diff --git a/chef/cookbooks/neutron/attributes/default.rb b/chef/cookbooks/neutron/attributes/default.rb index 59cd5b8096..0d84296491 100644 --- a/chef/cookbooks/neutron/attributes/default.rb +++ b/chef/cookbooks/neutron/attributes/default.rb @@ -66,6 +66,11 @@ default[:neutron][:ssl][:cert_required] = false default[:neutron][:ssl][:ca_certs] = "/etc/neutron/ssl/certs/ca.pem" +default[:neutron][:contrail][:api_server_ip] = "" +default[:neutron][:contrail][:api_server_port] = 8082 +default[:neutron][:contrail][:analytics_server_ip] = "" +default[:neutron][:contrail][:analytics_server_port] = 8081 + default[:neutron][:apic][:system_id] = "soc" default[:neutron][:apic][:hosts] = "" default[:neutron][:apic][:username] = "admin" diff --git a/chef/cookbooks/neutron/recipes/common_agent.rb b/chef/cookbooks/neutron/recipes/common_agent.rb index 4a0cc06fd9..61cf3ce9aa 100644 --- a/chef/cookbooks/neutron/recipes/common_agent.rb +++ b/chef/cookbooks/neutron/recipes/common_agent.rb @@ -86,6 +86,9 @@ (neutron[:neutron][:ml2_mechanism_drivers].include?("cisco_apic_ml2") || neutron[:neutron][:ml2_mechanism_drivers].include?("apic_gbp")) +return if neutron[:neutron][:networking_plugin] == "ml2" && + neutron[:neutron][:ml2_mechanism_drivers].include?("contrail") + multiple_external_networks = !neutron[:neutron][:additional_external_networks].empty? # openvswitch configuration specific to ML2 diff --git a/chef/cookbooks/neutron/recipes/common_config.rb b/chef/cookbooks/neutron/recipes/common_config.rb index 55391e6eb6..e858b7fe60 100644 --- a/chef/cookbooks/neutron/recipes/common_config.rb +++ b/chef/cookbooks/neutron/recipes/common_config.rb @@ -81,27 +81,38 @@ nova_config = Barclamp::Config.load("openstack", "nova") nova_insecure = CrowbarOpenStackHelper.insecure(nova_config) || keystone_settings["insecure"] -service_plugins = ["neutron.services.metering.metering_plugin.MeteringPlugin", - "neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin"] -if neutron[:neutron][:use_lbaas] - service_plugins.push("neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2") +if neutron[:neutron][:networking_plugin] == "ml2" && + neutron[:neutron][:ml2_mechanism_drivers].include?("contrail") + service_plugins = "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2" + core_plugin = "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2" + api_extensions_path = "/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions" +else + service_plugins = ["neutron.services.metering.metering_plugin.MeteringPlugin", + "neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin"] + if neutron[:neutron][:use_lbaas] + service_plugins.push("neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2") + end + core_plugin = neutron[:neutron][:networking_plugin] + api_extensions_path = nil end if neutron[:neutron][:networking_plugin] == "ml2" - service_plugins.unshift("neutron.services.l3_router.l3_router_plugin.L3RouterPlugin") + unless neutron[:neutron][:ml2_mechanism_drivers].include?("contrail") + service_plugins.unshift("neutron.services.l3_router.l3_router_plugin.L3RouterPlugin") - if neutron[:neutron][:ml2_mechanism_drivers].include?("linuxbridge") || - neutron[:neutron][:ml2_mechanism_drivers].include?("openvswitch") - service_plugins.push("neutron.services.trunk.plugin.TrunkPlugin") - end + if neutron[:neutron][:ml2_mechanism_drivers].include?("linuxbridge") || + neutron[:neutron][:ml2_mechanism_drivers].include?("openvswitch") + service_plugins.push("neutron.services.trunk.plugin.TrunkPlugin") + end - if neutron[:neutron][:ml2_mechanism_drivers].include?("cisco_apic_ml2") - service_plugins = ["cisco_apic_l3"] - elsif neutron[:neutron][:ml2_mechanism_drivers].include?("apic_gbp") - service_plugins = ["group_policy", "servicechain", "apic_gbp_l3"] + if neutron[:neutron][:ml2_mechanism_drivers].include?("cisco_apic_ml2") + service_plugins = ["cisco_apic_l3"] + elsif neutron[:neutron][:ml2_mechanism_drivers].include?("apic_gbp") + service_plugins = ["group_policy", "servicechain", "apic_gbp_l3"] + end + service_plugins = service_plugins.join(", ") end end -service_plugins = service_plugins.join(", ") network_nodes_count = neutron[:neutron][:elements]["neutron-network"].count if neutron[:neutron][:elements_expanded] @@ -147,7 +158,7 @@ ssl_cert_required: neutron[:neutron][:ssl][:cert_required], ssl_ca_file: neutron[:neutron][:ssl][:ca_certs], nova_insecure: nova_insecure, - core_plugin: neutron[:neutron][:networking_plugin], + core_plugin: core_plugin, service_plugins: service_plugins, allow_overlapping_ips: neutron[:neutron][:allow_overlapping_ips], dvr_enabled: neutron[:neutron][:use_dvr], @@ -158,7 +169,8 @@ ipam_driver: ipam_driver, rpc_workers: neutron[:neutron][:rpc_workers], use_apic_gbp: use_apic_gbp, - default_log_levels: neutron[:neutron][:default_log_levels] + default_log_levels: neutron[:neutron][:default_log_levels], + api_extensions_path: api_extensions_path ) end diff --git a/chef/cookbooks/neutron/recipes/contrail_agents.rb b/chef/cookbooks/neutron/recipes/contrail_agents.rb new file mode 100644 index 0000000000..7d90984023 --- /dev/null +++ b/chef/cookbooks/neutron/recipes/contrail_agents.rb @@ -0,0 +1,15 @@ +neutron = node +ml2_mech_drivers = neutron[:neutron][:ml2_mechanism_drivers] + +return unless ml2_mech_drivers.include?("contrail") + +if node.roles.include?("neutron-network") + # Explicitly stop and disable dhcp and lbaas agents + service node[:neutron][:platform][:dhcp_agent_name] do + action [:disable, :stop] + end + + service node[:neutron][:platform][:lbaas_agent_name] do + action [:disable, :stop] + end +end diff --git a/chef/cookbooks/neutron/recipes/network_agents.rb b/chef/cookbooks/neutron/recipes/network_agents.rb index c51e5227c5..39d1ed2dab 100644 --- a/chef/cookbooks/neutron/recipes/network_agents.rb +++ b/chef/cookbooks/neutron/recipes/network_agents.rb @@ -261,16 +261,19 @@ end end -service node[:neutron][:platform][:dhcp_agent_name] do - supports status: true, restart: true - action [:enable, :start] - subscribes :restart, resources(template: node[:neutron][:config_file]) - subscribes :restart, resources(template: node[:neutron][:dhcp_agent_config_file]) - subscribes :restart, resources(file: "/etc/neutron/dhcp_agent.ini") - provider Chef::Provider::CrowbarPacemakerService if use_crowbar_pacemaker_service -end -utils_systemd_service_restart node[:neutron][:platform][:dhcp_agent_name] do - action use_crowbar_pacemaker_service ? :disable : :enable + +unless node[:neutron][:ml2_mechanism_drivers].include?("contrail") + service node[:neutron][:platform][:dhcp_agent_name] do + supports status: true, restart: true + action [:enable, :start] + subscribes :restart, resources(template: node[:neutron][:config_file]) + subscribes :restart, resources(template: node[:neutron][:dhcp_agent_config_file]) + subscribes :restart, resources(file: "/etc/neutron/dhcp_agent.ini") + provider Chef::Provider::CrowbarPacemakerService if use_crowbar_pacemaker_service + end + utils_systemd_service_restart node[:neutron][:platform][:dhcp_agent_name] do + action use_crowbar_pacemaker_service ? :disable : :enable + end end if ha_enabled diff --git a/chef/cookbooks/neutron/recipes/server.rb b/chef/cookbooks/neutron/recipes/server.rb index 60a2ff7904..5813c861c0 100644 --- a/chef/cookbooks/neutron/recipes/server.rb +++ b/chef/cookbooks/neutron/recipes/server.rb @@ -170,29 +170,46 @@ "# See /etc/neutron/README.config for more details.\n" end - template node[:neutron][:ml2_config_file] do - source "ml2_conf.ini.erb" - owner "root" - group node[:neutron][:platform][:group] - mode "0640" - variables( - ml2_mechanism_drivers: ml2_mechanism_drivers, - ml2_extension_drivers: ml2_extension_drivers, - ml2_type_drivers: ml2_type_drivers, - tenant_network_types: tenant_network_types, - vlan_start: vlan_start, - vlan_end: vlan_end, - gre_start: gre_start, - gre_end: gre_end, - vxlan_start: vni_start, - vxlan_end: vni_end, - vxlan_mcast_group: node[:neutron][:vxlan][:multicast_group], - external_networks: physnets, - mtu_value: mtu_value, - l2pop_agent_boot_time: node[:neutron][:l2pop][:agent_boot_time], - vmware_dvs_config: node[:neutron][:vmware_dvs] - ) - notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]" + if ml2_mech_drivers.include?("contrail") + template node[:neutron][:ml2_config_file] do + source "ml2_conf.ini.erb" + owner "root" + group node[:neutron][:platform][:group] + mode "0640" + variables( + ml2_mechanism_drivers: ml2_mechanism_drivers, + api_server_ip: node[:neutron][:contrail][:api_server_ip], + api_server_port: node[:neutron][:contrail][:api_server_port], + analytics_server_ip: node[:neutron][:contrail][:analytics_server_ip], + analytics_server_port: node[:neutron][:contrail][:analytics_server_port] + ) + notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]" + end + else + template node[:neutron][:ml2_config_file] do + source "ml2_conf.ini.erb" + owner "root" + group node[:neutron][:platform][:group] + mode "0640" + variables( + ml2_mechanism_drivers: ml2_mechanism_drivers, + ml2_extension_drivers: ml2_extension_drivers, + ml2_type_drivers: ml2_type_drivers, + tenant_network_types: tenant_network_types, + vlan_start: vlan_start, + vlan_end: vlan_end, + gre_start: gre_start, + gre_end: gre_end, + vxlan_start: vni_start, + vxlan_end: vni_end, + vxlan_mcast_group: node[:neutron][:vxlan][:multicast_group], + external_networks: physnets, + mtu_value: mtu_value, + l2pop_agent_boot_time: node[:neutron][:l2pop][:agent_boot_time], + vmware_dvs_config: node[:neutron][:vmware_dvs] + ) + notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]" + end end when "vmware" directory "/etc/neutron/plugins/vmware/" do @@ -372,6 +389,13 @@ end end +if node[:neutron][:networking_plugin] == "ml2" + if node[:neutron][:ml2_mechanism_drivers].include?("contrail") + include_recipe "neutron::contrail_agents" + end +end + + crowbar_pacemaker_sync_mark "create-neutron_db_sync" if ha_enabled use_crowbar_pacemaker_service = ha_enabled && node[:pacemaker][:clone_stateless_services] diff --git a/chef/cookbooks/neutron/templates/default/ml2_conf.ini.erb b/chef/cookbooks/neutron/templates/default/ml2_conf.ini.erb index ea81eb4de1..72d397932e 100644 --- a/chef/cookbooks/neutron/templates/default/ml2_conf.ini.erb +++ b/chef/cookbooks/neutron/templates/default/ml2_conf.ini.erb @@ -1,3 +1,15 @@ +<% if @ml2_mechanism_drivers.include?("contrail") -%> +[APISERVER] +api_server_ip = <%= @api_server_ip %> +api_server_port = <%= @api_server_port %> +multi_tenancy = True +contrail_extensions = ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None + + +[COLLECTOR] +analytics_api_ip = <%= @analytics_server_ip %> +analytics_api_port = <%= @analytics_server_port %> +<% else -%> [DEFAULT] [ml2] type_drivers = <%= @ml2_type_drivers.join(",") %>,flat @@ -46,3 +58,4 @@ agent_boot_time = <%= @l2pop_agent_boot_time %> clean_on_restart = <%= @vmware_dvs_config[:clean_on_restart] ? 'True' : 'False' %> precreate_networks = <%= @vmware_dvs_config[:precreate_networks] ? 'True' : 'False' %> <% end -%> +<% end -%> diff --git a/chef/cookbooks/neutron/templates/default/neutron.conf.erb b/chef/cookbooks/neutron/templates/default/neutron.conf.erb index 295e57b9f1..a26cf6156c 100644 --- a/chef/cookbooks/neutron/templates/default/neutron.conf.erb +++ b/chef/cookbooks/neutron/templates/default/neutron.conf.erb @@ -28,6 +28,12 @@ wsgi_keep_alive = false <% unless @default_log_levels.length.zero? -%> default_log_levels = <%= @default_log_levels.join(", ") %> <% end -%> +<% unless @api_extensions_path.nil? -%> +api_extensions_path = <%= @api_extensions_path %> + +[QUOTAS] +quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver +<% end -%> [agent] root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf diff --git a/chef/cookbooks/nova/recipes/config.rb b/chef/cookbooks/nova/recipes/config.rb index d20109aa2e..9797cfaf55 100644 --- a/chef/cookbooks/nova/recipes/config.rb +++ b/chef/cookbooks/nova/recipes/config.rb @@ -155,12 +155,14 @@ neutron_service_password = neutron_server[:neutron][:service_password] neutron_ml2_drivers = neutron_server[:neutron][:ml2_type_drivers] neutron_has_tunnel = neutron_ml2_drivers.include?("gre") || neutron_ml2_drivers.include?("vxlan") + neutron_contrail = neutron_server[:neutron][:ml2_mechanism_drivers].include?("contrail") else neutron_server_host = nil neutron_server_port = nil neutron_service_user = nil neutron_service_password = nil neutron_has_tunnel = false + neutron_contrail = false end neutron_config = Barclamp::Config.load("openstack", "neutron", node[:nova][:neutron_instance]) @@ -403,6 +405,7 @@ neutron_service_user: neutron_service_user, neutron_service_password: neutron_service_password, neutron_has_tunnel: neutron_has_tunnel, + neutron_contrail: neutron_contrail, keystone_settings: keystone_settings, profiler_settings: profiler_settings, cinder_insecure: cinder_insecure, diff --git a/chef/cookbooks/nova/templates/default/nova.conf.erb b/chef/cookbooks/nova/templates/default/nova.conf.erb index 90e428be25..ffe6b6f09e 100644 --- a/chef/cookbooks/nova/templates/default/nova.conf.erb +++ b/chef/cookbooks/nova/templates/default/nova.conf.erb @@ -81,6 +81,9 @@ zvm_user_default_privilege = <%= node[:nova][:zvm][:zvm_user_default_privilege] <% unless @default_log_levels.length.zero? -%> default_log_levels = <%= @default_log_levels.join(", ") %> <% end -%> +<% if @neutron_contrail %> +use_forwarded_for = True +<% end %> [api] auth_strategy = keystone diff --git a/chef/data_bags/crowbar/migrate/neutron/213_add_contrail_attributes.rb b/chef/data_bags/crowbar/migrate/neutron/213_add_contrail_attributes.rb new file mode 100644 index 0000000000..eb56524b5a --- /dev/null +++ b/chef/data_bags/crowbar/migrate/neutron/213_add_contrail_attributes.rb @@ -0,0 +1,13 @@ +def upgrade ta, td, a, d + a["contrail"] = {} + a["contrail"]["api_server_ip"] = ta["contrail"]["api_server_ip"] + a["contrail"]["api_server_port"] = ta["contrail"]["api_server_port"] + a["contrail"]["analytics_server_ip"] = ta["contrail"]["analytics_server_ip"] + a["contrail"]["analytics_server_port"] = ta["contrail"]["analytics_server_port"] + return a, d +end + +def downgrade ta, td, a, d + a.delete("contrail") + return a, d +end diff --git a/chef/data_bags/crowbar/template-neutron.json b/chef/data_bags/crowbar/template-neutron.json index 5c0cfc6105..3044100125 100644 --- a/chef/data_bags/crowbar/template-neutron.json +++ b/chef/data_bags/crowbar/template-neutron.json @@ -126,6 +126,12 @@ "tz_uuid": "", "l3_gw_uuid": "" }, + "contrail": { + "api_server_ip": "", + "api_server_port": 8082, + "analytics_server_ip": "", + "analytics_server_port": 8081 + }, "vmware_dvs": { "clean_on_restart": true, "precreate_networks": false @@ -189,7 +195,7 @@ "neutron": { "crowbar-revision": 0, "crowbar-applied": false, - "schema-revision": 212, + "schema-revision": 213, "element_states": { "neutron-server": [ "readying", "ready", "applying" ], "neutron-network": [ "readying", "ready", "applying" ], diff --git a/chef/data_bags/crowbar/template-neutron.schema b/chef/data_bags/crowbar/template-neutron.schema index de98341507..481cb73d07 100644 --- a/chef/data_bags/crowbar/template-neutron.schema +++ b/chef/data_bags/crowbar/template-neutron.schema @@ -151,6 +151,12 @@ "tz_uuid": { "type" : "str", "required" : true }, "l3_gw_uuid": { "type" : "str", "required" : true } }}, + "contrail": { "type": "map", "required": true, "mapping": { + "api_server_ip": { "type" : "str", "required" : true }, + "api_server_port": { "type" : "int", "required" : true }, + "analytics_server_ip": { "type" : "str", "required" : true }, + "analytics_server_port": { "type" : "int", "required" : true } + }}, "vmware_dvs": { "type": "map", "required": true, "mapping": { "clean_on_restart": { "type" : "bool", "required" : true }, "precreate_networks": { "type" : "bool", "required" : true } diff --git a/crowbar_framework/app/models/neutron_service.rb b/crowbar_framework/app/models/neutron_service.rb index 41f9fbc206..d1479df89a 100644 --- a/crowbar_framework/app/models/neutron_service.rb +++ b/crowbar_framework/app/models/neutron_service.rb @@ -37,7 +37,7 @@ def self.networking_ml2_type_drivers_valid end def self.networking_ml2_mechanism_drivers_valid - ["linuxbridge", "openvswitch", "cisco_nexus", "vmware_dvs", "cisco_apic_ml2", "apic_gbp"] + ["linuxbridge", "openvswitch", "cisco_nexus", "vmware_dvs", "cisco_apic_ml2", "apic_gbp", "contrail"] end class << self diff --git a/crowbar_framework/config/locales/neutron/en.yml b/crowbar_framework/config/locales/neutron/en.yml index 822323bae0..0b5a8563a8 100644 --- a/crowbar_framework/config/locales/neutron/en.yml +++ b/crowbar_framework/config/locales/neutron/en.yml @@ -85,6 +85,11 @@ en: controllers: 'VMware NSX Controllers' tz_uuid: 'UUID of the NSX Transport Zone' l3_gw_uuid: 'UUID of the NSX Gateway Service' + contrail: + api_server_ip: 'Contrail controller API server IP address' + api_server_port: 'Contrail controller API server IP port' + analytics_server_ip: 'Contrail controller Analytics server IP address' + analytics_server_ip: 'Contrail controller Analytics server port' zvm_header: 'z/VM Configuration' zvm: zvm_xcat_server: 'xCAT Host/IP Address'