From 16fc8da6349fd1f3d1e806082a454c0ed758684a Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 6 Jul 2020 12:27:57 -0400 Subject: [PATCH] Manual backport of "Move sidecar kill scripts to host prep" to Train Manual backport of https://review.opendev.org/#/c/736279 into stable/train. The patch didn't apply cleanly so we manually moved the tasks so these tasks are managed a single time against the host rather than at deployment time. Change-Id: Idf1e24e69a485b51761c161bb939ccbba6601912 Related-Bug: #1883609 --- .../neutron-dhcp-container-puppet.yaml | 64 ++++++------- .../neutron/neutron-l3-container-puppet.yaml | 92 +++++++++---------- .../ovn/ovn-metadata-container-puppet.yaml | 48 +++++----- 3 files changed, 93 insertions(+), 111 deletions(-) diff --git a/deployment/neutron/neutron-dhcp-container-puppet.yaml b/deployment/neutron/neutron-dhcp-container-puppet.yaml index 1fb8ad39b4..bba4603285 100644 --- a/deployment/neutron/neutron-dhcp-container-puppet.yaml +++ b/deployment/neutron/neutron-dhcp-container-puppet.yaml @@ -311,35 +311,6 @@ outputs: - path: /etc/pki/tls/private/neutron.key owner: neutron:neutron container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]} - deploy_steps_tasks: - - when: step|int == 1 - block: &dhcp_wrapper_tasks - - name: set conditions - set_fact: - dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper} - haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper} - debug_enabled: - if: - - service_debug_unset - - {get_param: Debug } - - {get_param: NeutronWrapperDebug} - docker_additional_sockets: {get_param: DockerAdditionalSockets} - - name: create kill_scripts directory within /var/lib/neutron - file: - state: directory - path: /var/lib/neutron/kill_scripts - - name: create dnsmasq dhcp kill script - when: dnsmasq_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/dnsmasq-kill - mode: 0755 - content: {get_file: ./kill-script} - - name: create haproxy kill script - when: haproxy_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/haproxy-kill - mode: 0755 - content: {get_file: ./kill-script} docker_config: step_2: create_dnsmasq_wrapper: @@ -425,25 +396,48 @@ outputs: command: ip netns add ns_temp register: ipnetns_add_result failed_when: false - - - name: remove temp namespace + - name: remove temp namespace command: ip netns delete ns_temp failed_when: false when: - ipnetns_add_result.rc is defined - ipnetns_add_result.rc == 0 - - - name: create /var/lib/neutron + - name: create /var/lib/neutron file: path: /var/lib/neutron state: directory setype: svirt_sandbox_file_t - - - name: enable virt_sandbox_use_netlink for healtcheck + - name: enable virt_sandbox_use_netlink for healtcheck seboolean: name: virt_sandbox_use_netlink persistent: yes state: yes - update_tasks: - - when: step|int == 1 - block: *dhcp_wrapper_tasks + - name: set conditions + set_fact: + dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper} + haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper} + debug_enabled: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NeutronWrapperDebug} + docker_additional_sockets: {get_param: DockerAdditionalSockets} + - name: create kill_scripts directory within /var/lib/neutron + file: + state: directory + path: /var/lib/neutron/kill_scripts + - name: create dnsmasq dhcp kill script + when: dnsmasq_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/dnsmasq-kill + mode: 0755 + content: {get_file: ./kill-script} + - name: create haproxy kill script + when: haproxy_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/haproxy-kill + mode: 0755 + content: {get_file: ./kill-script} upgrade_tasks: [] fast_forward_upgrade_tasks: - when: diff --git a/deployment/neutron/neutron-l3-container-puppet.yaml b/deployment/neutron/neutron-l3-container-puppet.yaml index e421aeaab2..52570957b9 100644 --- a/deployment/neutron/neutron-l3-container-puppet.yaml +++ b/deployment/neutron/neutron-l3-container-puppet.yaml @@ -255,49 +255,6 @@ outputs: owner: neutron:neutron recurse: true container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]} - deploy_steps_tasks: - - when: step|int == 1 - block: &l3_wrapper_tasks - - name: set conditions - set_fact: - keepalived_wrapper_enabled: {get_param: NeutronEnableKeepalivedWrapper} - haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper} - dibbler_wrapper_enabled: {get_param: NeutronEnableDibblerDockerWrapper} - radvd_wrapper_enabled: {get_param: NeutronEnableRadvdDockerWrapper} - debug_enabled: - if: - - service_debug_unset - - {get_param: Debug } - - {get_param: NeutronWrapperDebug} - docker_additional_sockets: {get_param: DockerAdditionalSockets} - - name: create kill_scripts directory within /var/lib/neutron - file: - state: directory - path: /var/lib/neutron/kill_scripts - - name: create keepalived kill script - when: keepalived_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/keepalived-kill - mode: 0755 - content: {get_file: ./kill-script} - - name: create haproxy kill script - when: haproxy_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/haproxy-kill - mode: 0755 - content: {get_file: ./kill-script} - - name: create dibbler kill script - when: dibbler_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/dibbler-kill - mode: 0755 - content: {get_file: ./kill-script} - - name: create radvd kill script - when: radvd_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/radvd-kill - mode: 0755 - content: {get_file: ./kill-script} docker_config: step_2: create_keepalived_wrapper: @@ -380,25 +337,62 @@ outputs: command: ip netns add ns_temp register: ipnetns_add_result failed_when: false - - - name: remove temp namespace + - name: remove temp namespace command: ip netns delete ns_temp failed_when: false when: - ipnetns_add_result.rc is defined - ipnetns_add_result.rc == 0 - - - name: create /var/lib/neutron + - name: create /var/lib/neutron file: path: /var/lib/neutron state: directory setype: svirt_sandbox_file_t - - - name: enable virt_sandbox_use_netlink for healtcheck + - name: enable virt_sandbox_use_netlink for healtcheck seboolean: name: virt_sandbox_use_netlink persistent: yes state: yes - update_tasks: - - when: step|int == 1 - block: *l3_wrapper_tasks + - name: set conditions + set_fact: + keepalived_wrapper_enabled: {get_param: NeutronEnableKeepalivedWrapper} + haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper} + dibbler_wrapper_enabled: {get_param: NeutronEnableDibblerDockerWrapper} + radvd_wrapper_enabled: {get_param: NeutronEnableRadvdDockerWrapper} + debug_enabled: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NeutronWrapperDebug} + docker_additional_sockets: {get_param: DockerAdditionalSockets} + - name: create kill_scripts directory within /var/lib/neutron + file: + state: directory + path: /var/lib/neutron/kill_scripts + - name: create keepalived kill script + when: keepalived_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/keepalived-kill + mode: 0755 + content: {get_file: ./kill-script} + - name: create haproxy kill script + when: haproxy_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/haproxy-kill + mode: 0755 + content: {get_file: ./kill-script} + - name: create dibbler kill script + when: dibbler_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/dibbler-kill + mode: 0755 + content: {get_file: ./kill-script} + - name: create radvd kill script + when: radvd_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/radvd-kill + mode: 0755 + content: {get_file: ./kill-script} upgrade_tasks: [] fast_forward_upgrade_tasks: - when: diff --git a/deployment/ovn/ovn-metadata-container-puppet.yaml b/deployment/ovn/ovn-metadata-container-puppet.yaml index 9ca9e5da0a..02d146c22b 100644 --- a/deployment/ovn/ovn-metadata-container-puppet.yaml +++ b/deployment/ovn/ovn-metadata-container-puppet.yaml @@ -240,28 +240,6 @@ outputs: optional: true perm: '0644' container_config_scripts: {get_attr: [ContainersCommon, container_config_scripts]} - deploy_steps_tasks: - - when: step|int == 1 - block: &ovn_wrapper_tasks - - name: set conditions - set_fact: - haproxy_wrapper_enabled: {get_param: OVNEnableHaproxyDockerWrapper} - debug_enabled: - if: - - service_debug_unset - - {get_param: Debug } - - {get_param: NeutronWrapperDebug} - docker_additional_sockets: {get_param: DockerAdditionalSockets} - - name: create kill_scripts directory within /var/lib/neutron - file: - state: directory - path: /var/lib/neutron/kill_scripts - - name: create haproxy kill script - when: haproxy_wrapper_enabled|bool - copy: - dest: /var/lib/neutron/kill_scripts/haproxy-kill - mode: 0755 - content: {get_file: ../neutron/kill-script} docker_config: step_2: create_haproxy_wrapper: @@ -358,18 +336,34 @@ outputs: command: ip netns add ns_temp register: ipnetns_add_result failed_when: false - - - name: remove temp namespace + - name: remove temp namespace command: ip netns delete ns_temp failed_when: false when: - ipnetns_add_result.rc is defined - ipnetns_add_result.rc == 0 - - - name: create /var/lib/neutron + - name: create /var/lib/neutron file: path: /var/lib/neutron state: directory setype: svirt_sandbox_file_t - update_tasks: - - when: step|int == 1 - block: *ovn_wrapper_tasks + - name: set conditions + set_fact: + haproxy_wrapper_enabled: {get_param: OVNEnableHaproxyDockerWrapper} + debug_enabled: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NeutronWrapperDebug} + docker_additional_sockets: {get_param: DockerAdditionalSockets} + - name: create kill_scripts directory within /var/lib/neutron + file: + state: directory + path: /var/lib/neutron/kill_scripts + - name: create haproxy kill script + when: haproxy_wrapper_enabled|bool + copy: + dest: /var/lib/neutron/kill_scripts/haproxy-kill + mode: 0755 + content: {get_file: ../neutron/kill-script} upgrade_tasks: []