openstack/tripleo-heat-templates
Code Issues Proposed changes
54fb81ecd9
tripleo-heat-templates/docker/services/neutron-ovs-agent.yaml
Emilien Macchi e4ee042a2a upgrade: remove tasks that stop and disable services 
We don't need upgrade_tasks that stop systemd services since all
services are now containerized.
However, we decided to keep the tasks that remove the rpms in case some
of deployments didn't cleanup them in previous releases, they can still
do it now.

Change-Id: I6abdc9e37966cd818306f7af473958fd4662ccb5
Related-Bug: #1806733
2018-12-10 09:19:59 -05:00

279 lines
11 KiB
YAML
Raw Blame History

heat_template_version: rocky
description: >
OpenStack Neutron openvswitch service
parameters:
DockerOpenvswitchImage:
description: image
type: string
DockerNeutronConfigImage:
description: The container image to use for the neutron config_volume
type: string
DockerOpenvswitchUlimit:
default: ['nofile=1024']
description: ulimit for Openvswitch Container
type: comma_delimited_list
NeutronOpenVswitchAgentLoggingSource:
type: json
default:
tag: openstack.neutron.agent.openvswitch
path: /var/log/containers/neutron/openvswitch-agent.log
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
DockerPuppetMountHostPuppet:
type: boolean
default: true
description: Whether containerized puppet executions use modules from the baremetal host. Defaults to true. Can be set to false to consume puppet modules from containers directly.
conditions:
docker_puppet_mount_host: {equals: [{get_param: DockerPuppetMountHostPuppet}, true]}
resources:
ContainersCommon:
type: ./containers-common.yaml
NeutronOvsAgentBase:
type: ../../puppet/services/neutron-ovs-agent.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
NeutronLogging:
type: OS::TripleO::Services::Logging::NeutronCommon
properties:
NeutronServiceName: openvswitch-agent
outputs:
role_data:
description: Role data for Neutron openvswitch service
value:
service_name: {get_attr: [NeutronOvsAgentBase, role_data, service_name]}
config_settings:
map_merge:
- get_attr: [NeutronOvsAgentBase, role_data, config_settings]
- get_attr: [NeutronLogging, config_settings]
service_config_settings:
map_merge:
- get_attr: [NeutronOvsAgentBase, role_data, service_config_settings]
- fluentd:
tripleo_fluentd_groups_neutron_ovs_agent:
- neutron
tripleo_fluentd_sources_neutron_ovs_agent:
- {get_param: NeutronOpenVswitchAgentLoggingSource}
puppet_config:
config_volume: neutron
puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2
step_config:
get_attr: [NeutronOvsAgentBase, role_data, step_config]
config_image: {get_param: DockerNeutronConfigImage}
# We need to mount /run for puppet_config step. This is because
# puppet-vswitch runs the commands "ovs-vsctl list open_vswitch ."
# when running vswitch::ovs::enable_hw_offload: true
# ovs-vsctl talks to the ovsdb-server (hosting conf.db)
# on the unix domain socket - /run/openvswitch/db.sock
volumes:
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
kolla_config:
/var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /neutron_ovs_agent_launcher.sh
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/neutron
owner: neutron:neutron
recurse: true
docker_config_scripts:
neutron_ovs_agent_launcher.sh:
mode: "0755"
content: |
#!/bin/bash
set -xe
/usr/bin/python -m neutron.cmd.destroy_patch_ports --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-openvswitch-agent
/usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-dir /etc/neutron/conf.d/common --log-file=/var/log/neutron/openvswitch-agent.log
docker_config:
step_3:
neutron_ovs_bridge:
detach: false
image: {get_param: DockerNeutronConfigImage}
net: host
pid: host
user: root
privileged: true
security_opt: 'label=disable'
command:
- puppet
- apply
- --modulepath
- /etc/puppet/modules:/usr/share/openstack-puppet/modules
- --tags
- file,file_line,concat,augeas,neutron::plugins::ovs::bridge,vs_config
- -v
- -e
- include neutron::agents::ml2::ovs
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
- /etc/puppet:/etc/puppet:ro
- /var/run/openvswitch/:/var/run/openvswitch/:shared,z
-
if:
- docker_puppet_mount_host
- /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
- ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
neutron_ovs_agent:
start_order: 10
image: {get_param: DockerOpenvswitchImage}
net: host
pid: host
privileged: true
security_opt: 'label=disable'
restart: always
healthcheck:
test:
list_join:
- ' '
- - '/openstack/healthcheck'
- yaql:
expression: str($.data.port)
data:
port: {get_attr: [NeutronOvsAgentBase, role_data, config_settings, 'neutron::rabbit_port']}
ulimit: {get_param: DockerOpenvswitchUlimit}
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- {get_attr: [NeutronLogging, volumes]}
-
- /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
- /var/lib/docker-config-scripts/neutron_ovs_agent_launcher.sh:/neutron_ovs_agent_launcher.sh:ro
- /lib/modules:/lib/modules:ro
- /run/openvswitch:/run/openvswitch:shared,z
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
get_attr: [NeutronOvsAgentBase, role_data, metadata_settings]
host_prep_tasks:
list_concat:
- {get_attr: [NeutronLogging, host_prep_tasks]}
-
- block:
- name: load openvswitch module
import_role:
name: tripleo-module-load
vars:
modules:
- name: openvswitch
- name: Copy in cleanup script
copy:
content: {get_file: ./neutron/neutron-cleanup}
dest: '/usr/libexec/neutron-cleanup'
force: yes
mode: '0755'
- name: Copy in cleanup service
copy:
content: {get_file: ./neutron/neutron-cleanup.service}
dest: '/usr/lib/systemd/system/neutron-cleanup.service'
force: yes
- name: Enabling the cleanup service
service:
name: neutron-cleanup
enabled: yes
upgrade_tasks:
- when: step|int == 3
block:
- name: Set fact for removal of openstack-neutron-openvswitch package
set_fact:
remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-neutron-openvswitch package if operator requests it
package: name=openstack-neutron-openvswitch state=removed
ignore_errors: True
when: remove_neutron_openvswitch_package|bool
update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't
# want them to be consistent so we have to ensure that they're not stored
# into sysconfig.
# https://bugzilla.redhat.com/show_bug.cgi?id=1541528
- name: Remove IPv4 iptables rules created by Neutron that are persistent
lineinfile: dest=/etc/sysconfig/iptables
regexp=".*neutron-"
state=absent
when: step|int == 5
- name: Remove IPv6 iptables rules created by Neutron that are persistent
lineinfile: dest=/etc/sysconfig/ip6tables
regexp=".*neutron-"
state=absent
when: step|int == 5
post_upgrade_tasks:
- when: step|int == 1
import_role:
name: tripleo-docker-rm
vars:
containers_to_rm:
- neutron_ovs_agent
fast_forward_upgrade_tasks:
- when:
- step|int == 0
- release == 'ocata'
block:
- name: Check if neutron_ovs_agent is deployed
command: systemctl is-enabled --quiet neutron-openvswitch-agent
ignore_errors: True
register: neutron_ovs_agent_enabled_result
- name: Set fact neutron_ovs_agent_enabled
set_fact:
neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}"
- name: Stop neutron_openvswitch_agent
service: name=neutron-openvswitch-agent state=stopped enabled=no
when:
- step|int == 1
- release == 'ocata'
- neutron_ovs_agent_enabled|bool
View Git Blame Copy Permalink