[neutron] add OVN improvements to northd, neutron config, default vals

notandy · notandy · commit ba87fb8d02ab · 2025-05-22T09:28:35.000-04:00
diff --git a/openstack/neutron/templates/deployment-ovn-northd.yaml b/openstack/neutron/templates/deployment-ovn-northd.yaml
@@ -9,15 +9,15 @@ metadata:
     kubernetes.io/description: This Deployment launches the ovn-northd.
 spec:
   progressDeadlineSeconds: 600
-  replicas: 1
+  replicas: {{ .Values.pod.replicas.ovn_northd }}
   revisionHistoryLimit: 10
   selector:
     matchLabels:
       name: neutron-ovn-northd
   strategy:
     rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
+      maxSurge: 2
+      maxUnavailable: {{ sub .Values.pod.replicas.ovn_northd 1 }}
     type: RollingUpdate
   template:
     metadata:
@@ -39,8 +39,9 @@ spec:
         command: ["/usr/bin/ovn-northd"]
         args:
           - "-vfile:off"
-          - "-vconsole:{{ .Values.ovn.logLevel | default "info" }}"
-          - "--n-threads={{ .Values.ovn.nThreads | default 1 }}"
+          - "-vconsole:{{ .Values.ovn.logLevel | default "INFO" }}"
+          - --pidfile
+          - --n-threads={{ .Values.ovn.nThreads | default 1 }}
       {{- if .Values.ovn.enableSsl }}
           - --certificate=/etc/pki/tls/certs/ovndb.crt
           - --private_key=/etc/pki/tls/certs/ovndb.key
@@ -58,13 +59,10 @@ spec:
             value: "tcp:neutron-ovsdb-sb.{{ .Release.Namespace }}.svc.kubernetes.{{ .Values.global.region }}.cloud.sap:{{ $ovsdb_sb.DB_PORT }}"
         readinessProbe:
           exec:
-            command: ["/usr/bin/pidof", "ovn-northd"]
-          initialDelaySeconds: 5
-          timeoutSeconds: 3
-          periodSeconds: 3
-        livenessProbe:
-          exec:
-            command: ["/usr/bin/pidof", "ovn-northd"]
+            command:
+            - sh
+            - -c
+            - ovn-appctl --target=/tmp/ovn-northd.1.ctl status | grep -qE "active|standby"
           initialDelaySeconds: 5
           timeoutSeconds: 5
           periodSeconds: 5
diff --git a/openstack/neutron/templates/etc/_ml2-conf.ini.tpl b/openstack/neutron/templates/etc/_ml2-conf.ini.tpl
@@ -62,6 +62,19 @@ enable_vxlan = false
 [ovn]
 {{- $ovsdb_nb := index (index .Values "ovsdb-nb") }}
 {{- $ovsdb_sb := index (index .Values "ovsdb-sb") }}
+# we always use TCP, encryption is recommended to be done by reverse proxy
 ovn_nb_connection = tcp:{{ required "ovsdb-nb.EXTERNAL_IP required!" $ovsdb_nb.EXTERNAL_IP }}:{{ $ovsdb_nb.DB_PORT }}
 ovn_sb_connection = tcp:{{ required "ovsdb-sb.EXTERNAL_IP required!" $ovsdb_sb.EXTERNAL_IP }}:{{ $ovsdb_sb.DB_PORT }}
+
+ovn_l3_mode = false
+ovsdb_log_level = {{ .Values.ovn.logLevel | default "INFO" }}
+ovn_metadata_enabled = {{ .Values.ovn.metadata_enabled | default "false" }}
+disable_ovn_dhcp_for_baremetal_ports = {{ .Values.ovn.disable_ovn_dhcp_for_baremetal_ports | default "false" }}
+{{ with .Values.ovn.dns_servers }}dns_servers = {{ . | join "," }}{{ end }}
+{{ with .Values.ovn.ovn_dhcp4_global_options }}ovn_dhcp4_global_options = {{ . }}{{ end }}
+{{ with .Values.ovn.ovn_dhcp6_global_options }}ovn_dhcp6_global_options = {{ . }}{{ end }}
+{{ with .Values.ovn.dhcp_default_lease_time }}dhcp_default_lease_time = {{ . }}{{ end }}
+# https://www.youtube.com/watch?v=ZRWSZRPhJUs
+mac_binding_age_threshold = 86400
 {{- end }}
+
diff --git a/openstack/neutron/templates/etc/_uwsgi.ini.tpl b/openstack/neutron/templates/etc/_uwsgi.ini.tpl
@@ -13,6 +13,9 @@ http = :{{.Values.global.neutron_api_port_internal | default 9696}}
 plugins-dir = /var/lib/openstack/lib
 need-plugins = shortmsecs
 
+# For ML2/OVN hash register initialization
+start-time = %t
+
 # Connection tuning
 vacuum = true
 lazy-apps = true
diff --git a/openstack/neutron/values.yaml b/openstack/neutron/values.yaml
@@ -38,7 +38,7 @@ pod:
   replicas:
     server: 3
     rpc_server: 2
-    ovn_db: 3
+    ovn_northd: 2
   lifecycle:
     upgrades:
       deployments:
@@ -252,26 +252,42 @@ ovn:
   enableSsl: false
 
 ovsdb-sb:
+  service:
+    # requirements to be accessible from outside with Calico
+    type: LoadBalancer
+    external_traffic_policy: Local
+  replicaCount: 3
   RAFT_PORT: 6644
   DB_TYPE: sb
   DB_PORT: 6442
   OVN_LOG_LEVEL: "info"
   OVN_ELECTION_TIMER: "10000"
   OVN_INACTIVITY_PROBE: "60000"
   OVN_PROBE_INTERVAL_TO_ACTIVE: "60000"
-  service:
-    # requirements to be accessible from outside with Calico
-    type: LoadBalancer
-    external_traffic_policy: Local
+  resources:
+    limits:
+      cpu: 500m
+      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
 
 ovsdb-nb:
+  replicaCount: 3
   RAFT_PORT: 6643
   DB_TYPE: nb
   DB_PORT: 6441
   OVN_LOG_LEVEL: "info"
   OVN_ELECTION_TIMER: "10000"
   OVN_INACTIVITY_PROBE: "60000"
   OVN_PROBE_INTERVAL_TO_ACTIVE: "60000"
+  resources:
+    limits:
+      cpu: 500m
+      memory: 256Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
 
 asr:
   config_agents: []
@@ -465,6 +481,9 @@ logging_sapccsentry:
     networking_arista:
       handlers: stdout, sentry_events, sentry_breadcrumbs
       level: DEBUG
+    neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovsdb_monitor:
+      handlers: stdout, sentry_events, sentry_breadcrumbs
+      level: INFO
 
 
 pgmetrics:
