diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 679a951e6c..6339a8857e 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -441,6 +441,7 @@ enable_mongodb: "no" enable_multipathd: "no" enable_murano: "no" enable_neutron_vpnaas: "no" +enable_neutron_sriov: "no" enable_neutron_dvr: "no" enable_neutron_lbaas: "no" enable_neutron_fwaas: "no" diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 1f2d2e0e24..2ea00a1684 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -121,6 +121,17 @@ neutron_services: - "/etc/localtime:/etc/localtime:ro" - "/run:/run:shared" - "kolla_logs:/var/log/kolla/" + neutron-sriov-agent: + container_name: "neutron_sriov_agent" + image: "{{ neutron_sriov_agent_image_full }}" + privileged: True + enabled: "{{ enable_neutron_sriov | bool and neutron_plugin_agent != 'vmware_nsxv' }}" + host_in_groups: "{{ inventory_hostname in groups['compute'] }}" + volumes: + - "{{ node_config_directory }}/neutron-sriov-agent/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "/run:/run:shared" + - "kolla_logs:/var/log/kolla/" neutron-metadata-agent: container_name: "neutron_metadata_agent" image: "{{ neutron_metadata_agent_image_full }}" @@ -190,6 +201,10 @@ neutron_lbaas_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' neutron_lbaas_agent_tag: "{{ neutron_tag }}" neutron_lbaas_agent_image_full: "{{ neutron_lbaas_agent_image }}:{{ neutron_lbaas_agent_tag }}" +neutron_sriov_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-sriov-agent" +neutron_sriov_agent_tag: "{{ neutron_tag }}" +neutron_sriov_agent_image_full: "{{ neutron_sriov_agent_image }}:{{ neutron_sriov_agent_tag }}" + neutron_linuxbridge_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-linuxbridge-agent" neutron_linuxbridge_agent_tag: "{{ neutron_tag }}" neutron_linuxbridge_agent_image_full: "{{ neutron_linuxbridge_agent_image }}:{{ neutron_linuxbridge_agent_tag }}" diff --git a/ansible/roles/neutron/handlers/main.yml b/ansible/roles/neutron/handlers/main.yml index 04c4db4c61..74c39cfbaa 100644 --- a/ansible/roles/neutron/handlers/main.yml +++ b/ansible/roles/neutron/handlers/main.yml @@ -219,6 +219,31 @@ or policy_json | changed or neutron_lbaas_agent_container | changed +- name: Restart neutron-sriov-agent container + vars: + service_name: "neutron-sriov-agent" + service: "{{ neutron_services[service_name] }}" + config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + neutron_conf: "{{ neutron_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + neutron_sriov_agent_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + privileged: "{{ service.privileged | default(False) }}" + when: + - action != "config" + - service.enabled | bool + - service.host_in_groups | bool + - config_json | changed + or neutron_conf | changed + or neutron_sriov_agent_ini | changed + or policy_json | changed + or neutron_sriov_agent_container | changed + - name: Restart neutron-metadata-agent container vars: service_name: "neutron-metadata-agent" diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index f44353947e..596eea1913 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -56,6 +56,7 @@ - "neutron-lbaas-agent" - "neutron-vpnaas-agent" - "neutron-bgp-dragent" + - "neutron-sriov-agent" merge_configs: sources: - "{{ role_path }}/templates/neutron.conf.j2" @@ -167,6 +168,23 @@ notify: - "Restart {{ item.key }} container" +- name: Copying over sriov_agent.ini + vars: + service_name: "neutron-sriov-agent" + neutron_sriov_agent: "{{ neutron_services[service_name] }}" + merge_configs: + sources: + - "{{ role_path }}/templates/sriov_agent.ini.j2" + - "{{ node_custom_config }}/neutron/sriov_agent.ini" + - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/sriov_agent.ini" + dest: "{{ node_config_directory }}/{{ service_name }}/sriov_agent.ini" + register: neutron_sriov_agent_ini + when: + - neutron_sriov_agent.enabled | bool + - neutron_sriov_agent.host_in_groups | bool + notify: + - "Restart {{ service_name }} container" + - name: Copying over dhcp_agent.ini become: true vars: @@ -357,6 +375,7 @@ - "neutron-lbaas-agent" - "neutron-vpnaas-agent" - "neutron-bgp-dragent" + - "neutron-sriov-agent" template: src: "{{ node_custom_config }}/neutron/policy.json" dest: "{{ node_config_directory }}/{{ service_name }}/policy.json" diff --git a/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 new file mode 100644 index 0000000000..52cb2be8a0 --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 @@ -0,0 +1,36 @@ +{ + "command": "neutron-sriov-nic-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/sriov_agent.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/sriov_agent.ini", + "dest": "/etc/neutron/plugins/ml2/sriov_agent.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true + } + ], + "permissions": [ + { + "path": "/var/log/kolla/neutron", + "owner": "neutron:neutron", + "recurse": true + }, + { + "path": "/var/lib/neutron/kolla", + "owner": "neutron:neutron", + "recurse": true + } + ] +} diff --git a/ansible/roles/neutron/templates/sriov_agent.ini.j2 b/ansible/roles/neutron/templates/sriov_agent.ini.j2 new file mode 100644 index 0000000000..856e85df9a --- /dev/null +++ b/ansible/roles/neutron/templates/sriov_agent.ini.j2 @@ -0,0 +1,13 @@ +[sriov_nic] +# 'physical_device_mappings' is a comma separated list +# Maps a physical network to network inferface used for SRIOV +# "sriovnet1" and tunnel_interface used here as placeholders +# This template should be modified for specific environments +# See Official OpenStack SRIOV documentation for all available options +physical_device_mappings = sriovnet1:{{ tunnel_interface }} +exclude_devices = + +[securitygroup] +# Security groups are not supported when using SRIOV, so the firewall +# driver must be disabled. +firewall_driver = neutron.agent.firewall.NoopFirewallDriver diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 93d6495997..46836e7154 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -207,6 +207,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_neutron_qos: "no" #enable_neutron_agent_ha: "no" #enable_neutron_vpnaas: "no" +#enable_neutron_sriov: "no" #enable_neutron_sfc: "no" #enable_nova_fake: "no" #enable_nova_serialconsole_proxy: "no" diff --git a/releasenotes/notes/add-neutron-sriov-agent-131816aa1b32874b.yaml b/releasenotes/notes/add-neutron-sriov-agent-131816aa1b32874b.yaml new file mode 100644 index 0000000000..c46fd8789a --- /dev/null +++ b/releasenotes/notes/add-neutron-sriov-agent-131816aa1b32874b.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Add Neutron SRIOV agent container + The Neutron SRIOV agent changed from optional to required + in the Mitaka release. This container runs on compute + nodes to enable the use of Neutron SRIOV.