7dce6e2b07
- This commit adds a new ML2 backend that uses OpenDaylight SDN Controller and networking-odl to handle neutron networking. - Installation of OpenDaylight uses the official ansible-opendaylight Ansible role. - It requires OpenvSwitch as traffic forwarder. - New test scenario for OpenDaylight Change-Id: I67083992660a1aca4b6edd5ecf4f28113c0e547f
3.7 KiB
Scenario - OpenDaylight and Open vSwitch
Overview
Deployers can choose to enhance neutron capabilities by means of the OpenDaylight SDN Controller, which works together with Open vSwitch to provide advanced networking capabilities. This document explains how to use them in your environment.
Recommended reading
Since this is an extension of the basic Open vSwitch scenario, it is worth reading that scenario to get some background. It is also recommended to be familiar with OpenDaylight and networking-odl projects and their configuration.
Prerequisites
The OpenDaylight Ansible role needs to be available in Ansible's role path.
OpenStack-Ansible user variables
Set the following user variables in your
/etc/openstack_deploy/user_variables.yml:
### Ensure the openvswitch kernel module is loaded
openstack_host_specific_kernel_modules:
- name: "openvswitch"
pattern: "CONFIG_OPENVSWITCH"
group: "network_hosts"
### Use OpenDaylight SDN Controller
neutron_plugin_type: "ml2.opendaylight"
odl_ip: "{{ hostvars[groups['opendaylight'][0]]['ansible_default_ipv4']['address'] }}"
neutron_opendaylight_conf_ini_overrides:
ml2_odl:
url: "http://{{ odl_ip }}:8080/controller/nb/v2/neutron"
username: <username>
password: <password>Most of the content of this file is self-explanatory. The first block is used to deploy Open vSwitch in all network hosts.
The second block is instructing Ansible to deploy OpenDaylight SDN
Controller. This is done by specifying neutron_plugin_type
to ml2.opendaylight. The IP address of the OpenDaylight
controller needs to be inferred from the deployment configuration as
well. That can be used with a line such as the one in the example.
After that, some configuration is needed to integrate OpenDaylight
and Neutron, using the ml2_odl section.
- url: OpenDaylight's northbound url. This is automatically retrieved from the deployment configuration, so just need to copy the example line.
- username: OpenDaylight northbound API username
- password: OpenDaylight northbound API password for <username>
Apart from these options, the deployer might want to change the
installation method for OpenDaylight Ansible role. This role uses
pre-packaged binaries, which can be either deb or
rpm files, and by default it will download these binaries
from OpenDaylight repositories, trying to guess the correct package
depending on the underlying operating system.
Also, the set of features that will be enabled in the OpenDaylight
SDN controller defaults to odl-netvirt-openstack, which is
the minimum for an OpenStack integration. The deployer can modify this
value by providing a list of feature names in the
opendaylight_extra_features variable.
For more information, see OpenDaylight Ansible role documentation.
Security information
Communications between the OpenDaylight SDN Controller and Open vSwitch are not secured by default. For further information on securing this interface, see these manuals:
TLS Support on OpenDaylight OpenFlow plugin:
https://wiki.opendaylight.org/view/OpenDaylight_OpenFlow_Plugin:_TLS_Support
Secure Communication Between OpenFlow Switches and Controllers
https://www.thinkmind.org/download.php?articleid=afin_2015_2_30_40047