openstack
/
neutron
Code Issues Proposed changes
neutron/tools/ovn_migration/migrate-to-ovn.yml

205 lines
8.6 KiB
YAML
Raw Blame History

# Migrate a Neutron deployment using ML2/OVS to OVN.
#
# See hosts-sample for expected contents of the ansible inventory.
---
- hosts: compute
remote_user: "{{ remote_user }}"
become: true
tasks:
- name: Ensure OVN packages are installed on compute nodes.
yum:
name: openvswitch-ovn-host
state: present
# TODO to make ansible-lint happy, all of these commands should be conditionally run
# only if the config value needs to be changed.
- name: Configure ovn-encap-type.
command: "ovs-vsctl set open . external_ids:ovn-encap-type=geneve"
changed_when: false
- name: Configure ovn-encap-ip.
command: "ovs-vsctl set open . external_ids:ovn-encap-ip={{ ovn_encap_ip }}"
changed_when: false
- name: Configure ovn-remote.
command: "ovs-vsctl set open . external_ids:ovn-remote=tcp:{{ ovn_db_ip }}:6642"
changed_when: false
# TODO We could discover the appropriate value for ovn-bridge-mappings based on
# the openvswitch agent configuration instead of requiring it to be configured
# in the inventory.
- name: Configure ovn-bridge-mappings.
command: "ovs-vsctl set open . external_ids:ovn-bridge-mappings={{ ovn_bridge_mappings }}"
changed_when: false
- name: Get hostname
command: hostname -f
register: hostname
check_mode: no
changed_when: false
- name: Set host name
command: "ovs-vsctl set Open_vSwitch . external-ids:hostname={{ hostname.stdout }}"
changed_when: false
# TODO ansible has an "iptables" module, but it does not allow you specify a "rule number"
# which we require here.
- name: Open Geneve UDP port for tunneling.
command: iptables -I INPUT 10 -m state --state NEW -p udp --dport 6081 -j ACCEPT
changed_when: false
- name: Persist our iptables changes after a reboot
shell: iptables-save > /etc/sysconfig/iptables.save
args:
creates: /etc/sysconfig/iptables.save
# TODO Remove this once the metadata API is supported.
# https://bugs.launchpad.net/networking-ovn/+bug/1562132
- name: Force config drive until the metadata API is supported.
ini_file:
dest: /etc/nova/nova.conf
section: DEFAULT
option: force_config_drive
value: true
- name: Restart nova-compute service to reflect force_config_drive value.
systemd:
name: openstack-nova-compute
state: restarted
enabled: yes
- hosts: controller
remote_user: "{{ remote_user }}"
become: true
tasks:
- name: Ensure OVN packages are installed on the central OVN host.
when: ovn_central is defined
yum:
name: openvswitch-ovn-central
state: present
# TODO Set up SSL for OVN databases
# TODO ansible has an "iptables" module, but it does not allow you specify a "rule number"
# which we require here.
- name: Open OVN database ports.
command: "iptables -I INPUT 10 -m state --state NEW -p tcp --dport {{ item }} -j ACCEPT"
with_items: [ 6641, 6642 ]
changed_when: False
- name: Persist our iptables changes after a reboot
shell: iptables-save > /etc/sysconfig/iptables.save
args:
creates: /etc/sysconfig/iptables.save
# TODO Integrate HA support for the OVN control services.
- name: Start ovn-northd and the OVN databases.
when: ovn_central is defined
systemd:
name: ovn-northd
state: started
enabled: yes
- name: Enable remote access to the northbound database.
command: "ovn-nbctl set-connection ptcp:6641:{{ ovn_db_ip }}"
when: ovn_central is defined
changed_when: False
- name: Enable remote access to the southbound database.
command: "ovn-sbctl set-connection ptcp:6642:{{ ovn_db_ip }}"
when: ovn_central is defined
changed_when: False
- name: Update Neutron configuration files
ini_file: dest={{ item.dest }} section={{ item.section }} option={{ item.option }} value={{ item.value }}
with_items:
- { dest: '/etc/neutron/neutron.conf', section: 'DEFAULT', option: 'service_plugins', value: 'qos,ovn-router' }
- { dest: '/etc/neutron/neutron.conf', section: 'DEFAULT', option: 'notification_drivers', value: 'ovn-qos' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ml2', option: 'mechanism_drivers', value: 'ovn' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ml2', option: 'type_drivers', value: 'geneve,vxlan,vlan,flat' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ml2', option: 'tenant_network_types', value: 'geneve' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ml2_type_geneve', option: 'vni_ranges', value: '1:65536' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ml2_type_geneve', option: 'max_header_size', value: '38' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ovn', option: 'ovn_nb_connection', value: '"tcp:{{ ovn_db_ip }}:6641"' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ovn', option: 'ovn_sb_connection', value: '"tcp:{{ ovn_db_ip }}:6642"' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ovn', option: 'ovsdb_connection_timeout', value: '180' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ovn', option: 'neutron_sync_mode', value: 'repair' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ovn', option: 'ovn_l3_mode', value: 'true' }
- { dest: '/etc/neutron/plugins/ml2/ml2_conf.ini', section: 'ovn', option: 'vif_type', value: 'ovs' }
- name: Note that API downtime begins now.
debug:
msg: NEUTRON API DOWNTIME STARTING NOW FOR THIS HOST
- name: Shut down neutron-server so that we can begin data sync to OVN.
systemd:
name: neutron-server
state: stopped
- hosts: controller
remote_user: "{{ remote_user }}"
become: true
tasks:
- name: Sync Neutron state to OVN.
when: ovn_central is defined
command: neutron-ovn-db-sync-util --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
- hosts: overcloud
remote_user: "{{ remote_user }}"
become: true
tasks:
- name: Note that data plane imact starts now.
debug:
msg: DATA PLANE IMPACT BEGINS NOW.
- name: Stop metadata, DHCP, L3 and openvswitch agent if needed.
systemd: name={{ item.name }} state={{ item.state }} enabled=no
with_items:
- { name: 'neutron-metadata-agent', state: 'stopped' }
- { name: 'neutron-dhcp-agent', state: 'stopped' }
- { name: 'neutron-l3-agent', state: 'stopped' }
- { name: 'neutron-openvswitch-agent', state: 'stopped' }
- hosts: compute
remote_user: "{{ remote_user }}"
become: true
tasks:
- name: Note that data plane is being restored.
debug:
msg: DATA PLANE IS NOW BEING RESTORED.
- name: Delete br-tun as it is no longer used.
command: "ovs-vsctl del-br br-tun"
changed_when: false
- name: Reset OpenFlow protocol version before ovn-controller takes over.
with_items: [ br-int, br-ex ]
command: "ovs-vsctl set Bridge {{ item }} protocols=[]"
ignore_errors: True
changed_when: false
- name: Start ovn-controller.
systemd:
name: ovn-controller
state: started
enabled: yes
- hosts: controller
remote_user: "{{ remote_user }}"
become: true
tasks:
# TODO The sync util scheduling gateway routers depends on this patch:
# https://review.openstack.org/#/c/427020/
# If the patch is not merged, this command is harmless, but the gateway
# routers won't get scheduled until later when neutron-server starts.
- name: Schedule gateway routers by running the sync util.
when: ovn_central is defined
command: neutron-ovn-db-sync-util --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
changed_when: false
- name: Configure node for hosting gateway routers for external connectivity.
command: "ovs-vsctl set open . external_ids:ovn-cms-options=enable-chassis-as-gw"
changed_when: false
- hosts: overcloud
remote_user: "{{ remote_user }}"
become: true
tasks:
# TODO Make this smarter so that it only deletes net namespaces that were
# # created by neutron. In the simple case, this is fine, but will break
# # once containers are in use on the overcloud.
- name: Delete network namespaces.
command: ip -all netns delete
changed_when: false
- hosts: controller
remote_user: "{{ remote_user }}"
become: true
tasks:
- name: Note that the Neutron API is coming back online.
debug:
msg: THE NEUTRON API IS NOW BEING RESTORED.
- name: Start neutron-server.
systemd:
name: neutron-server
state: started
# TODO In our grenade script we had to restart rabbitmq. Is that needed?
View Git Blame Copy Permalink