← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1576475] [NEW] [RFE] Add OneView ML2 driver to Neutron

 

Public bug reported:

..
 This work is licensed under a Creative Commons Attribution 3.0 Unported
 License.

 http://creativecommons.org/licenses/by/3.0/legalcode

=======================================================
HP OneView Mechanism Driver for Neutron ML2 plugin
=======================================================

Launchpad blueprint:

https://blueprints.launchpad.net/neutron/+spec/oneview-ml2-mechanism-
driver

This blueprint specifies the ML2 mechanism driver for HP OneView integration
to OpenStack Neutron.

Problem description
===================

One of the most important initiatives in OpenStack currently focus in solve
communication restrictions existent in Ironic. Ironic nodes have severe
restrictions on how they can interact with other nodes because they demand a
networking environment composed only by flat networks, not allowing tenants
networks to be correctly isolated as already happens when using Virtual
Machines.

This initiative integrates Ironic and Neutron making possible the creation of
isolated networks in Neutron to be used by Ironic Baremetal nodes. With this
integration a better control of nodes communication is expected, improving
system operation.

To take advantage of this new interaction between OpenStack components, the
integration of HP OneView and OpenStack might be extended to improve the
management it offers considering these new functionalities and be more
aligned to the evolution of OpenStack Platform.

Currently, OpenStack only supports integration with OneView in operations for
provisioning Ironic baremetal instances. Initially, Ironic/OneView driver
only worked with 'pre-allocated' machines. It means that a Ironic node needed
to have a Server Profile already applicated to the Server Hardware registered
in OneView. A new version of the driver is being implemented to dynamically
allocate Ironic nodes, avoiding that nodes already available in Ironic but not
released in OneView could not be used by other OneView users.

However, operations related with the OneView's communication infrastructure
remains unsupported since there is no integration with current Openstack
Neutron actions. This limitation restricts Openstack/OneView interaction since
it demands all the configurations of communication infrastructure to be
manually replicated in both sides to ensure servers correct communication.

The mechanism driver proposed here will interact with Neutron and OneView to
dynamically reflect networking operations made by OpenStack on OneView. With
these operations it's possible to a OneView administrator to know what is
happening in OpenStack System which is running in the Data Center and also
automatizes some operations previously required to be manual.

Proposed change
===============

The diagram below provides an overview of how Neutron and OneView will
interact using the Neutron-OneView Mechanism Driver. OneView Mechanism
Driver uses the python-oneviewclient to provide communication between
Neutron and OneView through OneView's Rest API.

Flows:
::

        +---------------------------------+
        |                                 |
        |       Neutron Server            |
        |      (with ML2 plugin)          |
        |                                 |
        |           +---------------------+
        |           |       OneView       |  Ironic API  +----------------+
        |           |      Mechanism      +--------------+     Ironic     |
        |           |       Driver        |              +----------------+
        +-----------+----------+----------+
                               |
                     REST API  |
                               |
                     +---------+---------+
                     |     OneView       |
                     +-------------------+


Openstack Neutron based networks and ports information is demanded by
OneView service to manage virtual networks. In order to send this
information from neutron service, a new ML2 mechanism driver is required to
post the precommit data to the OneView service. The OneView mechanism
driver updates the OneView with port and network changes from Neutron.

The OneView mechanism driver implements the following Neutron events:

  - Port create/update/delete for compute instances;
  - Network create/update/delete.

When new networks are created in Neutron, OneView might also create this
network to allow system managed elements to be connected to it. It's also
necessary allowing these networks to access external systems, which is
provided by adding this network to one or more existent uplinks in the system.
If networks are updated or deleted in OpenStack, the same operation should be
done in OneView to keep the information consistent on both systems.

In the same way, when ports are created in Neutron, they might be
represented in OneView. Primary Connections already existent in Server 
Profiles are then updated to allow attached Server Hardware to be connected
to the network specified in Neutron's port. In the same way of networks,
update and delete operation for ports will also be replicated in OneView to
keep it consistent with Neutron.

In order to obtain the information of the Server Profile which need to be
used on OneView, the OneView mechanism driver will use the information stored
applied_server_profile_uri located at driver_info namespace of the given node
in Ironic. To access this information, OneView mechanism driver will use
Ironic API calls.

Initial version of this driver supports only VLAN network type. Future
versions will be worked to support other network types.

Sequence flow of events for create_network is as follows:
::

  create_network
  {
     Neutron    ->  ML2_plugin
     ML2_plugin ->  OneView_MD
     OneView_MD ->  OneView
     OneView_MD <-- OneView
     Neutron    <-- OneView_MD
  }

Alternatives
------------

None.

Data model impact
-----------------

None.

REST API impact
---------------

None.

Security impact
---------------

None.

Notifications impact
--------------------

None.

Other end user impact
---------------------

None.

Performance Impact
------------------

The performance of ML2 when configured with the OneView driver will be
dependent on the performance of the communication environment between Neutron
and OneView and on the OneView capacity itself since it might validate and
proceed the requested operations.

Other deployer impact
---------------------

The deployer must configure the installation to use the Neutron-OneView with
the following configuration:

The following parameters are required in the newly created [oneview] section
on neutron.conf:

* manager_url: OneView Manager url
* username: User account with admin/server-profile access privilege in OneView
* password: User account password in OneView
* allow_insecure_connections: Allow connections to OneView without a
  certificate signed by a trusted CA. Its default value is False.
* tls_cacert_file: The path to the certificate of a trusted CA to be used
  to verify the OneView certificate when insecure connections are not allowed
* max_polling_attempts: Max connection attempts to check changes on OneView
* uplink_set_uuids: Uplink Sets to be used in Oneview for the new Networks
  created

Developer impact
----------------

None.

Implementation
==============

Assignee(s)
-----------

Andre Aranha <afaranha>

Fellype Cavalcante <fellypefca>

Petrônio Carlos <petroniocg>

Saulo Ayslan <Saulo-Aislan>

Reinaldo Gomes <reinaldogomes>

Work Items
----------

* Implement new mech_oneview mechanism driver
* Implement unit-test cases for mech_oneview driver.
* Implement third party CI to provide a suitable test
  environment for tests involving an OneView appliance.
* Write configuration documents

Dependencies
============

* The driver requires python-oneviewclient package.

Testing
=======

Tempest Tests
-------------

Third party testing will be provided. The OneView CI will report on all
changes affecting this mechanism driver.

Functional Tests
----------------

New functional tests will be added by mocking the python-oneviewclient
responses.

API Tests
---------

None.

Documentation Impact
====================

The required parameters on the node and [oneview] section of neutron.conf will
be included in the documentation to instruct operators how to use Neutron with
OneView.


References
==========

OneView Page:

http://www8.hp.com/ie/en/business-solutions/converged-
systems/oneview.html

OneView 2.0 REST API Reference

http://h17007.www1.hp.com/docs/enterprise/servers/oneview2.0/cic-
rest/en/content/html

OneView Drivers for Ironic

http://docs.openstack.org/developer/ironic/drivers/oneview.html

python-oneviewclient:

https://pypi.python.org/pypi/python-oneviewclient

Ironic Neutron Integration

http://specs.openstack.org/openstack/ironic-specs/specs/approved/ironic-
ml2-integration.html

Driver in Ironic for OneView

https://specs.openstack.org/openstack/ironic-specs/specs/4.3/new-ironic-
driver-for-oneview.html

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1576475

Title:
  [RFE] Add OneView ML2 driver to Neutron

Status in neutron:
  New

Bug description:
  ..
   This work is licensed under a Creative Commons Attribution 3.0 Unported
   License.

   http://creativecommons.org/licenses/by/3.0/legalcode

  =======================================================
  HP OneView Mechanism Driver for Neutron ML2 plugin
  =======================================================

  Launchpad blueprint:

  https://blueprints.launchpad.net/neutron/+spec/oneview-ml2-mechanism-
  driver

  This blueprint specifies the ML2 mechanism driver for HP OneView integration
  to OpenStack Neutron.

  Problem description
  ===================

  One of the most important initiatives in OpenStack currently focus in solve
  communication restrictions existent in Ironic. Ironic nodes have severe
  restrictions on how they can interact with other nodes because they demand a
  networking environment composed only by flat networks, not allowing tenants
  networks to be correctly isolated as already happens when using Virtual
  Machines.

  This initiative integrates Ironic and Neutron making possible the creation of
  isolated networks in Neutron to be used by Ironic Baremetal nodes. With this
  integration a better control of nodes communication is expected, improving
  system operation.

  To take advantage of this new interaction between OpenStack components, the
  integration of HP OneView and OpenStack might be extended to improve the
  management it offers considering these new functionalities and be more
  aligned to the evolution of OpenStack Platform.

  Currently, OpenStack only supports integration with OneView in operations for
  provisioning Ironic baremetal instances. Initially, Ironic/OneView driver
  only worked with 'pre-allocated' machines. It means that a Ironic node needed
  to have a Server Profile already applicated to the Server Hardware registered
  in OneView. A new version of the driver is being implemented to dynamically
  allocate Ironic nodes, avoiding that nodes already available in Ironic but not
  released in OneView could not be used by other OneView users.

  However, operations related with the OneView's communication infrastructure
  remains unsupported since there is no integration with current Openstack
  Neutron actions. This limitation restricts Openstack/OneView interaction since
  it demands all the configurations of communication infrastructure to be
  manually replicated in both sides to ensure servers correct communication.

  The mechanism driver proposed here will interact with Neutron and OneView to
  dynamically reflect networking operations made by OpenStack on OneView. With
  these operations it's possible to a OneView administrator to know what is
  happening in OpenStack System which is running in the Data Center and also
  automatizes some operations previously required to be manual.

  Proposed change
  ===============

  The diagram below provides an overview of how Neutron and OneView will
  interact using the Neutron-OneView Mechanism Driver. OneView Mechanism
  Driver uses the python-oneviewclient to provide communication between
  Neutron and OneView through OneView's Rest API.

  Flows:
  ::

          +---------------------------------+
          |                                 |
          |       Neutron Server            |
          |      (with ML2 plugin)          |
          |                                 |
          |           +---------------------+
          |           |       OneView       |  Ironic API  +----------------+
          |           |      Mechanism      +--------------+     Ironic     |
          |           |       Driver        |              +----------------+
          +-----------+----------+----------+
                                 |
                       REST API  |
                                 |
                       +---------+---------+
                       |     OneView       |
                       +-------------------+

  
  Openstack Neutron based networks and ports information is demanded by
  OneView service to manage virtual networks. In order to send this
  information from neutron service, a new ML2 mechanism driver is required to
  post the precommit data to the OneView service. The OneView mechanism
  driver updates the OneView with port and network changes from Neutron.

  The OneView mechanism driver implements the following Neutron events:

    - Port create/update/delete for compute instances;
    - Network create/update/delete.

  When new networks are created in Neutron, OneView might also create this
  network to allow system managed elements to be connected to it. It's also
  necessary allowing these networks to access external systems, which is
  provided by adding this network to one or more existent uplinks in the system.
  If networks are updated or deleted in OpenStack, the same operation should be
  done in OneView to keep the information consistent on both systems.

  In the same way, when ports are created in Neutron, they might be
  represented in OneView. Primary Connections already existent in Server 
  Profiles are then updated to allow attached Server Hardware to be connected
  to the network specified in Neutron's port. In the same way of networks,
  update and delete operation for ports will also be replicated in OneView to
  keep it consistent with Neutron.

  In order to obtain the information of the Server Profile which need to be
  used on OneView, the OneView mechanism driver will use the information stored
  applied_server_profile_uri located at driver_info namespace of the given node
  in Ironic. To access this information, OneView mechanism driver will use
  Ironic API calls.

  Initial version of this driver supports only VLAN network type. Future
  versions will be worked to support other network types.

  Sequence flow of events for create_network is as follows:
  ::

    create_network
    {
       Neutron    ->  ML2_plugin
       ML2_plugin ->  OneView_MD
       OneView_MD ->  OneView
       OneView_MD <-- OneView
       Neutron    <-- OneView_MD
    }

  Alternatives
  ------------

  None.

  Data model impact
  -----------------

  None.

  REST API impact
  ---------------

  None.

  Security impact
  ---------------

  None.

  Notifications impact
  --------------------

  None.

  Other end user impact
  ---------------------

  None.

  Performance Impact
  ------------------

  The performance of ML2 when configured with the OneView driver will be
  dependent on the performance of the communication environment between Neutron
  and OneView and on the OneView capacity itself since it might validate and
  proceed the requested operations.

  Other deployer impact
  ---------------------

  The deployer must configure the installation to use the Neutron-OneView with
  the following configuration:

  The following parameters are required in the newly created [oneview] section
  on neutron.conf:

  * manager_url: OneView Manager url
  * username: User account with admin/server-profile access privilege in OneView
  * password: User account password in OneView
  * allow_insecure_connections: Allow connections to OneView without a
    certificate signed by a trusted CA. Its default value is False.
  * tls_cacert_file: The path to the certificate of a trusted CA to be used
    to verify the OneView certificate when insecure connections are not allowed
  * max_polling_attempts: Max connection attempts to check changes on OneView
  * uplink_set_uuids: Uplink Sets to be used in Oneview for the new Networks
    created

  Developer impact
  ----------------

  None.

  Implementation
  ==============

  Assignee(s)
  -----------

  Andre Aranha <afaranha>

  Fellype Cavalcante <fellypefca>

  Petrônio Carlos <petroniocg>

  Saulo Ayslan <Saulo-Aislan>

  Reinaldo Gomes <reinaldogomes>

  Work Items
  ----------

  * Implement new mech_oneview mechanism driver
  * Implement unit-test cases for mech_oneview driver.
  * Implement third party CI to provide a suitable test
    environment for tests involving an OneView appliance.
  * Write configuration documents

  Dependencies
  ============

  * The driver requires python-oneviewclient package.

  Testing
  =======

  Tempest Tests
  -------------

  Third party testing will be provided. The OneView CI will report on all
  changes affecting this mechanism driver.

  Functional Tests
  ----------------

  New functional tests will be added by mocking the python-oneviewclient
  responses.

  API Tests
  ---------

  None.

  Documentation Impact
  ====================

  The required parameters on the node and [oneview] section of neutron.conf will
  be included in the documentation to instruct operators how to use Neutron with
  OneView.

  
  References
  ==========

  OneView Page:

  http://www8.hp.com/ie/en/business-solutions/converged-
  systems/oneview.html

  OneView 2.0 REST API Reference

  http://h17007.www1.hp.com/docs/enterprise/servers/oneview2.0/cic-
  rest/en/content/html

  OneView Drivers for Ironic

  http://docs.openstack.org/developer/ironic/drivers/oneview.html

  python-oneviewclient:

  https://pypi.python.org/pypi/python-oneviewclient

  Ironic Neutron Integration

  http://specs.openstack.org/openstack/ironic-specs/specs/approved
  /ironic-ml2-integration.html

  Driver in Ironic for OneView

  https://specs.openstack.org/openstack/ironic-specs/specs/4.3/new-
  ironic-driver-for-oneview.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1576475/+subscriptions


Follow ups