aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/scenario007-multinode-containers.yaml82
-rw-r--r--docker/services/ovn-controller.yaml105
-rw-r--r--docker/services/ovn-dbs.yaml202
-rw-r--r--environments/services-docker/neutron-ovn.yaml27
-rw-r--r--releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml4
5 files changed, 420 insertions, 0 deletions
diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml
new file mode 100644
index 00000000..8e1e6b6c
--- /dev/null
+++ b/ci/environments/scenario007-multinode-containers.yaml
@@ -0,0 +1,82 @@
+resource_registry:
+ OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
+ # NOTE: This is needed because of upgrades from Ocata to Pike. We
+ # deploy the initial environment with Ocata templates, and
+ # overcloud-resource-registry.yaml there doesn't have this Docker
+ # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
+ # remove this.
+ OS::TripleO::Services::Docker: OS::Heat::None
+ OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+ OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+ # Some infra instances don't pass the ping test but are otherwise working.
+ # Since the OVB jobs also test this functionality we can shut it off here.
+ OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
+ OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
+parameter_defaults:
+ ControllerServices:
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Iscsid
+ ControllerExtraConfig:
+ nova::compute::libvirt::services::libvirt_virt_type: qemu
+ nova::compute::libvirt::libvirt_virt_type: qemu
+ # Required for Centos 7.3 and Qemu 2.6.0
+ nova::compute::libvirt::libvirt_cpu_mode: 'none'
+ # For OVN.
+ NeutronMechanismDrivers: ovn
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
+ NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vlan,flat,vxlan'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'
+ NeutronVniRanges: ['1:65536', ]
+ OVNBridgeMappings: 'datacentre:br-ex'
+ Debug: true
+ BannerText: |
+ ******************************************************************
+ * This system is for the use of authorized users only. Usage of *
+ * this system may be monitored and recorded by system personnel. *
+ * Anyone using this system expressly consents to such monitoring *
+ * and is advised that if such monitoring reveals possible *
+ * evidence of criminal activity, system personnel may provide *
+ * the evidence from such monitoring to law enforcement officials.*
+ ******************************************************************
+ # we don't deploy Swift so we switch to file backend.
+ GlanceBackend: 'file'
+ IronicCleaningDiskErase: 'metadata'
+ NotificationDriver: 'noop'
diff --git a/docker/services/ovn-controller.yaml b/docker/services/ovn-controller.yaml
new file mode 100644
index 00000000..c5c365e2
--- /dev/null
+++ b/docker/services/ovn-controller.yaml
@@ -0,0 +1,105 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ovn Controller agent.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ DockerOvnControllerImage:
+ description: image
+ type: string
+ DockerOvnControllerConfigImage:
+ description: The container image to use for the ovn_controller config_volume
+ type: string
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OvnControllerBase:
+ type: ../../puppet/services/ovn-controller.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ovn Controller agent.
+ value:
+ service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OvnControllerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [OvnControllerBase, role_data, step_config]
+ service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ puppet_tags: vs_config
+ config_volume: ovn_controller
+ step_config: *step_config
+ config_image: {get_param: DockerOvnControllerConfigImage}
+ # We need to mount /run for puppet_config step. This is because
+ # puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
+ # to configure the required parameters in ovs db which will be read
+ # by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
+ # on the unix domain socket - /run/openvswitch/db.sock
+ volumes:
+ - /lib/modules:/lib/modules:ro
+ - /run/openvswitch:/run/openvswitch
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_controller.json:
+ command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ docker_config:
+ step_4:
+ ovn_controller:
+ image: {get_param: DockerOvnControllerImage}
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /run/openvswitch:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable ovn-controller service
+ tags: step2
+ service: name=ovn-controller state=stopped enabled=no
diff --git a/docker/services/ovn-dbs.yaml b/docker/services/ovn-dbs.yaml
new file mode 100644
index 00000000..f6ac62ed
--- /dev/null
+++ b/docker/services/ovn-dbs.yaml
@@ -0,0 +1,202 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ovn DBs service
+
+parameters:
+ DockerOvnNbDbImage:
+ description: image
+ type: string
+ DockerOvnSbDbImage:
+ description: image
+ type: string
+ DockerOvnNorthdImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OVNDbsBase:
+ type: ../../puppet/services/ovn-dbs.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the OVN Dbs role.
+ value:
+ service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OVNDbsBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [OVNDbsBase, role_data, step_config]
+ # BEGIN DOCKER SETTINGS
+ # puppet_config is not required for this service since we configure
+ # the NB and SB DB servers to listen on the proper IP address/port
+ # in the docker_config section.
+ # puppet_config is defined to satisfy the pep8 validations.
+ puppet_config:
+ config_volume: ''
+ config_image: ''
+ step_config: *step_config
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_north_db_server.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/sbin/ovsdb-server'
+ - '/var/lib/openvswitch/ovnnb.db'
+ - '--pidfile=/run/openvswitch/ovnnb_db.pid'
+ - '-vconsole:emer -vsyslog:err -vfile:info'
+ - '--remote=punix:/run/openvswitch/ovnnb_db.sock'
+ - '--unixctl=/run/openvswitch/ovnnb_db.ctl'
+ - '--remote=db:OVN_Northbound,NB_Global,connections'
+ - '--private-key=db:OVN_Northbound,SSL,private_key'
+ - '--certificate=db:OVN_Northbound,SSL,certificate'
+ - '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
+ - '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ /var/lib/kolla/config_files/ovn_south_db_server.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/sbin/ovsdb-server'
+ - '/var/lib/openvswitch/ovnsb.db'
+ - '--pidfile=/run/openvswitch/ovnsb_db.pid'
+ - '-vconsole:emer -vsyslog:err -vfile:info'
+ - '--remote=punix:/run/openvswitch/ovnsb_db.sock'
+ - '--unixctl=/run/openvswitch/ovnsb_db.ctl'
+ - '--remote=db:OVN_Southbound,SB_Global,connections'
+ - '--private-key=db:OVN_Southbound,SSL,private_key'
+ - '--certificate=db:OVN_Southbound,SSL,certificate'
+ - '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
+ - '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ /var/lib/kolla/config_files/ovn_northd.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
+ - '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
+ - '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
+ - '--log-file=/var/log/openvswitch/ovn-northd.log'
+ - '--pidfile=/run/openvswitch/ovn-northd.pid'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ docker_config:
+ step_4:
+ ovn_north_db_server:
+ start_order: 0
+ image: {get_param: DockerOvnNbDbImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ ovn_south_db_server:
+ start_order: 0
+ image: {get_param: DockerOvnSbDbImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ configure_ovn_north_db_server:
+ start_order: 1
+ action: exec
+ user: root
+ command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
+ configure_ovn_south_db_server:
+ start_order: 1
+ action: exec
+ user: root
+ command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
+ ovn_northd:
+ start_order: 2
+ image: {get_param: DockerOvnNorthdImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/openvswitch
+ - /var/lib/openvswitch/ovn
+ upgrade_tasks:
+ - name: Stop and disable ovn-northd service
+ tags: step2
+ service: name=ovn-northd state=stopped enabled=no
diff --git a/environments/services-docker/neutron-ovn.yaml b/environments/services-docker/neutron-ovn.yaml
new file mode 100644
index 00000000..8c8a56c9
--- /dev/null
+++ b/environments/services-docker/neutron-ovn.yaml
@@ -0,0 +1,27 @@
+# A Heat environment that can be used to deploy OVN services with non HA OVN DB servers.
+resource_registry:
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-ovn.yaml
+ OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
+ OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
+# Disabling Neutron services that overlap with OVN
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None
+
+
+parameter_defaults:
+ NeutronMechanismDrivers: ovn
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
+ NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,ovn-router'
+ NeutronVniRanges: ['1:65536', ]
+ DockerNeutronApiImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
+ DockerNeutronConfigImage: 'tripleoupstream/centos-binary-neutron-server-ovn:latest'
diff --git a/releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml b/releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml
new file mode 100644
index 00000000..25fd2fbe
--- /dev/null
+++ b/releasenotes/notes/ovn-container-support-3ab333fff6e90dc4.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - Support containerized ovn-controller
+ - Support containerized OVN Dbs without HA