From c57948012c7fda9ac64f7eb66e50572e8f39a9e4 Mon Sep 17 00:00:00 2001 From: Dan Sneddon Date: Sat, 22 Sep 2018 18:59:54 -0700 Subject: [PATCH] Add a dual-bond example NIC config template This change adds a 2-bonds-with-vlans example template which demonstrates the use of two Linux bonds. This template will place the 'Tenant*' networks on a bond with an OVS bridge. Other networks will be placed as VLANs on the Linux bond without a bridge. There is special handling for the Tenant network on DPDK-enabled Compute nodes. Change-Id: I9277c0e6a1267392943214eb5fe55509f7956fbc --- .../net-2-linux-bonds-with-vlans.j2.yaml | 17 ++ network/config/2-linux-bonds-vlans/README.md | 38 +++ .../2-linux-bonds-vlans/role.role.j2.yaml | 224 ++++++++++++++++++ 3 files changed, 279 insertions(+) create mode 100644 environments/net-2-linux-bonds-with-vlans.j2.yaml create mode 100644 network/config/2-linux-bonds-vlans/README.md create mode 100644 network/config/2-linux-bonds-vlans/role.role.j2.yaml diff --git a/environments/net-2-linux-bonds-with-vlans.j2.yaml b/environments/net-2-linux-bonds-with-vlans.j2.yaml new file mode 100644 index 0000000000..8f635a3cb0 --- /dev/null +++ b/environments/net-2-linux-bonds-with-vlans.j2.yaml @@ -0,0 +1,17 @@ +# This template configures each role to use a pair of bonded nics (nic2 and +# nic3) and configures an IP address on each relevant isolated network +# for each role. This template assumes use of network-isolation.yaml. +# +# NOTE: This version of the templates uses two Linux bonds, but +# reuses the BondInterfaceOvsOptions parameter for both bond +# configurations. You can modify this template to have two +# different parameters for the bonds if options differ. +# +# FIXME: if/when we add functionality to heatclient to include heat +# environment files we should think about using it here to automatically +# include network-isolation.yaml. +resource_registry: +{%- for role in roles %} + # Port assignments for the {{role.name}} + OS::TripleO::{{role.name}}::Net::SoftwareConfig: ../network/config/2-linux-bonds-vlans/{{role.deprecated_nic_config_name|default(role.name.lower() ~ ".yaml")}} +{%- endfor %} diff --git a/network/config/2-linux-bonds-vlans/README.md b/network/config/2-linux-bonds-vlans/README.md new file mode 100644 index 0000000000..9e4f180b92 --- /dev/null +++ b/network/config/2-linux-bonds-vlans/README.md @@ -0,0 +1,38 @@ +This directory contains Heat templates to demonstrate configuration of +VLANs on 2 Linux bonds, each with a pair of NICs, for each Overcloud role. +The Tenant network does not need to be on a bridge in order for VXLAN to +function, but the Tenant network appears on the bridge interface in order +to group tenant VLAN traffic and VXLAN traffic together. + +Configuration +------------- + +To make use of these templates create a Heat environment that looks +something like this: + + resource\_registry: + OS::TripleO::BlockStorage::Net::SoftwareConfig: network/config/2-linux-bonds-vlans/cinder-storage.yaml + OS::TripleO::Compute::Net::SoftwareConfig: network/config/2-linux-bonds-vlans/compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: network/config/2-linux-bonds-vlans/controller.yaml + OS::TripleO::ObjectStorage::Net::SoftwareConfig: network/config/2-linux-bonds-vlans/swift-storage.yaml + OS::TripleO::CephStorage::Net::SoftwareConfig: network/config/2-linux-bonds-vlans/ceph-storage.yaml + +Or use this Heat environment file: + + environments/net-2-bonds-with-vlans.yaml + +Configuration with no External Network +-------------------------------------- + +Edit roles_data.yaml to remove the External network from the Controller role. + +Configuration with System Management Network +-------------------------------------------- + +The Management network is enabled for backwards-compatibility, but +is not included in any roles by default. + +Add the network to the list of networks used by each role in the role +definition file (e.g. roles_data.yaml). Refer to installation documentation +for procedure to generate a role file for custom roles. + diff --git a/network/config/2-linux-bonds-vlans/role.role.j2.yaml b/network/config/2-linux-bonds-vlans/role.role.j2.yaml new file mode 100644 index 0000000000..ebd34b8472 --- /dev/null +++ b/network/config/2-linux-bonds-vlans/role.role.j2.yaml @@ -0,0 +1,224 @@ +heat_template_version: rocky +description: > + Software Config to drive os-net-config with 2 Linux bonds. One bond is on a + bridge with VLANs attached for the {{role.name}} role. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ControlPlaneSubnetCidr: + default: '' + description: > + The subnet CIDR of the control plane network. (The parameter is + automatically resolved from the ctlplane subnet's cidr attribute.) + type: string + ControlPlaneDefaultRoute: + default: '' + description: The default route of the control plane network. (The parameter + is automatically resolved from the ctlplane subnet's gateway_ip attribute.) + type: string + ControlPlaneStaticRoutes: + default: [] + description: > + Routes for the ctlplane network traffic. + JSON route e.g. [{'destination':'10.0.0.0/16', 'nexthop':'10.0.0.1'}] + Unless the default is changed, the parameter is automatically resolved + from the subnet host_routes attribute. + type: json +{%- for network in networks %} + + {{network.name}}IpSubnet: + default: '' + description: IP address/subnet on the {{network.name_lower}} network + type: string + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name_lower}} network traffic. + type: number +{%- if network.ipv6|default(false) and network.gateway_ipv6|default(false) %} + {{network.name}}InterfaceDefaultRoute: + default: '{{network.gateway_ipv6}}' + description: default route for the {{network.name_lower}} network + type: string +{%- elif network.gateway_ip|default(false) %} + {{network.name}}InterfaceDefaultRoute: + default: '{{network.gateway_ip}}' + description: default route for the {{network.name_lower}} network + type: string +{%- endif %} + {{network.name}}InterfaceRoutes: + default: [] + description: > + Routes for the {{network.name_lower}} network traffic. + JSON route e.g. [{'destination':'10.0.0.0/16', 'nexthop':'10.0.0.1'}] + Unless the default is changed, the parameter is automatically resolved + from the subnet host_routes attribute. + type: json +{%- endfor %} + + DnsServers: # Override this via parameter_defaults + default: [] + description: > + DNS servers to use for the Overcloud (2 max for some implementations). + If not set the nameservers configured in the ctlplane subnet's + dns_nameservers attribute will be used. + type: comma_delimited_list + EC2MetadataIp: + default: '' + description: The IP address of the EC2 metadata server. (The parameter + is automatically resolved from the ctlplane subnet's host_routes attribute.) + type: string + BondInterfaceOvsOptions: + default: bond_mode=active-backup + description: 'The ovs_options or bonding_options string for the bond + interface. Set things like lacp=active and/or bond_mode=balance-slb + for OVS bonds or like mode=4 for Linux bonds using this option.' + type: string +{%- if role.name == 'ComputeOvsDpdk' %} + NumDpdkInterfaceRxQueues: + description: Number of Rx Queues required for DPDK bond or DPDK ports + default: 1 + type: number +{%- endif %} + + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + list_concat_unique: + - get_param: ControlPlaneRoutes + - - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp +{%- if role.default_route_networks is not defined or 'ControlPlane' in role.default_route_networks %} + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute +{%- endif %} + - type: linux_bond + name: bond_api + use_dhcp: false + bonding_options: + get_param: BondInterfaceOvsOptions + dns_servers: + get_param: DnsServers + members: + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 +{%- for network in networks if network.enabled|default(true) and network.name in role.networks and not network.name.startswith('Tenant') %} + - type: vlan + device: bond_api + vlan_id: + get_param: {{network.name}}NetworkVlanID + addresses: + - ip_netmask: + get_param: {{network.name}}IpSubnet + routes: + list_concat_unique: + - get_param: {{network.name}}InterfaceRoutes + {%- if network.name in role.default_route_networks %} + - - default: true + next_hop: + get_param: {{network.name}}InterfaceDefaultRoute + {%- endif %} +{%- endfor %} +{%- if not role.name.startswith('ComputeOvsDpdk') %} + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: linux_bond + name: bond-data + bonding_options: + get_param: BondInterfaceOvsOptions + members: + - type: interface + name: nic4 + primary: true + - type: interface + name: nic5 + {%- for network in networks if network.name.startswith('Tenant') and network.name in role.networks and network.enabled|default(true) %} + - type: vlan + device: bond-data + vlan_id: + get_param: {{network.name}}NetworkVlanID + addresses: + - ip_netmask: + get_param: {{network.name}}IpSubnet + routes: + list_concat_unique: + - get_param: {{network.name}}InterfaceRoutes + {%- if network.name in role.default_route_networks %} + - - default: true + next_hop: + get_param: {{network.name}}InterfaceDefaultRoute + {%- endif %} + {%- endfor %} +{%- else %} + - type: ovs_user_bridge + name: br-dpdk0 + use_dhcp: false + {%- for network in networks if network.name.startswith('Tenant') and network.name in role.networks and network.enabled|default(true) %} + ovs_extra: + - str_replace: + template: set port br-dpdk0 tag=_VLAN_TAG_ + params: + _VLAN_TAG_: {get_param: {{network.name}}NetworkVlanID} + addresses: + - ip_netmask: {get_param: {{network.name}}IpSubnet} + routes: + list_concat_unique: + - get_param: {{network.name}}InterfaceRoutes + {%- if network.name in role.default_route_networks %} + - - default: true + next_hop: + get_param: {{network.name}}InterfaceDefaultRoute + {%- endif %} + {%- endfor %} + members: + - type: ovs_dpdk_bond + name: dpdkbond0 + rx_queue: + get_param: NumDpdkInterfaceRxQueues + members: + - type: ovs_dpdk_port + name: dpdk0 + members: + - type: interface + name: nic4 + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic5 +{%- endif %} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl +