[opencontrail-dev] Help adding TOR Agent

Wed, 27 Jul 2016 11:55:38 -0700 

Hi all,


1) I added to the testbed.py the information of the TOR:



ost1 = '[email protected]'
host2 = '[email protected]'
host3 = '[email protected]'
host4 = '[email protected]'
host5 = '[email protected]'
#host6 = '[email protected]'
#host7 = '[email protected]'
#host8 = '[email protected]'
#host9 = '[email protected]'
#host10 = '[email protected]'


#External routers if any
#for eg.
#ext_routers = [('mx1', '10.204.216.253')]
ext_routers = []

#Autonomous system number
router_asn = 64512

#Host from which the fab commands are triggered to install and provision
host_build = '[email protected]'


#Role definition of the hosts.
env.roledefs = {
    'all': [host1, host2, host3, host4, host5],
    'cfgm': [host1, host2],
    'openstack': [host1],
    'control': [host1, host2],
    'compute': [host3, host4, host5],
    'collector': [host1, host2],
    'webui': [host1],
    'database': [host1],
    'build': [host_build],
    'storage-master': [host1],
    'storage-compute': [host4, host5],
#'rally': [host11], # Optional, to enable/setup rally, it can be a seprate node from contrail cluster # 'vgw': [host4, host5], # Optional, Only to enable VGW. Only compute can support vgw 
    'tsn': [host3],
    'toragent': [host3],
    # support Tor Agent
    #   'backup':[backup_node],  # only if the backup_node is defined
}

#Hostnames
# Deprecated 'all' key from release 3.0; Consider specifying the hostname for each host seperately as below 
#env.hostnames = {
# 'all': ['a0s1', 'a0s2', 'a0s3','a0s4', 'a0s5', 'a0s6', 'a0s7', 'a0s8', 'a0s9', 'a0s10','backup_node'] 
#}
env.hostnames = {
    host1: 'ncontrol01',
    host2: 'ncontrol02',
    host3: 'tsn01',
    host4: 'ncompute01',
    host5: 'ncompute02',
    #host6: 'a0s6',
    #host7: 'a0s7',
    #host8: 'a0s8',
    #host9: 'a0s9',
    #host10: 'a0s10',
}

#Openstack admin password
env.openstack_admin_password = 'lab123'

# Passwords of each host
# for passwordless login's no need to set env.passwords,
# instead populate env.key_filename in testbed.py with public key.
env.passwords = {
    host1: 'lab123',
    host2: 'lab123',
    host3: 'lab123',
    host4: 'lab123',
    host5: 'lab123',

    host_build: 'lab123',
}

# SSH Public key file path for passwordless logins
# if env.passwords is not specified.
#env.key_filename = '/root/.ssh/id_rsa.pub'

#For reimage purpose
env.ostypes = {
    host1: 'ubuntu',
    host2: 'ubuntu',
    host3: 'ubuntu',
    host4: 'ubuntu',
    host5: 'ubuntu',



env.tor_agent = {host3:[{
                    'tor_ip':'172.25.0.100',
                    'tor_agent_id':'1',
                    'tor_agent_name':'qfx-lab-01',
                    'tor_type':'ovs',
                    'tor_ovs_protocol':'pssl',
                    'tor_ovs_port':'9901',
                    'tor_tsn_ip':'172.25.0.3',
                    'tor_tsn_name':'tsn01',
                    'tor_name':'qfx-lab-01',
                    'tor_tunnel_ip':'10.10.10.10',
                    'tor_vendor_name':'Juniper',
                    'tor_product_name':'QFX5100',
                    'tor_agent_http_server_port': '9010',
                    'tor_agent_ovs_ka': '10000',
                       }]
                }

env.ca_cert_file = '/var/lib/openvswitch/pki/switchca/cacert.pem'



2) Configured the QFX with the configuration below:


set protocols ovsdb controller 172.25.0.3 protocol ssl port 9901
set protocols ovsdb controller 172.25.0.3 inactivity-probe-duration 10000
set protocols ovsdb passive-connection protocol tcp port 9901
set switch-options ovsdb-managed
set switch-options vtep-source-interface lo0.0

3) I generate the certified according to this guide:

https://github.com/Juniper/contrail-controller/wiki/Baremetal-Support


4) Run the fab add_tor_agent


root@ncontrol01:/opt/contrail/utils# fab add_tor_agent
[[email protected]] Executing task 'add_tor_agent'
2016-07-27 15:42:27:509490: [[email protected]] sudo: hostname
2016-07-27 15:42:27:509725: [[email protected]] out: tsn01
2016-07-27 15:42:27:959816: [[email protected]] out:
2016-07-27 15:42:27:960370:
2016-07-27 15:42:27:968040: [[email protected]] sudo: setup-vnc-tor-agent --self_ip 172.25.0.3 --agent_name qfx-lab-01 --http_server_port 9010 --tor_id 1 --tor_ip 172.25.0.100 --tor_ovs_port 9901 --tsn_ip 172.25.0.3 --tor_ovs_protocol pssl --tor_agent_ovs_ka 10000 --discovery_server_ip 172.25.0.1 2016-07-27 15:42:27:968210: [[email protected]] out: [localhost] local: ln -sf /bin/true /sbin/chkconfig 2016-07-27 15:42:28:101332: [[email protected]] out: [localhost] local: ln -sf /bin/true /sbin/chkconfig 2016-07-27 15:42:28:101523: [[email protected]] out: [localhost] local: sudo mv /tmp/tmpjcsOhg/tor_agent_conf /etc/contrail/contrail-tor-agent-1.conf 2016-07-27 15:42:28:101590: [[email protected]] out: [localhost] local: sudo mv /tmp/tmpjcsOhg/tor_agent_ini /etc/contrail/supervisord_vrouter_files/contrail-tor-agent-1.ini 2016-07-27 15:42:28:104909: [[email protected]] out: [localhost] local: sudo cp /etc/init.d/contrail-vrouter-agent /etc/init.d/contrail-tor-agent-1 
2016-07-27 15:42:28:112375: [[email protected]] out:
2016-07-27 15:42:28:128031:
2016-07-27 15:42:28:133070: [[email protected]] sudo: domainname -f
2016-07-27 15:42:28:133158: [[email protected]] out: tsn01
2016-07-27 15:42:28:181502: [[email protected]] out:
2016-07-27 15:42:28:181609:
2016-07-27 15:42:28:181710: [[email protected]] sudo: openssl req -new -x509 -days 3650 -text -sha256 -newkey rsa:4096 -nodes -subj "/C=US/ST=Global/O=Juniper/CN=tsn01" -keyout /etc/contrail/ssl/private/tor.1.privkey.pem -out /etc/contrail/ssl/certs/tor.1.cert.pem 2016-07-27 15:42:28:181801: [[email protected]] out: Generating a 4096 bit RSA private key 2016-07-27 15:42:28:310795: [[email protected]] out: .....................................................................................................................++ 2016-07-27 15:42:28:927945: [[email protected]] out: ...................................................................++ 2016-07-27 15:42:29:298361: [[email protected]] out: writing new private key to '/etc/contrail/ssl/private/tor.1.privkey.pem' 
2016-07-27 15:42:29:298527: [[email protected]] out: -----
2016-07-27 15:42:29:298625: [[email protected]] out:
2016-07-27 15:42:29:314194:
2016-07-27 15:42:29:314392: [[email protected]] sudo: python /opt/contrail/utils/provision_vrouter.py --host_name qfx-lab-01 --host_ip 172.25.0.3 --api_server_ip 172.25.0.1 --oper add --admin_user admin --admin_password sonet40atm --admin_tenant_name admin --openstack_ip 172.25.0.1 --router_type tor-agent 2016-07-27 15:42:29:314559: [[email protected]] sudo: python /opt/contrail/utils/provision_physical_device.py --device_name qfx-lab-01 --vendor_name Juniper --device_mgmt_ip 172.25.0.100 --device_tunnel_ip 10.10.10.10 --device_tor_agent qfx-lab-01 --device_tsn tsn01 --api_server_ip 172.25.0.1 --oper add --admin_user admin --admin_password sonet40atm --admin_tenant_name admin --openstack_ip 172.25.0.1 --product_name QFX5100 2016-07-27 15:42:29:971231: [[email protected]] sudo: supervisorctl -c /etc/contrail/supervisord_vrouter.conf update 2016-07-27 15:42:30:300147: [[email protected]] out: contrail-tor-agent-1: added process group 
2016-07-27 15:42:30:403143: [[email protected]] out:
2016-07-27 15:42:30:403279:
2016-07-27 15:42:30:403415:
2016-07-27 15:42:30:403540: Done.
2016-07-27 15:42:30:403557: Disconnecting from 172.25.0.3... done.
2016-07-27 15:42:30:517517: Disconnecting from 172.25.0.1... done.


5) If I check the status on the TSN I have the output below


root@tsn01:~# contrail-status
== Contrail vRouter ==
supervisor-vrouter:           active

contrail-tor-agent-1          failed
contrail-vrouter-agent        active
contrail-vrouter-nodemgr      active


There is some log file that show me the reason of failed status?

There is others steps that I need to perform before add the tor agent?



Regards,


Tales



_______________________________________________
Dev mailing list
[email protected]
http://lists.opencontrail.org/mailman/listinfo/dev_lists.opencontrail.org

Reply via email to