This blog post describes the steps required to deploy OVN in tripleo and a little bit of details on how it is deployed and the various components of tripleo used. If you are interested only in deploying OVN, then please see the last section.
Components of OVN
OVN has the following components or services which needs to be deployed and configured
- OVN Northbound (NB) and Southbound (SB) database (DB) servers
- ovn-northd
- ovn-controller
- Neutron OVN ML2 mechanism driver
OVN DB servers and ovn-northd runs on controller node(s). ovn-controller runs on each compute node and controller nodes (if they provide north/south connectivity). OVN NB DB server listens on TCP port 6641 and OVN SB DB server listens on TCP port 6642. OVN ML2 mechanism driver connects to both the OVN DB servers. ovn-controller running on each compute node and controller nodes connect to the OVN SB DB server.
Packages and dependency with openvswitch
The following packages are required for OVN
- openvswitch-ovn-common
- openvswitch-ovn-central
- openvswitch-ovn-host
These packages are sub packages of main openvswitch package. The minimum version required is ovs 2.7.2. With the upstream ovs code base, running “make rpm-fedora” would generate all these packages. All these packages should be part of the overcloud-full.qcow2 image.
Tripleo deployment
When OVN is deployed using tripleo, it needs to do the following
- Configure neutron to enable OVN ML2 mechanism driver and generate the necessary configuration options required for OVN.
- Deploy OVN DB servers and ovn-northd in the controller node(s).
- Deploy ovn-controller in each compute node and controller node(s).
Following tripleo components are involved
- Openstack tripleo-heat-templates
- puppet-tripleo
- puppet-neutron
- puppet-ovn and puppet-vswitch – To deploy OVN services.
Composable service for OVN in tripleo
Tripleo has a composable service “ovn-dbs” for OVN. It has 2 profiles – base profile and pacemaker HA profile. OVN Northbound and southbound DBs are hosted by “ovsdb-server”. It’s the same ovsdb-server process which runs along with ovs-vswitchd to host the ovs database (conf.db).
The schema files for NB DB can be found here and SB DB can be found here.
ovsdb-server presently do not support active-active mode. However it does support HA through master-slave mode managed by pacemaker using the resource agent OCF script. ovsdb-server running in master mode allows write access to the database and all the other slave ovsdb-servers replicate the database locally from the master ovsdb-server and they do not allow write access.
This is the reason we have base profile and HA profile to support both the scenarios. In the case of base profile, OVN DB servers are started only in the bootstrap controller (if the deployment has multiple controllers). If HA profile is enabled then the OVN DB servers are started in all the controllers and pacemaker will select one master.
Base profile
The yaml file for this profile is present in tripleo-heat-templates/puppet/services/ovn-dbs.yaml.
When this service is enabled OVN DB servers are started only in the bootstrap controller.
To illustrate a bit, suppose the deployment has 3 controllers – controller-0, controller-1 and controller-2. OVN DB servers will be started in the controller-0. If controller-0 goes down, then OVN DB servers also go down and they are not started in other controllers. This becomes a single point of failure.
Tripleo creates a virtual ip for the internal network it creates. This virtual ip will be active in one of the controller nodes. This virtual ip is mapped to OVN_DBS_VIP. In order for the OVN ML2 driver and ovn-controller’s to connect to the OVN DB servers, puppet-tripleo generates the below haproxy configuration in haproxy.cfg on each controller node.
OVN ML2 mechanism driver is configured to connect to the OVN_DBS_VIP (in the [ovn] section of ml2_conf.ini). Since OVN DB servers are not started in controller-1 and controller-2, haproxy always redirects the traffic to the OVN DB servers running in controller-0.
Pacemaker HA profile
The yaml file for this profile is present in tripleo-heat-templates/puppet/services/pacemaker/ovn-dbs.yaml. When this service is enabled OVN DB servers are started and managed by pacemaker. puppet-tripleo creates a pacemaker OCF resource – “ovn:ovndb-servers”. OVN DB servers are started on each controller node and the controller owning the virtual ip (OVN_DBS_VIP) will be running the OVN DB servers in master mode. OVN ML2 mechanism driver and ovn-controller’s connect to the DB servers using the OVN_DBS_VIP. In case of a fail-over, pacemaker moves the virtual ip (OVN_DBS_VIP) to another controller and promotes the OVN DB server running in that node to master.
Configuration of ovn-controller
Ovn-controller runs on each compute node and on controller nodes if they provide north/south connectivity. ovn-controller connects to the OVN SB DB server and gets the logical flows. It then translates these logical flows to physical OF flows and installs into the ovs bridge (br-int). In order to talk to ovs-vswitchd and install the OF flows, it connects to the local ovsdb-server (hosting conf.db) using the unix socket path which is passed when it is started (Eg. unix:/var/run/openvswitch/db.sock).
ovn-controller expects certain key-value pairs in the “external_ids” column of “Open_vSwitch” table. puppet-ovn uses puppet-vswitch to configure these fields.
Below are the key-value pairs which puppet-vswitch configures in the “external_ids” column
- hostname=<HOST NAME>
- ovn-encap-ip=<IP OF THE NODE>
- ovn-encap-type=geneve
- ovn-remote=tcp:OVN_DBS_VIP:6642
Deploying OVN base profile
To deploy base profile of OVN, environments/neutron-ml2-ovn.yaml file needs to be passed to “openstack overcloud deploy”.
openstack overcloud deploy \
–templates /usr/share/openstack-tripleo-heat-templates \
…
-e /usr/share/openstack-tripleo-heat-templates/environment/neutron-ml2-ovn.yaml
….
Deploying OVN HA profile
To deploy pacemaker HA profile of OVN, environments/neutron-ml2-ovn-ha.yaml file and environments/puppet-pacemaker.yaml needs to be passed.
openstack overcloud deploy \
–templates /usr/share/openstack-tripleo-heat-templates \
…
-e /usr/share/openstack-tripleo-heat-templates/environment/puppet-pacemaker.yaml
-e /usr/share/openstack-tripleo-heat-templates/environment/neutron-ml2-ovn-ha.yaml
….