openstack/puppet-openstack-integration
Code Issues Proposed changes

Neutron: Run neutron api by httpd + mod_wsgi

Browse Source 
This updates neutron deployment to use httpd + mod_wsgi to run api.
This is the recommended way to deploy neutron now since the existing
monolithic neutron-server will be removed as part of eventlet removal
initiative.

Note that the change is made only in CentOS because Ubuntu does not
provide the separate service for rpc-server now.

Depends-on: https://review.opendev.org/c/openstack/puppet-ovn/+/933340
Change-Id: I4cd0b9b0ec5a4c98d35a2517d94131e2cdb7e894
This commit is contained in:
Takashi Kajinami 2023-08-10 00:28:06 +09:00 committed by Takashi Kajinami
parent 499520a290
commit 11ed1331a1
8 changed files with 111 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
copy_logs.sh
View File

@ -368,14 +368,26 @@ sudo ps -eo user,pid,ppid,lwp,%cpu,%mem,size,rss,cmd > $LOG_DIR/ps.txt
sudo ip -d address > $LOG_DIR/ip_-d_address.txt sudo ip -d address > $LOG_DIR/ip_-d_address.txt
sudo brctl show > $LOG_DIR/brctl_show.txt sudo brctl show > $LOG_DIR/brctl_show.txt
if [ `command -v ovs-vsctl` ]; then if [ `command -v ovs-vsctl` ]; then
sudo ovs-vsctl show > $LOG_DIR/ovs-vsctl_show.txt echo "== ovs-vsctl list open_vswitch ==" > $LOG_DIR/ovs-vsctl.txt
sudo ovs-vsctl list open_vswitch > $LOG_DIR/ovs-vsctl_list_open_vswitch.txt sudo ovs-vsctl list open_vswitch >> $LOG_DIR/ovs-vsctl.txt
echo "== ovs-vsctl show ==" >> $LOG_DIR/ovs-vsctl.txt
sudo ovs-vsctl show >> $LOG_DIR/ovs-vsctl.txt
fi fi
if [ `command -v ovn-nbctl` ]; then if [ `command -v ovn-nbctl` ]; then
sudo ovn-nbctl show > $LOG_DIR/ovn-nbctl_show.txt echo "== ovn-nbctl get-connection ==" > $LOG_DIR/ovn-nbctl.txt
sudo ovn-nbctl get-connection >> $LOG_DIR/ovn-nbctl.txt
echo "== ovn-nbctl list connection ==" >> $LOG_DIR/ovn-nbctl.txt
sudo ovn-nbctl list connection >> $LOG_DIR/ovn-nbctl.txt
echo "== ovn-nbctl show ==" >> $LOG_DIR/ovn-nbctl.txt
sudo ovn-nbctl show >> $LOG_DIR/ovn-nbctl.txt
fi fi
if [ `command -v ovn-sbctl` ]; then if [ `command -v ovn-sbctl` ]; then
sudo ovn-sbctl show > $LOG_DIR/ovn-sbctl_show.txt echo "== ovn-sbctl get-connection ==" > $LOG_DIR/ovn-sbctl.txt
sudo ovn-sbctl get-connection >> $LOG_DIR/ovn-sbctl.txt
echo "== ovn-sbctl list connection ==" >> $LOG_DIR/ovn-sbctl.txt
sudo ovn-sbctl list connection >> $LOG_DIR/ovn-sbctl.txt
echo "== ovn-sbctl show ==" >> $LOG_DIR/ovn-sbctl.txt
sudo ovn-sbctl show >> $LOG_DIR/ovn-sbctl.txt
fi fi
sudo netstat -tulpn > $LOG_DIR/netstat.txt sudo netstat -tulpn > $LOG_DIR/netstat.txt
sudo LC_CTYPE=C SYSTEMD_COLORS=false systemctl status --all --no-pager 2>/dev/null > $LOG_DIR/systemctl.txt sudo LC_CTYPE=C SYSTEMD_COLORS=false systemctl status --all --no-pager 2>/dev/null > $LOG_DIR/systemctl.txt

3
fixtures/scenario001.pp
View File

@ -24,10 +24,12 @@ case $facts['os']['family'] {
'Debian': { 'Debian': {
$ipv6 = false $ipv6 = false
$cache_backend = 'memcached' $cache_backend = 'memcached'
$neutron_use_httpd = false
} }
'RedHat': { 'RedHat': {
$ipv6 = true $ipv6 = true
$cache_backend = 'redis' $cache_backend = 'redis'
$neutron_use_httpd = true
} }
default: { default: {
fail("Unsupported osfamily (${facts['os']['family']})") fail("Unsupported osfamily (${facts['os']['family']})")
@ -59,6 +61,7 @@ class { 'openstack_integration::glance':
} }
class { 'openstack_integration::neutron': class { 'openstack_integration::neutron':
notification_topics => ['notifications', 'vitrage_notifications'], notification_topics => ['notifications', 'vitrage_notifications'],
use_httpd => $neutron_use_httpd,
metering_enabled => true, metering_enabled => true,
} }
include openstack_integration::placement include openstack_integration::placement

3
fixtures/scenario002.pp
View File

@ -26,12 +26,14 @@ case $facts['os']['family'] {
$cache_backend = 'memcached' $cache_backend = 'memcached'
$django_cache_backend = 'memcached' $django_cache_backend = 'memcached'
$tooz_backend = 'redis' $tooz_backend = 'redis'
$neutron_use_httpd = false
} }
'RedHat': { 'RedHat': {
$ipv6 = false $ipv6 = false
$cache_backend = 'redis_sentinel' $cache_backend = 'redis_sentinel'
$django_cache_backend = 'redis' $django_cache_backend = 'redis'
$tooz_backend = 'redis_sentinel' $tooz_backend = 'redis_sentinel'
$neutron_use_httpd = true
} }
default: { default: {
fail("Unsupported osfamily (${facts['os']['family']})") fail("Unsupported osfamily (${facts['os']['family']})")
@ -63,6 +65,7 @@ class { 'openstack_integration::glance':
image_encryption => true, image_encryption => true,
} }
class { 'openstack_integration::neutron': class { 'openstack_integration::neutron':
use_httpd => $neutron_use_httpd,
baremetal_enabled => true, baremetal_enabled => true,
metering_enabled => true, metering_enabled => true,
} }

5
fixtures/scenario003.pp
View File

@ -26,10 +26,12 @@ case $facts['os']['family'] {
# NOTE(tkajinam): UCA Caracal does not provide trove packages # NOTE(tkajinam): UCA Caracal does not provide trove packages
# https://bugs.launchpad.net/ubuntu/+source/openstack-trove/+bug/2064838 # https://bugs.launchpad.net/ubuntu/+source/openstack-trove/+bug/2064838
$trove_enabled = false $trove_enabled = false
$neutron_use_httpd = false
} }
'RedHat': { 'RedHat': {
$ipv6 = true $ipv6 = true
$trove_enabled = true $trove_enabled = true
$neutron_use_httpd = true
} }
default: { default: {
fail("Unsupported osfamily (${facts['os']['family']})") fail("Unsupported osfamily (${facts['os']['family']})")
@ -54,7 +56,8 @@ include openstack_integration::keystone
include openstack_integration::glance include openstack_integration::glance
class { 'openstack_integration::neutron': class { 'openstack_integration::neutron':
driver => 'ovn', use_httpd => $neutron_use_httpd,
driver => 'ovn',
} }
include openstack_integration::placement include openstack_integration::placement
class { 'openstack_integration::nova': class { 'openstack_integration::nova':

3
fixtures/scenario004.pp
View File

@ -23,6 +23,7 @@ if $facts['os']['name'] == 'Ubuntu' {
case $facts['os']['family'] { case $facts['os']['family'] {
'Debian': { 'Debian': {
$ipv6 = false $ipv6 = false
$neutron_use_httpd = false
# TODO(tkajinam): Need additional work to load the plugins # TODO(tkajinam): Need additional work to load the plugins
$bgpvpn_enabled = false $bgpvpn_enabled = false
$l2gw_enabled = false $l2gw_enabled = false
@ -32,6 +33,7 @@ case $facts['os']['family'] {
} }
'RedHat': { 'RedHat': {
$ipv6 = true $ipv6 = true
$neutron_use_httpd = true
$bgpvpn_enabled = true $bgpvpn_enabled = true
$l2gw_enabled = true $l2gw_enabled = true
$bgp_dragent_enabled = true $bgp_dragent_enabled = true
@ -64,6 +66,7 @@ class { 'openstack_integration::glance':
} }
class { 'openstack_integration::neutron': class { 'openstack_integration::neutron':
use_httpd => $neutron_use_httpd,
vpnaas_enabled => $vpnaas_enabled, vpnaas_enabled => $vpnaas_enabled,
taas_enabled => $taas_enabled, taas_enabled => $taas_enabled,
bgpvpn_enabled => $bgpvpn_enabled, bgpvpn_enabled => $bgpvpn_enabled,

3
fixtures/scenario005.pp
View File

@ -23,6 +23,7 @@ if $facts['os']['name'] == 'Ubuntu' {
case $facts['os']['family'] { case $facts['os']['family'] {
'Debian': { 'Debian': {
$ipv6 = false $ipv6 = false
$neutron_use_httpd = false
$ovn_metadata_agent_enabled = true $ovn_metadata_agent_enabled = true
$jobboard_backend = 'redis' $jobboard_backend = 'redis'
# TODO(tkajinam): Enable these along with the other plugins # TODO(tkajinam): Enable these along with the other plugins
@ -30,6 +31,7 @@ case $facts['os']['family'] {
} }
'RedHat': { 'RedHat': {
$ipv6 = true $ipv6 = true
$neutron_use_httpd = true
$ovn_metadata_agent_enabled = false $ovn_metadata_agent_enabled = false
$jobboard_backend = 'redis_sentinel' $jobboard_backend = 'redis_sentinel'
$vpnaas_enabled = true $vpnaas_enabled = true
@ -60,6 +62,7 @@ class { 'openstack_integration::glance':
show_multiple_locations => true, show_multiple_locations => true,
} }
class { 'openstack_integration::neutron': class { 'openstack_integration::neutron':
use_httpd => $neutron_use_httpd,
driver => 'ovn', driver => 'ovn',
ovn_metadata_agent_enabled => $ovn_metadata_agent_enabled, ovn_metadata_agent_enabled => $ovn_metadata_agent_enabled,
vpnaas_enabled => $vpnaas_enabled vpnaas_enabled => $vpnaas_enabled

72
manifests/neutron.pp
View File

@ -5,6 +5,10 @@
# Can be: openvswitch, linuxbridge or ovn. # Can be: openvswitch, linuxbridge or ovn.
# Defaults to 'openvswitch'. # Defaults to 'openvswitch'.
# #
# [*use_httpd*]
# (optional) Use httpd to run neutron api
# Defaults to false
#
# [*ovn_metadata_agent_enabled*] # [*ovn_metadata_agent_enabled*]
# (optional) Enable ovn-metadata-agent # (optional) Enable ovn-metadata-agent
# Defaults to true # Defaults to true
@ -43,6 +47,7 @@
# #
class openstack_integration::neutron ( class openstack_integration::neutron (
$driver = 'openvswitch', $driver = 'openvswitch',
$use_httpd = false,
$ovn_metadata_agent_enabled = true, $ovn_metadata_agent_enabled = true,
$metering_enabled = false, $metering_enabled = false,
$vpnaas_enabled = false, $vpnaas_enabled = false,
@ -77,11 +82,16 @@ class openstack_integration::neutron (
} }
if $::openstack_integration::config::ssl { if $::openstack_integration::config::ssl {
$api_service = $use_httpd ? {
true => 'httpd',
default => 'neutron-server',
}
openstack_integration::ssl_key { 'neutron': openstack_integration::ssl_key { 'neutron':
notify => Service['neutron-server'], notify => Service[$api_service],
require => Anchor['neutron::install::end'], require => Anchor['neutron::install::end'],
} }
Exec['update-ca-certificates'] ~> Service<| tag == 'neutron-service' |> Exec['update-ca-certificates'] ~> Service[$api_service]
if $driver == 'ovn' { if $driver == 'ovn' {
openstack_integration::ovn::ssl_key { 'neutron': openstack_integration::ovn::ssl_key { 'neutron':
@ -286,6 +296,53 @@ class openstack_integration::neutron (
}), }),
} }
if $use_httpd {
class { 'neutron::wsgi::apache':
bind_host => $::openstack_integration::config::host,
ssl_key => "/etc/neutron/ssl/private/${facts['networking']['fqdn']}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => 2,
}
$vpnaas_conf = $vpnaas_enabled ? {
true => 'neutron_vpnaas.conf',
default => undef,
}
$taas_conf = $taas_enabled ? {
true => 'taas_plugin.ini',
default => undef,
}
$bgpvpn_conf = $bgpvpn_enabled ? {
true => 'networking_bgpvpn.conf',
default => undef,
}
$l2gw_conf = $l2gw_enabled ? {
true => 'l2gw_plugin.ini',
default => undef,
}
$neutron_conf_files = delete_undef_values([
'neutron.conf', 'plugins/ml2/ml2_conf.ini',
$vpnaas_conf, $taas_conf, $bgpvpn_conf, $l2gw_conf
])
# TODO(tkajinam): Should this be in puppet-neutron ?
systemd::dropin_file { 'apache-os-neutron':
unit => "${::apache::service::service_name}.service",
filename => 'os-neutron.conf',
content => "[Service]
Environment=OS_NEUTRON_CONFIG_FILES=${join($neutron_conf_files, ';')}",
require => Package['httpd'],
}
$server_service_name = false
$api_service_name = 'httpd'
} else {
$server_service_name = $::neutron::params::server_service
$api_service_name = $::neutron::params::api_service_name
}
$rpc_workers = $driver ? { $rpc_workers = $driver ? {
'ovn' => $vpnaas_enabled ? { 'ovn' => $vpnaas_enabled ? {
true => 2, true => 2,
@ -297,6 +354,10 @@ class openstack_integration::neutron (
'ovn' => 0, 'ovn' => 0,
default => $facts['os_service_default'], default => $facts['os_service_default'],
} }
$rpc_service_name = $rpc_workers ? {
0 => false,
default => $::neutron::params::rpc_service_name
}
class { 'neutron::server': class { 'neutron::server':
sync_db => true, sync_db => true,
@ -304,6 +365,9 @@ class openstack_integration::neutron (
rpc_workers => $rpc_workers, rpc_workers => $rpc_workers,
rpc_state_report_workers => $rpc_state_report_workers, rpc_state_report_workers => $rpc_state_report_workers,
rpc_response_max_timeout => 300, rpc_response_max_timeout => 300,
service_name => $server_service_name,
api_service_name => $api_service_name,
rpc_service_name => $rpc_service_name,
} }
$overlay_network_type = $driver ? { $overlay_network_type = $driver ? {
@ -430,6 +494,10 @@ class openstack_integration::neutron (
ovn_sb_ca_cert => '/etc/neutron/switchcacert.pem', ovn_sb_ca_cert => '/etc/neutron/switchcacert.pem',
} }
} }
if $use_httpd {
class { 'neutron::plugins::ml2::ovn::maintenance_worker': }
}
} else { } else {
class { 'neutron::agents::metadata': class { 'neutron::agents::metadata':
debug => true, debug => true,

16
manifests/ovn.pp
View File

@ -55,13 +55,15 @@ class openstack_integration::ovn(
} }
class { 'ovn::northd': class { 'ovn::northd':
dbs_listen_ip => $::openstack_integration::config::ip_for_url, dbs_listen_ip => $::openstack_integration::config::ip_for_url,
ovn_nb_db_ssl_key => $ovn_nb_db_ssl_key, ovn_nb_db_ssl_key => $ovn_nb_db_ssl_key,
ovn_nb_db_ssl_cert => $ovn_nb_db_ssl_cert, ovn_nb_db_ssl_cert => $ovn_nb_db_ssl_cert,
ovn_nb_db_ssl_ca_cert => $ovn_nb_db_ssl_ca_cert, ovn_nb_db_ssl_ca_cert => $ovn_nb_db_ssl_ca_cert,
ovn_sb_db_ssl_key => $ovn_sb_db_ssl_key, ovn_sb_db_ssl_key => $ovn_sb_db_ssl_key,
ovn_sb_db_ssl_cert => $ovn_sb_db_ssl_cert, ovn_sb_db_ssl_cert => $ovn_sb_db_ssl_cert,
ovn_sb_db_ssl_ca_cert => $ovn_sb_db_ssl_ca_cert, ovn_sb_db_ssl_ca_cert => $ovn_sb_db_ssl_ca_cert,
ovn_nb_db_inactivity_probe => 120000,
ovn_sb_db_inactivity_probe => 120000,
} }
class { 'ovn::controller': class { 'ovn::controller':
ovn_remote => $::openstack_integration::config::ovn_sb_connection, ovn_remote => $::openstack_integration::config::ovn_sb_connection,