openstack/openstack-helm
Code Issues Proposed changes

Neutron: Move ovs-agent setup to init container

Browse Source 
This PS moves the Neutron OVS agent setup to an init container.

Change-Id: Ib56e7f35cfc40ba617bd2f895d39efa8ef2849ea
This commit is contained in:
Pete Birley 2017-06-12 07:24:31 -05:00
parent 7a87aded1d
commit 548f3f0854
4 changed files with 98 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -ex
chown neutron: /run/openvswitch/db.sock
# ensure we can talk to openvswitch or bail early
# this is until we can setup a proper dependency
# on deaemonsets - note that a show is not sufficient
# here, we need to communicate with both the db and vswitchd
# which means we need to do a create action
#
# see https://github.com/att-comdev/openstack-helm/issues/88
timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support
tunnel_interface="{{- .Values.network.interface.tunnel -}}"
if [ -z "${tunnel_interface}" ] ; then
# search for interface with default routing
tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*')
fi
# determine local-ip dynamically based on interface provided but only if tunnel_types is not null
IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
cat <<EOF>/tmp/pod-shared/ml2-local-ip.ini
[ovs]
local_ip = $IP
EOF

31
neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl
View File

@ -14,35 +14,10 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
set -x set -ex
chown neutron: /run/openvswitch/db.sock
# ensure we can talk to openvswitch or bail early exec neutron-openvswitch-agent \
# this is until we can setup a proper dependency
# on deaemonsets - note that a show is not sufficient
# here, we need to communicate with both the db and vswitchd
# which means we need to do a create action
#
# see https://github.com/att-comdev/openstack-helm/issues/88
timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support
tunnel_interface="{{- .Values.network.interface.tunnel -}}"
if [ -z "${tunnel_interface}" ] ; then
# search for interface with default routing
tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*')
fi
# determine local-ip dynamically based on interface provided but only if tunnel_types is not null
IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
cat <<EOF>/tmp/ml2-local-ip.ini
[ovs]
local_ip = $IP
EOF
# TODO: make this configurable going forward as today
# it forces openvswitch agent
exec sudo -E -u neutron neutron-openvswitch-agent \
--config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
--config-file /tmp/ml2-local-ip.ini \ --config-file /tmp/pod-shared/ml2-local-ip.ini \
--config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini

2
neutron/templates/configmap-bin.yaml
View File

@ -35,6 +35,8 @@ data:
{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent.sh: |+ neutron-openvswitch-agent.sh: |+
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent-init.sh: |+
{{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-server.sh: |+ neutron-server.sh: |+
{{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
openvswitch-db-server.sh: |+ openvswitch-db-server.sh: |+

51
neutron/templates/daemonset-ovs-agent.yaml
View File

@ -31,12 +31,55 @@ spec:
spec: spec:
nodeSelector: nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
securityContext:
runAsUser: 0
dnsPolicy: ClusterFirst dnsPolicy: ClusterFirst
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ovs-agent-init
image: {{ .Values.images.neutron_openvswitch_agent }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{- if .Values.resources.enabled }}
resources:
limits:
cpu: {{ .Values.resources.ovs.agent.limits.cpu | quote }}
memory: {{ .Values.resources.ovs.agent.limits.memory | quote }}
requests:
cpu: {{ .Values.resources.ovs.agent.requests.cpu | quote }}
memory: {{ .Values.resources.ovs.agent.requests.memory | quote }}
{{- end }}
securityContext:
privileged: true
runAsUser: 0
command:
- /tmp/neutron-openvswitch-agent-init.sh
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-openvswitch-agent-init.sh
subPath: neutron-openvswitch-agent-init.sh
readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
subPath: ml2_conf.ini
readOnly: true
- name: neutron-etc
mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
subPath: openvswitch_agent.ini
readOnly: true
- name: libmodules
mountPath: /lib/modules
readOnly: true
- name: run
mountPath: /run
- name: neutron-etc
mountPath: /etc/resolv.conf
subPath: resolv.conf
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
containers: containers:
- name: ovs-agent - name: ovs-agent
image: {{ .Values.images.neutron_openvswitch_agent }} image: {{ .Values.images.neutron_openvswitch_agent }}
@ -67,6 +110,8 @@ spec:
mountPath: /tmp/neutron-openvswitch-agent.sh mountPath: /tmp/neutron-openvswitch-agent.sh
subPath: neutron-openvswitch-agent.sh subPath: neutron-openvswitch-agent.sh
readOnly: true readOnly: true
- name: pod-shared
mountPath: /tmp/pod-shared
- name: neutron-etc - name: neutron-etc
mountPath: /etc/neutron/neutron.conf mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf subPath: neutron.conf
@ -91,6 +136,8 @@ spec:
volumes: volumes:
- name: varlibopenvswitch - name: varlibopenvswitch
emptyDir: {} emptyDir: {}
- name: pod-shared
emptyDir: {}
- name: neutron-bin - name: neutron-bin
configMap: configMap:
name: neutron-bin name: neutron-bin