openstack/puppet-tripleo
Code Issues Proposed changes

Revert "Remove neutron wrappers"

Browse Source 
This patch broke some deployments not having the latest THT
which configure the new wrappers; we shouldn't have removed
that code in Train and leave it.
We need to respect the stable policy and keep this code around for Train.

Closes-Bug: #1866920
This reverts commit 19f0181d83.

Change-Id: I13434d961e72a944e49e3ddba2ec512d4d786690
This commit is contained in:
Emilien Macchi 2020-03-10 22:32:23 +00:00
parent cfd3f341f6
commit 06a5359aaf
21 changed files with 1532 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
manifests/profile/base/neutron.pp
View File

@ -82,6 +82,12 @@
# of available agents. # of available agents.
# Defaults to hiera('neutron_dhcp_short_node_names') or [] # Defaults to hiera('neutron_dhcp_short_node_names') or []
# #
# [*container_cli*]
# (Optional) A container CLI to be used with the wrapper
# tooling to manage containers controled by Neutron/OVN
# l3/dhcp/metadata agents. Accepts either 'podman' or 'docker'.
# Defaults to hiera('container_cli') or 'docker'.
#
class tripleo::profile::base::neutron ( class tripleo::profile::base::neutron (
$step = Integer(hiera('step')), $step = Integer(hiera('step')),
@ -99,8 +105,16 @@ class tripleo::profile::base::neutron (
$oslomsg_notify_use_ssl = hiera('oslo_messaging_notify_use_ssl', '0'), $oslomsg_notify_use_ssl = hiera('oslo_messaging_notify_use_ssl', '0'),
$dhcp_agents_per_network = undef, $dhcp_agents_per_network = undef,
$dhcp_nodes = hiera('neutron_dhcp_short_node_names', []), $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []),
$container_cli = hiera('container_cli', 'docker'),
) { ) {
if $step >= 3 { if $step >= 3 {
# NOTE(bogdando) validate_* is deprecated and we do not want to use it here
if !($container_cli in ['docker', 'podman']) {
fail("container_cli (${container_cli}) is not supported!")
}
if $container_cli == 'docker' {
warning('Docker runtime is deprecated. Consider switching container_cli to podman')
}
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
$dhcp_agent_count = size($dhcp_nodes) $dhcp_agent_count = size($dhcp_nodes)

102
manifests/profile/base/neutron/dhcp_agent_wrappers.pp Normal file
View File

@ -0,0 +1,102 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::dhcp_agent_wrappers
#
# Generates wrapper scripts for running dhcp agent subprocesess in containers.
#
# === Parameters
#
# [*enable_dnsmasq_wrapper*]
# (Optional) If true, generates a wrapper for running dnsmasq in
# a docker container.
# Defaults to false
#
# [*dnsmasq_process_wrapper*]
# (Optional) Filename for dnsmasq wrapper in the specified file.
# Defaults to undef
#
# [*dnsmasq_image*]
# (Optional) Docker image name for dnsmasq. Required if
# dnsmasq_process_wrapper is set.
# Defaults to undef
#
# [*enable_haproxy_wrapper*]
# (Optional) If true, generates a wrapper for running haproxy in
# a docker container.
# Defaults to false
#
# [*haproxy_process_wrapper*]
# (Optional) If set, generates a haproxy wrapper in the specified file.
# Defaults to undef
#
# [*haproxy_image*]
# (Optional) Docker image name for haproxy. Required if
# haproxy_process_wrapper is set.
# Defaults to undef
#
# [*bind_sockets*]
# (Deprecated) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock'])
#
# [*debug*]
# (Optional) Debug messages for the wrapper scripts.
# Defaults to False.
#
class tripleo::profile::base::neutron::dhcp_agent_wrappers (
$enable_dnsmasq_wrapper = false,
$dnsmasq_process_wrapper = undef,
$dnsmasq_image = undef,
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
Boolean $debug = false,
# Deprecated
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
) {
$container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker')
if $bind_sockets and $container_cli == 'docker' {
warning('Docker runtime is deprecated. Consider switching container_cli to podman')
$bind_socket = join(['unix://', $bind_sockets[0]], '')
} else {
$bind_socket = ''
}
if $enable_dnsmasq_wrapper {
unless $dnsmasq_image and $dnsmasq_process_wrapper{
fail('The docker image for dnsmasq and wrapper filename must be provided when generating dnsmasq wrappers')
}
tripleo::profile::base::neutron::wrappers::dnsmasq{'dhcp_dnsmasq_process_wrapper':
dnsmasq_process_wrapper => $dnsmasq_process_wrapper,
dnsmasq_image => $dnsmasq_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
}
tripleo::profile::base::neutron::wrappers::haproxy{'dhcp_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
}

177
manifests/profile/base/neutron/l3_agent_wrappers.pp Normal file
View File

@ -0,0 +1,177 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::l3_agent_wrappers
#
# Generates wrapper scripts for running l3 agent subprocesess in containers.
#
# === Parameters
#
# [*enable_haproxy_wrapper*]
# (Optional) If true, generates a wrapper for running haproxy in
# a docker container.
# Defaults to false
#
# [*haproxy_process_wrapper*]
# (Optional) If set, generates a haproxy wrapper in the specified file.
# Defaults to undef
#
# [*haproxy_image*]
# (Optional) Docker image name for haproxy. Required if
# haproxy_process_wrapper is set.
# Defaults to undef
#
# [*enable_radvd_wrapper*]
# (Optional) If true, generates a wrapper for running radvd in
# a docker container.
# Defaults to false
#
# [*radvd_process_wrapper*]
# (Optional) If set, generates a radvd wrapper in the specified file.
# Defaults to undef
#
# [*radvd_image*]
# (Optional) Docker image name for haproxy. Required if radvd_process_wrapper
# is set.
# Defaults to undef
#
# [*enable_keepalived_wrapper*]
# (Optional) If true, generates a wrapper for running keepalived in
# a docker container.
# Defaults to false
#
# [*keepalived_process_wrapper*]
# (Optional) If set, generates a keepalived in the specified file.
# Defaults to undef
#
# [*keepalived_image*]
# (Optional) Docker image name for keepalived. Required if
# keepalived_process_wrapper is set.
# Defaults to undef
#
# [*keepalived_state_change_wrapper*]
# (Optional) If set, generates a wrapper for running neutron's keepalived
# state change daemon in the keepalived container. The keepalived wrapper and
# image must also be set if this is set.
# Defaults to undef
#
# [*enable_dibbler_wrapper*]
# (Optional) If true, generates a wrapper for running dibbler in
# a docker container.
# Defaults to false
#
# [*dibbler_process_wrapper*]
# (Optional) If set, generates a dibbler in the specified file.
# Defaults to undef
#
# [*dibbler_image*]
# (Optional) Docker image name for dibbler. Required if dibbler_process_wrapper is set.
# Defaults to undef
#
# [*bind_sockets*]
# (Deprecated) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock'])
#
# [*debug*]
# (Optional) Debug messages for the wrapper scripts.
# Defaults to False.
#
class tripleo::profile::base::neutron::l3_agent_wrappers (
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$enable_radvd_wrapper = false,
$radvd_process_wrapper = undef,
$radvd_image = undef,
$enable_keepalived_wrapper = false,
$keepalived_process_wrapper = undef,
$keepalived_image = undef,
$keepalived_state_change_wrapper = undef,
$enable_dibbler_wrapper = false,
$dibbler_process_wrapper = undef,
$dibbler_image = undef,
Boolean $debug = false,
# Deprecated
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
) {
$container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker')
if $bind_sockets and $container_cli == 'docker' {
warning('Docker runtime is deprecated. Consider switching container_cli to podman')
$bind_socket = join(['unix://', $bind_sockets[0]], '')
} else {
$bind_socket = ''
}
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
}
tripleo::profile::base::neutron::wrappers::haproxy{'l3_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
if $enable_radvd_wrapper {
unless $radvd_image and $radvd_process_wrapper{
fail('The docker image for radvd and wrapper filename must be provided when generating radvd wrappers')
}
tripleo::profile::base::neutron::wrappers::radvd{'l3_radvd_process_wrapper':
radvd_process_wrapper => $radvd_process_wrapper,
radvd_image => $radvd_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
if $enable_keepalived_wrapper {
unless $keepalived_image and $keepalived_process_wrapper{
fail('The docker image for keepalived and wrapper filename must be provided when generating keepalived wrappers')
}
tripleo::profile::base::neutron::wrappers::keepalived{'l3_keepalived':
keepalived_process_wrapper => $keepalived_process_wrapper,
keepalived_image => $keepalived_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
unless $keepalived_state_change_wrapper {
fail('The keepalived state change wrapper must also be configured when generating keepalived wrappers')
}
tripleo::profile::base::neutron::wrappers::keepalived_state_change{'l3_keepalived_state_change':
keepalived_state_change_wrapper => $keepalived_state_change_wrapper,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
if $enable_dibbler_wrapper {
unless $dibbler_image and $dibbler_process_wrapper{
fail('The docker image for dibbler and wrapper filename must be provided when generating dibbler wrappers')
}
tripleo::profile::base::neutron::wrappers::dibbler_client{'l3_dibbler_daemon':
dibbler_process_wrapper => $dibbler_process_wrapper,
dibbler_image => $dibbler_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
}

72
manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp Normal file
View File

@ -0,0 +1,72 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::ovn_metadata_agent_wrappers
#
# Generates wrapper scripts for running OVN metadata agent subprocesess in containers.
#
# === Parameters
#
# [*enable_haproxy_wrapper*]
# (Optional) If true, generates a wrapper for running haproxy in
# a docker container.
# Defaults to false
#
# [*haproxy_process_wrapper*]
# (Optional) If set, generates a haproxy wrapper in the specified file.
# Defaults to undef
#
# [*haproxy_image*]
# (Optional) Docker image name for haproxy. Required if
# haproxy_process_wrapper is set.
# Defaults to undef
#
# [*bind_sockets*]
# (Deprecated) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock'])
#
# [*debug*]
# (Optional) Debug messages for the wrapper scripts.
# Defaults to False.
#
class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers (
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
Boolean $debug = false,
# Deprecated
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
) {
$container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker')
if $bind_sockets and $container_cli == 'docker' {
warning('Docker runtime is deprecated. Consider switching container_cli to podman')
$bind_socket = join(['unix://', $bind_sockets[0]], '')
} else {
$bind_socket = ''
}
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
}
tripleo::profile::base::neutron::wrappers::haproxy{'ovn_metadata_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
}

53
manifests/profile/base/neutron/wrappers/dibbler_client.pp Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::dibbler_client
#
# Generates wrapper script for running dibbler in a container.
#
# === Parameters
#
# [*dibbler_process_wrapper*]
# Filename for dibbler wrapper script.
#
# [*dibbler_image*]
# Docker image name for dibbler.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::dibbler_client (
$dibbler_process_wrapper,
$dibbler_image,
Boolean $debug,
$container_cli,
$bind_socket = undef,
) {
file { $dibbler_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dibbler-client.epp', {
'image_name' => $dibbler_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

53
manifests/profile/base/neutron/wrappers/dnsmasq.pp Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::dnsmasq
#
# Generates wrapper script for running dnsmasq in a container.
#
# === Parameters
#
# [*dnsmasq_process_wrapper*]
# Filename for dnsmasq wrapper script.
#
# [*dnsmasq_image*]
# Docker image name for dnsmasq.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::dnsmasq (
$dnsmasq_process_wrapper,
$dnsmasq_image,
Boolean $debug,
$container_cli,
$bind_socket = undef,
) {
file { $dnsmasq_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dnsmasq.epp', {
'image_name' => $dnsmasq_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

53
manifests/profile/base/neutron/wrappers/haproxy.pp Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::haproxy
#
# Generates wrapper script for running haproxy in a container.
#
# === Parameters
#
# [*haproxy_process_wrapper*]
# Filename for haproxy wrapper script.
#
# [*haproxy_image*]
# Docker image name for haproxy.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::haproxy (
$haproxy_process_wrapper,
$haproxy_image,
Boolean $debug,
$container_cli,
$bind_socket = undef,
) {
file { $haproxy_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/haproxy.epp', {
'image_name' => $haproxy_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

53
manifests/profile/base/neutron/wrappers/keepalived.pp Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::keepalived
#
# Generates wrapper script for running keepalived in a container.
#
# === Parameters
#
# [*keepalived_process_wrapper*]
# Filename for keepalived wrapper script.
#
# [*keepalived_image*]
# Docker image name for keepalived.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::keepalived (
$keepalived_process_wrapper,
$keepalived_image,
Boolean $debug,
$container_cli,
$bind_socket = undef,
) {
file { $keepalived_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/keepalived.epp', {
'image_name' => $keepalived_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

48
manifests/profile/base/neutron/wrappers/keepalived_state_change.pp Normal file
View File

@ -0,0 +1,48 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::neutron::wrappers::keepalived_state_change
#
# Generates wrapper script for running keepalived-state-change daemon in a container.
#
# === Parameters
#
# [*keepalived_state_change_wrapper*]
# Filename for neutron-keepalived-state-change wrapper script.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::keepalived_state_change (
$keepalived_state_change_wrapper,
Boolean $debug,
$container_cli,
$bind_socket = undef,
) {
file { $keepalived_state_change_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', {
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

54
manifests/profile/base/neutron/wrappers/radvd.pp Normal file
View File

@ -0,0 +1,54 @@
# Copyright 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == define: tripleo::profile::base::neutron::wrappers::radvd
#
# Generates wrapper script for running radvd in a container.
#
# === Parameters
#
# [*radvd_process_wrapper*]
# Filename for radvd wrapper script.
#
# [*radvd_image*]
# Docker image name for radvd.
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::radvd (
$radvd_process_wrapper,
$radvd_image,
Boolean $debug,
$container_cli,
$bind_socket = undef,
) {
file { $radvd_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/radvd.epp', {
'image_name' => $radvd_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

88
spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb Normal file
View File

@ -0,0 +1,88 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
let :title do
'dibbler_client'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
context 'creates wrapper file for docker' do
let :params do {
:dibbler_process_wrapper => '/usr/local/bin/dibbler-client',
:dibbler_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
end
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dibbler-client').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/dibbler-client run/
)
end
end
context 'creates wrapper file for podman' do
let :params do {
:dibbler_process_wrapper => '/usr/local/bin/dibbler-client',
:dibbler_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
end
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dibbler-client').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/CMD='\/usr\/sbin\/dibbler-client run'/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::dibbler_client'
end
end
end

90
spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb Normal file
View File

@ -0,0 +1,90 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
let :title do
'dnsmasq_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
context 'creates wrapper file for docker' do
let(:params) {
{
:dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq',
:dnsmasq_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dnsmasq').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/dnsmasq -k/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq',
:dnsmasq_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dnsmasq').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/CMD='\/usr\/sbin\/dnsmasq -k'/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::dnsmasq'
end
end
end

96
spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb Normal file
View File

@ -0,0 +1,96 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::haproxy' do
let :title do
'haproxy_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::haproxy' do
context 'creates wrapper file for docker' do
let(:params) {
{
:haproxy_process_wrapper => '/usr/local/bin/haproxy',
:haproxy_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/haproxy').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/^NAME=neutron-haproxy-/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/.*haproxy -Ds.*haproxy -Ws.*/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:haproxy_process_wrapper => '/usr/local/bin/haproxy',
:haproxy_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/haproxy').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/^NAME=neutron-haproxy-/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/.*haproxy -Ds.*haproxy -Ws.*/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::haproxy'
end
end
end

90
spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb Normal file
View File

@ -0,0 +1,90 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::keepalived' do
let :title do
'keepalived_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived' do
context 'creates wrapper file for docker' do
let(:params) {
{
:keepalived_process_wrapper => '/usr/local/bin/keepalived',
:keepalived_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/keepalived -n -l -D/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:keepalived_process_wrapper => '/usr/local/bin/keepalived',
:keepalived_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/CMD='\/usr\/sbin\/keepalived -n -l -D'/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived'
end
end
end

82
spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb Normal file
View File

@ -0,0 +1,82 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
let :title do
'keepalived_state_change'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
context 'creates wrapper file for docker' do
let(:params) {
{
:keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change',
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/CMD="ip netns exec.*\/usr\/bin\/neutron-keepalived-state-change/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/CMD='\/usr\/bin\/neutron-keepalived-state-change'/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived_state_change'
end
end
end

96
spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb Normal file
View File

@ -0,0 +1,96 @@
#
# Copyright (C) 2018 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
require 'spec_helper'
describe 'tripleo::profile::base::neutron::wrappers::radvd' do
let :title do
'radvd_wrapper'
end
shared_examples_for 'tripleo::profile::base::neutron::wrappers::radvd' do
context 'creates wrapper file for docker' do
let(:params) {
{
:radvd_process_wrapper => '/usr/local/bin/radvd',
:radvd_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/radvd').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/^NAME=neutron-radvd-/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/radvd -n/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:radvd_process_wrapper => '/usr/local/bin/radvd',
:radvd_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/radvd').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/^NAME=neutron-radvd-/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/CMD='\/usr\/sbin\/radvd -n'/
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({ :hostname => 'node.example.com' })
end
it_behaves_like 'tripleo::profile::base::neutron::wrappers::radvd'
end
end
end

64
templates/neutron/dibbler-client.epp Normal file
View File

@ -0,0 +1,64 @@
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
# we want to "eat" the "start" command given by neutron and run
# this in the foreground.
shift
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-dibbler-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
LOGGING=''
CMD="ip netns exec ${NETNS} /usr/sbin/dibbler-client run"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log"
CMD='/usr/sbin/dibbler-client run'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-dibbler- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
# Find orphaned containers left for dead after its main process terminated by neutron parent process
# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703
ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach ${LOGGING} \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
-v /dev/log:/dev/log \
--net host \
--pid host \
--privileged \
-u root \
--name $NAME \
<%=$image_name%> \
$CMD $ARGS

61
templates/neutron/dnsmasq.epp Normal file
View File

@ -0,0 +1,61 @@
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-dnsmasq-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
LOGGING=''
CMD="ip netns exec ${NETNS} /usr/sbin/dnsmasq -k"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log"
CMD='/usr/sbin/dnsmasq -k'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-dnsmasq- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
# Find orphaned containers left for dead after its main process terminated by neutron parent process
# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703
ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach ${LOGGING} \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
-v /dev/log:/dev/log \
--net host \
--pid host \
--privileged \
-u root \
--name $NAME \
<%=$image_name%> \
$CMD $ARGS

62
templates/neutron/haproxy.epp Normal file
View File

@ -0,0 +1,62 @@
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-haproxy-${NETNS}
HAPROXY_CMD='$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then echo "/usr/sbin/haproxy -Ds"; else echo "/usr/sbin/haproxy -Ws"; fi)'
<%- if $container_cli == 'docker' { -%>
CLI='docker'
LOGGING=''
CMD="ip netns exec ${NETNS} "'$HAPROXY'
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log"
CMD='$HAPROXY'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-haproxy- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
# Find orphaned containers left for dead after its main process terminated by neutron parent process
# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703
ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach ${LOGGING} \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
-v /dev/log:/dev/log \
--net host \
--pid host \
--privileged \
-u root \
--name $NAME \
<%=$image_name%> \
/bin/bash -c "HAPROXY=\"$HAPROXY_CMD\"; exec $CMD $ARGS"

63
templates/neutron/keepalived.epp Normal file
View File

@ -0,0 +1,63 @@
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-keepalived-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
LOGGING=''
CMD="ip netns exec ${NETNS} /usr/sbin/keepalived -n -l -D"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log"
CMD='/usr/sbin/keepalived -n -l -D'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-keepalived- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
# Find orphaned containers left for dead after its main process terminated by neutron parent process
# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703
ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach ${LOGGING} \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /lib/modules:/lib/modules:ro \
-v /sbin/modprobe:/sbin/modprobe:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
-v /dev/log:/dev/log \
--net host \
--pid host \
--privileged \
-u root \
--name $NAME \
<%=$image_name%> \
$CMD $ARGS

61
templates/neutron/radvd.epp Normal file
View File

@ -0,0 +1,61 @@
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
# neutron. Typically of the form (with dnsmasq as an example):
#
# dnsmasq --no-hosts --no-resolv --except-interface=lo \
# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-radvd-${NETWORK_ID}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
LOGGING=''
CMD="ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log"
CMD='/usr/sbin/radvd -n'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-radvd- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
# Find orphaned containers left for dead after its main process terminated by neutron parent process
# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703
ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach ${LOGGING} \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
-v /dev/log:/dev/log \
--net host \
--pid host \
--privileged \
-u root \
--name $NAME \
<%=$image_name%> \
$CMD $ARGS