From 461788fdf9a65cae167d0896e6ca07ad11313516 Mon Sep 17 00:00:00 2001 From: Qing Wu Wang Date: Tue, 12 Jul 2016 03:20:20 -0500 Subject: [PATCH] Enable higher performance I/O through In Ubuntu 16.04 the updated kernel that is shipped has conntrack support. The inclusion of conntrack led to a new firewall driver that removed the need for hybrid vif plugging. Hybrid vif plugging allowed security groups to operate properly, but led to significant performance degradation's when paired with OVS. Since the inclusion of OVS for the PowerVM driver occurred during the OpenStack Newton release, it aligned well with the Ubuntu 16.04 release. As such, the PowerVM driver team did not enable hybrid vif plugging, but instead focused on standard plugging. This change set allows an option to turn off the hybrid vif plugging (for all architectures), but will automatically detect it for PowerVM and turn it off. This will enable deployments on newer operating systems to have higher network I/O performance. Change-Id: I0801b0d6925a0d3c0ae9b14d38310d5906355b98 Partially-Implements: blueprint powervm-virt-driver --- .../neutron-ovs-powervm-116662f169e17175.yaml | 18 +++++++++++++ tasks/main.yml | 26 +++++++++++++++++++ tasks/neutron_ml2_ovs_powervm.yml | 26 +++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 releasenotes/notes/neutron-ovs-powervm-116662f169e17175.yaml create mode 100644 tasks/neutron_ml2_ovs_powervm.yml diff --git a/releasenotes/notes/neutron-ovs-powervm-116662f169e17175.yaml b/releasenotes/notes/neutron-ovs-powervm-116662f169e17175.yaml new file mode 100644 index 00000000..3150d169 --- /dev/null +++ b/releasenotes/notes/neutron-ovs-powervm-116662f169e17175.yaml @@ -0,0 +1,18 @@ +--- +features: + - | + The ``os_neutron`` role will now default to the OVS firewall driver when + ``neutron_plugin_type`` is ``ml2.ovs`` and the host is running Ubuntu + 16.04 on PowerVM. To override this default behavior, deployers should + define ``neutron_ml2_conf_ini_overrides`` and + 'neutron_openvswitch_agent_ini_overrides' in 'user_variables.yml'. Example + below + + :: + + neutron_ml2_conf_ini_overrides: + securitygroup: + firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + neutron_openvswitch_agent_ini_overrides: + securitygroup: + firewall_driver: iptables_hybrid diff --git a/tasks/main.yml b/tasks/main.yml index 520b3332..568653bd 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -36,6 +36,32 @@ tags: - always +- name: Get CPU info content and store as var + shell: cat /proc/cpuinfo + register: cpuinfo_contents + changed_when: false + failed_when: false + tags: + - always + +- name: Set neutron target platform type + set_fact: + neutron_os_type: "powervm" + when: + - cpuinfo_contents.stdout.find('pSeries') != -1 + - ansible_architecture == 'ppc64le' + tags: + - always + +- include: neutron_ml2_ovs_powervm.yml + when: + - neutron_os_type is defined + - neutron_os_type == 'powervm' + - neutron_plugin_type == 'ml2.ovs' + - "{{ ansible_distribution_version | version_compare('16.04','>=') }}" + tags: + - neutron-config + - include: neutron_check.yml tags: - always diff --git a/tasks/neutron_ml2_ovs_powervm.yml b/tasks/neutron_ml2_ovs_powervm.yml new file mode 100644 index 00000000..871befbc --- /dev/null +++ b/tasks/neutron_ml2_ovs_powervm.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2016, IBM Corp. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Override neutron ovs driver firewall type + set_fact: + neutron_ml2_conf_ini_overrides: + securitygroup: + firewall_driver: "openvswitch" + +- name: Override neutron ovs driver firewall + set_fact: + neutron_openvswitch_agent_ini_overrides: + securitygroup: + firewall_driver: "neutron.agent.linux.openvswitch_firewall.OVSFirewallDriver"