Do not run puppet in docker_config
The docker_config is not intended for puppet execution and doesn't automatically present the common requirements like fact cache generated on host to run puppet inside containers. This merges puppet execution into the base puppet_task to simplify puppet execution. Because creating ovs bridge requires access to host pids which is not allowed to container puppet tasks, that specific task is re-implemented by host prep tasks. Closes-Bug: #1958240 Change-Id: I7d647afbf26ea11aff4d51cc3ea734881bf5cd32
This commit is contained in:
parent
a170fc4c75
commit
c275d78703
@ -32,12 +32,6 @@ parameters:
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
DeployIdentifier:
|
||||
default: ''
|
||||
type: string
|
||||
description: >
|
||||
Setting this to a unique value will re-run any deployment tasks which
|
||||
perform configuration on a Heat stack-update.
|
||||
MultiInterfaceDriverMappings:
|
||||
type: comma_delimited_list
|
||||
default: ""
|
||||
@ -92,34 +86,13 @@ outputs:
|
||||
neutron::agents::ml2::mlnx::dhcp_broadcast_reply: true
|
||||
neutron::agents::ml2::mlnx::interface_driver : 'multi'
|
||||
neutron::agents::ml2::mlnx::enable_multi_interface_driver_cache_maintenance : true
|
||||
docker_config:
|
||||
step_3:
|
||||
neutron_agents_ib_config:
|
||||
detach: false
|
||||
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
||||
net: host
|
||||
pid: host
|
||||
user: root
|
||||
privileged: true
|
||||
security_opt:
|
||||
- label=disable
|
||||
command:
|
||||
- puppet
|
||||
- apply
|
||||
- --modulepath
|
||||
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
|
||||
- -v
|
||||
- -e
|
||||
- "include neutron::agents::ml2::mlnx"
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- - /lib/modules:/lib/modules:ro
|
||||
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
||||
puppet_config:
|
||||
config_volume: 'neutron'
|
||||
puppet_tags: eswitchd_config,neutron_dhcp_agent_config,neutron_l3_agent_config,neutron_mlnx_agent_config
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::agents::mlnx
|
||||
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
||||
docker_config: {}
|
||||
metadata_settings:
|
||||
get_attr: [NeutronBase, role_data, metadata_settings]
|
||||
upgrade_tasks: []
|
||||
|
@ -37,12 +37,6 @@ parameters:
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
DeployIdentifier:
|
||||
default: ''
|
||||
type: string
|
||||
description: >
|
||||
Setting this to a unique value will re-run any deployment tasks which
|
||||
perform configuration on a Heat stack-update.
|
||||
NeutronPhysicalDevMappings:
|
||||
description: >
|
||||
List of <physical_network>:<physical device>
|
||||
@ -117,9 +111,10 @@ outputs:
|
||||
- get_attr: [MlnxAgentLogging, config_settings]
|
||||
puppet_config:
|
||||
config_volume: 'neutron'
|
||||
puppet_tags: neutron_plugin_ml2
|
||||
puppet_tags: neutron_plugin_ml2,eswitchd_config,neutron_dhcp_agent_config,neutron_l3_agent_config,neutron_mlnx_agent_config
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::plugins::ml2
|
||||
include tripleo::profile::base::neutron::agents::mlnx
|
||||
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
||||
kolla_config:
|
||||
/var/lib/kolla/config_files/neutron_mlnx_agent.json:
|
||||
@ -153,35 +148,6 @@ outputs:
|
||||
owner: neutron:neutron
|
||||
recurse: true
|
||||
docker_config:
|
||||
step_3:
|
||||
neutron_mlnx_agent_config:
|
||||
detach: false
|
||||
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
||||
net: host
|
||||
pid: host
|
||||
user: root
|
||||
privileged: true
|
||||
security_opt:
|
||||
- label=disable
|
||||
command:
|
||||
- puppet
|
||||
- apply
|
||||
- --modulepath
|
||||
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
|
||||
- -v
|
||||
- -e
|
||||
- "include tripleo::profile::base::neutron::agents::mlnx"
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
||||
step_4:
|
||||
neutron_mlnx_agent:
|
||||
start_order: 10
|
||||
|
@ -46,16 +46,6 @@ parameters:
|
||||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
DeployIdentifier:
|
||||
default: ''
|
||||
type: string
|
||||
description: >
|
||||
Setting this to a unique value will re-run any deployment tasks which
|
||||
perform configuration on a Heat stack-update.
|
||||
DockerPuppetMountHostPuppet:
|
||||
type: boolean
|
||||
default: true
|
||||
description: Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly.
|
||||
PythonInterpreter:
|
||||
type: string
|
||||
description: The python interpreter to use for python and ansible actions
|
||||
@ -281,7 +271,7 @@ outputs:
|
||||
collectd::plugin::ovs_stats::socket: '/run/openvswitch/db.sock'
|
||||
puppet_config:
|
||||
config_volume: neutron
|
||||
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
|
||||
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2,vs_config
|
||||
step_config: |
|
||||
include tripleo::profile::base::neutron::ovs
|
||||
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
||||
@ -328,39 +318,6 @@ outputs:
|
||||
params:
|
||||
PYTHON: {get_param: PythonInterpreter}
|
||||
docker_config:
|
||||
step_3:
|
||||
neutron_ovs_bridge:
|
||||
detach: false
|
||||
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
|
||||
net: host
|
||||
pid: host
|
||||
user: root
|
||||
privileged: true
|
||||
security_opt:
|
||||
- label=disable
|
||||
command:
|
||||
- puppet
|
||||
- apply
|
||||
- --modulepath
|
||||
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
|
||||
- --tags
|
||||
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge,vs_config
|
||||
- -v
|
||||
- -e
|
||||
- include neutron::agents::ml2::ovs
|
||||
volumes:
|
||||
list_concat:
|
||||
- {get_attr: [ContainersCommon, volumes]}
|
||||
- - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
|
||||
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
|
||||
- /lib/modules:/lib/modules:ro
|
||||
- /run/openvswitch:/run/openvswitch:shared,z
|
||||
- if:
|
||||
- {get_param: DockerPuppetMountHostPuppet}
|
||||
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
|
||||
environment:
|
||||
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
|
||||
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
|
||||
step_4:
|
||||
neutron_ovs_agent:
|
||||
start_order: 10
|
||||
@ -421,6 +378,15 @@ outputs:
|
||||
when:
|
||||
- ansible_facts.selinux is defined
|
||||
- ansible_facts.selinux.status == "enabled"
|
||||
- block:
|
||||
- name: Create the ovs bridges
|
||||
shell: |
|
||||
ovs-vsctl --may-exist add-br "{{ item.split(':')[1] }}"
|
||||
with_items: {get_attr: [RoleParametersValue, value, 'neutron::agents::ml2::ovs::bridge_mappings']}
|
||||
- name: Activate the ovs bridges
|
||||
shell: |
|
||||
ip link set dev "{{ item.split(':')[1] }}" up
|
||||
with_items: {get_attr: [RoleParametersValue, value, 'neutron::agents::ml2::ovs::bridge_mappings']}
|
||||
update_tasks:
|
||||
# puppetlabs-firewall manages security rules via Puppet but make the rules
|
||||
# consistent by default. Since Neutron also creates some rules, we don't
|
||||
|
Loading…
Reference in New Issue
Block a user