crowbar · ghost · Apr 18, 2019 · hound · Apr 18, 2019 · hound
diff --git a/chef/cookbooks/neutron/attributes/default.rb b/chef/cookbooks/neutron/attributes/default.rb
@@ -66,6 +66,11 @@
 default[:neutron][:ssl][:cert_required] = false
 default[:neutron][:ssl][:ca_certs] = "/etc/neutron/ssl/certs/ca.pem"
 
+default[:neutron][:contrail][:api_server_ip] = ""
+default[:neutron][:contrail][:api_server_port] = 8082
+default[:neutron][:contrail][:analytics_server_ip] = ""
+default[:neutron][:contrail][:analytics_server_port] = 8081
+
 default[:neutron][:apic][:system_id] = "soc"
 default[:neutron][:apic][:hosts] = ""
 default[:neutron][:apic][:username] = "admin"

diff --git a/chef/cookbooks/neutron/recipes/common_agent.rb b/chef/cookbooks/neutron/recipes/common_agent.rb
@@ -86,6 +86,9 @@
     (neutron[:neutron][:ml2_mechanism_drivers].include?("cisco_apic_ml2") ||
     neutron[:neutron][:ml2_mechanism_drivers].include?("apic_gbp"))
 
+return if neutron[:neutron][:networking_plugin] == "ml2" &&
+    neutron[:neutron][:ml2_mechanism_drivers].include?("contrail")
+
 multiple_external_networks = !neutron[:neutron][:additional_external_networks].empty?
 
 # openvswitch configuration specific to ML2

diff --git a/chef/cookbooks/neutron/recipes/common_config.rb b/chef/cookbooks/neutron/recipes/common_config.rb
@@ -81,27 +81,38 @@
 nova_config = Barclamp::Config.load("openstack", "nova")
 nova_insecure = CrowbarOpenStackHelper.insecure(nova_config) || keystone_settings["insecure"]
 
-service_plugins = ["neutron.services.metering.metering_plugin.MeteringPlugin",
-                   "neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin"]
-if neutron[:neutron][:use_lbaas]
-  service_plugins.push("neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2")
+if neutron[:neutron][:networking_plugin] == "ml2" &&
+  neutron[:neutron][:ml2_mechanism_drivers].include?("contrail")
+  service_plugins = "neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2"
+  core_plugin = "neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2"
+  api_extensions_path = "/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions"
+else
+  service_plugins = ["neutron.services.metering.metering_plugin.MeteringPlugin",
+                     "neutron_fwaas.services.firewall.fwaas_plugin.FirewallPlugin"]
+  if neutron[:neutron][:use_lbaas]
+    service_plugins.push("neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2")
+  end
+  core_plugin = neutron[:neutron][:networking_plugin]
+  api_extensions_path = nil
 end
 
 if neutron[:neutron][:networking_plugin] == "ml2"
-  service_plugins.unshift("neutron.services.l3_router.l3_router_plugin.L3RouterPlugin")
+  unless neutron[:neutron][:ml2_mechanism_drivers].include?("contrail")
+    service_plugins.unshift("neutron.services.l3_router.l3_router_plugin.L3RouterPlugin")
 
-  if neutron[:neutron][:ml2_mechanism_drivers].include?("linuxbridge") ||
-      neutron[:neutron][:ml2_mechanism_drivers].include?("openvswitch")
-    service_plugins.push("neutron.services.trunk.plugin.TrunkPlugin")
-  end
+    if neutron[:neutron][:ml2_mechanism_drivers].include?("linuxbridge") ||
+        neutron[:neutron][:ml2_mechanism_drivers].include?("openvswitch")
+      service_plugins.push("neutron.services.trunk.plugin.TrunkPlugin")
+    end
 
-  if neutron[:neutron][:ml2_mechanism_drivers].include?("cisco_apic_ml2")
-    service_plugins = ["cisco_apic_l3"]
-  elsif neutron[:neutron][:ml2_mechanism_drivers].include?("apic_gbp")
-    service_plugins = ["group_policy", "servicechain", "apic_gbp_l3"]
+    if neutron[:neutron][:ml2_mechanism_drivers].include?("cisco_apic_ml2")
+      service_plugins = ["cisco_apic_l3"]
+    elsif neutron[:neutron][:ml2_mechanism_drivers].include?("apic_gbp")
+      service_plugins = ["group_policy", "servicechain", "apic_gbp_l3"]
+    end
+    service_plugins = service_plugins.join(", ")
   end
 end
-service_plugins = service_plugins.join(", ")
 
 network_nodes_count = neutron[:neutron][:elements]["neutron-network"].count
 if neutron[:neutron][:elements_expanded]
@@ -147,7 +158,7 @@
       ssl_cert_required: neutron[:neutron][:ssl][:cert_required],
       ssl_ca_file: neutron[:neutron][:ssl][:ca_certs],
       nova_insecure: nova_insecure,
-      core_plugin: neutron[:neutron][:networking_plugin],
+      core_plugin: core_plugin,
       service_plugins: service_plugins,
       allow_overlapping_ips: neutron[:neutron][:allow_overlapping_ips],
       dvr_enabled: neutron[:neutron][:use_dvr],
@@ -158,7 +169,8 @@
       ipam_driver: ipam_driver,
       rpc_workers: neutron[:neutron][:rpc_workers],
       use_apic_gbp: use_apic_gbp,
-      default_log_levels: neutron[:neutron][:default_log_levels]
+      default_log_levels: neutron[:neutron][:default_log_levels],
+      api_extensions_path: api_extensions_path
     )
 end
 

diff --git a/chef/cookbooks/neutron/recipes/contrail_agents.rb b/chef/cookbooks/neutron/recipes/contrail_agents.rb
@@ -0,0 +1,15 @@
+neutron = node
+ml2_mech_drivers = neutron[:neutron][:ml2_mechanism_drivers]
+
+return unless ml2_mech_drivers.include?("contrail")
+
+if node.roles.include?("neutron-network")
+  # Explicitly stop and disable dhcp and lbaas agents
+  service node[:neutron][:platform][:dhcp_agent_name] do
+    action [:disable, :stop]
+  end
+
+  service node[:neutron][:platform][:lbaas_agent_name] do
+    action [:disable, :stop]
+  end
+end
diff --git a/chef/cookbooks/neutron/recipes/network_agents.rb b/chef/cookbooks/neutron/recipes/network_agents.rb
@@ -261,16 +261,19 @@
   end
 end
 
-service node[:neutron][:platform][:dhcp_agent_name] do
-  supports status: true, restart: true
-  action [:enable, :start]
-  subscribes :restart, resources(template: node[:neutron][:config_file])
-  subscribes :restart, resources(template: node[:neutron][:dhcp_agent_config_file])
-  subscribes :restart, resources(file: "/etc/neutron/dhcp_agent.ini")
-  provider Chef::Provider::CrowbarPacemakerService if use_crowbar_pacemaker_service
-end
-utils_systemd_service_restart node[:neutron][:platform][:dhcp_agent_name] do
-  action use_crowbar_pacemaker_service ? :disable : :enable
+
+unless node[:neutron][:ml2_mechanism_drivers].include?("contrail")
+  service node[:neutron][:platform][:dhcp_agent_name] do
+    supports status: true, restart: true
+    action [:enable, :start]
+    subscribes :restart, resources(template: node[:neutron][:config_file])
+    subscribes :restart, resources(template: node[:neutron][:dhcp_agent_config_file])
+    subscribes :restart, resources(file: "/etc/neutron/dhcp_agent.ini")
+    provider Chef::Provider::CrowbarPacemakerService if use_crowbar_pacemaker_service
+  end
+  utils_systemd_service_restart node[:neutron][:platform][:dhcp_agent_name] do
+    action use_crowbar_pacemaker_service ? :disable : :enable
+  end
 end
 
 if ha_enabled

diff --git a/chef/cookbooks/neutron/recipes/server.rb b/chef/cookbooks/neutron/recipes/server.rb
@@ -170,29 +170,46 @@
             "# See /etc/neutron/README.config for more details.\n"
   end
 
-  template node[:neutron][:ml2_config_file] do
-    source "ml2_conf.ini.erb"
-    owner "root"
-    group node[:neutron][:platform][:group]
-    mode "0640"
-    variables(
-      ml2_mechanism_drivers: ml2_mechanism_drivers,
-      ml2_extension_drivers: ml2_extension_drivers,
-      ml2_type_drivers: ml2_type_drivers,
-      tenant_network_types: tenant_network_types,
-      vlan_start: vlan_start,
-      vlan_end: vlan_end,
-      gre_start: gre_start,
-      gre_end: gre_end,
-      vxlan_start: vni_start,
-      vxlan_end: vni_end,
-      vxlan_mcast_group: node[:neutron][:vxlan][:multicast_group],
-      external_networks: physnets,
-      mtu_value: mtu_value,
-      l2pop_agent_boot_time: node[:neutron][:l2pop][:agent_boot_time],
-      vmware_dvs_config: node[:neutron][:vmware_dvs]
-    )
-    notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]"
+  if ml2_mech_drivers.include?("contrail")
+    template node[:neutron][:ml2_config_file] do
+      source "ml2_conf.ini.erb"
+      owner "root"
+      group node[:neutron][:platform][:group]
+      mode "0640"
+      variables(
+        ml2_mechanism_drivers: ml2_mechanism_drivers,
+        api_server_ip: node[:neutron][:contrail][:api_server_ip],
+        api_server_port: node[:neutron][:contrail][:api_server_port],
+        analytics_server_ip: node[:neutron][:contrail][:analytics_server_ip],
+        analytics_server_port: node[:neutron][:contrail][:analytics_server_port]
+      )
+      notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]"
+    end
+  else
+    template node[:neutron][:ml2_config_file] do
+      source "ml2_conf.ini.erb"
+      owner "root"
+      group node[:neutron][:platform][:group]
+      mode "0640"
+      variables(
+        ml2_mechanism_drivers: ml2_mechanism_drivers,
+        ml2_extension_drivers: ml2_extension_drivers,
+        ml2_type_drivers: ml2_type_drivers,
+        tenant_network_types: tenant_network_types,
+        vlan_start: vlan_start,
+        vlan_end: vlan_end,
+        gre_start: gre_start,
+        gre_end: gre_end,
+        vxlan_start: vni_start,
+        vxlan_end: vni_end,
+        vxlan_mcast_group: node[:neutron][:vxlan][:multicast_group],
+        external_networks: physnets,
+        mtu_value: mtu_value,
+        l2pop_agent_boot_time: node[:neutron][:l2pop][:agent_boot_time],
+        vmware_dvs_config: node[:neutron][:vmware_dvs]
+      )
+      notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]"
+    end
   end
 when "vmware"
   directory "/etc/neutron/plugins/vmware/" do
@@ -372,6 +389,13 @@
   end
 end
 
+if node[:neutron][:networking_plugin] == "ml2"
+  if node[:neutron][:ml2_mechanism_drivers].include?("contrail")
+    include_recipe "neutron::contrail_agents"
+  end
+end
+
+
 crowbar_pacemaker_sync_mark "create-neutron_db_sync" if ha_enabled
 
 use_crowbar_pacemaker_service = ha_enabled && node[:pacemaker][:clone_stateless_services]

diff --git a/chef/cookbooks/neutron/templates/default/ml2_conf.ini.erb b/chef/cookbooks/neutron/templates/default/ml2_conf.ini.erb
@@ -1,3 +1,15 @@
+<% if @ml2_mechanism_drivers.include?("contrail") -%>
+[APISERVER]
+api_server_ip = <%= @api_server_ip %>
+api_server_port = <%= @api_server_port %>
+multi_tenancy = True
+contrail_extensions = ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None
+
+
+[COLLECTOR]
+analytics_api_ip = <%= @analytics_server_ip %>
+analytics_api_port = <%= @analytics_server_port %>
+<% else -%>
 [DEFAULT]
 [ml2]
 type_drivers = <%= @ml2_type_drivers.join(",") %>,flat
@@ -46,3 +58,4 @@ agent_boot_time = <%= @l2pop_agent_boot_time %>
 clean_on_restart = <%= @vmware_dvs_config[:clean_on_restart] ? 'True' : 'False' %>
 precreate_networks = <%= @vmware_dvs_config[:precreate_networks] ? 'True' : 'False' %>
 <% end -%>
+<% end -%>
diff --git a/chef/cookbooks/neutron/templates/default/neutron.conf.erb b/chef/cookbooks/neutron/templates/default/neutron.conf.erb
@@ -28,6 +28,12 @@ wsgi_keep_alive = false
 <% unless @default_log_levels.length.zero? -%>
 default_log_levels = <%= @default_log_levels.join(", ") %>
 <% end -%>
+<% unless @api_extensions_path.nil? -%>
+api_extensions_path = <%= @api_extensions_path %>
+
+[QUOTAS]
+quota_driver = neutron_plugin_contrail.plugins.opencontrail.quota.driver.QuotaDriver
+<% end -%>
 
 [agent]
 root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf

diff --git a/chef/cookbooks/nova/recipes/config.rb b/chef/cookbooks/nova/recipes/config.rb
@@ -155,12 +155,14 @@
   neutron_service_password = neutron_server[:neutron][:service_password]
   neutron_ml2_drivers = neutron_server[:neutron][:ml2_type_drivers]
   neutron_has_tunnel = neutron_ml2_drivers.include?("gre") || neutron_ml2_drivers.include?("vxlan")
+  neutron_contrail = neutron_server[:neutron][:ml2_mechanism_drivers].include?("contrail")
 else
   neutron_server_host = nil
   neutron_server_port = nil
   neutron_service_user = nil
   neutron_service_password = nil
   neutron_has_tunnel = false
+  neutron_contrail = false
 end
 
 neutron_config = Barclamp::Config.load("openstack", "neutron", node[:nova][:neutron_instance])
@@ -403,6 +405,7 @@
     neutron_service_user: neutron_service_user,
     neutron_service_password: neutron_service_password,
     neutron_has_tunnel: neutron_has_tunnel,
+    neutron_contrail: neutron_contrail,
     keystone_settings: keystone_settings,
     profiler_settings: profiler_settings,
     cinder_insecure: cinder_insecure,

diff --git a/chef/cookbooks/nova/templates/default/nova.conf.erb b/chef/cookbooks/nova/templates/default/nova.conf.erb
@@ -81,6 +81,9 @@ zvm_user_default_privilege = <%= node[:nova][:zvm][:zvm_user_default_privilege]
 <% unless @default_log_levels.length.zero? -%>
 default_log_levels = <%= @default_log_levels.join(", ") %>
 <% end -%>
+<% if @neutron_contrail %>
+use_forwarded_for = True
+<% end %>
 
 [api]
 auth_strategy = keystone

diff --git a/chef/data_bags/crowbar/migrate/neutron/213_add_contrail_attributes.rb b/chef/data_bags/crowbar/migrate/neutron/213_add_contrail_attributes.rb
@@ -0,0 +1,13 @@
+def upgrade ta, td, a, d
+  a["contrail"] = {}
+  a["contrail"]["api_server_ip"] = ta["contrail"]["api_server_ip"]
+  a["contrail"]["api_server_port"] = ta["contrail"]["api_server_port"]
+  a["contrail"]["analytics_server_ip"] = ta["contrail"]["analytics_server_ip"]
+  a["contrail"]["analytics_server_port"] = ta["contrail"]["analytics_server_port"]
+  return a, d
+end
+
+def downgrade ta, td, a, d
+  a.delete("contrail")
+  return a, d
+end
diff --git a/chef/data_bags/crowbar/template-neutron.json b/chef/data_bags/crowbar/template-neutron.json
@@ -126,6 +126,12 @@
         "tz_uuid": "",
         "l3_gw_uuid": ""
       },
+      "contrail": {
+        "api_server_ip": "",
+        "api_server_port": 8082,
+        "analytics_server_ip": "",
+        "analytics_server_port": 8081
+      },
       "vmware_dvs": {
         "clean_on_restart": true,
         "precreate_networks": false
@@ -189,7 +195,7 @@
     "neutron": {
       "crowbar-revision": 0,
       "crowbar-applied": false,
-      "schema-revision": 212,
+      "schema-revision": 213,
       "element_states": {
         "neutron-server": [ "readying", "ready", "applying" ],
         "neutron-network": [ "readying", "ready", "applying" ],

diff --git a/chef/data_bags/crowbar/template-neutron.schema b/chef/data_bags/crowbar/template-neutron.schema
@@ -151,6 +151,12 @@
                       "tz_uuid": { "type" : "str", "required" : true },
                       "l3_gw_uuid": { "type" : "str", "required" : true }
                     }},
+                    "contrail": { "type": "map", "required": true, "mapping": {
+                      "api_server_ip": { "type" : "str", "required" : true },
+                      "api_server_port": { "type" : "int", "required" : true },
+                      "analytics_server_ip": { "type" : "str", "required" : true },
+                      "analytics_server_port": { "type" : "int", "required" : true }
+                    }},
                     "vmware_dvs": { "type": "map", "required": true, "mapping": {
                       "clean_on_restart": { "type" : "bool", "required" : true },
                       "precreate_networks": { "type" : "bool", "required" : true }

diff --git a/crowbar_framework/app/models/neutron_service.rb b/crowbar_framework/app/models/neutron_service.rb
@@ -37,7 +37,7 @@ def self.networking_ml2_type_drivers_valid
   end
 
   def self.networking_ml2_mechanism_drivers_valid
-    ["linuxbridge", "openvswitch", "cisco_nexus", "vmware_dvs", "cisco_apic_ml2", "apic_gbp"]
+    ["linuxbridge", "openvswitch", "cisco_nexus", "vmware_dvs", "cisco_apic_ml2", "apic_gbp", "contrail"]
   end
 
   class << self

diff --git a/crowbar_framework/config/locales/neutron/en.yml b/crowbar_framework/config/locales/neutron/en.yml
@@ -85,6 +85,11 @@ en:
           controllers: 'VMware NSX Controllers'
           tz_uuid: 'UUID of the NSX Transport Zone'
           l3_gw_uuid: 'UUID of the NSX Gateway Service'
+        contrail:
+          api_server_ip: 'Contrail controller API server IP address'
+          api_server_port: 'Contrail controller API server IP port'
+          analytics_server_ip: 'Contrail controller Analytics server IP address'
+          analytics_server_ip: 'Contrail controller Analytics server port'
         zvm_header: 'z/VM Configuration'
         zvm:
           zvm_xcat_server: 'xCAT Host/IP Address'