[neutron] Bring in L2 gateway support

L2 Gateway (L2GW) is an API framework that offers bridging 2+ networks together to make them look as a single broadcast domain. A typical use case is bridging the virtual with the physical networks. Change-Id: I95ff59ce024747f7af40c6bef0661bb3743b0af1
2019-06-20 14:41:04 +04:00 · 2019-06-20 14:41:04 +04:00 · 8c93743041
commit 8c93743041
parent fd37d61b12
13 changed files with 235 additions and 0 deletions
--- a/neutron/templates/bin/_neutron-l2gw-agent.sh.tpl
+++ b/neutron/templates/bin/_neutron-l2gw-agent.sh.tpl
@ -0,0 +1,22 @@
+#!/bin/bash
+
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+exec neutron-l2gateway-agent \
+      --config-file=/etc/neutron/neutron.conf \
+      --config-file=/etc/neutron/l2gw_agent.ini
--- a/neutron/templates/bin/_neutron-server.sh.tpl
+++ b/neutron/templates/bin/_neutron-server.sh.tpl
@ -29,6 +29,9 @@ function start () {
 {{- if ( has "sriov" .Values.network.backend ) }} \
        --config-file /etc/neutron/plugins/ml2/sriov_agent.ini
 {{- end }}
+{{- if .Values.conf.plugins.l2gateway }} \
+        --config-file /etc/neutron/l2gw_plugin.ini
+{{- end }}
 }

 function stop () {
--- a/neutron/templates/configmap-bin.yaml
+++ b/neutron/templates/configmap-bin.yaml
@ -71,6 +71,8 @@ data:
 {{ tuple "bin/_neutron-sriov-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-sriov-agent-init.sh: |
 {{ tuple "bin/_neutron-sriov-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+  neutron-l2gw-agent.sh: |
+{{ tuple "bin/_neutron-l2gw-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  neutron-server.sh: |
 {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
  rabbit-init.sh: |
--- a/neutron/templates/configmap-etc.yaml
+++ b/neutron/templates/configmap-etc.yaml
@ -190,10 +190,12 @@ data:
  ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }}
  ml2_conf_sriov.ini: {{ default ( include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | b64enc ) "\"\"" }}
  taas.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.taas | b64enc }}
+  l2gw_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.l2gateway | b64enc) }}
  macvtap_agent.ini: {{ default ( include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | b64enc ) "\"\"" }}
  linuxbridge_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | b64enc }}
  openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }}
  sriov_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | b64enc }}
+  l2gw_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.l2gateway_agent | b64enc) }}
  dnsmasq.conf: ""
  neutron_sudoers: {{ $envAll.Values.conf.neutron_sudoers | b64enc }}
  rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }}
--- a/neutron/templates/daemonset-l2gw-agent.yaml
+++ b/neutron/templates/daemonset-l2gw-agent.yaml
@ -0,0 +1,152 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "neutron.l2gw_agent.daemonset" }}
+{{- $daemonset := index . 0 }}
+{{- $configMapName := index . 1 }}
+{{- $serviceAccountName := index . 2 }}
+{{- $envAll := index . 3 }}
+{{- with $envAll }}
+
+{{- $mounts_neutron_l2gw_agent := .Values.pod.mounts.neutron_l2gw_agent.neutron_l2gw_agent }}
+{{- $mounts_neutron_l2gw_agent_init := .Values.pod.mounts.neutron_l2gw_agent.init_container }}
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: neutron-l2gw-agent
+  annotations:
+    {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+  labels:
+{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll "l2gw_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+  template:
+    metadata:
+      labels:
+{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+    spec:
+{{ dict "envAll" $envAll "application" "neutron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+      serviceAccountName: {{ $serviceAccountName }}
+      nodeSelector:
+        {{ .Values.labels.agent.l2gw.node_selector_key }}: {{ .Values.labels.agent.l2gw.node_selector_value }}
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+      shareProcessNamespace: true
+      {{- else }}
+      hostPID: true
+      {{- end }}
+      initContainers:
+{{ tuple $envAll "pod_dependency" $mounts_neutron_l2gw_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+      containers:
+        - name: neutron-l2gw-agent
+{{ tuple $envAll "neutron_l2gw" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.l2gw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+          securityContext:
+            privileged: true
+          readinessProbe:
+            exec:
+              command:
+                - python
+                - /tmp/health-probe.py
+                - --config-file
+                - /etc/neutron/neutron.conf
+                - --config-file
+                - /etc/neutron/l2gw_agent.ini
+                - --agent-queue-name
+                - l2gateway_agent
+            initialDelaySeconds: 30
+            periodSeconds: 15
+            timeoutSeconds: 65
+          livenessProbe:
+            exec:
+              command:
+                - python
+                - /tmp/health-probe.py
+                - --config-file
+                - /etc/neutron/neutron.conf
+                - --config-file
+                - /etc/neutron/l2gw_agent.ini
+                - --agent-queue-name
+                - l2gateway_agent
+                - --liveness-probe
+            initialDelaySeconds: 120
+            periodSeconds: 90
+            timeoutSeconds: 70
+          command:
+            - /tmp/neutron-l2gw-agent.sh
+          volumeMounts:
+            - name: pod-tmp
+              mountPath: /tmp
+            - name: neutron-bin
+              mountPath: /tmp/neutron-l2gw-agent.sh
+              subPath: neutron-l2gw-agent.sh
+              readOnly: true
+            - name: neutron-bin
+              mountPath: /tmp/health-probe.py
+              subPath: health-probe.py
+              readOnly: true
+            - name: neutron-etc
+              mountPath: /etc/neutron/neutron.conf
+              subPath: neutron.conf
+              readOnly: true
+            {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
+            - name: neutron-etc
+              mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
+              subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
+              readOnly: true
+            {{- end }}
+            - name: neutron-etc
+              mountPath: /etc/neutron/l2gw_agent.ini
+              subPath: l2gw_agent.ini
+              readOnly: true
+{{ if $mounts_neutron_l2gw_agent.volumeMounts }}{{ toYaml $mounts_neutron_l2gw_agent.volumeMounts | indent 12 }}{{ end }}
+      volumes:
+        - name: pod-tmp
+          emptyDir: {}
+        - name: neutron-bin
+          configMap:
+            name: neutron-bin
+            defaultMode: 0555
+        - name: neutron-etc
+          secret:
+            secretName: {{ $configMapName }}
+            defaultMode: 0444
+{{ if $mounts_neutron_l2gw_agent.volumes }}{{ toYaml $mounts_neutron_l2gw_agent.volumes | indent 8 }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.daemonset_l2gw_agent }}
+{{- $envAll := . }}
+{{- $daemonset := "l2gw-agent" }}
+{{- $configMapName := "neutron-etc" }}
+{{- $serviceAccountName := "neutron-l2gw-agent" }}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "l2gateway" -}}
+{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
+{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.l2gw_agent.daemonset" | toString | fromYaml }}
+{{- $configmap_yaml := "neutron.configmap.etc" }}
+{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
+{{- end }}
--- a/neutron/templates/deployment-server.yaml
+++ b/neutron/templates/deployment-server.yaml
@ -119,6 +119,12 @@ spec:
              subPath: taas_plugin.ini
              readOnly: true
            {{ end }}
+            {{- if .Values.conf.plugins.l2gateway }}
+            - name: neutron-etc
+              mountPath: /etc/neutron/l2gw_plugin.ini
+              subPath: l2gw_plugin.ini
+              readOnly: true
+            {{ end }}
            - name: neutron-etc
              mountPath: /etc/neutron/api-paste.ini
              subPath: api-paste.ini
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -34,6 +34,7 @@ images:
    neutron_dhcp: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
    neutron_metadata: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
    neutron_l3: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
+    neutron_l2gw: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
    neutron_openvswitch_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
    neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial
    neutron_sriov_agent: docker.io/openstackhelm/neutron:ocata-18.04-sriov
@ -58,6 +59,9 @@ labels:
    metadata:
      node_selector_key: openstack-control-plane
      node_selector_value: enabled
+    l2gw:
+      node_selector_key: openstack-control-plane
+      node_selector_value: enabled
  job:
    node_selector_key: openstack-control-plane
    node_selector_value: enabled
@ -134,6 +138,7 @@ dependencies:
            service: local_image_registry
    targeted:
      sriov: {}
+      l2gateway: {}
      openvswitch:
        dhcp:
          pod:
@ -382,6 +387,11 @@ pod:
      neutron_sriov_agent:
        volumeMounts:
        volumes:
+    neutron_l2gw_agent:
+      init_container: null
+      neutron_l2gw_agent:
+        volumeMounts:
+        volumes:
    neutron_tests:
      init_container: null
      neutron_tests:
@ -487,6 +497,13 @@ pod:
        limits:
          memory: "1024Mi"
          cpu: "2000m"
+      l2gw:
+        requests:
+          memory: "128Mi"
+          cpu: "100m"
+        limits:
+          memory: "1024Mi"
+          cpu: "2000m"
    server:
      requests:
        memory: "128Mi"
@ -1989,6 +2006,7 @@ manifests:
  daemonset_metadata_agent: true
  daemonset_ovs_agent: true
  daemonset_sriov_agent: true
+  daemonset_l2gw_agent: false
  deployment_server: true
  ingress_server: true
  job_bootstrap: true
--- a/neutron/values_overrides/pike-ubuntu_xenial.yaml
+++ b/neutron/values_overrides/pike-ubuntu_xenial.yaml
@ -10,6 +10,7 @@ images:
    neutron_db_sync: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
    neutron_dhcp: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
    neutron_l3: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
+    neutron_l2gw: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
    neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
    neutron_metadata: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
    neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial"
--- a/neutron/values_overrides/queens-ubuntu_xenial.yaml
+++ b/neutron/values_overrides/queens-ubuntu_xenial.yaml
@ -10,6 +10,7 @@ images:
    neutron_db_sync: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
    neutron_dhcp: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
    neutron_l3: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
+    neutron_l2gw: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
    neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
    neutron_metadata: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
    neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial"
--- a/neutron/values_overrides/rocky-opensuse_15.yaml
+++ b/neutron/values_overrides/rocky-opensuse_15.yaml
@ -10,6 +10,7 @@ images:
    neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
    neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
    neutron_l3: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
+    neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
    neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
    neutron_metadata: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
    neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15"
--- a/neutron/values_overrides/rocky-ubuntu_bionic.yaml
+++ b/neutron/values_overrides/rocky-ubuntu_bionic.yaml
@ -10,6 +10,7 @@ images:
    neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
    neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
    neutron_l3: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
+    neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
    neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
    neutron_metadata: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
    neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic"
--- a/neutron/values_overrides/rocky-ubuntu_xenial.yaml
+++ b/neutron/values_overrides/rocky-ubuntu_xenial.yaml
@ -10,6 +10,7 @@ images:
    neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
    neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
    neutron_l3: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
+    neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
    neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
    neutron_metadata: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
    neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial"
--- a/tools/overrides/backends/networking/l2gateway.yaml
+++ b/tools/overrides/backends/networking/l2gateway.yaml
@ -0,0 +1,25 @@
+---
+conf:
+  neutron:
+    DEFAULT:
+      service_plugins: router, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin
+  plugins:
+    l2gateway:
+      DEFAULT:
+        quota_l2_gateway: 10
+        periodic_monitoring_interval: 5
+      service_providers:
+        service_provider: L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default
+  l2gateway_agent:
+    DEFAULT:
+      debug: false
+    ovsdb:
+      # <ovsdb_name>:<ip address>:<port>[,<ovsdb_name>:<ip address>:<port>]
+      # - ovsdb_name: a symbolic name that helps identifies keys and certificate files
+      # - ip address: the address or dns name for the ovsdb server
+      # - port: the port (ssl is supported)
+      ovsdb_hosts: ovsdbx:127.0.0.1:6632
+      socket_timeout: 30
+
+manifests:
+  daemonset_l2gw_agent: true