From 2f5a1c0c7751ba340d493f3c6f08a23454a7cc38 Mon Sep 17 00:00:00 2001 From: Roy Tang Date: Tue, 28 Aug 2018 14:21:29 -0400 Subject: [PATCH] Neutron TaaS support as L2 Extension This is the second draft to enhance neutron in ocata to support Tap-as-a-service (TaaS) as a L2 Extension. Change-Id: I96951b38dd43ab4904339b778b5726a579c76a4c --- neutron/templates/bin/_db-sync.sh.tpl | 5 +++- .../bin/_neutron-openvswitch-agent.sh.tpl | 5 +++- neutron/templates/bin/_neutron-server.sh.tpl | 5 +++- .../templates/bin/_neutron-sriov-agent.sh.tpl | 5 +++- neutron/templates/configmap-etc.yaml | 2 ++ neutron/templates/daemonset-ovs-agent.yaml | 20 +++++++++++++ neutron/templates/daemonset-sriov-agent.yaml | 20 +++++++++++++ neutron/templates/deployment-server.yaml | 6 ++++ neutron/values.yaml | 28 +++++++++++++++++++ 9 files changed, 92 insertions(+), 4 deletions(-) diff --git a/neutron/templates/bin/_db-sync.sh.tpl b/neutron/templates/bin/_db-sync.sh.tpl index 5bd137b7bb..f8704c0730 100644 --- a/neutron/templates/bin/_db-sync.sh.tpl +++ b/neutron/templates/bin/_db-sync.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017-2018 OpenStack Foundation. +Copyright 2017 The Openstack-Helm Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -21,4 +21,7 @@ set -ex neutron-db-manage \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ +{{- if .Values.conf.plugins.taas.taas.enabled }} + --subproject tap-as-a-service \ +{{- end }} upgrade head diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl index a91c929184..a9b90d4316 100644 --- a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017-2018 OpenStack Foundation. +Copyright 2017 The Openstack-Helm Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -23,3 +23,6 @@ exec neutron-openvswitch-agent \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --config-file /tmp/pod-shared/ml2-local-ip.ini \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini +{{- if .Values.conf.plugins.taas.taas.enabled }} \ + --config-file /etc/neutron/plugins/ml2/taas.ini +{{- end }} diff --git a/neutron/templates/bin/_neutron-server.sh.tpl b/neutron/templates/bin/_neutron-server.sh.tpl index cd24dd3995..a4de32d6b4 100644 --- a/neutron/templates/bin/_neutron-server.sh.tpl +++ b/neutron/templates/bin/_neutron-server.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017-2018 OpenStack Foundation. +Copyright 2017 The Openstack-Helm Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -23,6 +23,9 @@ function start () { exec neutron-server \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if .Values.conf.plugins.taas.taas.enabled }} \ + --config-file /etc/neutron/taas_plugin.ini +{{- end }} {{- if ( has "sriov" .Values.network.backend ) }} \ --config-file /etc/neutron/plugins/ml2/sriov_agent.ini {{- end }} diff --git a/neutron/templates/bin/_neutron-sriov-agent.sh.tpl b/neutron/templates/bin/_neutron-sriov-agent.sh.tpl index bf158d21bd..98bf5e9210 100644 --- a/neutron/templates/bin/_neutron-sriov-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-sriov-agent.sh.tpl @@ -1,7 +1,7 @@ #!/bin/bash {{/* -Copyright 2017-2018 OpenStack Foundation. +Copyright 2017 The Openstack-Helm Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -22,3 +22,6 @@ exec neutron-sriov-nic-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --config-file /etc/neutron/plugins/ml2/sriov_agent.ini +{{- if .Values.conf.plugins.taas.taas.enabled }} \ + --config-file /etc/neutron/plugins/ml2/taas.ini +{{- end }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 109b5910b7..9fe11af430 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -185,8 +185,10 @@ data: l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }} metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }} metering_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc }} + taas_plugin.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc }} ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }} ml2_conf_sriov.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | b64enc }} + taas.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.taas | b64enc }} macvtap_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | b64enc }} linuxbridge_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | b64enc }} openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }} diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index af6acd3567..07b23a7dce 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -100,6 +100,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -113,6 +119,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "ovs_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -121,6 +130,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} @@ -164,6 +174,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -177,6 +193,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "ovs_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -185,6 +204,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml index 947e41e13e..22c730aee6 100644 --- a/neutron/templates/daemonset-sriov-agent.yaml +++ b/neutron/templates/daemonset-sriov-agent.yaml @@ -83,6 +83,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini subPath: sriov_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -96,6 +102,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "sriov_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -104,6 +113,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} @@ -139,6 +149,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini subPath: sriov_agent.ini readOnly: true + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/taas.ini + subPath: taas.ini + readOnly: true + {{- end }} - name: neutron-etc # NOTE (Portdirect): We mount here to override Kollas # custom sudoers file when using Kolla images, this @@ -152,6 +168,9 @@ spec: readOnly: true {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} {{- if ( has "sriov_agent" $value.pods ) }} + {{- if and ( eq "taas" $key ) (not $envAll.Values.conf.plugins.taas.taas.enabled) }} + ## if taas is not enabled, do not include taas.filters + {{- else }} {{- $filePrefix := replace "_" "-" $key }} {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} - name: neutron-etc @@ -160,6 +179,7 @@ spec: readOnly: true {{- end }} {{- end }} + {{- end }} - name: run mountPath: /run {{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index c1291996e8..fcc3469254 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -98,6 +98,12 @@ spec: subPath: sriov_agent.ini readOnly: true {{ end }} + {{- if .Values.conf.plugins.taas.taas.enabled }} + - name: neutron-etc + mountPath: /etc/neutron/taas_plugin.ini + subPath: taas_plugin.ini + readOnly: true + {{ end }} - name: neutron-etc mountPath: /etc/neutron/api-paste.ini subPath: api-paste.ini diff --git a/neutron/values.yaml b/neutron/values.yaml index e518bde1cf..47fbb5318b 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1433,6 +1433,23 @@ conf: # NOTE: A second `--config-file` arg can also be added above. Since # many neutron components are installed like that (eg: by devstack). # Adjust to suit local requirements. + taas: + pods: + - ovs_agent + - sriov_agent + content: | + # neutron-rootwrap command filters for nodes on which neutron + # tap-as-a-service(taas) is eanbled. Taas uses this command + # as part of its flow control. + + # format seems to be + # cmd-name: filter-name, raw-command, user, args + + [Filters] + + # This is needed to allow taas to insert/remove vlan id to the + # target vf under /sys/class/net/[device-name]/device/sriov/[vf-index]/[mirror] + i40e_sysfs_command: RegExpFilter, /opt/i40e_sysfs_command, root, /opt/i40e_sysfs_command, \w+, .+, .+ neutron: DEFAULT: log_config_append: /etc/neutron/logging.conf @@ -1478,6 +1495,7 @@ conf: keys: - root - neutron + - neutron_taas handlers: keys: - stdout @@ -1495,6 +1513,11 @@ conf: handlers: - stdout qualname: neutron + logger_neutron_taas: + level: INFO + handlers: + - stdout + qualname: neutron_taas logger_amqp: level: WARNING handlers: stderr @@ -1550,7 +1573,12 @@ conf: # using ml2_type_vlan.network_vlan_ranges: # ml2_type_vlan: # network_vlan_ranges: "external:1100:1110" + agent: + extensions: "" ml2_conf_sriov: null + taas: + taas: + enabled: False openvswitch_agent: agent: tunnel_types: vxlan