如何在OpenStack-Ansible上集成Tungsten Fabric

最新推荐文章于 2022-06-15 11:32:58 发布

TungstenFabric

最新推荐文章于 2022-06-15 11:32:58 发布

阅读量533

点赞数

分类专栏： Tungsten Fabric中文社区文章标签： SDN 开源 Tungsten Fabric

本文链接：https://blog.csdn.net/TungstenFabric/article/details/109849128

版权

Rackspace首席架构师接受挑战，将TF集成到OpenStack-Ansible。

摘要由CSDN通过智能技术生成

本文作者James Denton，拥有超过15年信息技术领域行业经验，目前为知名云计算服务商Rackspace
Hosting首席架构师，致力于云网络和对基于OpenStack的Rackspace私有云产品的支持。

Tungsten Fabric（前身为OpenContrail）是Linux基金会旗下的“多云、多技术栈”SDN解决方案。简而言之，Tungsten Fabric和Contrail（基于TF的商业产品）可以替代和增强标准OpenStack云的许多网络组件，并提供以下功能：
分布式虚拟路由
DHCP和元数据服务
基于策略的访问控制
与安全组的兼容性
……等等
转发平面支持MPLS over GRE、VXLAN、L2/L3单播和L3多播，以实现虚拟网络和物理网络之间的互连。
注：关于Tungsten Fabric架构的概述可在下面的链接找到：https://tungstenfabric.org.cn/docs

我最近接受了将Tungsten Fabric集成到OpenStack-Ansible中的挑战，以简化TF和相关OpenStack bits在生产级OpenStack云中的部署。本文将在较高级别涵盖OpenStack-Ansible的主（Rocky）分支的一些补丁，以及Juniper和TF社区提供的用于部署Tungsten Fabric的contrail-ansible-deployer playbooks的一些调整。本文所描述的过程绝不意味着是最终的过程，可能会显得比较笨拙且不理想，但是，这是一个开始。
注：本文作者指明文章中的Tungsten Fabric、OpenContrail和Contrail为混用，翻译时统一为Tungsten Fabric。

集成要求

几周前，我部署了一个独立的3节点Tungsten Fabric设置，其中包含基于Queens的OpenStack-Ansible的All-in-One节点。在弄清楚使事情进入半工作状态所需的调整后，我决定亲自尝试并部署一个AIO节点，该节点包含一个单一的Tungsten Fabric服务实例以及基本的OpenStack服务。

以下为最低规格的配置建议：
系统: Ubuntu VM
OS: 16.04.4 LTS
内存: 48GB
硬盘: 300GB
NIC: 单口网卡

如我稍后指出的，裸机节点可能复杂度较小，但是ESXi或其它管理程序上的虚拟机应该是可以尝试的。

从OpenStack-Ansible开始

首先，请克隆OpenStack-Ansible存储库。在撰写本文时，master分支是与OpenStack的第18个发行版Rocky相关联的。

# git clone https://git.openstack.org/openstack/openstack-ansible /opt/openstack-ansible
# cd /opt/openstack-ansible
# git checkout master
# export ANSIBLE_ROLE_FETCH_MODE=git-clone

接下来，运行引导程序脚本：

# scripts/bootstrap-ansible.sh
# scripts/bootstrap-aio.sh

引导程序脚本将下载playbooks以部署OpenStack，还将在服务器上准备符合OpenStack-Ansible架构的网络环境。

角色修改

对使用OpenStack-Ansible部署的OpenStack云进行更改，通常意味着对构成部署的Ansible角色进行更改。这包括对任务、模板、变量等的更改。

需要修改的角色包括：
os_neutron
os_nova

是否所有这些角色的更改都是必需的，还有待观察，这里只是为了更好地说明。

os_neutron

一些新文件包括：

root@aio1:/etc/ansible/roles/os_neutron# git diff --staged
diff --git a/tasks/providers/opencontrail_config.yml b/tasks/providers/opencontrail_config.yml
new file mode 100644
index 0000000..8f5fc7d
--- /dev/null
+++ b/tasks/providers/opencontrail_config.yml
@@ -0,0 +1,99 @@
+---
+# Copyright 2018, Rackspace Hosting, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Set the packages to install
+  set_fact:
+    neutron_optional_combined_pip_packages: |-
+      {
   % set packages = neutron_optional_opencontrail_pip_packages %}
+      {
   {
    packages }}
+
+- name: Install OpenContrail pip packages
+  pip:
+    name: "{
   { neutron_optional_combined_pip_packages }}"
+    state: "{
   { neutron_pip_package_state }}"
+    virtualenv: "{
   { neutron_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: >-
+      {
   {
    neutron_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+      {
   {
    (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {
   {
    pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  tags:
+    - opencontrail-install
+    - opencontrail-pip-packages
+
+- name: Install git
+  apt:
+    name: git
+    state: present
+  delegate_to: "{
   { item }}"
+  with_items:
+    - "{
   { groups['neutron_server'] }}"
+  tags:
+    - opencontrail-install
+
+- name: Clone contrail neutron plugin
+  git:
+    repo: "{
   { opencontrail_plugin_git_repo }}"
+    version: "{
   { opencontrail_plugin_git_install_branch }}"
+    dest: /opt/contrail-neutron-plugin
+    force: yes
+  register: contrail_plugin_git_clone
+  delegate_to: "{
   { item }}"
+  with_items:
+    - "{
   { groups['neutron_server'] }}"
+  until: contrail_plugin_git_clone|success
+  retries: 5
+  delay: 2
+  tags:
+    - opencontrail-install
+
+# (jamesdenton) Will need to eventually compile and/or extract from Docker container
+# The tasks marked (temp) should be reworked
+
+- name: Download Contrail python libraries (temp)
+  vars:
+  - dlpath: https://github.com/busterswt/contrail-openstack/raw/master
+  get_url:
+    url: "{
   { dlpath }}/{
   { item }}"
+    dest: /opt
+    mode: 0440
+  with_items:
+    - contrail-openstack-neutron-init.tar
+  tags:
+    - opencontrail-install
+
+- name: Unpack Contrail python libraries (temp)
+  unarchive:
+    remote_src: yes
+    src: /opt/contrail-openstack-neutron-init.tar
+    dest: /openstack/venvs/neutron-{
   {
    neutron_venv_tag }}/lib/python2.7/site-packages
+  when:
+    inventory_hostname == groups['neutron_server'][0]
+  tags:
+    - opencontrail-install
+
+- name: Install contrail neutron plugin into venv
+  command: "/openstack/venvs/neutron-{
   { neutron_venv_tag }}/bin/python setup.py install"
+  args:
+    chdir: /opt/contrail-neutron-plugin
+  delegate_to: "{
   { item }}"
+  with_items:
+    - "{
   { groups['neutron_server'] }}"
+  tags:
+    - opencontrail-install
diff --git a/templates/plugins/opencontrail/ContrailPlugin.ini.j2 b/templates/plugins/opencontrail/ContrailPlugin.ini.j2
new file mode 100644
index 0000000..9d645b0
--- /dev/null
+++ b/templates/plugins/opencontrail/ContrailPlugin.ini.j2
@@ -0,0 +1,23 @@
+# {
   {
    ansible_managed }}
+
+{
   % if neutron_plugin_type == 'opencontrail' %}
+[APISERVER]
+api_server_ip = {
   {
    opencontrail_api_vip_address }}
+api_server_port = {
   {
    opencontrail_api_vip_port }}
+multi_tenancy = True
+contrail_extensions = ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None,service-interface:None,vf-binding:None
+
+[COLLECTOR]
+analytics_api_ip = {
   {
    opencontrail_collector_vip_address }}
+analytics_api_port = {
   {
    opencontrail_collector_vip_port }}
+
+[keystone_authtoken]
+auth_host = {
   {
    internal_lb_vip_address }}
+auth_port = {
   {
    keystone_service_port }}
+auth_protocol = {
   {
    keystone_service_proto }}
+admin_user = {
   {
    keystone_admin_user_name }}
+admin_password = {
   {
    keystone_auth_admin_password }}
+admin_tenant_name = {
   {
    keystone_admin_tenant_name }}
+insecure = True
+region_name = {
   {
    keystone_service_region }}
+{
   % endif %}

对现有文件的更改包括：

root@aio1:/etc/ansible/roles/os_neutron# git diff
diff --git a/defaults/main.yml b/defaults/main.yml
index 162e933..7054c96 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -63,6 +63,8 @@ networking_bgpvpn_git_repo: https://git.openstack.org/openstack/networking-bgpvp
 networking_bgpvpn_git_install_branch: master
 openstack_ceilometer_git_repo: https://git