chore: refactor ovn support

This makes the OVN support more robust, refactors certain shared components with the normal metadata agent, fixes proper init container handling and much more(tm). Depends-On: https://review.opendev.org/c/openstack/openstack-helm-infra/+/889187 Change-Id: I09512c89f44a78796353a12c61f075a181fa8cd5
2023-07-23 09:12:40 +00:00 · 2023-07-23 09:12:40 +00:00 · 56c4341d8b
commit 56c4341d8b
parent 2db78031bc
12 changed files with 81 additions and 123 deletions
--- a/neutron/Chart.yaml
+++ b/neutron/Chart.yaml
@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Neutron
 name: neutron
-version: 0.3.17
+version: 0.3.18
 home: https://docs.openstack.org/neutron/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png
 sources:
--- a/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
@ -16,12 +16,10 @@ limitations under the License.
 set -ex
-chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
+# See: https://bugs.launchpad.net/neutron/+bug/2028442
 {{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
 mkdir -p /tmp/pod-shared
-tee > /tmp/pod-shared/neutron-agent.ini << EOF
+tee > /tmp/pod-shared/ovn.ini << EOF
-[DEFAULT]
+[ovn]
-host = $(hostname --fqdn)
+ovn_nb_connection=tcp:$OVN_OVSDB_NB_SERVICE_HOST:$OVN_OVSDB_NB_SERVICE_PORT_OVSDB
 ovn_sb_connection=tcp:$OVN_OVSDB_SB_SERVICE_HOST:$OVN_OVSDB_SB_SERVICE_PORT_OVSDB
 EOF
 {{- end }}
--- a/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
@ -16,19 +16,11 @@ limitations under the License.
 set -x
 cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini
 # This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
 sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
 sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
 sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
 sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
 sed -i -e "s|__NOVA_METADATA_SERVICE_HOST__|$NOVA_METADATA_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
 exec neutron-ovn-metadata-agent \
      --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/ovn_metadata_agent.ini \
 {{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
  --config-file /tmp/pod-shared/neutron-agent.ini \
 {{- end }}
-      --config-file /tmp/ovn_metadata_agent.ini
+      --config-file /tmp/pod-shared/ovn.ini
--- a/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
+++ b/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
@ -1,26 +0,0 @@
 #!/bin/bash
 {{/*
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
   http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 set -ex
 mkdir -p /tmp/pod-shared
 cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini
 # This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
 sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
 sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
 sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
 sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
--- a/neutron/templates/bin/_neutron-server.sh.tpl
+++ b/neutron/templates/bin/_neutron-server.sh.tpl
@ -20,21 +20,22 @@ COMMAND="${@:-start}"
 function start () {
  exec neutron-server \
        --config-file /etc/neutron/neutron.conf \
-{{- if ( has "tungstenfabric" .Values.network.backend ) }}
+{{- if ( has "ovn" .Values.network.backend ) }}
-        --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
+        --config-file /tmp/pod-shared/ovn.ini \
 {{- else if ( has "ovn" .Values.network.backend ) }}
        --config-file /tmp/pod-shared/ml2_conf.ini
 {{- else }}
        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
 {{- end }}
 {{- if .Values.conf.plugins.taas.taas.enabled }} \
-        --config-file /etc/neutron/taas_plugin.ini
+        --config-file /etc/neutron/taas_plugin.ini \
 {{- end }}
 {{- if ( has "sriov" .Values.network.backend ) }} \
-        --config-file /etc/neutron/plugins/ml2/sriov_agent.ini
+        --config-file /etc/neutron/plugins/ml2/sriov_agent.ini \
 {{- end }}
 {{- if .Values.conf.plugins.l2gateway }} \
-        --config-file /etc/neutron/l2gw_plugin.ini
+        --config-file /etc/neutron/l2gw_plugin.ini \
 {{- end }}
 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
        --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
 {{- else }}
        --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
 {{- end }}
 }
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -98,18 +98,16 @@ data:
  neutron-test-force-cleanup.sh: |
 {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-metadata-agent-init.sh: |
 {{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- if ( has "ovn" .Values.network.backend ) }}
  neutron-ovn-metadata-agent.sh: |
 {{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  neutron-ovn-metadata-agent-init.sh: |
+  neutron-ovn-init.sh: |
-{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{ tuple "bin/_neutron-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-server-ovn-init.sh: |
 {{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- else }}
  neutron-metadata-agent.sh: |
 {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-metadata-agent-init.sh: |
 {{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
 {{- if ( has "tungstenfabric" .Values.network.backend ) }}
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -137,6 +137,16 @@ just set it along with nova_metadata_host.
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" -}}
 {{- end -}}
 {{- if empty $envAll.Values.conf.ovn_metadata_agent.DEFAULT.nova_metadata_host -}}
 {{- $_ := tuple "compute_metadata" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_host" -}}
 {{- end -}}
 {{- if empty $envAll.Values.conf.ovn_metadata_agent.cache.memcache_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" -}}
 {{- end -}}
 {{- if empty $envAll.Values.conf.ovn_metadata_agent.DEFAULT.nova_metadata_port -}}
 {{- $_ := tuple "compute_metadata" "internal" "metadata" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_port" }}
 {{- end -}}
 {{- if empty $envAll.Values.conf.neutron.DEFAULT.interface_driver -}}
 {{- $_ := set $envAll.Values "__interface_driver" ( list ) }}
 {{- if ( has "openvswitch" $envAll.Values.network.backend ) -}}
--- a/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml
@ -90,23 +90,21 @@ spec:
      {{- end }}
      initContainers:
 {{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
-        - name: neutron-ovn-metadata-agent-init
+        - name: neutron-metadata-agent-init
-{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          env:
            - name: NEUTRON_USER_UID
-              value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}"
+              value: "{{ .Values.pod.security_context.neutron_metadata_agent.pod.runAsUser }}"
          command:
-            - /tmp/neutron-ovn-metadata-agent-init.sh
+            - /tmp/neutron-metadata-agent-init.sh
          volumeMounts:
            - name: run
              mountPath: /run
            - name: pod-tmp
              mountPath: /tmp
            - name: neutron-bin
-              mountPath: /tmp/neutron-ovn-metadata-agent-init.sh
+              mountPath: /tmp/neutron-metadata-agent-init.sh
-              subPath: neutron-ovn-metadata-agent-init.sh
+              subPath: neutron-metadata-agent-init.sh
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/neutron/neutron.conf
@ -114,6 +112,19 @@ spec:
              readOnly: true
            - name: socket
              mountPath: /var/lib/neutron/openstack-helm
        - name: ovn-neutron-init
 {{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.agent.metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "neutron_metadata_agent" "container" "neutron_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          command:
            - /tmp/neutron-ovn-init.sh
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
            - name: neutron-bin
              mountPath: /tmp/neutron-ovn-init.sh
              subPath: neutron-ovn-init.sh
              readOnly: true
      containers:
        - name: neutron-ovn-metadata-agent
 {{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
@ -234,7 +245,7 @@ spec:
 {{- $daemonset := "ovn-metadata-agent" }}
 {{- $configMapName := "neutron-etc" }}
 {{- $serviceAccountName := "neutron-ovn-metadata-agent" }}
-{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn_metadata" -}}
 {{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
 {{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 {{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }}
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@ -95,23 +95,13 @@ spec:
        - name: ovn-neutron-init
 {{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
          command:
-            - /tmp/neutron-server-ovn-init.sh
+            - /tmp/neutron-ovn-init.sh
          volumeMounts:
            - name: pod-tmp
              mountPath: /tmp
            - name: pod-shared
              mountPath: /tmp/pod-shared
            - name: neutron-bin
-              mountPath: /tmp/neutron-server-ovn-init.sh
+              mountPath: /tmp/neutron-ovn-init.sh
-              subPath: neutron-server-ovn-init.sh
+              subPath: neutron-ovn-init.sh
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/nginx/nginx.conf
              subPath: nginx.conf
              readOnly: true
            - name: neutron-etc
              mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
              subPath: ml2_conf.ini
              readOnly: true
        {{- end }}
        {{- if ( has "tungstenfabric" .Values.network.backend ) }}
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -286,17 +286,13 @@ dependencies:
        - endpoint: public
          service: compute_metadata
    ovn_metadata:
-      pod: null
+      pod:
-      jobs:
+        - requireSameNode: true
-        - neutron-rabbit-init
+          labels:
            application: ovn
            component: ovn-controller
      services:
        - endpoint: internal
          service: oslo_messaging
        - endpoint: internal
          service: network
        - endpoint: internal
          service: compute
        - endpoint: public
          service: compute_metadata
    ovs_agent:
      jobs:
@ -1803,6 +1799,9 @@ conf:
      enable_proxy_headers_parsing: true
    oslo_policy:
      policy_file: /etc/neutron/policy.yaml
    ovn:
      enable_distributed_floating_ip: true
      ovn_metadata_enabled: true
    nova:
      auth_type: password
      auth_version: v3
@ -1912,6 +1911,9 @@ conf:
      # using ml2_type_vlan.network_vlan_ranges:
      # ml2_type_vlan:
      #   network_vlan_ranges: "external:1100:1110"
      ml2_type_geneve:
        vni_ranges: 1:65536
        max_header_size: 38
      agent:
        extensions: ""
    ml2_conf_sriov: null
@ -1989,7 +1991,18 @@ conf:
      enabled: true
      backend: dogpile.cache.memcached
  bagpipe_bgp: {}
-  ovn_metadata_agent: {}
+  ovn_metadata_agent:
    DEFAULT:
      # we cannot change the proxy socket path as it is declared
      # as a hostPath volume from agent daemonsets
      metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
      metadata_proxy_shared_secret: "password"
      metadata_workers: 2
    cache:
      enabled: true
      backend: dogpile.cache.memcached
    ovs:
      ovsdb_connection: unix:/run/openvswitch/db.sock
  rabbitmq:
    # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
--- a/neutron/values_overrides/ovn.yaml
+++ b/neutron/values_overrides/ovn.yaml
@ -14,42 +14,12 @@ conf:
    ml2_conf:
      ml2:
        extension_drivers: port_security
        mechanism_drivers: ovn
        type_drivers: flat,vxlan,geneve
        tenant_network_types: geneve
        overlay_ip_version: 4
      ml2_type_geneve:
        vni_ranges: 1:65536
        max_header_size: 38
      securitygroup:
        enable_security_group: True
        firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
      ovn:
        ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
        ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__
        enable_distributed_floating_ip: True
        ovn_metadata_enabled: True
        ovn_l3_scheduler: leastloaded
        dns_servers: 8.8.8.8,1.1.1.1
        neutron_sync_mode: repair
  ovn_metadata_agent:
    DEFAULT:
      # we cannot change the proxy socket path as it is declared
      # as a hostPath volume from agent daemonsets
      metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy
      metadata_proxy_shared_secret: "password"
      metadata_workers: 2
      nova_metadata_host: __NOVA_METADATA_SERVICE_HOST__
    cache:
      enabled: true
      backend: dogpile.cache.memcached
    ovs:
      ovsdb_connection: tcp:127.0.0.1:6640
      ovsdb_timeout: 180
    ovn:
      ovn_metadata_enabled: True
      ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__
      ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__
 manifests:
  daemonset_dhcp_agent: false
--- a/releasenotes/notes/neutron.yaml
+++ b/releasenotes/notes/neutron.yaml
@ -59,4 +59,5 @@ neutron:
  - 0.3.15 Add asap2 support
  - 0.3.16 Use service tokens
  - 0.3.17 Add exec probe timeouts
  - 0.3.18 Improve OVN support
 ...