diff --git a/defaults/main.yml b/defaults/main.yml
index 45bfb4ee..f9419bb0 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -69,6 +69,10 @@ openstack_ceilometer_git_repo: https://opendev.org/openstack/ceilometer
openstack_ceilometer_git_install_branch: master
networking_generic_switch_git_repo: https://opendev.org/openstack/networking-generic-switch
networking_generic_switch_git_install_branch: master
+networking_nsx_git_repo: https://opendev.org/x/vmware-nsx
+networking_nsx_git_install_branch: master
+networking_nsxlib_git_repo: https://opendev.org/x/vmware-nsxlib
+networking_nsxlib_git_install_branch: master
neutron_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
neutron_git_constraints:
@@ -81,6 +85,8 @@ neutron_git_constraints:
- "git+{{ networking_bgpvpn_git_repo }}@{{ networking_bgpvpn_git_install_branch }}#egg=networking-bgpvpn"
- "git+{{ openstack_ceilometer_git_repo }}@{{ openstack_ceilometer_git_install_branch }}#egg=ceilometer"
- "git+{{ networking_generic_switch_git_repo }}@{{ networking_generic_switch_git_install_branch }}#egg=networking-generic-switch"
+ - "git+{{ networking_nsx_git_repo }}@{{ networking_nsx_git_install_branch }}#egg=vmware-nsx"
+ - "git+{{ networking_nsxlib_git_repo }}@{{ networking_nsxlib_git_install_branch }}#egg=vmware-nsxlib"
- "--constraint {{ neutron_upper_constraints_url }}"
neutron_pip_install_args: "{{ pip_install_options | default('') }}"
@@ -165,6 +171,7 @@ neutron_nuage_conf_ini_overrides: {}
neutron_opendaylight_conf_ini_overrides: {}
neutron_openvswitch_agent_ini_overrides: {}
neutron_openvswitch_agent_init_overrides: {}
+neutron_nsx_conf_ini_overrides: {}
# Provide a list of access controls to update the default policy.json with.
# These changes will be merged
# with the access controls in the default policy.json. E.g.
diff --git a/doc/source/app-nsx.rst b/doc/source/app-nsx.rst
new file mode 100644
index 00000000..b6c15b49
--- /dev/null
+++ b/doc/source/app-nsx.rst
@@ -0,0 +1,108 @@
+========================================
+Scenario - VMware NSX Plugin
+========================================
+
+Introduction
+~~~~~~~~~~~~
+
+This document covers the steps to integrate the VMware NSX plugin with
+OpenStack Ansible.
+
+.. warning::
+
+ Currently, only NSX-T Policy API is supported.
+
+Please follow these steps:
+
+- Configure Neutron to use the NSX plugin
+
+Prerequisites
+~~~~~~~~~~~~~
+
+#. The deployment environment is configured according to OSA best
+ practices such as cloning OSA software and bootstrapping Ansible.
+ See `OpenStack-Ansible Install Guide
+ `_.
+
+#. NSX-T has been deployed per its installation guide and compute nodes have
+ been properly configured as transport nodes. See
+ `NSX-T Data Center Installation Guide
+ ` _.
+
+Configure Neutron to use the NSX plugin
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Copy the neutron environment overrides to
+``/etc/openstack_deploy/env.d/neutron.yml`` and disable agent creation, since
+it is not needed.
+
+.. code-block:: yaml
+
+ neutron_agents_container:
+ belongs_to:
+ - network_containers
+ contains: { }
+
+Copy the nova environment overrides to
+``/etc/openstack_deploy/env.d/nova.yml`` and disable neutron agent creation,
+since it is not needed.
+
+.. code-block:: yaml
+
+ container_skel:
+ nova_api_container:
+ belongs_to:
+ - compute-infra_containers
+ - os-infra_containers
+ contains:
+ - nova_api_metadata
+ - nova_api_os_compute
+ - nova_conductor
+ - nova_scheduler
+ - nova_console
+ nova_compute_container:
+ belongs_to:
+ - compute_containers
+ - kvm-compute_containers
+ - qemu-compute_containers
+ contains:
+ - nova_compute
+ properties:
+ is_metal: true
+
+Set the following required variables in your
+``/etc/openstack_deploy/user_variables.yml``
+
+.. code-block:: yaml
+
+ neutron_plugin_type: vmware.nsx
+ nova_network_type: nsx
+ nsx_api_password:
+ nsx_api_managers:
+ - nsx-manager-01
+ - nsx-manager-02
+ - nsx-manager-03
+
+Optionally specify additional parameters using overrides
+
+.. code-block:: yaml
+
+ neutron_nsx_conf_ini_overrides:
+ nsx_p:
+ default_tier0_router: my-tier0-router
+ default_overlay_tz: my-overlay-tz
+ default_vlan_tz: my-vlan-tz
+ metadata_proxy: my-metadata-proxy-profile
+ dhcp_profile: my-dhcp-profile
+
+.. warning::
+
+ If NSX has defined more than one tier 0, overlay/vlan tz, metadata proxy, or
+ dhcp profile, then you must explicitly define those using conf overrides.
+ Neutron will fail to start if these are not defined in those conditions.
+
+Installation
+~~~~~~~~~~~~
+
+After the environment has been configured as detailed above, start the
+OpenStack deployment as listed in the OpenStack-Ansible Install Guide.
diff --git a/doc/source/index.rst b/doc/source/index.rst
index f09db7db..3e94b3dc 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -13,6 +13,7 @@ Neutron role for OpenStack-Ansible
app-openvswitch-sfc.rst
app-ovn.rst
app-nuage.rst
+ app-nsx.rst
app-calico.rst
app-opendaylight.rst
app-genericswitch.rst
diff --git a/templates/neutron.conf.j2 b/templates/neutron.conf.j2
index eabcd8e4..e21310c4 100644
--- a/templates/neutron.conf.j2
+++ b/templates/neutron.conf.j2
@@ -85,9 +85,14 @@ rpc_workers = {{ neutron_rpc_workers }}
{% set dhcp_agents_max = num_agent if num_agent > 2 else 2 %}
# DHCP
+{% if neutron_plugin_type == 'vmware.nsx' %}
+dhcp_agent_notification = False
+{% else %}
dhcp_agent_notification = True
dhcp_agents_per_network = {{ dhcp_agents_max }}
dhcp_lease_duration = 86400
+{% endif %}
+
# Driver for external DNS integration. (string value)
{% if neutron_designate_enabled %}
diff --git a/templates/plugins/vmware/nsx.ini.j2 b/templates/plugins/vmware/nsx.ini.j2
new file mode 100644
index 00000000..98aa8949
--- /dev/null
+++ b/templates/plugins/vmware/nsx.ini.j2
@@ -0,0 +1,7 @@
+[DEFAULT]
+
+[nsx_p]
+
+nsx_api_user = {{ nsx_api_user | default('admin') }}
+nsx_api_password = {{ nsx_api_password }}
+nsx_api_managers = {{ nsx_api_managers | join(',') }}
diff --git a/tests/neutron-overrides-nsx.yml b/tests/neutron-overrides-nsx.yml
new file mode 100644
index 00000000..d816602d
--- /dev/null
+++ b/tests/neutron-overrides-nsx.yml
@@ -0,0 +1,32 @@
+---
+# Copyright 2020, VMware, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+tempest_run: yes
+
+tempest_plugins:
+ - name: neutron-plugins
+ repo: https://opendev.org/openstack/neutron-tempest-plugin
+ branch: master
+
+tempest_test_whitelist:
+ - "neutron_tempest_plugin.api.test_networks*"
+
+neutron_plugin_type: vmware.nsx
+nsx_api_password: password
+nsx_api_managers:
+ - nsx-manager-01
+
+tempest_network_ping_gateway: False
+
diff --git a/tests/nsx_inventory b/tests/nsx_inventory
new file mode 100644
index 00000000..665e18a4
--- /dev/null
+++ b/tests/nsx_inventory
@@ -0,0 +1,61 @@
+[all]
+localhost
+infra1
+server1
+server2
+
+[physical_host]
+localhost
+
+[all_containers]
+infra1
+server1
+server2
+
+[oslomsg_rpc_all]
+infra1
+
+[oslomsg_notify_all]
+infra1
+
+[rabbitmq_all]
+infra1
+
+[galera_all]
+infra1
+
+[memcached_all]
+infra1
+
+[service_all:children]
+rabbitmq_all
+galera_all
+memcached_all
+
+[keystone_all]
+infra1
+
+[neutron_server]
+server1
+server2
+
+[neutron_agent]
+[neutron_dhcp_agent]
+[neutron_linuxbridge_agent]
+[neutron_openvswitch_agent]
+[neutron_metering_agent]
+[neutron_l3_agent]
+[neutron_metadata_agent]
+
+[neutron_all:children]
+neutron_agent
+neutron_dhcp_agent
+neutron_linuxbridge_agent
+neutron_openvswitch_agent
+neutron_metering_agent
+neutron_l3_agent
+neutron_metadata_agent
+neutron_server
+
+[utility_all]
+infra1
diff --git a/tox.ini b/tox.ini
index aa8b06e2..b820a7c3 100644
--- a/tox.ini
+++ b/tox.ini
@@ -183,3 +183,12 @@ commands =
{[testenv:bashate]commands}
{[testenv:ansible-lint]commands}
{[testenv:ansible-syntax]commands}
+
+[testenv:nsx]
+basepython = python3
+setenv =
+ {[testenv]setenv}
+ ANSIBLE_INVENTORY={toxinidir}/tests/nsx_inventory
+ ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-nsx.yml
+commands =
+ bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
diff --git a/vars/main.yml b/vars/main.yml
index 44ed246b..26b9ffcc 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -69,6 +69,10 @@ neutron_proprietary_nuage_pip_packages:
neutron_optional_ngs_pip_packages:
- networking-generic-switch
+neutron_optional_nsx_pip_packages:
+ - vmware-nsx
+ - vmware-nsxlib
+
neutron_venv_packages: >-
{%- set pkg_list = neutron_pip_packages | union(neutron_user_pip_packages) %}
{%- if neutron_bgp | bool %}
@@ -103,6 +107,10 @@ neutron_venv_packages: >-
(neutron_services['neutron-server']['group'] in group_names) %}
{%- set _ = pkg_list.extend(neutron_optional_ngs_pip_packages) %}
{%- endif %}
+ {%- if (neutron_plugin_type.split('.')[-1] == "nsx") and
+ (neutron_services['neutron-server']['group'] in group_names) %}
+ {%- set _ = pkg_list.extend(neutron_optional_nsx_pip_packages) %}
+ {%- endif %}
{{- pkg_list | unique }}
@@ -207,6 +215,10 @@ neutron_plugins:
plugin_conf_ini_overrides: "{{ neutron_ml2_conf_genericswitch_ini_overrides }}"
plugin_core: ml2
plugin_ini: plugins/ml2/ml2_conf_genericswitch.ini
+ vmware.nsx:
+ plugin_core: vmware_nsx.plugin.NsxPolicyPlugin
+ plugin_ini: plugins/vmware/nsx.ini
+ plugin_conf_ini_overrides: "{{ neutron_nsx_conf_ini_overrides }}"
###
### ML2 Plugin Configuration