Use a systemd service to handle sidecar containers
This change switches the neutron dhcp, l3 and ovn containers to use ansible on the host to write out systemd & service scripts that can be used to trigger side car containers to be launched from within the target containers. Change-Id: I2feb9e81bc40e44cb2c7a2972366fa4b16590227 Blueprint: safe-side-containers Depends-On: https://review.opendev.org/693442
This commit is contained in:
parent
6dce450058
commit
2dc7066b05
|
@ -1,71 +0,0 @@
|
|||
#!/bin/bash
|
||||
{% if debug_enabled|bool -%}
|
||||
set -x
|
||||
{% endif -%}
|
||||
add_date() {
|
||||
echo "$(date) $@"
|
||||
}
|
||||
|
||||
# Set up script logging for debugging purpose.
|
||||
# It will be taken care of by logrotate since there is the .log
|
||||
# suffix.
|
||||
exec 3>&1 4>&2
|
||||
trap 'exec 2>&4 1>&3' 0 1 2 3
|
||||
exec 1>>/var/log/neutron/kill-script.log 2>&1
|
||||
|
||||
SIG=$1
|
||||
PID=$2
|
||||
NETNS=$(ip netns identify ${PID})
|
||||
|
||||
if [ "x${NETNS}" == "x" ]; then
|
||||
add_date "No network namespace detected, exiting"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
{% if container_cli == 'podman' %}
|
||||
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
|
||||
{% elif container_cli == 'docker' %}
|
||||
{% if docker_additional_sockets and docker_additional_sockets|length > 0-%}
|
||||
export DOCKER_HOST=unix://{{ docker_additional_sockets[0] }}
|
||||
{% endif -%}
|
||||
CLI='docker'
|
||||
{% else %}
|
||||
CLI='echo noop'
|
||||
{% endif %}
|
||||
|
||||
kill_container() {
|
||||
add_date "Stopping container $1 ($2)"
|
||||
$CLI stop $2
|
||||
add_date "Deleting container $1 ($2)"
|
||||
$CLI rm $2
|
||||
}
|
||||
|
||||
hup_container() {
|
||||
add_date "Sending HUP signal to $1 ($2)"
|
||||
$CLI kill --signal HUP $2
|
||||
}
|
||||
|
||||
{% raw -%}
|
||||
if [ -f /proc/$PID/cgroup ]; then
|
||||
# Get container ID based on process cgroups
|
||||
CT_ID=$(awk 'BEGIN {FS="[-.]"} /name=/{print $3}' /proc/$PID/cgroup)
|
||||
CT_NAME=$($CLI inspect -f '{{.Name}}' $CT_ID)
|
||||
|
||||
case $SIG in
|
||||
HUP)
|
||||
hup_container $CT_NAME $CT_ID
|
||||
;;
|
||||
9)
|
||||
kill_container $CT_NAME $CT_ID
|
||||
;;
|
||||
*)
|
||||
add_date "Unknown action ${SIG} for ${$CT_NAME} ${CT_ID}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
else
|
||||
add_date "No such PID: ${PID}"
|
||||
exit 1
|
||||
fi
|
||||
{% endraw %}
|
|
@ -311,46 +311,38 @@ outputs:
|
|||
set_fact:
|
||||
dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper}
|
||||
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
|
||||
debug_enabled: {get_param: Debug}
|
||||
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||
- name: create kill_scripts directory within /var/lib/neutron
|
||||
file:
|
||||
state: directory
|
||||
path: /var/lib/neutron/kill_scripts
|
||||
- name: create dnsmasq dhcp kill script
|
||||
when: dnsmasq_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/dnsmasq-kill
|
||||
mode: 0755
|
||||
content: {get_file: ./kill-script}
|
||||
- name: create haproxy kill script
|
||||
when: haproxy_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/haproxy-kill
|
||||
mode: 0755
|
||||
content: {get_file: ./kill-script}
|
||||
debug_enabled:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: NeutronWrapperDebug}
|
||||
- name: Create dhcp systemd wrappers
|
||||
include_role:
|
||||
name: tripleo-systemd-wrapper
|
||||
vars:
|
||||
tripleo_systemd_wrapper_cmd: "{{ dhcp_wrapper_item.cmd }}"
|
||||
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
|
||||
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
|
||||
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
|
||||
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||
tripleo_systemd_wrapper_image_name: {get_param: ContainerNeutronDHCPImage}
|
||||
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
|
||||
tripleo_systemd_wrapper_service_kill_script: "{{ dhcp_wrapper_item.kill_script }}"
|
||||
tripleo_systemd_wrapper_service_name: "{{ dhcp_wrapper_item.name }}"
|
||||
loop_control:
|
||||
loop_var: dhcp_wrapper_item
|
||||
loop:
|
||||
- name: dhcp_dnsmasq
|
||||
cmd: /usr/sbin/dnsmasq -k
|
||||
kill_script: dnsmasq-kill
|
||||
- name: dhcp_haproxy
|
||||
cmd: >-
|
||||
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
|
||||
echo "/usr/sbin/haproxy -Ds";
|
||||
else
|
||||
echo "/usr/sbin/haproxy -Ws"; fi)
|
||||
kill_script: haproxy-kill
|
||||
docker_config:
|
||||
step_2:
|
||||
create_dnsmasq_wrapper:
|
||||
start_order: 1
|
||||
detach: false
|
||||
net: host
|
||||
pid: host
|
||||
user: root
|
||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
||||
list_concat:
|
||||
-
|
||||
- '/container_puppet_apply.sh'
|
||||
- '4'
|
||||
- 'file'
|
||||
- 'include ::tripleo::profile::base::neutron::dhcp_agent_wrappers'
|
||||
image: {get_param: ContainerNeutronDHCPImage}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
||||
-
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
||||
step_4:
|
||||
neutron_dhcp:
|
||||
start_order: 10
|
||||
|
@ -384,12 +376,12 @@ outputs:
|
|||
-
|
||||
if:
|
||||
- dnsmasq_wrapper_enabled
|
||||
- - /var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro
|
||||
- - /var/lib/neutron/dhcp_dnsmasq/wrapper:/usr/local/bin/dnsmasq:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
- haproxy_wrapper_enabled
|
||||
- - /var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
||||
- - /var/lib/neutron/dhcp_haproxy/wrapper:/usr/local/bin/haproxy:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
|
|
|
@ -264,58 +264,44 @@ outputs:
|
|||
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
|
||||
dibbler_wrapper_enabled: {get_param: NeutronEnableDibblerDockerWrapper}
|
||||
radvd_wrapper_enabled: {get_param: NeutronEnableRadvdDockerWrapper}
|
||||
debug_enabled: {get_param: Debug}
|
||||
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||
- name: create kill_scripts directory within /var/lib/neutron
|
||||
file:
|
||||
state: directory
|
||||
path: /var/lib/neutron/kill_scripts
|
||||
- name: create keepalived kill script
|
||||
when: keepalived_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/keepalived-kill
|
||||
mode: 0755
|
||||
content: {get_file: ./kill-script}
|
||||
- name: create haproxy kill script
|
||||
when: haproxy_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/haproxy-kill
|
||||
mode: 0755
|
||||
content: {get_file: ./kill-script}
|
||||
- name: create dibbler kill script
|
||||
when: dibbler_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/dibbler-kill
|
||||
mode: 0755
|
||||
content: {get_file: ./kill-script}
|
||||
- name: create radvd kill script
|
||||
when: radvd_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/radvd-kill
|
||||
mode: 0755
|
||||
content: {get_file: ./kill-script}
|
||||
debug_enabled:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: NeutronWrapperDebug}
|
||||
- name: Create l3 systemd wrappers
|
||||
include_role:
|
||||
name: tripleo-systemd-wrapper
|
||||
vars:
|
||||
tripleo_systemd_wrapper_cmd: "{{ l3_wrapper_item.cmd }}"
|
||||
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
|
||||
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
|
||||
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
|
||||
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||
tripleo_systemd_wrapper_image_name: {get_param: ContainerNeutronL3AgentImage}
|
||||
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
|
||||
tripleo_systemd_wrapper_service_kill_script: "{{ l3_wrapper_item.kill_script }}"
|
||||
tripleo_systemd_wrapper_service_name: "{{ l3_wrapper_item.name }}"
|
||||
loop_control:
|
||||
loop_var: l3_wrapper_item
|
||||
loop:
|
||||
- name: l3_keepalived
|
||||
cmd: /usr/sbin/keepalived -n -l -D
|
||||
kill_script: keepalived-kill
|
||||
- name: l3_haproxy
|
||||
cmd: >-
|
||||
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
|
||||
echo "/usr/sbin/haproxy -Ds";
|
||||
else
|
||||
echo "/usr/sbin/haproxy -Ws"; fi)
|
||||
kill_script: haproxy-kill
|
||||
- name: l3_dibbler
|
||||
cmd: /usr/sbin/dibbler-client run
|
||||
kill_script: dibbler-kill
|
||||
- name: l3_radvd
|
||||
cmd: /usr/sbin/radvd -n
|
||||
kill_script: radvd-kill
|
||||
docker_config:
|
||||
step_2:
|
||||
create_keepalived_wrapper:
|
||||
start_order: 1
|
||||
detach: false
|
||||
net: host
|
||||
pid: host
|
||||
user: root
|
||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
||||
list_concat:
|
||||
-
|
||||
- '/container_puppet_apply.sh'
|
||||
- '4'
|
||||
- 'file'
|
||||
- 'include ::tripleo::profile::base::neutron::l3_agent_wrappers'
|
||||
image: {get_param: ContainerNeutronL3AgentImage}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
||||
-
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
||||
step_4:
|
||||
neutron_l3_agent:
|
||||
start_order: 10
|
||||
|
@ -348,22 +334,22 @@ outputs:
|
|||
-
|
||||
if:
|
||||
- keepalived_wrapper_enabled
|
||||
- - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro
|
||||
- - /var/lib/neutron/l3_keepalived/wrapper:/usr/local/bin/keepalived:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
- haproxy_wrapper_enabled
|
||||
- - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
||||
- - /var/lib/neutron/l3_haproxy/wrapper:/usr/local/bin/haproxy:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
- radvd_wrapper_enabled
|
||||
- - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro
|
||||
- - /var/lib/neutron/l3_radvd/wrapper:/usr/local/bin/radvd:ro
|
||||
- null
|
||||
-
|
||||
if:
|
||||
- dibbler_wrapper_enabled
|
||||
- - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro
|
||||
- - /var/lib/neutron/l3_dibbler/wrapper:/usr/local/bin/dibbler_client:ro
|
||||
- null
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
|
|
|
@ -246,40 +246,35 @@ outputs:
|
|||
- name: set conditions
|
||||
set_fact:
|
||||
haproxy_wrapper_enabled: {get_param: OVNEnableHaproxyDockerWrapper}
|
||||
debug_enabled: {get_param: Debug}
|
||||
docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||
- name: create kill_scripts directory within /var/lib/neutron
|
||||
file:
|
||||
state: directory
|
||||
path: /var/lib/neutron/kill_scripts
|
||||
- name: create haproxy kill script
|
||||
when: haproxy_wrapper_enabled|bool
|
||||
copy:
|
||||
dest: /var/lib/neutron/kill_scripts/haproxy-kill
|
||||
mode: 0755
|
||||
content: {get_file: ../neutron/kill-script}
|
||||
debug_enabled:
|
||||
if:
|
||||
- service_debug_unset
|
||||
- {get_param: Debug }
|
||||
- {get_param: NeutronWrapperDebug}
|
||||
- name: Create ovn metadata systemd wrappers
|
||||
include_role:
|
||||
name: tripleo-systemd-wrapper
|
||||
vars:
|
||||
tripleo_systemd_wrapper_cmd: "{{ ovn_wrapper_item.cmd }}"
|
||||
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
|
||||
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
|
||||
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
|
||||
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
|
||||
tripleo_systemd_wrapper_image_name: {get_param: ContainerOvnMetadataImage}
|
||||
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
|
||||
tripleo_systemd_wrapper_service_kill_script: "{{ ovn_wrapper_item.kill_script }}"
|
||||
tripleo_systemd_wrapper_service_name: "{{ ovn_wrapper_item.name }}"
|
||||
loop_control:
|
||||
loop_var: ovn_wrapper_item
|
||||
loop:
|
||||
- name: ovn_metadata_haproxy
|
||||
cmd: >-
|
||||
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
|
||||
echo "/usr/sbin/haproxy -Ds";
|
||||
else
|
||||
echo "/usr/sbin/haproxy -Ws"; fi)
|
||||
kill_script: haproxy-kill
|
||||
docker_config:
|
||||
step_2:
|
||||
create_haproxy_wrapper:
|
||||
start_order: 1
|
||||
detach: false
|
||||
net: host
|
||||
pid: host
|
||||
user: root
|
||||
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
||||
list_concat:
|
||||
-
|
||||
- '/container_puppet_apply.sh'
|
||||
- '4'
|
||||
- 'file'
|
||||
- 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers'
|
||||
image: {get_param: ContainerOvnMetadataImage}
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
|
||||
-
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
- /var/lib/neutron:/var/lib/neutron:shared,z
|
||||
step_4:
|
||||
setup_ovs_manager:
|
||||
start_order: 0
|
||||
|
@ -328,7 +323,7 @@ outputs:
|
|||
-
|
||||
if:
|
||||
- haproxy_wrapper_enabled
|
||||
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
||||
- - /var/lib/neutron/ovn_metadata_haproxy/wrapper:/usr/local/bin/haproxy:ro
|
||||
- null
|
||||
- if:
|
||||
- internal_tls_enabled
|
||||
|
|
Loading…
Reference in New Issue