Add support for Neutron L3 HA feature

Neutron L3 HA feature adds an ability to schedule a virtual router to at least
two L3 agents and an opportunity to establish connection faster after L3 agent
failover than router rescheduling.

Blueprint: neutron-vrrp-deployment
Change-Id: If26ee7d7a56fccd3f0dc67792fd6c9807f07a8c2

deployment/puppet/osnailyfacter/modular/openstack-network/routers.pp

@@ -1,6 +1,12 @@
 notice('MODULAR: openstack-network/routers.pp')
 
 $use_neutron              = hiera('use_neutron', false)
+$neutron_advanced_config  = hiera_hash('neutron_advanced_configuration', { })
+# In case of L3 HA enabled this task must be executed on a post-deployment stage.
+# as HA routers can't be created when less then 2 L3 agents are available (Neutron limitation)
+$l3_ha                    = pick($neutron_advanced_config['neutron_l3_ha'], false)
+$neutron_controller_roles = hiera('neutron_controller_roles', ['controller', 'primary-controller'])
+$controllers_num          = size(get_nodes_hash_by_roles(hiera('network_metadata'), $neutron_controller_roles))
 
 if $use_neutron {
 
@@ -12,6 +18,9 @@ if $use_neutron {
   $default_router        = try_get_value($neutron_config, 'default_router', 'router04')
   $nets                  = $neutron_config['predefined_networks']
 
+  if ($l3_ha) and ($controllers_num < 2) {
+    warning ("Not enough controllers to create an HA router")
+  } else {
     neutron_router { $default_router:
       ensure               => 'present',
       gateway_network_name => $floating_net,
@@ -30,3 +39,4 @@ if $use_neutron {
       }
     }
   }
+}

deployment/puppet/osnailyfacter/modular/openstack-network/server-config.pp

@@ -39,6 +39,8 @@ if $use_neutron {
 
   $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
   $dvr                     = pick($neutron_advanced_config['neutron_dvr'], false)
+  $l3_ha                   = pick($neutron_advanced_config['neutron_l3_ha'], false)
+  $l3agent_failover        = $l3_ha ? { true => false, default => true}
 
   $nova_auth_user          = pick($nova_hash['user'], 'nova')
   $nova_auth_password      = $nova_hash['user_password']
@@ -59,7 +61,10 @@ if $use_neutron {
     database_max_retries             => '-1',
 
     agent_down_time                  => '30',
-    allow_automatic_l3agent_failover => true,
+    allow_automatic_l3agent_failover => $l3agent_failover,
+    l3_ha                            => $l3_ha,
+    min_l3_agents_per_router         => 2,
+    max_l3_agents_per_router         => 0,
 
     api_workers                      => $service_workers,
     rpc_workers                      => $service_workers,

deployment/puppet/osnailyfacter/modular/openstack-network/tasks.yaml

@@ -68,6 +68,7 @@
 - id: openstack-network-routers
   type: puppet
   groups: [primary-controller]
+  condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == false"
   required_for: [openstack-network-end]
   requires: [openstack-network-networks]
   parameters:
@@ -75,6 +76,20 @@
     puppet_modules: /etc/puppet/modules
     timeout: 1800
 
+# Additional task for routers when L3 HA is enabled
+# HA routers must be created on post-deployment step when all L3 agents are available
+- id: openstack-network-routers-ha
+  type: puppet
+  role: [primary-controller]
+  condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == true"
+  required_for: [post_deployment_end]
+  requires: [post_deployment_start]
+  parameters:
+    puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/routers.pp
+    puppet_modules: /etc/puppet/modules
+    timeout: 1800
+    cwd: /
+
 - id: openstack-network-agents-l3
   type: puppet
   groups: [primary-controller,controller,compute]

tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-ceph-osd.yaml

@@ -540,6 +540,7 @@ public_network_assignment:
 neutron_advanced_configuration:
   neutron_dvr: false
   neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:

tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-compute.yaml

@@ -540,6 +540,7 @@ public_network_assignment:
 neutron_advanced_configuration:
   neutron_dvr: false
   neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:

tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-primary-controller.yaml

@@ -328,6 +328,47 @@ network_metadata:
       node_roles:
         - compute
       name: node-127
+    node-128:
+      swift_zone: '1'
+      uid: '128'
+      fqdn: node-128.test.domain.local
+      network_roles:
+        keystone/api: 192.168.0.8
+        neutron/api: 192.168.0.8
+        mgmt/database: 192.168.0.8
+        sahara/api: 192.168.0.8
+        heat/api: 192.168.0.8
+        ceilometer/api: 192.168.0.8
+        ex: 172.16.0.8
+        ceph/public: 192.168.0.8
+        ceph/radosgw: 172.16.0.8
+        management: 192.168.0.8
+        swift/api: 192.168.0.8
+        mgmt/api: 192.168.0.8
+        storage: 192.168.1.8
+        mgmt/corosync: 192.168.0.8
+        cinder/api: 192.168.0.8
+        public/vip: 172.16.0.8
+        swift/replication: 192.168.1.8
+        mgmt/messaging: 192.168.0.8
+        neutron/mesh: 192.168.0.8
+        admin/pxe: 10.109.0.9
+        mongo/db: 192.168.0.8
+        neutron/private:
+        neutron/floating:
+        fw-admin: 10.109.0.9
+        glance/api: 192.168.0.8
+        mgmt/vip: 192.168.0.8
+        murano/api: 192.168.0.8
+        nova/api: 192.168.0.8
+        horizon: 192.168.0.8
+        mgmt/memcache: 192.168.0.8
+        cinder/iscsi: 192.168.1.8
+        ceph/replication: 192.168.1.8
+      user_node_name: Untitled (56:67)
+      node_roles:
+        - controller
+      name: node-128
   vips:
     vrouter:
       ipaddr: 192.168.0.6
@@ -526,6 +567,18 @@ nodes:
   swift_zone: '127'
   uid: '127'
   user_node_name: Untitled (74:27)
+- fqdn: node-128.test.domain.local
+  internal_address: 192.168.0.8
+  internal_netmask: 255.255.255.0
+  name: node-128
+  public_address: 172.16.0.8
+  public_netmask: 255.255.255.0
+  role: controller
+  storage_address: 192.168.1.8
+  storage_netmask: 255.255.255.0
+  swift_zone: '128'
+  uid: '128'
+  user_node_name: Untitled (56:67)
 nova:
   db_password: VXcP6cIR
   state_path: /var/lib/nova
@@ -561,6 +614,7 @@ public_network_assignment:
 neutron_advanced_configuration:
   neutron_dvr: false
   neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:

tests/noop/astute.yaml/neut_vlan_l3ha.ceph.ceil-primary-mongo.yaml

@@ -541,6 +541,7 @@ public_network_assignment:
 neutron_advanced_configuration:
   neutron_dvr: false
   neutron_l2_pop: false
+  neutron_l3_ha: true
 public_vip: 172.16.0.3
 public_vrouter_vip: 172.16.0.4
 puppet:

tests/noop/spec/hosts/openstack-network/routers_spec.rb

@@ -12,7 +12,25 @@ describe manifest do
         floating_net             = (neutron_config['default_floating_net'] or 'net04_ext')
         private_net              = (neutron_config['default_private_net'] or 'net04')
         default_router           = (neutron_config['default_router'] or 'router04')
+        l3_ha                    = Noop.hiera_hash('neutron_advanced_configuration', {}).fetch('neutron_l3_ha', false)
+        network_metadata         = Noop.hiera('network_metadata')
+        neutron_controller_roles = Noop.hiera('neutron_controller_nodes', ['controller', 'primary-controller'])
+        neutron_controller_nodes = Noop.puppet_function 'get_nodes_hash_by_roles', network_metadata, neutron_controller_roles
+        neutron_controllers_num  = neutron_controller_nodes.size
 
+        if (neutron_controllers_num < 2 and l3_ha)
+          context 'With L3 HA and not enough number of controllers' do
+            it 'should not create a default router' do
+              should_not contain_neutron_router(default_router)
+            end
+            it 'should not serve private network' do
+              should_not contain_neutron_router_interface("#{default_router}:#{private_net}__subnet")
+            end
+            it 'should not serve baremetal network' do
+              should_not contain_neutron_router_interface("#{default_router}:baremetal__subnet")
+            end
+          end
+        else
           context 'Default router serves tenant networks' do
             it 'should be created and serve gateway' do
               should contain_neutron_router(default_router).with(
@@ -44,5 +62,6 @@ describe manifest do
         end
       end
     end
+  end
   test_ubuntu_and_centos manifest
 end

tests/noop/spec/hosts/openstack-network/server-config_spec.rb

@@ -32,6 +32,7 @@ describe manifest do
         neutron_config   = Noop.hiera_hash('neutron_config')
         management_vip   = Noop.hiera('management_vip')
         service_endpoint = Noop.hiera('service_endpoint', management_vip)
+        l3_ha            = Noop.hiera_hash('neutron_advanced_configuration', {}).fetch('neutron_l3_ha', false)
 
         it 'database options' do
           database_vip        = Noop.hiera('database_vip')
@@ -64,13 +65,30 @@ describe manifest do
         it { should contain_class('neutron::server').with('manage_service' => 'true')}
         it { should contain_class('neutron::server').with('enabled' => 'false')} # bacause server should be started after plugin configured
         it { should contain_class('neutron::server').with('agent_down_time' => '30')}
-        it { should contain_class('neutron::server').with('allow_automatic_l3agent_failover' => 'true')}
 
         it 'dvr' do
           dvr = Noop.hiera_hash('neutron_advanced_configuration', {}).fetch('neutron_dvr', false)
           should contain_class('neutron::server').with('router_distributed' => dvr)
         end
 
+        if l3_ha
+          it 'l3_ha_enabled' do
+            should contain_class('neutron::server').with(
+              'l3_ha'                            => true,
+              'allow_automatic_l3agent_failover' => false,
+              'min_l3_agents_per_router'         => 2,
+              'max_l3_agents_per_router'         => 0,
+            )
+          end
+        else
+          it 'l3_ha_disabled' do
+            should contain_class('neutron::server').with(
+              'l3_ha'                            => false,
+              'allow_automatic_l3agent_failover' => true,
+            )
+          end
+        end
+
         it 'worker count' do
           fallback_workers = [[processorcount, 2].max, 16].min
           workers = neutron_config.fetch('workers', fallback_workers)