From b32d456ea23fe9bb999c06b0c6942bd89c9c1108 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 15 Nov 2022 18:20:32 +0000 Subject: [PATCH] ovn: Change NB/SB connection setup to allow usage of inactivity probe We have been using --db-nb-create-insecure-remote=yes - that results a TCP method is set by ovn-ctl script to run ovsdb-server. Downside is - we can't configure inactivity probe on that connection. Closes-Bug: #1917484 Change-Id: I550aa4fe92aadea2a49ca5aff49c0183609b9470 --- ansible/roles/ovn-db/defaults/main.yml | 12 +++++ ansible/roles/ovn-db/handlers/main.yml | 28 ----------- ansible/roles/ovn-db/tasks/bootstrap-db.yml | 48 +++++++++++++++++++ ansible/roles/ovn-db/tasks/deploy.yml | 5 ++ .../roles/ovn-db/templates/ovn-nb-db.json.j2 | 2 +- .../roles/ovn-db/templates/ovn-sb-db.json.j2 | 2 +- 6 files changed, 67 insertions(+), 30 deletions(-) create mode 100644 ansible/roles/ovn-db/tasks/bootstrap-db.yml diff --git a/ansible/roles/ovn-db/defaults/main.yml b/ansible/roles/ovn-db/defaults/main.yml index 7ce7895815..ab97210185 100644 --- a/ansible/roles/ovn-db/defaults/main.yml +++ b/ansible/roles/ovn-db/defaults/main.yml @@ -63,3 +63,15 @@ ovn_db_extra_volumes: "{{ default_extra_volumes }}" ovn_northd_extra_volumes: "{{ ovn_db_extra_volumes }}" ovn_nb_db_extra_volumes: "{{ ovn_db_extra_volumes }}" ovn_sb_db_extra_volumes: "{{ ovn_db_extra_volumes }}" + +##### +# OVN +##### +# Configure OVN remote probe interval time in ms +ovn_remote_probe_interval: "60000" +# Configure OVN openflow interval in s +ovn_openflow_probe_interval: "60" +# Configure OVN DB inactivity probe time in ms +ovn_db_inactivity_probe: "60000" +ovn_sb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}" +ovn_nb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}" diff --git a/ansible/roles/ovn-db/handlers/main.yml b/ansible/roles/ovn-db/handlers/main.yml index 8c9c15a356..88939501dd 100644 --- a/ansible/roles/ovn-db/handlers/main.yml +++ b/ansible/roles/ovn-db/handlers/main.yml @@ -29,34 +29,6 @@ when: - kolla_action != "config" -- name: Wait for ovn-nb-db - wait_for: - host: "{{ api_interface_address }}" - port: "{{ ovn_nb_db_port }}" - connect_timeout: 1 - timeout: 60 - register: check_ovn_nb_db_port - until: check_ovn_nb_db_port is success - retries: 10 - delay: 6 - listen: "Restart ovn-nb-db container" - when: - - kolla_action != "config" - -- name: Wait for ovn-sb-db - wait_for: - host: "{{ api_interface_address }}" - port: "{{ ovn_sb_db_port }}" - connect_timeout: 1 - timeout: 60 - register: check_ovn_sb_db_port - until: check_ovn_sb_db_port is success - retries: 10 - delay: 6 - listen: "Restart ovn-sb-db container" - when: - - kolla_action != "config" - - name: Restart ovn-northd container vars: service_name: "ovn-northd" diff --git a/ansible/roles/ovn-db/tasks/bootstrap-db.yml b/ansible/roles/ovn-db/tasks/bootstrap-db.yml new file mode 100644 index 0000000000..55bd13deb7 --- /dev/null +++ b/ansible/roles/ovn-db/tasks/bootstrap-db.yml @@ -0,0 +1,48 @@ +--- +- name: Get OVN_Northbound cluster leader + become: true + command: "docker exec ovn_nb_db ovs-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/status OVN_Northbound" + changed_when: False + register: ovn_nb_cluster_status + +- name: Configure OVN NB connection settings + vars: + search_string: "Role: leader" + become: true + command: "docker exec ovn_nb_db ovn-nbctl --inactivity-probe={{ ovn_nb_db_inactivity_probe }} set-connection ptcp:{{ ovn_nb_db_port }}:0.0.0.0" + when: ovn_nb_cluster_status is search(search_string) + +- name: Get OVN_Southbound cluster leader + become: true + command: "docker exec ovn_sb_db ovs-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/status OVN_Southbound" + changed_when: False + register: ovn_sb_cluster_status + +- name: Configure OVN SB connection settings + vars: + search_string: "Role: leader" + become: true + command: "docker exec ovn_sb_db ovn-sbctl --inactivity-probe={{ ovn_sb_db_inactivity_probe }} set-connection ptcp:{{ ovn_sb_db_port }}:0.0.0.0" + when: ovn_sb_cluster_status is search(search_string) + +- name: Wait for ovn-nb-db + wait_for: + host: "{{ api_interface_address }}" + port: "{{ ovn_nb_db_port }}" + connect_timeout: 1 + timeout: 60 + register: check_ovn_nb_db_port + until: check_ovn_nb_db_port is success + retries: 10 + delay: 6 + +- name: Wait for ovn-sb-db + wait_for: + host: "{{ api_interface_address }}" + port: "{{ ovn_sb_db_port }}" + connect_timeout: 1 + timeout: 60 + register: check_ovn_sb_db_port + until: check_ovn_sb_db_port is success + retries: 10 + delay: 6 diff --git a/ansible/roles/ovn-db/tasks/deploy.yml b/ansible/roles/ovn-db/tasks/deploy.yml index 49edff81e3..1c68ca7eca 100644 --- a/ansible/roles/ovn-db/tasks/deploy.yml +++ b/ansible/roles/ovn-db/tasks/deploy.yml @@ -5,3 +5,8 @@ - name: Flush handlers meta: flush_handlers + +- import_tasks: bootstrap-db.yml + when: + - inventory_hostname in groups['ovn-nb-db'] + - inventory_hostname in groups['ovn-sb-db'] diff --git a/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 b/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 index bc10ebd5c8..a977a4882c 100644 --- a/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 +++ b/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 @@ -1,5 +1,5 @@ { - "command": "/usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb --db-nb-create-insecure-remote=yes --db-nb-addr={{ api_interface_address | put_address_in_context('url') }} --db-nb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-nb-db'] | length > 1 and inventory_hostname != groups['ovn-nb-db'][0] %} --db-nb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-nb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-nb-sock=/run/ovn/ovnnb_db.sock --db-nb-pid=/run/ovn/ovnnb_db.pid --db-nb-file=/var/lib/openvswitch/ovn-nb/ovnnb.db --ovn-nb-logfile=/var/log/kolla/openvswitch/ovn-nb-db.log", + "command": "/usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb --db-nb-addr={{ api_interface_address | put_address_in_context('url') }} --db-nb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-nb-db'] | length > 1 and inventory_hostname != groups['ovn-nb-db'][0] %} --db-nb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-nb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-nb-sock=/run/ovn/ovnnb_db.sock --db-nb-pid=/run/ovn/ovnnb_db.pid --db-nb-file=/var/lib/openvswitch/ovn-nb/ovnnb.db --ovn-nb-logfile=/var/log/kolla/openvswitch/ovn-nb-db.log", "permissions": [ { "path": "/var/log/kolla/openvswitch", diff --git a/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 b/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 index 8d3d746394..4d693e6325 100644 --- a/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 +++ b/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 @@ -1,5 +1,5 @@ { - "command": "/usr/share/ovn/scripts/ovn-ctl run_sb_ovsdb --db-sb-create-insecure-remote=yes --db-sb-addr={{ api_interface_address | put_address_in_context('url') }} --db-sb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-sb-db'] | length > 1 and inventory_hostname != groups['ovn-sb-db'][0] %} --db-sb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-sb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-sb-sock=/run/ovn/ovnsb_db.sock --db-sb-pid=/run/ovn/ovnsb_db.pid --db-sb-file=/var/lib/openvswitch/ovn-sb/ovnsb.db --ovn-sb-logfile=/var/log/kolla/openvswitch/ovn-sb-db.log", + "command": "/usr/share/ovn/scripts/ovn-ctl run_sb_ovsdb --db-sb-addr={{ api_interface_address | put_address_in_context('url') }} --db-sb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-sb-db'] | length > 1 and inventory_hostname != groups['ovn-sb-db'][0] %} --db-sb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-sb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-sb-sock=/run/ovn/ovnsb_db.sock --db-sb-pid=/run/ovn/ovnsb_db.pid --db-sb-file=/var/lib/openvswitch/ovn-sb/ovnsb.db --ovn-sb-logfile=/var/log/kolla/openvswitch/ovn-sb-db.log", "permissions": [ { "path": "/var/log/kolla/openvswitch",