Add option to deploy OpenDaylight SDN Controller

- This commit adds a new ML2 backend that uses OpenDaylight SDN
 Controller and networking-odl to handle neutron networking.

 - Installation of OpenDaylight uses the official ansible-opendaylight
 Ansible role.

 - It requires OpenvSwitch as traffic forwarder.

 - New test scenario for OpenDaylight

Change-Id: I67083992660a1aca4b6edd5ecf4f28113c0e547f
This commit is contained in:
Juan Vidal Allende 2017-08-08 09:25:54 +02:00
parent e2b171d7ad
commit 7dce6e2b07
14 changed files with 314 additions and 1 deletions

View File

@ -50,6 +50,8 @@ networking_calico_git_repo: https://git.openstack.org/openstack/networking-calic
networking_calico_git_install_branch: master
dragonflow_git_repo: https://git.openstack.org/openstack/dragonflow
dragonflow_git_install_branch: master
networking_odl_git_repo: https://git.openstack.org/openstack/networking-odl
networking_odl_git_install_branch: master
# Developer mode
neutron_developer_mode: false
@ -123,6 +125,7 @@ neutron_metering_agent_init_overrides: {}
neutron_ml2_conf_ini_overrides: {}
neutron_neutron_conf_overrides: {}
neutron_nuage_conf_ini_overrides: {}
neutron_opendaylight_conf_ini_overrides: {}
neutron_openvswitch_agent_ini_overrides: {}
neutron_openvswitch_agent_init_overrides: {}
# Provide a list of access controls to update the default policy.json with.

View File

@ -0,0 +1,96 @@
========================================
Scenario - OpenDaylight and Open vSwitch
========================================
Overview
~~~~~~~~
Deployers can choose to enhance neutron capabilities by means of the
OpenDaylight SDN Controller, which works together with Open vSwitch to provide
advanced networking capabilities. This document explains how to use them
in your environment.
Recommended reading
~~~~~~~~~~~~~~~~~~~
Since this is an extension of the basic Open vSwitch scenario, it is worth
reading that scenario to get some background. It is also recommended to be
familiar with OpenDaylight and networking-odl projects and their configuration.
* `Scenario: Open vSwitch <app-openvswitch.html>`_
* `OpenDaylight SDN Controller <docs.opendaylight.org/en/latest/>`_
* `Networking-odl <https://github.com/openstack/networking-odl>`_
Prerequisites
~~~~~~~~~~~~~
The `OpenDaylight Ansible role <https://wiki.opendaylight.org/view/Deployment#Ansible_Role>`_
needs to be available in Ansible's role path.
OpenStack-Ansible user variables
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Set the following user variables in your
``/etc/openstack_deploy/user_variables.yml``:
.. code-block:: yaml
### Ensure the openvswitch kernel module is loaded
openstack_host_specific_kernel_modules:
- name: "openvswitch"
pattern: "CONFIG_OPENVSWITCH"
group: "network_hosts"
### Use OpenDaylight SDN Controller
neutron_plugin_type: "ml2.opendaylight"
odl_ip: "{{ hostvars[groups['opendaylight'][0]]['ansible_default_ipv4']['address'] }}"
neutron_opendaylight_conf_ini_overrides:
ml2_odl:
url: "http://{{ odl_ip }}:8080/controller/nb/v2/neutron"
username: <username>
password: <password>
Most of the content of this file is self-explanatory. The first block is used
to deploy Open vSwitch in all network hosts.
The second block is instructing Ansible to deploy OpenDaylight SDN Controller.
This is done by specifying ``neutron_plugin_type`` to ``ml2.opendaylight``.
The IP address of the OpenDaylight controller needs to be inferred from the
deployment configuration as well. That can be used with a line such as the one
in the example.
After that, some configuration is needed to integrate OpenDaylight and Neutron,
using the ``ml2_odl`` section.
* **url**: OpenDaylight's northbound url. This is automatically retrieved from
the deployment configuration, so just need to copy the example line.
* **username**: OpenDaylight northbound API username
* **password**: OpenDaylight northbound API password for <username>
Apart from these options, the deployer might want to change the installation
method for OpenDaylight Ansible role. This role uses pre-packaged binaries,
which can be either ``deb`` or ``rpm`` files, and by default it will download
these binaries from OpenDaylight repositories, trying to guess the correct
package depending on the underlying operating system.
Also, the set of features that will be enabled in the OpenDaylight SDN
controller defaults to ``odl-netvirt-openstack``, which is the minimum for an
OpenStack integration. The deployer can modify this value by providing a list
of feature names in the ``opendaylight_extra_features`` variable.
For more information, see OpenDaylight Ansible role documentation.
Security information
~~~~~~~~~~~~~~~~~~~~
Communications between the OpenDaylight SDN Controller and Open vSwitch are not
secured by default. For further information on securing this interface, see
these manuals:
TLS Support on OpenDaylight OpenFlow plugin:
https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support
Secure Communication Between OpenFlow Switches and Controllers
https://www.thinkmind.org/download.php?articleid=afin_2015_2_30_40047

View File

@ -9,6 +9,7 @@ Neutron role for OpenStack-Ansible
app-openvswitch.rst
app-nuage.rst
app-calico.rst
app-opendaylight.rst
:tags: openstack, neutron, cloud, ansible
:category: \*nix

View File

@ -53,3 +53,9 @@ dependencies:
neutron_services['neutron-server']['group']
]) | length > 0
}}"
- role: opendaylight
install_method: "{{ opendaylight_install_method }}"
extra_features: "{{ opendaylight_extra_features }}"
when:
- neutron_plugin_type == "ml2.opendaylight"
- inventory_hostname in groups["opendaylight"]

View File

@ -0,0 +1,7 @@
---
features:
- The ``OpenDaylight SDN Controller`` can be deployed as
a neutron ML2 backend.
You can set the ``neutron_plugin_type`` to
``ml2.opendaylight`` to utilize this code path.
The usage of ``OpenDaylight`` is currently experimental.

View File

@ -0,0 +1,61 @@
---
# Copyright 2017, Ericsson AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Install OpenDaylight pip packages
pip:
name: "{{ neutron_optional_opendaylight_pip_packages }}"
state: "{{ neutron_pip_package_state }}"
virtualenv: "{{ neutron_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ neutron_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages|success
retries: 5
delay: 2
tags:
- opendaylight-install
- opendaylight-pip-packages
- name: Ensure Open vSwitch service is started and enabled
service:
name: "{{ neutron_ovs_service_name }}"
state: started
enabled: yes
- name: Retrieve current OvS manager
command: ovs-vsctl get-manager
register: ovs_manager
changed_when: False
- name: Set ODL as OvS manager
command: ovs-vsctl set-manager tcp:{{ odl_ip }}:6640
when: ovs_manager.stdout == ""
- name: Configure hosts for networking-odl, force kernel datapath
command: "{{ neutron_bin }}/neutron-odl-ovs-hostconfig --noovs_dpdk"
when: ovs_manager.stdout == ""
- name: Retrieve current OvS local ip
command: ovs-vsctl get Open_vSwitch . other_config:local_ip
ignore_errors: yes
register: ovs_local_ip
changed_when: False
- name: Set local ip for OpenvSwitch
command: "ovs-vsctl set Open_vSwitch . other_config:local_ip={{ neutron_local_ip }}"
when: ovs_local_ip.rc != 0

View File

@ -58,3 +58,7 @@
src: https://git.openstack.org/openstack/openstack-ansible-os_neutron
scm: git
version: stable/ocata
- name: opendaylight
scm: git
src: https://git.opendaylight.org/gerrit/p/integration/packaging/ansible-opendaylight.git
version: master

View File

@ -0,0 +1,40 @@
---
# Copyright 2017, Ericsson AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
### Ensure the openvswitch kernel module is loaded
openstack_host_specific_kernel_modules:
- name: "openvswitch"
pattern: "CONFIG_OPENVSWITCH"
group: "network_hosts"
### Use OpenDaylight SDN Controller
neutron_plugin_type: "ml2.opendaylight"
odl_ip: "{{ hostvars[groups['opendaylight'][0]]['ansible_default_ipv4']['address'] }}"
neutron_opendaylight_conf_ini_overrides:
ml2_odl:
url: "http://{{ odl_ip }}:8080/controller/nb/v2/neutron"
username: admin
password: admin
tempest_run: yes
tempest_plugins:
- name: neutron
repo: https://git.openstack.org/openstack/neutron
branch: master
tempest_test_whitelist:
- neutron.tests.tempest.api.test_networks*

View File

@ -0,0 +1,61 @@
[all]
localhost
infra1
server1
server2
agents1
agents2
[physical_host]
localhost
[all_containers]
infra1
server1
server2
agents1
agents2
[rabbitmq_all]
infra1
[galera_all]
infra1
[memcached_all]
infra1
[service_all:children]
rabbitmq_all
galera_all
memcached_all
[keystone_all]
infra1
[neutron_server]
server1
server2
[opendaylight]
server1
[neutron_agent]
[neutron_dhcp_agent]
[neutron_metering_agent]
[neutron_l3_agent]
[neutron_lbaas_agent]
[neutron_metadata_agent]
[neutron_all:children]
neutron_agent
neutron_dhcp_agent
neutron_metering_agent
neutron_l3_agent
neutron_lbaas_agent
neutron_metadata_agent
neutron_server
opendaylight
[utility_all]
infra1

10
tox.ini
View File

@ -148,6 +148,16 @@ commands =
bash -c "{toxinidir}/tests/tests-repo-clone.sh"
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:opendaylight]
deps =
{[testenv:ansible]deps}
setenv =
{[testenv]setenv}
ANSIBLE_INVENTORY={toxinidir}/tests/opendaylight_inventory
ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-opendaylight.yml
commands =
bash -c "{toxinidir}/tests/tests-repo-clone.sh"
bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
[testenv:linters]
deps =

View File

@ -26,7 +26,8 @@ neutron_package_list: |-
{% set packages = neutron_distro_packages %}
{% if (neutron_services['neutron-openvswitch-agent']['group'] in group_names and neutron_services['neutron-openvswitch-agent'].service_en | bool)
or (neutron_services['dragonflow-controller-agent']['group'] in group_names and neutron_services['dragonflow-controller-agent'].service_en | bool)
or (neutron_services['dragonflow-l3-agent']['group'] in group_names and neutron_services['dragonflow-l3-agent'].service_en | bool) %}
or (neutron_services['dragonflow-l3-agent']['group'] in group_names and neutron_services['dragonflow-l3-agent'].service_en | bool)
or (neutron_plugin_type == 'ml2.opendaylight') %}
{% set _ = packages.extend(neutron_ovs_distro_packages) %}
{% endif %}
{% if neutron_services['neutron-linuxbridge-agent']['group'] in group_names and neutron_services['neutron-linuxbridge-agent'].service_en | bool %}
@ -87,6 +88,9 @@ neutron_optional_dragonflow_pip_packages:
- dragonflow
- python-etcd
neutron_optional_opendaylight_pip_packages:
- networking-odl
neutron_proprietary_nuage_pip_packages:
- nuage-openstack-neutron
- nuage-openstack-neutronclient
@ -100,6 +104,7 @@ neutron_developer_constraints:
- "git+{{ neutron_dynamic_routing_git_repo }}@{{ neutron_dynamic_routing_git_install_branch }}#egg=neutron-dynamic-routing"
- "git+{{ networking_calico_git_repo }}@{{ networking_calico_git_install_branch }}#egg=networking-calico"
- "git+{{ dragonflow_git_repo }}@{{ dragonflow_git_install_branch }}#egg=dragonflow"
- "git+{{ networking_odl_git_repo }}@{{ networking_odl_git_install_branch }}#egg=networking-odl"
neutron_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin"
@ -195,6 +200,14 @@ neutron_plugins:
mechanisms: "sriovnicswitch"
plugin_ini: plugins/ml2/sriov_nic_agent.ini
plugin_conf_ini_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
ml2.opendaylight:
drivers_type: "local,flat,vlan,gre,vxlan"
mechanisms: "opendaylight_v2"
plugin_conf_ini_overrides: "{{ neutron_opendaylight_conf_ini_overrides }}"
plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
plugin_ini: plugins/ml2/ml2_conf.ini
driver_interface: "openvswitch"
l3_agent_mode: "legacy"
###
### ML2 Plugin Configuration
@ -219,6 +232,11 @@ _neutron_non_tunnel_types:
# Tunnel network types used by the OVS agent
neutron_tunnel_types: "{{ neutron_ml2_drivers_type.split(',') | difference(_neutron_non_tunnel_types) | join(',') }}"
# OpenDaylight
opendaylight_extra_features: ['odl-netvirt-openstack']
opendaylight_install_method: "{{ (ansible_os_family=='Debian') | ternary('deb_repo', 'rpm_repo') }}"
###
### L3 Agent Plugin Configuration
###

View File

@ -18,6 +18,8 @@ neutron_checksum_script: /etc/sysconfig/network-scripts/ifup-post-metadata-check
neutron_ovs_distro_packages:
- openvswitch
neutron_ovs_service_name: openvswitch
neutron_distro_packages:
- conntrack-tools
- dnsmasq

View File

@ -19,6 +19,8 @@ neutron_checksum_script: /etc/sysconfig/network/scripts/ifup-post-metadata-check
neutron_ovs_distro_packages:
- openvswitch
neutron_ovs_service_name: openvswitch
neutron_distro_packages:
- conntrack-tools
- dnsmasq

View File

@ -19,6 +19,8 @@ neutron_ovs_distro_packages:
- openvswitch-common
- openvswitch-switch
neutron_ovs_service_name: openvswitch-switch
neutron_driver_vpnaas: neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver
neutron_vpnaas_service_provider: VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default