diff --git a/neutron/templates/bin/_db-sync.sh.tpl b/neutron/templates/bin/_db-sync.sh.tpl index 12641b4958..f8704c0730 100644 --- a/neutron/templates/bin/_db-sync.sh.tpl +++ b/neutron/templates/bin/_db-sync.sh.tpl @@ -21,4 +21,7 @@ set -ex neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ +{{- if .Values.conf.plugins.taas.taas.enabled }} + --subproject tap-as-a-service \ +{{- end }} upgrade head diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl index 03a4fb1550..a9b90d4316 100644 --- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -23,3 +23,6 @@ exec neutron-openvswitch-agent \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --config-file /tmp/pod-shared/ml2-local-ip.ini \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini +{{- if .Values.conf.plugins.taas.taas.enabled }} \ + --config-file /etc/neutron/plugins/ml2/taas.ini +{{- end }} diff --git a/neutron/templates/bin/_neutron-server.sh.tpl b/neutron/templates/bin/_neutron-server.sh.tpl index 2374389757..a4de32d6b4 100644 --- a/neutron/templates/bin/_neutron-server.sh.tpl +++ b/neutron/templates/bin/_neutron-server.sh.tpl @@ -23,6 +23,9 @@ function start () { exec neutron-server \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if .Values.conf.plugins.taas.taas.enabled }} \ + --config-file /etc/neutron/taas_plugin.ini +{{- end }} {{- if ( has "sriov" .Values.network.backend ) }} \ --config-file /etc/neutron/plugins/ml2/sriov_agent.ini {{- end }} diff --git a/neutron/templates/bin/_neutron-sriov-agent.sh.tpl b/neutron/templates/bin/_neutron-sriov-agent.sh.tpl index 7c3dce0294..98bf5e9210 100644 --- a/neutron/templates/bin/_neutron-sriov-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-sriov-agent.sh.tpl @@ -22,3 +22,6 @@ exec neutron-sriov-nic-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --config-file /etc/neutron/plugins/ml2/sriov_agent.ini +{{- if .Values.conf.plugins.taas.taas.enabled }} \ + --config-file /etc/neutron/plugins/ml2/taas.ini +{{- end }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 7293df04e2..027602bbff 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -185,8 +185,10 @@ data: l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }} metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }} metering_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc }} + taas_plugin.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc }} ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }} ml2_conf_sriov.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | b64enc }} + taas.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.taas | b64enc }} macvtap_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | b64enc }} linuxbridge_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | b64enc }} openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }} diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index 1ee216ace8..c0ecbe89e0 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -100,6 +100,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -113,6 +119,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "ovs_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -121,6 +130,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} @@ -164,6 +174,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -177,6 +193,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "ovs_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -185,6 +204,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml index 871c927fb1..67f719caec 100644 --- a/neutron/templates/daemonset-sriov-agent.yaml +++ b/neutron/templates/daemonset-sriov-agent.yaml @@ -83,6 +83,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini subPath: sriov_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -96,6 +102,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "sriov_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -104,6 +113,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} @@ -139,6 +149,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini subPath: sriov_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -152,6 +168,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "sriov_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -160,6 +179,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index adc514f803..527496ebc3 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -98,6 +98,12 @@ spec: subPath: sriov_agent.ini readOnly: true {{ end }} + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/taas_plugin.ini + subPath: taas_plugin.ini + readOnly: true + {{ end }} - name: neutron-etc mountPath: /etc/neutron/api-paste.ini subPath: api-paste.ini diff --git a/neutron/values.yaml b/neutron/values.yaml index a6aaae27da..17f665fe13 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1433,6 +1433,23 @@ conf: # NOTE: A second `--config-file` arg can also be added above. Since # many neutron components are installed like that (eg: by devstack). # Adjust to suit local requirements. + taas: + pods: + - ovs_agent + - sriov_agent + content: | + # neutron-rootwrap command filters for nodes on which neutron + # tap-as-a-service(taas) is eanbled. Taas uses this command + # as part of its flow control. + + # format seems to be + # cmd-name: filter-name, raw-command, user, args + + [Filters] + + # This is needed to allow taas to insert/remove vlan id to the + # target vf under /sys/class/net/[device-name]/device/sriov/[vf-index]/[mirror] + i40e_sysfs_command: RegExpFilter, /opt/i40e_sysfs_command, root, /opt/i40e_sysfs_command, \w+, .+, .+ neutron: DEFAULT: log_config_append: /etc/neutron/logging.conf @@ -1478,6 +1495,7 @@ conf: keys: - root - neutron + - neutron_taas handlers: keys: - stdout @@ -1495,6 +1513,11 @@ conf: handlers: - stdout qualname: neutron + logger_neutron_taas: + level: INFO + handlers: + - stdout + qualname: neutron_taas logger_amqp: level: WARNING handlers: stderr @@ -1550,7 +1573,12 @@ conf: # using ml2_type_vlan.network_vlan_ranges: # ml2_type_vlan: # network_vlan_ranges: "external:1100:1110" + agent: + extensions: "" ml2_conf_sriov: null + taas: + taas: + enabled: False openvswitch_agent: agent: tunnel_types: vxlan