diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index aed8a3faff..5e8a2187e8 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -118,7 +118,13 @@ nova [neutron-server:children] neutron -[neutron-agents:children] +[neutron-dhcp-agent:children] +neutron + +[neutron-l3-agent:children] +neutron + +[neutron-metadata-agent:children] neutron # Cinder diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index f6069d53fd..0265867db7 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -130,7 +130,13 @@ nova [neutron-server:children] control -[neutron-agents:children] +[neutron-dhcp-agent:children] +neutron + +[neutron-l3-agent:children] +neutron + +[neutron-metadata-agent:children] neutron # Cinder diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index ee58eb09af..a03ebc43ce 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -12,30 +12,38 @@ neutron_database_address: "{{ kolla_internal_address }}" #################### # Docker #################### -neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-server" -neutron_server_tag: "{{ openstack_release }}" -neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}" +neutron_dhcp_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-dhcp-agent" +neutron_dhcp_agent_tag: "{{ openstack_release }}" +neutron_dhcp_agent_image_full: "{{ neutron_dhcp_agent_image }}:{{ neutron_dhcp_agent_tag }}" -neutron_agents_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-agents" -neutron_agents_tag: "{{ openstack_release }}" -neutron_agents_image_full: "{{ neutron_agents_image }}:{{ neutron_agents_tag }}" - -neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-openvswitch-agent" -neutron_openvswitch_agent_tag: "{{ openstack_release }}" -neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}" +neutron_l3_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-l3-agent" +neutron_l3_agent_tag: "{{ openstack_release }}" +neutron_l3_agent_image_full: "{{ neutron_l3_agent_image }}:{{ neutron_l3_agent_tag }}" neutron_linuxbridge_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-linuxbridge-agent" neutron_linuxbridge_agent_tag: "{{ openstack_release }}" neutron_linuxbridge_agent_image_full: "{{ neutron_linuxbridge_agent_image }}:{{ neutron_linuxbridge_agent_tag }}" -openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd" -openvswitch_vswitchd_tag: "{{ openstack_release }}" -openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}" +neutron_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-metadata-agent" +neutron_metadata_agent_tag: "{{ openstack_release }}" +neutron_metadata_agent_image_full: "{{ neutron_metadata_agent_image }}:{{ neutron_metadata_agent_tag }}" + +neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-openvswitch-agent" +neutron_openvswitch_agent_tag: "{{ openstack_release }}" +neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}" + +neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-server" +neutron_server_tag: "{{ openstack_release }}" +neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}" openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server" openvswitch_db_tag: "{{ openstack_release }}" openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}" +openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd" +openvswitch_vswitchd_tag: "{{ openstack_release }}" +openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}" + #################### # Openstack diff --git a/ansible/roles/neutron/tasks/config-neutron-fake.yml b/ansible/roles/neutron/tasks/config-neutron-fake.yml index c04420cb0e..5f2720e8c9 100644 --- a/ansible/roles/neutron/tasks/config-neutron-fake.yml +++ b/ansible/roles/neutron/tasks/config-neutron-fake.yml @@ -14,7 +14,6 @@ with_sequence: start=1 end={{ num_nova_fake_per_node }} when: - inventory_hostname in groups['compute'] - - enable_nova_fake | bool - neutron_plugin_agent == "openvswitch" - name: Copying over neutron.conf @@ -31,7 +30,6 @@ when: - inventory_hostname in groups['compute'] - neutron_plugin_agent == "openvswitch" - - enable_nova_fake | bool - name: Copying over ml2_conf.ini merge_configs: @@ -43,5 +41,3 @@ when: - inventory_hostname in groups['compute'] - neutron_plugin_agent == "openvswitch" - - enable_nova_fake | bool - diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index 62aaa3e104..f7c58baede 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -3,7 +3,7 @@ sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes when: - set_sysctl | bool - - inventory_hostname in groups['neutron-agents'] + - inventory_hostname in groups['neutron-l3-agent'] - name: Disabling reverse path filter on network node sysctl: name="net.ipv4.conf.{{ item }}.rp_filter" value=0 sysctl_set=yes @@ -12,7 +12,7 @@ - "default" when: - set_sysctl | bool - - inventory_hostname in groups['neutron-agents'] + - inventory_hostname in groups['neutron-l3-agent'] - name: Ensuring config directories exist file: @@ -20,8 +20,10 @@ state: "directory" recurse: yes with_items: - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" - "openvswitch-db-server" @@ -32,8 +34,10 @@ src: "{{ item }}.json.j2" dest: "{{ node_config_directory }}/{{ item }}/config.json" with_items: - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" - "openvswitch-db-server" @@ -52,8 +56,10 @@ - "/etc/kolla/config/neutron/{{ item }}.conf" dest: "{{ node_config_directory }}/{{ item }}/neutron.conf" with_items: - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" @@ -66,10 +72,12 @@ - "/etc/kolla/config/neutron/ml2_conf.ini" dest: "{{ node_config_directory }}/{{ item }}/ml2_conf.ini" with_items: - - "neutron-server" - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" + - "neutron-server" - name: Copying over dhcp_agent.ini merge_configs: @@ -80,12 +88,14 @@ - "/etc/kolla/config/neutron/dhcp_agent.ini" dest: "{{ node_config_directory }}/{{ item }}/dhcp_agent.ini" with_items: - - "neutron-agents" + - "neutron-dhcp-agent" - name: Copying over dnsmasq.conf template: src: "dnsmasq.conf.j2" - dest: "{{ node_config_directory }}/neutron-agents/dnsmasq.conf" + dest: "{{ node_config_directory }}/{{ item }}/dnsmasq.conf" + with_items: + - "neutron-dhcp-agent" - name: Copying over l3_agent.ini merge_configs: @@ -96,7 +106,18 @@ - "/etc/kolla/config/neutron/l3_agent.ini" dest: "{{ node_config_directory }}/{{ item }}/l3_agent.ini" with_items: - - "neutron-agents" + - "neutron-l3-agent" + +- name: Copying over fwaas_driver.ini + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/fwaas_driver.ini.j2" + - "/etc/kolla/config/neutron/fwaas_driver.ini" + dest: "{{ node_config_directory }}/{{ item }}/fwaas_driver.ini" + with_items: + - "neutron-l3-agent" - name: Copying over metadata_agent.ini merge_configs: @@ -107,4 +128,4 @@ - "/etc/kolla/config/neutron/metadata_agent.ini" dest: "{{ node_config_directory }}/{{ item }}/metadata_agent.ini" with_items: - - "neutron-agents" + - "neutron-metadata-agent" diff --git a/ansible/roles/neutron/tasks/deploy.yml b/ansible/roles/neutron/tasks/deploy.yml index 19bf5d384e..6b5609c757 100644 --- a/ansible/roles/neutron/tasks/deploy.yml +++ b/ansible/roles/neutron/tasks/deploy.yml @@ -6,9 +6,11 @@ when: inventory_hostname in groups['neutron-server'] - include: config.yml - when: inventory_hostname in groups['compute'] or - inventory_hostname in groups['neutron-agents'] or - inventory_hostname in groups['neutron-server'] + when: inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-server'] - include: config-neutron-fake.yml when: @@ -19,6 +21,8 @@ when: inventory_hostname in groups['neutron-server'] - include: start.yml - when: inventory_hostname in groups['compute'] or - inventory_hostname in groups['neutron-agents'] or - inventory_hostname in groups['neutron-server'] + when: inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-server'] diff --git a/ansible/roles/neutron/tasks/ironic-check.yml b/ansible/roles/neutron/tasks/ironic-check.yml index f32a58a72d..a578ce2c72 100644 --- a/ansible/roles/neutron/tasks/ironic-check.yml +++ b/ansible/roles/neutron/tasks/ironic-check.yml @@ -1,4 +1,6 @@ --- # TODO(SamYaple): run verification checks at start of playbook - fail: msg="neutron_plugin_agent must use openvswitch with Ironic" - when: enable_ironic | bool and neutron_plugin_agent != "openvswitch" + when: + - enable_ironic | bool + - neutron_plugin_agent != "openvswitch" diff --git a/ansible/roles/neutron/tasks/pull.yml b/ansible/roles/neutron/tasks/pull.yml index 01c77d2786..057ced152b 100644 --- a/ansible/roles/neutron/tasks/pull.yml +++ b/ansible/roles/neutron/tasks/pull.yml @@ -1,10 +1,17 @@ --- -- name: Pulling neutron-agents image +- name: Pulling neutron-dhcp-agent image kolla_docker: action: "pull_image" common_options: "{{ docker_common_options }}" - image: "{{ neutron_agents_image_full }}" - when: inventory_hostname in groups['neutron-agents'] + image: "{{ neutron_dhcp_agent_image_full }}" + when: inventory_hostname in groups['neutron-dhcp-agent'] + +- name: Pulling neutron-l3-agent image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_l3_agent_image_full }}" + when: inventory_hostname in groups['neutron-l3-agent'] - name: Pulling neutron-linuxbridge-agent image kolla_docker: @@ -12,16 +19,29 @@ common_options: "{{ docker_common_options }}" image: "{{ neutron_linuxbridge_agent_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "linuxbridge" +- name: Pulling neutron-metadata-agent image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_metadata_agent_image_full }}" + when: inventory_hostname in groups['neutron-metadata-agent'] + - name: Pulling neutron-openvswitch-agent image kolla_docker: action: "pull_image" common_options: "{{ docker_common_options }}" image: "{{ neutron_openvswitch_agent_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Pulling neutron-server image @@ -37,7 +57,10 @@ common_options: "{{ docker_common_options }}" image: "{{ openvswitch_db_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Pulling openvswitch-vswitchd image @@ -46,5 +69,8 @@ common_options: "{{ docker_common_options }}" image: "{{ openvswitch_vswitchd_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" diff --git a/ansible/roles/neutron/tasks/start.yml b/ansible/roles/neutron/tasks/start.yml index d08681db86..00de60135f 100644 --- a/ansible/roles/neutron/tasks/start.yml +++ b/ansible/roles/neutron/tasks/start.yml @@ -10,7 +10,10 @@ - "/run:/run" - "openvswitch_db:/var/lib/openvswitch/" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Ensuring OVS bridge is properly setup @@ -18,7 +21,10 @@ register: status changed_when: status.stdout.find('changed') != -1 when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Starting openvswitch-vswitchd container @@ -33,7 +39,10 @@ - "/lib/modules:/lib/modules:ro" - "/run:/run" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Starting neutron-server container @@ -60,11 +69,22 @@ - "/run:/run" - "/run/kolla/log:/dev/log" when: + - ( + ( inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + and not enable_nova_fake | bool + ) or + ( inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + and enable_nova_fake | bool + ) + ) - neutron_plugin_agent == "openvswitch" - - ((inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) and not (enable_nova_fake | bool)) or - ((inventory_hostname in groups['neutron-agents']) and (enable_nova_fake | bool)) -- name: Starting Neutron-openvswitch-agent container for fake nova compute +- name: Starting neutron-openvswitch-agent container for fake nova compute kolla_docker: action: "start_container" common_options: "{{ docker_common_options }}" @@ -99,18 +119,55 @@ - "/run:/run" - "/run/kolla/log:/dev/log" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "linuxbridge" -- name: Starting neutron-agents container +- name: Starting neutron-dhcp-agent container kolla_docker: action: "start_container" common_options: "{{ docker_common_options }}" - image: "{{ neutron_agents_image_full }}" - name: "neutron_agents" + image: "{{ neutron_dhcp_agent_image_full }}" + name: "neutron_dhcp_agent" privileged: True volumes: - - "{{ node_config_directory }}/neutron-agents/:{{ container_config_directory }}/:ro" + - "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro" + - "/run/:/run/" + - "/run/kolla/log:/dev/log" + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + when: + - inventory_hostname in groups['neutron-dhcp-agent'] + +- name: Starting neutron-l3-agent container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_l3_agent_image_full }}" + name: "neutron_l3_agent" + privileged: True + volumes: + - "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro" - "/run:/run" - "/run/kolla/log:/dev/log" - when: inventory_hostname in groups['neutron-agents'] + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + when: + - inventory_hostname in groups['neutron-l3-agent'] + +- name: Starting neutron-metadata-agent container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_metadata_agent_image_full }}" + name: "neutron_metadata_agent" + privileged: True + volumes: + - "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro" + - "/run/kolla/log:/dev/log" + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + when: + - inventory_hostname in groups['neutron-metadata-agent'] diff --git a/ansible/roles/neutron/templates/fwaas_driver.ini.j2 b/ansible/roles/neutron/templates/fwaas_driver.ini.j2 new file mode 100644 index 0000000000..b020e6bbd8 --- /dev/null +++ b/ansible/roles/neutron/templates/fwaas_driver.ini.j2 @@ -0,0 +1 @@ +[fwaas] diff --git a/ansible/roles/neutron/templates/neutron-agents.json.j2 b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 similarity index 66% rename from ansible/roles/neutron/templates/neutron-agents.json.j2 rename to ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 index e33bf823f4..bd98c532dc 100644 --- a/ansible/roles/neutron/templates/neutron-agents.json.j2 +++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 @@ -1,5 +1,5 @@ { - "command": "", + "command": "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini", "config_files": [ { "source": "{{ container_config_directory }}/neutron.conf", @@ -7,6 +7,12 @@ "owner": "neutron", "perm": "0600" }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, { "source": "{{ container_config_directory }}/dhcp_agent.ini", "dest": "/etc/neutron/dhcp_agent.ini", @@ -18,24 +24,6 @@ "dest": "/etc/neutron/dnsmasq.conf", "owner": "neutron", "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/l3_agent.ini", - "dest": "/etc/neutron/l3_agent.ini", - "owner": "neutron", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/ml2_conf.ini", - "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", - "owner": "neutron", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/metadata_agent.ini", - "dest": "/etc/neutron/metadata_agent.ini", - "owner": "neutron", - "perm": "0600" } ] } diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 new file mode 100644 index 0000000000..24bcc2849b --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/fwaas_driver.ini", + "dest": "/etc/neutron/fwaas_driver.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/l3_agent.ini", + "dest": "/etc/neutron/l3_agent.ini", + "owner": "neutron", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 new file mode 100644 index 0000000000..ba0d1b9c94 --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 @@ -0,0 +1,23 @@ +{ + "command": "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/metadata_agent.ini", + "dest": "/etc/neutron/metadata_agent.ini", + "owner": "neutron", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 31600efb17..5779ebc3bb 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -8,9 +8,12 @@ syslog_log_facility = LOG_LOCAL0 bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} bind_port = {{ neutron_server_port }} -#lock_path = /var/lock/neutron api_paste_config = /usr/share/neutron/api-paste.ini +# NOTE(SamYaple): We must specify this value here rather than the metadata conf +# because it is used by the l3 and dhcp agents. The reason the path has 'kolla' +# in it is because we are sharing this socket in a volume which is it's own dir +metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy {% if neutron_plugin_agent == "openvswitch" %} interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index b1685965df..b082d1bc4e 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -15,7 +15,7 @@ - "default" when: - set_sysctl | bool - - inventory_hostname in groups['neutron-agents'] + - inventory_hostname in groups['compute'] - name: Ensuring config directories exist file: diff --git a/ansible/site.yml b/ansible/site.yml index d35c45f4bf..4bb48e0b40 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -94,7 +94,9 @@ - hosts: - compute - - neutron-agents + - neutron-dhcp-agent + - neutron-l3-agent + - neutron-metadata-agent - neutron-server - rabbitmq roles: diff --git a/docker/neutron/neutron-agents/Dockerfile.j2 b/docker/neutron/neutron-agents/Dockerfile.j2 deleted file mode 100644 index ce4b7202dc..0000000000 --- a/docker/neutron/neutron-agents/Dockerfile.j2 +++ /dev/null @@ -1,52 +0,0 @@ -FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} -MAINTAINER {{ maintainer }} - -{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} - -RUN yum install -y \ - openvswitch \ - supervisor \ - && yum clean all - -COPY supervisord.conf /etc/ - -{% elif base_distro in ['ubuntu', 'debian'] %} - -RUN apt-get install -y --no-install-recommends supervisor \ - && apt-get clean - -COPY supervisord.conf /etc/supervisor/ - - {% if install_type == 'binary' %} - -RUN apt-get install -y --no-install-recommends \ - neutron-metadata-agent \ - neutron-dhcp-agent \ - neutron-l3-agent \ - && apt-get clean - - {% endif %} -{% endif %} - -# TODO: SamYaple FWaaS is part of the l3-agent, not a separate agent that is -# why this file is needed. To support FWaaS we cannot have a separate container -# I need to figure out the best way to make this work together -# -# This file _does_ _not_ need to exist, you must remove referencing it from the -# exec line in the start script. Also all these config options can exist in the -# main neutron.conf if we wish -COPY fwaas_driver.ini /etc/neutron/ - -COPY neutron-dhcp-agent/ /var/lib/kolla/neutron-dhcp-agent -COPY neutron-l3-agent/ /var/lib/kolla/neutron-l3-agent -COPY neutron-metadata-agent/ /var/lib/kolla/neutron-metadata-agent -COPY config-sudoers.sh /var/lib/kolla/ - -COPY start.sh / - -# We will remove this line in Docker 1.10 when namespace propagation works -VOLUME /run/netns - -CMD ["/start.sh"] - -{{ include_footer }} diff --git a/docker/neutron/neutron-agents/config-sudoers.sh b/docker/neutron/neutron-agents/config-sudoers.sh deleted file mode 100644 index 82cf0d6246..0000000000 --- a/docker/neutron/neutron-agents/config-sudoers.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Neutron uses rootwrap which requires a tty for sudo. -# Since the container is running in daemon mode, a tty -# is not present and requiretty must be commented out. -if [ ! -f /sudo-modified ]; then - chmod 0640 /etc/sudoers - sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers - chmod 0440 /etc/sudoers -fi - -touch /sudo-modified diff --git a/docker/neutron/neutron-agents/fwaas_driver.ini b/docker/neutron/neutron-agents/fwaas_driver.ini deleted file mode 120000 index a9b1ec519d..0000000000 --- a/docker/neutron/neutron-agents/fwaas_driver.ini +++ /dev/null @@ -1 +0,0 @@ -neutron-l3-agent/fwaas_driver.ini \ No newline at end of file diff --git a/docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh b/docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh deleted file mode 100755 index 47c2ee1607..0000000000 --- a/docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - -# Loading common functions. -source /var/lib/kolla/config-sudoers.sh - -# Will be removed when neutron-agents is a thin container -CMD="neutron-dhcp-agent" -ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini" - -exec $CMD $ARGS diff --git a/docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini b/docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini deleted file mode 100644 index 41f761abf1..0000000000 --- a/docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini +++ /dev/null @@ -1,3 +0,0 @@ -[fwaas] -#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver -#enabled = True diff --git a/docker/neutron/neutron-agents/neutron-l3-agent/start.sh b/docker/neutron/neutron-agents/neutron-l3-agent/start.sh deleted file mode 100755 index da1b1cc570..0000000000 --- a/docker/neutron/neutron-agents/neutron-l3-agent/start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - -# Loading common functions. -source /var/lib/kolla/config-sudoers.sh - -# Will be removed when this container is broken out into thin containers -CMD="neutron-l3-agent" -ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini" - -exec $CMD $ARGS diff --git a/docker/neutron/neutron-agents/neutron-metadata-agent/start.sh b/docker/neutron/neutron-agents/neutron-metadata-agent/start.sh deleted file mode 100755 index 9464a5196c..0000000000 --- a/docker/neutron/neutron-agents/neutron-metadata-agent/start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - -# Loading common functions. -source /var/lib/kolla/config-sudoers.sh - -# Will be removed when this container is broken out in thin containers -CMD="neutron-metadata-agent" -ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini" - -exec $CMD $ARGS diff --git a/docker/neutron/neutron-agents/start.sh b/docker/neutron/neutron-agents/start.sh deleted file mode 100755 index fb17322774..0000000000 --- a/docker/neutron/neutron-agents/start.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -o errexit - -# We must remove all of the stale namespaces if they exist -rm -f /run/netns/* - -# Processing /var/lib/kolla/config_files/config.json -python /usr/local/bin/kolla_set_configs - -exec /usr/bin/supervisord diff --git a/docker/neutron/neutron-agents/supervisord.conf b/docker/neutron/neutron-agents/supervisord.conf deleted file mode 100644 index b7a808b3ab..0000000000 --- a/docker/neutron/neutron-agents/supervisord.conf +++ /dev/null @@ -1,40 +0,0 @@ -[unix_http_server] -file = /var/run/supervisor.sock - -[inet_http_server] -port = 127.0.0.1:9001 - -[supervisord] -nodaemon=true -logfile = /var/log/supervisor/supervisord.log -logfile_maxbytes = 200KB -logfile_backups = 1 -pidfile = /var/run/supervisord.pid -childlogdir = /var/log/supervisor - -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl = unix:///var/run/supervisor.sock - -[program:neutron-dhcp-agent] -command=/var/lib/kolla/neutron-dhcp-agent/start.sh -priority=40 -startsec=10 -stderr_events_enabled=true -stdout_events_enabled=true - -[program:neutron-metadata-agent] -command=/var/lib/kolla/neutron-metadata-agent/start.sh -priority=40 -startsec=10 -stderr_events_enabled=true -stdout_events_enabled=true - -[program:neutron-l3-agent] -command=/var/lib/kolla/neutron-l3-agent/start.sh -priority=40 -startsec=10 -stderr_events_enabled=true -stdout_events_enabled=true diff --git a/docker/neutron/neutron-base/Dockerfile.j2 b/docker/neutron/neutron-base/Dockerfile.j2 index 82b70aaa42..7eed86b92b 100644 --- a/docker/neutron/neutron-base/Dockerfile.j2 +++ b/docker/neutron/neutron-base/Dockerfile.j2 @@ -36,11 +36,12 @@ RUN yum -y install \ {% elif base_distro in ['ubuntu', 'debian'] %} RUN apt-get install -y --no-install-recommends \ - iptables \ + arping \ dnsmasq \ - uuid-runtime \ ipset \ + iptables \ openvswitch-switch \ + uuid-runtime \ && apt-get clean {% endif %} @@ -49,15 +50,17 @@ ADD neutron-base-archive /neutron-base-source RUN ln -s neutron-base-source/* neutron \ && useradd --user-group neutron \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /neutron \ - && mkdir -p /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \ + && mkdir -p /etc/neutron /usr/share/neutron /var/lib/neutron /var/log/neutron /home/neutron \ && cp -r /neutron/etc/* /etc/neutron/ \ && cp -r /neutron/etc/neutron/* /etc/neutron/ \ && cp /neutron/etc/api-paste.ini /usr/share/neutron \ && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \ - && chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \ + && chown -R neutron: /etc/neutron /usr/share/neutron /var/lib/neutron /var/log/neutron /home/neutron \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf {% endif %} -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 755 /usr/local/bin/kolla_extend_start +COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers +RUN usermod -a -G kolla neutron \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/neutron_sudoers diff --git a/docker/neutron/neutron-base/extend_start.sh b/docker/neutron/neutron-base/extend_start.sh deleted file mode 100644 index 07212efcef..0000000000 --- a/docker/neutron/neutron-base/extend_start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# Neutron uses rootwrap which requires a tty for sudo. -# Since the container is running in daemon mode, a tty -# is not present and requiretty must be commented out. -if [ ! -f /sudo-modified ]; then - chmod 0640 /etc/sudoers - sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers - chmod 0440 /etc/sudoers - touch /sudo-modified -fi diff --git a/docker/neutron/neutron-base/neutron_sudoers b/docker/neutron/neutron-base/neutron_sudoers new file mode 100644 index 0000000000..ad4489200c --- /dev/null +++ b/docker/neutron/neutron-base/neutron_sudoers @@ -0,0 +1 @@ +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * diff --git a/docker/neutron/neutron-dhcp-agent/Dockerfile.j2 b/docker/neutron/neutron-dhcp-agent/Dockerfile.j2 new file mode 100644 index 0000000000..ea5ede23cc --- /dev/null +++ b/docker/neutron/neutron-dhcp-agent/Dockerfile.j2 @@ -0,0 +1,16 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% if base_distro in ['ubuntu', 'debian'] %} + {% if install_type == 'binary' %} + +RUN apt-get install -y --no-install-recommends \ + neutron-dhcp-agent \ + && apt-get clean + + {% endif %} +{% endif %} + +{{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-l3-agent/Dockerfile.j2 b/docker/neutron/neutron-l3-agent/Dockerfile.j2 new file mode 100644 index 0000000000..be3087d537 --- /dev/null +++ b/docker/neutron/neutron-l3-agent/Dockerfile.j2 @@ -0,0 +1,16 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% if base_distro in ['ubuntu', 'debian'] %} + {% if install_type == 'binary' %} + +RUN apt-get install -y --no-install-recommends \ + neutron-l3-agent \ + && apt-get clean + + {% endif %} +{% endif %} + +{{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-metadata-agent/Dockerfile.j2 b/docker/neutron/neutron-metadata-agent/Dockerfile.j2 new file mode 100644 index 0000000000..f8798e93c3 --- /dev/null +++ b/docker/neutron/neutron-metadata-agent/Dockerfile.j2 @@ -0,0 +1,23 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% if base_distro in ['ubuntu', 'debian'] %} + {% if install_type == 'binary' %} + +RUN apt-get install -y --no-install-recommends \ + neutron-metadata-agent \ + && apt-get clean + + {% endif %} +{% endif %} + +COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/neutron_sudoers \ + && usermod -a -G kolla neutron + +{{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-metadata-agent/extend_start.sh b/docker/neutron/neutron-metadata-agent/extend_start.sh new file mode 100644 index 0000000000..c46f60f555 --- /dev/null +++ b/docker/neutron/neutron-metadata-agent/extend_start.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# Only update permissions if permissions need to be updated +if [[ $(stat -c %U:%G /var/lib/neutron/kolla) != "neutron:neutron" ]]; then + sudo chown neutron: /var/lib/neutron/kolla +fi diff --git a/docker/neutron/neutron-metadata-agent/neutron_sudoers b/docker/neutron/neutron-metadata-agent/neutron_sudoers new file mode 100644 index 0000000000..17b8b3dee2 --- /dev/null +++ b/docker/neutron/neutron-metadata-agent/neutron_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /bin/chown neutron\: /var/lib/neutron/kolla, /usr/bin/chown neutron\: /var/lib/neutron/kolla diff --git a/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 b/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 index de075da25e..762b1012b6 100644 --- a/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 +++ b/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 @@ -18,14 +18,6 @@ RUN apt-get install -y --no-install-recommends \ neutron-plugin-openvswitch-agent \ && apt-get clean - {% endif %} -{% elif install_type == 'source' %} - {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} - -# Install required packages -RUN yum install -y openvswitch \ - && yum clean all - {% endif %} {% endif %} diff --git a/docker/neutron/neutron-server/Dockerfile.j2 b/docker/neutron/neutron-server/Dockerfile.j2 index 9732e28f12..6540345db7 100644 --- a/docker/neutron/neutron-server/Dockerfile.j2 +++ b/docker/neutron/neutron-server/Dockerfile.j2 @@ -9,3 +9,5 @@ RUN chmod 755 /usr/local/bin/kolla_extend_start \ fi {{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-server/extend_start.sh b/docker/neutron/neutron-server/extend_start.sh index d60829f10c..dba1e632f2 100644 --- a/docker/neutron/neutron-server/extend_start.sh +++ b/docker/neutron/neutron-server/extend_start.sh @@ -3,16 +3,6 @@ # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - sudo -H -u neutron neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head + neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head exit 0 fi - -# Neutron uses rootwrap which requires a tty for sudo. -# Since the container is running in daemon mode, a tty -# is not present and requiretty must be commented out. -if [ ! -f /sudo-modified ]; then - chmod 0640 /etc/sudoers - sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers - chmod 0440 /etc/sudoers - touch /sudo-modified -fi