Installing Contrail with OpenStack by Using Juju Charms
You can deploy Contrail by using Juju Charms. Juju helps you deploy, configure, and efficiently manage applications on private clouds and public clouds. Juju accesses the cloud with the help of a Juju controller. A Charm is a module containing a collection of scripts and metadata and is used with Juju to deploy Contrail.
Contrail supports the following charms:
contrail-agent
contrail-analytics
contrail-analyticsdb
contrail-controller
contrail-keystone-auth
contrail-openstack
These topics describe how to deploy Contrail by using Juju Charms.
Preparing to Deploy Contrail by Using Juju Charms
Follow these steps to prepare for deployment:
Deploying Contrail Charms
You can deploy Contrail Charms in a bundle or manually.
Deploy Contrail Charms in a Bundle
Follow these steps to deploy Contrail Charms in a bundle.
Deploying Juju Charms with OpenStack Manually
Before you begin deployment, ensure that you have:
Installed and configured Juju
Created a Juju controller
Ubuntu 16.04 or Ubuntu 18.04 installed
Follow these steps to deploy Juju Charms manually:
Options for Juju Charms
Each Contrail Charm has a specific set of options. The options you choose depend on the charms you select. The following tables list the various options you can choose:
Options for contrail-agent Charms.
Table 1: Options for contrail-agent Option
Default option
Description
physical-interface
Specify the interface where you want to install vhost0 on. If you do not specify an interface, vhost0 is installed on the default gateway interface.
vhost-gateway
auto
Specify the gateway for vhost0. You can enter either an IP address or the keyword (
auto
) to automatically set a gateway based on the existing vhost routes.remove-juju-bridge
true
To install vhost0 directly on the interface, enable this option to remove any bridge created to deploy LXD/LXC and KVM workloads.
dpdk
false
Specify DPDK vRouter.
dpdk-driver
uio_pci_generic
Specify DPDK driver for the physical interface.
dpdk-hugepages
70%
Specify the percentage of huge pages reserved for DPDK vRouter and OpenStack instances.
dpdk-coremask
1
Specify the vRouter CPU affinity mask to determine on which CPU the DPDK vRouter will run.
dpdk-main-mempool-size
Specify the main packet pool size.
dpdk-pmd-txd-size
Specify the DPDK PMD Tx Descriptor size.
dpdk-pmd-rxd-size
Specify the DPDK PMD Rx Descriptor size.
docker-registry
opencontrailnightly
Specify the URL of the docker-registry.
docker-registry-insecure
false
Specify if the docker-registry should be configured.
docker-user
Log in to the docker registry.
docker-password
Specify the docker-registry password.
image-tag
latest
Specify the docker image tag.
log-level
SYS_NOTICE
Specify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUG
http_proxy
Specify URL.
https_proxy
Specify URL.
kernel-hugepages-1g
Parameter not enabled by default.
Note:2MB huge pages for kernel-mode vRouters are enabled by default.
Specify the number of 1G huge pages for use with vRouters in kernel mode.
You can enable huge pages to avoid compute node reboots during software upgrades.
This parameter must be specified at initial deployment. It cannot be modified in an active deployment. If you need to migrate to huge page usage in an active deployment, use 2MB huge pages if suitable for your environment.
We recommend allotting 2GB of memory—either using the default 1024x2MB huge page size setting or the 2x1GB size setting—for huge pages. Other huge page size settings should only be set by expert users in specialized circumstances.
1GB and 2MB huge pages cannot be enabled simultaneously in environments using Juju. If you are using this command parameter to enable 1GB huge pages, you must also disable 2MB huge pages. 2MB huge pages can be disabled by entering the juju config contrail-agent kernel-hugepages-2m=““ command with an empty value.
A compute node reboot is required to enable a huge page setting configuration change. After this initial reboot, compute nodes can complete software upgrades without a reboot.
Huge pages are disabled for kernel-mode vRouters if the
kernel-hugepages-1g
and thekernel-hugepages-2m
options are not set.This parameter was introduced in Contrail Networking Release 2005.
kernel-hugepages-2m
1024
Specify the number of 2MB huge pages for use with vRouters in kernel mode. Huge pages in Contrail Networking are used primarily to allocate flow and bridge table memory within the vRouter. Huge pages for kernel-mode vRouters provide enough flow and bridge table memory to avoid compute node reboots to complete future Contrail Networking software upgrades.
1024x2MB huge pages are configured by default starting in Contrail Networking Release 2005. A compute node reboot is required to enable a kernel-mode vRouter huge page setting configuration change, however, so this huge page setting is not enabled on a compute node until the compute node is rebooted.
After a compute node is rebooted to enable a vRouter huge page setting, compute nodes can complete software upgrades without a reboot.
We recommend allotting 2GB of memory—either using the default 1024x2MB huge page size setting or the 2x1GB size setting—for kernel-mode vRouter huge pages. Other huge page size settings should only be set by expert users in specialized circumstances.
1GB and 2MB huge pages cannot be enabled simultaneously in environments using Juju. If you are using this command parameter to enable 2MB huge pages, you must also disable 1GB huge pages. 1GB huge pages are disabled by default and can also be disabled by entering the juju config contrail-agent kernel-hugepages-1g=““ command with an empty value. 1GB huge pages can only be enabled at initial deployment; you cannot initially enable 1GB huge pages in an active deployment.
Huge pages are disabled for kernel-mode vRouters if the
kernel-hugepages-1g
and thekernel-hugepages-2m
options are not set.no_proxy
Specify the list of destinations that must be directly accessed.
Options for contrail-analytics Charms.
Table 2: Options for contrail-analytics Option
Default option
Description
control-network
Specify the IP address and network mask of the control network.
docker-registry
Specify the URL of the docker-registry.
docker-registry-insecure
false
Specify if the docker-registry should be configured.
docker-user
Log in to the docker registry.
docker-password
Specify the docker-registry password.
image-tag
Specify the docker image tag.
log-level
SYS_NOTICE
Specify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUG
http_proxy
Specify URL.
https_proxy
Specify URL.
no_proxy
Specify the list of destinations that must be directly accessed.
Options for contrail-analyticsdb Charms.
Table 3: Options for contrail-analyticsdb Option
Default option
Description
control-network
Specify the IP address and network mask of the control network.
cassandra-minimum-diskgb
256
Specify the minimum disk requirement.
cassandra-jvm-extra-opts
Specify the memory limit.
docker-registry
Specify the URL of the docker-registry.
docker-registry-insecure
false
Specify if the docker-registry should be configured.
docker-user
Log in to the docker registry.
docker-password
Specify the docker-registry password.
image-tag
Specify the docker image tag.
log-level
SYS_NOTICE
Specify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUG
http_proxy
Specify URL.
https_proxy
Specify URL.
no_proxy
Specify the list of destinations that must be directly accessed.
Options for contrail-controller Charms.
Table 4: Options for contrail-controller Option
Default option
Description
control-network
Specify the IP address and network mask of the control network.
auth-mode
rbac
Specify the authentication mode.
Options:
rbsc
,cloud-admin
,no-auth
.For more information, see https://github.com/Juniper/contrail-controller/wiki/RBAC.
cassandra-minimum-diskgb
20
Specify the minimum disk requirement.
cassandra-jvm-extra-opts
Specify the memory limit.
cloud-admin-role
admin
Specify the role name in keystone for users who have admin-level access.
In environments using Canonical orchestration with Contrail Networking, you should change the cloud-admin-role to Admin with a capital A in most scenarios. The default cloud admin role in Contrail Networking is admin and the default cloud admin role in Canonical is Admin. These cloud admin role names must match to grant users admin-level access. You can ensure this matching by setting this field to Admin in environments using the default settings.
global-read-only-role
Specify the role name in keystone for users who have read-only access.
vip
Specify if the Contrail API VIP is used for configuring client-side software. If not specified, private IP of the first Contrail API VIP unit will be used.
use-external-rabbitmq
false
To enable the Charm to use the internal RabbitMQ server, set
use-external-rabbitmq
tofalse
.To use an external AMQP server, set
use-external-rabbitmq
totrue
.Note:Do not change the flag after deployment.
flow-export-rate
0
Specify how many flow records are exported by vRouter agent to the Contrail Collector when a flow is created or deleted.
docker-registry
Specify the URL of the docker-registry.
docker-registry-insecure
false
Specify if the docker-registry should be configured.
docker-user
Log in to the docker registry.
docker-password
Specify the docker-registry password.
image-tag
Specify the docker image tag.
log-level
SYS_NOTICE
Specify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUG
http_proxy
Specify URL.
https_proxy
Specify URL.
no_proxy
Specify the list of destinations that must be directly accessed.
Options for contrail-keystone-auth Charms.
Table 5: Options for contrail-keystone-auth Option
Default option
Description
ssl_ca
Specify if the base64-encoded SSL CA certificate is provided to Contrail keystone clients.
Note:This certificate is required if you use a privately signed ssl_cert and ssl_key.
Options for contrail-openstack Charms.
Table 6: Options for contrail-controller Option
Default option
Description
enable-metadata-server
true
Set
enable-metadata-server
totrue
to configure metadata and enable nova to run a local instance ofnova-api-metadata
for virtual machinesuse-internal-endpoints
false
Set
use-internal-endpoints
totrue
for OpenStack to configure services to use internal endpoints.heat-plugin-dirs
/usr/lib64/heat,/usr /lib/heat/usr/lib/ python2.7/dist-packages/ vnc_api/gen/heat/ resources
Specify the heat plugin directories.
docker-registry
Specify the URL of the docker-registry.
docker-registry-insecure
false
Specify if the docker-registry should be configured.
docker-user
Log in to the docker registry.
docker-password
Specify the docker-registry password.
image-tag
Specify the docker image tag.
log-level
SYS_NOTICE
Specify the log level for Contrail services.
Options:
SYS_EMERG, SYS_ALERT, SYS_CRIT, SYS_ERR, SYS_WARN, SYS_NOTICE, SYS_INFO, SYS_DEBUG
http_proxy
Specify URL.
https_proxy
Specify URL.
no_proxy
Specify the list of destinations that must be directly accessed.
See Also
Ironic Support with Juju
Contrail Networking Release 2011.L1 supports new charms for Ironic from OpenStack Train version 15.x.x. Ironic is an OpenStack project that manages Bare Metal Servers (BMS) as if they are virtual machines (VM)s. For more information about Contrail and BMS, see Bare Metal Server Management.
Contrail Networking Release 2011.L2 supports OpenStack Ussuri with Ironic deployed on Ubuntu version 20.04 (Focal Fossa).
The updated options are shown in the example bundle_yaml_file
. Before deploying the updated yaml file, you should have Ceph installed.
If not, see Installing Ceph.
For information about deploying the bundle_yaml_file
, see Deploying Contrail Charms.
Following is an example bundle_yaml_file
with the additional options highlighted. ceph-radosgw
and its related options are required to support the new Ironic charms.
series: bionic applications: barbican: charm: cs:barbican-31 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: openstack-origin: cloud:bionic-train region: RegionOne use-internal-endpoints: true vip: 10.92.76.133 192.168.2.11 worker-multiplier: 0.25 bindings: "": oam-space admin: oam-space amqp: oam-space certificates: oam-space cluster: oam-space ha: oam-space hsm: oam-space identity-service: oam-space internal: oam-space public: public-space secrets: oam-space shared-db: oam-space barbican-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha barbican-vault: charm: cs:barbican-vault-12 bindings: "": oam-space certificates: oam-space juju-info: oam-space secrets: oam-space secrets-storage: oam-space ceph-mon: charm: cs:ceph-mon-51 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 constraints: spaces=oam-space bindings: "": alpha admin: alpha bootstrap-source: alpha client: alpha cluster: oam-space mds: alpha mon: alpha nrpe-external-master: alpha osd: alpha prometheus: alpha public: oam-space radosgw: alpha rbd-mirror: alpha ceph-osd: charm: cs:ceph-osd-306 num_units: 3 to: - "17" - "21" - "19" options: osd-devices: /dev/sdb bindings: "": alpha cluster: oam-space mon: alpha nrpe-external-master: alpha public: oam-space secrets-storage: alpha ceph-radosgw: charm: cs:ceph-radosgw-292 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: admin-roles: admin loglevel: 10 namespace-tenants: true operator-roles: member source: cloud:bionic-train/proposed vip: 10.92.76.127 192.168.2.190 constraints: spaces=oam-space,public-space bindings: "": alpha admin: alpha certificates: alpha cluster: alpha gateway: alpha ha: alpha identity-service: alpha internal: oam-space master: alpha mon: alpha nrpe-external-master: alpha object-store: alpha public: public-space slave: alpha contrail-agent: charm: local:bionic/contrail-agent-1 options: docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-user: JNPR-FieldUser367 image-tag: "2008.121" log-level: SYS_INFO physical-interface: bond0.4010 vhost-gateway: auto bindings: "": alpha agent-cluster: alpha contrail-controller: alpha juju-info: alpha nrpe-external-master: alpha tls-certificates: alpha vrouter-plugin: alpha contrail-agent-csn: charm: local:bionic/contrail-agent-3 options: csn-mode: tsn-no-forwarding docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-user: JNPR-FieldUser367 image-tag: "2008.121" physical-interface: bond0.4010 vhost-gateway: auto bindings: "": alpha agent-cluster: alpha contrail-controller: alpha juju-info: alpha nrpe-external-master: alpha tls-certificates: alpha vrouter-plugin: alpha contrail-analytics: charm: local:bionic/contrail-analytics-1 num_units: 4 to: - kvm:0 - kvm:1 - kvm:2 - kvm:13 options: control-network: 192.168.2.0/24 docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-user: JNPR-FieldUser367 haproxy-http-mode: https image-tag: "2008.121" log-level: SYS_DEBUG min-cluster-size: 3 vip: 10.92.77.18 constraints: cpu-cores=16 mem=32768 root-disk=102400 spaces=oam-space,overlay-space bindings: "": oam-space analytics-cluster: oam-space contrail-analytics: oam-space contrail-analyticsdb: oam-space http-services: oam-space nrpe-external-master: oam-space tls-certificates: oam-space contrail-analyticsdb: charm: local:bionic/contrail-analyticsdb-1 num_units: 4 to: - kvm:0 - kvm:1 - kvm:2 - kvm:13 options: cassandra-jvm-extra-opts: -Xms16g -Xmx24g cassandra-minimum-diskgb: "4" control-network: 192.168.2.0/24 docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-user: JNPR-FieldUser367 image-tag: "2008.121" log-level: SYS_DEBUG min-cluster-size: 3 constraints: cpu-cores=16 mem=65536 root-disk=512000 spaces=oam-space,overlay-space bindings: "": oam-space analyticsdb-cluster: oam-space contrail-analyticsdb: oam-space nrpe-external-master: oam-space tls-certificates: oam-space contrail-command: charm: local:bionic/contrail-command-0 num_units: 1 to: - "9" options: docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-registry-insecure: true docker-user: JNPR-FieldUser367 image-tag: "2008.121" constraints: tags=command bindings: "": alpha contrail-controller: alpha contrail-controller: charm: local:bionic/contrail-controller-1 num_units: 4 to: - kvm:0 - kvm:2 - kvm:1 - kvm:13 options: auth-mode: rbac cassandra-jvm-extra-opts: -Xms16g -Xmx24g cassandra-minimum-diskgb: "4" control-network: 192.168.2.0/24 data-network: 172.30.0.0/16 docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-user: JNPR-FieldUser367 haproxy-http-mode: https haproxy-https-mode: http image-tag: "2008.121" local-rabbitmq-hostname-resolution: true log-level: SYS_DEBUG min-cluster-size: 3 vip: 10.92.77.18 constraints: cpu-cores=16 mem=65536 root-disk=102400 spaces=oam-space,overlay-space,public-space bindings: "": oam-space contrail-analytics: oam-space contrail-analyticsdb: oam-space contrail-auth: oam-space contrail-controller: oam-space contrail-issu: oam-space controller-cluster: oam-space http-services: oam-space https-services: oam-space nrpe-external-master: oam-space tls-certificates: oam-space contrail-haproxy: charm: cs:haproxy-55 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: default_timeouts: queue 60000, connect 5000, client 120000, server 120000 enable_monitoring: true peering_mode: active-active services: "" source: backports ssl_cert: SELFSIGNED sysctl: '{fs.file-max: 10240}' bindings: "": oam-space local-monitors: oam-space munin: oam-space nrpe-external-master: oam-space peer: oam-space public: public-space reverseproxy: oam-space statistics: oam-space website: public-space contrail-keepalived: charm: cs:~containers/keepalived-28 options: network_interface: eth0 port: 8143 virtual_ip: 10.92.77.18 bindings: "": alpha juju-info: alpha lb-sink: alpha loadbalancer: alpha website: alpha contrail-keystone-auth: charm: local:bionic/contrail-keystone-auth-1 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 constraints: spaces=oam-space,overlay-space bindings: "": oam-space contrail-auth: oam-space identity-admin: oam-space nrpe-external-master: oam-space contrail-openstack: charm: local:bionic/contrail-openstack-3 options: docker-password: <docker password> docker-registry: hub.juniper.net/contrail docker-user: JNPR-FieldUser367 image-tag: "2008.121" use-internal-endpoints: true bindings: "": alpha cluster: alpha contrail-controller: alpha heat-plugin: alpha juju-info: alpha neutron-api: alpha nova-compute: alpha dashboard-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha easyrsa: charm: cs:~containers/easyrsa-303 num_units: 1 to: - lxd:0 bindings: "": oam-space client: oam-space etcd: charm: cs:etcd-521 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: channel: 3.1/stable bindings: "": oam-space certificates: oam-space cluster: oam-space db: oam-space nrpe-external-master: oam-space proxy: oam-space external-policy-routing: charm: cs:~canonical-bootstack/policy-routing-3 options: cidr: 10.92.76.0/23 gateway: 10.92.77.254 bindings: "": alpha juju-info: alpha glance: charm: cs:~openstack-charmers-next/glance-442 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: openstack-origin: cloud:bionic-train region: RegionOne restrict-ceph-pools: false use-internal-endpoints: true vip: 10.92.77.12 192.168.2.12 worker-multiplier: 0.25 bindings: "": oam-space admin: oam-space amqp: oam-space ceph: oam-space certificates: oam-space cinder-volume-service: oam-space cluster: oam-space ha: oam-space identity-service: oam-space image-service: oam-space internal: oam-space nrpe-external-master: oam-space object-store: oam-space public: public-space shared-db: oam-space storage-backend: oam-space glance-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha glance-simplestreams-sync: charm: cs:glance-simplestreams-sync-33 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: source: ppa:simplestreams-dev/trunk use_swift: false bindings: "": oam-space amqp: oam-space certificates: oam-space identity-service: oam-space image-modifier: oam-space nrpe-external-master: oam-space simplestreams-image-service: oam-space heat: charm: cs:heat-271 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: openstack-origin: cloud:bionic-train region: RegionOne use-internal-endpoints: true vip: 10.92.77.13 192.168.2.13 worker-multiplier: 0.25 constraints: cpu-cores=6 mem=32768 root-disk=65536 spaces=oam-space,public-space,overlay-space bindings: "": oam-space admin: oam-space amqp: oam-space certificates: oam-space cluster: oam-space ha: oam-space heat-plugin-subordinate: overlay-space identity-service: oam-space internal: oam-space public: public-space shared-db: oam-space heat-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha ironic-api: charm: cs:~openstack-charmers-next/ironic-api-8 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: openstack-origin: cloud:bionic-train/proposed vip: 10.92.76.130 192.168.2.189 constraints: spaces=oam-space,public-space bindings: "": alpha admin: alpha amqp: alpha certificates: alpha cluster: alpha ha: alpha identity-service: alpha internal: alpha ironic-api: alpha public: alpha shared-db: oam-space ironic-api-hacluster: charm: cs:hacluster-72 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha ironic-conductor: charm: cs:~openstack-charmers-next/ironic-conductor-5 num_units: 1 to: - "14" options: cleaning-network: ironic default-deploy-interface: direct default-network-interface: neutron disable-secure-erase: true enabled-deploy-interfaces: direct enabled-network-interfaces: noop,flat,neutron max-tftp-block-size: 1418 openstack-origin: cloud:bionic-train/proposed provisioning-network: ironic use-ipxe: false bindings: "": alpha amqp: alpha certificates: alpha cleaning: alpha deployment: alpha identity-credentials: alpha internal: alpha ironic-api: alpha shared-db: alpha keystone: charm: cs:keystone-309 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: admin-password: c0ntrail123 admin-role: admin openstack-origin: cloud:bionic-train preferred-api-version: 3 region: RegionOne token-provider: fernet vip: 10.92.77.14 192.168.2.14 worker-multiplier: 0.25 bindings: "": oam-space admin: oam-space certificates: oam-space cluster: oam-space domain-backend: oam-space ha: oam-space identity-admin: oam-space identity-credentials: oam-space identity-notifications: oam-space identity-service: oam-space internal: oam-space keystone-fid-service-provider: oam-space keystone-middleware: oam-space nrpe-external-master: oam-space public: public-space shared-db: oam-space websso-trusted-dashboard: oam-space keystone-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha memcached: charm: cs:memcached-26 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: allow-ufw-ip6-softfail: true constraints: spaces=oam-space bindings: "": oam-space cache: oam-space cluster: oam-space local-monitors: oam-space monitors: oam-space munin: oam-space nrpe-external-master: oam-space mysql: charm: cs:percona-cluster-281 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: enable-binlogs: true innodb-buffer-pool-size: 512M max-connections: 2000 min-cluster-size: 3 performance-schema: true source: cloud:bionic-train tuning-level: safest vip: 192.168.2.17 wait-timeout: 3600 wsrep-slave-threads: 48 bindings: "": oam-space access: oam-space cluster: oam-space db: oam-space db-admin: oam-space ha: oam-space master: oam-space nrpe-external-master: oam-space shared-db: oam-space slave: oam-space mysql-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha ncc-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha neutron-api: charm: cs:neutron-api-281 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: default-tenant-network-type: vlan dhcp-agents-per-network: 2 enable-l3ha: true enable-ml2-port-security: true global-physnet-mtu: 9000 l2-population: true manage-neutron-plugin-legacy-mode: false neutron-security-groups: true openstack-origin: cloud:bionic-train overlay-network-type: "" region: RegionOne use-internal-endpoints: true vip: 10.92.77.15 192.168.2.15 worker-multiplier: 0.25 constraints: cpu-cores=8 mem=32768 root-disk=262144 spaces=oam-space,public-space,overlay-space bindings: "": oam-space admin: oam-space amqp: oam-space certificates: oam-space cluster: oam-space etcd-proxy: oam-space external-dns: oam-space ha: oam-space identity-service: oam-space infoblox-neutron: oam-space internal: oam-space midonet: oam-space neutron-api: oam-space neutron-load-balancer: oam-space neutron-plugin-api: oam-space neutron-plugin-api-subordinate: overlay-space nrpe-external-master: oam-space public: public-space shared-db: oam-space vsd-rest-api: oam-space neutron-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha nova-cloud-controller: charm: cs:nova-cloud-controller-339 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: console-access-protocol: novnc console-proxy-ip: local cpu-allocation-ratio: 4 network-manager: Neutron openstack-origin: cloud:bionic-train ram-allocation-ratio: 0.999999 region: RegionOne use-internal-endpoints: true vip: 10.92.77.16 192.168.2.16 worker-multiplier: 0.25 bindings: "": oam-space admin: oam-space amqp: oam-space amqp-cell: oam-space certificates: oam-space cinder-volume-service: oam-space cloud-compute: oam-space cloud-controller: oam-space cluster: oam-space ha: oam-space identity-service: oam-space image-service: oam-space internal: oam-space memcache: oam-space neutron-api: oam-space nova-cell-api: oam-space nova-vmware: oam-space nrpe-external-master: oam-space placement: oam-space public: public-space quantum-network-service: oam-space shared-db: oam-space shared-db-cell: oam-space nova-compute: charm: cs:nova-compute-309 num_units: 5 to: - "3" - "4" - "5" - "6" - "15" options: openstack-origin: cloud:bionic-train os-internal-network: 192.168.2.0/24 bindings: "": alpha amqp: alpha ceph: alpha ceph-access: alpha cloud-compute: alpha cloud-credentials: alpha compute-peer: alpha ephemeral-backend: alpha image-service: alpha internal: alpha lxd: alpha neutron-plugin: alpha nova-ceilometer: alpha nrpe-external-master: alpha secrets-storage: alpha nova-ironic: charm: cs:~openstack-charmers-next/nova-compute-524 num_units: 1 to: - "22" options: enable-live-migration: false enable-resize: false openstack-origin: cloud:bionic-train/proposed virt-type: ironic bindings: "": alpha amqp: alpha ceph: alpha ceph-access: alpha cloud-compute: alpha cloud-credentials: alpha compute-peer: alpha ephemeral-backend: alpha image-service: alpha internal: alpha ironic-api: alpha lxd: alpha migration: alpha neutron-plugin: alpha nova-ceilometer: alpha nrpe-external-master: alpha secrets-storage: alpha ntp: charm: cs:ntp-36 options: source: ntp.juniper.net bindings: "": alpha juju-info: alpha master: alpha nrpe-external-master: alpha ntp-peers: alpha ntpmaster: alpha octavia: charm: cs:~apavlov-e/octavia-3 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: amp-ssh-key-name: octavia amp-ssh-pub-key: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDa0N0SzJCWk01TC90VGdoM3J3L2FpR2ZEQzlzOEI4alFiS2VzQzJqTHRWcFNYbGlFellqQTNGNjEyalpwdERjOXdhOEF3eStxbEl0L1Frak5TVjhPMVpvNXZlc2RMREhvQjJrMzV5ZEFvMXhQRkFmV3lsSjh6VnJrd0U5aU1tWEVYZTd1VjdDdkgyZmdmSnlGeXJKaFR2ZjBWdTZGK1M5RHl1MnkxMUdXWEsrSDAyR3ZneHVzamZ3QlhoZ3IxNU1kZCt4RkJsbkpYRGtkQjVYVit4azZhYkJsRVJUc0N6c09EdXVOQTg4aVhqeHkvZzJpb2NtNWhtcVhUeDRMT2gzam9NbEFHUW5RQ2FXdFNSenpWM3dKT3JLeW5zU1pObVRmUnluRDdaaGl1WlZLNUZURWhQaXZUaVAwaHdLeTRMZGZUM0NsSkJSWmdMVVJZYUtSYlFwYkQgdWJ1bnR1QGp1bXBob3N0Cg== create-mgmt-network: false lb-mgmt-controller-cacert: |- <certificate> lb-mgmt-controller-cert: |- <certificate> lb-mgmt-issuing-ca-key-passphrase: <passphrase> lb-mgmt-issuing-ca-private-key: |- <private key> lb-mgmt-issuing-cacert: |- <certificate> loadbalancer-topology: ACTIVE_STANDBY openstack-origin: cloud:bionic-train region: RegionOne use-internal-endpoints: true vip: 10.92.76.135 192.168.2.18 worker-multiplier: 0.25 bindings: "": oam-space admin: oam-space amqp: oam-space certificates: oam-space cluster: oam-space ha: oam-space identity-service: oam-space internal: oam-space neutron-api: oam-space neutron-openvswitch: oam-space ovsdb-cms: oam-space ovsdb-subordinate: oam-space public: public-space shared-db: oam-space octavia-dashboard: charm: cs:octavia-dashboard-17 bindings: "": alpha certificates: alpha dashboard: alpha octavia-diskimage-retrofit: charm: cs:octavia-diskimage-retrofit-12 options: amp-image-tag: octavia-amphora retrofit-uca-pocket: train bindings: "": oam-space certificates: oam-space identity-credentials: oam-space juju-info: oam-space octavia-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha openstack-dashboard: charm: cs:openstack-dashboard-295 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: cinder-backup: false endpoint-type: publicURL neutron-network-firewall: false neutron-network-l3ha: true neutron-network-lb: true openstack-origin: cloud:bionic-train password-retrieve: true secret: encryptcookieswithme vip: 10.92.77.11 webroot: / constraints: spaces=oam-space bindings: "": public-space certificates: public-space cluster: public-space dashboard-plugin: public-space ha: public-space identity-service: public-space nrpe-external-master: public-space public: public-space shared-db: oam-space website: public-space websso-fid-service-provider: public-space websso-trusted-dashboard: public-space placement: charm: cs:placement-11 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: openstack-origin: cloud:bionic-train region: RegionOne use-internal-endpoints: true vip: 10.92.77.19 192.168.2.19 bindings: "": oam-space admin: oam-space amqp: oam-space certificates: oam-space cluster: oam-space ha: oam-space identity-service: oam-space internal: oam-space placement: oam-space public: public-space shared-db: oam-space placement-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha rabbitmq-server: charm: cs:rabbitmq-server-97 num_units: 4 to: - lxd:0 - lxd:1 - lxd:2 - lxd:13 options: min-cluster-size: 3 source: cloud:bionic-train bindings: "": oam-space amqp: oam-space ceph: oam-space certificates: oam-space cluster: oam-space ha: oam-space nrpe-external-master: oam-space radosgw-hacluster: charm: cs:hacluster-72 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha ubuntu: charm: cs:ubuntu-15 num_units: 4 to: - "0" - "1" - "2" - "13" bindings: "": alpha vault: charm: cs:vault-39 num_units: 3 to: - lxd:0 - lxd:1 - lxd:2 options: vip: 192.168.2.20 bindings: "": oam-space access: oam-space certificates: oam-space cluster: oam-space db: oam-space etcd: oam-space external: oam-space ha: oam-space nrpe-external-master: oam-space secrets: oam-space shared-db: oam-space vault-hacluster: charm: cs:hacluster-62 options: cluster_count: 3 bindings: "": alpha ha: alpha hanode: alpha juju-info: alpha nrpe-external-master: alpha pacemaker-remote: alpha peer-availability: alpha machines: "0": constraints: tags=controller1 "1": constraints: tags=controller2 "2": constraints: tags=controller3 "3": constraints: tags=compute1 "4": constraints: tags=compute2 "5": constraints: tags=compute3 "6": constraints: tags=compute4 "9": constraints: tags=command "13": constraints: tags=controller4 "14": constraints: tags=controller5 "15": constraints: tags=compute5 "17": constraints: tags=CEPH "19": constraints: tags=CEPH "21": constraints: tags=CEPH "22": constraints: tags=CSN relations: - - ubuntu:juju-info - ntp:juju-info - - mysql:ha - mysql-hacluster:ha - - keystone:shared-db - mysql:shared-db - - keystone:ha - keystone-hacluster:ha - - glance:shared-db - mysql:shared-db - - glance:identity-service - keystone:identity-service - - nova-cloud-controller:shared-db - mysql:shared-db - - nova-cloud-controller:identity-service - keystone:identity-service - - nova-cloud-controller:image-service - glance:image-service - - nova-cloud-controller:ha - ncc-hacluster:ha - - neutron-api:shared-db - mysql:shared-db - - neutron-api:neutron-api - nova-cloud-controller:neutron-api - - neutron-api:identity-service - keystone:identity-service - - neutron-api:ha - neutron-hacluster:ha - - nova-compute:image-service - glance:image-service - - nova-compute:cloud-compute - nova-cloud-controller:cloud-compute - - nova-compute:juju-info - ntp:juju-info - - openstack-dashboard:identity-service - keystone:identity-service - - openstack-dashboard:ha - dashboard-hacluster:ha - - heat:shared-db - mysql:shared-db - - heat:identity-service - keystone:identity-service - - heat:ha - heat-hacluster:ha - - placement:shared-db - mysql:shared-db - - placement:identity-service - keystone:identity-service - - placement:placement - nova-cloud-controller:placement - - contrail-controller:contrail-controller - contrail-agent:contrail-controller - - contrail-agent:juju-info - nova-compute:juju-info - - contrail-analytics:contrail-analyticsdb - contrail-analyticsdb:contrail-analyticsdb - - contrail-analytics:contrail-analytics - contrail-controller:contrail-analytics - - contrail-analytics:http-services - contrail-haproxy:reverseproxy - - contrail-analyticsdb:contrail-analyticsdb - contrail-controller:contrail-analyticsdb - - contrail-controller:contrail-auth - contrail-keystone-auth:contrail-auth - - contrail-controller:http-services - contrail-haproxy:reverseproxy - - contrail-controller:https-services - contrail-haproxy:reverseproxy - - contrail-keystone-auth:identity-admin - keystone:identity-admin - - contrail-openstack:nova-compute - nova-compute:neutron-plugin - - contrail-openstack:neutron-api - neutron-api:neutron-plugin-api-subordinate - - contrail-openstack:heat-plugin - heat:heat-plugin-subordinate - - contrail-openstack:contrail-controller - contrail-controller:contrail-controller - - contrail-haproxy:juju-info - contrail-keepalived:juju-info - - nova-cloud-controller:memcache - memcached:cache - - external-policy-routing:juju-info - openstack-dashboard:juju-info - - external-policy-routing:juju-info - glance:juju-info - - external-policy-routing:juju-info - heat:juju-info - - external-policy-routing:juju-info - keystone:juju-info - - external-policy-routing:juju-info - neutron-api:juju-info - - external-policy-routing:juju-info - nova-cloud-controller:juju-info - - external-policy-routing:juju-info - contrail-haproxy:juju-info - - ntp:juju-info - contrail-controller:juju-info - - ntp:juju-info - contrail-analytics:juju-info - - ntp:juju-info - contrail-analyticsdb:juju-info - - ntp:juju-info - neutron-api:juju-info - - ntp:juju-info - heat:juju-info - - contrail-command:contrail-controller - contrail-controller:contrail-controller - - glance:ha - glance-hacluster:ha - - placement:ha - placement-hacluster:ha - - mysql:shared-db - octavia:shared-db - - mysql:shared-db - barbican:shared-db - - mysql:shared-db - vault:shared-db - - keystone:identity-service - octavia:identity-service - - keystone:identity-service - barbican:identity-service - - neutron-api:neutron-load-balancer - octavia:neutron-api - - openstack-dashboard:dashboard-plugin - octavia-dashboard:dashboard - - barbican-vault:secrets - barbican:secrets - - vault:secrets - barbican-vault:secrets-storage - - glance-simplestreams-sync:juju-info - octavia-diskimage-retrofit:juju-info - - keystone:identity-service - glance-simplestreams-sync:identity-service - - keystone:identity-credentials - octavia-diskimage-retrofit:identity-credentials - - contrail-openstack:nova-compute - octavia:neutron-openvswitch - - vault:ha - vault-hacluster:ha - - etcd:certificates - easyrsa:client - - etcd:db - vault:etcd - - barbican:ha - barbican-hacluster:ha - - octavia:ha - octavia-hacluster:ha - - rabbitmq-server:amqp - barbican:amqp - - rabbitmq-server:amqp - glance-simplestreams-sync:amqp - - rabbitmq-server:amqp - heat:amqp - - rabbitmq-server:amqp - neutron-api:amqp - - rabbitmq-server:amqp - nova-cloud-controller:amqp - - rabbitmq-server:amqp - nova-compute:amqp - - rabbitmq-server:amqp - octavia:amqp - - ceph-mon:osd - ceph-osd:mon - - ceph-radosgw:juju-info - external-policy-routing:juju-info - - ceph-radosgw:ha - radosgw-hacluster:ha - - ceph-radosgw:mon - ceph-mon:radosgw - - ceph-radosgw:identity-service - keystone:identity-service - - vault:certificates - ceph-radosgw:certificates - - ceph-radosgw:object-store - glance:object-store - - ceph-mon:client - glance:ceph - - ironic-conductor:amqp - rabbitmq-server:amqp - - ironic-conductor:identity-credentials - keystone:identity-credentials - - ironic-conductor:shared-db - mysql:shared-db - - vault:certificates - ironic-conductor:certificates - - nova-ironic:amqp - rabbitmq-server:amqp - - nova-ironic:image-service - glance:image-service - - nova-ironic:cloud-credentials - keystone:identity-credentials - - nova-ironic:cloud-compute - nova-cloud-controller:cloud-compute - - ceph-mon:client - nova-ironic:ceph - - nova-ironic:juju-info - ntp:juju-info - - contrail-agent-csn:juju-info - nova-ironic:juju-info - - contrail-agent-csn:contrail-controller - contrail-controller:contrail-controller - - ironic-api:ha - ironic-api-hacluster:ha - - ironic-conductor:ironic-api - ironic-api:ironic-api - - ironic-api:amqp - rabbitmq-server:amqp - - ironic-api:identity-service - keystone:identity-service - - ironic-api:shared-db - mysql:shared-db - - vault:certificates - ironic-api:certificates - - nova-ironic:ironic-api - ironic-api:ironic-api