From 8d1b745f45b4e117b5bab0a31d284eaadd26d20b Mon Sep 17 00:00:00 2001
From: jimmygc <guochao@winhong.com>
Date: Mon, 27 Mar 2017 14:44:40 +0800
Subject: [PATCH] Add VMware NSXV support to neutron
Implements NSXV network part of the blueprint.
Change-Id: I6b92b946667ebbbd2721a99fd299981cfc99693f
Partially-implements: blueprint kolla-ansible-support-vsphere
Co-Authored-By: shaofeng cheng <chengsf@winhong.com>
---
ansible/roles/neutron/defaults/main.yml | 32 +++++++++++++++----
ansible/roles/neutron/handlers/main.yml | 1 +
ansible/roles/neutron/tasks/config.yml | 18 +++++++++++
.../neutron/templates/neutron-server.json.j2 | 9 +++++-
.../roles/neutron/templates/neutron.conf.j2 | 6 +++-
ansible/roles/neutron/templates/nsx.ini.j2 | 17 ++++++++++
etc/kolla/globals.yml | 2 +-
.../support-vmware-nsx-214ecc8be9dbf0d1.yaml | 3 ++
8 files changed, 79 insertions(+), 9 deletions(-)
create mode 100644 ansible/roles/neutron/templates/nsx.ini.j2
create mode 100644 releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml
diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml
index 8990498412..2d3b1b54ce 100644
--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@@ -95,7 +95,7 @@ neutron_services:
container_name: "neutron_dhcp_agent"
image: "{{ neutron_dhcp_agent_image_full }}"
privileged: True
- enabled: True
+ enabled: "{{ neutron_plugin_agent != 'vmware_nsxv' }}"
group: "neutron-dhcp-agent"
host_in_groups: "{{ True if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-dhcp-agent'] }}"
volumes:
@@ -108,7 +108,7 @@ neutron_services:
container_name: "neutron_l3_agent"
image: "{{ neutron_l3_agent_image_full }}"
privileged: True
- enabled: "{{ not enable_neutron_vpnaas | bool }}"
+ enabled: "{{ not enable_neutron_vpnaas | bool and neutron_plugin_agent != 'vmware_nsxv' }}"
host_in_groups: >-
{{
True if orchestration_engine == 'KUBERNETES' else
@@ -125,7 +125,7 @@ neutron_services:
container_name: "neutron_lbaas_agent"
image: "{{ neutron_lbaas_agent_image_full }}"
privileged: True
- enabled: "{{ enable_neutron_lbaas | bool }}"
+ enabled: "{{ enable_neutron_lbaas | bool and neutron_plugin_agent != 'vmware_nsxv' }}"
group: "neutron-lbaas-agent"
host_in_groups: "{{ True if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-lbaas-agent'] }}"
volumes:
@@ -137,7 +137,7 @@ neutron_services:
container_name: "neutron_metadata_agent"
image: "{{ neutron_metadata_agent_image_full }}"
privileged: True
- enabled: true
+ enabled: "{{ neutron_plugin_agent != 'vmware_nsxv' }}"
host_in_groups: >-
{{
True if orchestration_engine == 'KUBERNETES' else
@@ -154,7 +154,7 @@ neutron_services:
container_name: "neutron_vpnaas_agent"
image: "{{ neutron_vpnaas_agent_image_full }}"
privileged: True
- enabled: "{{ enable_neutron_vpnaas | bool }}"
+ enabled: "{{ enable_neutron_vpnaas | bool and neutron_plugin_agent != 'vmware_nsxv' }}"
group: "neutron-vpnaas-agent"
host_in_groups: "{{ True if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-vpnaas-agent'] }}"
volumes:
@@ -167,7 +167,7 @@ neutron_services:
container_name: "neutron_bgp_dragent"
image: "{{ neutron_bgp_dragent_image_full }}"
privileged: True
- enabled: "{{ enable_neutron_bgp_dragent | bool }}"
+ enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent != 'vmware_nsxv' }}"
group: "neutron-bgp-dragent"
host_in_groups: "{{ False if orchestration_engine == 'KUBERNETES' else inventory_hostname in groups['neutron-bgp-dragent'] }}"
volumes:
@@ -292,3 +292,23 @@ neutron_notification_topics:
enabled: "{{ enable_designate | bool }}"
neutron_enabled_notification_topics: "{{ neutron_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
+
+####################
+# VMware NSXV
+####################
+vmware_nsxv_user: "nsx_manager_user"
+vmware_nsxv_password: "nsx_manager_password"
+vmware_nsxv_manager_uri: "https://127.0.0.1"
+vmware_nsxv_insecure: "True"
+vmware_nsxv_cluster_moid: "TestCluster"
+vmware_nsxv_datacenter_moid: "TestDataCeter"
+vmware_nsxv_resource_pool_id: "TestRSGroup"
+vmware_nsxv_datastore_id: "TestDataStore"
+vmware_nsxv_external_network: "TestDVSPort-Ext"
+vmware_nsxv_vdn_scope_id: "TestVDNScope"
+vmware_nsxv_dvs_id: "TestDVS"
+vmware_nsxv_backup_edge_pool: "service:compact:1:2"
+vmware_nsxv_spoofguard_enabled: "false"
+vmware_nsxv_metadata_initializer: "false"
+vmware_nsxv_edge_ha: "false"
+
diff --git a/ansible/roles/neutron/handlers/main.yml b/ansible/roles/neutron/handlers/main.yml
index 127a514e3b..58d77b0961 100644
--- a/ansible/roles/neutron/handlers/main.yml
+++ b/ansible/roles/neutron/handlers/main.yml
@@ -25,6 +25,7 @@
or neutron_lbaas_conf | changed
or neutron_vpnaas_conf | changed
or neutron_ml2_conf | changed
+ or nsx_ini | changed
or policy_json | changed
or neutron_server_container | changed
diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml
index bd55d960e4..bbb70b39f8 100644
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@@ -267,6 +267,24 @@
local_action: stat path="{{ node_custom_config }}/neutron/policy.json"
register: neutron_policy
+- name: Copying over nsx.ini
+ vars:
+ service_name: "neutron-server"
+ neutron_server: "{{ neutron_services[service_name] }}"
+ merge_configs:
+ sources:
+ - "{{ role_path }}/templates/nsx.ini.j2"
+ - "{{ node_custom_config }}/neutron/nsx.ini"
+ - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/nsx.ini"
+ dest: "{{ node_config_directory }}/{{ service_name }}/nsx.ini"
+ register: nsx_ini
+ when:
+ - neutron_server.enabled | bool
+ - neutron_server.host_in_groups | bool
+ - neutron_plugin_agent == 'vmware_nsxv'
+ notify:
+ - "Restart {{ service_name }} container"
+
- name: Copying over existing policy.json
vars:
service_name: "{{ item.key }}"
diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2
index 3305eb4fa1..90efa531b0 100644
--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
@@ -1,5 +1,5 @@
{
- "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf",
+ "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf {% if neutron_plugin_agent == 'vmware_nsxv' %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %}",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
@@ -31,7 +31,14 @@
"owner": "neutron",
"perm": "0600",
"optional": true
+ }{% if neutron_plugin_agent == 'vmware_nsxv' -%},
+ {
+ "source": "{{ container_config_directory }}/nsx.ini",
+ "dest": "/etc/neutron/plugins/vmware/nsx.ini",
+ "owner": "neutron",
+ "perm": "0600"
}
+ {% endif -%}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 2980f3c41b..b491c6b4e4 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -34,9 +34,13 @@ host = {{ ansible_hostname }}_{{ item }}
{% endif %}
allow_overlapping_ips = true
-core_plugin = ml2
+{% if neutron_plugin_agent == 'vmware_nsxv' %}
+core_plugin = vmware_nsx.plugin.NsxVPlugin
+{% else %}
+core_plugin = ml2
service_plugins = {{ neutron_service_plugins|map(attribute='name')|join(',') }}
+{% endif %}
{% if enable_neutron_agent_ha | bool %}
dhcp_agents_per_network = {{ dhcp_agents_per_network }}
diff --git a/ansible/roles/neutron/templates/nsx.ini.j2 b/ansible/roles/neutron/templates/nsx.ini.j2
new file mode 100644
index 0000000000..45307eb61c
--- /dev/null
+++ b/ansible/roles/neutron/templates/nsx.ini.j2
@@ -0,0 +1,17 @@
+[nsxv]
+user = {{ vmware_nsxv_user }}
+password = {{ vmware_nsxv_password }}
+manager_uri = {{ vmware_nsxv_manager_uri }}
+insecure = {{ vmware_nsxv_insecure }}
+cluster_moid = {{ vmware_nsxv_cluster_moid }}
+datacenter_moid = {{ vmware_nsxv_datacenter_moid }}
+resource_pool_id = {{ vmware_nsxv_resource_pool_id }}
+datastore_id = {{ vmware_nsxv_datastore_id }}
+external_network = {{ vmware_nsxv_external_network }}
+vdn_scope_id = {{ vmware_nsxv_vdn_scope_id }}
+dvs_id = {{ vmware_nsxv_dvs_id }}
+backup_edge_pool = {{ vmware_nsxv_backup_edge_pool }}
+spoofguard_enabled = {{ vmware_nsxv_spoofguard_enabled }}
+metadata_initializer = {{ vmware_nsxv_metadata_initializer }}
+edge_ha = {{ vmware_nsxv_edge_ha }}
+
diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml
index 6f952b6c92..247eacc0b1 100644
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@@ -86,7 +86,7 @@ kolla_internal_vip_address: "10.10.10.254"
# addresses for that reason.
#neutron_external_interface: "eth1"
-# Valid options are [ openvswitch, linuxbridge ]
+# Valid options are [ openvswitch, linuxbridge, vmware_nsxv ]
#neutron_plugin_agent: "openvswitch"
diff --git a/releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml b/releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml
new file mode 100644
index 0000000000..838b8900ea
--- /dev/null
+++ b/releasenotes/notes/support-vmware-nsx-214ecc8be9dbf0d1.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add OpenStack VMWare NSX support into neutron service.
--
GitLab