Implement L3HA support

This change enables L3HA using the neutron internals by default. This should
make the general Neutron router support more robust.

Note:
  * The ability will not effect running routers so upgrades are seemless.
  * The l3ha support is only rendered by default when using the ML2 plugin.
  * The ATT neutron l3HA tool is still needed as a backup to ensure that the
    routers are always scheduled to an agent and will remain to facilitate
    L3HA on routers created without the ha capability.

Upgrade notes:
 - neutron_ha_vrrp_advert_int (removed)
 - neutron_ha_vrrp_auth_password (moved to user_secrets.yml)
 - neutron_handle_internal_only_routers (removed)
 - neutron_l3_ha_enabled (removed)
 - neutron_min_l3_agents_per_router (removed)
 - neutron_max_l3_agents_per_router (removed)

DocImpact
UpgradeImpact
Closes-Bug: #1416405
Change-Id: Ie456a50f525f11b9d15cd2a9c9590b41f19a9b5e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

etc/openstack_deploy/user_secrets.yml

@@ -79,6 +79,7 @@ horizon_secret_key:
 neutron_container_mysql_password:
 neutron_service_password:
 neutron_rabbitmq_password:
+neutron_ha_vrrp_auth_password:
 
 ## Nova Options
 nova_container_mysql_password:

playbooks/roles/os_neutron/defaults/main.yml

@@ -137,7 +137,7 @@ neutron_services:
    service_name: neutron-server
    service_en: True
    service_group: neutron_server
-   config_options: --config-file /etc/neutron/neutron.conf --config-file "/etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
+   config_options: "--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
 
 ## Drivers
 neutron_driver_network_scheduler: neutron.scheduler.dhcp_agent_scheduler.WeightScheduler
@@ -209,31 +209,16 @@ neutron_keystone_auth_plugin: password
 neutron_external_network_bridge: ""
 neutron_gateway_external_network_id: ""
 
-# Enable l2 population
-neutron_l2_population: True
-
 neutron_agent_mode: legacy
 neutron_agent_down_time: 120
 neutron_agent_polling_interval: 5
 neutron_report_interval: "{{ neutron_agent_down_time | int / 2 | int }}"
 neutron_network_device_mtu: 1450
 
 # L3HA configuration options.
-neutron_ha_vrrp_advert_int: 2
-neutron_ha_vrrp_auth_password: None
 neutron_ha_vrrp_auth_type: PASS
-neutron_handle_internal_only_routers: True
-neutron_l3_ha_enabled: False
 neutron_l3_ha_net_cidr: 169.254.192.0/18
 
-# If ``neutron_min_l3_agents_per_router`` is unset the system will use half the number of hosts in the
-# "neutron_agent" group to determine the min agents per routers.
-# neutron_min_l3_agents_per_router: 3
-
-# If ``neutron_max_l3_agents_per_router`` is unset the system will use the number of hosts in the
-# "neutron_agent" group to determine the max agents per routers.
-# neutron_max_l3_agents_per_router: 3
-
 # DHCP AGENT CONFIG
 neutron_dhcp_config:
   dhcp-option-force: "26,1450"

playbooks/roles/os_neutron/tasks/neutron_post_install.yml

@@ -13,6 +13,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Disable L2 population for L3HA support
+  set_fact:
+    neutron_l2_population: "False"
+  when:
+    - neutron_plugin_type == 'ml2'
+    - groups['neutron_agent'] | length >= 2
+    - neutron_services['neutron-linuxbridge-agent']['service_en'] | bool
+    - neutron_l2_population is undefined
+  tags:
+    - neutron-config
+
+- name: Enable L2 population support
+  set_fact:
+    neutron_l2_population: "True"
+  when:
+    - neutron_plugin_type == 'ml2'
+    - neutron_l2_population is undefined
+  tags:
+    - neutron-config
+
 - name: Copy neutron config
   config_template:
     src: "{{ item.src }}"

playbooks/roles/os_neutron/templates/l3_agent.ini.j2

@@ -20,20 +20,12 @@ agent_mode = {{ neutron_agent_mode }}
 # Conventional failover
 allow_automatic_l3agent_failover = True
 
-{% set min_router = groups['neutron_agent'] | length // 2 %}
-{% set min_l3_router = min_router if min_router > 0 else 1 %}
-
-min_l3_agents_per_router = {{ neutron_min_l3_agents_per_router | default(min_l3_router) }}
-max_l3_agents_per_router = {{ neutron_max_l3_agents_per_router | default(groups['neutron_agent']|length) }}
-
 # HA failover
-l3_ha = {{ neutron_l3_ha_enabled }}
-l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
 ha_confs_path = {{ neutron_system_home_folder }}/ha_confs
-ha_vrrp_advert_int = {{ neutron_ha_vrrp_advert_int }}
+ha_vrrp_advert_int = 2
 ha_vrrp_auth_password = {{ neutron_ha_vrrp_auth_password }}
 ha_vrrp_auth_type = {{ neutron_ha_vrrp_auth_type }}
-handle_internal_only_routers = {{ neutron_handle_internal_only_routers }}
+handle_internal_only_routers = False
 send_arp_for_ha = 3
 
 # Metadata

playbooks/roles/os_neutron/templates/neutron.conf.j2

@@ -46,6 +46,24 @@ router_distributed = False
 # Agents
 agent_down_time = {{ neutron_agent_down_time }}
 
+{% set num_agent = groups['neutron_agent'] | length %}
+{% if neutron_plugin_type == 'ml2' and num_agent >= 2 %}
+{% if neutron_services['neutron-linuxbridge-agent']['service_en'] | bool and not neutron_l2_population | bool %}
+
+{% set max_l3_router = num_agent if num_agent > 2 else 2 %}
+{% set min_l3_router = num_agent if (num_agent > 2 and num_agent < max_l3_router) else 2 %}
+
+# L3HA
+l3_ha = True
+l3_ha_net_cidr = {{ neutron_l3_ha_net_cidr }}
+min_l3_agents_per_router = {{ min_l3_router }}
+max_l3_agents_per_router = {{ max_l3_router }}
+ha_network_type = {{ neutron_provider_networks.network_mappings_list[0].split(':')[0] }}
+ha_network_physical_name = {{ neutron_provider_networks.network_mappings_list[0].split(':')[-1] }}
+
+{% endif %}
+{% endif %}
+
 # API
 bind_port = 9696
 bind_host = 0.0.0.0
@@ -54,9 +72,10 @@ bind_host = 0.0.0.0
 api_workers = {{ neutron_api_workers | default(api_threads) }}
 rpc_workers = {{ neutron_rpc_workers }}
 
+{% set dhcp_agents_max = num_agent if num_agent > 2 else 2 %}
 # DHCP
 dhcp_agent_notification = True
-dhcp_agents_per_network = {{ groups['neutron_agent'] | length }}
+dhcp_agents_per_network = {{ dhcp_agents_max }}
 dhcp_lease_duration = 86400
 advertise_mtu = False