54 Commits

Author SHA1 Message Date
Arnau Verdaguer
2869d008e2 [OVN][Migration] More robust checks on stop-agents
On OSP17 there are some ml2 ovs services that are not
present on some computes eventhought is defined on the
ansible service facts.

This patch will ensure that only those services that are
actually running will be stopped.

Change-Id: I94f0832d09d263837262ada109a567e864915a1a
2022-04-27 10:07:33 +02:00
Zuul
720a1c3de9 Merge "ovn migration: Turn validations off by default" 2022-04-25 12:54:39 +00:00
Zuul
da44b19aac Merge "ovn migration: Fix check for stack name" 2022-04-22 14:29:02 +00:00
Jakub Libosvar
5f2eaadf40 [ovn][migration] Support migration to OVN from iptables firewall
Before this patch, when migrating from ML2/OVS to ML2/OVN, we
removed the VIF details that are not used by OVN. However, this
changes how the VIFs are plugged if the hybrid iptables firewall
was used.

In order to not break the migration, we want to keep whatever
plugging was used in ML2/OVS. For this reason, this patch is
leaving the VIF details untouched.

The consequence is that, after migration, whatever workloads
used the hybrid plugging will remain like that. Newly created
VIFs will be plugged to the OVS bridge directly. As a result,
the migration to OVN won't require moving to the OVS firewall
first while in ML2/OVS.

This patch is also removing the constraint that prevented the
migration if the hybrid firewall was used.

Signed-off-by: Daniel Alvarez Sanchez <dalvarez@redhat.com>
Change-Id: Iad4fae7af54cc502ac0ba02a911cdd4fefa13535
2022-04-19 18:41:09 +00:00
ccf8e71efa ovn migration: Fix check for stack name
[1] Updated the migration script to check for config-download
directory instead of stack, but missed update the Error
message.

check_stack function is renamed to check_source_inventory
as now it only checks for source inventory instead of heat
stack.
If source inventory file doesn't exist the script
will report Error message and exit.

This is follow up of [1].

[1] https://review.opendev.org/c/openstack/neutron/+/834925

Related-Bug: #1966099
Change-Id: I2416fba50fc495da4d59a3f335f33d831ca6e91d
2022-04-12 17:13:37 +05:30
Zuul
808972410a Merge "ovn migration: Remove usage of tripleo-ansible-inventory" 2022-03-25 18:50:49 +00:00
Zuul
1aa36e7a3c Merge "[OVN][migration] Clean sg- and fg- interfaces" 2022-03-23 18:49:33 +00:00
Jakub Libosvar
0baf8841ee ovn migration: Turn validations off by default
The validation is intended mostly for tests and don't make much sense
when running the migration in production because likely there are
already running workloads. This patch changes the default to False so
migration validation must be explicitly asked for.

Change-Id: I5470f61a5e0b55bf682526208c3f57dc0ca6ffd5
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-03-23 13:35:21 -04:00
Jakub Libosvar
5b2fd1f830 ovn migration: Remove usage of tripleo-ansible-inventory
tripleo-ansible-inventory stopped working in Wallaby. However, TripleO
now stores the needed ansible-inventory on the undercloud filesystem.
This patch switches from dynamic generation of the Ansible inventory to
use of the already existing inventory file. Fortunately, the format of
the file remained the same as the generated one, so no other changes in
parsing are required.

Closes-Bug: #1966099

Change-Id: I3bdf878617fbe962d56ebb66d59ae7edeb9b7c38
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-03-23 12:28:45 -04:00
Jakub Libosvar
0529ccdf71 ovn migration: Don't use executables in /tmp/
It's a common practice to have /tmp/ mounted separately with noexec
option. This effectively means no scripts can be executed from the
filesystem mounted to /tmp.

This patch explicitly calls sh binary to execute scripts from /tmp and
removes the executable flag from the scripts.

Closes-Bug: #1965183

Change-Id: I2f9cd67979a8a75848fcdd7a8c3bb56dd3590473
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-03-16 20:44:20 +00:00
Arnau Verdaguer
25350b2492 [OVN][migration] Clean sg- and fg- interfaces
During the clone-br-int the interfaces sg- (SNAT)
and the interfaces fg- (FIP) are cloned. But this
is not necessary, since this kind of interfaces
are useless on OVN (OVN uses OpenFlow).

Change-Id: I3cd74d1d4fca9add50b0700a82b8e8a16140f085
2022-03-16 15:33:31 +01:00
Eduardo Olivares
480c643dd9 [ovn-migration] Add debug information to create-resources.sh.j2 scripts
Port status, server status and server console log output are printed
when the create-resources.sh script fails during the OVN migration
Example: OVN migration fails because SSH connection is not possible,
after ping successfully replied - probably a metadata issue and having
the console logs could help to identify it

Change-Id: I83e55203907526caf44ba34cd38241eccf70adb3
2022-03-04 08:58:05 +00:00
Arnau Verdaguer
5ee94a5b9b [ OVN ][Migration] Reload systemctl daemon after removal
After stopping and deleting the services if this role is runned
again it could fail bc systemd has still some ovs services loaded
(eventhough the service is stopped) this will cause that ansible
will try to delete again and fail while trying to disable and
delete the service.

Change-Id: If51d7f25375768f8c60492c84d84e91d91886025
2022-03-02 12:35:42 +01:00
Arnau Verdaguer
9fcf42d3d5 [OVN] Check if exists trunk ports before cleanup
While migrating from OVS to OVN one of the steps of the migration
is clean all the OVS trunk ports, this will fail if the environment
does not have any trunk ports configured.

This will do a comprovation in order to know if it's necessary
to clean them or not.

Also, since this playbook it will only clean the ovn interfaces
it is not necessary to stop the whole migration. If any error
occured while deleting any ovs interface a message will be
printed so the user can take action if necessary.

Change-Id: I6ec0b392b13daa9f64e051fb12b4b97a6c0a1730
2022-02-03 10:49:02 +01:00
Zuul
5ee2f12929 Merge "[OVN] Prevent OVS to OVN migration if firewall "iptables_hybrid"" 2022-01-24 11:12:59 +00:00
Rodolfo Alonso Hernandez
2aa1bbabe3 [OVN] Prevent OVS to OVN migration if firewall "iptables_hybrid"
Prevent the OVS to OVN migration if any node has the OVS agent
firewall set to "iptables_hybrid". If present, the migration will
exit. This check is implemented in the OVN migration script for
TripleO environments.

Closes-Bug: #1951272
Change-Id: I55f25f56f87bfa2a5e330cdf4c1087e8d4082b29
2022-01-07 14:56:20 +00:00
Jaganathan Palanisamy
10bb1baf66 Missing OvS DPDK nodes in ovn-controllers
This change is to include missing OvS DPDK nodes also as part of
ovn-controllers group in hosts_for_migration file.

Change-Id: Ic0727ffdbd1f60574b6d5397177a58172cbd60f0
2021-12-21 23:02:25 +05:30
Zuul
dd73477036 Merge "Add "FLAVOR_NAME" to ovn migration resources creation" 2021-11-04 11:53:41 +00:00
Zuul
860be62818 Merge "Enhanced set of warnings if an answers file or a templates directory is used." 2021-10-26 18:04:29 +00:00
Zuul
71636d6756 Merge "[OVN Migration] Remove trunk's subports from the nodes" 2021-10-25 13:07:11 +00:00
Maxim Babushkin
f09c98bf8c Add "FLAVOR_NAME" to ovn migration resources creation
- Telco usecases requires a flavor which has to contain "extra_specs"
  to boot a dpdk instance.
  Add the "FLAVOR_NAME" parameter to override the use of the default
  flavor used during migration flow.

- Modify the hardcoded server user name (cirros) to use the
  "SERVER_USER_NAME" environment variable.

Change-Id: I3d50526d3192cafb673092bc8b22da6c48454434
2021-10-25 13:24:09 +03:00
Zuul
6d8e830859 Merge "Fix OVN migration workload creation order" 2021-10-20 16:15:09 +00:00
Zuul
dc79711548 Merge "[OVN Migration] Remove qr and dhcp ports from the nodes" 2021-10-18 11:35:24 +00:00
Roman Safronov
d49ce1652d Fix OVN migration workload creation order
Currently workload VMs start before subnet is connected to router.
When DVR is enabled this causes sometimes that one of the VMs is not
able to get metadata.

Closes bug: #1947547

Change-Id: Ifd686d7ff452abd1226fbbc97f499e05102e4596
2021-10-18 09:23:08 +03:00
Elvira García
744e906f87 [ovn] Add logs for ovs to ovn migration
Log the results of the Ansible playbooks by default so that it is easier
to go through them later in case there's something unexpected. The log
is located in $HOME instead of /var/log/ to avoid the need of privileges.

Signed-off-by: Elvira García <egarciar@redhat.com>
Change-Id: Ida2fc11f28200030fff9ddf1e56fc442a2016bab
2021-10-08 20:11:04 +02:00
Slawek Kaplonski
bf6831e0d2 [OVN Migration] Remove trunk's subports from the nodes
After migration from ML2/OVS to ML2/OVN trunk subports which were created
by the neutron-ovs-agent to connect br-int with trunk bridges (tbr-)
aren't needed anymore and should be deleted.

Closes-Bug: #1946479
Change-Id: Ib1e3b78597ebdde1aa9d2b242e2005a05a7db89f
2021-10-08 19:33:55 +02:00
Slawek Kaplonski
5092f3fb98 [OVN Migration] Remove qr and dhcp ports from the nodes
After migration from ML2/OVS to ML2/OVN tap ports which were created
by the DHCP agents and router ports (like e.g. qr- or qg-) which were
created by the L3 agents aren't needed at all and should be deleted.
Previously those ports were set to be DOWN only. With this patch
all such ports will be simply deleted from the openvswitch.

Related-bug: #1946479
Change-Id: I74cd5820389c86819c6884d3d61c9b2f7907cc88
2021-10-08 19:32:44 +02:00
Vincent S. Cojot
09019f1ffa Enhanced set of warnings if an answers file or a templates directory is used.
Change-Id: I66074cab1692c7a9ad520148a3c7898a91589c7e
2021-10-06 19:14:40 -04:00
Eduardo Olivares
459f63439b Replace cirros 0.4.0 by 0.5.2 in ovn migration create-resources.sh.j2
Some VMs are created before the ovn mgiration process starts in order to
verify they are healthy after the migration
Sometimes these VMs are not accessible via ssh due to an issue in cirros
0.4.0 that was fixed in a later release [1]

Closes-Bug: #1945299
[1] https://github.com/cirros-dev/cirros/pull/11

Change-Id: Ib133b5e1bed19aeac8514e3c6690ca768991bbd4
2021-09-28 10:51:51 +02:00
Roman Safronov
3c305bf6ae Skip FIP check if VALIDATE_MIGRATION is not True
OVN migration script fails when VALIDATE_MIGRATION is not set to
True. oc_check_public_network should return successfully in case
VALIDATE_MIGRATION is set to False.

Closes bug: #1942344

Change-Id: Ibd0aea5b4e6bf44803d5d0100cacc17d401b03cc
2021-09-01 17:56:43 +03:00
Zuul
603951809a Merge "ovn-migration: Introduce migrate mode to DB sync tool" 2021-04-26 14:22:47 +00:00
Jakub Libosvar
456acdeb8f ovn-migration: Delete FIP agent gateway ports
In DVR environment, there are FG interfaces on nodes. We can delete
those after the migration.

Change-Id: I44967e55213d12af24acbf9561a96afb34548324
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-04-22 06:47:07 +00:00
Jakub Libosvar
ae78e812d1 ovn-migration: Introduce migrate mode to DB sync tool
The new "migrate" mode for the DB sync utility changes DB contents as
follows:

 - it changes vxlan networks to Geneve, including its allocation in
   order to avoid future collisions when creating new geneve networks
 - it removes settings from ports' vif_details that are no longer
   needed, such as hybrid plugging or bridge_name for the trunk bridges
 - it sets profile for subports - OVN doesn't use trunk_details but port
   profile to store data about trunk. Subports have tag and parent_name
   fileds.

Previously, the vxlan to Geneve change was done via ansible role. The
tasks in the role were replaced by the script therefore the role is
removed.

Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Change-Id: I29a39108d9fddb30050ec63a1cdf6bba0400e136
2021-04-02 13:23:57 +00:00
Jakub Libosvar
94bea77fd7 migration: Remove crudini when migrating tunnels
It turned out there doesn't need to be crudini tool present on the node
running the command. This patch fetches the Neutron conf file instead
and performs an ini lookup over it in order to get the DB connection
string.

Change-Id: Iaf79b8512a920e9f667bd6881d50e8852595fa71
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-03-24 18:03:20 +01:00
Zuul
ca86d4dbe3 Merge "ovn-migration: Use DHCP nodes to configure dnsmasq" 2021-03-24 14:29:31 +00:00
Jakub Libosvar
9483037f5d ovn-migration: Add doctext explaining VXLAN to Geneve migration
The Ansible command itself is hard to read, the patch adds some doctext
to improve understanding of the ansible task.

Change-Id: I4ab7a83da9bbf64ee6b19b2a0611fd64e09e2132
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-03-23 09:55:52 +01:00
Zuul
05d916c0e7 Merge "ovn-migration: Change network type from vxlan to Geneve" 2021-03-22 18:33:44 +00:00
Jakub Libosvar
569aa4452a ovn-migration: Use DHCP nodes to configure dnsmasq
Previously, the migration script used controller nodes to configure
dnsmasq when configuring new MTU. Controller nodes may not run DHCP
agents. The patch detects DHCP agents instead and uses those to
configure dnsmasq.

Change-Id: Ib468c04779af7aaf4dedf84ba885bce71078248b
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-03-22 14:49:54 +01:00
Jakub Libosvar
d3fce77ff5 ovn-migration: Change network type from vxlan to Geneve
The patch goes to one of ovn-dbs nodes and runs a SQL query to change
all vxlan networks to Geneve. It's done via Python and sqlalchemy in
neutron_api container because mysql client is not installed there. This
approach was chosen to avoid installing more dependencies.

Change-Id: Ic417a115fdc212527866122bc9d3c93ea9599bdf
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-03-19 16:55:41 +01:00
Jakub Libosvar
7bb5fb2de1 ovn-migration: UNDERCLOUD_NODE_USER variable
The undercloud node user is configurable in TripleO and isn't always set
to heat-admin. This patch introduces an environment variable for cases
where user is different.

Change-Id: If65925ded1b5df2bfdcfba50445ff7d821c725d8
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-03-19 12:13:01 +01:00
Jakub Libosvar
4b30dc2330 ovn migration: Fix neutron server container name
Previously docker command used grep to search for neutron server
container. It used image name instead of container name. With the switch
to podman, it stopped working. This patch fixes the container name.

Change-Id: Id650c2e7ac427dd53ebaab4e6d95d54efc657e3f
Closes-bug: #1895108
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2020-09-10 11:46:50 +02:00
Jakub Libosvar
4ad21fd23a migration: Restart OVS after setting protocols
This patch is a workaround for bug in OVS [1]. The OVS is restarted
after setting protocols for the integration bridge. This will cause
a data plane disruption. We can remove the workaround once
the bug [1] is fixed.

Closes-bug: #1890596

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1782834

Change-Id: Ia635f705fa03036a9e9c1c14eab59038ec39bda3
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2020-08-06 14:48:51 +02:00
Zuul
1075e79be5 Merge "ovn migration: Support stack name" 2020-07-24 09:44:21 +00:00
Zuul
d05fcfdf05 Merge "ovn-migration: Remove docker references" 2020-07-23 14:50:29 +00:00
Jakub Libosvar
afd63d0b36 ovn migration: Support stack name
The heat stack name is variable. This patch adds a new environment
variable to support migrating stacks that are different name than
overcloud.

Change-Id: I6fd72bf83def28ae633d720b8495888cea3ac0a3
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2020-07-22 16:33:32 +00:00
Oliver Walsh
aa6491a9d9 migration: Use ansible-inventory to parse tripleo inventory
Instead of adapting to changes to the tripleo inventory structure let
ansible parse it for us using ansible-inventory.

Change-Id: I34ad0fd5feed65dd1266993a77f6ebc69fecfdfb
Closes-bug: #1884764
2020-07-02 11:19:16 +01:00
Jakub Libosvar
0e597a36d3 ovn-migration: Remove docker references
Docker commands are replaced with podman. References to docker resources
is fixed. Some improvements to avoid storing container ids and
performing operations is also done in this patch.

Change-Id: I2b9661d06b30eeb7752bdb4fad73778d2ed940d7
2020-06-25 10:51:54 +02:00
Zuul
646d2db6d1 Merge "ovn-migration: Stop ml2/ovs agents before installing OVN resources" 2020-06-10 17:48:12 +00:00
Roman Safronov
0402337c15 Fix ssh to nodes during ML2/OVS to ML2/OVN migration
Migration ansible playbooks are not able to connect to overcloud
nodes using ssh due to bad settings in the generated ansible
inventory file. Ctlplane subnet ip addresses should be used by
ansible in order to be able to establish connection successfully.

Closes-bug: #1881029
Change-Id: I1588b88279ba1e25706cc74f4a888901e5aadcb6
2020-05-29 19:27:29 +00:00
Jakub Libosvar
4d5b9a62b9 ovn-migration: Stop ml2/ovs agents before installing OVN resources
TripleO used to uninstall services if the resources were set to None. It
was not intentional and TripleO no longer does that. This patch manually
removes dhcp, l3, metadata and ovs agents from controller and compute
nodes, including its systemd service files.

Closes-Bug: #1878358
Change-Id: I140ae0c476bf9e19b4429ce388ddc7cc3f4cd421
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2020-05-13 09:45:07 +02:00