From 662814ed1c121a7177c95b4a774d1c1fae686087 Mon Sep 17 00:00:00 2001 From: Daniel Alvarez Date: Wed, 30 May 2018 10:10:02 +0200 Subject: [PATCH] Generate and mount wrappers for haproxy in OVN metadata agent OVN metadata agent uses haproxy as part of its implementation. Running it in a separate container prevents dataplane breakages (ie. restarting VMs or spawning new ones) on agent restart/stop. This patch triggers the creation of such sidecar container and mounting of haproxy wrapper for spawning it in a separate container. Change-Id: I59e08384080cda0b6c0f03c9ed8fb6f6a5661e6b Related-Bug: #1749209 Signed-off-by: Daniel Alvarez --- docker/services/ovn-metadata.yaml | 38 +++++++++++++++++++++++++++++++ puppet/services/docker.yaml | 2 ++ 2 files changed, 40 insertions(+) diff --git a/docker/services/ovn-metadata.yaml b/docker/services/ovn-metadata.yaml index 2e461ff685..c27b90f90b 100644 --- a/docker/services/ovn-metadata.yaml +++ b/docker/services/ovn-metadata.yaml @@ -15,6 +15,10 @@ parameters: default: tag: openstack.neutron.agent.ovn-metadata path: /var/log/containers/neutron/networking-ovn-metadata-agent.log + OVNEnableHaproxyDockerWrapper: + description: Generate a wrapper script so that haproxy is launched in a separate container. + type: boolean + default: true ServiceData: default: {} description: Dictionary packing service data @@ -42,6 +46,9 @@ parameters: description: Parameters specific to the role type: json +conditions: + haproxy_wrapper_enabled: {equals: [{get_param: OVNEnableHaproxyDockerWrapper}, true]} + resources: ContainersCommon: @@ -71,6 +78,9 @@ outputs: map_merge: - get_attr: [OVNMetadataBase, role_data, config_settings] - get_attr: [NeutronLogging, config_settings] + - tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::enable_haproxy_wrapper: {get_param: OVNEnableHaproxyDockerWrapper} + tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_process_wrapper: '/var/lib/neutron/ovn_metadata_haproxy_wrapper' + tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_image: {get_param: DockerOvnMetadataImage} logging_source: {get_attr: [OVNMetadataBase, role_data, logging_source]} logging_groups: {get_attr: [OVNMetadataBase, role_data, logging_groups]} puppet_config: @@ -103,6 +113,27 @@ outputs: recurse: true docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]} docker_config: + step_2: + create_haproxy_wrapper: + start_order: 1 + detach: false + net: host + pid: host + user: root + command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"' + list_concat: + - + - '/docker_puppet_apply.sh' + - '4' + - 'file' + - 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers' + image: {get_param: DockerOvnMetadataImage} + volumes: + list_concat: + - {get_attr: [ContainersCommon, docker_puppet_apply_volumes]} + - + - /run/openvswitch:/run/openvswitch + - /var/lib/neutron:/var/lib/neutron step_4: setup_ovs_manager: start_order: 0 @@ -126,6 +157,7 @@ outputs: start_order: 1 image: {get_param: DockerOvnMetadataImage} net: host + pid: host privileged: true restart: always healthcheck: @@ -141,6 +173,12 @@ outputs: - /run/openvswitch:/run/openvswitch - /var/lib/neutron:/var/lib/neutron - /run/netns:/run/netns:shared + - /var/lib/openstack:/var/lib/openstack + - + if: + - haproxy_wrapper_enabled + - - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index 809b15f67d..8aff9f9d54 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -109,6 +109,8 @@ outputs: docker_additional_sockets: {get_param: DockerAdditionalSockets} neutron_dhcp: docker_additional_sockets: {get_param: DockerAdditionalSockets} + ovn_metadata: + docker_additional_sockets: {get_param: DockerAdditionalSockets} upgrade_tasks: - name: Install docker packages on upgrade if missing when: step|int == 3