Remove support for calico ml2 driver.

The deployment of etcd as a service on the control plane is no
longer needed as calico was the only user of this.

The etcd-server role remains in our requirements as it is used
internally as part of the Zun playbook.

Change-Id: I2a158fd2b85ec0e637071ed4ef7c123a6583ecc0

ansible-role-requirements.yml

@@ -269,12 +269,6 @@
   version: master
   trackbranch: master
   shallow_since: '2022-12-12'
-- name: bird
-  scm: git
-  src: https://github.com/logan2211/ansible-bird
-  version: master
-  trackbranch: master
-  shallow_since: '2021-09-12'
 - name: etcd
   scm: git
   src: https://github.com/noonedeadpunk/ansible-etcd

doc/source/contributor/testing.rst

@@ -16,7 +16,7 @@ This folder contains at least the following files:
   by our shell script in our `tests repository`_.
 * ``inventory``. A static inventory for role testing.
   It's possible some roles have multiple inventories. See for example the
-  neutron role with its ``lxb_inventory``, ``calico_inventory``.
+  neutron role with its ``lxb_inventory``.
 * ``group_vars`` and ``host_vars``. These folders will hold override the
   necessary files for testing. For example, this is where you override
   the IP addresses, IP ranges, and ansible connection details.
@@ -176,14 +176,6 @@ To run a functional test of the role, execute:
 
     ./run_tests.sh functional
 
-Some roles have extra tests, like neutron, defined in ``tox.ini``.
-
-To run a functional test named "calico", execute:
-
-.. code-block:: bash
-
-    ./run_tests.sh calico
-
 .. _integrate-new-role-with-aio:
 
 Testing a new role with an AIO

etc/openstack_deploy/conf.d/etcd.yml.aio

@@ -1,4 +0,0 @@
----
-etcd_hosts:
-  aio1:
-    ip: 172.29.236.100

etc/openstack_deploy/conf.d/etcd.yml.example

@@ -1,9 +0,0 @@
-# The infra nodes that will be running the etcd containers (only used if the
-# calico plugin is enabled for Neutron)
-etcd_hosts:
-  infra1:
-    ip: 172.20.236.111
-  infra2:
-    ip: 172.20.236.112
-  infra3:
-    ip: 172.20.236.113

etc/openstack_deploy/env.d/aio_metal.yml.example

@@ -27,9 +27,6 @@ container_skel:
   designate_container:
     properties:
       is_metal: true
-  etcd_container:
-    properties:
-      is_metal: true
   galera_container:
     properties:
       is_metal: true

etc/openstack_deploy/env.d/calico.yml.example

@@ -1,32 +0,0 @@
----
-# Copyright 2019, Logan Vig <logan2211@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Add the calico dhcp agents to the compute hosts
-component_skel:
-  neutron_calico_dhcp_agent:
-    belongs_to:
-    - neutron_all
-
-container_skel:
-  neutron_agents_container:
-    contains: {}
-
-  neutron_calico_dhcp_agent_container:
-    belongs_to:
-      - compute_containers
-    contains:
-      - neutron_calico_dhcp_agent
-    properties:
-      is_metal: true

inventory/env.d/etcd.yml

@@ -1,34 +0,0 @@
----
-# Copyright 2017, Logan Vig <logan2211@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-component_skel:
-  etcd:
-    belongs_to:
-      - etcd_all
-
-container_skel:
-  etcd_container:
-    belongs_to:
-      - etcd_containers
-    contains:
-      - etcd
-
-physical_skel:
-  etcd_containers:
-    belongs_to:
-      - all_containers
-  etcd_hosts:
-    belongs_to:
-      - hosts

inventory/group_vars/haproxy/haproxy.yml

@@ -363,8 +363,8 @@ haproxy_nova_api_metadata_service:
   haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
   haproxy_bind: "{{ [internal_lb_vip_address] }}"
   haproxy_port: 8775
-  haproxy_ssl: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
-  haproxy_ssl_all_vips: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
+  haproxy_ssl: "{{ haproxy_ssl }}"
+  haproxy_ssl_all_vips: "{{ haproxy_ssl_all_vips }}"
   haproxy_balance_type: http
   haproxy_backend_options:
     - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"

inventory/group_vars/neutron_calico_dhcp_agent.yml

@@ -1,107 +0,0 @@
----
-# Copyright 2016, Logan Vig <logan2211@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Based on the default Calico BIRD template at
-# https://github.com/projectcalico/felix/blob/master/etc/bird/calico-bird.conf.template
-
-# BGP peer configuration for Calico by default will attempt to configure peering
-# sessions with the host's default gateway over IPv4/IPv6. This is just one
-# example of the various BGP peering configurations that could be used here
-# and should be customized further to match the deployer's upstream BGP
-# configuration. Calico has documented some example BGP topologies at:
-# http://docs.projectcalico.org/master/reference/private-cloud/l2-interconnect-fabric
-# http://docs.projectcalico.org/master/reference/private-cloud/l3-interconnect-fabric
-
-# Set to your iBGP ASN
-bird_bgp_asn: 65000
-
-bird_bgp_ipv4_peer_ip: "{{ ansible_facts['default_ipv4']['gateway'] }}"
-#calculate the first address in the subnet since the IPv6 "gateway" may be a
-#link local address that we cannot peer to.
-bird_bgp_ipv6_peer_ip: >-
-  {% if ansible_facts['default_ipv6']['address'] is defined
-        and ansible_facts['default_ipv6']['prefix'] is defined %}
-  {{
-     ((ansible_facts['default_ipv6']['address'] ~ '/' ~ ansible_facts['default_ipv6']['prefix']) |
-     ansible.utils.ipaddr('network') ~ '/' ~ ansible_facts['default_ipv6']['prefix']
-     ) | ansible.utils.ipaddr('net') | ansible.utils.ipaddr(1) | ansible.utils.ipaddr('address')
-  }}
-  {% endif %}
-
-bird_ipv4_protocols:
-  kernel: |
-    learn;
-    persist;
-    scan time 2;
-    graceful restart;
-  device: |
-    scan time 2;
-  direct: |
-    interface "-dummy0", "dummy1", "eth*", "em*", "en*";
-  bgp:
-    UPLINK: |
-      description "Connection to BGP route reflector";
-      local as {{ bird_bgp_asn }};
-      neighbor {{ bird_bgp_ipv4_peer_ip }} as {{ bird_bgp_asn }};
-      hold time 15;
-      graceful restart;
-      check link;
-      direct;
-      gateway direct;
-      export filter export_bgp;
-      next hop self;
-
-bird_ipv6_protocols:
-  kernel: |
-    learn;
-    persist;
-    scan time 2;
-    graceful restart;
-  device: |
-    scan time 2;
-  direct: |
-    interface "-dummy0", "dummy1", "eth*", "em*", "en*";
-  bgp:
-    UPLINK: |
-      description "Connection to BGP route reflector";
-      local as {{ bird_bgp_asn }};
-      neighbor {{ bird_bgp_ipv6_peer_ip }} as {{ bird_bgp_asn }};
-      hold time 15;
-      graceful restart;
-      check link;
-      direct;
-      gateway direct;
-      export filter export_bgp;
-      next hop self;
-
-#configure bird to advertise subnets bound to these interface wildcards
-bird_advertise_interfaces:
-  - 'tap*'
-  - 'cali*'
-  - 'dummy1'
-
-bird_ipv4_filters:
-  export_bgp: |
-    if ( {% for i in bird_advertise_interfaces %}(ifname ~ "{{ i }}"){% if not loop.last %} || {% endif %}{% endfor %} ) then {
-      if  net != 0.0.0.0/0 then accept;
-    }
-    reject;
-
-bird_ipv6_filters:
-  export_bgp: |
-    if ( {% for i in bird_advertise_interfaces %}(ifname ~ "{{ i }}"){% if not loop.last %} || {% endif %}{% endfor %} ) then {
-      if  net != ::/0 then accept;
-    }
-    reject;

inventory/inventory.ini

@@ -10,8 +10,6 @@ hosts
 [hosts]
 
 ## Mandatory groups for the setup-infra playbooks
-[etcd_all]
-
 [galera_all]
 
 [haproxy]

playbooks/common-playbooks/neutron.yml

@@ -91,12 +91,6 @@
   roles:
     - role: "os_neutron"
 
-    - role: "bird"
-      when:
-        - "'neutron_calico_dhcp_agent' in group_names"
-      tags:
-        - bird
-
     - role: "openstack.osa.system_crontab_coordination"
       tags:
         - crontab

playbooks/defaults/repo_packages/openstack_services.yml

@@ -157,11 +157,6 @@ neutron_dynamic_routing_git_repo: "{{ openstack_opendev_base_url }}/openstack/ne
 neutron_dynamic_routing_git_install_branch: 8bee5cc07ef9b8eda02e4aec2dcca9bd5e8f5af5
 neutron_dynamic_routing_git_track_branch: master
 
-# Networking calico follows master
-networking_calico_git_repo: "{{ openstack_github_base_url }}/projectcalico/networking-calico"
-networking_calico_git_install_branch: 69ada593823daaecb997114e694522449839f131
-networking_calico_git_track_branch: release-v3.21
-
 networking_odl_git_repo: "{{ openstack_opendev_base_url }}/openstack/networking-odl"
 networking_odl_git_install_branch: eecb7125a630c5790852739b8bad0306f1b3aa59
 networking_odl_git_track_branch: master

playbooks/etcd-install.yml

@@ -1,39 +0,0 @@
----
-# Copyright 2016, Logan Vig <logan2211@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- name: Gather etcd facts
-  hosts: etcd
-  gather_facts: "{{ osa_gather_facts | default(True) }}"
-  tags:
-    - always
-
-- name: Install etcd server cluster
-  hosts: etcd
-  gather_facts: false
-  serial: "{{ etcd_serial | default('100%') }}"
-  user: root
-  pre_tasks:
-    - include_tasks: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml"
-      when: not is_metal
-    - include_tasks: common-tasks/unbound-clients.yml
-      when:
-        - hostvars['localhost']['resolvconf_enabled'] | bool
-  roles:
-    - role: "etcd"
-      etcd_install_type: server
-      tags:
-        - etcd-server
-    - role: "openstack.osa.system_crontab_coordination"
-  environment: "{{ deployment_environment_variables | default({}) }}"

playbooks/healthcheck-infrastructure.yml

@@ -315,7 +315,7 @@
     - healthcheck-rabbitmq-install
 
 - name: Ensure all the usual openstack containers can connect to rabbit
-  hosts: all_containers:!etcd_all:!galera_all:!memcached:!haproxy:!rabbitmq_all:!unbound:!repo_all
+  hosts: all_containers:!galera_all:!memcached:!haproxy:!rabbitmq_all:!unbound:!repo_all
   gather_facts: no
   vars:
     venv_path: /tmp/rabbitmqtest

playbooks/setup-infrastructure.yml

@@ -21,7 +21,6 @@
 - import_playbook: qdrouterd-install.yml
 - import_playbook: rabbitmq-install.yml
 - import_playbook: utility-install.yml
-- import_playbook: etcd-install.yml
 - import_playbook: zookeeper-install.yml
 - import_playbook: ceph-install.yml
 - import_playbook: ceph-nfs-install.yml

releasenotes/notes/remove_calico-a90821bdd1fc0979.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Support for the calico ml2 driver is removed. It will not be possible
+    to upgrade an existing deployment using calico networking.

scripts/log-collect.sh

@@ -39,7 +39,6 @@ export RSYNC_CMD="rsync --archive --copy-links --ignore-errors --quiet --no-perm
 COMMON_ETC_LOG_NAMES="apt \
     apache2 \
     auditd \
-    calico \
     corosync \
     ceph \
     dnf \

tests/roles/bootstrap-host/tasks/prepare_aio_config.yml

@@ -159,9 +159,6 @@
     - src: user_variables_nfs.yml.j2
       dest: user_variables_nfs.yml
       condition: "{{ 'nfs' in bootstrap_host_scenarios_expanded }}"
-    - src: user_variables_calico.yml.j2
-      dest: user_variables_calico.yml
-      condition: "{{ 'calico' in bootstrap_host_scenarios_expanded }}"
     - src: user_variables_zun.yml.j2
       dest: user_variables_zun.yml
       condition: "{{ 'zun' in bootstrap_host_scenarios_expanded }}"
@@ -188,13 +185,6 @@
   when:
     - "'ceph' in bootstrap_host_scenarios_expanded"
 
-- name: Copy modified env.d file for calico scenario
-  copy:
-    src: "{{ playbook_dir }}/../etc/openstack_deploy/env.d/calico.yml.example"
-    dest: "/etc/openstack_deploy/env.d/calico.yml"
-  when:
-    - "'calico' in bootstrap_host_scenarios_expanded"
-
 - name: Create vars override folders if we need to test them
   file:
     path: "{{ item }}"

tests/roles/bootstrap-host/templates/user_variables_calico.yml.j2

@@ -1,33 +0,0 @@
----
-# Copyright 2019, Logan Vig <logan2211@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-nova_network_type: calico
-neutron_plugin_type: ml2.calico
-
-neutron_provider_networks:
-  network_types: local
-
-# NOTE(logan): This is a workaroun for a bug in networking-calico, which
-# sends None as the user and project domain name if none is specified in
-# neutron.conf.
-neutron_neutron_conf_overrides:
-  keystone_authtoken:
-    user_domain_name: Default
-    project_domain_name: Default
-
-tempest_private_net_provider_type: "local"
-tempest_private_net_seg_id: ''
-tempest_public_net_provider_type: "local"
-tempest_public_net_physical_type: ''

tests/roles/bootstrap-host/vars/main.yml

@@ -45,9 +45,6 @@ bootstrap_host_scenarios_expanded: |-
   {%   endif %}
   {% endif %}
   {# Service additions based on scenario presence #}
-  {% if 'calico' in bootstrap_host_scenarios %}
-  {%   set _ = scenario_list.extend(['etcd']) %}
-  {% endif %}
   {% if 'designate' in bootstrap_host_scenarios or ('validate' in bootstrap_host_scenarios and 'integrated' in bootstrap_host_scenarios) %}
   {%   set _ = scenario_list.extend(['zookeeper']) %}
   {% endif %}
@@ -76,8 +73,6 @@ _neutron_plugin_driver: |-
   {%   set plugin = 'ml2.lxb' %}
   {% elif 'ovs' in bootstrap_host_scenarios_expanded %}
   {%   set plugin = 'ml2.ovs' %}
-  {% elif 'calico' in bootstrap_host_scenarios_expanded %}
-  {%   set plugin = 'ml2.calico' %}
   {% else %}
   {%   set plugin = 'ml2.ovn' %}
   {% endif %}

tests/test_inventory.py

@@ -217,11 +217,6 @@ class TestAnsibleInventoryFormatConstraints(unittest.TestCase):
         'designate_worker',
         'designate_producer',
         'designate_sink',
-        'etcd',
-        'etcd_all',
-        'etcd_container',
-        'etcd_containers',
-        'etcd_hosts',
         'galera',
         'galera_all',
         'galera_container',