Implement OVN inventory changes and deploy by default

This patch updates the OSA inventory to include a new group,
network-gateway_hosts, which operators can define to dictate which
nodes can be considered OVN gateway nodes. In addition, the default
mechanism driver is no longer ML2/LXB and must be specified by the
operator.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/865961
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/866249
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/866159
Needed-By: https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/865973/4
Change-Id: I7be6520b338b5578b04631cfa04a9122c735959c

doc/source/admin/upgrades/major-upgrades.rst

@@ -152,6 +152,12 @@ Please review the contents of the playbook for more information.
     # openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml"
 
 
+Ensure that you have defined all required variables for current Neutron plugin
+
+.. code-block:: console
+
+    # openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/define-neutron-plugin.yml"
+
 Upgrade hosts
 ~~~~~~~~~~~~~
 

doc/source/user/aio/quickstart.rst

@@ -233,7 +233,7 @@ container back-end.
 
 .. code-block:: shell-session
 
-   # export SCENARIO='aio_lxc_barbican_ceph'
+   # export SCENARIO='aio_lxc_barbican_ceph_lxb'
    # scripts/bootstrap-aio.sh
 
 To add any global overrides, over and above the defaults for the applicable

etc/openstack_deploy/conf.d/neutron.yml.aio

@@ -1,5 +1,16 @@
 ---
+
 # neutron-server, neutron-agents
 network_hosts:
   aio1:
     ip: 172.29.236.100
+
+{% if _neutron_plugin_driver == 'ml2.ovn'  %}
+network-gateway_hosts:
+  aio1:
+    ip: 172.29.236.100
+
+network-northd_hosts:
+  aio1:
+    ip: 172.29.236.100
+{% endif %}

etc/openstack_deploy/openstack_user_config.yml.aio.j2

@@ -62,18 +62,18 @@ global_overrides:
           # neutron public addresses, LXC
           - cidr: 172.29.248.0/22
             gateway: 172.29.236.100
-{% if 'ovn' in bootstrap_host_scenarios_expanded %}
+{% if 'ovs' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
         container_interface: "eth10"
         ip_from_q: "tunnel"
-        type: "geneve"
+        type: "vxlan"
         range: "1:1000"
-        net_name: "geneve"
+        net_name: "vxlan"
         group_binds:
-          - neutron_ovn_controller
-{% elif 'ovs' in bootstrap_host_scenarios_expanded %}
+          - neutron_openvswitch_agent
+{% elif 'lxb' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
@@ -83,18 +83,18 @@ global_overrides:
         range: "1:1000"
         net_name: "vxlan"
         group_binds:
-          - neutron_openvswitch_agent
+          - neutron_linuxbridge_agent
 {% else %}
     - network:
         container_bridge: "br-vxlan"
         container_type: "veth"
         container_interface: "eth10"
         ip_from_q: "tunnel"
-        type: "vxlan"
+        type: "geneve"
         range: "1:1000"
-        net_name: "vxlan"
+        net_name: "geneve"
         group_binds:
-          - neutron_linuxbridge_agent
+          - neutron_ovn_controller
 {% endif %}
 {% if 'trove' in bootstrap_host_scenarios_expanded %}
     - network:
@@ -137,25 +137,7 @@ global_overrides:
           - ironic_api
           - ironic_inspector
 {% endif %}
-{% if 'ovn' in bootstrap_host_scenarios_expanded %}
-    - network:
-        container_bridge: "br-provider"
-        container_type: "veth"
-        container_interface: "eth12"
-        network_interface: "eth12"
-        type: "vlan"
-        range: "101:200,301:400"
-        net_name: "vlan"
-        group_binds:
-          - neutron_ovn_controller
-    - network:
-        container_bridge: "br-provider"
-        container_type: "veth"
-        net_name: "vlan"
-        type: "flat"
-        group_binds:
-          - neutron_ovn_controller
-{% elif 'ovs' in bootstrap_host_scenarios_expanded %}
+{% if 'ovs' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-provider"
         container_type: "veth"
@@ -173,7 +155,7 @@ global_overrides:
         type: "flat"
         group_binds:
           - neutron_openvswitch_agent
-{% else %}
+{% elif 'lxb' in bootstrap_host_scenarios_expanded %}
     - network:
         container_bridge: "br-vlan"
         container_type: "veth"
@@ -192,6 +174,22 @@ global_overrides:
         net_name: "vlan"
         group_binds:
           - neutron_linuxbridge_agent
+{% else %}
+    - network:
+        container_bridge: "br-provider"
+        network_interface: "eth12"
+        type: "vlan"
+        range: "101:200,301:400"
+        net_name: "vlan"
+        group_binds:
+          - neutron_ovn_gateway
+    - network:
+        container_bridge: "br-provider"
+        container_type: "veth"
+        net_name: "vlan"
+        type: "flat"
+        group_binds:
+          - neutron_ovn_gateway
 {% endif %}
     - network:
         container_bridge: "br-storage"

inventory/env.d/neutron.yml

@@ -47,6 +47,15 @@ component_skel:
   neutron_server:
     belongs_to:
       - neutron_all
+  neutron_ovn_controller:
+    belongs_to:
+      - neutron_all
+  neutron_ovn_gateway:
+    belongs_to:
+      - neutron_all
+  neutron_ovn_northd:
+    belongs_to:
+      - neutron_all
   opendaylight:
     belongs_to:
       - neutron_all
@@ -76,6 +85,19 @@ container_skel:
     contains:
       - neutron_server
       - opendaylight
+  neutron_ovn_gateway_container:
+    belongs_to:
+      - network-gateway_containers
+    contains:
+      - neutron_ovn_controller
+      - neutron_ovn_gateway
+    properties:
+      is_metal: true
+  neutron_ovn_northd_container:
+    belongs_to:
+      - network-northd_containers
+    contains:
+      - neutron_ovn_northd
 
 physical_skel:
   network_containers:
@@ -96,3 +118,15 @@ physical_skel:
   network-infra_hosts:
     belongs_to:
       - hosts
+  network-gateway_containers:
+    belongs_to:
+      - all_containers
+  network-gateway_hosts:
+    belongs_to:
+      - hosts
+  network-northd_containers:
+    belongs_to:
+      - all_containers
+  network-northd_hosts:
+    belongs_to:
+      - hosts

inventory/env.d/nova.yml

@@ -54,6 +54,8 @@ container_skel:
       - neutron_linuxbridge_agent
       - neutron_openvswitch_agent
       - neutron_sriov_nic_agent
+      - neutron_ovn_controller
+      - neutron_ovn_gateway
       - nova_compute
     properties:
       is_metal: true
@@ -83,4 +85,4 @@ physical_skel:
       - all_containers
   qemu-compute_hosts:
     belongs_to:
-      - hosts
+      - hosts

inventory/group_vars/haproxy/haproxy.yml

@@ -356,8 +356,8 @@ haproxy_nova_api_metadata_service:
   haproxy_backend_nodes: "{{ groups['nova_api_metadata'] | default([]) }}"
   haproxy_bind: "{{ [internal_lb_vip_address] }}"
   haproxy_port: 8775
-  haproxy_ssl: "{{ (neutron_plugin_type == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
-  haproxy_ssl_all_vips: "{{ (neutron_plugin_type == 'm2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
+  haproxy_ssl: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
+  haproxy_ssl_all_vips: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.calico') | ternary(False, haproxy_ssl_all_vips) }}"
   haproxy_balance_type: http
   haproxy_backend_options:
     - "httpchk HEAD / HTTP/1.0\\r\\nUser-agent:\\ osa-haproxy-healthcheck"
@@ -414,7 +414,7 @@ haproxy_opendaylight_neutron_service:
   haproxy_timeout_client: 5000s
   haproxy_timeout_server: 5000s
   haproxy_allowlist_networks: "{{ haproxy_opendaylight_allowlist_networks }}"
-  haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
+  haproxy_service_enabled: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.opendaylight') }}"
 
 haproxy_opendaylight_websocket_service:
   haproxy_service_name: opendaylight-websocket
@@ -425,7 +425,7 @@ haproxy_opendaylight_websocket_service:
   haproxy_timeout_client: 5000s
   haproxy_timeout_server: 5000s
   haproxy_allowlist_networks: "{{ haproxy_opendaylight_allowlist_networks }}"
-  haproxy_service_enabled: "{{ neutron_plugin_type == 'ml2.opendaylight' }}"
+  haproxy_service_enabled: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.opendaylight') }}"
 
 # TODO(jamesdenton): Remove that in Z release
 haproxy_ovn_northbound_service:

inventory/group_vars/horizon_all.yml

@@ -14,4 +14,4 @@
 # limitations under the License.
 
 horizon_enable_cinder_backup: "{{ hostvars['localhost']['cinder_service_backup_program_enabled'] }}"
-horizon_enable_ha_router: "{{ neutron_plugin_type.split('.')[0] == 'ml2' and (groups['neutron_l3_agent'] | length >= 2) }}"
+horizon_enable_ha_router: "{{ groups['neutron_l3_agent'] | length >= 2 }}"

inventory/inventory.ini

@@ -184,6 +184,7 @@ neutron_metadata_agent
 neutron_metering_agent
 neutron_openvswitch_agent
 neutron_ovn_controller
+neutron_ovn_gateway
 neutron_ovn_northd
 neutron_server
 neutron_sriov_nic_agent
@@ -197,6 +198,7 @@ neutron_sriov_nic_agent
 [neutron_metering_agent]
 [neutron_openvswitch_agent]
 [neutron_ovn_controller]
+[neutron_ovn_gateway]
 [neutron_ovn_northd]
 [neutron_server]
 [neutron_sriov_nic_agent]

playbooks/os-neutron-install.yml

@@ -23,7 +23,7 @@
       vars:
         src_group: "nova_compute"
         dest_group: "neutron_l3_agent, neutron_metadata_agent"
-        group_when: "{{ neutron_plugin_type == 'ml2.ovs.dvr' }}"
+        group_when: "{{ (neutron_plugin_type | default('ml2.ovn') == 'ml2.ovs.dvr') }}"
 
 
 

releasenotes/notes/ovn-default-mechanism-driver-6225641f64f721d4.yaml

@@ -0,0 +1,31 @@
+---
+prelude: >
+  Default neutron plugin has been switched from LinuxBridge to OVN.
+  This is effective for all new deployments. At the same time
+  OpenStack-Ansible does not provide any in-house tooling for completing
+  upgrade from ml2.lxb to ml2.ovn. Please, reffer to upgrade section for more
+  details on how to upgrade OpenStack-Ansible.
+
+upgrade:
+  - |
+    With marking ML2/LinuxBridge driver as 'Experimental' in the upstream
+    Neutron project OpenStack-Ansible has switched a default mechanism driver
+    to ML2/OVN.
+    In order to upgrade any existing deployment that was relying on defaults
+    to the new OpenStack-Ansible version you must ensure that following
+    variables are defined explicitly to ensure parity with existing
+    functionality:
+
+    .. code-block:: yaml
+
+      neutron_plugin_type: ml2.lxb
+      neutron_ml2_drivers_type: "flat,vlan,vxlan,local"
+      neutron_plugin_base:
+        - router
+        - metering
+
+    Failure to define any of these variables will result in playbook failures
+    and neutron misconfiguration.
+
+    We have covered this step with upgrade script that will create a
+    ``user_neutron_migration.yml`` file with assumed defaults.

scripts/run-upgrade.sh

@@ -175,6 +175,7 @@ function main {
 
     pushd ${MAIN_PATH}/playbooks
         RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml")
+        RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/define-neutron-plugin.yml")
         RUN_TASKS+=("certificate-ssh-authority.yml")
         # we don't want to trigger container restarts for galera and rabbit
         # but as there will be no hosts available for metal deployments,