[neutron][Cisco ACI] Multi-VMM domain support (SOC - 10471)

A Single ACI fabric can support multiple VMM domains. Each VMM domain
can be governed by a different controller (Eg: VMWare vCenter or
OpenStack or MicroSoft SCVMM). Several production data centers tend
to use multiple VMM domains and expect to be able to monitor and
control network policies from a single ACI fabric. Integration of
OpenStack with such a setup requires crowbar to provide parameters
specific to each VMM domain. This commit adds the additional
parameters and logic to validate and send these to the correct
config location. The changes now allow to provide "Vmware" or
"OpenStack" as the VMM type. Multiple entries of either types
are possible.

Author: Varadhan Veerapuram

chef/cookbooks/neutron/recipes/cisco_apic_agents.rb

@@ -132,8 +132,8 @@
 end
 utils_systemd_service_restart "neutron-opflex-agent"
 
-service "agent-ovs" do
+service "opflex-agent" do
   action [:enable, :start]
-  subscribes :restart, resources("template[#{opflex_agent_conf}]")
+  subscribes :restart, resources("template[#{node[:neutron][:opflex_config_file]}]")
 end
-utils_systemd_service_restart "agent-ovs"
+utils_systemd_service_restart "opflex-agent"

chef/cookbooks/neutron/recipes/cisco_apic_support.rb

@@ -41,6 +41,18 @@
 end
 
 aciswitches = node[:neutron][:apic][:apic_switches].to_hash
+acivmms = node[:neutron][:apic][:apic_vmms]
+
+# If using VMWare vcenter as one of the compute hosts.
+# distributed dhcp and metadata cannot work since these
+# functions conflict with vcenter functionality.
+if acivmms.find { |vmm| vmm[:vmm_type].downcase == "vmware"}
+  apic_optimized_dhcp = false 
+  apic_optimized_metadata = false
+else
+  apic_optimized_dhcp = node[:neutron][:apic][:optimized_dhcp]
+  apic_optimized_metadata = node[:neutron][:apic][:optimized_metadata]
+end
 
 template node[:neutron][:ml2_cisco_apic_config_file] do
   cookbook "neutron"
@@ -51,6 +63,9 @@
   variables(
     vpc_pairs: node[:neutron][:apic][:vpc_pairs],
     apic_switches: aciswitches,
+    optimized_dhcp: apic_optimized_dhcp,
+    optimized_metadata: apic_optimized_metadata,
+    apic_vmms: acivmms,
     ml2_mechanism_drivers: node[:neutron][:ml2_mechanism_drivers],
     policy_drivers: "implicit_policy,apic",
     default_ip_pool: "192.168.0.0/16"

chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb

@@ -2,7 +2,7 @@
 apic_system_id=<%= node[:neutron][:apic][:system_id] %>
 [opflex]
 networks = *
-[ml2_cisco_apic]
+[apic]
 apic_hosts=<%= node[:neutron][:apic][:hosts] %>
 apic_username=<%= node[:neutron][:apic][:username] %>
 apic_password=<%= node[:neutron][:apic][:password] %>
@@ -11,8 +11,8 @@ apic_name_mapping = use_name
 apic_clear_node_profiles = True
 enable_aci_routing = True
 apic_arp_flooding = True
-enable_optimized_metadata = <%= node[:neutron][:apic][:optimized_metadata] %>
-enable_optimized_dhcp = <%= node[:neutron][:apic][:optimized_dhcp] %>
+enable_optimized_metadata = <%= @optimized_metadata %>
+enable_optimized_dhcp = <%= @optimized_dhcp %>
 apic_provision_infra = True
 apic_provision_hostlinks = True
 <%  unless @vpc_pairs.nil? -%>
@@ -41,3 +41,12 @@ enable_nat = <%= node[:neutron][:apic][:ext_net][:nat_enabled] %>
 <% end -%>
 external_epg = <%= node[:neutron][:apic][:ext_net][:ext_epg] %>
 host_pool_cidr = <%= node[:neutron][:apic][:ext_net][:host_pool_cidr] %>
+
+<% @apic_vmms.each do |vmm_domain| -%>
+[apic_vmdom:<%= vmm_domain[:vmm_name]%>]
+vmm_type = <%= vmm_domain[:vmm_type]%>
+<%   if vmm_domain[:vlan_ranges] -%>
+vlan_ranges = <%= vmm_domain[:vlan_ranges] %> 
+<%   end -%>
+<% end -%>
+

chef/data_bags/crowbar/migrate/neutron/309_add_apic_multi_vmm_domains.rb

@@ -0,0 +1,15 @@
+def upgrade(tattr, tdep, attr, dep)
+  unless attr["apic"].key?("apic_vmms")
+    attr["apic"]["apic_vmms"] = tattr["apic"]["apic_vmms"]
+  end
+
+  return attr, dep
+end
+
+def downgrade(tattr, tdep, attr, dep)
+  unless tattr["apic"].key?("apic_vmms")
+    attr["apic"].delete("apic_vmms") if attr.key?("apic_vmms")
+  end
+
+  return attr, dep
+end

chef/data_bags/crowbar/template-neutron.json

@@ -98,7 +98,17 @@
               }
             }
           }
-        }
+        },
+        "apic_vmms": [{
+          "vmm_name": "soc_kvm_domain",
+          "vmm_type": "openstack",
+          "vlan_ranges": ""
+        },
+        {
+          "vmm_name": "soc_vm_domain",
+          "vmm_type": "vmware",
+          "vlan_ranges": ""
+        }]
       },
       "allow_overlapping_ips": true,
       "use_syslog": false,
@@ -195,7 +205,7 @@
     "neutron": {
       "crowbar-revision": 0,
       "crowbar-applied": false,
-      "schema-revision": 308,
+      "schema-revision": 309,
       "element_states": {
         "neutron-server": [ "readying", "ready", "applying" ],
         "neutron-network": [ "readying", "ready", "applying" ],

chef/data_bags/crowbar/template-neutron.schema

@@ -94,7 +94,14 @@
                             }}
                           }}
                         }}
-                      }
+                      },
+                      "apic_vmms": { "type" : "seq", "required" : true, "sequence" : [ {
+                        "type" : "map", "required" : true, "mapping" : {
+                          "vmm_name": { "type": "str", "required": true },
+                          "vmm_type": { "type": "str", "required": true },
+                          "vlan_ranges": { "type": "str", "required": true }
+                        }
+                      } ] }
                     }},
                     "allow_overlapping_ips": { "type": "bool", "required": true },
                     "cisco_switches": {