Add Initial NSX Integration

Default variables are established to add NSX integration to OSA,
as well as documentation on how to implement the integration.

Change-Id: I9843fedf2463251f7663d4607932f029f86dbda2

defaults/main.yml

@@ -69,6 +69,10 @@ openstack_ceilometer_git_repo: https://opendev.org/openstack/ceilometer
 openstack_ceilometer_git_install_branch: master
 networking_generic_switch_git_repo: https://opendev.org/openstack/networking-generic-switch
 networking_generic_switch_git_install_branch: master
+networking_nsx_git_repo: https://opendev.org/x/vmware-nsx
+networking_nsx_git_install_branch: master
+networking_nsxlib_git_repo: https://opendev.org/x/vmware-nsxlib
+networking_nsxlib_git_install_branch: master
 
 neutron_upper_constraints_url: "{{ requirements_git_url | default('https://releases.openstack.org/constraints/upper/' ~ requirements_git_install_branch | default('master')) }}"
 neutron_git_constraints:
@@ -81,6 +85,8 @@ neutron_git_constraints:
   - "git+{{ networking_bgpvpn_git_repo }}@{{ networking_bgpvpn_git_install_branch }}#egg=networking-bgpvpn"
   - "git+{{ openstack_ceilometer_git_repo }}@{{ openstack_ceilometer_git_install_branch }}#egg=ceilometer"
   - "git+{{ networking_generic_switch_git_repo }}@{{ networking_generic_switch_git_install_branch }}#egg=networking-generic-switch"
+  - "git+{{ networking_nsx_git_repo }}@{{ networking_nsx_git_install_branch }}#egg=vmware-nsx"
+  - "git+{{ networking_nsxlib_git_repo }}@{{ networking_nsxlib_git_install_branch }}#egg=vmware-nsxlib"
   - "--constraint {{ neutron_upper_constraints_url }}"
 
 neutron_pip_install_args: "{{ pip_install_options | default('') }}"
@@ -165,6 +171,7 @@ neutron_nuage_conf_ini_overrides: {}
 neutron_opendaylight_conf_ini_overrides: {}
 neutron_openvswitch_agent_ini_overrides: {}
 neutron_openvswitch_agent_init_overrides: {}
+neutron_nsx_conf_ini_overrides: {}
 # Provide a list of access controls to update the default policy.json with.
 # These changes will be merged
 # with the access controls in the default policy.json. E.g.

doc/source/app-nsx.rst

@@ -0,0 +1,108 @@
+========================================
+Scenario - VMware NSX Plugin
+========================================
+
+Introduction
+~~~~~~~~~~~~
+
+This document covers the steps to integrate the VMware NSX plugin with
+OpenStack Ansible.
+
+.. warning::
+
+  Currently, only NSX-T Policy API is supported.
+
+Please follow these steps:
+
+- Configure Neutron to use the NSX plugin
+
+Prerequisites
+~~~~~~~~~~~~~
+
+#. The deployment environment is configured according to OSA best
+   practices such as cloning OSA software and bootstrapping Ansible.
+   See `OpenStack-Ansible Install Guide
+   <https://docs.openstack.org/project-deploy-guide/openstack-ansible/latest/>`_.
+
+#. NSX-T has been deployed per its installation guide and compute nodes have
+   been properly configured as transport nodes. See
+   `NSX-T Data Center Installation Guide
+   <https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-3E0C4CEC-D593-4395-84C4-150CD6285963.htm>` _.
+
+Configure Neutron to use the NSX plugin
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Copy the neutron environment overrides to
+``/etc/openstack_deploy/env.d/neutron.yml`` and disable agent creation, since
+it is not needed.
+
+.. code-block:: yaml
+
+  neutron_agents_container:
+    belongs_to:
+      - network_containers
+    contains: { }
+
+Copy the nova environment overrides to
+``/etc/openstack_deploy/env.d/nova.yml`` and disable neutron agent creation,
+since it is not needed.
+
+.. code-block:: yaml
+
+  container_skel:
+    nova_api_container:
+      belongs_to:
+        - compute-infra_containers
+        - os-infra_containers
+      contains:
+        - nova_api_metadata
+        - nova_api_os_compute
+        - nova_conductor
+        - nova_scheduler
+        - nova_console
+    nova_compute_container:
+      belongs_to:
+        - compute_containers
+        - kvm-compute_containers
+        - qemu-compute_containers
+      contains:
+        - nova_compute
+      properties:
+        is_metal: true
+
+Set the following required variables in your
+``/etc/openstack_deploy/user_variables.yml``
+
+.. code-block:: yaml
+
+  neutron_plugin_type: vmware.nsx
+  nova_network_type: nsx
+  nsx_api_password: <password>
+  nsx_api_managers:
+    - nsx-manager-01
+    - nsx-manager-02
+    - nsx-manager-03
+
+Optionally specify additional parameters using overrides
+
+.. code-block:: yaml
+
+  neutron_nsx_conf_ini_overrides:
+    nsx_p:
+      default_tier0_router: my-tier0-router
+      default_overlay_tz: my-overlay-tz
+      default_vlan_tz: my-vlan-tz
+      metadata_proxy: my-metadata-proxy-profile
+      dhcp_profile: my-dhcp-profile
+
+.. warning::
+
+  If NSX has defined more than one tier 0, overlay/vlan tz, metadata proxy, or
+  dhcp profile, then you must explicitly define those using conf overrides.
+  Neutron will fail to start if these are not defined in those conditions.
+
+Installation
+~~~~~~~~~~~~
+
+After the environment has been configured as detailed above, start the
+OpenStack deployment as listed in the OpenStack-Ansible Install Guide.

doc/source/index.rst

@@ -13,6 +13,7 @@ Neutron role for OpenStack-Ansible
    app-openvswitch-sfc.rst
    app-ovn.rst
    app-nuage.rst
+   app-nsx.rst
    app-calico.rst
    app-opendaylight.rst
    app-genericswitch.rst

templates/neutron.conf.j2

@@ -85,9 +85,14 @@ rpc_workers = {{ neutron_rpc_workers }}
 
 {% set dhcp_agents_max = num_agent if num_agent > 2 else 2 %}
 # DHCP
+{% if neutron_plugin_type == 'vmware.nsx' %}
+dhcp_agent_notification = False
+{% else %}
 dhcp_agent_notification = True
 dhcp_agents_per_network = {{ dhcp_agents_max }}
 dhcp_lease_duration = 86400
+{% endif %}
+
 
 # Driver for external DNS integration. (string value)
 {% if neutron_designate_enabled %}

templates/plugins/vmware/nsx.ini.j2

@@ -0,0 +1,7 @@
+[DEFAULT]
+
+[nsx_p]
+
+nsx_api_user = {{ nsx_api_user | default('admin') }}
+nsx_api_password = {{ nsx_api_password }}
+nsx_api_managers = {{ nsx_api_managers | join(',') }}

tests/neutron-overrides-nsx.yml

@@ -0,0 +1,32 @@
+---
+# Copyright 2020, VMware, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+tempest_run: yes
+
+tempest_plugins:
+  - name: neutron-plugins
+    repo: https://opendev.org/openstack/neutron-tempest-plugin
+    branch: master
+
+tempest_test_whitelist:
+  - "neutron_tempest_plugin.api.test_networks*"
+
+neutron_plugin_type: vmware.nsx
+nsx_api_password: password
+nsx_api_managers:
+  - nsx-manager-01
+
+tempest_network_ping_gateway: False
+

tests/nsx_inventory

@@ -0,0 +1,61 @@
+[all]
+localhost
+infra1
+server1
+server2
+
+[physical_host]
+localhost
+
+[all_containers]
+infra1
+server1
+server2
+
+[oslomsg_rpc_all]
+infra1
+
+[oslomsg_notify_all]
+infra1
+
+[rabbitmq_all]
+infra1
+
+[galera_all]
+infra1
+
+[memcached_all]
+infra1
+
+[service_all:children]
+rabbitmq_all
+galera_all
+memcached_all
+
+[keystone_all]
+infra1
+
+[neutron_server]
+server1
+server2
+
+[neutron_agent]
+[neutron_dhcp_agent]
+[neutron_linuxbridge_agent]
+[neutron_openvswitch_agent]
+[neutron_metering_agent]
+[neutron_l3_agent]
+[neutron_metadata_agent]
+
+[neutron_all:children]
+neutron_agent
+neutron_dhcp_agent
+neutron_linuxbridge_agent
+neutron_openvswitch_agent
+neutron_metering_agent
+neutron_l3_agent
+neutron_metadata_agent
+neutron_server
+
+[utility_all]
+infra1

tox.ini

@@ -183,3 +183,12 @@ commands =
     {[testenv:bashate]commands}
     {[testenv:ansible-lint]commands}
     {[testenv:ansible-syntax]commands}
+
+[testenv:nsx]
+basepython = python3
+setenv =
+    {[testenv]setenv}
+    ANSIBLE_INVENTORY={toxinidir}/tests/nsx_inventory
+    ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-nsx.yml
+commands =
+    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"

vars/main.yml

@@ -69,6 +69,10 @@ neutron_proprietary_nuage_pip_packages:
 neutron_optional_ngs_pip_packages:
   - networking-generic-switch
 
+neutron_optional_nsx_pip_packages:
+  - vmware-nsx
+  - vmware-nsxlib
+
 neutron_venv_packages: >-
   {%- set pkg_list = neutron_pip_packages | union(neutron_user_pip_packages) %}
   {%- if neutron_bgp | bool %}
@@ -103,6 +107,10 @@ neutron_venv_packages: >-
          (neutron_services['neutron-server']['group'] in group_names) %}
   {%-     set _ = pkg_list.extend(neutron_optional_ngs_pip_packages) %}
   {%- endif %}
+  {%- if (neutron_plugin_type.split('.')[-1] == "nsx") and
+         (neutron_services['neutron-server']['group'] in group_names) %}
+  {%-     set _ = pkg_list.extend(neutron_optional_nsx_pip_packages) %}
+  {%- endif %}
   {{- pkg_list | unique }}
 
 
@@ -207,6 +215,10 @@ neutron_plugins:
     plugin_conf_ini_overrides: "{{ neutron_ml2_conf_genericswitch_ini_overrides }}"
     plugin_core: ml2
     plugin_ini: plugins/ml2/ml2_conf_genericswitch.ini
+  vmware.nsx:
+    plugin_core: vmware_nsx.plugin.NsxPolicyPlugin
+    plugin_ini: plugins/vmware/nsx.ini
+    plugin_conf_ini_overrides: "{{ neutron_nsx_conf_ini_overrides }}"
 
 ###
 ### ML2 Plugin Configuration