summaryrefslogtreecommitdiffstats
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rwxr-xr-xdocker/docker-puppet.py1
-rw-r--r--docker/services/neutron-ovs-agent.yaml31
-rw-r--r--docker/services/ovn-controller.yaml105
-rw-r--r--docker/services/ovn-dbs.yaml202
4 files changed, 339 insertions, 0 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index fadd12d3..4659cf53 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -248,6 +248,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
dcmd = ['/usr/bin/docker', 'run',
'--user', 'root',
'--name', 'docker-puppet-%s' % config_volume,
+ '--health-cmd', '/bin/true',
'--env', 'PUPPET_TAGS=%s' % puppet_tags,
'--env', 'NAME=%s' % config_volume,
'--env', 'HOSTNAME=%s' % short_hostname(),
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 4cce23d9..81bb1c20 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -78,6 +78,37 @@ outputs:
owner: neutron:neutron
recurse: true
docker_config:
+ step_3:
+ neutron_ovs_bridge:
+ detach: false
+ image: {get_param: DockerNeutronConfigImage}
+ net: host
+ pid: host
+ user: root
+ privileged: true
+ command:
+ - puppet
+ - apply
+ - --modulepath
+ - /etc/puppet/modules:/usr/share/openstack-puppet/modules
+ - --tags
+ - file,file_line,concat,augeas,neutron::plugins::ovs::bridge
+ - -v
+ - -e
+ - include neutron::agents::ml2::ovs
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro
+ - /lib/modules:/lib/modules:ro
+ - /run:/run
+ - /etc/puppet:/etc/puppet:ro
+ - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro
+ - /var/run/openvswitch/db.sock:/var/run/openvswitch/db.sock
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
step_4:
neutron_ovs_agent:
image: {get_param: DockerOpenvswitchImage}
diff --git a/docker/services/ovn-controller.yaml b/docker/services/ovn-controller.yaml
new file mode 100644
index 00000000..c5c365e2
--- /dev/null
+++ b/docker/services/ovn-controller.yaml
@@ -0,0 +1,105 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ovn Controller agent.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ DockerOvnControllerImage:
+ description: image
+ type: string
+ DockerOvnControllerConfigImage:
+ description: The container image to use for the ovn_controller config_volume
+ type: string
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OvnControllerBase:
+ type: ../../puppet/services/ovn-controller.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ovn Controller agent.
+ value:
+ service_name: {get_attr: [OvnControllerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OvnControllerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [OvnControllerBase, role_data, step_config]
+ service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ puppet_tags: vs_config
+ config_volume: ovn_controller
+ step_config: *step_config
+ config_image: {get_param: DockerOvnControllerConfigImage}
+ # We need to mount /run for puppet_config step. This is because
+ # puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..."
+ # to configure the required parameters in ovs db which will be read
+ # by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db)
+ # on the unix domain socket - /run/openvswitch/db.sock
+ volumes:
+ - /lib/modules:/lib/modules:ro
+ - /run/openvswitch:/run/openvswitch
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_controller.json:
+ command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ docker_config:
+ step_4:
+ ovn_controller:
+ image: {get_param: DockerOvnControllerImage}
+ net: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /run/openvswitch:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable ovn-controller service
+ tags: step2
+ service: name=ovn-controller state=stopped enabled=no
diff --git a/docker/services/ovn-dbs.yaml b/docker/services/ovn-dbs.yaml
new file mode 100644
index 00000000..f6ac62ed
--- /dev/null
+++ b/docker/services/ovn-dbs.yaml
@@ -0,0 +1,202 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ovn DBs service
+
+parameters:
+ DockerOvnNbDbImage:
+ description: image
+ type: string
+ DockerOvnSbDbImage:
+ description: image
+ type: string
+ DockerOvnNorthdImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ OVNDbsBase:
+ type: ../../puppet/services/ovn-dbs.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the OVN Dbs role.
+ value:
+ service_name: {get_attr: [OVNDbsBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [OVNDbsBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [OVNDbsBase, role_data, step_config]
+ # BEGIN DOCKER SETTINGS
+ # puppet_config is not required for this service since we configure
+ # the NB and SB DB servers to listen on the proper IP address/port
+ # in the docker_config section.
+ # puppet_config is defined to satisfy the pep8 validations.
+ puppet_config:
+ config_volume: ''
+ config_image: ''
+ step_config: *step_config
+ kolla_config:
+ /var/lib/kolla/config_files/ovn_north_db_server.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/sbin/ovsdb-server'
+ - '/var/lib/openvswitch/ovnnb.db'
+ - '--pidfile=/run/openvswitch/ovnnb_db.pid'
+ - '-vconsole:emer -vsyslog:err -vfile:info'
+ - '--remote=punix:/run/openvswitch/ovnnb_db.sock'
+ - '--unixctl=/run/openvswitch/ovnnb_db.ctl'
+ - '--remote=db:OVN_Northbound,NB_Global,connections'
+ - '--private-key=db:OVN_Northbound,SSL,private_key'
+ - '--certificate=db:OVN_Northbound,SSL,certificate'
+ - '--ca-cert=db:OVN_Northbound,SSL,ca_cert'
+ - '--log-file=/var/log/openvswitch/ovsdb-server-nb.log'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ /var/lib/kolla/config_files/ovn_south_db_server.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/sbin/ovsdb-server'
+ - '/var/lib/openvswitch/ovnsb.db'
+ - '--pidfile=/run/openvswitch/ovnsb_db.pid'
+ - '-vconsole:emer -vsyslog:err -vfile:info'
+ - '--remote=punix:/run/openvswitch/ovnsb_db.sock'
+ - '--unixctl=/run/openvswitch/ovnsb_db.ctl'
+ - '--remote=db:OVN_Southbound,SB_Global,connections'
+ - '--private-key=db:OVN_Southbound,SSL,private_key'
+ - '--certificate=db:OVN_Southbound,SSL,certificate'
+ - '--ca-cert=db:OVN_Southbound,SSL,ca_cert'
+ - '--log-file=/var/log/openvswitch/ovsdb-server-sb.log'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ /var/lib/kolla/config_files/ovn_northd.json:
+ command:
+ list_join:
+ - ' '
+ - - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info'
+ - '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock'
+ - '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock'
+ - '--log-file=/var/log/openvswitch/ovn-northd.log'
+ - '--pidfile=/run/openvswitch/ovn-northd.pid'
+ permissions:
+ - path: /var/log/openvswitch
+ owner: root:root
+ recurse: true
+ docker_config:
+ step_4:
+ ovn_north_db_server:
+ start_order: 0
+ image: {get_param: DockerOvnNbDbImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ ovn_south_db_server:
+ start_order: 0
+ image: {get_param: DockerOvnSbDbImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/var/lib/openvswitch
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ configure_ovn_north_db_server:
+ start_order: 1
+ action: exec
+ user: root
+ command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP']
+ configure_ovn_south_db_server:
+ start_order: 1
+ action: exec
+ user: root
+ command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP']
+ ovn_northd:
+ start_order: 2
+ image: {get_param: DockerOvnNorthdImage}
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/openvswitch/ovn:/run/openvswitch
+ - /var/log/containers/openvswitch:/var/log/openvswitch
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/openvswitch
+ - /var/lib/openvswitch/ovn
+ upgrade_tasks:
+ - name: Stop and disable ovn-northd service
+ tags: step2
+ service: name=ovn-northd state=stopped enabled=no