From a82443481e17edecda728f8698f8b401ec910546 Mon Sep 17 00:00:00 2001 From: Will Szumski Date: Thu, 3 Nov 2022 15:53:32 +0000 Subject: [PATCH] Adds a wrapper script to run ovs-vsctl commands in the container Libvirt needs to be able to plug ports into openvswitch bridges. It does this using the ovs-vsctl command, which it searches for in $PATH[1, 2]. This change will optionally install a wrapper script that executes the ovs-vsctl commands in the context of the openvswitchd container. This is useful when running libvirt on the host whilst still running openvswitch in a container. The advantage of this method over install the packages on the host is that it ensures client compatability with the daemon. The default is set to false as the wrapper could overwrite ovs-vsctl installed on the host. [1] https://github.com/libvirt/libvirt/blob/ee51ab86c2e52b6ff1b17a4c7ad11439fd610c9e/src/util/virnetdevopenvswitch.c#L59 [2] https://github.com/libvirt/libvirt/blob/a89b17c2a75cfbaeb9e430f88e0f8a7475eb4f54/docs/kbase/internals/command.rst#id3 Closes-Bug: #1995409 Change-Id: Iaa6bfb012ae847f5f6aa0a1fc1c27970ac265f93 --- ansible/roles/openvswitch/defaults/main.yml | 2 ++ ansible/roles/openvswitch/tasks/config.yml | 13 +++++++++++++ .../roles/openvswitch/templates/ovs-vsctl.j2 | 3 +++ doc/source/reference/compute/libvirt-guide.rst | 17 +++++++++++++++++ ...adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml | 6 ++++++ 5 files changed, 41 insertions(+) create mode 100644 ansible/roles/openvswitch/templates/ovs-vsctl.j2 create mode 100644 releasenotes/notes/adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml diff --git a/ansible/roles/openvswitch/defaults/main.yml b/ansible/roles/openvswitch/defaults/main.yml index ba765f0499..06b1e566ef 100644 --- a/ansible/roles/openvswitch/defaults/main.yml +++ b/ansible/roles/openvswitch/defaults/main.yml @@ -96,6 +96,8 @@ openvswitch_extra_volumes: "{{ default_extra_volumes }}" openvswitch_db_extra_volumes: "{{ openvswitch_extra_volumes }}" openvswitch_vswitchd_extra_volumes: "{{ openvswitch_extra_volumes }}" +openvswitch_ovs_vsctl_wrapper_enabled: false + ############# # OpenvSwitch ############# diff --git a/ansible/roles/openvswitch/tasks/config.yml b/ansible/roles/openvswitch/tasks/config.yml index 4089234fe5..56507617fe 100644 --- a/ansible/roles/openvswitch/tasks/config.yml +++ b/ansible/roles/openvswitch/tasks/config.yml @@ -52,3 +52,16 @@ - service.enabled | bool notify: - "Restart openvswitch-db-server container" + +- name: Copying over ovs-vsctl wrapper + vars: + service: "{{ openvswitch_services['openvswitch-vswitchd'] }}" + template: + src: "ovs-vsctl.j2" + dest: "/usr/bin/ovs-vsctl" + mode: "0755" + become: true + when: + - service.host_in_groups | bool + - service.enabled | bool + - openvswitch_ovs_vsctl_wrapper_enabled | bool diff --git a/ansible/roles/openvswitch/templates/ovs-vsctl.j2 b/ansible/roles/openvswitch/templates/ovs-vsctl.j2 new file mode 100644 index 0000000000..85f7f42ee2 --- /dev/null +++ b/ansible/roles/openvswitch/templates/ovs-vsctl.j2 @@ -0,0 +1,3 @@ +#!/bin/bash + +exec docker exec openvswitch_vswitchd ovs-vsctl "$@" diff --git a/doc/source/reference/compute/libvirt-guide.rst b/doc/source/reference/compute/libvirt-guide.rst index 690d6bce44..013210c043 100644 --- a/doc/source/reference/compute/libvirt-guide.rst +++ b/doc/source/reference/compute/libvirt-guide.rst @@ -54,6 +54,23 @@ libvirt as a host daemon. However, since the Yoga release, if a libvirt daemon has already been set up, then Kolla Ansible may be configured to use it. This may be achieved by setting ``enable_nova_libvirt_container`` to ``false``. +When the firewall driver is set to ``openvswitch``, libvirt will plug VMs +directly into the integration bridge, ``br-int``. To do this it uses the +``ovs-vsctl`` utility. The search path for this binary is controlled by the +``$PATH`` environment variable (as seen by the libvirt process). There are a +few options to ensure that this binary can be found: + +* Set ``openvswitch_ovs_vsctl_wrapper_enabled`` to ``True``. This will install + a wrapper script to the path: ``/usr/bin/ovs-vsctl`` that will execute + ``ovs-vsctl`` in the context of the ``openvswitch_vswitchd`` container. This + option is useful if you do not have openvswitch installed on the host. It + also has the advantage that the ``ovs-vsctl`` utility will match the version + of the server. + +* Install openvswitch on the hypervisor. Kolla mounts ``/run/openvswitch`` from + the host into the ``openvswitch_vswitchd`` container. This means that socket + is in the location ``ovs-vsctl`` expects with its default options. + Migration from container to host ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/releasenotes/notes/adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml b/releasenotes/notes/adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml new file mode 100644 index 0000000000..56c4a16593 --- /dev/null +++ b/releasenotes/notes/adds-ovs-vsctl-wrapper-da3dbbb19d5cc6f5.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds a new flag, ``openvswitch_ovs_vsctl_wrapper_enabled`` which will + install a wrapper script to ``/usr/bin/ovs-vsctl`` to docker exec into + the openvswitchd container.