Multicloud Contrail Networking

Deploying Contrail Multicloud with Contrail Command (Evaluation Purposes Only)

Note All functionality provided within the Infrastructure: Multicloud tab in Contrail Command is available for evaluation purposes only through Contrail Networking Release 2005. This functionality is not intended for deployment in production networks.

The Infrastructure: Multicloud tab was removed from Contrail Command in Contrail Networking Releases 1912.L1 and 2008.

You can provision Contrail Multicloud with the Contrail Command UI.

Contrail supports provisioning of Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).

Multicloud gateway (MC-GW) node interconnects different Virtual Private Cloud (VPC)/Virtual Networks (VNets) in cloud. Additionally, MC-GW extends on-premise resources to cloud.

This topic provides steps to configure Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) with the Contrail Command UI.

Prerequisites:

Sample Topology:

Deploying Microsoft Azure with Contrail Command

To provision Microsoft Azure:

Procedure

  1. Login to the desired cluster from the Contrail Command UI.
  2. Click Infrastructure: Multi Cloud.
  3. Click Create.

    Procedure

    1. Select Azure from the Type of Cloud drop down menu.
    2. Enter Cloud Name and Organization Name.
    3. Enter the Version ID. The version ID is used for determining OS images used during instances creation. The version ID is provided by Microsoft Azure and is tied to the Microsoft Azure account.
    4. Ignore the Keypair Name and SSH Key Directory Path fields unless you are an expert user or a user in a specialized circumstance. These are not required fields and Microsoft Azure generates these values automatically in the back-end during this deployment process.
    5. Provide your Azure Service Principal credentials, including your Client ID, Tenant ID, Subscription ID, and Client secret data. This can be provided manually or by importing a credentials file. For information on creating an Azure Service Principal credentials file, see Create an Azure service principal with Azure PowerShell from Microsoft Azure.
    6. Click Expand All
    7. In the Region Details tab, enter the Region Name from the drop-down menu and the Resource Group name. The region name is from your Microsoft Azure cloud and the resource group should already have been created; see Creating a Resource Group.
    8. In the VNET Details tab:

      Procedure

      • Enter the VNET name and the CIDR block.
      • In the Private Subnet CIDR tab, enter the Private Subnet Name, CIDR block, and availability zone.

        Click the Add button if you would like to add additional private subnets.

      • If you are using Security Groups, open the Security Groups tab and specify the rules of your security group.

        Click the Add button if you need to add additional security rules.

      • In the Instances tab, add the instances—including gateway nodes, compute nodes, and controller nodes—for your Azure cloud network. You must create at least one gateway node.
      • Click Create.

        You can access the logs at logs/var/log/contrail/cloud.log on the Contrail Command server.

  4. Click Infrastructure: Multi Cloud.

    You must see your multi clouds listed here with the Status as color Green.

  5. Click Infrastructure: Servers.

    Procedure

    1. Click Create.

      Procedure

      1. Enter the required details for the on-premise gateway nodes.
      2. Click Create.

    You can access the logs at logs/var/log/contrail/cloud.log.

  6. Click Infrastructure: Cluster.

    Procedure

    1. Click Subclusters.
    2. Click Add Subcluster and select Add Existing VPC from the drop-down menu.

      Procedure

      1. Add the required details.
      2. Select the created Azure cloud from the Select Existing Cloud drop-down list.
      3. The Public MultiCloud GW Role must be the name of the earlier created Azure GW.

        From the drop down list, select User Credentials of the on-premises private cloud.

      4. Check the deployment logs at /var/log/contrail/cloud.log and /var/log/contrail/deploy.log on the Contrail Command server.
      5. Click Create.

    You can access the logs at logs/var/log/contrail/cloud.log and logs/var/log/contrail/deploy.log on the Contrail Command server.

Deploying Amazon Web Services with Contrail Command

To provision Amazon Web Services (AWS):

Procedure

  1. Login to the desired cluster from the Contrail Command UI.
  2. Click Infrastructure: Multi Cloud.
  3. Click Create.

    Procedure

    1. Select AWS from the Type of Cloud drop-down list.
    2. Enter the required details about the cloud network, including the Cloud Name, Organization Name, Version ID and the AWS Credentials.

      The version ID is used for determining OS images used during instances creation.

      The AWS credentials can be entered manually or by uploading a CSV file that was generated using AWS.

      Ignore the Keypair Name and SSH Key Directory Path fields unless you are an expert user or a user in a specialized circumstance. These are not required fields and these values are automatically generated in the back-end during this deployment process.

    3. Click the Region Details tab. Enter the region of the cloud network using the drop-down menu.
    4. Click the VPC Details tab and enter the VPC details.

      Click the Add button to include additional VPCs.

    5. If you are using Security Groups, click the Security Groups tab and specify the rules of your security group.

      Click the Add button if you need to add additional security rules.

    6. Click the Instances tab, and add instances - including gateway nodes, compute nodes, controller nodes - for your AWS cloud network. You must add at least one gateway instance.
    7. Click Create.
  4. Click Infrastructure: Multi Cloud.

    You must see your multi clouds listed here with the Status as color Green.

  5. Click Cluster.

    Procedure

    1. Click Subcluster.
    2. Click Add Subcluster.
    3. Click Add Existing VPC.

      Procedure

      1. Add the required details.
      2. Select the created AWS cloud from the drop down list of Select Existing Cloud
      3. The Public MultiCloud GW Role must be the name of the earlier created AWS GW.
      4. Add Gateways BGP Peer.
      5. Click Create.

Deploying Google Cloud Platform (GCP) with Contrail Command

Procedure

Starting with Contrail Networking Release 1911, you can provision Google Cloud Platform (GCP) cloud networks within Contrail Command.

To provision Google Cloud Platform (GCP):

  1. Login to the desired cluster from the Contrail Command UI.
  2. Click Infrastructure: Multi Cloud.
  3. Click Create.
  4. Select GCP from the Type of Cloud dropdown list.
  5. Enter a Cloud Name, Organization Name, Version ID, and Project:

    You can ignore the Keypair Name and SSH Key Directory Path fields unless you are an expert user or a user in a specialized circumstance. These are not required fields and these values are automatically generated in the back-end during this deployment process.

  6. Upload the GCP credentials file (google-account.json).

    GCP credentials files are created from Google Cloud. See Creating and managing service account keys in the Cloud Identity and Access Management documentation for the Google Cloud Platform.

  7. Enter required Region Details and VPC Details.
  8. Enter required Firewall Rules, and Instances.

    The Instances fields are used to identify compute nodes, gateway nodes, bare metal nodes, gateway nodes, and Kubernetes master nodes. You are, minimally, required to create one instance node with the Gateway role to define a gateway node.

  9. Click Create.
  10. You are returned to the main Multi Cloud page after the GCP instance is created. Click Infrastructure: Multi Cloud if you are not moved to this page.

    Confirm that your GCP instance is created and that the Status is Green.

  11. Click Infrastructure: Cluster.
  12. Click the Subclusters tab.
  13. Click Add Subclusters.
  14. Click Add Existing VPC.
  15. Add the required details.
  16. Select the created GCP cloud from the Select Existing Cloud drop-down list.
  17. Upload the GCP credentials file (google-account.json).

    GCP credentials files are created from Google Cloud. See Creating and managing service account keys in the Cloud Identity and Access Management documentation for the Google Cloud Platform.

  18. The Public MultiCloud GW Role must be the name of the earlier created GCP GW.
  19. Click Create.

Adding a Compute Host to Multicloud

You can modify the multicloud topology by adding a new compute host to the VPC as well as a new VPC altogether.

Procedure

  1. Edit the topology.yml to reflect your new topology. Ensure that the new VPC uses a different IP address pool.
    # vi topology.yml
  2. Navigate to the one-click-deployer directory.
    # cd multicloud/one-click-deployer
  3. Run the modify.sh script to generate the topology and deploy Contrail.
    # ./modify.sh

    Note You can download the scripts from https://ssd-git.juniper.net/contrail/contrail-multi-cloud/tree/master/one-click-deployer. If you are not able to access the page, you might not have the required access permission. E-mail eng-git-support@juniper.net for necessary permissions.

Updating the Contrail Multicloud Cluster

Perform the following procedure to update the Contrail multicloud cluster with adding another gateway to an existing Virtual Private Cloud (VPC).

Adding Another Gateway to an Existing VPC

Procedure

To add another gateway to an existing Virtual Private Cloud (VPC):

  1. Run the following request payload to create the gateway node object.

    The UUIDs listed in cloud_security_group_refs, tag_refs, and cloud_private_subnet_refs were created in the topic “Deploy Public Cloud Infrastructure” in Deploying Contrail Multicloud using REST API.

    Example: create_new__public_gw_node.yml

    resources:
    - data:
        uuid: 39845468-903b-4d69-b6d3-dec647ec223e
        name: public_gateway_node_B
        parent_type: global-system-config
        fq_name:
        - default-global-system-config
        - public_gateway_node_B
        perms2:
          owner: admin
        hostname: gateway_B
        interface_name: eth1
        type: private
        cloud_info:
          availability_zone: a
          machine_id: ami-18726478
          instance_type: t2.xlarge
          roles:
          - gateway
        cloud_private_subnet_refs:
        - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
        credential_refs:
        - uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
        cloud_security_group_refs:
        - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
        tag_refs:
        - uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
      kind: node
      operation: CREATE
    
  2. Create the contrail-multicloud-gw-node object.

    The UUID listed in node_refs was created in Step 1.

    Example: create_new_mcgw_node.yml

    resources:
    - data:
        name: public_contrail_multicloud_gw_node_B
        node_refs:
        - uuid: 39845468-903b-4d69-b6d3-dec647ec223e
        protocols_mode:
        - ssl_server
        - ipsec_server
        - ipsec_client
        - ssl_client
        parent_type: contrail-cluster
        parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0
      kind: contrail_multicloud_gw_node
      operation: CREATE
    
  3. Update the cloud object with provisioning_state as NOSTATE. This cloud object was created in the topic “Deploy Public Cloud Infrastructure” in Deploying Contrail Multicloud using REST API.
    resources:
    - data:
        provisioning_state: NOSTATE
        uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc
      kind: cloud
      Operation: UPDATE
    
  4. Update cluster object with provisioning_state as NOSTATE and provisioning_action as UPDATE_CLOUD.
    resources:
    - data:
        uuid: a5063dde-2681-11e9-8021-0050568a3bf0
        provisioning_state: NOSTATE
        provisioning_action: UPDATE_CLOUD
      kind: contrail_cluster
      operation: UPDATE

Deleting the Contrail MultiCloud Cluster

Perform the following procedures to delete the Contrail multicloud cluster:

Removing Extension of Public Cloud to On-Premise Contrail Cluster

Procedure

To remove the extension of public cloud to the on-premise Contrail cluster:

  1. The following request uses DELETE_CLOUD in provisioning_action to remove the extension.

    Example: delete_cloud.yml

    ---
    resources:
    - data:
        uuid: a5063dde-2681-11e9-8021-0050568a3bf0
        provisioning_state: NOSTATE
        provisioning_action: DELETE_CLOUD
        cloud_refs: []
        mc_gw_info: {}
      kind: contrail_cluster
      operation: UPDATE
    
  2. In addition, delete the on-premise cloud objects that were created earlier. If the UUID of the resource is unknown, use contrailcli to get them.

    Example: delete_onprem_cloud_objects.yml

    ---
    resources:
    - data:
        uuid: 0f11f71c-f451-11e8-bccc-a4d18newdcd4
      operation: DELETE
      kind: contrail_multicloud_gw_node
    
    - data:
        cloud_private_subnet_refs: []
        tag_refs: []
        uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953
      kind: node
      operation: UPDATE
    
    - data:
        cloud_private_subnet_refs: []
        tag_refs: []
        uuid: c8d9d4ec-2f4a-11e9-bfac-0050568a3bf0
      kind: node
      operation: UPDATE
    
    - data:
        cloud_private_subnet_refs: []
        tag_refs: []
        uuid: c8d9c1b4-2f4a-11e9-bfac-0050568a3bf0
      kind: node
      operation: UPDATE
    
    - data:
        uuid: fdc97d65-9f58-4b5c-ac8c-07341a115ab5
      kind: cloud_private_subnet
      operation: DELETE
    
    - data:
        uuid: fdc97d65-9f58-4b5c-ac8c-07341c334ab8
      kind: cloud_private_subnet
      operation: DELETE
    
    - data:
        uuid: 4bd887b1-3f65-59c1-bc2f-ZGZiYWVhY2Vmejc2NTQK
      kind: virtual_cloud
      operation: DELETE
    
    - data:
        uuid: 70d4d63e-6f51-4181-bb0b-4a1bbf242332
      kind: cloud_region
      operation: DELETE
    
    - data:
        uuid: 061a024a-9da0-40a3-974b-9309dfd85255
      kind: cloud_provider
      operation: DELETE
    
    - data:
        uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg
      kind: cloud
      operation: DELETE
    
    - data:
        uuid: 4e77005b-b7ba-489b-9891-aGFjawo9eadf
      kind: cloud_user
      operation: DELETE
    
    - data:
        uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93
      kind: tag
      operation: DELETE
    

Deleting Public Cloud Infrastructure Objects

Use the following request to delete public cloud infrastructure objects:

Example: delete_public_cloud_objects.yml

---
resources:
- data:
    provisioning_state: NOSTATE
    uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc
    provisioning_action: DELETE_CLOUD
  kind: cloud
  operation: UPDATE

Deploying Contrail Multicloud using REST API

This section explains how to deploy Contrail Multicloud using REST API.

Prerequisites and Assumptions

The following are the assumptions for Contrail Multicloud deployment:

Objective and Workflow

The deployment consists of the following steps:

  1. Create an entire public cloud infrastructure that includes Virtual Private Cloud (VPC)/virtual network, virtual machines, routes, and so on.

  2. Deploy multicloud gateway roles for both on-premise site and public cloud sites.

  3. Deploy Contrail and Kubernetes components needed on the public cloud site.

  4. Establish connectivity between on-premise site and public cloud.

Deploying the Public Cloud Infrastructure

When deploying the following example deploy_public_cloud_infra.yml file, multiple resources for Amazon Web Services (AWS) infrastructure are created. Summarized are important resources created using this yaml file.

Verify that the correct access key and secret key are entered in the cloud_user object.

Example: deploy_public_cloud_infra.yml

---
resources:
- data:
    name: public_cloud_tag
    uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
    fq_name:
    - public_cloud_tag
    tag_type_name: label
    tag_value: public_cloud_provider_aws
  kind: tag
  operation: CREATE
- data:
    name: public_cloud_key
    uuid: 4e77005b-b7ba-489b-9891-8472cee8ghts
    parent_type: global-system-config
    fq_name:
    - default-global-system-config
    - public_cloud_key
  kind: keypair
  operation: CREATE
- data:
    name: public_cloud_credential
    uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
    parent_type: global-system-config
    fq_name:
    - default-global-system-config
    - public_cloud_credential
    ssh_user: ec2-user
    keypair_refs:
    - uuid: 4e77005b-b7ba-489b-9891-8472cee8ghts
  kind: credential
  operation: CREATE
- data:
    uuid: 4e77005b-b7ba-489b-9891-8472cee9eadf
    name: public_cloud_user
    fq_name:
    - public_cloud_user
    perms2:
      owner: admin
    aws_credential:
      access_key: xxxxxxxxx
      secret_key: YYYYYYYYYYYYYYYYYYYYYY
    credential_refs:
    - uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
  kind: cloud_user
  operation: CREATE
- data:
    provisioning_state: CREATED
    uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc
    name: public_cloud
    fq_name:
    - public_cloud
    perms2:
      owner: admin
    organization: test
    project: 5.0.3
    cloud_user_refs:
    - uuid: 4e77005b-b7ba-489b-9891-8472cee9eadf
  kind: cloud
  operation: CREATE
- data:
    name: public_cloud_provider
    parent_type: cloud
    fq_name:
    - public_cloud
    - public_cloud_provider
    perms2:
      owner: admin
    type: aws
  kind: cloud_provider
  operation: CREATE
- data:
    name: us-west-1
    parent_type: cloud-provider
    fq_name:
    - public_cloud
    - public_cloud_provider
    - public_cloud_region
    display_name: public_cloud_region
    perms2:
      owner: admin
  kind: cloud_region
  operation: CREATE
- data:
    name: publc_virtual_cloud
    parent_type: cloud-region
    fq_name:
    - public_cloud
    - public_cloud_provider
    - public_cloud_region
    - publc_virtual_cloud
    perms2:
      owner: admin
    cidr_block: 192.168.100.0/24
    tag_refs:
    - uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
  kind: virtual_cloud
  operation: CREATE
- data:
    uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
    name: public_cloud_private_subnet
    parent_type: virtual-cloud
    fq_name:
    - public_cloud
    - public_cloud_provider
    - public_cloud_region
    - publc_virtual_cloud
    - public_cloud_private_subnet
    perms2:
      owner: admin
    cidr_block: 192.168.100.128/25
    availability_zone: a
  kind: cloud_private_subnet
  operation: CREATE
- data:
    uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
    name: public_cloud_security_group
    parent_type: virtual-cloud
    fq_name:
    - public_cloud
    - public_cloud_provider
    - public_cloud_region
    - publc_virtual_cloud
    - public_cloud_security_group
    perms2:
      owner: admin
  kind: cloud_security_group
  operation: CREATE
- data:
    name: public_cloud_security_group_rule_ingress
    parent_type: cloud-security-group
    fq_name:
    - public_cloud
    - public_cloud_provider
    - public_cloud_region
    - publc_virtual_cloud
    - public_cloud_security_group
    - public_cloud_security_group_rule_ingress
    perms2:
      owner: admin
    direction: ingress
    protocol: "-1"
    from_port: 0
    to_port: 0
    cidr_block: 0.0.0.0/0
  kind: cloud_security_group_rule
  operation: CREATE
- data:
    name: public_cloud_security_group_rule_egress
    parent_type: cloud-security-group
    fq_name:
    - public_cloud
    - public_cloud_provider
    - public_cloud_region
    - publc_virtual_cloud
    - public_cloud_security_group
    - public_cloud_security_group_rule_egress
    perms2:
      owner: admin
    direction: egress
    protocol: "-1"
    from_port: 0
    to_port: 0
    cidr_block: 0.0.0.0/0
  kind: cloud_security_group_rule
  operation: CREATE
- data:
    uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43526
    name: public_gateway_node
    parent_type: global-system-config
    fq_name:
    - default-global-system-config
    - public_gateway_node
    perms2:
      owner: admin
    hostname: gateway
    interface_name: eth1
    type: private
    cloud_info:
      availability_zone: a
      machine_id: ami-18726478
      instance_type: t2.xlarge
      roles:
      - gateway
    cloud_private_subnet_refs:
    - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
    credential_refs:
    - uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
    cloud_security_group_refs:
    - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
    tag_refs:
    - uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
  kind: node
  operation: CREATE
- data:
    uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634
    name: public_compute_node
    parent_type: global-system-config
    fq_name:
    - default-global-system-config
    - public_compute_node
    perms2:
      owner: admin
    hostname: compute
    interface_name: eth0
    type: private
    cloud_info:
      availability_zone: a
      machine_id: ami-18726478
      instance_type: t2.xlarge
      volume_size: 24
      roles:
      - compute
    cloud_private_subnet_refs:
    - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac5798d
    credential_refs:
    - uuid: 9d0fffff-3fd8-439c-bdb2-ff5800497579
    cloud_security_group_refs:
    - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaeac57123
    tag_refs:
    - uuid: efd769a8-2e6c-11e9-b210-d663bd873d93
  kind: node
  operation: CREATE

Creating Contrail Roles Specific to Public Cloud Instances

Use these guidelines in the create_contrail_roles_for_cloud_objects.yml file in this procedure:

Procedure

To create Contrail roles specific to public cloud instances, perform the following steps:

  1. Enter these requests to locate the Contrail and Kubernetes cluster UUIDs.
    contrailcli list contrail_cluster | grep uuid
    contrailcli list kubernetes_cluster | grep uuid
    
  2. Use the following request payload to create the contrail roles for cloud objects.

    Example: create_contrail_roles_for_cloud_objects.yml

    ---
    resources:
    - data:
        name: public_contrail_multicloud_gw_node
        node_refs:
        - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43526
        protocols_mode:
        - ssl_server
        - ipsec_server
        - ipsec_client
        parent_type: contrail-cluster
        parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0
      kind: contrail_multicloud_gw_node
      operation: CREATE
      
    - data:
        name: public_kubernetes_node
        node_refs:
        - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634
        parent_type: kubernetes-cluster
        parent_uuid: a50635c8-2681-11e9-8021-0050568a3bf0
      kind: kubernetes_node
      operation: CREATE
      
    - data:
        name: public_contrail_vrouter_node
        node_refs:
        - uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634
        parent_type: contrail-cluster
        parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0
      kind: contrail_vrouter_node
      operation: CREATE
    
  3. Update the provisioning_state of cloud object to NOSTATE to trigger the deployment of the public cloud.
    - data:
        provisioning_state: NOSTATE
        uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc
      kind: cloud
      Operation: UPDATE


    Wait for the cloud deployment logs in /var/log/contrail/cloud.log to complete before proceeding to the next steps. When completed, the provisioning_state of the cloud resource change from NOSTATE to either UPDATED or UPDATE_FAILED.

Creating On-Premise Cloud Objects

In the following create_onprem_pvt_port.yml file, node objects were already created. You are updating the cloud_private_subnet and tag_refs. Per the requirement, you need to have multicloud gateway and other roles on the on-premise cluster (Contrail controller, Kubernetes nodes, OpenStack nodes) on two different networks connected through a TOR. Hence, in the following yaml file there are two private subnets created. Be careful when adding the cloud_private_subnet_refs to the nodes.

Procedure

To create on-premise cloud objects:

  1. Create the private port.

    If the private interface is not already created for the on-premise cluster nodes by using the UI, create them here. In the following example file, you are using the UUID of each on-premise cluster node resource.

    Example: create_onprem_pvt_port.yml

    ---
    resources:
    # Create private interface for onprem compute node
    - data:
        parent_type: node
        parent_uuid: 4bd887b1-3f65-59c1-bc2f-dfbaenew43634
        name: bond0
        ip_address: 192.168.1.2
        pxe_enabled: false
      kind: port
    
    # Create private interface for onprem controller
    - data:
        parent_type: node
        parent_uuid: c8d9d4ec-2f4a-11e9-bfac-0050568a3bf0
        name: bond0
        ip_address: 192.168.1.1
        pxe_enabled: false
      kind: port
    
  2. Update the on-premise credential with the public cloud keypair reference.
    1. Use the UUID of the already created credential resource. List the credentials using the following requests to obtain the UUID.

      
      contrailcli list contrail_control_node -d | grep -A 1 node_refs
      contrailcli show node <uuidOfNodeRefsFromPreviousCommand> | grep -A 1 credential_refs
    2. In keypair_refs use the UUID of the keypair created as part of deploying public cloud in the previous topic “Deploy Public Cloud Infrastructure.”

      Example: update_onprem_keypair.yml

      ---
      resources:
      - data:
          uuid: c8d9bf8e-2f4a-11e9-bfac-0050568a3bf0
          keypair_refs:
          - uuid: 4e77005b-b7ba-489b-9891-8472cee8ghts
        kind: credential
        operation: UPDATE
      
  3. Create the on-premise cloud_user with the credential_refs pointing to the on-premise credential UUID, that was updated in Step 3.

    Example: create_onprem_clouduser.yml

    ---
    resources:
    - data:
        uuid: 4e77005b-b7ba-489b-9891-aGFjawo9eadf
        name: onprem_cloud_user
        fq_name:
        - onprem_user
        credential_refs:
        - uuid: c8d9bf8e-2f4a-11e9-bfac-0050568a3bf0
        perms2:
          owner: admin
      kind: cloud_user
      operation: CREATE
    
  4. Create the on-premise cloud objects.

    Cloud object refers to cloud_user created in Step 4 and the virtual_cloud reference tag created in Step 2.

    Example: create_onprem_cloud_objects.yml

    ---
    resources:
    - data:
        provisioning_state: CREATED
        uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg
        name: onprem_cloud
        fq_name:
        - onprem_cloud
        perms2:
          owner: admin
        organization: juniper
        project: juniper-private
        cloud_user_refs:
        - uuid: 4e77005b-b7ba-489b-9891-aGFjawo9eadf
      kind: cloud
      operation: CREATE
    
    - data:
        name: onprem_cloud_provider
        parent_type: cloud
        fq_name:
        - onprem_cloud
        - onprem_cloud_provider
        perms2:
          owner: admin
        type: private
      kind: cloud_provider
      operation: CREATE
    
    - data:
        name: onprem_cloud_region
        parent_type: cloud-provider
        fq_name:
        - onprem_cloud
        - onprem_cloud_provider
        - onprem_cloud_region
        perms2:
          owner: admin
      kind: cloud_region
      operation: CREATE
    
    - data:
        name: onprem_virtual_cloud
        parent_type: cloud-region
        fq_name:
        - onprem_cloud
        - onprem_cloud_provider
        - onprem_cloud_region
        - onprem_virtual_cloud
        perms2:
          owner: admin
        tag_refs:
        - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93
      kind: virtual_cloud
      operation: CREATE
    
    - data:
        name: onprem_cloud_private_subnet
        uuid: 5ecfeb06-2e7c-11e9-b210-d663bd873d93
        parent_type: virtual-cloud
        fq_name:
        - onprem_cloud
        - onprem_cloud_provider
        - onprem_cloud_region
        - onprem_virtual_cloud
        - onprem_cloud_private_subnet
        perms2:
          owner: admin
        cidr_block: 192.168.1.0/24
      kind: cloud_private_subnet
      operation: CREATE
    
    - data:
        name: onprem_cloud_private_subnet_gw
        uuid: 3defeb06-2e7c-11e9-b210-d663bd873d93
        parent_type: virtual-cloud
        fq_name:
        - onprem_cloud
        - onprem_cloud_provider
        - onprem_cloud_region
        - onprem_virtual_cloud
        - onprem_cloud_private_subnet_gw
        perms2:
          owner: admin
        cidr_block: 192.168.2.0/24
      kind: cloud_private_subnet
      operation: CREATE
    
  5. Create the on-premise gateway node.

    Example: create_onprem_mcgw_node.yml

    ---
    resources:
    - data:
        uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953
        name: onprem_gateway
        type: private
        hostname: onprem_gateway
        ip_address: 10.87.74.132
        interface_name: eno1
        fq_name:
        - default-global-system-config
        - onpre_virtual_cloud
        parent_type: global-system-config
        tag_refs:
        - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93
        credential_refs:
        - uuid: c8d9bf8e-2f4a-11e9-bfac-0050568a3bf0
        cloud_private_subnet_refs:
        - uuid: 3defeb06-2e7c-11e9-b210-d663bd873d93
      kind: node
    
    # Create private interface for onprem gateway
    - data:
        parent_type: node
        parent_uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953
        name: bond0
        ip_address: 192.168.2.1
        pxe_enabled: false
      kind: port
    
  6. Create the on-premise contrail_multicloud_gateway_node role and update parent_uuid with contrail_cluster UUID.

    Use the following request to get the contrail_cluster UUID:

    contrailcli list contrail_cluster | grep uuid

    Update node_refs UUID with the gateway node created earlier in this step.

    Example: create_onprem_mcgw_node_role.yml

    ---
    resources:
    - data:
        name: onprem_contrail_multicloud_gw_node
        node_refs:
        - uuid: 41f99f2d-a5a4-4e2c-b598-c173cf748953
        protocols_mode:
        - ssl_client
        default_gateway: 192.168.2.254
        parent_type: contrail-cluster
        parent_uuid: a5063dde-2681-11e9-8021-0050568a3bf0
      kind: contrail_multicloud_gw_node
    
  7. Update the on-premise compute and controller node.

    Link the on-premise cluster nodes (compute/controller) to the virtual_cloud created for the on-premise cluster using tag. Use the UUID of the node object created using the UI as part of the Contrail cluster deployment.

    Use the following request to get the node UUID:

    contrailcli list contrail_control_node | grep uuid
    contrailcli list contrail_vrouter_node | grep uuid
    

    tag_refs, and cloud_private_subnet_refs are the UUID of the respective resources created or updated in Step 2 and Step 5.

    Example: update_onprem_nodes.yml

    ---
    resources:
    #Link onprem cluster nodes to the virtaul_cloud created for onprem cluster
    - data:
        uuid: c8d9d4ec-2f4a-11e9-bfac-0050568a3bf0
        cloud_private_subnet_refs:
        - uuid: 5ecfeb06-2e7c-11e9-b210-d663bd873d93
        tag_refs:
        - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93
      kind: node
      operation: UPDATE
    
    - data:
        uuid: c8d9c1b4-2f4a-11e9-bfac-0050568a3bf0
        cloud_private_subnet_refs:
        - uuid: 5ecfeb06-2e7c-11e9-b210-d663bd873d93
        tag_refs:
        - uuid: 2eefeb06-2e7c-11e9-b210-d663bd873d93
      kind: node
      operation: UPDATE
    
  8. Update the on-premise cloud state with NOSTATE to trigger deployment of the on-premise cloud. Use the onprem_cloud objects UUID created in Step 5.
    ---
    resources:
    - data:
        provisioning_state: NOSTATE
        uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg
      kind: cloud
      operation: UPDATE
    


    Wait for the cloud deployment logs in /var/log/contrail/cloud.log to complete before proceeding to the next steps. When completed, the provisioning_state of the cloud resource changes from NOSTATE to either UPDATED or UPDATE_FAILED.

Extending On-Premise Contrail Cluster to Public Cloud

Procedure

To extend the on-premise Contrail cluster to the public cloud:

  1. Use the following request to get the cloud UUIDs.
    contrailcli list cloud | grep uuid
  2. Use the following request to get the UUID of the contrail_cluster.
    contrailcli list contrail_cluster | grep uuid
  3. Run the following request payload to extend the on-premise Contrail cluster to the public cloud.

    Example: extend_onprem_to_coud.yml

    ---
    resources:
    - data:
        uuid: a5063dde-2681-11e9-8021-0050568a3bf0
        provisioning_state: NOSTATE
        provisioning_action: ADD_CLOUD
        cloud_refs:
        - uuid: dfb40e0d-c9f4-47cd-bd5c-MWVmZGQyOGZkNGZjCg
        - uuid: dfb40e0d-c9f4-47cd-bd5c-1efdd28fd4fc
        mc_gw_info:
          AS: 65000
          openvpn_port: 443
          vpn_lo_network: 100.65.0.0/16
          vpn_network: 100.64.0.0/16
          bfd_interval: 200ms
          bfd_multiplier: 5
          bfd_interval_multihop: 500ms
          bfd_multiplier_multihop: 5
      kind: contrail_cluster
      operation: UPDATE
    

    With this request, you trigger the Contrail multicloud Ansible playbooks to start deploying Contrail roles on the public cloud, which includes the Contrail multicloud gateway role.


    Wait for the cloud deployment logs in /var/log/contrail/cloud.log to complete before proceeding to the next steps. When completed, the provisioning_state of the cloud resource changes from NOSTATE to either UPDATED or UPDATE_FAILED.