x
/
fuel-plugin-vmware-dvs
Code Issues Proposed changes
fuel-plugin-vmware-dvs/specs/fuel-plugin-vmware-dvs.rst

342 lines
10 KiB
ReStructuredText
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

=============================================
Fuel plugin for Neutron ML2 vmware_dvs driver
=============================================
There is the Fuel plugin which provides Neutron for networking on
VMware-related MOS environments.
Problem description
===================
There are several solutions which provide networking for OpenStack with
vSphere. Part of them are or were integrated in the Fuel: nova-network and
VMware NSXv plugin. Other part --- networking-vsphere -- is the separate
upstream project.
Unfortunately each of them has defects. Nova-network is the obsolete network
solution which provides really restricted possibilities. When customers
(especially huge customers) want to replicate rich enterprise network
topologies:
* Ability to create multi-tier networks (e.g., web tier, db tier, app tier).
* Control over IP addressing.
* Ability to insert an configure their own services (e.g., firewall, IPS)
* VPN/Bridge to remote physical hosting or customer premises.
Nova-networks can offer:
* No way to control topology.
* Cloud assigns IP prefixes and addresses.
* No generic service insertion.
This contradiction doesn't allow to use nova-network in big enterprise.
VMware NSXv and networking-vsphere don't have such restrictions. Both of this
solutions are based on the same idea: to create on ESXi's hosts special control
VMs and redirect all tenant traffic to them. That approach permits to using all
possibilities of Neutron but multiple traffic redirection dramatically affects
to network performance. Also NSXv can be used in VMware-only environments.
Proposed change
===============
The Neutron has pluggable architecture which provides using different backends
in different cases simultaneously by using ML2 plugin [0]. There is the
vmware_dvs driver [1] which provides using Neutron for networking in
vmware-related environments. This driver realizes different way to manage
networks on vSphere. Vmware_dvs provides the mechanism driver and the
neutron-dvs-agent that uses special vSphere API for direct manipulation virtual
distributed switches: creates or deletes port-groups, ports and changes
security rules on that ports.
In that way no unnecessary traffic redirections and the given scheme admits to
achieve best performance. Also using modular ML2 architecture provides to
usage several network backends simultaneously and hence creating heterogeneous
OpenStack environments. And it is exactly what we want.
This plugin automates installation and configuration the vmware_dvs driver and
its dependencies (it carries all of them with it to be independent from public
network). After driver installation it changes configuration files
/etc/neutron/neutron.conf, /etc/neutron/plugin.ini and
/etc/neutron/plugins/ml2/vmware_dvs-$vcenters_az-$service_name.ini whereby
neutron-server can manage networking on vCenter.
::
| Management | Public
| |
| |
| |
+-------------------------+ | |
| Controller1 | | |
| neutron-server +--------o-------------+ +---------------+
| +--------------------+ | | | |vSphere |
| |Pacemaker | | | | | |
| | neutron-dvs-agent | +--------+ | | +----------+ |
| +--------------------+ | | | | | Cluster1 | |
+-------------------------+ | | | | | |
| | |++--+ | |
| +--------+VDS| | |
| | |++--+ | |
+-------------------------+ | | | +----------+ |
| Controller2 | | | | |
| neutron-server +--------o-------------+ | |
| +--------------------+ | | | | +----------+ |
| |Pacemaker | | | | | | Cluster2 | |
| | neutron-dvs-agent | +--------+ | | | | |
| +--------------------+ | | | |++---+ | |
+-------------------------+ | +--------+VDS2| | |
| | |++---+ | |
| | | +----------+ |
+----------------------------+ | | +---------------+
|Compute | | |
| +-----+ |
| neutron-openvswitch-agent | | |
+----------------------------+ | |
| |
| |
+----------------------------+ | |
|Compute-vmware | | |
| +-----o-------------+
| neutron-dvs-agent | | |
+----------------------------+ | |
| |
| |
| |
Assumptions:
------------
#. All VDS'es must be provisioned by using vCenter firstly and manually.
#. There must be a mapping between physical network and VDS'es:
3. VLANs will be used as a tenant network separation by KVMs OVS and ESXis
VDS (must be the same for tenant network regardless which switch type OVS
or VDS)
#. Each vSphere's Cluster has its own VDS.
#. There must be an ability to:
#. create / terminate network on VDS
#. bind port on VDS to VM
#. disable state of the neutron network / port on VDS
#. assign multiple vNIC to a single VM deployed on ESXi
#. add VM to security groups
5. Name of driver is vmware_dvs
Limitations:
------------
#. Only VLANs are supported for tenant network separation.
#. Only vSphere 5.5 or 6.0 is supported
Alternatives
------------
Use other solution for Neutron and VMware.
Data model impact
-----------------
There are serveral changes will appears on the other subtab of Networks tab:
#. checkbox "Neutron VMware DVS ML2 plugin".
#. radiobutton with plugin's version
#. checkbox "Use the VMware DVS firewall driver"
#. input field for specification the cluster to VDS mapping.
REST API impact
---------------
None
Upgrade impact
--------------
This plugin has to have a special version for an each Fuel's version. For this
reason after the Fuel's upgrades plugin also should be upgraded.
Security impact
---------------
Neutron provides better isolation between tenants. Using this plugin increases
security.
Notifications impact
--------------------
None
Other end user impact
---------------------
After the VMware DVS plugin is installed there is the new checkbox "Neutron
with VMware DVS" on the "Networking Setup" step of wizard. UI elements of the
plugin are stored on subtab "Other" of tab "Networks" on the Fuel WebUI.
Performance Impact
------------------
None
Plugin impact
-------------
None
Other deployer impact
---------------------
With the vmware_dvs driver will be installed its dependencies:
* python-suds 0.4.1
Developer impact
----------------
None
Infrastructure impact
---------------------
None
Implementation
==============
Assignee(s)
-----------
:Primary assignee: Igor Gajsin <igajsin>
:QA: Olesia Tsvigun <otsvigun>
:Mandatory design review: Vladimir Kuklin <vkuklin>, Bogdan Dobrelia
<bogdando>, Sergii Golovatiuk <sgolovatiuk>
Work Items
----------
* Rewrite puppet manifests, deployment scripts, init and corosync scripts and
for working with agents on controller and compute-vmware nodes.
* Make new tests and build CI.
* Rewrite the documentation.
Dependencies
============
VMware_dvs Neutron ML2 plugin [1]
Testing
=======
Target Test Items:
------------------
* Install/uninstall Fuel Vmware-DVS plugin
* Deploy Cluster with Fuel Vmware-DVS plugin by Fuel
* Roles of nodes
* controller
* compute
* cinder
* mongo
* compute-vmware
* cinder-vmware
* Hypervisors:
* KVM+Vcenter
* Qemu+Vcenter
* Storage:
* Ceph
* Cinder
* VMWare vCenter/ESXi datastore for images
* Network
* Neutron with Vlan segmentation
* HA + Neutron with VLAN
* Additional components
* Ceilometer
* Health Check
* Upgrade master node
* MOS and VMware-DVS plugin
* Computes(Nova)
* Launch and manage instances
* Launch instances in batch
* Networks (Neutron)
* Create and manage public and private networks.
* Create and manage routers.
* Port binding / disabling
* Port security
* Security groups
* Assign vNIC to a VM
* Connection between instances
* Heat
* Create stack from template
* Delete stack
* Keystone
* Create and manage roles
* Horizon
* Create and manage projects
* Create and manage users
* Glance
* Create and manage images
* GUI
* Fuel UI
* CLI
* Fuel CLI
Test approach:
--------------
The project test approach consists of Smoke, Integration, System, Regression
Failover and Acceptance test levels.
Acceptance criterias:
---------------------
#. All acceptance criteria for user stories are met.
#. All test cases are executed. BVT tests are passed.
#. Critical and high issues are fixed.
#. All required documents are delivered.
#. Release notes including a report on the known errors of that release.
Documentation Impact
====================
* Deployment Guide (how to prepare an environment for installation, how to
install the plugin, how to deploy OpenStack an environment with the plugin).
* User Guide (which features the plugin provides, how to use them in the
deployed OS environment).
* Test Plan.
* Test Report.
References
==========
* Neutron ML2 wiki page https://wiki.openstack.org/wiki/Neutron/ML2
* Repository of ML2 driver https://github.com/Mirantis/vmware-dvs
* The blueprint for component registry
https://blueprints.launchpad.net/fuel/+spec/component-registry
View Git Blame Copy Permalink