Project Calico integration

Integrate deployment for Project Calico's Neutron networking
plugin into the os_neutron role.

See http://docs.openstack.org/developer/networking-calico/
for more information about Calico.

Change-Id: I80546b6deefe0878398716d173b7dcc36c3bef3a

defaults/main.yml

@@ -35,12 +35,20 @@ neutron_vpnaas_git_install_branch: master
 neutron_requirements_git_repo: https://git.openstack.org/openstack/requirements
 neutron_requirements_git_install_branch: master
 
+calico_git_repo: https://github.com/projectcalico/calico
+calico_git_install_branch: master
+
+networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico
+networking_calico_git_install_branch: master
+
 neutron_developer_mode: false
 neutron_developer_constraints:
   - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron"
   - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas"
   - "git+{{ neutron_lbaas_git_repo }}@{{ neutron_lbaas_git_install_branch }}#egg=neutron-lbaas"
   - "git+{{ neutron_vpnaas_git_repo }}@{{ neutron_vpnaas_git_install_branch }}#egg=neutron-vpnaas"
+  - "git+{{ calico_git_repo }}@{{ calico_git_install_branch }}#egg=calico"
+  - "git+{{ networking_calico_git_repo }}@{{ networking_calico_git_install_branch }}#egg=networking-calico"
 
 # Name of the virtual env to deploy into
 neutron_venv_tag: untagged
@@ -144,6 +152,12 @@ neutron_plugins:
     plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
     plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
     plugin_ini: plugins/ml2/ml2_conf.ini
+  ml2.calico:
+    drivers_type: "flat, local"
+    mechanisms: "calico"
+    plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
+    plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin
+    plugin_ini: plugins/ml2/ml2_conf.ini
   plumgrid:
     plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}"
     plugin_core: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2
@@ -237,6 +251,23 @@ neutron_services:
    service_name: neutron-server
    service_en: True
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }} --log-file=/var/log/neutron/neutron-server.log"
+ calico-felix:
+   group: neutron_calico_dhcp_agent
+   service_name: calico-felix
+   service_en: "{{ neutron_plugin_type == 'ml2.calico' }}"
+   service_conf_path: /etc/calico
+   service_conf: felix.cfg
+   config_options: --config-file /etc/calico/felix.cfg
+   config_overrides: "{{ neutron_calico_dhcp_agent_ini_overrides }}"
+   config_type: "ini"
+ calico-dhcp-agent:
+   group: neutron_calico_dhcp_agent
+   service_name: calico-dhcp-agent
+   service_en: "{{ neutron_plugin_type == 'ml2.calico' }}"
+   service_rootwrap: rootwrap.d/dhcp.filters
+   config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf"
+   config_overrides: "{{ neutron_calico_felix_ini_overrides }}"
+   config_type: "ini"
 
 ## Neutron DHCP Agent
 neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}"
@@ -453,6 +484,11 @@ neutron_pip_packages:
   - python-novaclient
   - repoze.lru
 
+neutron_optional_calico_pip_packages:
+  - calico
+  - networking-calico
+  - python-etcd
+
 neutron_proprietary_nuage_pip_packages:
   - nuage-openstack-neutron
   - nuage-openstack-neutronclient
@@ -482,3 +518,5 @@ neutron_linuxbridge_agent_ini_overrides: {}
 neutron_lbaas_agent_ini_overrides: {}
 neutron_vpnaas_agent_ini_overrides: {}
 neutron_openvswitch_agent_ini_overrides: {}
+neutron_calico_dhcp_agent_ini_overrides: {}
+neutron_calico_felix_ini_overrides: {}

doc/source/app-calico.rst

@@ -0,0 +1,93 @@
+=====================================================
+Scenario - Using the networking-calico Neutron plugin
+=====================================================
+
+Introduction
+~~~~~~~~~~~~
+
+This document describes the steps required to deploy Project Calico Neutron
+networking with OpenStack-Ansible (OSA). These steps include:
+
+- Configure OSA environment overrides.
+
+- Configure OSA user variables.
+
+- Execute the playbooks.
+
+For additional configuration about Project Calico and its architecture, please
+reference the `networking-calico`_ and `Project Calico`_ documentation.
+
+.. _networking-calico: http://docs.openstack.org/developer/networking-calico/
+.. _Project Calico: http://docs.projectcalico.org/en/latest/index.html
+
+Prerequisites
+~~~~~~~~~~~~~
+
+#. The deployment environment has been configured according to OSA
+   best-practices. This includes cloning OSA software and bootstrapping
+   Ansible. See `OpenStack-Ansible Install Guide <index.html>`_
+#. BGP peers configured to accept routing announcements from your hypervisors.
+   By default, the hypervisor's default router is set as the BGP peer.
+
+Configure OSA Environment for Project Calico
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Copy the etcd container definition to ``/etc/openstack_deploy/env.d/etcd.yml``
+to enable the creation of the etcd cluster.
+
+.. code-block:: yaml
+
+  component_skel:
+    etcd:
+      belongs_to:
+        - etcd_all
+  container_skel:
+    etcd_container:
+      belongs_to:
+        - infra_containers
+        - shared-infra_containers
+      contains:
+        - etcd
+      properties:
+        service_name: etcd
+
+Copy the neutron environment overrides to
+``/etc/openstack_deploy/env.d/neutron.yml`` to disable the creation of the
+neutron agents container, and implement the calico-dhcp-agent hosts group
+containing all compute hosts.
+
+.. code-block:: yaml
+
+  component_skel:
+    neutron_calico_dhcp_agent:
+      belongs_to:
+      - neutron_all
+
+  container_skel:
+    neutron_agents_container:
+      contains: {}
+    neutron_calico_dhcp_agent_container:
+      belongs_to:
+        - compute_containers
+      contains:
+        - neutron_calico_dhcp_agent
+      properties:
+        is_metal: true
+        service_name: neutron
+
+Configure networking-calico Neutron Plugin
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Set the following in ``/etc/openstack_deploy/user_variables.yml``.
+
+.. code-block:: yaml
+
+  neutron_plugin_type: ml2.calico
+  nova_network_type: calico
+
+Installation
+~~~~~~~~~~~~
+
+After multi-node OpenStack cluster is configured as detailed above; start
+the OpenStack deployment as listed in the OpenStack-Ansible Install guide by
+running all playbooks in sequence on the deployment host

doc/source/index.rst

@@ -8,6 +8,7 @@ Neutron role for OpenStack-Ansible
    configure-network-services.rst
    app-nuage.rst
    app-plumgrid.rst
+   app-calico.rst
 
 :tags: openstack, neutron, cloud, ansible
 :category: \*nix

files/calico-qemu.conf

@@ -0,0 +1,7 @@
+clear_emulator_capabilities = 0
+cgroup_device_acl = [
+     "/dev/null", "/dev/full", "/dev/zero",
+     "/dev/random", "/dev/urandom",
+     "/dev/ptmx", "/dev/kvm", "/dev/kqemu",
+     "/dev/rtc", "/dev/hpet", "/dev/net/tun",
+]

handlers/main.yml

@@ -13,6 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Restart libvirt-bin
+  service:
+    name: "libvirt-bin"
+    state: "restarted"
+    pattern: "libvirt-bin"
+
 - name: Restart neutron services
   service:
     name: "{{ item.value.service_name }}"

meta/main.yml

@@ -35,3 +35,10 @@ dependencies:
   - apt_package_pinning
   - galera_client
   - openstack_openrc
+  - role: etcd
+    etcd_install_type: proxy
+    when:
+      - neutron_services['calico-dhcp-agent']['group'] in group_names
+        or neutron_services['calico-felix']['group'] in group_names
+        or neutron_services['neutron-server']['group'] in group_names
+      - neutron_plugin_type == 'ml2.calico'

releasenotes/notes/neutron-networking-calico-b05b08f989f768ee.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - The Project Calico Neutron networking plugin is now integrated into the
+    ``os_neutron`` role. This can be activated using the instructions located
+    in the role documentation.

tasks/calico_config.yml

@@ -0,0 +1,61 @@
+---
+# Copyright 2016, Logan Vig <logan2211@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install Calico pip packages
+  pip:
+    name: "{{ item }}"
+    state: latest
+    virtualenv: "{{ neutron_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options_fact }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: "{{ neutron_optional_calico_pip_packages }}"
+  when:
+    - neutron_services['neutron-server']['group'] in group_names
+      or neutron_services['calico-felix']['group'] in group_names
+      or neutron_services['calico-dhcp-agent']['group'] in group_names
+  notify: Restart neutron services
+  tags:
+    - calico-install
+    - calico-pip-packages
+
+- name: Set Calico compatible qemu libvirt config
+  copy:
+    src: "calico-qemu.conf"
+    dest: "/etc/libvirt/qemu.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  notify: Restart libvirt-bin
+  when:
+    - neutron_services['calico-felix']['group'] in group_names
+      or neutron_services['calico-dhcp-agent']['group'] in group_names
+  tags:
+    - calico-config
+
+- name: Ensure calico config directory exists
+  file:
+    path: "/etc/calico"
+    state: directory
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  when:
+    - neutron_services['calico-felix']['group'] in group_names
+  tags:
+    - calico-felix-config

tasks/calico_init.yml

@@ -0,0 +1,42 @@
+---
+# Copyright 2016, Logan Vig <logan2211@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- include: neutron_init_common.yml
+  vars:
+    program_name: "{{ neutron_services['calico-felix'].service_name }}"
+    program_config_options: "{{ neutron_services['calico-felix'].config_options }}"
+    service_name: "{{ neutron_service_name }}"
+    system_user: root
+    system_group: root
+    service_home: "{{ neutron_system_home_folder }}"
+  when:
+    - neutron_services['calico-felix']['group'] in group_names
+    - neutron_services['calico-felix'].service_en | bool
+  tags:
+    - upstart-init
+
+- include: neutron_init_common.yml
+  vars:
+    program_name: "{{ neutron_services['calico-dhcp-agent'].service_name }}"
+    program_config_options: "{{ neutron_services['calico-dhcp-agent'].config_options }}"
+    service_name: "{{ neutron_service_name }}"
+    system_user: root
+    system_group: root
+    service_home: "{{ neutron_system_home_folder }}"
+  when:
+    - neutron_services['calico-dhcp-agent']['group'] in group_names
+    - neutron_services['calico-dhcp-agent'].service_en | bool
+  tags:
+    - upstart-init

tasks/main.yml

@@ -79,6 +79,10 @@
 - include: neutron_init.yml
   tags:
     - neutron-install
+- include: calico_init.yml
+  when: neutron_plugin_type == 'ml2.calico'
+  tags:
+    - neutron-install
 
 - include: neutron_db_setup.yml
   when:

tasks/neutron_post_install.yml

@@ -62,6 +62,10 @@
   when: >
       neutron_services['neutron-dhcp-agent']['group'] in group_names
 
+- name: Setup Calico config
+  include: calico_config.yml
+  when: neutron_plugin_type == 'ml2.calico'
+
 - name: Generate neutron agent only Config
   config_template:
     src: "{{ item.value.service_conf }}.j2"

templates/felix.cfg.j2

@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[global]
+MetadataAddr = {{ internal_lb_vip_address }}

templates/plugins/ml2/ml2_conf.ini.j2

@@ -3,7 +3,7 @@
 # ML2 general
 [ml2]
 type_drivers = {{ neutron_plugins[neutron_plugin_type].drivers_type }}
-tenant_network_types = {{ neutron_provider_networks.network_types }}
+tenant_network_types = {{ neutron_provider_networks.network_types if neutron_provider_networks.network_types != '' else 'local' }}
 mechanism_drivers = {{ neutron_plugins[neutron_plugin_type].mechanisms }}
 extension_drivers = port_security{% if 'qos' in neutron_plugin_base %},qos{% endif %}
 

tests/ansible-role-requirements.yml

@@ -42,3 +42,11 @@
   src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server
   scm: git
   version: master
+- name: bird
+  scm: git
+  src: https://github.com/logan2211/ansible-bird
+  version: master
+- name: etcd
+  scm: git
+  src: https://github.com/logan2211/ansible-etcd
+  version: master