openstack-ha: Networking Highly Available

Active / Passive section:
New node: network-controller
* neutron-l3-agent
* neutron-dhcp-agent
* neutron-metadata-agent

Active / Active section:
*neutron-dhcp-agent: redirect to OpenStack Networking guide
*neutron-l3-agent and neutron-metadata-agent: redirect to Active / Passive
section since they are not HA.

implements blueprint improve-high-availability-support
Change-Id: Ie7e4f917f6c7cca05303275cd90e8415e323dfd2
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>

doc/high-availability-guide/aa-network.txt

@@ -1,4 +1,40 @@
 [[ha-aa-network]]
 === OpenStack Network Nodes
 
-(Coming soon)
+OpenStack Network Nodes contains:
+
+* Neutron DHCP Agent
+* Neutron L2 Agent
+* Neutron L3 Agent
+* Neutron Metadata Agent
+* Neutron LBaaS Agent
+
+NOTE: The Neutron L2 Agent does not need to be highly available. It has to be
+installed on each Data Forwarding Node and controls the virtual networking
+drivers as Open-vSwitch or Linux Bridge. One L2 agent runs per node
+and controls its virtual interfaces. That's why it cannot be distributed and
+highly available.
+
+
+==== Running Neutron DHCP Agent
+
+Since the Grizzly release, OpenStack Networking service has a scheduler which
+allows to run multiple agents accross nodes. Also, the DHCP agent can be natively
+highly available. Please follow the http://docs.openstack.org/trunk/openstack-network/admin/content/app_demo_multi_dhcp_agents.html[OpenStack Networking guide] for
+further details.
+
+==== Running Neutron L3 Agent
+
+Since the Grizzly release, the Neutron L3 Agent is scalable thanks to the scheduler
+which allows to distribute virtual routers accross multiple nodes.
+But there is no native feature to bring these routers highly available.
+At this time, there exists the Active / Passive solution to run the Neutron L3
+agent in failover mode with Pacemaker. Please refer to the Active / Passive
+section of this guide.
+
+==== Running Neutron Metadata Agent
+
+There is no native feature to make this service highly available.
+At this time, it exists the Active / Passive solution to run the Neutron
+Metadata agent in failover mode with Pacemaker. Please refer to the Active /
+Passive section of this guide.

doc/high-availability-guide/ap-network-controller.txt

@@ -0,0 +1,140 @@
+[[ch-network]]
+=== Network Controller Cluster Stack
+
+The Network controller sits on the management network, but also on the data
+network and needs to be connected to the Internet if VM needs the access to it.
+
+NOTE: Both nodes should have the same hostname since the Neutron scheduler will be
+aware of one node, for example a virtual router attached to a single L3 node.
+
+==== Highly available Neutron L3 Agent
+
+The Neutron L3 agent provides L3/NAT forwarding to ensure external network access
+for VMs on tenant networks. High Availability for the L3 agent is achieved by
+adopting Pacemaker.
+
+NOTE: Here is the http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent.html[documentation] for installing Neutron L3 Agent.
+
+
+===== Adding Neutron L3 Agent resource to Pacemaker
+First of all, you need to download the resource agent to your system:
+
+----
+cd /usr/lib/ocf/resource.d/openstack
+wget https://raw.github.com/madkiss/openstack-resource-agents/master/ocf/neutron-l3-agent
+chmod a+rx neutron-l3-agent
+----
+
+You may now proceed with adding the Pacemaker configuration for
+Neutron L3 Agent resource. Connect to the Pacemaker cluster with +crm
+configure+, and add the following cluster resources:
+
+----
+include::includes/pacemaker-network-l3.crm[]
+----
+
+This configuration creates
+
+* +p_neutron-l3-agent+, a resource for manage Neutron L3 Agent service
+
++crm configure+ supports batch input, so you may copy and paste the
+above into your live pacemaker configuration, and then make changes as
+required.
+
+Once completed, commit your configuration changes by entering +commit+
+from the +crm configure+ menu. Pacemaker will then start the Neutron L3 Agent
+service, and its dependent resources, on one of your nodes.
+
+NOTE: This method does not ensure a zero downtime since it has to recreate all
+the namespaces and virtual routers on the node.
+
+
+==== Highly available Neutron DHCP Agent
+
+Neutron DHCP agent distributes IP addresses to the VMs with dnsmasq (by
+default). High Availability for the DHCP agent is achieved by adopting
+Pacemaker.
+
+NOTE: Here is the http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_dhcp_agent.html[documentation] for installing Neutron DHCP Agent.
+
+
+===== Adding Neutron DHCP Agent resource to Pacemaker
+First of all, you need to download the resource agent to your system :
+
+----
+cd /usr/lib/ocf/resource.d/openstack
+wget https://raw.github.com/madkiss/openstack-resource-agents/master/ocf/neutron-dhcp-agent
+chmod a+rx neutron-dhcp-agent
+----
+
+You may now proceed with adding the Pacemaker configuration for
+Neutron DHCP Agent resource. Connect to the Pacemaker cluster with +crm
+configure+, and add the following cluster resources:
+
+----
+include::includes/pacemaker-network-dhcp.crm[]
+----
+
+This configuration creates
+
+* +p_neutron-dhcp-agent+, a resource for manage Neutron DHCP Agent
+service
+
++crm configure+ supports batch input, so you may copy and paste the
+above into your live pacemaker configuration, and then make changes as
+required.
+
+Once completed, commit your configuration changes by entering +commit+
+from the +crm configure+ menu. Pacemaker will then start the Neutron DHCP
+Agent service, and its dependent resources, on one of your nodes.
+
+
+==== Highly available Neutron Metadata Agent
+
+Neutron Metadata agent allows Nova API Metadata to be reachable by VMs on tenant
+networks. High Availability for the Metadata agent is achieved by adopting
+Pacemaker.
+
+NOTE: Here is the http://docs.openstack.org/trunk/openstack-network/admin/content/metadata_agent_options.html[documentation] for installing Neutron Metadata Agent.
+
+
+===== Adding Neutron Metadata Agent resource to Pacemaker
+First of all, you need to download the resource agent to your system :
+
+----
+cd /usr/lib/ocf/resource.d/openstack
+wget https://raw.github.com/madkiss/openstack-resource-agents/master/ocf/neutron-metadata-agent
+chmod a+rx neutron-metadata-agent
+----
+
+You may now proceed with adding the Pacemaker configuration for
+Neutron Metadata Agent resource. Connect to the Pacemaker cluster with +crm
+configure+, and add the following cluster resources:
+
+----
+include::includes/pacemaker-network-metadata.crm[]
+----
+
+This configuration creates
+
+* +p_neutron-metadata-agent+, a resource for manage Neutron Metadata Agent
+service
+
++crm configure+ supports batch input, so you may copy and paste the
+above into your live pacemaker configuration, and then make changes as
+required.
+
+Once completed, commit your configuration changes by entering +commit+
+from the +crm configure+ menu. Pacemaker will then start the Neutron Metadata
+Agent service, and its dependent resources, on one of your nodes.
+
+
+==== Manage network resources
+You may now proceed with adding the Pacemaker configuration for
+managing all network resources together with a group.
+Connect to the Pacemaker cluster with +crm configure+, and add the following
+cluster resources:
+
+----
+include::includes/pacemaker-network.crm[]
+----

doc/high-availability-guide/ha-guide.txt

@@ -8,6 +8,7 @@ include::ap-overview.txt[]
 include::ap-pacemaker.txt[]
 include::ap-cloud-controller.txt[]
 include::ap-api-node.txt[]
+include::ap-network-controller.txt[]
 
 include::aa-overview.txt[]
 include::aa-database.txt[]

doc/high-availability-guide/includes/pacemaker-network-dhcp.crm

@@ -0,0 +1,4 @@
+primitive p_neutron-dhcp-agent ocf:openstack:neutron-dhcp-agent \
+    params config="/etc/neutron/neutron.conf" \
+    plugin_config="/etc/neutron/dhcp_agent.ini" \
+    op monitor interval="30s" timeout="30s"

doc/high-availability-guide/includes/pacemaker-network-l3.crm

@@ -0,0 +1,4 @@
+primitive p_neutron-l3-agent ocf:openstack:neutron-l3-agent \
+    params config="/etc/neutron/neutron.conf" \
+    plugin_config="/etc/neutron/l3_agent.ini" \
+    op monitor interval="30s" timeout="30s"

doc/high-availability-guide/includes/pacemaker-network-metadata.crm

@@ -0,0 +1,4 @@
+primitive p_neutron-metadata-agent ocf:openstack:neutron-metadata-agent \
+    params config="/etc/neutron/neutron.conf" \
+    plugin_config="/etc/neutron/metadata_agent.ini" \
+    op monitor interval="30s" timeout="30s"

doc/high-availability-guide/includes/pacemaker-network.crm

@@ -0,0 +1,2 @@
+group g_services_network p_neutron-l3-agent p_neutron-dhcp-agent \
+    p_neutron-metadata_agent