Installing OpenContrail with Ansible on CentOS 7 and Kubernetes
(: September 30, 2018)
Hello good people. If you’re on this page you must be working on an interesting project!. We’ll look at the steps of Installing OpenContrail with Ansible on CentOS 7 server. I’m doing this on a freshly installed CentOS 7 server for POC and testing purposes.
We can just define what OpenContrail is before we dive into the installation steps. This will be helpful for those new to OpenContrail.
The official OpenContrail website defines OpenContrail as “an Apache 2.0-licensed project that is built using standards-based protocols and provides all the necessary components for network virtualization–SDN controller, virtual router, analytics engine, and published northbound APIs. It has an extensive REST API to configure and gather operational and analytics data from the system”.
OpenContrail Key Features.
- Routing and Switching
- Load Balancing
- Network Services
- Performance and Scale
- Security and Policies
- Gateway Services
- Rich Analytics
- HAs and Upgrades
- APIs and Orchestration
Please click on the provided links for a detailed explanation of the items.
What we’re trying to achieve in our Project with OpenContrail is:
- Set up an Overlay networking to interconnect two data centers without relying on the underlying network links. This will help with VM Mobility across the 2 zones.
- Achieve a better functionality for the VPCs(Virtual Private Cloud) for VMs under our Openstack / Cloudstack and VMware Infrastructure.
- Using OpenContrail as a controller for the SD WAN services
For this setup, I’m running everything on a single server. Once convinced to run it on production, we’ll have to do a multi-server installation with HA. My dedicated server specs are:
- Dell PowerEdge R610
- Intel(R) Xeon(R) CPU L5630 @ 2.13GHz (2×8)
- 96GB RAM
- OS: CentOS Linux release 7.4.1708 (Core)
The Prerequisites are:
- Python 2.7
- Kubernetes – kubelet kubeadm kubectl kubernetes-cni
Disable SELinux unless you’re a SELinux Guru:
# setenforce 0 # sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config # cat /etc/selinux/config
Also, disable firewalld, you’ll have a good number of ports that need to be opened. You can later turn it on when everything is running.
# systemctl disable firewalld && systemctl stop firewalld
Add epel repository:
To add the epel repo, run the command:
# yum -y install epel-release
For Docker installation, use our guide: How to install Docker CE on Ubuntu / Debian / Fedora
Install ansible, python-pip, docker-compose and docker-py python modules
We’ll require these items installed on our server for the next parts. So install them here.
# yum -y install ansible python-pip docker-compose # pip install --upgrade pip # pip install docker-py docker-compose
Install kubelet kubeadm kubectl kubernetes-cni
You have to first add the official Kubernetes repository for CentOS 7.
cat <<EOF > /etc/yum.repos.d/kubernetes.repo [kubernetes] name=Kubernetes baseurl=http://yum.kubernetes.io/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg EOF
Then install packages:
# yum install -y kubelet kubeadm kubectl kubernetes-cni
Start and enable Docker
# systemctl start docker && systemctl enable docker
If you get error complain from Kubelet regarding swap being on, you can turn it off using command swapoff.
# swapoff /dev/mapper/centos-swap
At this point, all dependencies you have been met. Proceed to the deployment of OpenContrail.
Deploy OpenContrail with Ansible on Kubernetes
Install git, vim, tmux and bash-completion if not already installed.
# yum -y install vim git tmux bash-completion
Clone OpenContrail Ansible repository:
# git clone http://github.com/Juniper/contrail-ansible-deployer
Configure host inventory for ansible
Change to the contrail-ansible-deployer directory:
# cd contrail-ansible-deployer
Edit the file:
# cat inventory/hosts localhost: hosts: localhost: config_file: ../config/instances.yaml connection: local ansible_connection: local python_interpreter: python ansible_python_interpreter: python container_hosts: hosts: localhost # ansible_ssh_pass: contrail123 # 192.168.1.101: # ansible_ssh_pass: contrail123 # 192.168.1.102: # ansible_ssh_pass: contrail123
If your container hosts are remote uncomment the lines for container_hosts:
Note that in case no configuration is provided, the playbook will do an all in one installation on all hosts specified in inventory/hosts.
The following roles are installed by default: [‘analytics‘, ‘analytics_database‘, ‘config’, ‘config_database‘, ‘control‘, ‘k8s_master‘, ‘vrouter‘, ‘webui‘].
The registry defaults to opencontrailnightly and the latest tag of the container.
For customization the file inventory/group_vars/container_hosts.yml must be created. The inventory/group_vars directory contains some examples. In this file the following settings can be set:
- Contrail Service configuration
- Registry settings
- Container versions
- Role assignments
Populate the configuration
Edit the file config/instances.yaml
Create a new tmux session and start deployment.
# tmux new -s contrail # ansible-playbook -i inventory/ playbooks/deploy.yml | tee /root/setup-contrail.log
Wait for the deployment to finish. The UI dashboard should be accessible on:
Example 2: OpenContrail Deployment on KVM with Ansible
This example setup consists of a single bare metal server with KVM. After deployment with, the server ends up running three base VMs:
- 2 Controller VMs with Contrail controller
- 1 compute VM with Contrail vRouter
Read the complete guide below: