Use a systemd service to handle sidecar containers
This change switches the neutron dhcp, l3 and ovn containers to use
ansible on the host to write out systemd & service scripts that can be
used to trigger side car containers to be launched from within the
target containers.
Change-Id: I2feb9e81bc40e44cb2c7a2972366fa4b16590227
Blueprint: safe-side-containers
Depends-On: https://review.opendev.org/706379
(cherry picked from commit 2dc7066b05
)
This commit is contained in:
parent
cabbd38cf1
commit
2d265e8682
@ -1,78 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
{% if debug_enabled|bool -%}
|
|
||||||
set -x
|
|
||||||
{% endif -%}
|
|
||||||
add_date() {
|
|
||||||
echo "$(date) $@"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set up script logging for debugging purpose.
|
|
||||||
# It will be taken care of by logrotate since there is the .log
|
|
||||||
# suffix.
|
|
||||||
exec 3>&1 4>&2
|
|
||||||
trap 'exec 2>&4 1>&3' 0 1 2 3
|
|
||||||
exec 1>>/var/log/neutron/kill-script.log 2>&1
|
|
||||||
|
|
||||||
SIG=$1
|
|
||||||
PID=$2
|
|
||||||
NETNS=$(ip netns identify ${PID})
|
|
||||||
|
|
||||||
if [ "x${NETNS}" == "x" ]; then
|
|
||||||
add_date "No network namespace detected, exiting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
{% if container_cli == 'podman' %}
|
|
||||||
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
|
|
||||||
{% elif container_cli == 'docker' %}
|
|
||||||
{% if docker_additional_sockets and docker_additional_sockets|length > 0-%}
|
|
||||||
export DOCKER_HOST=unix://{{ docker_additional_sockets[0] }}
|
|
||||||
{% endif -%}
|
|
||||||
CLI='docker'
|
|
||||||
{% else %}
|
|
||||||
CLI='echo noop'
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
kill_container() {
|
|
||||||
add_date "Stopping container $1 ($2)"
|
|
||||||
$CLI stop $2
|
|
||||||
add_date "Deleting container $1 ($2)"
|
|
||||||
$CLI rm $2
|
|
||||||
}
|
|
||||||
|
|
||||||
signal_container() {
|
|
||||||
SIGNAL=$3
|
|
||||||
if [ -z "$SIGNAL" ]; then
|
|
||||||
SIGNAL="HUP"
|
|
||||||
fi
|
|
||||||
add_date "Sending signal '$SIGNAL' to $1 ($2)"
|
|
||||||
$CLI kill --signal $SIGNAL $2
|
|
||||||
}
|
|
||||||
|
|
||||||
{% raw -%}
|
|
||||||
if [ -f /proc/$PID/cgroup ]; then
|
|
||||||
# Get container ID based on process cgroups
|
|
||||||
CT_ID=$(awk 'BEGIN {FS="[-.]"} /name=/{print $3}' /proc/$PID/cgroup)
|
|
||||||
CT_NAME=$($CLI inspect -f '{{.Name}}' $CT_ID)
|
|
||||||
|
|
||||||
case $SIG in
|
|
||||||
HUP)
|
|
||||||
signal_container $CT_NAME $CT_ID
|
|
||||||
;;
|
|
||||||
9)
|
|
||||||
kill_container $CT_NAME $CT_ID
|
|
||||||
;;
|
|
||||||
15)
|
|
||||||
signal_container $CT_NAME $CT_ID
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
add_date "Unknown action ${SIG} for ${CT_NAME} ${CT_ID}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
else
|
|
||||||
add_date "No such PID: ${PID}"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
{% endraw %}
|
|
@ -311,46 +311,38 @@ outputs:
|
|||||||
set_fact:
|
set_fact:
|
||||||
dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper}
|
dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper}
|
||||||
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
|
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
|
||||||
debug_enabled: {get_param: Debug}
|
debug_enabled:
|
||||||
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
if:
|
||||||
- name: create kill_scripts directory within /var/lib/neutron
|
- service_debug_unset
|
||||||
file:
|
- {get_param: Debug }
|
||||||
state: directory
|
- {get_param: NeutronWrapperDebug}
|
||||||
path: /var/lib/neutron/kill_scripts
|
- name: Create dhcp systemd wrappers
|
||||||
- name: create dnsmasq dhcp kill script
|
include_role:
|
||||||
when: dnsmasq_wrapper_enabled|bool
|
name: tripleo-systemd-wrapper
|
||||||
copy:
|
vars:
|
||||||
dest: /var/lib/neutron/kill_scripts/dnsmasq-kill
|
tripleo_systemd_wrapper_cmd: "{{ dhcp_wrapper_item.cmd }}"
|
||||||
mode: 0755
|
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
|
||||||
content: {get_file: ./kill-script}
|
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
|
||||||
- name: create haproxy kill script
|
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
|
||||||
when: haproxy_wrapper_enabled|bool
|
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||||
copy:
|
tripleo_systemd_wrapper_image_name: {get_param: ContainerNeutronDHCPImage}
|
||||||
dest: /var/lib/neutron/kill_scripts/haproxy-kill
|
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
|
||||||
mode: 0755
|
tripleo_systemd_wrapper_service_kill_script: "{{ dhcp_wrapper_item.kill_script }}"
|
||||||
content: {get_file: ./kill-script}
|
tripleo_systemd_wrapper_service_name: "{{ dhcp_wrapper_item.name }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: dhcp_wrapper_item
|
||||||
|
loop:
|
||||||
|
- name: dhcp_dnsmasq
|
||||||
|
cmd: /usr/sbin/dnsmasq -k
|
||||||
|
kill_script: dnsmasq-kill
|
||||||
|
- name: dhcp_haproxy
|
||||||
|
cmd: >-
|
||||||
|
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
|
||||||
|
echo "/usr/sbin/haproxy -Ds";
|
||||||
|
else
|
||||||
|
echo "/usr/sbin/haproxy -Ws"; fi)
|
||||||
|
kill_script: haproxy-kill
|
||||||
docker_config:
|
docker_config:
|
||||||
step_2:
|
|
||||||
create_dnsmasq_wrapper:
|
|
||||||
start_order: 1
|
|
||||||
detach: false
|
|
||||||
net: host
|
|
||||||
pid: host
|
|
||||||
user: root
|
|
||||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
||||||
list_concat:
|
|
||||||
-
|
|
||||||
- '/container_puppet_apply.sh'
|
|
||||||
- '4'
|
|
||||||
- 'file'
|
|
||||||
- 'include ::tripleo::profile::base::neutron::dhcp_agent_wrappers'
|
|
||||||
image: {get_param: ContainerNeutronDHCPImage}
|
|
||||||
volumes:
|
|
||||||
list_concat:
|
|
||||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
|
||||||
-
|
|
||||||
- /run/openvswitch:/run/openvswitch:shared,z
|
|
||||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
|
||||||
step_4:
|
step_4:
|
||||||
neutron_dhcp:
|
neutron_dhcp:
|
||||||
start_order: 10
|
start_order: 10
|
||||||
@ -384,12 +376,12 @@ outputs:
|
|||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- dnsmasq_wrapper_enabled
|
- dnsmasq_wrapper_enabled
|
||||||
- - /var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro
|
- - /var/lib/neutron/dhcp_dnsmasq/wrapper:/usr/local/bin/dnsmasq:ro
|
||||||
- null
|
- null
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- haproxy_wrapper_enabled
|
- haproxy_wrapper_enabled
|
||||||
- - /var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
- - /var/lib/neutron/dhcp_haproxy/wrapper:/usr/local/bin/haproxy:ro
|
||||||
- null
|
- null
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
|
@ -264,58 +264,44 @@ outputs:
|
|||||||
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
|
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
|
||||||
dibbler_wrapper_enabled: {get_param: NeutronEnableDibblerDockerWrapper}
|
dibbler_wrapper_enabled: {get_param: NeutronEnableDibblerDockerWrapper}
|
||||||
radvd_wrapper_enabled: {get_param: NeutronEnableRadvdDockerWrapper}
|
radvd_wrapper_enabled: {get_param: NeutronEnableRadvdDockerWrapper}
|
||||||
debug_enabled: {get_param: Debug}
|
debug_enabled:
|
||||||
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
if:
|
||||||
- name: create kill_scripts directory within /var/lib/neutron
|
- service_debug_unset
|
||||||
file:
|
- {get_param: Debug }
|
||||||
state: directory
|
- {get_param: NeutronWrapperDebug}
|
||||||
path: /var/lib/neutron/kill_scripts
|
- name: Create l3 systemd wrappers
|
||||||
- name: create keepalived kill script
|
include_role:
|
||||||
when: keepalived_wrapper_enabled|bool
|
name: tripleo-systemd-wrapper
|
||||||
copy:
|
vars:
|
||||||
dest: /var/lib/neutron/kill_scripts/keepalived-kill
|
tripleo_systemd_wrapper_cmd: "{{ l3_wrapper_item.cmd }}"
|
||||||
mode: 0755
|
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
|
||||||
content: {get_file: ./kill-script}
|
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
|
||||||
- name: create haproxy kill script
|
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
|
||||||
when: haproxy_wrapper_enabled|bool
|
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||||
copy:
|
tripleo_systemd_wrapper_image_name: {get_param: ContainerNeutronL3AgentImage}
|
||||||
dest: /var/lib/neutron/kill_scripts/haproxy-kill
|
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
|
||||||
mode: 0755
|
tripleo_systemd_wrapper_service_kill_script: "{{ l3_wrapper_item.kill_script }}"
|
||||||
content: {get_file: ./kill-script}
|
tripleo_systemd_wrapper_service_name: "{{ l3_wrapper_item.name }}"
|
||||||
- name: create dibbler kill script
|
loop_control:
|
||||||
when: dibbler_wrapper_enabled|bool
|
loop_var: l3_wrapper_item
|
||||||
copy:
|
loop:
|
||||||
dest: /var/lib/neutron/kill_scripts/dibbler-kill
|
- name: l3_keepalived
|
||||||
mode: 0755
|
cmd: /usr/sbin/keepalived -n -l -D
|
||||||
content: {get_file: ./kill-script}
|
kill_script: keepalived-kill
|
||||||
- name: create radvd kill script
|
- name: l3_haproxy
|
||||||
when: radvd_wrapper_enabled|bool
|
cmd: >-
|
||||||
copy:
|
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
|
||||||
dest: /var/lib/neutron/kill_scripts/radvd-kill
|
echo "/usr/sbin/haproxy -Ds";
|
||||||
mode: 0755
|
else
|
||||||
content: {get_file: ./kill-script}
|
echo "/usr/sbin/haproxy -Ws"; fi)
|
||||||
|
kill_script: haproxy-kill
|
||||||
|
- name: l3_dibbler
|
||||||
|
cmd: /usr/sbin/dibbler-client run
|
||||||
|
kill_script: dibbler-kill
|
||||||
|
- name: l3_radvd
|
||||||
|
cmd: /usr/sbin/radvd -n
|
||||||
|
kill_script: radvd-kill
|
||||||
docker_config:
|
docker_config:
|
||||||
step_2:
|
|
||||||
create_keepalived_wrapper:
|
|
||||||
start_order: 1
|
|
||||||
detach: false
|
|
||||||
net: host
|
|
||||||
pid: host
|
|
||||||
user: root
|
|
||||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
||||||
list_concat:
|
|
||||||
-
|
|
||||||
- '/container_puppet_apply.sh'
|
|
||||||
- '4'
|
|
||||||
- 'file'
|
|
||||||
- 'include ::tripleo::profile::base::neutron::l3_agent_wrappers'
|
|
||||||
image: {get_param: ContainerNeutronL3AgentImage}
|
|
||||||
volumes:
|
|
||||||
list_concat:
|
|
||||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
|
||||||
-
|
|
||||||
- /run/openvswitch:/run/openvswitch:shared,z
|
|
||||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
|
||||||
step_4:
|
step_4:
|
||||||
neutron_l3_agent:
|
neutron_l3_agent:
|
||||||
start_order: 10
|
start_order: 10
|
||||||
@ -348,22 +334,22 @@ outputs:
|
|||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- keepalived_wrapper_enabled
|
- keepalived_wrapper_enabled
|
||||||
- - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro
|
- - /var/lib/neutron/l3_keepalived/wrapper:/usr/local/bin/keepalived:ro
|
||||||
- null
|
- null
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- haproxy_wrapper_enabled
|
- haproxy_wrapper_enabled
|
||||||
- - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
- - /var/lib/neutron/l3_haproxy/wrapper:/usr/local/bin/haproxy:ro
|
||||||
- null
|
- null
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- radvd_wrapper_enabled
|
- radvd_wrapper_enabled
|
||||||
- - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro
|
- - /var/lib/neutron/l3_radvd/wrapper:/usr/local/bin/radvd:ro
|
||||||
- null
|
- null
|
||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- dibbler_wrapper_enabled
|
- dibbler_wrapper_enabled
|
||||||
- - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro
|
- - /var/lib/neutron/l3_dibbler/wrapper:/usr/local/bin/dibbler_client:ro
|
||||||
- null
|
- null
|
||||||
environment:
|
environment:
|
||||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||||
|
@ -246,40 +246,35 @@ outputs:
|
|||||||
- name: set conditions
|
- name: set conditions
|
||||||
set_fact:
|
set_fact:
|
||||||
haproxy_wrapper_enabled: {get_param: OVNEnableHaproxyDockerWrapper}
|
haproxy_wrapper_enabled: {get_param: OVNEnableHaproxyDockerWrapper}
|
||||||
debug_enabled: {get_param: Debug}
|
debug_enabled:
|
||||||
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
if:
|
||||||
- name: create kill_scripts directory within /var/lib/neutron
|
- service_debug_unset
|
||||||
file:
|
- {get_param: Debug }
|
||||||
state: directory
|
- {get_param: NeutronWrapperDebug}
|
||||||
path: /var/lib/neutron/kill_scripts
|
- name: Create ovn metadata systemd wrappers
|
||||||
- name: create haproxy kill script
|
include_role:
|
||||||
when: haproxy_wrapper_enabled|bool
|
name: tripleo-systemd-wrapper
|
||||||
copy:
|
vars:
|
||||||
dest: /var/lib/neutron/kill_scripts/haproxy-kill
|
tripleo_systemd_wrapper_cmd: "{{ ovn_wrapper_item.cmd }}"
|
||||||
mode: 0755
|
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
|
||||||
content: {get_file: ../neutron/kill-script}
|
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
|
||||||
|
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
|
||||||
|
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||||
|
tripleo_systemd_wrapper_image_name: {get_param: ContainerOvnMetadataImage}
|
||||||
|
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
|
||||||
|
tripleo_systemd_wrapper_service_kill_script: "{{ ovn_wrapper_item.kill_script }}"
|
||||||
|
tripleo_systemd_wrapper_service_name: "{{ ovn_wrapper_item.name }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: ovn_wrapper_item
|
||||||
|
loop:
|
||||||
|
- name: ovn_metadata_haproxy
|
||||||
|
cmd: >-
|
||||||
|
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
|
||||||
|
echo "/usr/sbin/haproxy -Ds";
|
||||||
|
else
|
||||||
|
echo "/usr/sbin/haproxy -Ws"; fi)
|
||||||
|
kill_script: haproxy-kill
|
||||||
docker_config:
|
docker_config:
|
||||||
step_2:
|
|
||||||
create_haproxy_wrapper:
|
|
||||||
start_order: 1
|
|
||||||
detach: false
|
|
||||||
net: host
|
|
||||||
pid: host
|
|
||||||
user: root
|
|
||||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
||||||
list_concat:
|
|
||||||
-
|
|
||||||
- '/container_puppet_apply.sh'
|
|
||||||
- '4'
|
|
||||||
- 'file'
|
|
||||||
- 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers'
|
|
||||||
image: {get_param: ContainerOvnMetadataImage}
|
|
||||||
volumes:
|
|
||||||
list_concat:
|
|
||||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
|
||||||
-
|
|
||||||
- /run/openvswitch:/run/openvswitch:shared,z
|
|
||||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
|
||||||
step_4:
|
step_4:
|
||||||
setup_ovs_manager:
|
setup_ovs_manager:
|
||||||
start_order: 0
|
start_order: 0
|
||||||
@ -328,7 +323,7 @@ outputs:
|
|||||||
-
|
-
|
||||||
if:
|
if:
|
||||||
- haproxy_wrapper_enabled
|
- haproxy_wrapper_enabled
|
||||||
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
- - /var/lib/neutron/ovn_metadata_haproxy/wrapper:/usr/local/bin/haproxy:ro
|
||||||
- null
|
- null
|
||||||
- if:
|
- if:
|
||||||
- internal_tls_enabled
|
- internal_tls_enabled
|
||||||
|
Loading…
Reference in New Issue
Block a user