diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 8990498412..2d3b1b54ce 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -95,7 +95,7 @@ neutron_services: container_name: "neutron_dhcp_agent" image: "{{ neutron_dhcp_agent_image_full }}" privileged: True - enabled: True + enabled: "{{ neutron_plugin_agent != 'vmware_nsxv' }}" group: "neutron-dhcp-agent" host_in_groups: "{{ True if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-dhcp-agent'] }}" volumes: @@ -108,7 +108,7 @@ neutron_services: container_name: "neutron_l3_agent" image: "{{ neutron_l3_agent_image_full }}" privileged: True - enabled: "{{ not enable_neutron_vpnaas | bool }}" + enabled: "{{ not enable_neutron_vpnaas | bool and neutron_plugin_agent != 'vmware_nsxv' }}" host_in_groups: >- {{ True if orchestration_engine == 'KUBERNETES' else @@ -125,7 +125,7 @@ neutron_services: container_name: "neutron_lbaas_agent" image: "{{ neutron_lbaas_agent_image_full }}" privileged: True - enabled: "{{ enable_neutron_lbaas | bool }}" + enabled: "{{ enable_neutron_lbaas | bool and neutron_plugin_agent != 'vmware_nsxv' }}" group: "neutron-lbaas-agent" host_in_groups: "{{ True if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-lbaas-agent'] }}" volumes: @@ -137,7 +137,7 @@ neutron_services: container_name: "neutron_metadata_agent" image: "{{ neutron_metadata_agent_image_full }}" privileged: True - enabled: true + enabled: "{{ neutron_plugin_agent != 'vmware_nsxv' }}" host_in_groups: >- {{ True if orchestration_engine == 'KUBERNETES' else @@ -154,7 +154,7 @@ neutron_services: container_name: "neutron_vpnaas_agent" image: "{{ neutron_vpnaas_agent_image_full }}" privileged: True - enabled: "{{ enable_neutron_vpnaas | bool }}" + enabled: "{{ enable_neutron_vpnaas | bool and neutron_plugin_agent != 'vmware_nsxv' }}" group: "neutron-vpnaas-agent" host_in_groups: "{{ True if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-vpnaas-agent'] }}" volumes: @@ -167,7 +167,7 @@ neutron_services: container_name: "neutron_bgp_dragent" image: "{{ neutron_bgp_dragent_image_full }}" privileged: True - enabled: "{{ enable_neutron_bgp_dragent | bool }}" + enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent != 'vmware_nsxv' }}" group: "neutron-bgp-dragent" host_in_groups: "{{ False if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-bgp-dragent'] }}" volumes: @@ -292,3 +292,23 @@ neutron_notification_topics: enabled: "{{ enable_designate | bool }}" neutron_enabled_notification_topics: "{{ neutron_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# VMware NSXV +#################### +vmware_nsxv_user: "nsx_manager_user" +vmware_nsxv_password: "nsx_manager_password" +vmware_nsxv_manager_uri: "https://127.0.0.1" +vmware_nsxv_insecure: "True" +vmware_nsxv_cluster_moid: "TestCluster" +vmware_nsxv_datacenter_moid: "TestDataCeter" +vmware_nsxv_resource_pool_id: "TestRSGroup" +vmware_nsxv_datastore_id: "TestDataStore" +vmware_nsxv_external_network: "TestDVSPort-Ext" +vmware_nsxv_vdn_scope_id: "TestVDNScope" +vmware_nsxv_dvs_id: "TestDVS" +vmware_nsxv_backup_edge_pool: "service:compact:1:2" +vmware_nsxv_spoofguard_enabled: "false" +vmware_nsxv_metadata_initializer: "false" +vmware_nsxv_edge_ha: "false" + diff --git a/ansible/roles/neutron/handlers/main.yml b/ansible/roles/neutron/handlers/main.yml index 127a514e3b..58d77b0961 100644 --- a/ansible/roles/neutron/handlers/main.yml +++ b/ansible/roles/neutron/handlers/main.yml @@ -25,6 +25,7 @@ or neutron_lbaas_conf | changed or neutron_vpnaas_conf | changed or neutron_ml2_conf | changed + or nsx_ini | changed or policy_json | changed or neutron_server_container | changed diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index bd55d960e4..bbb70b39f8 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -267,6 +267,24 @@ local_action: stat path="{{ node_custom_config }}/neutron/policy.json" register: neutron_policy +- name: Copying over nsx.ini + vars: + service_name: "neutron-server" + neutron_server: "{{ neutron_services[service_name] }}" + merge_configs: + sources: + - "{{ role_path }}/templates/nsx.ini.j2" + - "{{ node_custom_config }}/neutron/nsx.ini" + - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/nsx.ini" + dest: "{{ node_config_directory }}/{{ service_name }}/nsx.ini" + register: nsx_ini + when: + - neutron_server.enabled | bool + - neutron_server.host_in_groups | bool + - neutron_plugin_agent == 'vmware_nsxv' + notify: + - "Restart {{ service_name }} container" + - name: Copying over existing policy.json vars: service_name: "{{ item.key }}" diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2 index 3305eb4fa1..90efa531b0 100644 --- a/ansible/roles/neutron/templates/neutron-server.json.j2 +++ b/ansible/roles/neutron/templates/neutron-server.json.j2 @@ -1,5 +1,5 @@ { - "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf", + "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf {% if neutron_plugin_agent == 'vmware_nsxv' %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}", "config_files": [ { "source": "{{ container_config_directory }}/neutron.conf", @@ -31,7 +31,14 @@ "owner": "neutron", "perm": "0600", "optional": true + }{% if neutron_plugin_agent == 'vmware_nsxv' -%}, + { + "source": "{{ container_config_directory }}/nsx.ini", + "dest": "/etc/neutron/plugins/vmware/nsx.ini", + "owner": "neutron", + "perm": "0600" } + {% endif -%} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 2980f3c41b..b491c6b4e4 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -34,9 +34,13 @@ host = {{ ansible_hostname }}_{{ item }} {% endif %} allow_overlapping_ips = true -core_plugin = ml2 +{% if neutron_plugin_agent == 'vmware_nsxv' %} +core_plugin = vmware_nsx.plugin.NsxVPlugin +{% else %} +core_plugin = ml2 service_plugins = {{ neutron_service_plugins|map(attribute='name')|join(',') }} +{% endif %} {% if enable_neutron_agent_ha | bool %} dhcp_agents_per_network = {{ dhcp_agents_per_network }} diff --git a/ansible/roles/neutron/templates/nsx.ini.j2 b/ansible/roles/neutron/templates/nsx.ini.j2 new file mode 100644 index 0000000000..45307eb61c --- /dev/null +++ b/ansible/roles/neutron/templates/nsx.ini.j2 @@ -0,0 +1,17 @@ +[nsxv] +user = {{ vmware_nsxv_user }} +password = {{ vmware_nsxv_password }} +manager_uri = {{ vmware_nsxv_manager_uri }} +insecure = {{ vmware_nsxv_insecure }} +cluster_moid = {{ vmware_nsxv_cluster_moid }} +datacenter_moid = {{ vmware_nsxv_datacenter_moid }} +resource_pool_id = {{ vmware_nsxv_resource_pool_id }} +datastore_id = {{ vmware_nsxv_datastore_id }} +external_network = {{ vmware_nsxv_external_network }} +vdn_scope_id = {{ vmware_nsxv_vdn_scope_id }} +dvs_id = {{ vmware_nsxv_dvs_id }} +backup_edge_pool = {{ vmware_nsxv_backup_edge_pool }} +spoofguard_enabled = {{ vmware_nsxv_spoofguard_enabled }} +metadata_initializer = {{ vmware_nsxv_metadata_initializer }} +edge_ha = {{ vmware_nsxv_edge_ha }} + diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 6f952b6c92..247eacc0b1 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -86,7 +86,7 @@ kolla_internal_vip_address: "10.10.10.254" # addresses for that reason. #neutron_external_interface: "eth1" -# Valid options are [ openvswitch, linuxbridge ] +# Valid options are [ openvswitch, linuxbridge, vmware_nsxv ] #neutron_plugin_agent: "openvswitch" diff --git a/releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml b/releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml new file mode 100644 index 0000000000..838b8900ea --- /dev/null +++ b/releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add OpenStack VMWare NSX support into neutron service.