openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Use a systemd service to handle sidecar containers 

This change switches the neutron dhcp, l3 and ovn containers to use
ansible on the host to write out systemd & service scripts that can be
used to trigger side car containers to be launched from within the
target containers.

Change-Id: I2feb9e81bc40e44cb2c7a2972366fa4b16590227
Blueprint: safe-side-containers
Depends-On: https://review.opendev.org/693442
This commit is contained in:
Alex Schultz 2019-11-08 13:45:07 -07:00 committed by Emilien Macchi
parent 6dce450058
commit 2dc7066b05
4 changed files with 103 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
deployment/neutron/kill-script
View File

@ -1,71 +0,0 @@
#!/bin/bash
{% if debug_enabled|bool -%}
set -x
{% endif -%}
add_date() {
echo "$(date) $@"
}
# Set up script logging for debugging purpose.
# It will be taken care of by logrotate since there is the .log
# suffix.
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>>/var/log/neutron/kill-script.log 2>&1
SIG=$1
PID=$2
NETNS=$(ip netns identify ${PID})
if [ "x${NETNS}" == "x" ]; then
add_date "No network namespace detected, exiting"
exit 1
fi
{% if container_cli == 'podman' %}
CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman"
{% elif container_cli == 'docker' %}
{% if docker_additional_sockets and docker_additional_sockets|length > 0-%}
export DOCKER_HOST=unix://{{ docker_additional_sockets[0] }}
{% endif -%}
CLI='docker'
{% else %}
CLI='echo noop'
{% endif %}
kill_container() {
add_date "Stopping container $1 ($2)"
$CLI stop $2
add_date "Deleting container $1 ($2)"
$CLI rm $2
}
hup_container() {
add_date "Sending HUP signal to $1 ($2)"
$CLI kill --signal HUP $2
}
{% raw -%}
if [ -f /proc/$PID/cgroup ]; then
# Get container ID based on process cgroups
CT_ID=$(awk 'BEGIN {FS="[-.]"} /name=/{print $3}' /proc/$PID/cgroup)
CT_NAME=$($CLI inspect -f '{{.Name}}' $CT_ID)
case $SIG in
HUP)
hup_container $CT_NAME $CT_ID
;;
9)
kill_container $CT_NAME $CT_ID
;;
*)
add_date "Unknown action ${SIG} for ${$CT_NAME} ${CT_ID}"
exit 1
;;
esac
else
add_date "No such PID: ${PID}"
exit 1
fi
{% endraw %}

74
deployment/neutron/neutron-dhcp-container-puppet.yaml
View File

@ -311,46 +311,38 @@ outputs:
set_fact:
dnsmasq_wrapper_enabled: {get_param: NeutronEnableDnsmasqDockerWrapper}
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
debug_enabled: {get_param: Debug}
docker_additional_sockets: {get_param: DockerAdditionalSockets}
- name: create kill_scripts directory within /var/lib/neutron
file:
state: directory
path: /var/lib/neutron/kill_scripts
- name: create dnsmasq dhcp kill script
when: dnsmasq_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/dnsmasq-kill
mode: 0755
content: {get_file: ./kill-script}
- name: create haproxy kill script
when: haproxy_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/haproxy-kill
mode: 0755
content: {get_file: ./kill-script}
debug_enabled:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: NeutronWrapperDebug}
- name: Create dhcp systemd wrappers
include_role:
name: tripleo-systemd-wrapper
vars:
tripleo_systemd_wrapper_cmd: "{{ dhcp_wrapper_item.cmd }}"
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
tripleo_systemd_wrapper_image_name: {get_param: ContainerNeutronDHCPImage}
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
tripleo_systemd_wrapper_service_kill_script: "{{ dhcp_wrapper_item.kill_script }}"
tripleo_systemd_wrapper_service_name: "{{ dhcp_wrapper_item.name }}"
loop_control:
loop_var: dhcp_wrapper_item
loop:
- name: dhcp_dnsmasq
cmd: /usr/sbin/dnsmasq -k
kill_script: dnsmasq-kill
- name: dhcp_haproxy
cmd: >-
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
echo "/usr/sbin/haproxy -Ds";
else
echo "/usr/sbin/haproxy -Ws"; fi)
kill_script: haproxy-kill
docker_config:
step_2:
create_dnsmasq_wrapper:
start_order: 1
detach: false
net: host
pid: host
user: root
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
-
- '/container_puppet_apply.sh'
- '4'
- 'file'
- 'include ::tripleo::profile::base::neutron::dhcp_agent_wrappers'
image: {get_param: ContainerNeutronDHCPImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
neutron_dhcp:
start_order: 10
@ -384,12 +376,12 @@ outputs:
-
if:
- dnsmasq_wrapper_enabled
- - /var/lib/neutron/dnsmasq_wrapper:/usr/local/bin/dnsmasq:ro
- - /var/lib/neutron/dhcp_dnsmasq/wrapper:/usr/local/bin/dnsmasq:ro
- null
-
if:
- haproxy_wrapper_enabled
- - /var/lib/neutron/dhcp_haproxy_wrapper:/usr/local/bin/haproxy:ro
- - /var/lib/neutron/dhcp_haproxy/wrapper:/usr/local/bin/haproxy:ro
- null
-
if:

96
deployment/neutron/neutron-l3-container-puppet.yaml
View File

@ -264,58 +264,44 @@ outputs:
haproxy_wrapper_enabled: {get_param: NeutronEnableHaproxyDockerWrapper}
dibbler_wrapper_enabled: {get_param: NeutronEnableDibblerDockerWrapper}
radvd_wrapper_enabled: {get_param: NeutronEnableRadvdDockerWrapper}
debug_enabled: {get_param: Debug}
docker_additional_sockets: {get_param: DockerAdditionalSockets}
- name: create kill_scripts directory within /var/lib/neutron
file:
state: directory
path: /var/lib/neutron/kill_scripts
- name: create keepalived kill script
when: keepalived_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/keepalived-kill
mode: 0755
content: {get_file: ./kill-script}
- name: create haproxy kill script
when: haproxy_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/haproxy-kill
mode: 0755
content: {get_file: ./kill-script}
- name: create dibbler kill script
when: dibbler_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/dibbler-kill
mode: 0755
content: {get_file: ./kill-script}
- name: create radvd kill script
when: radvd_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/radvd-kill
mode: 0755
content: {get_file: ./kill-script}
debug_enabled:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: NeutronWrapperDebug}
- name: Create l3 systemd wrappers
include_role:
name: tripleo-systemd-wrapper
vars:
tripleo_systemd_wrapper_cmd: "{{ l3_wrapper_item.cmd }}"
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
tripleo_systemd_wrapper_image_name: {get_param: ContainerNeutronL3AgentImage}
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
tripleo_systemd_wrapper_service_kill_script: "{{ l3_wrapper_item.kill_script }}"
tripleo_systemd_wrapper_service_name: "{{ l3_wrapper_item.name }}"
loop_control:
loop_var: l3_wrapper_item
loop:
- name: l3_keepalived
cmd: /usr/sbin/keepalived -n -l -D
kill_script: keepalived-kill
- name: l3_haproxy
cmd: >-
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
echo "/usr/sbin/haproxy -Ds";
else
echo "/usr/sbin/haproxy -Ws"; fi)
kill_script: haproxy-kill
- name: l3_dibbler
cmd: /usr/sbin/dibbler-client run
kill_script: dibbler-kill
- name: l3_radvd
cmd: /usr/sbin/radvd -n
kill_script: radvd-kill
docker_config:
step_2:
create_keepalived_wrapper:
start_order: 1
detach: false
net: host
pid: host
user: root
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
-
- '/container_puppet_apply.sh'
- '4'
- 'file'
- 'include ::tripleo::profile::base::neutron::l3_agent_wrappers'
image: {get_param: ContainerNeutronL3AgentImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
neutron_l3_agent:
start_order: 10
@ -348,22 +334,22 @@ outputs:
-
if:
- keepalived_wrapper_enabled
- - /var/lib/neutron/keepalived_wrapper:/usr/local/bin/keepalived:ro
- - /var/lib/neutron/l3_keepalived/wrapper:/usr/local/bin/keepalived:ro
- null
-
if:
- haproxy_wrapper_enabled
- - /var/lib/neutron/l3_haproxy_wrapper:/usr/local/bin/haproxy:ro
- - /var/lib/neutron/l3_haproxy/wrapper:/usr/local/bin/haproxy:ro
- null
-
if:
- radvd_wrapper_enabled
- - /var/lib/neutron/radvd_wrapper:/usr/local/bin/radvd:ro
- - /var/lib/neutron/l3_radvd/wrapper:/usr/local/bin/radvd:ro
- null
-
if:
- dibbler_wrapper_enabled
- - /var/lib/neutron/dibbler_wrapper:/usr/local/bin/dibbler_client:ro
- - /var/lib/neutron/l3_dibbler/wrapper:/usr/local/bin/dibbler_client:ro
- null
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS

63
deployment/ovn/ovn-metadata-container-puppet.yaml
View File

@ -246,40 +246,35 @@ outputs:
- name: set conditions
set_fact:
haproxy_wrapper_enabled: {get_param: OVNEnableHaproxyDockerWrapper}
debug_enabled: {get_param: Debug}
docker_additional_sockets: {get_param: DockerAdditionalSockets}
- name: create kill_scripts directory within /var/lib/neutron
file:
state: directory
path: /var/lib/neutron/kill_scripts
- name: create haproxy kill script
when: haproxy_wrapper_enabled|bool
copy:
dest: /var/lib/neutron/kill_scripts/haproxy-kill
mode: 0755
content: {get_file: ../neutron/kill-script}
debug_enabled:
if:
- service_debug_unset
- {get_param: Debug }
- {get_param: NeutronWrapperDebug}
- name: Create ovn metadata systemd wrappers
include_role:
name: tripleo-systemd-wrapper
vars:
tripleo_systemd_wrapper_cmd: "{{ ovn_wrapper_item.cmd }}"
tripleo_systemd_wrapper_config_bind_mount: "/var/lib/config-data/puppet-generated/neutron:/etc/neutron:ro"
tripleo_systemd_wrapper_container_cli: "{{ container_cli }}"
tripleo_systemd_wrapper_debug: "{{ debug_enabled }}"
tripleo_systemd_wrapper_docker_additional_sockets: {get_param: DockerAdditionalSockets}
tripleo_systemd_wrapper_image_name: {get_param: ContainerOvnMetadataImage}
tripleo_systemd_wrapper_service_dir: /var/lib/neutron
tripleo_systemd_wrapper_service_kill_script: "{{ ovn_wrapper_item.kill_script }}"
tripleo_systemd_wrapper_service_name: "{{ ovn_wrapper_item.name }}"
loop_control:
loop_var: ovn_wrapper_item
loop:
- name: ovn_metadata_haproxy
cmd: >-
$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then
echo "/usr/sbin/haproxy -Ds";
else
echo "/usr/sbin/haproxy -Ws"; fi)
kill_script: haproxy-kill
docker_config:
step_2:
create_haproxy_wrapper:
start_order: 1
detach: false
net: host
pid: host
user: root
command: # '/container_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
list_concat:
-
- '/container_puppet_apply.sh'
- '4'
- 'file'
- 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers'
image: {get_param: ContainerOvnMetadataImage}
volumes:
list_concat:
- {get_attr: [ContainersCommon, container_puppet_apply_volumes]}
-
- /run/openvswitch:/run/openvswitch:shared,z
- /var/lib/neutron:/var/lib/neutron:shared,z
step_4:
setup_ovs_manager:
start_order: 0
@ -328,7 +323,7 @@ outputs:
-
if:
- haproxy_wrapper_enabled
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
- - /var/lib/neutron/ovn_metadata_haproxy/wrapper:/usr/local/bin/haproxy:ro
- null
- if:
- internal_tls_enabled