From bc9e068f6c155d354ebecfaac811927ae333456b Mon Sep 17 00:00:00 2001 From: James Denton Date: Tue, 14 Aug 2018 17:23:53 +0000 Subject: [PATCH] Adds networking-ovn support This commit provides baseline changes to the os_neutron role to support Open Virtual Networking (OVN). Change-Id: I9af0a1d70d3381f1e5e074aaf21b15cfb40a7b60 Implements: networking-ovn support Partial-Bug: #1782625 --- defaults/main.yml | 11 + doc/source/app-ovn.rst | 230 ++++++++++++++++++ files/rootwrap.d/ovn-plugin.filters | 20 ++ tasks/main.yml | 6 +- tasks/providers/ovn_config.yml | 97 ++++++++ tasks/providers/setup_ovs_ovn.yml | 87 +++++++ .../networking_ovn_metadata_agent.ini.j2 | 14 ++ templates/plugins/ml2/ml2_conf.ini.j2 | 19 ++ tests/neutron-overrides-ovn.yml | 35 +++ tests/ovn_inventory | 74 ++++++ tox.ini | 7 + vars/distro_install.yml | 10 + vars/main.yml | 29 +++ vars/redhat-7.yml | 15 ++ vars/source_install.yml | 16 +- vars/suse-42.yml | 15 ++ vars/ubuntu.yml | 15 ++ zuul.d/jobs.yaml | 14 ++ zuul.d/project.yaml | 2 + 19 files changed, 713 insertions(+), 3 deletions(-) create mode 100644 doc/source/app-ovn.rst create mode 100644 files/rootwrap.d/ovn-plugin.filters create mode 100644 tasks/providers/ovn_config.yml create mode 100644 tasks/providers/setup_ovs_ovn.yml create mode 100644 templates/networking_ovn_metadata_agent.ini.j2 create mode 100644 tests/neutron-overrides-ovn.yml create mode 100644 tests/ovn_inventory diff --git a/defaults/main.yml b/defaults/main.yml index e0da0045..f39a662f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -73,6 +73,8 @@ networking_bgpvpn_git_repo: https://git.openstack.org/openstack/networking-bgpvp networking_bgpvpn_git_install_branch: master openstack_ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer openstack_ceilometer_git_install_branch: master +networking_ovn_git_repo: https://git.openstack.org/openstack/networking-ovn +networking_ovn_git_install_branch: master # Developer mode neutron_developer_mode: false @@ -174,6 +176,8 @@ neutron_sriov_nic_agent_ini_overrides: {} neutron_sriov_nic_agent_init_overrides: {} neutron_vpn_agent_init_overrides: {} neutron_vpnaas_agent_ini_overrides: {} +neutron_ovn_metadata_agent_ini_overrides: {} +neutron_ovn_metadata_agent_init_overrides: {} ### ### Quotas @@ -347,6 +351,7 @@ neutron_local_ip: 127.0.0.1 # network_types: "vxlan,flat,vlan" # network_vlan_ranges: "vlan:1:1,vlan:1024:1025" # network_vxlan_ranges: "1:1000" +# network_geneve_ranges: "1:1000" # network_sriov_mappings: "vlan:p4p1" ### @@ -444,6 +449,12 @@ dragonflow_int_peer_patch_port: patch-ex dragonflow_external_network_bridge: br-ex dragonflow_publisher_bind_address: "*" +# OVN Defaults +neutron_ovn_northd_service_name: ovn-northd +neutron_ovn_controller_service_name: ovn-controller +neutron_ovn_l3_scheduler: leastloaded +neutron_ovn_ip: "{{ internal_lb_vip_address }}" + # Install Openvswitch without NSH support ovs_nsh_support: False diff --git a/doc/source/app-ovn.rst b/doc/source/app-ovn.rst new file mode 100644 index 00000000..7b440aa6 --- /dev/null +++ b/doc/source/app-ovn.rst @@ -0,0 +1,230 @@ +======================================== +Scenario - Open Virtual Network (OVN) +======================================== + +Overview +~~~~~~~~ + +Operators can choose to utilize the Open Virtual Network (OVN) mechanism +driver instead of Linux bridges or plain Open vSwitch for the Neutron ML2 +plugin. This offers the possibility to deploy virtual networks and routers +using OVN with Open vSwitch, which replaces the agent-based model used by +the aforementioned architectures. This document outlines how to set it up in +your environment. + +The current implementation of OVN in OpenStack-Ansible should not be considered +production-ready and makes the following architectural assumptions: + +* Each compute node will act as an OVN controller +* Each compute node is eligible to serve as an OVN gateway node + +NOTE: Physical VTEP integration is not yet supported. + +Recommended reading +~~~~~~~~~~~~~~~~~~~ + +Since this is an extension of the basic Open vSwitch scenario, it is worth +reading that scenario to get some background. It is also recommended to be +familiar with OVN and networking-ovn projects and their configuration. + +* `Scenario: Open vSwitch `_ +* `OVN Architecture `_ +* `Networking-ovn `_ + +Prerequisites +~~~~~~~~~~~~~ + +* Open vSwitch >= 2.9.0 + +* Networking-ovn at time of writing requires neutron-lib>=1.17.0. The overrides +described here will ensure that version is installed. + +* A successful deployment of OVN requires a dedicated network interface be +attached to the OVS provider bridge. This is not handled automatially and +may require changes to the network interface configuration file. + +OpenStack-Ansible user variables +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Set the following user variables in your +``/etc/openstack_deploy/user_variables.yml``: + +.. code-block:: yaml + + # Ensure the openvswitch kernel module is loaded + openstack_host_specific_kernel_modules: + - name: "openvswitch" + pattern: "CONFIG_OPENVSWITCH" + group: "network_hosts" + + neutron_plugin_type: ml2.ovn + + neutron_plugin_base: + - networking_ovn.l3.l3_ovn.OVNL3RouterPlugin + + neutron_ml2_drivers_type: "vlan,local,geneve" + + # Typically this would be defined by the os-neutron-install + # playbook. The provider_networks library would parse the + # provider_networks list in openstack_user_config.yml and + # generate the values of network_types, network_vlan_ranges + # and network_mappings. network_mappings would have a + # different value for each host in the inventory based on + # whether or not the host was metal (typically a compute host) + # or a container (typically a neutron agent container) + # + # When using OVN w/ Open vSwitch, we override it to take into account + # the Open vSwitch bridge we are going to define outside of + # OpenStack-Ansible plays. All segmentation id ranges can be tweaked + # to suit the environment. VXLAN networks are not directly supported. + + # When configuring Neutron to support only geneve tenant networks and + # vlan provider networks the configuration may resemble the following: + neutron_provider_networks: + network_types: "geneve" + network_geneve_ranges: "1:1000" + network_vlan_ranges: "vlan" + network_mappings: "vlan:br-provider" + + # When configuring Neutron to support only vlan tenant networks and + # vlan provider networks the configuration may resemble the following: + neutron_provider_networks: + network_types: "vlan" + network_vlan_ranges: "vlan:102:199" + network_mappings: "vlan:br-provider" + + repo_build_upper_constraints_overrides: [neutron-lib>=1.17.0] + +The overrides are instructing Ansible to deploy the OVN mechanism driver and +associated OVN components. This is done by setting ``neutron_plugin_type`` +to ``ml2.ovn``. + +The ``neutron_plugin_base`` override instructions Neutron to use OVN for +routing functions rather than the standard L3 agent model. + +The ``neutron_ml2_drivers_type`` override provides support for all type +drivers supported by OVN. + +Open Virtual Network (OVN) commands +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following commands can be used to provide useful information about... + +The ``ovs-vsctl list open_vswitch`` command provides information about the +``open_vswitch`` table in the local Open vSwitch database: + +.. code-block:: + + root@aio1:~# ovs-vsctl list open_vswitch + _uuid : 855c820b-c082-4d8f-9828-8cab01c6c9a0 + bridges : [37d3bd82-d436-474e-89b7-705aea634d7d, a393b2f6-5c3d-4ccd-a2f9-e9817391612a] + cur_cfg : 14 + datapath_types : [netdev, system] + db_version : "7.15.1" + external_ids : {hostname="aio1", ovn-bridge-mappings="vlan:br-provider", ovn-encap-ip="172.29.240.100", ovn-encap-type="geneve,vxlan", ovn-remote="tcp:172.29.236.100:6642", rundir="/var/run/openvswitch", system-id="11af26c6-9ec1-4cf7-bf41-2af45bd59b03"} + iface_types : [geneve, gre, internal, lisp, patch, stt, system, tap, vxlan] + manager_options : [] + next_cfg : 14 + other_config : {} + ovs_version : "2.9.0" + ssl : [] + statistics : {} + system_type : ubuntu + system_version : "16.04" + +The ``ovn-sbctl show`` command provides information related to southbound +connections. If used outside the ovn_northd container, specify the +connection details: + +.. code-block:: + + root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-sbctl show + Chassis "11af26c6-9ec1-4cf7-bf41-2af45bd59b03" + hostname: "aio1" + Encap vxlan + ip: "172.29.240.100" + options: {csum="true"} + Encap geneve + ip: "172.29.240.100" + options: {csum="true"} + + root@aio1:~# ovn-sbctl --db=tcp:172.29.236.100:6642 show + Chassis "11af26c6-9ec1-4cf7-bf41-2af45bd59b03" + hostname: "aio1" + Encap vxlan + ip: "172.29.240.100" + options: {csum="true"} + Encap geneve + ip: "172.29.240.100" + options: {csum="true"} + +The ``ovn-nbctl show`` command provides information about networks known +to OVN and demonstrates connectivity between the northbound database +and neutron-server. + +.. code-block:: + + root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-nbctl show + switch 5e77f29e-5dd3-4875-984f-94bd30a12dc3 (neutron-87ec5a05-9abe-4c93-89bd-c6d40320db87) (aka testnet) + port 65785045-69ec-49e7-82e3-b9989f718a9c + type: localport + addresses: ["fa:16:3e:68:a3:c8"] + +The ``ovn-nbctl list Address_Set`` command provides information related to +security groups. If used outside the ovn_northd container, specify the +connection details: + +.. code-block:: + + root@aio1-neutron-ovn-northd-container-57a6f1a9:~# ovn-nbctl list Address_Set + _uuid : 575b3015-f83f-4bd6-a698-3fe67e43bec6 + addresses : [] + external_ids : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"} + name : "as_ip4_199997c1_6f06_4765_89af_6fd064365c6a" + + _uuid : b6e211af-e52e-4c59-93ce-adf75ec14f46 + addresses : [] + external_ids : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"} + name : "as_ip6_199997c1_6f06_4765_89af_6fd064365c6a" + + root@aio1:~# ovn-nbctl --db=tcp:172.29.236.100:6641 list Address_Set + _uuid : 575b3015-f83f-4bd6-a698-3fe67e43bec6 + addresses : [] + external_ids : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"} + name : "as_ip4_199997c1_6f06_4765_89af_6fd064365c6a" + + _uuid : b6e211af-e52e-4c59-93ce-adf75ec14f46 + addresses : [] + external_ids : {"neutron:security_group_id"="199997c1-6f06-4765-89af-6fd064365c6a"} + name : "as_ip6_199997c1_6f06_4765_89af_6fd064365c6a" + +Additional commands can be found in upstream OVN documentation. + +Notes +~~~~~ + +The ``ovn-controller`` service on compute nodes will check in as an agent +and can be observed using the ``openstack network agent list`` command: + +.. code-block:: + + root@aio1-utility-container-35bebd2a:~# openstack network agent list + +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+ + | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | + +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+ + | 4db288a6-8f8a-4153-b4b7-7eaf44f9e881 | OVN Controller Gateway agent | aio1 | n/a | :-) | UP | ovn-controller | + +--------------------------------------+------------------------------+------+-------------------+-------+-------+----------------+ + +The HAproxy client and server timeout values have been increased from +50 seconds to 90 minutes for all load-balanced OVN-related services. + +The HAproxy implementation in use may not properly handle active/backup +failover for ovsdb-server with OVN. Work may be done to implement +pacemaker/corosync or wait for active/active support. + +Warranty +~~~~~~~~ + +This implementation of OVN is not supported and should be considered +only for development purposes. The architecture within OSA is subject +to change. Reviews and suggestions are welcome. diff --git a/files/rootwrap.d/ovn-plugin.filters b/files/rootwrap.d/ovn-plugin.filters new file mode 100644 index 00000000..ac1abb53 --- /dev/null +++ b/files/rootwrap.d/ovn-plugin.filters @@ -0,0 +1,20 @@ +# neutron-rootwrap command filters for nodes on which neutron is +# expected to control network +# +# This file should be owned by (and only-writeable by) the root user + +# format seems to be +# cmd-name: filter-name, raw-command, user, args + +[Filters] + +# ovn +ovn-ctl: CommandFilter, ovn-ctl, root + +# ip_lib +ip: IpFilter, ip, root +find: RegExpFilter, find, root, find, /sys/class/net, -maxdepth, 1, -type, l, -printf, %.* +ip_exec: IpNetnsExecFilter, ip, root + +# haproxy +haproxy: CommandFilter, haproxy, root diff --git a/tasks/main.yml b/tasks/main.yml index c89a3390..42f1f326 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -104,8 +104,8 @@ name: systemd_service private: true vars: - systemd_user_name: "{{ neutron_system_user_name }}" - systemd_group_name: "{{ neutron_system_group_name }}" + systemd_user_name: "{{ service_var.systemd_user_name | default(neutron_system_user_name) }}" + systemd_group_name: "{{ service_var.systemd_group_name | default(neutron_system_group_name) }}" systemd_tempd_prefix: openstack systemd_slice_name: neutron systemd_lock_path: /var/lock/neutron @@ -113,10 +113,12 @@ systemd_BlockIOAccounting: true systemd_MemoryAccounting: true systemd_TasksAccounting: true + systemd_PrivateTmp: "{{ service_var.systemd_PrivateTmp | default(True) }}" systemd_services: - service_name: "{{ service_var.service_name }}" enabled: yes state: started + service_type: "{{ service_var.service_type | default(systemd_default_service_type) }}" execstarts: "{{ service_var.execstarts }}" execreloads: "{{ service_var.execreloads | default([]) }}" config_overrides: "{{ service_var.init_config_overrides }}" diff --git a/tasks/providers/ovn_config.yml b/tasks/providers/ovn_config.yml new file mode 100644 index 00000000..7a20ee60 --- /dev/null +++ b/tasks/providers/ovn_config.yml @@ -0,0 +1,97 @@ +# (c) 2018, James Denton +# +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install OVN pip packages + pip: + name: "{{ neutron_optional_ovn_pip_packages }}" + state: "{{ neutron_pip_package_state }}" + virtualenv: "{{ neutron_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: >- + {{ neutron_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + when: + - neutron_services['neutron-server']['group'] in group_names + or neutron_services['neutron-ovn-northd']['group'] in group_names + or neutron_services['neutron-ovn-controller']['group'] in group_names + notify: Restart neutron services + tags: + - ovn-install + - ovn-pip-packages + +- name: Install ovn-northd packages + package: + name: "{{ neutron_ovn_northd_distro_packages }}" + state: "{{ neutron_package_state }}" + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + when: + - neutron_services['neutron-ovn-northd']['group'] in group_names + +- name: Install ovn-controller packages + package: + name: "{{ neutron_ovn_controller_distro_packages }}" + state: "{{ neutron_package_state }}" + update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" + cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" + register: install_packages + until: install_packages is success + retries: 5 + delay: 2 + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + +- name: Ensure Open vSwitch service is started and enabled + systemd: + name: "{{ neutron_ovs_service_name }}" + state: started + enabled: yes + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-northd']['group'] in group_names + or neutron_services['neutron-ovn-controller']['group'] in group_names + +- name: Ensure ovn-northd service is started and enabled + systemd: + name: "{{ neutron_ovn_northd_service_name }}" + state: started + enabled: yes + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-northd']['group'] in group_names + +- name: Ensure ovn-controller service is started and enabled + systemd: + name: "{{ neutron_ovn_controller_service_name }}" + state: started + enabled: yes + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + +- include: setup_ovs_ovn.yml diff --git a/tasks/providers/setup_ovs_ovn.yml b/tasks/providers/setup_ovs_ovn.yml new file mode 100644 index 00000000..df9958af --- /dev/null +++ b/tasks/providers/setup_ovs_ovn.yml @@ -0,0 +1,87 @@ +# (c) 2018, James Denton +# +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Set openvswitch hostname + command: "ovs-vsctl set open_vswitch . external-ids:hostname='{{ inventory_hostname }}'" + tags: + - ovn-config + +- name: Create ovsdb-server Listener + command: "ovs-vsctl set-manager ptcp:6640" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-northd']['group'] in group_names + +- name: Configure OVN Northbound Listener + command: "ovn-nbctl set-connection ptcp:6641:0.0.0.0 -- set connection . inactivity_probe=60000" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-northd']['group'] in group_names + +- name: Configure OVN Southbound Listener + command: "ovn-sbctl set-connection ptcp:6642:0.0.0.0 -- set connection . inactivity_probe=60000" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-northd']['group'] in group_names + +# (NOTE) This makes all computes eligible to be gateway nodes +- name: Set CMS Options for Gateway Scheduling + command: "ovs-vsctl set open . external-ids:ovn-cms-options=enable-chassis-as-gw" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + +- name: Configure OVN Southbound Connection + command: "ovs-vsctl set open . external-ids:ovn-remote=tcp:{{ neutron_ovn_ip }}:6642" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + +# (todo) Dynamic encap type +- name: Configure Supported OVN Overlay Protocols + command: "ovs-vsctl set open . external-ids:ovn-encap-type=geneve,vxlan" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + +- name: Configure Encapsulation Address for Overlay Traffic + command: "ovs-vsctl set open . external-ids:ovn-encap-ip={{ neutron_local_ip }}" + tags: + - ovn-config + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + +- name: Setup Network Provider Bridge + openvswitch_bridge: + bridge: "{{ neutron_provider_networks.network_mappings.split(':')[1] }}" + state: present + when: + - neutron_services['neutron-ovn-controller']['group'] in group_names + - neutron_provider_networks.network_mappings is defined + +- name: Set the Bridge Mappings + command: "ovs-vsctl set open . external-ids:ovn-bridge-mappings={{ neutron_provider_networks.network_mappings }}" + tags: + - ovn-config + when: + - neutron_provider_networks.network_mappings is defined + - neutron_services['neutron-ovn-controller']['group'] in group_names diff --git a/templates/networking_ovn_metadata_agent.ini.j2 b/templates/networking_ovn_metadata_agent.ini.j2 new file mode 100644 index 00000000..bac13c08 --- /dev/null +++ b/templates/networking_ovn_metadata_agent.ini.j2 @@ -0,0 +1,14 @@ +# {{ ansible_managed }} + +[DEFAULT] +debug = {{ debug }} + +# Nova metadata service IP and port +nova_metadata_host = {{ internal_lb_vip_address }} + +# Metadata proxy shared secret +metadata_proxy_shared_secret = {{ nova_metadata_proxy_secret }} + +[ovs] +ovsdb_connection = unix:{{ neutron_ovs_socket_path }}/db.sock +ovsdb_connection_timeout = 180 diff --git a/templates/plugins/ml2/ml2_conf.ini.j2 b/templates/plugins/ml2/ml2_conf.ini.j2 index f5b1c713..2b901aad 100644 --- a/templates/plugins/ml2/ml2_conf.ini.j2 +++ b/templates/plugins/ml2/ml2_conf.ini.j2 @@ -36,6 +36,25 @@ vni_ranges = {{ neutron_provider_networks.network_vxlan_ranges }} {% endif %} +{% if neutron_provider_networks.network_geneve_ranges is defined %} + +[ml2_type_geneve] +vni_ranges = {{ neutron_provider_networks.network_geneve_ranges }} +max_header_size = 38 + +{% endif %} + +{% if neutron_plugin_type == 'ml2.ovn' and (neutron_services['neutron-server']['group'] or neutron_services['neutron-ovn-controller']['group'] in group_names) %} + +[ovn] +ovn_native_dhcp = True +ovn_nb_connection = tcp:{{ neutron_ovn_ip }}:6641 +ovn_sb_connection = tcp:{{ neutron_ovn_ip }}:6642 +ovn_l3_scheduler = {{ neutron_ovn_l3_scheduler }} +ovn_metadata_enabled = True + +{% endif %} + # Security groups [securitygroup] {% if neutron_plugin_type == 'ml2.ovs' %} diff --git a/tests/neutron-overrides-ovn.yml b/tests/neutron-overrides-ovn.yml new file mode 100644 index 00000000..4174e90e --- /dev/null +++ b/tests/neutron-overrides-ovn.yml @@ -0,0 +1,35 @@ +--- +openstack_host_specific_kernel_modules: + - name: "openvswitch" + pattern: "CONFIG_OPENVSWITCH" + +tempest_run: yes + +tempest_plugins: + - name: neutron + repo: https://git.openstack.org/openstack/neutron + branch: master + - name: neutron-plugins + repo: https://git.openstack.org/openstack/neutron-tempest-plugin + branch: master + +tempest_test_whitelist: + - "neutron_tempest_plugin.api.test_networks*" + +tempest_private_net_provider_type: geneve + +neutron_plugin_type: ml2.ovn +neutron_local_ip: "{{ ansible_host }}" + +neutron_plugin_base: + - networking_ovn.l3.l3_ovn.OVNL3RouterPlugin + +neutron_ml2_drivers_type: "geneve,vlan,flat,local" + +neutron_provider_networks: + network_types: "geneve" + network_geneve_ranges: "1:1000" + network_vlan_ranges: "vlan" + network_mappings: "vlan:br-provider" + +repo_build_upper_constraints_overrides: [neutron-lib>=1.17.0] diff --git a/tests/ovn_inventory b/tests/ovn_inventory new file mode 100644 index 00000000..b6daf6f0 --- /dev/null +++ b/tests/ovn_inventory @@ -0,0 +1,74 @@ +[all] +localhost +infra1 +server1 +server2 + +[physical_host] +localhost + +[all_containers] +infra1 +server1 +server2 + +[oslomsg_rpc_all] +infra1 + +[oslomsg_notify_all] +infra1 + +[rabbitmq_all] +infra1 + +[galera_all] +infra1 + +[memcached_all] +infra1 + +[service_all:children] +rabbitmq_all +galera_all +memcached_all + +[keystone_all] +infra1 + +[neutron_agent] +[neutron_dhcp_agent] +[neutron_linuxbridge_agent] +[neutron_openvswitch_agent] +[neutron_metering_agent] +[neutron_l3_agent] +[neutron_lbaas_agent] +[neutron_metadata_agent] + +[neutron_server] +server1 +server2 + +[neutron_calico_dhcp_agent] + +[neutron_ovn_controller] +localhost + +[neutron_ovn_northd] +server1 +server2 + +[neutron_all:children] +neutron_agent +neutron_dhcp_agent +neutron_linuxbridge_agent +neutron_openvswitch_agent +neutron_metering_agent +neutron_l3_agent +neutron_lbaas_agent +neutron_metadata_agent +neutron_ovn_controller +neutron_ovn_northd +neutron_server + +[utility_all] +infra1 diff --git a/tox.ini b/tox.ini index b2983a4b..7e4964f7 100644 --- a/tox.ini +++ b/tox.ini @@ -152,6 +152,13 @@ setenv = commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" +[testenv:func_ovn] +setenv = + {[testenv]setenv} + ANSIBLE_INVENTORY={toxinidir}/tests/ovn_inventory + ANSIBLE_OVERRIDES={toxinidir}/tests/neutron-overrides-ovn.yml +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" [testenv:odl-sfc] setenv = diff --git a/vars/distro_install.yml b/vars/distro_install.yml index 56be0b71..a301b2bb 100644 --- a/vars/distro_install.yml +++ b/vars/distro_install.yml @@ -44,6 +44,16 @@ neutron_package_list: |- {% if neutron_services['neutron-metadata-agent']['group'] in group_names %} {% set _ = packages.extend(neutron_metadata_agent_distro_packages) %} {% endif %} + {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) + or (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) %} + {% set _ = packages.extend(neutron_ovn_distro_packages) %} + {% endif %} + {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) %} + {% set _ = packages.extend(neutron_ovn_northd_distro_packages) %} + {% endif %} + {% if (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) %} + {% set _ = packages.extend(neutron_ovn_controller_distro_packages) %} + {% endif %} {% if neutron_developer_mode | bool %} {% set _ = packages.extend(neutron_developer_mode_distro_packages) %} {% endif %} diff --git a/vars/main.yml b/vars/main.yml index cab2f6b6..5112cd98 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -20,6 +20,8 @@ neutron_needs_openvswitch: >- {{ (neutron_services['neutron-openvswitch-agent']['group'] in group_names and neutron_services['neutron-openvswitch-agent'].service_en | bool) or (neutron_services['dragonflow-controller-agent']['group'] in group_names and neutron_services['dragonflow-controller-agent'].service_en | bool) or (neutron_services['dragonflow-l3-agent']['group'] in group_names and neutron_services['dragonflow-l3-agent'].service_en | bool) + or (neutron_services['neutron-ovn-northd']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) + or (neutron_services['neutron-ovn-controller']['group'] in group_names and (neutron_plugin_type == 'ml2.ovn') | bool) or ((neutron_services['neutron-server']['group'] not in group_names) and neutron_plugin_type == 'ml2.opendaylight') }} # Set the Calico Felix agent executable destination path @@ -121,6 +123,12 @@ neutron_plugins: plugin_ini: plugins/ml2/ml2_conf.ini driver_interface: "openvswitch" l3_agent_mode: "legacy" + ml2.ovn: + drivers_type: "{{ neutron_ml2_drivers_type }}" + mechanisms: "ovn" + plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" + plugin_core: ml2 + plugin_ini: plugins/ml2/ml2_conf.ini ### ### ML2 Plugin Configuration @@ -457,6 +465,27 @@ neutron_services: config_type: "ini" init_config_overrides: "{{ neutron_dragonflow_pubsub_agent_init_overrides }}" start_order: 3 + neutron-ovn-northd: + group: neutron_ovn_northd + service_en: False + neutron-ovn-controller: + group: neutron_ovn_controller + service_en: False + networking-ovn-metadata-agent: + group: neutron_ovn_controller + systemd_user_name: root + systemd_group_name: root + systemd_PrivateTmp: False + service_name: networking-ovn-metadata-agent + service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}" + service_conf_path: "{{ neutron_conf_dir }}" + service_conf: networking_ovn_metadata_agent.ini + service_rootwrap: rootwrap.d/ovn-plugin.filters + execstarts: "{{ neutron_bin }}/networking-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/networking_ovn_metadata_agent.ini --log-file=/var/log/neutron/networking-ovn-metadata-agent.log" + config_overrides: "{{ neutron_ovn_metadata_agent_ini_overrides }}" + config_type: "ini" + init_config_overrides: "{{ neutron_ovn_metadata_agent_init_overrides }}" + start_order: 3 ### ### Internals: Drivers mappings diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index 7838ff64..bc0d9c16 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -25,6 +25,12 @@ neutron_ovs_distro_packages: neutron_ovs_service_name: openvswitch +neutron_ovn_northd_service_name: ovn-northd + +neutron_ovn_controller_service_name: ovn-controller + +neutron_ovs_socket_path: "/usr/local/var/run/openvswitch" + neutron_distro_packages: - conntrack-tools - dnsmasq @@ -39,6 +45,15 @@ neutron_distro_packages: - radvd - which +neutron_ovn_distro_packages: + - openvswitch-ovn-common + +neutron_ovn_controller_distro_packages: + - openvswitch-ovn-host + +neutron_ovn_northd_distro_packages: + - openvswitch-ovn-central + neutron_devel_distro_packages: - python-httplib2 diff --git a/vars/source_install.yml b/vars/source_install.yml index a827acbf..2556d87d 100644 --- a/vars/source_install.yml +++ b/vars/source_install.yml @@ -43,8 +43,18 @@ neutron_package_list: |- {% if neutron_services['neutron-metadata-agent']['group'] in group_names %} {% set _ = packages.extend(neutron_metadata_agent_distro_packages) %} {% endif %} + {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') + or (neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') %} + {% set _ = packages.extend(neutron_ovn_distro_packages) %} + {% endif %} + {% if (neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') %} + {% set _ = packages.extend(neutron_ovn_northd_distro_packages) %} + {% endif %} + {% if (neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn') %} + {% set _ = packages.extend(neutron_ovn_controller_distro_packages) %} + {% endif %} {% if neutron_developer_mode | bool %} - {% set _ = packages.extend(neutron_developer_mode_distro_packages) %} + {% set _ = packages.extend(neutron_developer_mode_distro_packages) %} {% endif %} {% set _ = packages.extend(neutron_devel_distro_packages) %} {{ packages }} @@ -96,6 +106,9 @@ neutron_proprietary_nuage_pip_packages: - nuage-openstack-neutronclient - nuagenetlib +neutron_optional_ovn_pip_packages: + - networking-ovn + neutron_developer_constraints: - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron" - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas" @@ -108,6 +121,7 @@ neutron_developer_constraints: - "git+{{ networking_sfc_git_repo }}@{{ networking_sfc_git_install_branch }}#egg=networking-sfc" - "git+{{ networking_bgpvpn_git_repo }}@{{ networking_bgpvpn_git_install_branch }}#egg=networking-bgpvpn" - "git+{{ openstack_ceilometer_git_repo }}@{{ openstack_ceilometer_git_install_branch }}#egg=ceilometer" + - "git+{{ networking_ovn_git_repo }}@{{ networking_ovn_git_install_branch }}#egg=networking-ovn" neutron_bin: "/openstack/venvs/neutron-{{ neutron_venv_tag }}/bin" diff --git a/vars/suse-42.yml b/vars/suse-42.yml index 7b35c8f9..16e4a7b4 100644 --- a/vars/suse-42.yml +++ b/vars/suse-42.yml @@ -26,6 +26,12 @@ neutron_ovs_distro_packages: neutron_ovs_service_name: openvswitch +neutron_ovn_northd_service_name: ovn-northd + +neutron_ovn_controller_service_name: ovn-controller + +neutron_ovs_socket_path: "/usr/local/var/run/openvswitch" + neutron_ovs_nsh_required_packages: - openvswitch-switch @@ -50,6 +56,15 @@ neutron_distro_packages: - radvd - which +neutron_ovn_distro_packages: + - openvswitch-ovn-common + +neutron_ovn_controller_distro_packages: + - openvswitch-ovn-host + +neutron_ovn_northd_distro_packages: + - openvswitch-ovn-central + neutron_devel_distro_packages: - python-httplib2 diff --git a/vars/ubuntu.yml b/vars/ubuntu.yml index 8e8c071e..e52e9cb5 100644 --- a/vars/ubuntu.yml +++ b/vars/ubuntu.yml @@ -26,6 +26,12 @@ neutron_ovs_distro_packages: neutron_ovs_service_name: openvswitch-switch +neutron_ovn_northd_service_name: ovn-central + +neutron_ovn_controller_service_name: ovn-host + +neutron_ovs_socket_path: "/var/run/openvswitch" + neutron_ovs_nsh_required_packages: - openvswitch-common - openvswitch-switch @@ -47,6 +53,15 @@ neutron_distro_packages: - python-keystoneclient - radvd +neutron_ovn_distro_packages: + - ovn-common + +neutron_ovn_controller_distro_packages: + - ovn-host + +neutron_ovn_northd_distro_packages: + - ovn-central + neutron_devel_distro_packages: - python-httplib2 diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index ccfdad8f..2300a067 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -20,6 +20,20 @@ vars: tox_env: func_ovs +- job: + name: openstack-ansible-ovn-ubuntu-xenial-nv + parent: openstack-ansible-functional-ubuntu-xenial + voting: false + vars: + tox_env: func_ovn + +- job: + name: openstack-ansible-ovn-centos-7-nv + parent: openstack-ansible-functional-centos-7 + voting: false + vars: + tox_env: func_ovn + - job: name: openstack-ansible-calico-ubuntu-xenial-nv parent: openstack-ansible-functional-ubuntu-xenial diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 4406cf53..dbda4729 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -20,6 +20,8 @@ jobs: - openstack-ansible-upgrade-ubuntu-xenial - openstack-ansible-ovs-ubuntu-xenial-nv + - openstack-ansible-ovn-ubuntu-xenial-nv + - openstack-ansible-ovn-centos-7-nv - openstack-ansible-calico-ubuntu-xenial-nv - openstack-ansible-dragonflow-ubuntu-xenial-nv - openstack-ansible-opendaylight-ubuntu-xenial-nv