diff options
Diffstat (limited to 'docker')
-rwxr-xr-x | docker/docker-puppet.py | 1 | ||||
-rw-r--r-- | docker/services/neutron-ovs-agent.yaml | 31 | ||||
-rw-r--r-- | docker/services/ovn-controller.yaml | 105 | ||||
-rw-r--r-- | docker/services/ovn-dbs.yaml | 202 |
4 files changed, 339 insertions, 0 deletions
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index fadd12d3..4659cf53 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -248,6 +248,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume dcmd = ['/usr/bin/docker', 'run', '--user', 'root', '--name', 'docker-puppet-%s' % config_volume, + '--health-cmd', '/bin/true', '--env', 'PUPPET_TAGS=%s' % puppet_tags, '--env', 'NAME=%s' % config_volume, '--env', 'HOSTNAME=%s' % short_hostname(), diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 4cce23d9..81bb1c20 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -78,6 +78,37 @@ outputs: owner: neutron:neutron recurse: true docker_config: + step_3: + neutron_ovs_bridge: + detach: false + image: {get_param: DockerNeutronConfigImage} + net: host + pid: host + user: root + privileged: true + command: + - puppet + - apply + - --modulepath + - /etc/puppet/modules:/usr/share/openstack-puppet/modules + - --tags + - file,file_line,concat,augeas,neutron::plugins::ovs::bridge + - -v + - -e + - include neutron::agents::ml2::ovs + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /etc/puppet:/etc/puppet:ro + - /usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro + - /var/run/openvswitch/db.sock:/var/run/openvswitch/db.sock + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_4: neutron_ovs_agent: image: {get_param: DockerOpenvswitchImage} diff --git a/docker/services/ovn-controller.yaml b/docker/services/ovn-controller.yaml new file mode 100644 index 00000000..c5c365e2 --- /dev/null +++ b/docker/services/ovn-controller.yaml @@ -0,0 +1,105 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ovn Controller agent. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + DockerOvnControllerImage: + description: image + type: string + DockerOvnControllerConfigImage: + description: The container image to use for the ovn_controller config_volume + type: string + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OvnControllerBase: + type: ../../puppet/services/ovn-controller.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ovn Controller agent. + value: + service_name: {get_attr: [OvnControllerBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [OvnControllerBase, role_data, config_settings] + step_config: &step_config + get_attr: [OvnControllerBase, role_data, step_config] + service_config_settings: {get_attr: [OvnControllerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + puppet_tags: vs_config + config_volume: ovn_controller + step_config: *step_config + config_image: {get_param: DockerOvnControllerConfigImage} + # We need to mount /run for puppet_config step. This is because + # puppet-vswitch runs the commands "ovs-vsctl set open_vswitch . external_ids:..." + # to configure the required parameters in ovs db which will be read + # by ovn-controller. And ovs-vsctl talks to the ovsdb-server (hosting conf.db) + # on the unix domain socket - /run/openvswitch/db.sock + volumes: + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch + kolla_config: + /var/lib/kolla/config_files/ovn_controller.json: + command: /usr/bin/ovn-controller --pidfile --log-file unix:/run/openvswitch/db.sock + permissions: + - path: /var/log/openvswitch + owner: root:root + recurse: true + docker_config: + step_4: + ovn_controller: + image: {get_param: DockerOvnControllerImage} + net: host + privileged: true + user: root + restart: always + volumes: + - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch + - /var/log/containers/openvswitch:/var/log/openvswitch + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable ovn-controller service + tags: step2 + service: name=ovn-controller state=stopped enabled=no diff --git a/docker/services/ovn-dbs.yaml b/docker/services/ovn-dbs.yaml new file mode 100644 index 00000000..f6ac62ed --- /dev/null +++ b/docker/services/ovn-dbs.yaml @@ -0,0 +1,202 @@ +heat_template_version: pike + +description: > + OpenStack containerized Ovn DBs service + +parameters: + DockerOvnNbDbImage: + description: image + type: string + DockerOvnSbDbImage: + description: image + type: string + DockerOvnNorthdImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OVNDbsBase: + type: ../../puppet/services/ovn-dbs.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the OVN Dbs role. + value: + service_name: {get_attr: [OVNDbsBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [OVNDbsBase, role_data, config_settings] + step_config: &step_config + get_attr: [OVNDbsBase, role_data, step_config] + # BEGIN DOCKER SETTINGS + # puppet_config is not required for this service since we configure + # the NB and SB DB servers to listen on the proper IP address/port + # in the docker_config section. + # puppet_config is defined to satisfy the pep8 validations. + puppet_config: + config_volume: '' + config_image: '' + step_config: *step_config + kolla_config: + /var/lib/kolla/config_files/ovn_north_db_server.json: + command: + list_join: + - ' ' + - - '/usr/sbin/ovsdb-server' + - '/var/lib/openvswitch/ovnnb.db' + - '--pidfile=/run/openvswitch/ovnnb_db.pid' + - '-vconsole:emer -vsyslog:err -vfile:info' + - '--remote=punix:/run/openvswitch/ovnnb_db.sock' + - '--unixctl=/run/openvswitch/ovnnb_db.ctl' + - '--remote=db:OVN_Northbound,NB_Global,connections' + - '--private-key=db:OVN_Northbound,SSL,private_key' + - '--certificate=db:OVN_Northbound,SSL,certificate' + - '--ca-cert=db:OVN_Northbound,SSL,ca_cert' + - '--log-file=/var/log/openvswitch/ovsdb-server-nb.log' + permissions: + - path: /var/log/openvswitch + owner: root:root + recurse: true + /var/lib/kolla/config_files/ovn_south_db_server.json: + command: + list_join: + - ' ' + - - '/usr/sbin/ovsdb-server' + - '/var/lib/openvswitch/ovnsb.db' + - '--pidfile=/run/openvswitch/ovnsb_db.pid' + - '-vconsole:emer -vsyslog:err -vfile:info' + - '--remote=punix:/run/openvswitch/ovnsb_db.sock' + - '--unixctl=/run/openvswitch/ovnsb_db.ctl' + - '--remote=db:OVN_Southbound,SB_Global,connections' + - '--private-key=db:OVN_Southbound,SSL,private_key' + - '--certificate=db:OVN_Southbound,SSL,certificate' + - '--ca-cert=db:OVN_Southbound,SSL,ca_cert' + - '--log-file=/var/log/openvswitch/ovsdb-server-sb.log' + permissions: + - path: /var/log/openvswitch + owner: root:root + recurse: true + /var/lib/kolla/config_files/ovn_northd.json: + command: + list_join: + - ' ' + - - '/usr/bin/ovn-northd -vconsole:emer -vsyslog:err -vfile:info' + - '--ovnnb-db=unix:/run/openvswitch/ovnnb_db.sock' + - '--ovnsb-db=unix:/run/openvswitch/ovnsb_db.sock' + - '--log-file=/var/log/openvswitch/ovn-northd.log' + - '--pidfile=/run/openvswitch/ovn-northd.pid' + permissions: + - path: /var/log/openvswitch + owner: root:root + recurse: true + docker_config: + step_4: + ovn_north_db_server: + start_order: 0 + image: {get_param: DockerOvnNbDbImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro + - /lib/modules:/lib/modules:ro + - /var/lib/openvswitch/ovn:/var/lib/openvswitch + - /var/lib/openvswitch/ovn:/run/openvswitch + - /var/log/containers/openvswitch:/var/log/openvswitch + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + ovn_south_db_server: + start_order: 0 + image: {get_param: DockerOvnSbDbImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ovn_south_db_server.json:/var/lib/kolla/config_files/config.json:ro + - /lib/modules:/lib/modules:ro + - /var/lib/openvswitch/ovn:/var/lib/openvswitch + - /var/lib/openvswitch/ovn:/run/openvswitch + - /var/log/containers/openvswitch:/var/log/openvswitch + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + configure_ovn_north_db_server: + start_order: 1 + action: exec + user: root + command: ['ovn_north_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; NB_DB_PORT=`hiera ovn::northbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-nbctl set-connection ptcp:$NB_DB_PORT:$DBS_LISTEN_IP'] + configure_ovn_south_db_server: + start_order: 1 + action: exec + user: root + command: ['ovn_south_db_server', '/bin/bash', '-c', 'DBS_LISTEN_IP=`hiera ovn::northd::dbs_listen_ip -c /etc/puppet/hiera.yaml`; SB_DB_PORT=`hiera ovn::southbound::port -c /etc/puppet/hiera.yaml`; /usr/bin/bootstrap_host_exec ovn_dbs ovn-sbctl set-connection ptcp:$SB_DB_PORT:$DBS_LISTEN_IP'] + ovn_northd: + start_order: 2 + image: {get_param: DockerOvnNorthdImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/ovn_northd.json:/var/lib/kolla/config_files/config.json:ro + - /lib/modules:/lib/modules:ro + - /var/lib/openvswitch/ovn:/run/openvswitch + - /var/log/containers/openvswitch:/var/log/openvswitch + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/openvswitch + - /var/lib/openvswitch/ovn + upgrade_tasks: + - name: Stop and disable ovn-northd service + tags: step2 + service: name=ovn-northd state=stopped enabled=no |