From ddb7cd88c56604e69b838460c474213251ed3d8b Mon Sep 17 00:00:00 2001 From: SamYaple Date: Tue, 26 Jan 2016 19:50:43 +0000 Subject: [PATCH] Convert Neutron to thin containers *** Requires Docker 1.10 which is released *** Documentation will be in the next patch. You must set the following in your docker.service daemon control file for propogation to work: [Service] MountFlags=shared ====================================================================== Thanks to mount propagation in Docker 1.10 we can use thin containers finally! This is extremely useful to operators since now they can access the network namespaces from the hosts (outside the neutron container). But additionally it allows us to implement the VPN agent and other services easier. Neutron containers and the neutron role are brought into the standards of the new Kolla. Completely with drop-root and ansible formating updates. The ip_wrapper.py script was (thankfully) not needed so it has been removed from the repo. Partially-Implements: blueprint upgrade-neutron Change-Id: Iaf5555283240457e1912459f397a6393d886fba1 --- ansible/inventory/all-in-one | 8 +- ansible/inventory/multinode | 8 +- ansible/roles/neutron/defaults/main.yml | 34 +++++--- .../neutron/tasks/config-neutron-fake.yml | 4 - ansible/roles/neutron/tasks/config.yml | 43 +++++++--- ansible/roles/neutron/tasks/deploy.yml | 16 ++-- ansible/roles/neutron/tasks/ironic-check.yml | 4 +- ansible/roles/neutron/tasks/pull.yml | 40 +++++++-- ansible/roles/neutron/tasks/start.yml | 81 ++++++++++++++++--- .../neutron/templates/fwaas_driver.ini.j2 | 1 + ...nts.json.j2 => neutron-dhcp-agent.json.j2} | 26 ++---- .../templates/neutron-l3-agent.json.j2 | 29 +++++++ .../templates/neutron-metadata-agent.json.j2 | 23 ++++++ .../roles/neutron/templates/neutron.conf.j2 | 5 +- ansible/roles/nova/tasks/config.yml | 2 +- ansible/site.yml | 4 +- docker/neutron/neutron-agents/Dockerfile.j2 | 52 ------------ .../neutron/neutron-agents/config-sudoers.sh | 12 --- .../neutron/neutron-agents/fwaas_driver.ini | 1 - .../neutron-dhcp-agent/start.sh | 11 --- .../neutron-l3-agent/fwaas_driver.ini | 3 - .../neutron-agents/neutron-l3-agent/start.sh | 11 --- .../neutron-metadata-agent/start.sh | 11 --- docker/neutron/neutron-agents/start.sh | 10 --- .../neutron/neutron-agents/supervisord.conf | 40 --------- docker/neutron/neutron-base/Dockerfile.j2 | 15 ++-- docker/neutron/neutron-base/extend_start.sh | 11 --- docker/neutron/neutron-base/neutron_sudoers | 1 + .../neutron/neutron-dhcp-agent/Dockerfile.j2 | 16 ++++ docker/neutron/neutron-l3-agent/Dockerfile.j2 | 16 ++++ .../neutron-metadata-agent/Dockerfile.j2 | 23 ++++++ .../neutron-metadata-agent/extend_start.sh | 6 ++ .../neutron-metadata-agent/neutron_sudoers | 1 + .../neutron-openvswitch-agent/Dockerfile.j2 | 8 -- docker/neutron/neutron-server/Dockerfile.j2 | 2 + docker/neutron/neutron-server/extend_start.sh | 12 +-- 36 files changed, 325 insertions(+), 265 deletions(-) create mode 100644 ansible/roles/neutron/templates/fwaas_driver.ini.j2 rename ansible/roles/neutron/templates/{neutron-agents.json.j2 => neutron-dhcp-agent.json.j2} (66%) create mode 100644 ansible/roles/neutron/templates/neutron-l3-agent.json.j2 create mode 100644 ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 delete mode 100644 docker/neutron/neutron-agents/Dockerfile.j2 delete mode 100644 docker/neutron/neutron-agents/config-sudoers.sh delete mode 120000 docker/neutron/neutron-agents/fwaas_driver.ini delete mode 100755 docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh delete mode 100644 docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini delete mode 100755 docker/neutron/neutron-agents/neutron-l3-agent/start.sh delete mode 100755 docker/neutron/neutron-agents/neutron-metadata-agent/start.sh delete mode 100755 docker/neutron/neutron-agents/start.sh delete mode 100644 docker/neutron/neutron-agents/supervisord.conf delete mode 100644 docker/neutron/neutron-base/extend_start.sh create mode 100644 docker/neutron/neutron-base/neutron_sudoers create mode 100644 docker/neutron/neutron-dhcp-agent/Dockerfile.j2 create mode 100644 docker/neutron/neutron-l3-agent/Dockerfile.j2 create mode 100644 docker/neutron/neutron-metadata-agent/Dockerfile.j2 create mode 100644 docker/neutron/neutron-metadata-agent/extend_start.sh create mode 100644 docker/neutron/neutron-metadata-agent/neutron_sudoers diff --git a/ansible/inventory/all-in-one b/ansible/inventory/all-in-one index aed8a3faff..5e8a2187e8 100644 --- a/ansible/inventory/all-in-one +++ b/ansible/inventory/all-in-one @@ -118,7 +118,13 @@ nova [neutron-server:children] neutron -[neutron-agents:children] +[neutron-dhcp-agent:children] +neutron + +[neutron-l3-agent:children] +neutron + +[neutron-metadata-agent:children] neutron # Cinder diff --git a/ansible/inventory/multinode b/ansible/inventory/multinode index f6069d53fd..0265867db7 100644 --- a/ansible/inventory/multinode +++ b/ansible/inventory/multinode @@ -130,7 +130,13 @@ nova [neutron-server:children] control -[neutron-agents:children] +[neutron-dhcp-agent:children] +neutron + +[neutron-l3-agent:children] +neutron + +[neutron-metadata-agent:children] neutron # Cinder diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index ee58eb09af..a03ebc43ce 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -12,30 +12,38 @@ neutron_database_address: "{{ kolla_internal_address }}" #################### # Docker #################### -neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-server" -neutron_server_tag: "{{ openstack_release }}" -neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}" +neutron_dhcp_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-dhcp-agent" +neutron_dhcp_agent_tag: "{{ openstack_release }}" +neutron_dhcp_agent_image_full: "{{ neutron_dhcp_agent_image }}:{{ neutron_dhcp_agent_tag }}" -neutron_agents_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-agents" -neutron_agents_tag: "{{ openstack_release }}" -neutron_agents_image_full: "{{ neutron_agents_image }}:{{ neutron_agents_tag }}" - -neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-openvswitch-agent" -neutron_openvswitch_agent_tag: "{{ openstack_release }}" -neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}" +neutron_l3_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-l3-agent" +neutron_l3_agent_tag: "{{ openstack_release }}" +neutron_l3_agent_image_full: "{{ neutron_l3_agent_image }}:{{ neutron_l3_agent_tag }}" neutron_linuxbridge_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-linuxbridge-agent" neutron_linuxbridge_agent_tag: "{{ openstack_release }}" neutron_linuxbridge_agent_image_full: "{{ neutron_linuxbridge_agent_image }}:{{ neutron_linuxbridge_agent_tag }}" -openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd" -openvswitch_vswitchd_tag: "{{ openstack_release }}" -openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}" +neutron_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-metadata-agent" +neutron_metadata_agent_tag: "{{ openstack_release }}" +neutron_metadata_agent_image_full: "{{ neutron_metadata_agent_image }}:{{ neutron_metadata_agent_tag }}" + +neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-openvswitch-agent" +neutron_openvswitch_agent_tag: "{{ openstack_release }}" +neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}" + +neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-server" +neutron_server_tag: "{{ openstack_release }}" +neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}" openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server" openvswitch_db_tag: "{{ openstack_release }}" openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}" +openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd" +openvswitch_vswitchd_tag: "{{ openstack_release }}" +openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}" + #################### # Openstack diff --git a/ansible/roles/neutron/tasks/config-neutron-fake.yml b/ansible/roles/neutron/tasks/config-neutron-fake.yml index c04420cb0e..5f2720e8c9 100644 --- a/ansible/roles/neutron/tasks/config-neutron-fake.yml +++ b/ansible/roles/neutron/tasks/config-neutron-fake.yml @@ -14,7 +14,6 @@ with_sequence: start=1 end={{ num_nova_fake_per_node }} when: - inventory_hostname in groups['compute'] - - enable_nova_fake | bool - neutron_plugin_agent == "openvswitch" - name: Copying over neutron.conf @@ -31,7 +30,6 @@ when: - inventory_hostname in groups['compute'] - neutron_plugin_agent == "openvswitch" - - enable_nova_fake | bool - name: Copying over ml2_conf.ini merge_configs: @@ -43,5 +41,3 @@ when: - inventory_hostname in groups['compute'] - neutron_plugin_agent == "openvswitch" - - enable_nova_fake | bool - diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index 62aaa3e104..f7c58baede 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -3,7 +3,7 @@ sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes when: - set_sysctl | bool - - inventory_hostname in groups['neutron-agents'] + - inventory_hostname in groups['neutron-l3-agent'] - name: Disabling reverse path filter on network node sysctl: name="net.ipv4.conf.{{ item }}.rp_filter" value=0 sysctl_set=yes @@ -12,7 +12,7 @@ - "default" when: - set_sysctl | bool - - inventory_hostname in groups['neutron-agents'] + - inventory_hostname in groups['neutron-l3-agent'] - name: Ensuring config directories exist file: @@ -20,8 +20,10 @@ state: "directory" recurse: yes with_items: - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" - "openvswitch-db-server" @@ -32,8 +34,10 @@ src: "{{ item }}.json.j2" dest: "{{ node_config_directory }}/{{ item }}/config.json" with_items: - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" - "openvswitch-db-server" @@ -52,8 +56,10 @@ - "/etc/kolla/config/neutron/{{ item }}.conf" dest: "{{ node_config_directory }}/{{ item }}/neutron.conf" with_items: - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" - "neutron-server" @@ -66,10 +72,12 @@ - "/etc/kolla/config/neutron/ml2_conf.ini" dest: "{{ node_config_directory }}/{{ item }}/ml2_conf.ini" with_items: - - "neutron-server" - - "neutron-agents" + - "neutron-dhcp-agent" + - "neutron-l3-agent" - "neutron-linuxbridge-agent" + - "neutron-metadata-agent" - "neutron-openvswitch-agent" + - "neutron-server" - name: Copying over dhcp_agent.ini merge_configs: @@ -80,12 +88,14 @@ - "/etc/kolla/config/neutron/dhcp_agent.ini" dest: "{{ node_config_directory }}/{{ item }}/dhcp_agent.ini" with_items: - - "neutron-agents" + - "neutron-dhcp-agent" - name: Copying over dnsmasq.conf template: src: "dnsmasq.conf.j2" - dest: "{{ node_config_directory }}/neutron-agents/dnsmasq.conf" + dest: "{{ node_config_directory }}/{{ item }}/dnsmasq.conf" + with_items: + - "neutron-dhcp-agent" - name: Copying over l3_agent.ini merge_configs: @@ -96,7 +106,18 @@ - "/etc/kolla/config/neutron/l3_agent.ini" dest: "{{ node_config_directory }}/{{ item }}/l3_agent.ini" with_items: - - "neutron-agents" + - "neutron-l3-agent" + +- name: Copying over fwaas_driver.ini + merge_configs: + vars: + service_name: "{{ item }}" + sources: + - "{{ role_path }}/templates/fwaas_driver.ini.j2" + - "/etc/kolla/config/neutron/fwaas_driver.ini" + dest: "{{ node_config_directory }}/{{ item }}/fwaas_driver.ini" + with_items: + - "neutron-l3-agent" - name: Copying over metadata_agent.ini merge_configs: @@ -107,4 +128,4 @@ - "/etc/kolla/config/neutron/metadata_agent.ini" dest: "{{ node_config_directory }}/{{ item }}/metadata_agent.ini" with_items: - - "neutron-agents" + - "neutron-metadata-agent" diff --git a/ansible/roles/neutron/tasks/deploy.yml b/ansible/roles/neutron/tasks/deploy.yml index 19bf5d384e..6b5609c757 100644 --- a/ansible/roles/neutron/tasks/deploy.yml +++ b/ansible/roles/neutron/tasks/deploy.yml @@ -6,9 +6,11 @@ when: inventory_hostname in groups['neutron-server'] - include: config.yml - when: inventory_hostname in groups['compute'] or - inventory_hostname in groups['neutron-agents'] or - inventory_hostname in groups['neutron-server'] + when: inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-server'] - include: config-neutron-fake.yml when: @@ -19,6 +21,8 @@ when: inventory_hostname in groups['neutron-server'] - include: start.yml - when: inventory_hostname in groups['compute'] or - inventory_hostname in groups['neutron-agents'] or - inventory_hostname in groups['neutron-server'] + when: inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + or inventory_hostname in groups['neutron-server'] diff --git a/ansible/roles/neutron/tasks/ironic-check.yml b/ansible/roles/neutron/tasks/ironic-check.yml index f32a58a72d..a578ce2c72 100644 --- a/ansible/roles/neutron/tasks/ironic-check.yml +++ b/ansible/roles/neutron/tasks/ironic-check.yml @@ -1,4 +1,6 @@ --- # TODO(SamYaple): run verification checks at start of playbook - fail: msg="neutron_plugin_agent must use openvswitch with Ironic" - when: enable_ironic | bool and neutron_plugin_agent != "openvswitch" + when: + - enable_ironic | bool + - neutron_plugin_agent != "openvswitch" diff --git a/ansible/roles/neutron/tasks/pull.yml b/ansible/roles/neutron/tasks/pull.yml index 01c77d2786..057ced152b 100644 --- a/ansible/roles/neutron/tasks/pull.yml +++ b/ansible/roles/neutron/tasks/pull.yml @@ -1,10 +1,17 @@ --- -- name: Pulling neutron-agents image +- name: Pulling neutron-dhcp-agent image kolla_docker: action: "pull_image" common_options: "{{ docker_common_options }}" - image: "{{ neutron_agents_image_full }}" - when: inventory_hostname in groups['neutron-agents'] + image: "{{ neutron_dhcp_agent_image_full }}" + when: inventory_hostname in groups['neutron-dhcp-agent'] + +- name: Pulling neutron-l3-agent image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_l3_agent_image_full }}" + when: inventory_hostname in groups['neutron-l3-agent'] - name: Pulling neutron-linuxbridge-agent image kolla_docker: @@ -12,16 +19,29 @@ common_options: "{{ docker_common_options }}" image: "{{ neutron_linuxbridge_agent_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "linuxbridge" +- name: Pulling neutron-metadata-agent image + kolla_docker: + action: "pull_image" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_metadata_agent_image_full }}" + when: inventory_hostname in groups['neutron-metadata-agent'] + - name: Pulling neutron-openvswitch-agent image kolla_docker: action: "pull_image" common_options: "{{ docker_common_options }}" image: "{{ neutron_openvswitch_agent_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Pulling neutron-server image @@ -37,7 +57,10 @@ common_options: "{{ docker_common_options }}" image: "{{ openvswitch_db_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Pulling openvswitch-vswitchd image @@ -46,5 +69,8 @@ common_options: "{{ docker_common_options }}" image: "{{ openvswitch_vswitchd_image_full }}" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" diff --git a/ansible/roles/neutron/tasks/start.yml b/ansible/roles/neutron/tasks/start.yml index d08681db86..00de60135f 100644 --- a/ansible/roles/neutron/tasks/start.yml +++ b/ansible/roles/neutron/tasks/start.yml @@ -10,7 +10,10 @@ - "/run:/run" - "openvswitch_db:/var/lib/openvswitch/" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Ensuring OVS bridge is properly setup @@ -18,7 +21,10 @@ register: status changed_when: status.stdout.find('changed') != -1 when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Starting openvswitch-vswitchd container @@ -33,7 +39,10 @@ - "/lib/modules:/lib/modules:ro" - "/run:/run" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "openvswitch" - name: Starting neutron-server container @@ -60,11 +69,22 @@ - "/run:/run" - "/run/kolla/log:/dev/log" when: + - ( + ( inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + and not enable_nova_fake | bool + ) or + ( inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent'] + and enable_nova_fake | bool + ) + ) - neutron_plugin_agent == "openvswitch" - - ((inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) and not (enable_nova_fake | bool)) or - ((inventory_hostname in groups['neutron-agents']) and (enable_nova_fake | bool)) -- name: Starting Neutron-openvswitch-agent container for fake nova compute +- name: Starting neutron-openvswitch-agent container for fake nova compute kolla_docker: action: "start_container" common_options: "{{ docker_common_options }}" @@ -99,18 +119,55 @@ - "/run:/run" - "/run/kolla/log:/dev/log" when: - - (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) + - (inventory_hostname in groups['compute'] + or inventory_hostname in groups['neutron-dhcp-agent'] + or inventory_hostname in groups['neutron-l3-agent'] + or inventory_hostname in groups['neutron-metadata-agent']) - neutron_plugin_agent == "linuxbridge" -- name: Starting neutron-agents container +- name: Starting neutron-dhcp-agent container kolla_docker: action: "start_container" common_options: "{{ docker_common_options }}" - image: "{{ neutron_agents_image_full }}" - name: "neutron_agents" + image: "{{ neutron_dhcp_agent_image_full }}" + name: "neutron_dhcp_agent" privileged: True volumes: - - "{{ node_config_directory }}/neutron-agents/:{{ container_config_directory }}/:ro" + - "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro" + - "/run/:/run/" + - "/run/kolla/log:/dev/log" + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + when: + - inventory_hostname in groups['neutron-dhcp-agent'] + +- name: Starting neutron-l3-agent container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_l3_agent_image_full }}" + name: "neutron_l3_agent" + privileged: True + volumes: + - "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro" - "/run:/run" - "/run/kolla/log:/dev/log" - when: inventory_hostname in groups['neutron-agents'] + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + when: + - inventory_hostname in groups['neutron-l3-agent'] + +- name: Starting neutron-metadata-agent container + kolla_docker: + action: "start_container" + common_options: "{{ docker_common_options }}" + image: "{{ neutron_metadata_agent_image_full }}" + name: "neutron_metadata_agent" + privileged: True + volumes: + - "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro" + - "/run/kolla/log:/dev/log" + - "/run/netns/:/run/netns/:shared" + - "neutron_metadata_socket:/var/lib/neutron/kolla/" + when: + - inventory_hostname in groups['neutron-metadata-agent'] diff --git a/ansible/roles/neutron/templates/fwaas_driver.ini.j2 b/ansible/roles/neutron/templates/fwaas_driver.ini.j2 new file mode 100644 index 0000000000..b020e6bbd8 --- /dev/null +++ b/ansible/roles/neutron/templates/fwaas_driver.ini.j2 @@ -0,0 +1 @@ +[fwaas] diff --git a/ansible/roles/neutron/templates/neutron-agents.json.j2 b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 similarity index 66% rename from ansible/roles/neutron/templates/neutron-agents.json.j2 rename to ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 index e33bf823f4..bd98c532dc 100644 --- a/ansible/roles/neutron/templates/neutron-agents.json.j2 +++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 @@ -1,5 +1,5 @@ { - "command": "", + "command": "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini", "config_files": [ { "source": "{{ container_config_directory }}/neutron.conf", @@ -7,6 +7,12 @@ "owner": "neutron", "perm": "0600" }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, { "source": "{{ container_config_directory }}/dhcp_agent.ini", "dest": "/etc/neutron/dhcp_agent.ini", @@ -18,24 +24,6 @@ "dest": "/etc/neutron/dnsmasq.conf", "owner": "neutron", "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/l3_agent.ini", - "dest": "/etc/neutron/l3_agent.ini", - "owner": "neutron", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/ml2_conf.ini", - "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", - "owner": "neutron", - "perm": "0600" - }, - { - "source": "{{ container_config_directory }}/metadata_agent.ini", - "dest": "/etc/neutron/metadata_agent.ini", - "owner": "neutron", - "perm": "0600" } ] } diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 new file mode 100644 index 0000000000..24bcc2849b --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 @@ -0,0 +1,29 @@ +{ + "command": "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/fwaas_driver.ini", + "dest": "/etc/neutron/fwaas_driver.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/l3_agent.ini", + "dest": "/etc/neutron/l3_agent.ini", + "owner": "neutron", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 new file mode 100644 index 0000000000..ba0d1b9c94 --- /dev/null +++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 @@ -0,0 +1,23 @@ +{ + "command": "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini", + "config_files": [ + { + "source": "{{ container_config_directory }}/neutron.conf", + "dest": "/etc/neutron/neutron.conf", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/metadata_agent.ini", + "dest": "/etc/neutron/metadata_agent.ini", + "owner": "neutron", + "perm": "0600" + } + ] +} diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 31600efb17..5779ebc3bb 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -8,9 +8,12 @@ syslog_log_facility = LOG_LOCAL0 bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }} bind_port = {{ neutron_server_port }} -#lock_path = /var/lock/neutron api_paste_config = /usr/share/neutron/api-paste.ini +# NOTE(SamYaple): We must specify this value here rather than the metadata conf +# because it is used by the l3 and dhcp agents. The reason the path has 'kolla' +# in it is because we are sharing this socket in a volume which is it's own dir +metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy {% if neutron_plugin_agent == "openvswitch" %} interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index b1685965df..b082d1bc4e 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -15,7 +15,7 @@ - "default" when: - set_sysctl | bool - - inventory_hostname in groups['neutron-agents'] + - inventory_hostname in groups['compute'] - name: Ensuring config directories exist file: diff --git a/ansible/site.yml b/ansible/site.yml index d35c45f4bf..4bb48e0b40 100644 --- a/ansible/site.yml +++ b/ansible/site.yml @@ -94,7 +94,9 @@ - hosts: - compute - - neutron-agents + - neutron-dhcp-agent + - neutron-l3-agent + - neutron-metadata-agent - neutron-server - rabbitmq roles: diff --git a/docker/neutron/neutron-agents/Dockerfile.j2 b/docker/neutron/neutron-agents/Dockerfile.j2 deleted file mode 100644 index ce4b7202dc..0000000000 --- a/docker/neutron/neutron-agents/Dockerfile.j2 +++ /dev/null @@ -1,52 +0,0 @@ -FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} -MAINTAINER {{ maintainer }} - -{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} - -RUN yum install -y \ - openvswitch \ - supervisor \ - && yum clean all - -COPY supervisord.conf /etc/ - -{% elif base_distro in ['ubuntu', 'debian'] %} - -RUN apt-get install -y --no-install-recommends supervisor \ - && apt-get clean - -COPY supervisord.conf /etc/supervisor/ - - {% if install_type == 'binary' %} - -RUN apt-get install -y --no-install-recommends \ - neutron-metadata-agent \ - neutron-dhcp-agent \ - neutron-l3-agent \ - && apt-get clean - - {% endif %} -{% endif %} - -# TODO: SamYaple FWaaS is part of the l3-agent, not a separate agent that is -# why this file is needed. To support FWaaS we cannot have a separate container -# I need to figure out the best way to make this work together -# -# This file _does_ _not_ need to exist, you must remove referencing it from the -# exec line in the start script. Also all these config options can exist in the -# main neutron.conf if we wish -COPY fwaas_driver.ini /etc/neutron/ - -COPY neutron-dhcp-agent/ /var/lib/kolla/neutron-dhcp-agent -COPY neutron-l3-agent/ /var/lib/kolla/neutron-l3-agent -COPY neutron-metadata-agent/ /var/lib/kolla/neutron-metadata-agent -COPY config-sudoers.sh /var/lib/kolla/ - -COPY start.sh / - -# We will remove this line in Docker 1.10 when namespace propagation works -VOLUME /run/netns - -CMD ["/start.sh"] - -{{ include_footer }} diff --git a/docker/neutron/neutron-agents/config-sudoers.sh b/docker/neutron/neutron-agents/config-sudoers.sh deleted file mode 100644 index 82cf0d6246..0000000000 --- a/docker/neutron/neutron-agents/config-sudoers.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Neutron uses rootwrap which requires a tty for sudo. -# Since the container is running in daemon mode, a tty -# is not present and requiretty must be commented out. -if [ ! -f /sudo-modified ]; then - chmod 0640 /etc/sudoers - sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers - chmod 0440 /etc/sudoers -fi - -touch /sudo-modified diff --git a/docker/neutron/neutron-agents/fwaas_driver.ini b/docker/neutron/neutron-agents/fwaas_driver.ini deleted file mode 120000 index a9b1ec519d..0000000000 --- a/docker/neutron/neutron-agents/fwaas_driver.ini +++ /dev/null @@ -1 +0,0 @@ -neutron-l3-agent/fwaas_driver.ini \ No newline at end of file diff --git a/docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh b/docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh deleted file mode 100755 index 47c2ee1607..0000000000 --- a/docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - -# Loading common functions. -source /var/lib/kolla/config-sudoers.sh - -# Will be removed when neutron-agents is a thin container -CMD="neutron-dhcp-agent" -ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini" - -exec $CMD $ARGS diff --git a/docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini b/docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini deleted file mode 100644 index 41f761abf1..0000000000 --- a/docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini +++ /dev/null @@ -1,3 +0,0 @@ -[fwaas] -#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver -#enabled = True diff --git a/docker/neutron/neutron-agents/neutron-l3-agent/start.sh b/docker/neutron/neutron-agents/neutron-l3-agent/start.sh deleted file mode 100755 index da1b1cc570..0000000000 --- a/docker/neutron/neutron-agents/neutron-l3-agent/start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - -# Loading common functions. -source /var/lib/kolla/config-sudoers.sh - -# Will be removed when this container is broken out into thin containers -CMD="neutron-l3-agent" -ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini" - -exec $CMD $ARGS diff --git a/docker/neutron/neutron-agents/neutron-metadata-agent/start.sh b/docker/neutron/neutron-agents/neutron-metadata-agent/start.sh deleted file mode 100755 index 9464a5196c..0000000000 --- a/docker/neutron/neutron-agents/neutron-metadata-agent/start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -o errexit - -# Loading common functions. -source /var/lib/kolla/config-sudoers.sh - -# Will be removed when this container is broken out in thin containers -CMD="neutron-metadata-agent" -ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini" - -exec $CMD $ARGS diff --git a/docker/neutron/neutron-agents/start.sh b/docker/neutron/neutron-agents/start.sh deleted file mode 100755 index fb17322774..0000000000 --- a/docker/neutron/neutron-agents/start.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -o errexit - -# We must remove all of the stale namespaces if they exist -rm -f /run/netns/* - -# Processing /var/lib/kolla/config_files/config.json -python /usr/local/bin/kolla_set_configs - -exec /usr/bin/supervisord diff --git a/docker/neutron/neutron-agents/supervisord.conf b/docker/neutron/neutron-agents/supervisord.conf deleted file mode 100644 index b7a808b3ab..0000000000 --- a/docker/neutron/neutron-agents/supervisord.conf +++ /dev/null @@ -1,40 +0,0 @@ -[unix_http_server] -file = /var/run/supervisor.sock - -[inet_http_server] -port = 127.0.0.1:9001 - -[supervisord] -nodaemon=true -logfile = /var/log/supervisor/supervisord.log -logfile_maxbytes = 200KB -logfile_backups = 1 -pidfile = /var/run/supervisord.pid -childlogdir = /var/log/supervisor - -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -[supervisorctl] -serverurl = unix:///var/run/supervisor.sock - -[program:neutron-dhcp-agent] -command=/var/lib/kolla/neutron-dhcp-agent/start.sh -priority=40 -startsec=10 -stderr_events_enabled=true -stdout_events_enabled=true - -[program:neutron-metadata-agent] -command=/var/lib/kolla/neutron-metadata-agent/start.sh -priority=40 -startsec=10 -stderr_events_enabled=true -stdout_events_enabled=true - -[program:neutron-l3-agent] -command=/var/lib/kolla/neutron-l3-agent/start.sh -priority=40 -startsec=10 -stderr_events_enabled=true -stdout_events_enabled=true diff --git a/docker/neutron/neutron-base/Dockerfile.j2 b/docker/neutron/neutron-base/Dockerfile.j2 index 82b70aaa42..7eed86b92b 100644 --- a/docker/neutron/neutron-base/Dockerfile.j2 +++ b/docker/neutron/neutron-base/Dockerfile.j2 @@ -36,11 +36,12 @@ RUN yum -y install \ {% elif base_distro in ['ubuntu', 'debian'] %} RUN apt-get install -y --no-install-recommends \ - iptables \ + arping \ dnsmasq \ - uuid-runtime \ ipset \ + iptables \ openvswitch-switch \ + uuid-runtime \ && apt-get clean {% endif %} @@ -49,15 +50,17 @@ ADD neutron-base-archive /neutron-base-source RUN ln -s neutron-base-source/* neutron \ && useradd --user-group neutron \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /neutron \ - && mkdir -p /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \ + && mkdir -p /etc/neutron /usr/share/neutron /var/lib/neutron /var/log/neutron /home/neutron \ && cp -r /neutron/etc/* /etc/neutron/ \ && cp -r /neutron/etc/neutron/* /etc/neutron/ \ && cp /neutron/etc/api-paste.ini /usr/share/neutron \ && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \ - && chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \ + && chown -R neutron: /etc/neutron /usr/share/neutron /var/lib/neutron /var/log/neutron /home/neutron \ && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf {% endif %} -COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 755 /usr/local/bin/kolla_extend_start +COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers +RUN usermod -a -G kolla neutron \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/neutron_sudoers diff --git a/docker/neutron/neutron-base/extend_start.sh b/docker/neutron/neutron-base/extend_start.sh deleted file mode 100644 index 07212efcef..0000000000 --- a/docker/neutron/neutron-base/extend_start.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -# Neutron uses rootwrap which requires a tty for sudo. -# Since the container is running in daemon mode, a tty -# is not present and requiretty must be commented out. -if [ ! -f /sudo-modified ]; then - chmod 0640 /etc/sudoers - sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers - chmod 0440 /etc/sudoers - touch /sudo-modified -fi diff --git a/docker/neutron/neutron-base/neutron_sudoers b/docker/neutron/neutron-base/neutron_sudoers new file mode 100644 index 0000000000..ad4489200c --- /dev/null +++ b/docker/neutron/neutron-base/neutron_sudoers @@ -0,0 +1 @@ +neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * diff --git a/docker/neutron/neutron-dhcp-agent/Dockerfile.j2 b/docker/neutron/neutron-dhcp-agent/Dockerfile.j2 new file mode 100644 index 0000000000..ea5ede23cc --- /dev/null +++ b/docker/neutron/neutron-dhcp-agent/Dockerfile.j2 @@ -0,0 +1,16 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% if base_distro in ['ubuntu', 'debian'] %} + {% if install_type == 'binary' %} + +RUN apt-get install -y --no-install-recommends \ + neutron-dhcp-agent \ + && apt-get clean + + {% endif %} +{% endif %} + +{{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-l3-agent/Dockerfile.j2 b/docker/neutron/neutron-l3-agent/Dockerfile.j2 new file mode 100644 index 0000000000..be3087d537 --- /dev/null +++ b/docker/neutron/neutron-l3-agent/Dockerfile.j2 @@ -0,0 +1,16 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% if base_distro in ['ubuntu', 'debian'] %} + {% if install_type == 'binary' %} + +RUN apt-get install -y --no-install-recommends \ + neutron-l3-agent \ + && apt-get clean + + {% endif %} +{% endif %} + +{{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-metadata-agent/Dockerfile.j2 b/docker/neutron/neutron-metadata-agent/Dockerfile.j2 new file mode 100644 index 0000000000..f8798e93c3 --- /dev/null +++ b/docker/neutron/neutron-metadata-agent/Dockerfile.j2 @@ -0,0 +1,23 @@ +FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }} +MAINTAINER {{ maintainer }} + +{% if base_distro in ['ubuntu', 'debian'] %} + {% if install_type == 'binary' %} + +RUN apt-get install -y --no-install-recommends \ + neutron-metadata-agent \ + && apt-get clean + + {% endif %} +{% endif %} + +COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers +COPY extend_start.sh /usr/local/bin/kolla_extend_start +RUN chmod 755 /usr/local/bin/kolla_extend_start \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/neutron_sudoers \ + && usermod -a -G kolla neutron + +{{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-metadata-agent/extend_start.sh b/docker/neutron/neutron-metadata-agent/extend_start.sh new file mode 100644 index 0000000000..c46f60f555 --- /dev/null +++ b/docker/neutron/neutron-metadata-agent/extend_start.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +# Only update permissions if permissions need to be updated +if [[ $(stat -c %U:%G /var/lib/neutron/kolla) != "neutron:neutron" ]]; then + sudo chown neutron: /var/lib/neutron/kolla +fi diff --git a/docker/neutron/neutron-metadata-agent/neutron_sudoers b/docker/neutron/neutron-metadata-agent/neutron_sudoers new file mode 100644 index 0000000000..17b8b3dee2 --- /dev/null +++ b/docker/neutron/neutron-metadata-agent/neutron_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /bin/chown neutron\: /var/lib/neutron/kolla, /usr/bin/chown neutron\: /var/lib/neutron/kolla diff --git a/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 b/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 index de075da25e..762b1012b6 100644 --- a/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 +++ b/docker/neutron/neutron-openvswitch-agent/Dockerfile.j2 @@ -18,14 +18,6 @@ RUN apt-get install -y --no-install-recommends \ neutron-plugin-openvswitch-agent \ && apt-get clean - {% endif %} -{% elif install_type == 'source' %} - {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} - -# Install required packages -RUN yum install -y openvswitch \ - && yum clean all - {% endif %} {% endif %} diff --git a/docker/neutron/neutron-server/Dockerfile.j2 b/docker/neutron/neutron-server/Dockerfile.j2 index 9732e28f12..6540345db7 100644 --- a/docker/neutron/neutron-server/Dockerfile.j2 +++ b/docker/neutron/neutron-server/Dockerfile.j2 @@ -9,3 +9,5 @@ RUN chmod 755 /usr/local/bin/kolla_extend_start \ fi {{ include_footer }} + +USER neutron diff --git a/docker/neutron/neutron-server/extend_start.sh b/docker/neutron/neutron-server/extend_start.sh index d60829f10c..dba1e632f2 100644 --- a/docker/neutron/neutron-server/extend_start.sh +++ b/docker/neutron/neutron-server/extend_start.sh @@ -3,16 +3,6 @@ # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - sudo -H -u neutron neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head + neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head exit 0 fi - -# Neutron uses rootwrap which requires a tty for sudo. -# Since the container is running in daemon mode, a tty -# is not present and requiretty must be commented out. -if [ ! -f /sudo-modified ]; then - chmod 0640 /etc/sudoers - sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers - chmod 0440 /etc/sudoers - touch /sudo-modified -fi