From 06a5359aafb832f35811b15dcfb139e60d2fc0da Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 10 Mar 2020 22:32:23 +0000 Subject: [PATCH] Revert "Remove neutron wrappers" This patch broke some deployments not having the latest THT which configure the new wrappers; we shouldn't have removed that code in Train and leave it. We need to respect the stable policy and keep this code around for Train. Closes-Bug: #1866920 This reverts commit 19f0181d8325113d751611de099f4fc5ee8323b6. Change-Id: I13434d961e72a944e49e3ddba2ec512d4d786690 --- manifests/profile/base/neutron.pp | 14 ++ .../base/neutron/dhcp_agent_wrappers.pp | 102 ++++++++++ .../profile/base/neutron/l3_agent_wrappers.pp | 177 ++++++++++++++++++ .../neutron/ovn_metadata_agent_wrappers.pp | 72 +++++++ .../base/neutron/wrappers/dibbler_client.pp | 53 ++++++ .../profile/base/neutron/wrappers/dnsmasq.pp | 53 ++++++ .../profile/base/neutron/wrappers/haproxy.pp | 53 ++++++ .../base/neutron/wrappers/keepalived.pp | 53 ++++++ .../wrappers/keepalived_state_change.pp | 48 +++++ .../profile/base/neutron/wrappers/radvd.pp | 54 ++++++ ...se_neutron_wrappers_dibbler_client_spec.rb | 88 +++++++++ ...file_base_neutron_wrappers_dnsmasq_spec.rb | 90 +++++++++ ...file_base_neutron_wrappers_haproxy_spec.rb | 96 ++++++++++ ...e_base_neutron_wrappers_keepalived_spec.rb | 90 +++++++++ ...n_wrappers_keepalived_state_change_spec.rb | 82 ++++++++ ...rofile_base_neutron_wrappers_radvd_spec.rb | 96 ++++++++++ templates/neutron/dibbler-client.epp | 64 +++++++ templates/neutron/dnsmasq.epp | 61 ++++++ templates/neutron/haproxy.epp | 62 ++++++ templates/neutron/keepalived.epp | 63 +++++++ templates/neutron/radvd.epp | 61 ++++++ 21 files changed, 1532 insertions(+) create mode 100644 manifests/profile/base/neutron/dhcp_agent_wrappers.pp create mode 100644 manifests/profile/base/neutron/l3_agent_wrappers.pp create mode 100644 manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp create mode 100644 manifests/profile/base/neutron/wrappers/dibbler_client.pp create mode 100644 manifests/profile/base/neutron/wrappers/dnsmasq.pp create mode 100644 manifests/profile/base/neutron/wrappers/haproxy.pp create mode 100644 manifests/profile/base/neutron/wrappers/keepalived.pp create mode 100644 manifests/profile/base/neutron/wrappers/keepalived_state_change.pp create mode 100644 manifests/profile/base/neutron/wrappers/radvd.pp create mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb create mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb create mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb create mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb create mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb create mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb create mode 100644 templates/neutron/dibbler-client.epp create mode 100644 templates/neutron/dnsmasq.epp create mode 100644 templates/neutron/haproxy.epp create mode 100644 templates/neutron/keepalived.epp create mode 100644 templates/neutron/radvd.epp diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index 6278cce90..cae8cb3b0 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -82,6 +82,12 @@ # of available agents. # Defaults to hiera('neutron_dhcp_short_node_names') or [] # +# [*container_cli*] +# (Optional) A container CLI to be used with the wrapper +# tooling to manage containers controled by Neutron/OVN +# l3/dhcp/metadata agents. Accepts either 'podman' or 'docker'. +# Defaults to hiera('container_cli') or 'docker'. +# class tripleo::profile::base::neutron ( $step = Integer(hiera('step')), @@ -99,8 +105,16 @@ class tripleo::profile::base::neutron ( $oslomsg_notify_use_ssl = hiera('oslo_messaging_notify_use_ssl', '0'), $dhcp_agents_per_network = undef, $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []), + $container_cli = hiera('container_cli', 'docker'), ) { if $step >= 3 { + # NOTE(bogdando) validate_* is deprecated and we do not want to use it here + if !($container_cli in ['docker', 'podman']) { + fail("container_cli (${container_cli}) is not supported!") + } + if $container_cli == 'docker' { + warning('Docker runtime is deprecated. Consider switching container_cli to podman') + } $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) $dhcp_agent_count = size($dhcp_nodes) diff --git a/manifests/profile/base/neutron/dhcp_agent_wrappers.pp b/manifests/profile/base/neutron/dhcp_agent_wrappers.pp new file mode 100644 index 000000000..43094be7b --- /dev/null +++ b/manifests/profile/base/neutron/dhcp_agent_wrappers.pp @@ -0,0 +1,102 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::dhcp_agent_wrappers +# +# Generates wrapper scripts for running dhcp agent subprocesess in containers. +# +# === Parameters +# +# [*enable_dnsmasq_wrapper*] +# (Optional) If true, generates a wrapper for running dnsmasq in +# a docker container. +# Defaults to false +# +# [*dnsmasq_process_wrapper*] +# (Optional) Filename for dnsmasq wrapper in the specified file. +# Defaults to undef +# +# [*dnsmasq_image*] +# (Optional) Docker image name for dnsmasq. Required if +# dnsmasq_process_wrapper is set. +# Defaults to undef +# +# [*enable_haproxy_wrapper*] +# (Optional) If true, generates a wrapper for running haproxy in +# a docker container. +# Defaults to false +# +# [*haproxy_process_wrapper*] +# (Optional) If set, generates a haproxy wrapper in the specified file. +# Defaults to undef +# +# [*haproxy_image*] +# (Optional) Docker image name for haproxy. Required if +# haproxy_process_wrapper is set. +# Defaults to undef +# +# [*bind_sockets*] +# (Deprecated) Domain sockets that the wrappers should use for accessing +# the docker daemon. +# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']) +# +# [*debug*] +# (Optional) Debug messages for the wrapper scripts. +# Defaults to False. +# +class tripleo::profile::base::neutron::dhcp_agent_wrappers ( + $enable_dnsmasq_wrapper = false, + $dnsmasq_process_wrapper = undef, + $dnsmasq_image = undef, + $enable_haproxy_wrapper = false, + $haproxy_process_wrapper = undef, + $haproxy_image = undef, + Boolean $debug = false, + + # Deprecated + $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), +) { + $container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker') + if $bind_sockets and $container_cli == 'docker' { + warning('Docker runtime is deprecated. Consider switching container_cli to podman') + $bind_socket = join(['unix://', $bind_sockets[0]], '') + } else { + $bind_socket = '' + } + if $enable_dnsmasq_wrapper { + unless $dnsmasq_image and $dnsmasq_process_wrapper{ + fail('The docker image for dnsmasq and wrapper filename must be provided when generating dnsmasq wrappers') + } + tripleo::profile::base::neutron::wrappers::dnsmasq{'dhcp_dnsmasq_process_wrapper': + dnsmasq_process_wrapper => $dnsmasq_process_wrapper, + dnsmasq_image => $dnsmasq_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } + + if $enable_haproxy_wrapper { + unless $haproxy_image and $haproxy_process_wrapper{ + fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers') + } + tripleo::profile::base::neutron::wrappers::haproxy{'dhcp_haproxy_process_wrapper': + haproxy_process_wrapper => $haproxy_process_wrapper, + haproxy_image => $haproxy_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } +} diff --git a/manifests/profile/base/neutron/l3_agent_wrappers.pp b/manifests/profile/base/neutron/l3_agent_wrappers.pp new file mode 100644 index 000000000..991db075a --- /dev/null +++ b/manifests/profile/base/neutron/l3_agent_wrappers.pp @@ -0,0 +1,177 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::l3_agent_wrappers +# +# Generates wrapper scripts for running l3 agent subprocesess in containers. +# +# === Parameters +# +# [*enable_haproxy_wrapper*] +# (Optional) If true, generates a wrapper for running haproxy in +# a docker container. +# Defaults to false +# +# [*haproxy_process_wrapper*] +# (Optional) If set, generates a haproxy wrapper in the specified file. +# Defaults to undef +# +# [*haproxy_image*] +# (Optional) Docker image name for haproxy. Required if +# haproxy_process_wrapper is set. +# Defaults to undef +# +# [*enable_radvd_wrapper*] +# (Optional) If true, generates a wrapper for running radvd in +# a docker container. +# Defaults to false +# +# [*radvd_process_wrapper*] +# (Optional) If set, generates a radvd wrapper in the specified file. +# Defaults to undef +# +# [*radvd_image*] +# (Optional) Docker image name for haproxy. Required if radvd_process_wrapper +# is set. +# Defaults to undef +# +# [*enable_keepalived_wrapper*] +# (Optional) If true, generates a wrapper for running keepalived in +# a docker container. +# Defaults to false +# +# [*keepalived_process_wrapper*] +# (Optional) If set, generates a keepalived in the specified file. +# Defaults to undef +# +# [*keepalived_image*] +# (Optional) Docker image name for keepalived. Required if +# keepalived_process_wrapper is set. +# Defaults to undef +# +# [*keepalived_state_change_wrapper*] +# (Optional) If set, generates a wrapper for running neutron's keepalived +# state change daemon in the keepalived container. The keepalived wrapper and +# image must also be set if this is set. +# Defaults to undef +# +# [*enable_dibbler_wrapper*] +# (Optional) If true, generates a wrapper for running dibbler in +# a docker container. +# Defaults to false +# +# [*dibbler_process_wrapper*] +# (Optional) If set, generates a dibbler in the specified file. +# Defaults to undef +# +# [*dibbler_image*] +# (Optional) Docker image name for dibbler. Required if dibbler_process_wrapper is set. +# Defaults to undef +# +# [*bind_sockets*] +# (Deprecated) Domain sockets that the wrappers should use for accessing +# the docker daemon. +# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']) +# +# [*debug*] +# (Optional) Debug messages for the wrapper scripts. +# Defaults to False. +# +class tripleo::profile::base::neutron::l3_agent_wrappers ( + $enable_haproxy_wrapper = false, + $haproxy_process_wrapper = undef, + $haproxy_image = undef, + $enable_radvd_wrapper = false, + $radvd_process_wrapper = undef, + $radvd_image = undef, + $enable_keepalived_wrapper = false, + $keepalived_process_wrapper = undef, + $keepalived_image = undef, + $keepalived_state_change_wrapper = undef, + $enable_dibbler_wrapper = false, + $dibbler_process_wrapper = undef, + $dibbler_image = undef, + Boolean $debug = false, + + # Deprecated + $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), +) { + $container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker') + if $bind_sockets and $container_cli == 'docker' { + warning('Docker runtime is deprecated. Consider switching container_cli to podman') + $bind_socket = join(['unix://', $bind_sockets[0]], '') + } else { + $bind_socket = '' + } + if $enable_haproxy_wrapper { + unless $haproxy_image and $haproxy_process_wrapper{ + fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers') + } + tripleo::profile::base::neutron::wrappers::haproxy{'l3_haproxy_process_wrapper': + haproxy_process_wrapper => $haproxy_process_wrapper, + haproxy_image => $haproxy_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } + + if $enable_radvd_wrapper { + unless $radvd_image and $radvd_process_wrapper{ + fail('The docker image for radvd and wrapper filename must be provided when generating radvd wrappers') + } + tripleo::profile::base::neutron::wrappers::radvd{'l3_radvd_process_wrapper': + radvd_process_wrapper => $radvd_process_wrapper, + radvd_image => $radvd_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } + + if $enable_keepalived_wrapper { + unless $keepalived_image and $keepalived_process_wrapper{ + fail('The docker image for keepalived and wrapper filename must be provided when generating keepalived wrappers') + } + tripleo::profile::base::neutron::wrappers::keepalived{'l3_keepalived': + keepalived_process_wrapper => $keepalived_process_wrapper, + keepalived_image => $keepalived_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + unless $keepalived_state_change_wrapper { + fail('The keepalived state change wrapper must also be configured when generating keepalived wrappers') + } + tripleo::profile::base::neutron::wrappers::keepalived_state_change{'l3_keepalived_state_change': + keepalived_state_change_wrapper => $keepalived_state_change_wrapper, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } + + if $enable_dibbler_wrapper { + unless $dibbler_image and $dibbler_process_wrapper{ + fail('The docker image for dibbler and wrapper filename must be provided when generating dibbler wrappers') + } + tripleo::profile::base::neutron::wrappers::dibbler_client{'l3_dibbler_daemon': + dibbler_process_wrapper => $dibbler_process_wrapper, + dibbler_image => $dibbler_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } +} diff --git a/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp b/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp new file mode 100644 index 000000000..413317fef --- /dev/null +++ b/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp @@ -0,0 +1,72 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::ovn_metadata_agent_wrappers +# +# Generates wrapper scripts for running OVN metadata agent subprocesess in containers. +# +# === Parameters +# +# [*enable_haproxy_wrapper*] +# (Optional) If true, generates a wrapper for running haproxy in +# a docker container. +# Defaults to false +# +# [*haproxy_process_wrapper*] +# (Optional) If set, generates a haproxy wrapper in the specified file. +# Defaults to undef +# +# [*haproxy_image*] +# (Optional) Docker image name for haproxy. Required if +# haproxy_process_wrapper is set. +# Defaults to undef +# +# [*bind_sockets*] +# (Deprecated) Domain sockets that the wrappers should use for accessing +# the docker daemon. +# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']) +# +# [*debug*] +# (Optional) Debug messages for the wrapper scripts. +# Defaults to False. +# +class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers ( + $enable_haproxy_wrapper = false, + $haproxy_process_wrapper = undef, + $haproxy_image = undef, + Boolean $debug = false, + + # Deprecated + $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), +) { + $container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker') + if $bind_sockets and $container_cli == 'docker' { + warning('Docker runtime is deprecated. Consider switching container_cli to podman') + $bind_socket = join(['unix://', $bind_sockets[0]], '') + } else { + $bind_socket = '' + } + if $enable_haproxy_wrapper { + unless $haproxy_image and $haproxy_process_wrapper{ + fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers') + } + tripleo::profile::base::neutron::wrappers::haproxy{'ovn_metadata_haproxy_process_wrapper': + haproxy_process_wrapper => $haproxy_process_wrapper, + haproxy_image => $haproxy_image, + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, + } + } +} diff --git a/manifests/profile/base/neutron/wrappers/dibbler_client.pp b/manifests/profile/base/neutron/wrappers/dibbler_client.pp new file mode 100644 index 000000000..8985f5889 --- /dev/null +++ b/manifests/profile/base/neutron/wrappers/dibbler_client.pp @@ -0,0 +1,53 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == define: tripleo::profile::base::neutron::wrappers::dibbler_client +# +# Generates wrapper script for running dibbler in a container. +# +# === Parameters +# +# [*dibbler_process_wrapper*] +# Filename for dibbler wrapper script. +# +# [*dibbler_image*] +# Docker image name for dibbler. +# +# [*bind_socket*] +# Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# +define tripleo::profile::base::neutron::wrappers::dibbler_client ( + $dibbler_process_wrapper, + $dibbler_image, + Boolean $debug, + $container_cli, + $bind_socket = undef, +) { + file { $dibbler_process_wrapper: + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/dibbler-client.epp', { + 'image_name' => $dibbler_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, + }) + } +} diff --git a/manifests/profile/base/neutron/wrappers/dnsmasq.pp b/manifests/profile/base/neutron/wrappers/dnsmasq.pp new file mode 100644 index 000000000..b7fcdb294 --- /dev/null +++ b/manifests/profile/base/neutron/wrappers/dnsmasq.pp @@ -0,0 +1,53 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == define: tripleo::profile::base::neutron::wrappers::dnsmasq +# +# Generates wrapper script for running dnsmasq in a container. +# +# === Parameters +# +# [*dnsmasq_process_wrapper*] +# Filename for dnsmasq wrapper script. +# +# [*dnsmasq_image*] +# Docker image name for dnsmasq. +# +# [*bind_socket*] +# Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# +define tripleo::profile::base::neutron::wrappers::dnsmasq ( + $dnsmasq_process_wrapper, + $dnsmasq_image, + Boolean $debug, + $container_cli, + $bind_socket = undef, +) { + file { $dnsmasq_process_wrapper: + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/dnsmasq.epp', { + 'image_name' => $dnsmasq_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, + }) + } +} diff --git a/manifests/profile/base/neutron/wrappers/haproxy.pp b/manifests/profile/base/neutron/wrappers/haproxy.pp new file mode 100644 index 000000000..a626c0218 --- /dev/null +++ b/manifests/profile/base/neutron/wrappers/haproxy.pp @@ -0,0 +1,53 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == define: tripleo::profile::base::neutron::wrappers::haproxy +# +# Generates wrapper script for running haproxy in a container. +# +# === Parameters +# +# [*haproxy_process_wrapper*] +# Filename for haproxy wrapper script. +# +# [*haproxy_image*] +# Docker image name for haproxy. +# +# [*bind_socket*] +# Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# +define tripleo::profile::base::neutron::wrappers::haproxy ( + $haproxy_process_wrapper, + $haproxy_image, + Boolean $debug, + $container_cli, + $bind_socket = undef, +) { + file { $haproxy_process_wrapper: + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/haproxy.epp', { + 'image_name' => $haproxy_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, + }) + } +} diff --git a/manifests/profile/base/neutron/wrappers/keepalived.pp b/manifests/profile/base/neutron/wrappers/keepalived.pp new file mode 100644 index 000000000..6e83ff9a0 --- /dev/null +++ b/manifests/profile/base/neutron/wrappers/keepalived.pp @@ -0,0 +1,53 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == define: tripleo::profile::base::neutron::wrappers::keepalived +# +# Generates wrapper script for running keepalived in a container. +# +# === Parameters +# +# [*keepalived_process_wrapper*] +# Filename for keepalived wrapper script. +# +# [*keepalived_image*] +# Docker image name for keepalived. +# +# [*bind_socket*] +# Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# +define tripleo::profile::base::neutron::wrappers::keepalived ( + $keepalived_process_wrapper, + $keepalived_image, + Boolean $debug, + $container_cli, + $bind_socket = undef, +) { + file { $keepalived_process_wrapper: + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/keepalived.epp', { + 'image_name' => $keepalived_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, + }) + } +} diff --git a/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp b/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp new file mode 100644 index 000000000..8ea2b4e9d --- /dev/null +++ b/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp @@ -0,0 +1,48 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::wrappers::keepalived_state_change +# +# Generates wrapper script for running keepalived-state-change daemon in a container. +# +# === Parameters +# +# [*keepalived_state_change_wrapper*] +# Filename for neutron-keepalived-state-change wrapper script. +# +# [*bind_socket*] +# Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# +define tripleo::profile::base::neutron::wrappers::keepalived_state_change ( + $keepalived_state_change_wrapper, + Boolean $debug, + $container_cli, + $bind_socket = undef, +) { + file { $keepalived_state_change_wrapper: + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', { + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, + }) + } +} diff --git a/manifests/profile/base/neutron/wrappers/radvd.pp b/manifests/profile/base/neutron/wrappers/radvd.pp new file mode 100644 index 000000000..eac84a1e4 --- /dev/null +++ b/manifests/profile/base/neutron/wrappers/radvd.pp @@ -0,0 +1,54 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == define: tripleo::profile::base::neutron::wrappers::radvd +# +# Generates wrapper script for running radvd in a container. +# +# === Parameters +# +# [*radvd_process_wrapper*] +# Filename for radvd wrapper script. +# +# [*radvd_image*] +# Docker image name for radvd. +# +# [*bind_socket*] +# Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. + +# +define tripleo::profile::base::neutron::wrappers::radvd ( + $radvd_process_wrapper, + $radvd_image, + Boolean $debug, + $container_cli, + $bind_socket = undef, +) { + file { $radvd_process_wrapper: + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/radvd.epp', { + 'image_name' => $radvd_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, + }) + } +} diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb new file mode 100644 index 000000000..9974a08ff --- /dev/null +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb @@ -0,0 +1,88 @@ +# +# Copyright (C) 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do + + let :title do + 'dibbler_client' + end + + shared_examples_for 'tripleo::profile::base::neutron::wrappers::dibbler_client' do + + context 'creates wrapper file for docker' do + let :params do { + :dibbler_process_wrapper => '/usr/local/bin/dibbler-client', + :dibbler_image => 'a_registry/some_container_name:some_tag', + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, + } + end + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/dibbler-client').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /export DOCKER_HOST="unix:...run.another.docker.sock/ + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/dibbler-client run/ + ) + end + end + + context 'creates wrapper file for podman' do + let :params do { + :dibbler_process_wrapper => '/usr/local/bin/dibbler-client', + :dibbler_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + end + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/dibbler-client').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /CMD='\/usr\/sbin\/dibbler-client run'/ + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::wrappers::dibbler_client' + end + end +end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb new file mode 100644 index 000000000..d9b5942d6 --- /dev/null +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb @@ -0,0 +1,90 @@ +# +# Copyright (C) 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do + + let :title do + 'dnsmasq_wrapper' + end + + shared_examples_for 'tripleo::profile::base::neutron::wrappers::dnsmasq' do + + context 'creates wrapper file for docker' do + let(:params) { + { + :dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq', + :dnsmasq_image => 'a_registry/some_container_name:some_tag', + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/dnsmasq').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /export DOCKER_HOST="unix:...run.another.docker.sock/ + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/dnsmasq -k/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq', + :dnsmasq_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/dnsmasq').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /CMD='\/usr\/sbin\/dnsmasq -k'/ + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::wrappers::dnsmasq' + end + end +end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb new file mode 100644 index 000000000..817e11159 --- /dev/null +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb @@ -0,0 +1,96 @@ +# +# Copyright (C) 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::wrappers::haproxy' do + + let :title do + 'haproxy_wrapper' + end + + shared_examples_for 'tripleo::profile::base::neutron::wrappers::haproxy' do + + context 'creates wrapper file for docker' do + let(:params) { + { + :haproxy_process_wrapper => '/usr/local/bin/haproxy', + :haproxy_image => 'a_registry/some_container_name:some_tag', + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/haproxy').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /^NAME=neutron-haproxy-/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /export DOCKER_HOST="unix:...run.another.docker.sock/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /.*haproxy -Ds.*haproxy -Ws.*/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :haproxy_process_wrapper => '/usr/local/bin/haproxy', + :haproxy_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/haproxy').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /^NAME=neutron-haproxy-/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /.*haproxy -Ds.*haproxy -Ws.*/ + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::wrappers::haproxy' + end + end +end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb new file mode 100644 index 000000000..6727c7906 --- /dev/null +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb @@ -0,0 +1,90 @@ +# +# Copyright (C) 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::wrappers::keepalived' do + + let :title do + 'keepalived_wrapper' + end + + shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived' do + + context 'creates wrapper file for docker' do + let(:params) { + { + :keepalived_process_wrapper => '/usr/local/bin/keepalived', + :keepalived_image => 'a_registry/some_container_name:some_tag', + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/keepalived').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /export DOCKER_HOST="unix:...run.another.docker.sock/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/keepalived -n -l -D/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :keepalived_process_wrapper => '/usr/local/bin/keepalived', + :keepalived_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/keepalived').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /CMD='\/usr\/sbin\/keepalived -n -l -D'/ + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived' + end + end +end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb new file mode 100644 index 000000000..1af7dcfd5 --- /dev/null +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb @@ -0,0 +1,82 @@ +# +# Copyright (C) 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do + + let :title do + 'keepalived_state_change' + end + + shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do + + context 'creates wrapper file for docker' do + let(:params) { + { + :keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change', + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( + /export DOCKER_HOST="unix:...run.another.docker.sock/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( + /CMD="ip netns exec.*\/usr\/bin\/neutron-keepalived-state-change/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( + /CMD='\/usr\/bin\/neutron-keepalived-state-change'/ + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' + end + end +end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb new file mode 100644 index 000000000..155abb5aa --- /dev/null +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb @@ -0,0 +1,96 @@ +# +# Copyright (C) 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::neutron::wrappers::radvd' do + + let :title do + 'radvd_wrapper' + end + + shared_examples_for 'tripleo::profile::base::neutron::wrappers::radvd' do + + context 'creates wrapper file for docker' do + let(:params) { + { + :radvd_process_wrapper => '/usr/local/bin/radvd', + :radvd_image => 'a_registry/some_container_name:some_tag', + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/radvd').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /^NAME=neutron-radvd-/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /export DOCKER_HOST="unix:...run.another.docker.sock/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/radvd -n/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :radvd_process_wrapper => '/usr/local/bin/radvd', + :radvd_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/radvd').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /^NAME=neutron-radvd-/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /CMD='\/usr\/sbin\/radvd -n'/ + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) do + facts.merge({ :hostname => 'node.example.com' }) + end + + it_behaves_like 'tripleo::profile::base::neutron::wrappers::radvd' + end + end +end diff --git a/templates/neutron/dibbler-client.epp b/templates/neutron/dibbler-client.epp new file mode 100644 index 000000000..113fa65d0 --- /dev/null +++ b/templates/neutron/dibbler-client.epp @@ -0,0 +1,64 @@ +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> +#!/bin/bash +<%- if $debug { -%>set -x<%- } -%> + +<%- if $bind_socket { -%> +export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> +# we want to "eat" the "start" command given by neutron and run +# this in the foreground. +shift +ARGS="$@" + +# Extract the network namespace UUID from the command line args provided by +# neutron. Typically of the form (with dnsmasq as an example): +# +# dnsmasq --no-hosts --no-resolv --except-interface=lo \ +# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ +# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... +NETNS=$(ip netns identify) +NAME=neutron-dibbler-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +LOGGING='' +CMD="ip netns exec ${NETNS} /usr/sbin/dibbler-client run" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" +CMD='/usr/sbin/dibbler-client run' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-dibbler- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') + +# Find orphaned containers left for dead after its main process terminated by neutron parent process +# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 +ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi + +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach ${LOGGING} \ + -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ + -v /run/netns:/run/netns:shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ + -v /dev/log:/dev/log \ + --net host \ + --pid host \ + --privileged \ + -u root \ + --name $NAME \ + <%=$image_name%> \ + $CMD $ARGS diff --git a/templates/neutron/dnsmasq.epp b/templates/neutron/dnsmasq.epp new file mode 100644 index 000000000..1ca53a6a9 --- /dev/null +++ b/templates/neutron/dnsmasq.epp @@ -0,0 +1,61 @@ +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> +#!/bin/bash +<%- if $debug { -%>set -x<%- } -%> + +<%- if $bind_socket { -%> +export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> +ARGS="$@" + +# Extract the network namespace UUID from the command line args provided by +# neutron. Typically of the form (with dnsmasq as an example): +# +# dnsmasq --no-hosts --no-resolv --except-interface=lo \ +# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ +# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... +NETNS=$(ip netns identify) +NAME=neutron-dnsmasq-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +LOGGING='' +CMD="ip netns exec ${NETNS} /usr/sbin/dnsmasq -k" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" +CMD='/usr/sbin/dnsmasq -k' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-dnsmasq- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') + +# Find orphaned containers left for dead after its main process terminated by neutron parent process +# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 +ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi + +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach ${LOGGING} \ + -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ + -v /run/netns:/run/netns:shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ + -v /dev/log:/dev/log \ + --net host \ + --pid host \ + --privileged \ + -u root \ + --name $NAME \ + <%=$image_name%> \ + $CMD $ARGS diff --git a/templates/neutron/haproxy.epp b/templates/neutron/haproxy.epp new file mode 100644 index 000000000..e24ed2169 --- /dev/null +++ b/templates/neutron/haproxy.epp @@ -0,0 +1,62 @@ +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> +#!/bin/bash +<%- if $debug { -%>set -x<%- } -%> + +<%- if $bind_socket { -%> +export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> +ARGS="$@" + +# Extract the network namespace UUID from the command line args provided by +# neutron. Typically of the form (with dnsmasq as an example): +# +# dnsmasq --no-hosts --no-resolv --except-interface=lo \ +# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ +# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... +NETNS=$(ip netns identify) +NAME=neutron-haproxy-${NETNS} +HAPROXY_CMD='$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then echo "/usr/sbin/haproxy -Ds"; else echo "/usr/sbin/haproxy -Ws"; fi)' +<%- if $container_cli == 'docker' { -%> +CLI='docker' +LOGGING='' +CMD="ip netns exec ${NETNS} "'$HAPROXY' +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" +CMD='$HAPROXY' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-haproxy- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') + +# Find orphaned containers left for dead after its main process terminated by neutron parent process +# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 +ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi + +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach ${LOGGING} \ + -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ + -v /run/netns:/run/netns:shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ + -v /dev/log:/dev/log \ + --net host \ + --pid host \ + --privileged \ + -u root \ + --name $NAME \ + <%=$image_name%> \ + /bin/bash -c "HAPROXY=\"$HAPROXY_CMD\"; exec $CMD $ARGS" diff --git a/templates/neutron/keepalived.epp b/templates/neutron/keepalived.epp new file mode 100644 index 000000000..848cad7a7 --- /dev/null +++ b/templates/neutron/keepalived.epp @@ -0,0 +1,63 @@ +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> +#!/bin/bash +<%- if $debug { -%>set -x<%- } -%> + +<%- if $bind_socket { -%> +export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> +ARGS="$@" + +# Extract the network namespace UUID from the command line args provided by +# neutron. Typically of the form (with dnsmasq as an example): +# +# dnsmasq --no-hosts --no-resolv --except-interface=lo \ +# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ +# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... +NETNS=$(ip netns identify) +NAME=neutron-keepalived-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +LOGGING='' +CMD="ip netns exec ${NETNS} /usr/sbin/keepalived -n -l -D" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" +CMD='/usr/sbin/keepalived -n -l -D' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-keepalived- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') + +# Find orphaned containers left for dead after its main process terminated by neutron parent process +# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 +ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi + +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach ${LOGGING} \ + -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ + -v /lib/modules:/lib/modules:ro \ + -v /sbin/modprobe:/sbin/modprobe:ro \ + -v /run/netns:/run/netns:shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ + -v /dev/log:/dev/log \ + --net host \ + --pid host \ + --privileged \ + -u root \ + --name $NAME \ + <%=$image_name%> \ + $CMD $ARGS diff --git a/templates/neutron/radvd.epp b/templates/neutron/radvd.epp new file mode 100644 index 000000000..5e715533d --- /dev/null +++ b/templates/neutron/radvd.epp @@ -0,0 +1,61 @@ +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> +#!/bin/bash +<%- if $debug { -%>set -x<%- } -%> + +<%- if $bind_socket { -%> +export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> +ARGS="$@" + +# Extract the network namespace UUID from the command line args provided by +# neutron. Typically of the form (with dnsmasq as an example): +# +# dnsmasq --no-hosts --no-resolv --except-interface=lo \ +# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ +# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... +NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }') +NAME=neutron-radvd-${NETWORK_ID} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +LOGGING='' +CMD="ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" +CMD='/usr/sbin/radvd -n' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-radvd- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') + +# Find orphaned containers left for dead after its main process terminated by neutron parent process +# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 +ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi + +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach ${LOGGING} \ + -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ + -v /run/netns:/run/netns:shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ + -v /dev/log:/dev/log \ + --net host \ + --pid host \ + --privileged \ + -u root \ + --name $NAME \ + <%=$image_name%> \ + $CMD $ARGS