Merge "Split out OVS/Linuxbridge agent configs from ml2_conf.ini"

This commit is contained in:
Zuul 2019-11-27 18:14:42 +00:00 committed by Gerrit Code Review
commit 734e86a02f
12 changed files with 146 additions and 97 deletions

View File

@ -349,18 +349,35 @@ openstack_neutron_auth: "{{ openstack_auth }}"
neutron_l3_agent_host_rp_filter_mode: 0
####################
# Mechanism drivers
####################
mechanism_drivers:
- name: "linuxbridge"
enabled: "{{ neutron_plugin_agent == 'linuxbridge' }}"
- name: "openvswitch"
enabled: "{{ neutron_plugin_agent == 'openvswitch' }}"
- name: "hyperv"
enabled: "{{ enable_hyperv | bool }}"
- name: "baremetal"
enabled: "{{ enable_ironic_neutron_agent | bool }}"
- name: "l2population"
enabled: "{{ not enable_hyperv | bool }}"
neutron_mechanism_drivers: "{{ mechanism_drivers | selectattr('enabled', 'equalto', true) | list }}"
####################
# Extension drivers
####################
extension_drivers:
- name: "qos"
enabled: "{{ enable_neutron_qos | bool }}"
enabled: "{{ enable_neutron_qos | bool and not enable_hyperv | bool }}"
- name: "port_security"
enabled: true
- name: "dns"
enabled: "{{ enable_designate | bool }}"
enabled: "{{ enable_designate | bool and not enable_hyperv | bool }}"
- name: "sfc"
enabled: "{{ enable_neutron_sfc | bool }}"
enabled: "{{ enable_neutron_sfc | bool and not enable_hyperv | bool }}"
neutron_extension_drivers: "{{ extension_drivers | selectattr('enabled', 'equalto', true) | list }}"

View File

@ -42,16 +42,16 @@
notify:
- Restart fake neutron-openvswitch-agent container
- name: Copying over ml2_conf.ini
- name: Copying over openvswitch_agent.ini
become: true
vars:
service_name: "{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/ml2_conf.ini.j2"
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron.conf"
dest: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}/ml2_conf.ini"
- "{{ role_path }}/templates/openvswitch_agent.ini.j2"
- "{{ node_custom_config }}/neutron/openvswitch_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/openvswitch_agent.ini"
dest: "{{ node_config_directory }}/neutron-openvswitch-agent-fake-{{ item }}/openvswitch_agent.ini"
mode: "0660"
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when:

View File

@ -107,8 +107,6 @@
vars:
service_name: "{{ item.key }}"
services_need_ml2_conf_ini:
- "neutron-linuxbridge-agent"
- "neutron-openvswitch-agent"
- "neutron-infoblox-ipam-agent"
- "neutron-server"
merge_configs:
@ -126,29 +124,67 @@
notify:
- "Restart {{ item.key }} container"
- name: Copying over ml2_conf.ini for XenAPI
- name: Copying over linuxbridge_agent.ini
become: true
vars:
service_name: "{{ item.key }}"
services_need_ml2_conf_ini:
- "neutron-openvswitch-agent-xenapi"
service_name: "neutron-linuxbridge-agent"
merge_configs:
sources:
- "{{ role_path }}/templates/linuxbridge_agent.ini.j2"
- "{{ node_custom_config }}/neutron/linuxbridge_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/linuxbridge_agent.ini"
# TODO(mnasiadka): Remove in V - left to not break existing deployments
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/linuxbridge_agent.ini"
mode: "0660"
when:
- neutron_services[service_name].enabled | bool
- neutron_services[service_name].host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over openvswitch_agent.ini
become: true
vars:
service_name: "neutron-openvswitch-agent"
merge_configs:
sources:
- "{{ role_path }}/templates/openvswitch_agent.ini.j2"
- "{{ node_custom_config }}/neutron/openvswitch_agent.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/openvswitch_agent.ini"
# TODO(mnasiadka): Remove in V - left to not break existing deployments
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/openvswitch_agent.ini"
mode: "0660"
when:
- neutron_services[service_name].enabled | bool
- neutron_services[service_name].host_in_groups | bool
notify:
- "Restart {{ service_name }} container"
- name: Copying over openvswitch_agent.ini for XenAPI
become: true
vars:
service_name: "neutron-openvswitch-agent-xenapi"
os_xenapi_variables: "{{ lookup('file', xenapi_facts_root + '/' + inventory_hostname + '/' + xenapi_facts_file) | from_json }}"
merge_configs:
sources:
- "{{ role_path }}/templates/ml2_conf.ini.j2"
- "{{ role_path }}/templates/ml2_conf_xenapi.ini.j2"
- "{{ role_path }}/templates/openvswitch_agent_xenapi.ini.j2"
- "{{ node_custom_config }}/neutron/openvswitch_agent_xenapi.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/openvswitch_agent_xenapi.ini"
- "{{ node_custom_config }}/neutron/{{ service_name }}/openvswitch_agent_xenapi.ini"
# TODO(mnasiadka): Remove in V - left to not break existing deployments
- "{{ node_custom_config }}/neutron/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/ml2_conf.ini"
- "{{ node_custom_config }}/neutron/{{ service_name }}/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ service_name }}/openvswitch_agent.ini"
mode: "0660"
when:
- item.key in services_need_ml2_conf_ini
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
- neutron_services[service_name].enabled | bool
- neutron_services[service_name].host_in_groups | bool
notify:
- "Restart {{ item.key }} container"
- "Restart {{ service_name }} container"
- name: Copying over sriov_agent.ini
vars:

View File

@ -0,0 +1,15 @@
[agent]
{% if neutron_agent_extensions %}
extensions = {{ neutron_agent_extensions|map(attribute='name')|join(',') }}
{% endif %}
[linux_bridge]
physical_interface_mappings = physnet1:{{ neutron_external_interface }}
[security_group]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
l2_population = true
local_ip = {{ tunnel_interface_address }}
arp_responder = true

View File

@ -3,25 +3,14 @@
# Changing type_drivers after bootstrap can lead to database inconsistencies
type_drivers = {{ neutron_type_drivers }}
tenant_network_types = {{ neutron_tenant_network_types }}
{% if tunnel_address_family == 'ipv6' %}
overlay_ip_version = 6
{% endif %}
{% if neutron_plugin_agent == "openvswitch" %}
{% if enable_hyperv | bool %}
mechanism_drivers = openvswitch,hyperv
{% else %}
mechanism_drivers = openvswitch,{% if enable_ironic_neutron_agent | bool %}baremetal,{% endif %}l2population
{% if neutron_mechanism_drivers %}
mechanism_drivers = {{ neutron_mechanism_drivers | map(attribute='name') | join(',') }}
{% endif %}
{% elif neutron_plugin_agent == "linuxbridge" %}
mechanism_drivers = linuxbridge,l2population
{% endif %}
{% if neutron_extension_drivers %}
extension_drivers = {{ neutron_extension_drivers | map(attribute='name') | join(',') }}
{% elif enable_hyperv | bool %}
extension_drivers = port_security
{% endif %}
[ml2_type_vlan]
@ -40,49 +29,3 @@ flat_networks = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
{% if neutron_plugin_agent == "openvswitch" %}
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
{% elif neutron_plugin_agent == "linuxbridge" %}
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
{% endif %}
{% if neutron_plugin_agent == "openvswitch" %}
[agent]
tunnel_types = vxlan
{% if nova_compute_virt_type != 'xenapi' %}
l2_population = true
{% endif %}
arp_responder = true
{% if enable_neutron_dvr | bool %}
enable_distributed_routing = True
{% endif %}
{% if neutron_agent_extensions %}
extensions = {{ neutron_agent_extensions|map(attribute='name')|join(',') }}
{% endif %}
[ovs]
{% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and computes_need_external_bridge | bool ) %}
bridge_mappings = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}
{# NOTE: newline above is required for correct config generation. Do not remove. #}
datapath_type = {{ ovs_datapath }}
ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }}
{% if enable_nova_fake | bool %}
integration_bridge = br-int-{{ item }}
{% endif %}
{% elif neutron_plugin_agent == "linuxbridge" %}
[linux_bridge]
physical_interface_mappings = physnet1:{{ neutron_external_interface }}
[vxlan]
l2_population = true
{% endif %}
{% if inventory_hostname in groups["network"] or inventory_hostname in groups["compute"] %}
local_ip = {{ tunnel_interface_address }}
{% endif %}

View File

@ -1,5 +1,5 @@
{
"command": "neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini",
"command": "neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
@ -8,8 +8,8 @@
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"source": "{{ container_config_directory }}/linuxbridge_agent.ini",
"dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
"owner": "neutron",
"perm": "0600"
},

View File

@ -1,5 +1,5 @@
{
"command": "neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini",
"command": "neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
@ -8,8 +8,8 @@
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"source": "{{ container_config_directory }}/openvswitch_agent.ini",
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
},

View File

@ -1,5 +1,5 @@
{
"command": "neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini",
"command": "neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
@ -8,8 +8,8 @@
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"source": "{{ container_config_directory }}/openvswitch_agent.ini",
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
},

View File

@ -0,0 +1,25 @@
#jinja2: trim_blocks: False
[agent]
tunnel_types = vxlan
l2_population = true
arp_responder = true
{% if enable_neutron_dvr | bool %}
enable_distributed_routing = True
{% endif %}
{% if neutron_agent_extensions %}
extensions = {{ neutron_agent_extensions|map(attribute='name')|join(',') }}
{% endif %}
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
{% if inventory_hostname in groups["network"] or (inventory_hostname in groups["compute"] and computes_need_external_bridge | bool ) %}
bridge_mappings = {% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}
datapath_type = {{ ovs_datapath }}
ovsdb_connection = tcp:127.0.0.1:{{ ovsdb_port }}
local_ip = {{ tunnel_interface_address }}
{% if enable_nova_fake | bool %}
integration_bridge = br-int-{{ item }}
{% endif %}

View File

@ -1,4 +1,3 @@
# ml2_conf.ini
[DEFAULT]
# Use service_name as the log file name for neutron-openvswitch-agent-xenapi,
# so that it will use a different log file from neutron-openvswitch-agent.

View File

@ -50,7 +50,7 @@ When using Open vSwitch on a compatible kernel (4.3+ upstream, consult the
documentation of your distribution for support details), you can switch
to using the native OVS firewall driver by employing a configuration override
(see :ref:`service-config`). You can set it in
``/etc/kolla/config/neutron/ml2_conf.ini``:
``/etc/kolla/config/neutron/openvswitch_agent.ini``:
.. code-block:: ini

View File

@ -0,0 +1,14 @@
---
upgrade:
- |
Neutron Linux bridge and Open vSwitch Agents config has been split out into
linuxbridge_agent.ini and openvswitch_agent.ini respectively.
Please move your custom service config from ml2_conf.ini into those files.
deprecations:
- |
Customizing Neutron Linux bridge and Open vSwitch Agents config via ml2_conf.ini
is deprecated. The config has been split out for these agents into
linuxbridge_agent.ini and openvswitch_agent.ini respectively.
In this release (Ussuri) custom service config ml2_conf.ini overrides will still
be used when merging configs - but that functionality will be removed
in V release.