From 09d6a3e68c3d95e27ce7a7395735d058062e9d17 Mon Sep 17 00:00:00 2001
From: Deepak Tiwari <deepak.tiwari@aricent.com>
Date: Sun, 9 Feb 2020 23:53:30 -0600
Subject: [PATCH] Add neutron-ovs-cleanup to neutron charts

neutron-ovs-cleanup needs to be run at the startup once

Change-Id: I0160bb0377082026af4aa90413196ce65cfd23c9
---
 ...tron-openvswitch-agent-init-cleanup.sh.tpl | 28 ++++++++
 neutron/templates/configmap-bin.yaml          |  2 +
 neutron/templates/daemonset-ovs-agent.yaml    | 69 +++++++++++++++++++
 neutron/values.yaml                           |  4 ++
 4 files changed, 103 insertions(+)
 create mode 100644 neutron/templates/bin/_neutron-openvswitch-agent-init-cleanup.sh.tpl

diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init-cleanup.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init-cleanup.sh.tpl
new file mode 100644
index 0000000000..3b6d604540
--- /dev/null
+++ b/neutron/templates/bin/_neutron-openvswitch-agent-init-cleanup.sh.tpl
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+{{/*
+Copyright 2020 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+
+if [[ ! -f /run/ovs-cleanup.tmp ]]
+then
+  neutron-ovs-cleanup \
+     --config-file /etc/neutron/neutron.conf \
+     --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+     --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
+  touch /run/ovs-cleanup.tmp
+fi
diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml
index 2d6b43192b..85596ab515 100644
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@@ -71,6 +71,8 @@ data:
 {{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   neutron-openvswitch-agent-init-modules.sh: |
 {{ tuple "bin/_neutron-openvswitch-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-openvswitch-agent-init-cleanup.sh: |
+{{ tuple "bin/_neutron-openvswitch-agent-init-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   neutron-openvswitch-agent-readiness.sh: |
 {{ tuple "bin/_neutron-openvswitch-agent-readiness.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   neutron-sriov-agent.sh: |
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index ae67487d7c..f98c5fa142 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -101,6 +101,75 @@ spec:
             - name: pci-devices
               mountPath: /sys/bus/pci/devices
 {{- end }}
+        - name: neutron-ovs-agent-init-cleanup
+{{ tuple $envAll "neutron_openvswitch_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovs | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_ovs_agent" "container" "neutron_ovs_agent_init_cleanup" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+          command:
+            - /tmp/neutron-openvswitch-agent-init-cleanup.sh
+          volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: neutron-bin
+              mountPath: /tmp/neutron-openvswitch-agent-init-cleanup.sh
+              subPath: neutron-openvswitch-agent-init-cleanup.sh
+              readOnly: true
+            - name: pod-shared
+              mountPath: /tmp/pod-shared
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+              subPath: ml2_conf.ini
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+              subPath: openvswitch_agent.ini
+              readOnly: true
+            {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
+            - name: neutron-etc
+              mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
+              subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
+              readOnly: true
+            {{- end }}
+            {{- if .Values.conf.plugins.taas.taas.enabled }}
+            - name: neutron-etc
+              mountPath: /etc/neutron/plugins/ml2/taas.ini
+              subPath: taas.ini
+              readOnly: true
+            {{- end }}
+            - name: neutron-etc
+              # NOTE (Portdirect): We mount here to override Kollas
+              # custom sudoers file when using Kolla images, this
+              # location will also work fine for other images.
+              mountPath: /etc/sudoers.d/kolla_neutron_sudoers
+              subPath: neutron_sudoers
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/rootwrap.conf
+              subPath: rootwrap.conf
+              readOnly: true
+            {{- if .Values.conf.ovs_dpdk.enabled }}
+            - name: neutron-etc
+              mountPath: /etc/dpdk.conf
+              subPath: dpdk.conf
+              readOnly: true
+            {{- end }}
+            {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+            {{- if ( has "ovs_agent" $value.pods ) }}
+            {{- $filePrefix := replace "_" "-"  $key }}
+            {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
+            - name: neutron-etc
+              mountPath: {{ $rootwrapFile }}
+              subPath: {{ base $rootwrapFile }}
+              readOnly: true
+            {{- end }}
+            {{- end }}
+            - name: run
+              mountPath: /run
+{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
         - name: neutron-ovs-agent-init
 {{ tuple $envAll "neutron_openvswitch_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.agent.ovs | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 916b4e8802..0d88ecc645 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -468,6 +468,10 @@ pod:
               - SYS_MODULE
           runAsUser: 0
           readOnlyRootFilesystem: true
+        neutron_ovs_agent_init_cleanup:
+          privileged: true
+          runAsUser: 0
+          readOnlyRootFilesystem: true
         neutron_ovs_agent_init:
           privileged: true
           runAsUser: 0