Wikimedia Cloud Services team/EnhancementProposals/Neutron SDN/phases
Summary
There are three running narratives through this work:
- Moving to OpenStack Mitaka
- Moving to Debian [Jessie|Stretch]
- Moving to OpenStack Neutron topology
Epics:
Mitaka https://phabricator.wikimedia.org/T187954
Neutron https://phabricator.wikimedia.org/T167293
Debian OpenStack packaging: https://phabricator.wikimedia.org/T169099
Trusty EOL: https://phabricator.wikimedia.org/T186029
Components
Deployment Shared components [Per Site]
- Horizon (Natively shared across regions)
- Keystone (Natively shared across regions)
- LDAP
- Puppet
- Designate, pdns, pdns-recursor
- Glance (Need to find some way to share images even if OOB syncing)
Deployment Separate Components
- nova-api
- neutron-server/nova-network
- neutron-l3-agent
- neutron-ml2-agent
- metadata api (and proxy)
- nova-conductor
- nova-scheduler
Phases
Phase 0
This is all about setting up to have actual Mitaka/Jessie/Neutron infrastructure that is ready for us to run real/test workloads and should end with us ready to implement canaries and figure out moving instances between regions.
[x] Plan VLANs and IP allocations
[x] Create VLANs in Codfw for Neutron
[x] Build out a labtestn Neutron environment on Mitaka and Jessie
[x] Replace missing NAT functionality in native neutron-l3-agent
- dmz_cidr https://phabricator.wikimedia.org/T167357
- routing_source_ip https://phabricator.wikimedia.org/T168580
[x] Migrate labtest to Mitaka
[x] Migrate Main to Mitaka
Phase 1
This is all about setting up eqiad1 for Neutron, writing the logic to moving instances between regions, and having early workloads on Neutron in eqiad1.
[x] Sprinkle in Jessie/Mitaka labvirts to Main for early IRL testing
[x] Make same glance images available to multiple regions https://phabricator.wikimedia.org/T191791
[X] Figure out how to collapse Keystones for labtest/labtestn
- should be done, or almost done, now
- Portal:Cloud_VPS/Admin/keystone_notes#shared_keystone
[x] integrate any missing config from labtest components into labtestn (nova.conf, etc should be consolidated as much as possible now that all is Mitaka) https://phabricator.wikimedia.org/T193657
- Arturo is going to make a checklist of confidence validation criteria ---> Portal:Cloud_VPS/Admin/Deployment_confidence_checklist
[x] Create VLANs in eqiad1 for Neutron deployments
[x] Get labnet100[34] setup with 10G ports
[x] bootstrap labcontrol1003/labcontrol1004 boxes (keystone, nova, glance)
[x] Get public v4 range for eqiad1 Neutron use [chase] (185.15.56.0/24)
[x] Get interface for cloud-instance-transport1-b-eqiad created in core routers [chase]
[x] bootstrap neutron-server in eqiad1 [arturo]
[x] bootstrap other neutron components in eqiad1 [arturo]
- neutron-l3-agent (net)
- neutron-ml2-agent (net and virt)
- neutron-dhcp-agent (net)
- checklist: Portal:Cloud_VPS/Admin/Deployment_confidence_checklist
[x] At this point we sould be able to stand up an instance in eqiad1 even if it doesn't yet have public IP
[x] Collapse Keystones for eqiad [main/eqiad1] (Portal:Cloud_VPS/Admin/keystone_notes) [andrew, arturo]
- next Mon 13th Aug
- docs: Portal:Cloud_VPS/Admin/keystone_notes
[] Figure out instance migration process from nova-network region to a neutron region [andrew]
- instance migration https://phabricator.wikimedia.org/T191790
[x] Setup early workloads in Neutron in eqiad (eqiad1).
[x] Multi-region Horizon for eqiad
[] Multi-region Horizon for codfw
Phase 2
This is all about actual tenant migration.
[] Migrate Toolforge instances
[] Migrate deployment-prep instances
[] Migrate Other
See also
- Our deployments manifests: Portal:Cloud_VPS/Admin/Deployments