From 548f3f0854ac0c7a7edd6505559f6f2d1f3df39a Mon Sep 17 00:00:00 2001
From: Pete Birley <pete@port.direct>
Date: Mon, 12 Jun 2017 07:24:31 -0500
Subject: [PATCH] Neutron: Move ovs-agent setup to init container
This PS moves the Neutron OVS agent setup to an init container.
Change-Id: Ib56e7f35cfc40ba617bd2f895d39efa8ef2849ea
---
.../_neutron-openvswitch-agent-init.sh.tpl | 41 +++++++++++++++
.../bin/_neutron-openvswitch-agent.sh.tpl | 37 +++-----------
neutron/templates/configmap-bin.yaml | 2 +
neutron/templates/daemonset-ovs-agent.yaml | 51 ++++++++++++++++++-
4 files changed, 98 insertions(+), 33 deletions(-)
create mode 100644 neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
new file mode 100644
index 0000000000..9046dadda8
--- /dev/null
+++ b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+chown neutron: /run/openvswitch/db.sock
+
+# ensure we can talk to openvswitch or bail early
+# this is until we can setup a proper dependency
+# on deaemonsets - note that a show is not sufficient
+# here, we need to communicate with both the db and vswitchd
+# which means we need to do a create action
+#
+# see https://github.com/att-comdev/openstack-helm/issues/88
+timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support
+
+tunnel_interface="{{- .Values.network.interface.tunnel -}}"
+if [ -z "${tunnel_interface}" ] ; then
+ # search for interface with default routing
+ tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*')
+fi
+
+# determine local-ip dynamically based on interface provided but only if tunnel_types is not null
+IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
+cat <<EOF>/tmp/pod-shared/ml2-local-ip.ini
+[ovs]
+local_ip = $IP
+EOF
diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl
index 5d5e4af845..6040904e8d 100644
--- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl
@@ -14,35 +14,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-set -x
-chown neutron: /run/openvswitch/db.sock
+set -ex
-# ensure we can talk to openvswitch or bail early
-# this is until we can setup a proper dependency
-# on deaemonsets - note that a show is not sufficient
-# here, we need to communicate with both the db and vswitchd
-# which means we need to do a create action
-#
-# see https://github.com/att-comdev/openstack-helm/issues/88
-timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support
-
-tunnel_interface="{{- .Values.network.interface.tunnel -}}"
-if [ -z "${tunnel_interface}" ] ; then
- # search for interface with default routing
- tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*')
-fi
-
-# determine local-ip dynamically based on interface provided but only if tunnel_types is not null
-IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}')
-cat <<EOF>/tmp/ml2-local-ip.ini
-[ovs]
-local_ip = $IP
-EOF
-
-# TODO: make this configurable going forward as today
-# it forces openvswitch agent
-exec sudo -E -u neutron neutron-openvswitch-agent \
---config-file /etc/neutron/neutron.conf \
---config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
---config-file /tmp/ml2-local-ip.ini \
---config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
+exec neutron-openvswitch-agent \
+ --config-file /etc/neutron/neutron.conf \
+ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+ --config-file /tmp/pod-shared/ml2-local-ip.ini \
+ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini
diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml
index 88c6657267..9c0033df6d 100644
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@@ -35,6 +35,8 @@ data:
{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent.sh: |+
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-openvswitch-agent-init.sh: |+
+{{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-server.sh: |+
{{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
openvswitch-db-server.sh: |+
diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml
index 3d43e419bd..3e3cf7ee01 100644
--- a/neutron/templates/daemonset-ovs-agent.yaml
+++ b/neutron/templates/daemonset-ovs-agent.yaml
@@ -31,12 +31,55 @@ spec:
spec:
nodeSelector:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
- securityContext:
- runAsUser: 0
dnsPolicy: ClusterFirst
hostNetwork: true
initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ - name: ovs-agent-init
+ image: {{ .Values.images.neutron_openvswitch_agent }}
+ imagePullPolicy: {{ .Values.images.pull_policy }}
+ {{- if .Values.resources.enabled }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.ovs.agent.limits.cpu | quote }}
+ memory: {{ .Values.resources.ovs.agent.limits.memory | quote }}
+ requests:
+ cpu: {{ .Values.resources.ovs.agent.requests.cpu | quote }}
+ memory: {{ .Values.resources.ovs.agent.requests.memory | quote }}
+ {{- end }}
+ securityContext:
+ privileged: true
+ runAsUser: 0
+ command:
+ - /tmp/neutron-openvswitch-agent-init.sh
+ volumeMounts:
+ - name: neutron-bin
+ mountPath: /tmp/neutron-openvswitch-agent-init.sh
+ subPath: neutron-openvswitch-agent-init.sh
+ readOnly: true
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+ subPath: ml2_conf.ini
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ subPath: openvswitch_agent.ini
+ readOnly: true
+ - name: libmodules
+ mountPath: /lib/modules
+ readOnly: true
+ - name: run
+ mountPath: /run
+ - name: neutron-etc
+ mountPath: /etc/resolv.conf
+ subPath: resolv.conf
+{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
containers:
- name: ovs-agent
image: {{ .Values.images.neutron_openvswitch_agent }}
@@ -67,6 +110,8 @@ spec:
mountPath: /tmp/neutron-openvswitch-agent.sh
subPath: neutron-openvswitch-agent.sh
readOnly: true
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: neutron-etc
mountPath: /etc/neutron/neutron.conf
subPath: neutron.conf
@@ -91,6 +136,8 @@ spec:
volumes:
- name: varlibopenvswitch
emptyDir: {}
+ - name: pod-shared
+ emptyDir: {}
- name: neutron-bin
configMap:
name: neutron-bin