You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

Hello good people. If you’re on this page you must be working on an interesting project!. We’ll look at the steps of Installing OpenContrail with Ansible on CentOS 7 server. I’m doing this on a freshly installed CentOS 7 server for POC and testing purposes.

We can just define what OpenContrail is before we dive into the installation steps. This will be helpful for those new to OpenContrail.

What’s OpenContrail?

The official OpenContrail website defines OpenContrail as “an Apache 2.0-licensed project that is built using standards-based protocols and provides all the necessary components for network virtualization–SDN controller, virtual router, analytics engine, and published northbound APIs. It has an extensive REST API to configure and gather operational and analytics data from the system”.

OpenContrail Key Features.

Please click on the provided links for a detailed explanation of the items.

What we’re trying to achieve in our Project with OpenContrail is:

  • Set up an Overlay networking to interconnect two data centers without relying on the underlying network links. This will help with VM Mobility across the 2 zones.
  • Achieve a better functionality for the VPCs(Virtual Private Cloud) for VMs under our Openstack / Cloudstack and VMware Infrastructure.
  • Using OpenContrail as a controller for the SD WAN services

opencontrail diagram

Setup Prerequisites

For this setup, I’m running everything on a single server. Once convinced to run it on production, we’ll have to do a multi-server installation with HA. My dedicated server specs are:

  • Dell PowerEdge R610
  • Intel(R) Xeon(R) CPU L5630 @ 2.13GHz (2×8)
  • 96GB RAM
  • OS: CentOS Linux release 7.4.1708 (Core)

The Prerequisites are:

  • Python 2.7
  • Docker
  • python-pip
  • docker-compose
  • docker-py
  • ansible
  • Kubernetes – kubelet kubeadm kubectl kubernetes-cni

Installing Prerequisites

Disable SELinux unless you’re a SELinux Guru:

# setenforce 0
# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
# cat /etc/selinux/config

Also, disable firewalld, you’ll have a good number of ports that need to be opened. You can later turn it on when everything is running.

# systemctl disable firewalld && systemctl stop firewalld

Add epel repository:

To add the epel repo, run the command:

# yum -y install epel-release

Install Docker

For Docker installation, use our guide: How to install Docker CE on Ubuntu / Debian / Fedora 

Install ansible, python-pip, docker-compose and docker-py python modules

We’ll require these items installed on our server for the next parts. So install them here.

# yum -y install ansible python-pip docker-compose
# pip install --upgrade pip
# pip install docker-py docker-compose

Install kubelet kubeadm kubectl kubernetes-cni

You have to first add the official Kubernetes repository for CentOS 7.

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

Then install packages:

# yum install -y kubelet kubeadm kubectl kubernetes-cni

Start and enable Docker

# systemctl start docker && systemctl enable docker

If you get error complain from Kubelet regarding swap being on, you can turn it off using command swapoff.

# swapoff /dev/mapper/centos-swap

At this point, all dependencies you have been met. Proceed to the deployment of OpenContrail.

Deploy OpenContrail with Ansible on Kubernetes

Install git, vim, tmux and bash-completion if not already installed.

# yum -y install vim git tmux bash-completion

Clone OpenContrail Ansible repository:

# git clone

Configure host inventory for ansible

Change to the contrail-ansible-deployer directory:

# cd contrail-ansible-deployer

Edit the file:

# cat inventory/hosts 
config_file: ../config/instances.yaml
connection: local
ansible_connection: local
python_interpreter: python
ansible_python_interpreter: python

# ansible_ssh_pass: contrail123
# ansible_ssh_pass: contrail123
# ansible_ssh_pass: contrail123

If your container hosts are remote uncomment the lines for container_hosts:

Note that in case no configuration is provided, the playbook will do an all in one installation on all hosts specified in inventory/hosts.

The following roles are installed by default: [‘analytics‘, ‘analytics_database‘, ‘config’, ‘config_database‘, ‘control‘, ‘k8s_master‘, ‘vrouter‘, ‘webui‘].

The registry defaults to opencontrailnightly and the latest tag of the container.

For customization the file inventory/group_vars/container_hosts.yml must be created. The inventory/group_vars directory contains some examples. In this file the following settings can be set:

  • Contrail Service configuration
  • Registry settings
  • Container versions
  • Role assignments

Populate the configuration

Edit the file config/instances.yaml

vim config/instances.yaml

Create a new tmux session and start deployment.

# tmux new -s contrail
# ansible-playbook -i inventory/ playbooks/deploy.yml | tee /root/setup-contrail.log

Wait for the deployment to finish. The UI dashboard should be accessible on:


Username: admin
Password: contrail123

Example 2: OpenContrail Deployment on KVM with Ansible

This example setup consists of a single bare metal server with KVM. After deployment with, the server ends up running three base VMs:

  • 2 Controller VMs with Contrail controller
  • 1 compute VM with Contrail vRouter

Read the complete guide below:

Deploy OpenContrail on KVM with Ansible


As an appreciation for the content we put out,
we would be thrilled if you support us!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here