cpe-deployments/config/overlays/contrail.yaml

---
variables:

  oam-space:           &oam-space           oam
  public-space:        &public-space        oam

  docker-registry: &docker-registry hub.juniper.net/contrail
  docker-user: &docker-user include-file://../../secrets/juniper-username.txt
  docker-password: &docker-password include-file://../../secrets/juniper-password.txt
  #docker_runtime_repo: &docker-repo http://repo1.nci.bt.com/wes-505/current/mirror/download.docker.com/linux/ubuntu/
  #docker_runtime_key_url: &docker-key http://repo1.nci.bt.com/wes-505/current/mirror/download.docker.com/linux/ubuntu/gpg

  #image-tag: &image-tag 5.1.0-0.38-queens
  #adastral image-tag: &image-tag 19.30-queens
  # contrail version
  image-tag: &image-tag "2011.138" #New LTS release - 1912.L1.46"
  #contrail-proxy: &contrail-proxy ""
  #contrail-no-proxy: &contrail-no-proxy ""
  # in old charms - network also used for api calls - contrail controller and api
  # in latest charms - seperate api network. could split this.
  # contrail-control-net: &contrail-control-net 172.16.4.0/22
  # #contrail net now on OAM
  contrail-control-net: &contrail-control-net 10.0.1.0/24
  # Data net on SDN transport
  contrail-data-net: &contrail-data-net 10.0.6.0/24
  # api in external
  contrail-api-vip: &contrail-api-vip 10.0.1.221
  # contrail log level (SYS_NOTICE or SYS_DEBUG)
  contrail-log-level: &contrail-log-level SYS_DEBUG

applications:
# Contrail applications
  contrail-openstack:
    charm: cs:~juniper-os-software/contrail-openstack
    options:
      docker-registry: *docker-registry
      docker-user: *docker-user
      docker-password: *docker-password
      #docker_runtime_repo: *docker-repo
      #docker_runtime_key_url: *docker-key
      #temp change to apt until bug fixed around no_proxy
      #https://github.com/Juniper/contrail-charms/issues/150
      #docker_runtime: apt
      #docker_runtime: custom
      image-tag: *image-tag
      #https_proxy: *contrail-proxy
      #http_proxy: *contrail-proxy
      #no_proxy: *contrail-no-proxy

  contrail-agent:
    charm: cs:~juniper-os-software/contrail-agent
    options:
      log-level: *contrail-log-level
      docker-registry: *docker-registry
      docker-user: *docker-user
      docker-password: *docker-password
      #docker_runtime_repo: *docker-repo
      #docker_runtime_key_url: *docker-key
      #temp change to apt until bug fixed around no_proxy
      #https://github.com/Juniper/contrail-charms/issues/150
      #docker_runtime: apt
      #docker_runtime: custom
      image-tag: *image-tag
      #https_proxy: *contrail-proxy
      #http_proxy: *contrail-proxy
      #no_proxy: *contrail-no-proxy
      #physical-interface: ens8
      #vhost-gateway: auto
      #sriov-physical-interface: enp94s0f0
      #sriov-numvfs: "12"

  contrail-analytics:
    charm: cs:~juniper-os-software/contrail-analytics
    num_units: 3
    bindings:
      "": *oam-space
    expose: true
    options:
      log-level: *contrail-log-level
      docker-registry: *docker-registry
      docker-user: *docker-user
      docker-password: *docker-password
      #docker_runtime_repo: *docker-repo
      #docker_runtime_key_url: *docker-key
      #temp change to apt until bug fixed around no_proxy
      #https://github.com/Juniper/contrail-charms/issues/150
      #docker_runtime: apt
      #docker_runtime: custom
      image-tag: *image-tag
      #https_proxy: *contrail-proxy
      #http_proxy: *contrail-proxy
      #no_proxy: *contrail-no-proxy
      control-network: *contrail-control-net
      haproxy-http-mode: "http"
      min-cluster-size: 3
      # added to try to resolve issue with contrail-haproxy IJ Juniper case: 2020-0708-0220
      vip: *contrail-api-vip
    to:
      - 500
      - 501
      - 502

  contrail-analytics-db:
    charm: cs:~juniper-os-software/contrail-analyticsdb
    num_units: 3
    bindings:
      "": *oam-space
    expose: true
    options:
      log-level: *contrail-log-level
      docker-registry: *docker-registry
      docker-user: *docker-user
      docker-password: *docker-password
      #docker_runtime_repo: *docker-repo
      #docker_runtime_key_url: *docker-key
      #temp change to apt until bug fixed around no_proxy
      #https://github.com/Juniper/contrail-charms/issues/150
      #docker_runtime: apt
      #docker_runtime: custom
      image-tag: *image-tag
      #https_proxy: *contrail-proxy
      #http_proxy: *contrail-proxy
      #no_proxy: *contrail-no-proxy
      control-network: *contrail-control-net
      cassandra-minimum-diskgb: "4"
      cassandra-jvm-extra-opts: "-Xms2g -Xmx4g"
      min-cluster-size: 3
    to:
      - 503
      - 504
      - 505

  keepalived:
    charm: cs:~containers/keepalived
    options:
      virtual_ip: *contrail-api-vip
      port: 8143

  contrail-haproxy:
    charm: cs:haproxy
    num_units: 3
    bindings:
      "": *oam-space
      #changed: reverseproxy: *overlay-space
      reverseproxy: *oam-space
      website: *public-space
      public: *public-space
    options:
      default_timeouts: >-
        queue 60000, connect 5000, client 120000, server 120000
      services: ""
      source: backports
      peering_mode: "active-active"
      enable_monitoring: True
      ssl_cert: SELFSIGNED
    to:
      - lxd:500
      - lxd:501
      - lxd:502

  contrail-controller:
    charm: cs:~juniper-os-software/contrail-controller
    num_units: 3
    bindings:
      "": *oam-space
    expose: true
    options:
      log-level: *contrail-log-level
      docker-registry: *docker-registry
      docker-user: *docker-user
      docker-password: *docker-password
      #docker_runtime_repo: *docker-repo
      #docker_runtime_key_url: *docker-key
      #temp change to apt until bug fixed around no_proxy
      #https://github.com/Juniper/contrail-charms/issues/150
      #docker_runtime: apt
      #docker_runtime: custom
      image-tag: *image-tag
      #https_proxy: *contrail-proxy
      #http_proxy: *contrail-proxy
      #no_proxy: *contrail-no-proxy
      control-network: *contrail-control-net
      #new data network as we are now splitting above function
      #data-network: *contrail-data-net
      auth-mode: rbac
      cassandra-minimum-diskgb: "4"
      cassandra-jvm-extra-opts: "-Xms1g -Xmx2g"
      vip: *contrail-api-vip
      #local-rabbitmq-hostname-resolution: True
      haproxy-https-mode: tcp
      haproxy-http-mode: http
      bgp-asn: '65000'
      min-cluster-size: 3
    to:
      - 506
      - 507
      - 508

  contrail-keystone-auth:
    charm: cs:~juniper-os-software/contrail-keystone-auth
    num_units: 3
    bindings:
      "": *oam-space
    to:
      - lxd:503
      - lxd:504
      - lxd:505

relations:
  - ["contrail-keystone-auth:identity-admin", "keystone:identity-admin"]

  - ["contrail-controller:contrail-auth", "contrail-keystone-auth:contrail-auth"]
  - ["contrail-controller:contrail-analytics", "contrail-analytics:contrail-analytics"]
  - ["contrail-controller:contrail-analyticsdb", "contrail-analytics-db:contrail-analyticsdb"]
  - ["contrail-controller", "ntp"]

  - ["contrail-analytics:contrail-analyticsdb", "contrail-analytics-db:contrail-analyticsdb"]
  - ["contrail-analytics", "ntp"]

  - ["contrail-analytics-db", "ntp"]

  - ["contrail-openstack:nova-compute", "nova-compute:neutron-plugin"]
  - ["contrail-openstack:neutron-api", "neutron-api:neutron-plugin-api-subordinate"]
  - ["contrail-openstack:heat-plugin", "heat:heat-plugin-subordinate"]
  - ["contrail-openstack:contrail-controller", "contrail-controller:contrail-controller"]

  - ["contrail-agent:juju-info", "nova-compute:juju-info"]
  - ["contrail-agent:contrail-controller", "contrail-controller:contrail-controller"]
  - ["contrail-analytics:http-services", "contrail-haproxy:reverseproxy"]
  - ["contrail-controller:http-services", "contrail-haproxy:reverseproxy"]
  - ["contrail-controller:https-services", "contrail-haproxy:reverseproxy"]
  - ["contrail-haproxy:juju-info", "keepalived:juju-info"]

  # added to support SSL on API
  #- [ "contrail-agent:tls-certificates", "easyrsa:client" ]
  #- [ "contrail-agent-dpdk:tls-certificates", "easyrsa:client" ]
  #- [ "contrail-controller:tls-certificates", "easyrsa:client" ]
  #- [ "contrail-analytics:tls-certificates", "easyrsa:client" ]
  #- [ "contrail-analytics-db:tls-certificates", "easyrsa:client" ]

  - [ "contrail-controller:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
  - [ "contrail-controller:juju-info", "telegraf:juju-info" ]
  - [ "contrail-controller:juju-info", "filebeat:beats-host" ]
  - [ "contrail-controller:juju-info", "landscape-client:container" ]

  - [ "contrail-analytics:juju-info", "telegraf:juju-info" ]
  - [ "contrail-analytics:juju-info", "filebeat:beats-host" ]
  - [ "contrail-analytics:juju-info", "landscape-client:container" ]
  - [ "contrail-analytics:nrpe-external-master", "nrpe-container:nrpe-external-master" ]

  - [ "contrail-analytics-db:juju-info", "telegraf:juju-info" ]
  - [ "contrail-analytics-db:juju-info", "filebeat:beats-host" ]
  - [ "contrail-analytics-db:juju-info", "landscape-client:container" ]
  - [ "contrail-analytics-db:nrpe-external-master", "nrpe-container:nrpe-external-master" ]

  - [ "contrail-haproxy:juju-info", "telegraf:juju-info" ]
  - [ "contrail-haproxy:juju-info", "filebeat:beats-host" ]
  - [ "contrail-haproxy:juju-info", "landscape-client:container" ]
  - [ "contrail-haproxy:nrpe-external-master", "nrpe-container:nrpe-external-master" ]

  - [ "contrail-keystone-auth:juju-info", "telegraf:juju-info" ]
  - [ "contrail-keystone-auth:juju-info", "filebeat:beats-host" ]
  - [ "contrail-keystone-auth:juju-info", "landscape-client:container" ]
  - [ "contrail-keystone-auth:nrpe-external-master", "nrpe-container:nrpe-external-master" ]