Initial Neutron implementation for k8s with app_def.

Reworked Aleksandr Mogylchenko neutron work to be compatible with application
definition framework. Removed a lot of hand made workarounds.

Change-Id: I674b897dd3f0566a9879024d20afe763ba68a791

.gitignore

@@ -0,0 +1,69 @@
+*.py[cod]
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+.eggs
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+cover
+.tox
+nosetests.xml
+.testrepository
+.venv
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+
+# Complexity
+output/*.html
+output/*/index.html
+
+# Sphinx
+doc/build
+
+# oslo-config-generator
+etc/*.sample
+
+# pbr generates these
+AUTHORS
+ChangeLog
+
+# Editors
+*~
+.*.swp
+.*sw?
+
+# Vagrant
+.vagrant
+vagrant/Vagrantfile.custom
+vagrant/vagrantkey*
+
+# generated openrc
+openrc
+
+# tests
+tests/.cache/*

docker/neutron-base/Dockerfile.j2

@@ -0,0 +1,37 @@
+FROM {{ namespace }}/openstack-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get -y install --no-install-recommends \
+        iputils-arping \
+        conntrack \
+        dnsmasq \
+        dnsmasq-utils \
+        ipset \
+        iptables \
+        openvswitch-switch \
+        uuid-runtime \
+        mysql-client \
+    && apt-get clean
+
+RUN curl -o neutron-{{ branch }}.tar.gz http://tarballs.openstack.org/neutron/neutron-{{ branch }}.tar.gz \
+    && tar -zxvf neutron-{{ branch }}.tar.gz
+
+RUN mv neutron*/ /neutron-{{ branch }} \
+    && cd /neutron-{{ branch }} \
+    && useradd --user-group neutron \
+    && /var/lib/microservices/venv/bin/pip --no-cache-dir install --upgrade /neutron-{{ branch }} \
+    && mkdir -p /etc/neutron /usr/share/neutron /var/lib/neutron /home/neutron \
+    && cp -r /neutron-{{ branch }}/etc/* /etc/neutron/ \
+    && cp -r /neutron-{{ branch }}/etc/neutron/* /etc/neutron/ \
+    && cp /neutron-{{ branch }}/etc/api-paste.ini /usr/share/neutron \
+    && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \
+    && chown -R neutron: /etc/neutron /usr/share/neutron /var/lib/neutron /home/neutron \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/microservices/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf
+
+COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers
+
+RUN usermod -a -G microservices neutron \
+    && chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/neutron_sudoers
+
+ENV PATH /var/lib/microservices/venv/bin:$PATH

docker/neutron-base/neutron_sudoers

@@ -0,0 +1 @@
+neutron ALL = (root) NOPASSWD: /var/lib/microservices/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

docker/neutron-dhcp-agent/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/neutron-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER neutron

docker/neutron-l3-agent/Dockerfile.j2

@@ -0,0 +1,8 @@
+FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN apt-get -y install --no-install-recommends \
+        keepalived \
+    && apt-get clean
+
+USER neutron

docker/neutron-metadata-agent/Dockerfile.j2

@@ -0,0 +1,8 @@
+FROM {{ namespace }}/neutron-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers
+RUN chmod 750 /etc/sudoers.d \
+    && chmod 440 /etc/sudoers.d/neutron_sudoers
+
+USER neutron

docker/neutron-metadata-agent/neutron_sudoers

@@ -0,0 +1 @@
+%microservices ALL=(root) NOPASSWD: /bin/chown neutron\: /var/lib/neutron/ccp, /usr/bin/chown neutron\: /var/lib/neutron/ccp

docker/neutron-openvswitch-agent/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/neutron-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER neutron

docker/neutron-server/Dockerfile.j2

@@ -0,0 +1,4 @@
+FROM {{ namespace }}/neutron-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER neutron

service/files/defaults.yaml

@@ -0,0 +1,15 @@
+configs:
+    neutron_db_password: password
+    neutron_db_name: neutron
+    neutron_db_username: neutron
+    neutron_server_port: 9696
+    neutron-metadata-agent-port: 9697
+    neutron_bridge_name: "br-ex"
+    neutron_external_interface: "eth2"
+    neutron_logging_debug: "false"
+    neutron_plugin_agent: "openvswitch"
+    memcache_secret_key: idunno
+    enable_nova_fake: "false"
+    enable_neutron_lbaas: "false"
+    enable_ironic: "false"
+    enable_neutron_qos: "false"

service/files/dhcp_agent.ini.j2

@@ -0,0 +1,3 @@
+# dhcp_agent.ini
+[DEFAULT]
+dnsmasq_config_file = /etc/neutron/dnsmasq.conf

service/files/dnsmasq.conf.j2

@@ -0,0 +1 @@
+log-facility=/tmp/dnsmasq.log

service/files/fwaas_driver.ini.j2

@@ -0,0 +1 @@
+[fwaas]

service/files/l3_agent.ini.j2

@@ -0,0 +1,4 @@
+# l3_agent.ini
+[DEFAULT]
+agent_mode = legacy
+external_network_bridge =

service/files/metadata-agent-bootstrap.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Only update permissions if permissions need to be updated
+if [[ $(stat -c %U:%G /var/lib/neutron/ccp) != "neutron:neutron" ]]; then
+    sudo chown neutron: /var/lib/neutron/ccp
+fi

service/files/metadata-agent.ini.j2

@@ -0,0 +1,5 @@
+# metadata_agent.ini
+[DEFAULT]
+nova_metadata_ip = {{ nova_api_host }}
+nova_metadata_port = {{ nova_metadata_port }}
+metadata_proxy_shared_secret = {{ metadata_secret }}

service/files/ml2_conf.ini.j2

@@ -0,0 +1,66 @@
+# ml2_conf.ini
+[ml2]
+{% if enable_ironic | bool %}
+tenant_network_types = vxlan, flat
+mechanism_drivers = openvswitch
+{% else %}
+# Changing type_drivers after bootstrap can lead to database inconsistencies
+type_drivers = flat,vlan,vxlan
+tenant_network_types = vxlan
+{% endif %}
+
+{% if neutron_plugin_agent == "openvswitch" %}
+mechanism_drivers = openvswitch,l2population
+{% elif neutron_plugin_agent == "linuxbridge" %}
+mechanism_drivers = linuxbridge,l2population
+{% endif %}
+
+{% if enable_neutron_qos | bool %}
+extension_drivers = qos
+{% endif %}
+
+[ml2_type_vlan]
+{% if enable_ironic | bool %}
+network_vlan_ranges = physnet1
+{% else %}
+network_vlan_ranges =
+{% endif %}
+
+[ml2_type_flat]
+{% if enable_ironic | bool %}
+flat_networks = *
+{% else %}
+flat_networks = physnet1
+{% endif %}
+
+[ml2_type_vxlan]
+vni_ranges = 1:1000
+vxlan_group = 239.1.1.1
+
+[securitygroup]
+{% if neutron_plugin_agent == "openvswitch" %}
+firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+{% elif neutron_plugin_agent == "linuxbridge" %}
+firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+{% endif %}
+
+{% if neutron_plugin_agent == "openvswitch" %}
+[agent]
+tunnel_types = vxlan
+l2_population = true
+arp_responder = true
+
+[ovs]
+bridge_mappings = physnet1:{{ neutron_bridge_name }}
+{% if enable_nova_fake | bool %}
+integration_bridge = br-int-{{ item }}
+{% endif %}
+{% elif neutron_plugin_agent == "linuxbridge" %}
+[linux_bridge]
+physical_interface_mappings = physnet1:{{ neutron_external_interface }}
+
+
+[vxlan]
+l2_population = true
+{% endif %}
+local_ip = {{ network_topology["private"]["address"] }}

service/files/neutron-server-bootstrap.sh.j2

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_PROJECT_NAME=admin
+export OS_USERNAME={{ openstack_user_name }}
+export OS_PASSWORD={{ openstack_user_password }}
+export OS_AUTH_URL=http://keystone:{{ keystone_public_port }}/v3
+export OS_IDENTITY_API_VERSION=3
+
+echo "Creating database"
+mysql -u root -p{{ db_root_password }} -h mariadb -e "create database {{ neutron_db_name }};
+grant all privileges on {{ neutron_db_name }}.* to '{{ neutron_db_username }}'@'%' identified by '{{ neutron_db_password }}'"
+
+echo "Creating a user"
+openstack user create --project service --password {{ neutron_db_password }} {{ neutron_db_username }}
+echo "Adding role to user"
+openstack role add admin --project service --user {{ neutron_db_username }}
+echo "Creating a role - done"
+echo "Creating a service"
+openstack service create --name neutron --description "OpenStack Networking" network
+
+echo "Creating internal endpoint"
+openstack endpoint create --region RegionOne \
+      network internal http://neutron-server:{{ neutron_server_port }}
+
+echo "Creating admin endpoint"
+openstack endpoint create --region RegionOne \
+      network admin  http://neutron-server:{{ neutron_server_port }}
+
+echo "Creating public endpoint"
+openstack endpoint create --region RegionOne \
+      network public http://neutron-server:{{ neutron_server_port }}

service/files/neutron.conf.j2

@@ -0,0 +1,82 @@
+# neutron.conf
+[DEFAULT]
+debug = {{ neutron_logging_debug }}
+
+use_stderr = True
+use_syslog = False
+
+bind_host = {{ network_topology["private"]["address"] }}
+bind_port = {{ neutron_server_port }}
+
+api_paste_config = /usr/share/neutron/api-paste.ini
+endpoint_type = internalURL
+
+metadata_proxy_socket = /var/lib/neutron/ccp/metadata_proxy
+
+{% if neutron_plugin_agent == "openvswitch" %}
+interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
+{% elif neutron_plugin_agent == "linuxbridge" %}
+interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
+{% endif %}
+
+{% if enable_nova_fake | bool %}
+ovs_integration_bridge = br-int-{{ item }}
+host = {{ ansible_hostname }}_{{ item }}
+{% endif %}
+
+allow_overlapping_ips = true
+core_plugin = ml2
+service_plugins = router{% if enable_neutron_lbaas | bool %},neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2{% endif %}{% if enable_neutron_qos | bool %},qos{% endif %}
+
+{% if enable_neutron_lbaas | bool %}
+[service_providers]
+service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
+{% endif %}
+
+[nova]
+auth_url = http://keystone:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+region_name = RegionOne
+project_name = service
+username = {{ nova_db_username }}
+password = {{ nova_db_password }}
+endpoint_type = internal
+
+[oslo_concurrency]
+lock_path = /var/lib/neutron/tmp
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_ha_queues = true
+# Here we should have a list of RBMQ servers, but for now 1 is ok
+# FIXME
+rabbit_hosts = rabbitmq:{{ rabbitmq_port }}
+
+[agent]
+root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
+
+[database]
+connection = mysql+pymysql://{{ neutron_db_username }}:{{ neutron_db_password }}@mariadb/{{ neutron_db_name }}
+max_retries = -1
+
+[keystone_authtoken]
+auth_uri = http://keystone:{{ keystone_public_port }}
+auth_url = http://keystone:{{ keystone_admin_port }}
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = {{ neutron_db_username }}
+password = {{ neutron_db_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ memcache_secret_key }}
+# Here we should have a list of memcached servers, but for now 1 is ok
+memcached_servers = memcached:11211
+
+
+[oslo_messaging_notifications]
+driver = noop

service/neutron-dhcp-agent.yaml

@@ -0,0 +1,47 @@
+service:
+    name: neutron-dhcp-agent
+    container:
+        host-net: "true"
+        privileged: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    volumes:
+      - name: run
+        type: host
+        path: /run
+      - name: netns
+        type: host
+        path: /run/netns
+      - name: metadata-socket
+        type: host
+        path: /var/lib/neutron/ccp
+    daemon:
+        command: neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini
+        dependencies:
+            - neutron-db-sync
+            - rabbitmq
+        files:
+            - neutron.conf
+            - ml2-conf.ini
+            - dhcp-agent.ini
+            - dnsmasq.conf
+files:
+    neutron.conf:
+        path: /etc/neutron/neutron.conf
+        content: neutron.conf.j2
+        perm: "0600"
+    ml2-conf.ini:
+        path: /etc/neutron/plugins/ml2/ml2_conf.ini
+        content: ml2_conf.ini.j2
+        perm: "0600"
+    dhcp-agent.ini:
+        path: /etc/neutron/dhcp_agent.ini
+        content: dhcp_agent.ini.j2
+        perm: "0600"
+    dnsmasq.conf:
+        path: /etc/neutron/dnsmasq.conf
+        content: dnsmasq.conf.j2
+        perm: "0600"

service/neutron-l3-agent.yaml

@@ -0,0 +1,47 @@
+service:
+    name: neutron-l3-agent
+    container:
+        host-net: "true"
+        privileged: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    volumes:
+      - name: run
+        type: host
+        path: /run
+      - name: netns
+        type: host
+        path: /run/netns
+      - name: metadata-socket
+        type: host
+        path: /var/lib/neutron/ccp
+    daemon:
+        command: neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+        dependencies:
+            - neutron-db-sync
+            - rabbitmq
+        files:
+            - neutron.conf
+            - ml2-conf.ini
+            - l3-agent.ini
+            - fwaas-driver.ini
+files:
+    neutron.conf:
+        path: /etc/neutron/neutron.conf
+        content: neutron.conf.j2
+        perm: "0600"
+    ml2-conf.ini:
+        path: /etc/neutron/plugins/ml2/ml2_conf.ini
+        content: ml2_conf.ini.j2
+        perm: "0600"
+    l3-agent.ini:
+        path: /etc/neutron/l3_agent.ini
+        content: l3_agent.ini.j2
+        perm: "0600"
+    fwaas-driver.ini:
+        path: /etc/neutron/fwaas_driver.ini
+        content: fwaas_driver.ini.j2
+        perm: "0600"

service/neutron-metadata-agent.yaml

@@ -0,0 +1,47 @@
+service:
+    name: neutron-metadata-agent
+    container:
+        host-net: "true"
+        privileged: "true"
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    volumes:
+      - name: netns
+        type: host
+        path: /run/netns
+      - name: metadata-socket
+        type: host
+        path: /var/lib/neutron/ccp
+    pre:
+        - name: metadata-agent-bootstrap
+          command: /tmp/metadata-agent-bootstrap.sh
+    daemon:
+        command: neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini
+        dependencies:
+            - neutron-db-sync
+            - rabbitmq
+        files:
+            - neutron.conf
+            - ml2-conf.ini
+            - metadata-agent.ini
+            - metadata-agent-bootstrap.sh
+files:
+    neutron.conf:
+        path: /etc/neutron/neutron.conf
+        content: neutron.conf.j2
+        perm: "0600"
+    ml2-conf.ini:
+        path: /etc/neutron/plugins/ml2/ml2_conf.ini
+        content: ml2_conf.ini.j2
+        perm: "0600"
+    metadata-agent.ini:
+        path: /etc/neutron/metadata-agent.ini
+        content: metadata-agent.ini.j2
+        perm: "0600"
+    metadata-agent-bootstrap.sh:
+        path: /tmp/metadata-agent-bootstrap.sh
+        content: metadata-agent-bootstrap.sh
+        perm: "0755"

service/neutron-openvswitch-agent.yaml

@@ -0,0 +1,36 @@
+service:
+    name: neutron-openvswitch-agent
+    container:
+        host-net: "true"
+        privileged: "true"
+        daemonset: "true"
+        node-selector:
+          openstack-compute-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    volumes:
+      - name: run
+        type: host
+        path: /run
+      - name: modules
+        type: host
+        path: /lib/modules
+    daemon:
+        command: neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+        dependencies:
+            - neutron-db-sync
+            - rabbitmq
+            - openvswitch-vswitchd
+        files:
+            - neutron.conf
+            - ml2-conf.ini
+files:
+    neutron.conf:
+        path: /etc/neutron/neutron.conf
+        content: neutron.conf.j2
+        perm: "0600"
+    ml2-conf.ini:
+        path: /etc/neutron/plugins/ml2/ml2_conf.ini
+        content: ml2_conf.ini.j2
+        perm: "0600"

service/neutron-server.yaml

@@ -0,0 +1,49 @@
+service:
+    name: neutron-server
+    ports:
+        - neutron_server_port
+    container:
+        node-selector:
+          openstack-controller: "true"
+    probes:
+        readiness: "true"
+        liveness: "true"
+    pre:
+        - name: neutron-bootstrap
+          dependencies:
+              - mariadb
+              - keystone-create-project
+          type: single
+          command: /tmp/neutron-server-bootstrap.sh
+          files:
+              - neutron-server-bootstrap.sh
+        - name: neutron-db-sync
+          dependencies:
+              - neutron-bootstrap
+          type: single
+          command:
+              neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
+          dependencies:
+              - rabbitmq
+              - neutron-bootstrap
+          files:
+              - neutron.conf
+              - ml2-conf.ini
+    daemon:
+        command: neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+        files:
+            - neutron.conf
+            - ml2-conf.ini
+files:
+    neutron.conf:
+        path: /etc/neutron/neutron.conf
+        content: neutron.conf.j2
+        perm: "0600"
+    ml2-conf.ini:
+        path: /etc/neutron/plugins/ml2/ml2_conf.ini
+        content: ml2_conf.ini.j2
+        perm: "0600"
+    neutron-server-bootstrap.sh:
+        path: /tmp/neutron-server-bootstrap.sh
+        content: neutron-server-bootstrap.sh.j2
+        perm: "0755"

tox.ini

@@ -0,0 +1,9 @@
+[tox]
+minversion = 1.6
+skipsdist = True
+envlist = bashate
+
+[testenv:bashate]
+deps = bashate>=0.2
+whitelist_externals = bash
+commands = bash -c "find {toxinidir} -type f -name '*.sh' -not -path '*/.tox/*' -print0 | xargs -0 bashate -v"