diff --git a/defaults/main.yml b/defaults/main.yml index 6e0ba0d4..5094ee74 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,12 +35,20 @@ neutron_vpnaas_git_install_branch: master neutron_requirements_git_repo: https://git.openstack.org/openstack/requirements neutron_requirements_git_install_branch: master +calico_git_repo: https://github.com/projectcalico/calico +calico_git_install_branch: master + +networking_calico_git_repo: https://git.openstack.org/openstack/networking-calico +networking_calico_git_install_branch: master + neutron_developer_mode: false neutron_developer_constraints: - "git+{{ neutron_git_repo }}@{{ neutron_git_install_branch }}#egg=neutron" - "git+{{ neutron_fwaas_git_repo }}@{{ neutron_fwaas_git_install_branch }}#egg=neutron-fwaas" - "git+{{ neutron_lbaas_git_repo }}@{{ neutron_lbaas_git_install_branch }}#egg=neutron-lbaas" - "git+{{ neutron_vpnaas_git_repo }}@{{ neutron_vpnaas_git_install_branch }}#egg=neutron-vpnaas" + - "git+{{ calico_git_repo }}@{{ calico_git_install_branch }}#egg=calico" + - "git+{{ networking_calico_git_repo }}@{{ networking_calico_git_install_branch }}#egg=networking-calico" # Name of the virtual env to deploy into neutron_venv_tag: untagged @@ -144,6 +152,12 @@ neutron_plugins: plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin plugin_ini: plugins/ml2/ml2_conf.ini + ml2.calico: + drivers_type: "flat, local" + mechanisms: "calico" + plugin_conf_ini_overrides: "{{ neutron_ml2_conf_ini_overrides }}" + plugin_core: neutron.plugins.ml2.plugin.Ml2Plugin + plugin_ini: plugins/ml2/ml2_conf.ini plumgrid: plugin_conf_ini_overrides: "{{ neutron_plumgrid_conf_ini_overrides }}" plugin_core: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 @@ -237,6 +251,23 @@ neutron_services: service_name: neutron-server service_en: True config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }} --log-file=/var/log/neutron/neutron-server.log" + calico-felix: + group: neutron_calico_dhcp_agent + service_name: calico-felix + service_en: "{{ neutron_plugin_type == 'ml2.calico' }}" + service_conf_path: /etc/calico + service_conf: felix.cfg + config_options: --config-file /etc/calico/felix.cfg + config_overrides: "{{ neutron_calico_dhcp_agent_ini_overrides }}" + config_type: "ini" + calico-dhcp-agent: + group: neutron_calico_dhcp_agent + service_name: calico-dhcp-agent + service_en: "{{ neutron_plugin_type == 'ml2.calico' }}" + service_rootwrap: rootwrap.d/dhcp.filters + config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf" + config_overrides: "{{ neutron_calico_felix_ini_overrides }}" + config_type: "ini" ## Neutron DHCP Agent neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}" @@ -453,6 +484,11 @@ neutron_pip_packages: - python-novaclient - repoze.lru +neutron_optional_calico_pip_packages: + - calico + - networking-calico + - python-etcd + neutron_proprietary_nuage_pip_packages: - nuage-openstack-neutron - nuage-openstack-neutronclient @@ -482,3 +518,5 @@ neutron_linuxbridge_agent_ini_overrides: {} neutron_lbaas_agent_ini_overrides: {} neutron_vpnaas_agent_ini_overrides: {} neutron_openvswitch_agent_ini_overrides: {} +neutron_calico_dhcp_agent_ini_overrides: {} +neutron_calico_felix_ini_overrides: {} diff --git a/doc/source/app-calico.rst b/doc/source/app-calico.rst new file mode 100644 index 00000000..011aa19f --- /dev/null +++ b/doc/source/app-calico.rst @@ -0,0 +1,93 @@ +===================================================== +Scenario - Using the networking-calico Neutron plugin +===================================================== + +Introduction +~~~~~~~~~~~~ + +This document describes the steps required to deploy Project Calico Neutron +networking with OpenStack-Ansible (OSA). These steps include: + +- Configure OSA environment overrides. + +- Configure OSA user variables. + +- Execute the playbooks. + +For additional configuration about Project Calico and its architecture, please +reference the `networking-calico`_ and `Project Calico`_ documentation. + +.. _networking-calico: http://docs.openstack.org/developer/networking-calico/ +.. _Project Calico: http://docs.projectcalico.org/en/latest/index.html + +Prerequisites +~~~~~~~~~~~~~ + +#. The deployment environment has been configured according to OSA + best-practices. This includes cloning OSA software and bootstrapping + Ansible. See `OpenStack-Ansible Install Guide `_ +#. BGP peers configured to accept routing announcements from your hypervisors. + By default, the hypervisor's default router is set as the BGP peer. + +Configure OSA Environment for Project Calico +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Copy the etcd container definition to ``/etc/openstack_deploy/env.d/etcd.yml`` +to enable the creation of the etcd cluster. + +.. code-block:: yaml + + component_skel: + etcd: + belongs_to: + - etcd_all + container_skel: + etcd_container: + belongs_to: + - infra_containers + - shared-infra_containers + contains: + - etcd + properties: + service_name: etcd + +Copy the neutron environment overrides to +``/etc/openstack_deploy/env.d/neutron.yml`` to disable the creation of the +neutron agents container, and implement the calico-dhcp-agent hosts group +containing all compute hosts. + +.. code-block:: yaml + + component_skel: + neutron_calico_dhcp_agent: + belongs_to: + - neutron_all + + container_skel: + neutron_agents_container: + contains: {} + neutron_calico_dhcp_agent_container: + belongs_to: + - compute_containers + contains: + - neutron_calico_dhcp_agent + properties: + is_metal: true + service_name: neutron + +Configure networking-calico Neutron Plugin +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Set the following in ``/etc/openstack_deploy/user_variables.yml``. + +.. code-block:: yaml + + neutron_plugin_type: ml2.calico + nova_network_type: calico + +Installation +~~~~~~~~~~~~ + +After multi-node OpenStack cluster is configured as detailed above; start +the OpenStack deployment as listed in the OpenStack-Ansible Install guide by +running all playbooks in sequence on the deployment host diff --git a/doc/source/index.rst b/doc/source/index.rst index 2be5c081..38288bee 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -8,6 +8,7 @@ Neutron role for OpenStack-Ansible configure-network-services.rst app-nuage.rst app-plumgrid.rst + app-calico.rst :tags: openstack, neutron, cloud, ansible :category: \*nix diff --git a/files/calico-qemu.conf b/files/calico-qemu.conf new file mode 100644 index 00000000..11c5298e --- /dev/null +++ b/files/calico-qemu.conf @@ -0,0 +1,7 @@ +clear_emulator_capabilities = 0 +cgroup_device_acl = [ + "/dev/null", "/dev/full", "/dev/zero", + "/dev/random", "/dev/urandom", + "/dev/ptmx", "/dev/kvm", "/dev/kqemu", + "/dev/rtc", "/dev/hpet", "/dev/net/tun", +] diff --git a/handlers/main.yml b/handlers/main.yml index 8547259b..937061a8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Restart libvirt-bin + service: + name: "libvirt-bin" + state: "restarted" + pattern: "libvirt-bin" + - name: Restart neutron services service: name: "{{ item.value.service_name }}" diff --git a/meta/main.yml b/meta/main.yml index e0e43d24..22f0db84 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -35,3 +35,10 @@ dependencies: - apt_package_pinning - galera_client - openstack_openrc + - role: etcd + etcd_install_type: proxy + when: + - neutron_services['calico-dhcp-agent']['group'] in group_names + or neutron_services['calico-felix']['group'] in group_names + or neutron_services['neutron-server']['group'] in group_names + - neutron_plugin_type == 'ml2.calico' diff --git a/releasenotes/notes/neutron-networking-calico-b05b08f989f768ee.yaml b/releasenotes/notes/neutron-networking-calico-b05b08f989f768ee.yaml new file mode 100644 index 00000000..db700865 --- /dev/null +++ b/releasenotes/notes/neutron-networking-calico-b05b08f989f768ee.yaml @@ -0,0 +1,5 @@ +--- +features: + - The Project Calico Neutron networking plugin is now integrated into the + ``os_neutron`` role. This can be activated using the instructions located + in the role documentation. diff --git a/tasks/calico_config.yml b/tasks/calico_config.yml new file mode 100644 index 00000000..5be72bae --- /dev/null +++ b/tasks/calico_config.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2016, Logan Vig +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Install Calico pip packages + pip: + name: "{{ item }}" + state: latest + virtualenv: "{{ neutron_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: "{{ pip_install_options_fact }}" + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + with_items: "{{ neutron_optional_calico_pip_packages }}" + when: + - neutron_services['neutron-server']['group'] in group_names + or neutron_services['calico-felix']['group'] in group_names + or neutron_services['calico-dhcp-agent']['group'] in group_names + notify: Restart neutron services + tags: + - calico-install + - calico-pip-packages + +- name: Set Calico compatible qemu libvirt config + copy: + src: "calico-qemu.conf" + dest: "/etc/libvirt/qemu.conf" + owner: "root" + group: "root" + mode: "0644" + notify: Restart libvirt-bin + when: + - neutron_services['calico-felix']['group'] in group_names + or neutron_services['calico-dhcp-agent']['group'] in group_names + tags: + - calico-config + +- name: Ensure calico config directory exists + file: + path: "/etc/calico" + state: directory + owner: "root" + group: "root" + mode: "0644" + when: + - neutron_services['calico-felix']['group'] in group_names + tags: + - calico-felix-config diff --git a/tasks/calico_init.yml b/tasks/calico_init.yml new file mode 100644 index 00000000..ec8c2b51 --- /dev/null +++ b/tasks/calico_init.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2016, Logan Vig +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: neutron_init_common.yml + vars: + program_name: "{{ neutron_services['calico-felix'].service_name }}" + program_config_options: "{{ neutron_services['calico-felix'].config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: root + system_group: root + service_home: "{{ neutron_system_home_folder }}" + when: + - neutron_services['calico-felix']['group'] in group_names + - neutron_services['calico-felix'].service_en | bool + tags: + - upstart-init + +- include: neutron_init_common.yml + vars: + program_name: "{{ neutron_services['calico-dhcp-agent'].service_name }}" + program_config_options: "{{ neutron_services['calico-dhcp-agent'].config_options }}" + service_name: "{{ neutron_service_name }}" + system_user: root + system_group: root + service_home: "{{ neutron_system_home_folder }}" + when: + - neutron_services['calico-dhcp-agent']['group'] in group_names + - neutron_services['calico-dhcp-agent'].service_en | bool + tags: + - upstart-init diff --git a/tasks/main.yml b/tasks/main.yml index 3984658f..2b08f912 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -79,6 +79,10 @@ - include: neutron_init.yml tags: - neutron-install +- include: calico_init.yml + when: neutron_plugin_type == 'ml2.calico' + tags: + - neutron-install - include: neutron_db_setup.yml when: diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml index 37d2ef53..e38e19cd 100644 --- a/tasks/neutron_post_install.yml +++ b/tasks/neutron_post_install.yml @@ -62,6 +62,10 @@ when: > neutron_services['neutron-dhcp-agent']['group'] in group_names +- name: Setup Calico config + include: calico_config.yml + when: neutron_plugin_type == 'ml2.calico' + - name: Generate neutron agent only Config config_template: src: "{{ item.value.service_conf }}.j2" diff --git a/templates/felix.cfg.j2 b/templates/felix.cfg.j2 new file mode 100644 index 00000000..8f5f8525 --- /dev/null +++ b/templates/felix.cfg.j2 @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[global] +MetadataAddr = {{ internal_lb_vip_address }} diff --git a/templates/plugins/ml2/ml2_conf.ini.j2 b/templates/plugins/ml2/ml2_conf.ini.j2 index aabe89ef..87a084be 100644 --- a/templates/plugins/ml2/ml2_conf.ini.j2 +++ b/templates/plugins/ml2/ml2_conf.ini.j2 @@ -3,7 +3,7 @@ # ML2 general [ml2] type_drivers = {{ neutron_plugins[neutron_plugin_type].drivers_type }} -tenant_network_types = {{ neutron_provider_networks.network_types }} +tenant_network_types = {{ neutron_provider_networks.network_types if neutron_provider_networks.network_types != '' else 'local' }} mechanism_drivers = {{ neutron_plugins[neutron_plugin_type].mechanisms }} extension_drivers = port_security{% if 'qos' in neutron_plugin_base %},qos{% endif %} diff --git a/tests/ansible-role-requirements.yml b/tests/ansible-role-requirements.yml index 855cce0a..4f686169 100644 --- a/tests/ansible-role-requirements.yml +++ b/tests/ansible-role-requirements.yml @@ -42,3 +42,11 @@ src: https://git.openstack.org/openstack/openstack-ansible-rabbitmq_server scm: git version: master +- name: bird + scm: git + src: https://github.com/logan2211/ansible-bird + version: master +- name: etcd + scm: git + src: https://github.com/logan2211/ansible-etcd + version: master