Full Deployment Example for OVN

Hey,

Indeed, we have failed in updating our docs respectively due to limited time and quite big scope we want to achieve in the project.

So I guess I would try to disregard networking docs except ones that are related to control plane networking (need of br-mgmt, br-storage for instance) and https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-ovn.html as it's pretty much relevant in how to get OVN deployed.

Basically, successful deployment with OVN should:
1. In openstack_user_config.yml
a. define network-northd_hosts to controllers
b. define network-gateway_hosts to either standalone net nodes, or to computes
c. define network-infra_hosts to controllers - it's for neutron API
d. don't define network_hosts
2. In user_variables
a. define neutron_ml2_drivers_type to types you need/want to support, as default might be excessive. For example:
neutron_ml2_drivers_type: geneve,vlan

b. neutron_provider_networks is kinda optional. It's be default generated from the stanza in openstack_user_config>global_overrides>provider_networks. But since it is not very obvious/trivial way of defining these things, we also do have `neutron_provider_networks` that has prescedence and can be used instead. It can look like this:
neutron_provider_networks:
  network_types: "{{ neutron_ml2_drivers_type }}"
  network_geneve_ranges: "65537:69999"
  network_vlan_ranges: >-
    vlan:1000:1000,
    vlan:2000:2010
  network_mappings: "vlan:br-ext"
  network_interface_mappings: "br-ext:bond0"

Hope this helps.

We also are welcoming to contributions to our docs, if someone can step-in and provide fixes according to their findings.

Also, feel free to join our IRC channel #openstack-ansible on OFTC network.

Hi,

Thanks for the pointers, will try them out right away!

I will create a patchset for at least the "prod" labeled exmaples (since my setup is based on those) once I got a working setup.

Cheers,
Dan

Sorry, need to clarify, in the example above I assumed that external networking is provided as a vlan 1000, so no flat network was defined.

If you want to provide external connectivity on specific interface directly, you will need to also add a flat type and add mapping for it, which is separated with a comma.

Dear all, let me point out that this is a major point also for me.

Also following some example like this:
https://satishdotpatel.github.io/openstack-ansible-multinode-ovn/

I am not able to deploy a stable ZED or newer environment.
Latest working installation for me was on Ubuntu 20.04Lts using Yoga release (now marked as unsupported).

Do you have any tutorial/working configuration that can be provided to the whole community about how to configure the host preparation (e.g. using netplan or even with the other network services) and the configuration of the ansible /etc/openstack_deploy folder?

Unfortunately people like me are users of the OpenStack and are tipically not able to contribute to Ansible topics.
Thanks for your kind help.

Hi David,

The guide you're referring to is actually outdated, as in Zed release we made quite huge improvements to OVN deployment process, which made it not backward compatible with Yoga version.

As I've mentioned before, this doc https://docs.openstack.org/openstack-ansible-os_neutron/latest/app-ovn.html should contain relevant information about OVN deployment.

So basically your /etc/openstack_deploy/openstack_user_config.yml should contain 3 type of defenitions for OVN:

1. network-northd_hosts - this defines location for OVN NB and SB databases. Usually we suggest placing it on the control plane
2. network-gateway_hosts - this defines which hosts will act as gateways. For Yoga release this was always placed on compute nodes, now it's configurable and standalone network nodes can be utilized this way
3. network-infra_hosts - this is Neutron server (API) which should be placed on control plane.

As of variables - OVN is currently used as a default driver with OpenStack-Ansible, so defaults should work.

The most tricky thing though, is a way to define provider_networks. However, provider_networks might be partially neglected given you define `neutron_provider_networks` variable, which syntax is also partialy covered with the document I reffered to previously.

It would be also pretty much helpful to point out to parts that needs further clarification in the doc, since we may just not realize what specific part is described poorly.

Regarding overall state of the docs - we are having quite a lot of things on our table and never have enough time for updating and maintaining docs, that is why we actively looking for contributors and ask ppl to update misalignments once they being assisted/guide through IRC or ML.

There're also some design drawings for OVN on this page: https://docs.openstack.org/openstack-ansible/latest/user/network-arch/example.html

Dear Dmitriy,

I had time to work on the suggestions you shared above.
Fine! I am now able to install without any formal error during ansible task executions the version 2023.1 (I do not want to try the latest version yet).

I am now in lab with fully operative physical servers: 3 controllers, 4 computes, and 3 ceph nodes for storage.

I decided to install with VLAN and FLAT options, and Geneve for tenant networks. But initially I was also interested in having just one VLAN provider network mapped on one of the few VLAN available in my configuration (see later).

Well, despite the system provides me green flags, I am able to upload images, create VMs and execute anykind of configuration.
BUT I am not able to ping the internet from the VM prompt.
I am able to ping another VM in the tenant network and moreover, if I map VM directly on the provider network (VLAN tagged 40 in the current scenario) I am able to ping other VMs with floating ip but not the internet neither the internet router.

At this point I have to confess I really have difficulties in understanding the basic of the configurations for Neutron task, and I am stuck in finding proper descriptions on the configurations of the ansible tasks that can me help in solving the issue.

Let me share my scenario because maybe my problem can be useful for someone else in the future :)

Accordingly to your remarks and suggestions and following this recent discussion on Reddit,
https://www.reddit.com/r/openstack/comments/18wkidl/openstackansible_and_ovsn_setup/

I have simplified my host preparation by using Netplan and rewriting the name of the network interfaces (two NIC not bonded) as provider0 (for public accessible net) and intranet0 (for private net). Here an example of my configuration for a compute node:
- netplan config example: https://paste.openstack.org/show/btNHQ4VDVW4lNXD0bUgA/

Then I have used the following openstack configuration:
- openstack_user_config.yml: https://paste.openstack.org/show/bpVqYn1HqXUmLvpezavN/
- user_variables.yml: https://paste.openstack.org/show/bPfOTBF9d7ww1zYn5joP/

I have also used only the vlan mapping
  network_mappings: "vlan:br-ex"
  network_interface_mappings: "br-ex:br-vlan"

But no success at all... also if I map
  network_mappings: "vlan:br-ex"
  network_interface_mappings: "br-ex:provider0"

I repeat everything is working correctly giving me the possibility to instantiate any workload, but without access from the external network neither the possibility to ping the internet or the physical network br-ext (in the example mapped on VLAN 40, and provider0 NIC).

This is how I created the provider network
openstack network create --share --external --provider-physical-network vlan --provider-network-type vlan --provider-segment 40 provider-vlan40
openstack subnet create --network provider-vlan40 --allocation-pool start=10.2.1.100,end=10.2.1.250 --dns-nameserver 8.8.8.8 --gateway 10.2.0.254 --subnet-range 10.2.0.0/16 provider-sub

Please any suggestion/remark can be precious.
Thanks in advance (as always)
Davide

Hey,

Sorry, I'm traveling this week so not able to provide you with good example based on the courts you have provided.

But it looks very weird (wrong?) that you do try to use br-ex as vlan network, when it is having just br.40 interface.

So in this scenario you can use br-ex only as a flat network. With that br-vlan can be used as vlan network (as it contains just provider0), but I don't see it configured actually...

But I just took a quick look from my phone so could miss smth. Will be able to check in more details just next week, sorry...

Dear Dmitriy,

no hurry :) take your time.
I can already confirm that using the following rework:

  network_mappings: "vlan:br-vlan,flat:br-ex"
  network_interface_mappings: "br-vlan:provider0,br-ex:br-ext"

I am able to create a flat network!
querying ovs I see a possible error for vlan (and I start to understand that netplan and openstack ansible shall have different nomenclature):

$root@compute1:~# sudo ovs-vsctl show
6b627509-655e-41c1-b5a2-d81da906ca49
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        fail_mode: standalone
        Port br-ex
            Interface br-ex
                type: internal
        Port br-ext
            Interface br-ext
    Bridge br-vlan
        fail_mode: standalone
        Port br-vlan
            Interface br-vlan
                type: internal
                error: "could not add network device br-vlan to ofproto (File exists)"
        Port provider0
            Interface provider0
                error: "could not add network device provider0 to ofproto (Device or resource busy)"
    Bridge br-int
        fail_mode: secure
        datapath_type: system
        Port br-int
            Interface br-int
                type: internal
        Port ovn-3e736e-0
            Interface ovn-3e736e-0
                type: geneve
                options: {csum="true", key=flow, remote_ip="172.29.240.34"}
        Port ovn-29f662-0
            Interface ovn-29f662-0
                type: geneve
                options: {csum="true", key=flow, remote_ip="172.29.240.32"}
        Port ovn-52dec3-0
            Interface ovn-52dec3-0
                type: geneve
                options: {csum="true", key=flow, remote_ip="172.29.240.33"}
    ovs_version: "2.17.8"

Looking forward to next week to understand what's wrong hoping that what we are discussing will be useful for others.
Best regards,
Davide