Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How to Deploy Contrail Command and Import a Cluster Using Juju

You can use this document to deploy Contrail Command and import an existing cluster into Contrail Command using Juju with a single procedure. This procedure can be applied in environments using Canonical Openstack or environments that are running Juju and using Kubernetes for orchestration.

If you are already running Contrail Command in a Canonical Openstack environment and want to import a cluster, see Importing a Canonical Openstack Deployment Into Contrail Command.

Overview: Deploying Contrail Command with a Contrail Cluster Using Juju

Starting in Contrail Release 2005, you can deploy Contrail Command and import a cluster using Juju in a Canonical Openstack environment.

Starting in Contrail Release 2008, you can deploy Contrail Command and import a cluster using Juju in an environment using Kubernetes orchestration.

This document makes the following assumptions about your initial environment:

  • Juju is already running in your environment, and your environment is either a Canonical Openstack deployment or a deployment using Kubernetes orchestration.

  • Contrail Networking Release 2005 or later is running if you are operating a Canonical Openstack deployment.

    Contrail Networking Release 2008 or later is running if you are operating an environment using Kubernetes orchestration.

    See Contrail Networking Supported Platforms for information on the supported software components for any Contrail Networking release.

  • A Juju controller is configured and reachable.

  • Contrail Command is not running.

Preparing the SSL Certificate Authority (CA) for the Deployment

A base64-encoded SSL Certificate Authority (CA) for the Juju controller is required to deploy Contrail Command with an existing cluster in a Canonical Openstack or Kubernetes environment.

There are multiple ways to generate a base64-encoded SSL CA. You can use this procedure or a more familiar procedure to generate your base64-encoded SSL CA.

To create a base64-encoded SSL CA:

  1. From the Juju jumphost, enter the juju show-controller command and locate the certificate output in the ca-cert: hierarchy.
  2. Copy the contents of the SSL CA into the cert.pem file.

    Copy and paste options vary by user interface. The SSL CA content—all highlighted text from step 1 starting at the beginning of the -----BEGIN CERTIFICATE----- line and ending at the end of the -----END CERTIFICATE----- line—should be the only content in the cert.pem file.

    Confirm that leading white spaces are not added to the SSL CA after copying the SSL CA into the cert.pem file. These leading white spaces are introduced by some user interfaces—often at the start of new lines—and will cause the SSL CA certification to be unusable. If leading whitespaces are added to the SSL CA after it is copied into the cert.pem file, manually delete the whitespaces before proceeding to the next step.

  3. Generate the cert.pem file into base64-encoded output.

    You can generate the cert.pem file into base64-encoded output without saving the file contents by entering the following command:

    You can also generate the base-64 encoded output and save the SSL CA contents into a separate file.

    In this example, the base64-encoded output is generated and a new file containing the output—cert.pem.b64—is saved.

    The SSL CA in the cert.pem.b64 file is now a base64-encoded SSL CA.

    The base64-encoded SSL CA will be entered as the juju-CA-certificate variable in Deploy Contrail Command and Import a Contrail Cluster Using Juju.

Deploy Contrail Command and Import a Contrail Cluster Using Juju

To deploy Contrail Command and import a Contrail cluster into Contrail Command:

  1. From the Juju jumphost, deploy Contrail Command using one of the following command strings:

    where:

    • machine-name—the name of the machine instance in Juju that will host Contrail Command.

      The IP address of this machine—which can be obtained by entering the juju status command—is used to access Contrail Command from a web browser after the installation is complete.

    • registry-directory—the directory path to the Contrail Networking registry.

      This registry-directory path can be obtained from Juniper Networks. Contact mailto:contrail-registry@juniper.net for information on accessing the Juniper registry.

    • image-tag—the image tag for your target Contrail release.

      The image tag is used to identify your Contrail Networking image within the registry. You can retrieve the image tag for any Contrail Release 20xx image from README Access to Contrail Networking Registry 20XX.

  2. Create a juju relation between the Contrail Command charm and the Contrail Controller charm:
  3. Import the Contrail cluster into Contrail command:
    1. Create a config.yaml file with the following parameters:

      The command variables:

      • juju-controller-ip—The IP address of the Juju controller.

        You can retrieve the juju-controller-ip from the juju show-controller command output:

      • password—The password for Juju controller access.

        You can set the password for Juju controller access using the juju change-user-password command.

      • juju-CA-certificate—The base64-encoded SSL Certificate Authority (CA) for the Juju controller.

        The juju-CA-certificate is the base64-encoded SSL CA created in Preparing the SSL Certificate Authority (CA) for the Deployment.

        See Example: Config.YML File for Deploying Contrail Command with a Cluster Using Juju for a sample juju-CA-certificate entry.

      • juju-model-id—The universally unique identifier (UUID) assigned to the model environment that includes the Contrail Networking cluster..

        You can retrieve the juju-model-id from the juju show-controller command output:

      • juju_controller_user—(Optional) The username of the user with Juju controller access.

        The admin username is used by default if no user with Juju controller access is configured.

      See Example: Config.YML File for Deploying Contrail Command with a Cluster Using Juju for a sample config.yaml configuration for this deployment.

    2. Save the config.yaml file.
    3. Import the Contrail cluster with the parameters defined in the config.yaml file:
    4. Check the cluster import status.

      You can check the import status by entering the juju show-action-status action-ID and juju show-action-output action-ID | grep result commands.

      The action-ID is assigned immediately after entering the juju run-action command in the previous step.

      The cluster import is complete when the status field output in the juju show-action-status action-ID command shows completed, or when the result field in the juju show-action-output action-ID | grep result indicates Success.

      Examples:

  4. Login to Contrail Command by opening a web browser and entering https://<juju-machine-ip-address>:<port-number> as the URL.

    The <juju-machine-ip-address> is the IP address of the machine hosting Contrail command that was specified in 1. You can retrieve the IP address using the juju status command:

    Note:

    Some juju status output removed for readability.

    The port-number typically defaults to 9091 or 8079. You can, however, configure a unique port number for your environment using the command_servers.yml file.

    Enter the following values after the Contrail Command homescreen appears:

    • Select Cluster: Select a Contrail Cluster from the dropdown menu. The cluster is presented in the <cluster-name>-<string> format.

    • Username: Enter the username of the Juju keystone user.

    • Password: Enter the password of the Juju keystone user.

    • Domain: If you are running Juju in a Canonical Openstack environment, enter admin_domain—the default domain name for Canonical Openstack— if you haven’t established a unique domain in Canonical Openstack. Enter the name of your domain if you have created a unique domain.

      If you are running Juju in a Kubernetes environment, you can leave this field blank unless you’ve established a unique domain name in Kubernetes. Enter the name of your domain if you have created a unique domain.

    Figure 1 illustrates an example Contrail Command login to complete this procedure.

    Figure 1: Contrail Command Login Example—Cluster in Environment using Canonical OpenstackContrail Command Login Example—Cluster in Environment using Canonical Openstack

    See How to Login to Contrail Command for additional information on logging into Contrail Command.

Example: Config.YML File for Deploying Contrail Command with a Cluster Using Juju

This sample config.yml file provides a representative example of a configuration that could be used to deploy Contrail Command with Contrail clusters in an environment running Juju.

See Deploy Contrail Command and Import a Contrail Cluster Using Juju for step-by-step procedures to create this config.yml file and Preparing the SSL Certificate Authority (CA) for the Deployment for instructions on generating the juju-ca-cert in the required base64-encoded format.

This sample config.yml file does not contain the juju-controller-user: field to specify a user with Juju controller access, so the default admin username is used.

CAUTION:

The password password is used in this example for illustrative purposes only.

We strongly recommend creating a unique password that meets your organization’s security requirements for your environment.

Prerequisites for Contrail Insights and Contrail Insights Flow

Contrail Networking Release 2011 supports installing Contrail Insights and Contrail Insights Flows on a Juju cluster after Contrail Networking and Contrail Command are installed. The following prerequisites apply.

docker, python2.7, python-pip must be installed on the Contrail Insights node and Contrail Insights Flows node.

To install the Docker engine, you need the 64-bit version of one of these Ubuntu versions:

  • Ubuntu Groovy 20.10

  • Ubuntu Focal 20.04 (LTS)

  • Ubuntu Bionic 18.04 (LTS)

  • Ubuntu Xenial 16.04 (LTS)

Docker Engine is supported on x86_64 (or amd64), armhf, and arm64 architectures. For more information, see https://docs.docker.com/engine/install/ubuntu/.

To install python 2.7 and python-pip run the following commands:

If you are running the playbooks as root user then this step can be skipped. As a non-root user (for example, “ubuntu”), the user “ubuntu” needs access to the docker user group. The following command adds the user to the docker group:

For more information, see Contrail Insights Installation for OpenStack in HA.

Contrail Insights Installation for Ubuntu Focal

Contrail Insights Release 3.3.5 supports Ubuntu 20.04 (Focal).

Software Requirements

  • docker-ce : 5:19.03.9~3-0~ubuntu-focal

    Note:

    Python 2 is not installed by default with Ubuntu 20.04 (Focal).

Follow these steps before you install Contrail Insights.

  1. Install python and python-pip on the Contrail Insights Controller nodes, and on the host(s) that the Contrail Insights Agent runs on.
  2. In group_vars/all, set appformix_ansible_python3_interpreter_enabled to true.
  3. Run the iptables rule to access port 9000.
    Note:

    Ignore any errors that may arise if IN_public_allow does not exist.

After you have completed these steps, you can install Contrail Insights.

Install Contrail Insights on the Juju Cluster after Contrail Command is Installed

Note:

Appformix and Appformix Flows were renamed Contrail Insights and Contrail Insights Flows. The Appformix naming conventions still appear during product usage, including within these directory names.

To install Contrail Insights on the Juju Cluster:

  1. Copy the Contrail Insights and Contrail Insights Flows installation directories to the /opt/software/appformix/ and /opt/software/xflow directories inside the Contrail Command container, if not already present.

    For example <Contrail Insights Version> = 3.3.0-a8.

  2. Create the following two inventory files:
  3. Run the following commands to install Contrail Insights in HA mode:

Install Contrail Insights Flows on the Juju Cluster after Contrail Insights is Installed

Disclaimer: Official installation method for installation is using the Contrail-Command UI. contrail-ansible-deployer installs all packages needed for Contrail Insights and Contrail Insights Flows. appformix-ansible-deployer creates inventory files for the installation. There are many variables set in the inventory files for specific releases, so setting them manually is prone to errors.

To install Contrail Insights Flows on the Juju Cluster:

  1. Log in to the contrail-command container:
  2. Run the following two commands:
  3. Run one of the following commands dependent on your Contrail Networking Release version.

    If you are running a Contrail Networking Release later than 2005:

    If you are running a Contrail Networking Release earlier than 2005:

    If you are running a Contrail Networking Release earlier than 2005, add the following snippet to the end of the existing instances.yml before running the deploy_contrail_insights_flows.sh or deploy_xflow.sh.

    Example instances.yml snippet for in-band configuration:

    Example instances.yml snippet for out-of-band configuration:

  4. Add the collector nodes:
  5. Export the flow stats to flow node.
Release History Table
Release
Description
2011
Contrail Networking Release 2011 supports installing Contrail Insights and Contrail Insights Flows on a Juju cluster after Contrail Networking and Contrail Command are installed.
2008
Starting in Contrail Release 2008, you can deploy Contrail Command and import a cluster using Juju in an environment using Kubernetes orchestration.
2005
Starting in Contrail Release 2005, you can deploy Contrail Command and import a cluster using Juju in a Canonical Openstack environment.