5d00c7076f
Unlike docker with podman you can't mount a host directory
that does not exist. We did some work as part of bug 1799638
take care of this for reboots. However, we need it to be created
for fresh installations, as nodes are not necessarily rebooted
after installing paunch. The real issue without reboots did not
surface before the next patch in this series, as we were using
cni0 bridge network for some containers and that resulted in
namespace being created and the directory existing for
neutron_dhcp and neutron_l3 containers in step 4 to mount them.
This patch creates/removes a temp namespace in host_prep_tasks
to ensure that the directory exists.
Change-Id: I19d660168c98887a5e352b3413235888c800760d
Related-Bug: #1799638
(cherry picked from commit 9b284e74cb)
212 lines
8.2 KiB
YAML
212 lines
8.2 KiB
YAML
heat_template_version: queens
|
|
|
|
description: >
|
|
OpenStack containerized OVN Metadata agent
|
|
|
|
parameters:
|
|
DockerOvnMetadataImage:
|
|
description: image
|
|
type: string
|
|
DockerNeutronConfigImage:
|
|
description: The container image to use for the neutron config_volume
|
|
type: string
|
|
OVNEnableHaproxyDockerWrapper:
|
|
description: Generate a wrapper script so that haproxy is launched in a separate container.
|
|
type: boolean
|
|
default: true
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. This
|
|
mapping overrides those in ServiceNetMapDefaults.
|
|
type: json
|
|
DefaultPasswords:
|
|
default: {}
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
|
|
conditions:
|
|
haproxy_wrapper_enabled: {equals: [{get_param: OVNEnableHaproxyDockerWrapper}, true]}
|
|
|
|
resources:
|
|
|
|
ContainersCommon:
|
|
type: ./containers-common.yaml
|
|
|
|
OVNMetadataBase:
|
|
type: ../../puppet/services/ovn-metadata.yaml
|
|
properties:
|
|
EndpointMap: {get_param: EndpointMap}
|
|
ServiceData: {get_param: ServiceData}
|
|
ServiceNetMap: {get_param: ServiceNetMap}
|
|
DefaultPasswords: {get_param: DefaultPasswords}
|
|
RoleName: {get_param: RoleName}
|
|
RoleParameters: {get_param: RoleParameters}
|
|
|
|
NeutronLogging:
|
|
type: OS::TripleO::Services::Logging::NeutronCommon
|
|
properties:
|
|
NeutronServiceName: ovn-metadata-agent
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for OVNMetadata agent
|
|
value:
|
|
service_name: {get_attr: [OVNMetadataBase, role_data, service_name]}
|
|
config_settings:
|
|
map_merge:
|
|
- get_attr: [OVNMetadataBase, role_data, config_settings]
|
|
- get_attr: [NeutronLogging, config_settings]
|
|
- tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::enable_haproxy_wrapper: {get_param: OVNEnableHaproxyDockerWrapper}
|
|
tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_process_wrapper: '/var/lib/neutron/ovn_metadata_haproxy_wrapper'
|
|
tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_image: {get_param: DockerOvnMetadataImage}
|
|
logging_source: {get_attr: [OVNMetadataBase, role_data, logging_source]}
|
|
logging_groups: {get_attr: [OVNMetadataBase, role_data, logging_groups]}
|
|
puppet_config:
|
|
puppet_tags: neutron_config,ovn_metadata_agent_config
|
|
config_volume: neutron
|
|
step_config:
|
|
get_attr: [OVNMetadataBase, role_data, step_config]
|
|
config_image: {get_param: DockerNeutronConfigImage}
|
|
volumes:
|
|
- /lib/modules:/lib/modules:ro
|
|
- /run/openvswitch:/run/openvswitch
|
|
kolla_config:
|
|
/var/lib/kolla/config_files/ovn_metadata_agent.json:
|
|
command:
|
|
list_join:
|
|
- ' '
|
|
- - /usr/bin/networking-ovn-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini --config-dir /etc/neutron/conf.d/networking-ovn-metadata-agent
|
|
- get_attr: [NeutronLogging, cmd_extra_args]
|
|
config_files:
|
|
- source: "/var/lib/kolla/config_files/src/*"
|
|
dest: "/"
|
|
merge: true
|
|
preserve_properties: true
|
|
permissions:
|
|
- path: /var/log/neutron
|
|
owner: neutron:neutron
|
|
recurse: true
|
|
- path: /var/lib/neutron
|
|
owner: neutron:neutron
|
|
recurse: true
|
|
docker_config_scripts: {get_attr: [ContainersCommon, docker_config_scripts]}
|
|
docker_config:
|
|
step_2:
|
|
create_haproxy_wrapper:
|
|
start_order: 1
|
|
detach: false
|
|
net: host
|
|
pid: host
|
|
user: root
|
|
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
list_concat:
|
|
-
|
|
- '/docker_puppet_apply.sh'
|
|
- '4'
|
|
- 'file'
|
|
- 'include ::tripleo::profile::base::neutron::ovn_metadata_agent_wrappers'
|
|
image: {get_param: DockerOvnMetadataImage}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
|
|
-
|
|
- /run/openvswitch:/run/openvswitch
|
|
- /var/lib/neutron:/var/lib/neutron
|
|
step_4:
|
|
setup_ovs_manager:
|
|
start_order: 0
|
|
detach: false
|
|
net: host
|
|
privileged: true
|
|
user: root
|
|
command: # '/docker_puppet_apply.sh "STEP" "TAGS" "CONFIG" "DEBUG"'
|
|
list_concat:
|
|
- - '/docker_puppet_apply.sh'
|
|
- '4'
|
|
- 'exec'
|
|
- 'include ::tripleo::profile::base::neutron::ovn_metadata'
|
|
image: {get_param: DockerOvnMetadataImage}
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, docker_puppet_apply_volumes]}
|
|
- - /lib/modules:/lib/modules:ro
|
|
- /run/openvswitch:/run/openvswitch
|
|
ovn_metadata_agent:
|
|
start_order: 1
|
|
image: {get_param: DockerOvnMetadataImage}
|
|
net: host
|
|
pid: host
|
|
privileged: true
|
|
restart: always
|
|
healthcheck:
|
|
test: /openstack/healthcheck
|
|
volumes:
|
|
list_concat:
|
|
- {get_attr: [ContainersCommon, volumes]}
|
|
- {get_attr: [NeutronLogging, volumes]}
|
|
-
|
|
- /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
|
|
- /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
|
|
- /lib/modules:/lib/modules:ro
|
|
- /run/openvswitch:/run/openvswitch
|
|
- /var/lib/neutron:/var/lib/neutron
|
|
- /run/netns:/run/netns:shared
|
|
- /var/lib/openstack:/var/lib/openstack
|
|
-
|
|
if:
|
|
- haproxy_wrapper_enabled
|
|
- - /var/lib/neutron/ovn_metadata_haproxy_wrapper:/usr/local/bin/haproxy:ro
|
|
- null
|
|
environment:
|
|
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
|
|
metadata_settings:
|
|
get_attr: [OVNMetadataBase, role_data, metadata_settings]
|
|
host_prep_tasks:
|
|
list_concat:
|
|
- {get_attr: [NeutronLogging, host_prep_tasks]}
|
|
- - name: create /run/netns with temp namespace
|
|
command: ip netns add ns_temp
|
|
register: ipnetns_add_result
|
|
ignore_errors: True
|
|
- - name: remove temp namespace
|
|
command: ip netns delete ns_temp
|
|
ignore_errors: True
|
|
when: ipnetns_add_result.rc == 0
|
|
- - name: create /var/lib/neutron
|
|
file:
|
|
path: /var/lib/neutron
|
|
state: directory
|
|
upgrade_tasks:
|
|
- when: step|int == 0
|
|
tags: common
|
|
block:
|
|
- name: Check if ovn_metadata_agent is deployed
|
|
command: systemctl is-enabled --quiet networking-ovn-metadata-agent
|
|
ignore_errors: True
|
|
register: networking_ovn_metadata_agent_enabled_result
|
|
- name: Set fact networking_ovn_metadata_agent_enabled
|
|
set_fact:
|
|
networking_ovn_metadata_agent_enabled: "{{ networking_ovn_metadata_agent_enabled.rc == 0 }}"
|
|
- when: step|int == 2
|
|
block:
|
|
- name: Stop and disable networking_ovn_metadata service
|
|
when: networking_ovn_metadata_agent_enabled|bool
|
|
service: name=networking-ovn-metadata-agent state=stopped enabled=no
|