Add support for Neutron L3 HA feature

Neutron L3 HA feature adds an ability to schedule a virtual router to at least two L3 agents and an opportunity to establish connection faster after L3 agent failover than router rescheduling. Blueprint: neutron-vrrp-deployment Change-Id: If26ee7d7a56fccd3f0dc67792fd6c9807f07a8c2
2015-11-05 16:17:26 +03:00 · 2015-11-05 16:17:26 +03:00 · 983fbbe8c0
commit 983fbbe8c0
parent 0fd237418e
10 changed files with 1276 additions and 45 deletions
--- a/deployment/puppet/osnailyfacter/modular/openstack-network/routers.pp
+++ b/deployment/puppet/osnailyfacter/modular/openstack-network/routers.pp
@ -1,6 +1,12 @@
 notice('MODULAR: openstack-network/routers.pp')

-$use_neutron    = hiera('use_neutron', false)
+$use_neutron              = hiera('use_neutron', false)
+$neutron_advanced_config  = hiera_hash('neutron_advanced_configuration', { })
+# In case of L3 HA enabled this task must be executed on a post-deployment stage.
+# as HA routers can't be created when less then 2 L3 agents are available (Neutron limitation)
+$l3_ha                    = pick($neutron_advanced_config['neutron_l3_ha'], false)
+$neutron_controller_roles = hiera('neutron_controller_roles', ['controller', 'primary-controller'])
+$controllers_num          = size(get_nodes_hash_by_roles(hiera('network_metadata'), $neutron_controller_roles))

 if $use_neutron {

@ -12,21 +18,25 @@ if $use_neutron {
  $default_router        = try_get_value($neutron_config, 'default_router', 'router04')
  $nets                  = $neutron_config['predefined_networks']

-  neutron_router { $default_router:
-    ensure               => 'present',
-    gateway_network_name => $floating_net,
-    name                 => $default_router,
-    tenant_name          => $keystone_admin_tenant,
-  } ->
+  if ($l3_ha) and ($controllers_num < 2) {
+    warning ("Not enough controllers to create an HA router")
+  } else {
+    neutron_router { $default_router:
+      ensure               => 'present',
+      gateway_network_name => $floating_net,
+      name                 => $default_router,
+      tenant_name          => $keystone_admin_tenant,
+    } ->

-  neutron_router_interface { "${default_router}:${private_net}__subnet":
-    ensure => 'present',
-  }
+    neutron_router_interface { "${default_router}:${private_net}__subnet":
+      ensure => 'present',
+    }

-  if has_key($nets, 'baremetal') {
-    neutron_router_interface { "${default_router}:baremetal__subnet":
-        ensure  => 'present',
-        require => Neutron_router[$default_router]
+    if has_key($nets, 'baremetal') {
+      neutron_router_interface { "${default_router}:baremetal__subnet":
+          ensure  => 'present',
+          require => Neutron_router[$default_router]
+      }
    }
  }
 }
--- a/deployment/puppet/osnailyfacter/modular/openstack-network/server-config.pp
+++ b/deployment/puppet/osnailyfacter/modular/openstack-network/server-config.pp
@ -38,7 +38,9 @@ if $use_neutron {
  $service_workers = pick($neutron_config['workers'], min(max($::processorcount, 2), 16))

  $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
-  $dvr = pick($neutron_advanced_config['neutron_dvr'], false)
+  $dvr                     = pick($neutron_advanced_config['neutron_dvr'], false)
+  $l3_ha                   = pick($neutron_advanced_config['neutron_l3_ha'], false)
+  $l3agent_failover        = $l3_ha ? { true => false, default => true}

  $nova_auth_user          = pick($nova_hash['user'], 'nova')
  $nova_auth_password      = $nova_hash['user_password']
@ -59,7 +61,10 @@ if $use_neutron {
    database_max_retries             => '-1',

    agent_down_time                  => '30',
-    allow_automatic_l3agent_failover => true,
+    allow_automatic_l3agent_failover => $l3agent_failover,
+    l3_ha                            => $l3_ha,
+    min_l3_agents_per_router         => 2,
+    max_l3_agents_per_router         => 0,

    api_workers                      => $service_workers,
    rpc_workers                      => $service_workers,
--- a/deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml
+++ b/deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml
@ -68,6 +68,7 @@
 - id: openstack-network-routers
  type: puppet
  groups: [primary-controller]
+  condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == false"
  required_for: [openstack-network-end]
  requires: [openstack-network-networks]
  parameters:
@ -75,6 +76,20 @@
    puppet_modules: /etc/puppet/modules
    timeout: 1800

+# Additional task for routers when L3 HA is enabled
+# HA routers must be created on post-deployment step when all L3 agents are available
+- id: openstack-network-routers-ha
+  type: puppet
+  role: [primary-controller]
+  condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == true"
+  required_for: [post_deployment_end]
+  requires: [post_deployment_start]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/routers.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 1800
+    cwd: /
+
 - id: openstack-network-agents-l3
  type: puppet
  groups: [primary-controller,controller,compute]
--- a/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-ceph-osd.yaml
+++ b/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-ceph-osd.yaml
@ -540,6 +540,7 @@ public_network_assignment:
 neutron_advanced_configuration:
  neutron_dvr: false
  neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:
--- a/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-compute.yaml
+++ b/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-compute.yaml
@ -540,6 +540,7 @@ public_network_assignment:
 neutron_advanced_configuration:
  neutron_dvr: false
  neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:
--- a/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-controller.yaml
+++ b/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-controller.yaml
--- a/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-primary-controller.yaml
+++ b/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-primary-controller.yaml
@ -328,6 +328,47 @@ network_metadata:
      node_roles:
        - compute
      name: node-127
+    node-128:
+      swift_zone: '1'
+      uid: '128'
+      fqdn: node-128.test.domain.local
+      network_roles:
+        keystone/api: 192.168.0.8
+        neutron/api: 192.168.0.8
+        mgmt/database: 192.168.0.8
+        sahara/api: 192.168.0.8
+        heat/api: 192.168.0.8
+        ceilometer/api: 192.168.0.8
+        ex: 172.16.0.8
+        ceph/public: 192.168.0.8
+        ceph/radosgw: 172.16.0.8
+        management: 192.168.0.8
+        swift/api: 192.168.0.8
+        mgmt/api: 192.168.0.8
+        storage: 192.168.1.8
+        mgmt/corosync: 192.168.0.8
+        cinder/api: 192.168.0.8
+        public/vip: 172.16.0.8
+        swift/replication: 192.168.1.8
+        mgmt/messaging: 192.168.0.8
+        neutron/mesh: 192.168.0.8
+        admin/pxe: 10.109.0.9
+        mongo/db: 192.168.0.8
+        neutron/private:
+        neutron/floating:
+        fw-admin: 10.109.0.9
+        glance/api: 192.168.0.8
+        mgmt/vip: 192.168.0.8
+        murano/api: 192.168.0.8
+        nova/api: 192.168.0.8
+        horizon: 192.168.0.8
+        mgmt/memcache: 192.168.0.8
+        cinder/iscsi: 192.168.1.8
+        ceph/replication: 192.168.1.8
+      user_node_name: Untitled (56:67)
+      node_roles:
+        - controller
+      name: node-128
  vips:
    vrouter:
      ipaddr: 192.168.0.6
@ -526,6 +567,18 @@ nodes:
  swift_zone: '127'
  uid: '127'
  user_node_name: Untitled (74:27)
+- fqdn: node-128.test.domain.local
+  internal_address: 192.168.0.8
+  internal_netmask: 255.255.255.0
+  name: node-128
+  public_address: 172.16.0.8
+  public_netmask: 255.255.255.0
+  role: controller
+  storage_address: 192.168.1.8
+  storage_netmask: 255.255.255.0
+  swift_zone: '128'
+  uid: '128'
+  user_node_name: Untitled (56:67)
 nova:
  db_password: VXcP6cIR
  state_path: /var/lib/nova
@ -561,6 +614,7 @@ public_network_assignment:
 neutron_advanced_configuration:
  neutron_dvr: false
  neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:
--- a/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-primary-mongo.yaml
+++ b/tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-primary-mongo.yaml
@ -541,6 +541,7 @@ public_network_assignment:
 neutron_advanced_configuration:
  neutron_dvr: false
  neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:
--- a/tests/noop/spec/hosts/openstack-network/routers_spec.rb
+++ b/tests/noop/spec/hosts/openstack-network/routers_spec.rb
@ -9,36 +9,55 @@ describe manifest do
        neutron_config = Noop.hiera('neutron_config')
        nets = neutron_config['predefined_networks']

-        floating_net   = (neutron_config['default_floating_net'] or 'net04_ext')
-        private_net    = (neutron_config['default_private_net'] or 'net04')
-        default_router = (neutron_config['default_router'] or 'router04')
+        floating_net             = (neutron_config['default_floating_net'] or 'net04_ext')
+        private_net              = (neutron_config['default_private_net'] or 'net04')
+        default_router           = (neutron_config['default_router'] or 'router04')
+        l3_ha                    = Noop.hiera_hash('neutron_advanced_configuration', {}).fetch('neutron_l3_ha', false)
+        network_metadata         = Noop.hiera('network_metadata')
+        neutron_controller_roles = Noop.hiera('neutron_controller_nodes', ['controller', 'primary-controller'])
+        neutron_controller_nodes = Noop.puppet_function 'get_nodes_hash_by_roles', network_metadata, neutron_controller_roles
+        neutron_controllers_num  = neutron_controller_nodes.size

-        context 'Default router serves tenant networks' do
-          it 'should be created and serve gateway' do
-            should contain_neutron_router(default_router).with(
-              'ensure'               => 'present',
-              'gateway_network_name' => floating_net,
-              'name'                 => default_router,
-            )
+        if (neutron_controllers_num < 2 and l3_ha)
+          context 'With L3 HA and not enough number of controllers' do
+            it 'should not create a default router' do
+              should_not contain_neutron_router(default_router)
+            end
+            it 'should not serve private network' do
+              should_not contain_neutron_router_interface("#{default_router}:#{private_net}__subnet")
+            end
+            it 'should not serve baremetal network' do
+              should_not contain_neutron_router_interface("#{default_router}:baremetal__subnet")
+            end
          end
-          it 'should serve private network' do
-            should contain_neutron_router_interface("#{default_router}:#{private_net}__subnet").with(
-              'ensure' => 'present',
-             )
-            should contain_neutron_router(default_router).that_comes_before(
-              "Neutron_router_interface[#{default_router}:#{private_net}__subnet]"
-            )
+        else
+          context 'Default router serves tenant networks' do
+            it 'should be created and serve gateway' do
+              should contain_neutron_router(default_router).with(
+                'ensure'               => 'present',
+                'gateway_network_name' => floating_net,
+                'name'                 => default_router,
+              )
+            end
+            it 'should serve private network' do
+              should contain_neutron_router_interface("#{default_router}:#{private_net}__subnet").with(
+                'ensure' => 'present',
+               )
+              should contain_neutron_router(default_router).that_comes_before(
+                "Neutron_router_interface[#{default_router}:#{private_net}__subnet]"
+              )
+            end
          end
-        end

-        context 'Default router serves Ironic baremetal network', :if => nets.has_key?('baremetal') do
-          it 'should serve baremetal network' do
-            should contain_neutron_router_interface("#{default_router}:baremetal__subnet").with(
-              'ensure' => 'present',
-            )
-            should contain_neutron_router(default_router).that_comes_before(
-              "Neutron_router_interface[#{default_router}:baremetal__subnet]"
-            )
+          context 'Default router serves Ironic baremetal network', :if => nets.has_key?('baremetal') do
+            it 'should serve baremetal network' do
+              should contain_neutron_router_interface("#{default_router}:baremetal__subnet").with(
+                'ensure' => 'present',
+              )
+              should contain_neutron_router(default_router).that_comes_before(
+                "Neutron_router_interface[#{default_router}:baremetal__subnet]"
+              )
+            end
          end
        end
      end
--- a/tests/noop/spec/hosts/openstack-network/server-config_spec.rb
+++ b/tests/noop/spec/hosts/openstack-network/server-config_spec.rb
@ -29,9 +29,10 @@ describe manifest do
      end

      context 'with Neutron-server' do
-        neutron_config = Noop.hiera_hash('neutron_config')
-        management_vip = Noop.hiera('management_vip')
+        neutron_config   = Noop.hiera_hash('neutron_config')
+        management_vip   = Noop.hiera('management_vip')
        service_endpoint = Noop.hiera('service_endpoint', management_vip)
+        l3_ha            = Noop.hiera_hash('neutron_advanced_configuration', {}).fetch('neutron_l3_ha', false)

        it 'database options' do
          database_vip        = Noop.hiera('database_vip')
@ -64,13 +65,30 @@ describe manifest do
        it { should contain_class('neutron::server').with('manage_service' => 'true')}
        it { should contain_class('neutron::server').with('enabled' => 'false')} # bacause server should be started after plugin configured
        it { should contain_class('neutron::server').with('agent_down_time' => '30')}
-        it { should contain_class('neutron::server').with('allow_automatic_l3agent_failover' => 'true')}

        it 'dvr' do
          dvr = Noop.hiera_hash('neutron_advanced_configuration', {}).fetch('neutron_dvr', false)
          should contain_class('neutron::server').with('router_distributed' => dvr)
        end

+        if l3_ha
+          it 'l3_ha_enabled' do
+            should contain_class('neutron::server').with(
+              'l3_ha'                            => true,
+              'allow_automatic_l3agent_failover' => false,
+              'min_l3_agents_per_router'         => 2,
+              'max_l3_agents_per_router'         => 0,
+            )
+          end
+        else
+          it 'l3_ha_disabled' do
+            should contain_class('neutron::server').with(
+              'l3_ha'                            => false,
+              'allow_automatic_l3agent_failover' => true,
+            )
+          end
+        end
+
        it 'worker count' do
          fallback_workers = [[processorcount, 2].max, 16].min
          workers = neutron_config.fetch('workers', fallback_workers)