diff --git a/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl b/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl index a776dab714..b073551212 100644 --- a/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-dhcp-agent.sh.tpl @@ -20,5 +20,7 @@ set -x exec neutron-dhcp-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/dhcp_agent.ini \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if eq .Values.network.backend "ovs" }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini +{{- end }} diff --git a/neutron/templates/bin/_neutron-l3-agent.sh.tpl b/neutron/templates/bin/_neutron-l3-agent.sh.tpl index 21ccca3a24..24aecd87ef 100644 --- a/neutron/templates/bin/_neutron-l3-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-l3-agent.sh.tpl @@ -20,5 +20,7 @@ set -x exec neutron-l3-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/l3_agent.ini \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if eq .Values.network.backend "ovs" }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini +{{- end }} diff --git a/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl new file mode 100644 index 0000000000..179c669063 --- /dev/null +++ b/neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl @@ -0,0 +1,65 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +modprobe ebtables + +# configure external bridge +external_bridge="{{- .Values.network.external_bridge -}}" +external_interface="{{- .Values.network.interface.external -}}" +if [ -n "${external_bridge}" ] ; then + # adding existing bridge would break out the script when -e is set + set +e + ip link add name $external_bridge type bridge + set -e + ip link set dev $external_bridge up + if [ -n "$external_interface" ] ; then + ip link set dev $external_interface master $external_bridge + fi +fi + + +# configure all bridge mappings defined in config +{{- range $br, $phys := .Values.network.auto_bridge_add }} +if [ -n "{{- $br -}}" ] ; then + # adding existing bridge would break out the script when -e is set + set +e + ip link add name {{ $br }} type bridge + set -e + ip link set dev {{ $br }} up + if [ -n "{{- $phys -}}" ] ; then + ip link set dev {{ $phys }} master {{ $br }} + fi +fi +{{- end }} + + +tunnel_interface="{{- .Values.network.interface.tunnel -}}" +if [ -z "${tunnel_interface}" ] ; then + # search for interface with default routing + # If there is not default gateway, exit + tunnel_interface=$(ip r | grep default | grep -oP '(?<=dev ).*') || exit 1 +fi + +# determine local-ip dynamically based on interface provided but only if tunnel_types is not null +IP=$(ip a s $tunnel_interface | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +cat </tmp/pod-shared/ml2-local-ip.ini +[vxlan] +local_ip = $IP +EOF diff --git a/neutron/templates/bin/_neutron-linuxbridge-agent.sh.tpl b/neutron/templates/bin/_neutron-linuxbridge-agent.sh.tpl new file mode 100644 index 0000000000..2645668099 --- /dev/null +++ b/neutron/templates/bin/_neutron-linuxbridge-agent.sh.tpl @@ -0,0 +1,25 @@ +#!/bin/bash + +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +exec neutron-linuxbridge-agent \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /tmp/pod-shared/ml2-local-ip.ini \ + --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini diff --git a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl index 6d7d6b8101..6f254ff38b 100644 --- a/neutron/templates/bin/_neutron-metadata-agent.sh.tpl +++ b/neutron/templates/bin/_neutron-metadata-agent.sh.tpl @@ -20,5 +20,7 @@ set -x exec neutron-metadata-agent \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/metadata_agent.ini \ - --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ + --config-file /etc/neutron/plugins/ml2/ml2_conf.ini +{{- if eq .Values.network.backend "ovs" }} \ --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini +{{- end }} diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 5ec823825e..75db7449c0 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -43,6 +43,10 @@ data: {{ tuple "bin/_neutron-dhcp-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-l3-agent.sh: |+ {{ tuple "bin/_neutron-l3-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-linuxbridge-agent.sh: |+ +{{ tuple "bin/_neutron-linuxbridge-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-linuxbridge-agent-init.sh: |+ +{{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-metadata-agent.sh: |+ {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent.sh: |+ diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml index aa1096948d..e443e92b98 100644 --- a/neutron/templates/daemonset-dhcp-agent.yaml +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -63,10 +63,14 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true + {{- if eq .Values.network.backend "ovs" }} - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + - name: runopenvswitch + mountPath: /run/openvswitch + {{- end }} - name: neutron-etc mountPath: /etc/neutron/dhcp_agent.ini subPath: dhcp_agent.ini @@ -126,8 +130,6 @@ spec: mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters subPath: openvswitch-plugin.filters readOnly: true - - name: runopenvswitch - mountPath: /run/openvswitch - name: socket mountPath: /var/lib/neutron/openstack-helm {{ if $mounts_neutron_dhcp_agent.volumeMounts }}{{ toYaml $mounts_neutron_dhcp_agent.volumeMounts | indent 12 }}{{ end }} @@ -140,9 +142,11 @@ spec: configMap: name: neutron-etc defaultMode: 0444 + {{- if eq .Values.network.backend "ovs" }} - name: runopenvswitch hostPath: path: /run/openvswitch + {{- end }} - name: socket hostPath: path: /var/lib/neutron/openstack-helm diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml index 695331f938..dc25ac00f4 100644 --- a/neutron/templates/daemonset-l3-agent.yaml +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -63,10 +63,14 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true + {{- if eq .Values.network.backend "ovs" }} - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + - name: runopenvswitch + mountPath: /run/openvswitch + {{- end }} - name: neutron-etc mountPath: /etc/neutron/l3_agent.ini subPath: l3_agent.ini @@ -122,8 +126,6 @@ spec: mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters subPath: openvswitch-plugin.filters readOnly: true - - name: runopenvswitch - mountPath: /run/openvswitch - name: libmodules mountPath: /lib/modules readOnly: true @@ -139,9 +141,11 @@ spec: configMap: name: neutron-etc defaultMode: 0444 + {{- if eq .Values.network.backend "ovs" }} - name: runopenvswitch hostPath: path: /run/openvswitch + {{- end }} - name: libmodules hostPath: path: /lib/modules diff --git a/neutron/templates/daemonset-lb-agent.yaml b/neutron/templates/daemonset-lb-agent.yaml new file mode 100644 index 0000000000..aa3a91afe8 --- /dev/null +++ b/neutron/templates/daemonset-lb-agent.yaml @@ -0,0 +1,238 @@ +{{/* +Copyright 2017 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if .Values.manifests.daemonset_lb_agent }} +{{- $envAll := . }} +{{- $dependencies := .Values.dependencies.lb_agent }} +{{- $mounts_neutron_lb_agent := .Values.pod.mounts.neutron_lb_agent.neutron_lb_agent }} +{{- $mounts_neutron_lb_agent_init := .Values.pod.mounts.neutron_lb_agent.init_container }} +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: lb-agent +spec: +{{ tuple $envAll "lb_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "neutron" "lb-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} + spec: + nodeSelector: + {{ .Values.labels.lb.node_selector_key }}: {{ .Values.labels.lb.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + initContainers: +{{ tuple $envAll $dependencies $mounts_neutron_lb_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: lb-agent-init + image: {{ .Values.images.neutron_linuxbridge_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.lb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + privileged: true + runAsUser: 0 + command: + - /tmp/neutron-linuxbridge-agent-init.sh + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-linuxbridge-agent-init.sh + subPath: neutron-linuxbridge-agent-init.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/linuxbridge_agent.ini + subPath: linuxbridge_agent.ini + readOnly: true + - name: neutron-etc + # NOTE (Portdirect): We mount here to overide Kollas custom + # sudoers file when using Kolla images, this location will + # also work fine for other images. + mountPath: /etc/sudoers.d/kolla_neutron_sudoers + subPath: neutron_sudoers + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/debug.filters + subPath: debug.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dibbler.filters + subPath: dibbler.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ipset-firewall.filters + subPath: ipset-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/l3.filters + subPath: l3.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/netns-cleanup.filters + subPath: netns-cleanup.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dhcp.filters + subPath: dhcp.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ebtables.filters + subPath: ebtables.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/iptables-firewall.filters + subPath: iptables-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/linuxbridge-plugin.filters + subPath: linuxbridge-plugin.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters + subPath: openvswitch-plugin.filters + readOnly: true + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run +{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }} + containers: + - name: lb-agent + image: {{ .Values.images.neutron_linuxbridge_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.lb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + securityContext: + runAsUser: {{ .Values.pod.user.neutron.uid }} + privileged: true + command: + - /tmp/neutron-linuxbridge-agent.sh + readinessProbe: + exec: + command: + - bash + - -c + - 'brctl show' + volumeMounts: + - name: neutron-bin + mountPath: /tmp/neutron-linuxbridge-agent.sh + subPath: neutron-linuxbridge-agent.sh + readOnly: true + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/linuxbridge_agent.ini + subPath: linuxbridge_agent.ini + readOnly: true + - name: neutron-etc + # NOTE (Portdirect): We mount here to overide Kollas custom + # sudoers file when using Kolla images, this location will + # also work fine for other images. + mountPath: /etc/sudoers.d/kolla_neutron_sudoers + subPath: neutron_sudoers + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/debug.filters + subPath: debug.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dibbler.filters + subPath: dibbler.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ipset-firewall.filters + subPath: ipset-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/l3.filters + subPath: l3.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/netns-cleanup.filters + subPath: netns-cleanup.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/dhcp.filters + subPath: dhcp.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/ebtables.filters + subPath: ebtables.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/iptables-firewall.filters + subPath: iptables-firewall.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/linuxbridge-plugin.filters + subPath: linuxbridge-plugin.filters + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters + subPath: openvswitch-plugin.filters + readOnly: true + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run +{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-shared + emptyDir: {} + - name: neutron-bin + configMap: + name: neutron-bin + defaultMode: 0555 + - name: neutron-etc + configMap: + name: neutron-etc + defaultMode: 0444 + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run +{{ if $mounts_neutron_lb_agent.volumes }}{{ toYaml $mounts_neutron_lb_agent.volumes | indent 8 }}{{ end }} +{{- end }} diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml index d2a97dfbf5..edda11664e 100644 --- a/neutron/templates/daemonset-metadata-agent.yaml +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -65,10 +65,14 @@ spec: mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini subPath: ml2_conf.ini readOnly: true + {{- if eq .Values.network.backend "ovs" }} - name: neutron-etc mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini subPath: openvswitch_agent.ini readOnly: true + - name: runopenvswitch + mountPath: /run/openvswitch + {{- end }} - name: neutron-etc mountPath: /etc/neutron/metadata_agent.ini subPath: metadata_agent.ini @@ -124,8 +128,6 @@ spec: mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters subPath: openvswitch-plugin.filters readOnly: true - - name: runopenvswitch - mountPath: /run/openvswitch - name: socket mountPath: /var/lib/neutron/stackanetes {{ if $mounts_neutron_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_metadata_agent.volumeMounts | indent 12 }}{{ end }} @@ -138,9 +140,11 @@ spec: configMap: name: neutron-etc defaultMode: 0444 + {{- if eq .Values.network.backend "ovs" }} - name: runopenvswitch hostPath: path: /run/openvswitch + {{- end }} - name: socket hostPath: path: /var/lib/neutron/openstack-helm diff --git a/neutron/values.yaml b/neutron/values.yaml index 335c5d5d00..876546d9d0 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -32,6 +32,7 @@ images: metadata: docker.io/kolla/ubuntu-source-neutron-metadata-agent:3.0.3 l3: docker.io/kolla/ubuntu-source-neutron-l3-agent:3.0.3 neutron_openvswitch_agent: docker.io/kolla/ubuntu-source-neutron-openvswitch-agent:3.0.3 + neutron_linuxbridge_agent: docker.io/kolla/ubuntu-source-neutron-linuxbridge-agent:3.0.3 openvswitch_db_server: docker.io/kolla/ubuntu-source-openvswitch-db-server:3.0.3 openvswitch_vswitchd: docker.io/kolla/ubuntu-source-openvswitch-vswitchd:3.0.3 dep_check: docker.io/kolla/ubuntu-source-kubernetes-entrypoint:4.0.0 @@ -45,6 +46,9 @@ labels: ovs: node_selector_key: openvswitch node_selector_value: enabled + lb: + node_selector_key: linuxbridge + node_selector_value: enabled agent: dhcp: node_selector_key: openstack-control-plane @@ -60,6 +64,9 @@ labels: node_selector_value: enabled network: + # provide what type of network wiring will be used + # possible options: ovs, linuxbridge + backend: ovs external_bridge: br-ex ip_address: 0.0.0.0 interface: @@ -138,6 +145,7 @@ dependencies: - service: compute endpoint: internal daemonset: + # this should be set to corresponding neutron L2 agent - ovs-agent metadata: services: @@ -148,6 +156,7 @@ dependencies: - service: compute endpoint: internal daemonset: + # this should be set to corresponding neutron L2 agent - ovs-agent ovs_agent: services: @@ -155,6 +164,12 @@ dependencies: endpoint: internal - service: network endpoint: internal + lb_agent: + services: + - service: oslo_messaging + endpoint: internal + - service: network + endpoint: internal l3: services: - service: oslo_messaging @@ -164,6 +179,7 @@ dependencies: - service: compute endpoint: internal daemonset: + # this should be set to corresponding neutron L2 agent - ovs-agent tests: services: @@ -198,6 +214,9 @@ pod: neutron_l3_agent: init_container: null neutron_l3_agent: + neutron_lb_agent: + init_container: null + neutron_lb_agent: neutron_metadata_agent: init_container: null neutron_metadata_agent: @@ -230,6 +249,10 @@ pod: enabled: false min_ready_seconds: 0 max_unavailable: 1 + lb_agent: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 metadata_agent: enabled: true min_ready_seconds: 0 @@ -269,6 +292,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + lb: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" metadata: requests: memory: "128Mi" @@ -599,9 +629,11 @@ conf: default_availability_zones: nova api_workers: 4 allow_overlapping_ips: True + # core_plugin can be: ml2, calico core_plugin: ml2 + # service_plugin can be: router, odl-router, empty for calico, + # networking_ovn.l3.l3_ovn.OVNL3RouterPlugin for OVN service_plugins: router - interface_driver: openvswitch metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy db: allow_automatic_l3agent_failover: True @@ -613,6 +645,7 @@ conf: network_auto_schedule: True router_auto_schedule: True agent: + # we can define here, which driver we are using: openvswitch or linuxbridge interface_driver: openvswitch oslo_concurrency: oslo: @@ -654,6 +687,8 @@ conf: neutron: ml2: extension_drivers: port_security + # mechnism_drivers can be: openvswitch, linuxbridge, + # opendaylight, ovn mechanism_drivers: openvswitch,l2population type_drivers: flat,vlan,vxlan tenant_network_types: vxlan @@ -683,6 +718,8 @@ conf: neutron: base: agent: + # we can define here, which driver we are using: + # openvswitch or linuxbridge interface_driver: openvswitch dhcp: agent: @@ -696,6 +733,8 @@ conf: neutron: base: agent: + # we can define here, which driver we are using: + # openvswitch or linuxbridge interface_driver: openvswitch l3: agent: @@ -754,6 +793,30 @@ conf: linuxbridge_agent: override: append: + linux_bridge: + neutron: + ml2: + linuxbridge: + agent: + # To define Flat and VLAN connections, in LB we can assign + # specific interface to the flat/vlan network name using: + # physical_interface_mappings: "external:eth3" + # Or we can set the mapping between the network and bridge: + bridge_mappings: "external:br-ex" + # The two above options are exclusive, do not use both of them at once + securitygroup: + neutron: + ml2: + linuxbridge: + agent: + firewall_driver: neutron.agent.linux.iptables_firewall.IptablesFirewallDriver + vxlan: + neutron: + ml2: + linuxbridge: + agent: + l2_population: True + arp_responder: True # Names of secrets used by bootstrap and environmental checks secrets: @@ -870,6 +933,7 @@ manifests: configmap_etc: true daemonset_dhcp_agent: true daemonset_l3_agent: true + daemonset_lb_agent: false daemonset_metadata_agent: true daemonset_ovs_agent: true daemonset_ovs_db: true diff --git a/nova/values.yaml b/nova/values.yaml index 274cd57990..12005f460c 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -196,6 +196,7 @@ dependencies: - service: network endpoint: internal daemonset: + # this should be set to corresponding neutron L2 agent - ovs-agent libvirt: jobs: diff --git a/tools/overrides/mvp/neutron-linuxbridge.yaml b/tools/overrides/mvp/neutron-linuxbridge.yaml new file mode 100644 index 0000000000..6195a08324 --- /dev/null +++ b/tools/overrides/mvp/neutron-linuxbridge.yaml @@ -0,0 +1,84 @@ +# Copyright 2017 The Openstack-Helm Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# MVP values for neutron using Linux Bridge. +# This file contains overrides to launch a MVP deployment of neutron using +# Linux Bridge for the OpenStack-Helm gates, and local development use. +# It should be kept to the bare minimum required for this purpose. + +network: + backend: linuxbridge + interface: + tunnel: docker0 + +manifests: + daemonset_lb_agent: true + daemonset_ovs_agent: false + daemonset_ovs_db: false + daemonset_ovs_vswitchd: false + +dependencies: + dhcp: + daemonset: + - lb-agent + l3: + daemonset: + - lb-agent + metadata: + daemonset: + - lb-agent + +conf: + neutron: + default: + oslo: + log: + debug: false + neutron: + agent: + interface_driver: linuxbridge + db: + l3_ha: False + min_l3_agents_per_router: 1 + max_l3_agents_per_router: 1 + l3_ha_network_type: vxlan + dhcp_agents_per_network: 1 + ml2_conf: + ml2: + neutron: + ml2: + mechanism_drivers: linuxbridge, l2population + ml2_type_flat: + neutron: + ml2: + flat_networks: public + dhcp_agent: + default: + neutron: + base: + agent: + interface_driver: linuxbridge + l3_agent: + default: + neutron: + base: + agent: + interface_driver: linuxbridge + linuxbridge_agent: + linux_bridge: + neutron: + ml2: + linuxbridge: + agent: + bridge_mappings: "public:br-ex"