openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/zun/templates/zun.conf.j2
Hongbin Lu 91678f67af Zun: Add zun-cni-daemon to compute node 
Zun has a new component "zun-cni-daemon" which should be
deployed in every compute nodes. It is basically an implementation
of CNI (Container Network Interface) that performs the neutron
port binding.

If users is using the capsule (pod) API, the recommended deployment
option is using "cri" as capsule driver. This is basically to use
a CRI runtime (i.e. CRI plugin for containerd) for supporting
capsules (pods). A CRI runtime needs a CNI plugin which is what
the "zun-cni-daemon" provides.

The configuration is based on the Zun installation guide [1].
It consits of the following steps:
* Configure the containerd daemon in the host. The "zun-compute"
  container will use grpc to communicate with this service.
* Install the "zun-cni" binary at host. The containerd process
  will invoke this binary to call the CNI plugin.
* Run a "zun-cni-daemon" container. The "zun-cni" binary will
  communicate with this container via HTTP.

Relevant patches:
Blueprint: https://blueprints.launchpad.net/zun/+spec/add-support-cri-runtime
Install guide: https://review.opendev.org/#/c/707948/
Devstack plugin: https://review.opendev.org/#/c/705338/
Kolla image: https://review.opendev.org/#/c/708273/

[1] https://docs.openstack.org/zun/latest/install/index.html

Depends-On: https://review.opendev.org/#/c/721044/
Change-Id: I9c361a99b355af27907cf80f5c88d97191193495
2020-04-30 02:22:20 +00:00

123 lines
3.7 KiB
Django/Jinja
Raw Blame History

[DEFAULT]
debug = {{ zun_logging_debug }}
{% if service_name == 'zun-api' %}
# Force zun-api.log or will use app.wsgi
log_file = /var/log/kolla/zun/zun-api.log
{% endif %}
log_dir = /var/log/kolla/zun
transport_url = {{ rpc_transport_url }}
state_path = /var/lib/zun
container_driver = docker
capsule_driver = cri
[network]
driver = kuryr
[api]
host_ip = {{ api_interface_address }}
port = {{ zun_api_port }}
workers = {{ openstack_service_workers }}
[database]
connection = mysql+pymysql://{{ zun_database_user }}:{{ zun_database_password }}@{{ zun_database_address }}/{{ zun_database_name }}
max_retries = -1
# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
# keystone_authtoken sections are used and Zun internals may use either -
# - best keep them both in sync
[keystone_auth]
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}
{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}
# NOTE(yoctozepto): despite what the docs say, both keystone_auth and
# keystone_authtoken sections are used and Zun internals may use either -
# - best keep them both in sync
[keystone_authtoken]
www_authenticate_uri = {{ keystone_internal_url }}
auth_url = {{ keystone_admin_url }}
auth_type = password
project_domain_id = {{ default_project_domain_id }}
user_domain_id = {{ default_user_domain_id }}
project_name = service
username = {{ zun_keystone_user }}
password = {{ zun_keystone_password }}
service_token_roles_required = True
region_name = {{ openstack_region_name }}
cafile = {{ openstack_cacert }}
{% if enable_memcached | bool %}
memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
{% endif %}
[zun_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[glance_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[neutron_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[cinder_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
[placement_client]
region_name = {{ openstack_region_name }}
endpoint_type = internalURL
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
trace_sqlalchemy = true
hmac_keys = {{ osprofiler_secret }}
connection_string = {{ osprofiler_backend_connection_string }}
{% endif %}
[oslo_concurrency]
lock_path = /var/lib/zun/tmp
{% if zun_policy_file is defined %}
[oslo_policy]
policy_file = {{ zun_policy_file }}
{% endif %}
[compute]
host_shared_with_nova = {{ inventory_hostname in groups['compute'] and enable_nova | bool and not enable_nova_fake | bool }}
[websocket_proxy]
wsproxy_host = {{ api_interface_address }}
wsproxy_port = {{ zun_wsproxy_port }}
base_url = ws://{{ kolla_external_fqdn | put_address_in_context('url') }}:{{ zun_wsproxy_port }}
[docker]
api_url = tcp://{{ api_interface_address | put_address_in_context('url') }}:2375
docker_remote_api_host = {{ api_interface_address }}
docker_remote_api_port = 2375
[cni_daemon]
cni_daemon_port = {{ zun_cni_daemon_port }}
View Git Blame Copy Permalink