diff --git a/helm-toolkit/templates/utils/_dependency_resolver.tpl b/helm-toolkit/templates/utils/_dependency_resolver.tpl index 45a74fe836..b1b3bd4e50 100644 --- a/helm-toolkit/templates/utils/_dependency_resolver.tpl +++ b/helm-toolkit/templates/utils/_dependency_resolver.tpl @@ -20,7 +20,15 @@ limitations under the License. {{- $dependencyKey := index . "dependencyKey" -}} {{- if $dependencyMixinParam -}} {{- $_ := set $envAll.Values "pod_dependency" dict -}} +{{- if kindIs "string" $dependencyMixinParam }} {{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency ( index $envAll.Values.dependencies.static $dependencyKey ) ( index $envAll.Values.dependencies.dynamic.targeted $dependencyMixinParam $dependencyKey ) ) -}} +{{- else if kindIs "slice" $dependencyMixinParam }} +{{- range $k, $v := $dependencyMixinParam -}} +{{- if not $envAll.Values.__deps }}{{- $_ := set $envAll.Values "__deps" ( index $envAll.Values.dependencies.static $dependencyKey ) }}{{- end }} +{{- $_ := include "helm-toolkit.utils.merge" (tuple $envAll.Values.pod_dependency $envAll.Values.__deps ( index $envAll.Values.dependencies.dynamic.targeted $v $dependencyKey ) ) -}} +{{- $_ := set $envAll.Values "__deps" $envAll.Values.pod_dependency -}} +{{- end }} +{{- end }} {{- else -}} {{- $_ := set $envAll.Values "pod_dependency" ( index $envAll.Values.dependencies.static $dependencyKey ) -}} {{- end -}} diff --git a/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl b/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl index 48be1cd069..2e4c40df38 100644 --- a/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl @@ -22,6 +22,6 @@ exec neutron-dhcp-agent \ --config-file /etc/neutron/dhcp_agent.ini \ --config-file /etc/neutron/metadata_agent.ini \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini -{{- if eq .Values.network.backend "ovs" }} \ +{{- if ( has "openvswitch" .Values.network.backend ) }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini {{- end }} diff --git a/neutron/templates/bin/_neutron-l3-agent.sh.tpl b/neutron/templates/bin/_neutron-l3-agent.sh.tpl index 94d291b7d6..6b613c011d 100644 --- a/neutron/templates/bin/_neutron-l3-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-l3-agent.sh.tpl @@ -22,6 +22,6 @@ exec neutron-l3-agent \ --config-file /etc/neutron/l3_agent.ini \ --config-file /etc/neutron/metadata_agent.ini \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini -{{- if eq .Values.network.backend "ovs" }} \ +{{- if ( has "openvswitch" .Values.network.backend ) }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini {{- end }} diff --git a/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl index 52a372897a..9054c8aa28 100644 --- a/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl +++ b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl @@ -32,7 +32,6 @@ if [ -n "${external_bridge}" ] ; then fi fi - # configure all bridge mappings defined in config {{- range $br, $phys := .Values.network.auto_bridge_add }} if [ -n "{{- $br -}}" ] ; then diff --git a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl index 6f254ff38b..8607791772 100644 --- a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl @@ -21,6 +21,6 @@ exec neutron-metadata-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/metadata_agent.ini \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini -{{- if eq .Values.network.backend "ovs" }} \ +{{- if ( has "openvswitch" .Values.network.backend ) }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini {{- end }} diff --git a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl index e084043a93..97da5c8a30 100644 --- a/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl +++ b/neutron/templates/bin/_neutron-openvswitch-agent-init.sh.tpl @@ -29,6 +29,13 @@ chown neutron: /run/openvswitch/db.sock # see https://github.com/att-comdev/openstack-helm/issues/88 timeout 3m neutron-sanity-check --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --ovsdb_native --nokeepalived_ipv6_support +# handle any bridge mappings +{{- range $bridge, $port := .Values.network.auto_bridge_add }} +ovs-vsctl --no-wait --may-exist add-br {{ $bridge }} +ovs-vsctl --no-wait --may-exist add-port {{ $bridge }} {{ $port }} +ip link set dev {{ $port }} up +{{- end }} + tunnel_interface="{{- .Values.network.interface.tunnel -}}" if [ -z "${tunnel_interface}" ] ; then # search for interface with default routing diff --git a/neutron/templates/bin/_neutron-server.sh.tpl b/neutron/templates/bin/_neutron-server.sh.tpl index e641d87049..2374389757 100644 --- a/neutron/templates/bin/_neutron-server.sh.tpl +++ b/neutron/templates/bin/_neutron-server.sh.tpl @@ -23,6 +23,9 @@ function start () { exec neutron-server \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if ( has "sriov" .Values.network.backend ) }} \ + --config-file /etc/neutron/plugins/ml2/sriov_agent.ini +{{- end }} } function stop () { diff --git a/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl b/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl new file mode 100644 index 0000000000..2d38f58518 --- /dev/null +++ b/neutron/templates/bin/_neutron-sriov-agent-init.sh.tpl @@ -0,0 +1,39 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +{{- range $k, $sriov := .Values.network.interface.sriov }} +if [ "x{{ $sriov.num_vfs }}" != "x" ]; then + echo "{{ $sriov.num_vfs }}" > /sys/class/net/{{ $sriov.device }}/device/sriov_numvfs +else + NUM_VFS=$(cat /sys/class/net/{{ $sriov.device }}/device/sriov_totalvfs) + echo "${NUM_VFS}" > /sys/class/net/{{ $sriov.device }}/device/sriov_numvfs +fi +ip link set {{ $sriov.device }} up +ip link show {{ $sriov.device }} +{{- if $sriov.promisc }} +ip link set {{ $sriov.device }} promisc on +#NOTE(portdirect): get the bus that the port is on +NIC_BUS=$(lshw -c network -businfo | awk '/{{ $sriov.device }}/ {print $1}') +#NOTE(portdirect): get first port on the nic +NIC_FIRST_PORT=$(lshw -c network -businfo | awk "/${NIC_BUS%%.*}/ { print \$2; exit }" +#NOTE(portdirect): Enable promisc mode on the nic, by setting it for the 1st port +ethtool --set-priv-flags ${NIC_FIRST_PORT} vf-true-promisc-support on +{{- end }} +{{- end }} diff --git a/neutron/templates/bin/_neutron-sriov-agent.sh.tpl b/neutron/templates/bin/_neutron-sriov-agent.sh.tpl new file mode 100644 index 0000000000..7c3dce0294 --- /dev/null +++ b/neutron/templates/bin/_neutron-sriov-agent.sh.tpl @@ -0,0 +1,24 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec neutron-sriov-nic-agent \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /etc/neutron/plugins/ml2/sriov_agent.ini diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 7e4f922ae1..82fd655665 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -61,6 +61,10 @@ data: {{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent-init-modules.sh: | {{ tuple "bin/_neutron-openvswitch-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-sriov-agent.sh: | +{{ tuple "bin/_neutron-sriov-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-sriov-agent-init.sh: | +{{ tuple "bin/_neutron-sriov-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-server.sh: | {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} rabbit-init.sh: | diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 2f325ebb3f..1d7fe0c8ca 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -17,113 +17,129 @@ limitations under the License. {{- if .Values.manifests.configmap_etc }} {{- $envAll := . }} -{{- if empty .Values.conf.neutron.keystone_authtoken.auth_uri -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_uri" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.auth_uri -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.keystone_authtoken "auth_uri" | quote | trunc 0 -}} {{- end }} -{{- if empty .Values.conf.neutron.keystone_authtoken.auth_url -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.keystone_authtoken "auth_url" | quote | trunc 0 -}} {{- end }} {{- if empty .Values.conf.neutron.keystone_authtoken.project_name -}} {{- set .Values.conf.neutron.keystone_authtoken "project_name" .Values.endpoints.identity.auth.neutron.project_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.keystone_authtoken.project_domain_name -}} -{{- set .Values.conf.neutron.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.neutron.project_domain_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.project_domain_name -}} +{{- set $envAll.Values.conf.neutron.keystone_authtoken "project_domain_name" $envAll.Values.endpoints.identity.auth.neutron.project_domain_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.keystone_authtoken.user_domain_name -}} -{{- set .Values.conf.neutron.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.neutron.user_domain_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.user_domain_name -}} +{{- set $envAll.Values.conf.neutron.keystone_authtoken "user_domain_name" $envAll.Values.endpoints.identity.auth.neutron.user_domain_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.keystone_authtoken.username -}} -{{- set .Values.conf.neutron.keystone_authtoken "username" .Values.endpoints.identity.auth.neutron.username | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.username -}} +{{- set $envAll.Values.conf.neutron.keystone_authtoken "username" $envAll.Values.endpoints.identity.auth.neutron.username | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.keystone_authtoken.password -}} -{{- set .Values.conf.neutron.keystone_authtoken "password" .Values.endpoints.identity.auth.neutron.password | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.password -}} +{{- set $envAll.Values.conf.neutron.keystone_authtoken "password" $envAll.Values.endpoints.identity.auth.neutron.password | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.keystone_authtoken.region_name -}} -{{- set .Values.conf.neutron.keystone_authtoken "region_name" .Values.endpoints.identity.auth.neutron.region_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.region_name -}} +{{- set $envAll.Values.conf.neutron.keystone_authtoken "region_name" $envAll.Values.endpoints.identity.auth.neutron.region_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.keystone_authtoken.memcached_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.keystone_authtoken.memcached_servers -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.keystone_authtoken "memcached_servers" | quote | trunc 0 -}} {{- end }} {{- if empty .Values.conf.neutron.keystone_authtoken.memcache_secret_key -}} {{- set .Values.conf.neutron.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.database.connection -}} -{{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.neutron.database "connection" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.database.connection -}} +{{- tuple "oslo_db" "internal" "neutron" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.database "connection" | quote | trunc 0 -}} {{- end }} -{{- if empty .Values.conf.neutron.DEFAULT.transport_url -}} -{{- tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.DEFAULT.transport_url -}} +{{- tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.DEFAULT "transport_url" | quote | trunc 0 -}} {{- end }} -{{- if empty .Values.conf.neutron.nova.auth_url -}} -{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.neutron.nova "auth_url" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set $envAll.Values.conf.neutron.nova "auth_url" | quote | trunc 0 -}} {{- end }} -{{- if empty .Values.conf.neutron.nova.region_name -}} -{{- set .Values.conf.neutron.nova "region_name" .Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.region_name -}} +{{- set $envAll.Values.conf.neutron.nova "region_name" $envAll.Values.endpoints.identity.auth.nova.region_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.nova.project_name -}} -{{- set .Values.conf.neutron.nova "project_name" .Values.endpoints.identity.auth.nova.project_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.project_name -}} +{{- set $envAll.Values.conf.neutron.nova "project_name" $envAll.Values.endpoints.identity.auth.nova.project_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.nova.project_domain_name -}} -{{- set .Values.conf.neutron.nova "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.project_domain_name -}} +{{- set $envAll.Values.conf.neutron.nova "project_domain_name" $envAll.Values.endpoints.identity.auth.nova.project_domain_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.nova.user_domain_name -}} -{{- set .Values.conf.neutron.nova "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.user_domain_name -}} +{{- set $envAll.Values.conf.neutron.nova "user_domain_name" $envAll.Values.endpoints.identity.auth.nova.user_domain_name | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.nova.username -}} -{{- set .Values.conf.neutron.nova "username" .Values.endpoints.identity.auth.nova.username | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.username -}} +{{- set $envAll.Values.conf.neutron.nova "username" $envAll.Values.endpoints.identity.auth.nova.username | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.nova.password -}} -{{- set .Values.conf.neutron.nova "password" .Values.endpoints.identity.auth.nova.password | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.nova.password -}} +{{- set $envAll.Values.conf.neutron.nova "password" $envAll.Values.endpoints.identity.auth.nova.password | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.metadata_agent.DEFAULT.nova_metadata_ip -}} -{{- tuple "compute_metadata" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set .Values.conf.metadata_agent.DEFAULT "nova_metadata_ip" | quote | trunc 0 -}} -{{- set .Values.conf.metadata_agent.DEFAULT "nova_metadata_port" 80 | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.metadata_agent.DEFAULT.nova_metadata_ip -}} +{{- tuple "compute_metadata" "public" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup" | set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_ip" | quote | trunc 0 -}} +{{- set $envAll.Values.conf.metadata_agent.DEFAULT "nova_metadata_port" 80 | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.metadata_agent.cache.memcache_servers -}} -{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.metadata_agent.cache "memcache_servers" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.metadata_agent.cache.memcache_servers -}} +{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set $envAll.Values.conf.metadata_agent.cache "memcache_servers" | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.neutron.DEFAULT.interface_driver -}} -{{- if eq .Values.network.backend "ovs" -}} -{{- set .Values.conf.neutron.DEFAULT "interface_driver" "openvswitch" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.neutron.DEFAULT.interface_driver -}} +{{- $_ := set $envAll.Values "__interface_driver" ( list ) }} +{{- if ( has "openvswitch" $envAll.Values.network.backend ) -}} +{{ $__interface_driver := append $envAll.Values.__interface_driver "openvswitch" }} +{{- $_ := set $envAll.Values "__interface_driver" $__interface_driver }} {{- end -}} -{{- if eq .Values.network.backend "linuxbridge" -}} -{{- set .Values.conf.neutron.DEFAULT "interface_driver" "linuxbridge" | quote | trunc 0 -}} +{{- if ( has "linuxbridge" $envAll.Values.network.backend ) -}} +{{ $__interface_driver := append $envAll.Values.__interface_driver "linuxbridge" }} +{{- $_ := set $envAll.Values "__interface_driver" $__interface_driver }} {{- end -}} +{{- set $envAll.Values.conf.neutron.DEFAULT "interface_driver" $envAll.Values.__interface_driver | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.dhcp_agent.DEFAULT.interface_driver -}} -{{- if eq .Values.network.backend "ovs" -}} -{{- set .Values.conf.dhcp_agent.DEFAULT "interface_driver" "openvswitch" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.dhcp_agent.DEFAULT.interface_driver -}} +{{- $_ := set $envAll.Values "__interface_driver" ( list ) }} +{{- if ( has "openvswitch" $envAll.Values.network.backend ) -}} +{{ $__interface_driver := append $envAll.Values.__interface_driver "openvswitch" }} +{{- $_ := set $envAll.Values "__interface_driver" $__interface_driver }} {{- end -}} -{{- if eq .Values.network.backend "linuxbridge" -}} -{{- set .Values.conf.dhcp_agent.DEFAULT "interface_driver" "linuxbridge" | quote | trunc 0 -}} +{{- if ( has "linuxbridge" $envAll.Values.network.backend ) -}} +{{ $__interface_driver := append $envAll.Values.__interface_driver "linuxbridge" }} +{{- $_ := set $envAll.Values "__interface_driver" $__interface_driver }} {{- end -}} +{{- set $envAll.Values.conf.dhcp_agent.DEFAULT "interface_driver" $envAll.Values.__interface_driver | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.l3_agent.DEFAULT.interface_driver -}} -{{- if eq .Values.network.backend "ovs" -}} -{{- set .Values.conf.l3_agent.DEFAULT "interface_driver" "openvswitch" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.l3_agent.DEFAULT.interface_driver -}} +{{- $_ := set $envAll.Values "__interface_driver" ( list ) }} +{{- if ( has "openvswitch" $envAll.Values.network.backend ) -}} +{{ $__interface_driver := append $envAll.Values.__interface_driver "openvswitch" }} +{{- $_ := set $envAll.Values "__interface_driver" $__interface_driver }} {{- end -}} -{{- if eq .Values.network.backend "linuxbridge" -}} -{{- set .Values.conf.l3_agent.DEFAULT "interface_driver" "linuxbridge" | quote | trunc 0 -}} +{{- if ( has "linuxbridge" $envAll.Values.network.backend ) -}} +{{ $__interface_driver := append $envAll.Values.__interface_driver "linuxbridge" }} +{{- $_ := set $envAll.Values "__interface_driver" $__interface_driver }} {{- end -}} +{{- set $envAll.Values.conf.l3_agent.DEFAULT "interface_driver" $envAll.Values.__interface_driver | quote | trunc 0 -}} {{- end -}} -{{- if empty .Values.conf.plugins.ml2_conf.ml2.mechanism_drivers -}} -{{- if eq .Values.network.backend "ovs" -}} -{{- set .Values.conf.plugins.ml2_conf.ml2 "mechanism_drivers" "openvswitch,l2population" | quote | trunc 0 -}} +{{- if empty $envAll.Values.conf.plugins.ml2_conf.ml2.mechanism_drivers -}} +{{- $_ := set $envAll.Values "__mechanism_drivers" ( list "l2population" ) }} +{{- if ( has "openvswitch" $envAll.Values.network.backend ) -}} +{{ $__mechanism_drivers := append $envAll.Values.__mechanism_drivers "openvswitch" }} +{{- $_ := set $envAll.Values "__mechanism_drivers" $__mechanism_drivers }} {{- end -}} -{{- if eq .Values.network.backend "linuxbridge" -}} -{{- set .Values.conf.plugins.ml2_conf.ml2 "mechanism_drivers" "linuxbridge,l2population" | quote | trunc 0 -}} +{{- if ( has "linuxbridge" $envAll.Values.network.backend ) -}} +{{ $__mechanism_drivers := append $envAll.Values.__mechanism_drivers "linuxbridge" }} +{{- $_ := set $envAll.Values "__mechanism_drivers" $__mechanism_drivers }} {{- end -}} +{{- set $envAll.Values.conf.plugins.ml2_conf.ml2 "mechanism_drivers" $envAll.Values.__mechanism_drivers | quote | trunc 0 -}} {{- end -}} {{- if empty .Values.conf.neutron.DEFAULT.bind_port -}} @@ -137,56 +153,56 @@ metadata: name: neutron-etc data: rally_tests.yaml: | -{{ toYaml .Values.conf.rally_tests.tests | indent 4 }} +{{ toYaml $envAll.Values.conf.rally_tests.tests | indent 4 }} api-paste.ini: | -{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }} +{{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | indent 4 }} policy.json: | -{{ toJson .Values.conf.policy | indent 4 }} +{{ toJson $envAll.Values.conf.policy | indent 4 }} neutron.conf: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.neutron | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | indent 4 }} dhcp_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.dhcp_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | indent 4 }} l3_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.l3_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | indent 4 }} metadata_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.metadata_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | indent 4 }} metering_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.metering_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | indent 4 }} ml2_conf.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.ml2_conf | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | indent 4 }} ml2_conf_sriov.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.ml2_conf_sriov | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | indent 4 }} macvtap_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.macvtap_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | indent 4 }} linuxbridge_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.linuxbridge_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | indent 4 }} openvswitch_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.openvswitch_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | indent 4 }} sriov_agent.ini: | -{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.sriov_agent | indent 4 }} +{{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | indent 4 }} dnsmasq.conf: "" neutron_sudoers: | -{{- tuple .Values.conf.neutron_sudoers "etc/_neutron_sudoers.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.neutron_sudoers "etc/_neutron_sudoers.tpl" . | include "helm-toolkit.utils.configmap_templater" }} rootwrap.conf: | -{{- tuple .Values.conf.rootwrap "etc/_rootwrap.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap "etc/_rootwrap.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} debug.filters: | -{{- tuple .Values.conf.rootwrap_filters.debug "etc/rootwrap.d/_debug.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.debug "etc/rootwrap.d/_debug.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} dibbler.filters: | -{{- tuple .Values.conf.rootwrap_filters.dibbler "etc/rootwrap.d/_dibbler.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.dibbler "etc/rootwrap.d/_dibbler.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} ipset-firewall.filters: | -{{- tuple .Values.conf.rootwrap_filters.ipset_firewall "etc/rootwrap.d/_ipset-firewall.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.ipset_firewall "etc/rootwrap.d/_ipset-firewall.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} l3.filters: | -{{- tuple .Values.conf.rootwrap_filters.l3 "etc/rootwrap.d/_l3.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.l3 "etc/rootwrap.d/_l3.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} netns-cleanup.filters: | -{{- tuple .Values.conf.rootwrap_filters.netns_cleanup "etc/rootwrap.d/_netns-cleanup.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.netns_cleanup "etc/rootwrap.d/_netns-cleanup.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} dhcp.filters: | -{{- tuple .Values.conf.rootwrap_filters.dhcp "etc/rootwrap.d/_dhcp.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.dhcp "etc/rootwrap.d/_dhcp.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} ebtables.filters: | -{{- tuple .Values.conf.rootwrap_filters.ebtables "etc/rootwrap.d/_ebtables.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.ebtables "etc/rootwrap.d/_ebtables.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} iptables-firewall.filters: | -{{- tuple .Values.conf.rootwrap_filters.iptables_firewall "etc/rootwrap.d/_iptables-firewall.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.iptables_firewall "etc/rootwrap.d/_iptables-firewall.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} linuxbridge-plugin.filters: | -{{- tuple .Values.conf.rootwrap_filters.linuxbridge_plugin "etc/rootwrap.d/_linuxbridge-plugin.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.linuxbridge_plugin "etc/rootwrap.d/_linuxbridge-plugin.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} openvswitch-plugin.filters: | -{{- tuple .Values.conf.rootwrap_filters.openvswitch_plugin "etc/rootwrap.d/_openvswitch-plugin.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{- tuple $envAll.Values.conf.rootwrap_filters.openvswitch_plugin "etc/rootwrap.d/_openvswitch-plugin.filters.tpl" . | include "helm-toolkit.utils.configmap_templater" }} {{- end }} diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index 97b73d4536..c4e352b5ba 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -70,7 +70,7 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true - {{- if eq .Values.network.backend "ovs" }} + {{- if ( has "openvswitch" .Values.network.backend ) }} - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini @@ -153,7 +153,7 @@ spec: configMap: name: neutron-etc defaultMode: 0444 - {{- if eq .Values.network.backend "ovs" }} + {{- if ( has "openvswitch" .Values.network.backend ) }} - name: runopenvswitch hostPath: path: /run/openvswitch diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 2c6afc7ac8..b0752d83f5 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -70,7 +70,7 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true - {{- if eq .Values.network.backend "ovs" }} + {{- if ( has "openvswitch" .Values.network.backend ) }} - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini @@ -152,7 +152,7 @@ spec: configMap: name: neutron-etc defaultMode: 0444 - {{- if eq .Values.network.backend "ovs" }} + {{- if ( has "openvswitch" .Values.network.backend ) }} - name: runopenvswitch hostPath: path: /run/openvswitch diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml index 3461add711..d1621c7002 100644 --- a/neutron/templates/daemonset-lb-agent.yaml +++ b/neutron/templates/daemonset-lb-agent.yaml @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and .Values.manifests.daemonset_lb_agent ( eq .Values.network.backend "linuxbridge" ) }} +{{- if and .Values.manifests.daemonset_lb_agent ( has "linuxbridge" .Values.network.backend ) }} {{- $envAll := . }} {{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "lb_agent" -}} diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index c37098801c..d19fdd7b5d 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -92,7 +92,7 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true - {{- if eq .Values.network.backend "ovs" }} + {{- if ( has "openvswitch" .Values.network.backend ) }} - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini @@ -167,7 +167,7 @@ spec: configMap: name: neutron-etc defaultMode: 0444 - {{- if eq .Values.network.backend "ovs" }} + {{- if ( has "openvswitch" .Values.network.backend ) }} - name: runopenvswitch hostPath: path: /run/openvswitch diff --git a/neutron/templates/daemonset-ovs-agent.yaml b/neutron/templates/daemonset-ovs-agent.yaml index f1f69927fe..28d58c6b20 100644 --- a/neutron/templates/daemonset-ovs-agent.yaml +++ b/neutron/templates/daemonset-ovs-agent.yaml @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and .Values.manifests.daemonset_ovs_agent ( eq .Values.network.backend "ovs" ) }} +{{- if and .Values.manifests.daemonset_ovs_agent ( has "openvswitch" .Values.network.backend ) }} {{- $envAll := . }} {{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovs_agent" -}} diff --git a/neutron/templates/daemonset-sriov-agent.yaml b/neutron/templates/daemonset-sriov-agent.yaml new file mode 100644 index 0000000000..b0478b929f --- /dev/null +++ b/neutron/templates/daemonset-sriov-agent.yaml @@ -0,0 +1,233 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.daemonset_sriov_agent ( has "sriov" .Values.network.backend ) }} +{{- $envAll := . }} + +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "sriov_agent" -}} +{{- $dependencies := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} + +{{- $mounts_neutron_sriov_agent := .Values.pod.mounts.neutron_sriov_agent.neutron_sriov_agent }} +{{- $mounts_neutron_sriov_agent_init := .Values.pod.mounts.neutron_sriov_agent.init_container }} + +{{- $serviceAccountName := "neutron-sriov-agent" }} +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-sriov-agent +spec: +{{ tuple $envAll "sriov_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "neutron" "neutron-sriov-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.sriov.node_selector_key }}: {{ .Values.labels.sriov.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + initContainers: +{{ tuple $envAll $dependencies $mounts_neutron_sriov_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: neutron-sriov-agent-init + image: {{ .Values.images.tags.neutron_sriov_agent_init }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.sriov | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true + runAsUser: 0 + command: + - /tmp/neutron-sriov-agent-init.sh + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-sriov-agent-init.sh + subPath: neutron-sriov-agent-init.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini + subPath: sriov_agent.ini + readOnly: true + - name: neutron-etc + # NOTE (Portdirect): We mount here to override Kollas + # custom sudoers file when using Kolla images, this + # location will also work fine for other images. + mountPath: /etc/sudoers.d/kolla_neutron_sudoers + subPath: neutron_sudoers + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/debug.filters + subPath: debug.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dibbler.filters + subPath: dibbler.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ipset-firewall.filters + subPath: ipset-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/l3.filters + subPath: l3.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/netns-cleanup.filters + subPath: netns-cleanup.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dhcp.filters + subPath: dhcp.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ebtables.filters + subPath: ebtables.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/iptables-firewall.filters + subPath: iptables-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/linuxbridge-plugin.filters + subPath: linuxbridge-plugin.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters + subPath: openvswitch-plugin.filters + readOnly: true + - name: run + mountPath: /run +{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} + containers: + - name: neutron-sriov-agent + image: {{ .Values.images.tags.neutron_sriov_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.sriov | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.neutron.uid }} + privileged: true + command: + - /tmp/neutron-sriov-agent.sh + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-sriov-agent.sh + subPath: neutron-sriov-agent.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini + subPath: sriov_agent.ini + readOnly: true + - name: neutron-etc + # NOTE (Portdirect): We mount here to override Kollas + # custom sudoers file when using Kolla images, this + # location will also work fine for other images. + mountPath: /etc/sudoers.d/kolla_neutron_sudoers + subPath: neutron_sudoers + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/debug.filters + subPath: debug.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dibbler.filters + subPath: dibbler.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ipset-firewall.filters + subPath: ipset-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/l3.filters + subPath: l3.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/netns-cleanup.filters + subPath: netns-cleanup.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dhcp.filters + subPath: dhcp.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ebtables.filters + subPath: ebtables.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/iptables-firewall.filters + subPath: iptables-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/linuxbridge-plugin.filters + subPath: linuxbridge-plugin.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters + subPath: openvswitch-plugin.filters + readOnly: true + - name: run + mountPath: /run +{{ if $mounts_neutron_sriov_agent.volumeMounts }}{{ toYaml $mounts_neutron_sriov_agent.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-shared + emptyDir: {} + - name: neutron-bin + configMap: + name: neutron-bin + defaultMode: 0555 + - name: neutron-etc + configMap: + name: neutron-etc + defaultMode: 0444 + - name: run + hostPath: + path: /run + - name: host-rootfs + hostPath: + path: / +{{ if $mounts_neutron_sriov_agent.volumes }}{{ toYaml $mounts_neutron_sriov_agent.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 468cb9ae31..bce159946a 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -84,6 +84,12 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true + {{ if ( has "sriov" .Values.network.backend ) }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/sriov_agent.ini + subPath: sriov_agent.ini + readOnly: true + {{ end }} - name: neutron-etc mountPath: /etc/neutron/api-paste.ini subPath: api-paste.ini diff --git a/neutron/values.yaml b/neutron/values.yaml index 06567e690b..786af8e2c2 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -36,6 +36,8 @@ images: neutron_l3: docker.io/openstackhelm/neutron:newton neutron_openvswitch_agent: docker.io/openstackhelm/neutron:newton neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:newton + neutron_sriov_agent: docker.io/openstackhelm/neutron:newton-sriov-1804 + neutron_sriov_agent_init: docker.io/openstackhelm/neutron:newton-sriov-1804 dep_check: quay.io/stackanetes/kubernetes-entrypoint:v0.2.1 pull_policy: "IfNotPresent" @@ -56,13 +58,16 @@ labels: lb: node_selector_key: linuxbridge node_selector_value: enabled - # ovs is a special case, requiring a special + # openvswitch is a special case, requiring a special # label that can apply to both control hosts # and compute hosts, until we get more sophisticated # with our daemonset scheduling ovs: node_selector_key: openvswitch node_selector_value: enabled + sriov: + node_selector_key: sriov + node_selector_value: enabled server: node_selector_key: openstack-control-plane node_selector_value: enabled @@ -72,8 +77,9 @@ labels: network: # provide what type of network wiring will be used - # possible options: ovs, linuxbridge - backend: ovs + # possible options: openvswitch, linuxbridge, sriov + backend: + - openvswitch external_bridge: br-ex ip_address: 0.0.0.0 interface: @@ -94,6 +100,12 @@ network: # br-physnet1: eth3 # br0: if0 # br1: iface_two + sriov: + # To perform setup of network interfaces using the SR-IOV init + # container you can use a section similar to: + # sriov: + # - device: ${DEV} + # num_vfs: 8 server: ingress: public: true @@ -114,7 +126,7 @@ bootstrap: dependencies: dynamic: targeted: - ovs: + openvswitch: dhcp: daemonset: - neutron-ovs-agent @@ -134,6 +146,18 @@ dependencies: metadata: daemonset: - neutron-lb-agent + lb_agent: + daemonset: null + sriov: + dhcp: + daemonset: + - neutron-sriov-agent + l3: + daemonset: + - neutron-sriov-agent + metadata: + daemonset: + - neutron-sriov-agent static: bootstrap: services: @@ -196,6 +220,7 @@ dependencies: - endpoint: internal service: compute lb_agent: + daemonset: null jobs: - neutron-rabbit-init services: @@ -278,6 +303,9 @@ pod: neutron_ovs_agent: init_container: null neutron_ovs_agent: + neutron_sriov_agent: + init_container: null + neutron_sriov_agent: neutron_tests: init_container: null neutron_tests: @@ -316,6 +344,10 @@ pod: enabled: true min_ready_seconds: 0 max_unavailable: 1 + sriov_agent: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 disruption_budget: server: min_available: 0 @@ -360,6 +392,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + sriov: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" server: requests: memory: "128Mi" @@ -1032,7 +1071,12 @@ conf: l2_population: True arp_responder: True macvtap_agent: null - sriov_agent: null + sriov_agent: + securitygroup: + firewall_driver: neutron.agent.firewall.NoopFirewallDriver + sriov_nic: + physical_device_mappings: physnet2:enp3s0f1 + exclude_devices: null dhcp_agent: DEFAULT: #(NOTE)portdirect: if unset this is populated dyanmicly from the value in @@ -1229,6 +1273,7 @@ manifests: daemonset_lb_agent: true daemonset_metadata_agent: true daemonset_ovs_agent: true + daemonset_sriov_agent: true deployment_server: true ingress_server: true job_bootstrap: true diff --git a/nova/templates/daemonset-compute.yaml b/nova/templates/daemonset-compute.yaml index 5d9a09b650..0dc6d62709 100644 --- a/nova/templates/daemonset-compute.yaml +++ b/nova/templates/daemonset-compute.yaml @@ -302,9 +302,11 @@ spec: {{- $daemonset := "compute" }} {{- $configMapName := "nova-etc" }} {{- $serviceAccountName := "nova-compute" }} + {{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "compute" -}} {{- $dependencies := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} -{{ tuple . $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} + +{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName $dependencies . | include "nova.compute.daemonset" | toString | fromYaml }} {{- $configmap_yaml := "nova.configmap.etc" }} {{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }} diff --git a/nova/values.yaml b/nova/values.yaml index 2bf0d9089e..a80d1889fe 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -125,7 +125,10 @@ bootstrap: vcpus: 8 network: - backend: ovs + # provide what type of network wiring will be used + # possible options: openvswitch, linuxbridge, sriov + backend: + - openvswitch osapi: port: 8774 ingress: @@ -180,7 +183,7 @@ ceph: dependencies: dynamic: targeted: - ovs: + openvswitch: compute: daemonset: - neutron-ovs-agent @@ -188,6 +191,10 @@ dependencies: compute: daemonset: - neutron-lb-agent + sriov: + compute: + daemonset: + - neutron-sriov-agent static: api: jobs: diff --git a/tools/images/openstack/newton/loci.sh b/tools/images/openstack/newton/loci.sh index fa602babfd..5497558916 100644 --- a/tools/images/openstack/newton/loci.sh +++ b/tools/images/openstack/newton/loci.sh @@ -82,6 +82,18 @@ sudo docker exec docker-in-docker docker build --force-rm --pull --no-cache \ --tag docker.io/openstackhelm/neutron:${IMAGE_TAG} sudo docker exec docker-in-docker docker push docker.io/openstackhelm/neutron:${IMAGE_TAG} +sudo docker exec docker-in-docker docker build --force-rm --pull --no-cache \ + https://git.openstack.org/openstack/loci.git \ + --build-arg PROJECT=neutron \ + --build-arg FROM=docker.io/ubuntu:18.04 \ + --build-arg PROJECT_REF=${OPENSTACK_VERSION} \ + --build-arg PROFILES="neutron linuxbridge openvswitch" \ + --build-arg PIP_PACKAGES="pycrypto" \ + --build-arg DIST_PACKAGES="ethtool lshw" \ + --build-arg WHEELS=openstackhelm/requirements:${IMAGE_TAG} \ + --tag docker.io/openstackhelm/neutron:${IMAGE_TAG}-sriov-1804 +sudo docker exec docker-in-docker docker push docker.io/openstackhelm/neutron:${IMAGE_TAG}-sriov-1804 + sudo docker exec docker-in-docker docker build --force-rm --pull --no-cache \ https://git.openstack.org/openstack/loci.git \ --build-arg PROJECT=nova \ diff --git a/tools/images/openstack/ocata/loci.sh b/tools/images/openstack/ocata/loci.sh index 852554db7a..8a3c4cdbff 100644 --- a/tools/images/openstack/ocata/loci.sh +++ b/tools/images/openstack/ocata/loci.sh @@ -82,6 +82,18 @@ sudo docker exec docker-in-docker docker build --force-rm --pull --no-cache \ --tag docker.io/openstackhelm/neutron:${IMAGE_TAG} sudo docker exec docker-in-docker docker push docker.io/openstackhelm/neutron:${IMAGE_TAG} +sudo docker exec docker-in-docker docker build --force-rm --pull --no-cache \ + https://git.openstack.org/openstack/loci.git \ + --build-arg PROJECT=neutron \ + --build-arg FROM=docker.io/ubuntu:18.04 \ + --build-arg PROJECT_REF=${OPENSTACK_VERSION} \ + --build-arg PROFILES="neutron linuxbridge openvswitch" \ + --build-arg PIP_PACKAGES="pycrypto" \ + --build-arg DIST_PACKAGES="ethtool lshw" \ + --build-arg WHEELS=openstackhelm/requirements:${IMAGE_TAG} \ + --tag docker.io/openstackhelm/neutron:${IMAGE_TAG}-sriov-1804 +sudo docker exec docker-in-docker docker push docker.io/openstackhelm/neutron:${IMAGE_TAG}-sriov-1804 + sudo docker exec docker-in-docker docker build --force-rm --pull --no-cache \ https://git.openstack.org/openstack/loci.git \ --build-arg PROJECT=nova \ diff --git a/tools/overrides/backends/networking/compute-kit-sr-iov.sh b/tools/overrides/backends/networking/compute-kit-sr-iov.sh new file mode 100755 index 0000000000..0ae0165e10 --- /dev/null +++ b/tools/overrides/backends/networking/compute-kit-sr-iov.sh @@ -0,0 +1,151 @@ +#!/bin/bash + +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +#NOTE(portdirect): This file is included as an example of how to deploy +# nova and neutron with ovs and sr-iov active. It will not work without +# modification for your environment. + +set -xe + +#NOTE: Pull images and lint chart +make pull-images nova +make pull-images neutron + +SRIOV_DEV1=enp3s0f0 +SRIOV_DEV2=enp66s0f1 +OVSBR=vlan92 + +#NOTE: Deploy nova +: ${OSH_EXTRA_HELM_ARGS:=""} +tee /tmp/nova.yaml << EOF +network: + backend: + - openvswitch + - sriov +conf: + nova: + DEFAULT: + debug: True + vcpu_pin_set: 4,8,12,16,20,24,28,32,36,40,44,48,52,56,60,5,9,13,17,21,25,29,33,37,41,45,49,53,57,61 + vif_plugging_is_fatal: False + vif_plugging_timeout: 30 + pci: + alias: '{"name": "numa0", "capability_type": "pci", "product_id": "10fb", "vendor_id": "8086", "device_type": "type-PCI", "numa_policy": "required"}' + passthrough_whitelist: | + [{"address": "0000:03:10.0", "physical_network": "physnet1"}, {"address": "0000:03:10.2", "physical_network": "physnet1"}, {"address": "0000:03:10.4", "physical_network": "physnet1"}, {"address": "0000:03:10.6", "physical_network": "physnet1"}, {"address": "0000:03:11.0", "physical_network": "physnet1"}, {"address": "0000:03:11.2", "physical_network": "physnet1"}, {"address": "0000:03:11.4", "physical_network": "physnet1"}, {"address": "0000:03:11.6", "physical_network": "physnet1"}, {"address": "0000:03:12.0", "physical_network": "physnet1"}, {"address": "0000:03:12.2", "physical_network": "physnet1"}, {"address": "0000:03:12.4", "physical_network": "physnet1"}, {"address": "0000:03:12.6", "physical_network": "physnet1"}, {"address": "0000:03:13.0", "physical_network": "physnet1"}, {"address": "0000:03:13.2", "physical_network": "physnet1"}, {"address": "0000:03:13.4", "physical_network": "physnet1"}, {"address": "0000:03:13.6", "physical_network": "physnet1"}, {"address": "0000:03:14.0", "physical_network": "physnet1"}, {"address": "0000:03:14.2", "physical_network": "physnet1"}, {"address": "0000:03:14.4", "physical_network": "physnet1"}, {"address": "0000:03:14.6", "physical_network": "physnet1"}, {"address": "0000:03:15.0", "physical_network": "physnet1"}, {"address": "0000:03:15.2", "physical_network": "physnet1"}, {"address": "0000:03:15.4", "physical_network": "physnet1"}, {"address": "0000:03:15.6", "physical_network": "physnet1"}, {"address": "0000:03:16.0", "physical_network": "physnet1"}, {"address": "0000:03:16.2", "physical_network": "physnet1"}, {"address": "0000:03:16.4", "physical_network": "physnet1"}, {"address": "0000:03:16.6", "physical_network": "physnet1"}, {"address": "0000:03:17.0", "physical_network": "physnet1"}, {"address": "0000:03:17.2", "physical_network": "physnet1"}, {"address": "0000:03:17.4", "physical_network": "physnet1"}, {"address": "0000:03:17.6", "physical_network": "physnet1"}, {"address": "0000:42:10.1", "physical_network": "physnet2"}, {"address": "0000:42:10.3", "physical_network": "physnet2"}, {"address": "0000:42:10.5", "physical_network": "physnet2"}, {"address": "0000:42:10.7", "physical_network": "physnet2"}, {"address": "0000:42:11.1", "physical_network": "physnet2"}, {"address": "0000:42:11.3", "physical_network": "physnet2"}, {"address": "0000:42:11.5", "physical_network": "physnet2"}, {"address": "0000:42:11.7", "physical_network": "physnet2"}, {"address": "0000:42:12.1", "physical_network": "physnet2"}, {"address": "0000:42:12.3", "physical_network": "physnet2"}, {"address": "0000:42:12.5", "physical_network": "physnet2"}, {"address": "0000:42:12.7", "physical_network": "physnet2"}, {"address": "0000:42:13.1", "physical_network": "physnet2"}, {"address": "0000:42:13.3", "physical_network": "physnet2"}, {"address": "0000:42:13.5", "physical_network": "physnet2"}, {"address": "0000:42:13.7", "physical_network": "physnet2"}, {"address": "0000:42:14.1", "physical_network": "physnet2"}, {"address": "0000:42:14.3", "physical_network": "physnet2"}, {"address": "0000:42:14.5", "physical_network": "physnet2"}, {"address": "0000:42:14.7", "physical_network": "physnet2"}, {"address": "0000:42:15.1", "physical_network": "physnet2"}, {"address": "0000:42:15.3", "physical_network": "physnet2"}, {"address": "0000:42:15.5", "physical_network": "physnet2"}, {"address": "0000:42:15.7", "physical_network": "physnet2"}, {"address": "0000:42:16.1", "physical_network": "physnet2"}, {"address": "0000:42:16.3", "physical_network": "physnet2"}, {"address": "0000:42:16.5", "physical_network": "physnet2"}, {"address": "0000:42:16.7", "physical_network": "physnet2"}, {"address": "0000:42:17.1", "physical_network": "physnet2"}, {"address": "0000:42:17.3", "physical_network": "physnet2"}, {"address": "0000:42:17.5", "physical_network": "physnet2"}, {"address": "0000:42:17.7", "physical_network": "physnet2"}] + filter_scheduler: + enabled_filters: "RetryFilter, AvailabilityZoneFilter, RamFilter, ComputeFilter, ComputeCapabilitiesFilter, ImagePropertiesFilter, ServerGroupAntiAffinityFilter, ServerGroupAffinityFilter, PciPassthroughFilter, NUMATopologyFilter, DifferentHostFilter, SameHostFilter" +EOF + +if [ "x$(systemd-detect-virt)" == "xnone" ]; then + echo 'OSH is not being deployed in virtualized environment' + helm upgrade --install nova ./nova \ + --namespace=openstack \ + --values /tmp/nova.yaml \ + ${OSH_EXTRA_HELM_ARGS} +else + echo 'OSH is being deployed in virtualized environment, using qemu for nova' + helm upgrade --install nova ./nova \ + --namespace=openstack \ + --set conf.nova.libvirt.virt_type=qemu \ + --values /tmp/nova.yaml \ + ${OSH_EXTRA_HELM_ARGS} +fi + +#NOTE: Deploy neutron +tee /tmp/neutron.yaml << EOF +network: + backend: + - openvswitch + - sriov + interface: + tunnel: docker0 + sriov: + - device: ${SRIOV_DEV1} + num_vfs: 32 + promisc: false + - device: ${SRIOV_DEV2} + num_vfs: 32 + promisc: false + auto_bridge_add: + br-physnet3: ${OVSBR} +conf: + neutron: + DEFAULT: + debug: True + l3_ha: False + min_l3_agents_per_router: 1 + max_l3_agents_per_router: 1 + l3_ha_network_type: vxlan + dhcp_agents_per_network: 1 + plugins: + ml2_conf: + ml2: + mechanism_drivers: openvswitch,sriovnicswitch,l2population + ml2_type_flat: + flat_networks: public + type_drivers: vlan,flat,vxlan + mechanism_drivers: openvswitch,sriovnicswitch,l2population + tenant_network_types: vxlan + ml2_type_vlan: + network_vlan_ranges: physnet1:20:30,physnet2:20:30 + #NOTE(portdirect): for clarity we include options for all the neutron + # backends here. + openvswitch_agent: + agent: + tunnel_types: vxlan + ovs: + bridge_mappings: "public:br-ex,physnet3:br-physnet3" + linuxbridge_agent: + linux_bridge: + bridge_mappings: "public:br-ex,physnet1:br-physnet1" + sriov_agent: + sriov_nic: + physical_device_mappings: physnet1:${SRIOV_DEV1},physnet2:${SRIOV_DEV2} + exclude_devices: null +EOF +kubectl label node cab24-r820-14 --overwrite=true sriov=enabled +kubectl label node cab24-r820-15 --overwrite=true sriov=enabled + +helm upgrade --install neutron ./neutron \ + --namespace=openstack \ + --values=/tmp/neutron.yaml \ + ${OSH_EXTRA_HELM_ARGS} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack + +#NOTE: Validate Deployment info +export OS_CLOUD=openstack_helm +openstack service list +sleep 30 #NOTE(portdirect): Wait for ingress controller to update rules and restart Nginx +openstack hypervisor list +openstack network agent list + +#NOTE: Exercise the deployment +openstack network create test +NET_ID=$(openstack network show test -f value -c id) +openstack subnet create --subnet-range "172.24.4.0/24" --network ${NET_ID} test +openstack port create --network ${NET_ID} --fixed-ip subnet=test,ip-address="172.24.4.10" --binding-profile vnic_type=direct sriov_port +PORT_ID=$(openstack port show sriov_port -f value -c id) + +# NOTE(portdirect): We do this fancy, and seemingly pointless, footwork to get +# the full image name for the cirros Image without having to be explicit. +export IMAGE_NAME=$(openstack image show -f value -c name \ + $(openstack image list -f csv | awk -F ',' '{ print $2 "," $1 }' | \ + grep "^\"Cirros" | head -1 | awk -F ',' '{ print $2 }' | tr -d '"')) + +openstack server create --flavor m1.tiny --image "${IMAGE_NAME}" --nic port-id=${PORT_ID} test-sriov diff --git a/tools/overrides/backends/networking/linuxbridge.yaml b/tools/overrides/backends/networking/linuxbridge.yaml index 31828eda00..45b3e9355a 100644 --- a/tools/overrides/backends/networking/linuxbridge.yaml +++ b/tools/overrides/backends/networking/linuxbridge.yaml @@ -18,4 +18,5 @@ # It should be kept to the bare minimum required for this purpose. network: - backend: linuxbridge + backend: + - linuxbridge diff --git a/tools/overrides/releases/ocata/loci.yaml b/tools/overrides/releases/ocata/loci.yaml index 391c80dd75..aeb1802564 100644 --- a/tools/overrides/releases/ocata/loci.yaml +++ b/tools/overrides/releases/ocata/loci.yaml @@ -54,6 +54,8 @@ images: neutron_metadata: 'docker.io/openstackhelm/neutron:ocata' neutron_openvswitch_agent: 'docker.io/openstackhelm/neutron:ocata' neutron_server: 'docker.io/openstackhelm/neutron:ocata' + neutron_sriov_agent: 'docker.io/openstackhelm/neutron:ocata-sriov-1804' + neutron_sriov_agent_init: 'docker.io/openstackhelm/neutron:ocata-sriov-1804' nova_api: 'docker.io/openstackhelm/nova:ocata' nova_cell_setup: 'docker.io/openstackhelm/nova:ocata' nova_compute: 'docker.io/openstackhelm/nova:ocata'