openstack/puppet-tripleo
Code Issues Proposed changes

Fix wrapper containers for podman w/o sockets

Browse Source 
Adapt wrapper containers for podman, which has no a socket available.

Add container_cli parameter for base neutron class, default to docker.
Possible values: podman/docker (default). It is used by the wrappers
tooling to issue CLI commands to the host containers system.
Deprecate bind_socket so it does nothing for podman CLI.

Additionally, add debug triggers for the wrapper scripts messages to
become captured to the wrapper containers' stdout.

Do not stop and remove the existing container before launching a new
one. Allow the neutron parent process to control the process life
cycle. Although make the wraper containers cleaning up any exited
containers after its main process terminated by the neutron parent
process. Additionally, If a name is already taken by a container,
give it an unique name and assume all the smooth transitioning work
to be done by the parent neutron process and that clean up logic
in the wrapper.

Closes-Bug: #1799484
Change-Id: Ib3c41a8bee349856d21f360595e41a9eafd79323
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
This commit is contained in:
Bogdan Dobrelya 2018-09-28 16:02:04 +02:00 committed by Alex Schultz
parent b6ac390fbe
commit 6117cae693
23 changed files with 608 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
manifests/profile/base/neutron.pp
View File

@ -86,6 +86,12 @@
# (Optional) Indicate whether Designate is available in the deployment.
# Defaults to hiera('designate_api_enabled') or false
#
# [*container_cli*]
# (Optional) A container CLI to be used with the wrapper
# tooling to manage containers controled by Neutron/OVN
# l3/dhcp/metadata agents. Accepts either 'podman' or 'docker'.
# Defaults to hiera('container_cli') or 'docker'.
#
class tripleo::profile::base::neutron (
$step = Integer(hiera('step')),
@ -104,8 +110,16 @@ class tripleo::profile::base::neutron (
$dhcp_agents_per_network = undef,
$dhcp_nodes = hiera('neutron_dhcp_short_node_names', []),
$designate_api_enabled = hiera('designate_api_enabled', false),
$container_cli = hiera('container_cli', 'docker'),
) {
if $step >= 3 {
# NOTE(bogdando) validate_* is deprecated and we do not want to use it here
if !($container_cli in ['docker', 'podman']) {
fail("container_cli ($container_cli) is not supported!")
}
if $container_cli == 'docker' {
warning("Docker runtime is deprecated. Consider switching container_cli to podman")
}
$oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl)))
$oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl)))
$dhcp_agent_count = size($dhcp_nodes)

40
manifests/profile/base/neutron/dhcp_agent_wrappers.pp
View File

@ -47,23 +47,33 @@
# Defaults to undef
#
# [*bind_sockets*]
# (Optional) Domain sockets that the wrappers should use for accessing
# (Deprecated) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock'])
#
# [*debug*]
# (Optional) Debug messages for the wrapper scripts.
# Defaults to False.
#
class tripleo::profile::base::neutron::dhcp_agent_wrappers (
$enable_dnsmasq_wrapper = false,
$dnsmasq_process_wrapper = undef,
$dnsmasq_image = undef,
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
$enable_dnsmasq_wrapper = false,
$dnsmasq_process_wrapper = undef,
$dnsmasq_image = undef,
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
Boolean $debug = false,
# Deprecated
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
) {
unless $bind_sockets {
fail('The wrappers require a domain socket for accessing the docker daemon')
$container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker')
if $bind_sockets and $container_cli == 'docker' {
warning("Docker runtime is deprecated. Consider switching container_cli to podman")
$bind_socket = join(['unix://', $bind_sockets[0]], '')
} else {
$bind_socket = ''
}
$bind_socket = join(['unix://', $bind_sockets[0]], '')
if $enable_dnsmasq_wrapper {
unless $dnsmasq_image and $dnsmasq_process_wrapper{
fail('The docker image for dnsmasq and wrapper filename must be provided when generating dnsmasq wrappers')
@ -71,7 +81,9 @@ class tripleo::profile::base::neutron::dhcp_agent_wrappers (
tripleo::profile::base::neutron::wrappers::dnsmasq{'dhcp_dnsmasq_process_wrapper':
dnsmasq_process_wrapper => $dnsmasq_process_wrapper,
dnsmasq_image => $dnsmasq_image,
bind_socket => $bind_socket
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
@ -82,7 +94,9 @@ class tripleo::profile::base::neutron::dhcp_agent_wrappers (
tripleo::profile::base::neutron::wrappers::haproxy{'dhcp_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
bind_socket => $bind_socket
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
}

56
manifests/profile/base/neutron/l3_agent_wrappers.pp
View File

@ -80,30 +80,40 @@
# Defaults to undef
#
# [*bind_sockets*]
# (Optional) Domain sockets that the wrappers should use for accessing
# (Deprecated) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock'])
#
# [*debug*]
# (Optional) Debug messages for the wrapper scripts.
# Defaults to False.
#
class tripleo::profile::base::neutron::l3_agent_wrappers (
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$enable_radvd_wrapper = false,
$radvd_process_wrapper = undef,
$radvd_image = undef,
$enable_keepalived_wrapper = false,
$keepalived_process_wrapper = undef,
$keepalived_image = undef,
$keepalived_state_change_wrapper = undef,
$enable_dibbler_wrapper = false,
$dibbler_process_wrapper = undef,
$dibbler_image = undef,
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$enable_radvd_wrapper = false,
$radvd_process_wrapper = undef,
$radvd_image = undef,
$enable_keepalived_wrapper = false,
$keepalived_process_wrapper = undef,
$keepalived_image = undef,
$keepalived_state_change_wrapper = undef,
$enable_dibbler_wrapper = false,
$dibbler_process_wrapper = undef,
$dibbler_image = undef,
Boolean $debug = false,
# Deprecated
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
) {
unless $bind_sockets {
fail('The wrappers require a domain socket for accessing the docker daemon')
$container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker')
if $bind_sockets and $container_cli == 'docker' {
warning("Docker runtime is deprecated. Consider switching container_cli to podman")
$bind_socket = join(['unix://', $bind_sockets[0]], '')
} else {
$bind_socket = ''
}
$bind_socket = join(['unix://', $bind_sockets[0]], '')
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
@ -112,6 +122,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers (
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
@ -123,6 +135,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers (
radvd_process_wrapper => $radvd_process_wrapper,
radvd_image => $radvd_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
@ -134,6 +148,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers (
keepalived_process_wrapper => $keepalived_process_wrapper,
keepalived_image => $keepalived_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
unless $keepalived_state_change_wrapper {
fail('The keepalived state change wrapper must also be configured when generating keepalived wrappers')
@ -141,6 +157,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers (
tripleo::profile::base::neutron::wrappers::keepalived_state_change{'l3_keepalived_state_change':
keepalived_state_change_wrapper => $keepalived_state_change_wrapper,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
@ -152,6 +170,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers (
dibbler_process_wrapper => $dibbler_process_wrapper,
dibbler_image => $dibbler_image,
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
}

30
manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp
View File

@ -33,20 +33,30 @@
# Defaults to undef
#
# [*bind_sockets*]
# (Optional) Domain sockets that the wrappers should use for accessing
# (Deprecated) Domain sockets that the wrappers should use for accessing
# the docker daemon.
# Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock'])
#
# [*debug*]
# (Optional) Debug messages for the wrapper scripts.
# Defaults to False.
#
class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers (
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
$enable_haproxy_wrapper = false,
$haproxy_process_wrapper = undef,
$haproxy_image = undef,
Boolean $debug = false,
# Deprecated
$bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']),
) {
unless $bind_sockets {
fail('The wrappers require a domain socket for accessing the docker daemon')
$container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker')
if $bind_sockets and $container_cli == 'docker' {
warning("Docker runtime is deprecated. Consider switching container_cli to podman")
$bind_socket = join(['unix://', $bind_sockets[0]], '')
} else {
$bind_socket = ''
}
$bind_socket = join(['unix://', $bind_sockets[0]], '')
if $enable_haproxy_wrapper {
unless $haproxy_image and $haproxy_process_wrapper{
fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers')
@ -54,7 +64,9 @@ class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers (
tripleo::profile::base::neutron::wrappers::haproxy{'ovn_metadata_haproxy_process_wrapper':
haproxy_process_wrapper => $haproxy_process_wrapper,
haproxy_image => $haproxy_image,
bind_socket => $bind_socket
bind_socket => $bind_socket,
debug => $debug,
container_cli => $container_cli,
}
}
}

22
manifests/profile/base/neutron/wrappers/dibbler_client.pp
View File

@ -27,17 +27,27 @@
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::dibbler_client (
$dibbler_process_wrapper,
$dibbler_image,
$bind_socket,
$bind_socket = undef,
Boolean $debug,
$container_cli,
) {
file { $dibbler_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dibbler-client.epp', {
'image_name' => $dibbler_image,
'bind_socket' => $bind_socket
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dibbler-client.epp', {
'image_name' => $dibbler_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

22
manifests/profile/base/neutron/wrappers/dnsmasq.pp
View File

@ -27,17 +27,27 @@
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::dnsmasq (
$dnsmasq_process_wrapper,
$dnsmasq_image,
$bind_socket,
$bind_socket = undef,
Boolean $debug,
$container_cli,
) {
file { $dnsmasq_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dnsmasq.epp', {
'image_name' => $dnsmasq_image,
'bind_socket' => $bind_socket
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/dnsmasq.epp', {
'image_name' => $dnsmasq_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

22
manifests/profile/base/neutron/wrappers/haproxy.pp
View File

@ -27,17 +27,27 @@
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::haproxy (
$haproxy_process_wrapper,
$haproxy_image,
$bind_socket,
$bind_socket = undef,
Boolean $debug,
$container_cli,
) {
file { $haproxy_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/haproxy.epp', {
'image_name' => $haproxy_image,
'bind_socket' => $bind_socket,
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/haproxy.epp', {
'image_name' => $haproxy_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

22
manifests/profile/base/neutron/wrappers/keepalived.pp
View File

@ -27,17 +27,27 @@
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::keepalived (
$keepalived_process_wrapper,
$keepalived_image,
$bind_socket,
$bind_socket = undef,
Boolean $debug,
$container_cli,
) {
file { $keepalived_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/keepalived.epp', {
'image_name' => $keepalived_image,
'bind_socket' => $bind_socket,
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/keepalived.epp', {
'image_name' => $keepalived_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

20
manifests/profile/base/neutron/wrappers/keepalived_state_change.pp
View File

@ -24,15 +24,25 @@
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::keepalived_state_change (
$keepalived_state_change_wrapper,
$bind_socket,
$bind_socket = undef,
Boolean $debug,
$container_cli,
) {
file { $keepalived_state_change_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', {
'bind_socket' => $bind_socket
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', {
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

23
manifests/profile/base/neutron/wrappers/radvd.pp
View File

@ -26,18 +26,29 @@
#
# [*bind_socket*]
# Socket for accessing the docker daemon.
#
# [*debug*]
# Enable debug messages for the wrapper script.
#
# [*container_cli*]
# Host containers runtime system to use.
#
define tripleo::profile::base::neutron::wrappers::radvd (
$radvd_process_wrapper,
$radvd_image,
$bind_socket,
$bind_socket = undef,
Boolean $debug,
$container_cli,
) {
file { $radvd_process_wrapper:
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/radvd.epp', {
'image_name' => $radvd_image,
'bind_socket' => $bind_socket,
ensure => file,
mode => '0755',
content => epp('tripleo/neutron/radvd.epp', {
'image_name' => $radvd_image,
'bind_socket' => $bind_socket,
'debug' => $debug,
'container_cli' => $container_cli,
})
}
}

17
releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml Normal file
View File

@ -0,0 +1,17 @@
---
features:
- |
Neutron L3/DHCP and OVN metadata agent wrapper classes are given the
``debug`` and ``container_cli`` parameters. The latter allows 'docker'
(deprecated) and 'podman' for Neutron L3/dhcp and OVN metadata rootwrap
containers managed by agents. When ``debug`` enabled, the wrapper
containers start writing extended outputs to its stdout, which also may be
shown via the ``podman logs`` CLI.
fixes:
- |
Neutron/OVN rootwrap containers are managed by agents and will no longer
be deleted, when the parent container restarts.
deprecations:
- |
Parameter ``bind_sockets`` is deprecated. No sockets are expected to bind
mount for podman. So it only works for the docker runtime.

34
spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb
View File

@ -24,11 +24,13 @@ describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
shared_examples_for 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
context 'creates wrapper file' do
context 'creates wrapper file for docker' do
let :params do {
:dibbler_process_wrapper => '/usr/local/bin/dibbler-client',
:dibbler_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
end
@ -42,6 +44,34 @@ describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/dibbler-client run/
)
end
end
context 'creates wrapper file for podman' do
let :params do {
:dibbler_process_wrapper => '/usr/local/bin/dibbler-client',
:dibbler_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
end
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dibbler-client').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content(
/CMD='\/usr\/sbin\/dibbler-client run'/
)
end
end
end

35
spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb
View File

@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
shared_examples_for 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
context 'creates wrapper file' do
context 'creates wrapper file for docker' do
let(:params) {
{
:dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq',
:dnsmasq_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
@ -43,6 +45,35 @@ describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/dnsmasq -k/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq',
:dnsmasq_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/dnsmasq').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content(
/CMD='\/usr\/sbin\/dnsmasq -k'/
)
end
end
end

38
spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb
View File

@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::haproxy' do
shared_examples_for 'tripleo::profile::base::neutron::wrappers::haproxy' do
context 'creates wrapper file' do
context 'creates wrapper file for docker' do
let(:params) {
{
:haproxy_process_wrapper => '/usr/local/bin/haproxy',
:haproxy_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
@ -46,6 +48,38 @@ describe 'tripleo::profile::base::neutron::wrappers::haproxy' do
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/haproxy -Ds/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:haproxy_process_wrapper => '/usr/local/bin/haproxy',
:haproxy_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/haproxy').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/^NAME=neutron-haproxy-/
)
is_expected.to contain_file('/usr/local/bin/haproxy').with_content(
/CMD='\/usr\/sbin\/haproxy -Ds'/
)
end
end
end

35
spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb
View File

@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived' do
shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived' do
context 'creates wrapper file' do
context 'creates wrapper file for docker' do
let(:params) {
{
:keepalived_process_wrapper => '/usr/local/bin/keepalived',
:keepalived_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
@ -43,6 +45,35 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived' do
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/keepalived -n -l -D/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:keepalived_process_wrapper => '/usr/local/bin/keepalived',
:keepalived_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/keepalived').with_content(
/CMD='\/usr\/sbin\/keepalived -n -l -D'/
)
end
end
end

32
spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb
View File

@ -24,11 +24,13 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
context 'creates wrapper file' do
context 'creates wrapper file for docker' do
let(:params) {
{
:keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change',
:bind_socket => 'unix:///run/another/docker.sock'
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
@ -37,10 +39,32 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/ip.netns.exec.*neutron-keepalived-state-change/
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
/set -x/
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/CMD="ip netns exec.*\/usr\/bin\/neutron-keepalived-state-change/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content(
/CMD='\/usr\/bin\/neutron-keepalived-state-change'/
)
end
end

38
spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb
View File

@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::radvd' do
shared_examples_for 'tripleo::profile::base::neutron::wrappers::radvd' do
context 'creates wrapper file' do
context 'creates wrapper file for docker' do
let(:params) {
{
:radvd_process_wrapper => '/usr/local/bin/radvd',
:radvd_image => 'a_registry/some_container_name:some_tag',
:bind_socket => 'unix:///run/another/docker.sock'
:bind_socket => 'unix:///run/another/docker.sock',
:container_cli => 'docker',
:debug => true,
}
}
@ -46,6 +48,38 @@ describe 'tripleo::profile::base::neutron::wrappers::radvd' do
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/export DOCKER_HOST="unix:...run.another.docker.sock/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/set -x/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/CMD="ip netns exec.*\/usr\/sbin\/radvd -n/
)
end
end
context 'creates wrapper file for podman' do
let(:params) {
{
:radvd_process_wrapper => '/usr/local/bin/radvd',
:radvd_image => 'a_registry/some_container_name:some_tag',
:container_cli => 'podman',
:debug => false,
}
}
it 'should generate a wrapper file' do
is_expected.to contain_file('/usr/local/bin/radvd').with(
:mode => '0755'
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/a_registry.some_container_name.some_tag/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/^NAME=neutron-radvd-/
)
is_expected.to contain_file('/usr/local/bin/radvd').with_content(
/CMD='\/usr\/sbin\/radvd -n'/
)
end
end
end

43
templates/neutron/dibbler-client.epp
View File

@ -1,7 +1,14 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
# we want to "eat" the "start" command given by neutron and run
# this in the foreground.
shift
@ -15,19 +22,39 @@ ARGS="$@"
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-dibbler-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
CMD="ip netns exec ${NETNS} /usr/sbin/dibbler-client run"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
CMD='/usr/sbin/dibbler-client run'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-dibbler- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
docker stop $NAME || true
docker rm -f $NAME || true
# Find orphaned containers left for dead after its main process terminated by neutron parent process
ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
docker run --detach \
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
-v /run/netns:/run/netns:z,shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec ${NETNS} /usr/sbin/dibbler-client run $ARGS
$CMD $ARGS

44
templates/neutron/dnsmasq.epp
View File

@ -1,7 +1,14 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
@ -12,19 +19,40 @@ ARGS="$@"
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-dnsmasq-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
CMD="ip netns exec ${NETNS} /usr/sbin/dnsmasq -k"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
CMD='/usr/sbin/dnsmasq -k'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-dnsmasq- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
docker stop $NAME || true
docker rm -f $NAME || true
# Find orphaned containers left for dead after its main process terminated by neutron parent process
# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703
ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
docker run --detach \
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
-v /run/netns:/run/netns:z,shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec ${NETNS} /usr/sbin/dnsmasq -k $ARGS
$CMD $ARGS

43
templates/neutron/haproxy.epp
View File

@ -1,7 +1,14 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
@ -12,19 +19,39 @@ ARGS="$@"
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-haproxy-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
CMD="ip netns exec ${NETNS} /usr/sbin/haproxy -Ds"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
CMD='/usr/sbin/haproxy -Ds'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-haproxy- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
docker stop $NAME || true
docker rm -f $NAME || true
# Find orphaned containers left for dead after its main process terminated by neutron parent process
ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
docker run --detach \
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
-v /run/netns:/run/netns:z,shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec ${NETNS} /usr/sbin/haproxy -Ds $ARGS
$CMD $ARGS

43
templates/neutron/keepalived.epp
View File

@ -1,7 +1,14 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
@ -12,21 +19,41 @@ ARGS="$@"
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-keepalived-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
CMD="ip netns exec ${NETNS} /usr/sbin/keepalived -n -l -D"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
CMD='/usr/sbin/keepalived -n -l -D'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-keepalived- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
docker stop $NAME || true
docker rm -f $NAME || true
# Find orphaned containers left for dead after its main process terminated by neutron parent process
ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
docker run --detach \
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /lib/modules:/lib/modules:ro \
-v /sbin/modprobe:/sbin/modprobe:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
-v /run/netns:/run/netns:z,shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec ${NETNS} /usr/sbin/keepalived -n -l -D $ARGS
$CMD $ARGS

24
templates/neutron/neutron-keepalived-state-change.epp
View File

@ -1,7 +1,13 @@
<%- | String $bind_socket = '' | -%>
<%- | String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
@ -12,12 +18,22 @@ ARGS="$@"
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETNS=$(ip netns identify)
NAME=neutron-keepalived-${NETNS}
<%- if $container_cli == 'docker' { -%>
CLI='docker'
CMD="ip netns exec ${NETNS} /usr/bin/neutron-keepalived-state-change"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
CMD='/usr/bin/neutron-keepalived-state-change'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
# The state change daemon only runs as a daemon for the moment so we need to
# run it within an existing container with a sensibly matching lifetime. The
# related keepalived container seems an obvious choice.
container_id=`docker ps --filter name=$NAME --format "{{.ID}}"`
container_id=$($CLI ps --filter name=$NAME --format "{{.ID}}")
if [[ -z $container_id ]];
then
@ -25,8 +41,8 @@ then
exit 0
fi
docker exec --detach \
$CLI exec --detach \
-u root \
--privileged \
$NAME \
ip netns exec ${NETNS} /usr/bin/neutron-keepalived-state-change $ARGS
$CMD $ARGS

45
templates/neutron/radvd.epp
View File

@ -1,8 +1,14 @@
<%- | String $image_name = '', String $bind_socket = '' | -%>
<%- | String $image_name = '',
String $bind_socket = '',
Boolean $debug,
String $container_cli = ''
| -%>
#!/bin/bash
<%- if $debug { -%>set -x<%- } -%>
export DOCKER_HOST="unix:///var/run/docker_container_mount/docker.sock"
<%- if $bind_socket { -%>
export DOCKER_HOST="<%=$bind_socket%>"
<%- } -%>
ARGS="$@"
# Extract the network namespace UUID from the command line args provided by
@ -13,18 +19,39 @@ ARGS="$@"
# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ...
NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }')
NAME=neutron-radvd-${NETWORK_ID}
docker stop $NAME || true
docker rm -f $NAME || true
<%- if $container_cli == 'docker' { -%>
CLI='docker'
CMD="ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n"
<%- } elsif $container_cli == 'podman' { -%>
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
CMD='/usr/sbin/radvd -n'
<%- } else { -%>
CLI='echo noop'
CMD='echo noop'
<%- } -%>
LIST=$($CLI ps -a --filter name=neutron-radvd- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}')
docker run --detach \
# Find orphaned containers left for dead after its main process terminated by neutron parent process
ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited")
if [ -n "${ORPHANTS}" ]; then
for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do
echo "Removing orphaned container ${orphant}"
$CLI stop ${orphant} || true
$CLI rm -f ${orphant} || true
done
fi
# If the NAME is already taken by a container, give it an unique name
printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)"
echo "Starting a new child container ${NAME}"
$CLI run --detach \
-v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \
-v /run/netns:/run/netns:shared \
-v /var/lib/neutron:/var/lib/neutron \
-v /run/netns:/run/netns:z,shared \
-v /var/lib/neutron:/var/lib/neutron:z,shared \
--net host \
--pid host \
--privileged \
--rm=true \
-u root \
--name $NAME \
<%=$image_name%> \
ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n $ARGS
$CMD $ARGS