Support L2GW plugin/agent
L2 Gateway (L2GW) is an API framework that offers bridging 2+
networks together to make them look as a single broadcast domain.
A typical use case is bridging the virtual with the physical networks.
Related-Prod: PROD-17614
Change-Id: I4101b94202f87da6f5ecdea75d38dde17f08ca99
diff --git a/.kitchen.yml b/.kitchen.yml
index 43f469c..0bd9fa3 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -123,6 +123,11 @@
pillars-from-files:
neutron.sls: tests/pillar/control_fwaas_v1.sls
+ - name: control_l2gw
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/control_l2gw.sls
+
- name: control_single
provisioner:
pillars-from-files:
@@ -158,6 +163,11 @@
pillars-from-files:
neutron.sls: tests/pillar/gateway_legacy_fwaas_v1.sls
+ - name: gateway_legacy_l2gw
+ provisioner:
+ pillars-from-files:
+ neutron.sls: tests/pillar/gateway_legacy_l2gw.sls
+
- name: control_dns
provisioner:
pillars-from-files:
diff --git a/README.rst b/README.rst
index 81d7e5e..2c449e5 100644
--- a/README.rst
+++ b/README.rst
@@ -778,6 +778,45 @@
backend:
engine: ovn
+
+Neutron L2 Gateway
+----------------
+
+Control node:
+
+.. code-block:: yaml
+
+ neutron:
+ server:
+ version: pike
+ l2gw:
+ enabled: true
+ periodic_monitoring_interval: 5
+ quota_l2_gateway: 20
+ # service_provider=<service_type>:<name>:<driver>[:default]
+ service_provider: L2GW:OpenDaylight:networking_odl.l2gateway.driver.OpenDaylightL2gwDriver:default
+ backend:
+ engine: ml2
+
+Network/Gateway node:
+
+.. code-block:: yaml
+
+ neutron:
+ gateway:
+ version: pike
+ l2gw:
+ enabled: true
+ debug: true
+ socket_timeout: 20
+ ovsdb_hosts:
+ # <ovsdb_name>: <ip address>:<port>
+ # - ovsdb_name: a user defined symbolic identifier of physical switch
+ # - ip address: the address or dns name for the OVSDB server (i.e. pointer to the switch)
+ ovsdb1: 10.164.5.33:6632
+ ovsdb2: 10.164.4.33:6632
+
+
Neutron Server
--------------
diff --git a/metadata/service/control/services/l2gw.yml b/metadata/service/control/services/l2gw.yml
new file mode 100644
index 0000000..75a7ead
--- /dev/null
+++ b/metadata/service/control/services/l2gw.yml
@@ -0,0 +1,7 @@
+applications:
+- neutron
+parameters:
+ neutron:
+ server:
+ l2gw:
+ enabled: true
diff --git a/neutron/agents/l2gw.sls b/neutron/agents/l2gw.sls
new file mode 100644
index 0000000..1029f1a
--- /dev/null
+++ b/neutron/agents/l2gw.sls
@@ -0,0 +1,24 @@
+{%- from "neutron/map.jinja" import gateway with context %}
+{%- if gateway.l2gw.get('enabled', False) %}
+
+l2gw_agent_packages:
+ pkg.installed:
+ - names: {{ gateway.pkgs_l2gw_agent }}
+
+/etc/neutron/l2gateway_agent.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ gateway.version }}/l2gw/l2gateway_agent.ini
+ - template: jinja
+ - require:
+ - pkg: l2gw_agent_packages
+
+neutron-l2gateway-agent:
+ service.running:
+ - enable: true
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ - watch:
+ - file: /etc/neutron/l2gateway_agent.ini
+
+{%- endif %}
diff --git a/neutron/files/pike/l2gw/l2gateway_agent.ini b/neutron/files/pike/l2gw/l2gateway_agent.ini
new file mode 100644
index 0000000..59a62fb
--- /dev/null
+++ b/neutron/files/pike/l2gw/l2gateway_agent.ini
@@ -0,0 +1,68 @@
+{%- from "neutron/map.jinja" import gateway with context -%}
+[DEFAULT]
+# Show debugging output in log (sets DEBUG log level output)
+debug = {{ gateway.l2gw.debug|default('False') }}
+
+[ovsdb]
+# (StrOpt) OVSDB server tuples in the format
+# <ovsdb_name>:<ip address>:<port>[,<ovsdb_name>:<ip address>:<port>]
+# - ovsdb_name: a symbolic name that helps identifies keys and certificate files
+# - ip address: the address or dns name for the ovsdb server
+# - port: the port (ssl is supported)
+{%- set ovsdb_hosts = [] %}
+{%- for opt, value in gateway.l2gw.get('ovsdb_hosts', {}).iteritems() %}
+{%- do ovsdb_hosts.append('%s:%s'|format(opt, value)) %}
+{%- endfor %}
+ovsdb_hosts = {{ ovsdb_hosts|join(',') }}
+# Example: ovsdb_hosts = 'ovsdb1:16.95.16.1:6632,ovsdb2:16.95.16.2:6632'
+
+# enable_manager = False
+# (BoolOpt) connection can be initiated by the ovsdb server.
+# By default 'enable_manager' value is False, turn on the variable to True
+# to initiate the connection from ovsdb server to l2gw agent.
+
+# manager_table_listening_port = 6632
+# (PortOpt) set port number for l2gateway agent, so that it can listen
+# for ovsdb server,whenever its IP is entered in manager table of ovsdb server.
+# by default it is set to port 6632.
+# you can use vtep-ctl utility to populate manager table of ovsdb.
+# For Example: sudo vtep-ctl set-manager tcp:x.x.x.x:6640,
+# where x.x.x.x is IP of l2gateway agent and 6640 is a port.
+
+# (StrOpt) Base path to private key file(s).
+# Agent will find key file named
+# $l2_gw_agent_priv_key_base_path/$ovsdb_name.key
+# l2_gw_agent_priv_key_base_path =
+# Example: l2_gw_agent_priv_key_base_path = '/home/someuser/keys'
+
+# (StrOpt) Base path to cert file(s).
+# Agent will find cert file named
+# $l2_gw_agent_cert_base_path/$ovsdb_name.cert
+# l2_gw_agent_cert_base_path =
+# Example: l2_gw_agent_cert_base_path = '/home/someuser/certs'
+
+# (StrOpt) Base path to ca cert file(s).
+# Agent will find ca cert file named
+# $l2_gw_agent_ca_cert_base_path/$ovsdb_name.ca_cert
+# l2_gw_agent_ca_cert_base_path =
+# Example: l2_gw_agent_ca_cert_base_path = '/home/someuser/ca_certs'
+
+# (IntOpt) The L2 gateway agent checks connection state with the OVSDB
+# servers.
+# The interval is number of seconds between attempts.
+# periodic_interval =
+# Example: periodic_interval = 20
+
+# (IntOpt) The L2 gateway agent retries to connect to the OVSDB server
+# if a socket does not get opened in the first attempt.
+# the max_connection_retries is the maximum number of such attempts
+# before giving up.
+# max_connection_retries =
+# Example: max_connection_retries = 10
+
+# (IntOpt) The remote OVSDB server sends echo requests every 4 seconds.
+# If there is no echo request on the socket for socket_timeout seconds,
+# by default socket_timeout is set to 30 seconds. The agent can
+# safely assume that the connection with the remote OVSDB server is lost.
+socket_timeout = {{ gateway.l2gw.socket_timeout|default('30') }}
+# Example: socket_timeout = 30
diff --git a/neutron/files/pike/l2gw/l2gw_plugin.ini b/neutron/files/pike/l2gw/l2gw_plugin.ini
new file mode 100644
index 0000000..8ea1bd7
--- /dev/null
+++ b/neutron/files/pike/l2gw/l2gw_plugin.ini
@@ -0,0 +1,26 @@
+{%- from "neutron/map.jinja" import server with context -%}
+[DEFAULT]
+# (StrOpt) default interface name of the l2 gateway
+# default_interface_name =
+# Example: default_interface_name = "FortyGigE1/0/1"
+
+# (StrOpt) default device name of the l2 gateway
+# default_device_name =
+# Example: default_device_name = "Switch1"
+
+# (IntOpt) quota of the l2 gateway
+quota_l2_gateway = {{ server.l2gw.quota_l2_gateway|default('10') }}
+# Example: quota_l2_gateway = 10
+
+# (IntOpt) The periodic interval at which the plugin
+# checks for the monitoring L2 gateway agent
+periodic_monitoring_interval = {{ server.l2gw.periodic_monitoring_interval|default('5') }}
+# Example: periodic_monitoring_interval = 5
+
+[service_providers]
+# Must be in form:
+# service_provider=<service_type>:<name>:<driver>[:default]
+# List of allowed service types includes L2GW
+# Combination of <service type> and <name> must be unique; <driver> must also be unique
+# This is multiline option
+service_provider = {{ server.l2gw.service_provider|default('L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default') }}
diff --git a/neutron/files/pike/neutron-server b/neutron/files/pike/neutron-server
index b2e8978..d147249 100644
--- a/neutron/files/pike/neutron-server
+++ b/neutron/files/pike/neutron-server
@@ -18,3 +18,7 @@
{%- if server.logging.log_appender %}
DAEMON_ARGS="${DAEMON_ARGS} --log-config-append=/etc/neutron/logging/logging-neutron-server.conf"
{%- endif %}
+
+{%- if server.l2gw is defined and server.l2gw.get('enabled', False) %}
+DAEMON_ARGS="${DAEMON_ARGS} --config-file=/etc/neutron/l2gw_plugin.ini"
+{%- endif %}
diff --git a/neutron/files/pike/neutron-server.conf.Debian b/neutron/files/pike/neutron-server.conf.Debian
index 0875697..99651bc 100644
--- a/neutron/files/pike/neutron-server.conf.Debian
+++ b/neutron/files/pike/neutron-server.conf.Debian
@@ -55,6 +55,7 @@
{%- if fwaas.get('enabled', False) -%},{{ fwaas[fwaas.api_version]['service_plugin'] }}{%- endif -%}
{%- if server.get('qos', 'True') -%},neutron.services.qos.qos_plugin.QoSPlugin{%- endif -%}
{%- if server.get('vlan_aware_vms', False) -%},trunk{%- endif -%}
+{%- if server.l2gw is defined and server.l2gw.get('enabled', False) -%},networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin{%- endif -%}
{% endif %}
diff --git a/neutron/gateway.sls b/neutron/gateway.sls
index bbbca27..9283813 100644
--- a/neutron/gateway.sls
+++ b/neutron/gateway.sls
@@ -5,6 +5,11 @@
- neutron.fwaas
{%- endif %}
+{%- if gateway.l2gw is defined %}
+include:
+ - .agents.l2gw
+{%- endif %}
+
{%- if gateway.enabled %}
neutron_gateway_packages:
pkg.installed:
diff --git a/neutron/map.jinja b/neutron/map.jinja
index 8221b89..72f0171 100644
--- a/neutron/map.jinja
+++ b/neutron/map.jinja
@@ -49,6 +49,7 @@
'BaseDefaults': default_params,
'Debian': {
'pkgs': ['neutron-dhcp-agent', 'neutron-openvswitch-agent', 'neutron-l3-agent', 'openvswitch-common', 'neutron-metadata-agent'],
+ 'pkgs_l2gw_agent': ['neutron-l2gateway-agent'],
'services': ['neutron-openvswitch-agent', 'neutron-metadata-agent', 'neutron-l3-agent', 'neutron-dhcp-agent'],
'dpdk': false,
'logging': {
@@ -62,6 +63,7 @@
},
'RedHat': {
'pkgs': ['openstack-neutron-openvswitch'],
+ 'pkgs_l2gw_agent': ['openstack-neutron-l2gw-agent'],
'services': ['neutron-openvswitch-agent', 'neutron-metadata-agent', 'neutron-l3-agent', 'neutron-dhcp-agent'],
'dpdk': false,
'logging': {
@@ -81,6 +83,7 @@
'pkgs': ['neutron-server','python-neutron-lbaas', 'gettext-base', 'python-pycadf'],
'pkgs_ovn': ['python-networking-ovn', 'ovn-common', 'ovn-central'],
'pkgs_ml2': ['neutron-plugin-ml2'],
+ 'pkgs_l2gw': ['python-networking-l2gw'],
'services': ['neutron-server'],
'services_ovn': ['ovn-central'],
'notification': False,
@@ -102,6 +105,7 @@
'pkgs_ml2': ['openstack-neutron-ml2', 'python-pycadf'],
'pkgs': ['openstack-neutron'],
'pkgs_ovn': ['openvswitch-ovn', 'python-networking-ovn'],
+ 'pkgs_l2gw': ['python2-networking-l2gw'],
'services': ['neutron-server'],
'services_ovn': ['ovn-central'],
'notification': False,
diff --git a/neutron/server.sls b/neutron/server.sls
index 38ccc76..058d535 100644
--- a/neutron/server.sls
+++ b/neutron/server.sls
@@ -111,6 +111,11 @@
{%- endif %}
+{%- if server.l2gw is defined %}
+include:
+ - .services.l2gw
+{%- endif %}
+
/etc/neutron/neutron.conf:
file.managed:
- source: salt://neutron/files/{{ server.version }}/neutron-server.conf.{{ grains.os_family }}
diff --git a/neutron/services/l2gw.sls b/neutron/services/l2gw.sls
new file mode 100644
index 0000000..c350ec1
--- /dev/null
+++ b/neutron/services/l2gw.sls
@@ -0,0 +1,17 @@
+{%- from "neutron/map.jinja" import server with context %}
+{%- if server.l2gw.get('enabled', False) %}
+
+networking_l2gw_packages:
+ pkg.installed:
+ - names: {{ server.pkgs_l2gw }}
+
+/etc/neutron/l2gw_plugin.ini:
+ file.managed:
+ - source: salt://neutron/files/{{ server.version }}/l2gw/l2gw_plugin.ini
+ - template: jinja
+ - require:
+ - pkg: networking_l2gw_packages
+ - watch_in:
+ - service: neutron_server_services
+
+{%- endif %}
diff --git a/tests/pillar/control_l2gw.sls b/tests/pillar/control_l2gw.sls
new file mode 100644
index 0000000..b1c2065
--- /dev/null
+++ b/tests/pillar/control_l2gw.sls
@@ -0,0 +1,64 @@
+neutron:
+ server:
+ api_workers: 2
+ rpc_workers: 2
+ rpc_state_report_workers: 2
+ backend:
+ engine: ml2
+ external_mtu: 1500
+ mechanism:
+ ovs:
+ driver: openvswitch
+ tenant_network_types: flat,vxlan
+ bind:
+ address: 172.16.10.101
+ port: 9696
+ compute:
+ host: 127.0.0.1
+ password: unsegreto
+ region: RegionOne
+ tenant: service
+ user: nova
+ database:
+ engine: mysql
+ host: 127.0.0.1
+ name: neutron
+ password: unsegreto
+ port: 3306
+ user: neutron
+ dns_domain: novalocal
+ dvr: false
+ enabled: true
+ global_physnet_mtu: 1500
+ identity:
+ engine: keystone
+ host: 127.0.0.1
+ password: unsegreto
+ port: 35357
+ region: RegionOne
+ tenant: service
+ user: neutron
+ endpoint_type: internal
+ l3_ha: False
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: unsegreto
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ policy:
+ create_subnet: 'rule:admin_or_network_owner'
+ 'get_network:queue_id': 'rule:admin_only'
+ 'create_network:shared':
+ version: pike
+ l2gw:
+ enabled: true
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"
diff --git a/tests/pillar/gateway_legacy_l2gw.sls b/tests/pillar/gateway_legacy_l2gw.sls
new file mode 100644
index 0000000..d3cd4a8
--- /dev/null
+++ b/tests/pillar/gateway_legacy_l2gw.sls
@@ -0,0 +1,37 @@
+neutron:
+ gateway:
+ agent_mode: legacy
+ backend:
+ engine: ml2
+ tenant_network_types: "flat,vxlan"
+ mechanism:
+ ovs:
+ driver: openvswitch
+ dvr: false
+ enabled: true
+ external_access: True
+ local_ip: 10.1.0.110
+ message_queue:
+ engine: rabbitmq
+ host: 127.0.0.1
+ password: unsegreto
+ port: 5672
+ user: openstack
+ virtual_host: /openstack
+ metadata:
+ host: 127.0.0.1
+ password: password
+ workers: 2
+ version: pike
+ l2gw:
+ enabled: true
+ ovsdb_hosts:
+ ovsdbx: 10.164.5.33:6632
+linux:
+ system:
+ enabled: true
+ repo:
+ mirantis_openstack_pike:
+ source: "deb http://mirror.fuel-infra.org/mcp-repos/pike/xenial pike main"
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/pike/xenial/archive-mcppike.key"