diff --git a/defaults/main.yml b/defaults/main.yml index 3a9282b5..a3b034cf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,9 +20,6 @@ is_metal: true debug: False verbose: True -## APT Cache options -cache_timeout: 600 - neutron_git_repo: https://git.openstack.org/openstack/neutron neutron_git_install_branch: master @@ -110,17 +107,31 @@ neutron_plugin_base: neutron_plugin_loaded_base: "{% for plugin in neutron_plugin_base %}{{ plugin }}{% if not loop.last %},{% endif %}{% endfor %}" # Neutron Plugins -neutron_plugin_type: ml2 +neutron_plugin_type: ml2.lxb neutron_plugins: - ml2: + ml2.lxb: + driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + driver_interface: neutron.agent.linux.interface.BridgeInterfaceDriver + drivers_type: "{{ neutron_ml2_drivers_type }}" + l2_population: "{{ neutron_l2_population }}" + mechanisms: "linuxbridge,l2population" + plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini + ml2.ovs: + driver_firewall: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + driver_interface: neutron.agent.linux.interface.OVSInterfaceDriver + drivers_type: "{{ neutron_ml2_drivers_type }}" + l2_population: "{{ neutron_l2_population }}" + mechanisms: "openvswitch,l2population" plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" + plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin + plugin_ini: plugins/ml2/ml2_conf.ini plumgrid: + plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}" plugin_core: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 plugin_ini: plugins/plumgrid/plumgrid.ini - plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}" nuage: plugin_core: neutron.plugins.nuage.plugin.NuagePlugin plugin_ini: plugins/nuage/nuage.ini @@ -137,10 +148,20 @@ neutron_services: config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}" config_type: "ini" + neutron-openvswitch-agent: + group: neutron_openvswitch_agent + service_name: neutron-openvswitch-agent + service_en: "{{ neutron_plugin_type == 'ml2.ovs' }}" + service_conf: plugins/ml2/openvswitch_agent.ini + service_group: neutron_openvswitch_agent + service_rootwrap: rootwrap.d/openvswitch-plugin.filters + config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini + config_overrides: "{{ neutron_openvswitch_agent_ini_overrides }}" + config_type: "ini" neutron-linuxbridge-agent: group: neutron_linuxbridge_agent service_name: neutron-linuxbridge-agent - service_en: "{{ neutron_linuxbridge | bool }}" + service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}" service_conf: plugins/ml2/linuxbridge_agent.ini service_group: neutron_linuxbridge_agent service_rootwrap: rootwrap.d/linuxbridge-plugin.filters @@ -213,13 +234,10 @@ neutron_services: config_options: "--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" ## Neutron DHCP Agent -neutron_dhcp: "{% if neutron_plugin_type == 'ml2' %}True{% else %}False{% endif %}" +neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ## Neutron Metadata Agent -neutron_metadata: "{% if neutron_plugin_type == 'ml2' %}True{% else %}False{% endif %}" - -## Neutron LinuxBridge Agent -neutron_linuxbridge: "{% if neutron_plugin_type == 'ml2' and 'linuxbridge' in neutron_ml2_mechanism_drivers %}True{% else %}False{% endif %}" +neutron_metadata: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" ## Neutron LBaaS # See documentation section titled "Configuring the Network Load Balacing @@ -253,13 +271,12 @@ neutron_vpnaas: "{% if 'vpnaas' in neutron_plugin_base %}True{% else %}False{% e neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler neutron_driver_loadbalancer_pool_scheduler: neutron_lbaas.services.loadbalancer.agent_scheduler.ChanceScheduler -neutron_driver_interface: neutron.agent.linux.interface.BridgeInterfaceDriver neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq neutron_driver_quota: neutron.db.quota.driver.DbQuotaDriver -neutron_driver_firewall: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver neutron_driver_vpnaas: neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver + ## Quotas neutron_default_quota: -1 neutron_quota_floatingip: 50 @@ -332,7 +349,6 @@ neutron_dhcp_config: # Types of networks supported by the ml2 plugin neutron_ml2_drivers_type: "flat,vlan,vxlan,local" -neutron_ml2_mechanism_drivers: "linuxbridge,l2population" # Enable or disable L2 Population. neutron_l2_population: "False" @@ -461,3 +477,4 @@ neutron_metering_agent_ini_overrides: {} neutron_linuxbridge_agent_ini_overrides: {} neutron_lbaas_agent_ini_overrides: {} neutron_vpnaas_agent_ini_overrides: {} +neutron_openvswitch_agent_ini_overrides: {} diff --git a/releasenotes/notes/openvswitch-support-1b71ae52dde81403.yaml b/releasenotes/notes/openvswitch-support-1b71ae52dde81403.yaml new file mode 100644 index 00000000..ac0da8ea --- /dev/null +++ b/releasenotes/notes/openvswitch-support-1b71ae52dde81403.yaml @@ -0,0 +1,14 @@ +--- +features: + - | + Open vSwitch driver support has been implemented. This includes the implementation of the + appropriate Neutron configuration and package installation. This feature may be activated + by setting ``neutron_plugin_type: ml2.ovs`` in ``/etc/openstack_deploy/user_variables.yml``. +upgrade: + - The variable ``neutron_linuxbridge`` has been removed as it is no longer used. + - The variable ``neutron_driver_interface`` has been removed. The appropriate value for + ``neutron.conf`` is now determined based on the ``neutron_plugin_type``. + - The variable ``neutron_driver_firewall`` has been removed. The appropriate value for + ``neutron.conf`` is now determined based on the ``neutron_plugin_type``. + - The variable ``neutron_ml2_mechanism_drivers`` has been removed. The appropriate value for + ml2_conf.ini is now determined based on the ``neutron_plugin_type``. diff --git a/tasks/main.yml b/tasks/main.yml index ad348083..f8c69fe8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,6 +13,23 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Gather variables for each operating system + include_vars: "{{ item }}" + with_first_found: + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_release | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml" + - "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml" + - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family | lower }}.yml" + tags: + - always + +- include: ovs_install.yml + when: + - neutron_services['neutron-openvswitch-agent']['group'] in group_names + - inventory_hostname in groups[neutron_services['neutron-openvswitch-agent']['group']] + - neutron_services['neutron-openvswitch-agent'].service_en | bool + - include: neutron_check.yml - include: neutron_pre_install.yml - include: neutron_install.yml diff --git a/tasks/neutron_db_setup.yml b/tasks/neutron_db_setup.yml index c075a9e4..423bc714 100644 --- a/tasks/neutron_db_setup.yml +++ b/tasks/neutron_db_setup.yml @@ -44,7 +44,7 @@ release: newton library_path: "{{ neutron_lib_dir }}" bin_path: "{{ neutron_bin }}" - when: neutron_plugin_type == 'ml2' + when: neutron_plugin_type.split('.')[0] == 'ml2' tags: - neutron-db-setup - neutron-upgrade @@ -52,7 +52,7 @@ - name: Print neutron migrations facts debug: var: neutron_migrations - when: neutron_plugin_type == 'ml2' + when: neutron_plugin_type.split('.')[0] == 'ml2' tags: - neutron-db-setup - neutron-upgrade @@ -67,7 +67,7 @@ become_user: "{{ neutron_system_user_name }}" when: - (neutron_migrations is defined and neutron_migrations['run_expand']|bool) - - neutron_plugin_type == 'ml2' + - neutron_plugin_type.split('.')[0] == 'ml2' tags: - neutron-db-setup - neutron-upgrade @@ -79,7 +79,7 @@ pattern: "neutron-server" delegate_to: "{{ item }}" with_items: "{{ groups[neutron_services['neutron-server']['group']] }}" - when: (neutron_migrations is defined and neutron_migrations['run_contract']|bool) or neutron_plugin_type != 'ml2' + when: (neutron_migrations is defined and neutron_migrations['run_contract']|bool) or neutron_plugin_type.split('.')[0] != 'ml2' tags: - neutron-db-setup - neutron-upgrade @@ -94,12 +94,12 @@ become_user: "{{ neutron_system_user_name }}" when: - (neutron_migrations is defined and neutron_migrations['run_contract']|bool) - - neutron_plugin_type == 'ml2' + - neutron_plugin_type.split('.')[0] == 'ml2' tags: - neutron-db-setup - neutron-upgrade -# NOTE: We have to handle neutron_plugin_type != 'ml2' because not all neutron +# NOTE: We have to handle neutron_plugin_type.split('.')[0] != 'ml2' because not all neutron # plugins have contract/expand branches which breaks neutron-db-manage. # This can be reverted once all plugins are conformant. - name: Perform a Neutron DB offline upgrade (heads) @@ -111,7 +111,7 @@ become: yes become_user: "{{ neutron_system_user_name }}" when: - - neutron_plugin_type != 'ml2' + - neutron_plugin_type.split('.')[0] != 'ml2' tags: - neutron-db-setup - neutron-upgrade @@ -123,7 +123,7 @@ pattern: "neutron-server" delegate_to: "{{ item }}" with_items: "{{ groups[neutron_services['neutron-server']['group']] }}" - when: (neutron_migrations is defined and neutron_migrations['run_contract']|bool) or neutron_plugin_type != 'ml2' + when: (neutron_migrations is defined and neutron_migrations['run_contract']|bool) or neutron_plugin_type.split('.')[0] != 'ml2' tags: - neutron-db-setup - neutron-upgrade diff --git a/tasks/neutron_install.yml b/tasks/neutron_install.yml index 94e402be..d3904e8e 100644 --- a/tasks/neutron_install.yml +++ b/tasks/neutron_install.yml @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +#TODO(michaelgugino): Break out tasks into yum/apt install steps as +#required. #TODO(evrardjp): Replace the next 2 tasks by a standard apt with cache #when https://github.com/ansible/ansible-modules-core/pull/1517 is merged #in 1.9.x or we move to 2.0 (if tested working) @@ -30,7 +32,7 @@ tags: - neutron-apt-packages -- name: Install apt packages +- name: Install neutron apt dependencies apt: pkg: "{{ item }}" state: latest diff --git a/tasks/neutron_pre_install.yml b/tasks/neutron_pre_install.yml index 7d4fb9a0..81043234 100644 --- a/tasks/neutron_pre_install.yml +++ b/tasks/neutron_pre_install.yml @@ -43,7 +43,7 @@ - { path: "/openstack", owner: "root", group: "root" } - { path: "/etc/neutron" } - { path: "/etc/neutron/plugins" } - - { path: "/etc/neutron/plugins/{{ neutron_plugin_type }}" } + - { path: "/etc/neutron/plugins/{{ neutron_plugin_type.split('.')[0] }}" } - { path: "/etc/neutron/rootwrap.d", owner: "root", group: "root" } - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } - { path: "/var/cache/neutron" } diff --git a/tasks/neutron_upstart_init.yml b/tasks/neutron_upstart_init.yml index c34763f9..4950dab8 100644 --- a/tasks/neutron_upstart_init.yml +++ b/tasks/neutron_upstart_init.yml @@ -69,6 +69,21 @@ tags: - upstart-init +- include: neutron_upstart_common_init.yml + vars: + program_name: "{{ neutron_services['neutron-openvswitch-agent'].service_name }}" + program_config_options: "{{ neutron_services['neutron-openvswitch-agent'].config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: "{{ neutron_system_user_name }}" + system_group: "{{ neutron_system_group_name }}" + service_home: "{{ neutron_system_home_folder }}" + when: + - neutron_services['neutron-openvswitch-agent']['group'] in group_names + - inventory_hostname in groups[neutron_services['neutron-openvswitch-agent']['group']] + - neutron_services['neutron-openvswitch-agent'].service_en | bool + tags: + - upstart-init + - include: neutron_upstart_common_init.yml vars: program_name: "{{ neutron_services['neutron-metadata-agent'].service_name }}" diff --git a/tasks/ovs_install-apt.yml b/tasks/ovs_install-apt.yml new file mode 100644 index 00000000..e8f5ed04 --- /dev/null +++ b/tasks/ovs_install-apt.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Add Ubuntu Cloud Archive Keyring package + apt: + pkg: ubuntu-cloud-keyring + register: add_keys + +- name: Enable OVS repo + apt_repository: + repo: "{{ ovs_apt_repo }}" + state: present + +- name: Update apt after OVS repo + apt: + update_cache: yes + when: add_keys.changed + +- name: Install apt packages + apt: + pkg: "{{ item }}" + state: latest + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: ovs_apt_packages + tags: + - ovs-install + - ovs-apt-packages diff --git a/tasks/ovs_install.yml b/tasks/ovs_install.yml new file mode 100644 index 00000000..d04fe8b7 --- /dev/null +++ b/tasks/ovs_install.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: ovs_install-apt.yml + when: + - ansible_pkg_mgr == 'apt' + tags: + - install-apt diff --git a/templates/dhcp_agent.ini.j2 b/templates/dhcp_agent.ini.j2 index 5cddf988..637bf6ed 100644 --- a/templates/dhcp_agent.ini.j2 +++ b/templates/dhcp_agent.ini.j2 @@ -11,7 +11,7 @@ debug = {{ debug }} num_sync_threads = {{ neutron_num_sync_threads | default(api_threads) }} # Drivers -interface_driver = {{ neutron_driver_interface }} +interface_driver = {{ neutron_plugins[neutron_plugin_type].driver_interface }} dhcp_driver = {{ neutron_driver_dhcp }} # Default domain for DHCP leases diff --git a/templates/l3_agent.ini.j2 b/templates/l3_agent.ini.j2 index 878765ba..8aac0f19 100644 --- a/templates/l3_agent.ini.j2 +++ b/templates/l3_agent.ini.j2 @@ -12,7 +12,7 @@ external_network_bridge = {{ neutron_external_network_bridge }} gateway_external_network_id = {{ neutron_gateway_external_network_id }} # Drivers -interface_driver = {{ neutron_driver_interface }} +interface_driver = {{ neutron_plugins[neutron_plugin_type].driver_interface }} # Agent mode (legacy only) agent_mode = {{ neutron_agent_mode }} diff --git a/templates/lbaas_agent.ini.j2 b/templates/lbaas_agent.ini.j2 index 38d7c6a7..980412eb 100644 --- a/templates/lbaas_agent.ini.j2 +++ b/templates/lbaas_agent.ini.j2 @@ -10,12 +10,8 @@ debug = {{ debug | bool }} # seconds between attempts. periodic_interval = 10 -# LBaas requires an interface driver be set. Choose the one that best -# matches your plugin. -# Examples: -# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver -# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver -interface_driver = {{ neutron_driver_interface }} +# LBaas requires an interface driver be set. +interface_driver = {{ neutron_plugins[neutron_plugin_type].driver_interface }} # Use veth for an OVS interface or not. # Support kernels with limited namespace support diff --git a/templates/metering_agent.ini.j2 b/templates/metering_agent.ini.j2 index bee349f2..ad69e5d1 100644 --- a/templates/metering_agent.ini.j2 +++ b/templates/metering_agent.ini.j2 @@ -7,7 +7,7 @@ debug = {{ debug }} # Drivers driver = {{ neutron_driver_metering }} -interface_driver = {{ neutron_driver_interface }} +interface_driver = {{ neutron_plugins[neutron_plugin_type].driver_interface }} # Intervals measure_interval = 30 diff --git a/templates/neutron.conf.j2 b/templates/neutron.conf.j2 index 78d69c0b..b4a421ae 100644 --- a/templates/neutron.conf.j2 +++ b/templates/neutron.conf.j2 @@ -19,7 +19,7 @@ vlan_transparent = False # Plugins core_plugin = {{ neutron_plugin_core }} -{% if (neutron_plugin_type != 'plumgrid' and neutron_plugin_type != 'nuage') %} +{% if neutron_plugin_type.split('.')[0] == 'ml2' %} service_plugins = {{ neutron_plugin_loaded_base }} {% endif %} @@ -49,7 +49,7 @@ router_distributed = False agent_down_time = {{ neutron_agent_down_time }} {% set num_agent = groups[neutron_services['neutron-dhcp-agent']['group']] | length %} -{% if neutron_plugin_type == 'ml2' and num_agent >= 2 %} +{% if neutron_plugin_type.split('.')[0] == 'ml2' and num_agent >= 2 %} {% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool %} {% set max_l3_router = num_agent if num_agent > 2 else 2 %} diff --git a/templates/plugins/ml2/linuxbridge_agent.ini.j2 b/templates/plugins/ml2/linuxbridge_agent.ini.j2 index d471e3bb..df0f6eed 100644 --- a/templates/plugins/ml2/linuxbridge_agent.ini.j2 +++ b/templates/plugins/ml2/linuxbridge_agent.ini.j2 @@ -15,7 +15,7 @@ enable_vxlan = True vxlan_group = {{ neutron_vxlan_group }} # VXLAN local tunnel endpoint local_ip = {{ neutron_local_ip }} -l2_population = {{ neutron_l2_population }} +l2_population = {{ neutron_plugins[neutron_plugin_type].l2_population }} {% else %} @@ -28,5 +28,5 @@ enable_vxlan = False # Security groups [securitygroup] -firewall_driver = {{ neutron_driver_firewall }} +firewall_driver = {{ neutron_plugins[neutron_plugin_type].driver_firewall }} enable_security_group = True diff --git a/templates/plugins/ml2/ml2_conf.ini.j2 b/templates/plugins/ml2/ml2_conf.ini.j2 index 8e20507e..56f6bb8a 100644 --- a/templates/plugins/ml2/ml2_conf.ini.j2 +++ b/templates/plugins/ml2/ml2_conf.ini.j2 @@ -2,9 +2,9 @@ # ML2 general [ml2] -type_drivers = {{ neutron_ml2_drivers_type }} +type_drivers = {{ neutron_plugins[neutron_plugin_type].drivers_type }} tenant_network_types = {{ neutron_provider_networks.network_types }} -mechanism_drivers = {{ neutron_ml2_mechanism_drivers }} +mechanism_drivers = {{ neutron_plugins[neutron_plugin_type].mechanisms }} extension_drivers = port_security{% if 'qos' in neutron_plugin_base %},qos{% endif %} path_mtu = 0 diff --git a/templates/plugins/ml2/openvswitch_agent.ini.j2 b/templates/plugins/ml2/openvswitch_agent.ini.j2 new file mode 100644 index 00000000..045506d7 --- /dev/null +++ b/templates/plugins/ml2/openvswitch_agent.ini.j2 @@ -0,0 +1,20 @@ +# {{ ansible_managed }} + +# Linux bridge agent physical interface mappings +[ovs] +local_ip = {{ neutron_local_ip }} +enable_tunneling = True +{% if neutron_provider_networks.network_mappings is defined %} +physical_interface_mappings = {{ neutron_provider_networks.network_mappings }} +{% endif %} + +[agent] +l2_population = {{ neutron_plugins[neutron_plugin_type].l2_population }} +tunnel_types = gre,vxlan + + +# Security groups +[securitygroup] +firewall_driver = {{ neutron_plugins[neutron_plugin_type].driver_firewall }} +enable_security_group = True +enable_ipset = True diff --git a/vars/ubuntu-14.04.yml b/vars/ubuntu-14.04.yml new file mode 100644 index 00000000..e5851abb --- /dev/null +++ b/vars/ubuntu-14.04.yml @@ -0,0 +1,40 @@ +--- +# Copyright 2016, Walmart Stores, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ovs_apt_repo: 'deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/mitaka main' + +ovs_apt_packages: + - openvswitch-common + - openvswitch-switch + +## APT Cache options +cache_timeout: 600 + +neutron_apt_dependencies: + - conntrack + - dnsmasq-base + - dnsmasq-utils + - ebtables + - ipset + - iputils-arping + - keepalived + - libpq-dev + - radvd + +neutron_lbaas_apt_packages: + - haproxy + +neutron_apt_remove_packages: + - conntrackd