This change allows the following use cases:
1. Using an already-configured MariaDB / MySQL server / Cluster
2. Using already-created DB users, without requiring root DB access.
Update: added external mariadb precheck
Change-Id: I78b0d178306d7c5293b0bf53e445f19f18b4b824
Implements: blueprint external-mariadb-support.
Closes-Bug: #1603121
When using XenAPI as the compute virt driver, we need an OVS agent
to manage the OVS running in XenServer dom0. This OVS agent uses
the HIMN(Host Internal Management Network) to communicate with
dom0's OVS. This commit includes the following changes:
* Add a new ovs agent service - neutron-openvswitch-agent-xenapi
This new agent service will run in the compute hosts and controls
the OVS running in XenServer dom0; the existing agent service -
neutron-openvswitch-agent will run in the network hosts and controls
the OVS running in network hosts.
* It retrieves XenAPI variables from the json file generated at XenAPI
bootstrap.
* Basing on the XenAPI variables, it will customize relative ml2_conf.ini's
configure options in a new template which will override the default options.
e.g.
* of_listen_address:
XenAPI use the local himn interface's IP as of_listen_address, so
that the ovs running dom0 can receive OpenFlow rules from the service
of neutron-openvswitch-agent-xenapi.
* ovsdb_connection:
XenAPI use XenServer dom0's HIMN IP as the OVS DB connection IP, so
that neutron-openvswitch-agent-xenapi can connect to dom0's OVS DB.
* host:
Use the dom0's hostname.
* At the moment, l2_population doesn't for for XenAPI. So disable it.
References:
* XenServer (and other XAPI based Xen variants):
https://docs.openstack.org/nova/pike/admin/configuration/hypervisor-xen-api.html
* XenCenter HIMN plugin (adding HIMN network which is used by XenAPI driver to
communicate with XenServer):
https://github.com/citrix-openstack/xencenter-himn-plugin
* Neutron OVS agent configuration options:
https://docs.openstack.org/neutron/latest/configuration/openvswitch-agent.html
Change-Id: Iaee0a6c84069b3e6015b00de7aea880cdd33ab09
blueprint: xenserver-support
through the database_address has beed defined in groups_vars/all.yml, we should
better use it, this way, if we want to use external database, we just need to
redefined in all.yml
refer to https://github.com/openstack/kolla-ansible/blob/master/ansible/group_vars/all.yml#L83
Co-Authored-By: chenqiaomin <chen.qiaomin@99cloud.net>
Change-Id: Ie559301451954e16347ceaabf02f594c5c5cbe56
Openstack is able to simply manage VLAN network on VMware
Distributed Switch.
DHCP agent can provide dhcp offer with vlan tag provided
by OVS.
Both neutron external nic and physical nic of vCenter/
vSphere should be on a vlan trunk port and can communicate
with each other.
Depends-On: I4655086a3f058ec769d3d37ec6a19565b5ea0841
Change-Id: I6d1629e93f0efeddd2a9000f66cc6f714bebb07c
Partially-implements: blueprint kolla-ansible-support-vsphere
Neutron-sfc-agent start its functions with openvswitch.
This change moves sfc configuration into neutron-openvswitch-agent.
Rework config files to use openvswitch when sfc or openvswitch
are used as network plugin.
Also adds sfc extension_driver to ml2
Change-Id: If1ebf9554f6d686cc6d064e698a48f8a6b6172b3
Closes-Bug: #1664493
Depends-On: I60ba1333231a4ae38a041d41e551f7d74fe15e3b
kolla-kubernetes is using its own configuration generation[0], so it is
time for kolla-ansible to remove the related code to simplify the
logical.
[0] https://github.com/openstack/kolla-kubernetes/tree/master/ansible
Change-Id: I7bb0b7fe3b8eea906613e936d5e9d19f4f2e80bb
Implements: blueprint clean-k8s-config
If use /run/netns, it may cause namepace stale and unable to remove. The
root cause may be that docker engine still unrelease the namespace
folder.
Change-Id: If120d54c266878990c952b60043b596b0a0788ab
Closes-Bug: #1703077
fwaas is in pending create state when I attach it to a router.
This patch fix this.
Change-Id: I18b56ed3698e22a02a8718b39360fde76c12428b
Closes-Bug: #1689703
Neutron recommend as good practice to enable port_security
extension by default. Current networks will remain using
security groups, but will allow users to disable port_security
in their port or networks.
An example use case is nfv.
Change-Id: I69f2e3567fd00695cf1c4bcc9177c2b88e33c3ab
On many systems IPv6 related modules are not loaded by default.
Usually when one runs ip6tables-* commands required modules are
probed. In neutron_openvswitch_agent container /lib/modules
does not exist. The commands fail to process ip6 firewall
rules as consequence.
Change-Id: Ic4e72eb4f5304f013b7a09ddd31794cfafa67e0b
Closes-Bug: #1615715
With the following configuration in globals.yml:
enable_ceilometer="no"
enable_designate="no"
enable_searchlight="yes"
neutron.conf is generated like following:
[oslo_messaging_notifications]
driver = messagingv2
topics =
=> topics value is missing.
This patch fix it.
Closes-Bug: #1671940
Change-Id: I28ab60c61882caaba823bab84f30f77e270f29b4
In case Kolla's users want to deploy with both of
binary and source image, we should have a variable
install type that define install type for each project.
We also add specific image tag for each Openstack project.
This commit is implemented for Neutron, Nova,
Octavia project and Openvswitch as well.
Change-Id: I04d3a17231b607795bbddb85cd940fa725ff7a61
Implements: blueprint mixing-binary-and-source-image
If enable vpnaas,service_plugins value is 'neutron_vpnaas.services
.vpn.plugin.VPNDriverPlugin'.
It throw warning for 'stevedore.named [-]Could not load
neutron_vpnaas.services.vpn.plugin.VPNDriverPlugin'
Closes-Bug: #1690693
Change-Id: Ia00f733da2dcbdd50e3d62dfe98c8f44cc4a1d26
If enable lbaas,service_plugins value is 'neutron_lbaas.services
.loadbalancer.plugin:LoadBalancerPluginv2'.
It throw warning for 'stevedore.named [-]Could not load neutron_lbaas
.services.loadbalancer.plugin.LoadBalancerPluginv2'
Closes-Bug: #1690694
Change-Id: I38d61405710ca88fbdb3cfd72a534986cf933195
"/lib/modules" volume mount has been introduced for the following
reason:
- "ebtables" in case of neutron-linuxbridge-agent container
- "ipsec" in case of neutron-vpnaas-agent container
- "openvswitch" in case of openvswitch-vswitchd container
For all other containers this is not required and must be removed.
Change-Id: I11610c060f05d2c993394adabd15aa080de3bc24
"/run/:/run/:shared" is previously declare as "mounted" in container,
hence "/run/netns/:/run/netns/:shared" directory volume mount is not
required and must be removed.
Related-Bug: #1683584
Change-Id: Ia7032843c493e8a883edd2f4ec12e0fdefc823a3
Creates Openvswitch role and splits
openvswitch from Neutron role to enable
third party networking solutions that use
Openvswitch or customize Openvswitch.
For example Openvswitch with dpdk or
OpenDaylight.
Change-Id: I5a41c42c5ec0a5e6999b2570ddac0f5efc3102ee
Co-Authored-By: Mauricio Lima <mauriciolimab@gmail.com>
Partially-Implements: blueprint opendaylight-support
There is an unnecessary condition operator in neutron's
defaults/main.yml which causes pull error.
- Delete an duplicated "or" from neutron-sfc-agent host_in_groups
check condition.
Change-Id: I32626ad83fbca9a17cd89b70ff95d58d23b200d2
Closes-Bug: #1665188
* add if orchestration_engine == 'KUBERNETES' for host_in_groups
* use the same indent for host_in_groups variable, otherwise YAML will
add a '\n' character for each line.
Change-Id: Idf6eecb451281d5cdc16df318bcd8ae9f5561b02
Integrate designate service with neutron to allow instances
and floatingip resolve designate dns.
MDNS service need to be reachable from nova instances
in order to resolve DNS queries.
Added new dns_interface to make this configurable.
Add designate guide.
Closes-Bug: #1661330
Change-Id: I5a2ac5cf2a9aa0977ae42d53dd64699623ddf3ed
Networking-SFC is a neutron big-tent project support Service Function
Chaining in Neutron.
* Rename the image from neutron-networking-sfc-agent to
neutron-sfc-agent.
* Add networking-sfc role in playbooks.
Co-Authored-by: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Change-Id: I1f99650eed85f59929d4ab6b2226603c54f29577
Implements: blueprint enable-networking-sfc-support
New option enable_neutron_agent_ha added to enable/disable dhcp/l3 agent
high availability, dhcp_agents_per_network is default to 2 and it's
configurable.
Implement blueprint: support-network-ha
Change-Id: Id4742aa67c80584634b923195545bf2b654172f3
Previously, kolla did not support neutron lbaas functionality.
Only Lbaasv2 is supported in Mitaka. Additional information can
be found here:
http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html
Magnum uses Neutron Lbaas to provide high availability to COE API
and Etcd endpoints within a bay. Therefore, Neutron Lbaas is required
for Kolla to support Magnum.
Co-Authored-By: Serguei Bezverkhi <sbezverk@cisco.com>
Partial-Bug: #1551992
Change-Id: I05360b7c447c601fcb3c2b6b2a913ef5cc0f3a1b
This change makes each step of the kolla deployment aware
of the port database was configured to listen on.
It defaults mariadb_port to database_port.
Change-Id: I8e85d5732015afc0a5481cb33e0b629fdfa84a1b
Closes-Bug: #1576151
DocImpact
After our switch to keystone-manage bootstrap Horizon is not happy
due to v3 not being setup correctly. This patch fixes that
This also includes removal of unused variables (transforms them into
endpoint url variables)
TrivialFix
Change-Id: I1e04db8c24049f80e974c063f03068a2ab32a563
Due to poor planning on our variable names we have a situation where
we have "internal_address" which must be a VIP, but "external_address"
which should be a DNS name. Now with two vips "external_vip_address"
is a new variable.
This corrects that issue by deprecating kolla_internal_address and
replacing it with 4 nicely named variables.
kolla_internal_vip_address
kolla_internal_fqdn
kolla_external_vip_address
kolla_external_fqdn
The default behaviour will remain the same, and the way the variable
inheritance is setup the kolla_internal_address variable can still be
set in globals.yml and propogate out to these 4 new variables like it
normally would, but all reference to kolla_internal_address has been
completely removed.
Change-Id: I4556dcdbf4d91a8d2751981ef9c64bad44a719e5
Partially-Implements: blueprint ssl-kolla
