From 56c4341d8b13ce5074dfaee20fab720e0e4e1592 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Sun, 23 Jul 2023 09:12:40 +0000 Subject: [PATCH] chore: refactor ovn support This makes the OVN support more robust, refactors certain shared components with the normal metadata agent, fixes proper init container handling and much more(tm). Depends-On: https://review.opendev.org/c/openstack/openstack-helm-infra/+/889187 Change-Id: I09512c89f44a78796353a12c61f075a181fa8cd5 --- neutron/Chart.yaml | 2 +- ...t-init.sh.tpl => _neutron-ovn-init.sh.tpl} | 12 +++---- .../bin/_neutron-ovn-metadata-agent.sh.tpl | 12 ++----- .../bin/_neutron-server-ovn-init.sh.tpl | 26 --------------- neutron/templates/bin/_neutron-server.sh.tpl | 19 ++++++----- neutron/templates/configmap-bin.yaml | 10 +++--- neutron/templates/configmap-etc.yaml | 10 ++++++ .../daemonset-ovn-metadata-agent.yaml | 33 ++++++++++++------- neutron/templates/deployment-server.yaml | 16 ++------- neutron/values.yaml | 33 +++++++++++++------ neutron/values_overrides/ovn.yaml | 30 ----------------- releasenotes/notes/neutron.yaml | 1 + 12 files changed, 81 insertions(+), 123 deletions(-) rename neutron/templates/bin/{_neutron-ovn-metadata-agent-init.sh.tpl => _neutron-ovn-init.sh.tpl} (69%) delete mode 100644 neutron/templates/bin/_neutron-server-ovn-init.sh.tpl diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index 9b5d94f077..83b35db4d3 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.3.17 +version: 0.3.18 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl b/neutron/templates/bin/_neutron-ovn-init.sh.tpl similarity index 69% rename from neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl rename to neutron/templates/bin/_neutron-ovn-init.sh.tpl index 5b6ce43e1d..b8a0a7889b 100644 --- a/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl +++ b/neutron/templates/bin/_neutron-ovn-init.sh.tpl @@ -16,12 +16,10 @@ limitations under the License. set -ex -chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm - -{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} +# See: https://bugs.launchpad.net/neutron/+bug/2028442 mkdir -p /tmp/pod-shared -tee > /tmp/pod-shared/neutron-agent.ini << EOF -[DEFAULT] -host = $(hostname --fqdn) +tee > /tmp/pod-shared/ovn.ini << EOF +[ovn] +ovn_nb_connection=tcp:$OVN_OVSDB_NB_SERVICE_HOST:$OVN_OVSDB_NB_SERVICE_PORT_OVSDB +ovn_sb_connection=tcp:$OVN_OVSDB_SB_SERVICE_HOST:$OVN_OVSDB_SB_SERVICE_PORT_OVSDB EOF -{{- end }} diff --git a/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl b/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl index b559b072fc..b35ae1f166 100644 --- a/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl @@ -16,19 +16,11 @@ limitations under the License. set -x -cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini - -# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection! -sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini -sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini -sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini -sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini -sed -i -e "s|__NOVA_METADATA_SERVICE_HOST__|$NOVA_METADATA_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini - exec neutron-ovn-metadata-agent \ --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/ovn_metadata_agent.ini \ {{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} --config-file /tmp/pod-shared/neutron-agent.ini \ {{- end }} - --config-file /tmp/ovn_metadata_agent.ini + --config-file /tmp/pod-shared/ovn.ini diff --git a/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl b/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl deleted file mode 100644 index 866175484a..0000000000 --- a/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -set -ex - -mkdir -p /tmp/pod-shared -cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini - -# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection! -sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini -sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini -sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini -sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini diff --git a/neutron/templates/bin/_neutron-server.sh.tpl b/neutron/templates/bin/_neutron-server.sh.tpl index 9cffb7b8cc..0954ea4ee6 100644 --- a/neutron/templates/bin/_neutron-server.sh.tpl +++ b/neutron/templates/bin/_neutron-server.sh.tpl @@ -20,21 +20,22 @@ COMMAND="${@:-start}" function start () { exec neutron-server \ --config-file /etc/neutron/neutron.conf \ -{{- if ( has "tungstenfabric" .Values.network.backend ) }} - --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini -{{- else if ( has "ovn" .Values.network.backend ) }} - --config-file /tmp/pod-shared/ml2_conf.ini -{{- else }} - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if ( has "ovn" .Values.network.backend ) }} + --config-file /tmp/pod-shared/ovn.ini \ {{- end }} {{- if .Values.conf.plugins.taas.taas.enabled }} \ - --config-file /etc/neutron/taas_plugin.ini + --config-file /etc/neutron/taas_plugin.ini \ {{- end }} {{- if ( has "sriov" .Values.network.backend ) }} \ - --config-file /etc/neutron/plugins/ml2/sriov_agent.ini + --config-file /etc/neutron/plugins/ml2/sriov_agent.ini \ {{- end }} {{- if .Values.conf.plugins.l2gateway }} \ - --config-file /etc/neutron/l2gw_plugin.ini + --config-file /etc/neutron/l2gw_plugin.ini \ +{{- end }} +{{- if ( has "tungstenfabric" .Values.network.backend ) }} + --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini +{{- else }} + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini {{- end }} } diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index e8e79d49cd..51e76d50ca 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -98,18 +98,16 @@ data: neutron-test-force-cleanup.sh: | {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-metadata-agent-init.sh: | +{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- if ( has "ovn" .Values.network.backend ) }} neutron-ovn-metadata-agent.sh: | {{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - neutron-ovn-metadata-agent-init.sh: | -{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - neutron-server-ovn-init.sh: | -{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-ovn-init.sh: | +{{ tuple "bin/_neutron-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- else }} neutron-metadata-agent.sh: | {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - neutron-metadata-agent-init.sh: | -{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{- end }} {{- if ( has "tungstenfabric" .Values.network.backend ) }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 14d894acf6..1f2c2b3a67 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -137,6 +137,16 @@ just set it along with nova_metadata_host. {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" -}} {{- end -}} +{{- if empty $envAll.Values.conf.ovn_metadata_agent.DEFAULT.nova_metadata_host -}} +{{- $_ := tuple "compute_metadata" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_host" -}} +{{- end -}} +{{- if empty $envAll.Values.conf.ovn_metadata_agent.cache.memcache_servers -}} +{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" -}} +{{- end -}} +{{- if empty $envAll.Values.conf.ovn_metadata_agent.DEFAULT.nova_metadata_port -}} +{{- $_ := tuple "compute_metadata" "internal" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_port" }} +{{- end -}} + {{- if empty $envAll.Values.conf.neutron.DEFAULT.interface_driver -}} {{- $_ := set $envAll.Values "__interface_driver" ( list ) }} {{- if ( has "openvswitch" $envAll.Values.network.backend ) -}} diff --git a/neutron/templates/daemonset-ovn-metadata-agent.yaml b/neutron/templates/daemonset-ovn-metadata-agent.yaml index 511eb26066..8f8ae34e0e 100644 --- a/neutron/templates/daemonset-ovn-metadata-agent.yaml +++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml @@ -90,23 +90,21 @@ spec: {{- end }} initContainers: {{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - - name: neutron-ovn-metadata-agent-init -{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + - name: neutron-metadata-agent-init +{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} env: - name: NEUTRON_USER_UID - value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}" + value: "{{ .Values.pod.security_context.neutron_metadata_agent.pod.runAsUser }}" command: - - /tmp/neutron-ovn-metadata-agent-init.sh + - /tmp/neutron-metadata-agent-init.sh volumeMounts: - - name: run - mountPath: /run - name: pod-tmp mountPath: /tmp - name: neutron-bin - mountPath: /tmp/neutron-ovn-metadata-agent-init.sh - subPath: neutron-ovn-metadata-agent-init.sh + mountPath: /tmp/neutron-metadata-agent-init.sh + subPath: neutron-metadata-agent-init.sh readOnly: true - name: neutron-etc mountPath: /etc/neutron/neutron.conf @@ -114,6 +112,19 @@ spec: readOnly: true - name: socket mountPath: /var/lib/neutron/openstack-helm + - name: ovn-neutron-init +{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/neutron-ovn-init.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: neutron-bin + mountPath: /tmp/neutron-ovn-init.sh + subPath: neutron-ovn-init.sh + readOnly: true containers: - name: neutron-ovn-metadata-agent {{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -234,7 +245,7 @@ spec: {{- $daemonset := "ovn-metadata-agent" }} {{- $configMapName := "neutron-etc" }} {{- $serviceAccountName := "neutron-ovn-metadata-agent" }} -{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}} +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn_metadata" -}} {{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} {{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 91d9793e6a..16363573e4 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -95,23 +95,13 @@ spec: - name: ovn-neutron-init {{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }} command: - - /tmp/neutron-server-ovn-init.sh + - /tmp/neutron-ovn-init.sh volumeMounts: - - name: pod-tmp - mountPath: /tmp - name: pod-shared mountPath: /tmp/pod-shared - name: neutron-bin - mountPath: /tmp/neutron-server-ovn-init.sh - subPath: neutron-server-ovn-init.sh - readOnly: true - - name: neutron-etc - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - readOnly: true - - name: neutron-etc - mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini - subPath: ml2_conf.ini + mountPath: /tmp/neutron-ovn-init.sh + subPath: neutron-ovn-init.sh readOnly: true {{- end }} {{- if ( has "tungstenfabric" .Values.network.backend ) }} diff --git a/neutron/values.yaml b/neutron/values.yaml index 753afb10b4..1bc0b48c20 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -286,17 +286,13 @@ dependencies: - endpoint: public service: compute_metadata ovn_metadata: - pod: null - jobs: - - neutron-rabbit-init + pod: + - requireSameNode: true + labels: + application: ovn + component: ovn-controller services: - endpoint: internal - service: oslo_messaging - - endpoint: internal - service: network - - endpoint: internal - service: compute - - endpoint: public service: compute_metadata ovs_agent: jobs: @@ -1803,6 +1799,9 @@ conf: enable_proxy_headers_parsing: true oslo_policy: policy_file: /etc/neutron/policy.yaml + ovn: + enable_distributed_floating_ip: true + ovn_metadata_enabled: true nova: auth_type: password auth_version: v3 @@ -1912,6 +1911,9 @@ conf: # using ml2_type_vlan.network_vlan_ranges: # ml2_type_vlan: # network_vlan_ranges: "external:1100:1110" + ml2_type_geneve: + vni_ranges: 1:65536 + max_header_size: 38 agent: extensions: "" ml2_conf_sriov: null @@ -1989,7 +1991,18 @@ conf: enabled: true backend: dogpile.cache.memcached bagpipe_bgp: {} - ovn_metadata_agent: {} + ovn_metadata_agent: + DEFAULT: + # we cannot change the proxy socket path as it is declared + # as a hostPath volume from agent daemonsets + metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy + metadata_proxy_shared_secret: "password" + metadata_workers: 2 + cache: + enabled: true + backend: dogpile.cache.memcached + ovs: + ovsdb_connection: unix:/run/openvswitch/db.sock rabbitmq: # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones diff --git a/neutron/values_overrides/ovn.yaml b/neutron/values_overrides/ovn.yaml index 347ef0e752..014ae01fb2 100644 --- a/neutron/values_overrides/ovn.yaml +++ b/neutron/values_overrides/ovn.yaml @@ -14,42 +14,12 @@ conf: ml2_conf: ml2: extension_drivers: port_security - mechanism_drivers: ovn type_drivers: flat,vxlan,geneve tenant_network_types: geneve - overlay_ip_version: 4 - ml2_type_geneve: - vni_ranges: 1:65536 - max_header_size: 38 - securitygroup: - enable_security_group: True - firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver ovn: - ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__ - ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__ - enable_distributed_floating_ip: True - ovn_metadata_enabled: True ovn_l3_scheduler: leastloaded dns_servers: 8.8.8.8,1.1.1.1 neutron_sync_mode: repair - ovn_metadata_agent: - DEFAULT: - # we cannot change the proxy socket path as it is declared - # as a hostPath volume from agent daemonsets - metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy - metadata_proxy_shared_secret: "password" - metadata_workers: 2 - nova_metadata_host: __NOVA_METADATA_SERVICE_HOST__ - cache: - enabled: true - backend: dogpile.cache.memcached - ovs: - ovsdb_connection: tcp:127.0.0.1:6640 - ovsdb_timeout: 180 - ovn: - ovn_metadata_enabled: True - ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__ - ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__ manifests: daemonset_dhcp_agent: false diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index eae923576f..26b435afa2 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -59,4 +59,5 @@ neutron: - 0.3.15 Add asap2 support - 0.3.16 Use service tokens - 0.3.17 Add exec probe timeouts + - 0.3.18 Improve OVN support ...