Browse Source

Merge "Support deploying OVN as container services"

changes/40/498240/1
Jenkins 5 years ago committed by Gerrit Code Review
parent
commit
f2d7d4d733
  1. 82
      ci/environments/scenario007-multinode-containers.yaml
  2. 105
      docker/services/ovn-controller.yaml
  3. 202
      docker/services/ovn-dbs.yaml
  4. 27
      environments/services-docker/neutron-ovn.yaml
  5. 4
      releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml

82
ci/environments/scenario007-multinode-containers.yaml

@ -0,0 +1,82 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
# mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
# remove this.
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::NeutronServer
- OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::OVNDBs
- OS::TripleO::Services::OVNController
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::HAproxy
- OS::TripleO::Services::Keepalived
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Iscsid
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
# Required for Centos 7.3 and Qemu 2.6.0
nova::compute::libvirt::libvirt_cpu_mode: 'none'
# For OVN.
NeutronMechanismDrivers: ovn
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
NeutronNetworkType: 'geneve'
NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
NeutronVniRanges: ['1:65536', ]
OVNBridgeMappings: 'datacentre:br-ex'
Debug: true
BannerText: |
******************************************************************
* This system is for the use of authorized users only. Usage of *
* this system may be monitored and recorded by system personnel. *
* Anyone using this system expressly consents to such monitoring *
* and is advised that if such monitoring reveals possible *
* evidence of criminal activity, system personnel may provide *
* the evidence from such monitoring to law enforcement officials.*
******************************************************************
# we don't deploy Swift so we switch to file backend.
GlanceBackend: 'file'
IronicCleaningDiskErase: 'metadata'
NotificationDriver: 'noop'

105
docker/services/ovn-controller.yaml

@ -0,0 +1,105 @@
heat_template_version: pike
description: >
OpenStack containerized Ovn Controller agent.
parameters:
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
DockerOvnControllerImage:
description: image
type: string
DockerOvnControllerConfigImage:
description: The container image to use for the ovn_controller config_volume
type: string
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OvnControllerBase:
type: ../../puppet/services/ovn-controller.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the Ovn Controller agent.
value:
service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OvnControllerBase, role_data, config_settings]
step_config: &step_config
get_attr: [OvnControllerBase, role_data, step_config]
service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
puppet_tags: vs_config
config_volume: ovn_controller
step_config: *step_config
config_image: {get_param: DockerOvnControllerConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
# to configure the required parameters in ovs db which will be read
# by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
kolla_config:
/var/lib/kolla/config_files/ovn_controller.json:
command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
docker_config:
step_4:
ovn_controller:
image: {get_param: DockerOvnControllerImage}
net: host
privileged: true
user: root
restart: always
volumes:
- /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
- name: Stop and disable ovn-controller service
tags: step2
service: name=ovn-controller state=stopped enabled=no

202
docker/services/ovn-dbs.yaml

@ -0,0 +1,202 @@
heat_template_version: pike
description: >
OpenStack containerized Ovn DBs service
parameters:
DockerOvnNbDbImage:
description: image
type: string
DockerOvnSbDbImage:
description: image
type: string
DockerOvnNorthdImage:
description: image
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
resources:
ContainersCommon:
type: ./containers-common.yaml
OVNDbsBase:
type: ../../puppet/services/ovn-dbs.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
outputs:
role_data:
description: Role data for the OVN Dbs role.
value:
service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [OVNDbsBase, role_data, config_settings]
step_config: &step_config
get_attr: [OVNDbsBase, role_data, step_config]
# BEGIN DOCKER SETTINGS
# puppet_config is not required for this service since we configure
# the NB and SB DB servers to listen on the proper IP address/port
# in the docker_config section.
# puppet_config is defined to satisfy the pep8 validations.
puppet_config:
config_volume: ''
config_image: ''
step_config: *step_config
kolla_config:
/var/lib/kolla/config_files/ovn_north_db_server.json:
command:
list_join:
- ' '
- - '/usr/sbin/ovsdb-server'
- '/var/lib/openvswitch/ovnnb.db'
- '--pidfile=/run/openvswitch/ovnnb_db.pid'
- '-vconsole:emer -vsyslog:err -vfile:info'
- '--remote=punix:/run/openvswitch/ovnnb_db.sock'
- '--unixctl=/run/openvswitch/ovnnb_db.ctl'
- '--remote=db:OVN_Northbound,NB_Global,connections'
- '--private-key=db:OVN_Northbound,SSL,private_key'
- '--certificate=db:OVN_Northbound,SSL,certificate'
- '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
- '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
/var/lib/kolla/config_files/ovn_south_db_server.json:
command:
list_join:
- ' '
- - '/usr/sbin/ovsdb-server'
- '/var/lib/openvswitch/ovnsb.db'
- '--pidfile=/run/openvswitch/ovnsb_db.pid'
- '-vconsole:emer -vsyslog:err -vfile:info'
- '--remote=punix:/run/openvswitch/ovnsb_db.sock'
- '--unixctl=/run/openvswitch/ovnsb_db.ctl'
- '--remote=db:OVN_Southbound,SB_Global,connections'
- '--private-key=db:OVN_Southbound,SSL,private_key'
- '--certificate=db:OVN_Southbound,SSL,certificate'
- '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
- '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
/var/lib/kolla/config_files/ovn_northd.json:
command:
list_join:
- ' '
- - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
- '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
- '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
- '--log-file=/var/log/openvswitch/ovn-northd.log'
- '--pidfile=/run/openvswitch/ovn-northd.pid'
permissions:
- path: /var/log/openvswitch
owner: root:root
recurse: true
docker_config:
step_4:
ovn_north_db_server:
start_order: 0
image: {get_param: DockerOvnNbDbImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ovn_south_db_server:
start_order: 0
image: {get_param: DockerOvnSbDbImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/var/lib/openvswitch
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
configure_ovn_north_db_server:
start_order: 1
action: exec
user: root
command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
configure_ovn_south_db_server:
start_order: 1
action: exec
user: root
command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
ovn_northd:
start_order: 2
image: {get_param: DockerOvnNorthdImage}
net: host
privileged: false
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
- /lib/modules:/lib/modules:ro
- /var/lib/openvswitch/ovn:/run/openvswitch
- /var/log/containers/openvswitch:/var/log/openvswitch
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent directories
file:
path: "{{ item }}"
state: directory
with_items:
- /var/log/containers/openvswitch
- /var/lib/openvswitch/ovn
upgrade_tasks:
- name: Stop and disable ovn-northd service
tags: step2
service: name=ovn-northd state=stopped enabled=no

27
environments/services-docker/neutron-ovn.yaml

@ -0,0 +1,27 @@
# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
resource_registry:
OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
# Disabling Neutron services that overlap with OVN
OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
parameter_defaults:
NeutronMechanismDrivers: ovn
OVNVifType: ovs
OVNNeutronSyncMode: log
OVNQosDriver: ovn-qos
OVNTunnelEncapType: geneve
NeutronEnableDHCPAgent: false
NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
NeutronNetworkType: 'geneve'
NeutronServicePlugins: 'qos,ovn-router'
NeutronVniRanges: ['1:65536', ]
DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'

4
releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml

@ -0,0 +1,4 @@
---
features:
- Support containerized ovn-controller
- Support containerized OVN Dbs without HA
Loading…
Cancel
Save