summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
authorNuman Siddique <nusiddiq@redhat.com>2017-07-13 20:46:45 +0530
committerEmilien Macchi <emilien@redhat.com>2017-08-28 02:57:13 +0000
commitf923d8d90614091aa2f63ea233fbc8e3b33c2a83 (patch)
tree5c79fe4fc147a956bf6f73a765508625c381f887 /docker
parent98f578b7789cb4edef1090574ab7ab854f886fed (diff)
Support deploying OVN as container services
This patch adds the support to containerize OVN services for the base profile. OVN db servers do not support active-active mode yet. It does support master-slave mode supported through pacemaker, which will be supported in a later patch. Presently the tripleo container framework doesn't allow to start a container in only controller 0 (or bootstrap node). OVN db servers and ovn-northd are started on all the controllers, but only the OVN db servers running in the boot strap controller are configured to listen on the tcp ports 6641 and 6642. OVN neutron mechanism driver and ovn-controller's use the ovn_dbs_vip to connect to the OVN db servers. Haproxy configures all the controllers as back ends, but only OVN db servers running on controller 0 respond since only they are configured properly. The OVN containers running on other controller nodes do not interact any way, but are wasteful resources. This patch also adds the scenario007-multinode-containers CI template. Partial-bug: #1699085 Change-Id: I98b85191cc1fd8c2b166924044d704e79a4c4c8a (cherry picked from commit e7cd03d2f0fcd8e3069246ced94f1a83869b8bea)
Diffstat (limited to 'docker')
-rw-r--r--docker/services/ovn-controller.yaml105
-rw-r--r--docker/services/ovn-dbs.yaml202
2 files changed, 307 insertions, 0 deletions
diff --git a/docker/services/ovn-controller.yaml b/docker/services/ovn-controller.yaml
new file mode 100644
index 00000000..c5c365e2
--- /dev/null
+++ b/docker/services/ovn-controller.yaml
@@ -0,0 +1,105 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ovn Controller agent.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ DockerOvnControllerImage:
+ description: image
+ type: string
+ DockerOvnControllerConfigImage:
+ description: The container image to use for the ovn_controller config_volume
+ type: string
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OvnControllerBase:
+ type: ../../puppet/services/ovn-controller.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ovn Controller agent.
+ value:
+ service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OvnControllerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [OvnControllerBase, role_data, step_config]
+ service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ puppet_tags: vs_config
+ config_volume: ovn_controller
+ step_config: *step_config
+ config_image: {get_param: DockerOvnControllerConfigImage}
+ # We need to mount /run for puppet_config step. This is because
+ # puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
+ # to configure the required parameters in ovs db which will be read
+ # by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
+ # on the unix domain socket - /run/openvswitch/db.sock
+ volumes:
+ - /lib/modules:/lib/modules:ro
+ - /run/openvswitch:/run/openvswitch
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_controller.json:
+ command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ docker_config:
+ step_4:
+ ovn_controller:
+ image: {get_param: DockerOvnControllerImage}
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /run/openvswitch:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable ovn-controller service
+ tags: step2
+ service: name=ovn-controller state=stopped enabled=no
diff --git a/docker/services/ovn-dbs.yaml b/docker/services/ovn-dbs.yaml
new file mode 100644
index 00000000..f6ac62ed
--- /dev/null
+++ b/docker/services/ovn-dbs.yaml
@@ -0,0 +1,202 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ovn DBs service
+
+parameters:
+ DockerOvnNbDbImage:
+ description: image
+ type: string
+ DockerOvnSbDbImage:
+ description: image
+ type: string
+ DockerOvnNorthdImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OVNDbsBase:
+ type: ../../puppet/services/ovn-dbs.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the OVN Dbs role.
+ value:
+ service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OVNDbsBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [OVNDbsBase, role_data, step_config]
+ # BEGIN DOCKER SETTINGS
+ # puppet_config is not required for this service since we configure
+ # the NB and SB DB servers to listen on the proper IP address/port
+ # in the docker_config section.
+ # puppet_config is defined to satisfy the pep8 validations.
+ puppet_config:
+ config_volume: ''
+ config_image: ''
+ step_config: *step_config
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_north_db_server.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/sbin/ovsdb-server'
+ - '/var/lib/openvswitch/ovnnb.db'
+ - '--pidfile=/run/openvswitch/ovnnb_db.pid'
+ - '-vconsole:emer -vsyslog:err -vfile:info'
+ - '--remote=punix:/run/openvswitch/ovnnb_db.sock'
+ - '--unixctl=/run/openvswitch/ovnnb_db.ctl'
+ - '--remote=db:OVN_Northbound,NB_Global,connections'
+ - '--private-key=db:OVN_Northbound,SSL,private_key'
+ - '--certificate=db:OVN_Northbound,SSL,certificate'
+ - '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
+ - '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ /var/lib/kolla/config_files/ovn_south_db_server.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/sbin/ovsdb-server'
+ - '/var/lib/openvswitch/ovnsb.db'
+ - '--pidfile=/run/openvswitch/ovnsb_db.pid'
+ - '-vconsole:emer -vsyslog:err -vfile:info'
+ - '--remote=punix:/run/openvswitch/ovnsb_db.sock'
+ - '--unixctl=/run/openvswitch/ovnsb_db.ctl'
+ - '--remote=db:OVN_Southbound,SB_Global,connections'
+ - '--private-key=db:OVN_Southbound,SSL,private_key'
+ - '--certificate=db:OVN_Southbound,SSL,certificate'
+ - '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
+ - '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ /var/lib/kolla/config_files/ovn_northd.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
+ - '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
+ - '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
+ - '--log-file=/var/log/openvswitch/ovn-northd.log'
+ - '--pidfile=/run/openvswitch/ovn-northd.pid'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ docker_config:
+ step_4:
+ ovn_north_db_server:
+ start_order: 0
+ image: {get_param: DockerOvnNbDbImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ ovn_south_db_server:
+ start_order: 0
+ image: {get_param: DockerOvnSbDbImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ configure_ovn_north_db_server:
+ start_order: 1
+ action: exec
+ user: root
+ command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
+ configure_ovn_south_db_server:
+ start_order: 1
+ action: exec
+ user: root
+ command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
+ ovn_northd:
+ start_order: 2
+ image: {get_param: DockerOvnNorthdImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/openvswitch
+ - /var/lib/openvswitch/ovn
+ upgrade_tasks:
+ - name: Stop and disable ovn-northd service
+ tags: step2
+ service: name=ovn-northd state=stopped enabled=no