diff options
Diffstat (limited to 'roles/contiv')
27 files changed, 706 insertions, 0 deletions
diff --git a/roles/contiv/README.md b/roles/contiv/README.md new file mode 100644 index 000000000..fa36039d9 --- /dev/null +++ b/roles/contiv/README.md @@ -0,0 +1,39 @@ +## Contiv + +Install Contiv components (netmaster, netplugin, contiv_etcd) on Master and Minion nodes + +## Requirements + +* Ansible 2.2 +* Centos/ RHEL + +## Current Contiv restrictions when used with Openshift + +* Openshift Origin only +* VLAN encap mode only (default for Openshift Ansible) +* Bare metal deployments only +* Requires additional network configuration on the external physical routers (ref. Openshift docs Contiv section) + +## Key Ansible inventory configuration parameters + +* ``openshift_use_contiv=True`` +* ``openshift_use_openshift_sdn=False`` +* ``os_sdn_network_plugin_name='cni'`` +* ``netmaster_interface=eth0`` +* ``netplugin_interface=eth1`` +* ref. Openshift docs Contiv section for more details + +## Example bare metal deployment of Openshift + Contiv + +* Example bare metal deployment + + + +* contiv241 is a Master + minion node +* contiv242 and contiv243 are minion nodes +* VLANs 1001, 1002 used for contiv container networks +* VLAN 10 used for cluster-internal host network +* VLANs added to isolated VRF on external physical switch +* Static routes added on external switch as shown to allow routing between host and container networks +* External switch also used for public internet access + diff --git a/roles/contiv/contiv-openshift-vlan-network.png b/roles/contiv/contiv-openshift-vlan-network.png Binary files differnew file mode 100644 index 000000000..2462fa337 --- /dev/null +++ b/roles/contiv/contiv-openshift-vlan-network.png diff --git a/roles/contiv/defaults/main.yml b/roles/contiv/defaults/main.yml new file mode 100644 index 000000000..c2b72339c --- /dev/null +++ b/roles/contiv/defaults/main.yml @@ -0,0 +1,91 @@ +--- +# The version of Contiv binaries to use +contiv_version: 1.0.0-beta.3-02-21-2017.20-52-42.UTC + +contiv_default_subnet: "20.1.1.1/24" +contiv_default_gw: "20.1.1.254" +# TCP port that Netmaster listens for network connections +netmaster_port: 9999 + +# TCP port that Netplugin listens for network connections +netplugin_port: 6640 +contiv_rpc_port1: 9001 +contiv_rpc_port2: 9002 +contiv_rpc_port3: 9003 + +# Interface used by Netplugin for inter-host traffic when encap_mode is vlan. +# The interface must support 802.1Q trunking. +netplugin_interface: "eno16780032" + +# IP address of the interface used for control communication within the cluster +# It needs to be reachable from all nodes in the cluster. +netplugin_ctrl_ip: "{{ hostvars[inventory_hostname]['ansible_' + netplugin_interface].ipv4.address }}" + +# IP used to terminate vxlan tunnels +netplugin_vtep_ip: "{{ hostvars[inventory_hostname]['ansible_' + netplugin_interface].ipv4.address }}" + +# Interface used to bind Netmaster service +netmaster_interface: "{{ netplugin_interface }}" + +# Path to the contiv binaries +bin_dir: /usr/bin + +# Path to the contivk8s cni binary +cni_bin_dir: /opt/cni/bin + +# Contiv config directory +contiv_config_dir: /opt/contiv/config + +# Directory to store downloaded Contiv releases +contiv_releases_directory: /opt/contiv +contiv_current_release_directory: "{{ contiv_releases_directory }}/{{ contiv_version }}" + +#The default url to download the Contiv tar's from +contiv_download_url_base: "https://github.com/contiv/netplugin/releases/download" +contiv_download_url: "{{ contiv_download_url_base }}/{{ contiv_version }}/netplugin-{{ contiv_version }}.tar.bz2" + +# This is where kubelet looks for plugin files +kube_plugin_dir: /usr/libexec/kubernetes/kubelet-plugins/net/exec + +# Specifies routed mode vs bridged mode for networking (bridge | routing) +# if you are using an external router for all routing, you should select bridge here +netplugin_fwd_mode: bridge + +# Contiv fabric mode aci|default +contiv_fabric_mode: default + +# Encapsulation type vlan|vxlan to use for instantiating container networks +contiv_encap_mode: vlan + +# Backend used by Netplugin for instantiating container networks +netplugin_driver: ovs + +# Create a default Contiv network for use by pods +contiv_default_network: true + +# VLAN/ VXLAN tag value to be used for the default network +contiv_default_network_tag: 1 + +#SRFIXME (use the openshift variables) +https_proxy: "" +http_proxy: "" +no_proxy: "" + +# The following are aci specific parameters when contiv_fabric_mode: aci is set. +# Otherwise, you can ignore these. +apic_url: "" +apic_username: "" +apic_password: "" +apic_leaf_nodes: "" +apic_phys_dom: "" +apic_contracts_unrestricted_mode: no +apic_epg_bridge_domain: not_specified +is_atomic: False +kube_cert_dir: "/data/src/github.com/openshift/origin/openshift.local.config/master" +master_name: "{{ groups['masters'][0] }}" +contiv_etcd_port: 22379 +etcd_url: "{{ hostvars[groups['masters'][0]]['ansible_' + netmaster_interface].ipv4.address }}:{{ contiv_etcd_port }}" +kube_ca_cert: "{{ kube_cert_dir }}/ca.crt" +kube_key: "{{ kube_cert_dir }}/admin.key" +kube_cert: "{{ kube_cert_dir }}/admin.crt" +kube_master_api_port: 8443 diff --git a/roles/contiv/files/contiv_cni.conf b/roles/contiv/files/contiv_cni.conf new file mode 100644 index 000000000..441dffd41 --- /dev/null +++ b/roles/contiv/files/contiv_cni.conf @@ -0,0 +1,5 @@ +{ + "cniVersion": "0.1.0", + "name": "contiv-net", + "type": "contivk8s" +} diff --git a/roles/contiv/files/loopback b/roles/contiv/files/loopback Binary files differnew file mode 100644 index 000000000..f02b0b1fb --- /dev/null +++ b/roles/contiv/files/loopback diff --git a/roles/contiv/handlers/main.yml b/roles/contiv/handlers/main.yml new file mode 100644 index 000000000..0fbe73036 --- /dev/null +++ b/roles/contiv/handlers/main.yml @@ -0,0 +1,18 @@ +--- +- name: reload systemd + command: systemctl --system daemon-reload + +- name: restart netmaster + service: + name: netmaster + state: restarted + when: netmaster_started.changed == false + +- name: restart netplugin + service: + name: netplugin + state: restarted + when: netplugin_started.changed == false + +- name: Save iptables rules + command: service iptables save diff --git a/roles/contiv/meta/main.yml b/roles/contiv/meta/main.yml new file mode 100644 index 000000000..3223afb6e --- /dev/null +++ b/roles/contiv/meta/main.yml @@ -0,0 +1,28 @@ +--- +galaxy_info: + author: Cisco + description: + company: Cisco + license: + min_ansible_version: 2.2 + platforms: + - name: EL + versions: + - 7 + categories: + - cloud + - system +dependencies: +- role: contiv_facts +- role: etcd + etcd_service: contiv-etcd + etcd_is_thirdparty: True + etcd_peer_port: 22380 + etcd_client_port: 22379 + etcd_conf_dir: /etc/contiv-etcd/ + etcd_data_dir: /var/lib/contiv-etcd/ + etcd_ca_host: "{{ inventory_hostname }}" + etcd_cert_config_dir: /etc/contiv-etcd/ + etcd_url_scheme: http + etcd_peer_url_scheme: http + when: contiv_role == "netmaster" diff --git a/roles/contiv/tasks/aci.yml b/roles/contiv/tasks/aci.yml new file mode 100644 index 000000000..30d2eb339 --- /dev/null +++ b/roles/contiv/tasks/aci.yml @@ -0,0 +1,32 @@ +--- +- name: ACI | Check aci-gw container image + command: "docker inspect contiv/aci-gw" + register: docker_aci_inspect_result + ignore_errors: yes + +- name: ACI | Pull aci-gw container + command: "docker pull contiv/aci-gw" + when: "'No such image' in docker_aci_inspect_result.stderr" + +- name: ACI | Copy shell script used by aci-gw service + template: + src: aci_gw.j2 + dest: "{{ bin_dir }}/aci_gw.sh" + mode: u=rwx,g=rx,o=rx + +- name: ACI | Copy systemd units for aci-gw + template: + src: aci-gw.service + dest: /etc/systemd/system/aci-gw.service + notify: reload systemd + +- name: ACI | Enable aci-gw service + service: + name: aci-gw + enabled: yes + +- name: ACI | Start aci-gw service + service: + name: aci-gw + state: started + register: aci-gw_started diff --git a/roles/contiv/tasks/default_network.yml b/roles/contiv/tasks/default_network.yml new file mode 100644 index 000000000..9cf98bb80 --- /dev/null +++ b/roles/contiv/tasks/default_network.yml @@ -0,0 +1,15 @@ +--- +- name: Contiv | Wait for netmaster + command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" tenant ls' + register: tenant_result + until: tenant_result.stdout.find("default") != -1 + retries: 9 + delay: 10 + +- name: Contiv | Check if default-net exists + command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net ls' + register: net_result + +- name: Contiv | Create default-net + command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_default_subnet }} -e {{ contiv_encap_mode }} -p {{ contiv_default_network_tag }} --gateway={{ contiv_default_gw }} default-net' + when: net_result.stdout.find("default-net") == -1 diff --git a/roles/contiv/tasks/download_bins.yml b/roles/contiv/tasks/download_bins.yml new file mode 100644 index 000000000..28ed50fae --- /dev/null +++ b/roles/contiv/tasks/download_bins.yml @@ -0,0 +1,27 @@ +--- +- name: Download Bins | Create directory for current Contiv release + file: + path: "{{ contiv_current_release_directory }}" + state: directory + +- name: Install bzip2 + yum: + name: bzip2 + state: installed + +- name: Download Bins | Download Contiv tar file + get_url: + url: "{{ contiv_download_url }}" + dest: "{{ contiv_current_release_directory }}" + mode: 0755 + validate_certs: False + environment: + http_proxy: "{{ http_proxy|default('') }}" + https_proxy: "{{ https_proxy|default('') }}" + no_proxy: "{{ no_proxy|default('') }}" + +- name: Download Bins | Extract Contiv tar file + unarchive: + src: "{{ contiv_current_release_directory }}/netplugin-{{ contiv_version }}.tar.bz2" + dest: "{{ contiv_current_release_directory }}" + copy: no diff --git a/roles/contiv/tasks/main.yml b/roles/contiv/tasks/main.yml new file mode 100644 index 000000000..40a0f9e61 --- /dev/null +++ b/roles/contiv/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Ensure bin_dir exists + file: + path: "{{ bin_dir }}" + recurse: yes + state: directory + +- include: download_bins.yml + +- include: netmaster.yml + when: contiv_role == "netmaster" + +- include: netplugin.yml + when: contiv_role == "netplugin" diff --git a/roles/contiv/tasks/netmaster.yml b/roles/contiv/tasks/netmaster.yml new file mode 100644 index 000000000..5057767b8 --- /dev/null +++ b/roles/contiv/tasks/netmaster.yml @@ -0,0 +1,65 @@ +--- +- include: netmaster_firewalld.yml + when: has_firewalld + +- include: netmaster_iptables.yml + when: not has_firewalld and has_iptables + +- name: Netmaster | Check is /etc/hosts file exists + stat: + path: /etc/hosts + register: hosts + +- name: Netmaster | Create hosts file if it is not present + file: + path: /etc/hosts + state: touch + when: not hosts.stat.exists + +- name: Netmaster | Build hosts file + lineinfile: + dest: /etc/hosts + regexp: .*netmaster$ + line: "{{ hostvars[item]['ansible_' + netmaster_interface].ipv4.address }} netmaster" + state: present + when: hostvars[item]['ansible_' + netmaster_interface].ipv4.address is defined + with_items: groups['masters'] + +- name: Netmaster | Create netmaster symlinks + file: + src: "{{ contiv_current_release_directory }}/{{ item }}" + dest: "{{ bin_dir }}/{{ item }}" + state: link + with_items: + - netmaster + - netctl + +- name: Netmaster | Copy environment file for netmaster + template: + src: netmaster.env.j2 + dest: /etc/default/netmaster + mode: 0644 + notify: restart netmaster + +- name: Netmaster | Copy systemd units for netmaster + template: + src: netmaster.service + dest: /etc/systemd/system/netmaster.service + notify: reload systemd + +- name: Netmaster | Enable Netmaster + service: + name: netmaster + enabled: yes + +- name: Netmaster | Start Netmaster + service: + name: netmaster + state: started + register: netmaster_started + +- include: aci.yml + when: contiv_fabric_mode == "aci" + +- include: default_network.yml + when: contiv_default_network == true diff --git a/roles/contiv/tasks/netmaster_firewalld.yml b/roles/contiv/tasks/netmaster_firewalld.yml new file mode 100644 index 000000000..2975351ac --- /dev/null +++ b/roles/contiv/tasks/netmaster_firewalld.yml @@ -0,0 +1,16 @@ +--- +- name: Netmaster Firewalld | Open Netmaster port + firewalld: + port: "{{ netmaster_port }}/tcp" + permanent: false + state: enabled + # in case this is also a node where firewalld turned off + ignore_errors: yes + +- name: Netmaster Firewalld | Save Netmaster port + firewalld: + port: "{{ netmaster_port }}/tcp" + permanent: true + state: enabled + # in case this is also a node where firewalld turned off + ignore_errors: yes diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml new file mode 100644 index 000000000..2d0fb95ae --- /dev/null +++ b/roles/contiv/tasks/netmaster_iptables.yml @@ -0,0 +1,21 @@ +--- +- name: Netmaster IPtables | Get iptables rules + command: iptables -L --wait + register: iptablesrules + always_run: yes + +- name: Netmaster IPtables | Enable iptables at boot + service: + name: iptables + enabled: yes + state: started + +- name: Netmaster IPtables | Open Netmaster with iptables + command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv" + with_items: + - "{{ netmaster_port }}" + - "{{ contiv_rpc_port1 }}" + - "{{ contiv_rpc_port2 }}" + - "{{ contiv_rpc_port3 }}" + when: iptablesrules.stdout.find("contiv") == -1 + notify: Save iptables rules diff --git a/roles/contiv/tasks/netplugin.yml b/roles/contiv/tasks/netplugin.yml new file mode 100644 index 000000000..ec6c72fe9 --- /dev/null +++ b/roles/contiv/tasks/netplugin.yml @@ -0,0 +1,121 @@ +--- +- include: netplugin_firewalld.yml + when: has_firewalld + +- include: netplugin_iptables.yml + when: has_iptables + +- name: Netplugin | Ensure localhost entry correct in /etc/hosts + lineinfile: + dest: /etc/hosts + regexp: '^127\.0\.0\.1.*' + line: '127.0.0.1 localhost {{ ansible_hostname }}' + state: present + +- name: Netplugin | Remove incorrect localhost entry in /etc/hosts + lineinfile: + dest: /etc/hosts + regexp: '^::1. localhost ' + line: '::1 ' + state: absent + +- include: ovs.yml + when: netplugin_driver == "ovs" + +- name: Netplugin | Create Netplugin bin symlink + file: + src: "{{ contiv_current_release_directory }}/netplugin" + dest: "{{ bin_dir }}/netplugin" + state: link + + +- name: Netplugin | Ensure cni_bin_dir exists + file: + path: "{{ cni_bin_dir }}" + recurse: yes + state: directory + +- name: Netplugin | Create CNI bin symlink + file: + src: "{{ contiv_current_release_directory }}/contivk8s" + dest: "{{ cni_bin_dir }}/contivk8s" + state: link + +- name: Netplugin | Copy CNI loopback bin + copy: + src: loopback + dest: "{{ cni_bin_dir }}/loopback" + mode: 0755 + +- name: Netplugin | Ensure kube_plugin_dir and cni/net.d directories exist + file: + path: "{{ item }}" + recurse: yes + state: directory + with_items: + - "{{ kube_plugin_dir }}" + - "/etc/cni/net.d" + +- name: Netplugin | Ensure contiv_config_dir exists + file: + path: "{{ contiv_config_dir }}" + recurse: yes + state: directory + +- name: Netplugin | Copy contiv_cni.conf file + copy: + src: contiv_cni.conf + dest: "{{ item }}" + with_items: + - "{{ kube_plugin_dir }}/contiv_cni.conf" + - "/etc/cni/net.d" +# notify: restart kubelet + +- name: Netplugin | Setup contiv.json config for the cni plugin + template: + src: contiv.cfg.j2 + dest: "{{ contiv_config_dir }}/contiv.json" + notify: restart netplugin + +- name: Netplugin | Copy environment file for netplugin + template: + src: netplugin.j2 + dest: /etc/default/netplugin + mode: 0644 + notify: restart netplugin + +- name: Docker | Make sure proxy setting exists + lineinfile: + dest: /etc/sysconfig/docker-network + regexp: '^https_proxy.*' + line: 'https_proxy={{ https_proxy }}' + state: present + register: docker_updated + +- name: Netplugin | Copy systemd unit for netplugin + template: + src: netplugin.service + dest: /etc/systemd/system/netplugin.service + notify: reload systemd + +- name: systemd reload + command: systemctl daemon-reload + when: docker_updated|changed + +- name: Docker | Restart docker + service: + name: docker + state: restarted + when: docker_updated|changed + +- name: Netplugin | Enable Netplugin + service: + name: netplugin + enabled: yes + +- name: Netplugin | Start Netplugin + service: + name: netplugin + state: started + register: netplugin_started +# notify: restart kubelet diff --git a/roles/contiv/tasks/netplugin_firewalld.yml b/roles/contiv/tasks/netplugin_firewalld.yml new file mode 100644 index 000000000..3aeffae56 --- /dev/null +++ b/roles/contiv/tasks/netplugin_firewalld.yml @@ -0,0 +1,34 @@ +--- +- name: Netplugin Firewalld | Open Netplugin port + firewalld: + port: "{{ netplugin_port }}/tcp" + permanent: false + state: enabled + # in case this is also a node where firewalld turned off + ignore_errors: yes + +- name: Netplugin Firewalld | Save Netplugin port + firewalld: + port: "{{ netplugin_port }}/tcp" + permanent: true + state: enabled + # in case this is also a node where firewalld turned off + ignore_errors: yes + +- name: Netplugin Firewalld | Open vxlan port + firewalld: + port: "8472/udp" + permanent: false + state: enabled + # in case this is also a node where firewalld turned off + ignore_errors: yes + when: contiv_encap_mode == "vxlan" + +- name: Netplugin Firewalld | Save firewalld vxlan port for flanneld + firewalld: + port: "8472/udp" + permanent: true + state: enabled + # in case this is also a node where firewalld turned off + ignore_errors: yes + when: contiv_encap_mode == "vxlan" diff --git a/roles/contiv/tasks/netplugin_iptables.yml b/roles/contiv/tasks/netplugin_iptables.yml new file mode 100644 index 000000000..8c348ac67 --- /dev/null +++ b/roles/contiv/tasks/netplugin_iptables.yml @@ -0,0 +1,29 @@ +--- +- name: Netplugin IPtables | Get iptables rules + command: iptables -L --wait + register: iptablesrules + always_run: yes + +- name: Netplugin IPtables | Enable iptables at boot + service: + name: iptables + enabled: yes + state: started + +- name: Netplugin IPtables | Open Netmaster with iptables + command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv" + with_items: + - "{{ netmaster_port }}" + - "{{ contiv_rpc_port1 }}" + - "{{ contiv_rpc_port2 }}" + - "{{ contiv_rpc_port3 }}" + - "{{ contiv_etcd_port }}" + - "{{ kube_master_api_port }}" + when: iptablesrules.stdout.find("contiv") == -1 + notify: Save iptables rules + +- name: Netplugin IPtables | Open vxlan port with iptables + command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "vxlan" + +- name: Netplugin IPtables | Open vxlan port with iptables + command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan" diff --git a/roles/contiv/tasks/ovs.yml b/roles/contiv/tasks/ovs.yml new file mode 100644 index 000000000..0c1b994c7 --- /dev/null +++ b/roles/contiv/tasks/ovs.yml @@ -0,0 +1,28 @@ +--- +- include: packageManagerInstall.yml + when: source_type == "packageManager" + tags: + - binary-update + +- name: OVS | Configure selinux for ovs + command: "semanage permissive -a openvswitch_t" + +- name: OVS | Enable ovs + service: + name: openvswitch + enabled: yes + +- name: OVS | Start ovs + service: + name: openvswitch + state: started + register: ovs_started + +- name: OVS | Configure ovs + command: "ovs-vsctl set-manager {{ item }}" + with_items: + - "tcp:127.0.0.1:6640" + - "ptcp:6640" + +- name: OVS | Configure ovsdb-server + command: "ovs-appctl -t ovsdb-server ovsdb-server/add-remote ptcp:6640" diff --git a/roles/contiv/tasks/packageManagerInstall.yml b/roles/contiv/tasks/packageManagerInstall.yml new file mode 100644 index 000000000..2eff1b85f --- /dev/null +++ b/roles/contiv/tasks/packageManagerInstall.yml @@ -0,0 +1,12 @@ +--- +- name: Package Manager | Init the did_install fact + set_fact: + did_install: false + +- include: pkgMgrInstallers/centos-install.yml + when: ansible_distribution == "CentOS" and not is_atomic + +- name: Package Manager | Set fact saying we did CentOS package install + set_fact: + did_install: true + when: ansible_distribution == "CentOS" diff --git a/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml new file mode 100644 index 000000000..51c3d35ac --- /dev/null +++ b/roles/contiv/tasks/pkgMgrInstallers/centos-install.yml @@ -0,0 +1,33 @@ +--- +- name: PkgMgr CentOS | Install net-tools pkg for route + yum: + pkg=net-tools + state=latest + +- name: PkgMgr CentOS | Get openstack kilo rpm + get_url: + url: https://repos.fedorapeople.org/repos/openstack/openstack-kilo/rdo-release-kilo-2.noarch.rpm + dest: /tmp/rdo-release-kilo-2.noarch.rpm + validate_certs: False + environment: + http_proxy: "{{ http_proxy|default('') }}" + https_proxy: "{{ https_proxy|default('') }}" + no_proxy: "{{ no_proxy|default('') }}" + tags: + - ovs_install + +- name: PkgMgr CentOS | Install openstack kilo rpm + yum: name=/tmp/rdo-release-kilo-2.noarch.rpm state=present + tags: + - ovs_install + +- name: PkgMgr CentOS | Install ovs + yum: + pkg=openvswitch + state=latest + environment: + http_proxy: "{{ http_proxy|default('') }}" + https_proxy: "{{ https_proxy|default('') }}" + no_proxy: "{{ no_proxy|default('') }}" + tags: + - ovs_install diff --git a/roles/contiv/templates/aci-gw.service b/roles/contiv/templates/aci-gw.service new file mode 100644 index 000000000..8e4b66fbe --- /dev/null +++ b/roles/contiv/templates/aci-gw.service @@ -0,0 +1,10 @@ +[Unit] +Description=Contiv ACI gw +After=auditd.service systemd-user-sessions.service time-sync.target docker.service + +[Service] +ExecStart={{ bin_dir }}/aci_gw.sh start +ExecStop={{ bin_dir }}/aci_gw.sh stop +KillMode=control-group +Restart=on-failure +RestartSec=10 diff --git a/roles/contiv/templates/aci_gw.j2 b/roles/contiv/templates/aci_gw.j2 new file mode 100644 index 000000000..ab4ad46a6 --- /dev/null +++ b/roles/contiv/templates/aci_gw.j2 @@ -0,0 +1,35 @@ +#!/bin/bash + +usage="$0 start" +if [ $# -ne 1 ]; then + echo USAGE: $usage + exit 1 +fi + +case $1 in +start) + set -e + + docker run --net=host \ + -e "APIC_URL={{ apic_url }}" \ + -e "APIC_USERNAME={{ apic_username }}" \ + -e "APIC_PASSWORD={{ apic_password }}" \ + -e "APIC_LEAF_NODE={{ apic_leaf_nodes }}" \ + -e "APIC_PHYS_DOMAIN={{ apic_phys_dom }}" \ + -e "APIC_EPG_BRIDGE_DOMAIN={{ apic_epg_bridge_domain }}" \ + -e "APIC_CONTRACTS_UNRESTRICTED_MODE={{ apic_contracts_unrestricted_mode }}" \ + --name=contiv-aci-gw \ + contiv/aci-gw + ;; + +stop) + # don't stop on error + docker stop contiv-aci-gw + docker rm contiv-aci-gw + ;; + +*) + echo USAGE: $usage + exit 1 + ;; +esac diff --git a/roles/contiv/templates/contiv.cfg.j2 b/roles/contiv/templates/contiv.cfg.j2 new file mode 100644 index 000000000..2c9a666a9 --- /dev/null +++ b/roles/contiv/templates/contiv.cfg.j2 @@ -0,0 +1,6 @@ +{ + "K8S_API_SERVER": "https://{{ hostvars[groups['masters'][0]]['ansible_' + netmaster_interface].ipv4.address }}:{{ kube_master_api_port }}", + "K8S_CA": "{{ openshift.common.config_base }}/node/ca.crt", + "K8S_KEY": "{{ openshift.common.config_base }}/node/system:node:{{ openshift.common.hostname }}.key", + "K8S_CERT": "{{ openshift.common.config_base }}/node/system:node:{{ openshift.common.hostname }}.crt" +} diff --git a/roles/contiv/templates/netmaster.env.j2 b/roles/contiv/templates/netmaster.env.j2 new file mode 100644 index 000000000..5b5c84a2e --- /dev/null +++ b/roles/contiv/templates/netmaster.env.j2 @@ -0,0 +1,2 @@ +NETMASTER_ARGS='--cluster-store etcd://{{ etcd_url }} --cluster-mode=kubernetes' + diff --git a/roles/contiv/templates/netmaster.service b/roles/contiv/templates/netmaster.service new file mode 100644 index 000000000..21c0380be --- /dev/null +++ b/roles/contiv/templates/netmaster.service @@ -0,0 +1,8 @@ +[Unit] +Description=Netmaster +After=auditd.service systemd-user-sessions.service contiv-etcd.service + +[Service] +EnvironmentFile=/etc/default/netmaster +ExecStart={{ bin_dir }}/netmaster $NETMASTER_ARGS +KillMode=control-group diff --git a/roles/contiv/templates/netplugin.j2 b/roles/contiv/templates/netplugin.j2 new file mode 100644 index 000000000..f3d26c037 --- /dev/null +++ b/roles/contiv/templates/netplugin.j2 @@ -0,0 +1,9 @@ +{% if contiv_encap_mode == "vlan" %} +NETPLUGIN_ARGS='-vlan-if {{ netplugin_interface }} -ctrl-ip {{ netplugin_ctrl_ip }} -plugin-mode kubernetes -cluster-store etcd://{{ etcd_url }}' +{% endif %} +{# Note: Commenting out vxlan encap mode support until it is fully supported +{% if contiv_encap_mode == "vxlan" %} +NETPLUGIN_ARGS='-vtep-ip {{ netplugin_ctrl_ip }} -e {{contiv_encap_mode}} -ctrl-ip {{ netplugin_ctrl_ip }} -plugin-mode kubernetes -cluster-store etcd://{{ etcd_url }}' +{% endif %} +#} + diff --git a/roles/contiv/templates/netplugin.service b/roles/contiv/templates/netplugin.service new file mode 100644 index 000000000..dc7b95bb5 --- /dev/null +++ b/roles/contiv/templates/netplugin.service @@ -0,0 +1,8 @@ +[Unit] +Description=Netplugin +After=auditd.service systemd-user-sessions.service contiv-etcd.service + +[Service] +EnvironmentFile=/etc/default/netplugin +ExecStart={{ bin_dir }}/netplugin $NETPLUGIN_ARGS +KillMode=control-group |
