Merge "Support deploying OVN as container services"

2017-08-26 22:02:21 +00:00 · 2017-08-26 22:02:21 +00:00 · f2d7d4d733
commit f2d7d4d733
parent b1d7887ce7 e7cd03d2f0
5 changed files with 420 additions and 0 deletions
--- a/ci/environments/scenario007-multinode-containers.yaml
+++ b/ci/environments/scenario007-multinode-containers.yaml
@ -0,0 +1,82 @@
+resource_registry:
+  OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+  OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+  # NOTE: This is needed because of upgrades from Ocata to Pike. We
+  # deploy the initial environment with Ocata templates, and
+  # overcloud-resource-registry.yaml there doesn't have this Docker
+  # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+  # remove this.
+  OS::TripleO::Services::Docker: OS::Heat::None
+  OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+  # Some infra instances don't pass the ping test but are otherwise working.
+  # Since the OVB jobs also test this functionality we can shut it off here.
+  OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+  OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
+parameter_defaults:
+  ControllerServices:
+    - OS::TripleO::Services::Docker
+    - OS::TripleO::Services::Kernel
+    - OS::TripleO::Services::Keystone
+    - OS::TripleO::Services::GlanceApi
+    - OS::TripleO::Services::HeatApi
+    - OS::TripleO::Services::HeatApiCfn
+    - OS::TripleO::Services::HeatApiCloudwatch
+    - OS::TripleO::Services::HeatEngine
+    - OS::TripleO::Services::MySQL
+    - OS::TripleO::Services::MySQLClient
+    - OS::TripleO::Services::NeutronServer
+    - OS::TripleO::Services::NeutronCorePlugin
+    - OS::TripleO::Services::OVNDBs
+    - OS::TripleO::Services::OVNController
+    - OS::TripleO::Services::RabbitMQ
+    - OS::TripleO::Services::HAproxy
+    - OS::TripleO::Services::Keepalived
+    - OS::TripleO::Services::Memcached
+    - OS::TripleO::Services::Pacemaker
+    - OS::TripleO::Services::NovaConductor
+    - OS::TripleO::Services::NovaApi
+    - OS::TripleO::Services::NovaPlacement
+    - OS::TripleO::Services::NovaMetadata
+    - OS::TripleO::Services::NovaScheduler
+    - OS::TripleO::Services::Ntp
+    - OS::TripleO::Services::Snmp
+    - OS::TripleO::Services::Timezone
+    - OS::TripleO::Services::NovaCompute
+    - OS::TripleO::Services::NovaLibvirt
+    - OS::TripleO::Services::NovaMigrationTarget
+    - OS::TripleO::Services::TripleoPackages
+    - OS::TripleO::Services::TripleoFirewall
+    - OS::TripleO::Services::Sshd
+    - OS::TripleO::Services::Iscsid
+  ControllerExtraConfig:
+    nova::compute::libvirt::services::libvirt_virt_type: qemu
+    nova::compute::libvirt::libvirt_virt_type: qemu
+    # Required for Centos 7.3 and Qemu 2.6.0
+    nova::compute::libvirt::libvirt_cpu_mode: 'none'
+  # For OVN.
+  NeutronMechanismDrivers: ovn
+  OVNVifType: ovs
+  OVNNeutronSyncMode: log
+  OVNQosDriver: ovn-qos
+  OVNTunnelEncapType: geneve
+  NeutronEnableDHCPAgent: false
+  NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
+  NeutronNetworkType: 'geneve'
+  NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
+  NeutronVniRanges: ['1:65536', ]
+  OVNBridgeMappings: 'datacentre:br-ex'
+  Debug: true
+  BannerText: |
+    ******************************************************************
+    * This system is for the use of authorized users only. Usage of  *
+    * this system may be monitored and recorded by system personnel. *
+    * Anyone using this system expressly consents to such monitoring *
+    * and is advised that if such monitoring reveals possible        *
+    * evidence of criminal activity, system personnel may provide    *
+    * the evidence from such monitoring to law enforcement officials.*
+    ******************************************************************
+  # we don't deploy Swift so we switch to file backend.
+  GlanceBackend: 'file'
+  IronicCleaningDiskErase: 'metadata'
+  NotificationDriver: 'noop'
--- a/docker/services/ovn-controller.yaml
+++ b/docker/services/ovn-controller.yaml
@ -0,0 +1,105 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Ovn Controller agent.
+
+parameters:
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  DockerOvnControllerImage:
+    description: image
+    type: string
+  DockerOvnControllerConfigImage:
+    description: The container image to use for the ovn_controller config_volume
+    type: string
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  OvnControllerBase:
+    type: ../../puppet/services/ovn-controller.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the Ovn Controller agent.
+    value:
+      service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [OvnControllerBase, role_data, config_settings]
+      step_config: &step_config
+        get_attr: [OvnControllerBase, role_data, step_config]
+      service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
+      # BEGIN DOCKER SETTINGS
+      puppet_config:
+        puppet_tags: vs_config
+        config_volume: ovn_controller
+        step_config: *step_config
+        config_image: {get_param: DockerOvnControllerConfigImage}
+        # We need to mount /run for puppet_config step. This is because
+        # puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
+        # to configure the required parameters in ovs db which will be read
+        # by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
+        # on the unix domain socket - /run/openvswitch/db.sock
+        volumes:
+          - /lib/modules:/lib/modules:ro
+          - /run/openvswitch:/run/openvswitch
+      kolla_config:
+        /var/lib/kolla/config_files/ovn_controller.json:
+          command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
+          permissions:
+            - path: /var/log/openvswitch
+              owner: root:root
+              recurse: true
+      docker_config:
+        step_4:
+          ovn_controller:
+            image: {get_param: DockerOvnControllerImage}
+            net: host
+            privileged: true
+            user: root
+            restart: always
+            volumes:
+              - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
+              - /lib/modules:/lib/modules:ro
+              - /run/openvswitch:/run/openvswitch
+              - /var/log/containers/openvswitch:/var/log/openvswitch
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      upgrade_tasks:
+        - name: Stop and disable ovn-controller service
+          tags: step2
+          service: name=ovn-controller state=stopped enabled=no
--- a/docker/services/ovn-dbs.yaml
+++ b/docker/services/ovn-dbs.yaml
@ -0,0 +1,202 @@
+heat_template_version: pike
+
+description: >
+  OpenStack containerized Ovn DBs service
+
+parameters:
+  DockerOvnNbDbImage:
+    description: image
+    type: string
+  DockerOvnSbDbImage:
+    description: image
+    type: string
+  DockerOvnNorthdImage:
+    description: image
+    type: string
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+
+resources:
+
+  ContainersCommon:
+    type: ./containers-common.yaml
+
+  OVNDbsBase:
+    type: ../../puppet/services/ovn-dbs.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceData: {get_param: ServiceData}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the OVN Dbs role.
+    value:
+      service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+      config_settings:
+        map_merge:
+          - get_attr: [OVNDbsBase, role_data, config_settings]
+      step_config: &step_config
+        get_attr: [OVNDbsBase, role_data, step_config]
+      # BEGIN DOCKER SETTINGS
+      # puppet_config is not required for this service since we configure
+      # the NB and SB DB servers to listen on the proper IP address/port
+      # in the docker_config section.
+      # puppet_config is defined to satisfy the pep8 validations.
+      puppet_config:
+        config_volume: ''
+        config_image: ''
+        step_config: *step_config
+      kolla_config:
+        /var/lib/kolla/config_files/ovn_north_db_server.json:
+          command:
+            list_join:
+            - ' '
+            - - '/usr/sbin/ovsdb-server'
+              - '/var/lib/openvswitch/ovnnb.db'
+              - '--pidfile=/run/openvswitch/ovnnb_db.pid'
+              - '-vconsole:emer -vsyslog:err -vfile:info'
+              - '--remote=punix:/run/openvswitch/ovnnb_db.sock'
+              - '--unixctl=/run/openvswitch/ovnnb_db.ctl'
+              - '--remote=db:OVN_Northbound,NB_Global,connections'
+              - '--private-key=db:OVN_Northbound,SSL,private_key'
+              - '--certificate=db:OVN_Northbound,SSL,certificate'
+              - '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
+              - '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
+          permissions:
+            - path: /var/log/openvswitch
+              owner: root:root
+              recurse: true
+        /var/lib/kolla/config_files/ovn_south_db_server.json:
+          command:
+            list_join:
+            - ' '
+            - - '/usr/sbin/ovsdb-server'
+              - '/var/lib/openvswitch/ovnsb.db'
+              - '--pidfile=/run/openvswitch/ovnsb_db.pid'
+              - '-vconsole:emer -vsyslog:err -vfile:info'
+              - '--remote=punix:/run/openvswitch/ovnsb_db.sock'
+              - '--unixctl=/run/openvswitch/ovnsb_db.ctl'
+              - '--remote=db:OVN_Southbound,SB_Global,connections'
+              - '--private-key=db:OVN_Southbound,SSL,private_key'
+              - '--certificate=db:OVN_Southbound,SSL,certificate'
+              - '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
+              - '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
+          permissions:
+            - path: /var/log/openvswitch
+              owner: root:root
+              recurse: true
+        /var/lib/kolla/config_files/ovn_northd.json:
+          command:
+            list_join:
+            - ' '
+            - - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
+              - '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
+              - '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
+              - '--log-file=/var/log/openvswitch/ovn-northd.log'
+              - '--pidfile=/run/openvswitch/ovn-northd.pid'
+          permissions:
+            - path: /var/log/openvswitch
+              owner: root:root
+              recurse: true
+      docker_config:
+        step_4:
+          ovn_north_db_server:
+            start_order: 0
+            image: {get_param: DockerOvnNbDbImage}
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+                  - /var/lib/openvswitch/ovn:/run/openvswitch
+                  - /var/log/containers/openvswitch:/var/log/openvswitch
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+          ovn_south_db_server:
+            start_order: 0
+            image: {get_param: DockerOvnSbDbImage}
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+                  - /var/lib/openvswitch/ovn:/run/openvswitch
+                  - /var/log/containers/openvswitch:/var/log/openvswitch
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+          configure_ovn_north_db_server:
+            start_order: 1
+            action: exec
+            user: root
+            command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
+          configure_ovn_south_db_server:
+            start_order: 1
+            action: exec
+            user: root
+            command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
+          ovn_northd:
+            start_order: 2
+            image: {get_param: DockerOvnNorthdImage}
+            net: host
+            privileged: false
+            restart: always
+            volumes:
+              list_concat:
+                - {get_attr: [ContainersCommon, volumes]}
+                -
+                  - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
+                  - /lib/modules:/lib/modules:ro
+                  - /var/lib/openvswitch/ovn:/run/openvswitch
+                  - /var/log/containers/openvswitch:/var/log/openvswitch
+            environment:
+              - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+      host_prep_tasks:
+        - name: create persistent directories
+          file:
+            path: "{{ item }}"
+            state: directory
+          with_items:
+            - /var/log/containers/openvswitch
+            - /var/lib/openvswitch/ovn
+      upgrade_tasks:
+        - name: Stop and disable ovn-northd service
+          tags: step2
+          service: name=ovn-northd state=stopped enabled=no
--- a/environments/services-docker/neutron-ovn.yaml
+++ b/environments/services-docker/neutron-ovn.yaml
@ -0,0 +1,27 @@
+# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
+resource_registry:
+  OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
+  OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+  OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+# Disabling Neutron services that overlap with OVN
+  OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+  OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+  OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+  OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+
+
+parameter_defaults:
+  NeutronMechanismDrivers: ovn
+  OVNVifType: ovs
+  OVNNeutronSyncMode: log
+  OVNQosDriver: ovn-qos
+  OVNTunnelEncapType: geneve
+  NeutronEnableDHCPAgent: false
+  NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+  NeutronNetworkType: 'geneve'
+  NeutronServicePlugins: 'qos,ovn-router'
+  NeutronVniRanges: ['1:65536', ]
+  DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
+  DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
--- a/releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml
+++ b/releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - Support containerized ovn-controller
+  - Support containerized OVN Dbs without HA