support vlans + openvswitch in tenks

ChameleonCloud · Jul 11, 2024 · 3d5e990 · 3d5e990
1 parent f52623c
commit 3d5e990
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 45 deletions.
diff --git a/roles/fake-baremetal/defaults/main.yml b/roles/fake-baremetal/defaults/main.yml
@@ -11,25 +11,14 @@ tenks_ansible_galaxy_roles:
   - role_name: stackhpc.libvirt-vm
     role_path: "{{tenks_install_dir}}/ansible/roles/stackhpc.libvirt-vm"
 
-shared_networks: "{{ neutron_networks | selectattr('sharednet', 'defined') | list }}"
-shared_network_physnet: "{{ shared_networks[0] if shared_networks }}"
-shared_network: "{{ shared_network_physnet.sharednet }}"
-
-provisioning_networks: "{{ neutron_networks | selectattr('provisioning', 'defined') | list }}"
-provisioning_network_physnet: "{{ provisioning_networks[0] if provisioning_networks }}"
-provisioning_network: "{{ provisioning_network_physnet.provisioning }}"
-
-tenks_provisoning_physnet:
-  name: "{{provisioning_network_physnet.name}}"
-  iface: "{{provisioning_network_physnet.external_interface}}b"
-tenks_sharednet_physnet:
-  name: "{{shared_network_physnet.name}}"
-  iface: "{{shared_network_physnet.external_interface}}b"
-
 ironic_deploy_image_names:
   - pxe_deploy_kernel
   - pxe_deploy_ramdisk
 
+# credentials to allow neutron ngs to ssh to local ovs
+generic_switch_user: ngs_ovs_manager
+generic_switch_pubkey: "{{ kolla_ssh_key.public_key }}"
+# what neutron physnet is the ironic provisioning network attached to
 fake_baremetal_node_ram_mb: 4096
 fake_baremetal_node_disk_gb: 10
 fake_baremetal_node_vcpu: 2

diff --git a/roles/fake-baremetal/tasks/main.yml b/roles/fake-baremetal/tasks/main.yml
@@ -42,38 +42,80 @@
     deploy_kernel_id: "{{ deploy_kernel_img.image.id }}"
     deploy_ramdisk_id: "{{ deploy_ramdisk_img.image.id }}"
 
-- name: template tenks overide file from site-config
-  ansible.builtin.template:
-    src: tenks-override.yml.j2
-    dest: "{{ tenks_install_dir }}/override.yml"
-
-
-- name: get facts for ironic-provisioning subnet
+- name: get facts for ironic-provisioning network
   kolla_toolbox:
-    module_name: openstack.cloud.subnets_info
+    module_name: openstack.cloud.networks_info
     module_args:
       auth: "{{ openstack_auth }}"
       filters:
-        name: "ironic_provisioning_subnet"
+        name: "{{ ironic_provisioning_network }}"
   run_once: True
   become: True
-  register: "provisioning_subnet"
+  register: "provisioning_network_return"
 
-# we're passing this to `ip addr add`, so we need it with the CIDR
-- name: set fact for ironic provisioning subnet
-  vars:
-    provisioning_subnet_return: "{{ provisioning_subnet.openstack_subnets | first }}"
+- name: set fact for provisoning network name
+  ansible.builtin.set_fact:
+    provisioning_network_physnet_name: "{{ provisioning_network_return.openstack_networks[0]['provider:physical_network'] }}"
+- name: set fact for provisoning network
   ansible.builtin.set_fact:
-    provisioning_subnet_cidr: "{{ provisioning_subnet_return.cidr }}"
-    provisioning_subnet_prefix: "{{ provisioning_subnet_return.cidr | ipaddr('prefix')}}"
-    provisioning_subnet_gw: "{{ provisioning_subnet_return.gateway_ip }}"
+    provisioning_network_physnet: "{{ neutron_networks | selectattr('name', 'equalto', provisioning_network_physnet_name ) | first }}"
 
+- name: template tenks overide file from site-config
+  vars:
+    provisioning_physnet_name: "{{ provisioning_network_physnet.name }}"
+    provisioning_physnet_bridge: "{{ provisioning_network_physnet.bridge_name }}"
+  ansible.builtin.template:
+    src: tenks-override.yml.j2
+    dest: "{{ tenks_install_dir }}/override.yml"
+
+- name: create linux_group for neutron ssh to ovs
+  become: true
+  ansible.builtin.group:
+    name: "{{ generic_switch_user }}"
+
+- name: create linux_user for neutron ssh to ovs
+  become: true
+  ansible.builtin.user:
+    name: "{{ generic_switch_user }}"
+    create_home: yes
+    groups: 
+      - "{{ generic_switch_user }}"
 
-- name: Tell operator to execute tenks
-  debug:
-    msg:
-      - source {{site_config_dir}}/admin-openrc.sh
-      - cd {{tenks_install_dir}}
-      - source .venv/bin/activate
-      - ansible-playbook --inventory ansible/inventory/ ansible/deploy.yml --extra-vars="@override.yml"
-      - ip addr add {{ provisioning_subnet_gw }}/{{ provisioning_subnet_prefix }} brtenks0
+- name: Allow 'generic_switch_user' group to have passwordless sudo
+  become: true
+  copy:
+    dest: /etc/sudoers.d/97_kolla_ngs_ovs
+    content: "%{{generic_switch_user}} ALL=(ALL) NOPASSWD: ALL"
+    validate: visudo -cf %s
+
+- name: set ssh publickey for neutron_ovs_ssh
+  become: true
+  ansible.posix.authorized_key:
+    user: "{{ generic_switch_user }}"
+    state: present
+    key: "{{ generic_switch_pubkey }}"
+
+- name: create wrapper for kolla-ovs
+  become: true
+  template:
+    src: ovs-vsctl.j2
+    dest: /usr/local/sbin/ovs-vsctl
+    mode: 'u+rwx'
+
+- name: create interface for ironic provisioning gw
+  become: true
+  vars:
+    ovs_bridge_name: "{{ provisioning_network_physnet.bridge_name }}"
+    vlan_tag: "{{ provisioning_network_return.openstack_networks[0]['provider:segmentation_id'] }}"
+    gateway_ip: "{{ ironic_provisioning_network_gateway }}"
+    gateway_prefix: "{{ironic_provisioning_network_cidr | ipaddr('prefix')}}"
+  block:
+    - name: create OVS patch port for ironic-gw
+      command: "ovs-vsctl add-port {{ovs_bridge_name}} vlan{{vlan_tag}} tag={{vlan_tag}} -- set Interface vlan{{vlan_tag}} type=internal"
+      failed_when: false
+    - name: set ip address on interface
+      command: "ip addr add {{gateway_ip}}/{{gateway_prefix}} dev vlan{{vlan_tag}}"
+      failed_when: false
+    - name: set link up
+      command: "ip link set vlan{{vlan_tag}} up"
+      failed_when: false
diff --git a/roles/fake-baremetal/templates/ovs-vsctl.j2 b/roles/fake-baremetal/templates/ovs-vsctl.j2
@@ -0,0 +1,7 @@
+#!/bin/bash
+# execute ovs-vsctl inside the kolla docker container
+# installed by fake-baremetal playbook
+
+docker exec openvswitch_vswitchd \
+    ovs-vsctl \
+    "${@}"
diff --git a/roles/fake-baremetal/templates/tenks-override.yml.j2 b/roles/fake-baremetal/templates/tenks-override.yml.j2
@@ -2,10 +2,9 @@
 libvirt_pool_path: {{libvirt_pool_path}}
 
 physnet_mappings:
-  {{tenks_provisoning_physnet.name}}: {{tenks_provisoning_physnet.iface}}
-  {{tenks_sharednet_physnet.name}}: {{tenks_sharednet_physnet.iface}}
+  {{provisioning_physnet_name}}: {{provisioning_physnet_bridge}}
 
-bridge_type: "linuxbridge"
+bridge_type: "openvswitch"
 
 # The Glance name or UUID of the image to use for the deployment kernel.
 deploy_kernel: {{ deploy_kernel_id }}
@@ -28,8 +27,7 @@ node_types:
 
     # note! only the first one listed will be used for PXE boot, and therefore must be ironic-provisioning!
     physical_networks:
-      - {{tenks_provisoning_physnet.name}}
-      - {{tenks_sharednet_physnet.name}}
+      - {{provisioning_physnet_name}}
 
 specs:
     # The type in `node_types` that this spec refers to. Required.