From 0ef27dd07672ca4268b6ec4b5c78145b395773ac Mon Sep 17 00:00:00 2001 From: Gary Kotton Date: Mon, 7 May 2018 05:46:38 -0700 Subject: [PATCH] Add support for NSXV3 NSXV3 is the OpenStack support for the NSX Transformers platform. This is supported from neutron in the Mitaka version. This patch adds Kolla support This adds a new neutron_plugin_agent type 'vmware_nsxv3'. The plugin does not run any neutron agents. Change-Id: I1ecd7e5f3471e4ff03cfe8c9a3aff17af3fe1842 --- ansible/group_vars/all.yml | 2 +- ansible/roles/neutron/defaults/main.yml | 24 ++++++++++++++----- ansible/roles/neutron/tasks/config.yml | 2 +- .../neutron/templates/neutron-server.json.j2 | 6 ++--- .../roles/neutron/templates/neutron.conf.j2 | 5 ++++ ansible/roles/neutron/templates/nsx.ini.j2 | 11 +++++++++ ansible/roles/nova/defaults/main.yml | 1 + ansible/roles/nova/templates/nova.conf.j2 | 4 +++- etc/kolla/globals.yml | 3 ++- etc/kolla/passwords.yml | 1 + .../notes/nsxv3-support-0bd45afcb7e71cc5.yaml | 3 +++ 11 files changed, 49 insertions(+), 13 deletions(-) create mode 100644 releasenotes/notes/nsxv3-support-0bd45afcb7e71cc5.yaml diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 9e426b8e33..e7a3111086 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -155,7 +155,7 @@ bifrost_network_interface: "{{ network_interface }}" dns_interface: "{{ network_interface }}" tunnel_interface_address: "{{ hostvars[inventory_hostname]['ansible_' + tunnel_interface]['ipv4']['address'] }}" -# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] +# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_dvs, opendaylight ] neutron_plugin_agent: "openvswitch" # Valid options are [ internal, infoblox ] diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index e645cd57da..4418b6698e 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -80,7 +80,7 @@ neutron_services: container_name: "neutron_dhcp_agent" image: "{{ neutron_dhcp_agent_image_full }}" privileged: True - enabled: "{{ neutron_plugin_agent != 'vmware_nsxv' }}" + enabled: "{{ neutron_plugin_agent not in [ 'vmware_nsxv', 'vmware_nsxv3' ] }}" group: "neutron-dhcp-agent" host_in_groups: "{{ inventory_hostname in groups['neutron-dhcp-agent'] }}" volumes: @@ -93,7 +93,7 @@ neutron_services: container_name: "neutron_l3_agent" image: "{{ neutron_l3_agent_image_full }}" privileged: True - enabled: "{{ neutron_plugin_agent not in ['vmware_nsxv', 'vmware_dvs'] and not enable_opendaylight_l3 | bool }}" + enabled: "{{ neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] and not enable_opendaylight_l3 | bool }}" host_in_groups: >- {{ inventory_hostname in groups['neutron-l3-agent'] @@ -110,7 +110,7 @@ neutron_services: container_name: "neutron_lbaas_agent" image: "{{ neutron_lbaas_agent_image_full }}" privileged: True - enabled: "{{ enable_neutron_lbaas | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_dvs'] }}" + enabled: "{{ enable_neutron_lbaas | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}" group: "neutron-lbaas-agent" host_in_groups: "{{ inventory_hostname in groups['neutron-lbaas-agent'] }}" volumes: @@ -122,7 +122,7 @@ neutron_services: container_name: "neutron_sriov_agent" image: "{{ neutron_sriov_agent_image_full }}" privileged: True - enabled: "{{ enable_neutron_sriov | bool and neutron_plugin_agent != 'vmware_nsxv' }}" + enabled: "{{ enable_neutron_sriov | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3' ] }}" host_in_groups: "{{ inventory_hostname in groups['compute'] }}" volumes: - "{{ node_config_directory }}/neutron-sriov-agent/:{{ container_config_directory }}/:ro" @@ -133,7 +133,7 @@ neutron_services: container_name: "neutron_metadata_agent" image: "{{ neutron_metadata_agent_image_full }}" privileged: True - enabled: "{{ neutron_plugin_agent != 'vmware_nsxv' }}" + enabled: "{{ neutron_plugin_agent not in [ 'vmware_nsxv', 'vmware_nsxv3' ] }}" host_in_groups: >- {{ inventory_hostname in groups['neutron-metadata-agent'] @@ -149,7 +149,7 @@ neutron_services: container_name: "neutron_bgp_dragent" image: "{{ neutron_bgp_dragent_image_full }}" privileged: True - enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_dvs'] }}" + enabled: "{{ enable_neutron_bgp_dragent | bool and neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] }}" group: "neutron-bgp-dragent" host_in_groups: "{{ inventory_hostname in groups['neutron-bgp-dragent'] }}" volumes: @@ -336,6 +336,18 @@ vmware_nsxv_spoofguard_enabled: "false" vmware_nsxv_metadata_initializer: "false" vmware_nsxv_edge_ha: "false" +#################### +# VMware NSXV3 +#################### +nsxv3_metadata_proxy: "metadata proxy uuid" +nsxv3_dhcp_profile: "dhcp service uuid" +nsxv3_native_dhcp_metadata: "true" +nsxv3_api_user: "user" +nsxv3_api_managers: "127.0.0.1" +nsxv3_default_tier0_router: "tier0 router uuid" +nsxv3_default_vlan_tz: "vlan TZ uuid" +nsxv3_default_overlay_tz: "overlay TZ uuid" + #################### # VMware DVS #################### diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index bd1e9d3614..9a825e7fe4 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -341,7 +341,7 @@ when: - neutron_server.enabled | bool - neutron_server.host_in_groups | bool - - neutron_plugin_agent in ['vmware_nsxv', 'vmware_dvs'] + - neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] notify: - "Restart {{ service_name }} container" diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2 index dc6a7317dd..4c6627ca2a 100644 --- a/ansible/roles/neutron/templates/neutron-server.json.j2 +++ b/ansible/roles/neutron/templates/neutron-server.json.j2 @@ -1,5 +1,5 @@ { - "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'opendaylight'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %} --config-file /etc/neutron/fwaas_driver.ini", + "command": "neutron-server --config-file /etc/neutron/neutron.conf {% if neutron_plugin_agent in ['openvswitch', 'linuxbridge', 'opendaylight'] %} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf {% elif neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] %} --config-file /etc/neutron/plugins/vmware/nsx.ini {% endif %} --config-file /etc/neutron/fwaas_driver.ini", "config_files": [ { "source": "{{ container_config_directory }}/neutron.conf", @@ -45,12 +45,12 @@ "owner": "neutron", "perm": "0600", "optional": true - }{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_dvs'] -%}, + }{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%}, { "source": "{{ container_config_directory }}/nsx.ini", "dest": "/etc/neutron/plugins/vmware/nsx.ini", "owner": "neutron", - "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_dvs']) | string | lower }}, + "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }}, "perm": "0600" }{% endif %} ], diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index ea4003aea5..67a1c4c5c3 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -39,6 +39,9 @@ allow_overlapping_ips = true {% if neutron_plugin_agent == 'vmware_nsxv' %} core_plugin = vmware_nsx.plugin.NsxVPlugin +{% elif neutron_plugin_agent == 'vmware_nsxv3' %} +core_plugin = vmware_nsx.plugin.NsxV3Plugin +dhcp_agent_notification = False {% elif neutron_plugin_agent == 'vmware_dvs' %} core_plugin = vmware_nsx.plugin.NsxDvsPlugin {% else %} @@ -63,6 +66,8 @@ dns_domain = {{ designate_ns_record }}. external_dns_driver = designate {% if neutron_plugin_agent == 'vmware_nsxv' %} nsx_extension_drivers = vmware_nsxv_dns +{% elif neutron_plugin_agent == 'vmware_nsxv3' %} +nsx_extension_drivers = vmware_nsxv3_dns {% elif neutron_plugin_agent == 'vmware_dvs' %} nsx_extension_drivers = vmware_dvs_dns {% endif %} diff --git a/ansible/roles/neutron/templates/nsx.ini.j2 b/ansible/roles/neutron/templates/nsx.ini.j2 index 2dda41d28a..1129de424b 100644 --- a/ansible/roles/neutron/templates/nsx.ini.j2 +++ b/ansible/roles/neutron/templates/nsx.ini.j2 @@ -15,6 +15,17 @@ backup_edge_pool = {{ vmware_nsxv_backup_edge_pool }} spoofguard_enabled = {{ vmware_nsxv_spoofguard_enabled }} metadata_initializer = {{ vmware_nsxv_metadata_initializer }} edge_ha = {{ vmware_nsxv_edge_ha }} +{% elif neutron_plugin_agent == 'vmware_nsxv3' %} +[nsx_v3] +metadata_proxy = {{ nsxv3_metadata_proxy }} +dhcp_profile = {{ nsxv3_dhcp_profile }} +native_dhcp_metadata = {{ nsxv3_native_dhcp_metadata }} +nsx_api_password = {{ nsxv3_api_password }} +nsx_api_user = {{ nsxv3_api_user }} +nsx_api_managers = {{ nsxv3_api_managers }} +default_tier0_router = {{ nsxv3_default_tier0_router }} +default_vlan_tz = {{ nsxv3_default_vlan_tz }} +default_overlay_tz = {{ nsxv3_default_overlay_tz }} {% elif neutron_plugin_agent == 'vmware_dvs' %} [dvs] host_ip = {{ vmware_dvs_host_ip }} diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 2f22ce8326..4bdd3fe0d9 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -260,3 +260,4 @@ nova_enabled_notification_topics: "{{ nova_notification_topics | selectattr('ena # VMware #################### vmware_vcenter_datastore_regex: ".*" +ovs_bridge: "nsx-managed" diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index e3c4a76005..daa13df1b1 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -142,7 +142,9 @@ os_region_name = {{ openstack_region_name }} url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }} metadata_proxy_shared_secret = {{ metadata_secret }} service_metadata_proxy = true - +{% if neutron_plugin_agent == 'vmware_nsxv3' %} +ovs_bridge = {{ ovs_bridge }} +{% endif %} auth_url = {{ keystone_admin_url }} auth_type = password project_domain_name = {{ default_project_domain_name }} diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 75bc08372f..f685f630fc 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -99,7 +99,8 @@ kolla_internal_vip_address: "10.10.10.254" # addresses for that reason. #neutron_external_interface: "eth1" -# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_dvs, opendaylight ] +# Valid options are [ openvswitch, linuxbridge, vmware_nsxv, vmware_nsxv3, vmware_dvs, opendaylight ] +# if vmware_nsxv3 is selected, enable_openvswitch MUST be set to "no" (default is yes) #neutron_plugin_agent: "openvswitch" # Valid options are [ internal, infoblox ] diff --git a/etc/kolla/passwords.yml b/etc/kolla/passwords.yml index 954031eb0e..8ded2388a9 100644 --- a/etc/kolla/passwords.yml +++ b/etc/kolla/passwords.yml @@ -33,6 +33,7 @@ opendaylight_password: vmware_dvs_host_password: vmware_nsxv_password: vmware_vcenter_host_password: +nsxv3_api_password: ##################### # Hitachi NAS support diff --git a/releasenotes/notes/nsxv3-support-0bd45afcb7e71cc5.yaml b/releasenotes/notes/nsxv3-support-0bd45afcb7e71cc5.yaml new file mode 100644 index 0000000000..66931d59a3 --- /dev/null +++ b/releasenotes/notes/nsxv3-support-0bd45afcb7e71cc5.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for the VMware NSX Transformers plugin