chore: refactor ovn support

This makes the OVN support more robust, refactors certain shared components with the normal metadata agent, fixes proper init container handling and much more(tm). Depends-On: https://review.opendev.org/c/openstack/openstack-helm-infra/+/889187 Change-Id: I09512c89f44a78796353a12c61f075a181fa8cd5
2023-07-23 09:12:40 +00:00 · 2023-07-23 09:12:40 +00:00 · 56c4341d8b
commit 56c4341d8b
parent 2db78031bc
12 changed files with 81 additions and 123 deletions
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.3.17
+version: 0.3.18
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
--- a/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
@ -16,12 +16,10 @@ limitations under the License.

 set -ex

-chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
-
-{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+# See: https://bugs.launchpad.net/neutron/+bug/2028442
 mkdir -p /tmp/pod-shared
-tee > /tmp/pod-shared/neutron-agent.ini << EOF
-[DEFAULT]
-host = $(hostname --fqdn)
+tee > /tmp/pod-shared/ovn.ini << EOF
+[ovn]
+ovn_nb_connection=tcp:$OVN_OVSDB_NB_SERVICE_HOST:$OVN_OVSDB_NB_SERVICE_PORT_OVSDB
+ovn_sb_connection=tcp:$OVN_OVSDB_SB_SERVICE_HOST:$OVN_OVSDB_SB_SERVICE_PORT_OVSDB
 EOF
-{{- end }}
--- a/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
@ -16,19 +16,11 @@ limitations under the License.

 set -x

-cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini
-
-# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
-sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
-sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
-sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
-sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
-sed -i -e "s|__NOVA_METADATA_SERVICE_HOST__|$NOVA_METADATA_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
-
 exec neutron-ovn-metadata-agent \
      --config-file /etc/neutron/neutron.conf \
+      --config-file /etc/neutron/ovn_metadata_agent.ini \
 {{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
  --config-file /tmp/pod-shared/neutron-agent.ini \
 {{- end }}
-      --config-file /tmp/ovn_metadata_agent.ini
+      --config-file /tmp/pod-shared/ovn.ini

--- a/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
@ -1,26 +0,0 @@
-#!/bin/bash
-
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-set -ex
-
-mkdir -p /tmp/pod-shared
-cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini
-
-# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
-sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
-sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
-sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
-sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
--- a/neutron/templates/bin/_neutron-server.sh.tpl
+++ b/neutron/templates/bin/_neutron-server.sh.tpl
@ -20,21 +20,22 @@ COMMAND="${@:-start}"
 function start () {
  exec neutron-server \
        --config-file /etc/neutron/neutron.conf \
-{{- if ( has "tungstenfabric" .Values.network.backend ) }}
-        --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
-{{- else if ( has "ovn" .Values.network.backend ) }}
-        --config-file /tmp/pod-shared/ml2_conf.ini
-{{- else }}
-        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
+{{- if ( has "ovn" .Values.network.backend ) }}
+        --config-file /tmp/pod-shared/ovn.ini \
 {{- end }}
 {{- if .Values.conf.plugins.taas.taas.enabled }} \
-        --config-file /etc/neutron/taas_plugin.ini
+        --config-file /etc/neutron/taas_plugin.ini \
 {{- end }}
 {{- if ( has "sriov" .Values.network.backend ) }} \
-        --config-file /etc/neutron/plugins/ml2/sriov_agent.ini
+        --config-file /etc/neutron/plugins/ml2/sriov_agent.ini \
 {{- end }}
 {{- if .Values.conf.plugins.l2gateway }} \
-        --config-file /etc/neutron/l2gw_plugin.ini
+        --config-file /etc/neutron/l2gw_plugin.ini \
+{{- end }}
+{{- if ( has "tungstenfabric" .Values.network.backend ) }}
+        --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
+{{- else }}
+        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
 {{- end }}
 }

--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -98,18 +98,16 @@ data:
  neutron-test-force-cleanup.sh: |
 {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}

+  neutron-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- if ( has "ovn" .Values.network.backend ) }}
  neutron-ovn-metadata-agent.sh: |
 {{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  neutron-ovn-metadata-agent-init.sh: |
-{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  neutron-server-ovn-init.sh: |
-{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-ovn-init.sh: |
+{{ tuple "bin/_neutron-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- else }}
  neutron-metadata-agent.sh: |
 {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  neutron-metadata-agent-init.sh: |
-{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}

 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -137,6 +137,16 @@ just set it along with nova_metadata_host.
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" -}}
 {{- end -}}

+{{- if empty $envAll.Values.conf.ovn_metadata_agent.DEFAULT.nova_metadata_host -}}
+{{- $_ := tuple "compute_metadata" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_host" -}}
+{{- end -}}
+{{- if empty $envAll.Values.conf.ovn_metadata_agent.cache.memcache_servers -}}
+{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" -}}
+{{- end -}}
+{{- if empty $envAll.Values.conf.ovn_metadata_agent.DEFAULT.nova_metadata_port -}}
+{{- $_ := tuple "compute_metadata" "internal" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_port" }}
+{{- end -}}
+
 {{- if empty $envAll.Values.conf.neutron.DEFAULT.interface_driver -}}
 {{- $_ := set $envAll.Values "__interface_driver" ( list ) }}
 {{- if ( has "openvswitch" $envAll.Values.network.backend ) -}}
--- a/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml
@ -90,23 +90,21 @@ spec:
      {{- end }}
      initContainers:
 {{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        - name: neutron-ovn-metadata-agent-init
-{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+        - name: neutron-metadata-agent-init
+{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          env:
            - name: NEUTRON_USER_UID
-              value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}"
+              value: "{{ .Values.pod.security_context.neutron_metadata_agent.pod.runAsUser }}"
          command:
-            - /tmp/neutron-ovn-metadata-agent-init.sh
+            - /tmp/neutron-metadata-agent-init.sh
          volumeMounts:
-            - name: run
-              mountPath: /run
            - name: pod-tmp
              mountPath: /tmp
            - name: neutron-bin
-              mountPath: /tmp/neutron-ovn-metadata-agent-init.sh
-              subPath: neutron-ovn-metadata-agent-init.sh
+              mountPath: /tmp/neutron-metadata-agent-init.sh
+              subPath: neutron-metadata-agent-init.sh
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/neutron/neutron.conf
@ -114,6 +112,19 @@ spec:
              readOnly: true
            - name: socket
              mountPath: /var/lib/neutron/openstack-helm
+        - name: ovn-neutron-init
+{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+          command:
+            - /tmp/neutron-ovn-init.sh
+          volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: neutron-bin
+              mountPath: /tmp/neutron-ovn-init.sh
+              subPath: neutron-ovn-init.sh
+              readOnly: true
      containers:
        - name: neutron-ovn-metadata-agent
 {{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -234,7 +245,7 @@ spec:
 {{- $daemonset := "ovn-metadata-agent" }}
 {{- $configMapName := "neutron-etc" }}
 {{- $serviceAccountName := "neutron-ovn-metadata-agent" }}
-{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn_metadata" -}}
 {{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
 {{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 {{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }}
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@ -95,23 +95,13 @@ spec:
        - name: ovn-neutron-init
 {{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
          command:
-            - /tmp/neutron-server-ovn-init.sh
+            - /tmp/neutron-ovn-init.sh
          volumeMounts:
-            - name: pod-tmp
-              mountPath: /tmp
            - name: pod-shared
              mountPath: /tmp/pod-shared
            - name: neutron-bin
-              mountPath: /tmp/neutron-server-ovn-init.sh
-              subPath: neutron-server-ovn-init.sh
-              readOnly: true
-            - name: neutron-etc
-              mountPath: /etc/nginx/nginx.conf
-              subPath: nginx.conf
-              readOnly: true
-            - name: neutron-etc
-              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
-              subPath: ml2_conf.ini
+              mountPath: /tmp/neutron-ovn-init.sh
+              subPath: neutron-ovn-init.sh
              readOnly: true
        {{- end }}
        {{- if ( has "tungstenfabric" .Values.network.backend ) }}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -286,17 +286,13 @@ dependencies:
        - endpoint: public
          service: compute_metadata
    ovn_metadata:
-      pod: null
-      jobs:
-        - neutron-rabbit-init
+      pod:
+        - requireSameNode: true
+          labels:
+            application: ovn
+            component: ovn-controller
      services:
        - endpoint: internal
-          service: oslo_messaging
-        - endpoint: internal
-          service: network
-        - endpoint: internal
-          service: compute
-        - endpoint: public
          service: compute_metadata
    ovs_agent:
      jobs:
@ -1803,6 +1799,9 @@ conf:
      enable_proxy_headers_parsing: true
    oslo_policy:
      policy_file: /etc/neutron/policy.yaml
+    ovn:
+      enable_distributed_floating_ip: true
+      ovn_metadata_enabled: true
    nova:
      auth_type: password
      auth_version: v3
@ -1912,6 +1911,9 @@ conf:
      # using ml2_type_vlan.network_vlan_ranges:
      # ml2_type_vlan:
      #   network_vlan_ranges: "external:1100:1110"
+      ml2_type_geneve:
+        vni_ranges: 1:65536
+        max_header_size: 38
      agent:
        extensions: ""
    ml2_conf_sriov: null
@ -1989,7 +1991,18 @@ conf:
      enabled: true
      backend: dogpile.cache.memcached
  bagpipe_bgp: {}
-  ovn_metadata_agent: {}
+  ovn_metadata_agent:
+    DEFAULT:
+      # we cannot change the proxy socket path as it is declared
+      # as a hostPath volume from agent daemonsets
+      metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
+      metadata_proxy_shared_secret: "password"
+      metadata_workers: 2
+    cache:
+      enabled: true
+      backend: dogpile.cache.memcached
+    ovs:
+      ovsdb_connection: unix:/run/openvswitch/db.sock

  rabbitmq:
    # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
--- a/neutron/values_overrides/ovn.yaml
+++ b/neutron/values_overrides/ovn.yaml
@ -14,42 +14,12 @@ conf:
    ml2_conf:
      ml2:
        extension_drivers: port_security
-        mechanism_drivers: ovn
        type_drivers: flat,vxlan,geneve
        tenant_network_types: geneve
-        overlay_ip_version: 4
-      ml2_type_geneve:
-        vni_ranges: 1:65536
-        max_header_size: 38
-      securitygroup:
-        enable_security_group: True
-        firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
      ovn:
-        ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
-        ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__
-        enable_distributed_floating_ip: True
-        ovn_metadata_enabled: True
        ovn_l3_scheduler: leastloaded
        dns_servers: 8.8.8.8,1.1.1.1
        neutron_sync_mode: repair
-  ovn_metadata_agent:
-    DEFAULT:
-      # we cannot change the proxy socket path as it is declared
-      # as a hostPath volume from agent daemonsets
-      metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
-      metadata_proxy_shared_secret: "password"
-      metadata_workers: 2
-      nova_metadata_host: __NOVA_METADATA_SERVICE_HOST__
-    cache:
-      enabled: true
-      backend: dogpile.cache.memcached
-    ovs:
-      ovsdb_connection: tcp:127.0.0.1:6640
-      ovsdb_timeout: 180
-    ovn:
-      ovn_metadata_enabled: True
-      ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
-      ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__

 manifests:
  daemonset_dhcp_agent: false
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@ -59,4 +59,5 @@ neutron:
  - 0.3.15 Add asap2 support
  - 0.3.16 Use service tokens
  - 0.3.17 Add exec probe timeouts
+  - 0.3.18 Improve OVN support
 ...