Kuryr-libnetwork Docker managed plugin

This patch add a script to create v2plugin rootfs.
1. use local unix socket for v2plugin
2. add config.json for v2plugin
3. Add scripts to build v2plugin rootfs
4. Update devstack to use v2plugin

Change-Id: I91d352a963840f33d1d2f9cea17ab6ac777d22bc
Related-Bug: #1668486
Partially-Implements: BP docker-v2plugin

Dockerfile

@@ -30,6 +30,7 @@ ENV SERVICE_DOMAIN_NAME="Default"
 ENV USER_DOMAIN_NAME="Default"
 ENV IDENTITY_URL="http://127.0.0.1:35357/v3"
 ENV CAPABILITY_SCOPE="local"
+ENV HTTP_SOCKET=":23750"
 ENV LOG_LEVEL="INFO"
 ENV PROCESSES=2
 

contrib/docker/run_kuryr.sh

@@ -24,7 +24,7 @@ fi
 
 /usr/sbin/uwsgi \
     --plugin /usr/lib/uwsgi/python \
-    --http-socket :23750 \
+    --http-socket $HTTP_SOCKET \
     -w kuryr_libnetwork.server:app \
     --master \
     --processes "$PROCESSES"

contrib/docker/v2plugin/config.json

@@ -0,0 +1,117 @@
+{
+    "Description": "kuryr-libnetwork plugin for Docker",
+    "Documentation": "http://docs.openstack.org/developer/kuryr-libnetwork",
+    "Entrypoint": ["/opt/kuryr-libnetwork/contrib/docker/run_kuryr.sh"],
+    "Interface" : {
+        "Types": ["docker.networkdriver/1.0", "docker.ipamdriver/1.0"],
+        "Socket": "kuryr-libnetwork.sock"
+    },
+    "network": {
+        "type": "host"
+    },
+    "Env": [
+        {
+            "Description": "Username",
+            "Name": "SERVICE_USER",
+            "Settable": [
+                "value"
+            ],
+            "Value": "admin"
+        },
+        {
+            "Description": "Project name to scope to",
+            "Name": "SERVICE_PROJECT_NAME",
+            "Settable": [
+                "value"
+            ],
+            "Value": "admin"
+        },
+        {
+            "Description": "User's password",
+            "Name": "SERVICE_PASSWORD",
+            "Settable": [
+                "value"
+            ],
+            "Value": "pass"
+        },
+        {
+            "Description": "Domain name containing project",
+            "Name": "SERVICE_DOMAIN_NAME",
+            "Settable": [
+                "value"
+            ],
+            "Value": "Default"
+        },
+        {
+            "Description": "User's domain name",
+            "Name": "USER_DOMAIN_NAME",
+            "Settable": [
+                "value"
+            ],
+            "Value": "Default"
+        },
+        {
+            "Description": "Authentication URL",
+            "Name": "IDENTITY_URL",
+            "Settable": [
+                "value"
+            ],
+            "Value": "http://127.0.0.1:35357/v3"
+        },
+        {
+            "Description": "Kuryr plugin scope reported to libnetwork",
+            "Name": "CAPABILITY_SCOPE",
+            "Settable": [
+                "value"
+            ],
+            "Value": "local"
+        },
+        {
+            "Description": "http-socket in uwsgi",
+            "Name": "HTTP_SOCKET",
+            "Settable": [
+                "value"
+            ],
+            "Value": "/run/docker/plugins/kuryr-libnetwork.sock"
+        },
+        {
+            "Description": "log level",
+            "Name": "LOG_LEVEL",
+            "Settable": [
+                "value"
+            ],
+            "Value": "INFO"
+        },
+        {
+            "Description": "uwsgi process number",
+            "Name": "PROCESSES",
+            "Settable": [
+                "value"
+            ],
+            "Value": "2"
+        }
+    ],
+    "mounts": [
+        {
+            "type": "bind",
+            "options": ["rbind", "rw"],
+            "source": "/var/run/openvswitch",
+            "destination": "/var/run/openvswitch"
+        },
+        {
+            "type": "bind",
+            "options": ["rbind", "rw"],
+            "source": "/var/log/kuryr",
+            "destination": "/var/log/kuryr"
+        },
+        {
+            "type": "bind",
+            "options": ["rbind", "ro"],
+            "source": "/etc/kuryr",
+            "destination": "/etc/kuryr"
+        }
+    ],
+    "Linux": {
+        "Capabilities": ["CAP_NET_ADMIN"]
+    }
+}

contrib/docker/v2plugin/v2plugin_rootfs.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Script to create the kuryr-libnetwork docker v2 plugin
+# run this script from kuryr-libnetwork directory with contrib/docker/v2plugin/v2plugin_rootfs.sh
+
+echo "Copy kuryr-libentwork config.json"
+rm -rf ./config.json
+cp contrib/docker/v2plugin/config.json ./
+echo "Creating rootfs for kuryr-libnetwork v2plugin"
+docker build -t kuryr-libnetwork-rootfs .
+id=$(docker create kuryr-libnetwork-rootfs true)
+echo "Deleting old rootfs"
+rm -rf rootfs
+echo "Creating new rootfs"
+mkdir -p rootfs
+docker export "${id}" | tar -x -C rootfs
+echo "Clean up"
+docker rm -vf "${id}"
+docker rmi kuryr-libnetwork-rootfs

devstack/local.conf.sample

@@ -9,6 +9,9 @@ SERVICE_PASSWORD=pass
 SERVICE_TOKEN=pass
 ADMIN_PASSWORD=pass
 
+# If you want to try pluginv2 in devstack, set to True
+ENABLE_PLUGINV2=False
+
 # Install kuryr git master source code by default.
 # If you want to use stable kuryr lib, please comment out this line.
 LIBS_FROM_GIT=kuryr

devstack/plugin.sh

@@ -75,7 +75,12 @@ function configure_kuryr {
         "$KURYR_AUTH_CACHE_DIR" neutron
     fi
 
-    iniset -sudo ${KURYR_CONFIG} DEFAULT bindir "$binding_path/libexec/kuryr"
+    if [[ "$ENABLE_PLUGINV2" == "True" ]]; then
+        # bindir is /user/libexec/kuryr in docker image
+        iniset -sudo ${KURYR_CONFIG} DEFAULT bindir "/usr/libexec/kuryr"
+    else
+        iniset -sudo ${KURYR_CONFIG} DEFAULT bindir "$binding_path/libexec/kuryr"
+    fi
 }
 
 
@@ -94,24 +99,31 @@ if is_service_enabled kuryr-libnetwork; then
             fi
             sudo cp -rf ${DEST}/kuryr/usr/libexec/kuryr/* ${DISTRO_DISTUTILS_DATA_PATH}/libexec/kuryr
         fi
+        if [[ ! -d "${KURYR_LOG_DIR}" ]]; then
+            echo -n "${KURYR_LOG_DIR} directory is missing. Creating it... "
+            sudo mkdir -p ${KURYR_LOG_DIR}
+            echo "Done"
+        fi
         install_etcd_data_store
         setup_develop $KURYR_HOME
 
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
 
-        if [[ ! -d "${KURYR_ACTIVATOR_DIR}" ]]; then
+        # This is needed in legacy plugin
-            echo -n "${KURYR_ACTIVATOR_DIR} directory is missing. Creating it... "
+        if [[ "$ENABLE_PLUGINV2" != "True" ]]; then
-            sudo mkdir -p ${KURYR_ACTIVATOR_DIR}
+            if [[ ! -d "${KURYR_ACTIVATOR_DIR}" ]]; then
-            echo "Done"
+                echo -n "${KURYR_ACTIVATOR_DIR} directory is missing. Creating it... "
-        fi
+                sudo mkdir -p ${KURYR_ACTIVATOR_DIR}
+                echo "Done"
+            fi
 
-        if [[ ! -f "${KURYR_ACTIVATOR}" ]]; then
+            if [[ ! -f "${KURYR_ACTIVATOR}" ]]; then
-             echo -n "${KURYR_ACTIVATOR} is missing. Copying the default one... "
+                 echo -n "${KURYR_ACTIVATOR} is missing. Copying the default one... "
-             sudo cp ${KURYR_DEFAULT_ACTIVATOR} ${KURYR_ACTIVATOR}
+                 sudo cp ${KURYR_DEFAULT_ACTIVATOR} ${KURYR_ACTIVATOR}
-             echo "Done"
+                 echo "Done"
+            fi
         fi
 
-
         create_kuryr_account
         configure_kuryr "${DISTRO_DISTUTILS_DATA_PATH}"
 
@@ -178,14 +190,30 @@ if is_service_enabled kuryr-libnetwork; then
         #               If Kuryr start up in "post-config" phase, there is no way to make sure
         #               Kuryr can start before neutron-server, so Kuryr start in "extra" phase.
         #               Bug: https://bugs.launchpad.net/kuryr/+bug/1587522
-        run_process kuryr-libnetwork "/usr/bin/sudo PYTHONPATH=$PYTHONPATH:$DEST/kuryr python $DEST/kuryr-libnetwork/scripts/run_server.py  --config-file $KURYR_CONFIG"
+        if [[ "$ENABLE_PLUGINV2" == "True" ]]; then
+            # Build pluginv2 rootfs
+            cd $DEST/kuryr-libnetwork/
+            sudo sh contrib/docker/v2plugin/v2plugin_rootfs.sh
+
+            # Build and install pluginv2 image
+            sudo docker plugin create kuryr/libnetwork2 ./
+
+            # Enable pluginv2
+            sudo docker plugin enable kuryr/libnetwork2:latest
+        else
+            run_process kuryr-libnetwork "/usr/bin/sudo PYTHONPATH=$PYTHONPATH:$DEST/kuryr python $DEST/kuryr-libnetwork/scripts/run_server.py  --config-file $KURYR_CONFIG"
+        fi
 
         neutron subnetpool-create --default-prefixlen $KURYR_POOL_PREFIX_LEN --pool-prefix $KURYR_POOL_PREFIX kuryr
 
     fi
 
     if [[ "$1" == "unstack" ]]; then
-        stop_process kuryr-libnetwork
+        if [[ "$ENABLE_PLUGINV2" == "True" ]]; then
+            sudo docker plugin disable kuryr/libnetwork2:latest
+        else
+            stop_process kuryr-libnetwork
+        fi
         stop_process etcd-server
         rm -rf $DEST/etcd/
         stop_process docker-engine

devstack/settings

@@ -13,6 +13,7 @@ KURYR_DEFAULT_CONFIG=${KURYR_HOME}/etc/${KURYR_CONFIG_FILENAME}
 KURYR_CONFIG_DIR=${KURYR_CONFIG_DIR:-/etc/kuryr}
 KURYR_CONFIG=${KURYR_CONFIG_DIR}/${KURYR_CONFIG_FILENAME}
 KURYR_AUTH_CACHE_DIR=${KURYR_AUTH_CACHE_DIR:-/var/cache/kuryr}
+KURYR_LOG_DIR=${KURYR_LOG_DIR:-/var/log/kuryr}
 
 KURYR_POOL_PREFIX=${KURYR_POOL_PREFIX:-10.10.0.0/16}
 KURYR_POOL_PREFIX_LEN=${KURYR_POOL_PREFIX_LEN:-24}