OpenStack Ansible with OpenVSwitch – osa with ovs

There needs to be a few workarounds to get openstack ansible working nicely with openvswitch.

1. in controllers the network is like normal .. nothing changes .. everything is linuxbridge. Including if nodes are for ironic
2. in compute nodes
   1. you use linuxbridge for br-storage and br-mgmt
   2. you use openvswitch for br-vlan and br-vxlan
3. neutron agents must be run on-metal and should be on one/more of the compute nodes which has the br-vlan and br-vxlan under ovs

openstack_user_config.yml:

.... 

global_overrides:
  external_lb_vip_address: my.example.cloud
  internal_lb_vip_address: myint.example.cloud
  tunnel_bridge: "br-vxlan"
  management_bridge: "br-mgmt"
  provider_networks:
     - network:
         group_binds:
           - all_containers
           - hosts
         type: "raw"
         container_bridge: "br-mgmt"
         container_interface: "eth1"
         container_type: "veth"
         ip_from_q: "container"
         is_container_address: true
         is_ssh_address: true
     - network:
         group_binds:
           - glance_api
           - cinder_api
           - cinder_volume
           - nova_compute
         type: "raw"
         container_bridge: "br-storage"
         container_type: "veth"
         container_interface: "eth2"
         container_mtu: "9000"
         ip_from_q: "storage"
     - network:
         group_binds:
           - neutron_linuxbridge_agent
         container_bridge: "br-vxlan"
         container_type: "veth"
         container_interface: "eth10"
         container_mtu: "9000"
         ip_from_q: "tunnel"
         type: "vxlan"
         range: "100001:999999"
         net_name: "vxlan"
         group_binds:
           - neutron_openvswitch_agent
     - network:
         group_binds:
           - neutron_linuxbridge_agent
         container_bridge: "br-vlan"
         container_type: "veth"
         container_interface: "eth11"
         type: "vlan"
         range: "2:4090"
         net_name: "vlan"
         group_binds:
           - neutron_openvswitch_agent



# These are network nodes where the agent is on_metal ( and will be OVS) 
network_hosts:
  b5:
    ip: 172.29.236.5
  b6:
    ip: 172.29.236.6
  b7: 
    ip: 172.29.236.7

user_variables

---
debug: false
galera_max_connections: 6000

openstack_domain: "my.example.cloud"
dhcp_domain: "my.example.cloud"
service_region: "my"

openstack_host_specific_kernel_modules:
  - name: "openvswitch"
    pattern: "CONFIG_OPENVSWITCH"
    group: "network_hosts"

nova_nova_conf_overrides:
  DEFAULT:
    force_config_drive: true
    resume_guests_state_on_host_boot: true

neutron_plugin_type: ml2.ovs
neutron_ml2_drivers_type: "vxlan,vlan,local"

neutron_ml2_conf_ini_overrides:
  securitygroup:
    firewall_driver: openvswitch
neutron_openvswitch_agent_ini_overrides:
  securitygroup:
    firewall_driver: openvswitch

neutron_provider_networks:
  network_flat_networks: "*"
  network_types: "vxlan,vlan"
  network_vlan_ranges: "vlan:2:4090"
  network_mappings: "vlan:br-vlan,vxlan:br-vxlan"
  network_vxlan_ranges: "100001:999999"

neutron_vxlan_enabled: true

haproxy_keepalived_external_vip_cidr: "10.120.0.253/22"
haproxy_keepalived_internal_vip_cidr: "172.29.239.253/22"
haproxy_keepalived_external_interface: br-api
haproxy_keepalived_internal_interface: br-mgmt

haproxy_ssl_self_signed_regen: true
haproxy_user_ssl_cert: /opt/ssl/example.crt
haproxy_user_ssl_key: /opt/ssl/example.key

neutron_plugin_base:
   - router
   - firewall
   - metering
   - qos
   - trunk
   - neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2

env.d/neutron.yml

---
container_skel:
  neutron_server_container:
    belongs_to:
      - shared-infra_containers
  neutron_agents_container:
    properties:
      is_metal: true

/etc/network/interfaces on the compute node

auto lo
iface lo inet loopback
    dns-nameservers 10.110.0.1
    dns-search example.cloud

# PXE Network
auto eno1
iface eno1 inet static
    address 10.110.1.4/22
    gateway 10.110.0.1
    mtu 1500


# OS Public - HAProxy endpoints
auto eno1.400
iface eno1.400 inet manual
    vlan_id 400
    vlan-raw-device eno1

auto br-api
iface br-api inet static
    address 10.120.1.4/22
    bridge_ports eno1.400
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0


# OS management 
auto eno1.401
iface eno1.401 inet manual
    vlan_id 401
    vlan-raw-device eno1


auto br-mgmt
iface br-mgmt inet static
    address 172.29.236.4/22
    bridge_ports eno1.401
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0



# VXLAN - Datapath - OVS-based
auto eno2
allow-br-vxlan eno2
iface eno2 inet manual
    ovs_bridge br-vxlan
    ovs_type OVSPort
    mtu 9000

auto br-vxlan
allow-ovs br-vxlan
iface br-vxlan inet static
    ovs_type OVSBridge
    ovs_ports eno2
    address 172.29.240.4/22


# Cinder - LBR - untagged VLAN
auto eno3
iface eno3 inet manual
    mtu 1500

auto br-storage
iface br-storage inet static
    address 172.29.244.4/22
    bridge_ports eno3
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0


# External Networks - OVS-based
auto eno4
allow-br-vlan eno4
iface eno4 inet manual
    ovs_bridge br-vlan
    ovs_type OVSPort

auto br-vlan
allow-ovs br-vlan
iface br-vlan inet manual
    ovs_type OVSBridge
    ovs_ports eno4

source /etc/network/interfaces.d/*.cfg

bridges

#brctl show

bridge name     bridge id               STP enabled     interfaces
br-api          8000.f8bc1205f100       no              eno1.400
br-mgmt         8000.f8bc1205f100       no              eno1.401
br-storage              8000.f8bc1205f104       no              eno3
lxcbr0          8000.000000000000       no

#ovs-vsctl  show

4e4b8528-a4eb-4cbd-86d8-239de27a3436
    Bridge br-vlan
        Port "eno4"
            Interface "eno4"
        Port br-vlan
            Interface br-vlan
                type: internal
    Bridge br-vxlan
        Port br-vxlan
            Interface br-vxlan
                type: internal
        Port "eno2"
            Interface "eno2"
    ovs_version: "2.5.2"