diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 9ad3576a20..e0322cbd0e 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -257,6 +257,7 @@ enable_mistral: "no" enable_mongodb: "no" enable_multipathd: "no" enable_murano: "no" +enable_neutron_vpnaas: "no" enable_neutron_dvr: "no" enable_neutron_lbaas: "no" enable_neutron_qos: "no" diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index d4c96d7da9..1783a97997 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -184,6 +184,9 @@ neutron [neutron-metadata-agent:children] neutron +[neutron-vpnaas-agent:children] +neutron + # Cinder [cinder-api:children] cinder diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index f54341a151..3b130ddc76 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -202,6 +202,9 @@ neutron [neutron-metadata-agent:children] neutron +[neutron-vpnaas-agent:children] +neutron + # Cinder [cinder-api:children] cinder diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 0de2a597f7..699c6b688c 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -44,6 +44,10 @@ neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ neutron_server_tag: "{{ openstack_release }}" neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}" +neutron_vpnaas_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-vpnaas-agent" +neutron_vpnaas_agent_tag: "{{ openstack_release }}" +neutron_vpnaas_agent_image_full: "{{ neutron_vpnaas_agent_image }}:{{ neutron_vpnaas_agent_tag }}" + openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server" openvswitch_db_tag: "{{ openstack_release }}" openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}" diff --git a/ansible/roles/neutron/tasks/bootstrap_service.yml b/ansible/roles/neutron/tasks/bootstrap_service.yml index b654e56b2e..50d114535f 100644 --- a/ansible/roles/neutron/tasks/bootstrap_service.yml +++ b/ansible/roles/neutron/tasks/bootstrap_service.yml @@ -41,3 +41,26 @@ - inventory_hostname in groups['neutron-lbaas-agent'] run_once: True delegate_to: "{{ groups['neutron-lbaas-agent'][0] }}" + +- name: Running Neutron vpnaas bootstrap container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + detach: False + environment: + KOLLA_BOOTSTRAP: + KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" + image: "{{ neutron_vpnaas_agent_image_full }}" + labels: + BOOTSTRAP: + name: "bootstrap_neutron_vpnaas_agent" + restart_policy: "never" + volumes: + - "{{ node_config_directory }}/neutron-vpnaas-agent/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + when: + - enable_neutron_vpnaas | bool + - inventory_hostname in groups['neutron-vpnaas-agent'] + run_once: True + delegate_to: "{{ groups['neutron-vpnaas-agent'][0] }}" diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index 3ece8199bd..1c7d0238b7 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -8,6 +8,7 @@ when: - set_sysctl | bool - inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] - name: Ensuring config directories exist file: @@ -24,6 +25,7 @@ - "openvswitch-db-server" - "openvswitch-vswitchd" - "neutron-lbaas-agent" + - "neutron-vpnaas-agent" - name: Copying over config.json files for services template: @@ -39,6 +41,7 @@ - "openvswitch-db-server" - "openvswitch-vswitchd" - "neutron-lbaas-agent" + - "neutron-vpnaas-agent" - name: Copying over neutron.conf merge_configs: @@ -61,6 +64,31 @@ - "neutron-openvswitch-agent" - "neutron-server" - "neutron-lbaas-agent" + - "neutron-vpnaas-agent" + +- name: Copying over neutron_lbaas.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/neutron_lbaas.conf.j2" + - "{{ node_custom_config }}/neutron/neutron_lbaas.conf" + - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_lbaas.conf" + dest: "{{ node_config_directory }}/{{ item }}/neutron_lbaas.conf" + with_items: + - "neutron-server" + +- name: Copying over neutron_vpnaas.conf + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/neutron_vpnaas.conf.j2" + - "{{ node_custom_config }}/neutron/neutron_vpnaas.conf" + - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_vpnaas.conf" + dest: "{{ node_config_directory }}/{{ item }}/neutron_vpnaas.conf" + with_items: + - "neutron-server" - name: Copying over ml2_conf.ini merge_configs: @@ -79,6 +107,7 @@ - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" + - "neutron-vpnaas-agent" - name: Copying over dhcp_agent.ini merge_configs: @@ -108,6 +137,7 @@ dest: "{{ node_config_directory }}/{{ item }}/l3_agent.ini" with_items: - "neutron-l3-agent" + - "neutron-vpnaas-agent" - name: Copying over fwaas_driver.ini merge_configs: @@ -119,6 +149,7 @@ dest: "{{ node_config_directory }}/{{ item }}/fwaas_driver.ini" with_items: - "neutron-l3-agent" + - "neutron-vpnaas-agent" - name: Copying over metadata_agent.ini merge_configs: @@ -141,3 +172,14 @@ dest: "{{ node_config_directory }}/{{ item }}/lbaas_agent.ini" with_items: - "neutron-lbaas-agent" + +- name: Copying over vpnaas_agent.ini + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/vpnaas_agent.ini.j2" + - "/etc/kolla/config/neutron/vpnaas_agent.ini" + dest: "{{ node_config_directory }}/{{ item }}/vpnaas_agent.ini" + with_items: + - "neutron-vpnaas-agent" diff --git a/ansible/roles/neutron/tasks/deploy.yml b/ansible/roles/neutron/tasks/deploy.yml index 13d0d9d30c..7a75bdb204 100644 --- a/ansible/roles/neutron/tasks/deploy.yml +++ b/ansible/roles/neutron/tasks/deploy.yml @@ -13,6 +13,7 @@ or inventory_hostname in groups['neutron-metadata-agent'] or inventory_hostname in groups['neutron-server'] or inventory_hostname in groups['neutron-lbaas-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] - include: config-neutron-fake.yml when: @@ -30,3 +31,4 @@ or inventory_hostname in groups['neutron-metadata-agent'] or inventory_hostname in groups['neutron-server'] or inventory_hostname in groups['neutron-lbaas-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] diff --git a/ansible/roles/neutron/tasks/do_reconfigure.yml b/ansible/roles/neutron/tasks/do_reconfigure.yml index d80e827d64..ad8ef35aba 100644 --- a/ansible/roles/neutron/tasks/do_reconfigure.yml +++ b/ansible/roles/neutron/tasks/do_reconfigure.yml @@ -14,8 +14,9 @@ - { name: neutron_l3_agent, group: neutron-l3-agent } - { name: neutron_l3_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" } - { name: neutron_lbaas_agent, group: neutron-lbaas-agent, enabled: "{{ enable_neutron_lbaas | bool }}" } - - { name: neutron_metadata_agent, group: neutron-metadata-agent } + - { name: neutron_metadata_agent, group: neutron-metadata-agent } - { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" } + - { name: neutron_vpnaas_agent, group: neutron-vpnaas-agent, enabled: "{{ enable_neutron_vpnaas | bool }}" } - name: Ensuring the neutron_openvswitch_agent container is up kolla_docker: @@ -32,12 +33,14 @@ or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and not enable_nova_fake | bool ) or ( inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and enable_nova_fake | bool ) ) @@ -55,7 +58,8 @@ or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - include: config.yml @@ -75,6 +79,7 @@ - { name: neutron_lbaas_agent, group: neutron-lbaas-agent, enabled: "{{ enable_neutron_lbaas | bool }}" } - { name: neutron_metadata_agent, group: neutron-metadata-agent } - { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" } + - { name: neutron_vpnaas_agent, group: neutron-vpnaas-agent, enabled: "{{ enable_neutron_vpnaas | bool }}" } - name: Check the configs in the neutron_openvswitch_agent container command: docker exec neutron_openvswitch_agent /usr/local/bin/kolla_set_configs --check @@ -90,12 +95,14 @@ or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and not enable_nova_fake | bool ) or ( inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and enable_nova_fake | bool ) ) @@ -112,7 +119,8 @@ or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) # NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS' # and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE', @@ -133,6 +141,7 @@ - { name: neutron_lbaas_agent, group: neutron-lbaas-agent, enabled: "{{ enable_neutron_lbaas | bool }}" } - { name: neutron_metadata_agent, group: neutron-metadata-agent } - { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" } + - { name: neutron_vpnaas_agent, group: neutron-vpnaas-agent, enabled: "{{ enable_neutron_vpnaas | bool }}" } - name: Container config strategy for the neutron_openvswitch_agent container kolla_docker: @@ -149,12 +158,14 @@ or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] ) or ( enable_nova_fake | bool and inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] ) ) @@ -170,7 +181,8 @@ or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - name: Remove the containers running neutron-server and neutron agents kolla_docker: @@ -189,7 +201,8 @@ { name: neutron_l3_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" }, { name: neutron_lbaas_agent, group: neutron-lbaas-agent, enabled: "{{ enable_neutron_lbaas | bool }}" }, { name: neutron_metadata_agent, group: neutron-metadata-agent }, - { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" }] + { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" }, + { name: neutron_vpnaas_agent, group: neutron-vpnaas-agent, enabled: "{{ enable_neutron_vpnaas | bool }}" }] - "{{ neutron_container_envs.results }}" - "{{ neutron_check_results.results }}" @@ -208,12 +221,14 @@ or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] ) or ( enable_nova_fake | bool and inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] ) ) - config_strategy == "COPY_ONCE" or openvswitch_agent_envs['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' @@ -231,7 +246,8 @@ or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - config_strategy == "COPY_ONCE" or linuxbridge_agent_envs['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' - linuxbridge_agent_check_results['rc'] == 1 @@ -257,7 +273,8 @@ { name: neutron_l3_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" }, { name: neutron_lbaas_agent, group: neutron-lbaas-agent, enabled: "{{ enable_neutron_lbaas | bool }}" }, { name: neutron_metadata_agent, group: neutron-metadata-agent }, - { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" }] + { name: neutron_metadata_agent, group: compute, enabled: "{{ enable_neutron_dvr | bool }}" }, + { name: neutron_vpnaas_agent, group: neutron-vpnaas-agent, enabled: "{{ enable_neutron_vpnaas | bool }}" }] - "{{ neutron_container_envs.results }}" - "{{ neutron_check_results.results }}" @@ -275,12 +292,14 @@ or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and not enable_nova_fake | bool ) or ( inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and enable_nova_fake | bool ) ) @@ -299,6 +318,7 @@ or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - linuxbridge_agent_envs['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' - linuxbridge_agent_check_results['rc'] == 1 diff --git a/ansible/roles/neutron/tasks/pull.yml b/ansible/roles/neutron/tasks/pull.yml index 9c5a4cbc6e..fa6bf505e2 100644 --- a/ansible/roles/neutron/tasks/pull.yml +++ b/ansible/roles/neutron/tasks/pull.yml @@ -23,7 +23,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "linuxbridge" - name: Pulling neutron-metadata-agent image @@ -43,7 +44,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" - name: Pulling neutron-server image @@ -63,7 +65,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" - name: Pulling openvswitch-vswitchd image @@ -76,5 +79,6 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" diff --git a/ansible/roles/neutron/tasks/reconfigure.yml b/ansible/roles/neutron/tasks/reconfigure.yml index 5d63da5895..cc30a005b8 100644 --- a/ansible/roles/neutron/tasks/reconfigure.yml +++ b/ansible/roles/neutron/tasks/reconfigure.yml @@ -7,3 +7,4 @@ or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] diff --git a/ansible/roles/neutron/tasks/start.yml b/ansible/roles/neutron/tasks/start.yml index 2172bc5ce0..fbccfaf60a 100644 --- a/ansible/roles/neutron/tasks/start.yml +++ b/ansible/roles/neutron/tasks/start.yml @@ -16,7 +16,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" - name: Waiting the openvswitch_db service to be ready @@ -31,7 +32,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" - name: Ensuring OVS bridge is properly setup @@ -43,7 +45,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" - name: Starting openvswitch-vswitchd container @@ -64,7 +67,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "openvswitch" - name: Starting neutron-server container @@ -99,11 +103,13 @@ or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and not enable_nova_fake | bool ) or ( inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent'] and enable_nova_fake | bool ) ) @@ -199,7 +205,8 @@ or (enable_manila | bool and inventory_hostname in groups['manila-share']) or inventory_hostname in groups['neutron-dhcp-agent'] or inventory_hostname in groups['neutron-l3-agent'] - or inventory_hostname in groups['neutron-metadata-agent']) + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-vpnaas-agent']) - neutron_plugin_agent == "linuxbridge" - name: Starting neutron-dhcp-agent container @@ -236,6 +243,7 @@ when: - (inventory_hostname in groups['neutron-l3-agent'] or (inventory_hostname in groups['compute'] and enable_neutron_dvr | bool)) + - not enable_neutron_vpnaas | bool - name: Starting neutron-lbaas-agent container kolla_docker: @@ -271,3 +279,21 @@ when: - (inventory_hostname in groups['neutron-metadata-agent'] or (inventory_hostname in groups['compute'] and enable_neutron_dvr | bool)) + +- name: Starting neutron-vpnaas-agent container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_vpnaas_agent_image_full }}" + name: "neutron_vpnaas_agent" + privileged: True + volumes: + - "{{ node_config_directory }}/neutron-vpnaas-agent/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "/run:/run" + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + - "kolla_logs:/var/log/kolla/" + when: + - enable_neutron_vpnaas | bool + - inventory_hostname in groups['neutron-vpnaas-agent'] diff --git a/ansible/roles/neutron/tasks/upgrade.yml b/ansible/roles/neutron/tasks/upgrade.yml index 3667e75a72..84b6f5b569 100644 --- a/ansible/roles/neutron/tasks/upgrade.yml +++ b/ansible/roles/neutron/tasks/upgrade.yml @@ -6,6 +6,7 @@ or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] or inventory_hostname in groups['neutron-server'] + or inventory_hostname in groups['neutron-vpnaas-agent'] - include: config-neutron-fake.yml when: @@ -22,3 +23,4 @@ or inventory_hostname in groups['neutron-lbaas-agent'] or inventory_hostname in groups['neutron-metadata-agent'] or inventory_hostname in groups['neutron-server'] + or inventory_hostname in groups['neutron-vpnaas-agent'] diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2 index a57ba3156c..54fed2e003 100644 --- a/ansible/roles/neutron/templates/neutron-server.json.j2 +++ b/ansible/roles/neutron/templates/neutron-server.json.j2 @@ -1,5 +1,5 @@ { - "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini", + "command": "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-file /etc/neutron/neutron_lbaas.conf --config-file /etc/neutron/neutron_vpnaas.conf", "config_files": [ { "source": "{{ container_config_directory }}/neutron.conf", @@ -7,6 +7,18 @@ "owner": "neutron", "perm": "0600" }, + { + "source": "{{ container_config_directory }}/neutron_lbaas.conf", + "dest": "/etc/neutron/neutron_lbaas.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/neutron_vpnaas.conf", + "dest": "/etc/neutron/neutron_vpnaas.conf", + "owner": "neutron", + "perm": "0600" + }, { "source": "{{ container_config_directory }}/ml2_conf.ini", "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", diff --git a/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 b/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 new file mode 100644 index 0000000000..1f76b16208 --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "neutron-vpn-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/vpnaas_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/l3_agent.ini", + "dest": "/etc/neutron/l3_agent.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/vpnaas_agent.ini", + "dest": "/etc/neutron/vpnaas_agent.ini", + "owner": "neutron", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 557187e91c..99b2a7295a 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -35,7 +35,7 @@ host = {{ ansible_hostname }}_{{ item }} allow_overlapping_ips = true core_plugin = ml2 -service_plugins = router{% if enable_neutron_lbaas | bool %},lbaas{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %},{% if neutron_plugin_agent == "sfc" %}flow_classifier,sfc{% endif %} +service_plugins = router{% if enable_neutron_lbaas | bool %},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %}{% if enable_neutron_vpnaas | bool %},vpnass{% endif %}{% if neutron_plugin_agent == "sfc" %}flow_classifier,sfc{% endif %} {% if enable_neutron_agent_ha | bool %} dhcp_agents_per_network = {{ dhcp_agents_per_network }} diff --git a/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 b/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 new file mode 100644 index 0000000000..bfacaba544 --- /dev/null +++ b/ansible/roles/neutron/templates/neutron_lbaas.conf.j2 @@ -0,0 +1,4 @@ +{% if enable_neutron_lbaas | bool %} +[service_providers] +service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +{% endif %} diff --git a/ansible/roles/neutron/templates/neutron_vpnaas.conf.j2 b/ansible/roles/neutron/templates/neutron_vpnaas.conf.j2 new file mode 100644 index 0000000000..47eeefb4a7 --- /dev/null +++ b/ansible/roles/neutron/templates/neutron_vpnaas.conf.j2 @@ -0,0 +1,4 @@ +{% if enable_neutron_vpnaas | bool %} +[service_providers] +service_provider = VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +{% endif %} diff --git a/ansible/roles/neutron/templates/vpnaas_agent.ini.j2 b/ansible/roles/neutron/templates/vpnaas_agent.ini.j2 new file mode 100644 index 0000000000..2f4d33d638 --- /dev/null +++ b/ansible/roles/neutron/templates/vpnaas_agent.ini.j2 @@ -0,0 +1,11 @@ +{% set vpn_device_driver = 'neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver' if kolla_base_distro in ['ubuntu', 'debian'] else 'neutron_vpnaas.services.vpn.device_drivers.ipsec.OpenSwanDriver'%} +[DEFAULT] + +[ipsec] +enable_detailed_logging = {{ neutron_logging_debug }} + +[service_providers] +service_provider = VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default + +[vpnagent] +vpn_device_driver = {{ vpn_device_driver }} diff --git a/ansible/site.yml b/ansible/site.yml index 9134db55ce..f4817498df 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -145,6 +145,7 @@ - neutron-l3-agent - neutron-lbaas-agent - neutron-metadata-agent + - neutron-vpnaas-agent - compute - manila-share serial: '{{ "30%" if action == "upgrade" else "0" }}' diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index 2a320cf99b..a23ee1646f 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -136,6 +136,7 @@ kolla_internal_vip_address: "10.10.10.254" #enable_neutron_lbaas: "no" #enable_neutron_qos: "no" #enable_neutron_agent_ha: "no" +#enable_neutron_vpnaas: "no" #enable_rally: "no" #enable_senlin: "no" #enable_swift: "no" diff --git a/releasenotes/notes/add-neutron-vpnaas-88e0780326100e36.yaml b/releasenotes/notes/add-neutron-vpnaas-88e0780326100e36.yaml new file mode 100644 index 0000000000..a1bd39fba2 --- /dev/null +++ b/releasenotes/notes/add-neutron-vpnaas-88e0780326100e36.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add neutron-vpnass role