openstack/puppet-tripleo
Code Issues Proposed changes

Adding wrapper scripts for neutron agent subprocesses

Browse Source 
The neutron agents use subprocesses like dnsmasq and keepalived as part
of their implementation. Running these "subprocesses" in separate
containers prevent dataplane breakages/unnecessary failover on agent
container restart.

Also amends docker daemon options to allow including additional unix
domain sockets to bind to the docker daemon. The paths can be mounted by
containers that launch containers instead of mounting /run/docker.sock.
This avoids issues if the docker daemon is restarted while the containers
are running.

Related-Bug: #1749209
Change-Id: Icd4c24ac686d957391548a04722266cefc1bce27
This commit is contained in:
Brent Eagles 2018-03-09 17:32:34 -03:30
parent 1a73b868ce
commit 015c9b757a
25 changed files with 1205 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
manifests/profile/base/docker.pp
View File

@ -33,6 +33,10 @@
# OPTIONS that are used to startup the docker service.
# Defaults to '--log-driver=journald --signature-verification=false --iptables=false --live-restore'
#
# [*additional_sockets*]
# Array of addtional domain sockets for the docker daemon to bind to.
# Defaults to undef
#
# [*configure_network*]
# Boolean. Whether to configure the docker network. Defaults to false.
#
@ -82,6 +86,7 @@ class tripleo::profile::base::docker (
$insecure_registries = undef,
$registry_mirror = false,
$docker_options = '--log-driver=journald --signature-verification=false --iptables=false --live-restore',
$additional_sockets = undef,
$configure_network = false,
$network_options = '',
$configure_storage = true,
@ -132,7 +137,15 @@ class tripleo::profile::base::docker (
} else {
$selinux_enabled_string = ''
}
$options_changes = [ "set OPTIONS '\"${docker_options}${selinux_enabled_string}\"'" ]
if $additional_sockets {
$arg_string = join(prefix(any2array($additional_sockets), '-H unix://'), ' ')
# We include the typical default socket to make sure other docker clients
# will work.
$add_sockets = " -H unix:///run/docker.sock ${arg_string}"
} else {
$add_sockets = ''
}
$options_changes = [ "set OPTIONS '\"${docker_options}${add_sockets}${selinux_enabled_string}\"'" ]
} else {
$options_changes = [ 'rm OPTIONS' ]
}
@ -250,10 +263,24 @@ class tripleo::profile::base::docker (
require => Package['docker'],
}
if $deployment_user {
if $additional_sockets {
# When specifying additional sockets, ensure that the directory
# exists for each one.
any2array($additional_sockets).each | String $sock_path | {
file {dirname($sock_path):
ensure => directory,
notify => Service['docker']
}
}
}
if $deployment_user or $additional_sockets {
ensure_resource('group', 'docker', {
'ensure' => 'present',
'ensure' => 'present'
})
}
if $deployment_user {
ensure_resource('user', $deployment_user, {
'name' => $deployment_user,
'groups' => 'docker',

89
manifests/profile/base/neutron/dhcp_agent_wrappers.pp Normal file
View File

@ -0,0 +1,89 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::dhcp_agent_wrappers
#
# Generates wrapper scripts for running dhcp agent subprocesess in containers.
#
# === Parameters
#
# [*enable_dnsmasq_wrapper*]
# (Optional) If true, generates a wrapper for running dnsmasq in
# a docker container.
# Defaults to false
#
# [*dnsmasq_process_wrapper*]
# (Optional) Filename for dnsmasq wrapper in the specified file.
# Defaults to undef
#
# [*dnsmasq_image*]
# (Optional) Docker image name for dnsmasq. Required if
# dnsmasq_process_wrapper is set.
# Defaults to undef
#
# [*enable_haproxy_wrapper*]
# (Optional) If true, generates a wrapper for running haproxy in
# a docker container.
# Defaults to false
#
# [*haproxy_process_wrapper*]
# (Optional) If set, generates a haproxy wrapper in the specified file.
# Defaults to undef
#
# [*haproxy_image*]
# (Optional) Docker image name for haproxy. Required if
# haproxy_process_wrapper is set.
# Defaults to undef
#
# [*bind_sockets*]
# (Optional) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('tripleo::profile::base::docker::additional_sockets', ['/run/docker.sock'])
#
class tripleo::profile::base::neutron::dhcp_agent_wrappers (
$enable_dnsmasq_wrapper = false,
$dnsmasq_process_wrapper = undef,
$dnsmasq_image = undef,
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$bind_sockets = hiera('tripleo::profile::base::docker::additional_sockets', ['/run/docker.sock']),
) {
unless $bind_sockets {
fail('The wrappers require a domain socket for accessing the docker daemon')
}
$bind_socket = join(['unix://', $bind_sockets[0]], '')
if $enable_dnsmasq_wrapper {
unless $dnsmasq_image and $dnsmasq_process_wrapper{
fail('The docker image for dnsmasq and wrapper filename must be provided when generating dnsmasq wrappers')
}
tripleo::profile::base::neutron::wrappers::dnsmasq{'dhcp_dnsmasq_process_wrapper':
dnsmasq_process_wrapper => $dnsmasq_process_wrapper,
dnsmasq_image => $dnsmasq_image,
bind_socket => $bind_socket
}
}
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
}
tripleo::profile::base::neutron::wrappers::haproxy{'dhcp_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
ns_prefix => 'qdhcp',
bind_socket => $bind_socket
}
}
}

160
manifests/profile/base/neutron/l3_agent_wrappers.pp Normal file
View File

@ -0,0 +1,160 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::l3_agent_wrappers
#
# Generates wrapper scripts for running l3 agent subprocesess in containers.
#
# === Parameters
#
# [*enable_haproxy_wrapper*]
# (Optional) If true, generates a wrapper for running haproxy in
# a docker container.
# Defaults to false
#
# [*haproxy_process_wrapper*]
# (Optional) If set, generates a haproxy wrapper in the specified file.
# Defaults to undef
#
# [*haproxy_image*]
# (Optional) Docker image name for haproxy. Required if
# haproxy_process_wrapper is set.
# Defaults to undef
#
# [*enable_radvd_wrapper*]
# (Optional) If true, generates a wrapper for running radvd in
# a docker container.
# Defaults to false
#
# [*radvd_process_wrapper*]
# (Optional) If set, generates a radvd wrapper in the specified file.
# Defaults to undef
#
# [*radvd_image*]
# (Optional) Docker image name for haproxy. Required if radvd_process_wrapper
# is set.
# Defaults to undef
#
# [*enable_keepalived_wrapper*]
# (Optional) If true, generates a wrapper for running keepalived in
# a docker container.
# Defaults to false
#
# [*keepalived_process_wrapper*]
# (Optional) If set, generates a keepalived in the specified file.
# Defaults to undef
#
# [*keepalived_image*]
# (Optional) Docker image name for keepalived. Required if
# keepalived_process_wrapper is set.
# Defaults to undef
#
# [*keepalived_state_change_wrapper*]
# (Optional) If set, generates a wrapper for running neutron's keepalived
# state change daemon in the keepalived container. The keepalived wrapper and
# image must also be set if this is set.
# Defaults to undef
#
# [*enable_dibbler_wrapper*]
# (Optional) If true, generates a wrapper for running dibbler in
# a docker container.
# Defaults to false
#
# [*dibbler_process_wrapper*]
# (Optional) If set, generates a dibbler in the specified file.
# Defaults to undef
#
# [*dibbler_image*]
# (Optional) Docker image name for dibbler. Required if dibbler_process_wrapper is set.
# Defaults to undef
#
# [*bind_sockets*]
# (Optional) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('tripleo::profile::base::docker::additional_sockets', ['/run/docker.sock'])
#
class tripleo::profile::base::neutron::l3_agent_wrappers (
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$enable_radvd_wrapper = false,
$radvd_process_wrapper = undef,
$radvd_image = undef,
$enable_keepalived_wrapper = false,
$keepalived_process_wrapper = undef,
$keepalived_image = undef,
$keepalived_state_change_wrapper = undef,
$enable_dibbler_wrapper = false,
$dibbler_process_wrapper = undef,
$dibbler_image = undef,
$bind_sockets = hiera('tripleo::profile::base::docker::additional_sockets', ['/run/docker.sock']),
) {
unless $bind_sockets {
fail('The wrappers require a domain socket for accessing the docker daemon')
}
$bind_socket = join(['unix://', $bind_sockets[0]], '')
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
}
tripleo::profile::base::neutron::wrappers::haproxy{'l3_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
ns_prefix => 'qrouter',
bind_socket => $bind_socket,
}
}
if $enable_radvd_wrapper {
unless $radvd_image and $radvd_process_wrapper{
fail('The docker image for radvd and wrapper filename must be provided when generating radvd wrappers')
}
tripleo::profile::base::neutron::wrappers::radvd{'l3_radvd_process_wrapper':
radvd_process_wrapper => $radvd_process_wrapper,
radvd_image => $radvd_image,
bind_socket => $bind_socket,
}
}
if $enable_keepalived_wrapper {
unless $keepalived_image and $keepalived_process_wrapper{
fail('The docker image for keepalived and wrapper filename must be provided when generating keepalived wrappers')
}
tripleo::profile::base::neutron::wrappers::keepalived{'l3_keepalived':
keepalived_process_wrapper => $keepalived_process_wrapper,
keepalived_image => $keepalived_image,
ns_prefix => 'qrouter',
bind_socket => $bind_socket,
}
unless $keepalived_state_change_wrapper {
fail('The keepalived state change wrapper must also be configured when generating keepalived wrappers')
}
tripleo::profile::base::neutron::wrappers::keepalived_state_change{'l3_keepalived_state_change':
keepalived_state_change_wrapper => $keepalived_state_change_wrapper,
ns_prefix => 'qrouter',
bind_socket => $bind_socket,
}
}
if $enable_dibbler_wrapper {
unless $dibbler_image and $dibbler_process_wrapper{
fail('The docker image for dibbler and wrapper filename must be provided when generating dibbler wrappers')
}
tripleo::profile::base::neutron::wrappers::dibbler_client{'l3_dibbler_daemon':
dibbler_process_wrapper => $dibbler_process_wrapper,
dibbler_image => $dibbler_image,
bind_socket => $bind_socket,
}
}
}

43
manifests/profile/base/neutron/wrappers/dibbler_client.pp Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::dibbler_client
#
# Generates wrapper script for running dibbler in a container.
#
# === Parameters
#
# [*dibbler_process_wrapper*]
# Filename for dibbler wrapper script.
#
# [*dibbler_image*]
# Docker image name for dibbler.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
define tripleo::profile::base::neutron::wrappers::dibbler_client (
$dibbler_process_wrapper,
$dibbler_image,
$bind_socket,
) {
file { $dibbler_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dibbler-client.epp', {
'image_name' => $dibbler_image,
'bind_socket' => $bind_socket
})
}
}

43
manifests/profile/base/neutron/wrappers/dnsmasq.pp Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::dnsmasq
#
# Generates wrapper script for running dnsmasq in a container.
#
# === Parameters
#
# [*dnsmasq_process_wrapper*]
# Filename for dnsmasq wrapper script.
#
# [*dnsmasq_image*]
# Docker image name for dnsmasq.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
define tripleo::profile::base::neutron::wrappers::dnsmasq (
$dnsmasq_process_wrapper,
$dnsmasq_image,
$bind_socket,
) {
file { $dnsmasq_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dnsmasq.epp', {
'image_name' => $dnsmasq_image,
'bind_socket' => $bind_socket
})
}
}

48
manifests/profile/base/neutron/wrappers/haproxy.pp Normal file
View File

@ -0,0 +1,48 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::haproxy
#
# Generates wrapper script for running haproxy in a container.
#
# === Parameters
#
# [*haproxy_process_wrapper*]
# Filename for haproxy wrapper script.
#
# [*haproxy_image*]
# Docker image name for haproxy.
#
# [*ns_prefix*]
# Prefix for namespace (e.g. qrouter-, qdhcp-)
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
define tripleo::profile::base::neutron::wrappers::haproxy (
$haproxy_process_wrapper,
$haproxy_image,
$ns_prefix,
$bind_socket,
) {
file { $haproxy_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/haproxy.epp', {
'image_name' => $haproxy_image,
'ns_prefix' => $ns_prefix,
'bind_socket' => $bind_socket,
})
}
}

48
manifests/profile/base/neutron/wrappers/keepalived.pp Normal file
View File

@ -0,0 +1,48 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::keepalived
#
# Generates wrapper script for running keepalived in a container.
#
# === Parameters
#
# [*keepalived_process_wrapper*]
# Filename for keepalived wrapper script.
#
# [*keepalived_image*]
# Docker image name for keepalived.
#
# [*ns_prefix*]
# Prefix for namespace (e.g. qrouter-, qdhcp-)
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
define tripleo::profile::base::neutron::wrappers::keepalived (
$keepalived_process_wrapper,
$keepalived_image,
$ns_prefix,
$bind_socket,
) {
file { $keepalived_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/keepalived.epp', {
'image_name' => $keepalived_image,
'ns_prefix' => $ns_prefix,
'bind_socket' => $bind_socket,
})
}
}

43
manifests/profile/base/neutron/wrappers/keepalived_state_change.pp Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::wrappers::keepalived_state_change
#
# Generates wrapper script for running keepalived-state-change daemon in a container.
#
# === Parameters
#
# [*keepalived_state_change_wrapper*]
# Filename for neutron-keepalived-state-change wrapper script.
#
# [*ns_prefix*]
# Prefix for namespace (e.g. qrouter-, qdhcp-)
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
define tripleo::profile::base::neutron::wrappers::keepalived_state_change (
$keepalived_state_change_wrapper,
$ns_prefix,
$bind_socket,
) {
file { $keepalived_state_change_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', {
'ns_prefix' => $ns_prefix,
'bind_socket' => $bind_socket
})
}
}

43
manifests/profile/base/neutron/wrappers/radvd.pp Normal file
View File

@ -0,0 +1,43 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::radvd
#
# Generates wrapper script for running radvd in a container.
#
# === Parameters
#
# [*radvd_process_wrapper*]
# Filename for radvd wrapper script.
#
# [*radvd_image*]
# Docker image name for radvd.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
define tripleo::profile::base::neutron::wrappers::radvd (
$radvd_process_wrapper,
$radvd_image,
$bind_socket,
) {
file { $radvd_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/radvd.epp', {
'image_name' => $radvd_image,
'bind_socket' => $bind_socket,
})
}
}

8
releasenotes/notes/add-neutron-agent-wrappers-bf84104f3607264b.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Added parameters to generate wrapper scripts for the neutron dhcp and l3 agents
to run dnsmasq and keepalived, respectively, in separate containers.
- Added `tripleo::profile::base::docker::additional_sockets` to allow configuring
additional domain sockets bindings on dockerd. This facilitates creating
containers that need to access dockerd without having to mount /run.

12
spec/classes/tripleo_profile_base_docker_spec.rb
View File

@ -177,6 +177,18 @@ describe 'tripleo::profile::base::docker' do
}
end
context 'with additional domains sockets' do
let(:params) { {
:step => 1,
:additional_sockets => ['/var/lib/openstack/docker.sock', '/var/run/some-other/docker.sock']
} }
it {
is_expected.to contain_augeas('docker-sysconfig-options').with_changes([
"set OPTIONS '\"--log-driver=journald --signature-verification=false --iptables=false --live-restore -H unix:///run/docker.sock -H unix:///var/lib/openstack/docker.sock -H unix:///var/run/some-other/docker.sock\"'",
])
}
end
end
on_supported_os.each do |os, facts|

46
spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb Normal file
View File

@ -0,0 +1,46 @@
#
# Copyright (C) 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::dhcp' do
shared_examples_for 'tripleo::profile::base::neutron::dhcp' do
before :each do
facts.merge!({ :step => params[:step] })
end
context 'with defaults for all parameters' do
let(:params) { { :step => 4 } }
it 'should do nothing' do
is_expected.to contain_class('tripleo::profile::base::neutron::dhcp')
is_expected.to contain_class('neutron::agents::dhcp')
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::dhcp'
end
end
end

46
spec/classes/tripleo_profile_base_neutron_l3_spec.rb Normal file
View File

@ -0,0 +1,46 @@
#
# Copyright (C) 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::l3' do
shared_examples_for 'tripleo::profile::base::neutron::l3' do
before :each do
facts.merge!({ :step => params[:step] })
end
context 'with defaults for all parameters' do
let(:params) { { :step => 4 } }
it 'should do nothing' do
is_expected.to contain_class('tripleo::profile::base::neutron::l3')
is_expected.to contain_class('neutron::agents::l3')
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::l3'
end
end
end

58
spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb Normal file
View File

@ -0,0 +1,58 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
let :title do
'dibbler_client'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
context 'creates wrapper file' do
let :params do {
:dibbler_process_wrapper => '/usr/local/bin/dibbler-client',
:dibbler_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
}
end
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dibbler-client').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::dibbler_client'
end
end
end

59
spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb Normal file
View File

@ -0,0 +1,59 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
let :title do
'dnsmasq_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
context 'creates wrapper file' do
let(:params) {
{
:dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq',
:dnsmasq_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dnsmasq').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::dnsmasq'
end
end
end

63
spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb Normal file
View File

@ -0,0 +1,63 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::haproxy' do
let :title do
'haproxy_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::haproxy' do
context 'creates wrapper file' do
let(:params) {
{
:haproxy_process_wrapper => '/usr/local/bin/haproxy',
:haproxy_image => 'a_registry/some_container_name:some_tag',
:ns_prefix => 'puppet-test',
:bind_socket => 'unix:///run/another/docker.sock'
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/haproxy').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/^NAME=neutron-haproxy-puppet-test-/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::haproxy'
end
end
end

60
spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb Normal file
View File

@ -0,0 +1,60 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::keepalived' do
let :title do
'keepalived_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived' do
context 'creates wrapper file' do
let(:params) {
{
:keepalived_process_wrapper => '/usr/local/bin/keepalived',
:keepalived_image => 'a_registry/some_container_name:some_tag',
:ns_prefix => 'puppet-test',
:bind_socket => 'unix:///run/another/docker.sock'
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived'
end
end
end

59
spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb Normal file
View File

@ -0,0 +1,59 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
let :title do
'keepalived_state_change'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
context 'creates wrapper file' do
let(:params) {
{
:keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change',
:ns_prefix => 'puppet-test',
:bind_socket => 'unix:///run/another/docker.sock'
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/ip.netns.exec.*puppet-test.*neutron-keepalived-state-change/
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived_state_change'
end
end
end

62
spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb Normal file
View File

@ -0,0 +1,62 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::radvd' do
let :title do
'radvd_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::radvd' do
context 'creates wrapper file' do
let(:params) {
{
:radvd_process_wrapper => '/usr/local/bin/radvd',
:radvd_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/radvd').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/^NAME=neutron-radvd-/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::radvd'
end
end
end

32
templates/neutron/dibbler-client.epp Normal file
View File

@ -0,0 +1,32 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
#!/bin/bash
export DOCKER_HOST="<%=$bind_socket%>"
# we want to "eat" the "start" command given by neutron and run
# this in the foreground.
shift
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-dibbler-${NETWORK_ID}
docker stop $NAME || true
docker rm -f $NAME || true
docker run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec qrouter-${NETWORK_ID} /usr/sbin/dibbler-client run $ARGS

30
templates/neutron/dnsmasq.epp Normal file
View File

@ -0,0 +1,30 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
#!/bin/bash
export DOCKER_HOST="<%=$bind_socket%>"
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-dnsmasq-${NETWORK_ID}
docker stop $NAME || true
docker rm -f $NAME || true
docker run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec qdhcp-${NETWORK_ID} /usr/sbin/dnsmasq -k $ARGS

29
templates/neutron/haproxy.epp Normal file
View File

@ -0,0 +1,29 @@
<%- | String $image_name = '', String $ns_prefix = '', String $bind_socket = '' | -%>
#!/bin/bash
export DOCKER_HOST="<%=$bind_socket%>"
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-haproxy-<%=$ns_prefix%>-${NETWORK_ID}
docker stop $NAME || true
docker rm -f $NAME || true
docker run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec <%=$ns_prefix%>-${NETWORK_ID} /usr/sbin/haproxy -Ds $ARGS

32
templates/neutron/keepalived.epp Normal file
View File

@ -0,0 +1,32 @@
<%- | String $image_name = '', String $ns_prefix = '', String $bind_socket = '' | -%>
#!/bin/bash
export DOCKER_HOST="<%=$bind_socket%>"
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
ROUTER_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-keepalived-<%=$ns_prefix%>-${ROUTER_ID}
docker stop $NAME || true
docker rm -f $NAME || true
docker run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /lib/modules:/lib/modules:ro \
-v /sbin/modprobe:/sbin/modprobe:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec <%=$ns_prefix%>-${ROUTER_ID} /usr/sbin/keepalived -n -l -D $ARGS

32
templates/neutron/neutron-keepalived-state-change.epp Normal file
View File

@ -0,0 +1,32 @@
<%- | String $ns_prefix = '', String $bind_socket = '' | -%>
#!/bin/bash
export DOCKER_HOST="<%=$bind_socket%>"
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NS_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-keepalived-<%=$ns_prefix%>-${NS_ID}
# The state change daemon only runs as a daemon for the moment so we need to
# run it within an existing container with a sensibly matching lifetime. The
# related keepalived container seems an obvious choice.
container_id=`docker ps --filter name=$NAME --format "{{.ID}}"`
if [[ -z $container_id ]];
then
echo "WARNING: keepalived container is not running."
exit 0
fi
docker exec --detach \
-u root \
--privileged \
$NAME \
ip netns exec <%=$ns_prefix%>-${NS_ID} /usr/bin/neutron-keepalived-state-change $ARGS

30
templates/neutron/radvd.epp Normal file
View File

@ -0,0 +1,30 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
#!/bin/bash
export DOCKER_HOST="unix:///var/run/docker_container_mount/docker.sock"
export DOCKER_HOST="<%=$bind_socket%>"
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-radvd-${NETWORK_ID}
docker stop $NAME || true
docker rm -f $NAME || true
docker run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n $ARGS