Merge "Split Openvswitch into own role"

ansible/group_vars/all.yml

@@ -247,6 +247,8 @@ fluentd_syslog_port: "5140"
 
 zun_api_port: "9512"
 
+ovsdb_port: "6640"
+
 public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}"
 internal_protocol: "http"
 admin_protocol: "http"
@@ -353,6 +355,7 @@ enable_neutron_agent_ha: "no"
 enable_neutron_bgp_dragent: "no"
 enable_nova_serialconsole_proxy: "no"
 enable_octavia: "no"
+enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
 enable_panko: "no"
 enable_rally: "no"
 enable_sahara: "no"
@@ -493,7 +496,7 @@ designate_ns_record: "sample.openstack.org"
 # Neutron options
 #######################
 neutron_bgp_router_id: "1.1.1.1"
-
+neutron_bridge_name: "br-ex"
 
 #######################
 # Nova options

ansible/inventory/all-in-one

@@ -81,6 +81,11 @@ control
 [neutron:children]
 network
 
+[openvswitch:children]
+network
+compute
+manila-share
+
 [cinder:children]
 control
 

ansible/inventory/multinode

@@ -102,6 +102,11 @@ control
 [neutron:children]
 network
 
+[openvswitch:children]
+network
+compute
+manila-share
+
 [cinder:children]
 control
 

ansible/roles/neutron/defaults/main.yml

@@ -2,47 +2,6 @@
 project_name: "neutron"
 
 neutron_services:
-  openvswitch-db-server:
-    container_name: "openvswitch_db"
-    image: "{{ openvswitch_db_image_full }}"
-    enabled: "{{ neutron_plugin_agent == 'openvswitch' }}"
-    host_in_groups: >-
-      {{
-      True if orchestration_engine == 'KUBERNETES' else
-      inventory_hostname in groups['compute']
-      or (enable_manila | bool and inventory_hostname in groups['manila-share'])
-      or inventory_hostname in groups['neutron-dhcp-agent']
-      or inventory_hostname in groups['neutron-l3-agent']
-      or inventory_hostname in groups['neutron-metadata-agent']
-      or inventory_hostname in groups['neutron-vpnaas-agent']
-      }}
-    volumes:
-      - "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro"
-      - "/etc/localtime:/etc/localtime:ro"
-      - "/run:/run:shared"
-      - "kolla_logs:/var/log/kolla/"
-      - "openvswitch_db:/var/lib/openvswitch/"
-  openvswitch-vswitchd:
-    container_name: "openvswitch_vswitchd"
-    image: "{{ openvswitch_vswitchd_image_full }}"
-    enabled: "{{ neutron_plugin_agent == 'openvswitch' }}"
-    host_in_groups: >-
-      {{
-      True if orchestration_engine == 'KUBERNETES' else
-      inventory_hostname in groups['compute']
-      or (enable_manila | bool and inventory_hostname in groups['manila-share'])
-      or inventory_hostname in groups['neutron-dhcp-agent']
-      or inventory_hostname in groups['neutron-l3-agent']
-      or inventory_hostname in groups['neutron-metadata-agent']
-      or inventory_hostname in groups['neutron-vpnaas-agent']
-      }}
-    privileged: True
-    volumes:
-      - "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro"
-      - "/etc/localtime:/etc/localtime:ro"
-      - "/lib/modules:/lib/modules:ro"
-      - "/run:/run:shared"
-      - "kolla_logs:/var/log/kolla/"
   neutron-server:
     container_name: "neutron_server"
     image: "{{ neutron_server_image_full }}"
@@ -280,14 +239,6 @@ neutron_bgp_dragent_image: "{{ docker_registry ~ '/' if docker_registry else ''
 neutron_bgp_dragent_tag: "{{ openstack_release }}"
 neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}"
 
-openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server"
-openvswitch_db_tag: "{{ openstack_release }}"
-openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}"
-
-openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd"
-openvswitch_vswitchd_tag: "{{ openstack_release }}"
-openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}"
-
 
 ####################
 # OpenStack
@@ -301,8 +252,6 @@ neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ n
 
 neutron_logging_debug: "{{ openstack_logging_debug }}"
 
-neutron_bridge_name: "br-ex"
-
 openstack_neutron_auth: "{{ openstack_auth }}"
 
 ####################

ansible/roles/neutron/handlers/main.yml

@@ -1,63 +1,4 @@
 ---
-- name: Restart openvswitch-db-server container
-  vars:
-    service_name: "openvswitch-db-server"
-    service: "{{ neutron_services[service_name] }}"
-    config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    openvswitch_db_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
-  kolla_docker:
-    action: "recreate_or_restart_container"
-    common_options: "{{ docker_common_options }}"
-    name: "{{ service.container_name }}"
-    image: "{{ service.image }}"
-    volumes: "{{ service.volumes }}"
-  when:
-    - action != "config"
-    - service.enabled | bool
-    - service.host_in_groups | bool
-    - config_json | changed
-      or openvswitch_db_container | changed
-  notify:
-    - Waiting the openvswitch_db service to be ready
-    - Ensuring OVS bridge is properly setup
-
-- name: Waiting the openvswitch_db service to be ready
-  command: docker exec openvswitch_db ovs-vsctl --no-wait show
-  register: check_result
-  until: check_result | success
-  changed_when: False
-  retries: 30
-  delay: 2
-  notify:
-
-- name: Ensuring OVS bridge is properly setup
-  command: docker exec openvswitch_db /usr/local/bin/kolla_ensure_openvswitch_configured {{ item.0 }} {{ item.1 }}
-  register: status
-  changed_when: status.stdout.find('changed') != -1
-  with_together:
-    - "{{ neutron_bridge_name.split(',') }}"
-    - "{{ neutron_external_interface.split(',') }}"
-
-- name: Restart openvswitch-vswitchd container
-  vars:
-    service_name: "openvswitch-vswitchd"
-    service: "{{ neutron_services[service_name] }}"
-    config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    openvswitch_vswitchd_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
-  kolla_docker:
-    action: "recreate_or_restart_container"
-    common_options: "{{ docker_common_options }}"
-    name: "{{ service.container_name }}"
-    image: "{{ service.image }}"
-    volumes: "{{ service.volumes }}"
-    privileged: "{{ service.privileged | default(False) }}"
-  when:
-    - action != "config"
-    - service.enabled | bool
-    - service.host_in_groups | bool
-    - config_json | changed
-      or openvswitch_vswitchd_container | changed
-
 - name: Restart neutron-server container
   vars:
     service_name: "neutron-server"

ansible/roles/openvswitch/defaults/main.yml

@@ -0,0 +1,59 @@
+---
+project_name: "openvswitch"
+
+openvswitch_services:
+  openvswitch-db-server:
+    container_name: "openvswitch_db"
+    image: "{{ openvswitch_db_image_full }}"
+    enabled: "{{ enable_openvswitch }}"
+    group: openvswitch
+    host_in_groups: >-
+      {{
+      True if orchestration_engine == 'KUBERNETES' else
+      inventory_hostname in groups['compute']
+      or (enable_manila | bool and inventory_hostname in groups['manila-share'])
+      or inventory_hostname in groups['neutron-dhcp-agent']
+      or inventory_hostname in groups['neutron-l3-agent']
+      or inventory_hostname in groups['neutron-metadata-agent']
+      or inventory_hostname in groups['neutron-vpnaas-agent']
+      }}
+    volumes:
+      - "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/run:/run:shared"
+      - "kolla_logs:/var/log/kolla/"
+      - "openvswitch_db:/var/lib/openvswitch/"
+  openvswitch-vswitchd:
+    container_name: "openvswitch_vswitchd"
+    image: "{{ openvswitch_vswitchd_image_full }}"
+    enabled: "{{ enable_openvswitch }}"
+    group: openvswitch
+    host_in_groups: >-
+      {{
+      True if orchestration_engine == 'KUBERNETES' else
+      inventory_hostname in groups['compute']
+      or (enable_manila | bool and inventory_hostname in groups['manila-share'])
+      or inventory_hostname in groups['neutron-dhcp-agent']
+      or inventory_hostname in groups['neutron-l3-agent']
+      or inventory_hostname in groups['neutron-metadata-agent']
+      or inventory_hostname in groups['neutron-vpnaas-agent']
+      }}
+    privileged: True
+    volumes:
+      - "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro"
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/lib/modules:/lib/modules:ro"
+      - "/run:/run:shared"
+      - "kolla_logs:/var/log/kolla/"
+
+####################
+# Docker
+####################
+
+openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server"
+openvswitch_db_tag: "{{ openstack_release }}"
+openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}"
+
+openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd"
+openvswitch_vswitchd_tag: "{{ openstack_release }}"
+openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}"

ansible/roles/openvswitch/handlers/main.yml

@@ -0,0 +1,59 @@
+---
+- name: Restart openvswitch-db-server container
+  vars:
+    service_name: "openvswitch-db-server"
+    service: "{{ openvswitch_services[service_name] }}"
+    config_json: "{{ openvswitch_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    openvswitch_db_container: "{{ check_openvswitch_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+  when:
+    - action != "config"
+    - service.enabled | bool
+    - service.host_in_groups | bool
+    - config_json | changed
+      or openvswitch_db_container | changed
+  notify:
+    - Waiting for openvswitch_db service to be ready
+    - Ensuring OVS bridge is properly setup
+
+- name: Waiting for openvswitch_db service to be ready
+  command: docker exec openvswitch_db ovs-vsctl --no-wait show
+  register: check_result
+  until: check_result | success
+  changed_when: False
+  retries: 30
+  delay: 2
+  notify:
+
+- name: Ensuring OVS bridge is properly setup
+  command: docker exec openvswitch_db /usr/local/bin/kolla_ensure_openvswitch_configured {{ item.0 }} {{ item.1 }}
+  register: status
+  changed_when: status.stdout.find('changed') != -1
+  with_together:
+    - "{{ neutron_bridge_name.split(',') }}"
+    - "{{ neutron_external_interface.split(',') }}"
+
+- name: Restart openvswitch-vswitchd container
+  vars:
+    service_name: "openvswitch-vswitchd"
+    service: "{{ openvswitch_services[service_name] }}"
+    config_json: "{{ openvswitch_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    openvswitch_vswitchd_container: "{{ check_openvswitch_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes }}"
+    privileged: "{{ service.privileged | default(False) }}"
+  when:
+    - action != "config"
+    - service.enabled | bool
+    - service.host_in_groups | bool
+    - config_json | changed
+      or openvswitch_vswitchd_container | changed

ansible/roles/openvswitch/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }

ansible/roles/openvswitch/tasks/check.yml

@@ -0,0 +1 @@
+---

ansible/roles/openvswitch/tasks/config.yml

@@ -0,0 +1,39 @@
+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    state: "directory"
+    recurse: yes
+  when:
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ openvswitch_services }}"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+  register: openvswitch_config_jsons
+  when:
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ openvswitch_services }}"
+  notify:
+    - "Restart {{ item.key }} container"
+
+- name: Check openvswitch containers
+  kolla_docker:
+    action: "compare_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ item.value.container_name }}"
+    image: "{{ item.value.image }}"
+    privileged: "{{ item.value.privileged | default(False) }}"
+    volumes: "{{ item.value.volumes }}"
+  register: check_openvswitch_containers
+  when:
+    - action != "config"
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ openvswitch_services }}"
+  notify:
+    - "Restart {{ item.key }} container"

ansible/roles/openvswitch/tasks/deploy.yml

@@ -0,0 +1,8 @@
+---
+# enforce ironic usage only with openvswitch
+- include: ironic-check.yml
+
+- include: config.yml
+
+- name: Flush Handlers
+  meta: flush_handlers

ansible/roles/openvswitch/tasks/ironic-check.yml

@@ -0,0 +1,6 @@
+---
+# TODO(SamYaple): run verification checks at start of playbook
+- fail: msg="neutron_plugin_agent must use openvswitch with Ironic"
+  when:
+    - enable_ironic | bool
+    - neutron_plugin_agent != "openvswitch"

ansible/roles/openvswitch/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- include: "{{ action }}.yml"

ansible/roles/openvswitch/tasks/precheck.yml

@@ -0,0 +1,19 @@
+---
+- name: Get container facts
+  kolla_container_facts:
+    name:
+      - openvswitch_db
+  register: container_facts
+
+- name: Checking free port for OVSDB
+  vars:
+    openvswitch_db: "{{ openvswitch_services['openvswitch-db-server'] }}"
+  wait_for:
+    host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
+    port: "{{ ovsdb_port }}"
+    connect_timeout: 1
+    state: stopped
+  when:
+    - container_facts['openvswitch_db'] is not defined
+    - inventory_hostname in groups[openvswitch_db.group]
+    - openvswitch_db.enabled | bool

ansible/roles/openvswitch/tasks/pull.yml

@@ -0,0 +1,10 @@
+---
+- name: Pulling Openvswitch images
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ item.value.image }}"
+  when:
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ openvswitch_services }}"

ansible/roles/openvswitch/tasks/reconfigure.yml

@@ -0,0 +1,2 @@
+---
+- include: deploy.yml

ansible/roles/openvswitch/tasks/upgrade.yml

@@ -0,0 +1,5 @@
+---
+- include: config.yml
+
+- name: Flush Handlers
+  meta: flush_handlers

ansible/site.yml

@@ -274,6 +274,14 @@
         tags: nova,
         when: enable_nova | bool }
 
+- name: Apply role openvswitch
+  hosts:
+    - openvswitch
+  roles:
+    - { role: openvswitch,
+        tags: openvswitch,
+        when: enable_openvswitch | bool }
+
 # (gmmaha): Please do not change the order listed here. The current order is a
 # workaround to fix the bug https://bugs.launchpad.net/kolla/+bug/1546789
 - name: Apply role neutron

etc/kolla/globals.yml

@@ -179,6 +179,7 @@ kolla_internal_vip_address: "10.10.10.254"
 #enable_neutron_vpnaas: "no"
 #enable_nova_serialconsole_proxy: "no"
 #enable_octavia: "no"
+#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
 #enable_panko: "no"
 #enable_rally: "no"
 #enable_sahara: "no"