From 68ec29abf0f47402a71d547bdc932291d26fca28 Mon Sep 17 00:00:00 2001 From: Lucas Alvares Gomes Date: Tue, 9 Jun 2020 15:46:07 +0100 Subject: [PATCH] [OVN] Use the OVN DevStack module The DevStack module for OVN has now been moved to the DevStack repository, this patch is deletes it from the Neutron repository. Depends-On: https://review.opendev.org/#/c/748140/ Change-Id: I2c30b8130525380234d767a7cb46f9bcca2a0d6b Signed-off-by: Lucas Alvares Gomes --- devstack/lib/ovn_agent | 745 ------------------ devstack/plugin.sh | 23 - .../tasks/main.yaml | 2 +- tools/configure_for_func_testing.sh | 2 +- tools/migrate_names.txt | 1 - zuul.d/rally.yaml | 1 + zuul.d/tempest-multinode.yaml | 1 + zuul.d/tempest-singlenode.yaml | 1 + 8 files changed, 5 insertions(+), 771 deletions(-) delete mode 100644 devstack/lib/ovn_agent diff --git a/devstack/lib/ovn_agent b/devstack/lib/ovn_agent deleted file mode 100644 index c26fc852fb5..00000000000 --- a/devstack/lib/ovn_agent +++ /dev/null @@ -1,745 +0,0 @@ -#!/bin/bash -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -# Global Sources -# -------------- - -# There are some ovs functions OVN depends on that must be sourced from -# the ovs neutron plugins. After doing this, the OVN overrides must be -# re-sourced. -source ${TOP_DIR}/lib/neutron_plugins/ovs_base -source ${TOP_DIR}/lib/neutron_plugins/openvswitch_agent - -# Load devstack ovs base functions -source $NEUTRON_DIR/devstack/lib/ovs - - -# Defaults -# -------- - -# Set variables for building OVN from source -OVN_REPO=${OVN_REPO:-https://github.com/ovn-org/ovn.git} -OVN_REPO_NAME=$(basename ${OVN_REPO} | cut -f1 -d'.') -OVN_REPO_NAME=${OVN_REPO_NAME:-ovn} -OVN_BRANCH=${OVN_BRANCH:-v20.06.1} -# The commit removing OVN bits from the OVS tree, it is the commit that is not -# present in OVN tree and is used to distinguish if OVN is part of OVS or not. -# https://github.com/openvswitch/ovs/commit/05bf1dbb98b0635a51f75e268ef8aed27601401d -OVN_SPLIT_HASH=05bf1dbb98b0635a51f75e268ef8aed27601401d - -if is_service_enabled tls-proxy; then - OVN_PROTO=ssl -else - OVN_PROTO=tcp -fi - -# How to connect to ovsdb-server hosting the OVN SB database. -OVN_SB_REMOTE=${OVN_SB_REMOTE:-$OVN_PROTO:$SERVICE_HOST:6642} - -# How to connect to ovsdb-server hosting the OVN NB database -OVN_NB_REMOTE=${OVN_NB_REMOTE:-$OVN_PROTO:$SERVICE_HOST:6641} - -# ml2/config for neutron_sync_mode -OVN_NEUTRON_SYNC_MODE=${OVN_NEUTRON_SYNC_MODE:-log} - -# Configured DNS servers to be used with internal_dns extension, only -# if the subnet DNS is not configured. -OVN_DNS_SERVERS=${OVN_DNS_SERVERS:-8.8.8.8} - -# The type of OVN L3 Scheduler to use. The OVN L3 Scheduler determines the -# hypervisor/chassis where a routers gateway should be hosted in OVN. The -# default OVN L3 scheduler is leastloaded -OVN_L3_SCHEDULER=${OVN_L3_SCHEDULER:-leastloaded} - -# A UUID to uniquely identify this system. If one is not specified, a random -# one will be generated. A randomly generated UUID will be saved in a file -# 'ovn-uuid' so that the same one will be re-used if you re-run DevStack. -OVN_UUID=${OVN_UUID:-} - -# Whether or not to build the openvswitch kernel module from ovs. This is required -# unless the distro kernel includes ovs+conntrack support. -OVN_BUILD_MODULES=$(trueorfalse False OVN_BUILD_MODULES) - -# Whether or not to install the ovs python module from ovs source. This can be -# used to test and validate new ovs python features. This should only be used -# for development purposes since the ovs python version is controlled by OpenStack -# requirements. -OVN_INSTALL_OVS_PYTHON_MODULE=$(trueorfalse False OVN_INSTALL_OVS_PYTHON_MODULE) - -# GENEVE overlay protocol overhead. Defaults to 38 bytes plus the IP version -# overhead (20 bytes for IPv4 (default) or 40 bytes for IPv6) which is determined -# based on the ML2 overlay_ip_version option. The ML2 framework will use this to -# configure the MTU DHCP option. -OVN_GENEVE_OVERHEAD=${OVN_GENEVE_OVERHEAD:-38} - -# The log level of the OVN databases (north and south) -OVN_DBS_LOG_LEVEL=${OVN_DBS_LOG_LEVEL:-info} - -OVN_META_CONF=$NEUTRON_CONF_DIR/neutron_ovn_metadata_agent.ini -OVN_META_DATA_HOST=${OVN_META_DATA_HOST:-$(ipv6_unquote $SERVICE_HOST)} - -# ovsdb-server wants an IPv6 address in the quoted form, [::1] -# Initialize un-quoted to handle IPv4, but add them back if version is IPv6 -OVSDB_SERVER_LOCAL_HOST=$(ipv6_unquote $SERVICE_LOCAL_HOST) -if [[ "$SERVICE_IP_VERSION" == 6 ]]; then - OVSDB_SERVER_LOCAL_HOST=[$OVSDB_SERVER_LOCAL_HOST] -fi - -OVN_IGMP_SNOOPING_ENABLE=$(trueorfalse False OVN_IGMP_SNOOPING_ENABLE) - -OVS_PREFIX=/usr/local -OVS_SBINDIR=$OVS_PREFIX/sbin -OVS_BINDIR=$OVS_PREFIX/bin -OVS_RUNDIR=$OVS_PREFIX/var/run/openvswitch -OVS_SHAREDIR=$OVS_PREFIX/share/openvswitch -OVS_SCRIPTDIR=$OVS_SHAREDIR/scripts -OVS_DATADIR=$DATA_DIR/ovs - -OVN_DATADIR=$DATA_DIR/ovn -OVN_SHAREDIR=$OVS_PREFIX/share/ovn -OVN_SCRIPTDIR=$OVN_SHAREDIR/scripts -OVN_RUNDIR=$OVS_PREFIX/var/run/ovn - -NEUTRON_OVN_BIN_DIR=$(get_python_exec_prefix) -NEUTRON_OVN_METADATA_BINARY="neutron-ovn-metadata-agent" - -STACK_GROUP="$( id --group --name "$STACK_USER" )" - - -# Libs from source -# ---------------- - -# ovsdbapp used by neutron -GITREPO["ovsdbapp"]=${OVSDBAPP_REPO:-${GIT_BASE}/openstack/ovsdbapp.git} -GITBRANCH["ovsdbapp"]=${OVSDBAPP_BRANCH:-$TARGET_BRANCH} -GITDIR["ovsdbapp"]=$DEST/ovsdbapp - - -# Defaults Overwrite -# ------------------ - -Q_PLUGIN=${Q_PLUGIN:-"ml2"} -Q_AGENT=${Q_AGENT:-""} -Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-ovn,logger} -Q_ML2_PLUGIN_TYPE_DRIVERS=${Q_ML2_PLUGIN_TYPE_DRIVERS:-local,flat,vlan,geneve} -Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-"geneve"} -Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-"vni_ranges=1:65536"} -Q_ML2_PLUGIN_EXT_DRIVERS=${Q_ML2_PLUGIN_EXT_DRIVERS:-port_security,dns,qos} -ML2_L3_PLUGIN="ovn-router,trunk" - - -# Utility Functions -# ----------------- - -function is_kernel_module_loaded { - if lsmod | grep $1 >& /dev/null; then - return 0 - else - return 1 - fi -} - -function use_new_ovn_repository { - if [ "x$is_new_ovn" == "x" ]; then - local ovs_repo_dir=$DEST/$OVS_REPO_NAME - if [ ! -d $ovs_repo_dir ]; then - clone_repository $OVS_REPO $ovs_repo_dir $OVS_BRANCH - fi - # Check the split commit exists in the current branch - pushd $ovs_repo_dir - git log $OVS_BRANCH --pretty=format:"%H" | grep -q $OVN_SPLIT_HASH - is_new_ovn=$? - popd - fi - return $is_new_ovn -} - -# NOTE(rtheis): Function copied from DevStack _neutron_ovs_base_setup_bridge -# and _neutron_ovs_base_add_bridge with the call to neutron-ovs-cleanup -# removed. The call is not relevant for OVN, as it is specific to the use -# of Neutron's OVS agent and hangs when running stack.sh because -# neutron-ovs-cleanup uses the OVSDB native interface. -function ovn_base_setup_bridge { - local bridge=$1 - local addbr_cmd="ovs-vsctl --no-wait -- --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13,OpenFlow15" - - if [ "$OVS_DATAPATH_TYPE" != "system" ] ; then - addbr_cmd="$addbr_cmd -- set Bridge $bridge datapath_type=${OVS_DATAPATH_TYPE}" - fi - - $addbr_cmd - ovs-vsctl --no-wait br-set-external-id $bridge bridge-id $bridge -} - -function _start_process { - $SYSTEMCTL daemon-reload - $SYSTEMCTL enable $1 - $SYSTEMCTL restart $1 -} - -function _run_process { - local service=$1 - local cmd="$2" - local stop_cmd="$3" - local group=$4 - local user=${5:-$STACK_USER} - - local systemd_service="devstack@$service.service" - local unit_file="$SYSTEMD_DIR/$systemd_service" - local environment="OVN_RUNDIR=$OVS_RUNDIR OVN_DBDIR=$OVN_DATADIR OVN_LOGDIR=$LOGDIR OVS_RUNDIR=$OVS_RUNDIR OVS_DBDIR=$OVS_DATADIR OVS_LOGDIR=$LOGDIR" - - echo "Starting $service executed command": $cmd - - write_user_unit_file $systemd_service "$cmd" "$group" "$user" - iniset -sudo $unit_file "Service" "Type" "forking" - iniset -sudo $unit_file "Service" "RemainAfterExit" "yes" - iniset -sudo $unit_file "Service" "KillMode" "mixed" - iniset -sudo $unit_file "Service" "LimitNOFILE" "65536" - iniset -sudo $unit_file "Service" "Environment" "$environment" - if [ -n "$stop_cmd" ]; then - iniset -sudo $unit_file "Service" "ExecStop" "$stop_cmd" - fi - - _start_process $systemd_service - - local testcmd="test -e $OVS_RUNDIR/$service.pid" - test_with_retry "$testcmd" "$service did not start" $SERVICE_TIMEOUT 1 - sudo ovs-appctl -t $service vlog/set console:off syslog:info file:info -} - -function clone_repository { - local repo=$1 - local dir=$2 - local branch=$3 - - if [ ! -d $dir ] ; then - git_timed clone $repo $dir - pushd $dir - git checkout $branch - popd - else - # Even though the directory already exists, call git_clone to update it - # if needed based on the RECLONE option - git_clone $repo $dir $branch - fi -} - -function get_ext_gw_interface { - # Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH - # This function is copied directly from the devstack neutron-legacy script - if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then - echo $Q_PUBLIC_VETH_EX - else - # Disable in-band as we are going to use local port - # to communicate with VMs - sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \ - other_config:disable-in-band=true - echo $PUBLIC_BRIDGE - fi -} - -function create_public_bridge { - # Create the public bridge that OVN will use - # This logic is based on the devstack neutron-legacy _neutron_configure_router_v4 and _v6 - local ext_gw_ifc - ext_gw_ifc=$(get_ext_gw_interface) - - ovs-vsctl --may-exist add-br $ext_gw_ifc -- set bridge $ext_gw_ifc protocols=OpenFlow13,OpenFlow15 - ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$ext_gw_ifc - if [ -n "$FLOATING_RANGE" ]; then - local cidr_len=${FLOATING_RANGE#*/} - sudo ip addr replace $PUBLIC_NETWORK_GATEWAY/$cidr_len dev $ext_gw_ifc - fi - - # Ensure IPv6 RAs are accepted on the interface with the default route. - # This is needed for neutron-based devstack clouds to work in - # IPv6-only clouds in the gate. Please do not remove this without - # talking to folks in Infra. This fix is based on a devstack fix for - # neutron L3 agent: https://review.openstack.org/#/c/359490/. - default_route_dev=$(ip route | grep ^default | awk '{print $5}') - sudo sysctl -w net.ipv6.conf.$default_route_dev.accept_ra=2 - - sudo sysctl -w net.ipv6.conf.all.forwarding=1 - if [ -n "$IPV6_PUBLIC_RANGE" ]; then - local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/} - sudo ip -6 addr replace $IPV6_PUBLIC_NETWORK_GATEWAY/$ipv6_cidr_len dev $ext_gw_ifc - # NOTE(numans): Commenting the below code for now as this is breaking - # the CI after xenial upgrade. - # https://bugs.launchpad.net/networking-ovn/+bug/1648670 - # sudo ip -6 route replace $FIXED_RANGE_V6 via $IPV6_PUBLIC_NETWORK_GATEWAY dev $ext_gw_ifc - fi - - sudo ip link set $ext_gw_ifc up -} - -function _disable_libvirt_apparmor { - if ! sudo aa-status --enabled ; then - return 0 - fi - # NOTE(arosen): This is used as a work around to allow newer versions - # of libvirt to work with ovs configured ports. See LP#1466631. - # requires the apparmor-utils - install_package apparmor-utils - # disables apparmor for libvirtd - sudo aa-complain /etc/apparmor.d/usr.sbin.libvirtd -} - - -# OVN compilation functions -# ------------------------- - - -# compile_ovn() - Compile OVN from source and load needed modules -# Accepts three parameters: -# - first optional is False by default and means that -# modules are built and installed. -# - second optional parameter defines prefix for -# ovn compilation -# - third optional parameter defines localstatedir for -# ovn single machine runtime -function compile_ovn { - local build_modules=${1:-False} - local prefix=$2 - local localstatedir=$3 - - if [ -n "$prefix" ]; then - prefix="--prefix=$prefix" - fi - - if [ -n "$localstatedir" ]; then - localstatedir="--localstatedir=$localstatedir" - fi - - clone_repository $OVN_REPO $DEST/$OVN_REPO_NAME $OVN_BRANCH - pushd $DEST/$OVN_REPO_NAME - - if [ ! -f configure ] ; then - ./boot.sh - fi - - if [ ! -f config.status ] || [ configure -nt config.status ] ; then - ./configure --with-ovs-source=$DEST/$OVS_REPO_NAME $prefix $localstatedir - fi - make -j$(($(nproc) + 1)) - sudo make install - popd -} - - -# OVN Neutron driver functions -# ---------------------------- - -# OVN service sanity check -function ovn_sanity_check { - if is_service_enabled q-agt neutron-agt; then - die $LINENO "The q-agt/neutron-agt service must be disabled with OVN." - elif is_service_enabled q-l3 neutron-l3; then - die $LINENO "The q-l3/neutron-l3 service must be disabled with OVN." - elif is_service_enabled q-svc neutron-api && [[ ! $Q_ML2_PLUGIN_MECHANISM_DRIVERS =~ "ovn" ]]; then - die $LINENO "OVN needs to be enabled in \$Q_ML2_PLUGIN_MECHANISM_DRIVERS" - elif is_service_enabled q-svc neutron-api && [[ ! $Q_ML2_PLUGIN_TYPE_DRIVERS =~ "geneve" ]]; then - die $LINENO "Geneve needs to be enabled in \$Q_ML2_PLUGIN_TYPE_DRIVERS to be used with OVN" - fi -} - -# install_ovn() - Collect source and prepare -function install_ovn { - echo "Installing OVN and dependent packages" - - # Check the OVN configuration - ovn_sanity_check - - # If OVS is already installed, remove it, because we're about to re-install - # it from source. - for package in openvswitch openvswitch-switch openvswitch-common; do - if is_package_installed $package ; then - uninstall_package $package - fi - done - - # Install tox, used to generate the config (see devstack/override-defaults) - pip_install tox - remove_ovs_packages - sudo rm -f $OVS_RUNDIR/* - - compile_ovs $OVN_BUILD_MODULES - if use_new_ovn_repository; then - compile_ovn $OVN_BUILD_MODULES - fi - - # Ensure that the OVS commands are accessible in the PATH - OVS_BINDIR=${OVS_BINDIR:-/usr/local/bin} - export PATH=$OVS_BINDIR:$PATH - - sudo mkdir -p $OVS_RUNDIR - sudo chown $(whoami) $OVS_RUNDIR - sudo mkdir -p $OVS_PREFIX/var/log/openvswitch - sudo chown $(whoami) $OVS_PREFIX/var/log/openvswitch - sudo mkdir -p $OVS_PREFIX/var/log/ovn - sudo chown $(whoami) $OVS_PREFIX/var/log/ovn - - # Archive log files and create new - local log_archive_dir=$LOGDIR/archive - mkdir -p $log_archive_dir - for logfile in ovs-vswitchd.log ovn-northd.log ovn-controller.log ovn-controller-vtep.log ovs-vtep.log ovsdb-server.log ovsdb-server-nb.log ovsdb-server-sb.log; do - if [ -f "$LOGDIR/$logfile" ] ; then - mv "$LOGDIR/$logfile" "$log_archive_dir/$logfile.${CURRENT_LOG_TIME}" - fi - done - - # Install ovsdbapp from source if requested - if use_library_from_git "ovsdbapp"; then - git_clone_by_name "ovsdbapp" - setup_dev_lib "ovsdbapp" - fi - - # Install ovs python module from ovs source. - if [[ "$OVN_INSTALL_OVS_PYTHON_MODULE" == "True" ]]; then - sudo pip uninstall -y ovs - # Clone the OVS repository if it's not yet present - clone_repository $OVS_REPO $DEST/$OVS_REPO_NAME $OVS_BRANCH - sudo pip install -e $DEST/$OVS_REPO_NAME/python - fi -} - -function configure_ovn_plugin { - echo "Configuring Neutron for OVN" - - if is_service_enabled q-svc ; then - # NOTE(arosen) needed for tempest - export NETWORK_API_EXTENSIONS=$($PYTHON -c \ - 'from neutron.common.ovn import extensions ;\ - print(",".join(extensions.ML2_SUPPORTED_API_EXTENSIONS))') - export NETWORK_API_EXTENSIONS=$NETWORK_API_EXTENSIONS,$($PYTHON -c \ - 'from neutron.common.ovn import extensions ;\ - print(",".join(extensions.ML2_SUPPORTED_API_EXTENSIONS_OVN_L3))') - if is_service_enabled q-qos neutron-qos ; then - export NETWORK_API_EXTENSIONS="$NETWORK_API_EXTENSIONS,qos" - fi - populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_geneve max_header_size=$OVN_GENEVE_OVERHEAD - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_connection="$OVN_NB_REMOTE" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_connection="$OVN_SB_REMOTE" - if is_service_enabled tls-proxy; then - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_ca_cert="$INT_CA_DIR/ca-chain.pem" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_certificate="$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_sb_private_key="$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_ca_cert="$INT_CA_DIR/ca-chain.pem" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_certificate="$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_private_key="$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key" - fi - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn neutron_sync_mode="$OVN_NEUTRON_SYNC_MODE" - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_l3_scheduler="$OVN_L3_SCHEDULER" - populate_ml2_config /$Q_PLUGIN_CONF_FILE securitygroup enable_security_group="$Q_USE_SECGROUP" - inicomment /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver - - if is_service_enabled q-ovn-metadata-agent; then - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True - else - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=False - fi - - if is_service_enabled q-dns neutron-dns ; then - iniset $NEUTRON_CONF DEFAULT dns_domain openstackgate.local - populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn dns_servers="$OVN_DNS_SERVERS" - fi - - iniset $NEUTRON_CONF ovs igmp_snooping_enable $OVN_IGMP_SNOOPING_ENABLE - fi - - if is_service_enabled q-dhcp neutron-dhcp ; then - iniset $NEUTRON_CONF DEFAULT dhcp_agent_notification True - else - iniset $NEUTRON_CONF DEFAULT dhcp_agent_notification False - fi - - if is_service_enabled n-api-meta ; then - if is_service_enabled q-ovn-metadata-agent ; then - iniset $NOVA_CONF neutron service_metadata_proxy True - fi - fi -} - -function configure_ovn { - echo "Configuring OVN" - - if [ -z "$OVN_UUID" ] ; then - if [ -f ./ovn-uuid ] ; then - OVN_UUID=$(cat ovn-uuid) - else - OVN_UUID=$(uuidgen) - echo $OVN_UUID > ovn-uuid - fi - fi - - # Metadata - if is_service_enabled q-ovn-metadata-agent && is_service_enabled ovn-controller; then - sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR - - mkdir -p $NEUTRON_DIR/etc/neutron/plugins/ml2 - (cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh) - - cp $NEUTRON_DIR/etc/neutron_ovn_metadata_agent.ini.sample $OVN_META_CONF - configure_root_helper_options $OVN_META_CONF - - iniset $OVN_META_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL - iniset $OVN_META_CONF DEFAULT nova_metadata_host $OVN_META_DATA_HOST - iniset $OVN_META_CONF DEFAULT metadata_workers $API_WORKERS - iniset $OVN_META_CONF DEFAULT state_path $NEUTRON_STATE_PATH - iniset $OVN_META_CONF ovs ovsdb_connection unix:$OVS_RUNDIR/db.sock - iniset $OVN_META_CONF ovn ovn_sb_connection $OVN_SB_REMOTE - if is_service_enabled tls-proxy; then - iniset $OVN_META_CONF ovn \ - ovn_sb_ca_cert $INT_CA_DIR/ca-chain.pem - iniset $OVN_META_CONF ovn \ - ovn_sb_certificate $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt - iniset $OVN_META_CONF ovn \ - ovn_sb_private_key $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key - fi - fi -} - -function init_ovn { - # clean up from previous (possibly aborted) runs - # create required data files - - # Assumption: this is a dedicated test system and there is nothing important - # in the ovn, ovn-nb, or ovs databases. We're going to trash them and - # create new ones on each devstack run. - - _disable_libvirt_apparmor - - mkdir -p $OVN_DATADIR - mkdir -p $OVS_DATADIR - - rm -f $OVS_DATADIR/*.db - rm -f $OVS_DATADIR/.*.db.~lock~ - rm -f $OVN_DATADIR/*.db - rm -f $OVN_DATADIR/.*.db.~lock~ -} - -function _start_ovs { - echo "Starting OVS" - if is_service_enabled ovn-controller ovn-controller-vtep ovn-northd; then - # ovsdb-server and ovs-vswitchd are used privately in OVN as openvswitch service names. - enable_service ovsdb-server - enable_service ovs-vswitchd - - if [ ! -f $OVS_DATADIR/conf.db ]; then - ovsdb-tool create $OVS_DATADIR/conf.db $OVS_SHAREDIR/vswitch.ovsschema - fi - - if is_service_enabled ovn-controller-vtep; then - if [ ! -f $OVS_DATADIR/vtep.db ]; then - ovsdb-tool create $OVS_DATADIR/vtep.db $OVS_SHAREDIR/vtep.ovsschema - fi - fi - - local dbcmd="$OVS_SBINDIR/ovsdb-server --remote=punix:$OVS_RUNDIR/db.sock --remote=ptcp:6640:$OVSDB_SERVER_LOCAL_HOST --pidfile --detach --log-file" - dbcmd+=" --remote=db:Open_vSwitch,Open_vSwitch,manager_options" - if is_service_enabled ovn-controller-vtep; then - dbcmd+=" --remote=db:hardware_vtep,Global,managers $OVS_DATADIR/vtep.db" - fi - dbcmd+=" $OVS_DATADIR/conf.db" - _run_process ovsdb-server "$dbcmd" - - echo "Configuring OVSDB" - if is_service_enabled tls-proxy; then - ovs-vsctl --no-wait set-ssl \ - $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \ - $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt \ - $INT_CA_DIR/ca-chain.pem - fi - ovs-vsctl --no-wait set open_vswitch . system-type="devstack" - ovs-vsctl --no-wait set open_vswitch . external-ids:system-id="$OVN_UUID" - ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-remote="$OVN_SB_REMOTE" - ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-bridge="br-int" - ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-type="geneve" - ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$HOST_IP" - # Select this chassis to host gateway routers - if [[ "$ENABLE_CHASSIS_AS_GW" == "True" ]]; then - ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-cms-options="enable-chassis-as-gw" - fi - - # Note: ovn-controller will create and configure br-int once it is started. - # So, no need to create it now because nothing depends on that bridge here. - - local ovscmd="$OVS_SBINDIR/ovs-vswitchd --log-file --pidfile --detach" - _run_process ovs-vswitchd "$ovscmd" "" "$STACK_GROUP" "root" - - if is_provider_network || [[ $Q_USE_PROVIDERNET_FOR_PUBLIC == "True" ]]; then - ovn_base_setup_bridge $OVS_PHYSICAL_BRIDGE - ovs-vsctl set open . external-ids:ovn-bridge-mappings=${PHYSICAL_NETWORK}:${OVS_PHYSICAL_BRIDGE} - fi - - if is_service_enabled ovn-controller-vtep ; then - ovn_base_setup_bridge br-v - vtep-ctl add-ps br-v - vtep-ctl set Physical_Switch br-v tunnel_ips=$HOST_IP - - enable_service ovs-vtep - local vtepcmd="$OVS_SCRIPTDIR/ovs-vtep --log-file --pidfile --detach br-v" - _run_process ovs-vtep "$vtepcmd" "" "$STACK_GROUP" "root" - - vtep-ctl set-manager tcp:$HOST_IP:6640 - fi - fi - - cd $_pwd -} - -function _start_ovn_services { - _start_process "devstack@ovsdb-server.service" - _start_process "devstack@ovs-vswitchd.service" - - if is_service_enabled ovs-vtep ; then - _start_process "devstack@ovs-vtep.service" - fi - if is_service_enabled ovn-northd ; then - _start_process "devstack@ovn-northd.service" - fi - if is_service_enabled ovn-controller ; then - _start_process "devstack@ovn-controller.service" - fi - if is_service_enabled ovn-controller-vtep ; then - _start_process "devstack@ovn-controller-vtep.service" - fi - if is_service_enabled q-ovn-metadata-agent; then - _start_process "devstack@q-ovn-metadata-agent.service" - fi -} - -# start_ovn() - Start running processes, including screen -function start_ovn { - echo "Starting OVN" - - _start_ovs - - local SCRIPTDIR=$OVN_SCRIPTDIR - if ! use_new_ovn_repository; then - SCRIPTDIR=$OVS_SCRIPTDIR - fi - - if is_service_enabled ovn-northd ; then - if is_service_enabled tls-proxy; then - local tls_args="\ - --ovn-nb-db-ssl-ca-cert=$INT_CA_DIR/ca-chain.pem \ - --ovn-nb-db-ssl-cert=$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt \ - --ovn-nb-db-ssl-key=$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \ - --ovn-sb-db-ssl-ca-cert=$INT_CA_DIR/ca-chain.pem \ - --ovn-sb-db-ssl-cert=$INT_CA_DIR/$DEVSTACK_CERT_NAME.crt \ - --ovn-sb-db-ssl-key=$INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key \ - " - else - local tls_args="" - fi - local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor $tls_args start_northd" - local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_northd" - - _run_process ovn-northd "$cmd" "$stop_cmd" - ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000 - ovn-sbctl --db=unix:$OVS_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000 - sudo ovs-appctl -t $OVS_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL - sudo ovs-appctl -t $OVS_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL - fi - - if is_service_enabled ovn-controller ; then - local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_controller" - local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_controller" - - _run_process ovn-controller "$cmd" "$stop_cmd" "$STACK_GROUP" "root" - fi - - if is_service_enabled ovn-controller-vtep ; then - local cmd="$OVS_BINDIR/ovn-controller-vtep --log-file --pidfile --detach --ovnsb-db=$OVN_SB_REMOTE" - - _run_process ovn-controller-vtep "$cmd" "" "$STACK_GROUP" "root" - fi - - if is_service_enabled q-ovn-metadata-agent; then - run_process q-ovn-metadata-agent "$NEUTRON_OVN_BIN_DIR/$NEUTRON_OVN_METADATA_BINARY --config-file $OVN_META_CONF" - # Format logging - setup_logging $OVN_META_CONF - fi - - # NOTE(lucasagomes): To keep things simpler, let's reuse the same - # RUNDIR for both OVS and OVN. This way we avoid having to specify the - # --db option in the ovn-{n,s}bctl commands while playing with DevStack - if use_new_ovn_repository; then - sudo ln -s $OVS_RUNDIR $OVN_RUNDIR - fi - - _start_ovn_services -} - -function _stop_ovs_dp { - sudo ovs-dpctl dump-dps | sudo xargs -n1 ovs-dpctl del-dp - is_kernel_module_loaded vport_geneve && sudo rmmod vport_geneve - is_kernel_module_loaded vport_vxlan && sudo rmmod vport_vxlan - is_kernel_module_loaded openvswitch && sudo rmmod openvswitch -} - -function stop_ovn { - if is_service_enabled q-ovn-metadata-agent; then - sudo pkill -9 -f haproxy || : - stop_process neutron-ovn-metadata-agent - fi - if is_service_enabled ovn-controller-vtep ; then - stop_process ovn-controller-vtep - fi - if is_service_enabled ovn-controller ; then - stop_process ovn-controller - fi - if is_service_enabled ovn-northd ; then - stop_process ovn-northd - fi - if is_service_enabled ovs-vtep ; then - stop_process ovs-vtep - fi - - stop_process ovs-vswitchd - stop_process ovsdb-server - - _stop_ovs_dp -} - -function _cleanup { - local path=${1:-$DEST/$OVN_REPO_NAME} - pushd $path - cd $path - sudo make uninstall - sudo make distclean - popd -} - -# cleanup_ovn() - Remove residual data files, anything left over from previous -# runs that a clean run would need to clean up -function cleanup_ovn { - local ovn_path=$DEST/$OVN_REPO_NAME - local ovs_path=$DEST/$OVS_REPO_NAME - - if [ -d $ovn_path ]; then - _cleanup $ovn_path - fi - - if [ -d $ovs_path ]; then - _cleanup $ovs_path - fi - - sudo rm -f $OVN_RUNDIR -} - -function neutron_plugin_create_nova_conf { - : -} diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 71dd93b6ee2..41a756b05df 100644 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -40,11 +40,6 @@ if [[ "$1" == "stack" ]]; then load_conntrack_gre_module start_new_ovs fi - if is_ovn_enabled; then - install_ovn - configure_ovn - init_ovn - fi ;; post-config) if is_service_enabled neutron-tag-ports-during-bulk-creation; then @@ -113,25 +108,12 @@ if [[ "$1" == "stack" ]]; then if is_service_enabled q-port-forwarding neutron-port-forwarding; then configure_port_forwarding fi - configure_ovn_plugin - start_ovn fi ;; extra) if is_service_enabled q-sriov-agt neutron-sriov-agent; then start_l2_agent_sriov fi - - if is_ovn_enabled; then - if [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]]; then - if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" != "True" ]]; then - echo "OVN_L3_CREATE_PUBLIC_NETWORK=True is being ignored because" - echo "NEUTRON_CREATE_INITIAL_NETWORKS is set to False" - else - create_public_bridge - fi - fi - fi if is_service_enabled br-ex-tcpdump ; then # tcpdump monitor on br-ex for ARP, reverse ARP and ICMP v4 / v6 packets sudo ip link set dev $PUBLIC_BRIDGE up @@ -151,9 +133,4 @@ elif [[ "$1" == "unstack" ]]; then [[ "$Q_BUILD_OVS_FROM_GIT" == "True" ]]; then stop_new_ovs fi - - if is_ovn_enabled; then - stop_ovn - cleanup_ovn - fi fi diff --git a/roles/configure_functional_tests/tasks/main.yaml b/roles/configure_functional_tests/tasks/main.yaml index 66242845637..8b19f9bfbb5 100644 --- a/roles/configure_functional_tests/tasks/main.yaml +++ b/roles/configure_functional_tests/tasks/main.yaml @@ -18,7 +18,7 @@ source $DEVSTACK_PATH/functions source $NEUTRON_DIR/devstack/lib/ovs - source $NEUTRON_DIR/devstack/lib/ovn_agent + source $DEVSTACK_PATH/lib/neutron_plugins/ovn_agent source $NEUTRON_DIR/tools/configure_for_func_testing.sh configure_host_for_func_testing diff --git a/tools/configure_for_func_testing.sh b/tools/configure_for_func_testing.sh index 96026ce07b1..093dbd1e374 100755 --- a/tools/configure_for_func_testing.sh +++ b/tools/configure_for_func_testing.sh @@ -111,7 +111,7 @@ function _install_base_deps { install_package $PACKAGES source $NEUTRON_DIR/devstack/lib/ovs - source $NEUTRON_DIR/devstack/lib/ovn_agent + source $DEVSTACK_PATH/lib/neutron_plugins/ovn_agent echo_summary "OVN_BRANCH: ${OVN_BRANCH} OVS_BRANCH: ${OVS_BRANCH}" compile_ovs False /usr /var compile_ovn False /usr /var diff --git a/tools/migrate_names.txt b/tools/migrate_names.txt index e46aa802d8b..4f4e3f90bfb 100644 --- a/tools/migrate_names.txt +++ b/tools/migrate_names.txt @@ -15,7 +15,6 @@ # # Networking-OVN Neutron -devstack/lib/ovn devstack/lib/ovn_agent doc/source/admin/refarch doc/source/admin/ovn/refarch doc/source/contributor/design doc/source/contributor/internals/ovn networking_ovn/ovn_db_sync.py neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py diff --git a/zuul.d/rally.yaml b/zuul.d/rally.yaml index 9105e335ca1..021c247f210 100644 --- a/zuul.d/rally.yaml +++ b/zuul.d/rally.yaml @@ -69,6 +69,7 @@ q-dns: true devstack_localrc: Q_AGENT: ovn + ML2_L3_PLUGIN: ovn-router,trunk Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger Q_ML2_TENANT_NETWORK_TYPE: geneve USE_PYTHON3: true diff --git a/zuul.d/tempest-multinode.yaml b/zuul.d/tempest-multinode.yaml index 5126abf89a4..3f7ffa12a6b 100644 --- a/zuul.d/tempest-multinode.yaml +++ b/zuul.d/tempest-multinode.yaml @@ -125,6 +125,7 @@ is_igmp_snooping_enabled: True devstack_localrc: Q_AGENT: ovn + ML2_L3_PLUGIN: ovn-router,trunk Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger Q_ML2_TENANT_NETWORK_TYPE: geneve Q_USE_PROVIDERNET_FOR_PUBLIC: true diff --git a/zuul.d/tempest-singlenode.yaml b/zuul.d/tempest-singlenode.yaml index 038762ac46b..ee345798ef2 100644 --- a/zuul.d/tempest-singlenode.yaml +++ b/zuul.d/tempest-singlenode.yaml @@ -220,6 +220,7 @@ is_igmp_snooping_enabled: True devstack_localrc: Q_AGENT: ovn + ML2_L3_PLUGIN: ovn-router,trunk Q_ML2_PLUGIN_MECHANISM_DRIVERS: ovn,logger Q_ML2_PLUGIN_TYPE_DRIVERS: local,flat,vlan,geneve Q_ML2_TENANT_NETWORK_TYPE: geneve