Merge "Adds a wrapper script to run ovs-vsctl commands in the container"

2022-11-22 10:02:51 +00:00 · 2022-11-22 10:02:51 +00:00 · cf1a2a9211
commit cf1a2a9211
parent fb447eb70a a82443481e
5 changed files with 41 additions and 0 deletions
--- a/ansible/roles/openvswitch/defaults/main.yml
+++ b/ansible/roles/openvswitch/defaults/main.yml
@ -96,6 +96,8 @@ openvswitch_extra_volumes: "{{ default_extra_volumes }}"
 openvswitch_db_extra_volumes: "{{ openvswitch_extra_volumes }}"
 openvswitch_vswitchd_extra_volumes: "{{ openvswitch_extra_volumes }}"

+openvswitch_ovs_vsctl_wrapper_enabled: false
+
 #############
 # OpenvSwitch
 #############
--- a/ansible/roles/openvswitch/tasks/config.yml
+++ b/ansible/roles/openvswitch/tasks/config.yml
@ -52,3 +52,16 @@
    - service.enabled | bool
  notify:
    - "Restart openvswitch-db-server container"
+
+- name: Copying over ovs-vsctl wrapper
+  vars:
+    service: "{{ openvswitch_services['openvswitch-vswitchd'] }}"
+  template:
+    src: "ovs-vsctl.j2"
+    dest: "/usr/bin/ovs-vsctl"
+    mode: "0755"
+  become: true
+  when:
+    - service.host_in_groups | bool
+    - service.enabled | bool
+    - openvswitch_ovs_vsctl_wrapper_enabled | bool
--- a/ansible/roles/openvswitch/templates/ovs-vsctl.j2
+++ b/ansible/roles/openvswitch/templates/ovs-vsctl.j2
@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec docker exec openvswitch_vswitchd ovs-vsctl "$@"
--- a/doc/source/reference/compute/libvirt-guide.rst
+++ b/doc/source/reference/compute/libvirt-guide.rst
@ -54,6 +54,23 @@ libvirt as a host daemon. However, since the Yoga release, if a libvirt daemon
 has already been set up, then Kolla Ansible may be configured to use it. This
 may be achieved by setting ``enable_nova_libvirt_container`` to ``false``.

+When the firewall driver is set to ``openvswitch``, libvirt will plug VMs
+directly into the integration bridge, ``br-int``. To do this it uses the
+``ovs-vsctl`` utility. The search path for this binary is controlled by the
+``$PATH`` environment variable (as seen by the libvirt process). There are a
+few options to ensure that this binary can be found:
+
+* Set ``openvswitch_ovs_vsctl_wrapper_enabled`` to ``True``. This will install
+  a wrapper script to the path: ``/usr/bin/ovs-vsctl`` that will execute
+  ``ovs-vsctl`` in the context of the ``openvswitch_vswitchd`` container. This
+  option is useful if you do not have openvswitch installed on the host. It
+  also has the advantage that the ``ovs-vsctl`` utility will match the version
+  of the server.
+
+* Install openvswitch on the hypervisor. Kolla mounts ``/run/openvswitch`` from
+  the host into the ``openvswitch_vswitchd`` container. This means that socket
+  is in the location ``ovs-vsctl`` expects with its default options.
+
 Migration from container to host
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--- a/releasenotes/notes/adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml
+++ b/releasenotes/notes/adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds a new flag, ``openvswitch_ovs_vsctl_wrapper_enabled`` which will
+    install a wrapper script to ``/usr/bin/ovs-vsctl`` to docker exec into
+    the openvswitchd container.