From 3ee29655ff4a6be5e0fa1a27e91caae0ebe93645 Mon Sep 17 00:00:00 2001
From: Ton Ngo <ton@us.ibm.com>
Date: Fri, 12 Aug 2016 21:54:14 +0000
Subject: [PATCH] Openvswitch image build

Dockerfile to build Openvswitch image

The Kuryr driver for Swarm bay requires Openvswitch and the Neutron
L2 agent running on the nodes.  Since the Fedora Atomic does not
have these packages installed and it is preferrable to not use a
custom-built image,  we need to run these packages in a container.
This Dockerfile is used to build the Docker image hosted on
Docker Hub:

openstackmagnum/fedora23-neutron-ovs:testing

Partially implements: blueprint kuryr-swarm-integration
Change-Id: I5132ccc2bc5660aa9688430bbc51f6759f6b7a81
---
 .../image/openvswitch/Dockerfile              | 18 +++++
 .../image/openvswitch/README.rst              | 68 +++++++++++++++++++
 .../openvswitch/run_openvswitch_neutron.sh    |  4 ++
 3 files changed, 90 insertions(+)
 create mode 100644 magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/Dockerfile
 create mode 100644 magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/README.rst
 create mode 100755 magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/run_openvswitch_neutron.sh

diff --git a/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/Dockerfile b/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/Dockerfile
new file mode 100644
index 0000000000..7ae36af57d
--- /dev/null
+++ b/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/Dockerfile
@@ -0,0 +1,18 @@
+FROM fedora:23
+MAINTAINER Ton Ngo "ton@us.ibm.com"
+WORKDIR /
+RUN dnf -y install openvswitch \
+        openstack-neutron-ml2 \
+        openstack-neutron-openvswitch \
+        bridge-utils \
+        git \
+    && dnf clean all
+RUN cd /opt \
+    && git clone https://git.openstack.org/openstack/neutron \
+    && cp neutron/etc/policy.json /etc/neutron/. \
+    && rm -rf neutron \
+    && dnf -y remove git
+VOLUME /var/run/openvswitch
+ADD run_openvswitch_neutron.sh /usr/bin/run_openvswitch_neutron.sh
+
+CMD ["/usr/bin/run_openvswitch_neutron.sh"]
diff --git a/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/README.rst b/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/README.rst
new file mode 100644
index 0000000000..98d38c57a9
--- /dev/null
+++ b/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/README.rst
@@ -0,0 +1,68 @@
+===================
+Neutron Openvswitch
+===================
+
+This Dockerfile creates a Docker image based on Fedora 23 that runs
+Openvswitch and the Neutron L2 agent for Openvswitch.  This container
+image is used by Magnum when a Swarm cluster is deployed with the
+attribute::
+
+  --network-driver=kuryr
+
+Magnum deploys this container on each Swarm node along with the
+Kuryr container to support Docker advanced networking based on
+the `Container Networking Model
+<https://github.com/docker/libnetwork/blob/master/docs/design.md>`_.
+
+To build the image, run this command in the same directory as the
+Dockerfile::
+
+  docker build -t openstackmagnum/fedora23-neutron-ovs:testing .
+
+This image is available on Docker Hub as::
+
+  openstackmagnum/fedora23-neutron-ovs:testing
+
+To update the image with a new build::
+
+  docker push openstackmagnum/fedora23-neutron-ovs:testing
+
+The 'testing' tag may be replaced with 'latest' or other tag as
+needed.
+
+This image is intended to run on the Fedora Atomic public image which
+by default does not have these packages installed.  The common
+practice for Atomic OS is to run new packages in containers rather
+than installing them in the OS.
+
+For the Neutron agent, you will need to provide 3 files at these
+locations:
+
+- /etc/neutron/neutron.conf
+- /etc/neutron/policy.json
+- /etc/neutron/plugins/ml2/ml2_conf.ini
+
+These files are typically installed in the same locations on the
+Neutron controller node.  The policy.json file is copied into the
+Docker image because it is fairly static and does not require
+customization for the bay.  If it is changed in the Neutron master
+repo, you just need to rebuild the Docker image to update the file.
+Magnum will create the other 2 files on each bay node in the
+directory /etc/kuryr and map them to the proper directories in
+the container using the Docker -v option.
+
+Since Openvswitch needs to operate on the host network name space,
+the Docker container will need the -net=host option.
+The /var/run/openvswitch directory is also mapped to the bay node
+so that the Kuryr container can talk to openvswitch.
+To run the image from Fedora Atomic::
+
+  docker run --net=host \
+             --cap-add=NET_ADMIN \
+             --privileged=true \
+             -v /var/run/openvswitch:/var/run/openvswitch \
+             -v /lib/modules:/lib/modules:ro \
+             -v /etc/kuryr/neutron.conf:/etc/neutron/neutron.conf \
+             -v /etc/kuryr/ml2_conf.ini:/etc/neutron/plugins/ml2/ml2_conf.ini \
+             --name openvswitch-agent \
+             openstackmagnum/fedora23-neutron-ovs:testing
diff --git a/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/run_openvswitch_neutron.sh b/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/run_openvswitch_neutron.sh
new file mode 100755
index 0000000000..6893ccc80b
--- /dev/null
+++ b/magnum/drivers/swarm_fedora_atomic_v1/image/openvswitch/run_openvswitch_neutron.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+/usr/share/openvswitch/scripts/ovs-ctl start --system-id=random
+/usr/bin/neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf  --log-file /var/log/neutron/openvswitch-agent.log