Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How to Install Contrail Command and Provision Your Contrail Cluster

Use this document to install Contrail Command—the graphical user interface for Contrail Networking—and provision your servers or VMs as nodes in a Contrail cluster. Servers or VMs are provisioned into compute nodes, control nodes, orchestrator nodes, Contrail Insights nodes, Contrail Insights Flows nodes, or service nodes to create your Contrail cluster using this procedure.

Note:

Contrail Insights and Contrail Insights Flows were previously named Appformix and Appformix Flows.

When to Use This Document

We strongly recommend Contrail Command as the primary interface for configuring and maintaining Contrail Networking.

You should, therefore, complete the procedures in this document as an initial configuration task in your Contrail Networking environment.

Server Requirements

A Contrail Networking environment can include physical servers or VMs providing server functions, although we highly recommended using physical servers for scalability and availability reasons whenever possible.

Each server in a Contrail environment must have a minimum of:

  • 64 GB memory.

  • 300 GB hard drive.

  • 4 CPU cores.

  • At least one Ethernet port.

For additional information on server requirements for Contrail Networking, see Server Requirements and Supported Platforms.

Software Requirements

  • Contrail Command and Contrail Networking

    Contrail Command and Contrail Networking are updated simultaneously and always run the same version of Contrail Networking software.

    Each Contrail Networking release has software compatibility requirements based on the orchestration platform version, the deployer used to deploy the orchestration platform, the supported server operating system version, and other software requirements.

    For a list of supported platforms for all Contrail Networking releases and additional environment-specific software requirements, see Contrail Networking Supported Platforms List.

  • Contrail Insights and Contrail Insights Flows

    Starting in Contrail Release 2005, the Contrail Insights and Contrail Insights Flows images that support a Contrail Networking release are automatically provisioned within Contrail Command. When you download your version of Contrail Command, Contrail Command pulls the Contrail Insights and Contrail Insights Flows images for your Contrail Networking version automatically from within the Juniper Contrail registry. You do not, therefore, need to separately download any individual Contrail Insights software or have awareness of Contrail Insights or Contrail Insights version numbers for your installation.

How to Obtain Contrail Images

The procedures used in this document download the Contrail Command, Contrail Insights, and Contrail Insights Flows software from the Juniper Networks Contrail docker private secure registry at hub.juniper.net. Email mailto:contrail-registry@juniper.net to obtain access credentials to this registry.

You will need to know the Container Tags for your Contrail image to retrieve Contrail images from the Contrail registry. See README Access to Contrail Registry 21XX.

Contrail Networking images are also available at the Contrail Downloads page. Enter Contrail Networking as the product name.

Contrail Insights and Contrail Insights Flows images are also available at the Contrail Insights Download page. Enter Contrail Insights as the product name.

How to Install Contrail Command

Contrail Command is a single pane-of-glass GUI interface for Contrail Networking. For an optimized Contrail Networking experience, we strongly recommend installing Contrail Command before creating your Contrail clusters. Contrail Command is installed using these instructions.

For additional information on Contrail Command, see Understanding Contrail Networking Components.

Before You Begin

Ensure your Contrail Command server—the server that will host Contrail Command—is a virtual machine (VM) or a physical x86 server that meets these minimum system requirements:

  • 4 vCPUs

  • 32 GB RAM

  • 100 GB disk storage with all user storage in the “/” partition.

    If the “/home” partition exists, remove it and increase the “/” partition by the amount of freed storage.

  • Meets the specifications listed in Server Requirements.

  • Runs a version of CentOS that supports your version of Contrail Networking.

    For a list of CentOS versions that are supported with Contrail Networking and orchestration platform combinations, see Contrail Networking Supported Platforms List.

    You can install CentOS with updated packages using the yum update command.

  • Has access to the Contrail Container registry at hub.juniper.net. This access is needed because the Contrail Command deployer, which includes the Contrail Command docker images, is retrieved from this registry during this installation procedure.

    If you do not have access to the Contrail Container registry, email mailto:contrail-registry@juniper.net to obtain access credentials. See README Access to Contrail Registry 21XX for additional information about accessing this registry.

  • Has an active connection to the Internet.

  • Includes at least one active IP interface attached to the management network. Contrail Command manages Contrail and orchestrator clusters over a management IP interface.

Obtain the container tag for the release that you are installing. A container tag is necessary to identify the Contrail Command container files in the hub.juniper.net repository that are installed during this procedure.

The container tag for any Contrail Release 21-based image can be found in README Access to Contrail Registry 21XX.

Preparing Your Contrail Command Server for the Installation

To prepare your servers or VMs for the installation:

  1. Log onto the server that will host Contrail Command and all servers in your Contrail cluster. The servers in your Contrail cluster are the devices that will be provisioned into compute, control, orchestrator, Contrail Insights, Contrail Insights Flows, or service node roles.
  2. Verify the hosts in the hosts file, and add the name and IP address of each host that you are adding to the file.

    In this example, the hosts file is edited using VI to include the name and IP address of the three other servers—contrail-cluster, insights, and insights-flows—that will be provisioned into the contrail cluster during this procedure.

    Note:

    The hosts file is typically overwritten during the provisioning process. This step can be skipped in most Contrail cluster provisioning scenarios, but is recommended as a precaution.

  3. Verify the hostname file listing on the Contrail Command server.

    If needed, update the Contrail Command hostname accordingly to match the hostname that you will use in the Contrail Command cluster.

    Note:

    The hostname file is typically overwritten during the provisioning process. This step can be skipped in most Contrail cluster provisioning scenarios, but is recommended as a precaution.

  4. If you haven’t already generated a shared RSA key for the servers in the cluster, generate and share the RSA key.
  5. SSH into each server that will be provisioned into the Contrail cluster to confirm reachability and accessibility:
  6. Verify that routes to each server are established on your server.
    Note:

    The routes connecting the servers are created outside the Contrail Networking environment and the process to create the routes varies by environment. This procedure, therefore, does not provide the instructions for creating these routes.

    In this example, the routes are verified on the Contrail Command server.

    Perform this step on the Contrail Command server and all servers in your Contrail cluster.

  7. Ping each server to verify connectivity.

    In this example, each node in the Contrail cluster is pinged from the Contrail Command server.

    Perform this step on the Contrail Command server and all servers in your Contrail cluster.

  8. Check the Linux kernel version and, if needed, update the Linux kernel version. If a kernel version update is performed, reboot the server to complete the update.
    Note:

    Obtaining the Linux kernel is not shown in this document.

    In this example, the Linux kernel is verified on the Contrail Command server.

    After the server reboots, confirm that the kernel is updated.

    Perform this step on the Contrail Command server and all servers in your Contrail cluster.

Installing Contrail Command

To install Contrail Command onto a server:

  1. Log into the server that will host the Contrail Command containers. This server will be called the Contrail Command server for the remainder of this procedure.
  2. Remove all installed Python Docker libraries—docker and docker-py—from the Contrail Command server:

    The Python Docker libraries will not exist on the server if a new version of CentOS 7-based software was recently installed. Entering this command when no Python Docker libraries are installed does not harm any system functionality.

    The Contrail Command Deployer, which is deployed later in this procedure, installs all necessary libraries, including the Python Docker libraries.

  3. Install and start the Docker Engine.

    There are multiple ways to perform this step. In this example, Docker Community Edition version 18.03 is installed using yum install and yum-config-manager commands and started using the systemctl start docker command.

    Note:

    The Docker version supported with Contrail Networking changes between Contrail releases and orchestration platforms. See Contrail Networking Supported Platforms List. The yum install -y docker-ce-18.03.1.ce command is used to illustrate the command for one version of Docker.

  4. Retrieve the contrail-command-deployer Docker image by logging into hub.juniper.net and entering the docker pull command.

    Variables:

    • <container_registry_username> and <container_registry_password>—Registry access credentials. You can email mailto:contrail-registry@juniper.net to obtain your username and password credentials to access the Contrail Container registry.

    • <container_tag>—container tag for the Contrail Command (UI) container deployment for the release that you are installing. The <container_tag> for any Contrail Release 21xx image can be found in README Access to Contrail Registry 21XX.

  5. Create and save the command_servers.yml configuration file on the Contrail Command server.

    The configuration of the command_servers.yml file is unique to your environment and complete documentation describing all command_servers.yml configuration options is beyond the scope of this document. Two sample command_servers.yml files for a Contrail environment are provided with this document in Sample command_servers.yml Files for Installing Contrail Command to provide configuration assistance.

    Be aware of the following key configuration parameters when configuring the command_servers.yml file for Contrail Command:

    • The contrail_config: hierarchy defines the Contrail Command login credentials:

      CAUTION:

      For security purposes, we strongly recommend creating unique username and password combinations in your environment.

    • (Contrail Networking Release 2003 or earlier) The following configuration lines must be entered if you want to deploy Contrail Insights and Contrail Insights Flows:

      Note:

      Appformix and Appformix Flows were renamed Contrail Insights and Contrail Insights Flows. The Appformix naming conventions still appear during product usage, including within these directory names.

      The configuration lines must be entered outside of the “command_servers” hierarchy, either immediately after the "---" at the very top of the file or as the last two lines at the very bottom of the file. See Complete command_servers.yml File for an example of these lines added at the beginning of the command_servers.yml file.

      This step is not required to install Contrail Insights and Contrail Insights Flows starting in Contrail Networking Release 2005.

  6. Run the contrail-command-deployer container to deploy Contrail Command.

    where <ABSOLUTE_PATH_TO_command_servers.yml_FILE> is the absolute path to the command_servers.yml file that you created in step 5, and <container_tag> is the container tag for the Contrail Command (UI) container deployment for the release that you want to install. The <container_tag> for any Contrail Release 21xx image can be found in README Access to Contrail Registry 21XX.

  7. (Optional) Track the progress of step 6.
  8. Verify that the Contrail Command containers are running:

    The contrail_command container is the GUI and the contrail_psql container is the database. Both containers should have a STATUS of Up.

    The contrail-command-deployer container should have a STATUS of Exited because it exits when the installation is complete.

  9. Open a web browser and enter https://<Contrail-Command-Server-IP-Address>:9091 as the URL. The Contrail Command home screen appears.

    Enter the username and password combination specified in the command_servers.yml file in step 5. If you use the sample command_servers.yml files in Sample command_servers.yml Files for Installing Contrail Command, the username is admin and the password is contrail123.

    CAUTION:

    For security purposes, we strongly recommend creating unique username and password combinations in your environment.

    For additional information on logging into Contrail Command, see How to Login to Contrail Command.

How to Provision Servers into the Contrail Cluster

Use this procedure to provision servers into your Contrail cluster. A Contrail cluster is a collection of interconnected servers that have been provisioned as compute nodes, control nodes, orchestrator nodes, Contrail Insights nodes, Contrail Insights Flows nodes, or service nodes in a cloud networking environment.

Before You Begin

Before you begin:

  • Plan your topology.

  • Ensure an out-of-band management network is established.

  • Ensure Contrail Command is installed. See How to Install Contrail Command.

  • Ensure all servers hosting Contrail cluster functions meet the specifications listed in Server Requirements.

How to Provision the Contrail Cluster

To provision the Contrail cluster:

  1. (Contrail Networking Release 2003 target release installations using Appformix only) Download the Appformix and—if your also using Appformix Flows—the Appformix Flows images from the

    Contrail Appformix Download page.

    Note:

    Appformix and Appformix Flows were renamed Contrail Insights and Contrail Insights Flows. The Appformix filename conventions are used to name these files for use with Contrail Networking Release 2003.

    For Contrail Release 2003, the supported AppFormix version is 3.1.15 and the supported AppFormix Flows version is 1.0.7.

    • Copy the tar.gz files to the /opt/software/appformix/ directory on the Contrail Command server.

    • Copy your AppFormix license to the /opt/software/appformix/ directory.

    • (Appformix Flows environments only) Copy the two appformix-flows files to the /opt/software/xflow directory.

      You can ignore this step if you are not using Appformix Flows.

    You can skip this step if you are using Contrail Networking Release 2005 or later or are not using Appformix or Appformix Flows in your environment.

  2. Login to Contrail Command at https://<Contrail-Command-Server-IP-Address>:9091 in most scenarios. See How to Login to Contrail Command if you are not seeing the Contrail Command login screen at this URL.

    Leave the Select Cluster field blank to enter Contrail Command in a wizard that guides you through the cluster provisioning process. If Contrail Command is not currently managing a cluster, this is your only Contrail Command login option.

    Your Contrail Command access credentials were specified in the command_servers.yml files in step 5 when you installed Contrail Command. If you used the sample command_servers.yml file to enable Contrail Command, your username is admin and your password is contrail123.

    Note:

    Username and password combinations are provided in this document for illustrative purposes only. We suggest using unique username and password combinations to maximize security in accordance with your organization’s security guidelines.

  3. You are placed into the Infrastructure > Clusters menu upon login. Click the Add Cluster button to start the cluster provisioning process.
  4. Click the Credentials tab to move to the Credentials box, then the Add button to add access credentials for a device that will be added to the cluster.
  5. In the Add box, add the access credentials for a device in your cluster. Click the Add button to complete the process and add the access credentials.

    Repeat steps 4 and 5 to add the access credentials for each server or VM in your cluster.

  6. After clicking the Add button to add the credentials of your last server or VM, click the Server tab to return to the Available servers box.
  7. Click the Add button in the Available Servers box.

    The Create Server dialog box appears.

  8. Complete the fields in the Create Server dialog box for each physical server or VM in your Contrail cluster. Each physical server or VM that will function as a compute node, control node, orchestrator node, Contrail Insights node, Contrail Insights Flows node, or service node in your cluster must be added as a server at this stage of the provisioning process.

    Field descriptions:

    • Choose Mode—Options include: Express, Detailed, or Bulk Import (CSV). We recommend using the Detailed or Bulk Import (CSV) modes in most environments to ensure all server field data is entered and to avoid performing manual configuration tasks later in the procedure.

      • Express—includes a limited number of required fields to enter for each server or VM.

      • Detailed—provides all fields to enter for each server or VM.

      • Bulk Import (CSV)—Import the physical server or VM fields from a CSV file.

    • Select workload type this server will be used for

      • Physical/Virtual Node—A virtualized physical server or a VM. This is the option used for most servers or VMs in Contrail Networking environments.

      • Baremetal—A non-virtualized server.

    • Hostname—the name of the physical server or VM.

    • Management IP—the management IP address of the physical server or VM.

    • Management Interface—the name of the management-network facing interface on the physical server or VM.

    • Credentials—Select any credentials that appear in the drop-down menu.

    • Disk Partition(s)—(Optional) Specify the disk partitions that you want to use.

      This field is often left blank.

    • Name (Network interfaces)—the name of a network-facing interface on the physical server or VM.

    • IP Address (Network interfaces)—the IP address of the network-facing interface on the physical server or VM.

    Click Add in the Network Interfaces box to add additional network interfaces for the server or VM.

    Click the Create button after completing all fields to add the server or VM.

    Repeat this step for each physical server or VM that will function as a compute node, control node, orchestrator node, Contrail Insights node, Contrail Insights Flows node, or service node in the Contrail cluster.

  9. You are returned to the Infrastructure > Clusters > Servers menu after adding the final server. Click the Next button to proceed to the Provisioning Options page.
  10. Complete the fields on the Provisioning Options page.

    Field Descriptions:

    • Choose Provisioning Manager

      • Contrail Cloud—Contrail Cloud Provisioning Manager. Do not use this provisioning manager option.

      • Contrail Enterprise Multicloud—(Default) Contrail Enterprise Multicloud Provisioning Manager. Select Contrail Enterprise Multicloud as your provisioning manager.

        The remaining steps of this procedure assume Contrail Enterprise Multicloud is selected as the provisioning manager.

    • Cluster Name—Name the Contrail cluster.

    • Container Registry—Path to the container registry to obtain the Contrail Networking image. The path to the Juniper container registry is hub.juniper.net/contrail and is set as the default container registry path. Enter this path or the path to the repository used by your organization.

    • Insecure checkbox—This option should only be selected if you want to connect to an insecure registry using a non-secure protocol like HTTP.

      This box is unchecked by default. Leave this box unchecked to connect to the Juniper container registry at hub.juniper.net/contrail or to access any other securely-accessible registry.

    • Container Registry Username—Username to access the container registry.

      The Juniper container registry is often used in this field to obtain the Contrail Networking image. Email mailto:contrail-registry@juniper.net to receive a registry username and password combination to access the Juniper container registry.

    • Container Registry Password—Password to access the container registry.

      The Juniper container registry is often used in this field to obtain the Contrail Networking image. Email mailto:contrail-registry@juniper.net to receive a registry username and password combination to access the Juniper container registry.

    • Contrail Version—Specify the version of the Contrail Networking image to use for the upgrade that is in the repository.

      You can use the latest tag to retrieve the most recent image in the repository, which is the default setting. You can also specify a specific release in this field using the version’s release tag.

      See README Access to Contrail Registry 21XX to obtain the release tag for any Contrail Networking Release 21XX release tag.

    • Domain Suffix—(Optional) Domain name for the cluster.

    • NTP Server—The IP address of the NTP server.

    • Default vRouter Gateway—The IP address of the default vRouter gateway.

      This address is typically the IP address of the interface on the leaf device in the fabric that connects to the server’s network-facing interface.

    • Encapsulation Priority—Select the Encapsulation priority order from the drop down menu.

      Select VXLAN, MPLSoUDP, MPLSoGRE in most Contrail Networking environments.

    • Fabric Management checkbox—Select this option if your deploying in an environment using Openstack for orchestration.

    • Click Add and enter the following Key/Value pairs.

      Key

      Value

      CONTROL_NODES

      List of comma-separated user data interface IP addresses for the controller(s)

      PHYSICAL_INTERFACE

      The user data interface name

      TSN_NODES

      List of comma-separated user data interface IP addresses for the Contrail Service Node(s)

      CONTRAIL_CONTAINER_TAG

      The container tag for the desired Contrail and OpenStack release combination as specified in README Access to Contrail Registry 21XX.

      API__DEFAULTS__enable_latency_stats_log

      (Optional. Available starting in Contrail Networking Release 2008) Enable logging and storing of latency statistics in Contrail Networking and Contrail Insights for calls to Cassandra, Zookeeper, and Keystone from the API server.

      API__DEFAULTS__enable_api_stats_log

      (Optional Available starting in Contrail Networking Release 2008) Enable logging and storing of latency statistics and call time statistics in Contrail Networking and Contrail Insights for Rest API calls.

    Click the Next button to proceed to the Control Nodes provisioning page.

  11. From the Control Nodes provisioning page, assign any server that you created in step 8 as a control node by clicking the > icon next to the server to move it into the Assigned Control Nodes box.

    You have the option to remove roles from a control node within the Assigned Control Nodes. There is no need to remove control node roles in most deployments and you should only remove roles if you are an expert user familiar with the consequences.

    (Installations using VMWare vCenter only) Complete the following steps to install a control node that is integrated with VMware vCenter. For additional information on vCenter integration with Contrail Networking, see Understanding VMware-Contrail Networking Fabric Integration.

    Prerequisites:

    • Installed vCenter version 6.5 or later.

    • Installed ESX version 6.5 or later.

    • A vCenter license with Distributed Virtual Switch (DVS) support.

    • Login credentials for vCenter.

    To perform the integration:

    1. Select the Manage vCenter check box.

      The vCenter Credentials section is displayed.

    2. Enter the following information:

      • Enter the vCenter IP address in the vCenter IP Address field.

      • In the Data Center Name field, enter the name of the data center under vCenter that CVFM will work on.

      • Enter the vCenter username in the Username field.

      • Enter the vCenter password in the Password field.

    3. Click >, next to the name of the server, to assign a server from the Available Servers table as a control node. The server is then added to the Assigned Control Nodes table.

      Note that the contrail_vcenter_fabric_manager_node is added to the list of roles.

    4. Click Next.

    After assigning all control nodes, click the Next button to move to the Orchestrator Nodes provisioning page.

  12. Select your orchestration platform from the Orchestrator Type drop-down menu.

    Assign any one of the servers that you created in step 8 as an orchestrator node by clicking the > icon next to the server to move it into the Assigned nodes box.

    The remaining processes for this step depend on your orchestration platform:

    • Openstack

      Click the Show Advanced box then scroll to Kolla Globals and click +Add.

      Add the following Kolla global Key and Value pairs in most environments:

      Key

      Value

      enable_haproxy

      no

      enable_ironic

      no

      enable_swift

      yes

      swift_disk_partition_size

      20GB

      After assigning all orchestrator nodes and Kolla global keys and values, click the Next button to progress to the Compute Nodes provisioning page.

    • Kubernetes

      Select the Kubernetes nodes from the list of available servers and assign corresponding roles to the servers.

      By default, the Kubernetes nodes are assigned the kubernetes_master_node, kubernetes_kubemanager_node, and kubernetes_node roles.

      After assigning roles to all nodes, click the Next button to progress to the Compute Nodes provisioning page.

  13. Assign any server that you created in step 8 as a compute node by clicking the > icon next to the server to move it into the Assigned Compute nodes box.

    Enter the default vRouter gateway IP Address in the Default Vrouter Gateway box after moving the server into the Assigned Compute nodes box.

    After assigning all compute nodes, click the Next button to progress to the Contrail Service Nodes provisioning page.

  14. Assign any server that you created in step 8 as a Contrail Services node by clicking the > icon next to the server to move it into the Assigned Service Nodes box.

    Contrail service nodes are only used in environments with bare metal servers. If you are not using Contrail Service nodes in your environment, click the Next button without assigning any servers into the Assigned Service Nodes box.

    The default vRouter gateway IP Address might be autocompleted in the Default Vrouter Gateway box. This default vRouter gateway is typically the IP address of a leaf device in the fabric that is directly connected to the server fulfilling the service node role.

    After assigning all Contrail Service nodes, click the Next button to progress to the Insights Nodes provisioning page.

    Note:

    The Insights Nodes provisioning workflow is called the Appformix Nodes workflow in Contrail Networking Release 2005 and earlier releases.

  15. Contrail Insights is an optional product that isn’t used in all environments. If your are not using Contrail Insights in your environment, simply click the Next button without assigning a server as an Appformix node in this step.
    Note:

    Appformix was renamed Contrail Insights. The Appformix naming is still used in some Contrail Command screens.

    • Contrail Insights

      If you are using Contrail Insights in your environment, click the > icon next to the server or VM in the Available servers box to move it into the Assigned Insights Nodes box.

      Note:

      The Assigned Insights Nodes box is called Assigned Appformix Nodesin Contrail Networking Release 2005 and earlier releases.

      By default, the server is assigned the appformix_platform_node role. You can maintain this default setting in most environments. If the role needs to be changed, click within the Roles drop-down menu and select from the available roles.

    • Contrail Insights Flows

      If you are also using Contrail Insights Flows in your environment, click the > icon next to the server or VM in the Available servers box to move it into the Assigned Insights Nodes box.

      Note:

      The Assigned Insights Nodes box is called Assigned Appformix Nodesin Contrail Networking Release 2005 and earlier releases.

      Click within the Roles drop-down menu and uncheck the default appformix_platform_node role selection. Select appformix_bare_host_node from within the Roles drop-down menu to set it as the role.

    Click the Next button to progress to the Appformix Flows provisioning page.

  16. Contrail Insights Flows is an optional product that isn’t used in all environments. If your are not using Contrail Insights Flows in your environment, simply click the Next button without assigning a server as an Appformix Flows node in this step.
    Note:

    Appformix Flows was renamed Contrail Insights Flows. The Appformix Flows naming is still used on this Contrail Command page.

    If you are using Contrail Insights Flows in your environment, make the following configuration selections:

    • Appformix Flows Node Provisioning Type:

      • Out-of-Band—(Default) The Appformix Flows node is managed from an out-of-band management network.

      • In-Band—The Appformix Flows node is managed from an in-band connection.

    • Virtual IP Address—The virtual IP address management address on the Appformix Flows node that connects the node to the management network.

    (Contrail Insights and Contrail Insights Flows on same server only) Starting in Contrail Networking Release 2008, you can enable Contrail Insights and Contrail Insights Flows on the same server node.

    Perform these steps if you are enabling Contrail Insights and Contrail Insights Flows on the same node:

    1. Click the Show Advanced box. The advanced configuration options appear.
    2. From the AppFormix Flows Configuration Parameters box, click the +Add option to open the Key and Value configuration options.

      Add the following key value pairs:

      • Key: health_port

        Value: 8205

      • Key: kafka_broker_port

        Value: 9195

      • Key: zookeeper_client_port

        Value: 3281

      • Key: redis_port

        Value: 6479

    Click the > icon next to the server or VM in the Available servers box to move it into the Assigned AppFormix Flows Nodes box.

    Click the Next button to progress to the Summary page.

  17. Review your settings in the Cluster overview screen.

    Click any tab in the Nodes Overview box to review any configuration.

    Click the Provision button after verifying your settings to provision the cluster.

    The cluster provisioning process begins. This provisioning process time varies by environment and deployment. It has routinely taken 90 minutes or more in our testing environments.

  18. (Optional) Monitor the provisioning process by logging onto the Contrail Command server and entering the docker exec contrail-command tail /var/log/contrail/deploy.log command.
  19. When the provisioning process completes, click the Proceed to Login option.

    You are taken to the Contrail Command login screen.

  20. Login to Contrail Command from the web browser.

    Enter the following values:

    • Select Cluster: Select a Contrail Cluster from the dropdown menu. The cluster is presented in the <cluster-name>-<string> format. The <cluster-name> options should include the cluster that you just created and should match the cluster name assigned in step 10 of this procedure.

    • Username: Enter the username credential to access Contrail Command. This username was set in the command_servers.yml file configured in step 5 of the How to Install Contrail Command procedure.

    • Password: Enter the password credential to access Contrail Command. This password was set in the command_servers.yml file configured in step 5 of the How to Install Contrail Command procedure.

    • Domain: You can often leave this field blank. Contrail Command logs into the default_domain—the default domain for all orchestration platforms supported by Contrail Command except Canonical Openstack—when the Domain field is empty.

      If you are logging into a cluster that includes Canonical Openstack as it’s orchestration platform, you can enter admin_domain—the default domain name for Canonical Openstack—in the Domain field if your default domain name was not manually changed.

      You can enter the personalized domain name of your cloud network’s orchestration platform in the Domain field if you’ve changed the default domain name.

    See How to Login to Contrail Command for additional information on logging into Contrail Command.

  21. (Optional. Contrail Insights only) Click the Contrail Insights icon on the bottom-left hand corner of the Contrail Command page to open Contrail Insights.
    Note:

    This is an Appformix icon in Contrail Networking Release 2005 and earlier releases.

    If you are not accessing Contrail Command through the fabric network, you might also have to configure an External IP address to access Contrail Insights externally. Navigate to Infrastructure > Advanced Options > Endpoints and locate insights in the Prefixes list. Click the Edit button—the pencil icon—and change the Public URL field to a usable external IP address.

    Contrail Insights Flows is integrated into Contrail Command. See Contrail Insights Flows in Contrail Command.

Sample command_servers.yml Files for Installing Contrail Command

Minimal command_servers.yml file

The following sample file has the minimum configuration that you need when you install Contrail Command.

CAUTION:

For security purposes, we strongly recommend creating unique username and password combinations in your environment. Username and password combinations are provided in this example for illustrative purposes only.

Complete command_servers.yml File

The following sample file has an exhaustive list of configurations and supporting parameters that you can use when you install Contrail Command.

CAUTION:

For security purposes, we strongly recommend creating unique username and password combinations in your environment. Username and password combinations are provided in this example for illustrative purposes only.

Disaster Recovery and Troubleshooting

SUMMARY This section lists commonly seen errors and failure scenarios and procedures to fix them.

Problem

Description

Recovering the Galera Cluster Upon Server Shutdown—In an OpenStack HA setup provisioned using Kolla and OpenStack Rocky, if you shut down all the servers at the same time and bring them up later, the Galera cluster fails.

Solution

To recover the Galera cluster, follow these steps:

  1. Edit the /etc/kolla/mariadb/galera.cnf file to remove the wsrep address on one of the controllers as shown here.

    Note:

    If all the controllers are shut down in the managed scenario at the same time, you must select the controller that was shut down last.

  2. Docker start mariadb on the controller on which you edited the file.

  3. Wait for a couple of minutes, ensure that the mariadb container is not restarting, and then Docker start mariadb on the remaining controllers.

  4. Restore the /etc/kolla/mariadb/galera.cnf file changes and restart the mariadb container on the previously selected controller.

Problem

Description

Containers from Private Registry Not Accessible—You might have a situation in which containers that are pulled from a private registry named CONTAINER_REGISTRY are not accessible.

Solution

To resolve, check to ensure that REGISTRY_PRIVATE_INSECURE is set to True.