There needs to be a few workarounds to get openstack ansible working nicely with openvswitch.
- in controllers the network is like normal .. nothing changes .. everything is linuxbridge. Including if nodes are for ironic
- in compute nodes
- you use linuxbridge for br-storage and br-mgmt
- you use openvswitch for br-vlan and br-vxlan
- neutron agents must be run on-metal and should be on one/more of the compute nodes which has the br-vlan and br-vxlan under ovs
openstack_user_config.yml:
....
global_overrides:
external_lb_vip_address: my.example.cloud
internal_lb_vip_address: myint.example.cloud
tunnel_bridge: "br-vxlan"
management_bridge: "br-mgmt"
provider_networks:
- network:
group_binds:
- all_containers
- hosts
type: "raw"
container_bridge: "br-mgmt"
container_interface: "eth1"
container_type: "veth"
ip_from_q: "container"
is_container_address: true
is_ssh_address: true
- network:
group_binds:
- glance_api
- cinder_api
- cinder_volume
- nova_compute
type: "raw"
container_bridge: "br-storage"
container_type: "veth"
container_interface: "eth2"
container_mtu: "9000"
ip_from_q: "storage"
- network:
group_binds:
- neutron_linuxbridge_agent
container_bridge: "br-vxlan"
container_type: "veth"
container_interface: "eth10"
container_mtu: "9000"
ip_from_q: "tunnel"
type: "vxlan"
range: "100001:999999"
net_name: "vxlan"
group_binds:
- neutron_openvswitch_agent
- network:
group_binds:
- neutron_linuxbridge_agent
container_bridge: "br-vlan"
container_type: "veth"
container_interface: "eth11"
type: "vlan"
range: "2:4090"
net_name: "vlan"
group_binds:
- neutron_openvswitch_agent
# These are network nodes where the agent is on_metal ( and will be OVS)
network_hosts:
b5:
ip: 172.29.236.5
b6:
ip: 172.29.236.6
b7:
ip: 172.29.236.7
user_variables
---
debug: false
galera_max_connections: 6000
openstack_domain: "my.example.cloud"
dhcp_domain: "my.example.cloud"
service_region: "my"
openstack_host_specific_kernel_modules:
- name: "openvswitch"
pattern: "CONFIG_OPENVSWITCH"
group: "network_hosts"
nova_nova_conf_overrides:
DEFAULT:
force_config_drive: true
resume_guests_state_on_host_boot: true
neutron_plugin_type: ml2.ovs
neutron_ml2_drivers_type: "vxlan,vlan,local"
neutron_ml2_conf_ini_overrides:
securitygroup:
firewall_driver: openvswitch
neutron_openvswitch_agent_ini_overrides:
securitygroup:
firewall_driver: openvswitch
neutron_provider_networks:
network_flat_networks: "*"
network_types: "vxlan,vlan"
network_vlan_ranges: "vlan:2:4090"
network_mappings: "vlan:br-vlan,vxlan:br-vxlan"
network_vxlan_ranges: "100001:999999"
neutron_vxlan_enabled: true
haproxy_keepalived_external_vip_cidr: "10.120.0.253/22"
haproxy_keepalived_internal_vip_cidr: "172.29.239.253/22"
haproxy_keepalived_external_interface: br-api
haproxy_keepalived_internal_interface: br-mgmt
haproxy_ssl_self_signed_regen: true
haproxy_user_ssl_cert: /opt/ssl/example.crt
haproxy_user_ssl_key: /opt/ssl/example.key
neutron_plugin_base:
- router
- firewall
- metering
- qos
- trunk
- neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
env.d/neutron.yml
---
container_skel:
neutron_server_container:
belongs_to:
- shared-infra_containers
neutron_agents_container:
properties:
is_metal: true
/etc/network/interfaces on the compute node
auto lo
iface lo inet loopback
dns-nameservers 10.110.0.1
dns-search example.cloud
# PXE Network
auto eno1
iface eno1 inet static
address 10.110.1.4/22
gateway 10.110.0.1
mtu 1500
# OS Public - HAProxy endpoints
auto eno1.400
iface eno1.400 inet manual
vlan_id 400
vlan-raw-device eno1
auto br-api
iface br-api inet static
address 10.120.1.4/22
bridge_ports eno1.400
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# OS management
auto eno1.401
iface eno1.401 inet manual
vlan_id 401
vlan-raw-device eno1
auto br-mgmt
iface br-mgmt inet static
address 172.29.236.4/22
bridge_ports eno1.401
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# VXLAN - Datapath - OVS-based
auto eno2
allow-br-vxlan eno2
iface eno2 inet manual
ovs_bridge br-vxlan
ovs_type OVSPort
mtu 9000
auto br-vxlan
allow-ovs br-vxlan
iface br-vxlan inet static
ovs_type OVSBridge
ovs_ports eno2
address 172.29.240.4/22
# Cinder - LBR - untagged VLAN
auto eno3
iface eno3 inet manual
mtu 1500
auto br-storage
iface br-storage inet static
address 172.29.244.4/22
bridge_ports eno3
bridge_stp off
bridge_fd 0
bridge_maxwait 0
# External Networks - OVS-based
auto eno4
allow-br-vlan eno4
iface eno4 inet manual
ovs_bridge br-vlan
ovs_type OVSPort
auto br-vlan
allow-ovs br-vlan
iface br-vlan inet manual
ovs_type OVSBridge
ovs_ports eno4
source /etc/network/interfaces.d/*.cfg
bridges
#brctl show
bridge name bridge id STP enabled interfaces
br-api 8000.f8bc1205f100 no eno1.400
br-mgmt 8000.f8bc1205f100 no eno1.401
br-storage 8000.f8bc1205f104 no eno3
lxcbr0 8000.000000000000 no
#ovs-vsctl show
4e4b8528-a4eb-4cbd-86d8-239de27a3436
Bridge br-vlan
Port "eno4"
Interface "eno4"
Port br-vlan
Interface br-vlan
type: internal
Bridge br-vxlan
Port br-vxlan
Interface br-vxlan
type: internal
Port "eno2"
Interface "eno2"
ovs_version: "2.5.2"