diff --git a/chef/cookbooks/neutron/attributes/default.rb b/chef/cookbooks/neutron/attributes/default.rb index c4c3953bfb..e58ecf78e8 100644 --- a/chef/cookbooks/neutron/attributes/default.rb +++ b/chef/cookbooks/neutron/attributes/default.rb @@ -32,6 +32,9 @@ default[:neutron][:metadata_agent_config_file] = "/etc/neutron/neutron-metadata-agent.conf.d/100-metadata_agent.conf" default[:neutron][:ml2_config_file] = "/etc/neutron/neutron.conf.d/110-ml2.conf" default[:neutron][:nsx_config_file] = "/etc/neutron/neutron.conf.d/110-nsx.conf" +default[:neutron][:ml2_cisco_config_file] = "/etc/neutron/neutron.conf.d/115-ml2_cisco.conf" +default[:neutron][:ml2_cisco_apic_config_file] = "/etc/neutron/neutron.conf.d/115-ml2_cisco_apic.conf" +default[:neutron][:opflex_config_file] = "/etc/opflex-agent-ovs/conf.d/10-opflex-agent-ovs.conf" default[:neutron][:rpc_workers] = 1 default[:neutron][:db][:database] = "neutron" @@ -126,8 +129,8 @@ cisco_apic_pkgs: ["python-apicapi", "python-neutron-ml2-driver-apic"], cisco_apic_gbp_pkgs: ["openstack-neutron-gbp", - "python-gbpclient"], - cisco_opflex_pkgs: ["agent-ovs", + "python-group-based-policy-client"], + cisco_opflex_pkgs: ["opflex-agent", "lldpd", "openstack-neutron-opflex-agent"], infoblox_pkgs: ["python-infoblox-client", @@ -172,8 +175,8 @@ cisco_apic_pkgs: ["python-apicapi", "python-neutron-ml2-driver-apic"], cisco_apic_gbp_pkgs: ["openstack-neutron-gbp", - "python-gbpclient"], - cisco_opflex_pkgs: ["agent-ovs", + "python-group-based-policy-client"], + cisco_opflex_pkgs: ["opflex-agent", "lldpd", "neutron-opflex-agent"], infoblox_pkgs: [], diff --git a/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb b/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb index 5351655984..7a74d4a9e4 100644 --- a/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb +++ b/chef/cookbooks/neutron/recipes/cisco_apic_agents.rb @@ -92,15 +92,14 @@ end # Update config file from template -opflex_agent_conf = "/etc/opflex-agent-ovs/conf.d/10-opflex-agent-ovs.conf" apic = neutron[:neutron][:apic] opflex_list = apic[:opflex].select { |i| i[:nodes].include? node[:hostname] } opflex_list.any? || raise("Opflex instance not found for node '#{node[:hostname]}'") opflex_list.one? || raise("Multiple opflex instances found for node '#{node[:hostname]}'") opflex = opflex_list.first -template opflex_agent_conf do +template node[:neutron][:opflex_config_file] do cookbook "neutron" - source "10-opflex-agent-ovs.conf.erb" + source "opflex-agent-ovs.conf.erb" mode "0755" owner "root" group neutron[:neutron][:platform][:group] @@ -110,6 +109,9 @@ socketgroup: neutron[:neutron][:platform][:group], opflex_peer_ip: opflex[:peer_ip], opflex_peer_port: opflex[:peer_port], + opflex_ssl_mode: opflex[:ssl_mode], + opflex_int_bridge: opflex[:integration_bridge], + opflex_access_bridge: opflex[:access_bridge], opflex_vxlan_encap_iface: opflex[:vxlan][:encap_iface], opflex_vxlan_uplink_iface: opflex[:vxlan][:uplink_iface], opflex_vxlan_uplink_vlan: opflex[:vxlan][:uplink_vlan], @@ -132,8 +134,8 @@ end utils_systemd_service_restart "neutron-opflex-agent" -service "agent-ovs" do +service "opflex-agent" do action [:enable, :start] - subscribes :restart, resources("template[#{opflex_agent_conf}]") + subscribes :restart, resources("template[#{node[:neutron][:opflex_config_file]}]") end -utils_systemd_service_restart "agent-ovs" +utils_systemd_service_restart "opflex-agent" diff --git a/chef/cookbooks/neutron/recipes/cisco_apic_support.rb b/chef/cookbooks/neutron/recipes/cisco_apic_support.rb index f08d9e50c4..72ea20abaf 100644 --- a/chef/cookbooks/neutron/recipes/cisco_apic_support.rb +++ b/chef/cookbooks/neutron/recipes/cisco_apic_support.rb @@ -21,7 +21,9 @@ end aciswitches = node[:neutron][:apic][:apic_switches].to_hash -template "/etc/neutron/neutron-server.conf.d/100-ml2_conf_cisco_apic.ini.conf" do +acivmms = node[:neutron][:apic][:apic_vmms] + +template node[:neutron][:ml2_cisco_apic_config_file] do cookbook "neutron" source "ml2_conf_cisco_apic.ini.erb" mode "0640" @@ -30,6 +32,9 @@ variables( vpc_pairs: node[:neutron][:apic][:vpc_pairs], apic_switches: aciswitches, + optimized_dhcp: node[:neutron][:apic][:optimized_dhcp], + optimized_metadata: node[:neutron][:apic][:optimized_metadata], + apic_vmms: acivmms, ml2_mechanism_drivers: node[:neutron][:ml2_mechanism_drivers], policy_drivers: "implicit_policy,apic", default_ip_pool: "192.168.0.0/16" diff --git a/chef/cookbooks/neutron/recipes/server.rb b/chef/cookbooks/neutron/recipes/server.rb index 35f2f8175e..3f156bae75 100644 --- a/chef/cookbooks/neutron/recipes/server.rb +++ b/chef/cookbooks/neutron/recipes/server.rb @@ -85,7 +85,7 @@ else cisco_nexus_link_action = "delete" end -link "/etc/neutron/neutron-server.conf.d/100-ml2_conf_cisco.ini.conf" do +link "#{node[:neutron][:platform][:ml2_cisco_config_file]}" do to "/etc/neutron/plugins/ml2/ml2_conf_cisco.ini" action cisco_nexus_link_action notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]" @@ -99,7 +99,7 @@ else cisco_apic_link_action = "delete" end -link "/etc/neutron/neutron-server.conf.d/100-ml2_conf_cisco_apic.ini.conf" do +link "#{node[:neutron][:platform][:ml2_cisco_apic_config_file]}" do to "/etc/neutron/plugins/ml2/ml2_conf_cisco_apic.ini" action cisco_apic_link_action notifies :restart, "service[#{node[:neutron][:platform][:service_name]}]" diff --git a/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb b/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb index 30e24dc022..421c8bebbc 100644 --- a/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb +++ b/chef/cookbooks/neutron/templates/default/ml2_conf_cisco_apic.ini.erb @@ -2,7 +2,7 @@ apic_system_id=<%= node[:neutron][:apic][:system_id] %> [opflex] networks = * -[ml2_cisco_apic] +[apic] apic_hosts=<%= node[:neutron][:apic][:hosts] %> apic_username=<%= node[:neutron][:apic][:username] %> apic_password=<%= node[:neutron][:apic][:password] %> @@ -11,8 +11,8 @@ apic_name_mapping = use_name apic_clear_node_profiles = True enable_aci_routing = True apic_arp_flooding = True -enable_optimized_metadata = <%= node[:neutron][:apic][:optimized_metadata] %> -enable_optimized_dhcp = <%= node[:neutron][:apic][:optimized_dhcp] %> +enable_optimized_metadata = <%= @optimized_metadata %> +enable_optimized_dhcp = <%= @optimized_dhcp %> apic_provision_infra = True apic_provision_hostlinks = True <% unless @vpc_pairs.nil? -%> @@ -41,3 +41,12 @@ enable_nat = <%= node[:neutron][:apic][:ext_net][:nat_enabled] %> <% end -%> external_epg = <%= node[:neutron][:apic][:ext_net][:ext_epg] %> host_pool_cidr = <%= node[:neutron][:apic][:ext_net][:host_pool_cidr] %> + +<% @apic_vmms.each do |vmm_domain| -%> +[apic_vmdom:<%= vmm_domain[:vmm_name]%>] +vmm_type = <%= vmm_domain[:vmm_type]%> +<% if vmm_domain[:vlan_ranges] -%> +vlan_ranges = <%= vmm_domain[:vlan_ranges] %> +<% end -%> +<% end -%> + diff --git a/chef/cookbooks/neutron/templates/default/10-opflex-agent-ovs.conf.erb b/chef/cookbooks/neutron/templates/default/opflex-agent-ovs.conf.erb similarity index 91% rename from chef/cookbooks/neutron/templates/default/10-opflex-agent-ovs.conf.erb rename to chef/cookbooks/neutron/templates/default/opflex-agent-ovs.conf.erb index 28f504218d..45eb74dcbb 100644 --- a/chef/cookbooks/neutron/templates/default/10-opflex-agent-ovs.conf.erb +++ b/chef/cookbooks/neutron/templates/default/opflex-agent-ovs.conf.erb @@ -10,7 +10,7 @@ {"hostname": "<%= @opflex_peer_ip %>", "port": "<%= @opflex_peer_port %>"} ], "ssl": { - "mode": "enabled", + "mode": "<%= @opflex_ssl_mode %>", "ca-store": "/etc/ssl/certs/" }, "inspector": { @@ -36,7 +36,8 @@ "renderers": { "stitched-mode": { - "ovs-bridge-name": "br-int", + "int-bridge-name": "<%= @opflex_int_bridge %>", + "access-bridge-name": "<%= @opflex_access_bridge %>", "encap": { "vxlan" : { "encap-iface": "<%= @opflex_vxlan_encap_iface %>", diff --git a/chef/data_bags/crowbar/migrate/neutron/125_add_apic_multi_vmm_domains.rb b/chef/data_bags/crowbar/migrate/neutron/125_add_apic_multi_vmm_domains.rb new file mode 100644 index 0000000000..ac15244d9d --- /dev/null +++ b/chef/data_bags/crowbar/migrate/neutron/125_add_apic_multi_vmm_domains.rb @@ -0,0 +1,15 @@ +def upgrade(tattr, tdep, attr, dep) + unless attr["apic"].key?("apic_vmms") + attr["apic"]["apic_vmms"] = tattr["apic"]["apic_vmms"] + end + + return attr, dep +end + +def downgrade(tattr, tdep, attr, dep) + unless tattr["apic"].key?("apic_vmms") + attr["apic"].delete("apic_vmms") if attr.key?("apic_vmms") + end + + return attr, dep +end diff --git a/chef/data_bags/crowbar/template-neutron.json b/chef/data_bags/crowbar/template-neutron.json index 0d5a6fc4c1..7e30ee04ee 100644 --- a/chef/data_bags/crowbar/template-neutron.json +++ b/chef/data_bags/crowbar/template-neutron.json @@ -64,9 +64,12 @@ "nodes" : [], "peer_ip": "", "peer_port": 8009, + "ssl_mode": "encrypted", "encap": "vxlan", + "integration_bridge": "br-int", + "access_bridge": "br-fabric", "vxlan": { - "encap_iface": "br-int_vxlan0", + "encap_iface": "br-fab_vxlan0", "uplink_iface": "vlan.4093", "uplink_vlan": 4093, "remote_ip": "", @@ -97,7 +100,17 @@ } } } - } + }, + "apic_vmms": [{ + "vmm_name": "soc_kvm_domain", + "vmm_type": "openstack", + "vlan_ranges": "" + }, + { + "vmm_name": "soc_vm_domain", + "vmm_type": "vmware", + "vlan_ranges": "" + }] }, "allow_overlapping_ips": true, "use_syslog": false, @@ -195,7 +208,7 @@ "neutron": { "crowbar-revision": 0, "crowbar-applied": false, - "schema-revision": 124, + "schema-revision": 125, "element_states": { "neutron-server": [ "readying", "ready", "applying" ], "neutron-network": [ "readying", "ready", "applying" ], diff --git a/chef/data_bags/crowbar/template-neutron.schema b/chef/data_bags/crowbar/template-neutron.schema index ef60e3881e..55da58a801 100644 --- a/chef/data_bags/crowbar/template-neutron.schema +++ b/chef/data_bags/crowbar/template-neutron.schema @@ -72,7 +72,10 @@ "nodes": { "type" : "seq", "required" : true, "sequence": [ { "type": "str" } ] }, "peer_ip": { "type": "str", "required" : true }, "peer_port": { "type": "int", "required" : true }, + "ssl_mode": { "type": "str", "required": true }, "encap": { "type": "str", "required": true }, + "integration_bridge": { "type": "str", "required": true }, + "access_bridge": { "type": "str", "required": true }, "vxlan": { "type": "map", "required": true, "mapping" : { "encap_iface": {"type": "str", "required": true }, "uplink_iface": { "type": "str", "required": true }, @@ -93,7 +96,14 @@ }} }} }} - } + }, + "apic_vmms": { "type" : "seq", "required" : true, "sequence" : [ { + "type" : "map", "required" : true, "mapping" : { + "vmm_name": { "type": "str", "required": true }, + "vmm_type": { "type": "str", "required": true }, + "vlan_ranges": { "type": "str", "required": true } + } + } ] } }}, "allow_overlapping_ips": { "type": "bool", "required": true }, "cisco_switches": {