diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index daea6da846..a089511b61 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -3,6 +3,7 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml + OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml @@ -30,6 +31,7 @@ parameter_defaults: - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/docker/services/ovn-metadata.yaml b/docker/services/ovn-metadata.yaml new file mode 100644 index 0000000000..34699a10b6 --- /dev/null +++ b/docker/services/ovn-metadata.yaml @@ -0,0 +1,154 @@ +heat_template_version: queens + +description: > + OpenStack containerized OVN Metadata agent + +parameters: + DockerOvnMetadataImage: + description: image + type: string + DockerNeutronConfigImage: + description: The container image to use for the neutron config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OVNMetadataBase: + type: ../../puppet/services/ovn-metadata.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NeutronLogging: + type: OS::TripleO::Services::Logging::NeutronCommon + +outputs: + role_data: + description: Role data for OVNMetadata agent + value: + service_name: {get_attr: [OVNMetadataBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [OVNMetadataBase, role_data, config_settings] + - get_attr: [NeutronLogging, config_settings] + logging_source: {get_attr: [OVNMetadataBase, role_data, logging_source]} + logging_groups: {get_attr: [OVNMetadataBase, role_data, logging_groups]} + puppet_config: + puppet_tags: neutron_config,ovn_metadata_agent_config + config_volume: neutron + step_config: + get_attr: [OVNMetadataBase, role_data, step_config] + config_image: {get_param: DockerNeutronConfigImage} + volumes: + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch + kolla_config: + /var/lib/kolla/config_files/ovn_metadata_agent.json: + command: /usr/bin/networking-ovn-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini --config-dir /etc/neutron/conf.d/networking-ovn-metadata-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/neutron + owner: neutron:neutron + recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true + docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]} + docker_config: + step_4: + setup_ovs_manager: + start_order: 0 + detach: false + net: host + privileged: true + user: root + command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"' + list_concat: + - - '/docker_puppet_apply.sh' + - '4' + - 'exec' + - 'include ::tripleo::profile::base::neutron::ovn_metadata' + image: {get_param: DockerOvnMetadataImage} + volumes: + list_concat: + - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} + - - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch + ovn_metadata_agent: + start_order: 1 + image: {get_param: DockerOvnMetadataImage} + net: host + privileged: true + restart: always + healthcheck: + test: /openstack/healthcheck + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - {get_attr: [NeutronLogging, volumes]} + - + - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch + - /var/lib/neutron:/var/lib/neutron + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + list_concat: + - {get_attr: [NeutronLogging, host_prep_tasks]} + - - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory + upgrade_tasks: + - name: Check if ovn_metadata_agent is deployed + command: systemctl is-enabled --quiet networking-ovn-metadata-agent + tags: common + ignore_errors: True + register: networking_ovn_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service networking-ovn-metadata-agent is running" + command: systemctl is-active --quiet networking-ovn-metadata-agent + when: networking_ovn_metadata_agent_enabled.rc == 0 + tags: step0,validation + - name: Stop and disable networking_ovn_metadata service + tags: step2 + when: networking_ovn_metadata_agent_enabled.rc == 0 + service: name=networking-ovn-metadata-agent state=stopped enabled=no diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 9b8726d49e..b7d52cc2b4 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -52,6 +52,7 @@ parameter_defaults: - OS::TripleO::Services::Docker - OS::TripleO::Services::Iscsid - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent - OS::TripleO::Services::RsyslogSidecar - OS::TripleO::Services::LoginDefs - OS::TripleO::Services::Rhsm diff --git a/environments/neutron-ml2-ovn-ha.yaml b/environments/neutron-ml2-ovn-ha.yaml index 433ba6658d..c896f39798 100644 --- a/environments/neutron-ml2-ovn-ha.yaml +++ b/environments/neutron-ml2-ovn-ha.yaml @@ -4,6 +4,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml + OS::TripleO::Services::OVNMetadataAgent: ../puppet/services/ovn-metadata.yaml # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index c754efc5dd..808eae4a98 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -4,6 +4,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml + OS::TripleO::Services::OVNMetadataAgent: ../puppet/services/ovn-metadata.yaml # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None diff --git a/environments/services-docker/neutron-ovn-ha.yaml b/environments/services-docker/neutron-ovn-ha.yaml index 53b60e541b..119a3a38d6 100644 --- a/environments/services-docker/neutron-ovn-ha.yaml +++ b/environments/services-docker/neutron-ovn-ha.yaml @@ -3,6 +3,7 @@ resource_registry: OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../docker/services/pacemaker/ovn-dbs.yaml + OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None diff --git a/environments/services-docker/neutron-ovn.yaml b/environments/services-docker/neutron-ovn.yaml index 62b3a9d0c2..b56ebfeb40 100644 --- a/environments/services-docker/neutron-ovn.yaml +++ b/environments/services-docker/neutron-ovn.yaml @@ -3,6 +3,7 @@ resource_registry: OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml + OS::TripleO::Services::OVNMetadataAgent: ../../docker/services/ovn-metadata.yaml # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 9d8e611471..8d47a6f191 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -153,6 +153,7 @@ resource_registry: OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml + OS::TripleO::Services::OVNMetadataAgent: OS::Heat::None # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated # the multinode job ControllerServices after this patch merges OS::TripleO::Services::NeutronServer: puppet/services/neutron-api.yaml diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index 1c80d0d5a6..8356526d45 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -67,6 +67,10 @@ parameters: description: Enable Neutron DVR. default: false type: boolean + OVNMetadataEnabled: + description: Whether Metadata Service has to be enabled + type: boolean + default: true resources: @@ -93,6 +97,7 @@ outputs: neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} neutron::plugins::ml2::ovn::ovn_l3_mode: true neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType} + neutron::plugins::ml2::ovn::ovn_metadata_enabled: {get_param: OVNMetadataEnabled} neutron::server::qos_notification_drivers: {get_param: OVNQosDriver} neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize} neutron::plugins::ml2::ovn::dvr_enabled: {get_param: NeutronEnableDVR} diff --git a/puppet/services/ovn-controller.yaml b/puppet/services/ovn-controller.yaml index 6165cdc8dc..106caf02f7 100644 --- a/puppet/services/ovn-controller.yaml +++ b/puppet/services/ovn-controller.yaml @@ -53,6 +53,10 @@ parameters: Name of the OVS bridge to use as integration bridge by OVN Controller. type: string default: "br-int" + OVNMetadataEnabled: + description: Whether Metadata Service has to be enabled + type: boolean + default: true resources: @@ -70,6 +74,9 @@ resources: - values: NeutronBridgeMappings: {get_param: NeutronBridgeMappings} +conditions: + force_config_drive: {equals: [{get_param: OVNMetadataEnabled}, false]} + outputs: role_data: description: Role data for the OVN Controller agent @@ -82,7 +89,7 @@ outputs: ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} ovn::controller::ovn_bridge: {get_param: OVNIntegrationBridge} - nova::compute::force_config_drive: true + nova::compute::force_config_drive: {if: [force_config_drive, true, false]} tripleo.ovn_controller.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/puppet/services/ovn-metadata.yaml b/puppet/services/ovn-metadata.yaml new file mode 100644 index 0000000000..abfe99a452 --- /dev/null +++ b/puppet/services/ovn-metadata.yaml @@ -0,0 +1,123 @@ +heat_template_version: pike + +description: > + OpenStack Networking-ovn Metadata agent configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + NeutronWorkers: + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 + OVNDbConnectionTimeout: + description: Timeout in seconds for the OVSDB connection transaction + type: number + default: 180 + MonitoringSubscriptionOvnMetadata: + default: 'overcloud-ovn-metadata' + type: string + OvnMetadataAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.ovn-metadata + path: /var/log/neutron/networking-ovn-metadata-agent.log + +conditions: + neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Networking-ovn Metadata agent service. + value: + service_name: ovn_metadata + monitoring_subscription: {get_param: MonitoringSubscriptionOvnMetadata} + logging_source: {get_param: OvnMetadataAgentLoggingSource} + logging_groups: + - neutron + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::ovn_metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron::agents::ovn_metadata::auth_password: {get_param: NeutronPassword} + neutron::agents::ovn_metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + neutron::agents::ovn_metadata::auth_tenant: 'service' + neutron::agents::ovn_metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::ovn_metadata::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + ovn::southbound::port: {get_param: OVNSouthboundServerPort} + - + if: + - neutron_workers_unset + - {} + - neutron::agents::ovn_metadata::metadata_workers: {get_param: NeutronWorkers} + step_config: | + include tripleo::profile::base::neutron::ovn_metadata + upgrade_tasks: + - name: Check if networking_ovn_metadata_agent is deployed + command: systemctl is-enabled networking-ovn-metadata-agent + tags: common + ignore_errors: True + register: networking_ovn_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service networking-ovn-metadata-agent is running" + shell: /usr/bin/systemctl show 'networking-ovn-metadata-agent' --property ActiveState | grep '\bactive\b' + when: networking_ovn_metadata_agent_enabled.rc == 0 + tags: step0,validation + - name: Stop networking_ovn_metadata service + tags: step1 + when: neutron_metadata_agent_enabled.rc == 0 + service: name=networking-ovn-metadata-agent state=stopped diff --git a/releasenotes/notes/add-support-networking-ovn-metadata-agent-3bfecfbabd6d9628.yaml b/releasenotes/notes/add-support-networking-ovn-metadata-agent-3bfecfbabd6d9628.yaml new file mode 100644 index 0000000000..83be0c87f0 --- /dev/null +++ b/releasenotes/notes/add-support-networking-ovn-metadata-agent-3bfecfbabd6d9628.yaml @@ -0,0 +1,8 @@ +--- +features: + - Adds ability to configure metadata agent for networking-ovn based + deployments. +upgrade: + - force_config_drive is now set to False in Nova. Instances will now + fetch their metadata from the metadata service instead from the config + drive. diff --git a/roles/Compute.yaml b/roles/Compute.yaml index 354e803952..4c6c8e350f 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -61,3 +61,4 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index 4333e555eb..dda912863f 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -52,3 +52,4 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml index b247addec2..685c149c1f 100644 --- a/roles/ComputeOvsDpdk.yaml +++ b/roles/ComputeOvsDpdk.yaml @@ -37,6 +37,7 @@ - OS::TripleO::Services::Ntp - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNMetadataAgent - OS::TripleO::Services::Rhsm - OS::TripleO::Services::RsyslogSidecar - OS::TripleO::Services::Securetty diff --git a/roles/ComputeSriov.yaml b/roles/ComputeSriov.yaml index 9e8c115b6f..fe7a111f4e 100644 --- a/roles/ComputeSriov.yaml +++ b/roles/ComputeSriov.yaml @@ -52,3 +52,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/HciCephAll.yaml b/roles/HciCephAll.yaml index 773af1dfbc..2e5689194a 100644 --- a/roles/HciCephAll.yaml +++ b/roles/HciCephAll.yaml @@ -58,3 +58,4 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/HciCephFile.yaml b/roles/HciCephFile.yaml index efe75e6b86..95c2300e30 100644 --- a/roles/HciCephFile.yaml +++ b/roles/HciCephFile.yaml @@ -54,3 +54,4 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/HciCephMon.yaml b/roles/HciCephMon.yaml index 04dcd24618..99589e3b99 100644 --- a/roles/HciCephMon.yaml +++ b/roles/HciCephMon.yaml @@ -55,3 +55,4 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles/HciCephObject.yaml b/roles/HciCephObject.yaml index 136e2dff34..c410bf6fb6 100644 --- a/roles/HciCephObject.yaml +++ b/roles/HciCephObject.yaml @@ -54,3 +54,4 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/roles_data.yaml b/roles_data.yaml index 9e5f1cfa8c..8590c07ace 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -218,6 +218,7 @@ - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent ############################################################################### # Role: BlockStorage # ###############################################################################