diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp index ee83f91fe..7e04c868b 100644 --- a/manifests/profile/base/neutron.pp +++ b/manifests/profile/base/neutron.pp @@ -86,6 +86,12 @@ # (Optional) Indicate whether Designate is available in the deployment. # Defaults to hiera('designate_api_enabled') or false # +# [*container_cli*] +# (Optional) A container CLI to be used with the wrapper +# tooling to manage containers controled by Neutron/OVN +# l3/dhcp/metadata agents. Accepts either 'podman' or 'docker'. +# Defaults to hiera('container_cli') or 'docker'. +# class tripleo::profile::base::neutron ( $step = Integer(hiera('step')), @@ -104,8 +110,16 @@ class tripleo::profile::base::neutron ( $dhcp_agents_per_network = undef, $dhcp_nodes = hiera('neutron_dhcp_short_node_names', []), $designate_api_enabled = hiera('designate_api_enabled', false), + $container_cli = hiera('container_cli', 'docker'), ) { if $step >= 3 { + # NOTE(bogdando) validate_* is deprecated and we do not want to use it here + if !($container_cli in ['docker', 'podman']) { + fail("container_cli ($container_cli) is not supported!") + } + if $container_cli == 'docker' { + warning("Docker runtime is deprecated. Consider switching container_cli to podman") + } $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) $dhcp_agent_count = size($dhcp_nodes) diff --git a/manifests/profile/base/neutron/dhcp_agent_wrappers.pp b/manifests/profile/base/neutron/dhcp_agent_wrappers.pp index 43a0b6b00..b09fed879 100644 --- a/manifests/profile/base/neutron/dhcp_agent_wrappers.pp +++ b/manifests/profile/base/neutron/dhcp_agent_wrappers.pp @@ -47,23 +47,33 @@ # Defaults to undef # # [*bind_sockets*] -# (Optional) Domain sockets that the wrappers should use for accessing +# (Deprecated) Domain sockets that the wrappers should use for accessing # the docker daemon. # Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']) # +# [*debug*] +# (Optional) Debug messages for the wrapper scripts. +# Defaults to False. +# class tripleo::profile::base::neutron::dhcp_agent_wrappers ( - $enable_dnsmasq_wrapper = false, - $dnsmasq_process_wrapper = undef, - $dnsmasq_image = undef, - $enable_haproxy_wrapper = false, - $haproxy_process_wrapper = undef, - $haproxy_image = undef, - $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), + $enable_dnsmasq_wrapper = false, + $dnsmasq_process_wrapper = undef, + $dnsmasq_image = undef, + $enable_haproxy_wrapper = false, + $haproxy_process_wrapper = undef, + $haproxy_image = undef, + Boolean $debug = false, + + # Deprecated + $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), ) { - unless $bind_sockets { - fail('The wrappers require a domain socket for accessing the docker daemon') + $container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker') + if $bind_sockets and $container_cli == 'docker' { + warning("Docker runtime is deprecated. Consider switching container_cli to podman") + $bind_socket = join(['unix://', $bind_sockets[0]], '') + } else { + $bind_socket = '' } - $bind_socket = join(['unix://', $bind_sockets[0]], '') if $enable_dnsmasq_wrapper { unless $dnsmasq_image and $dnsmasq_process_wrapper{ fail('The docker image for dnsmasq and wrapper filename must be provided when generating dnsmasq wrappers') @@ -71,7 +81,9 @@ class tripleo::profile::base::neutron::dhcp_agent_wrappers ( tripleo::profile::base::neutron::wrappers::dnsmasq{'dhcp_dnsmasq_process_wrapper': dnsmasq_process_wrapper => $dnsmasq_process_wrapper, dnsmasq_image => $dnsmasq_image, - bind_socket => $bind_socket + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } @@ -82,7 +94,9 @@ class tripleo::profile::base::neutron::dhcp_agent_wrappers ( tripleo::profile::base::neutron::wrappers::haproxy{'dhcp_haproxy_process_wrapper': haproxy_process_wrapper => $haproxy_process_wrapper, haproxy_image => $haproxy_image, - bind_socket => $bind_socket + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } } diff --git a/manifests/profile/base/neutron/l3_agent_wrappers.pp b/manifests/profile/base/neutron/l3_agent_wrappers.pp index 3cd14761d..990d31ebe 100644 --- a/manifests/profile/base/neutron/l3_agent_wrappers.pp +++ b/manifests/profile/base/neutron/l3_agent_wrappers.pp @@ -80,30 +80,40 @@ # Defaults to undef # # [*bind_sockets*] -# (Optional) Domain sockets that the wrappers should use for accessing +# (Deprecated) Domain sockets that the wrappers should use for accessing # the docker daemon. # Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']) # +# [*debug*] +# (Optional) Debug messages for the wrapper scripts. +# Defaults to False. +# class tripleo::profile::base::neutron::l3_agent_wrappers ( - $enable_haproxy_wrapper = false, - $haproxy_process_wrapper = undef, - $haproxy_image = undef, - $enable_radvd_wrapper = false, - $radvd_process_wrapper = undef, - $radvd_image = undef, - $enable_keepalived_wrapper = false, - $keepalived_process_wrapper = undef, - $keepalived_image = undef, - $keepalived_state_change_wrapper = undef, - $enable_dibbler_wrapper = false, - $dibbler_process_wrapper = undef, - $dibbler_image = undef, - $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), + $enable_haproxy_wrapper = false, + $haproxy_process_wrapper = undef, + $haproxy_image = undef, + $enable_radvd_wrapper = false, + $radvd_process_wrapper = undef, + $radvd_image = undef, + $enable_keepalived_wrapper = false, + $keepalived_process_wrapper = undef, + $keepalived_image = undef, + $keepalived_state_change_wrapper = undef, + $enable_dibbler_wrapper = false, + $dibbler_process_wrapper = undef, + $dibbler_image = undef, + Boolean $debug = false, + + # Deprecated + $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), ) { - unless $bind_sockets { - fail('The wrappers require a domain socket for accessing the docker daemon') + $container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker') + if $bind_sockets and $container_cli == 'docker' { + warning("Docker runtime is deprecated. Consider switching container_cli to podman") + $bind_socket = join(['unix://', $bind_sockets[0]], '') + } else { + $bind_socket = '' } - $bind_socket = join(['unix://', $bind_sockets[0]], '') if $enable_haproxy_wrapper { unless $haproxy_image and $haproxy_process_wrapper{ fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers') @@ -112,6 +122,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers ( haproxy_process_wrapper => $haproxy_process_wrapper, haproxy_image => $haproxy_image, bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } @@ -123,6 +135,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers ( radvd_process_wrapper => $radvd_process_wrapper, radvd_image => $radvd_image, bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } @@ -134,6 +148,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers ( keepalived_process_wrapper => $keepalived_process_wrapper, keepalived_image => $keepalived_image, bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } unless $keepalived_state_change_wrapper { fail('The keepalived state change wrapper must also be configured when generating keepalived wrappers') @@ -141,6 +157,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers ( tripleo::profile::base::neutron::wrappers::keepalived_state_change{'l3_keepalived_state_change': keepalived_state_change_wrapper => $keepalived_state_change_wrapper, bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } @@ -152,6 +170,8 @@ class tripleo::profile::base::neutron::l3_agent_wrappers ( dibbler_process_wrapper => $dibbler_process_wrapper, dibbler_image => $dibbler_image, bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } } diff --git a/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp b/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp index d0ec63152..01cc5cbd9 100644 --- a/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp +++ b/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp @@ -33,20 +33,30 @@ # Defaults to undef # # [*bind_sockets*] -# (Optional) Domain sockets that the wrappers should use for accessing +# (Deprecated) Domain sockets that the wrappers should use for accessing # the docker daemon. # Defaults to hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']) # +# [*debug*] +# (Optional) Debug messages for the wrapper scripts. +# Defaults to False. +# class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers ( - $enable_haproxy_wrapper = false, - $haproxy_process_wrapper = undef, - $haproxy_image = undef, - $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), + $enable_haproxy_wrapper = false, + $haproxy_process_wrapper = undef, + $haproxy_image = undef, + Boolean $debug = false, + + # Deprecated + $bind_sockets = hiera('docker_additional_sockets', ['/var/lib/openstack/docker.sock']), ) { - unless $bind_sockets { - fail('The wrappers require a domain socket for accessing the docker daemon') + $container_cli = hiera('tripleo::profile::base::neutron::container_cli', 'docker') + if $bind_sockets and $container_cli == 'docker' { + warning("Docker runtime is deprecated. Consider switching container_cli to podman") + $bind_socket = join(['unix://', $bind_sockets[0]], '') + } else { + $bind_socket = '' } - $bind_socket = join(['unix://', $bind_sockets[0]], '') if $enable_haproxy_wrapper { unless $haproxy_image and $haproxy_process_wrapper{ fail('The docker image for haproxy and wrapper filename must be provided when generating haproxy wrappers') @@ -54,7 +64,9 @@ class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers ( tripleo::profile::base::neutron::wrappers::haproxy{'ovn_metadata_haproxy_process_wrapper': haproxy_process_wrapper => $haproxy_process_wrapper, haproxy_image => $haproxy_image, - bind_socket => $bind_socket + bind_socket => $bind_socket, + debug => $debug, + container_cli => $container_cli, } } } diff --git a/manifests/profile/base/neutron/wrappers/dibbler_client.pp b/manifests/profile/base/neutron/wrappers/dibbler_client.pp index 219a64e27..042787411 100644 --- a/manifests/profile/base/neutron/wrappers/dibbler_client.pp +++ b/manifests/profile/base/neutron/wrappers/dibbler_client.pp @@ -27,17 +27,27 @@ # [*bind_socket*] # Socket for accessing the docker daemon. # +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# define tripleo::profile::base::neutron::wrappers::dibbler_client ( $dibbler_process_wrapper, $dibbler_image, - $bind_socket, + $bind_socket = undef, + Boolean $debug, + $container_cli, ) { file { $dibbler_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/dibbler-client.epp', { - 'image_name' => $dibbler_image, - 'bind_socket' => $bind_socket + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/dibbler-client.epp', { + 'image_name' => $dibbler_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, }) } } diff --git a/manifests/profile/base/neutron/wrappers/dnsmasq.pp b/manifests/profile/base/neutron/wrappers/dnsmasq.pp index 3ca59132c..e7e490abd 100644 --- a/manifests/profile/base/neutron/wrappers/dnsmasq.pp +++ b/manifests/profile/base/neutron/wrappers/dnsmasq.pp @@ -27,17 +27,27 @@ # [*bind_socket*] # Socket for accessing the docker daemon. # +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# define tripleo::profile::base::neutron::wrappers::dnsmasq ( $dnsmasq_process_wrapper, $dnsmasq_image, - $bind_socket, + $bind_socket = undef, + Boolean $debug, + $container_cli, ) { file { $dnsmasq_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/dnsmasq.epp', { - 'image_name' => $dnsmasq_image, - 'bind_socket' => $bind_socket + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/dnsmasq.epp', { + 'image_name' => $dnsmasq_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, }) } } diff --git a/manifests/profile/base/neutron/wrappers/haproxy.pp b/manifests/profile/base/neutron/wrappers/haproxy.pp index b2f0911f4..269cf9e7b 100644 --- a/manifests/profile/base/neutron/wrappers/haproxy.pp +++ b/manifests/profile/base/neutron/wrappers/haproxy.pp @@ -27,17 +27,27 @@ # [*bind_socket*] # Socket for accessing the docker daemon. # +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# define tripleo::profile::base::neutron::wrappers::haproxy ( $haproxy_process_wrapper, $haproxy_image, - $bind_socket, + $bind_socket = undef, + Boolean $debug, + $container_cli, ) { file { $haproxy_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/haproxy.epp', { - 'image_name' => $haproxy_image, - 'bind_socket' => $bind_socket, + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/haproxy.epp', { + 'image_name' => $haproxy_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, }) } } diff --git a/manifests/profile/base/neutron/wrappers/keepalived.pp b/manifests/profile/base/neutron/wrappers/keepalived.pp index b896cc022..98a110433 100644 --- a/manifests/profile/base/neutron/wrappers/keepalived.pp +++ b/manifests/profile/base/neutron/wrappers/keepalived.pp @@ -27,17 +27,27 @@ # [*bind_socket*] # Socket for accessing the docker daemon. # +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# define tripleo::profile::base::neutron::wrappers::keepalived ( $keepalived_process_wrapper, $keepalived_image, - $bind_socket, + $bind_socket = undef, + Boolean $debug, + $container_cli, ) { file { $keepalived_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/keepalived.epp', { - 'image_name' => $keepalived_image, - 'bind_socket' => $bind_socket, + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/keepalived.epp', { + 'image_name' => $keepalived_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, }) } } diff --git a/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp b/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp index 5a7c6c507..dc2bdd792 100644 --- a/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp +++ b/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp @@ -24,15 +24,25 @@ # [*bind_socket*] # Socket for accessing the docker daemon. # +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. +# define tripleo::profile::base::neutron::wrappers::keepalived_state_change ( $keepalived_state_change_wrapper, - $bind_socket, + $bind_socket = undef, + Boolean $debug, + $container_cli, ) { file { $keepalived_state_change_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', { - 'bind_socket' => $bind_socket + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', { + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, }) } } diff --git a/manifests/profile/base/neutron/wrappers/radvd.pp b/manifests/profile/base/neutron/wrappers/radvd.pp index bdf07d9f0..4c89dc941 100644 --- a/manifests/profile/base/neutron/wrappers/radvd.pp +++ b/manifests/profile/base/neutron/wrappers/radvd.pp @@ -26,18 +26,29 @@ # # [*bind_socket*] # Socket for accessing the docker daemon. +# +# [*debug*] +# Enable debug messages for the wrapper script. +# +# [*container_cli*] +# Host containers runtime system to use. + # define tripleo::profile::base::neutron::wrappers::radvd ( $radvd_process_wrapper, $radvd_image, - $bind_socket, + $bind_socket = undef, + Boolean $debug, + $container_cli, ) { file { $radvd_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/radvd.epp', { - 'image_name' => $radvd_image, - 'bind_socket' => $bind_socket, + ensure => file, + mode => '0755', + content => epp('tripleo/neutron/radvd.epp', { + 'image_name' => $radvd_image, + 'bind_socket' => $bind_socket, + 'debug' => $debug, + 'container_cli' => $container_cli, }) } } diff --git a/releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml b/releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml new file mode 100644 index 000000000..fc773e4d7 --- /dev/null +++ b/releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml @@ -0,0 +1,17 @@ +--- +features: + - | + Neutron L3/DHCP and OVN metadata agent wrapper classes are given the + ``debug`` and ``container_cli`` parameters. The latter allows 'docker' + (deprecated) and 'podman' for Neutron L3/dhcp and OVN metadata rootwrap + containers managed by agents. When ``debug`` enabled, the wrapper + containers start writing extended outputs to its stdout, which also may be + shown via the ``podman logs`` CLI. +fixes: + - | + Neutron/OVN rootwrap containers are managed by agents and will no longer + be deleted, when the parent container restarts. +deprecations: + - | + Parameter ``bind_sockets`` is deprecated. No sockets are expected to bind + mount for podman. So it only works for the docker runtime. diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb index 0cab93b87..9974a08ff 100644 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb @@ -24,11 +24,13 @@ describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do shared_examples_for 'tripleo::profile::base::neutron::wrappers::dibbler_client' do - context 'creates wrapper file' do + context 'creates wrapper file for docker' do let :params do { :dibbler_process_wrapper => '/usr/local/bin/dibbler-client', :dibbler_image => 'a_registry/some_container_name:some_tag', - :bind_socket => 'unix:///run/another/docker.sock' + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, } end @@ -42,6 +44,34 @@ describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( /export DOCKER_HOST="unix:...run.another.docker.sock/ ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/dibbler-client run/ + ) + end + end + + context 'creates wrapper file for podman' do + let :params do { + :dibbler_process_wrapper => '/usr/local/bin/dibbler-client', + :dibbler_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + end + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/dibbler-client').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( + /CMD='\/usr\/sbin\/dibbler-client run'/ + ) end end end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb index ba8783e68..d9b5942d6 100644 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb @@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do shared_examples_for 'tripleo::profile::base::neutron::wrappers::dnsmasq' do - context 'creates wrapper file' do + context 'creates wrapper file for docker' do let(:params) { { :dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq', :dnsmasq_image => 'a_registry/some_container_name:some_tag', - :bind_socket => 'unix:///run/another/docker.sock' + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, } } @@ -43,6 +45,35 @@ describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( /export DOCKER_HOST="unix:...run.another.docker.sock/ ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/dnsmasq -k/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq', + :dnsmasq_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/dnsmasq').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( + /CMD='\/usr\/sbin\/dnsmasq -k'/ + ) end end end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb index 0d6f90a6b..0b1717fce 100644 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb @@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::haproxy' do shared_examples_for 'tripleo::profile::base::neutron::wrappers::haproxy' do - context 'creates wrapper file' do + context 'creates wrapper file for docker' do let(:params) { { :haproxy_process_wrapper => '/usr/local/bin/haproxy', :haproxy_image => 'a_registry/some_container_name:some_tag', - :bind_socket => 'unix:///run/another/docker.sock' + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, } } @@ -46,6 +48,38 @@ describe 'tripleo::profile::base::neutron::wrappers::haproxy' do is_expected.to contain_file('/usr/local/bin/haproxy').with_content( /export DOCKER_HOST="unix:...run.another.docker.sock/ ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/haproxy -Ds/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :haproxy_process_wrapper => '/usr/local/bin/haproxy', + :haproxy_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/haproxy').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /^NAME=neutron-haproxy-/ + ) + is_expected.to contain_file('/usr/local/bin/haproxy').with_content( + /CMD='\/usr\/sbin\/haproxy -Ds'/ + ) end end end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb index c4a140023..6727c7906 100644 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb @@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived' do shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived' do - context 'creates wrapper file' do + context 'creates wrapper file for docker' do let(:params) { { :keepalived_process_wrapper => '/usr/local/bin/keepalived', :keepalived_image => 'a_registry/some_container_name:some_tag', - :bind_socket => 'unix:///run/another/docker.sock' + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, } } @@ -43,6 +45,35 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived' do is_expected.to contain_file('/usr/local/bin/keepalived').with_content( /export DOCKER_HOST="unix:...run.another.docker.sock/ ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/keepalived -n -l -D/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :keepalived_process_wrapper => '/usr/local/bin/keepalived', + :keepalived_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/keepalived').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived').with_content( + /CMD='\/usr\/sbin\/keepalived -n -l -D'/ + ) end end end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb index 152c4cd9a..1af7dcfd5 100644 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb @@ -24,11 +24,13 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do - context 'creates wrapper file' do + context 'creates wrapper file for docker' do let(:params) { { :keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change', - :bind_socket => 'unix:///run/another/docker.sock' + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, } } @@ -37,10 +39,32 @@ describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do :mode => '0755' ) is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( - /ip.netns.exec.*neutron-keepalived-state-change/ + /export DOCKER_HOST="unix:...run.another.docker.sock/ ) is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( - /export DOCKER_HOST="unix:...run.another.docker.sock/ + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( + /CMD="ip netns exec.*\/usr\/bin\/neutron-keepalived-state-change/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( + /CMD='\/usr\/bin\/neutron-keepalived-state-change'/ ) end end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb index 83259fe65..155abb5aa 100644 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb +++ b/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb @@ -24,12 +24,14 @@ describe 'tripleo::profile::base::neutron::wrappers::radvd' do shared_examples_for 'tripleo::profile::base::neutron::wrappers::radvd' do - context 'creates wrapper file' do + context 'creates wrapper file for docker' do let(:params) { { :radvd_process_wrapper => '/usr/local/bin/radvd', :radvd_image => 'a_registry/some_container_name:some_tag', - :bind_socket => 'unix:///run/another/docker.sock' + :bind_socket => 'unix:///run/another/docker.sock', + :container_cli => 'docker', + :debug => true, } } @@ -46,6 +48,38 @@ describe 'tripleo::profile::base::neutron::wrappers::radvd' do is_expected.to contain_file('/usr/local/bin/radvd').with_content( /export DOCKER_HOST="unix:...run.another.docker.sock/ ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /set -x/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /CMD="ip netns exec.*\/usr\/sbin\/radvd -n/ + ) + end + end + + context 'creates wrapper file for podman' do + let(:params) { + { + :radvd_process_wrapper => '/usr/local/bin/radvd', + :radvd_image => 'a_registry/some_container_name:some_tag', + :container_cli => 'podman', + :debug => false, + } + } + + it 'should generate a wrapper file' do + is_expected.to contain_file('/usr/local/bin/radvd').with( + :mode => '0755' + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /a_registry.some_container_name.some_tag/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /^NAME=neutron-radvd-/ + ) + is_expected.to contain_file('/usr/local/bin/radvd').with_content( + /CMD='\/usr\/sbin\/radvd -n'/ + ) end end end diff --git a/templates/neutron/dibbler-client.epp b/templates/neutron/dibbler-client.epp index 3ccd15b31..b37fe995a 100644 --- a/templates/neutron/dibbler-client.epp +++ b/templates/neutron/dibbler-client.epp @@ -1,7 +1,14 @@ -<%- | String $image_name = '', String $bind_socket = '' | -%> +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> #!/bin/bash +<%- if $debug { -%>set -x<%- } -%> +<%- if $bind_socket { -%> export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> # we want to "eat" the "start" command given by neutron and run # this in the foreground. shift @@ -15,19 +22,39 @@ ARGS="$@" # --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... NETNS=$(ip netns identify) NAME=neutron-dibbler-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +CMD="ip netns exec ${NETNS} /usr/sbin/dibbler-client run" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +CMD='/usr/sbin/dibbler-client run' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-dibbler- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') -docker stop $NAME || true -docker rm -f $NAME || true +# Find orphaned containers left for dead after its main process terminated by neutron parent process +ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi -docker run --detach \ +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach \ -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron \ + -v /run/netns:/run/netns:z,shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ --net host \ --pid host \ --privileged \ - --rm=true \ -u root \ --name $NAME \ <%=$image_name%> \ - ip netns exec ${NETNS} /usr/sbin/dibbler-client run $ARGS + $CMD $ARGS diff --git a/templates/neutron/dnsmasq.epp b/templates/neutron/dnsmasq.epp index e40f7ea27..f17a8bf3e 100644 --- a/templates/neutron/dnsmasq.epp +++ b/templates/neutron/dnsmasq.epp @@ -1,7 +1,14 @@ -<%- | String $image_name = '', String $bind_socket = '' | -%> +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> #!/bin/bash +<%- if $debug { -%>set -x<%- } -%> +<%- if $bind_socket { -%> export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> ARGS="$@" # Extract the network namespace UUID from the command line args provided by @@ -12,19 +19,40 @@ ARGS="$@" # --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... NETNS=$(ip netns identify) NAME=neutron-dnsmasq-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +CMD="ip netns exec ${NETNS} /usr/sbin/dnsmasq -k" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +CMD='/usr/sbin/dnsmasq -k' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-dnsmasq- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') -docker stop $NAME || true -docker rm -f $NAME || true +# Find orphaned containers left for dead after its main process terminated by neutron parent process +# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 +ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi -docker run --detach \ +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach \ -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron \ + -v /run/netns:/run/netns:z,shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ --net host \ --pid host \ --privileged \ - --rm=true \ -u root \ --name $NAME \ <%=$image_name%> \ - ip netns exec ${NETNS} /usr/sbin/dnsmasq -k $ARGS + $CMD $ARGS diff --git a/templates/neutron/haproxy.epp b/templates/neutron/haproxy.epp index db37e3f4f..26119c4ff 100644 --- a/templates/neutron/haproxy.epp +++ b/templates/neutron/haproxy.epp @@ -1,7 +1,14 @@ -<%- | String $image_name = '', String $bind_socket = '' | -%> +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> #!/bin/bash +<%- if $debug { -%>set -x<%- } -%> +<%- if $bind_socket { -%> export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> ARGS="$@" # Extract the network namespace UUID from the command line args provided by @@ -12,19 +19,39 @@ ARGS="$@" # --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... NETNS=$(ip netns identify) NAME=neutron-haproxy-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +CMD="ip netns exec ${NETNS} /usr/sbin/haproxy -Ds" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +CMD='/usr/sbin/haproxy -Ds' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-haproxy- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') -docker stop $NAME || true -docker rm -f $NAME || true +# Find orphaned containers left for dead after its main process terminated by neutron parent process +ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi -docker run --detach \ +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach \ -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron \ + -v /run/netns:/run/netns:z,shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ --net host \ --pid host \ --privileged \ - --rm=true \ -u root \ --name $NAME \ <%=$image_name%> \ - ip netns exec ${NETNS} /usr/sbin/haproxy -Ds $ARGS + $CMD $ARGS diff --git a/templates/neutron/keepalived.epp b/templates/neutron/keepalived.epp index 488960624..1ca6adefa 100644 --- a/templates/neutron/keepalived.epp +++ b/templates/neutron/keepalived.epp @@ -1,7 +1,14 @@ -<%- | String $image_name = '', String $bind_socket = '' | -%> +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> #!/bin/bash +<%- if $debug { -%>set -x<%- } -%> +<%- if $bind_socket { -%> export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> ARGS="$@" # Extract the network namespace UUID from the command line args provided by @@ -12,21 +19,41 @@ ARGS="$@" # --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... NETNS=$(ip netns identify) NAME=neutron-keepalived-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +CMD="ip netns exec ${NETNS} /usr/sbin/keepalived -n -l -D" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +CMD='/usr/sbin/keepalived -n -l -D' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-keepalived- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') -docker stop $NAME || true -docker rm -f $NAME || true +# Find orphaned containers left for dead after its main process terminated by neutron parent process +ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi -docker run --detach \ +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach \ -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ -v /lib/modules:/lib/modules:ro \ -v /sbin/modprobe:/sbin/modprobe:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron \ + -v /run/netns:/run/netns:z,shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ --net host \ --pid host \ --privileged \ - --rm=true \ -u root \ --name $NAME \ <%=$image_name%> \ - ip netns exec ${NETNS} /usr/sbin/keepalived -n -l -D $ARGS + $CMD $ARGS diff --git a/templates/neutron/neutron-keepalived-state-change.epp b/templates/neutron/neutron-keepalived-state-change.epp index df866f408..1a2c49c38 100644 --- a/templates/neutron/neutron-keepalived-state-change.epp +++ b/templates/neutron/neutron-keepalived-state-change.epp @@ -1,7 +1,13 @@ -<%- | String $bind_socket = '' | -%> +<%- | String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> #!/bin/bash +<%- if $debug { -%>set -x<%- } -%> +<%- if $bind_socket { -%> export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> ARGS="$@" # Extract the network namespace UUID from the command line args provided by @@ -12,12 +18,22 @@ ARGS="$@" # --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... NETNS=$(ip netns identify) NAME=neutron-keepalived-${NETNS} +<%- if $container_cli == 'docker' { -%> +CLI='docker' +CMD="ip netns exec ${NETNS} /usr/bin/neutron-keepalived-state-change" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +CMD='/usr/bin/neutron-keepalived-state-change' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> # The state change daemon only runs as a daemon for the moment so we need to # run it within an existing container with a sensibly matching lifetime. The # related keepalived container seems an obvious choice. -container_id=`docker ps --filter name=$NAME --format "{{.ID}}"` +container_id=$($CLI ps --filter name=$NAME --format "{{.ID}}") if [[ -z $container_id ]]; then @@ -25,8 +41,8 @@ then exit 0 fi -docker exec --detach \ +$CLI exec --detach \ -u root \ --privileged \ $NAME \ - ip netns exec ${NETNS} /usr/bin/neutron-keepalived-state-change $ARGS + $CMD $ARGS diff --git a/templates/neutron/radvd.epp b/templates/neutron/radvd.epp index b70be7fe3..ca927a4b2 100644 --- a/templates/neutron/radvd.epp +++ b/templates/neutron/radvd.epp @@ -1,8 +1,14 @@ -<%- | String $image_name = '', String $bind_socket = '' | -%> +<%- | String $image_name = '', + String $bind_socket = '', + Boolean $debug, + String $container_cli = '' +| -%> #!/bin/bash +<%- if $debug { -%>set -x<%- } -%> -export DOCKER_HOST="unix:///var/run/docker_container_mount/docker.sock" +<%- if $bind_socket { -%> export DOCKER_HOST="<%=$bind_socket%>" +<%- } -%> ARGS="$@" # Extract the network namespace UUID from the command line args provided by @@ -13,18 +19,39 @@ ARGS="$@" # --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }') NAME=neutron-radvd-${NETWORK_ID} -docker stop $NAME || true -docker rm -f $NAME || true +<%- if $container_cli == 'docker' { -%> +CLI='docker' +CMD="ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n" +<%- } elsif $container_cli == 'podman' { -%> +CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" +CMD='/usr/sbin/radvd -n' +<%- } else { -%> +CLI='echo noop' +CMD='echo noop' +<%- } -%> +LIST=$($CLI ps -a --filter name=neutron-radvd- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') -docker run --detach \ +# Find orphaned containers left for dead after its main process terminated by neutron parent process +ORPHANTS=$(printf "%s\n" "${LIST}" | grep ":Exited") +if [ -n "${ORPHANTS}" ]; then + for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do + echo "Removing orphaned container ${orphant}" + $CLI stop ${orphant} || true + $CLI rm -f ${orphant} || true + done +fi + +# If the NAME is already taken by a container, give it an unique name +printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" +echo "Starting a new child container ${NAME}" +$CLI run --detach \ -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron \ + -v /run/netns:/run/netns:z,shared \ + -v /var/lib/neutron:/var/lib/neutron:z,shared \ --net host \ --pid host \ --privileged \ - --rm=true \ -u root \ --name $NAME \ <%=$image_name%> \ - ip netns exec qrouter-${NETWORK_ID} /usr/sbin/radvd -n $ARGS + $CMD $ARGS