Adds Neutron Agents Support

Previously, the agents ran in seperate containers. Since some of
the agents create and use network namespaces, runnning them in
seperate containers has become a challenge. This patch adds
neutron agent support in a single container.

Partially Implements: blueprint compute-operation-neutron

Change-Id: If4f893abd50d90b58e8435ec2659870dce36951c

compose/linux-bridge.yml

@@ -1,7 +0,0 @@
-linuxbridge:
-  image: kollaglue/centos-rdo-linux-bridge
-  name: neutron-linuxbridge-agent
-  net: "host"
-  restart: always
-  env_file:
-   - openstack.env

compose/neutron-agents.yml

@@ -0,0 +1,11 @@
+neutronagents:
+  image: kollaglue/centos-rdo-neutron-agents:latest
+  name: neutron-agents
+  net: "host"
+  privileged: true
+ restart: always
+  volumes:
+    - /var/run/netns/:/var/run/netns/
+    - /lib/modules:/lib/modules:ro
+  env_file:
+   - openstack.env

compose/nova-compute.yml

@@ -0,0 +1,38 @@
+computedata:
+   image: kollaglue/centos-rdo-nova-compute-data
+   name: computedata
+
+libvirt:
+   image: kollaglue/centos-rdo-nova-libvirt
+   name: libvirt
+   net: host
+   pid: host
+   privileged: true
+   restart: always
+   env_file:
+    - openstack.env
+   volumes:
+    - /run:/run
+    - /sys/fs/cgroup:/sys/fs/cgroup
+    - /var/lib/nova:/var/lib/nova
+    - /var/lib/libvirt:/var/lib/libvirt
+    - /etc/libvirt/qemu:/etc/libvirt/qemu
+   volumes_from:
+    - computedata
+
+novacompute:
+   image: kollaglue/centos-rdo-nova-compute
+   name: nova-compute
+   net: host
+   privileged: true
+   restart: always
+   env_file:
+    - openstack.env
+   volumes:
+    - /run:/run
+    - /sys/fs/cgroup:/sys/fs/cgroup
+    - /var/lib/nova:/var/lib/nova
+    - /var/lib/libvirt:/var/lib/libvirt
+    - /etc/libvirt/qemu:/etc/libvirt/qemu
+   volumes_from:
+    - computedata

docker/neutron/agents/dhcp/Dockerfile

@@ -1,13 +0,0 @@
-FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base
-MAINTAINER Kolla Project (https://launchpad.net/kolla)
-
-# Install required packages
-RUN yum install -y openstack-neutron && yum clean all
-
-# Add required scripts
-ADD ./start.sh /start.sh
-ADD ./check.sh /check.sh
-ADD ./sudoers.sh /sudoers.sh
-
-# Configure and run the service
-CMD ["/start.sh"]

docker/neutron/agents/dhcp/build

@@ -1 +0,0 @@
-../../../../tools/build-docker-image

docker/neutron/agents/dhcp/start.sh

@@ -1,46 +0,0 @@
-#!/bin/bash
-
-set -e
-
-. /opt/kolla/config-neutron.sh
-. /sudoers.sh
-
-: ${INTERFACE_DRIVER:=neutron.agent.linux.interface.BridgeInterfaceDriver}
-: ${DHCP_DRIVER:=neutron.agent.linux.dhcp.Dnsmasq}
-: ${USE_NAMESPACES:=false}
-
-check_required_vars VERBOSE_LOGGING DEBUG_LOGGING NEUTRON_DHCP_AGENT_LOG_FILE
-
-cfg=/etc/neutron/dhcp_agent.ini
-neutron_conf=/etc/neutron/neutron.conf
-
-# Logging
-crudini --set $neutron_conf \
-        DEFAULT \
-        log_file \
-        "${NEUTRON_DHCP_AGENT_LOG_FILE}"
-
-# Configure dhcp_agent.ini
-crudini --set $cfg \
-        DEFAULT \
-        verbose \
-        "${VERBOSE_LOGGING}"
-crudini --set $cfg \
-        DEFAULT \
-        debug \
-        "${DEBUG_LOGGING}"
-crudini --set $cfg \
-        DEFAULT \
-        interface_driver \
-        "${INTERFACE_DRIVER}"
-crudini --set $cfg \
-        DEFAULT \
-        dhcp_driver \
-        "${DHCP_DRIVER}"
-crudini --set $cfg \
-        DEFAULT \
-        use_namespaces \
-        "${USE_NAMESPACES}"
-
-# Start DHCP Agent
-exec /usr/bin/neutron-dhcp-agent

docker/neutron/agents/l3/Dockerfile

@@ -1,13 +0,0 @@
-FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base
-MAINTAINER Kolla Project (https://launchpad.net/kolla)
-
-# Install required packages
-RUN yum install -y openstack-neutron && yum clean all
-
-# Add required scripts
-ADD ./start.sh /start.sh
-ADD ./check.sh /check.sh
-ADD ./sudoers.sh /sudoers.sh
-
-# Configure and run the service
-CMD ["/start.sh"]

docker/neutron/agents/l3/build

@@ -1 +0,0 @@
-../../../../tools/build-docker-image

docker/neutron/agents/l3/start.sh

@@ -1,61 +0,0 @@
-#!/bin/bash
-
-set -e
-
-. /opt/kolla/config-neutron.sh
-. /sudoers.sh
-
-: ${INTERFACE_DRIVER:=neutron.agent.linux.interface.BridgeInterfaceDriver}
-: ${USE_NAMESPACES:=false}
-
-check_required_vars VERBOSE_LOGGING DEBUG_LOGGING NEUTRON_L3_AGENT_LOG_FILE
-
-cfg=/etc/neutron/l3_agent.ini
-neutron_conf=/etc/neutron/neutron.conf
-
-# Logging
-crudini --set $neutron_conf \
-        DEFAULT \
-        log_file \
-        "${NEUTRON_L3_AGENT_LOG_FILE}"
-
-# Configure l3_agent.ini
-crudini --set $cfg \
-        DEFAULT \
-        verbose \
-        "${VERBOSE_LOGGING}"
-crudini --set $cfg \
-        DEFAULT \
-        debug \
-        "${DEBUG_LOGGING}"
-crudini --set $cfg \
-        DEFAULT \
-        interface_driver \
-        "${INTERFACE_DRIVER}"
-crudini --set $cfg \
-        DEFAULT \
-        gateway_external_network_id \
-        ""
-crudini --set $cfg \
-        DEFAULT \
-        external_network_bridge \
-        ""
-crudini --set $cfg \
-        DEFAULT \
-        use_namespaces \
-        "${USE_NAMESPACES}"
-
-if [ "${USE_NAMESPACES}" == "false" ] || [ "${USE_NAMESPACES}" == "False" ] ; then
-  # source Keystone credential file
-  source /openrc
-  # Create router if it does not exist
-  /usr/bin/neutron router-list | grep admin-router || /usr/bin/neutron router-create admin-router
-  # Set router-id
-  crudini --set $cfg \
-        DEFAULT \
-        router_id \
-        "$(/usr/bin/neutron router-list | awk '/ admin-router / {print $2}')"
-fi
-
-# Start L3 Agent
-exec /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini

docker/neutron/agents/l3/sudoers.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Neutron uses rootwrap which requires a tty for sudo.
-# Since the container is running in daemon mode, a tty
-# is not present and requiretty must be commented out.
-if [ ! -f /var/run/sudo-modified ]; then
-  chmod 0640 /etc/sudoers
-  sed -i '/Defaults    requiretty/s/^/#/' /etc/sudoers
-  chmod 0440 /etc/sudoers
-fi
-
-touch /var/run/sudo-modified

docker/neutron/agents/linux-bridge/Dockerfile

@@ -1,14 +0,0 @@
-FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base
-MAINTAINER Kolla Project (https://launchpad.net/kolla)
-
-# Install required packages
-RUN yum install -y openstack-neutron \
-        openstack-neutron-linuxbridge && yum clean all
-
-# Add required scripts
-ADD ./start.sh /start.sh
-ADD ./check.sh /check.sh
-ADD ./sudoers.sh /sudoers.sh
-
-# Configure and run the service
-CMD ["/start.sh"]

docker/neutron/agents/linux-bridge/build

@@ -1 +0,0 @@
-../../../../tools/build-docker-image

docker/neutron/agents/linux-bridge/check.sh

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-RES=0
-
-if ! /usr/sbin/brctl show; then
-    echo "ERROR: brctl show failed" >&2
-    RES=1
-fi
-
-exit $RES

docker/neutron/agents/linux-bridge/start.sh

@@ -1,36 +0,0 @@
-#!/bin/bash
-
-set -e
-
-. /opt/kolla/config-neutron.sh
-. /sudoers.sh
-
-: ${NEUTRON_FLAT_NETWORK_NAME:=physnet1}
-: ${NEUTRON_FLAT_NETWORK_INTERFACE:=eth1}
-
-check_required_vars PUBLIC_IP NEUTRON_LINUXBRIDGE_AGENT_LOG_FILE
-
-cfg=/etc/neutron/plugins/ml2/ml2_conf.ini
-neutron_conf=/etc/neutron/neutron.conf
-
-# Logging
-crudini --set $neutron_conf \
-        DEFAULT \
-        log_file \
-        "${NEUTRON_LINUXBRIDGE_AGENT_LOG_FILE}"
-
-# Configure ml2_conf.ini
-crudini --set $cfg \
-        vxlan \
-        local_ip \
-        "${PUBLIC_IP}"
-crudini --set $cfg \
-        linux_bridge \
-        physical_interface_mappings \
-        "${NEUTRON_FLAT_NETWORK_NAME}:${NEUTRON_FLAT_NETWORK_INTERFACE}"
-
-#Initialization scripts expect a symbolic link
-/usr/bin/ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
-
-# Start the linux bridge agent.
-exec /usr/bin/neutron-linuxbridge-agent

docker/neutron/agents/linux-bridge/sudoers.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Neutron uses rootwrap which requires a tty for sudo.
-# Since the container is running in daemon mode, a tty
-# is not present and requiretty must be commented out.
-if [ ! -f /var/run/sudo-modified ]; then
-  chmod 0640 /etc/sudoers
-  sed -i '/Defaults    requiretty/s/^/#/' /etc/sudoers
-  chmod 0440 /etc/sudoers
-fi
-
-touch /var/run/sudo-modified

docker/neutron/agents/metadata/Dockerfile

@@ -1,13 +0,0 @@
-FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base
-MAINTAINER Kolla Project (https://launchpad.net/kolla)
-
-# Install required packages
-RUN yum install -y openstack-neutron && yum clean all
-
-# Add required scripts
-ADD ./start.sh /start.sh
-ADD ./check.sh /check.sh
-ADD ./sudoers.sh /sudoers.sh
-
-# Configure and run the service
-CMD ["/start.sh"]

docker/neutron/agents/metadata/build

@@ -1 +0,0 @@
-../../../../tools/build-docker-image

docker/neutron/agents/metadata/sudoers.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# Neutron uses rootwrap which requires a tty for sudo.
-# Since the container is running in daemon mode, a tty
-# is not present and requiretty must be commented out.
-if [ ! -f /var/run/sudo-modified ]; then
-  chmod 0640 /etc/sudoers
-  sed -i '/Defaults    requiretty/s/^/#/' /etc/sudoers
-  chmod 0440 /etc/sudoers
-fi
-
-touch /var/run/sudo-modified

docker/neutron/neutron-agents/Dockerfile

@@ -0,0 +1,33 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+# Install supervisor
+RUN easy_install supervisor
+
+# Install supervisor-stdout
+RUN pip install supervisor-stdout
+
+# Install required packages
+RUN yum install -y openstack-neutron-linuxbridge \
+        net-tools \
+        && yum clean all
+
+# Add config scripts
+ADD config-scripts/config-linuxbridge-agent.sh /opt/kolla/neutron/
+ADD config-scripts/config-dhcp-agent.sh /opt/kolla/neutron/
+ADD config-scripts/config-l3-agent.sh /opt/kolla/neutron/
+ADD config-scripts/config-metadata-agent.sh /opt/kolla/neutron/
+ADD config-scripts/config-sudoers.sh /opt/kolla/
+
+# Add check scripts
+ADD check-scripts/check-linuxbridge-agent.sh /opt/kolla/neutron/
+ADD check-scripts/check-dhcp-agent.sh /opt/kolla/neutron/
+ADD check-scripts/check-l3-agent.sh /opt/kolla/neutron/
+ADD check-scripts/check-metadata-agent.sh /opt/kolla/neutron/
+
+# Configure supervisord
+RUN mkdir -p /var/log/supervisor/
+ADD supervisord.conf /etc/
+
+# Start supervisor
+CMD ["/usr/bin/supervisord"]

docker/neutron/neutron-agents/build

@@ -0,0 +1 @@
+../../../tools/build-docker-image

docker/neutron/neutron-agents/check-scripts/check-linuxbridge-agent.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+RES=0
+
+check=$(/usr/bin/neutron agent-list | awk '/ Linux / {print $9}')
+error="ERROR: Neutron Linux Bridge agent is not alive."
+
+if [[ $check != ":-)" ]]; then
+    echo $error >&2
+    RES=1
+fi
+
+exit $RES

docker/neutron/neutron-agents/config-scripts/config-dhcp-agent.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+set -e
+
+. /opt/kolla/config-neutron.sh
+. /opt/kolla/config-sudoers.sh
+
+: ${DHCP_DRIVER:=neutron.agent.linux.dhcp.Dnsmasq}
+: ${USE_NAMESPACES:=true}
+: ${DELETE_NAMESPACES:=true}
+: ${DNSMASQ_CONFIG_FILE:=/etc/neutron/dnsmasq-neutron.conf}
+: ${ROOT_HELPER:=sudo neutron-rootwrap /etc/neutron/rootwrap.conf}
+
+check_required_vars VERBOSE_LOGGING DEBUG_LOGGING MECHANISM_DRIVERS \
+                    DHCP_DRIVER USE_NAMESPACES DELETE_NAMESPACES \
+                    NEUTRON_LOG_DIR DNSMASQ_CONFIG_FILE \
+
+cfg=/etc/neutron/dhcp_agent.ini
+neutron_conf=/etc/neutron/neutron.conf
+
+if [[ ${MECHANISM_DRIVERS} =~ .*linuxbridge.* ]]; then
+  interface_driver="neutron.agent.linux.interface.BridgeInterfaceDriver"
+elif [[ ${MECHANISM_DRIVERS} == "openvswitch" ]]; then
+  interface_driver="neutron.agent.linux.interface.OVSInterfaceDriver"
+fi
+
+# Logging
+crudini --set $neutron_conf \
+        DEFAULT \
+        log_file \
+        "${NEUTRON_DHCP_AGENT_LOG_FILE}"
+
+# Configure dhcp_agent.ini
+crudini --set $cfg \
+        DEFAULT \
+        verbose \
+        "${VERBOSE_LOGGING}"
+crudini --set $cfg \
+        DEFAULT \
+        debug \
+        "${DEBUG_LOGGING}"
+crudini --set $cfg \
+        DEFAULT \
+        interface_driver \
+        "$interface_driver"
+crudini --set $cfg \
+        DEFAULT \
+        dhcp_driver \
+        "${DHCP_DRIVER}"
+crudini --set $cfg \
+        DEFAULT \
+        use_namespaces \
+        "${USE_NAMESPACES}"
+crudini --set $cfg \
+        DEFAULT \
+        delete_namespaces \
+        "${DELETE_NAMESPACES}"
+crudini --set $cfg \
+        DEFAULT \
+        dnsmasq_config_file \
+        "${DNSMASQ_CONFIG_FILE}"
+crudini --set $cfg \
+        DEFAULT \
+        root_helper \
+        "${ROOT_HELPER}"
+
+cat > ${DNSMASQ_CONFIG_FILE} <<EOF
+dhcp-option-force=26,1450
+log-facility=${NEUTRON_LOG_DIR}/neutron-dnsmasq.log
+EOF
+
+# Start DHCP Agent
+exec /usr/bin/neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini

docker/neutron/neutron-agents/config-scripts/config-l3-agent.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+
+set -e
+
+. /opt/kolla/config-neutron.sh
+. /opt/kolla/config-sudoers.sh
+
+: ${USE_NAMESPACES:=true}
+
+check_required_vars VERBOSE_LOGGING DEBUG_LOGGING
+
+cfg=/etc/neutron/l3_agent.ini
+neutron_conf=/etc/neutron/neutron.conf
+
+# Logging
+crudini --set $neutron_conf \
+        DEFAULT \
+        log_file \
+        "${NEUTRON_L3_AGENT_LOG_FILE}"
+
+# Configure l3_agent.ini
+crudini --set $cfg \
+        DEFAULT \
+        verbose \
+        "${VERBOSE_LOGGING}"
+crudini --set $cfg \
+        DEFAULT \
+        debug \
+        "${DEBUG_LOGGING}"
+if [[ "${MECHANISM_DRIVERS}" =~ .*linuxbridge* ]] ; then
+  crudini --set $cfg \
+          DEFAULT \
+          interface_driver \
+          "neutron.agent.linux.interface.BridgeInterfaceDriver"
+  crudini --set $cfg \
+          DEFAULT \
+          gateway_external_network_id \
+          ""
+  crudini --set $cfg \
+          DEFAULT \
+          external_network_bridge \
+          ""
+elif [[ "${MECHANISM_DRIVERS}" =~ .*openvswitch* ]] ; then
+  crudini --set $cfg \
+          DEFAULT \
+          interface_driver \
+          "neutron.agent.linux.interface.OVSInterfaceDriver"
+  crudini --set $cfg \
+          DEFAULT \
+          gateway_external_network_id \
+          "${NEUTRON_FLAT_NETWORK_BRIDGE}"
+  crudini --set $cfg \
+          DEFAULT \
+          external_network_bridge \
+          "${NEUTRON_FLAT_NETWORK_BRIDGE}"
+fi
+
+crudini --set $cfg \
+        DEFAULT \
+        use_namespaces \
+        "${USE_NAMESPACES}"
+
+if [ "${USE_NAMESPACES}" == "false" ] ; then
+  source /openrc
+  # Create router if it does not exist
+  /usr/bin/neutron router-list | grep admin-router || /usr/bin/neutron router-create admin-router
+  # Set router-id
+  crudini --set $cfg \
+          DEFAULT \
+          router_id \
+          "$(/usr/bin/neutron router-list | awk '/ admin-router / {print $2}')"
+elif [ "${USE_NAMESPACES}" == "true" ] ; then
+  crudini --set $cfg \
+          DEFAULT \
+          router_delete_namespaces \
+          "true"
+fi
+
+# Start L3 Agent
+exec /usr/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini

docker/neutron/neutron-agents/config-scripts/config-linuxbridge-agent.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+set -e
+
+. /opt/kolla/config-neutron.sh
+. /opt/kolla/config-sudoers.sh
+
+: ${NEUTRON_FLAT_NETWORK_NAME:=physnet1}
+: ${NEUTRON_FLAT_NETWORK_INTERFACE:=eth1}
+
+check_required_vars PUBLIC_IP NEUTRON_FLAT_NETWORK_NAME \
+                    NEUTRON_FLAT_NETWORK_INTERFACE
+
+cfg=/etc/neutron/plugins/ml2/ml2_conf.ini
+
+# Configure ml2_conf.ini
+if [[ ${TYPE_DRIVERS} =~ .*vxlan.* ]]; then
+  crudini --set $cfg \
+          vxlan \
+          local_ip \
+          "${PUBLIC_IP}"
+fi
+
+crudini --set $cfg \
+        linux_bridge \
+        physical_interface_mappings \
+        "${NEUTRON_FLAT_NETWORK_NAME}:${NEUTRON_FLAT_NETWORK_INTERFACE}"
+
+exec /usr/bin/neutron-linuxbridge-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini

docker/neutron/neutron-agents/config-scripts/config-metadata-agent.sh

@@ -3,15 +3,17 @@
 set -e
 
 . /opt/kolla/config-neutron.sh
-. /sudoers.sh
+. /opt/kolla/config-sudoers.sh
 
 : ${KEYSTONE_REGION:=RegionOne}
+: ${ENDPOINT_TYPE:=adminURL}
+: ${NEUTRON_SHARED_SECRET:=sharedsecret}
 
 check_required_vars VERBOSE_LOGGING DEBUG_LOGGING KEYSTONE_AUTH_PROTOCOL \
                     KEYSTONE_PUBLIC_SERVICE_HOST ADMIN_TENANT_NAME \
                     NEUTRON_KEYSTONE_USER NEUTRON_KEYSTONE_PASSWORD \
-                    NEUTRON_SHARED_SECRET NOVA_API_SERVICE_HOST \
-                    NEUTRON_METADATA_AGENT_LOG_FILE
+                    NEUTRON_SHARED_SECRET NOVA_METADATA_API_SERVICE_HOST \
+                    NOVA_METADATA_API_SERVICE_PORT
 
 cfg=/etc/neutron/metadata_agent.ini
 neutron_conf=/etc/neutron/neutron.conf
@@ -35,10 +37,14 @@ crudini --set $cfg \
         DEFAULT \
         auth_region \
         "${KEYSTONE_REGION}"
+crudini --set $cfg \
+        DEFAULT \
+        endpoint_type \
+        "${ENDPOINT_TYPE}"
 crudini --set $cfg \
         DEFAULT \
         auth_url \
-        "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:5000/v2.0"
+        "${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v2.0"
 crudini --set $cfg \
         DEFAULT \
         admin_tenant_name \
@@ -54,11 +60,15 @@ crudini --set $cfg \
 crudini --set $cfg \
         DEFAULT \
         nova_metadata_ip \
-        "${NOVA_API_SERVICE_HOST}"
+        "${NOVA_METADATA_API_SERVICE_HOST}"
+crudini --set $cfg \
+        DEFAULT \
+        nova_metadata_port \
+        "${NOVA_METADATA_API_SERVICE_PORT}"
 crudini --set $cfg \
         DEFAULT \
         metadata_proxy_shared_secret \
         "${NEUTRON_SHARED_SECRET}"
 
 # Start Metadata Agent
-exec /usr/bin/neutron-metadata-agent
+exec /usr/bin/neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini

docker/neutron/neutron-agents/supervisord.conf

@@ -0,0 +1,53 @@
+[unix_http_server]
+file = /var/run/supervisor.sock
+
+[inet_http_server]
+port = 127.0.0.1:9001
+
+[supervisord]
+nodaemon=true
+logfile = /var/log/supervisor/supervisord.log
+logfile_maxbytes = 200KB
+logfile_backups = 1
+pidfile = /var/run/supervisord.pid
+childlogdir = /var/log/supervisor
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///var/run/supervisor.sock
+
+[program:neutron-linuxbridge-agent]
+command=/opt/kolla/neutron/config-linuxbridge-agent.sh
+priority=30
+startsec=10
+stderr_events_enabled=true
+stdout_events_enabled=true
+
+[program:neutron-dhcp-agent]
+command=/opt/kolla/neutron/config-dhcp-agent.sh
+priority=40
+startsec=10
+stderr_events_enabled=true
+stdout_events_enabled=true
+
+[program:neutron-metadata-agent]
+command=/opt/kolla/neutron/config-metadata-agent.sh
+priority=40 
+startsec=10
+stderr_events_enabled=true
+stdout_events_enabled=true
+
+[program:neutron-l3-agent]
+command=/opt/kolla/neutron/config-l3-agent.sh
+priority=40
+startsec=10
+stderr_events_enabled=true
+stdout_events_enabled=true
+
+[eventlistener:stdout]
+command = supervisor_stdout
+buffer_size = 100
+events = PROCESS_LOG
+result_handler = supervisor_stdout:event_handler

docker/neutron/neutron-base/config-neutron.sh

@@ -27,6 +27,8 @@ set -e
 : ${DEBUG_LOGGING:=false}
 # Networking
 : ${NEUTRON_FLAT_NETWORK_NAME:=physnet1}
+# Paste configuration file
+: ${API_PASTE_CONFIG:=/usr/share/neutron/api-paste.ini}
 
 check_required_vars NEUTRON_KEYSTONE_PASSWORD NEUTRON_LOG_DIR \
                     KEYSTONE_PUBLIC_SERVICE_HOST RABBITMQ_SERVICE_HOST \
@@ -101,6 +103,12 @@ crudini --set $core_cfg \
         admin_password \
         "${NEUTRON_KEYSTONE_PASSWORD}"
 
+# Rootwrap
+crudini --set $core_cfg \
+        agent \
+        root_helper \
+        "sudo neutron-rootwrap /etc/neutron/rootwrap.conf"
+
 # neutron.conf ml2 configuration
 crudini --set $core_cfg \
         DEFAULT \
@@ -109,61 +117,68 @@ crudini --set $core_cfg \
 crudini --set $core_cfg \
         DEFAULT \
         service_plugins \
-        "neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin"
+        "neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.loadbalancer.plugin.LoadBalancerPlugin,neutron.services.vpn.plugin.VPNDriverPlugin,neutron.services.metering.metering_plugin.MeteringPlugin"
 crudini --set $core_cfg \
         DEFAULT \
         allow_overlapping_ips \
         "True"
-crudini --set $core_cfg \
-        DEFAULT \
-        network_device_mtu \
-        "1450"
 
 # Configure ml2_conf.ini
 crudini --set $ml2_cfg \
         ml2 \
         type_drivers \
-        "flat,vxlan"
+        "${TYPE_DRIVERS}"
 crudini --set $ml2_cfg \
         ml2 \
         tenant_network_types \
-        "vxlan,flat"
+        "${TENANT_NETWORK_TYPES}"
 crudini --set $ml2_cfg \
         ml2 \
         mechanism_drivers \
-        "linuxbridge,l2population"
-crudini --set $ml2_cfg \
-        ml2_type_flat \
-        flat_networks \
-        ${NEUTRON_FLAT_NETWORK_NAME}
-crudini --set $ml2_cfg \
-        ml2_type_vxlan \
-        vxlan_group \
-        ""
-crudini --set $ml2_cfg \
-        ml2_type_vxlan \
-        vni_ranges \
-        "1:1000"
-crudini --set $ml2_cfg \
-        vxlan \
-        enable_vxlan \
-        "True"
-crudini --set $ml2_cfg \
-        vxlan \
-        vxlan_group \
-        ""
-crudini --set $ml2_cfg \
-        vxlan \
-        l2_population \
-        "True"
-crudini --set $ml2_cfg \
-        agent \
-        tunnel_types \
-        "vxlan"
-crudini --set $ml2_cfg \
-        agent \
-        vxlan_udp_port \
-        "4789"
+        "${MECHANISM_DRIVERS}"
+
+if [[ ${TYPE_DRIVERS} =~ .*flat.* ]]; then
+  crudini --set $ml2_cfg \
+          ml2_type_flat \
+          flat_networks \
+          ${NEUTRON_FLAT_NETWORK_NAME}
+fi
+
+if [[ ${TYPE_DRIVERS} =~ .*vxlan.* ]]; then
+  crudini --set $ml2_cfg \
+          ml2_type_vxlan \
+          vxlan_group \
+          ""
+  crudini --set $ml2_cfg \
+          ml2_type_vxlan \
+          vni_ranges \
+          "1:1000"
+  crudini --set $ml2_cfg \
+          vxlan \
+          enable_vxlan \
+          "True"
+  crudini --set $ml2_cfg \
+          vxlan \
+          vxlan_group \
+          ""
+  crudini --set $ml2_cfg \
+          vxlan \
+          l2_population \
+          "True"
+  crudini --set $ml2_cfg \
+          agent \
+          tunnel_types \
+          "vxlan"
+  crudini --set $ml2_cfg \
+          agent \
+          vxlan_udp_port \
+          "4789"
+  crudini --set $core_cfg \
+          DEFAULT \
+          network_device_mtu \
+          "1450"
+fi
+
 crudini --set $ml2_cfg \
         l2pop \
         agent_boot_time \
@@ -176,10 +191,17 @@ crudini --set $ml2_cfg \
         securitygroup \
         enable_ipset \
         "True"
-crudini --set $ml2_cfg \
-        securitygroup \
-        firewall_driver \
-        "neutron.agent.linux.iptables_firewall.IptablesFirewallDriver"
+
+if [[ ${MECHANISM_DRIVERS} =~ .*linuxbridge.* ]]; then
+  firewall_driver="neutron.agent.linux.iptables_firewall.IptablesFirewallDriver"
+elif [[ ${MECHANISM_DRIVERS} == "openvswitch" ]]; then
+  firewall_driver="neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver"
+fi
+
+  crudini --set $ml2_cfg \
+          securitygroup \
+          firewall_driver \
+          "$firewall_driver"
 
 cat > /openrc <<EOF
 export OS_AUTH_URL="http://${KEYSTONE_PUBLIC_SERVICE_HOST}:${KEYSTONE_PUBLIC_SERVICE_PORT}/v2.0"

docker/neutron/neutron-server/start.sh

@@ -4,6 +4,9 @@ set -e
 
 . /opt/kolla/config-neutron.sh
 
+: ${NEUTRON_FLAT_NETWORK_NAME:=physnet1}
+: ${NEUTRON_FLAT_NETWORK_INTERFACE:=eth1}
+
 check_required_vars KEYSTONE_ADMIN_TOKEN KEYSTONE_ADMIN_SERVICE_HOST \
                     KEYSTONE_AUTH_PROTOCOL NOVA_API_SERVICE_HOST \
                     NOVA_KEYSTONE_USER NOVA_KEYSTONE_PASSWORD \
@@ -84,6 +87,13 @@ crudini --set $core_cfg \
         nova_admin_password \
         "${NOVA_KEYSTONE_PASSWORD}"
 
+if [[ ${MECHANISM_DRIVERS} =~ .*linuxbridge.* ]]; then
+  crudini --set $ml2_cfg \
+          linux_bridge \
+          physical_interface_mappings \
+          "${NEUTRON_FLAT_NETWORK_NAME}:${NEUTRON_FLAT_NETWORK_INTERFACE}"
+fi
+
 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
 
 exec /usr/bin/neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini

docker/nova-base/config-nova.sh

@@ -90,7 +90,11 @@ elif [ "${NETWORK_MANAGER}" == "neutron" ] ; then
   crudini --set $cfg DEFAULT neutron_default_tenant_id default
   crudini --set $cfg DEFAULT network_api_class nova.network.neutronv2.api.API
   crudini --set $cfg DEFAULT security_group_api neutron
-  crudini --set $cfg DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
+  if [[ "${MECHANISM_DRIVERS}" =~ .*linuxbridge* ]] ; then
+    crudini --set $cfg DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
+  elif [[ "${MECHANISM_DRIVERS}" =~ .*openvswitch* ]] ; then
+    crudini --set $cfg DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
+  fi
   crudini --set $cfg DEFAULT libvirt_vif_driver nova.virt.libvirt.vif.LibvirtGenericVIFDriver
   crudini --set $cfg DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
   crudini --set $cfg neutron url http://${NEUTRON_SERVER_SERVICE_HOST}:${NEUTRON_SERVER_SERVICE_PORT}

docs/integration-guide.md

@@ -92,6 +92,11 @@ all containers.  This allows a simple method of ensuring every type of node
     NEUTRON_SERVER_SERVICE_HOST=<$HOST_IP> - The IP address/hostname used to commuicate with the Neutron API
     NEUTRON_SHARED_SECRET=<sharedsecret> - The shared secret used between Neutron/Nova to secure metadata communication
     NEUTRON_API_PASTE_CONFIG=</usr/share/neutron/api-paste.ini> - Location of Neutron's API paste config file
+    TYPE_DRIVERS=<flat,vxlan> - List of network type driver entrypoints to be loaded
+    TENANT_NETWORK_TYPES=<flat,vxlan> - List of network_types to allocate as tenant networks
+    MECHANISM_DRIVERS=<linuxbridge,l2population> - List of networking mechanism driver entrypoints to be loaded
+    NEUTRON_FLAT_NETWORK_NAME=<physnet1> - List of physical_network names with which flat networks can be created
+    NEUTRON_FLAT_NETWORK_INTERFACE=<eth1> - List of physical interface names that connect to physical_networks
     HEAT_DB_NAME=<heat> - The heat DB name
     HEAT_DB_PASSWORD=<kolla> - The heat db password
     HEAT_KEYSTONE_PASSWORD=<heat> - The keystone password for the heat user

docs/minimal-environment-vars.md

@@ -148,6 +148,7 @@ In order for each service to function, there is a minimum set of required variab
     NOVA_API_SERVICE_HOST
     NOVA_EC2_API_SERVICE_HOST
     NOVA_EC2_SERVICE_HOST
+    NOVA_METADATA_API_SERVICE_HOST
     PUBLIC_IP
 
 # Nova-compute
@@ -245,3 +246,14 @@ In order for each service to function, there is a minimum set of required variab
     NEUTRON_KEYSTONE_PASSWORD
     NEUTRON_SERVER_SERVICE_HOST
     NEUTRON_API_PASTE_CONFIG
+
+# Neutron ML2 PLugin
+
+    TYPE_DRIVERS
+    TENANT_NETWORK_TYPES
+    MECHANISM_DRIVERS
+
+# Neutron Linux Bridge Plugin
+
+    NEUTRON_FLAT_NETWORK_NAME
+    NEUTRON_FLAT_NETWORK_INTERFACE

tools/genenv

@@ -32,7 +32,8 @@ ADMIN_TENANT_NAME=admin
 PUBLIC_IP=$HOST_IP
 
 # Logging
-DEBUG_LOGGING=false
+#DEBUG_LOGGING=false
+DEBUG_LOGGING=true
 VERBOSE_LOGGING=true
 NOVA_LOG_DIR=
 NEUTRON_LOG_DIR=
@@ -77,16 +78,13 @@ NOVA_DB_USER=nova
 NOVA_KEYSTONE_USER=nova
 NOVA_KEYSTONE_PASSWORD=nova
 NOVA_API_SERVICE_HOST=$HOST_IP
+NOVA_METADATA_API_SERVICE_HOST=$HOST_IP
 NOVA_EC2_SERVICE_HOST=$HOST_IP
 NOVA_PUBLIC_INTERFACE=$MY_DEV
 NOVA_FLAT_INTERFACE=eth1
 ENABLED_APIS=ec2,osapi_compute,metadata
 METADATA_HOST=$HOST_IP
 
-# Neutron Linux Bridge Agent
-NEUTRON_FLAT_NETWORK_NAME=physnet1
-NEUTRON_FLAT_NETWORK_INTERFACE=eth1
-
 # Neutron
 NEUTRON_DB_NAME=neutron
 NEUTRON_DB_USER=neutron
@@ -95,6 +93,13 @@ NEUTRON_KEYSTONE_USER=neutron
 NEUTRON_KEYSTONE_PASSWORD=neutron
 NEUTRON_SERVER_SERVICE_HOST=$HOST_IP
 NEUTRON_API_PASTE_CONFIG=/usr/share/neutron/api-paste.ini
+# Neutron ML2 Plugin
+TYPE_DRIVERS=flat,vxlan
+TENANT_NETWORK_TYPES=flat,vxlan
+MECHANISM_DRIVERS=linuxbridge,l2population
+# Neutron Linux Bridge Agent
+NEUTRON_FLAT_NETWORK_NAME=physnet1
+NEUTRON_FLAT_NETWORK_INTERFACE=eth1
 
 # Nova/Neutron
 NEUTRON_SHARED_SECRET=sharedsecret
@@ -126,6 +131,9 @@ NEUTRON_SERVER_LOG_FILE=$NEUTRON_SERVER_LOG_FILE
 NEUTRON_L3_AGENT_LOG_FILE=$NEUTRON_L3_AGENT_LOG_FILE
 NEUTRON_LINUXBRIDGE_AGENT_LOG_FILE=$NEUTRON_LINUXBRIDGE_AGENT_LOG_FILE
 NEUTRON_METADATA_AGENT_LOG_FILE=$NEUTRON_METADATA_AGENT_LOG_FILE
+TYPE_DRIVERS=$TYPE_DRIVERS
+TENANT_NETWORK_TYPES=$TENANT_NETWORK_TYPES
+MECHANISM_DRIVERS=$MECHANISM_DRIVERS
 ADMIN_USER_PASSWORD=$ADMIN_USER_PASSWORD
 ADMIN_TENANT_NAME=$ADMIN_TENANT_NAME
 DB_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
@@ -148,6 +156,7 @@ MARIADB_SERVICE_HOST=$HOST_IP
 MARIADB_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
 NETWORK_MANAGER=$NETWORK_MANAGER
 NOVA_API_SERVICE_HOST=$NOVA_API_SERVICE_HOST
+NOVA_METADATA_API_SERVICE_HOST=$NOVA_METADATA_API_SERVICE_HOST
 ENABLED_APIS=$ENABLED_APIS
 METADATA_HOST=$METADATA_HOST
 NOVA_DB_NAME=$NOVA_DB_NAME
@@ -165,6 +174,8 @@ NEUTRON_KEYSTONE_USER=$NEUTRON_KEYSTONE_USER
 NEUTRON_KEYSTONE_PASSWORD=$NEUTRON_KEYSTONE_PASSWORD
 NEUTRON_SERVER_SERVICE_HOST=$NEUTRON_SERVER_SERVICE_HOST
 NEUTRON_API_PASTE_CONFIG=$NEUTRON_API_PASTE_CONFIG
+NEUTRON_FLAT_NETWORK_NAME=$NEUTRON_FLAT_NETWORK_NAME
+NEUTRON_FLAT_NETWORK_INTERFACE=$NEUTRON_FLAT_NETWORK_INTERFACE
 HEAT_DB_NAME=$HEAT_DB_NAME
 HEAT_DB_PASSWORD=$HEAT_DB_PASSWORD
 HEAT_KEYSTONE_PASSWORD=$HEAT_KEYSTONE_PASSWORD