From 9badc4de21efd267493b90a5055f3f20810a3f53 Mon Sep 17 00:00:00 2001 From: Marcus G K Williams Date: Fri, 31 Mar 2017 10:42:02 -0700 Subject: [PATCH] Split Openvswitch into own role Creates Openvswitch role and splits openvswitch from Neutron role to enable third party networking solutions that use Openvswitch or customize Openvswitch. For example Openvswitch with dpdk or OpenDaylight. Change-Id: I5a41c42c5ec0a5e6999b2570ddac0f5efc3102ee Co-Authored-By: Mauricio Lima Partially-Implements: blueprint opendaylight-support --- ansible/group_vars/all.yml | 5 +- ansible/inventory/all-in-one | 5 ++ ansible/inventory/multinode | 5 ++ ansible/roles/neutron/defaults/main.yml | 51 ---------------- ansible/roles/neutron/handlers/main.yml | 59 ------------------- ansible/roles/openvswitch/defaults/main.yml | 59 +++++++++++++++++++ ansible/roles/openvswitch/handlers/main.yml | 59 +++++++++++++++++++ ansible/roles/openvswitch/meta/main.yml | 3 + ansible/roles/openvswitch/tasks/check.yml | 1 + ansible/roles/openvswitch/tasks/config.yml | 39 ++++++++++++ ansible/roles/openvswitch/tasks/deploy.yml | 8 +++ .../roles/openvswitch/tasks/ironic-check.yml | 6 ++ ansible/roles/openvswitch/tasks/main.yml | 2 + ansible/roles/openvswitch/tasks/precheck.yml | 19 ++++++ ansible/roles/openvswitch/tasks/pull.yml | 10 ++++ .../roles/openvswitch/tasks/reconfigure.yml | 2 + ansible/roles/openvswitch/tasks/upgrade.yml | 5 ++ .../templates/openvswitch-db-server.json.j2 | 0 .../templates/openvswitch-vswitchd.json.j2 | 0 ansible/site.yml | 8 +++ etc/kolla/globals.yml | 1 + 21 files changed, 236 insertions(+), 111 deletions(-) create mode 100644 ansible/roles/openvswitch/defaults/main.yml create mode 100644 ansible/roles/openvswitch/handlers/main.yml create mode 100644 ansible/roles/openvswitch/meta/main.yml create mode 100644 ansible/roles/openvswitch/tasks/check.yml create mode 100644 ansible/roles/openvswitch/tasks/config.yml create mode 100644 ansible/roles/openvswitch/tasks/deploy.yml create mode 100644 ansible/roles/openvswitch/tasks/ironic-check.yml create mode 100644 ansible/roles/openvswitch/tasks/main.yml create mode 100644 ansible/roles/openvswitch/tasks/precheck.yml create mode 100644 ansible/roles/openvswitch/tasks/pull.yml create mode 100644 ansible/roles/openvswitch/tasks/reconfigure.yml create mode 100644 ansible/roles/openvswitch/tasks/upgrade.yml rename ansible/roles/{neutron => openvswitch}/templates/openvswitch-db-server.json.j2 (100%) rename ansible/roles/{neutron => openvswitch}/templates/openvswitch-vswitchd.json.j2 (100%) diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 5ee68ea295..8b1cec8d16 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -247,6 +247,8 @@ fluentd_syslog_port: "5140" zun_api_port: "9512" +ovsdb_port: "6640" + public_protocol: "{{ 'https' if kolla_enable_tls_external | bool else 'http' }}" internal_protocol: "http" admin_protocol: "http" @@ -353,6 +355,7 @@ enable_neutron_agent_ha: "no" enable_neutron_bgp_dragent: "no" enable_nova_serialconsole_proxy: "no" enable_octavia: "no" +enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" enable_panko: "no" enable_rally: "no" enable_sahara: "no" @@ -492,7 +495,7 @@ designate_ns_record: "sample.openstack.org" # Neutron options ####################### neutron_bgp_router_id: "1.1.1.1" - +neutron_bridge_name: "br-ex" ####################### # Nova options diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index 23bbbb2ed6..f0450c5cad 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -81,6 +81,11 @@ control [neutron:children] network +[openvswitch:children] +network +compute +manila-share + [cinder:children] control diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index 0a2926c86c..7775bdcb68 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -102,6 +102,11 @@ control [neutron:children] network +[openvswitch:children] +network +compute +manila-share + [cinder:children] control diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 37ffc108d6..348d18e030 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -2,47 +2,6 @@ project_name: "neutron" neutron_services: - openvswitch-db-server: - container_name: "openvswitch_db" - image: "{{ openvswitch_db_image_full }}" - enabled: "{{ neutron_plugin_agent == 'openvswitch' }}" - host_in_groups: >- - {{ - True if orchestration_engine == 'KUBERNETES' else - inventory_hostname in groups['compute'] - or (enable_manila | bool and inventory_hostname in groups['manila-share']) - or inventory_hostname in groups['neutron-dhcp-agent'] - or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent'] - or inventory_hostname in groups['neutron-vpnaas-agent'] - }} - volumes: - - "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "/run:/run:shared" - - "kolla_logs:/var/log/kolla/" - - "openvswitch_db:/var/lib/openvswitch/" - openvswitch-vswitchd: - container_name: "openvswitch_vswitchd" - image: "{{ openvswitch_vswitchd_image_full }}" - enabled: "{{ neutron_plugin_agent == 'openvswitch' }}" - host_in_groups: >- - {{ - True if orchestration_engine == 'KUBERNETES' else - inventory_hostname in groups['compute'] - or (enable_manila | bool and inventory_hostname in groups['manila-share']) - or inventory_hostname in groups['neutron-dhcp-agent'] - or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent'] - or inventory_hostname in groups['neutron-vpnaas-agent'] - }} - privileged: True - volumes: - - "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "/lib/modules:/lib/modules:ro" - - "/run:/run:shared" - - "kolla_logs:/var/log/kolla/" neutron-server: container_name: "neutron_server" image: "{{ neutron_server_image_full }}" @@ -280,14 +239,6 @@ neutron_bgp_dragent_image: "{{ docker_registry ~ '/' if docker_registry else '' neutron_bgp_dragent_tag: "{{ openstack_release }}" neutron_bgp_dragent_image_full: "{{ neutron_bgp_dragent_image }}:{{ neutron_bgp_dragent_tag }}" -openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server" -openvswitch_db_tag: "{{ openstack_release }}" -openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}" - -openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd" -openvswitch_vswitchd_tag: "{{ openstack_release }}" -openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}" - #################### # OpenStack @@ -302,8 +253,6 @@ neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ n neutron_logging_debug: "{{ openstack_logging_debug }}" -neutron_bridge_name: "br-ex" - openstack_neutron_auth: "{{ openstack_auth }}" #################### diff --git a/ansible/roles/neutron/handlers/main.yml b/ansible/roles/neutron/handlers/main.yml index 63d5b13d9e..197964db28 100644 --- a/ansible/roles/neutron/handlers/main.yml +++ b/ansible/roles/neutron/handlers/main.yml @@ -1,63 +1,4 @@ --- -- name: Restart openvswitch-db-server container - vars: - service_name: "openvswitch-db-server" - service: "{{ neutron_services[service_name] }}" - config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" - openvswitch_db_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" - kolla_docker: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - volumes: "{{ service.volumes }}" - when: - - action != "config" - - service.enabled | bool - - service.host_in_groups | bool - - config_json | changed - or openvswitch_db_container | changed - notify: - - Waiting the openvswitch_db service to be ready - - Ensuring OVS bridge is properly setup - -- name: Waiting the openvswitch_db service to be ready - command: docker exec openvswitch_db ovs-vsctl --no-wait show - register: check_result - until: check_result | success - changed_when: False - retries: 30 - delay: 2 - notify: - -- name: Ensuring OVS bridge is properly setup - command: docker exec openvswitch_db /usr/local/bin/kolla_ensure_openvswitch_configured {{ item.0 }} {{ item.1 }} - register: status - changed_when: status.stdout.find('changed') != -1 - with_together: - - "{{ neutron_bridge_name.split(',') }}" - - "{{ neutron_external_interface.split(',') }}" - -- name: Restart openvswitch-vswitchd container - vars: - service_name: "openvswitch-vswitchd" - service: "{{ neutron_services[service_name] }}" - config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" - openvswitch_vswitchd_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" - kolla_docker: - action: "recreate_or_restart_container" - common_options: "{{ docker_common_options }}" - name: "{{ service.container_name }}" - image: "{{ service.image }}" - volumes: "{{ service.volumes }}" - privileged: "{{ service.privileged | default(False) }}" - when: - - action != "config" - - service.enabled | bool - - service.host_in_groups | bool - - config_json | changed - or openvswitch_vswitchd_container | changed - - name: Restart neutron-server container vars: service_name: "neutron-server" diff --git a/ansible/roles/openvswitch/defaults/main.yml b/ansible/roles/openvswitch/defaults/main.yml new file mode 100644 index 0000000000..7f04c13fde --- /dev/null +++ b/ansible/roles/openvswitch/defaults/main.yml @@ -0,0 +1,59 @@ +--- +project_name: "openvswitch" + +openvswitch_services: + openvswitch-db-server: + container_name: "openvswitch_db" + image: "{{ openvswitch_db_image_full }}" + enabled: "{{ enable_openvswitch }}" + group: openvswitch + host_in_groups: >- + {{ + True if orchestration_engine == 'KUBERNETES' else + inventory_hostname in groups['compute'] + or (enable_manila | bool and inventory_hostname in groups['manila-share']) + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] + }} + volumes: + - "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "/run:/run:shared" + - "kolla_logs:/var/log/kolla/" + - "openvswitch_db:/var/lib/openvswitch/" + openvswitch-vswitchd: + container_name: "openvswitch_vswitchd" + image: "{{ openvswitch_vswitchd_image_full }}" + enabled: "{{ enable_openvswitch }}" + group: openvswitch + host_in_groups: >- + {{ + True if orchestration_engine == 'KUBERNETES' else + inventory_hostname in groups['compute'] + or (enable_manila | bool and inventory_hostname in groups['manila-share']) + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] + }} + privileged: True + volumes: + - "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "/lib/modules:/lib/modules:ro" + - "/run:/run:shared" + - "kolla_logs:/var/log/kolla/" + +#################### +# Docker +#################### + +openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server" +openvswitch_db_tag: "{{ openstack_release }}" +openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}" + +openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd" +openvswitch_vswitchd_tag: "{{ openstack_release }}" +openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}" diff --git a/ansible/roles/openvswitch/handlers/main.yml b/ansible/roles/openvswitch/handlers/main.yml new file mode 100644 index 0000000000..e6b6d84a11 --- /dev/null +++ b/ansible/roles/openvswitch/handlers/main.yml @@ -0,0 +1,59 @@ +--- +- name: Restart openvswitch-db-server container + vars: + service_name: "openvswitch-db-server" + service: "{{ openvswitch_services[service_name] }}" + config_json: "{{ openvswitch_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + openvswitch_db_container: "{{ check_openvswitch_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + when: + - action != "config" + - service.enabled | bool + - service.host_in_groups | bool + - config_json | changed + or openvswitch_db_container | changed + notify: + - Waiting for openvswitch_db service to be ready + - Ensuring OVS bridge is properly setup + +- name: Waiting for openvswitch_db service to be ready + command: docker exec openvswitch_db ovs-vsctl --no-wait show + register: check_result + until: check_result | success + changed_when: False + retries: 30 + delay: 2 + notify: + +- name: Ensuring OVS bridge is properly setup + command: docker exec openvswitch_db /usr/local/bin/kolla_ensure_openvswitch_configured {{ item.0 }} {{ item.1 }} + register: status + changed_when: status.stdout.find('changed') != -1 + with_together: + - "{{ neutron_bridge_name.split(',') }}" + - "{{ neutron_external_interface.split(',') }}" + +- name: Restart openvswitch-vswitchd container + vars: + service_name: "openvswitch-vswitchd" + service: "{{ openvswitch_services[service_name] }}" + config_json: "{{ openvswitch_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + openvswitch_vswitchd_container: "{{ check_openvswitch_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes }}" + privileged: "{{ service.privileged | default(False) }}" + when: + - action != "config" + - service.enabled | bool + - service.host_in_groups | bool + - config_json | changed + or openvswitch_vswitchd_container | changed diff --git a/ansible/roles/openvswitch/meta/main.yml b/ansible/roles/openvswitch/meta/main.yml new file mode 100644 index 0000000000..6b4fff8fef --- /dev/null +++ b/ansible/roles/openvswitch/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - { role: common } diff --git a/ansible/roles/openvswitch/tasks/check.yml b/ansible/roles/openvswitch/tasks/check.yml new file mode 100644 index 0000000000..ed97d539c0 --- /dev/null +++ b/ansible/roles/openvswitch/tasks/check.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/openvswitch/tasks/config.yml b/ansible/roles/openvswitch/tasks/config.yml new file mode 100644 index 0000000000..0a24c63f4f --- /dev/null +++ b/ansible/roles/openvswitch/tasks/config.yml @@ -0,0 +1,39 @@ +--- +- name: Ensuring config directories exist + file: + path: "{{ node_config_directory }}/{{ item.key }}" + state: "directory" + recurse: yes + when: + - item.value.enabled | bool + - item.value.host_in_groups | bool + with_dict: "{{ openvswitch_services }}" + +- name: Copying over config.json files for services + template: + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + register: openvswitch_config_jsons + when: + - item.value.enabled | bool + - item.value.host_in_groups | bool + with_dict: "{{ openvswitch_services }}" + notify: + - "Restart {{ item.key }} container" + +- name: Check openvswitch containers + kolla_docker: + action: "compare_container" + common_options: "{{ docker_common_options }}" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + privileged: "{{ item.value.privileged | default(False) }}" + volumes: "{{ item.value.volumes }}" + register: check_openvswitch_containers + when: + - action != "config" + - item.value.enabled | bool + - item.value.host_in_groups | bool + with_dict: "{{ openvswitch_services }}" + notify: + - "Restart {{ item.key }} container" diff --git a/ansible/roles/openvswitch/tasks/deploy.yml b/ansible/roles/openvswitch/tasks/deploy.yml new file mode 100644 index 0000000000..3fa34a2afa --- /dev/null +++ b/ansible/roles/openvswitch/tasks/deploy.yml @@ -0,0 +1,8 @@ +--- +# enforce ironic usage only with openvswitch +- include: ironic-check.yml + +- include: config.yml + +- name: Flush Handlers + meta: flush_handlers diff --git a/ansible/roles/openvswitch/tasks/ironic-check.yml b/ansible/roles/openvswitch/tasks/ironic-check.yml new file mode 100644 index 0000000000..a578ce2c72 --- /dev/null +++ b/ansible/roles/openvswitch/tasks/ironic-check.yml @@ -0,0 +1,6 @@ +--- +# TODO(SamYaple): run verification checks at start of playbook +- fail: msg="neutron_plugin_agent must use openvswitch with Ironic" + when: + - enable_ironic | bool + - neutron_plugin_agent != "openvswitch" diff --git a/ansible/roles/openvswitch/tasks/main.yml b/ansible/roles/openvswitch/tasks/main.yml new file mode 100644 index 0000000000..b017e8b4ad --- /dev/null +++ b/ansible/roles/openvswitch/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: "{{ action }}.yml" diff --git a/ansible/roles/openvswitch/tasks/precheck.yml b/ansible/roles/openvswitch/tasks/precheck.yml new file mode 100644 index 0000000000..31961dd2a3 --- /dev/null +++ b/ansible/roles/openvswitch/tasks/precheck.yml @@ -0,0 +1,19 @@ +--- +- name: Get container facts + kolla_container_facts: + name: + - openvswitch_db + register: container_facts + +- name: Checking free port for OVSDB + vars: + openvswitch_db: "{{ openvswitch_services['openvswitch-db-server'] }}" + wait_for: + host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}" + port: "{{ ovsdb_port }}" + connect_timeout: 1 + state: stopped + when: + - container_facts['openvswitch_db'] is not defined + - inventory_hostname in groups[openvswitch_db.group] + - openvswitch_db.enabled | bool diff --git a/ansible/roles/openvswitch/tasks/pull.yml b/ansible/roles/openvswitch/tasks/pull.yml new file mode 100644 index 0000000000..83056917d9 --- /dev/null +++ b/ansible/roles/openvswitch/tasks/pull.yml @@ -0,0 +1,10 @@ +--- +- name: Pulling Openvswitch images + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ item.value.image }}" + when: + - item.value.enabled | bool + - item.value.host_in_groups | bool + with_dict: "{{ openvswitch_services }}" diff --git a/ansible/roles/openvswitch/tasks/reconfigure.yml b/ansible/roles/openvswitch/tasks/reconfigure.yml new file mode 100644 index 0000000000..e078ef1318 --- /dev/null +++ b/ansible/roles/openvswitch/tasks/reconfigure.yml @@ -0,0 +1,2 @@ +--- +- include: deploy.yml diff --git a/ansible/roles/openvswitch/tasks/upgrade.yml b/ansible/roles/openvswitch/tasks/upgrade.yml new file mode 100644 index 0000000000..5aac9f5a7f --- /dev/null +++ b/ansible/roles/openvswitch/tasks/upgrade.yml @@ -0,0 +1,5 @@ +--- +- include: config.yml + +- name: Flush Handlers + meta: flush_handlers diff --git a/ansible/roles/neutron/templates/openvswitch-db-server.json.j2 b/ansible/roles/openvswitch/templates/openvswitch-db-server.json.j2 similarity index 100% rename from ansible/roles/neutron/templates/openvswitch-db-server.json.j2 rename to ansible/roles/openvswitch/templates/openvswitch-db-server.json.j2 diff --git a/ansible/roles/neutron/templates/openvswitch-vswitchd.json.j2 b/ansible/roles/openvswitch/templates/openvswitch-vswitchd.json.j2 similarity index 100% rename from ansible/roles/neutron/templates/openvswitch-vswitchd.json.j2 rename to ansible/roles/openvswitch/templates/openvswitch-vswitchd.json.j2 diff --git a/ansible/site.yml b/ansible/site.yml index 41c8afce7b..bca1aafba7 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -274,6 +274,14 @@ tags: nova, when: enable_nova | bool } +- name: Apply role openvswitch + hosts: + - openvswitch + roles: + - { role: openvswitch, + tags: openvswitch, + when: enable_openvswitch | bool } + # (gmmaha): Please do not change the order listed here. The current order is a # workaround to fix the bug https://bugs.launchpad.net/kolla/+bug/1546789 - name: Apply role neutron diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 408bf347e7..aa8688220d 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -179,6 +179,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_neutron_vpnaas: "no" #enable_nova_serialconsole_proxy: "no" #enable_octavia: "no" +#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}" #enable_panko: "no" #enable_rally: "no" #enable_sahara: "no"