Implement OVN inventory changes and deploy by default

This patch updates the OSA inventory to include a new group,
network-gateway_hosts, which operators can define to dictate which
nodes can be considered OVN gateway nodes. In addition, the default
mechanism driver is no longer ML2/LXB and must be specified by the
operator.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/865961
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/866249
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/866159
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/865973/4
Change-Id: I7be6520b338b5578b04631cfa04a9122c735959c

doc/source/admin/upgrades/major-upgrades.rst

@@ -152,6 +152,12 @@ Please review the contents of the playbook for more information.
     # openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml"
 
 
+Ensure that you have defined all required variables for current Neutron plugin
+
+.. code-block:: console
+
+    # openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/define-neutron-plugin.yml"
+
 Upgrade hosts
 ~~~~~~~~~~~~~
 

doc/source/user/aio/quickstart.rst

@@ -233,7 +233,7 @@ container back-end.
 
 .. code-block:: shell-session
 
-   # export SCENARIO='aio_lxc_barbican_ceph'
+   # export SCENARIO='aio_lxc_barbican_ceph_lxb'
    # scripts/bootstrap-aio.sh
 
 To add any global overrides, over and above the defaults for the applicable

etc/openstack_deploy/conf.d/neutron.yml.aio

@@ -1,5 +1,16 @@
 ---
+
 # neutron-server, neutron-agents
 network_hosts:
   aio1:
     ip: 172.29.236.100
+
+{% if _neutron_plugin_driver == 'ml2.ovn'  %}
+network-gateway_hosts:
+  aio1:
+    ip: 172.29.236.100
+
+network-northd_hosts:
+  aio1:
+    ip: 172.29.236.100
+{% endif %}

etc/openstack_deploy/env.d/neutron_ovn.yml.example

@@ -1,16 +0,0 @@
-component_skel:
-  neutron_ovn_controller:
-    belongs_to:
-      - neutron_all
-  neutron_ovn_northd:
-    belongs_to:
-      - neutron_all
-
-container_skel:
-  neutron_agents_container:
-    contains: {}
-  neutron_ovn_northd_container:
-    belongs_to:
-      - network_containers
-    contains:
-      - neutron_ovn_northd

etc/openstack_deploy/env.d/nova_ovn.yml.example

@@ -1,13 +0,0 @@
-container_skel:
-  nova_compute_container:
-    belongs_to:
-      - compute_containers
-      - kvm-compute_containers
-      - lxd-compute_containers
-      - qemu-compute_containers
-      - powervm-compute_containers
-    contains:
-      - neutron_ovn_controller
-      - nova_compute
-    properties:
-      is_metal: true

etc/openstack_deploy/openstack_user_config.yml.aio.j2

@@ -62,18 +62,7 @@ global_overrides:
           # neutron public addresses, LXC
           - cidr: 172.29.248.0/22
             gateway: 172.29.236.100
-{% if 'ovn' in bootstrap_host_scenarios_expanded %}
-    - network:
-        container_bridge: "br-vxlan"
-        container_type: "veth"
-        container_interface: "eth10"
-        ip_from_q: "tunnel"
-        type: "geneve"
-        range: "1:1000"
-        net_name: "geneve"
-        group_binds:
-          - neutron_ovn_controller
-{% elif 'ovs' in bootstrap_host_scenarios_expanded %}
+{% if 'ovs' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
@@ -84,7 +73,7 @@ global_overrides:
         net_name: "vxlan"
         group_binds:
           - neutron_openvswitch_agent
-{% else %}
+{% elif 'lxb' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
@@ -95,6 +84,17 @@ global_overrides:
         net_name: "vxlan"
         group_binds:
           - neutron_linuxbridge_agent
+{% else %}
+    - network:
+        container_bridge: "br-vxlan"
+        container_type: "veth"
+        container_interface: "eth10"
+        ip_from_q: "tunnel"
+        type: "geneve"
+        range: "1:1000"
+        net_name: "geneve"
+        group_binds:
+          - neutron_ovn_controller
 {% endif %}
 {% if 'trove' in bootstrap_host_scenarios_expanded %}
     - network:
@@ -137,25 +137,7 @@ global_overrides:
           - ironic_api
           - ironic_inspector
 {% endif %}
-{% if 'ovn' in bootstrap_host_scenarios_expanded %}
-    - network:
-        container_bridge: "br-provider"
-        container_type: "veth"
-        container_interface: "eth12"
-        network_interface: "eth12"
-        type: "vlan"
-        range: "101:200,301:400"
-        net_name: "vlan"
-        group_binds:
-          - neutron_ovn_controller
-    - network:
-        container_bridge: "br-provider"
-        container_type: "veth"
-        net_name: "vlan"
-        type: "flat"
-        group_binds:
-          - neutron_ovn_controller
-{% elif 'ovs' in bootstrap_host_scenarios_expanded %}
+{% if 'ovs' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-provider"
         container_type: "veth"
@@ -173,7 +155,7 @@ global_overrides:
         type: "flat"
         group_binds:
           - neutron_openvswitch_agent
-{% else %}
+{% elif 'lxb' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-vlan"
         container_type: "veth"
@@ -192,6 +174,22 @@ global_overrides:
         net_name: "vlan"
         group_binds:
           - neutron_linuxbridge_agent
+{% else %}
+    - network:
+        container_bridge: "br-provider"
+        network_interface: "eth12"
+        type: "vlan"
+        range: "101:200,301:400"
+        net_name: "vlan"
+        group_binds:
+          - neutron_ovn_gateway
+    - network:
+        container_bridge: "br-provider"
+        container_type: "veth"
+        net_name: "vlan"
+        type: "flat"
+        group_binds:
+          - neutron_ovn_gateway
 {% endif %}
     - network:
         container_bridge: "br-storage"

inventory/env.d/neutron.yml

@@ -47,6 +47,15 @@ component_skel:
   neutron_server:
     belongs_to:
       - neutron_all
+  neutron_ovn_controller:
+    belongs_to:
+      - neutron_all
+  neutron_ovn_gateway:
+    belongs_to:
+      - neutron_all
+  neutron_ovn_northd:
+    belongs_to:
+      - neutron_all
   opendaylight:
     belongs_to:
       - neutron_all
@@ -76,6 +85,19 @@ container_skel:
     contains:
       - neutron_server
       - opendaylight
+  neutron_ovn_gateway_container:
+    belongs_to:
+      - network-gateway_containers
+    contains:
+      - neutron_ovn_controller
+      - neutron_ovn_gateway
+    properties:
+      is_metal: true
+  neutron_ovn_northd_container:
+    belongs_to:
+      - network-northd_containers
+    contains:
+      - neutron_ovn_northd
 
 physical_skel:
   network_containers:
@@ -96,3 +118,15 @@ physical_skel:
   network-infra_hosts:
     belongs_to:
       - hosts
+  network-gateway_containers:
+    belongs_to:
+      - all_containers
+  network-gateway_hosts:
+    belongs_to:
+      - hosts
+  network-northd_containers:
+    belongs_to:
+      - all_containers
+  network-northd_hosts:
+    belongs_to:
+      - hosts

inventory/env.d/nova.yml

@@ -54,6 +54,8 @@ container_skel:
       - neutron_linuxbridge_agent
       - neutron_openvswitch_agent
       - neutron_sriov_nic_agent
+      - neutron_ovn_controller
+      - neutron_ovn_gateway
       - nova_compute
     properties:
       is_metal: true
@@ -83,4 +85,4 @@ physical_skel:
       - all_containers
   qemu-compute_hosts:
     belongs_to:
-      - hosts
+      - hosts

inventory/group_vars/all/neutron.yml

@@ -1,17 +0,0 @@
----
-# Copyright 2017, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Horizon consumes this var so it must be in the global vars namespace
-neutron_plugin_type: ml2.lxb

inventory/group_vars/haproxy/haproxy.yml

@@ -356,8 +356,8 @@ haproxy_nova_api_metadata_service:
   haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
   haproxy_bind: "{{ [internal_lb_vip_address] }}"
   haproxy_port: 8775
-  haproxy_ssl: "{{ (neutron_plugin_type == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
-  haproxy_ssl_all_vips: "{{ (neutron_plugin_type == 'm2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
+  haproxy_ssl: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
+  haproxy_ssl_all_vips: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
   haproxy_balance_type: http
   haproxy_backend_options:
     - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
@@ -414,7 +414,7 @@ haproxy_opendaylight_neutron_service:
   haproxy_timeout_client: 5000s
   haproxy_timeout_server: 5000s
   haproxy_allowlist_networks: "{{ haproxy_opendaylight_allowlist_networks }}"
-  haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
+  haproxy_service_enabled: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.opendaylight') }}"
 
 haproxy_opendaylight_websocket_service:
   haproxy_service_name: opendaylight-websocket
@@ -425,7 +425,7 @@ haproxy_opendaylight_websocket_service:
   haproxy_timeout_client: 5000s
   haproxy_timeout_server: 5000s
   haproxy_allowlist_networks: "{{ haproxy_opendaylight_allowlist_networks }}"
-  haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
+  haproxy_service_enabled: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.opendaylight') }}"
 
 # TODO(jamesdenton): Remove that in Z release
 haproxy_ovn_northbound_service:

inventory/group_vars/horizon_all.yml

@@ -14,4 +14,4 @@
 # limitations under the License.
 
 horizon_enable_cinder_backup: "{{ hostvars['localhost']['cinder_service_backup_program_enabled'] }}"
-horizon_enable_ha_router: "{{ neutron_plugin_type.split('.')[0] == 'ml2' and (groups['neutron_l3_agent'] | length >= 2) }}"
+horizon_enable_ha_router: "{{ groups['neutron_l3_agent'] | length >= 2 }}"

inventory/inventory.ini

@@ -184,6 +184,7 @@ neutron_metadata_agent
 neutron_metering_agent
 neutron_openvswitch_agent
 neutron_ovn_controller
+neutron_ovn_gateway
 neutron_ovn_northd
 neutron_server
 neutron_sriov_nic_agent
@@ -197,6 +198,7 @@ neutron_sriov_nic_agent
 [neutron_metering_agent]
 [neutron_openvswitch_agent]
 [neutron_ovn_controller]
+[neutron_ovn_gateway]
 [neutron_ovn_northd]
 [neutron_server]
 [neutron_sriov_nic_agent]

playbooks/os-neutron-install.yml

@@ -23,7 +23,7 @@
       vars:
         src_group: "nova_compute"
         dest_group: "neutron_l3_agent, neutron_metadata_agent"
-        group_when: "{{ neutron_plugin_type == 'ml2.ovs.dvr' }}"
+        group_when: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.ovs.dvr') }}"
 
 
 

releasenotes/notes/ovn-default-mechanism-driver-6225641f64f721d4.yaml

@@ -0,0 +1,31 @@
+---
+prelude: >
+  Default neutron plugin has been switched from LinuxBridge to OVN.
+  This is effective for all new deployments. At the same time
+  OpenStack-Ansible does not provide any in-house tooling for completing
+  upgrade from ml2.lxb to ml2.ovn. Please, reffer to upgrade section for more
+  details on how to upgrade OpenStack-Ansible.
+
+upgrade:
+  - |
+    With marking ML2/LinuxBridge driver as 'Experimental' in the upstream
+    Neutron project OpenStack-Ansible has switched a default mechanism driver
+    to ML2/OVN.
+    In order to upgrade any existing deployment that was relying on defaults
+    to the new OpenStack-Ansible version you must ensure that following
+    variables are defined explicitly to ensure parity with existing
+    functionality:
+
+    .. code-block:: yaml
+
+      neutron_plugin_type: ml2.lxb
+      neutron_ml2_drivers_type: "flat,vlan,vxlan,local"
+      neutron_plugin_base:
+        - router
+        - metering
+
+    Failure to define any of these variables will result in playbook failures
+    and neutron misconfiguration.
+
+    We have covered this step with upgrade script that will create a
+    ``user_neutron_migration.yml`` file with assumed defaults.

scripts/run-upgrade.sh

@@ -175,6 +175,7 @@ function main {
 
     pushd ${MAIN_PATH}/playbooks
         RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml")
+        RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/define-neutron-plugin.yml")
         RUN_TASKS+=("certificate-ssh-authority.yml")
         # we don't want to trigger container restarts for galera and rabbit
         # but as there will be no hosts available for metal deployments,

scripts/upgrade-utilities/define-neutron-plugin.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2022 City Network International AB
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Prepare Neutron configuration upgrade for deploying the new release
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  user: root
+  vars:
+    neutron_host_to_check: "{{ groups['neutron_all'][0] }}"
+  tasks:
+    - name: Define neutron variables for upgrade
+      lineinfile:
+        dest: "{{ openstack_config_dir }}/user_neutron_migration.yml"
+        line: "{{ item.line | to_nice_yaml }}"
+        state: present
+        create: true
+        mode: 0640
+      when: item.condition
+      with_items:
+        - line:
+            neutron_plugin_type: ml2.lxb
+          condition: "{{ 'neutron_plugin_type' not in hostvars[neutron_host_to_check] }}"
+        - line:
+            neutron_ml2_drivers_type: "flat,vlan,vxlan,local"
+          condition: "{{ 'neutron_ml2_drivers_type' not in hostvars[neutron_host_to_check] }}"
+        - line:
+            neutron_plugin_base:
+              - router
+              - metering
+          condition: "{{ 'neutron_plugin_base' not in hostvars[neutron_host_to_check] }}"

tests/roles/bootstrap-host/tasks/prepare_aio_config.yml

@@ -171,12 +171,6 @@
     - src: user_variables_ironic.yml.j2
       dest: user_variables_ironic.yml
       condition: "{{ 'ironic' in bootstrap_host_scenarios_expanded }}"
-    - src: user_variables_neutron_ovn.yml.j2
-      dest: user_variables_neutron_ovn.yml
-      condition: "{{ 'ovn' in bootstrap_host_scenarios_expanded }}"
-    - src: user_variables_neutron_ovs.yml.j2
-      dest: user_variables_neutron_ovs.yml
-      condition: "{{ 'ovs' in bootstrap_host_scenarios_expanded }}"
     - src: user_variables_horizon.yml.j2
       dest: user_variables_horizon.yml
       condition: "{{ 'horizon' in bootstrap_host_scenarios }}"
@@ -201,20 +195,6 @@
   when:
     - "'calico' in bootstrap_host_scenarios_expanded"
 
-- name: Copy modified neutron env.d for for ovn scenario
-  copy:
-    src: "{{ playbook_dir }}/../etc/openstack_deploy/env.d/neutron_ovn.yml.example"
-    dest: "/etc/openstack_deploy/env.d/neutron.yml"
-  when:
-    - "'ovn' in bootstrap_host_scenarios_expanded"
-
-- name: Copy modified nova env.d for ovn scenario
-  copy:
-    src: "{{ playbook_dir }}/../etc/openstack_deploy/env.d/nova_ovn.yml.example"
-    dest: "/etc/openstack_deploy/env.d/nova.yml"
-  when:
-    - "'ovn' in bootstrap_host_scenarios_expanded"
-
 - name: Create vars override folders if we need to test them
   file:
     path: "{{ item }}"

tests/roles/bootstrap-host/templates/user_variables.aio.yml.j2

@@ -28,6 +28,17 @@ install_method: "{{ bootstrap_host_install_method }}"
 tempest_public_subnet_cidr: "172.29.248.0/22"
 tempest_public_subnet_allocation_pools: "172.29.249.110-172.29.249.200"
 
+{% if _neutron_plugin_driver == 'ml2.ovn' %}
+tempest_private_net_provider_type: geneve
+{% else %}
+tempest_private_net_provider_type: vxlan
+{% endif %}
+{% if _neutron_plugin_driver == 'ml2.lxb' %}
+tempest_public_net_physical_name: flat
+{% else  %}
+tempest_public_net_physical_name: vlan
+{% endif %}
+
 ## Galera settings
 galera_monitoring_allowed_source: "0.0.0.0/0"
 # TODO(noonedeadpunk): This should be enabled, once we will re-work SSL part
@@ -105,6 +116,26 @@ neutron_api_threads: 2
 neutron_num_sync_threads: 1
 neutron_wsgi_processes: 1
 
+neutron_plugin_type: "{{ _neutron_plugin_driver }}"
+
+{% if _neutron_plugin_driver != 'ml2.ovn' %}
+neutron_ml2_drivers_type: "flat,vlan,vxlan"
+
+neutron_plugin_base:
+  - router
+  - metering
+{% endif %}
+
+{% if 'neutron' in bootstrap_host_scenarios %}
+tempest_test_includelist:
+  - "neutron_tempest_plugin.api.test_networks*"
+  - "tempest.scenario.test_network_basic_ops.TestNetworkBasicOps.test_network_basic_ops"
+
+tempest_tempest_conf_overrides:
+  network-feature-enabled:
+    api_extensions: agent,allowed-address-pairs,binding,dhcp_agent_scheduler,ext-gw-mode,external-net,extra_dhcp_opt,extra_dhcp_optagent,extraroute,l3_agent_scheduler,metering,provider,quotas,router,security-group,service-type,subnet_allocation
+{% endif %}
+
 ## Octavia
 octavia_wsgi_threads: 1
 octavia_wsgi_processes: 1

tests/roles/bootstrap-host/templates/user_variables_neutron_ovn.yml.j2

@@ -1,30 +0,0 @@
-# Copyright 2018, Rackspace
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-neutron_plugin_type: ml2.ovn
-
-neutron_plugin_base:
-  - neutron.services.ovn_l3.plugin.OVNL3RouterPlugin
-
-neutron_ml2_drivers_type: "geneve,vlan,flat"
-
-tempest_test_includelist:
-  - "neutron_tempest_plugin.api.test_networks*"
-  - "tempest.scenario.test_network_basic_ops.TestNetworkBasicOps.test_network_basic_ops"
-tempest_private_net_provider_type: geneve
-tempest_network_ping_gateway: True
-tempest_public_net_physical_name: vlan
-tempest_tempest_conf_overrides:
-  network-feature-enabled:
-    api_extensions: agent,allowed-address-pairs,binding,dhcp_agent_scheduler,ext-gw-mode,external-net,extra_dhcp_opt,extra_dhcp_optagent,extraroute,l3_agent_scheduler,metering,provider,quotas,router,security-group,service-type,subnet_allocation

tests/roles/bootstrap-host/templates/user_variables_neutron_ovs.yml.j2

@@ -1,30 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-neutron_plugin_type: ml2.ovs
-
-neutron_ml2_drivers_type: "vxlan,vlan,flat"
-
-neutron_plugin_base:
-  - router
-  - metering
-
-tempest_run_concurrency: 0
-tempest_test_includelist:
-  - "neutron_tempest_plugin.api.test_networks*"
-  - "tempest.scenario.test_network_basic_ops.TestNetworkBasicOps.test_network_basic_ops"
-tempest_private_net_provider_type: vxlan
-tempest_network_ping_gateway: True
-tempest_public_net_physical_name: vlan
-tempest_tempest_conf_overrides:
-  network-feature-enabled:
-    api_extensions: agent,allowed-address-pairs,binding,dhcp_agent_scheduler,ext-gw-mode,external-net,extra_dhcp_opt,extra_dhcp_optagent,extraroute,l3_agent_scheduler,metering,provider,quotas,router,security-group,service-type,subnet_allocation

tests/roles/bootstrap-host/vars/main.yml

@@ -70,3 +70,15 @@ bootstrap_host_scenarios_expanded: |-
   {%   set _ = scenario_list.extend(['designate', 'heat', 'magnum', 'sahara', 'swift', 'trove']) %}
   {% endif %}
   {{ (scenario_list | unique) | sort }}
+
+_neutron_plugin_driver: |-
+  {% if 'lxb' in bootstrap_host_scenarios_expanded %}
+  {%   set plugin = 'ml2.lxb' %}
+  {% elif 'ovs' in bootstrap_host_scenarios_expanded %}
+  {%   set plugin = 'ml2.ovs' %}
+  {% elif 'calico' in bootstrap_host_scenarios_expanded %}
+  {%   set plugin = 'ml2.calico' %}
+  {% else %}
+  {%   set plugin = 'ml2.ovn' %}
+  {% endif %}
+  {{ plugin }}