227008cf68
Currently we have a very wide /run mount for all Neutron/OVS services, which allows sudo/rootwrap to contact with the hosts dbus - all symptoms are documented in the related bug. Since we use tcp connections to OVS from Neutron agents - removing bind mounts. Closes-Bug: #1861792 Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
71 lines
3.1 KiB
YAML
71 lines
3.1 KiB
YAML
---
|
|
project_name: "openvswitch"
|
|
|
|
openvswitch_services:
|
|
openvswitch-db-server:
|
|
container_name: "openvswitch_db"
|
|
image: "{{ openvswitch_db_image_full }}"
|
|
enabled: "{{ enable_openvswitch }}"
|
|
group: openvswitch
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['compute']
|
|
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
|
|
or inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
}}
|
|
volumes: "{{ openvswitch_db_default_volumes + openvswitch_db_extra_volumes }}"
|
|
dimensions: "{{ openvswitch_db_dimensions }}"
|
|
openvswitch-vswitchd:
|
|
container_name: "openvswitch_vswitchd"
|
|
image: "{{ openvswitch_vswitchd_image_full }}"
|
|
enabled: "{{ enable_openvswitch }}"
|
|
group: openvswitch
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['compute']
|
|
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
|
|
or inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
}}
|
|
privileged: True
|
|
volumes: "{{ openvswitch_vswitchd_default_volumes + openvswitch_vswitchd_extra_volumes }}"
|
|
dimensions: "{{ openvswitch_vswitchd_dimensions }}"
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
openvswitch_install_type: "{{ kolla_install_type }}"
|
|
openvswitch_tag: "{{ openstack_tag }}"
|
|
|
|
openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ openvswitch_install_type }}-openvswitch-db-server"
|
|
openvswitch_db_tag: "{{ openvswitch_tag }}"
|
|
openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}"
|
|
|
|
openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ openvswitch_install_type }}-openvswitch-vswitchd"
|
|
openvswitch_vswitchd_tag: "{{ openvswitch_tag }}"
|
|
openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}"
|
|
|
|
openvswitch_db_dimensions: "{{ default_container_dimensions }}"
|
|
openvswitch_vswitchd_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
openvswitch_db_default_volumes:
|
|
- "{{ node_config_directory }}/openvswitch-db-server/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/run/openvswitch:/run/openvswitch:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "openvswitch_db:/var/lib/openvswitch/"
|
|
openvswitch_vswitchd_default_volumes:
|
|
- "{{ node_config_directory }}/openvswitch-vswitchd/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/run/openvswitch:/run/openvswitch:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
|
|
openvswitch_extra_volumes: "{{ default_extra_volumes }}"
|
|
openvswitch_db_extra_volumes: "{{ openvswitch_extra_volumes }}"
|
|
openvswitch_vswitchd_extra_volumes: "{{ openvswitch_extra_volumes }}"
|