Merge "Adds networking-ovn support"

defaults/main.yml

@@ -73,6 +73,8 @@ networking_bgpvpn_git_repo: https://git.openstack.org/openstack/networking-bgpvp
 networking_bgpvpn_git_install_branch: master
 openstack_ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
 openstack_ceilometer_git_install_branch: master
+networking_ovn_git_repo: https://git.openstack.org/openstack/networking-ovn
+networking_ovn_git_install_branch: master
 
 # Developer mode
 neutron_developer_mode: false
@@ -184,6 +186,8 @@ neutron_sriov_nic_agent_ini_overrides: {}
 neutron_sriov_nic_agent_init_overrides: {}
 neutron_vpn_agent_init_overrides: {}
 neutron_vpnaas_agent_ini_overrides: {}
+neutron_ovn_metadata_agent_ini_overrides: {}
+neutron_ovn_metadata_agent_init_overrides: {}
 
 ###
 ### Quotas
@@ -357,6 +361,7 @@ neutron_local_ip: 127.0.0.1
 #   network_types: "vxlan,flat,vlan"
 #   network_vlan_ranges: "vlan:1:1,vlan:1024:1025"
 #   network_vxlan_ranges: "1:1000"
+#   network_geneve_ranges: "1:1000"
 #   network_sriov_mappings: "vlan:p4p1"
 
 ###
@@ -454,6 +459,12 @@ dragonflow_int_peer_patch_port: patch-ex
 dragonflow_external_network_bridge: br-ex
 dragonflow_publisher_bind_address: "*"
 
+# OVN Defaults
+neutron_ovn_northd_service_name: ovn-northd
+neutron_ovn_controller_service_name: ovn-controller
+neutron_ovn_l3_scheduler: leastloaded
+neutron_ovn_ip: "{{ internal_lb_vip_address }}"
+
 # Install Openvswitch without NSH support
 ovs_nsh_support: False
 

doc/source/app-ovn.rst

@@ -0,0 +1,230 @@
+========================================
+Scenario - Open Virtual Network (OVN)
+========================================
+
+Overview
+~~~~~~~~
+
+Operators can choose to utilize the Open Virtual Network (OVN) mechanism
+driver instead of Linux bridges or plain Open vSwitch for the Neutron ML2
+plugin. This offers the possibility to deploy virtual networks and routers
+using OVN with Open vSwitch, which replaces the agent-based model used by
+the aforementioned architectures. This document outlines how to set it up in
+your environment.
+
+The current implementation of OVN in OpenStack-Ansible should not be considered
+production-ready and makes the following architectural assumptions:
+
+* Each compute node will act as an OVN controller
+* Each compute node is eligible to serve as an OVN gateway node
+
+NOTE: Physical VTEP integration is not yet supported.
+
+Recommended reading
+~~~~~~~~~~~~~~~~~~~
+
+Since this is an extension of the basic Open vSwitch scenario, it is worth
+reading that scenario to get some background. It is also recommended to be
+familiar with OVN and networking-ovn projects and their configuration.
+
+* `Scenario: Open vSwitch <app-openvswitch.html>`_
+* `OVN Architecture <http://www.openvswitch.org//support/dist-docs/ovn-architecture.7.html>`_
+* `Networking-ovn <https://github.com/openstack/networking-ovn>`_
+
+Prerequisites
+~~~~~~~~~~~~~
+
+* Open vSwitch >= 2.9.0
+
+* Networking-ovn at time of writing requires neutron-lib>=1.17.0. The overrides
+described here will ensure that version is installed.
+
+* A successful deployment of OVN requires a dedicated network interface be
+attached to the OVS provider bridge. This is not handled automatially and
+may require changes to the network interface configuration file.
+
+OpenStack-Ansible user variables
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Set the following user variables in your
+``/etc/openstack_deploy/user_variables.yml``:
+
+.. code-block:: yaml
+
+  # Ensure the openvswitch kernel module is loaded
+  openstack_host_specific_kernel_modules:
+    - name: "openvswitch"
+      pattern: "CONFIG_OPENVSWITCH"
+      group: "network_hosts"
+
+  neutron_plugin_type: ml2.ovn
+
+  neutron_plugin_base:
+    - networking_ovn.l3.l3_ovn.OVNL3RouterPlugin
+
+  neutron_ml2_drivers_type: "vlan,local,geneve"
+
+  # Typically this would be defined by the os-neutron-install
+  # playbook. The provider_networks library would parse the
+  # provider_networks list in openstack_user_config.yml and
+  # generate the values of network_types, network_vlan_ranges
+  # and network_mappings. network_mappings would have a
+  # different value for each host in the inventory based on
+  # whether or not the host was metal (typically a compute host)
+  # or a container (typically a neutron agent container)
+  #
+  # When using OVN w/ Open vSwitch, we override it to take into account
+  # the Open vSwitch bridge we are going to define outside of
+  # OpenStack-Ansible plays. All segmentation id ranges can be tweaked
+  # to suit the environment. VXLAN networks are not directly supported.
+
+  # When configuring Neutron to support only geneve tenant networks and
+  # vlan provider networks the configuration may resemble the following:
+  neutron_provider_networks:
+    network_types: "geneve"
+    network_geneve_ranges: "1:1000"
+    network_vlan_ranges: "vlan"
+    network_mappings: "vlan:br-provider"
+
+  # When configuring Neutron to support only vlan tenant networks and
+  # vlan provider networks the configuration may resemble the following:
+  neutron_provider_networks:
+    network_types: "vlan"
+    network_vlan_ranges: "vlan:102:199"
+    network_mappings: "vlan:br-provider"
+
+  repo_build_upper_constraints_overrides: [neutron-lib>=1.17.0]
+
+The overrides are instructing Ansible to deploy the OVN mechanism driver and
+associated OVN components. This is done by setting ``neutron_plugin_type``
+to ``ml2.ovn``.
+
+The ``neutron_plugin_base`` override instructions Neutron to use OVN for
+routing functions rather than the standard L3 agent model.
+
+The ``neutron_ml2_drivers_type`` override provides support for all type
+drivers supported by OVN.
+
+Open Virtual Network (OVN) commands
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following commands can be used to provide useful information about...
+
+The ``ovs-vsctl list open_vswitch`` command provides information about the
+``open_vswitch`` table in the local Open vSwitch database:
+
+.. code-block::
+
+  root@aio1:~# ovs-vsctl list open_vswitch
+  _uuid               : 855c820b-c082-4d8f-9828-8cab01c6c9a0
+  bridges             : [37d3bd82-d436-474e-89b7-705aea634d7d, a393b2f6-5c3d-4ccd-a2f9-e9817391612a]
+  cur_cfg             : 14
+  datapath_types      : [netdev, system]
+  db_version          : "7.15.1"
+  external_ids        : {hostname="aio1", ovn-bridge-mappings="vlan:br-provider", ovn-encap-ip="172.29.240.100", ovn-encap-type="geneve,vxlan", ovn-remote="tcp:172.29.236.100:6642", rundir="/var/run/openvswitch", system-id="11af26c6-9ec1-4cf7-bf41-2af45bd59b03"}
+  iface_types         : [geneve, gre, internal, lisp, patch, stt, system, tap, vxlan]
+  manager_options     : []
+  next_cfg            : 14
+  other_config        : {}
+  ovs_version         : "2.9.0"
+  ssl                 : []
+  statistics          : {}
+  system_type         : ubuntu
+  system_version      : "16.04"
+
+The ``ovn-sbctl show`` command provides information related to southbound
+connections. If used outside the ovn_northd container, specify the
+connection details:
+
+.. code-block::
+
+  root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-sbctl show
+  Chassis "11af26c6-9ec1-4cf7-bf41-2af45bd59b03"
+      hostname: "aio1"
+      Encap vxlan
+          ip: "172.29.240.100"
+          options: {csum="true"}
+      Encap geneve
+          ip: "172.29.240.100"
+          options: {csum="true"}
+
+  root@aio1:~# ovn-sbctl --db=tcp:172.29.236.100:6642 show
+  Chassis "11af26c6-9ec1-4cf7-bf41-2af45bd59b03"
+      hostname: "aio1"
+      Encap vxlan
+          ip: "172.29.240.100"
+          options: {csum="true"}
+      Encap geneve
+          ip: "172.29.240.100"
+          options: {csum="true"}
+
+The ``ovn-nbctl show`` command provides information about networks known
+to OVN and demonstrates connectivity between the northbound database
+and neutron-server.
+
+.. code-block::
+
+  root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-nbctl show
+  switch 5e77f29e-5dd3-4875-984f-94bd30a12dc3 (neutron-87ec5a05-9abe-4c93-89bd-c6d40320db87) (aka testnet)
+      port 65785045-69ec-49e7-82e3-b9989f718a9c
+          type: localport
+          addresses: ["fa:16:3e:68:a3:c8"]
+
+The ``ovn-nbctl list Address_Set`` command provides information related to
+security groups. If used outside the ovn_northd container, specify the
+connection details:
+
+.. code-block::
+
+  root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-nbctl list Address_Set
+  _uuid               : 575b3015-f83f-4bd6-a698-3fe67e43bec6
+  addresses           : []
+  external_ids        : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"}
+  name                : "as_ip4_199997c1_6f06_4765_89af_6fd064365c6a"
+
+  _uuid               : b6e211af-e52e-4c59-93ce-adf75ec14f46
+  addresses           : []
+  external_ids        : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"}
+  name                : "as_ip6_199997c1_6f06_4765_89af_6fd064365c6a"
+
+  root@aio1:~# ovn-nbctl --db=tcp:172.29.236.100:6641 list Address_Set
+  _uuid               : 575b3015-f83f-4bd6-a698-3fe67e43bec6
+  addresses           : []
+  external_ids        : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"}
+  name                : "as_ip4_199997c1_6f06_4765_89af_6fd064365c6a"
+
+  _uuid               : b6e211af-e52e-4c59-93ce-adf75ec14f46
+  addresses           : []
+  external_ids        : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"}
+  name                : "as_ip6_199997c1_6f06_4765_89af_6fd064365c6a"
+
+Additional commands can be found in upstream OVN documentation.
+
+Notes
+~~~~~
+
+The ``ovn-controller`` service on compute nodes will check in as an agent
+and can be observed using the ``openstack network agent list`` command:
+
+.. code-block::
+
+  root@aio1-utility-container-35bebd2a:~# openstack network agent list
+  +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+
+  | ID                                   | Agent Type                   | Host | Availability Zone | Alive | State | Binary         |
+  +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+
+  | 4db288a6-8f8a-4153-b4b7-7eaf44f9e881 | OVN Controller Gateway agent | aio1 | n/a               | :-)   | UP    | ovn-controller |
+  +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+
+
+The HAproxy client and server timeout values have been increased from
+50 seconds to 90 minutes for all load-balanced OVN-related services.
+
+The HAproxy implementation in use may not properly handle active/backup
+failover for ovsdb-server with OVN. Work may be done to implement
+pacemaker/corosync or wait for active/active support.
+
+Warranty
+~~~~~~~~
+
+This implementation of OVN is not supported and should be considered
+only for development purposes. The architecture within OSA is subject
+to change. Reviews and suggestions are welcome.

files/rootwrap.d/ovn-plugin.filters

@@ -0,0 +1,20 @@
+# neutron-rootwrap command filters for nodes on which neutron is
+# expected to control network
+#
+# This file should be owned by (and only-writeable by) the root user
+
+# format seems to be
+# cmd-name: filter-name, raw-command, user, args
+
+[Filters]
+
+# ovn
+ovn-ctl: CommandFilter, ovn-ctl, root
+
+# ip_lib
+ip: IpFilter, ip, root
+find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.*
+ip_exec: IpNetnsExecFilter, ip, root
+
+# haproxy
+haproxy: CommandFilter, haproxy, root

tasks/main.yml

@@ -104,8 +104,8 @@
     name: systemd_service
     private: true
   vars:
-    systemd_user_name: "{{ neutron_system_user_name }}"
-    systemd_group_name: "{{ neutron_system_group_name }}"
+    systemd_user_name: "{{ service_var.systemd_user_name | default(neutron_system_user_name) }}"
+    systemd_group_name: "{{ service_var.systemd_group_name | default(neutron_system_group_name) }}"
     systemd_tempd_prefix: openstack
     systemd_slice_name: neutron
     systemd_lock_path: /var/lock/neutron
@@ -113,10 +113,12 @@
     systemd_BlockIOAccounting: true
     systemd_MemoryAccounting: true
     systemd_TasksAccounting: true
+    systemd_PrivateTmp: "{{ service_var.systemd_PrivateTmp | default(True) }}"
     systemd_services:
       - service_name: "{{ service_var.service_name }}"
         enabled: yes
         state: started
+        service_type: "{{ service_var.service_type | default(systemd_default_service_type) }}"
         execstarts: "{{ service_var.execstarts }}"
         execreloads: "{{ service_var.execreloads | default([]) }}"
         config_overrides: "{{ service_var.init_config_overrides }}"

tasks/providers/ovn_config.yml

@@ -0,0 +1,97 @@
+# (c) 2018, James Denton <james.denton@rackspace.com>
+#
+# Copyright 2018, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Install OVN pip packages
+  pip:
+    name: "{{ neutron_optional_ovn_pip_packages }}"
+    state: "{{ neutron_pip_package_state }}"
+    virtualenv: "{{ neutron_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: >-
+      {{ neutron_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {{ pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  when:
+    - neutron_services['neutron-server']['group'] in group_names
+      or neutron_services['neutron-ovn-northd']['group'] in group_names
+      or neutron_services['neutron-ovn-controller']['group'] in group_names
+  notify: Restart neutron services
+  tags:
+    - ovn-install
+    - ovn-pip-packages
+
+- name: Install ovn-northd packages
+  package:
+    name: "{{ neutron_ovn_northd_distro_packages }}"
+    state: "{{ neutron_package_state }}"
+    update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
+    cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
+  register: install_packages
+  until: install_packages is success
+  retries: 5
+  delay: 2
+  when:
+    - neutron_services['neutron-ovn-northd']['group'] in group_names
+
+- name: Install ovn-controller packages
+  package:
+    name: "{{ neutron_ovn_controller_distro_packages }}"
+    state: "{{ neutron_package_state }}"
+    update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
+    cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
+  register: install_packages
+  until: install_packages is success
+  retries: 5
+  delay: 2
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+
+- name: Ensure Open vSwitch service is started and enabled
+  systemd:
+    name: "{{ neutron_ovs_service_name }}"
+    state: started
+    enabled: yes
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-northd']['group'] in group_names
+      or neutron_services['neutron-ovn-controller']['group'] in group_names
+
+- name: Ensure ovn-northd service is started and enabled
+  systemd:
+    name: "{{ neutron_ovn_northd_service_name }}"
+    state: started
+    enabled: yes
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-northd']['group'] in group_names
+
+- name: Ensure ovn-controller service is started and enabled
+  systemd:
+    name: "{{ neutron_ovn_controller_service_name }}"
+    state: started
+    enabled: yes
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+
+- include: setup_ovs_ovn.yml

tasks/providers/setup_ovs_ovn.yml

@@ -0,0 +1,87 @@
+# (c) 2018, James Denton <james.denton@rackspace.com>
+#
+# Copyright 2018, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set openvswitch hostname
+  command: "ovs-vsctl set open_vswitch . external-ids:hostname='{{ inventory_hostname }}'"
+  tags:
+   - ovn-config
+
+- name: Create ovsdb-server Listener
+  command: "ovs-vsctl set-manager ptcp:6640"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-northd']['group'] in group_names
+
+- name: Configure OVN Northbound Listener
+  command: "ovn-nbctl set-connection ptcp:6641:0.0.0.0 -- set connection . inactivity_probe=60000"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-northd']['group'] in group_names
+
+- name: Configure OVN Southbound Listener
+  command: "ovn-sbctl set-connection ptcp:6642:0.0.0.0 -- set connection . inactivity_probe=60000"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-northd']['group'] in group_names
+
+# (NOTE) This makes all computes eligible to be gateway nodes
+- name: Set CMS Options for Gateway Scheduling
+  command: "ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+
+- name: Configure OVN Southbound Connection
+  command: "ovs-vsctl set open . external-ids:ovn-remote=tcp:{{ neutron_ovn_ip }}:6642"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+
+# (todo) Dynamic encap type
+- name: Configure Supported OVN Overlay Protocols
+  command: "ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+
+- name: Configure Encapsulation Address for Overlay Traffic
+  command: "ovs-vsctl set open . external-ids:ovn-encap-ip={{ neutron_local_ip }}"
+  tags:
+   - ovn-config
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+
+- name: Setup Network Provider Bridge
+  openvswitch_bridge:
+    bridge: "{{ neutron_provider_networks.network_mappings.split(':')[1] }}"
+    state: present
+  when:
+    - neutron_services['neutron-ovn-controller']['group'] in group_names
+    - neutron_provider_networks.network_mappings is defined
+
+- name: Set the Bridge Mappings
+  command: "ovs-vsctl set open . external-ids:ovn-bridge-mappings={{ neutron_provider_networks.network_mappings }}"
+  tags:
+  - ovn-config
+  when:
+    - neutron_provider_networks.network_mappings is defined
+    - neutron_services['neutron-ovn-controller']['group'] in group_names

templates/networking_ovn_metadata_agent.ini.j2

@@ -0,0 +1,14 @@
+# {{ ansible_managed }}
+
+[DEFAULT]
+debug = {{ debug }}
+
+# Nova metadata service IP and port
+nova_metadata_host = {{ internal_lb_vip_address }}
+
+# Metadata proxy shared secret
+metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }}
+
+[ovs]
+ovsdb_connection = unix:{{ neutron_ovs_socket_path }}/db.sock
+ovsdb_connection_timeout = 180

templates/plugins/ml2/ml2_conf.ini.j2

@@ -36,6 +36,25 @@ vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }}
 
 {% endif %}
 
+{% if neutron_provider_networks.network_geneve_ranges is defined %}
+
+[ml2_type_geneve]
+vni_ranges = {{ neutron_provider_networks.network_geneve_ranges }}
+max_header_size = 38
+
+{% endif %}
+
+{% if neutron_plugin_type == 'ml2.ovn' and (neutron_services['neutron-server']['group'] or neutron_services['neutron-ovn-controller']['group'] in group_names) %}
+
+[ovn]
+ovn_native_dhcp = True
+ovn_nb_connection = tcp:{{ neutron_ovn_ip }}:6641
+ovn_sb_connection = tcp:{{ neutron_ovn_ip }}:6642
+ovn_l3_scheduler = {{ neutron_ovn_l3_scheduler }}
+ovn_metadata_enabled = True
+
+{% endif %}
+
 # Security groups
 [securitygroup]
 {% if neutron_plugin_type == 'ml2.ovs' %}

tests/neutron-overrides-ovn.yml

@@ -0,0 +1,35 @@
+---
+openstack_host_specific_kernel_modules:
+  - name: "openvswitch"
+    pattern: "CONFIG_OPENVSWITCH"
+
+tempest_run: yes
+
+tempest_plugins:
+  - name: neutron
+    repo: https://git.openstack.org/openstack/neutron
+    branch: master
+  - name: neutron-plugins
+    repo: https://git.openstack.org/openstack/neutron-tempest-plugin
+    branch: master
+
+tempest_test_whitelist:
+  - "neutron_tempest_plugin.api.test_networks*"
+
+tempest_private_net_provider_type: geneve
+
+neutron_plugin_type: ml2.ovn
+neutron_local_ip: "{{ ansible_host }}"
+
+neutron_plugin_base:
+  - networking_ovn.l3.l3_ovn.OVNL3RouterPlugin
+
+neutron_ml2_drivers_type: "geneve,vlan,flat,local"
+
+neutron_provider_networks:
+  network_types: "geneve"
+  network_geneve_ranges: "1:1000"
+  network_vlan_ranges: "vlan"
+  network_mappings: "vlan:br-provider"
+
+repo_build_upper_constraints_overrides: [neutron-lib>=1.17.0]

tests/ovn_inventory

@@ -0,0 +1,74 @@
+[all]
+localhost
+infra1
+server1
+server2
+
+[physical_host]
+localhost
+
+[all_containers]
+infra1
+server1
+server2
+
+[oslomsg_rpc_all]
+infra1
+
+[oslomsg_notify_all]
+infra1
+
+[rabbitmq_all]
+infra1
+
+[galera_all]
+infra1
+
+[memcached_all]
+infra1
+
+[service_all:children]
+rabbitmq_all
+galera_all
+memcached_all
+
+[keystone_all]
+infra1
+
+[neutron_agent]
+[neutron_dhcp_agent]
+[neutron_linuxbridge_agent]
+[neutron_openvswitch_agent]
+[neutron_metering_agent]
+[neutron_l3_agent]
+[neutron_lbaas_agent]
+[neutron_metadata_agent]
+
+[neutron_server]
+server1
+server2
+
+[neutron_calico_dhcp_agent]
+
+[neutron_ovn_controller]
+localhost
+
+[neutron_ovn_northd]
+server1
+server2
+
+[neutron_all:children]
+neutron_agent
+neutron_dhcp_agent
+neutron_linuxbridge_agent
+neutron_openvswitch_agent
+neutron_metering_agent
+neutron_l3_agent
+neutron_lbaas_agent
+neutron_metadata_agent
+neutron_ovn_controller
+neutron_ovn_northd
+neutron_server
+
+[utility_all]
+infra1

tox.ini

@@ -152,6 +152,13 @@ setenv =
 commands =
     bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
 
+[testenv:func_ovn]
+setenv =
+    {[testenv]setenv}
+    ANSIBLE_INVENTORY={toxinidir}/tests/ovn_inventory
+    ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-ovn.yml
+commands =
+    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"
 
 [testenv:odl-sfc]
 setenv =

vars/distro_install.yml

@@ -44,6 +44,16 @@ neutron_package_list: |-
   {% if neutron_services['neutron-metadata-agent']['group'] in group_names %}
   {% set _ = packages.extend(neutron_metadata_agent_distro_packages) %}
   {% endif %}
+  {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool)
+     or (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) %}
+  {% set _ = packages.extend(neutron_ovn_distro_packages) %}
+  {% endif %}
+  {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) %}
+  {% set _ = packages.extend(neutron_ovn_northd_distro_packages) %}
+  {% endif %}
+  {% if (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) %}
+  {% set _ = packages.extend(neutron_ovn_controller_distro_packages) %}
+  {% endif %}
   {% if neutron_developer_mode | bool %}
   {%   set _ = packages.extend(neutron_developer_mode_distro_packages) %}
   {% endif %}

vars/main.yml

@@ -20,6 +20,8 @@ neutron_needs_openvswitch: >-
   {{ (neutron_services['neutron-openvswitch-agent']['group'] in group_names and neutron_services['neutron-openvswitch-agent'].service_en | bool)
   or (neutron_services['dragonflow-controller-agent']['group'] in group_names and neutron_services['dragonflow-controller-agent'].service_en | bool)
   or (neutron_services['dragonflow-l3-agent']['group'] in group_names and neutron_services['dragonflow-l3-agent'].service_en | bool)
+  or (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool)
+  or (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool)
   or ((neutron_services['neutron-server']['group'] not in group_names) and neutron_plugin_type == 'ml2.opendaylight') }}
 
 # Set the Calico Felix agent executable destination path
@@ -121,6 +123,12 @@ neutron_plugins:
     plugin_ini: plugins/ml2/ml2_conf.ini
     driver_interface: "openvswitch"
     l3_agent_mode: "legacy"
+  ml2.ovn:
+    drivers_type: "{{ neutron_ml2_drivers_type }}"
+    mechanisms: "ovn"
+    plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}"
+    plugin_core: ml2
+    plugin_ini: plugins/ml2/ml2_conf.ini
 
 ###
 ### ML2 Plugin Configuration
@@ -457,6 +465,27 @@ neutron_services:
     config_type: "ini"
     init_config_overrides: "{{ neutron_dragonflow_pubsub_agent_init_overrides }}"
     start_order: 3
+  neutron-ovn-northd:
+    group: neutron_ovn_northd
+    service_en: False
+  neutron-ovn-controller:
+    group: neutron_ovn_controller
+    service_en: False
+  networking-ovn-metadata-agent:
+    group: neutron_ovn_controller
+    systemd_user_name: root
+    systemd_group_name: root
+    systemd_PrivateTmp: False
+    service_name: networking-ovn-metadata-agent
+    service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}"
+    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf: networking_ovn_metadata_agent.ini
+    service_rootwrap: rootwrap.d/ovn-plugin.filters
+    execstarts: "{{ neutron_bin }}/networking-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/networking_ovn_metadata_agent.ini --log-file=/var/log/neutron/networking-ovn-metadata-agent.log"
+    config_overrides: "{{ neutron_ovn_metadata_agent_ini_overrides }}"
+    config_type: "ini"
+    init_config_overrides: "{{ neutron_ovn_metadata_agent_init_overrides }}"
+    start_order: 3
 
 ###
 ### Internals: Drivers mappings

vars/redhat-7.yml

@@ -25,6 +25,12 @@ neutron_ovs_distro_packages:
 
 neutron_ovs_service_name: openvswitch
 
+neutron_ovn_northd_service_name: ovn-northd
+
+neutron_ovn_controller_service_name: ovn-controller
+
+neutron_ovs_socket_path: "/usr/local/var/run/openvswitch"
+
 neutron_distro_packages:
   - conntrack-tools
   - dnsmasq
@@ -39,6 +45,15 @@ neutron_distro_packages:
   - radvd
   - which
 
+neutron_ovn_distro_packages:
+   - openvswitch-ovn-common
+
+neutron_ovn_controller_distro_packages:
+  - openvswitch-ovn-host
+
+neutron_ovn_northd_distro_packages:
+  - openvswitch-ovn-central
+
 neutron_devel_distro_packages:
   - python-httplib2
 

vars/source_install.yml

@@ -43,8 +43,18 @@ neutron_package_list: |-
   {% if neutron_services['neutron-metadata-agent']['group'] in group_names %}
   {% set _ = packages.extend(neutron_metadata_agent_distro_packages) %}
   {% endif %}
+  {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn')
+     or (neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') %}
+  {% set _ = packages.extend(neutron_ovn_distro_packages) %}
+  {% endif %}
+  {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') %}
+  {% set _ = packages.extend(neutron_ovn_northd_distro_packages) %}
+  {% endif %}
+  {% if (neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') %}
+  {% set _ = packages.extend(neutron_ovn_controller_distro_packages) %}
+  {% endif %}
   {% if neutron_developer_mode | bool %}
-  {%   set _ = packages.extend(neutron_developer_mode_distro_packages) %}
+  {% set _ = packages.extend(neutron_developer_mode_distro_packages) %}
   {% endif %}
   {% set _ = packages.extend(neutron_devel_distro_packages) %}
   {{ packages }}
@@ -96,6 +106,9 @@ neutron_proprietary_nuage_pip_packages:
   - nuage-openstack-neutronclient
   - nuagenetlib
 
+neutron_optional_ovn_pip_packages:
+  - networking-ovn
+
 neutron_developer_constraints:
   - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron"
   - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas"
@@ -108,6 +121,7 @@ neutron_developer_constraints:
   - "git+{{ networking_sfc_git_repo }}@{{ networking_sfc_git_install_branch }}#egg=networking-sfc"
   - "git+{{ networking_bgpvpn_git_repo }}@{{ networking_bgpvpn_git_install_branch }}#egg=networking-bgpvpn"
   - "git+{{ openstack_ceilometer_git_repo }}@{{ openstack_ceilometer_git_install_branch }}#egg=ceilometer"
+  - "git+{{ networking_ovn_git_repo }}@{{ networking_ovn_git_install_branch }}#egg=networking-ovn"
 
 neutron_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin"
 

vars/suse-42.yml

@@ -26,6 +26,12 @@ neutron_ovs_distro_packages:
 
 neutron_ovs_service_name: openvswitch
 
+neutron_ovn_northd_service_name: ovn-northd
+
+neutron_ovn_controller_service_name: ovn-controller
+
+neutron_ovs_socket_path: "/usr/local/var/run/openvswitch"
+
 neutron_ovs_nsh_required_packages:
   - openvswitch-switch
 
@@ -50,6 +56,15 @@ neutron_distro_packages:
   - radvd
   - which
 
+neutron_ovn_distro_packages:
+   - openvswitch-ovn-common
+
+neutron_ovn_controller_distro_packages:
+  - openvswitch-ovn-host
+
+neutron_ovn_northd_distro_packages:
+  - openvswitch-ovn-central
+
 neutron_devel_distro_packages:
   - python-httplib2
 

vars/ubuntu.yml

@@ -26,6 +26,12 @@ neutron_ovs_distro_packages:
 
 neutron_ovs_service_name: openvswitch-switch
 
+neutron_ovn_northd_service_name: ovn-central
+
+neutron_ovn_controller_service_name: ovn-host
+
+neutron_ovs_socket_path: "/var/run/openvswitch"
+
 neutron_ovs_nsh_required_packages:
   - openvswitch-common
   - openvswitch-switch
@@ -47,6 +53,15 @@ neutron_distro_packages:
   - python-keystoneclient
   - radvd
 
+neutron_ovn_distro_packages:
+  - ovn-common
+
+neutron_ovn_controller_distro_packages:
+  - ovn-host
+
+neutron_ovn_northd_distro_packages:
+  - ovn-central
+
 neutron_devel_distro_packages:
   - python-httplib2
 

zuul.d/jobs.yaml

@@ -20,6 +20,20 @@
     vars:
       tox_env: func_ovs
 
+- job:
+    name: openstack-ansible-ovn-ubuntu-xenial-nv
+    parent: openstack-ansible-functional-ubuntu-xenial
+    voting: false
+    vars:
+      tox_env: func_ovn
+
+- job:
+    name: openstack-ansible-ovn-centos-7-nv
+    parent: openstack-ansible-functional-centos-7
+    voting: false
+    vars:
+      tox_env: func_ovn
+
 - job:
     name: openstack-ansible-calico-ubuntu-xenial-nv
     parent: openstack-ansible-functional-ubuntu-xenial

zuul.d/project.yaml

@@ -20,6 +20,8 @@
       jobs:
         - openstack-ansible-upgrade-ubuntu-xenial
         - openstack-ansible-ovs-ubuntu-xenial-nv
+        - openstack-ansible-ovn-ubuntu-xenial-nv
+        - openstack-ansible-ovn-centos-7-nv
         - openstack-ansible-calico-ubuntu-xenial-nv
         - openstack-ansible-dragonflow-ubuntu-xenial-nv
         - openstack-ansible-opendaylight-ubuntu-xenial-nv