IP address movement for ovs bridges

Include the URL of your launchpad blueprint:

https://blueprints.launchpad.net/openstack-chef/+spec/ip-movement

Problem description

Neutron openvswitch plugin uses ovs bridges to manage network stream. Recipe openvswitch, l3_agent, and vpn_agent use ovs commands to create those bridges and will plug the corresponding NICs to each of them. But those recipes do not move the NICs’ IP addresses to the bridges, which will lead to the NIC IP address can not be accessed once finish the bridges creation.

Proposed change

Add recipes to move IP address from NIC to bridge. Make sure those IP addresses can also be accessed after finish the bridge creation.

Three attributes will be added, including:

  • [‘openstack’][‘network’][‘ip_movement’][‘enable’]: Boolean attribute to decide whether IP movement should be enabled or not. Default to true.
  • [‘openstack’][‘network’][‘ip-movement’][‘timeout’]: Integer attribute to decide the timeout of IP movement. IP movement uses ‘service network restart’ (for fedora platform) and ‘ifdown’, ‘ifup’ (for ubuntu platform) commands to let network configurations take effect. This attribute decides how long the node should wait for the network to become operational again after executing the previous commands. And it default to 180.
  • [‘openstack’][‘network’][‘ip-movement’][‘validate-ip’]: String of IP address pinged by ip movement in the of its operations to check whether the ip movement is succeed. Default to nil. Means this ip movement will use default gateway to check its status.

Two libraries will be added, including:

  • ip-movement-fedora: This library includes the fedora platform IP movement configurations.
  • ip-movement-ubuntu: This library includes the ubuntu platform IP movement configurations.

One resource will be added, including:

  • ovs_bridge: This resource will create the ovs bridge and move the ip address to the corresponding bridge depend on the resource attributes.

openvswitch and l3-agent recipes will changed to use this new resource create ovs bridge.

Alternatives

Like devstack, using ovs commands and ip commands to flush the ip address in NIC, and add ip address to ovs bridge can also move the ip address to the bridges. But this is a temporary move. After network restart or reboot the OS, the ip address will go back to NIC. We need make sure this movement is persistent by write those configurations to network configuration files.

Data model impact

None

REST API impact

None

Security impact

None

Notifications impact

None

Other end user impact

None

Performance Impact

None

Other deployer impact

None

Implementation

Assignee(s)

Primary assignee:
Other contributors:

Work Items

  • Add new attributes to openstack-network.
  • Add ovs_bridge resource and provider.
  • Add ip-movement-fedora library to handle fedora platform IP movement configurations.
  • Add ip-movement-ubuntu library to configure ubuntu platform IP movement configurations.
  • Add the unit tests.
  • Change openvswitch and l3-agent recipes use ovs_bridge resource to create ovs bridge.

Dependencies

  • IP movement use ‘service network restart’ , ‘ifdown’ and ‘ifup’ to let network configurations take effect. Those scripts are contained in initscripts packege. This cookbook will install it.

Testing

  • Add unit tests for the new recipes.
  • For function tests and CI integration tests, at least an all-in-one openstack configured with neutron openvswitch plugin and enabled l3 service is needed.

Documentation Impact

  • Configure attribute [‘openstack’][‘network’][‘ip-movement’][‘enable’] = ‘True’ to enable IP movement.
  • Using [‘openstack’][‘network’][‘ip-movement’][‘timeout’] to configure the timeout of IP movement. This attribute decides how long the node should wait for the network to become operational again after executing the previous commands.
  • IP movement default to use default gateway to check its network connections in the end of its operations. Assign an ip address to [‘openstack’][‘network’][‘ip-movement’] [‘validate-ip’] attribute to use another ip address instead.