Change fat neutron container into thin containers

Key difference here is the ip_wrapper.py file. This file and docker 1.7
allow for the network namespaces to be created in the host mount
namespace and propogated into the containers.

Co-Authored-By: Paul Bourke <paul.bourke@oracle.com>
Change-Id: I73bcd1c97bbaf742af883dbf281a8d76aff8aebf

compose/neutron-agents.yml

@@ -1,11 +0,0 @@
-neutronagents:
-  image: kollaglue/centos-rdo-neutron-agents:latest
-  name: neutron-agents
-  net: "host"
-  privileged: true
-  restart: always
-  volumes:
-    - /var/run/netns/:/var/run/netns/
-    - /lib/modules:/lib/modules:ro
-  env_file:
-   - openstack.env

compose/neutron-dhcp-agent.yml

@@ -0,0 +1,12 @@
+neutrondhcpagent:
+  image: kollaglue/centos-rdo-neutron-dhcp-agent:latest
+  name: neutron-dhcp-agent
+  net: "host"
+  privileged: true
+  restart: always
+  volumes:
+    - /run/netns/:/run/netns/:ro
+    - /proc/1/ns/:/opt/kolla/host_proc/1/ns/:ro
+    - /lib/modules:/lib/modules:ro
+  env_file:
+   - openstack.env

compose/neutron-l3-agent.yml

@@ -0,0 +1,12 @@
+neutronl3agent:
+  image: kollaglue/centos-rdo-neutron-l3-agent:latest
+  name: neutron-l3-agent
+  net: "host"
+  privileged: true
+  restart: always
+  volumes:
+    - /run/netns/:/run/netns/:ro
+    - /proc/1/ns/:/opt/kolla/host_proc/1/ns/:ro
+    - /lib/modules:/lib/modules:ro
+  env_file:
+   - openstack.env

compose/neutron-linuxbridge-agent.yml

@@ -0,0 +1,12 @@
+neutronlinuxbridgeagent:
+  image: kollaglue/centos-rdo-neutron-linuxbridge-agent:latest
+  name: neutron-linuxbridge-agent
+  net: "host"
+  privileged: true
+  restart: always
+  volumes:
+    - /run/netns/:/run/netns/:ro
+    - /proc/1/ns/:/opt/kolla/host_proc/1/ns/:ro
+    - /lib/modules:/lib/modules:ro
+  env_file:
+   - openstack.env

compose/neutron-metadata-agent.yml

@@ -0,0 +1,12 @@
+neutronmetadataagent:
+  image: kollaglue/centos-rdo-neutron-metadata-agent:latest
+  name: neutron-metadata-agent
+  net: "host"
+  privileged: true
+  restart: always
+  volumes:
+    - /run/netns/:/run/netns/:ro
+    - /proc/1/ns/:/opt/kolla/host_proc/1/ns/:ro
+    - /lib/modules:/lib/modules:ro
+  env_file:
+   - openstack.env

docker/centos/binary/neutron/neutron-agents/Dockerfile

@@ -1,39 +0,0 @@
-FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base:%%KOLLA_TAG%%
-MAINTAINER Kolla Project (https://launchpad.net/kolla)
-
-# Install supervisor
-RUN easy_install supervisor
-
-# Install supervisor-stdout
-RUN pip install supervisor-stdout
-
-# Install required packages
-RUN yum install -y openstack-neutron openstack-neutron-linuxbridge \
-        net-tools \
-        && yum clean all
-
-# Add config scripts
-ADD config-scripts/config-linuxbridge-agent.sh /opt/kolla/neutron/
-ADD config-scripts/config-dhcp-agent.sh /opt/kolla/neutron/
-ADD config-scripts/config-l3-agent.sh /opt/kolla/neutron/
-ADD config-scripts/config-metadata-agent.sh /opt/kolla/neutron/
-ADD config-scripts/config-sudoers.sh /opt/kolla/
-
-# Add check scripts
-ADD check-scripts/check-linuxbridge-agent.sh /opt/kolla/neutron/
-ADD check-scripts/check-dhcp-agent.sh /opt/kolla/neutron/
-ADD check-scripts/check-l3-agent.sh /opt/kolla/neutron/
-ADD check-scripts/check-metadata-agent.sh /opt/kolla/neutron/
-
-# This is needed to workaround a problem with the agents exiting if the
-# file is not present.  This file really shouldn't need to be present and
-# implies a configuration problem somewhere else in the code base, but
-# we are out of time.
-COPY fwaas_driver.ini /etc/neutron/
-
-# Configure supervisord
-RUN mkdir -p /var/log/supervisor/
-ADD supervisord.conf /etc/
-
-# Start supervisor
-CMD ["/usr/bin/supervisord"]

docker/centos/binary/neutron/neutron-agents/check-scripts/check-dhcp-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/check-scripts/check-dhcp-agent.sh

docker/centos/binary/neutron/neutron-agents/check-scripts/check-l3-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/check-scripts/check-l3-agent.sh

docker/centos/binary/neutron/neutron-agents/check-scripts/check-linuxbridge-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/check-scripts/check-linuxbridge-agent.sh

docker/centos/binary/neutron/neutron-agents/check-scripts/check-metadata-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/check-scripts/check-metadata-agent.sh

docker/centos/binary/neutron/neutron-agents/config-scripts/config-dhcp-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/config-scripts/config-dhcp-agent.sh

docker/centos/binary/neutron/neutron-agents/config-scripts/config-l3-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/config-scripts/config-l3-agent.sh

docker/centos/binary/neutron/neutron-agents/config-scripts/config-linuxbridge-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/config-scripts/config-linuxbridge-agent.sh

docker/centos/binary/neutron/neutron-agents/config-scripts/config-metadata-agent.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/config-scripts/config-metadata-agent.sh

docker/centos/binary/neutron/neutron-agents/config-scripts/config-sudoers.sh

@@ -1 +0,0 @@
-../../../../../common/neutron/neutron-agents/config-scripts/config-sudoers.sh

docker/centos/binary/neutron/neutron-agents/fwaas_driver.ini

@@ -1 +0,0 @@
-../../../../common/neutron/neutron-agents/fwaas_driver.ini

docker/centos/binary/neutron/neutron-agents/supervisord.conf

@@ -1 +0,0 @@
-../../../../common/neutron/neutron-agents/supervisord.conf

docker/centos/binary/neutron/neutron-base/Dockerfile

@@ -1,7 +1,16 @@
 FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base:%%KOLLA_TAG%%
 MAINTAINER Kolla Project (https://launchpad.net/kolla)
 
-RUN yum -y install openstack-neutron-ml2 && yum clean all
+RUN yum -y install openstack-neutron \
+                   openstack-neutron-ml2 \
+                   python-neutron-client \
+    && yum clean all
 
-RUN mkdir -p /opt/kolla
-COPY config-neutron.sh /opt/kolla/config-neutron.sh
+RUN pip install nsenter \
+    && ln -s 1 /opt/kolla/host_proc/self
+
+RUN mkdir -p /opt/kolla/host_proc
+COPY config-neutron.sh config-sudoers.sh /opt/kolla/
+
+RUN mv /sbin/ip /opt/kolla/ip
+COPY ip_wrapper.py /sbin/ip

docker/centos/binary/neutron/neutron-base/ip_wrapper.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+
+# Copyright 2015 Sam Yaple
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file exists because we want to create and delete any network namespaces from the
+# host mount namespace. This allows the host to access all of the neutron network
+# namespaces as well as all containers that bind mount /run/netns from the host.
+
+# This is required for "thin" neutron containers to function properly
+
+import sys
+import subprocess
+import nsenter
+
+def host_mnt_exec(cmd):
+    try:
+        with nsenter.ExitStack() as stack:
+            stack.enter_context(nsenter.Namespace('1', 'mnt', proc='/opt/kolla/host_proc/'))
+            process_ = subprocess.Popen(cmd)
+
+    except Exception as e:
+        print("An error has occured with a component that Kolla manages. Please file a bug")
+        print("Error: ", e)
+
+    return process_
+
+
+if len(sys.argv) > 2:
+    # We catch all commands that ip will accept that refer to creating or deleteing a
+    # Network namespace
+    if str(sys.argv[1]).startswith("net") and \
+                (str(sys.argv[2]).startswith("a") or str(sys.argv[2]).startswith("d")):
+        # This cmd is executed in the host mount namespace
+        cmd = ["/usr/bin/env", "ip"] + sys.argv[1:]
+        sys.exit(host_mnt_exec(cmd).returncode)
+    else:
+        cmd = ["/opt/kolla/ip"] + sys.argv[1:]
+else:
+    cmd = ["/opt/kolla/ip"]
+
+    if len(sys.argv) == 2:
+        cmd = cmd + sys.argv[1:]
+
+process_ = subprocess.Popen(cmd)
+sys.exit(process_.returncode)

docker/centos/binary/neutron/neutron-dhcp-agent/Dockerfile

@@ -0,0 +1,6 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+COPY check.sh start.sh /
+
+CMD ["/start.sh"]

docker/centos/binary/neutron/neutron-dhcp-agent/check.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-dhcp-agent/check.sh

docker/centos/binary/neutron/neutron-dhcp-agent/start.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-dhcp-agent/start.sh

docker/centos/binary/neutron/neutron-l3-agent/Dockerfile

@@ -0,0 +1,14 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+# TODO: SamYaple FWaaS is part of the l3-agent, not a seperate agent that is
+# why this file is needed. To support FWaaS we cannot have a seperate container
+# I need to figure out the best way to make this work together
+#
+# This file _does_ _not_ need to exist, you must remove referencing it from the
+# exec line in the start script. Also all these config options can exist in the
+# main neutron.conf if we wish
+COPY fwaas_driver.ini /etc/neutron/
+COPY check.sh start.sh /
+
+CMD ["/start.sh"]

docker/centos/binary/neutron/neutron-l3-agent/build

@@ -0,0 +1 @@
+../../../../../tools/build-docker-image

docker/centos/binary/neutron/neutron-l3-agent/check.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-l3-agent/check.sh

docker/centos/binary/neutron/neutron-l3-agent/fwaas_driver.ini

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-l3-agent/fwaas_driver.ini

docker/centos/binary/neutron/neutron-l3-agent/start.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-l3-agent/start.sh

docker/centos/binary/neutron/neutron-linuxbridge-agent/Dockerfile

@@ -0,0 +1,10 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+# Install required packages
+RUN yum install -y openstack-neutron-linuxbridge && \
+    yum clean all
+
+COPY check.sh start.sh /
+
+CMD ["/start.sh"]

docker/centos/binary/neutron/neutron-linuxbridge-agent/build

@@ -0,0 +1 @@
+../../../../../tools/build-docker-image

docker/centos/binary/neutron/neutron-linuxbridge-agent/check.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-linuxbridge-agent/check.sh

docker/centos/binary/neutron/neutron-linuxbridge-agent/start.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-linuxbridge-agent/start.sh

docker/centos/binary/neutron/neutron-metadata-agent/Dockerfile

@@ -0,0 +1,6 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+COPY check.sh start.sh /
+
+CMD ["/start.sh"]

docker/centos/binary/neutron/neutron-metadata-agent/build

@@ -0,0 +1 @@
+../../../../../tools/build-docker-image

docker/centos/binary/neutron/neutron-metadata-agent/check.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-metadata-agent/check.sh

docker/centos/binary/neutron/neutron-metadata-agent/start.sh

@@ -0,0 +1 @@
+../../../../common/neutron/neutron-metadata-agent/start.sh

docker/centos/binary/neutron/neutron-server/Dockerfile

@@ -2,12 +2,9 @@ FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%neutron-base:%%KOLLA_TAG%%
 MAINTAINER Kolla Project (https://launchpad.net/kolla)
 
 #Install required packages
-RUN yum install -y openstack-neutron \
-        python-neutronclient \
-        which \
-        && yum clean all
+RUN yum install -y which && \
+    yum clean all
 
-ADD ./start.sh /start.sh
-ADD ./check.sh /check.sh
+COPY check.sh start.sh /
 
 CMD ["/start.sh"]

docker/common/neutron/neutron-agents/supervisord.conf

@@ -1,53 +0,0 @@
-[unix_http_server]
-file = /var/run/supervisor.sock
-
-[inet_http_server]
-port = 127.0.0.1:9001
-
-[supervisord]
-nodaemon=true
-logfile = /var/log/supervisor/supervisord.log
-logfile_maxbytes = 200KB
-logfile_backups = 1
-pidfile = /var/run/supervisord.pid
-childlogdir = /var/log/supervisor
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-
-[supervisorctl]
-serverurl = unix:///var/run/supervisor.sock
-
-[program:neutron-linuxbridge-agent]
-command=/opt/kolla/neutron/config-linuxbridge-agent.sh
-priority=30
-startsec=10
-stderr_events_enabled=true
-stdout_events_enabled=true
-
-[program:neutron-dhcp-agent]
-command=/opt/kolla/neutron/config-dhcp-agent.sh
-priority=40
-startsec=10
-stderr_events_enabled=true
-stdout_events_enabled=true
-
-[program:neutron-metadata-agent]
-command=/opt/kolla/neutron/config-metadata-agent.sh
-priority=40 
-startsec=10
-stderr_events_enabled=true
-stdout_events_enabled=true
-
-[program:neutron-l3-agent]
-command=/opt/kolla/neutron/config-l3-agent.sh
-priority=40
-startsec=10
-stderr_events_enabled=true
-stdout_events_enabled=true
-
-[eventlistener:stdout]
-command = supervisor_stdout
-buffer_size = 100
-events = PROCESS_LOG
-result_handler = supervisor_stdout:event_handler

docker/common/neutron/neutron-dhcp-agent/start.sh

@@ -79,10 +79,5 @@ dhcp-option-force=26,1450
 log-facility=${NEUTRON_LOG_DIR}/neutron-dnsmasq.log
 EOF
 
-# Remove any existing qdhcp namespaces
-ip netns list | grep qdhcp | while read -r line ; do
-    ip netns delete $line
-done
-
 # Start DHCP Agent
 exec /usr/bin/neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --config-dir /etc/neutron

docker/common/neutron/neutron-l3-agent/start.sh

@@ -76,10 +76,5 @@ elif [ "${USE_NAMESPACES}" == "true" ] ; then
         "true"
 fi
 
-# Remove any existing qrouter namespaces
-ip netns list | grep qrouter | while read -r line ; do
-    ip netns delete $line
-done
-
 # Start L3 Agent
 exec /usr/bin/neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-dir /etc/neutron

tools/kolla

@@ -39,7 +39,10 @@ function process_all {
         # Defaulting to neutron
         process nova-compute
         process neutron-server
-        process neutron-agents
+        process neutron-dhcp-agent
+        process neutron-l3-agent
+        process neutron-metadata-agent
+        process neutron-linuxbridge-agent
     fi
     process heat-api-engine
     process magnum-api-conductor