Improve networking

Change-Id: I2458013809e5a773ae60dd910bb4f1e693f99736

Vagrantfile

@@ -64,41 +64,43 @@ Vagrant.configure(2) do |config|
     name = "compute#{index + 1}"
     config.vm.define name do |node|
       node.vm.hostname = name
-      node.vm.network :public_network,
-                      ip: address,
-                      netmask: CONFIG['netmask_internal'],
-                      bridge: CONFIG['bridge_internal']
       node.vm.network :private_network,
                       ip: "10.0.0.2#{index}",
                       virtualbox__intnet: 'tunnel'
+      node.vm.network :public_network,
+                      ip: address,
+                      netmask: CONFIG['network']['internal']['netmask'],
+                      bridge: CONFIG['network']['internal']['bridge']
     end
   end
 
-  %w(network storage).each do |name|
-    config.vm.define name do |node|
-      node.vm.hostname = name
-      node.vm.network :public_network,
-                      ip: CONFIG['address'][name],
-                      netmask: CONFIG['netmask_internal'],
-                      bridge: CONFIG['bridge_internal']
-      if name == 'network'
-        node.vm.network :private_network,
-                        ip: '10.0.0.30',
-                        virtualbox__intnet: 'tunnel'
-      elsif name == 'storage'
-        add_block_device(node, 1, CONFIG['resources']['storage'])
-        add_block_device(node, 2, CONFIG['resources']['storage'])
-        add_block_device(node, 3, CONFIG['resources']['storage'])
-      end
-    end
+  config.vm.define 'network' do |node|
+    node.vm.hostname = 'network'
+    node.vm.network :private_network,
+                    ip: '10.0.0.30',
+                    virtualbox__intnet: 'tunnel'
+    node.vm.network :public_network,
+                    bridge: CONFIG['network']['internal']['bridge'],
+                    auto_config: false
+  end
+
+  config.vm.define 'storage' do |node|
+    node.vm.hostname = 'storage'
+    node.vm.network :public_network,
+                    ip: CONFIG['address']['storage'],
+                    netmask: CONFIG['network']['internal']['netmask'],
+                    bridge: CONFIG['network']['internal']['bridge']
+    add_block_device(node, 1, CONFIG['resources']['storage'])
+    add_block_device(node, 2, CONFIG['resources']['storage'])
+    add_block_device(node, 3, CONFIG['resources']['storage'])
   end
 
   config.vm.define 'controller', primary: true do |node|
     node.vm.hostname = 'controller'
     node.vm.network :public_network,
                     ip: CONFIG['address']['controller'],
-                    netmask: CONFIG['netmask_internal'],
-                    bridge: CONFIG['bridge_internal']
+                    netmask: CONFIG['network']['internal']['netmask'],
+                    bridge: CONFIG['network']['internal']['bridge']
     node.vm.provider 'virtualbox' do |vb|
       memory = CONFIG['resources']['memory'] * 2
       vcpus = CONFIG['resources']['vcpus'] * 2

ansible/initialize.yaml

@@ -2,8 +2,11 @@
 - lineinfile: dest=/etc/yum/pluginconf.d/fastestmirror.conf regexp=^enabled= line=enabled=0
 - yum: name=http://rdoproject.org/repos/openstack-kilo/rdo-release-kilo.rpm state=present
 - yum: name=* state=latest
-- yum: name=openstack-selinux state=present
-- yum: name=vim state=present
+- yum: name={{ item }} state=present
+  with_items:
+  - openstack-selinux
+  - vim
+  - tcpdump
 - copy: src=files/id_rsa dest=/home/vagrant/.ssh/id_packstack mode=0600 owner=vagrant group=vagrant
 - copy: src=files/id_rsa.pub dest=/home/vagrant/.ssh/id_packstack.pub mode=0600 owner=vagrant group=vagrant
 - copy: src=files/selinux dest=/etc/selinux/config mode=0644 owner=root group=root

ansible/network.yaml

@@ -1,5 +1,6 @@
 ---
 - yum: name=openvswitch state=present
 - service: name=openvswitch state=started enabled=yes
-- openvswitch_bridge: bridge=br-ex state=present
-- openvswitch_port: bridge=br-ex port=enp0s09 state=present
+- template: src=files/ifcfg-br-ex.j2 dest=/etc/sysconfig/network-scripts/ifcfg-br-ex
+- copy: src=files/ifcfg-enp0s9 dest=/etc/sysconfig/network-scripts/ifcfg-enp0s9
+- service: name=network state=restarted

config.yaml.sample

@@ -4,10 +4,17 @@ box:
   storage_controller: 'SATA Controller'
 debug: false
 development: false
-bridge_internal: tap0
-network_agent: openvswitch
-network_type: gre
-netmask_internal: 255.255.0.0
+network:
+  type: gre
+  agent: openvswitch
+  tunnel_interface: enp0s8
+  internal:
+    bridge: tap0
+    netmask: 255.255.0.0
+    gateway: 10.100.0.1
+    broadcast: 10.100.255.255
+    dns1: 208.67.222.222
+    dns2: 208.67.220.220
 secret: password
 proxy: http://proxy.dummy.site:3128
 storage_backend: nfs

doc/source/configuration.rst

@@ -33,19 +33,25 @@ storage controller of the used base box must support at least three ports.
 Networking
 ----------
 
-Bridges
-~~~~~~~
+Internal network
+~~~~~~~~~~~~~~~~
 
 ::
 
-    bridge_internal: tap0
+    network:
+      internal:
+        bridge: tap0
+        netmask: 255.255.0.0
+        broadcast: 10.100.255.255
+        gateway: 10.100.0.1
+        dns1: 208.67.222.222
+        dns2: 208.67.220.220
 
 Addresses
 ~~~~~~~~~
 
 ::
 
-    netmask_internal: 255.255.0.0
     address:
       controller: 10.100.50.10
       network: 10.100.50.30
@@ -62,14 +68,16 @@ L2 agent
 
 ::
 
-    network_agent: openvswitch
+    network:
+      agent: openvswitch
 
 Tenant networks
 ~~~~~~~~~~~~~~~
 
 ::
 
-    network_type: gre
+    network:
+      type: gre
 
 Clock synchronization (NTP)
 ---------------------------

files/ifcfg-br-ex.j2

@@ -0,0 +1,11 @@
+NM_CONTROLLED=no
+DEVICE=br-ex
+DEVICETYPE=ovs
+TYPE=OVSBridge
+BOOTPROTO=static
+IPADDR={{ address.network }}
+NETMASK={{ network.internal.netmask }}
+BROADCAST={{ network.internal.broadcast }}
+GATEWAY={{ network.internal.gateway }}
+DNS1={{ network.internal.dns1 }}
+DNS2={{ network.internal.dns2 }}

files/ifcfg-enp0s9

@@ -0,0 +1,6 @@
+NM_CONTROLLED=no
+DEVICE=enp0s9
+TYPE=OVSPort
+DEVICETYPE=ovs
+OVS_BRIDGE=br-ex
+ONBOOT=yes

files/packstack.answers.j2

@@ -810,7 +810,8 @@ CONFIG_NEUTRON_DB_PW={{ secret }}
 # the OpenStack Networking L3 agent to use for external  traffic.
 # Specify 'provider' if you intend to use a provider network to handle
 # external traffic.
-CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
+#CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
+CONFIG_NEUTRON_L3_EXT_BRIDGE=provider
 
 # Password for the OpenStack Networking metadata agent.
 CONFIG_NEUTRON_METADATA_PW={{ secret }}
@@ -830,19 +831,19 @@ CONFIG_NEUTRON_FWAAS=y
 # Comma-separated list of network-type driver entry points to be
 # loaded from the neutron.ml2.type_drivers namespace. ['local',
 # 'flat', 'vlan', 'gre', 'vxlan']
-CONFIG_NEUTRON_ML2_TYPE_DRIVERS={{ network_type }},flat
+CONFIG_NEUTRON_ML2_TYPE_DRIVERS={{ network.type }},flat
 
 # Comma-separated, ordered list of network types to allocate as
 # tenant networks. The 'local' value is only useful for single-box
 # testing and provides no connectivity between hosts. ['local',
 # 'vlan', 'gre', 'vxlan']
-CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES={{ network_type }}
+CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES={{ network.type }}
 
 # Comma-separated ordered list of networking mechanism driver entry
 # points to be loaded from the neutron.ml2.mechanism_drivers
 # namespace. ['logger', 'test', 'linuxbridge', 'openvswitch',
 # 'hyperv', 'ncs', 'arista', 'cisco_nexus', 'mlnx', 'l2population']
-CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS={{ network_agent }}
+CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS={{ network.agent }}
 
 # Comma-separated list of physical_network names with which flat
 # networks can be created. Use * to allow flat networks with arbitrary
@@ -874,7 +875,7 @@ CONFIG_NEUTRON_ML2_VNI_RANGES=10:100
 
 # Name of the L2 agent to be used with OpenStack Networking.
 # ['linuxbridge', 'openvswitch']
-CONFIG_NEUTRON_L2_AGENT={{ network_agent }}
+CONFIG_NEUTRON_L2_AGENT={{ network.agent }}
 
 # Comma-separated list of interface mappings for the OpenStack
 # Networking linuxbridge plugin. Each tuple in the list must be in the
@@ -886,7 +887,8 @@ CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS=
 # Networking Open vSwitch plugin. Each tuple in the list must be in
 # the format <physical_network>:<ovs_bridge>. Example: physnet1:br-
 # eth1,physnet2:br-eth2,physnet3:br-eth3
-CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet:br-enp0s9
+#CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet:br-ex
+CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=external:br-ex
 
 # Comma-separated list of colon-separated Open vSwitch
 # <bridge>:<interface> pairs. The interface will be added to the
@@ -896,7 +898,7 @@ CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
 # Interface for the Open vSwitch tunnel. Packstack overrides the IP
 # address used for tunnels on this hypervisor to the IP found on the
 # specified interface (for example, eth1).
-CONFIG_NEUTRON_OVS_TUNNEL_IF=enp0s9
+CONFIG_NEUTRON_OVS_TUNNEL_IF={{ network.tunnel_interface }}
 
 # VXLAN UDP port.
 CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT=4789

files/scripts/setup.sh

@@ -21,7 +21,7 @@ fi
 
 openstack role add admin --project services --user admin
 OS_TENANT_NAME=services neutron net-create floating001 --router:external --provider:physical_network external --provider:network_type flat
-OS_TENANT_NAME=services neutron subnet-create --name floating001 --allocation-pool start=203.0.113.100,end=203.0.113.200 --disable-dhcp --gateway 203.0.113.1 floating001 203.0.113.0/24
+OS_TENANT_NAME=services neutron subnet-create --name floating001 --allocation-pool start=10.100.50.100,end=10.100.50.200 --disable-dhcp --gateway 10.100.0.1 --dns-nameserver 208.67.222.222 --dns-nameserver 208.67.220.220 floating001 10.100.50.0/16
 
 neutron net-create internal001
 neutron subnet-create --name internal001 internal001 192.168.200.0/24