Chapter 3. Deploying OVN with director
The following events are triggered when you deploy OVN on the Red Hat OpenStack Platform:
- Enables the OVN ML2 plugin and generates the necessary configuration options.
-
Deploys the OVN databases and the
ovn-northdservice on the controller node(s). -
Deploys
ovn-controlleron each Compute node. -
Deploys
neutron-ovn-metadata-agenton each Compute node.
3.1. Deploying OVN with DVR
This guide deploys OVN with the default DVR in an HA environment.
To deploy OVN with DVR in an HA environment:
Verify that the value for
OS::TripleO::Compute::Net::SoftwareConfigin theenvironments/services/neutron-ovn-dvr-ha.yamlfile is the same as theOS::TripleO::Controller::Net::SoftwareConfigvalue in use. This can normally be found in the network environment file in use when deploying the overcloud, for example, in theenvironments/net-multiple-nics.yamlfile. This creates the appropriate external network bridge on the Compute node.NoteIf customizations have been made to the network configuration of the Compute node, it may be necessary to add the appropriate configuration to those files instead.
-
Configure a Networking port for the Compute node on the external network by modifying
OS::TripleO::Compute::Ports::ExternalPortto an appropriate value, such asOS::TripleO::Compute::Ports::ExternalPort: ../network/ports/external.yaml Include environments/services/neutron-ovn-dvr-ha.yaml as an environment file when deploying the overcloud. For example:
$ openstack overcloud deploy \ --templates /usr/share/openstack-tripleo-heat-templates \ ... -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dvr-ha.yaml
For production environments (or test environments that require special customization, such as network isolation or dedicated NICs, you can use the example environments as a guide. Pay special attention to the bridge mapping type parameters used, for example, by OVS and any reference to external facing bridges.
3.2. Deploying the OVN metadata agent on Compute nodes
The OVN metadata agent is configured in the tripleo-heat-templates/deployment/ovn/ovn-metadata-container-puppet.yaml file and included in the default Compute role through OS::TripleO::Services::OVNMetadataAgent. As such, the OVN metadata agent with default parameters is deployed as part of the OVN deployment. See Chapter 3, Deploying OVN with director.
OpenStack guest instances access the Networking metadata service available at the link-local IP address: 169.254.169.254. The neutron-ovn-metadata-agent has access to the host networks where the Compute metadata API exists. Each HAProxy is in a network namespace that is not able to reach the appropriate host network. HaProxy adds the necessary headers to the metadata API request and then forwards the request to the neutron-ovn-metadata-agent over a UNIX domain socket.
The OVN Networking service creates a unique network namespace for each virtual network that enables the metadata service. Each network accessed by the instances on the Compute node has a corresponding metadata namespace (ovnmeta-<net_uuid>).
3.2.1. Troubleshooting Metadata issues
You can use metadata namespaces for troubleshooting to access the local instances on the Compute node. To troubleshoot metadata namespace issues, run the following command as root on the Compute node:
# ip netns exec ovnmeta-fd706b96-a591-409e-83be-33caea824114 ssh USER@INSTANCE_IP_ADDRESS
USER@INSTANCE_IP_ADDRESS is the user name and IP address for the local instance you want to troubleshoot.
3.3. Deploying Internal DNS with OVN
To deploy internal DNS with OVN:
Enable DNS with the
NeutronPluginExtensionsparameter:parameter_defaults: NeutronPluginExtensions: "dns"
Set the DNS domain before you deploy the overcloud:
NeutronDnsDomain: "mydns-example.org"
Deploy the overcloud:
$ openstack overcloud deploy \ --templates /usr/share/openstack-tripleo-heat-templates \ ... -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dvr-ha.yaml