From d4e7dfb3768c3438ea848d4e95a5b1b078d462f6 Mon Sep 17 00:00:00 2001
From: Eduardo Gonzalez <dabarren@gmail.com>
Date: Tue, 2 May 2017 11:03:52 +0200
Subject: [PATCH] Finish/fix neutron sfc service
Neutron-sfc-agent start its functions with openvswitch.
This change moves sfc configuration into neutron-openvswitch-agent.
Rework config files to use openvswitch when sfc or openvswitch
are used as network plugin.
Also adds sfc extension_driver to ml2
Change-Id: If1ebf9554f6d686cc6d064e698a48f8a6b6172b3
Closes-Bug: #1664493
Depends-On: I60ba1333231a4ae38a041d41e551f7d74fe15e3b
---
ansible/group_vars/all.yml | 3 +-
ansible/roles/neutron/defaults/main.yml | 47 ++++++------------
ansible/roles/neutron/handlers/main.yml | 48 -------------------
.../roles/neutron/tasks/bootstrap_service.yml | 23 +++++++++
.../neutron/tasks/config-neutron-fake.yml | 20 --------
.../roles/neutron/templates/ml2_conf.ini.j2 | 4 +-
.../roles/neutron/templates/neutron.conf.j2 | 4 +-
doc/networking-guide.rst | 2 +-
etc/kolla/globals.yml | 1 +
9 files changed, 47 insertions(+), 105 deletions(-)
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index 16443a2872..aae2c1b4dc 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -122,7 +122,7 @@ bifrost_network_interface: "{{ network_interface }}"
dns_interface: "{{ network_interface }}"
tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_interface]['ipv4']['address'] }}"
-# Valid options are [ openvswitch, linuxbridge, sfc ]
+# Valid options are [ openvswitch, linuxbridge ]
neutron_plugin_agent: "openvswitch"
# The default ports used by each service.
@@ -369,6 +369,7 @@ enable_neutron_qos: "no"
enable_neutron_agent_ha: "no"
enable_neutron_bgp_dragent: "no"
enable_neutron_provider_networks: "no"
+enable_neutron_sfc: "no"
enable_nova_serialconsole_proxy: "no"
enable_octavia: "no"
enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' | bool }}"
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index d4aff655e0..db2b834adf 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -40,31 +40,6 @@ neutron_services:
- "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "kolla_logs:/var/log/kolla/"
- neutron-sfc-agent:
- container_name: "neutron_sfc_agent"
- image: "{{ neutron_sfc_agent_image_full }}"
- enabled: "{{ neutron_plugin_agent == 'sfc' }}"
- privileged: True
- host_in_groups: >-
- {{
- ( inventory_hostname in groups['compute']
- or (enable_manila | bool and inventory_hostname in groups['manila-share'])
- or inventory_hostname in groups['neutron-dhcp-agent']
- or inventory_hostname in groups['neutron-l3-agent']
- or inventory_hostname in groups['neutron-metadata-agent']
- and not enable_nova_fake | bool
- ) or
- ( inventory_hostname in groups['neutron-dhcp-agent']
- or inventory_hostname in groups['neutron-l3-agent']
- or inventory_hostname in groups['neutron-metadata-agent']
- and enable_nova_fake | bool
- )
- }}
- volumes:
- - "{{ node_config_directory }}/neutron-sfc-agent/:{{ container_config_directory }}/:ro"
- - "/etc/localtime:/etc/localtime:ro"
- - "/run:/run:shared"
- - "kolla_logs:/var/log/kolla/"
neutron-linuxbridge-agent:
container_name: "neutron_linuxbridge_agent"
image: "{{ neutron_linuxbridge_agent_image_full }}"
@@ -211,10 +186,6 @@ neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry el
neutron_openvswitch_agent_tag: "{{ neutron_tag }}"
neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}"
-neutron_sfc_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-sfc-agent"
-neutron_sfc_agent_tag: "{{ neutron_tag }}"
-neutron_sfc_agent_image_full: "{{ neutron_sfc_agent_image }}:{{ neutron_sfc_agent_tag }}"
-
neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ neutron_install_type }}-neutron-server"
neutron_server_tag: "{{ neutron_tag }}"
neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}"
@@ -252,6 +223,8 @@ extension_drivers:
enabled: true
- name: "dns"
enabled: "{{ enable_designate | bool }}"
+ - name: "sfc"
+ enabled: "{{ enable_neutron_sfc | bool }}"
neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto', true)|list }}"
@@ -260,7 +233,7 @@ neutron_extension_drivers: "{{ extension_drivers|selectattr('enabled', 'equalto'
####################
service_plugins:
- name: "flow_classifier"
- enabled: "{{ neutron_plugin_agent == 'sfc' }}"
+ enabled: "{{ enable_neutron_sfc | bool }}"
- name: "lbaasv2"
enabled: "{{ enable_neutron_lbaas | bool }}"
- name: "firewall"
@@ -272,7 +245,7 @@ service_plugins:
- name: "router"
enabled: true
- name: "sfc"
- enabled: "{{ neutron_plugin_agent == 'sfc' }}"
+ enabled: "{{ enable_neutron_sfc | bool }}"
- name: "neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin"
enabled: "{{ enable_neutron_bgp_dragent | bool }}"
@@ -289,6 +262,17 @@ neutron_notification_topics:
neutron_enabled_notification_topics: "{{ neutron_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
+####################
+# Agent Extensions
+####################
+agent_extensions:
+ - name: "qos"
+ enabled: "{{ enable_neutron_qos | bool }}"
+ - name: "sfc"
+ enabled: "{{ enable_neutron_sfc | bool }}"
+
+neutron_agent_extensions: "{{ agent_extensions | selectattr('enabled', 'equalto', true) | list }}"
+
####################
# VMware NSXV
####################
@@ -307,4 +291,3 @@ vmware_nsxv_backup_edge_pool: "service:compact:1:2"
vmware_nsxv_spoofguard_enabled: "false"
vmware_nsxv_metadata_initializer: "false"
vmware_nsxv_edge_ha: "false"
-
diff --git a/ansible/roles/neutron/handlers/main.yml b/ansible/roles/neutron/handlers/main.yml
index 5f4b2fd6ff..97a1aedc5c 100644
--- a/ansible/roles/neutron/handlers/main.yml
+++ b/ansible/roles/neutron/handlers/main.yml
@@ -82,54 +82,6 @@
or fake_neutron_ml2_conf_ini | changed
or check_fake_neutron_openvswitch_agent | changed
-- name: Restart fake neutron-sfc-agent container
- vars:
- service_name: "neutron-sfc-agent"
- service: "{{ neutron_services[service_name] }}"
- config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
- neutron_conf: "{{ neutron_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- neutron_ml2_conf: "{{ neutron_ml2_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
- neutron_sfc_agent_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
- kolla_docker:
- action: "recreate_or_restart_container"
- common_options: "{{ docker_common_options }}"
- name: "{{ service.container_name }}"
- image: "{{ service.image }}"
- volumes: "{{ service.volumes }}"
- privileged: "{{ service.privileged | default(False) }}"
- with_sequence: "start=1 end={{ num_nova_fake_per_node }}"
- when:
- - action != "config"
- - enable_nova_fake | bool
- - neutron_plugin_agent == "sfc"
- - inventory_hostname in groups["compute"]
- - fake_config_json | changed
- or fake_neutron_conf | changed
- or fake_neutron_ml2_conf_ini | changed
- or check_fake_neutron_sfc_agent | changed
-
-# TODO(Jeffrey4l): sfc do not have config.json file at all. it is not finished
-- name: Restart neutron-sfc-agent container
- vars:
- service_name: "neutron-sfc-agent"
- service: "{{ neutron_services[service_name] }}"
- config_json: "{{ neutron_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
- neutron_sfc_agent_container: "{{ check_neutron_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
- kolla_docker:
- action: "recreate_or_restart_container"
- common_options: "{{ docker_common_options }}"
- name: "{{ service.container_name }}"
- image: "{{ service.image }}"
- volumes: "{{ service.volumes }}"
- privileged: "{{ service.privileged | default(False) }}"
- when:
- - action != "config"
- - service.enabled | bool
- - service.host_in_groups | bool
- - config_json | changed
- or neutron_sfc_agent_container | changed
-
- name: Restart neutron-linuxbridge-agent container
vars:
service_name: "neutron-linuxbridge-agent"
diff --git a/ansible/roles/neutron/tasks/bootstrap_service.yml b/ansible/roles/neutron/tasks/bootstrap_service.yml
index 6773a917ab..ce205c6553 100644
--- a/ansible/roles/neutron/tasks/bootstrap_service.yml
+++ b/ansible/roles/neutron/tasks/bootstrap_service.yml
@@ -61,3 +61,26 @@
- neutron_vpnaas_agent.host_in_groups | bool
run_once: True
delegate_to: "{{ groups[neutron_vpnaas_agent.group][0] }}"
+
+- name: Running Neutron sfc bootstrap container
+ vars:
+ neutron_server: "{{ neutron_services['neutron-server'] }}"
+ kolla_docker:
+ action: "start_container"
+ common_options: "{{ docker_common_options }}"
+ detach: False
+ environment:
+ NEUTRON_SFC_BOOTSTRAP:
+ KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+ image: "{{ neutron_server.image }}"
+ labels:
+ BOOTSTRAP:
+ name: "bootstrap_neutron_sfc"
+ restart_policy: "never"
+ volumes: "{{ neutron_server.volumes }}"
+ when:
+ - enable_neutron_sfc | bool
+ - neutron_server.enabled | bool
+ - neutron_server.host_in_groups | bool
+ run_once: True
+ delegate_to: "{{ groups[neutron_server.group][0] }}"
diff --git a/ansible/roles/neutron/tasks/config-neutron-fake.yml b/ansible/roles/neutron/tasks/config-neutron-fake.yml
index e890de4a94..745566f698 100644
--- a/ansible/roles/neutron/tasks/config-neutron-fake.yml
+++ b/ansible/roles/neutron/tasks/config-neutron-fake.yml
@@ -70,23 +70,3 @@
with_sequence: "start=1 end={{ num_nova_fake_per_node }}"
notify:
- Restart fake neutron-openvswitch-agent container
-
-- name: Checking neutron-sfc-agent container for nova fake node
- vars:
- neutron_sfc_agent: "{{ neutron_services['neutron-sfc-agent'] }}"
- kolla_docker:
- action: "compare_container"
- common_options: "{{ docker_common_options }}"
- name: "{{ neutron_sfc_agent.container_name }}"
- image: "{{ neutron_sfc_agent.image }}"
- privileged: "{{ neutron_sfc_agent.privileged | default(False) }}"
- volumes: "{{ neutron_sfc_agent.volumes }}"
- register: check_fake_neutron_sfc_agent
- when:
- - action != "config"
- - enable_nova_fake | bool
- - neutron_plugin_agent == "sfc"
- - inventory_hostname in groups["compute"]
- with_sequence: "start=1 end={{ num_nova_fake_per_node }}"
- notify:
- - Restart fake neutron-sfc-agent container
diff --git a/ansible/roles/neutron/templates/ml2_conf.ini.j2 b/ansible/roles/neutron/templates/ml2_conf.ini.j2
index a20b1e32bd..054b8faa43 100644
--- a/ansible/roles/neutron/templates/ml2_conf.ini.j2
+++ b/ansible/roles/neutron/templates/ml2_conf.ini.j2
@@ -59,8 +59,8 @@ arp_responder = true
enable_distributed_routing = True
{% endif %}
-{% if enable_neutron_qos | bool %}
-extensions = qos
+{% if neutron_agent_extensions %}
+extensions = {{ neutron_agent_extensions|map(attribute='name')|join(',') }}
{% endif %}
[ovs]
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index cb474dfc69..a196d49809 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -105,10 +105,12 @@ topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join('
driver = noop
{% endif %}
-{% if neutron_plugin_agent == "sfc" %}
+{% if enable_neutron_sfc | bool %}
[sfc]
drivers = ovs
+
[flowclassifier]
+drivers = ovs
{% endif %}
{% if enable_octavia | bool %}
diff --git a/doc/networking-guide.rst b/doc/networking-guide.rst
index 3add2e3562..f9cba5875c 100644
--- a/doc/networking-guide.rst
+++ b/doc/networking-guide.rst
@@ -40,7 +40,7 @@ the following:
::
- neutron_plugin_agent: "sfc"
+ enable_neutron_sfc: "yes"
Networking-SFC is an additional Neutron plugin. For SFC to work, this plugin
has to be installed in ``neutron-server`` container as well. Modify the
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index bff5bb94fa..69d7c0be19 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -180,6 +180,7 @@ kolla_internal_vip_address: "10.10.10.254"
#enable_neutron_qos: "no"
#enable_neutron_agent_ha: "no"
#enable_neutron_vpnaas: "no"
+#enable_neutron_sfc: "no"
#enable_nova_serialconsole_proxy: "no"
#enable_octavia: "no"
#enable_openvswitch: "{{ neutron_plugin_agent != 'linuxbridge' }}"