From 8c9374304131968863ba008ac579b3bc42ff75eb Mon Sep 17 00:00:00 2001 From: Michael Polenchuk Date: Thu, 20 Jun 2019 14:41:04 +0400 Subject: [PATCH] [neutron] Bring in L2 gateway support L2 Gateway (L2GW) is an API framework that offers bridging 2+ networks together to make them look as a single broadcast domain. A typical use case is bridging the virtual with the physical networks. Change-Id: I95ff59ce024747f7af40c6bef0661bb3743b0af1 --- .../templates/bin/_neutron-l2gw-agent.sh.tpl | 22 +++ neutron/templates/bin/_neutron-server.sh.tpl | 3 + neutron/templates/configmap-bin.yaml | 2 + neutron/templates/configmap-etc.yaml | 2 + neutron/templates/daemonset-l2gw-agent.yaml | 152 ++++++++++++++++++ neutron/templates/deployment-server.yaml | 6 + neutron/values.yaml | 18 +++ .../values_overrides/pike-ubuntu_xenial.yaml | 1 + .../queens-ubuntu_xenial.yaml | 1 + .../values_overrides/rocky-opensuse_15.yaml | 1 + .../values_overrides/rocky-ubuntu_bionic.yaml | 1 + .../values_overrides/rocky-ubuntu_xenial.yaml | 1 + .../backends/networking/l2gateway.yaml | 25 +++ 13 files changed, 235 insertions(+) create mode 100644 neutron/templates/bin/_neutron-l2gw-agent.sh.tpl create mode 100644 neutron/templates/daemonset-l2gw-agent.yaml create mode 100644 tools/overrides/backends/networking/l2gateway.yaml diff --git a/neutron/templates/bin/_neutron-l2gw-agent.sh.tpl b/neutron/templates/bin/_neutron-l2gw-agent.sh.tpl new file mode 100644 index 0000000000..dddf9e157a --- /dev/null +++ b/neutron/templates/bin/_neutron-l2gw-agent.sh.tpl @@ -0,0 +1,22 @@ +#!/bin/bash + +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x +exec neutron-l2gateway-agent \ + --config-file=/etc/neutron/neutron.conf \ + --config-file=/etc/neutron/l2gw_agent.ini diff --git a/neutron/templates/bin/_neutron-server.sh.tpl b/neutron/templates/bin/_neutron-server.sh.tpl index a4de32d6b4..3ba87eeb66 100644 --- a/neutron/templates/bin/_neutron-server.sh.tpl +++ b/neutron/templates/bin/_neutron-server.sh.tpl @@ -29,6 +29,9 @@ function start () { {{- if ( has "sriov" .Values.network.backend ) }} \ --config-file /etc/neutron/plugins/ml2/sriov_agent.ini {{- end }} +{{- if .Values.conf.plugins.l2gateway }} \ + --config-file /etc/neutron/l2gw_plugin.ini +{{- end }} } function stop () { diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 0ee992df7d..1e03ce3cb7 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -71,6 +71,8 @@ data: {{ tuple "bin/_neutron-sriov-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-sriov-agent-init.sh: | {{ tuple "bin/_neutron-sriov-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-l2gw-agent.sh: | +{{ tuple "bin/_neutron-l2gw-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-server.sh: | {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} rabbit-init.sh: | diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 016b6ea24e..5544cb455d 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -190,10 +190,12 @@ data: ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }} ml2_conf_sriov.ini: {{ default ( include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf_sriov | b64enc ) "\"\"" }} taas.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.taas | b64enc }} + l2gw_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.plugins.l2gateway | b64enc) }} macvtap_agent.ini: {{ default ( include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.macvtap_agent | b64enc ) "\"\"" }} linuxbridge_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.linuxbridge_agent | b64enc }} openvswitch_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.openvswitch_agent | b64enc }} sriov_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.sriov_agent | b64enc }} + l2gw_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" .Values.conf.l2gateway_agent | b64enc) }} dnsmasq.conf: "" neutron_sudoers: {{ $envAll.Values.conf.neutron_sudoers | b64enc }} rootwrap.conf: {{ $envAll.Values.conf.rootwrap | b64enc }} diff --git a/neutron/templates/daemonset-l2gw-agent.yaml b/neutron/templates/daemonset-l2gw-agent.yaml new file mode 100644 index 0000000000..ce825c6b78 --- /dev/null +++ b/neutron/templates/daemonset-l2gw-agent.yaml @@ -0,0 +1,152 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "neutron.l2gw_agent.daemonset" }} +{{- $daemonset := index . 0 }} +{{- $configMapName := index . 1 }} +{{- $serviceAccountName := index . 2 }} +{{- $envAll := index . 3 }} +{{- with $envAll }} + +{{- $mounts_neutron_l2gw_agent := .Values.pod.mounts.neutron_l2gw_agent.neutron_l2gw_agent }} +{{- $mounts_neutron_l2gw_agent_init := .Values.pod.mounts.neutron_l2gw_agent.init_container }} + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: neutron-l2gw-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll "l2gw_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "neutron" "l2gw-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: +{{ dict "envAll" $envAll "application" "neutron" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} + nodeSelector: + {{ .Values.labels.agent.l2gw.node_selector_key }}: {{ .Values.labels.agent.l2gw.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} + shareProcessNamespace: true + {{- else }} + hostPID: true + {{- end }} + initContainers: +{{ tuple $envAll "pod_dependency" $mounts_neutron_l2gw_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + containers: + - name: neutron-l2gw-agent +{{ tuple $envAll "neutron_l2gw" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.l2gw | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true + readinessProbe: + exec: + command: + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/l2gw_agent.ini + - --agent-queue-name + - l2gateway_agent + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 65 + livenessProbe: + exec: + command: + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/l2gw_agent.ini + - --agent-queue-name + - l2gateway_agent + - --liveness-probe + initialDelaySeconds: 120 + periodSeconds: 90 + timeoutSeconds: 70 + command: + - /tmp/neutron-l2gw-agent.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: neutron-bin + mountPath: /tmp/neutron-l2gw-agent.sh + subPath: neutron-l2gw-agent.sh + readOnly: true + - name: neutron-bin + mountPath: /tmp/health-probe.py + subPath: health-probe.py + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + {{- if .Values.conf.neutron.DEFAULT.log_config_append }} + - name: neutron-etc + mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: neutron-etc + mountPath: /etc/neutron/l2gw_agent.ini + subPath: l2gw_agent.ini + readOnly: true +{{ if $mounts_neutron_l2gw_agent.volumeMounts }}{{ toYaml $mounts_neutron_l2gw_agent.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: neutron-bin + configMap: + name: neutron-bin + defaultMode: 0555 + - name: neutron-etc + secret: + secretName: {{ $configMapName }} + defaultMode: 0444 +{{ if $mounts_neutron_l2gw_agent.volumes }}{{ toYaml $mounts_neutron_l2gw_agent.volumes | indent 8 }}{{ end }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.daemonset_l2gw_agent }} +{{- $envAll := . }} +{{- $daemonset := "l2gw-agent" }} +{{- $configMapName := "neutron-etc" }} +{{- $serviceAccountName := "neutron-l2gw-agent" }} +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "l2gateway" -}} +{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} +{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.l2gw_agent.daemonset" | toString | fromYaml }} +{{- $configmap_yaml := "neutron.configmap.etc" }} +{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }} +{{- end }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 33ce76636d..b32a183705 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -119,6 +119,12 @@ spec: subPath: taas_plugin.ini readOnly: true {{ end }} + {{- if .Values.conf.plugins.l2gateway }} + - name: neutron-etc + mountPath: /etc/neutron/l2gw_plugin.ini + subPath: l2gw_plugin.ini + readOnly: true + {{ end }} - name: neutron-etc mountPath: /etc/neutron/api-paste.ini subPath: api-paste.ini diff --git a/neutron/values.yaml b/neutron/values.yaml index 4d05a546a4..2865c8857f 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -34,6 +34,7 @@ images: neutron_dhcp: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial neutron_metadata: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial neutron_l3: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial + neutron_l2gw: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial neutron_openvswitch_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial neutron_linuxbridge_agent: docker.io/openstackhelm/neutron:ocata-ubuntu_xenial neutron_sriov_agent: docker.io/openstackhelm/neutron:ocata-18.04-sriov @@ -58,6 +59,9 @@ labels: metadata: node_selector_key: openstack-control-plane node_selector_value: enabled + l2gw: + node_selector_key: openstack-control-plane + node_selector_value: enabled job: node_selector_key: openstack-control-plane node_selector_value: enabled @@ -134,6 +138,7 @@ dependencies: service: local_image_registry targeted: sriov: {} + l2gateway: {} openvswitch: dhcp: pod: @@ -382,6 +387,11 @@ pod: neutron_sriov_agent: volumeMounts: volumes: + neutron_l2gw_agent: + init_container: null + neutron_l2gw_agent: + volumeMounts: + volumes: neutron_tests: init_container: null neutron_tests: @@ -487,6 +497,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + l2gw: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" server: requests: memory: "128Mi" @@ -1989,6 +2006,7 @@ manifests: daemonset_metadata_agent: true daemonset_ovs_agent: true daemonset_sriov_agent: true + daemonset_l2gw_agent: false deployment_server: true ingress_server: true job_bootstrap: true diff --git a/neutron/values_overrides/pike-ubuntu_xenial.yaml b/neutron/values_overrides/pike-ubuntu_xenial.yaml index fc5b83a48a..90158f8969 100644 --- a/neutron/values_overrides/pike-ubuntu_xenial.yaml +++ b/neutron/values_overrides/pike-ubuntu_xenial.yaml @@ -10,6 +10,7 @@ images: neutron_db_sync: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" neutron_dhcp: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" neutron_l3: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" + neutron_l2gw: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" neutron_metadata: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:pike-ubuntu_xenial" diff --git a/neutron/values_overrides/queens-ubuntu_xenial.yaml b/neutron/values_overrides/queens-ubuntu_xenial.yaml index 2a7e499ae2..1d0c32eeab 100644 --- a/neutron/values_overrides/queens-ubuntu_xenial.yaml +++ b/neutron/values_overrides/queens-ubuntu_xenial.yaml @@ -10,6 +10,7 @@ images: neutron_db_sync: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" neutron_dhcp: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" neutron_l3: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" + neutron_l2gw: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" neutron_metadata: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:queens-ubuntu_xenial" diff --git a/neutron/values_overrides/rocky-opensuse_15.yaml b/neutron/values_overrides/rocky-opensuse_15.yaml index b27ff910c6..72f5de80f4 100644 --- a/neutron/values_overrides/rocky-opensuse_15.yaml +++ b/neutron/values_overrides/rocky-opensuse_15.yaml @@ -10,6 +10,7 @@ images: neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-opensuse_15" neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-opensuse_15" neutron_l3: "docker.io/openstackhelm/neutron:rocky-opensuse_15" + neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-opensuse_15" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15" neutron_metadata: "docker.io/openstackhelm/neutron:rocky-opensuse_15" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-opensuse_15" diff --git a/neutron/values_overrides/rocky-ubuntu_bionic.yaml b/neutron/values_overrides/rocky-ubuntu_bionic.yaml index 661dcec8b2..f5c20ff90e 100644 --- a/neutron/values_overrides/rocky-ubuntu_bionic.yaml +++ b/neutron/values_overrides/rocky-ubuntu_bionic.yaml @@ -10,6 +10,7 @@ images: neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" neutron_l3: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" + neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" neutron_metadata: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_bionic" diff --git a/neutron/values_overrides/rocky-ubuntu_xenial.yaml b/neutron/values_overrides/rocky-ubuntu_xenial.yaml index 10c765cf49..78e677ca10 100644 --- a/neutron/values_overrides/rocky-ubuntu_xenial.yaml +++ b/neutron/values_overrides/rocky-ubuntu_xenial.yaml @@ -10,6 +10,7 @@ images: neutron_db_sync: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" neutron_dhcp: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" neutron_l3: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" + neutron_l2gw: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" neutron_metadata: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:rocky-ubuntu_xenial" diff --git a/tools/overrides/backends/networking/l2gateway.yaml b/tools/overrides/backends/networking/l2gateway.yaml new file mode 100644 index 0000000000..6e4fe10fe5 --- /dev/null +++ b/tools/overrides/backends/networking/l2gateway.yaml @@ -0,0 +1,25 @@ +--- +conf: + neutron: + DEFAULT: + service_plugins: router, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin + plugins: + l2gateway: + DEFAULT: + quota_l2_gateway: 10 + periodic_monitoring_interval: 5 + service_providers: + service_provider: L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.rpc_l2gw.L2gwRpcDriver:default + l2gateway_agent: + DEFAULT: + debug: false + ovsdb: + # ::[,::] + # - ovsdb_name: a symbolic name that helps identifies keys and certificate files + # - ip address: the address or dns name for the ovsdb server + # - port: the port (ssl is supported) + ovsdb_hosts: ovsdbx:127.0.0.1:6632 + socket_timeout: 30 + +manifests: + daemonset_l2gw_agent: true