From fe01c3fe8cd44dc7a3b42cfdb8b3aace40d00ee0 Mon Sep 17 00:00:00 2001
From: Bjoern Teipel <bjoern.teipel@rackspace.com>
Date: Thu, 22 Oct 2015 14:23:07 -0500
Subject: [PATCH] Implement Neutron LBAAS using haproxy

This patch implements the LBAAS agent using haproxy into the
neutron_agents container group.

The neutron-lbaas-agent service is disabled by default but can be
enabled by setting neutron_plugin_base in user_variables to include
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin'.

The LBaaS Agent conf file entries can be set using the dict
'neutron_lbaas_agent_ini_overrides'

DocImpact
Closes-Bug: #1491968
Change-Id: I0aacdde6001836b7c0d881d935a5531d3ce04590
Co-Authored-By: Serge van Ginderachter <serge@vanginderachter.be>
---
 etc/openstack_deploy/env.d/neutron.yml        |  4 ++
 playbooks/inventory/group_vars/hosts.yml      |  1 +
 playbooks/roles/os_horizon/defaults/main.yml  |  3 ++
 .../templates/horizon_local_settings.py.j2    |  2 +-
 playbooks/roles/os_neutron/defaults/main.yml  | 22 +++++++++-
 .../os_neutron/tasks/neutron_install.yml      | 19 ++++++++-
 .../os_neutron/tasks/neutron_upstart_init.yml | 14 +++++++
 .../os_neutron/templates/lbaas_agent.ini.j2   | 41 +++++++++++++++++++
 .../os_neutron/templates/neutron.conf.j2      |  4 +-
 9 files changed, 104 insertions(+), 6 deletions(-)
 create mode 100644 playbooks/roles/os_neutron/templates/lbaas_agent.ini.j2

diff --git a/etc/openstack_deploy/env.d/neutron.yml b/etc/openstack_deploy/env.d/neutron.yml
index 36a6f8363b..0c50a8e031 100644
--- a/etc/openstack_deploy/env.d/neutron.yml
+++ b/etc/openstack_deploy/env.d/neutron.yml
@@ -29,6 +29,9 @@ component_skel:
   neutron_l3_agent:
     belongs_to:
       - neutron_all
+  neutron_lbaas_agent:
+    belongs_to:
+      - neutron_all
   neutron_metadata_agent:
     belongs_to:
       - neutron_all
@@ -48,6 +51,7 @@ container_skel:
       - neutron_linuxbridge_agent
       - neutron_l3_agent
       - neutron_dhcp_agent
+      - neutron_lbaas_agent
     properties:
       service_name: neutron
       container_release: trusty
diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml
index ee38d1b656..4798ff3edb 100644
--- a/playbooks/inventory/group_vars/hosts.yml
+++ b/playbooks/inventory/group_vars/hosts.yml
@@ -183,6 +183,7 @@ keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars
 ## Horizon
 horizon_service_region: "{{ service_region }}"
 horizon_enable_cinder_backup: "{% if cinder_service_backup_program_enabled is defined and cinder_service_backup_program_enabled | bool %}True{% else %}False{% endif %}"
+horizon_enable_neutron_lbaas: "{% if neutron_plugin_base is defined and 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
 
 
 ## Heat
diff --git a/playbooks/roles/os_horizon/defaults/main.yml b/playbooks/roles/os_horizon/defaults/main.yml
index 32e4e20be1..c9d57ca716 100644
--- a/playbooks/roles/os_horizon/defaults/main.yml
+++ b/playbooks/roles/os_horizon/defaults/main.yml
@@ -117,6 +117,9 @@ horizon_default_role_name: _member_
 horizon_launch_instance_legacy: True
 horizon_launch_instance_ng: False
 
+## Neutron features to enable
+horizon_enable_neutron_lbaas: False
+
 ## Swift
 horizon_swift_file_transfer_chunk_size: 524288
 
diff --git a/playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2 b/playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2
index 8a9de0d303..893de61e46 100644
--- a/playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2
+++ b/playbooks/roles/os_horizon/templates/horizon_local_settings.py.j2
@@ -268,7 +268,7 @@ OPENSTACK_NEUTRON_NETWORK = {
     'enable_ipv6': False,
     'enable_distributed_router': False,
     'enable_ha_router': False,
-    'enable_lb': False,
+    'enable_lb': {{ horizon_enable_neutron_lbaas | bool }},
     'enable_firewall': False,
     'enable_vpn': False,
     'enable_fip_topology_check': True,
diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml
index 6e85a1d23c..2afa8b09e4 100644
--- a/playbooks/roles/os_neutron/defaults/main.yml
+++ b/playbooks/roles/os_neutron/defaults/main.yml
@@ -69,7 +69,7 @@ neutron_plugin_core: "{{ neutron_plugins[neutron_plugin_type].plugin_core }}"
 # neutron_plugin_base:
 #   - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
 #   - neutron.services.metering.metering_plugin.MeteringPlugin
-#   - neutron.services.loadbalancer.plugin.LoadBalancerPlugin
+#   - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin
 #   - neutron.services.vpn.plugin.VPNDriverPlugin
 neutron_plugin_base:
   - neutron.services.l3_router.l3_router_plugin.L3RouterPlugin
@@ -133,16 +133,29 @@ neutron_services:
    config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
    config_overrides: "{{ neutron_l3_agent_ini_overrides }}"
    config_type: "ini"
+ neutron-lbaas-agent:
+   service_name: neutron-lbaas-agent
+   service_en: "{{ neutron_lbaas }}"
+   service_conf: lbaas_agent.ini
+   service_group: neutron_agent
+   service_rootwrap: rootwrap.d/lbaas-haproxy.filters
+   config_options: --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/lbaas_agent.ini
+   config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}"
+   config_type: "ini"
  neutron-server:
    service_name: neutron-server
    service_en: True
    service_group: neutron_server
    config_options: --config-file /etc/neutron/neutron.conf --config-file "/etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
 
+## Neutron LBaaS
+# Please add the LoadBalancerPlugin to the neutron_plugin_base list
+neutron_lbaas: "{% if 'neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPlugin' in neutron_plugin_base %}True{% else %}False{% endif %}"
+
 ## Drivers
 neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
 neutron_driver_router_scheduler: neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler
-neutron_driver_loadbalancer_pool_scheduler: neutron.services.loadbalancer.agent_scheduler.ChanceScheduler
+neutron_driver_loadbalancer_pool_scheduler: neutron_lbaas.services.loadbalancer.agent_scheduler.ChanceScheduler
 neutron_driver_interface: neutron.agent.linux.interface.BridgeInterfaceDriver
 neutron_driver_metering: neutron.services.metering.drivers.iptables.iptables_driver.IptablesMeteringDriver
 neutron_driver_dhcp: neutron.agent.linux.dhcp.Dnsmasq
@@ -305,6 +318,9 @@ neutron_apt_packages:
   - libpq-dev
   - ebtables
 
+neutron_lbaas_apt_packages:
+  - haproxy
+
 neutron_apt_remove_packages:
   - conntrackd
 
@@ -319,6 +335,7 @@ neutron_pip_packages:
   - keystonemiddleware
   - PyMySQL
   - neutron
+  - neutron_lbaas
   - pycrypto
   - python-glanceclient
   - python-keystoneclient
@@ -347,3 +364,4 @@ neutron_l3_agent_ini_overrides: {}
 neutron_metadata_agent_ini_overrides: {}
 neutron_metering_agent_ini_overrides: {}
 neutron_linuxbridge_agent_ini_overrides: {}
+neutron_lbaas_agent_ini_overrides: {}
diff --git a/playbooks/roles/os_neutron/tasks/neutron_install.yml b/playbooks/roles/os_neutron/tasks/neutron_install.yml
index bd41126eee..181b154a87 100644
--- a/playbooks/roles/os_neutron/tasks/neutron_install.yml
+++ b/playbooks/roles/os_neutron/tasks/neutron_install.yml
@@ -37,6 +37,22 @@
     - neutron-install
     - neutron-apt-packages
 
+- name: Install apt packages for LBaaS
+  apt:
+    pkg: "{{ item }}"
+    state: latest
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items: neutron_lbaas_apt_packages
+  when:
+    - inventory_hostname in groups['neutron_agents_container']
+    - neutron_lbaas | bool
+  tags:
+    - neutron-install
+    - neutron-apt-packages
+
 - name: remove specific apt packages
   apt:
     pkg: "{{ item }}"
@@ -97,4 +113,5 @@
   when: not neutron_venv_enabled | bool
   tags:
     - neutron-install
-    - neutron-pip-packages
\ No newline at end of file
+    - neutron-pip-packages
+
diff --git a/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml b/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml
index da27ddad1a..d5720ca6eb 100644
--- a/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml
+++ b/playbooks/roles/os_neutron/tasks/neutron_upstart_init.yml
@@ -96,3 +96,17 @@
     - neutron_services['neutron-metering-agent'].service_en | bool
   tags:
     - upstart-init
+
+- include: neutron_upstart_common_init.yml
+  vars:
+    program_name: "{{ neutron_services['neutron-lbaas-agent'].service_name }}"
+    program_config_options: "{{ neutron_services['neutron-lbaas-agent'].config_options }}"
+    service_name: "{{ neutron_service_name }}"
+    system_user: "{{ neutron_system_user_name }}"
+    system_group: "{{ neutron_system_group_name }}"
+    service_home: "{{ neutron_system_home_folder }}"
+  when:
+    - inventory_hostname in groups['neutron_agent']
+    - neutron_services['neutron-lbaas-agent'].service_en | bool
+  tags:
+    - upstart-init
diff --git a/playbooks/roles/os_neutron/templates/lbaas_agent.ini.j2 b/playbooks/roles/os_neutron/templates/lbaas_agent.ini.j2
new file mode 100644
index 0000000000..ff4e272d28
--- /dev/null
+++ b/playbooks/roles/os_neutron/templates/lbaas_agent.ini.j2
@@ -0,0 +1,41 @@
+# {{ ansible_managed }}
+
+[DEFAULT]
+# Show debugging output in log (sets DEBUG log level output).
+verbose = {{ verbose | bool }}
+debug = {{ debug | bool }}
+
+# The LBaaS agent will resync its state with Neutron to recover from any
+# transient notification or rpc errors. The interval is number of
+# seconds between attempts.
+periodic_interval = 10
+
+# LBaas requires an interface driver be set. Choose the one that best
+# matches your plugin.
+# Examples:
+# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
+interface_driver = {{ neutron_driver_interface }}
+
+# Use veth for an OVS interface or not.
+# Support kernels with limited namespace support
+# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True.
+# ovs_use_veth = False
+
+# The agent requires drivers to manage the loadbalancer.  HAProxy is the opensource version.
+# Multiple device drivers reflecting different service providers could be specified:
+# device_driver = path.to.provider1.driver.Driver
+# device_driver = path.to.provider2.driver.Driver
+# Default is:
+device_driver = neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver
+
+[haproxy]
+# Location to store config and state files
+# loadbalancer_state_path = $state_path/lbaas
+
+# The user group
+user_group = nogroup
+
+# When delete and re-add the same vip, send this many gratuitous ARPs to flush
+# the ARP cache in the Router. Set it below or equal to 0 to disable this feature.
+send_gratuitous_arp = 3
diff --git a/playbooks/roles/os_neutron/templates/neutron.conf.j2 b/playbooks/roles/os_neutron/templates/neutron.conf.j2
index e62b46dbb5..310dea6493 100644
--- a/playbooks/roles/os_neutron/templates/neutron.conf.j2
+++ b/playbooks/roles/os_neutron/templates/neutron.conf.j2
@@ -136,8 +136,8 @@ pool_timeout = {{ neutron_db_pool_timeout }}
 
 # Service providers
 [service_providers]
-service_provider = LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
-service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
+service_provider = LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
+#service_provider = VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
 
 {% endif %}