Merge "OVN Support"

ansible/roles/ovn/tasks/config.yml

+---
+- name: Ensuring config directories exist
+  file:
+    path: "{{ node_config_directory }}/{{ item.key }}"
+    state: "directory"
+    owner: "{{ config_owner_user }}"
+    group: "{{ config_owner_group }}"
+    mode: "0770"
+  become: true
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ ovn_services }}"
+
+- name: Copying over config.json files for services
+  template:
+    src: "{{ item.key }}.json.j2"
+    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
+    mode: "0660"
+  become: true
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ ovn_services }}"
+  notify:
+    - Restart {{ item.key }} container
+
+- include_tasks: check-containers.yml
+  when: kolla_action != "config"

ansible/roles/ovn/tasks/deploy-containers.yml

+---
+- import_tasks: check-containers.yml

ansible/roles/ovn/tasks/deploy.yml

+---
+- include_tasks: config.yml
+
+- include_tasks: bootstrap.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/ovn/tasks/main.yml

+---
+- include_tasks: "{{ kolla_action }}.yml"

ansible/roles/ovn/tasks/precheck.yml

+---
+- name: Get container facts
+  become: true
+  kolla_container_facts:
+    name:
+      - ovn_nb_db
+      - ovn_sb_db
+  register: container_facts
+
+- name: Checking free port for OVN northbound db
+  wait_for:
+    host: "{{ api_interface_address }}"
+    port: "{{ ovn_nb_db_port }}"
+    connect_timeout: 1
+    timeout: 1
+    state: stopped
+  when:
+    - container_facts['ovn_nb_db'] is not defined
+    - inventory_hostname in groups['ovn-nb-db']
+
+- name: Checking free port for OVN southbound db
+  wait_for:
+    host: "{{ api_interface_address }}"
+    port: "{{ ovn_sb_db_port }}"
+    connect_timeout: 1
+    timeout: 1
+    state: stopped
+  when:
+    - container_facts['ovn_sb_db'] is not defined
+    - inventory_hostname in groups['ovn-sb-db']

ansible/roles/ovn/tasks/pull.yml

+---
+- name: Pulling OVN images
+  become: true
+  kolla_docker:
+    action: "pull_image"
+    common_options: "{{ docker_common_options }}"
+    image: "{{ item.value.image }}"
+  when:
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ ovn_services }}"

ansible/roles/ovn/tasks/reconfigure.yml

+---
+- include_tasks: deploy.yml

ansible/roles/ovn/tasks/stop.yml

+---
+- import_role:
+    role: service-stop
+  vars:
+    project_services: "{{ ovn_services }}"
+    service_name: "{{ project_name }}"

ansible/roles/ovn/tasks/upgrade.yml

+---
+- include_tasks: config.yml
+
+- include_tasks: bootstrap.yml
+
+- name: Flush handlers
+  meta: flush_handlers

ansible/roles/ovn/templates/ovn-controller.json.j2

+{
+    "command": "/usr/bin/ovn-controller --pidfile=/run/ovn/ovn-controller.pid --log-file=/var/log/kolla/openvswitch/ovn-controller.log tcp:127.0.0.1:{{ ovsdb_port }}",
+    "permissions": [
+        {
+            "path": "/var/log/kolla/openvswitch",
+            "owner": "root:root",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/ovn/templates/ovn-nb-db.json.j2

+{% set ovnctl_cmd = '/usr/share/ovn/scripts/ovn-ctl' %}
+
+{
+    "command": "{{ ovnctl_cmd }} run_nb_ovsdb --db-nb-create-insecure-remote=yes --db-nb-addr={{ api_interface_address }} --db-nb-cluster-local-addr={{ api_interface_address }} {% if groups['ovn-nb-db'] | length > 1 and inventory_hostname != groups['ovn-nb-db'][0] %} --db-nb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-nb-db'][0]) }} {% endif %} --db-sock=/run/ovn/ovnnb_db.sock --db-nb-pid=/run/ovn/ovnnb_db.pid --db-nb-file=/var/lib/openvswitch/ovn-nb/ovnnb.db --ovn-nb-logfile=/var/log/kolla/openvswitch/ovn-nb-db.log",
+    "permissions": [
+        {
+            "path": "/var/log/kolla/openvswitch",
+            "owner": "root:root",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/ovn/templates/ovn-northd.json.j2

+{
+    "command": "/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info --ovnnb-db={{ ovn_nb_connection }} --ovnsb-db={{ ovn_sb_connection }} --log-file=/var/log/kolla/openvswitch/ovn-northd.log --pidfile=/run/ovn/ovn-northd.pid --unixctl=/run/ovn/ovn-northd.ctl",
+    "permissions": [
+        {
+            "path": "/var/log/kolla/openvswitch",
+            "owner": "root:root",
+            "recurse": true
+        }
+    ]
+}

ansible/roles/ovn/templates/ovn-sb-db.json.j2

+{% set ovnctl_cmd = '/usr/share/ovn/scripts/ovn-ctl' %}
+
+{
+    "command": "{{ ovnctl_cmd }} run_sb_ovsdb --db-sb-create-insecure-remote=yes --db-sb-addr={{ api_interface_address }} --db-sb-cluster-local-addr={{ api_interface_address }} {% if groups['ovn-sb-db'] | length > 1 and inventory_hostname != groups['ovn-sb-db'][0] %} --db-sb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-sb-db'][0]) }} {% endif %} --db-sock=/run/ovn/ovnsb_db.sock --db-sb-pid=/run/ovn/ovnsb_db.pid --db-sb-file=/var/lib/openvswitch/ovn-sb/ovnsb.db --ovn-sb-logfile=/var/log/kolla/openvswitch/ovn-sb-db.log",
+    "permissions": [
+        {
+            "path": "/var/log/kolla/openvswitch",
+            "owner": "root:root",
+            "recurse": true
+        }
+    ]
+}

ansible/site.yml

@@ -60,6 +60,7 @@
         - enable_octavia_{{ enable_octavia | bool }}
         - enable_openvswitch_{{ enable_openvswitch | bool }}_enable_ovs_dpdk_{{ enable_ovs_dpdk | bool }}
         - enable_outward_rabbitmq_{{ enable_outward_rabbitmq | bool }}
+        - enable_ovn_{{ enable_ovn | bool }}
         - enable_panko_{{ enable_panko | bool }}
         - enable_placement_{{ enable_placement | bool }}
         - enable_prometheus_{{ enable_prometheus | bool }}
@@ -707,6 +708,20 @@
         tags: ovs-dpdk,
         when: "(enable_openvswitch | bool) and (enable_ovs_dpdk | bool)"}
 
+- name: Apply role ovn
+  gather_facts: false
+  hosts:
+    - ovn-controller
+    - ovn-nb-db
+    - ovn-northd
+    - ovn-sb-db
+    - '&enable_ovn_True'
+  serial: '{{ kolla_serial|default("0") }}'
+  roles:
+    - { role: ovn,
+        tags: ovn,
+        when: enable_ovn | bool }
+
 - name: Apply role nova-hyperv
   gather_facts: false
   hosts:
@@ -728,6 +743,7 @@
     - neutron-l3-agent
     - ironic-neutron-agent
     - neutron-metadata-agent
+    - neutron-ovn-metadata-agent
     - neutron-metering-agent
     - compute
     - manila-share

doc/source/reference/networking/neutron.rst

@@ -38,6 +38,9 @@ To use provider networks in instances you also need to set the following in
    ``enable_neutron_provider_networks`` ensures ``neutron_external_interface``
    is used on hosts in the ``compute`` group.
 
+OpenvSwitch (ml2/ovs)
+~~~~~~~~~~~~~~~~~~~~~
+
 By default ``kolla-ansible`` uses ``openvswitch`` as its underlying network
 mechanism, you can change that using the ``neutron_plugin_agent`` variable in
 ``/etc/kolla/globals.yml``:
@@ -57,3 +60,23 @@ to using the native OVS firewall driver by employing a configuration override
    [security_group]
    firewall_driver = openvswitch
 
+OVN (ml2/ovn)
+~~~~~~~~~~~~~
+
+In order to use ``OVN`` as mechanism driver for ``neutron``, you need to set
+the following:
+
+.. path /etc/kolla/globals.yml
+.. code-block:: yaml
+
+   neutron_plugin_agent: "ovn"
+
+When using OVN - Kolla-Ansible will not enable distributed floating ip
+functionality (not enable external bridges on computes) by default.
+To change this behaviour you need to set the following:
+
+.. path /etc/kolla/globals.yml
+.. code-block:: yaml
+
+   neutron_ovn_distributed_fip: "yes"
+

etc/kolla/globals.yml

@@ -332,6 +332,7 @@
 #enable_nova_ssh: "yes"
 #enable_octavia: "no"
 #enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
+#enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
 #enable_ovs_dpdk: "no"
 #enable_osprofiler: "no"
 #enable_panko: "no"
@@ -525,6 +526,12 @@
 # Valid options are [ none, novnc, spice, rdp ]
 #nova_console: "novnc"
 
+##############################
+# Neutron - networking options
+##############################
+# Enable distributed floating ip for OVN deployments
+#neutron_ovn_distributed_fip: "no"
+
 #################
 # Hyper-V options
 #################

releasenotes/notes/implement-ovn-80b3a73e6c8a44e7.yaml

+---
+features:
+  - |
+    Implement OVN and integration with Neutron. This includes deployment of:
+
+    * OVN databases (``ovn-sb-db`` and ``ovn-nb-db``)
+    * Southbound and Northbound databases connector (``ovn-northd``)
+    * Hypervisor components ``ovn-controller`` and
+      ``neutron-ovn-metadata-agent``

tests/run.yml

@@ -23,7 +23,7 @@
         need_build_image: false
         build_image_tag: "change_{{ zuul.change | default('none') }}"
         openstack_core_enabled: "{{ openstack_core_enabled }}"
-        openstack_core_tested: "{{ scenario in ['core', 'ceph-ansible', 'zun', 'cells', 'swift', 'linuxbridge'] }}"
+        openstack_core_tested: "{{ scenario in ['core', 'ceph-ansible', 'zun', 'cells', 'swift', 'linuxbridge', 'ovn'] }}"
         dashboard_enabled: "{{ openstack_core_enabled }}"
         # TODO(mgoddard): Remove when previous_release is ussuri.
         playbook_python_version: "{{ '2' if is_upgrade and previous_release == 'train' and not is_centos8 else '3' }}"
@@ -423,6 +423,13 @@
             chdir: "{{ kolla_ansible_src_dir }}"
           when: scenario == "masakari"
 
+        - name: Run test-ovn.sh script
+          script:
+            cmd: test-ovn.sh
+            executable: /bin/bash
+            chdir: "{{ kolla_ansible_src_dir }}"
+          when: scenario == "ovn"
+
         - name: Run test-mariadb.sh script
           script:
             cmd: test-mariadb.sh

tests/templates/globals-default.j2

@@ -130,3 +130,7 @@ openstack_cacert: "/etc/pki/ca-trust/source/anchors/kolla-customca-haproxy-inter
 {% if scenario == 'linuxbridge' %}
 neutron_plugin_agent: "linuxbridge"
 {% endif %}
+
+{% if scenario == "ovn" %}
+neutron_plugin_agent: "ovn"
+{% endif %}

tests/templates/inventory.j2

@@ -341,6 +341,9 @@ neutron
 [neutron-metadata-agent:children]
 neutron
 
+[neutron-ovn-metadata-agent:children]
+compute
+
 [neutron-bgp-dragent:children]
 neutron
 
@@ -821,3 +824,25 @@ control
 
 [masakari-monitors:children]
 compute
+
+[ovn-controller:children]
+ovn-controller-compute
+ovn-controller-network
+
+[ovn-controller-compute:children]
+compute
+
+[ovn-controller-network:children]
+network
+
+[ovn-database:children]
+control
+
+[ovn-northd:children]
+ovn-database
+
+[ovn-nb-db:children]
+ovn-database
+
+[ovn-sb-db:children]
+ovn-database