Support for Open vSwitch Distributed Virtual Routing

Deployers may now enable DVR by setting the value of
the neutron_plugin_type variable to "ml2.ovs.dvr"

When set, the role will deploy and configure the OVS agent,
l3 agent and metadata agent as recommended by the neutron
Networking Guide's High Availability using Distributed Virtual
Routing scenario:

http://docs.openstack.org/mitaka/networking-guide/scenario-dvr-ovs.html

Change-Id: I27fd65c807cfde83f6250f613d9994cf83e1c0e0
Partially-Implements: blueprint neutron-dvr

defaults/main.yml

@@ -99,6 +99,7 @@ neutron_plugins:
     drivers_type: "{{ neutron_ml2_drivers_type }}"
     l2_population: "{{ neutron_l2_population }}"
     mechanisms: "linuxbridge{% if neutron_l2_population | bool %},l2population{% endif %}"
+    l3_agent_mode: "legacy"
     plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
     plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
     plugin_ini: plugins/ml2/ml2_conf.ini
@@ -108,6 +109,18 @@ neutron_plugins:
     drivers_type: "{{ neutron_ml2_drivers_type }}"
     l2_population: "{{ neutron_l2_population }}"
     mechanisms: "openvswitch{% if neutron_l2_population | bool %},l2population{% endif %}"
+    l3_agent_mode: "legacy"
+    plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
+    plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
+    plugin_ini: plugins/ml2/ml2_conf.ini
+  ml2.ovs.dvr:
+    driver_firewall: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+    driver_interface: neutron.agent.linux.interface.OVSInterfaceDriver
+    drivers_type: "{{ neutron_ml2_drivers_type }}"
+    l2_population: "{{ neutron_l2_population }}"
+    mechanisms: "openvswitch{% if neutron_l2_population | bool %},l2population{% endif %}"
+    l3_agent_mode: "{% if 'nova_compute' in group_names %}dvr{% else %}dvr_snat{% endif %}"
+    router_distributed: True
     plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
     plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
     plugin_ini: plugins/ml2/ml2_conf.ini
@@ -133,7 +146,7 @@ neutron_services:
  neutron-openvswitch-agent:
    group: neutron_openvswitch_agent
    service_name: neutron-openvswitch-agent
-   service_en: "{{ neutron_plugin_type == 'ml2.ovs' }}"
+   service_en: "{{ 'ml2.ovs' in neutron_plugin_type }}"
    service_conf: plugins/ml2/openvswitch_agent.ini
    service_rootwrap: rootwrap.d/openvswitch-plugin.filters
    config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --log-file=/var/log/neutron/neutron-openvswitch-agent.log
@@ -210,7 +223,7 @@ neutron_services:
 neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}"
 
 ## Neutron Metadata Agent
-neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}"
+neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' and (neutron_plugin_type == 'ml2.ovs.dvr' or 'nova_compute' not in group_names) %}True{% else %}False{% endif %}"
 
 ## Neutron LBaaS
 # See documentation section titled "Configuring the Network Load Balacing
@@ -225,7 +238,8 @@ neutron_lbaasv2: "{% if 'lbaasv2' in neutron_plugin_base or 'neutron_lbaas.servi
 ## Neutron L3
 ## Please add 'router' to the neutron_plugin_base list
 #TODO(odyssey4me): Remove the class path from this conditional in the Newton cycle
-neutron_l3: "{% if 'router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
+# Should the neutron-l3-agent service should be enabled on the host
+neutron_l3: "{% if ('router' in neutron_plugin_base or 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' in neutron_plugin_base) and (neutron_plugin_type == 'ml2.ovs.dvr' or 'nova_compute' not in group_names) %}True{% else %}False{% endif %}"
 
 # Set this option to "true" to enable legacy neutron L3HA tool support
 # TODO(cloudnull): Remove this in the Ocata cycle
@@ -309,7 +323,6 @@ neutron_keystone_auth_plugin: password
 neutron_external_network_bridge: ""
 neutron_gateway_external_network_id: ""
 
-neutron_agent_mode: legacy
 neutron_agent_down_time: 120
 neutron_agent_polling_interval: 5
 neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}"

releasenotes/notes/neutron_ovs_dvr-7fca77cac0545441.yaml

@@ -0,0 +1,11 @@
+---
+features:
+  - |
+    Support for Neutron distributed virtual routing has been added to the
+    ``os_neutron`` role. This includes the implementation of Networking
+    Guide's suggested agent configuration. This feature may be activated
+    by setting ``neutron_plugin_type: ml2.ovs.dvr`` in ``/etc/openstack_deploy/user_variables.yml``.
+upgrade:
+  - The variable ``neutron_agent_mode`` has been removed from the
+    ``os_neutron`` role. The appropriate value for ``l3_agent.ini`` is now
+    determined based on the ``neutron_plugin_type`` and host group membership.

templates/l3_agent.ini.j2

@@ -13,8 +13,7 @@ gateway_external_network_id = {{ neutron_gateway_external_network_id }}
 # Drivers
 interface_driver = {{ neutron_plugins[neutron_plugin_type].driver_interface }}
 
-# Agent mode (legacy only)
-agent_mode = {{ neutron_agent_mode }}
+agent_mode = {{ neutron_plugins[neutron_plugin_type].l3_agent_mode }}
 
 # Conventional failover
 allow_automatic_l3agent_failover = True

templates/neutron.conf.j2

@@ -40,8 +40,8 @@ notification_driver = messagingv2
 network_auto_schedule = True
 router_auto_schedule = True
 
-# Distributed virtual routing (disable by default)
-router_distributed = False
+# Distributed virtual routing
+router_distributed = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
 
 # Agents
 agent_down_time = {{ neutron_agent_down_time }}

templates/plugins/ml2/openvswitch_agent.ini.j2

@@ -12,6 +12,7 @@ bridge_mappings = {{ neutron_provider_networks.network_mappings }}
 [agent]
 l2_population = {{ neutron_plugins[neutron_plugin_type].l2_population }}
 tunnel_types = {{ neutron_tunnel_types }}
+enable_distributed_routing = {{ neutron_plugins[neutron_plugin_type].router_distributed | default('False') }}
 
 # Security groups
 [securitygroup]