Installing OpenContrail with Ansible on CentOS 7 and Kubernetes

Posted on 256 views

Hello good people. If you’re on this page you must be working on an interesting project!. We’ll look at the steps of Installing OpenContrail with Ansible on CentOS 7 server. I’m doing this on a freshly installed CentOS 7 server for POC and testing purposes.

We can just define what OpenContrail is before we dive into the installation steps. This will be helpful for those new to OpenContrail.

What’s OpenContrail?

The official OpenContrail website defines OpenContrail as “an Apache 2.0-licensed project that is built using standards-based protocols and provides all the necessary components for network virtualization–SDN controller, virtual router, analytics engine, and published northbound APIs. It has an extensive REST API to configure and gather operational and analytics data from the system”.

OpenContrail Key Features.

Please click on the provided links for a detailed explanation of the items.

What we’re trying to achieve in our Project with OpenContrail is:

  • Set up an Overlay networking to interconnect two data centers without relying on the underlying network links. This will help with VM Mobility across the 2 zones.
  • Achieve a better functionality for the VPCs(Virtual Private Cloud) for VMs under our Openstack / Cloudstack and VMware Infrastructure.
  • Using OpenContrail as a controller for the SD WAN services



Setup Prerequisites

For this setup, I’m running everything on a single server. Once convinced to run it on production, we’ll have to do a multi-server installation with HA. My dedicated server specs are:

  • Dell PowerEdge R610
  • Intel(R) Xeon(R) CPU L5630 @ 2.13GHz (2×8)
  • 96GB RAM
  • OS: CentOS Linux release 7.4.1708 (Core)

The Prerequisites are:

  • Python 2.7
  • Docker
  • python-pip
  • docker-compose
  • docker-py
  • ansible
  • Kubernetes – kubelet kubeadm kubectl kubernetes-cni

Installing Prerequisites

Disable SELinux unless you’re a SELinux Guru:

# setenforce 0
# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# cat /etc/selinux/config

Also, disable firewalld, you’ll have a good number of ports that need to be opened. You can later turn it on when everything is running.

# systemctl disable firewalld && systemctl stop firewalld

Add epel repository:

To add the epel repo, run the command:

# yum -y install epel-release

Install Docker

For Docker installation, use our guide: How to install Docker CE on Ubuntu / Debian / Fedora 

Install ansible, python-pip, docker-compose and docker-py python modules

We’ll require these items installed on our server for the next parts. So install them here.

# yum -y install ansible python-pip docker-compose
# pip install --upgrade pip
# pip install docker-py docker-compose

Install kubelet kubeadm kubectl kubernetes-cni

You have to first add the official Kubernetes repository for CentOS 7.

cat < /etc/yum.repos.d/kubernetes.repo

Then install packages:

# yum install -y kubelet kubeadm kubectl kubernetes-cni

Start and enable Docker

# systemctl start docker && systemctl enable docker

If you get error complain from Kubelet regarding swap being on, you can turn it off using command swapoff.

# swapoff /dev/mapper/centos-swap

At this point, all dependencies you have been met. Proceed to the deployment of OpenContrail.

Deploy OpenContrail with Ansible on Kubernetes

Install git, vim, tmux and bash-completion if not already installed.

# yum -y install vim git tmux bash-completion

Clone OpenContrail Ansible repository:

# git clone

Configure host inventory for ansible

Change to the contrail-ansible-deployer directory:

# cd contrail-ansible-deployer

Edit the file:

# cat inventory/hosts 
config_file: ../config/instances.yaml
connection: local
ansible_connection: local
python_interpreter: python
ansible_python_interpreter: python

# ansible_ssh_pass: contrail123
# ansible_ssh_pass: contrail123
# ansible_ssh_pass: contrail123

If your container hosts are remote uncomment the lines for container_hosts:

Note that in case no configuration is provided, the playbook will do an all in one installation on all hosts specified in inventory/hosts.

The following roles are installed by default: [‘analytics‘, ‘analytics_database‘, ‘config’, ‘config_database‘, ‘control‘, ‘k8s_master‘, ‘vrouter‘, ‘webui‘].

The registry defaults to opencontrailnightly and the latest tag of the container.

For customization the file inventory/group_vars/container_hosts.yml must be created. The inventory/group_vars directory contains some examples. In this file the following settings can be set:

  • Contrail Service configuration
  • Registry settings
  • Container versions
  • Role assignments

Populate the configuration

Edit the file config/instances.yaml

vim config/instances.yaml

Create a new tmux session and start deployment.

# tmux new -s contrail
# ansible-playbook -i inventory/ playbooks/deploy.yml | tee /root/setup-contrail.log

Wait for the deployment to finish. The UI dashboard should be accessible on:


Username: admin
Password: contrail123

Example 2: OpenContrail Deployment on KVM with Ansible

This example setup consists of a single bare metal server with KVM. After deployment with, the server ends up running three base VMs:

  • 2 Controller VMs with Contrail controller
  • 1 compute VM with Contrail vRouter

Read the complete guide below:

Deploy OpenContrail on KVM with Ansible

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.