chore: initial ovn commit
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index cadca4b..6b85485 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -18,11 +18,11 @@
barbican_db_sync: quay.io/vexxhost/barbican@sha256:fde302ee731cca6019feaf87400f5a377c3e38f459bc88d4c7677f2967e0939b # image-source: quay.io/vexxhost/barbican:zed
bootstrap: quay.io/vexxhost/heat@sha256:755225f9a63c0968f1ceeda3a2f06c66dd8d247ff00308f549e66496aa8f59d0 # image-source: quay.io/vexxhost/heat:zed
ceph_config_helper: quay.io/vexxhost/libvirtd@sha256:d400204e0332dc815827e5902038a1c672446c58633ba97ede9e20f8ae9a2349 # image-source: quay.io/vexxhost/libvirtd:yoga-focal
+ ceph: quay.io/ceph/ceph:v16.2.11
cert_manager_cainjector: quay.io/jetstack/cert-manager-cainjector:v1.7.1
cert_manager_cli: quay.io/jetstack/cert-manager-ctl:v1.7.1
cert_manager_controller: quay.io/jetstack/cert-manager-controller:v1.7.1
cert_manager_webhook: quay.io/jetstack/cert-manager-webhook:v1.7.1
- ceph: quay.io/ceph/ceph:v16.2.11
cilium_node: quay.io/cilium/cilium:v1.13.3@sha256:77176464a1e11ea7e89e984ac7db365e7af39851507e94f137dcf56c87746314
cilium_operator: quay.io/cilium/operator-generic:v1.13.3@sha256:fa7003cbfdf8358cb71786afebc711b26e5e44a2ed99bd4944930bba915b8910
cinder_api: quay.io/vexxhost/cinder@sha256:875bc983a9c2a2d1fb6a952d147f2474a169dc77eb9dff4741f3a185c28753fb # image-source: quay.io/vexxhost/cinder:zed
@@ -85,7 +85,6 @@
ks_endpoints: quay.io/vexxhost/heat@sha256:755225f9a63c0968f1ceeda3a2f06c66dd8d247ff00308f549e66496aa8f59d0 # image-source: quay.io/vexxhost/heat:zed
ks_service: quay.io/vexxhost/heat@sha256:755225f9a63c0968f1ceeda3a2f06c66dd8d247ff00308f549e66496aa8f59d0 # image-source: quay.io/vexxhost/heat:zed
ks_user: quay.io/vexxhost/heat@sha256:755225f9a63c0968f1ceeda3a2f06c66dd8d247ff00308f549e66496aa8f59d0 # image-source: quay.io/vexxhost/heat:zed
- kubectl: docker.io/bitnami/kubectl@sha256:bd420268ae3424b3ab3174e26b895fd8dc464589a8cd62654b9aa739d00ff280 # image-source: docker.io/bitnami/kubectl:latest
kube_apiserver: registry.k8s.io/kube-apiserver:v1.22.17
kube_controller_manager: registry.k8s.io/kube-controller-manager:v1.22.17
kube_coredns: registry.k8s.io/coredns/coredns:v1.8.4
@@ -93,11 +92,12 @@
kube_proxy: registry.k8s.io/kube-proxy:v1.22.17
kube_scheduler: registry.k8s.io/kube-scheduler:v1.22.17
kube_state_metrics: registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.6.0
+ kubectl: docker.io/bitnami/kubectl@sha256:bd420268ae3424b3ab3174e26b895fd8dc464589a8cd62654b9aa739d00ff280 # image-source: docker.io/bitnami/kubectl:latest
libvirt: quay.io/vexxhost/libvirtd@sha256:d400204e0332dc815827e5902038a1c672446c58633ba97ede9e20f8ae9a2349 # image-source: quay.io/vexxhost/libvirtd:yoga-focal
local_path_provisioner_helper: docker.io/library/busybox:1.36.0
local_path_provisioner: docker.io/rancher/local-path-provisioner:v0.0.24
- loki: docker.io/grafana/loki:2.7.3
loki_gateway: docker.io/nginxinc/nginx-unprivileged:1.19-alpine
+ loki: docker.io/grafana/loki:2.7.3
magnum_api: quay.io/vexxhost/magnum-cluster-api@sha256:ac6c27b0bc758175649114be6a5b5003fc9803eba9ad2c90e58fa1b56f0aadfb # image-source: quay.io/vexxhost/magnum-cluster-api:zed
magnum_cluster_api_proxy: quay.io/vexxhost/magnum-cluster-api@sha256:ac6c27b0bc758175649114be6a5b5003fc9803eba9ad2c90e58fa1b56f0aadfb # image-source: quay.io/vexxhost/magnum-cluster-api:zed
magnum_conductor: quay.io/vexxhost/magnum-cluster-api@sha256:ac6c27b0bc758175649114be6a5b5003fc9803eba9ad2c90e58fa1b56f0aadfb # image-source: quay.io/vexxhost/magnum-cluster-api:zed
@@ -151,6 +151,10 @@
octavia_worker: quay.io/vexxhost/octavia@sha256:9065365ed1d731e5130dcf7d600bc8dc8ffa158093c53dd151eddfe49a29a5ee # image-source: quay.io/vexxhost/octavia:zed
openvswitch_db_server: quay.io/vexxhost/openvswitch:2.17.3
openvswitch_vswitchd: quay.io/vexxhost/openvswitch:2.17.3
+ ovn_controller: quay.io/vexxhost/ovn-host:23.03.0
+ ovn_northd: quay.io/vexxhost/ovn-central:23.03.0
+ ovn_ovsdb_nb: quay.io/vexxhost/ovn-central:23.03.0
+ ovn_ovsdb_sb: quay.io/vexxhost/ovn-central:23.03.0
pause: registry.k8s.io/pause:3.8
percona_xtradb_cluster_haproxy: docker.io/percona/percona-xtradb-cluster-operator:1.12.0-haproxy
percona_xtradb_cluster_operator: docker.io/percona/percona-xtradb-cluster-operator:1.12.0
diff --git a/roles/neutron/defaults/main.yml b/roles/neutron/defaults/main.yml
index c7d21b3..b82e0b6 100644
--- a/roles/neutron/defaults/main.yml
+++ b/roles/neutron/defaults/main.yml
@@ -19,6 +19,9 @@
neutron_helm_release_namespace: openstack
neutron_helm_values: {}
+# OVN support
+neutron_ovn_enabled: "{{ ovn_enabled | default(false) | bool }}"
+
# List of networks to provision inside OpenStack
neutron_networks: []
diff --git a/roles/neutron/tasks/main.yml b/roles/neutron/tasks/main.yml
index 18266f6..b1741a4 100644
--- a/roles/neutron/tasks/main.yml
+++ b/roles/neutron/tasks/main.yml
@@ -36,6 +36,15 @@
name: "{{ neutron_helm_release_name }}"
namespace: "{{ neutron_helm_release_namespace }}"
+- name: Generate Helm values
+ ansible.builtin.set_fact:
+ _neutron_helm_values: "{{ __neutron_helm_values }}"
+
+- name: Add OVN configuration
+ when: neutron_ovn_enabled | bool
+ ansible.builtin.set_fact:
+ _neutron_helm_values: "{{ _neutron_helm_values | combine(__neutron_ovn_helm_values, recursive=True) }}"
+
- name: Deploy Helm chart
run_once: true
kubernetes.core.helm:
diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
index a4cd93f..5ce4997 100644
--- a/roles/neutron/vars/main.yml
+++ b/roles/neutron/vars/main.yml
@@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-_neutron_helm_values:
+__neutron_helm_values:
endpoints: "{{ openstack_helm_endpoints }}"
images:
tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('neutron') }}"
@@ -65,3 +65,56 @@
manifests:
ingress_server: false
service_ingress_server: false
+
+__neutron_ovn_helm_values:
+ network:
+ backend:
+ # - openvswitch
+ - ovn
+ conf:
+ neutron:
+ DEFAULT:
+ service_plugins: qos,ovn-router,segments,trunk
+ ovn:
+ dns_servers: "{{ neutron_coredns_cluster_ip | default('10.96.0.20') }}"
+ enable_distributed_floating_ip: true
+ ovn_metadata_enabled: true
+ ovn_nb_connection: "{% for n in range(ovn_helm_values.get('pod', {}).get('replicas', {}).get('ovn_ovsdb_nb', 3)) %}tcp:ovn-ovsdb-nb-{{ n }}.{{ neutron_helm_release_namespace }}.svc.cluster.local:6643{% if not loop.last %},{% endif %}{% endfor %}"
+ ovn_sb_connection: "{% for n in range(ovn_helm_values.get('pod', {}).get('replicas', {}).get('ovn_ovsdb_sb', 3)) %}tcp:ovn-ovsdb-sb-{{ n }}.{{ neutron_helm_release_namespace }}.svc.cluster.local:6642{% if not loop.last %},{% endif %}{% endfor %}"
+ plugins:
+ ml2_conf:
+ ml2:
+ type_drivers: flat,vlan,vxlan,geneve
+ tenant_network_types: geneve
+ ml2_type_geneve:
+ vni_ranges: 1:65536
+ max_header_size: 38
+ manifests:
+ daemonset_dhcp_agent: false
+ daemonset_l3_agent: false
+ daemonset_metadata_agent: false
+ daemonset_ovn_metadata_agent: true
+ daemonset_ovs_agent: false
+
+ # conf:
+ # plugins:
+ # ml2_conf:
+ # ml2:
+ # extension_drivers: port_security
+ # mechanism_drivers: ovn
+ # ovn_metadata_agent:
+ # DEFAULT:
+ # nova_metadata_port: 8775
+ # metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
+ # metadata_workers: 8
+ # nova_metadata_host: __NOVA_METADATA_SERVICE_HOST__
+ # cache:
+ # enabled: true
+ # backend: dogpile.cache.memcached
+ # ovs:
+ # ovsdb_connection: tcp:127.0.0.1:6640
+ # ovsdb_timeout: 180
+ # ovn:
+ # ovn_metadata_enabled: true
+ # ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
+ # ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__
diff --git a/roles/ovn/README.md b/roles/ovn/README.md
new file mode 100644
index 0000000..b38bf8d
--- /dev/null
+++ b/roles/ovn/README.md
@@ -0,0 +1 @@
+# `ovn`
diff --git a/roles/ovn/defaults/main.yml b/roles/ovn/defaults/main.yml
new file mode 100644
index 0000000..b904598
--- /dev/null
+++ b/roles/ovn/defaults/main.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+ovn_helm_release_name: ovn
+ovn_helm_chart_path: "../../charts/ovn/"
+ovn_helm_chart_ref: /usr/local/src/ovn
+
+ovn_helm_release_namespace: openstack
+ovn_helm_values: {}
diff --git a/roles/ovn/meta/main.yml b/roles/ovn/meta/main.yml
new file mode 100644
index 0000000..7141b0f
--- /dev/null
+++ b/roles/ovn/meta/main.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for OVN
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ standalone: false
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+ - jammy
+
+dependencies:
+ - role: defaults
+ - role: vexxhost.kubernetes.upload_helm_chart
+ vars:
+ upload_helm_chart_src: "{{ ovn_helm_chart_path }}"
+ upload_helm_chart_dest: "{{ ovn_helm_chart_ref }}"
diff --git a/roles/ovn/tasks/main.yml b/roles/ovn/tasks/main.yml
new file mode 100644
index 0000000..307c50e
--- /dev/null
+++ b/roles/ovn/tasks/main.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Helm chart
+ run_once: true
+ kubernetes.core.helm:
+ name: "{{ ovn_helm_release_name }}"
+ chart_ref: "{{ ovn_helm_chart_ref }}"
+ release_namespace: "{{ ovn_helm_release_namespace }}"
+ create_namespace: true
+ kubeconfig: /etc/kubernetes/admin.conf
+ values: "{{ _ovn_helm_values | combine(ovn_helm_values, recursive=True) }}"
diff --git a/roles/ovn/vars/main.yml b/roles/ovn/vars/main.yml
new file mode 100644
index 0000000..59d9c20
--- /dev/null
+++ b/roles/ovn/vars/main.yml
@@ -0,0 +1,37 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+_ovn_helm_values:
+ images:
+ tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('ovn') }}"
+ labels:
+ ovn_ovsdb_nb:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ ovn_ovsdb_sb:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ ovn_northd:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ volume:
+ ovn_ovsdb_nb:
+ size: 20Gi
+ ovn_ovsdb_sb:
+ size: 20Gi
+ pod:
+ replicas:
+ ovn_ovsdb_nb: 3
+ ovn_ovsdb_sb: 3
+ ovn_northd: 3