diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl new file mode 100644 index 0000000000..9046dadda8 --- /dev/null +++ b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl @@ -0,0 +1,41 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -ex + +chown neutron: /run/openvswitch/db.sock + +# ensure we can talk to openvswitch or bail early +# this is until we can setup a proper dependency +# on deaemonsets - note that a show is not sufficient +# here, we need to communicate with both the db and vswitchd +# which means we need to do a create action +# +# see https://github.com/att-comdev/openstack-helm/issues/88 +timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support + +tunnel_interface="{{- .Values.network.interface.tunnel -}}" +if [ -z "${tunnel_interface}" ] ; then + # search for interface with default routing + tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*') +fi + +# determine local-ip dynamically based on interface provided but only if tunnel_types is not null +IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +cat </tmp/pod-shared/ml2-local-ip.ini +[ovs] +local_ip = $IP +EOF diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl index 5d5e4af845..6040904e8d 100644 --- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -14,35 +14,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -x -chown neutron: /run/openvswitch/db.sock +set -ex -# ensure we can talk to openvswitch or bail early -# this is until we can setup a proper dependency -# on deaemonsets - note that a show is not sufficient -# here, we need to communicate with both the db and vswitchd -# which means we need to do a create action -# -# see https://github.com/att-comdev/openstack-helm/issues/88 -timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support - -tunnel_interface="{{- .Values.network.interface.tunnel -}}" -if [ -z "${tunnel_interface}" ] ; then - # search for interface with default routing - tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*') -fi - -# determine local-ip dynamically based on interface provided but only if tunnel_types is not null -IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') -cat </tmp/ml2-local-ip.ini -[ovs] -local_ip = $IP -EOF - -# TODO: make this configurable going forward as today -# it forces openvswitch agent -exec sudo -E -u neutron neutron-openvswitch-agent \ ---config-file /etc/neutron/neutron.conf \ ---config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ ---config-file /tmp/ml2-local-ip.ini \ ---config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini +exec neutron-openvswitch-agent \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /tmp/pod-shared/ml2-local-ip.ini \ + --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 88c6657267..9c0033df6d 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -35,6 +35,8 @@ data: {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent.sh: |+ {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-openvswitch-agent-init.sh: |+ +{{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-server.sh: |+ {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} openvswitch-db-server.sh: |+ diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 3d43e419bd..3e3cf7ee01 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -31,12 +31,55 @@ spec: spec: nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} - securityContext: - runAsUser: 0 dnsPolicy: ClusterFirst hostNetwork: true initContainers: {{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: ovs-agent-init + image: {{ .Values.images.neutron_openvswitch_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + {{- if .Values.resources.enabled }} + resources: + limits: + cpu: {{ .Values.resources.ovs.agent.limits.cpu | quote }} + memory: {{ .Values.resources.ovs.agent.limits.memory | quote }} + requests: + cpu: {{ .Values.resources.ovs.agent.requests.cpu | quote }} + memory: {{ .Values.resources.ovs.agent.requests.memory | quote }} + {{- end }} + securityContext: + privileged: true + runAsUser: 0 + command: + - /tmp/neutron-openvswitch-agent-init.sh + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-openvswitch-agent-init.sh + subPath: neutron-openvswitch-agent-init.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini + subPath: openvswitch_agent.ini + readOnly: true + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + - name: neutron-etc + mountPath: /etc/resolv.conf + subPath: resolv.conf +{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} containers: - name: ovs-agent image: {{ .Values.images.neutron_openvswitch_agent }} @@ -67,6 +110,8 @@ spec: mountPath: /tmp/neutron-openvswitch-agent.sh subPath: neutron-openvswitch-agent.sh readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared - name: neutron-etc mountPath: /etc/neutron/neutron.conf subPath: neutron.conf @@ -91,6 +136,8 @@ spec: volumes: - name: varlibopenvswitch emptyDir: {} + - name: pod-shared + emptyDir: {} - name: neutron-bin configMap: name: neutron-bin