Do not run puppet in docker_config

The docker_config is not intended for puppet execution and doesn't
automatically present the common requirements like fact cache generated
on host to run puppet inside containers.

This merges puppet execution into the base puppet_task to simplify
puppet execution. Because creating ovs bridge requires access to host
pids which is not allowed to container puppet tasks, that specific
task is re-implemented by host prep tasks.

Closes-Bug: #1958240
Change-Id: I7d647afbf26ea11aff4d51cc3ea734881bf5cd32
This commit is contained in:
Takashi Kajinami 2022-01-18 23:16:49 +09:00
parent a170fc4c75
commit c275d78703
3 changed files with 19 additions and 114 deletions

View File

@ -32,12 +32,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
MultiInterfaceDriverMappings: MultiInterfaceDriverMappings:
type: comma_delimited_list type: comma_delimited_list
default: "" default: ""
@ -92,34 +86,13 @@ outputs:
neutron::agents::ml2::mlnx::dhcp_broadcast_reply: true neutron::agents::ml2::mlnx::dhcp_broadcast_reply: true
neutron::agents::ml2::mlnx::interface_driver : 'multi' neutron::agents::ml2::mlnx::interface_driver : 'multi'
neutron::agents::ml2::mlnx::enable_multi_interface_driver_cache_maintenance : true neutron::agents::ml2::mlnx::enable_multi_interface_driver_cache_maintenance : true
docker_config: puppet_config:
step_3: config_volume: 'neutron'
neutron_agents_ib_config: puppet_tags: eswitchd_config,neutron_dhcp_agent_config,neutron_l3_agent_config,neutron_mlnx_agent_config
detach: false step_config: |
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]} include tripleo::profile::base::neutron::agents::mlnx
net: host config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
pid: host docker_config: {}
user: root
privileged: true
security_opt:
- label=disable
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- -v
- -e
- "include neutron::agents::ml2::mlnx"
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /lib/modules:/lib/modules:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
metadata_settings: metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings] get_attr: [NeutronBase, role_data, metadata_settings]
upgrade_tasks: [] upgrade_tasks: []

View File

@ -37,12 +37,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
NeutronPhysicalDevMappings: NeutronPhysicalDevMappings:
description: > description: >
List of <physical_network>:<physical device> List of <physical_network>:<physical device>
@ -117,9 +111,10 @@ outputs:
- get_attr: [MlnxAgentLogging, config_settings] - get_attr: [MlnxAgentLogging, config_settings]
puppet_config: puppet_config:
config_volume: 'neutron' config_volume: 'neutron'
puppet_tags: neutron_plugin_ml2 puppet_tags: neutron_plugin_ml2,eswitchd_config,neutron_dhcp_agent_config,neutron_l3_agent_config,neutron_mlnx_agent_config
step_config: | step_config: |
include tripleo::profile::base::neutron::plugins::ml2 include tripleo::profile::base::neutron::plugins::ml2
include tripleo::profile::base::neutron::agents::mlnx
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]} config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
kolla_config: kolla_config:
/var/lib/kolla/config_files/neutron_mlnx_agent.json: /var/lib/kolla/config_files/neutron_mlnx_agent.json:
@ -153,35 +148,6 @@ outputs:
owner: neutron:neutron owner: neutron:neutron
recurse: true recurse: true
docker_config: docker_config:
step_3:
neutron_mlnx_agent_config:
detach: false
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
net: host
pid: host
user: root
privileged: true
security_opt:
- label=disable
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- -v
- -e
- "include tripleo::profile::base::neutron::agents::mlnx"
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /var/lib/kolla/config_files/neutron_mlnx_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4: step_4:
neutron_mlnx_agent: neutron_mlnx_agent:
start_order: 10 start_order: 10

View File

@ -46,16 +46,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
DeployIdentifier:
default: ''
type: string
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
DockerPuppetMountHostPuppet:
type: boolean
default: true
description: Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly.
PythonInterpreter: PythonInterpreter:
type: string type: string
description: The python interpreter to use for python and ansible actions description: The python interpreter to use for python and ansible actions
@ -281,7 +271,7 @@ outputs:
collectd::plugin::ovs_stats::socket: '/run/openvswitch/db.sock' collectd::plugin::ovs_stats::socket: '/run/openvswitch/db.sock'
puppet_config: puppet_config:
config_volume: neutron config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2,vs_config
step_config: | step_config: |
include tripleo::profile::base::neutron::ovs include tripleo::profile::base::neutron::ovs
config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]} config_image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
@ -328,39 +318,6 @@ outputs:
params: params:
PYTHON: {get_param: PythonInterpreter} PYTHON: {get_param: PythonInterpreter}
docker_config: docker_config:
step_3:
neutron_ovs_bridge:
detach: false
image: {get_attr: [RoleParametersValue, value, ContainerNeutronConfigImage]}
net: host
pid: host
user: root
privileged: true
security_opt:
- label=disable
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- --tags
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge,vs_config
- -v
- -e
- include neutron::agents::ml2::ovs
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
- if:
- {get_param: DockerPuppetMountHostPuppet}
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
environment:
KOLLA_CONFIG_STRATEGY: COPY_ALWAYS
TRIPLEO_DEPLOY_IDENTIFIER: {get_param: DeployIdentifier}
step_4: step_4:
neutron_ovs_agent: neutron_ovs_agent:
start_order: 10 start_order: 10
@ -421,6 +378,15 @@ outputs:
when: when:
- ansible_facts.selinux is defined - ansible_facts.selinux is defined
- ansible_facts.selinux.status == "enabled" - ansible_facts.selinux.status == "enabled"
- block:
- name: Create the ovs bridges
shell: |
ovs-vsctl --may-exist add-br "{{ item.split(':')[1] }}"
with_items: {get_attr: [RoleParametersValue, value, 'neutron::agents::ml2::ovs::bridge_mappings']}
- name: Activate the ovs bridges
shell: |
ip link set dev "{{ item.split(':')[1] }}" up
with_items: {get_attr: [RoleParametersValue, value, 'neutron::agents::ml2::ovs::bridge_mappings']}
update_tasks: update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules # puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't # consistent by default. Since Neutron also creates some rules, we don't