From 72039e915d1fc960bd0d7fccd910ea282d61bee7 Mon Sep 17 00:00:00 2001
From: your name <email@163.com>
Date: Wed, 9 Sep 2015 03:26:11 -0400
Subject: Compass Netconfig optimization

Change-Id: Icbcfc7d794623436f22be5f6763b212a25d4fac7
JIRA: COMPASS-30
---
 INFO                                               | 28 +++++------
 .../openstack_juno/HA-ansible-multinodes.yml       |  2 +
 .../ansible/openstack_juno/templates/ml2_conf.ini  | 13 +++--
 .../cinder-controller/tasks/cinder_config.yml      |  2 +
 .../ansible/roles/cinder-controller/tasks/main.yml |  1 -
 .../adapters/ansible/roles/common/tasks/main.yml   |  4 ++
 .../adapters/ansible/roles/common/vars/Debian.yml  |  4 ++
 .../adapters/ansible/roles/common/vars/RedHat.yml  |  4 ++
 .../adapters/ansible/roles/database/tasks/main.yml |  4 +-
 .../ansible/roles/database/tasks/mariadb.yml       | 20 +++++++-
 .../ansible/roles/database/templates/wsrep.cnf     |  4 +-
 .../ansible/roles/database/vars/Debian.yml         |  5 +-
 .../ansible/roles/database/vars/RedHat.yml         |  2 +-
 .../ansible/roles/ext-network/handlers/main.yml    | 21 ++++++++
 .../ansible/roles/ext-network/tasks/main.yml       | 57 ++++++++++++++++++++++
 .../ansible/roles/glance/tasks/glance_config.yml   |  3 ++
 .../adapters/ansible/roles/glance/tasks/main.yml   |  2 +-
 .../ansible/roles/ha/templates/haproxy.cfg         | 40 +++++++--------
 .../roles/keystone/tasks/keystone_config.yml       |  2 +
 .../adapters/ansible/roles/keystone/tasks/main.yml |  1 -
 .../ansible/roles/mq/tasks/rabbitmq_cluster.yml    |  4 +-
 .../roles/neutron-compute/defaults/main.yml        |  1 -
 .../ansible/roles/neutron-compute/tasks/main.yml   |  5 +-
 .../roles/neutron-controller/handlers/main.yml     |  1 +
 .../roles/neutron-controller/tasks/main.yml        |  1 -
 .../neutron-controller/tasks/neutron_config.yml    |  7 +++
 .../neutron-controller/tasks/neutron_install.yml   |  2 +-
 .../roles/neutron-controller/vars/RedHat.yml       |  3 +-
 .../ansible/roles/neutron-network/tasks/main.yml   | 14 +-----
 .../ansible/roles/nova-controller/tasks/main.yml   |  1 -
 .../roles/nova-controller/tasks/nova_config.yml    |  1 +
 .../ansible/roles/setup-network/tasks/main.yml     | 43 ++++++++++++++++
 .../setup-network/templates/my_configs.debian      | 16 ++++++
 deploy/conf/network_cfg.yaml                       | 24 +++++++++
 deploy/template/vm/host.xml                        | 10 ----
 35 files changed, 266 insertions(+), 86 deletions(-)
 create mode 100644 deploy/adapters/ansible/roles/ext-network/handlers/main.yml
 create mode 100644 deploy/adapters/ansible/roles/ext-network/tasks/main.yml
 create mode 100644 deploy/adapters/ansible/roles/setup-network/tasks/main.yml
 create mode 100644 deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian

diff --git a/INFO b/INFO
index b2af1852..39a68542 100644
--- a/INFO
+++ b/INFO
@@ -1,19 +1,19 @@
-Project Name: Compass4nfv 
+Project Name: Compass4nfv
 Repo name: compass4nfv
 Project Category: Integration and testing
 Lifecycle State: Proposal approved
 Primary Contact: Weidong shao(weidong.shao@huawei.com)
 Project Lead: Weidong shao
-Jira Project Name: Compass4nfv 
-Jira Project Prefix: COMPASS 
-mailing list tag [COMPASS] 
-Committers: 
-Weidong shao (weidong.shao@huawei.com) 
-Prakash Ramchandran (Prakash.Ramchandran@huawei.com) 
-Justin chi (chigang@huawei.com) 
-Iben Rodrigues (iben.rodriguez@spirent.com) 
-Tim Rozet (trozet@redhat.com) 
-Chenshuai (chenshuai@huawei.com) 
-Ashlee Young (ashlee@onosfw.com) 
-Link to TSC approval: http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-07-21-14.02.html 
-Link to approval of additional submitters: 
+Jira Project Name: Compass4nfv
+Jira Project Prefix: COMPASS
+mailing list tag [COMPASS]
+Committers:
+Weidong shao (weidong.shao@huawei.com)
+Prakash Ramchandran (Prakash.Ramchandran@huawei.com)
+Justin chi (chigang@huawei.com)
+Iben Rodrigues (iben.rodriguez@spirent.com)
+Tim Rozet (trozet@redhat.com)
+Chenshuai (chenshuai@huawei.com)
+Ashlee Young (ashlee@onosfw.com)
+Link to TSC approval: http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-07-21-14.02.html
+Link to approval of additional submitters:
diff --git a/deploy/adapters/ansible/openstack_juno/HA-ansible-multinodes.yml b/deploy/adapters/ansible/openstack_juno/HA-ansible-multinodes.yml
index f8f8b442..d413dea4 100644
--- a/deploy/adapters/ansible/openstack_juno/HA-ansible-multinodes.yml
+++ b/deploy/adapters/ansible/openstack_juno/HA-ansible-multinodes.yml
@@ -4,6 +4,7 @@
   sudo: True
   roles:
     - common
+    - setup-network
 
 - hosts: ha
   remote_user: root
@@ -24,6 +25,7 @@
     - glance
     - neutron-common
     - neutron-network
+    - ext-network
     - dashboard
 
 - hosts: compute
diff --git a/deploy/adapters/ansible/openstack_juno/templates/ml2_conf.ini b/deploy/adapters/ansible/openstack_juno/templates/ml2_conf.ini
index a7900693..7b3e76da 100644
--- a/deploy/adapters/ansible/openstack_juno/templates/ml2_conf.ini
+++ b/deploy/adapters/ansible/openstack_juno/templates/ml2_conf.ini
@@ -29,7 +29,7 @@ mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }}
 # can be created. Use * to allow flat networks with arbitrary
 # physical_network names.
 #
-flat_networks = external
+flat_networks = *
 # Example:flat_networks = physnet1,physnet2
 # Example:flat_networks = *
 
@@ -39,7 +39,7 @@ flat_networks = external
 # tenant networks, as well as ranges of VLAN tags on each
 # physical_network available for allocation as tenant networks.
 #
-network_vlan_ranges =
+network_vlan_ranges = {{ NEUTRON_VLAN_RANGES|join(",") }}
 # Example: network_vlan_ranges = physnet1:1000:2999,physnet2
 
 [ml2_type_gre]
@@ -73,10 +73,12 @@ connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=
 local_ip = {{ internal_ip }}
 {% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %}
 integration_bridge = br-int
+{% if NEUTRON_TUNNEL_TYPES %}
 tunnel_bridge = br-tun
 tunnel_id_ranges = 1001:4095
 tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }}
-bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }}
+{% endif %}
+bridge_mappings = {{ NEUTRON_OVS_BRIDGE_MAPPINGS | join(",") }}
 {% endif %}
 
 [agent]
@@ -90,11 +92,14 @@ l2_population = False
 [odl]
 {% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %}
 network_vlan_ranges = 1001:4095
+{% if NEUTRON_TUNNEL_TYPES %}
 tunnel_id_ranges = 1001:4095
 tun_peer_patch_port = patch-int
 int_peer_patch_port = patch-tun
-tenant_network_type = vxlan
 tunnel_bridge = br-tun
+{% endif %}
+
+tenant_network_type = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }}
 integration_bridge = br-int
 controllers = 10.1.0.15:8080:admin:admin
 {% endif %}
diff --git a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml b/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml
index fe9f7dc8..77029b81 100644
--- a/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml
+++ b/deploy/adapters/ansible/roles/cinder-controller/tasks/cinder_config.yml
@@ -5,6 +5,7 @@
 - name: sync cinder db
   shell: su -s /bin/sh -c "cinder-manage db sync" cinder && cinder
   register: result
+  run_once: True
   until: result.rc == 0
   retries: 5
   delay: 3
@@ -18,5 +19,6 @@
 
 - name: run cinder register script
   shell: for i in {0..5}; do /opt/cinder_init.sh && touch cinder_init_complete; if [ $? != 0 ]; then sleep 5; else break; fi; done
+  run_once: True
   args:
     creates: cinder_init_complete
diff --git a/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml b/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml
index 9faa456b..e6a5f04f 100644
--- a/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/cinder-controller/tasks/main.yml
@@ -8,7 +8,6 @@
     - cinder
 
 - include: cinder_config.yml
-  when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == ''
   tags:
     - config
     - cinder-config
diff --git a/deploy/adapters/ansible/roles/common/tasks/main.yml b/deploy/adapters/ansible/roles/common/tasks/main.yml
index 1b20c0fd..b58bb44d 100644
--- a/deploy/adapters/ansible/roles/common/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/common/tasks/main.yml
@@ -45,3 +45,7 @@
 
 - name: restart ntp
   service: name={{ ntp_service }} state=restarted enabled=yes
+
+- name: restart openvswitch
+  service: name={{ item }} state=restarted enabled=yes
+  with_items: services
diff --git a/deploy/adapters/ansible/roles/common/vars/Debian.yml b/deploy/adapters/ansible/roles/common/vars/Debian.yml
index af6130cb..0890c757 100644
--- a/deploy/adapters/ansible/roles/common/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/common/vars/Debian.yml
@@ -2,5 +2,9 @@
 packages:
   - ubuntu-cloud-keyring
   - python-dev
+  - openvswitch-datapath-dkms
+  - openvswitch-switch
+
+services: []
 
 ntp_service: ntp
diff --git a/deploy/adapters/ansible/roles/common/vars/RedHat.yml b/deploy/adapters/ansible/roles/common/vars/RedHat.yml
index f75c253e..57172b7f 100644
--- a/deploy/adapters/ansible/roles/common/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/common/vars/RedHat.yml
@@ -1,5 +1,9 @@
 ---
 packages:
   - python-devel
+  - openvswitch
+
+services:
+  - openvswitch
 
 ntp_service: ntpd
diff --git a/deploy/adapters/ansible/roles/database/tasks/main.yml b/deploy/adapters/ansible/roles/database/tasks/main.yml
index 05697730..71916751 100644
--- a/deploy/adapters/ansible/roles/database/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/database/tasks/main.yml
@@ -7,8 +7,8 @@
     - mysql_user
 
 - include: mysql.yml
-  when: HA_CLUSTER is not defined
+  when: haproxy_hosts is not defined
 
 - include: mariadb.yml
-  when: HA_CLUSTER is defined
+  when: haproxy_hosts is defined
 
diff --git a/deploy/adapters/ansible/roles/database/tasks/mariadb.yml b/deploy/adapters/ansible/roles/database/tasks/mariadb.yml
index dbd76c68..3626777b 100644
--- a/deploy/adapters/ansible/roles/database/tasks/mariadb.yml
+++ b/deploy/adapters/ansible/roles/database/tasks/mariadb.yml
@@ -1,4 +1,9 @@
 ---
+#- name: delete default maridb-libs
+#  action: "{{ ansible_pkg_mgr }} name=mariadb-libs state=absent"
+#  when: ansible_os_family == "RedHat"
+#  ignore_errors: True
+
 - name: install python-mysqldb
   action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
   with_items: maridb_packages | union(packages_noarch)
@@ -19,8 +24,19 @@
 - name: update wsrep_sst_rsync gid
   lineinfile: dest=/usr/bin/wsrep_sst_rsync state=absent regexp="\s*gid = \$MYGID$"  backup=yes
 
-- name: manually restart mysql server
+- name: restart first mysql server
+  shell: service mysql restart --wsrep-cluster-address="gcomm://"
+  when: inventory_hostname == haproxy_hosts.keys()[0]
+  register: result
+  until: result|success
+  retries: 5
+  delay: 5
+  tags:
+    - mysql_restart
+
+- name: restart other mysql server
   service: name=mysql state=restarted enabled=yes
+  when: inventory_hostname != haproxy_hosts.keys()[0]
   register: result
   until: result|success
   retries: 5
@@ -34,6 +50,6 @@
 
 - name: create database/user
   shell: /opt/data.sh
-  when: HA_CLUSTER[inventory_hostname] == ''
+  run_once: True
   tags:
     - mysql_user
diff --git a/deploy/adapters/ansible/roles/database/templates/wsrep.cnf b/deploy/adapters/ansible/roles/database/templates/wsrep.cnf
index 81699796..6c14b155 100644
--- a/deploy/adapters/ansible/roles/database/templates/wsrep.cnf
+++ b/deploy/adapters/ansible/roles/database/templates/wsrep.cnf
@@ -48,7 +48,7 @@ wsrep_provider={{ wsrep_provider_file }}
 wsrep_cluster_name="my_wsrep_cluster"
 
 # Group communication system handle
-wsrep_cluster_address=gcomm://{{ HA_CLUSTER[inventory_hostname] }}
+wsrep_cluster_address=gcomm://{{ haproxy_hosts.values()|join(",") }}
 
 # Human-readable node name (non-unique). Hostname by default.
 #wsrep_node_name=
@@ -56,7 +56,7 @@ wsrep_cluster_address=gcomm://{{ HA_CLUSTER[inventory_hostname] }}
 # Base replication <address|hostname>[:port] of the node.
 # The values supplied will be used as defaults for state transfer receiving,
 # listening ports and so on. Default: address of the first network interface.
-wsrep_node_address={{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}
+wsrep_node_address={{ internal_ips[inventory_hostname] }}
 
 # Address for incoming client connections. Autodetect by default.
 #wsrep_node_incoming_address=
diff --git a/deploy/adapters/ansible/roles/database/vars/Debian.yml b/deploy/adapters/ansible/roles/database/vars/Debian.yml
index 79f7008c..15657d58 100644
--- a/deploy/adapters/ansible/roles/database/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/database/vars/Debian.yml
@@ -7,10 +7,9 @@ mysql_packages:
 maridb_packages:
   - libaio1
   - libssl0.9.8
-  - mysql-client-5.5
   - python-mysqldb
-  - mysql-wsrep-server
-  - galera
+  - mysql-wsrep-server-5.5
+  - galera-3
 
 services: []
 
diff --git a/deploy/adapters/ansible/roles/database/vars/RedHat.yml b/deploy/adapters/ansible/roles/database/vars/RedHat.yml
index 1e4b427a..12eedf51 100644
--- a/deploy/adapters/ansible/roles/database/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/database/vars/RedHat.yml
@@ -4,8 +4,8 @@ mysql_packages:
   - mysql-server
 
 maridb_packages:
+  - MariaDB-Galera-server
   - MariaDB-client
-  - MariaDB-server
   - galera
 
 services: []
diff --git a/deploy/adapters/ansible/roles/ext-network/handlers/main.yml b/deploy/adapters/ansible/roles/ext-network/handlers/main.yml
new file mode 100644
index 00000000..d6c5cc8f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/ext-network/handlers/main.yml
@@ -0,0 +1,21 @@
+---
+- name: restart neutron-plugin-openvswitch-agent
+  service: name=neutron-plugin-openvswitch-agent state=restarted enabled=yes
+  when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}"
+
+- name: restart neutron-l3-agent
+  service: name=neutron-l3-agent state=restarted enabled=yes
+
+- name: kill dnsmasq
+  command: killall dnsmasq
+  ignore_errors: True
+
+- name: restart neutron-dhcp-agent
+  service: name=neutron-dhcp-agent state=restarted enabled=yes
+
+- name: restart neutron-metadata-agent
+  service: name=neutron-metadata-agent state=restarted enabled=yes
+
+- name: restart xorp
+  service: name=xorp state=restarted enabled=yes sleep=10
+  ignore_errors: True
diff --git a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
new file mode 100644
index 00000000..bffb995f
--- /dev/null
+++ b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
@@ -0,0 +1,57 @@
+---
+- name: create external net
+  neutron_network:
+    login_username: ADMIN
+    login_password: "{{ ADMIN_PASS }}"
+    login_tenant_name: admin
+    auth_url: "http://{{ HA_VIP }}:35357/v2.0"
+    name: "{{ public_net_info.network }}"
+    provider_network_type: "{{ public_net_info.type }}"
+    provider_physical_network: "{{ public_net_info.provider_network }}"
+    provider_segmentation_id: "{{ public_net_info.segment_id}}"
+    shared: true
+    router_external: yes
+    state: present
+  run_once: true
+  when: 'public_net_info.enable == True'
+
+- name: create external subnet
+  neutron_subnet:
+    login_username: ADMIN
+    login_password: "{{ ADMIN_PASS }}"
+    login_tenant_name: admin
+    auth_url: "http://{{ HA_VIP }}:35357/v2.0"
+    name: "{{ public_net_info.subnet }}"
+    network_name: "{{ public_net_info.network }}"
+    cidr: "{{ public_net_info.floating_ip_cidr }}"
+    enable_dhcp: "{{ public_net_info.enable_dhcp }}"
+    no_gateway: "{{ public_net_info.no_gateway }}"
+    gateway_ip: "{{ public_net_info.external_gw }}"
+    allocation_pool_start: "{{ public_net_info.floating_ip_start }}"
+    allocation_pool_end: "{{ public_net_info.floating_ip_end }}"
+    state: present
+  run_once: true
+  when: 'public_net_info.enable == True'
+
+- name: create external router
+  neutron_router:
+    login_username: ADMIN
+    login_password: "{{ ADMIN_PASS }}"
+    login_tenant_name: admin
+    auth_url: "http://{{ HA_VIP }}:35357/v2.0"
+    name: "{{ public_net_info.router }}"
+    state: present
+  run_once: true
+  when: 'public_net_info.enable == True'
+
+- name: set external router gateway
+  neutron_router_gateway:
+    login_username: ADMIN
+    login_password: "{{ ADMIN_PASS }}"
+    login_tenant_name: admin
+    auth_url: "http://{{ HA_VIP }}:35357/v2.0"
+    router_name: "{{ public_net_info.router }}"
+    network_name: "{{ public_net_info.network }}"
+    state: present
+  run_once: true
+  when: 'public_net_info.enable == True'
diff --git a/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml b/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml
index 0960acfc..e2390d0e 100644
--- a/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml
+++ b/deploy/adapters/ansible/roles/glance/tasks/glance_config.yml
@@ -1,10 +1,12 @@
 ---
 - name: init glance db version
   shell: glance-manage db_version_control 0
+  run_once: True
   when: ansible_os_family == "Debian"
 
 - name: sync glance db
   shell: sleep 15; su -s /bin/sh -c "glance-manage db_sync" glance
+  run_once: True
   register: result
   until: result.rc == 0
   retries: 5
@@ -28,6 +30,7 @@
   wait_for: host={{ image_host }} port=9292 delay=5
 
 - name: run image upload
+  run_once: True
   shell: for i in {0..5}; do /opt/image_upload.sh && touch image_upload_completed; if [ $? != 0 ] ;then sleep 5; else break;fi;done
   args:
     creates: image_upload_completed
diff --git a/deploy/adapters/ansible/roles/glance/tasks/main.yml b/deploy/adapters/ansible/roles/glance/tasks/main.yml
index 5d7db8e9..64b8ca9d 100644
--- a/deploy/adapters/ansible/roles/glance/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/glance/tasks/main.yml
@@ -12,7 +12,7 @@
     - nfs
 
 - include: glance_config.yml
-  when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == ''
+  run_once: True
   tags:
     - config
     - glance_config
diff --git a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg
index 4ed528ad..4b20db03 100644
--- a/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg
+++ b/deploy/adapters/ansible/roles/ha/templates/haproxy.cfg
@@ -30,8 +30,8 @@ listen  proxy-glance_registry_cluster
     option tcpka
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:9191 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:9191 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-glance_api_cluster
@@ -40,8 +40,8 @@ listen  proxy-glance_api_cluster
     option httpchk
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:9292 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:9292 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-nova-novncproxy
@@ -49,8 +49,8 @@ listen  proxy-nova-novncproxy
     option tcpka
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:6080 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:6080 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-network
@@ -58,8 +58,8 @@ listen  proxy-network
     option tcpka
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:9696 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:9696 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-volume
@@ -68,8 +68,8 @@ listen  proxy-volume
     option httpchk
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8776 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:8776 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-keystone_admin_cluster
@@ -78,8 +78,8 @@ listen  proxy-keystone_admin_cluster
     option httpchk
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:35357 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:35357 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-keystone_public_internal_cluster
@@ -88,8 +88,8 @@ listen  proxy-keystone_public_internal_cluster
     option httpchk
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:5000 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:5000 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-nova_compute_api_cluster
@@ -98,8 +98,8 @@ listen  proxy-nova_compute_api_cluster
     option httpchk
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8774 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:8774 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-nova_metadata_api_cluster
@@ -107,8 +107,8 @@ listen  proxy-nova_metadata_api_cluster
     option tcpka
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8775 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:8775 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen  proxy-cinder_api_cluster
@@ -117,8 +117,8 @@ listen  proxy-cinder_api_cluster
     option httpchk
     option tcplog
     balance source
-{% for host in groups['controller'] %}
-    server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8776 weight 1 check inter 2000 rise 2 fall 5
+{% for host,ip in haproxy_hosts.items() %}
+    server {{ host }} {{ ip }}:8776 weight 1 check inter 2000 rise 2 fall 5
 {% endfor %}
 
 listen stats
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
index 4ba3ad03..78ac970b 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
@@ -2,6 +2,7 @@
 - name: keystone-manage db-sync
   shell: su -s /bin/sh -c "keystone-manage db_sync"
   register: result
+  run_once: True
   until: result.rc == 0
   retries: 5
   delay: 3
@@ -10,6 +11,7 @@
   template: src=keystone_init dest=/opt/keystone_init mode=0744
 
 - name: run keystone_init
+  run_once: True
   shell: /opt/keystone_init && touch keystone_init_complete || keystone_init_failed
   args:
     creates: keystone_init_complete
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index 2f36e911..3ff37342 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -6,7 +6,6 @@
     - keystone
 
 - include: keystone_config.yml
-  when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == ''
   tags:
     - config
     - keystone_config
diff --git a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml b/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml
index cb83a0c9..fdc18a65 100644
--- a/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml
+++ b/deploy/adapters/ansible/roles/mq/tasks/rabbitmq_cluster.yml
@@ -1,11 +1,11 @@
 ---
 - name: stop rabbitmq app
   command: rabbitmqctl stop_app
-  when: HA_CLUSTER[inventory_hostname] != ''
+  run_once: True
 
 - name: rabbitmqctl reset
   command: rabbitmqctl reset
-  when: HA_CLUSTER[inventory_hostname] != ''
+  run_once: True
 
 - name: stop  rabbitmq
   shell:  rabbitmqctl stop
diff --git a/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml b/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml
index 825178b2..ed97d539 100644
--- a/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml
+++ b/deploy/adapters/ansible/roles/neutron-compute/defaults/main.yml
@@ -1,2 +1 @@
 ---
-neutron_ovs_bridge_mappings: ""
diff --git a/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml
index 6c1f3bd9..e7ee13fc 100644
--- a/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/neutron-compute/tasks/main.yml
@@ -28,7 +28,7 @@
   with_items: services | union(services_noarch)
 
 - name: config ml2 plugin
-  template: src=ml2_conf.ini
+  template: src=templates/ml2_conf.ini
             dest=/etc/neutron/plugins/ml2/ml2_conf.ini
             backup=yes
 
@@ -44,9 +44,6 @@
 
 - meta: flush_handlers
 
-- name: add br-int
-  openvswitch_bridge: bridge=br-int state=present
-
 - include: ../../neutron-network/tasks/odl.yml
   when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}"
 
diff --git a/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml b/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml
index a9d9bd18..844718ff 100644
--- a/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml
+++ b/deploy/adapters/ansible/roles/neutron-controller/handlers/main.yml
@@ -2,3 +2,4 @@
 - name: restart neutron control services
   service: name={{ item }}  state=restarted enabled=yes
   with_items: services | union(services_noarch)
+  when: item != "neutron-server"
diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml
index 5ac1e045..5b3640d7 100644
--- a/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/neutron-controller/tasks/main.yml
@@ -6,7 +6,6 @@
     - neutron
 
 - include: neutron_config.yml
-  when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == ''
   tags:
     - config
     - neutron_config
diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml
index c575b328..991e33cc 100644
--- a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml
+++ b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_config.yml
@@ -2,10 +2,17 @@
 - name: neutron-db-manage upgrade to Juno
   shell: neutron-db-manage --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
   register: result
+  run_once: True
   until: result.rc == 0
   retries: 5
   delay: 3
   notify:
     - restart neutron control services
 
+- name: restart neutron-server
+  service: name=neutron-server  state=restarted enabled=yes
+  delegate_to: "{{ item }}"
+  run_once: True
+  with_items: groups['controller']
+
 - meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml
index 96f17231..9655c0b3 100644
--- a/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml
+++ b/deploy/adapters/ansible/roles/neutron-controller/tasks/neutron_install.yml
@@ -17,7 +17,7 @@
   template: src=templates/neutron.conf dest=/etc/neutron/neutron.conf backup=yes
 
 - name: update ml2 plugin conf
-  template: src=ml2_conf.ini dest=/etc/neutron/plugins/ml2/ml2_conf.ini backup=yes
+  template: src=templates/ml2_conf.ini dest=/etc/neutron/plugins/ml2/ml2_conf.ini backup=yes
 
 - name: ln plugin.ini
   file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
diff --git a/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml b/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml
index 14eb730c..24557b4e 100644
--- a/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/neutron-controller/vars/RedHat.yml
@@ -3,5 +3,4 @@ packages:
   - openstack-neutron
   - openstack-neutron-ml2
 
-services:
-  - neutron-server
+services: []
diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml
index 6e4ed200..d1052897 100644
--- a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml
@@ -44,7 +44,7 @@
             dest=/etc/neutron/metadata_agent.ini backup=yes
 
 - name: config ml2 plugin
-  template: src=ml2_conf.ini
+  template: src=templates/ml2_conf.ini
             dest=/etc/neutron/plugins/ml2/ml2_conf.ini
             backup=yes
 
@@ -58,13 +58,6 @@
 
 - meta: flush_handlers
 
-- name: add br-int
-  openvswitch_bridge: bridge=br-int state=present
-
-- name: add br-ex
-  openvswitch_bridge: bridge=br-ex state=present
-  when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
 - name: ln plugin.ini
   file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
 
@@ -73,11 +66,6 @@
 
 - meta: flush_handlers
 
-- name: assign a port to br-ex for physical ext interface
-  openvswitch_port: bridge=br-ex port={{ INTERFACE_NAME }}
-                    state=present
-  when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}"
-
 - include: igmp-router.yml
   when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }} and ansible_os_family == 'Debian'"
 
diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml
index 72a9f4d4..de2563d7 100644
--- a/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/nova-controller/tasks/main.yml
@@ -6,7 +6,6 @@
     - nova
 
 - include: nova_config.yml
-  when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == ''
   tags:
     - config
     - nova_config
diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
index fbf8e773..df2d5dad 100644
--- a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
+++ b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
@@ -3,6 +3,7 @@
   command: su -s /bin/sh -c "nova-manage db sync" nova
   register: result
   until: result.rc == 0
+  run_once: True
   retries: 5
   delay: 3
   notify:
diff --git a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml
new file mode 100644
index 00000000..94816044
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: add ovs bridge
+  openvswitch_bridge: bridge={{ item["name"] }} state=present
+  with_items: "{{ network_cfg['provider_net_mappings'] }}"
+  when: 'item["type"] == "ovs"'
+
+- name: add ovs uplink
+  openvswitch_port: bridge={{ item["name"] }} port={{ item["interface"] }} state=present
+  with_items: "{{ network_cfg['provider_net_mappings'] }}"
+  when: 'item["type"] == "ovs"'
+
+- name: add ovs uplink
+  shell: ip link set {{ item["interface"] }} up
+  with_items: "{{ network_cfg['provider_net_mappings'] }}"
+  when: 'item["type"] == "ovs"'
+
+- name: setup sys intf
+  shell: ip link del {{ item["name"] }}; \
+         ip link add link {{ item["interface"] }} name {{ item["name"] }} type vlan id {{ item["vlan_tag"] }}; \
+         ip link set {{ item["interface"] }} up
+  when: '"vlan_tag" in item'
+  with_items: "{{ network_cfg['sys_intf_mappings'] }}"
+
+
+- name: set sys intf ip
+  shell: ip addr del {{ item["ip"] }}/{{ item["netmask"] }} dev {{ item["alias"] }}; \
+         ip addr add {{ item["ip"] }}/{{ item["netmask"] }} dev {{ item["alias"] }}; \
+         ip link set {{ item["alias"] }} up
+  with_items: "{{ host_ip_settings }}"
+
+- name: set gateway
+  shell: ip route del default; \
+         ip route add default via {{ item["gw"] }} dev {{ item["alias"] }}
+  when: '"gw" in item'
+  with_items: "{{ host_ip_settings }}"
+
+- name: copy net config
+  template:  src=my_configs.debian dest=/etc/network/interfaces.d/my_configs.cfg
+  when: ansible_os_family == "Debian"
+
+- name: source net config
+  lineinfile: dest=/etc/network/interfaces line='source /etc/network/interfaces.d/my_configs.cfg'
+  when: ansible_os_family == "Debian"
diff --git a/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian b/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian
new file mode 100644
index 00000000..54031ed4
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-network/templates/my_configs.debian
@@ -0,0 +1,16 @@
+{%- for intf in host_ip_settings %}
+
+auto {{ intf["alias"] }}
+iface {{ intf["alias"] }} inet static
+    address {{ intf["ip"] }}
+    netmask {{ intf["netmask"] }}
+{% if "gw" in intf %}
+    gateway {{ intf["gw"] }}
+{% endif %}
+{% for sys_intf in network_cfg["sys_intf_mappings"] %}
+{% if "vlan_tag" in sys_intf and sys_intf["name"] == intf["alias"] %}
+    pre-up ip link set {{ sys_intf["interface"] }} up
+    pre-up ip link add link {{ sys_intf["interface"] }} name {{ sys_intf["name"] }} type vlan id {{ sys_intf["vlan_tag"] }}
+{% endif %}
+{% endfor %}
+{% endfor %}
diff --git a/deploy/conf/network_cfg.yaml b/deploy/conf/network_cfg.yaml
index 73d05ac2..8d8d3216 100644
--- a/deploy/conf/network_cfg.yaml
+++ b/deploy/conf/network_cfg.yaml
@@ -6,17 +6,31 @@ provider_net_mappings:
     network: physnet
     interface: eth1
     type: ovs
+    role:
+      - controller
+      - compute
 
 sys_intf_mappings:
   - name: mgmt
     interface: eth1
     vlan_tag: 2
+    role:
+      - controller
+      - compute
+
   - name: storage
     interface: eth1
     vlan_tag: 3
+    role:
+      - controller
+      - compute
+
   - name: external
     interface: br-prv
     vlan_tag: 4
+    role:
+      - controller
+      - compute
 
 ip_settings:
   - name: mgmt
@@ -24,12 +38,18 @@ ip_settings:
     - - "172.16.1.1"
       - "172.16.1.254"
     cidr: "172.16.1.0/24"
+    role:
+      - controller
+      - compute
 
   - name: storage
     ip_ranges:
     - - "172.16.2.1"
       - "172.16.2.254"
     cidr: "172.16.2.0/24"
+    role:
+      - controller
+      - compute
 
   - name: external
     ip_ranges:
@@ -37,8 +57,12 @@ ip_settings:
       - "172.16.3.100"
     cidr: "172.16.3.0/24"
     gw: "172.16.3.1"
+    role:
+      - controller
+      - compute
 
 public_net_info:
+  enable: False
   network: ext-net
   type: vlan
   segment_id: 1000
diff --git a/deploy/template/vm/host.xml b/deploy/template/vm/host.xml
index b399e6ff..11b29f0c 100644
--- a/deploy/template/vm/host.xml
+++ b/deploy/template/vm/host.xml
@@ -36,16 +36,6 @@
       <model type='virtio'/>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
     </interface>
-    <interface type='bridge'>
-      <source bridge='REPLACE_BRIDGE_PUBLIC'/>
-      <model type='virtio'/>
-      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
-    </interface>
-    <interface type='bridge'>
-      <source bridge='REPLACE_BRIDGE_STORAGE'/>
-      <model type='virtio'/>
-      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
-    </interface>
     <serial type='pty'>
       <source path='/dev/pts/0'/>
     </serial>
-- 
cgit 1.2.3-korg