In Juno, I found I had quite a bit of detail under "Proposed Change". It would have been useful to be able to subdivide those details into sections. However, due to the way the template and unit tests were structured, both first and second level sections were validated against the expected structure. This change adds a second-level section under Proposed Change called Overview. The tests do not care about third-level subsections, so this new section can be further broken up as necessary to keep the spec readable. Change-Id: I7b840329567a0c1bb3154dd344fcf9ddc9c9dbdc
6.2 KiB
Enable Neutron DVR on overcloud in TripleO
https://blueprints.launchpad.net/tripleo/+spec/support-neutron-dvr
Neutron distributed virtual routing should be able to be configured in TripleO.
Problem Description
To be able to enable distributed virtual routing in Neutron there
needs to be several changes to the current TripleO overcloud deployment.
The overcloud compute node(s) are constructed with the
neutron-openvswitch-agent
image element, which provides the
neutron-openvswitch-agent
on the compute node. In order to
support distributed virtual routing, the compute node(s) must also have
the neutron-metadata-agent
and
neutron-l3-agent
installed. The installation of the
neutron-l3-agent
and neutron-dhcp-agent
will
need also to be decoupled.
Additionally, for distributed virtual routing to be enabled, the
neutron.conf
, l3_agent.ini
and
ml2_conf.ini
all need to have additional settings.
Proposed Change
Overview
In the tripleo-image-elements, move the current
neutron-network-node
element to an element named
neutron-router
, which will be responsible for doing the
installation and configuration work required to install the
neutron-l3-agent
and the
neutron-metadata-agent
. This neutron-router
element will list the neutron-openvswitch-agent
in its
element-deps. The neutron-network -node
element will then
become simply a 'wrapper' whose sole purpose is to list the dependencies
required for a network node (neutron, neutron-dhcp-agent
,
neutron-router
, os-refresh-config).
Additionally, in the tripleo-image-elements/neutron element, the
neutron.conf
, l3_agent.ini
and
plugins/ml2/ml2_conf.ini
will be modified to add the
configuration variables required in each to support distributed virtual
routing (the required configuration variables are listed at https://wiki.openstack.org/wiki/Neutron/DVR/HowTo#Configuration).
In the tripleo-heat-templates, the
nova-compute-config.yaml
nova-compute-instance.yaml
and
overcloud-source.yaml
files will be modified to provide the
correct settings for the new distributed virtual routing variables. The
enablement of distributed virtual routing will be determined by a
'NeutronDVR' variable which will be 'False' by default (distributed
virtual routing not enabled) for backward compatibility, but can be set
to 'True' if distributed virtual routing is desired.
Lastly, the tripleo-incubator script
devtest_overcloud.sh
will be modified to: a) build the
overcloud-compute disk-image with neutron-router
rather
than with neutron-openvswitch-agent
, and b) configure the
appropriate parameter values to be passed in to the heat stack create
for the overcloud so that distributed routing is either enabled or
disabled.
Alternatives
We could choose to make no change to the neutron-router
image-element and it can be included as well in the list of elements
arguments to the disk image build for compute nodes. This has the
undesired effect of also including/configuring and starting the
neutron-dhcp-agent
on each compute node. Alternatively, it
is possible to keep the neutron-network-node
element as it
is and create a neutron-router
element which is a copy of
most of the element contents of the neutron-network-node
element but without the dependency on the
neutron-dhcp-agent
element. This approach would introduce a
significant amount of code duplication.
Security Impact
Although TripleO installation does not use FWaaS, enablement of DVR currently is known to break FWaaS. See https://blueprints.launchpad.net/neutron/+spec/neutron-dvr-fwaas
Other End User Impact
The user will have the ability to set an environment variable during install which will determine whether distributed virtual routing is enabled or not.
Performance Impact
None identified
Other Deployer Impact
The option to enable or disable distributed virtual routing at install time will be added. By default distributed virtual routing will be disabled.
Developer Impact
None identified
Implementation
Assignee(s)
- Primary assignee:
-
Erik Colnick (erikcolnick on Launchpad)
- Other contributors:
-
None
Work Items
- Create
neutron-router
element in tripleo-image-elements and move related contents fromneutron-network-node
element. Remove theneutron-dhcp-agent
dependency from the element-deps of theneutron-router
element.- Add the
neutron-router
element as a dependency in theneutron-network-node
element-deps
file. Theelement-deps
file becomes the only content in theneutron-network-node
element.- Add the configuration values indicated in https://wiki.openstack.org/wiki/Neutron/DVR/HowTo#Configuration to the
neutron.conf
,l3_agent.ini
andml2_conf.ini
files in theneutron
image element.- Add the necessary reference variables to the
nova-compute-config.yaml
andnova-compute-instance.yaml
tripleo-heat-templates files in order to be able to set the new variables in the config files (from above item). Add definitions and default values inovercloud-source.yaml
.- Modify tripleo-incubator
devtest_overcloud.sh
script to set the appropriate environment variables which will drive the configuration of neutron on the overcloud to either enable distributed virtual routers or disable distributed virtual routers (with disable as the default).
Dependencies
None
Testing
Existing TripleO CI will help ensure that as this is implemented, the current feature set is not impacted and that the default behavior of disabled distributed virtual routers is maintained.
Additional CI tests which test the installation with distributed virtual routers should be added as this implementation is completed.
Documentation Impact
Documentation of the new configuration option will be needed.