From 3d5e9906f7ff6fbe19016d46c580094628d86fb2 Mon Sep 17 00:00:00 2001 From: Michael Sherman Date: Thu, 11 Jul 2024 21:51:33 +0000 Subject: [PATCH] support vlans + openvswitch in tenks --- roles/fake-baremetal/defaults/main.yml | 19 +--- roles/fake-baremetal/tasks/main.yml | 92 ++++++++++++++----- roles/fake-baremetal/templates/ovs-vsctl.j2 | 7 ++ .../templates/tenks-override.yml.j2 | 8 +- 4 files changed, 81 insertions(+), 45 deletions(-) create mode 100644 roles/fake-baremetal/templates/ovs-vsctl.j2 diff --git a/roles/fake-baremetal/defaults/main.yml b/roles/fake-baremetal/defaults/main.yml index 8a261836..4b741b7d 100644 --- a/roles/fake-baremetal/defaults/main.yml +++ b/roles/fake-baremetal/defaults/main.yml @@ -11,25 +11,14 @@ tenks_ansible_galaxy_roles: - role_name: stackhpc.libvirt-vm role_path: "{{tenks_install_dir}}/ansible/roles/stackhpc.libvirt-vm" -shared_networks: "{{ neutron_networks | selectattr('sharednet', 'defined') | list }}" -shared_network_physnet: "{{ shared_networks[0] if shared_networks }}" -shared_network: "{{ shared_network_physnet.sharednet }}" - -provisioning_networks: "{{ neutron_networks | selectattr('provisioning', 'defined') | list }}" -provisioning_network_physnet: "{{ provisioning_networks[0] if provisioning_networks }}" -provisioning_network: "{{ provisioning_network_physnet.provisioning }}" - -tenks_provisoning_physnet: - name: "{{provisioning_network_physnet.name}}" - iface: "{{provisioning_network_physnet.external_interface}}b" -tenks_sharednet_physnet: - name: "{{shared_network_physnet.name}}" - iface: "{{shared_network_physnet.external_interface}}b" - ironic_deploy_image_names: - pxe_deploy_kernel - pxe_deploy_ramdisk +# credentials to allow neutron ngs to ssh to local ovs +generic_switch_user: ngs_ovs_manager +generic_switch_pubkey: "{{ kolla_ssh_key.public_key }}" +# what neutron physnet is the ironic provisioning network attached to fake_baremetal_node_ram_mb: 4096 fake_baremetal_node_disk_gb: 10 fake_baremetal_node_vcpu: 2 diff --git a/roles/fake-baremetal/tasks/main.yml b/roles/fake-baremetal/tasks/main.yml index 3697a8ad..3a9bad7d 100644 --- a/roles/fake-baremetal/tasks/main.yml +++ b/roles/fake-baremetal/tasks/main.yml @@ -42,38 +42,80 @@ deploy_kernel_id: "{{ deploy_kernel_img.image.id }}" deploy_ramdisk_id: "{{ deploy_ramdisk_img.image.id }}" -- name: template tenks overide file from site-config - ansible.builtin.template: - src: tenks-override.yml.j2 - dest: "{{ tenks_install_dir }}/override.yml" - - -- name: get facts for ironic-provisioning subnet +- name: get facts for ironic-provisioning network kolla_toolbox: - module_name: openstack.cloud.subnets_info + module_name: openstack.cloud.networks_info module_args: auth: "{{ openstack_auth }}" filters: - name: "ironic_provisioning_subnet" + name: "{{ ironic_provisioning_network }}" run_once: True become: True - register: "provisioning_subnet" + register: "provisioning_network_return" -# we're passing this to `ip addr add`, so we need it with the CIDR -- name: set fact for ironic provisioning subnet - vars: - provisioning_subnet_return: "{{ provisioning_subnet.openstack_subnets | first }}" +- name: set fact for provisoning network name + ansible.builtin.set_fact: + provisioning_network_physnet_name: "{{ provisioning_network_return.openstack_networks[0]['provider:physical_network'] }}" +- name: set fact for provisoning network ansible.builtin.set_fact: - provisioning_subnet_cidr: "{{ provisioning_subnet_return.cidr }}" - provisioning_subnet_prefix: "{{ provisioning_subnet_return.cidr | ipaddr('prefix')}}" - provisioning_subnet_gw: "{{ provisioning_subnet_return.gateway_ip }}" + provisioning_network_physnet: "{{ neutron_networks | selectattr('name', 'equalto', provisioning_network_physnet_name ) | first }}" +- name: template tenks overide file from site-config + vars: + provisioning_physnet_name: "{{ provisioning_network_physnet.name }}" + provisioning_physnet_bridge: "{{ provisioning_network_physnet.bridge_name }}" + ansible.builtin.template: + src: tenks-override.yml.j2 + dest: "{{ tenks_install_dir }}/override.yml" + +- name: create linux_group for neutron ssh to ovs + become: true + ansible.builtin.group: + name: "{{ generic_switch_user }}" + +- name: create linux_user for neutron ssh to ovs + become: true + ansible.builtin.user: + name: "{{ generic_switch_user }}" + create_home: yes + groups: + - "{{ generic_switch_user }}" -- name: Tell operator to execute tenks - debug: - msg: - - source {{site_config_dir}}/admin-openrc.sh - - cd {{tenks_install_dir}} - - source .venv/bin/activate - - ansible-playbook --inventory ansible/inventory/ ansible/deploy.yml --extra-vars="@override.yml" - - ip addr add {{ provisioning_subnet_gw }}/{{ provisioning_subnet_prefix }} brtenks0 +- name: Allow 'generic_switch_user' group to have passwordless sudo + become: true + copy: + dest: /etc/sudoers.d/97_kolla_ngs_ovs + content: "%{{generic_switch_user}} ALL=(ALL) NOPASSWD: ALL" + validate: visudo -cf %s + +- name: set ssh publickey for neutron_ovs_ssh + become: true + ansible.posix.authorized_key: + user: "{{ generic_switch_user }}" + state: present + key: "{{ generic_switch_pubkey }}" + +- name: create wrapper for kolla-ovs + become: true + template: + src: ovs-vsctl.j2 + dest: /usr/local/sbin/ovs-vsctl + mode: 'u+rwx' + +- name: create interface for ironic provisioning gw + become: true + vars: + ovs_bridge_name: "{{ provisioning_network_physnet.bridge_name }}" + vlan_tag: "{{ provisioning_network_return.openstack_networks[0]['provider:segmentation_id'] }}" + gateway_ip: "{{ ironic_provisioning_network_gateway }}" + gateway_prefix: "{{ironic_provisioning_network_cidr | ipaddr('prefix')}}" + block: + - name: create OVS patch port for ironic-gw + command: "ovs-vsctl add-port {{ovs_bridge_name}} vlan{{vlan_tag}} tag={{vlan_tag}} -- set Interface vlan{{vlan_tag}} type=internal" + failed_when: false + - name: set ip address on interface + command: "ip addr add {{gateway_ip}}/{{gateway_prefix}} dev vlan{{vlan_tag}}" + failed_when: false + - name: set link up + command: "ip link set vlan{{vlan_tag}} up" + failed_when: false diff --git a/roles/fake-baremetal/templates/ovs-vsctl.j2 b/roles/fake-baremetal/templates/ovs-vsctl.j2 new file mode 100644 index 00000000..eded6d48 --- /dev/null +++ b/roles/fake-baremetal/templates/ovs-vsctl.j2 @@ -0,0 +1,7 @@ +#!/bin/bash +# execute ovs-vsctl inside the kolla docker container +# installed by fake-baremetal playbook + +docker exec openvswitch_vswitchd \ + ovs-vsctl \ + "${@}" \ No newline at end of file diff --git a/roles/fake-baremetal/templates/tenks-override.yml.j2 b/roles/fake-baremetal/templates/tenks-override.yml.j2 index 02b7da7c..d4a3d39c 100644 --- a/roles/fake-baremetal/templates/tenks-override.yml.j2 +++ b/roles/fake-baremetal/templates/tenks-override.yml.j2 @@ -2,10 +2,9 @@ libvirt_pool_path: {{libvirt_pool_path}} physnet_mappings: - {{tenks_provisoning_physnet.name}}: {{tenks_provisoning_physnet.iface}} - {{tenks_sharednet_physnet.name}}: {{tenks_sharednet_physnet.iface}} + {{provisioning_physnet_name}}: {{provisioning_physnet_bridge}} -bridge_type: "linuxbridge" +bridge_type: "openvswitch" # The Glance name or UUID of the image to use for the deployment kernel. deploy_kernel: {{ deploy_kernel_id }} @@ -28,8 +27,7 @@ node_types: # note! only the first one listed will be used for PXE boot, and therefore must be ironic-provisioning! physical_networks: - - {{tenks_provisoning_physnet.name}} - - {{tenks_sharednet_physnet.name}} + - {{provisioning_physnet_name}} specs: # The type in `node_types` that this spec refers to. Required.