diff --git a/chef/cookbooks/neutron/attributes/default.rb b/chef/cookbooks/neutron/attributes/default.rb index 2b8f8827cf..f9d1cffed6 100644 --- a/chef/cookbooks/neutron/attributes/default.rb +++ b/chef/cookbooks/neutron/attributes/default.rb @@ -33,6 +33,7 @@ default[:neutron][:nsx_config_file] = "/etc/neutron/neutron.conf.d/110-nsx.conf" default[:neutron][:ml2_cisco_config_file] = "/etc/neutron/neutron.conf.d/115-ml2_cisco.conf" default[:neutron][:ml2_cisco_apic_config_file] = "/etc/neutron/neutron.conf.d/115-ml2_cisco_apic.conf" +default[:neutron][:opflex_config_file] = "/etc/opflex-agent-ovs/conf.d/10-opflex-agent-ovs.conf" default[:neutron][:rpc_workers] = 1 default[:neutron][:db][:database] = "neutron" @@ -128,8 +129,8 @@ cisco_apic_pkgs: ["python-apicapi", "python-neutron-ml2-driver-apic"], cisco_apic_gbp_pkgs: ["openstack-neutron-gbp", - "python-gbpclient"], - cisco_opflex_pkgs: ["agent-ovs", + "python-group-based-policy-client"], + cisco_opflex_pkgs: ["opflex-agent", "lldpd", "openstack-neutron-opflex-agent"], infoblox_pkgs: ["python-infoblox-client", @@ -174,8 +175,8 @@ cisco_apic_pkgs: ["python-apicapi", "python-neutron-ml2-driver-apic"], cisco_apic_gbp_pkgs: ["openstack-neutron-gbp", - "python-gbpclient"], - cisco_opflex_pkgs: ["agent-ovs", + "python-group-based-policy-client"], + cisco_opflex_pkgs: ["opflex-agent", "lldpd", "neutron-opflex-agent"], infoblox_pkgs: [], diff --git a/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb b/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb index 96aa0303e8..aa754f8c34 100644 --- a/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb +++ b/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb @@ -91,15 +91,14 @@ end # Update config file from template -opflex_agent_conf = "/etc/opflex-agent-ovs/conf.d/10-opflex-agent-ovs.conf" apic = neutron[:neutron][:apic] opflex_list = apic[:opflex].select { |i| i[:nodes].include? node[:hostname] } opflex_list.any? || raise("Opflex instance not found for node '#{node[:hostname]}'") opflex_list.one? || raise("Multiple opflex instances found for node '#{node[:hostname]}'") opflex = opflex_list.first -template opflex_agent_conf do +template node[:neutron][:opflex_config_file] do cookbook "neutron" - source "10-opflex-agent-ovs.conf.erb" + source "opflex-agent-ovs.conf.erb" mode "0755" owner "root" group neutron[:neutron][:platform][:group] @@ -109,6 +108,8 @@ socketgroup: neutron[:neutron][:platform][:group], opflex_peer_ip: opflex[:peer_ip], opflex_peer_port: opflex[:peer_port], + opflex_int_bridge: opflex[:integration_bridge], + opflex_access_bridge: opflex[:access_bridge], opflex_vxlan_encap_iface: opflex[:vxlan][:encap_iface], opflex_vxlan_uplink_iface: opflex[:vxlan][:uplink_iface], opflex_vxlan_uplink_vlan: opflex[:vxlan][:uplink_vlan], diff --git a/chef/cookbooks/neutron/recipes/cisco_apic_support.rb b/chef/cookbooks/neutron/recipes/cisco_apic_support.rb index ba2cc2c414..ac060b7e27 100644 --- a/chef/cookbooks/neutron/recipes/cisco_apic_support.rb +++ b/chef/cookbooks/neutron/recipes/cisco_apic_support.rb @@ -41,6 +41,18 @@ end aciswitches = node[:neutron][:apic][:apic_switches].to_hash +acivmms = node[:neutron][:apic][:apic_vmms] + +# If using VMWare vcenter as one of the compute hosts. +# distributed dhcp and metadata cannot work since these +# functions conflict with vcenter functionality. +if acivmms.find { |vmm| vmm[:vmm_type].downcase == "vmware"} + apic_optimized_dhcp = false + apic_optimized_metadata = false +else + apic_optimized_dhcp = node[:neutron][:apic][:optimized_dhcp] + apic_optimized_metadata = node[:neutron][:apic][:optimized_metadata] +end template node[:neutron][:ml2_cisco_apic_config_file] do cookbook "neutron" @@ -51,6 +63,9 @@ variables( vpc_pairs: node[:neutron][:apic][:vpc_pairs], apic_switches: aciswitches, + optimized_dhcp: apic_optimized_dhcp, + optimized_metadata: apic_optimized_metadata, + apic_vmms: acivmms, ml2_mechanism_drivers: node[:neutron][:ml2_mechanism_drivers], policy_drivers: "implicit_policy,apic", default_ip_pool: "192.168.0.0/16" diff --git a/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb b/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb index 30e24dc022..8051200845 100644 --- a/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb +++ b/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb @@ -2,7 +2,7 @@ apic_system_id=<%= node[:neutron][:apic][:system_id] %> [opflex] networks = * -[ml2_cisco_apic] +[apic] apic_hosts=<%= node[:neutron][:apic][:hosts] %> apic_username=<%= node[:neutron][:apic][:username] %> apic_password=<%= node[:neutron][:apic][:password] %> @@ -11,8 +11,8 @@ apic_name_mapping = use_name apic_clear_node_profiles = True enable_aci_routing = True apic_arp_flooding = True -enable_optimized_metadata = <%= node[:neutron][:apic][:optimized_metadata] %> -enable_optimized_dhcp = <%= node[:neutron][:apic][:optimized_dhcp] %> +enable_optimized_metadata = <%= @optimized_metadata %> +enable_optimized_dhcp = <%= @optimized_dhcp] %> apic_provision_infra = True apic_provision_hostlinks = True <% unless @vpc_pairs.nil? -%> @@ -41,3 +41,12 @@ enable_nat = <%= node[:neutron][:apic][:ext_net][:nat_enabled] %> <% end -%> external_epg = <%= node[:neutron][:apic][:ext_net][:ext_epg] %> host_pool_cidr = <%= node[:neutron][:apic][:ext_net][:host_pool_cidr] %> + +<% @apic_vmms.each do |vmm_domain| -%> +[apic_vmdom:<%= vmm_domain[:vmm_name]%>] +vmm_type = <%= vmm_domain[:vmm_type]%> +<% if vmm_domain[:vlan_ranges] -%> +vlan_ranges = <%= vmm_domain[:vlan_ranges] %> +<% end -%> +<% end -%> + diff --git a/chef/cookbooks/neutron/templates/default/10-opflex-agent-ovs.conf.erb b/chef/cookbooks/neutron/templates/default/opflex-agent-ovs.conf.erb similarity index 93% rename from chef/cookbooks/neutron/templates/default/10-opflex-agent-ovs.conf.erb rename to chef/cookbooks/neutron/templates/default/opflex-agent-ovs.conf.erb index 28f504218d..b03e7a3b25 100644 --- a/chef/cookbooks/neutron/templates/default/10-opflex-agent-ovs.conf.erb +++ b/chef/cookbooks/neutron/templates/default/opflex-agent-ovs.conf.erb @@ -36,7 +36,8 @@ "renderers": { "stitched-mode": { - "ovs-bridge-name": "br-int", + "int-bridge-name": "<%= @opflex_int_bridge %>", + "access-bridge-name": "<%= @opflex_access_bridge %>", "encap": { "vxlan" : { "encap-iface": "<%= @opflex_vxlan_encap_iface %>", diff --git a/chef/data_bags/crowbar/migrate/neutron/308_add_opflex_access_integration_bridge.rb b/chef/data_bags/crowbar/migrate/neutron/308_add_opflex_access_integration_bridge.rb new file mode 100644 index 0000000000..2e781a2005 --- /dev/null +++ b/chef/data_bags/crowbar/migrate/neutron/308_add_opflex_access_integration_bridge.rb @@ -0,0 +1,21 @@ +def upgrade(tattr, tdep, attr, dep) + unless attr["apic"]["opflex"].key?("integration_bridge") + attr["apic"]["opflex"]["integration_bridge"] = tattr["apic"]["opflex"]["integration_bridge"] + end + unless attr["apic"]["opflex"].key?("access_bridge") + attr["apic"]["opflex"]["access_bridge"] = tattr["apic"]["opflex"]["access_bridge"] + end + + return attr, dep +end + +def downgrade(tattr, tdep, attr, dep) + unless tattr["apic"]["opflex"].key?("integration_bridge") + attr["apic"]["opflex"].delete("integration_bridge") if attr.key?("integration_bridge") + end + unless tattr["apic"]["opflex"].key?("access_bridge") + attr["apic"]["opflex"].delete("access_bridge") if attr.key?("access_bridge") + end + + return attr, dep +end diff --git a/chef/data_bags/crowbar/migrate/neutron/309_add_apic_multi_vmm_domains.rb b/chef/data_bags/crowbar/migrate/neutron/309_add_apic_multi_vmm_domains.rb new file mode 100644 index 0000000000..ac15244d9d --- /dev/null +++ b/chef/data_bags/crowbar/migrate/neutron/309_add_apic_multi_vmm_domains.rb @@ -0,0 +1,15 @@ +def upgrade(tattr, tdep, attr, dep) + unless attr["apic"].key?("apic_vmms") + attr["apic"]["apic_vmms"] = tattr["apic"]["apic_vmms"] + end + + return attr, dep +end + +def downgrade(tattr, tdep, attr, dep) + unless tattr["apic"].key?("apic_vmms") + attr["apic"].delete("apic_vmms") if attr.key?("apic_vmms") + end + + return attr, dep +end diff --git a/chef/data_bags/crowbar/template-neutron.json b/chef/data_bags/crowbar/template-neutron.json index f4b3f3c766..5e4847c65b 100644 --- a/chef/data_bags/crowbar/template-neutron.json +++ b/chef/data_bags/crowbar/template-neutron.json @@ -64,8 +64,10 @@ "peer_ip": "", "peer_port": 8009, "encap": "vxlan", + "integration_bridge": "br-int", + "access_bridge": "br-fabric", "vxlan": { - "encap_iface": "br-int_vxlan0", + "encap_iface": "br-fab_vxlan0", "uplink_iface": "vlan.4093", "uplink_vlan": 4093, "remote_ip": "", @@ -96,7 +98,17 @@ } } } - } + }, + "apic_vmms": [{ + "vmm_name": "soc_kvm_domain", + "vmm_type": "openstack", + "vlan_ranges": "" + }, + { + "vmm_name": "soc_vm_domain", + "vmm_type": "vmware", + "vlan_ranges": "" + }] }, "allow_overlapping_ips": true, "use_syslog": false, @@ -193,7 +205,7 @@ "neutron": { "crowbar-revision": 0, "crowbar-applied": false, - "schema-revision": 307, + "schema-revision": 309, "element_states": { "neutron-server": [ "readying", "ready", "applying" ], "neutron-network": [ "readying", "ready", "applying" ], diff --git a/chef/data_bags/crowbar/template-neutron.schema b/chef/data_bags/crowbar/template-neutron.schema index 211d081588..8c2053c851 100644 --- a/chef/data_bags/crowbar/template-neutron.schema +++ b/chef/data_bags/crowbar/template-neutron.schema @@ -72,6 +72,8 @@ "peer_ip": { "type": "str", "required" : true }, "peer_port": { "type": "int", "required" : true }, "encap": { "type": "str", "required": true }, + "integration_bridge": { "type": "str", "required": true }, + "access_bridge": { "type": "str", "required": true }, "vxlan": { "type": "map", "required": true, "mapping" : { "encap_iface": {"type": "str", "required": true }, "uplink_iface": { "type": "str", "required": true }, @@ -92,7 +94,14 @@ }} }} }} - } + }, + "apic_vmms": { "type" : "seq", "required" : true, "sequence" : [ { + "type" : "map", "required" : true, "mapping" : { + "vmm_name": { "type": "str", "required": true }, + "vmm_type": { "type": "str", "required": true }, + "vlan_ranges": { "type": "str", "required": true } + } + } ] } }}, "allow_overlapping_ips": { "type": "bool", "required": true }, "cisco_switches": {