networking-ansible documentation

updated: 2018-12-04 16:45

Welcome to Networking-Ansible Documentation

Contents

Networking-Ansible ML2 Driver

Overview

Networking-Ansible is a Neutron ML2 driver that abstracts the management and interaction with switching hardware to Ansible Networking. This driver is not tested with all the modules included with Ansible Networking. In theory it should work with any switch that has compatible modules included with Ansible Networking if the provider tasks are added to the Ansible openstack-ml2 role included with this driver. See the contributor documentation for more information about adding support for an Ansible Networking driver to the openstack-ml2 Ansible role.

Components

The Networking-Ansible ML2 Driver consists of the following components:

networking_ansible ML2 Driver
Invoked by neutron to configure L2 networking for tenant networks.

Use Cases

Ironic Baremetal Guest Deployment

Ironic uses Networking-Ansible to configure the switch ports for the baremetal guests. Ironic needs to swap the port a baremetal guest is connected to between the Ironic provisioning network and the tenant VLAN that the guest is assigned.

Features

  • On create network a vlan can be defined
  • On port update will assign a vlan to an access port

Install and configure

This section describes how to install and configure the networking-ansible ML2 Driver, code-named networking-ansible, on the controller node. This section assumes that you already have a working OpenStack environment with Neutron server included.

Perform installation configuration steps on each controller node that has a Neutron server running.

Prerequisites

To successfully install and configure the Networking-Ansible ML2 Driver, you will need a few prerequisites. Collecting this information and ensuring these resources are available will ensure a successful installation.

  1. Switch credentials that allow configuration changes to the ports that the deployed baremetal guests are connected to.

    For security purposes it is important that you do not provide administrator access to the switch for networking-ansible. A user should be created and granted access for the permissions needed for networking-ansible.

    Networking-Ansible will need to configure a port in access mode and assign a VLAN to that port. It will optionally need access to create VLANs if you choose not to predefine the VLANs that will be used.

  2. OpenStack must be installed with Neutron configured to provide VLAN tenant networking.

    This prerequisite is currently outside the scope of this document. Please refer to Neutron’s documentation or other guides to provide VLAN tenant networking.

Install

This section describes how to install and configure the Networking-Ansible Driver, code-named networking_ansible, on the controller node. This section assumes that you already have a working OpenStack environment with Neutron configured to provide VLAN tenant networking.

Note

Note that installation and configuration may vary by distribution.

Install for openSUSE and SUSE Linux Enterprise

This section describes how to install the Networking-Ansible ML2 Driver for openSUSE Leap 42.1 and SUSE Linux Enterprise Server 12 SP1.

Install components

  1. Install the packages:

    # zypper --quiet --non-interactive install python2-networking-ansible
Install for Red Hat Enterprise Linux, Fedora, and CentOS

This section describes how to install the Networking-Ansible ML2 Driver for Red Hat Enterprise Linux 7, Fedora, and CentOS 7.

Install components

  1. Install the packages:

    # yum install python2-networking-ansible
Install for Ubuntu

This section describes how to install the Networking-ansible ML2 Driver for Ubuntu 14.04 (LTS).

Install components

  1. Install the packages:

    # apt-get update

# apt-get install python2-networking-ansible
Manual Installation

This section describes how to install the Networking-Ansible ML2 Driver in the case that a package is not available. Networking-Ansible can be installed from PyPI using pip.

Install components

  1. Install the packages:

    # pip install networking-ansible

Configure

This section decribes how to configure Neutron configuration files to enable the networking-ansible ML2 driver and configure switch devices that will be managed by networking-ansible.

  1. Configure type_drivers and mechanism_drivers and network_vlan_ranges.

    Add vlan to type_drivers, ansible to mechanism_drivers, and define the network_vlan_range that will be used by the openstack networks that use this driver.

    [ml2]
type_drivers = vlan
mechanism_drivers = ansible

[ml2_type_vlan]
network_vlan_ranges = physnet1:1000:1099
    • Do not remove other values from these comma delimited lists if there are are already values present. Append a comma and your value to the list.
    • physnet1 is an identifier configured in the bridge_mapping TODO(radez) doc ref to bridge_mapping
    • the VLAN range (1000:1099 in this example) is provided by the switch administor. This range is the VLAN IDs assigned by Neutron when a network is created.

  2. Add a section for each switch device that will be managed by networking-ansible.

    Create a section for each host with a section name prefixed by ansible: in /etc/neutron/plugins/ml2/ml2_conf.ini.

    [ansible:myhostname]
ansible_network_os=junos
ansible_host=10.10.2.250
ansible_user=ansible
ansible_pass=password
mac=01:23:45:67:89:AB
    • myhostname is an arbitrary internal identifier used only in ironic’s link_local_information.
    • ansible_network_os is a valid Ansible Networking value to indicate switch type. Tested with networking-ansible: openvswitch, junos Untested but valid with networking-ansible: eos, nxos See contributor/provider for more information.
    • ansible_host is the IP address or hostname used to connect to the switch.
    • ansible_user username of the credentials used to connect to the switch.
    • ansible_pass password of the credentials used to connect to the switch.
    • mac is the MAC address of the switch as provided by lldp. This is optional to provide and specific to OpenStack ML2 use cases. It is used for zero touch provisioning using Ironic introspection. Introspection gathers the switch’s MAC and node’s port provided by lldp and populates the baremetal node’s local_link_information. If this parameter is provided in the ML2 ini configuration it will be used to match against the lldp provided MAC to populate internally generated ansible playbooks with the appropriate host name for the switch.

    Additional available parameters:

    ansible_ssh_private_key_file=/path/to/ansible-ssh
manage_vlans=True
    • ansible_ssh_private_key_file can be used as an alternative to ansible_pass to use ssh key authentication instead of password authentication.
    • manage_vlans is optional and defaults to True. Set this to False for a switch if networking-ansible should not create and delete VLANs on the device.

  3. Restart the Neutron API service

    $ service neturon-server restart

Verify operation

Verify operation of the networking-ansible ML2 Driver service.

  1. Grep the neutron logs for ansible and confirm the driver has been registered and configured. root access CLI commands:

    $ grep ansible /var/log/neutron/server.log
INFO neutron.plugins.ml2.managers [-] Configured mechanism driver names: ['ansible']
INFO neutron.plugins.ml2.managers [-] Loaded mechanism driver names: ['ansible']
INFO neutron.plugins.ml2.managers [-] Registered mechanism drivers: ['ansible']

Next steps

Your OpenStack environment now includes the networking-ansible ML2 Driver.

To add additional services, see https://docs.openstack.org/.

Note

Installation and configuration may vary by distribution.

This chapter assumes a working setup of OpenStack that includes Neutron server. For guides to assist in installing and deploying OpenStack visit OpenStack Docs.

Users guide

Networking-Ansible is currently tested with one use case, Ironic Baremetal Guests. In this section this use case will be exercised in a set of example commands to show how end users would use ironic to provision baremetal nodes. Provisioning baremetal nodes using ironic with networking-ansible would use networking-ansible to manage the guest’s switch level network configuration. Networking-Ansible is used by ironic to first assign a baremetal guest’s switchport to the Ironic provisoning network to provision the baremetal guest. After provisoning, the baremetal guest’s switchport is assigned to the VLAN assigned by Neutron to guest’s tenant network.

The example shown here mirrors a user’s expereience deploying a guest with Ironic. The end user’s experience using networking-ansible is via Neutron and Nova. Nova will select a baremetal node as its target when a properly configured baremetal flavor is provided to the OpenStack server create command.

  1. An administrator will provide Ironic node(s) that are available for provisioning and a baremetal flavor.
openstack baremetal node list
openstack flavor list
  1. Create a tenant VLAN network and subnet that uses the physical network the guest is attached to.
openstack network create --provider-network-type vlan --provider-physical-network datacentre my-tenant-net
openstack subnet create --network tenant-net --subnet-range 192.168.3.0/24 --allocation-pool start=192.168.3.10,end=192.168.3.20 tenant-subnet
  1. Execute server create using the tenant network just created. This assumes disk images and keypairs are already created and available.
openstack server create --image a-baremetal-image --flavor baremetal --nic net-id={my-tenant-net uuid} --key-name my-keypair bm-instance

Contributor Documentation

Contributing

If you would like to contribute to the development of OpenStack, you must follow the steps in this page:

If you already have a good understanding of how the system works and your OpenStack accounts are set up, you can skip to the development workflow section of this documentation to learn how changes to OpenStack should be submitted for review via the Gerrit tool:

Pull requests submitted through GitHub will be ignored.

Bugs should be filed on Storyboard, not GitHub:

Provider Support

Networking-Ansible contains provider switch specific functionality in an Ansible role that enables specific hardware devices per provider switch added to this role. The openstack-ml2 Ansible role is stored in networking-ansible’s etc/ansible/roles directory. A provider switch will be refered to as just a provider for the remainder of this document.

Adding a provider

To add a provider to networking-ansible’s capabilities the provider must be added to the Ansible openstack-ml2 role. To add the provider to the openstack-ml2 role a new directory using the Ansible Networking module name [1] must be added that contains files that will define the Ansible tasks nessessary to perform the respective ML2 action.

Inside the directory for the provider, a file for default values, plus a file for each supported action in netwoking-ansible is required. There are currently five files required to add full functionality for a provider in networking-ansible.

  • defaults.yaml

    Defines default values for segmentation name and ID. For example some switch vendors use the name “default” and VLAN ID 1 as a default VLAN to assign switchports to. Open vSwitch expects no VLAN ID and VLAN name in the case that port is not assigned to a specific VLAN.

  • create_network.yaml

    Defines the Ansible tasks to create a VLAN on a switch.

  • delete_network.yaml

    Defines the Ansible tasks to delete a VLAN on a switch.

  • update_port.yaml

    Defines the Ansible tasks to assign a VLAN to a switchport in access mode.

  • delete_port.yaml

    Defines the Ansible tasks to remove configuration from a switchport.

[1] https://docs.ansible.com/ansible/2.5/modules/list_of_network_modules.html

References

References of networking-ansible.

Indices and tables

updated: 2018-12-04 16:45
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.

found an error? report a bug questions?