As of today we run some agents, like neutron-ovn-metadata agent as
root user, since it needs access to ovsdb socket, which has 750 permissions
by default.
With that, for OVN we already use connection via host:port to the same
ovsdb manager, which allows to run it as an arbitrary user.
In order to align connection methods and to run services with lower
privileges
we introduce couple of new variables that allow to create valid connection
strings for both OpenFlow listeners and regular connection to the manager.
Change-Id: Iceab27aa1fdacc8b13f7ef6974b6a9076b8b7cd9
At the moment the only way to configure multi-AZ support in Neutron were
config overrides, which work quite nicely with LXB/OVS scenarios. However,
with OVN changing configuration is not enough, and command that sets
up OVN Gateway should provide extra CMS option.
In order to improve AZ support in Neutron role, we add couple of variables
that control behaviour and allow to perform required configuration without
config overrides for OVS/LXB/OVN.
Co-Authored-By: Danila Balagansky <dbalagansky@me.com>
Closes-Bug: #2002040
Change-Id: Ic964329c06765176692f7b0c32f33ec46360a3fb
OpenDaylight support has been deprecated by Neutron team in 2023.2 [1]. We remove support from
our code to address that decision.
[1] 517df91c9e
Change-Id: Iaaf87b6d5400fe88c7edf86995ea9ba891866678
Add file to the reno documentation build to show release notes for
stable/zed.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/zed.
Sem-Ver: feature
Change-Id: I533256a64b09248d3bacdb69c30b411928940182
Create ssl-certs for ovn deployment
ssl encryption is now enabled between neutron and ovn componants.
Change-Id: If8ca3f2035ada97cff248ad49771eefab95c6c23
As we need to monitor vpn connection detailes, the only way to config vpnaas to log states and connections of vpn
is to provide own templates for VPNaaS configuration. With that we enable deployers to provide custom configuration
files for using with any vpn drivers (stronswan/openswan).
Co-Authored-By: Dmitriy Rabotyagov <noonedeadpunk@gmail.com>
Change-Id: I54dbd5c9690281af475312a277eab534403edf92
This configuration option has been observed to result in file
descriptor leaks in certain circumstances. A variable is added
here so that it can be easily overridden.
Change-Id: I833d72715daff81b64da077e899615b9b2002650
Related-Bug: #1961603
This patch will allow you to setup DPDK bonds within a given OVS
bridge using DPDK-accelerated interfaces. A new provider network
key, network_bond_interfaces, and related keys, have been
introduced.
Co-Authored-By: James Denton <james.denton@rackspace.com>
Change-Id: I3fc2846a0c2b6579e4cdb54c3a7c36620700cd44
- Implemented new variable ``connection_recycle_time`` responsible for SQLAlchemy's connection recycling
- Set new default values for db pooling variables which are inherited from the global ones.
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/819424
Change-Id: I9609542a2d0de17c9e7a148f5a21ac1e47a390ac
The subnet-dns-publish-fixed-ip extension adds a new attribute to the definition of the subnet resource. When set to true it will allow publishing DNS records for fixed IPs from that subnet independent of the restrictions described in the [1].
[1] https://docs.openstack.org/neutron/latest/admin/config-dns-int-ext-serv.html
Change-Id: I095564cec0f5804e4d0ea9b5201ed40b9d9be603
This patchset removes the ovs_nsh_support variable used to deploy
a custom-compiled release of Open vSwitch with NSH support in favor
of relying on built-in NSH support in recent releases of Open vSwitch[1].
[1] https://mail.openvswitch.org/pipermail/ovs-dev/2017-November/340716.html
Change-Id: If6456d2916982226bbdc5080ec58a47b6fb1ec8d
The PowerVM driver has been deprecated in os_nova. The code in
question here can be replaced with the following setting;
neutron_firewall_driver: openvswitch
Change-Id: Id8c4b017adb8cbf6e7264bba8cde3a82bdb7ee7a
This patchset implements an integrated test for various deployment
scenarios, both metal and lxc, where applicable. Some test cleanup
has been performed.
The basic server ops tempest test is also included. Expectations are that
the deployed cirros VM will be reachable behind a floating IP internally
for testing purposes (in most cases).
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/778008/
Change-Id: I0bdcdef7938183a82ca249f1c95592aea683cf98
By setting neutron_firewall_driver in user_variables.yml
you can set it to openvswitch even if not using dpdk.
Change-Id: I9301ba7f962a644631a300337b626d7652e43f63
The provider_network library expects VLAN ranges to be defined within
the provider network definition. In cases where this was not desired,
operators would set dummy ranges (i.e. 1:1) to work around this requirement.
The changes introduced in this patch make 'range' optional.
Change-Id: I0ab1720e5abd74dccf121e8bc075e55d9fbce6e1
The sync from https://review.opendev.org/733244 updated to
openstackdocstheme 2.2.1 and reno 3.1.0 versions.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I137842c58acf84c5d8d67d4a1e4a2e8ab073ae19
Add file to the reno documentation build to show release notes for
stable/ussuri.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/ussuri.
Change-Id: I56574d3a75a036f45720ab3e590c7cc9c1a78da9
Sem-Ver: feature
New version of openstackdocstheme (Victoria+) respects pygments_style.
Since openstack-ansible starts using Victoria (master) requirements but has not
branched for Ussuri yet, it uses the new version.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
Change-Id: Ia8c05e4791a3db5eaa82593990d378d2d091c820
This patch implements support for the networking-generic-switch (NGS)
Neutron mechanism driver to facilitate VLAN-based network segmentation
in multi-tenant Ironic deployments.
Change-Id: I502196175f9d7d75ea37d3fbaa5e4a88a8e59859
Implements: networking-generic-switch mechanism driver
Add file to the reno documentation build to show release notes for
stable/train.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/train.
Change-Id: I7b53ed83745d2dd719d607ae1f372e7011436d8c
Sem-Ver: feature
Some options are now automatically configured by the version 1.20:
- project
- html_last_updated_fmt
- latex_engine
- latex_elements
- version
- release.
Depend-On:https://review.opendev.org/#/c/672904/
Change-Id: If54b8222c205262dde5a18c1b562df20d5e4ed6d
Since neutron has built-in L3 HA for fair time and is pretty stable,
this patch aims to drop custom legacy ha toolset.
This allows to drop creation of neutron_log_dir when it's defined.
Change-Id: I36bb52248be7110b9af9b4aa9e4e7888a3af5eea
The OVN CentOS 7 job is also set to non-voting due to openvswitch
RDO package installability errors which break the job.
Change-Id: Ib6246d58199a24eecef026e2689a8aa75eb9de74
Add file to the reno documentation build to show release notes for
stable/stein.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.
Change-Id: I260f4775310b8eb239ec89b52738d4bbcf3059c4
Sem-Ver: feature
Since Rocky, sfc and flow_classifier can be used instead of
-networking_sfc.services.sfc.plugin.SfcPlugin
-networking_sfc.services.sfc.plugin.FlowClassifierPlugin
which looks better
Change-Id: Ie94db64abf6cba1ba76c3c3e9b614b8b0be38d0b
Signed-off-by: Manuel Buil <mbuil@suse.com>
neutron-l3-agent tries to invoke neutron-keepalived-state-change
from it's PATH. The venv's bin directory is not part of the
default PATH of the neutron-l3-agent, hence the invocation fails.
This change adds the venv's bin directory to the PATH of
neutron-l3-agent.
To the best of my knowledge this is currently the only script
which is invoked and shipped by neutron itself [1]. Neutron expects
quite a few binaries in it's PATH, however other expected binaries
are typically system packages (e.g. radvd) [2].
Sadly, the PATH can not easily be extended, hence all non venv-bin
directories from the PATH are a 'one-time snapshot' from a quite
common set of directories across all common linux distributions.
[1]
https://github.com/openstack/neutron/search?q=%22cmd+%3D+%27neutron-%22&unscoped_q=%22cmd+%3D+%27neutron-%22
[2]
https://github.com/openstack/neutron/search?q=external_process.ProcessManager&unscoped_q=external_process.ProcessManager
Depends-On: I504a8270be1ddf2f24ab3ad3b4f2f4ca9c990470
Change-Id: I38bb573468dd4c57523cc1a5ff2448009ee2b216
This patch aims to provide support for network interface mappings
within the provider network definitions, in conjunction with the
provider_networks plugin, without having to define overrides. The previous
implementation supported only a single provider network w/ corresponding
mapping, while this will support multiple provider networks and respective
mappings.
Depends-On: https://review.openstack.org/#/c/626594/
Change-Id: I6c8ac020c8425b9e727b656fa4f9f0c0fdb6fab6
Dragonflow is no longer maintained as an OpenStack project [1]
and has therefore been removed from OpenStack-Ansible as a
supported ML2 driver for neutron.
[1] https://review.openstack.org/613856
Change-Id: Ia7042e5dd697611ef4d9148b6f345d5da887b2c5
Without this patch, the release notes published at
https://docs.openstack.org/releasenotes/openstack-ansible/rocky.html contains
the same line multiple times which is not very clear.
[...]
Support separate oslo.messaging services for RPC and Notifications
to enable operation of separate and different messaging backend servers.
Support separate oslo.messaging services for RPC and Notifications
to enable operation of separate and different messaging backend servers.
[...]
Change-Id: I0ed1a43670d97f2e2215d04c641f7bd4cfbe4f44
The use of ':' is revered by reno for a special reason.
This is causing the following error:
Exception occurred:
File "/home/zuul/.venv/local/lib/python2.7/site-packages/yaml/scanner.py", line 576, in fetch_value
self.get_mark())
ScannerError: mapping values are not allowed here
in "<string>", line 8, column 41:
... versions are currently supported: Nitrogen and Oxygen.
Change-Id: Ib0962adef6eb75e9dd7b819695f4f93518ff20c4
In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.
The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.
Change-Id: I2e33c4cb468e93259860b600719d87c4022d6805
Distributions provide packages for the OpenStack services so we add
support for using these instead of the pip ones.
Change-Id: I5bfcaff1bdc6ce74fb9f4839ecb73bf01d448280
Implements: blueprint openstack-distribution-packages
This introduces oslo.messaging variables that define the RPC and
Notify transports for the OpenStack services. These parameters
replace the rabbitmq values and are used to generate the messaging
transport_url for the service. The association of the messaging
backend server to the oslo.messaging services will then be
transparent to the neutron service.
This patch:
* Add oslo.messaging variables for RPC and Notify to defaults
* Update transport_url generation
* Add oslo.messaging to tests inventories
* Add release note
Depends-On: If4326a6848d2d32af284fdbb94798eb0b03734d5
Depends-On: I2b09145b60116c029fc85477399c24f94974b61d
Change-Id: I717880458f69870acf75a101481b7776d250ebf4
ODL oxygen provides a new framework to configure tunnels called autotunnels.
SFC requires tunnels to be flow-based and to arrange that in the autotunnel
framework, the OVS internal parameter of-tunnel must be set to true.
That parameter is not read in previous ODL versions. Therefore, this patch
does not break backwards compatibility.
Change-Id: Iec6a741d1e1081da547fe6fc0a67dd723e714d60
Signed-off-by: Manuel Buil <mbuil@suse.com>