760 # 10MB
# log_category=
# log_disable=0
xmpp_dns_auth_enable=True
xmpp_server_cert=/etc/certificates/server-{{ .PodIP }}.crt
xmpp_server_key=/etc/certificates/server-key-{{ .PodIP }}.pem
xmpp_ca_cert={{ .CAFilePath }}
# Sandesh send rate limit can be used to throttle system logs transmitted per
# second. System logs are dropped if the sending rate is exceeded
# sandesh_send_rate_limit=
[CONFIGDB]
config_db_server_list={{ .CassandraServerList }}
# config_db_username=
# config_db_password=
config_db_use_ssl=True
config_db_ca_certs={{ .CAFilePath }}
rabbitmq_server_list={{ .RabbitmqServerList }}
rabbitmq_vhost={{ .RabbitmqVhost }}
rabbitmq_user={{ .RabbitmqUser }}
rabbitmq_password={{ .RabbitmqPassword }}
rabbitmq_use_ssl=True
rabbitmq_ssl_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
rabbitmq_ssl_certfile=/etc/certificates/client-{{ .PodIP }}.crt
rabbitmq_ssl_ca_certs={{ .CAFilePath }}
rabbitmq_ssl_version=tlsv1_2
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
ControlDNSConfig is the template of the Dns service configuration.
var ControlDeProvisionConfig = template.Must(template.New("").Parse(`#!/usr/bin/python
from vnc_api import vnc_api
import socket
vncServerList = {{ .APIServerList }}
vnc_client = vnc_api.VncApi(
api_server_use_ssl=True,
apiinsecure=True,
username='{{ .AdminUsername }}',
password='{{ .AdminPassword }}',
tenant_name='{{ .AdminTenant }}',
api_server_host=vncServerList.split(','),
api_server_port={{ .APIServerPort }})
vnc_client.bgp_router_delete(fq_name=['default-domain','default-project','ip-fabric','__default__', '{{ .Hostname }}' ])
`))
ControlDeProvisionConfig is the template of the Control de-provision script. TODO:
- support keystone
- certs to disable insecure
var ControlNamedConfig = template.Must(template.New("").Parse(`options {
directory "/etc/contrail/dns";
managed-keys-directory "/etc/contrail/dns";
empty-zones-enable no;
pid-file "/etc/contrail/dns/contrail-named.pid";
session-keyfile "/etc/contrail/dns/session.key";
listen-on port 53 { any; };
allow-query { any; };
allow-recursion { any; };
allow-query-cache { any; };
max-cache-size 32M;
};
key "rndc-key" {
algorithm hmac-md5;
secret "{{ .RndcKey }}";
};
controls {
inet 127.0.0.1 port 8094
allow { 127.0.0.1; } keys { "rndc-key"; };
};
logging {
channel debug_log {
file "/var/log/contrail/contrail-named.log" versions 3 size 5m;
severity debug;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
debug_log;
};
category queries {
debug_log;
};
};`))
ControlNamedConfig is the template of the Named service configuration.
var ControlRNDCConfig = template.Must(template.New("").Parse(`
key "rndc-key" {
algorithm hmac-md5;
secret "{{ .RndcKey }}";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 8094;
};
`))
var FabricAnsibleConf = template.Must(template.New("").Parse(`[DEFAULTS]
log_file = /var/log/contrail/contrail-fabric-ansible.log
log_level={{ .LogLevel }}
log_local=1
collectors={{ .CollectorServerList }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
FabricAnsibleConf is the template of the DeviceManager configuration for fabric management.
var KafkaConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Parse(`
broker.id={{ default "1" .BrokerId }}
port={{ .KafkaPort }}
listeners=SSL://{{ .PodIP }}:{{ .KafkaPort }}
advertised.listeners=SSL://{{ .PodIP }}:{{ .KafkaPort }}
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
ssl.keystore.location=/etc/keystore/server-keystore.jks
ssl.truststore.location=/etc/keystore/server-truststore.jks
ssl.keystore.password={{ .KeystorePassword }}
ssl.key.password={{ .KeystorePassword }}
ssl.truststore.password={{ .TruststorePassword }}
security.inter.broker.protocol=SSL
ssl.endpoint.identification.algorithm=
zookeeper.connect={{ .ZookeeperServers }}
zookeeper.connection.timeout.ms=6000
advertised.host.name={{ .Hostname }}
log.retention.bytes=268435456
log.retention.hours=24
log.segment.bytes=268435456
log.dirs=/tmp/kafka-logs
num.recovery.threads.per.data.dir=1
num.partitions=30
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
default.replication.factor={{ default "1" .ReplicationFactor }}
min.insync.replicas={{ default "1" .MinInsyncReplicas }}
group.initial.rebalance.delay.ms=0
log.cleanup.policy=delete
log.cleaner.threads=2
log.cleaner.dedupe.buffer.size=250000000
offsets.topic.replication.factor=1
reserved.broker.max.id=100001`))
KafkaConfig is the template of a Kafka configuration.
var KubemanagerConfig = template.Must(template.New("").Parse(`[DEFAULTS]
host_ip={{ .ListenAddress }}
orchestrator={{ .CloudOrchestrator }}
token={{ .Token }}
log_file=/var/log/contrail/contrail-kube-manager.log
log_level={{ .LogLevel }}
log_local=1
nested_mode=0
http_server_ip={{ .InstrospectListenAddress }}
[KUBERNETES]
kubernetes_api_server={{ .KubernetesAPIServer }}
kubernetes_api_port={{ .KubernetesAPIPort }}
kubernetes_api_secure_port={{ .KubernetesAPISSLPort }}
cluster_name={{ .KubernetesClusterName }}
cluster_project={}
cluster_network={}
pod_subnets={{ .PodSubnet }}
ip_fabric_subnets={{ .IPFabricSubnet }}
service_subnets={{ .ServiceSubnet }}
ip_fabric_forwarding={{ .IPFabricForwarding }}
ip_fabric_snat={{ .IPFabricSnat }}
host_network_service={{ .HostNetworkService }}
[VNC]
public_fip_pool={{ .PublicFIPPool }}
vnc_endpoint_ip={{ .APIServerList }}
vnc_endpoint_port={{ .APIServerPort }}
rabbit_server={{ .RabbitmqServerList }}
rabbit_port={{ .RabbitmqServerPort }}
rabbit_vhost={{ .RabbitmqVhost }}
rabbit_user={{ .RabbitmqUser }}
rabbit_password={{ .RabbitmqPassword }}
rabbit_use_ssl=True
kombu_ssl_keyfile=/etc/certificates/client-key-{{ .ListenAddress }}.pem
kombu_ssl_certfile=/etc/certificates/client-{{ .ListenAddress }}.crt
kombu_ssl_ca_certs={{ .CAFilePath }}
kombu_ssl_version=tlsv1_2
rabbit_health_check_interval=10
cassandra_server_list={{ .CassandraServerList }}
cassandra_use_ssl=True
cassandra_ca_certs={{ .CAFilePath }}
collectors={{ .CollectorServerList }}
zk_server_ip={{ .ZookeeperServerList }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .ListenAddress }}.pem
sandesh_certfile=/etc/certificates/client-{{ .ListenAddress }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .ListenAddress }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .ListenAddress }}.crt
sandesh_ca_cert={{ .CAFilePath }}
{{ if eq .AuthMode "keystone" }}
[AUTH]
auth_user={{ .KeystoneAuthParameters.AdminUsername }}
auth_password={{ .KeystoneAuthParameters.AdminPassword }}
auth_tenant={{ .KeystoneAuthParameters.AdminTenant }}
auth_token_url={{ .KeystoneAuthParameters.AuthProtocol }}://{{ .KeystoneAuthParameters.Address }}:{{ .KeystoneAuthParameters.AdminPort }}/v3/auth/tokens
{{ end }}
`))
KubemanagerConfig is the template of the Kubemanager service configuration.
var NodemanagerConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Parse(`[DEFAULTS]
http_server_ip={{ .InstrospectListenAddress }}
log_file={{ default "/var/log/contrail/nodemgr.log" .LogFile }}
log_level={{ default "SYS_INFO" .LogLevel }}
log_local={{ default "1" .LogLocal }}
hostname={{ .Hostname }}
hostip={{ .ListenAddress }}
db_port={{ .CassandraPort }}
db_jmx_port={{ .CassandraJmxPort }}
db_use_ssl=True
{{ if .MinimumDiskGB -}}
minimum_diskGB={{ .MinimumDiskGB }}
{{- end }}
[COLLECTOR]
server_list={{ .CollectorServerList }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
NodemanagerConfig is a template of nodemanager configuration
var NodemanagerEnv = template.Must(template.New("").Parse(`
export ANALYTICSDB_NODES={{ .AnalyticsDBNodes }}
export CONFIGDB_NODES={{ .ConfigDBNodes }}
`))
NodemanagerEnv env for nodemgr
var ProvisionerConfig = template.Must(template.New("").Funcs(tfFuncs).Parse(`export SSL_ENABLE=true
export SERVER_CA_CERTFILE={{ .SignerCAFilepath }}
export SERVER_CERTFILE="/etc/certificates/server-${POD_IP}.crt"
export SERVER_KEYFILE="/etc/certificates/server-key-${POD_IP}.pem"
{{ if .ClusterNodes.ConfigNodes }}
export CONFIG_NODES={{ .ClusterNodes.ConfigNodes }}
{{ end }}
{{ if .ClusterNodes.ControlNodes }}
export CONTROL_NODES={{ .ClusterNodes.ControlNodes }}
{{ end }}
{{ if .ClusterNodes.AnalyticsNodes }}
export ANALYTICS_NODES={{ .ClusterNodes.AnalyticsNodes }}
{{ end }}
{{ if .ClusterNodes.AnalyticsDBNodes }}
export ANALYTICSDB_NODES={{ .ClusterNodes.AnalyticsDBNodes }}
{{ end }}
{{ if .ClusterNodes.AnalyticsSnmpNodes }}
export ANALYTICS_SNMP_NODES={{ .ClusterNodes.AnalyticsSnmpNodes }}
{{ end }}
{{ if .ClusterNodes.AnalyticsAlarmNodes }}
export ANALYTICS_ALARM_NODES={{ .ClusterNodes.AnalyticsAlarmNodes }}
{{ end }}
{{ if .Hostname }}
export VROUTER_HOSTNAME={{ .Hostname }}
export CONTROL_HOSTNAME={{ .Hostname }}
{{ end }}
{{ if .L3MHCidr }}
export L3MH_CIDR={{ .L3MHCidr }}
{{ end }}
{{ if .PhysicalInterface }}
export PHYSICAL_INTERFACE={{ .PhysicalInterface }}
{{ end }}
{{ if .VrouterGateway }}
export VROUTER_GATEWAY={{ .VrouterGateway }}
{{ end }}
{{ if .Retries }}
export PROVISION_RETRIES={{ .Retries }}
{{ end }}
{{ if .Delay }}
export PROVISION_DELAY={{ .Delay }}
{{ end }}
export AUTH_MODE={{ .AuthMode }}
{{ if eq .AuthMode "keystone" }}
export KEYSTONE_AUTH_PROTO="{{ .KeystoneAuthParameters.AuthProtocol }}"
export KEYSTONE_AUTH_HOST="{{ .KeystoneAuthParameters.Address }}"
export KEYSTONE_AUTH_ADMIN_PORT="{{ .KeystoneAuthParameters.AdminPort }}"
export KEYSTONE_AUTH_PROJECT_DOMAIN_NAME="{{ .KeystoneAuthParameters.ProjectDomainName }}"
export KEYSTONE_AUTH_INSECURE="{{ .KeystoneAuthParameters.Insecure }}"
{{ if eq .KeystoneAuthParameters.AuthProtocol "https" }}
{{ if not (isEnabled .KeystoneAuthParameters.Insecure) }}
export KEYSTONE_AUTH_CA_CERTFILE="{{ .SignerCAFilepath }}"
{{ end }}
{{ end }}
export KEYSTONE_AUTH_ADMIN_PASSWORD="{{ .KeystoneAuthParameters.AdminPassword }}"
export KEYSTONE_AUTH_ADMIN_TENANT="{{ .KeystoneAuthParameters.AdminTenant }}"
export KEYSTONE_AUTH_ADMIN_USER="{{ .KeystoneAuthParameters.AdminUsername }}"
{{ end }}
`))
ProvisionerConfig is the template of the Provisioner env configuration
var ProvisionerRunner = template.Must(template.New("").Parse(`#!/bin/bash
[[ "$LOG_LEVEL" != "SYS_DEBUG" ]] || set -x
cfg="/etc/contrailconfigmaps/{{ .ConfigName }}"
cfg_="/etc/contrailconfigmaps/{{ .ConfigName }}.$POD_IP"
echo "INFO: $(date): wait for config $cfg"
config=""
while true ; do
sleep 5
[ -e $cfg ] && config=$cfg
[ -e $cfg_ ] && config=$cfg_
if [ -n "$config" ]; then
source $config
echo -e "INFO: $(date): config\n$(cat $config)"
[ -z "$CONFIG_NODES" ] || break
[ -z "$CONTROL_NODES" ] || break
fi
done
export PROVISION_RETRIES=1000
export PROVISION_DELAY=5
exec /entrypoint.sh /usr/bin/tail -f /dev/null
`))
ProvisionerRunner is the template of the Provisioner runner
var QueryEngineConfig = template.Must(template.New("").Parse(`[DEFAULT]
analytics_data_ttl={{ .AnalyticsDataTTL }}
hostname={{ .Hostname }}
hostip={{ .ListenAddress }}
http_server_ip={{ .InstrospectListenAddress }}
http_server_port=8091
log_file=/var/log/contrail/contrail-query-engine.log
log_level={{ .LogLevel }}
log_local=1
max_slice=100
max_tasks=16
start_time=0
# Sandesh send rate limit can be used to throttle system logs transmitted per
# second. System logs are dropped if the sending rate is exceeded
# sandesh_send_rate_limit=
cassandra_server_list={{ .CassandraServerList }}
collectors={{ .CollectorServerList }}
[CASSANDRA]
cassandra_use_ssl=true
cassandra_ca_certs={{ .CAFilePath }}
[REDIS]
server_list={{ .RedisServerList }}
password=
redis_ssl_enable=True
redis_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
redis_certfile=/etc/certificates/server-{{ .PodIP }}.crt
redis_ca_cert={{ .CAFilePath }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile=/etc/certificates/client-key-{{ .PodIP }}.pem
sandesh_certfile=/etc/certificates/client-{{ .PodIP }}.crt
sandesh_server_keyfile=/etc/certificates/server-key-{{ .PodIP }}.pem
sandesh_server_certfile=/etc/certificates/server-{{ .PodIP }}.crt
sandesh_ca_cert={{ .CAFilePath }}
`))
QueryEngineConfig is the template of the AnalyticsDB Query-Engine service configuration.
var RabbitmqConfig = template.Must(template.New("").Parse(`
function test_in_cluster() {
if local status=$(rabbitmqctl cluster_status --node $1 --formatter json) ; then
echo "$status" | python -c "$(cat <<SCRIPT
import sys, json
x=json.load(sys.stdin)
for i in filter(lambda j: j == "$2", x.get("nodes", {}).get("disc", [])):
print(i)
SCRIPT
)"
return
fi
return 1
}
source /etc/rabbitmq/rabbitmq-common.env
source /etc/rabbitmq/rabbitmq-env.conf
mkdir -p /var/lib/rabbitmq /var/log/rabbitmq
echo $RABBITMQ_ERLANG_COOKIE > /var/lib/rabbitmq/.erlang.cookie
set -x
set -m
chmod 0600 /var/lib/rabbitmq/.erlang.cookie
touch /var/run/rabbitmq.pid
chown -R rabbitmq:rabbitmq /var/lib/rabbitmq /var/log/rabbitmq /var/run/rabbitmq.pid /etc/rabbitmq
bootstrap_node="rabbit@$(cat /etc/rabbitmq/0)"
rpid=""
function stop_rabbitmq() {
echo "INFO: $(date): stop_rabbitmq"
rabbitmqctl --node $RABBITMQ_NODENAME shutdown
local p=$(cat /var/run/rabbitmq.pid)
if [ -n "$p" ] && kill -0 $p 2>/dev/null ; then
echo "INFO: $(date): stop_rabbitmq: kill $p"
kill $p
wait $p
fi
if [ -n "$rpid" ] && kill -0 $rpid 2>/dev/null ; then
echo "INFO: $(date): stop_rabbitmq: kill $rpid"
kill $rpid
wait $rpid
fi
echo "INFO: $(date): stop_rabbitmq: done"
}
trap 'stop_rabbitmq' SIGTERM
if [[ "$RABBITMQ_NODENAME" == "$bootstrap_node" ]] ; then
rabbitmq-server &
rpid=$!
else
while true ; do
stop_rabbitmq
rabbitmq-server &
rpid=$!
kill -0 $rpid || continue
# NB. working ping doesn't mean the process is able to report status
while ! rabbitmqctl --node $RABBITMQ_NODENAME ping ; do
sleep $(( 5 + $RANDOM % 5 ))
date
done
sleep $(( 5 + $RANDOM % 5 ))
in_cluster=""
for i in {1..5} ; do
if in_cluster=$(test_in_cluster $RABBITMQ_NODENAME $bootstrap_node) ; then
break
fi
sleep $(( 5 + $RANDOM % 5 ))
date
done
if [ -n "$in_cluster" ] ; then
# alrady in cluster
break
fi
# need to re-join
# stop app
rabbitmqctl --node $RABBITMQ_NODENAME stop_app
# wait main bootstrap node
while ! rabbitmqctl --node $bootstrap_node ping ; do
sleep $(( 5 + $RANDOM % 5 ))
date
done
sleep $(( 5 + $RANDOM % 5 ))
rabbitmqctl --node $bootstrap_node forget_cluster_node $RABBITMQ_NODENAME
rabbitmqctl --node $RABBITMQ_NODENAME force_reset
rabbitmqctl --node $RABBITMQ_NODENAME join_cluster $bootstrap_node || continue
rabbitmqctl --node $RABBITMQ_NODENAME start_app || continue
break
done
fi
ps -eF
wait $rpid
`))
RabbitmqConfig is the template of the Rabbitmq service configuration.
var RabbitmqDefinition = template.Must(template.New("").Funcs(tfFuncs).Parse(`{
"users": [
{
"name": "{{ .RabbitmqUser }}",
"password_hash": "{{ .RabbitmqPassword }}",
"tags": "administrator"
}
],
"vhosts": [
{
"name": "{{ .RabbitmqVhost }}"
}
],
"permissions": [
{
"user": "{{ .RabbitmqUser }}",
"vhost": "{{ .RabbitmqVhost }}",
"configure": ".*",
"write": ".*",
"read": ".*"
}
],
"policies": [
{
"vhost": "{{ .RabbitmqVhost }}",
"name": "ha",
"pattern": "^(?!amq\.).*",
"definition": {
"ha-mode": "{{ .MirroredQueueMode }}",
"ha-sync-mode": "automatic",
"ha-sync-batch-size": 5
}
}
]
}
`))
RabbitmqDefinition is the template for Rabbitmq user/vhost configuration
var RabbitmqPodConfig = template.Must(template.New("").Funcs(tfFuncs).Parse(`listeners.tcp = none
listeners.ssl.default = {{ .RabbitmqPort }}
loopback_users = none
management.tcp.port = {{ add .RabbitmqPort 10000}}
management.load_definitions = /etc/rabbitmq/definitions.json
ssl_options.cacertfile = {{ .SignerCAFilepath }}
ssl_options.keyfile = /etc/certificates/server-key-{{ .PodIP }}.pem
ssl_options.certfile = /etc/certificates/server-{{ .PodIP }}.crt
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
ssl_options.versions.1 = tlsv1.2
ssl_options.honor_cipher_order = true
ssl_options.honor_ecc_order = true
cluster_partition_handling = {{ .ClusterPartitionHandling }}
log.file.level = {{ lowerOrDefault .LogLevel "info" }}
{{ if .TCPListenOptions }}
{{ if .TCPListenOptions.Backlog }}tcp_listen_options.backlog = {{ .TCPListenOptions.Backlog }}{{ end }}
{{ if .TCPListenOptions.Nodelay }}tcp_listen_options.nodelay = {{ .TCPListenOptions.Nodelay }}{{ end }}
{{ if .TCPListenOptions.LingerOn }}tcp_listen_options.linger.on = {{ .TCPListenOptions.LingerOn }}{{ end }}
{{ if .TCPListenOptions.LingerTimeout }}tcp_listen_options.linger.timeout = {{ .TCPListenOptions.LingerTimeout }}{{ end }}
{{ if .TCPListenOptions.ExitOnClose }}tcp_listen_options.exit_on_close = {{ .TCPListenOptions.ExitOnClose }}{{ end }}
{{ end }}
{{ $podsCount := len .PodsList }}{{ if gt $podsCount 1 }}cluster_formation.peer_discovery_backend = classic_config
{{ range $idx, $pod := .PodsList }}cluster_formation.classic_config.nodes.{{ add $idx 1 }} = rabbit@{{ $pod }}
{{ end }}
{{ end }}
`))
RabbitmqPodConfig is the template for Rabbitmq pod configuration
var ReaperEnvTemplate = template.Must(template.New("").Parse(`
CASSANDRA_SEEDS={{ .CassandraServerList }}
export CASSANDRA_COUNT=$(echo $CASSANDRA_SEEDS | tr ',' ' ' | wc -w)
export CASSANDRA_CONNECT_POINTS=$(echo $CASSANDRA_SEEDS | sed 's/,/", "/g')
export CASSANDRA_REAPER_APP_PORT={{ .ReaperAppPort }}
export CASSANDRA_REAPER_ADM_PORT={{ .ReaperAdmPort }}
export CASSANDRA_REAPER_JMX_AUTH_USERNAME=reaperUser
export CASSANDRA_REAPER_JMX_AUTH_PASSWORD=reaperPass
export CASSANDRA_CLUSTER_NAME=ContrailConfigDB
export CASSANDRA_CQL_PORT={{ .CqlPort }}
export CASSANDRA_SSL_ENABLE=True
export CASSANDRA_SSL_KEYSTORE_PASSWORD={{ .KeystorePassword }}
export CASSANDRA_SSL_TRUSTSTORE_PASSWORD={{ .TruststorePassword }}
export CASSANDRA_LISTEN_ADDRESS=${POD_IP}
export CASSANDRA_JMX_LOCAL_PORT={{ .JmxLocalPort }}
export JKS_DIR="/etc/keystore"
`))
ReaperEnvTemplate start script
var StunnelConfig = template.Must(template.New("").Parse(`
cert=/etc/stunnel/private.pem
pid=/var/run/stunnel/stunnel.pid
sslVersion=TLSv1.2
foreground=yes
[redis]
accept={{ .ListenAddress }}:{{ .RedisPort }}
connect=127.0.0.1:{{ .RedisPort }}
`))
StunnelConfig is the template for the Stunnel container
var VRouterAgentConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Funcs(vrouterTemplateFuncs).Parse(`[CONTROL-NODE]
servers={{ .XMPP_SERVERS_LIST }}
{{ if .SUBCLUSTER }}subcluster_name={{ .SUBCLUSTER }}{{ end }}
[DEFAULT]
http_server_ip={{ .INTROSPECT_IP }}
{{ if .VROUTER_AGENT_INTROSPECT_PORT }}http_server_port={{ .VROUTER_AGENT_INTROSPECT_PORT }}{{ end }}
collectors={{ .COLLECTOR_SERVERS }}
log_file={{ .CONTAINER_LOG_DIR }}/contrail-vrouter-agent.log
log_level={{ .LOG_LEVEL }}
log_local={{ .LOG_LOCAL }}
hostname={{ .Hostname }}
agent_name={{ .Hostname }}
xmpp_dns_auth_enable={{ .XMPP_SSL_ENABLE }}
xmpp_auth_enable={{ .XMPP_SSL_ENABLE }}
xmpp_server_cert={{ .XMPP_SERVER_CERTFILE }}
xmpp_server_key={{ .XMPP_SERVER_KEYFILE }}
xmpp_ca_cert={{ .XMPP_SERVER_CA_CERTFILE }}
{{ if eq (or .AGENT_MODE "kernel") "dpdk" }}
platform={{ .AGENT_MODE }}
physical_interface_mac={{ .PHYS_INT_MAC }}
physical_interface_address={{ .PCI_ADDRESS }}
physical_uio_driver={{ .DPDK_UIO_DRIVER }}
{{ else }}
physical_interface_mac={{ .PHYS_INT_MAC }}
{{ end }}
{{ if .TSN_AGENT_MODE }}agent_mode={{ .TSN_AGENT_MODE }}{{ end }}
tsn_servers={{ .TSN_NODES | replace "," " " }}
[SANDESH]
introspect_ssl_enable={{ .INTROSPECT_SSL_ENABLE }}
introspect_ssl_insecure=True
sandesh_ssl_enable={{ .SANDESH_SSL_ENABLE }}
sandesh_keyfile={{ .SANDESH_KEYFILE }}
sandesh_certfile={{ .SANDESH_CERTFILE }}
sandesh_server_keyfile={{ .SANDESH_SERVER_KEYFILE }}
sandesh_server_certfile={{ .SANDESH_SERVER_CERTFILE }}
sandesh_ca_cert={{ .SANDESH_CA_CERTFILE }}
[NETWORKS]
control_network_ip={{ .CONTROL_NETWORK_IP }}
[DNS]
servers={{ .DNS_SERVERS_LIST }}
[METADATA]
metadata_proxy_secret={{ .METADATA_PROXY_SECRET }}
{{ if .METADATA_SSL_ENABLE }}
metadata_use_ssl={{ .METADATA_SSL_ENABLE }}
metadata_client_cert={{ .METADATA_SSL_CERTFILE }}
metadata_client_key={{ .METADATA_SSL_KEYFILE }}
metadata_ca_cert={{ .METADATA_SSL_CA_CERTFILE }}
{{ if .METADATA_SSL_CERT_TYPE }}
metadata_ssl_conf+={{ .METADATA_SSL_CERT_TYPE }}
{{ end }}
{{ end }}
[VIRTUAL-HOST-INTERFACE]
name=vhost0
ip={{ .VROUTER_CIDR }}
compute_node_address={{ .COMPUTE_NODE_ADDRESS }}
physical_interface={{ .PHYS_INT }}
{{ if .VROUTER_GATEWAY }}
gateway={{ .VROUTER_GATEWAY }}
{{ end }}
{{ if .L3MH_CIDR }}
physical_interface_addr={{ .PHYS_INT_IPS }}
loopback_ip={{ .COMPUTE_NODE_ADDRESS }}
{{ end }}
[SERVICE-INSTANCE]
netns_command=/usr/bin/opencontrail-vrouter-netns
docker_command=/usr/bin/opencontrail-vrouter-docker
[HYPERVISOR]
type={{ .HYPERVISOR_TYPE }}
{{ if and (eq .CLOUD_ORCHESTRATOR "vcenter") (not .TSN_AGENT_MODE ) }}
vmware_physical_interface={{ .VMWARE_PHYS_INT }}
vmware_mode=vcenter
{{ end }}
[FLOWS]
fabric_snat_hash_table_size={{ .FABRIC_SNAT_HASH_TABLE_SIZE }}
{{ if and (and .PRIORITY_ID (ne .AGENT_MODE "dpdk" )) (ne .IS_VLAN_ENABLED "true") }}
{{ $priority_id_list := .PRIORITY_ID | splitList "," }}
{{ $priority_bandwidth_list := .PRIORITY_BANDWIDTH | splitList "," }}
{{ $priority_scheduling_list := .PRIORITY_SCHEDULING | splitList "," }}
[QOS-NIANTIC]
{{ range $idx, $prioroty_id := $priority_id_list }}
[PG-{{ $prioroty_id }}]
scheduling={{ index $priority_scheduling_list $idx }}
bandwidth={{ index $priority_bandwidth_list $idx }}
{{ end }}
{{ end }}
{{ if and .QOS_QUEUE_ID (ne .AGENT_MODE "dpdk") }}
{{ $qos_logical_queue := .QOS_LOGICAL_QUEUES | splitList ";" }}
[QOS]
priority_tagging={{ .PRIORITY_TAGGING }}
{{ $qos_queue_id := .QOS_QUEUE_ID | splitList "," }}
{{ range $idx, $queue_id := $qos_queue_id }}
{{ if lt $idx (sub (len $qos_queue_id) 1)}}
[QUEUE-{{ $queue_id }}]
logical_queue={{ if lt $idx (len $qos_logical_queue) }}{{ index $qos_logical_queue $idx }}{{ end }}
{{ end }}
{{ end }}
{{ if ne (len $qos_logical_queue) (len $qos_queue_id) }}
[QUEUE-{{ index $qos_queue_id (sub (len $qos_queue_id) 1)}}]
logical_queue=[]{{ else }}
[QUEUE-{{ index $qos_queue_id (sub (len $qos_queue_id) 1) }}]
logical_queue={{ index $qos_logical_queue (sub (len $qos_logical_queue) 1) }}{{ end }}
{{ if isEnabled .QOS_DEF_HW_QUEUE }}default_hw_queue=true{{ end }}
{{ end }}
{{ if eq (or .IS_ENCRYPTION_SUPPORTED_FLAG "false") "true" }}
[CRYPT]
crypt_interface={{ .VROUTER_CRYPT_INTERFACE }}
{{ end }}
[SESSION]
slo_destination={{ .SLO_DESTINATION }}
sample_destination={{ .SAMPLE_DESTINATION }}
{{ if .STATS_COLLECTOR_DESTINATION_PATH }}
[STATS]
stats_collector={{ .STATS_COLLECTOR_DESTINATION_PATH }}{{ end }}
{{ if and .HUGE_PAGES_1GB (lt 0 (atoi .HUGE_PAGES_1GB)) }}
[RESTART]
huge_page_1G={{ .HUGEPAGES_DIR }}/bridge {{ .HUGEPAGES_DIR }}/flow
{{ else if and .HUGE_PAGES_2MB (lt 0 (atoi .HUGE_PAGES_2MB)) }}
[RESTART]
huge_page_2M={{ .HUGEPAGES_DIR }}/bridge {{ .HUGEPAGES_DIR }}/flow
{{ end }}`))
var VRouterAgentParams = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Funcs(vrouterTemplateFuncs).Parse(`#!/bin/bash
set -o allexport
# log dir be mount onto host /var/log/contrail/vrouter-agent
CONTAINER_LOG_DIR=/var/log/contrail
# TODO: not clear if it is needed in operator
VROUTER_ENCRYPTION=false
#TODO uncomment parameters to export after debug
CONTROL_NODES="{{ .ClusterNodes.ControlNodes }}"
DNS_NODES="{{ .ClusterNodes.ControlNodes }}"
CONFIG_NODES="{{ .ClusterNodes.ConfigNodes }}"
ANALYTICS_NODES="{{ .ClusterNodes.AnalyticsNodes }}"
# Cloud Orchestration
CLOUD_ORCHESTRATOR="{{ .ServiceConfig.CloudOrchestrator }}"
HYPERVISOR_TYPE="{{ .ServiceConfig.HypervisorType }}"
# Collector
#STATS_COLLECTOR_DESTINATION_PATH="{{ .ServiceConfig.StatsCollectorDestinationPath }}"
#COLLECTOR_PORT="{{ .ServiceConfig.CollectorPort }}"
# Config
#CONFIG_API_PORT="{{ .ServiceConfig.ConfigApiPort }}"
CONFIG_API_SERVER_CA_CERTFILE="{{ .ServiceConfig.ConfigApiServerCaCertfile }}"
CONFIG_API_SSL_ENABLE="{{ .ServiceConfig.ConfigApiSslEnable }}"
# DNS
#DNS_SERVER_PORT="{{ .ServiceConfig.DnsServerPort }}"
# Host
DPDK_UIO_DRIVER="{{ .ServiceConfig.DpdkUioDriver }}"
PHYSICAL_INTERFACE="{{ .ServiceConfig.PhysicalInterface }}"
SRIOV_PHYSICAL_INTERFACE="{{ .ServiceConfig.SriovPhysicalInterface }}"
SRIOV_PHYSICAL_NETWORK="{{ .ServiceConfig.SriovPhysicalNetwork }}"
#SRIOV_VF="{{ .ServiceConfig.SriovVf }}"
# Introspect
INTROSPECT_SSL_ENABLE="{{ .ServiceConfig.IntrospectSslEnable }}"
# Keystone authentication
#KEYSTONE_AUTH_ADMIN_PORT="{{ .ServiceConfig.KeystoneAuthAdminPort }}"
#KEYSTONE_AUTH_CA_CERTFILE="{{ .ServiceConfig.KeystoneAuthCaCertfile }}"
#KEYSTONE_AUTH_CERTFILE="{{ .ServiceConfig.KeystoneAuthCertfile }}"
#KEYSTONE_AUTH_HOST="{{ .ServiceConfig.KeystoneAuthHost }}"
#KEYSTONE_AUTH_INSECURE="{{ .ServiceConfig.KeystoneAuthInsecure }}"
#KEYSTONE_AUTH_KEYFILE="{{ .ServiceConfig.KeystoneAuthKeyfile }}"
#KEYSTONE_AUTH_PROJECT_DOMAIN_NAME="{{ .ServiceConfig.KeystoneAuthProjectDomainName }}"
#KEYSTONE_AUTH_PROTO="{{ .ServiceConfig.KeystoneAuthProto }}"
#KEYSTONE_AUTH_REGION_NAME="{{ .ServiceConfig.KeystoneAuthRegionName }}"
#KEYSTONE_AUTH_URL_TOKENS="{{ .ServiceConfig.KeystoneAuthUrlTokens }}"
#KEYSTONE_AUTH_URL_VERSION="{{ .ServiceConfig.KeystoneAuthUrlVersion }}"
#KEYSTONE_AUTH_USER_DOMAIN_NAME="{{ .ServiceConfig.KeystoneAuthUserDomainName }}"
#KEYSTONE_AUTH_ADMIN_PASSWORD="{{ .ServiceConfig.KeystoneAuthAdminPassword }}"
# Kubernetes
#K8S_TOKEN="{{ .ServiceConfig.K8sToken }}"
#K8S_TOKEN_FILE="{{ .ServiceConfig.K8sTokenFile }}"
#KUBERNETES_API_PORT="{{ .ServiceConfig.KubernetesApiPort }}"
#KUBERNETES_API_SECURE_PORT="{{ .ServiceConfig.KubernetesApiSecurePort }}"
KUBERNETES_POD_SUBNETS="{{ .ServiceConfig.KubernetesPodSubnet }}"
# Logging
#LOG_DIR="{{ .ServiceConfig.LogDir }}"
LOG_LEVEL="{{ .LogLevel }}"
LOG_LOCAL="{{ .ServiceConfig.LogLocal }}"
# Metadata
METADATA_PROXY_SECRET="{{ .ServiceConfig.MetadataProxySecret }}"
METADATA_SSL_CA_CERTFILE="{{ .ServiceConfig.MetadataSslCaCertfile }}"
METADATA_SSL_CERTFILE="{{ .ServiceConfig.MetadataSslCertfile }}"
METADATA_SSL_CERT_TYPE="{{ .ServiceConfig.MetadataSslCertType }}"
METADATA_SSL_ENABLE="{{ .ServiceConfig.MetadataSslEnable }}"
METADATA_SSL_KEYFILE="{{ .ServiceConfig.MetadataSslKeyfile }}"
# OpenStack
#BARBICAN_TENANT_NAME="{{ .ServiceConfig.BarbicanTenantName }}"
#BARBICAN_PASSWORD="{{ .ServiceConfig.BarbicanPassword }}"
#BARBICAN_USER="{{ .ServiceConfig.BarbicanUser }}"
# Sandesh
SANDESH_CA_CERTFILE="{{ .ServiceConfig.SandeshCaCertfile }}"
SANDESH_KEYFILE="{{ .ServiceConfig.SandeshKeyfile }}"
SANDESH_CERTFILE="{{ .ServiceConfig.SandeshCertfile }}"
SANDESH_SERVER_KEYFILE="{{ .ServiceConfig.SandeshServerKeyfile }}"
SANDESH_SERVER_CERTFILE="{{ .ServiceConfig.SandeshServerCertfile }}"
SANDESH_SSL_ENABLE="{{ .ServiceConfig.SandeshSslEnable }}"
# Server SSL
SERVER_CA_CERTFILE="{{ .ServiceConfig.ServerCaCertfile }}"
SERVER_CERTFILE="{{ .ServiceConfig.ServerCertfile }}"
SERVER_KEYFILE="{{ .ServiceConfig.ServerKeyfile }}"
SSL_ENABLE="{{ .ServiceConfig.SslEnable }}"
#SSL_INSECURE="{{ .ServiceConfig.SslInsecure }}"
# TSN
#TSN_AGENT_MODE="{{ .ServiceConfig.TsnAgentMode }}"
# vRouter
#AGENT_MODE="{{ .ServiceConfig.AgentMode }}"
#FABRIC_SNAT_HASH_TABLE_SIZE="{{ .ServiceConfig.FabricSnatHashTableSize }}"
#PRIORITY_BANDWIDTH="{{ .ServiceConfig.PriorityBandwidth }}"
#PRIORITY_ID="{{ .ServiceConfig.PriorityId }}"
#PRIORITY_SCHEDULING="{{ .ServiceConfig.PriorityScheduling }}"
#PRIORITY_TAGGING="{{ .ServiceConfig.PriorityTagging }}"
#QOS_DEF_HW_QUEUE="{{ .ServiceConfig.QosDefHwQueue }}"
#QOS_LOGICAL_QUEUES="{{ .ServiceConfig.QosLogicalQueues }}"
#QOS_QUEUE_ID="{{ .ServiceConfig.QosQueueId }}"
#REQUIRED_KERNEL_VROUTER_ENCRYPTION="{{ .ServiceConfig.RequiredKernelVrouterEncryption }}"
#SAMPLE_DESTINATION="{{ .ServiceConfig.SampleDestination }}"
#SLO_DESTINATION="{{ .ServiceConfig.SloDestination }}"
#VROUTER_CRYPT_INTERFACE="{{ .ServiceConfig.VrouterCryptInterface }}"
#VROUTER_DECRYPT_INTERFACE="{{ .ServiceConfig.VrouterDecryptInterface }}"
#VROUTER_DECRYPT_KEY="{{ .ServiceConfig.VrouterDecyptKey }}"
#VROUTER_ENCRYPTION="{{ .ServiceConfig.VrouterEncryption }}"
VROUTER_GATEWAY="{{ .ServiceConfig.VrouterGateway }}"
# XMPP
SUBCLUSTER="{{ .ServiceConfig.Subcluster }}"
XMPP_SERVER_CA_CERTFILE="{{ .ServiceConfig.XmppServerCaCertfile }}"
XMPP_SERVER_CERTFILE="{{ .ServiceConfig.XmppServerCertfile }}"
XMPP_SERVER_KEYFILE="{{ .ServiceConfig.XmppServerKeyfile }}"
#XMPP_SERVER_PORT="{{ .ServiceConfig.XmppServerPort }}"
XMPP_SSL_ENABLE="{{ .ServiceConfig.XmppSslEnable }}"
# HugePages
HUGE_PAGES_2MB="{{ default 0 .ServiceConfig.HugePages2M }}"
HUGE_PAGES_1GB="{{ default 0 .ServiceConfig.HugePages1G }}"
# L3MH
L3MH_CIDR="{{ .ServiceConfig.L3MHCidr }}"
# Hostnames depending on DataSubnet
VROUTER_HOSTNAME={{ .Hostname }}
# Custom envs from user
{{ if .ServiceConfig.EnvVariablesConfig }}
{{ range $k, $v := .ServiceConfig.EnvVariablesConfig }}
{{ $k }}="{{ $v }}"
{{ end }}
{{ end }}
set +o allexport
`))
VRouterAgentParams using to pass Manifest params into vrouter-agent container for prepare config file
var VRouterLbaasAuthConfig = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Funcs(vrouterTemplateFuncs).Parse(`[BARBICAN]
admin_tenant_name = {{ .BARBICAN_TENANT_NAME }}
admin_user = {{ .BARBICAN_USER }}
admin_password = {{ .BARBICAN_PASSWORD }}
auth_url = {{ .KEYSTONE_AUTH_PROTO }}://{{ .KEYSTONE_AUTH_HOST }}:{{ .KEYSTONE_AUTH_ADMIN_PORT }}{{ .KEYSTONE_AUTH_URL_VERSION }}
region = {{ .KEYSTONE_AUTH_REGION_NAME }}
user_domain_name = {{ .KEYSTONE_AUTH_USER_DOMAIN_NAME }}
project_domain_name = {{ .KEYSTONE_AUTH_PROJECT_DOMAIN_NAME }}
region_name = {{ .KEYSTONE_AUTH_REGION_NAME }}
insecure = {{ .KEYSTONE_AUTH_INSECURE }}
certfile = {{ .KEYSTONE_AUTH_CERTFILE }}
keyfile = {{ .KEYSTONE_AUTH_KEYFILE }}
cafile = {{ .KEYSTONE_AUTH_CA_CERTFILE }}
[KUBERNETES]
kubernetes_token={{ .K8S_TOKEN }}
kubernetes_api_server={{ default .KUBERNETES_API_SERVER .DEFAULT_LOCAL_IP }}
kubernetes_api_port={{ default "8080" .KUBERNETES_API_PORT }}
kubernetes_api_secure_port={{ default "6443" .KUBERNETES_API_SECURE_PORT }}`))
var VRouterVncApiLibIni = htemplate.Must(htemplate.New("").Funcs(sprig.FuncMap()).Funcs(vrouterTemplateFuncs).Parse(`
[global]
WEB_SERVER = {{ .CONFIG_NODES }}
WEB_PORT = {{ default "8082" .CONFIG_API_PORT }}
BASE_URL = /
use_ssl = {{ .CONFIG_API_SSL_ENABLE }}
{{ if isEnabled .CONFIG_API_SSL_ENABLE }}
cafile = {{ .CONFIG_API_SERVER_CA_CERTFILE }}
{{ end }}
{{ if eq (or .AUTH_MODE "noauth") "keystone" }}
; Authentication settings (optional)
[auth]
AUTHN_TYPE = keystone
AUTHN_PROTOCOL = {{ .KEYSTONE_AUTH_PROTO }}
AUTHN_SERVER = {{ .KEYSTONE_AUTH_HOST }}
AUTHN_PORT = {{ .KEYSTONE_AUTH_ADMIN_PORT }}
AUTHN_URL = {{ .KEYSTONE_AUTH_URL_TOKENS }}
AUTHN_DOMAIN = {{ .KEYSTONE_AUTH_PROJECT_DOMAIN_NAME }}
;AUTHN_TOKEN_URL = http://127.0.0.1:35357/v2.0/tokens
{{ if eq (or .KEYSTONE_AUTH_PROTO "http") "https" }}
insecure = {{ lower .KEYSTONE_AUTH_INSECURE }}
certfile = {{ .KEYSTONE_AUTH_CERTFILE }}
keyfile = {{ .KEYSTONE_AUTH_KEYFILE }}
cafile = {{ .KEYSTONE_AUTH_CA_CERTFILE }}
{{ end }}
{{ else }}
[auth]
AUTHN_TYPE = noauth
{{ end }}`))
var VrouterNodemanagerConfig = template.Must(template.New("").Parse(`[DEFAULTS]
http_server_ip={{ .INTROSPECT_IP }}
log_file=/var/log/contrail/contrail-vrouter-nodemgr.log
log_level={{ .LOG_LEVEL }}
log_local={{ .LOG_LOCAL }}
hostname={{ .Hostname }}
hostip={{ .CONTROL_NETWORK_IP }}
#db_port={{ .CassandraPort }}
#db_jmx_port={{ .CassandraJmxPort }}
#db_use_ssl=True
[COLLECTOR]
server_list={{ .COLLECTOR_SERVERS }}
[SANDESH]
introspect_ssl_enable=True
introspect_ssl_insecure=True
sandesh_ssl_enable=True
sandesh_keyfile={{ .SANDESH_KEYFILE }}
sandesh_certfile={{ .SANDESH_CERTFILE }}
sandesh_server_keyfile={{ .SANDESH_SERVER_KEYFILE }}
sandesh_server_certfile={{ .SANDESH_SERVER_CERTFILE }}
sandesh_ca_cert={{ .SANDESH_CA_CERTFILE }}
`))
VrouterNodemanagerConfig is the template of the Vrouter Nodemanager service configuration
var WebuiAuthConfig = template.Must(template.New("").Parse(`/*
* Copyright (c) 2014 Juniper Networks, Inc. All rights reserved.
*/
var auth = {};
auth.admin_token = '';
auth.admin_user = '{{ .KeystoneAuthParameters.AdminUsername }}';
auth.admin_password = '{{ .KeystoneAuthParameters.AdminPassword }}';
auth.admin_tenant_name = '{{ .KeystoneAuthParameters.AdminTenant }}';
auth.project_domain_name = '{{ .KeystoneAuthParameters.ProjectDomainName }}';
auth.user_domain_name = '{{ .KeystoneAuthParameters.UserDomainName }}';
module.exports = auth;
`))
WebuiAuthConfig is the template of the Webui Auth service configuration.
var WebuiWebConfig = template.Must(template.New("").Funcs(tfFuncs).Parse(`var config = {};
config.orchestration = {};
{{ if eq .AuthMode "noauth" }}
config.orchestration.Manager = "none";
{{ else }}
config.orchestration.Manager = "openstack";
{{ end }}
config.orchestrationModuleEndPointFromConfig = false;
config.contrailEndPointFromConfig = true;
config.regionsFromConfig = false;
config.endpoints = {};
config.endpoints.apiServiceType = "ApiServer";
config.endpoints.opServiceType = "OpServer";
config.regions = {};
config.regions.RegionOne = "{{ .KeystoneAuthParameters.AuthProtocol }}://{{ .KeystoneAuthParameters.Address }}:{{ .KeystoneAuthParameters.Port }}/v3";
config.serviceEndPointTakePublicURL = true;
config.networkManager = {};
config.networkManager.ip = "127.0.0.1";
config.networkManager.port = "9696";
config.networkManager.authProtocol = "http";
config.networkManager.apiVersion = [];
config.networkManager.strictSSL = false;
config.networkManager.ca = "";
config.imageManager = {};
config.imageManager.ip = "127.0.0.1";
config.imageManager.port = "9292";
config.imageManager.authProtocol = "http";
config.imageManager.apiVersion = ['v1', 'v2'];
config.imageManager.strictSSL = false;
config.imageManager.ca = "";
config.computeManager = {};
config.computeManager.ip = "127.0.0.1";
config.computeManager.port = "8774";
config.computeManager.authProtocol = "http";
config.computeManager.apiVersion = ['v1.1', 'v2'];
config.computeManager.strictSSL = false;
config.computeManager.ca = "";
config.identityManager = {};
config.identityManager.ip = "{{ .KeystoneAuthParameters.Address }}";
config.identityManager.port = "{{ .KeystoneAuthParameters.Port }}";
config.identityManager.authProtocol = "{{ .KeystoneAuthParameters.AuthProtocol }}";
config.identityManager.apiVersion = ['v3'];
config.identityManager.defaultDomain = "{{ .KeystoneAuthParameters.UserDomainName }}";
{{ if isEnabled .KeystoneAuthParameters.Insecure }}
config.identityManager.strictSSL = "false";
config.identityManager.ca = "";
{{ else }}
config.identityManager.strictSSL = "true";
config.identityManager.ca = "{{ .CAFilePath }}";
{{ end }}
config.storageManager = {};
config.storageManager.ip = "127.0.0.1";
config.storageManager.port = "8776";
config.storageManager.authProtocol = "http";
config.storageManager.apiVersion = ['v1'];
config.storageManager.strictSSL = false;
config.storageManager.ca = "";
config.cnfg = {};
config.cnfg.server_ip = [{{ .APIServerList }}];
config.cnfg.server_port = "{{ .APIServerPort }}";
config.cnfg.authProtocol = "https";
config.cnfg.strictSSL = true;
config.cnfg.ca = "{{ .CAFilePath }}";
config.cnfg.statusURL = '/global-system-configs';
config.analytics = {};
config.analytics.server_ip = [{{ .AnalyticsServerList }}];
config.analytics.server_port = "{{ .AnalyticsServerPort }}";
config.analytics.authProtocol = "https";
config.analytics.strictSSL = true;
config.analytics.ca = '{{ .CAFilePath }}';
config.analytics.statusURL = '/analytics/uves/bgp-peers';
config.dns = {};
config.dns.server_ip = [{{ .ControlNodeList }}];
config.dns.server_port = '{{ .DnsNodePort }}';
config.dns.statusURL = '/Snh_PageReq?x=AllEntries%20VdnsServersReq';
config.vcenter = {};
config.vcenter.server_ip = "127.0.0.1"; //vCenter IP
config.vcenter.server_port = "443"; //Port
config.vcenter.authProtocol = "https"; //http or https
config.vcenter.datacenter = "vcenter"; //datacenter name
config.vcenter.dvsswitch = "vswitch"; //dvsswitch name
config.vcenter.strictSSL = false; //Validate the certificate or ignore
config.vcenter.ca = ''; //specify the certificate key file
config.vcenter.wsdl = "/usr/src/contrail/contrail-web-core/webroot/js/vim.wsdl";
config.introspect = {};
config.introspect.ssl = {};
config.introspect.ssl.enabled = true;
config.introspect.ssl.key = '/etc/certificates/server-key-{{ .PodIP }}.pem';
config.introspect.ssl.cert = '/etc/certificates/server-{{ .PodIP }}.crt';
config.introspect.ssl.ca = '{{ .CAFilePath }}';
config.introspect.ssl.strictSSL = true;
config.jobServer = {};
config.jobServer.server_ip = '127.0.0.1';
config.jobServer.server_port = '3000';
config.files = {};
config.files.download_path = '/tmp';
config.cassandra = {};
config.cassandra.server_ips = [{{ .CassandraServerList }}];
config.cassandra.server_port = '{{ .CassandraPort }}';
config.cassandra.enable_edit = false;
config.cassandra.use_ssl = true;
config.cassandra.ca_certs = '{{ .CAFilePath }}';
config.kue = {};
config.kue.ui_port = '3002'
config.webui_addresses = {};
config.insecure_access = false;
config.http_port = '8180';
config.https_port = '8143';
config.require_auth = false;
config.node_worker_count = 1;
config.maxActiveJobs = 10;
config.CONTRAIL_SERVICE_RETRY_TIME = 300000; //5 minutes
config.redisDBIndex = 3;
config.redis_server_port = '{{ .RedisPort }}';
config.redis_server_ip = '127.0.0.1';
config.redis_dump_file = '/var/lib/redis/dump-webui.rdb';
config.redis_password = '';
config.logo_file = '/opt/contrail/images/logo.png';
config.favicon_file = '/opt/contrail/images/favicon.ico';
config.featurePkg = {};
config.featurePkg.webController = {};
config.featurePkg.webController.path = '/usr/src/contrail/contrail-web-controller';
config.featurePkg.webController.enable = true;
config.qe = {};
config.qe.enable_stat_queries = false;
config.logs = {};
config.logs.level = '{{ lowerOrDefault .LogLevel "info" }}';
config.getDomainProjectsFromApiServer = false;
config.network = {};
config.network.L2_enable = false;
config.getDomainsFromApiServer = false;
config.jsonSchemaPath = "/usr/src/contrail/contrail-web-core/src/serverroot/configJsonSchemas";
config.server_options = {};
config.server_options.key_file = '/etc/certificates/server-key-{{ .PodIP }}.pem';
config.server_options.cert_file = '/etc/certificates/server-{{ .PodIP }}.crt';
config.server_options.ciphers = 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-SHA';
module.exports = config;
{{ if eq .AuthMode "noauth" }}
config.staticAuth = [];
config.staticAuth[0] = {};
config.staticAuth[0].username = '{{ .KeystoneAuthParameters.AdminUsername }}';
config.staticAuth[0].password = '{{ .KeystoneAuthParameters.AdminPassword }}';
config.staticAuth[0].roles = ['cloudAdmin'];
{{ end }}
`))
WebuiWebConfig is the template of the Webui Web service configuration.
var ZookeeperLogConfig = template.Must(template.New("").Funcs(tfFuncs).Parse(`zookeeper.root.logger={{ upperOrDefault .LogLevel "INFO" }}
zookeeper.console.threshold={{ upperOrDefault .LogLevel "INFO" }}
zookeeper.log.dir=.
zookeeper.log.file=zookeeper.log
zookeeper.log.threshold={{ upperOrDefault .LogLevel "INFO" }}
zookeeper.log.maxfilesize=256MB
zookeeper.log.maxbackupindex=20
zookeeper.tracelog.dir=${zookeeper.log.dir}
zookeeper.tracelog.file=zookeeper_trace.log
log4j.rootLogger=${zookeeper.root.logger}
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.Threshold=${zookeeper.console.threshold}
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n
log4j.appender.ROLLINGFILE=org.apache.log4j.RollingFileAppender
log4j.appender.ROLLINGFILE.Threshold=${zookeeper.log.threshold}
log4j.appender.ROLLINGFILE.File=${zookeeper.log.dir}/${zookeeper.log.file}
log4j.appender.ROLLINGFILE.MaxFileSize=${zookeeper.log.maxfilesize}
log4j.appender.ROLLINGFILE.MaxBackupIndex=${zookeeper.log.maxbackupindex}
log4j.appender.ROLLINGFILE.layout=org.apache.log4j.PatternLayout
log4j.appender.ROLLINGFILE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n
log4j.appender.TRACEFILE=org.apache.log4j.FileAppender
log4j.appender.TRACEFILE.Threshold=TRACE
log4j.appender.TRACEFILE.File=${zookeeper.tracelog.dir}/${zookeeper.tracelog.file}
log4j.appender.TRACEFILE.layout=org.apache.log4j.PatternLayout
log4j.appender.TRACEFILE.layout.ConversionPattern=%d{ISO8601} [myid:%X{myid}] - %-5p [%t:%C{1}@%L][%x] - %m%n
`))
ZookeeperLogConfig is the template of the Zookeeper Log configuration.
var ZookeeperStaticConfig = template.Must(template.New("").Parse(`dataDir=/var/lib/zookeeper
tickTime=2000
initLimit=5
syncLimit=2
maxClientCnxns=60
maxSessionTimeout=120000
admin.enableServer={{ .AdminEnableServer }}
admin.serverPort={{ .AdminServerPort }}
standaloneEnabled=false
4lw.commands.whitelist=stat,ruok,conf,isro
reconfigEnabled=true
skipACL=yes
dynamicConfigFile=/var/lib/zookeeper/zoo.cfg.dynamic
`))
ZookeeperStaticConfig is the template of the Zookeeper service configuration.
var ZookeeperXslConfig = `` /* 526-byte string literal not displayed */
ZookeeperXslConfig is the template of the Zookeeper XSL configuration.
Functions ¶
func DynamicZookeeperConfig ¶
func DynamicZookeeperConfig(pods []core.Pod, electionPort, serverPort, clientPort string, pod2node pod2nodeconvert) (map[string]string, error)
DynamicZookeeperConfig creates zk dynamic config
func EndpointList ¶
EndpointList creates a new slice in which each item is an ip and port joined with a colon.
func JoinListWithSeparator ¶
JoinListWithSeparator joins a slice into a string using the given separator.
func JoinListWithSeparatorAndSingleQuotes ¶
JoinListWithSeparatorAndSingleQuotes joins a slice into a string using the given separator and surrounds each slice item with single quotes.
Types ¶
This section is empty.
Source Files ¶
- analytics_config.go
- analyticsalarm_config.go
- analyticssnmp_config.go
- cassandra_config.go
- common_config.go
- config_config.go
- config_vnc.go
- control_config.go
- kafka_config.go
- kubemanager_config.go
- nodemanager_config.go
- provisioner_config.go
- queryengine_config.go
- rabbitmq_config.go
- redis_config.go
- template_functions.go
- templates_helper_functions.go
- vrouter_config.go
- webui_config.go
- zookeeper_config.go