diff --git a/Makefile b/Makefile index 0021fb204f..b1ca636d4b 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack common: build-common @@ -25,6 +25,8 @@ rabbitmq: build-rabbitmq glance: build-glance +glance: build-neutron + memcached: build-memcached openstack: build-openstack @@ -41,9 +43,3 @@ build-%: helm lint $* helm package $* -## this is required for some charts which cannot pass a lint, namely -## those which use .Release.Namespace in a default pipe capacity -#nolint-build-%: -# if [ -f $*/Makefile ]; then make -C $*; fi -# if [ -f $*/requirements.yaml ]; then helm dep up $*; fi -# helm package $* diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml new file mode 100644 index 0000000000..f295ecfa07 --- /dev/null +++ b/neutron/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for neutron +name: neutron +version: 0.1.0 diff --git a/neutron/requirements.yaml b/neutron/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/neutron/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/neutron/templates/bin/_init.sh.tpl b/neutron/templates/bin/_init.sh.tpl new file mode 100644 index 0000000000..1498bbc233 --- /dev/null +++ b/neutron/templates/bin/_init.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "neutron_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.neutron_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "neutron_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.neutron_user }}' \ +password='{{ .Values.database.neutron_password }}' \ +host='%' \ +priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'" diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl new file mode 100644 index 0000000000..5860e3b973 --- /dev/null +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -0,0 +1,16 @@ +#!/bin/bash +set -x +chown neutron: /run/openvswitch/db.sock + +# determine local-ip dynamically based on interface provided but only if tunnel_types is not null +{{- if .Values.ml2.agent.tunnel_types }} +IP=$(ip a s {{ .Values.network.interface.tunnel | default .Values.network.interface.default}} | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +cat </tmp/ml2-local-ip.ini +[ovs] +local_ip = $IP +EOF +{{- else }} +touch /tmp/ml2-local-ip.ini +{{- end }} + +exec sudo -E -u neutron neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini --config-file /tmp/ml2-local-ip.ini diff --git a/neutron/templates/bin/_openvswitch-db-server.sh.tpl b/neutron/templates/bin/_openvswitch-db-server.sh.tpl new file mode 100644 index 0000000000..48acfafa0b --- /dev/null +++ b/neutron/templates/bin/_openvswitch-db-server.sh.tpl @@ -0,0 +1,10 @@ +#!/bin/bash +set -ex + +mkdir -p "/run/openvswitch" +if [[ ! -e "/run/openvswitch/conf.db" ]]; then + ovsdb-tool create "/run/openvswitch/conf.db" +fi + +umask 000 +exec /usr/sbin/ovsdb-server /run/openvswitch/conf.db -vconsole:emer -vconsole:err -vconsole:info --remote=punix:/run/openvswitch/db.sock diff --git a/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl new file mode 100644 index 0000000000..041af73752 --- /dev/null +++ b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash +set -x + +bridge=$1 +port=$2 + +# one time deal +ovs-vsctl --no-wait --if-exists del-port physnet1 enp11s0f0 +ovs-vsctl --no-wait --if-exists del-br physnet1 + +# note that only "br-ex" is definable right now + +ovs-vsctl --no-wait --may-exist add-br $bridge +ovs-vsctl --no-wait --may-exist add-port $bridge $port + +# handle any bridge mappings +{{- range $bridge, $port := .Values.ml2.ovs.auto_bridge_add }} +ovs-vsctl --no-wait --may-exist add-br {{ $bridge }} +ovs-vsctl --no-wait --may-exist add-port {{ $bridge }} {{ $port }} +{{- end}} diff --git a/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl new file mode 100644 index 0000000000..c946e2c84e --- /dev/null +++ b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl @@ -0,0 +1,14 @@ +#!/bin/bash +set -ex + +# load tunnel kernel modules we may use and gre/vxlan +modprobe openvswitch + +{{- if .Values.ml2.agent.tunnel_types }} +modprobe gre +modprobe vxlan +{{- end }} + +ovs-vsctl --no-wait show +bash /tmp/openvswitch-ensure-configured.sh {{ .Values.network.external_bridge }} {{ .Values.network.interface.external | default .Values.network.interface.default }} +exec /usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock --mlockall -vconsole:emer -vconsole:err -vconsole:info diff --git a/neutron/templates/bin/_post.sh.tpl b/neutron/templates/bin/_post.sh.tpl new file mode 100644 index 0000000000..77c818121d --- /dev/null +++ b/neutron/templates/bin/_post.sh.tpl @@ -0,0 +1,41 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=internal \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=public \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.neutron_user }} \ +password={{ .Values.keystone.neutron_password }} \ +role=admin \ +region_name={{ .Values.keystone.neutron_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml new file mode 100644 index 0000000000..c74d116902 --- /dev/null +++ b/neutron/templates/configmap-bin.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-bin +data: + init.sh: | +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + neutron-openvswitch-agent.sh: | +{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "template" | indent 4 }} + openvswitch-db-server.sh: | +{{ tuple "bin/_openvswitch-db-server.sh.tpl" . | include "template" | indent 4 }} + openvswitch-ensure-configured.sh: | +{{ tuple "bin/_openvswitch-ensure-configured.sh.tpl" . | include "template" | indent 4 }} + openvswitch-vswitchd.sh: | +{{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "template" | indent 4 }} + post.sh: | +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml new file mode 100644 index 0000000000..7019200e0c --- /dev/null +++ b/neutron/templates/configmap-etc.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-etc +data: + dhcp-agent.ini: | +{{ tuple "etc/_dhcp-agent.ini.tpl" . | include "template" | indent 4 }} + l3-agent.ini: | +{{ tuple "etc/_l3-agent.ini.tpl" . | include "template" | indent 4 }} + metadata-agent.ini: | +{{ tuple "etc/_metadata-agent.ini.tpl" . | include "template" | indent 4 }} + ml2-conf.ini: | +{{ tuple "etc/_ml2-conf.ini.tpl" . | include "template" | indent 4 }} + neutron.conf: | +{{ tuple "etc/_neutron.conf.tpl" . | include "template" | indent 4 }} + resolv.conf: | +{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }} + dnsmasq.conf: "" + \ No newline at end of file diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml new file mode 100644 index 0000000000..dfd4a94694 --- /dev/null +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -0,0 +1,83 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-dhcp-agent +spec: + template: + metadata: + labels: + app: neutron-dhcp-agent + spec: + nodeSelector: + {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-dhcp-agent + image: {{ .Values.images.dhcp }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.dhcp | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp-agent.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.daemonset }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: dhcpagentini + mountPath: /etc/neutron/dhcp-agent.ini + subPath: dhcp-agent.ini + - name: dnsmasqconf + mountPath: /etc/neutron/dnsmasq.conf + subPath: dnsmasq.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/openstack-helm + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: dhcpagentini + configMap: + name: neutron-etc + - name: dnsmasqconf + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: resolvconf + configMap: + name: neutron-etc + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm \ No newline at end of file diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml new file mode 100644 index 0000000000..7fb63e7635 --- /dev/null +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -0,0 +1,77 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-l3-agent +spec: + template: + metadata: + labels: + app: neutron-l3-agent + spec: + nodeSelector: + {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-l3-agent + image: {{ .Values.images.l3 }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.l3 | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3-agent.ini --config-file /etc/neutron/plugins/ml2/ml2-conf.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.l3.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.l3.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.l3.daemonset }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: l3agentini + mountPath: /etc/neutron/l3-agent.ini + subPath: l3-agent.ini + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/stackanetes + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: l3agentini + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: socket + hostPath: + path: /var/lib/neutron/stackanetes diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml new file mode 100644 index 0000000000..d8e8daaaf0 --- /dev/null +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -0,0 +1,79 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-metadata-agent +spec: + template: + metadata: + labels: + app: neutron-metadata-agent + spec: + nodeSelector: + {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-metadata-agent + image: {{ .Values.images.metadata }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.metadata | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.daemonset }}" + ports: + - containerPort: {{ .Values.network.port.metadata }} + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: metadataagentini + mountPath: /etc/neutron/metadata-agent.ini + subPath: metadata-agent.ini + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/stackanetes + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: metadataagentini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm \ No newline at end of file diff --git a/neutron/templates/daemonset-openvswitch.yaml b/neutron/templates/daemonset-openvswitch.yaml new file mode 100644 index 0000000000..576dd386e2 --- /dev/null +++ b/neutron/templates/daemonset-openvswitch.yaml @@ -0,0 +1,166 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-openvswitch +spec: + template: + metadata: + labels: + app: neutron-openvswitch + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-openvswitch-agent + image: {{ .Values.images.neutron_openvswitch_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can can see a br-int + # bridge before its marked as ready + readinessProbe: + exec: + command: + - bash + - -c + - 'ovs-vsctl list-br | grep -q br-int' + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/neutron-openvswitch-agent.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.service }}" + - name: DEPENDENCY_CONTAINER + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.container }}" + volumeMounts: + - name: neutronopenvswitchagentsh + mountPath: /tmp/neutron-openvswitch-agent.sh + subPath: neutron-openvswitch-agent.sh + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: openvswitch-db-server + image: {{ .Values.images.openvswitch_db_server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-db-server.sh" + volumeMounts: + - name: openvswitchdbserversh + mountPath: /tmp/openvswitch-db-server.sh + subPath: openvswitch-db-server.sh + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: varlibopenvswitch + mountPath: /var/lib/openvswitch/ + - name: run + mountPath: /run + + - name: openvswitch-vswitchd + image: {{ .Values.images.openvswitch_vswitchd }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can speak to the ovs database + # successfully before its marked as ready + readinessProbe: + exec: + command: + - /usr/bin/ovs-vsctl + - show + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-vswitchd.sh" + - name: DEPENDENCY_CONTAINER + value: "openvswitch-db-server" + volumeMounts: + - name: openvswitchvswitchdsh + mountPath: /tmp/openvswitch-vswitchd.sh + subPath: openvswitch-vswitchd.sh + - name: openvswitchensureconfiguredsh + mountPath: /tmp/openvswitch-ensure-configured.sh + subPath: openvswitch-ensure-configured.sh + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + volumes: + - name: openvswitchdbserversh + configMap: + name: neutron-bin + - name: openvswitchvswitchdsh + configMap: + name: neutron-bin + - name: openvswitchensureconfiguredsh + configMap: + name: neutron-bin + - name: varlibopenvswitch + emptyDir: {} + - name: neutronopenvswitchagentsh + configMap: + name: neutron-bin + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run \ No newline at end of file diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml new file mode 100644 index 0000000000..6dcef74103 --- /dev/null +++ b/neutron/templates/deployment-server.yaml @@ -0,0 +1,53 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: neutron-server +spec: + replicas: {{ .Values.replicas.server }} + template: + metadata: + labels: + app: neutron-server + spec: + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + containers: + - name: neutron-server + image: {{ .Values.images.server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.server.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.server.service }}" + ports: + - containerPort: {{ .Values.network.port.server }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.server }} + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc \ No newline at end of file diff --git a/neutron/templates/etc/_dhcp-agent.ini.tpl b/neutron/templates/etc/_dhcp-agent.ini.tpl new file mode 100644 index 0000000000..f580c1190f --- /dev/null +++ b/neutron/templates/etc/_dhcp-agent.ini.tpl @@ -0,0 +1,5 @@ +[DEFAULT] +dnsmasq_config_file = /etc/neutron/dnsmasq.conf +enable_isolated_metadata = true +force_metadata = true +interface_driver = openvswitch \ No newline at end of file diff --git a/neutron/templates/etc/_l3-agent.ini.tpl b/neutron/templates/etc/_l3-agent.ini.tpl new file mode 100644 index 0000000000..38b17395c9 --- /dev/null +++ b/neutron/templates/etc/_l3-agent.ini.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +agent_mode = legacy +enable_metadata_proxy = True +enable_isolated_metadata = True \ No newline at end of file diff --git a/neutron/templates/etc/_metadata-agent.ini.tpl b/neutron/templates/etc/_metadata-agent.ini.tpl new file mode 100644 index 0000000000..c0239e974d --- /dev/null +++ b/neutron/templates/etc/_metadata-agent.ini.tpl @@ -0,0 +1,31 @@ +[DEFAULT] +debug = {{ .Values.metadata_agent.default.debug }} + +# Neutron credentials for API access +auth_plugin = password +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_uri = {{ include "endpoint_keystone_internal" . }} +auth_region = {{ .Values.keystone.neutron_region_name }} +admin_tenant_name = service +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.admin_user }} +password = {{ .Values.keystone.admin_password }} +endpoint_type = adminURL + +# Nova metadata service IP and port +nova_metadata_ip = {{ include "nova_metadata_host" . }} +nova_metadata_port = {{ .Values.network.port.metadata }} +nova_metadata_protocol = http + +# Metadata proxy shared secret +metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }} + +metadata_port = {{ .Values.network.port.metadata }} + +# Workers and backlog requests +metadata_workers = {{ .Values.metadata.workers }} + +# Caching +cache_url = memory://?default_ttl=5 \ No newline at end of file diff --git a/neutron/templates/etc/_ml2-conf.ini.tpl b/neutron/templates/etc/_ml2-conf.ini.tpl new file mode 100644 index 0000000000..8a903a1715 --- /dev/null +++ b/neutron/templates/etc/_ml2-conf.ini.tpl @@ -0,0 +1,43 @@ +[ml2] +# Changing type_drivers after bootstrap can lead to database inconsistencies +type_drivers = {{ include "joinListWithColon" .Values.ml2.type_drivers }} +tenant_network_types = {{ .Values.ml2.tenant_network_types }} +mechanism_drivers = {{ include "joinListWithColon" .Values.ml2.mechanism_drivers }} + +[ml2_type_flat] +flat_networks = {{ include "joinListWithColon" .Values.ml2.ml2_type_flat.flat_networks }} + +[ml2_type_gre] +# (ListOpt) Comma-separated list of : tuples enumerating ranges +# of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = {{ .Values.ml2.ml2_type_gre.tunnel_id_ranges }} + +[ml2_type_vxlan] +vni_ranges = {{ .Values.ml2.ml2_type_vxlan.vni_ranges }} +vxlan_group = {{ .Values.ml2.ml2_type_vxlan.vxlan_group }} + +[ml2_type_vlan] +# (ListOpt) List of [::] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +network_vlan_ranges = {{ .Values.ml2.ml2_type_vlan.network_vlan_ranges }} + +[securitygroup] +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +{{- if .Values.ml2.agent.tunnel_types }} +[agent] +tunnel_types = {{ .Values.ml2.agent.tunnel_types }} +l2_population = false +arp_responder = false +{{- end }} + +[ovs] +bridge_mappings = {{ include "joinListWithColon" .Values.ml2.ovs.bridge_mappings }} +tenant_network_type = {{ .Values.ml2.agent.tunnel_types }} + +[vxlan] +l2_population = true +ovsdb_interface = {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl new file mode 100644 index 0000000000..859dd817d8 --- /dev/null +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -0,0 +1,71 @@ +[DEFAULT] +debug = {{ .Values.neutron.default.debug }} +use_syslog = False +use_stderr = True + +bind_host = {{ .Values.network.ip_address }} +bind_port = {{ .Values.network.port.server }} + +#lock_path = /var/lock/neutron +api_paste_config = /usr/share/neutron/api-paste.ini + +api_workers = {{ .Values.neutron.workers }} + +allow_overlapping_ips = True +core_plugin = ml2 +service_plugins = router + +interface_driver = openvswitch + +metadata_proxy_socket = /var/lib/neutron/openstack-helm/metadata_proxy + +allow_automatic_l3agent_failover = True +l3_ha = true +min_l3_agents_per_router = 1 +max_l3_agents_per_router = 2 +l3_ha_network_type = {{ .Values.neutron.default.l3_ha_network_type }} + +dhcp_agents_per_network = 3 + +network_auto_schedule = True +router_auto_schedule = True + +transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }} + +[nova] +auth_url = {{ include "endpoint_keystone_internal" . }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +endpoint_type = internal +region_name = {{ .Values.keystone.nova_region_name }} +project_name = service +username = {{ .Values.keystone.nova_user }} +password = {{ .Values.keystone.nova_password }} + +[oslo_concurrency] +lock_path = /var/lib/neutron/tmp + +[ovs] +ovsdb_connection = unix:/var/run/openvswitch/db.sock + +[agent] +root_helper = sudo /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf +l2_population = true +arp_responder = true + +[database] +connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "neutron_db_host" . }}/{{ .Values.database.neutron_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_url = {{ include "endpoint_keystone_internal" . }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.neutron_user }} +password = {{ .Values.keystone.neutron_password }} + +[oslo_messaging_notifications] +driver = noop \ No newline at end of file diff --git a/neutron/templates/etc/_resolv.conf.tpl b/neutron/templates/etc/_resolv.conf.tpl new file mode 100644 index 0000000000..68dc696756 --- /dev/null +++ b/neutron/templates/etc/_resolv.conf.tpl @@ -0,0 +1,5 @@ +search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }} +{{- range .Values.network.dns.servers }} +nameserver {{ . | title }} +{{- end }} +options ndots:5 \ No newline at end of file diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml new file mode 100644 index 0000000000..1514fe87a0 --- /dev/null +++ b/neutron/templates/job-db-sync.yaml @@ -0,0 +1,43 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-db-sync +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini upgrade head" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc \ No newline at end of file diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml new file mode 100644 index 0000000000..c21cd69324 --- /dev/null +++ b/neutron/templates/job-init.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-init +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-init + image: {{ .Values.images.init }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/init.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.init.service }}" + volumeMounts: + - name: initsh + mountPath: /tmp/init.sh + subPath: init.sh + volumes: + - name: initsh + configMap: + name: neutron-bin \ No newline at end of file diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml new file mode 100644 index 0000000000..936d299fe3 --- /dev/null +++ b/neutron/templates/job-post.yaml @@ -0,0 +1,39 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-post +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-post + image: {{ .Values.images.post }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/post.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.post.service }}" + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + volumeMounts: + - name: postsh + mountPath: /tmp/post.sh + subPath: post.sh + volumes: + - name: postsh + configMap: + name: neutron-bin \ No newline at end of file diff --git a/neutron/templates/service.yaml b/neutron/templates/service.yaml new file mode 100644 index 0000000000..24aa4cef30 --- /dev/null +++ b/neutron/templates/service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: neutron-server +spec: + ports: + - port: {{ .Values.network.port.server }} + selector: + app: neutron-server \ No newline at end of file diff --git a/neutron/values.yaml b/neutron/values.yaml new file mode 100644 index 0000000000..3c6268f45b --- /dev/null +++ b/neutron/values.yaml @@ -0,0 +1,241 @@ +# Default values for memcached. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: + server: 1 + +images: + init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + db_sync: quay.io/stackanetes/stackanetes-neutron-server:barcelona + server: quay.io/stackanetes/stackanetes-neutron-server:barcelona + dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:barcelona + metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:barcelona + l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:barcelona + neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:barcelona + openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest + openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest + post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + pull_policy: "IfNotPresent" + +labels: + # ovs is a special case, requiring a special + # label that can apply to both control hosts + # and compute hosts, until we get more sophisticated + # with our daemonset scheduling + ovs: + node_selector_key: openvswitch + node_selector_value: enabled + agent: + dhcp: + node_selector_key: openstack-control-plane + node_selector_value: enabled + l3: + node_selector_key: openstack-control-plane + node_selector_value: enabled + metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +network: + dns: + kubernetes_domain: cluster.local + # this must list the skydns server first, and in calico + # this is consistently 10.96.0.10 + servers: + - 10.96.0.10 + - 8.8.8.8 + external_bridge: br-ex + ip_address: 0.0.0.0 + interface: + external: enp12s0f0 + default: enp11s0f0 + port: + server: 9696 + metadata: 8775 + +memcached: + address: "memcached:11211" + +rabbitmq: + address: rabbitmq + admin_user: rabbitmq + admin_password: password + port: 5672 + +keystone: + admin_user: "admin" + admin_password: "password" + admin_project_name: "admin" + admin_region_name: "RegionOne" + domain_name: "default" + tenant_name: "admin" + + neutron_user: "neutron" + neutron_password: "password" + neutron_region_name: "RegionOne" + + nova_user: "nova" + nova_password: "password" + nova_region_name: "RegionOne" + +database: + port: 3306 + root_user: root + root_password: password + neutron_database_name: neutron + neutron_password: password + neutron_user: neutron + +metadata_agent: + default: + debug: 'True' + +neutron: + workers: 4 + default: + l3_ha_network_type: gre + debug: 'True' +metadata: + workers: 4 + +ml2: + tenant_network_types: "flat" + agent: + tunnel_types: null + type_drivers: + - flat + mechanism_drivers: + - openvswitch + - l2population + ml2_type_vxlan: + vni_ranges: "1:1000" + vxlan_group: 239.1.1.1 + ml2_type_gre: + tunnel_id_ranges: "1:1000" + ml2_type_flat: + flat_networks: + - "*" + ml2_type_vlan: + network_vlan_ranges: "physnet1:1100:1110" + ovs: + auto_bridge_add: + br-physnet1: enp11s0f0 + bridge_mappings: + - "physnet1:br-physnet1" + +dependencies: + server: + jobs: + - neutron-db-sync + - mariadb-seed + service: + - rabbitmq + - mariadb + - keystone-api + - memcached + dhcp: + service: + - neutron-server + - rabbitmq + - nova-api + jobs: + - neutron-init + - nova-post + daemonset: + - neutron-openvswitch + metadata: + jobs: + - neutron-init + - nova-post + service: + - neutron-server + - rabbitmq + - nova-api + daemonset: + - neutron-openvswitch + openvswitchagent: + jobs: + - neutron-post + - nova-post + service: + - keystone-api + - rabbitmq + - neutron-server + container: + - openvswitch-db-server + - openvswitch-vswitchd + l3: + jobs: + - nova-init + - neutron-init + - nova-post + service: + - neutron-server + - rabbitmq + - nova-api + daemonset: + - neutron-openvswitch + db_sync: + jobs: + - neutron-init + - mariadb-seed + service: + - mariadb + init: + jobs: + - mariadb-seed + service: + - mariadb + post: + jobs: + - neutron-db-sync + service: + - keystone-api + - neutron-server + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + nova: + hosts: + default: nova-api + path: "/v2/%(tenant_id)s" + type: compute + scheme: 'http' + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + neutron: + hosts: + default: neutron-server + path: null + type: network + scheme: 'http' + port: + api: 9696