From b9a4a0b31de129372f10eb5ee7b7d404266e330e Mon Sep 17 00:00:00 2001 From: Alan Meadows Date: Tue, 3 Jan 2017 12:28:44 -0800 Subject: [PATCH] Commit neutron chart This is a functioning neutron chart that leverages a flat network but supports vxlan and gre networks in values.yaml. We were unable to test the vxlan functionality as it tickles the bnx2x cards in our HP blade lab. For now, this leverages daemonsets which make sense. It does require a new label, namely openvswitch=enabled as we need a label that can be applied both to the control plane and tenant compute hosts as both require neutron agents and openvswitch. The interfaces today match our labs, namely enp11s0f0 for the flat network on physnet1 and enp12s0f0 for the external network. These can be overriden in values.yaml via set or a global environmental file. It depends on the keystone endpoint work. This chart was tested against a working nova chart not commited as DTadrzak has one open in PR#45 --- Makefile | 14 +- neutron/Chart.yaml | 3 + neutron/requirements.yaml | 4 + neutron/templates/bin/_init.sh.tpl | 18 ++ .../bin/_neutron-openvswitch-agent.sh.tpl | 16 ++ .../bin/_openvswitch-db-server.sh.tpl | 10 + .../bin/_openvswitch-ensure-configured.sh.tpl | 20 ++ .../bin/_openvswitch-vswitchd.sh.tpl | 14 + neutron/templates/bin/_post.sh.tpl | 41 +++ neutron/templates/configmap-bin.yaml | 17 ++ neutron/templates/configmap-etc.yaml | 19 ++ neutron/templates/daemonset-dhcp-agent.yaml | 83 ++++++ neutron/templates/daemonset-l3-agent.yaml | 77 ++++++ .../templates/daemonset-metadata-agent.yaml | 79 ++++++ neutron/templates/daemonset-openvswitch.yaml | 166 ++++++++++++ neutron/templates/deployment-server.yaml | 53 ++++ neutron/templates/etc/_dhcp-agent.ini.tpl | 5 + neutron/templates/etc/_l3-agent.ini.tpl | 4 + neutron/templates/etc/_metadata-agent.ini.tpl | 31 +++ neutron/templates/etc/_ml2-conf.ini.tpl | 43 ++++ neutron/templates/etc/_neutron.conf.tpl | 71 ++++++ neutron/templates/etc/_resolv.conf.tpl | 5 + neutron/templates/job-db-sync.yaml | 43 ++++ neutron/templates/job-init.yaml | 37 +++ neutron/templates/job-post.yaml | 39 +++ neutron/templates/service.yaml | 9 + neutron/values.yaml | 241 ++++++++++++++++++ 27 files changed, 1153 insertions(+), 9 deletions(-) create mode 100644 neutron/Chart.yaml create mode 100644 neutron/requirements.yaml create mode 100644 neutron/templates/bin/_init.sh.tpl create mode 100644 neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl create mode 100644 neutron/templates/bin/_openvswitch-db-server.sh.tpl create mode 100644 neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl create mode 100644 neutron/templates/bin/_openvswitch-vswitchd.sh.tpl create mode 100644 neutron/templates/bin/_post.sh.tpl create mode 100644 neutron/templates/configmap-bin.yaml create mode 100644 neutron/templates/configmap-etc.yaml create mode 100644 neutron/templates/daemonset-dhcp-agent.yaml create mode 100644 neutron/templates/daemonset-l3-agent.yaml create mode 100644 neutron/templates/daemonset-metadata-agent.yaml create mode 100644 neutron/templates/daemonset-openvswitch.yaml create mode 100644 neutron/templates/deployment-server.yaml create mode 100644 neutron/templates/etc/_dhcp-agent.ini.tpl create mode 100644 neutron/templates/etc/_l3-agent.ini.tpl create mode 100644 neutron/templates/etc/_metadata-agent.ini.tpl create mode 100644 neutron/templates/etc/_ml2-conf.ini.tpl create mode 100644 neutron/templates/etc/_neutron.conf.tpl create mode 100644 neutron/templates/etc/_resolv.conf.tpl create mode 100644 neutron/templates/job-db-sync.yaml create mode 100644 neutron/templates/job-init.yaml create mode 100644 neutron/templates/job-post.yaml create mode 100644 neutron/templates/service.yaml create mode 100644 neutron/values.yaml diff --git a/Makefile b/Makefile index 0021fb204f..b1ca636d4b 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,12 @@ -.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack all clean +.PHONY: ceph bootstrap mariadb keystone memcached rabbitmq common openstack neutron all clean B64_DIRS := common/secrets B64_EXCLUDE := $(wildcard common/secrets/*.b64) -CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon openstack +CHARTS := ceph mariadb rabbitmq GLANCE memcached keystone glance horizon neutron openstack COMMON_TPL := common/templates/_globals.tpl -all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon openstack +all: common ceph bootstrap mariadb rabbitmq memcached keystone glance horizon neutron openstack common: build-common @@ -25,6 +25,8 @@ rabbitmq: build-rabbitmq glance: build-glance +glance: build-neutron + memcached: build-memcached openstack: build-openstack @@ -41,9 +43,3 @@ build-%: helm lint $* helm package $* -## this is required for some charts which cannot pass a lint, namely -## those which use .Release.Namespace in a default pipe capacity -#nolint-build-%: -# if [ -f $*/Makefile ]; then make -C $*; fi -# if [ -f $*/requirements.yaml ]; then helm dep up $*; fi -# helm package $* diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml new file mode 100644 index 0000000000..f295ecfa07 --- /dev/null +++ b/neutron/Chart.yaml @@ -0,0 +1,3 @@ +description: A Helm chart for neutron +name: neutron +version: 0.1.0 diff --git a/neutron/requirements.yaml b/neutron/requirements.yaml new file mode 100644 index 0000000000..2350b1facb --- /dev/null +++ b/neutron/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: + - name: common + repository: http://localhost:8879/charts + version: 0.1.0 diff --git a/neutron/templates/bin/_init.sh.tpl b/neutron/templates/bin/_init.sh.tpl new file mode 100644 index 0000000000..1498bbc233 --- /dev/null +++ b/neutron/templates/bin/_init.sh.tpl @@ -0,0 +1,18 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m mysql_db -a "login_host='{{ include "neutron_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.neutron_database_name }}'" + +ansible localhost -vvv -m mysql_user -a "login_host='{{ include "neutron_db_host" . }}' \ +login_port='{{ .Values.database.port }}' \ +login_user='{{ .Values.database.root_user }}' \ +login_password='{{ .Values.database.root_password }}' \ +name='{{ .Values.database.neutron_user }}' \ +password='{{ .Values.database.neutron_password }}' \ +host='%' \ +priv='{{ .Values.database.neutron_database_name }}.*:ALL' append_privs='yes'" diff --git a/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl new file mode 100644 index 0000000000..5860e3b973 --- /dev/null +++ b/neutron/templates/bin/_neutron-openvswitch-agent.sh.tpl @@ -0,0 +1,16 @@ +#!/bin/bash +set -x +chown neutron: /run/openvswitch/db.sock + +# determine local-ip dynamically based on interface provided but only if tunnel_types is not null +{{- if .Values.ml2.agent.tunnel_types }} +IP=$(ip a s {{ .Values.network.interface.tunnel | default .Values.network.interface.default}} | grep 'inet ' | awk '{print $2}' | awk -F "/" '{print $1}') +cat </tmp/ml2-local-ip.ini +[ovs] +local_ip = $IP +EOF +{{- else }} +touch /tmp/ml2-local-ip.ini +{{- end }} + +exec sudo -E -u neutron neutron-openvswitch-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini --config-file /tmp/ml2-local-ip.ini diff --git a/neutron/templates/bin/_openvswitch-db-server.sh.tpl b/neutron/templates/bin/_openvswitch-db-server.sh.tpl new file mode 100644 index 0000000000..48acfafa0b --- /dev/null +++ b/neutron/templates/bin/_openvswitch-db-server.sh.tpl @@ -0,0 +1,10 @@ +#!/bin/bash +set -ex + +mkdir -p "/run/openvswitch" +if [[ ! -e "/run/openvswitch/conf.db" ]]; then + ovsdb-tool create "/run/openvswitch/conf.db" +fi + +umask 000 +exec /usr/sbin/ovsdb-server /run/openvswitch/conf.db -vconsole:emer -vconsole:err -vconsole:info --remote=punix:/run/openvswitch/db.sock diff --git a/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl new file mode 100644 index 0000000000..041af73752 --- /dev/null +++ b/neutron/templates/bin/_openvswitch-ensure-configured.sh.tpl @@ -0,0 +1,20 @@ +#!/bin/bash +set -x + +bridge=$1 +port=$2 + +# one time deal +ovs-vsctl --no-wait --if-exists del-port physnet1 enp11s0f0 +ovs-vsctl --no-wait --if-exists del-br physnet1 + +# note that only "br-ex" is definable right now + +ovs-vsctl --no-wait --may-exist add-br $bridge +ovs-vsctl --no-wait --may-exist add-port $bridge $port + +# handle any bridge mappings +{{- range $bridge, $port := .Values.ml2.ovs.auto_bridge_add }} +ovs-vsctl --no-wait --may-exist add-br {{ $bridge }} +ovs-vsctl --no-wait --may-exist add-port {{ $bridge }} {{ $port }} +{{- end}} diff --git a/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl new file mode 100644 index 0000000000..c946e2c84e --- /dev/null +++ b/neutron/templates/bin/_openvswitch-vswitchd.sh.tpl @@ -0,0 +1,14 @@ +#!/bin/bash +set -ex + +# load tunnel kernel modules we may use and gre/vxlan +modprobe openvswitch + +{{- if .Values.ml2.agent.tunnel_types }} +modprobe gre +modprobe vxlan +{{- end }} + +ovs-vsctl --no-wait show +bash /tmp/openvswitch-ensure-configured.sh {{ .Values.network.external_bridge }} {{ .Values.network.interface.external | default .Values.network.interface.default }} +exec /usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock --mlockall -vconsole:emer -vconsole:err -vconsole:info diff --git a/neutron/templates/bin/_post.sh.tpl b/neutron/templates/bin/_post.sh.tpl new file mode 100644 index 0000000000..77c818121d --- /dev/null +++ b/neutron/templates/bin/_post.sh.tpl @@ -0,0 +1,41 @@ +#!/bin/bash +set -ex +export HOME=/tmp + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=admin \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=internal \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_service -a "service_name=neutron \ +service_type=network \ +description='Openstack Networking' \ +endpoint_region={{ .Values.keystone.neutron_region_name }} \ +url='{{ include "endpoint_neutron_api_internal" . }}' \ +interface=public \ +region_name={{ .Values.keystone.admin_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" + +ansible localhost -vvv -m kolla_keystone_user -a "project=service \ +user={{ .Values.keystone.neutron_user }} \ +password={{ .Values.keystone.neutron_password }} \ +role=admin \ +region_name={{ .Values.keystone.neutron_region_name }} \ +auth='{{ include "keystone_auth" .}}'" \ +-e "{'openstack_neutron_auth':{{ include "keystone_auth" .}}}" diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml new file mode 100644 index 0000000000..c74d116902 --- /dev/null +++ b/neutron/templates/configmap-bin.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-bin +data: + init.sh: | +{{ tuple "bin/_init.sh.tpl" . | include "template" | indent 4 }} + neutron-openvswitch-agent.sh: | +{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "template" | indent 4 }} + openvswitch-db-server.sh: | +{{ tuple "bin/_openvswitch-db-server.sh.tpl" . | include "template" | indent 4 }} + openvswitch-ensure-configured.sh: | +{{ tuple "bin/_openvswitch-ensure-configured.sh.tpl" . | include "template" | indent 4 }} + openvswitch-vswitchd.sh: | +{{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "template" | indent 4 }} + post.sh: | +{{ tuple "bin/_post.sh.tpl" . | include "template" | indent 4 }} diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml new file mode 100644 index 0000000000..7019200e0c --- /dev/null +++ b/neutron/templates/configmap-etc.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-etc +data: + dhcp-agent.ini: | +{{ tuple "etc/_dhcp-agent.ini.tpl" . | include "template" | indent 4 }} + l3-agent.ini: | +{{ tuple "etc/_l3-agent.ini.tpl" . | include "template" | indent 4 }} + metadata-agent.ini: | +{{ tuple "etc/_metadata-agent.ini.tpl" . | include "template" | indent 4 }} + ml2-conf.ini: | +{{ tuple "etc/_ml2-conf.ini.tpl" . | include "template" | indent 4 }} + neutron.conf: | +{{ tuple "etc/_neutron.conf.tpl" . | include "template" | indent 4 }} + resolv.conf: | +{{ tuple "etc/_resolv.conf.tpl" . | include "template" | indent 4 }} + dnsmasq.conf: "" + \ No newline at end of file diff --git a/neutron/templates/daemonset-dhcp-agent.yaml b/neutron/templates/daemonset-dhcp-agent.yaml new file mode 100644 index 0000000000..dfd4a94694 --- /dev/null +++ b/neutron/templates/daemonset-dhcp-agent.yaml @@ -0,0 +1,83 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-dhcp-agent +spec: + template: + metadata: + labels: + app: neutron-dhcp-agent + spec: + nodeSelector: + {{ .Values.labels.agent.dhcp.node_selector_key }}: {{ .Values.labels.agent.dhcp.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-dhcp-agent + image: {{ .Values.images.dhcp }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.dhcp | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp-agent.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.dhcp.daemonset }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: dhcpagentini + mountPath: /etc/neutron/dhcp-agent.ini + subPath: dhcp-agent.ini + - name: dnsmasqconf + mountPath: /etc/neutron/dnsmasq.conf + subPath: dnsmasq.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/openstack-helm + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: dhcpagentini + configMap: + name: neutron-etc + - name: dnsmasqconf + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: resolvconf + configMap: + name: neutron-etc + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm \ No newline at end of file diff --git a/neutron/templates/daemonset-l3-agent.yaml b/neutron/templates/daemonset-l3-agent.yaml new file mode 100644 index 0000000000..7fb63e7635 --- /dev/null +++ b/neutron/templates/daemonset-l3-agent.yaml @@ -0,0 +1,77 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-l3-agent +spec: + template: + metadata: + labels: + app: neutron-l3-agent + spec: + nodeSelector: + {{ .Values.labels.agent.l3.node_selector_key }}: {{ .Values.labels.agent.l3.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-l3-agent + image: {{ .Values.images.l3 }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.l3 | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3-agent.ini --config-file /etc/neutron/plugins/ml2/ml2-conf.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.l3.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.l3.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.l3.daemonset }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: l3agentini + mountPath: /etc/neutron/l3-agent.ini + subPath: l3-agent.ini + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/stackanetes + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: l3agentini + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: socket + hostPath: + path: /var/lib/neutron/stackanetes diff --git a/neutron/templates/daemonset-metadata-agent.yaml b/neutron/templates/daemonset-metadata-agent.yaml new file mode 100644 index 0000000000..d8e8daaaf0 --- /dev/null +++ b/neutron/templates/daemonset-metadata-agent.yaml @@ -0,0 +1,79 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-metadata-agent +spec: + template: + metadata: + labels: + app: neutron-metadata-agent + spec: + nodeSelector: + {{ .Values.labels.agent.metadata.node_selector_key }}: {{ .Values.labels.agent.metadata.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-metadata-agent + image: {{ .Values.images.metadata }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.metadata | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata-agent.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.service }}" + - name: DEPENDENCY_DAEMONSET + value: "{{ include "joinListWithColon" .Values.dependencies.metadata.daemonset }}" + ports: + - containerPort: {{ .Values.network.port.metadata }} + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: metadataagentini + mountPath: /etc/neutron/metadata-agent.ini + subPath: metadata-agent.ini + - name: resolvconf + mountPath: /etc/resolv.conf + subPath: resolv.conf + - name: runopenvswitch + mountPath: /run/openvswitch + - name: socket + mountPath: /var/lib/neutron/stackanetes + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: metadataagentini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: runopenvswitch + hostPath: + path: /run/openvswitch + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm \ No newline at end of file diff --git a/neutron/templates/daemonset-openvswitch.yaml b/neutron/templates/daemonset-openvswitch.yaml new file mode 100644 index 0000000000..576dd386e2 --- /dev/null +++ b/neutron/templates/daemonset-openvswitch.yaml @@ -0,0 +1,166 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: neutron-openvswitch +spec: + template: + metadata: + labels: + app: neutron-openvswitch + spec: + nodeSelector: + {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} + securityContext: + runAsUser: 0 + dnsPolicy: ClusterFirst + hostNetwork: true + containers: + - name: neutron-openvswitch-agent + image: {{ .Values.images.neutron_openvswitch_agent }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can can see a br-int + # bridge before its marked as ready + readinessProbe: + exec: + command: + - bash + - -c + - 'ovs-vsctl list-br | grep -q br-int' + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/neutron-openvswitch-agent.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.service }}" + - name: DEPENDENCY_CONTAINER + value: "{{ include "joinListWithColon" .Values.dependencies.openvswitchagent.container }}" + volumeMounts: + - name: neutronopenvswitchagentsh + mountPath: /tmp/neutron-openvswitch-agent.sh + subPath: neutron-openvswitch-agent.sh + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: openvswitch-db-server + image: {{ .Values.images.openvswitch_db_server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-db-server.sh" + volumeMounts: + - name: openvswitchdbserversh + mountPath: /tmp/openvswitch-db-server.sh + subPath: openvswitch-db-server.sh + - mountPath: /etc/resolv.conf + name: resolvconf + subPath: resolv.conf + - name: varlibopenvswitch + mountPath: /var/lib/openvswitch/ + - name: run + mountPath: /run + + - name: openvswitch-vswitchd + image: {{ .Values.images.openvswitch_vswitchd }} + imagePullPolicy: {{ .Values.images.pull_policy }} + securityContext: + privileged: true + # ensures this container can speak to the ovs database + # successfully before its marked as ready + readinessProbe: + exec: + command: + - /usr/bin/ovs-vsctl + - show + env: + - name: INTERFACE_NAME + value: {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/openvswitch-vswitchd.sh" + - name: DEPENDENCY_CONTAINER + value: "openvswitch-db-server" + volumeMounts: + - name: openvswitchvswitchdsh + mountPath: /tmp/openvswitch-vswitchd.sh + subPath: openvswitch-vswitchd.sh + - name: openvswitchensureconfiguredsh + mountPath: /tmp/openvswitch-ensure-configured.sh + subPath: openvswitch-ensure-configured.sh + - name: libmodules + mountPath: /lib/modules + readOnly: true + - name: run + mountPath: /run + volumes: + - name: openvswitchdbserversh + configMap: + name: neutron-bin + - name: openvswitchvswitchdsh + configMap: + name: neutron-bin + - name: openvswitchensureconfiguredsh + configMap: + name: neutron-bin + - name: varlibopenvswitch + emptyDir: {} + - name: neutronopenvswitchagentsh + configMap: + name: neutron-bin + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc + - name: resolvconf + configMap: + name: neutron-etc + - name: libmodules + hostPath: + path: /lib/modules + - name: run + hostPath: + path: /run \ No newline at end of file diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml new file mode 100644 index 0000000000..6dcef74103 --- /dev/null +++ b/neutron/templates/deployment-server.yaml @@ -0,0 +1,53 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: neutron-server +spec: + replicas: {{ .Values.replicas.server }} + template: + metadata: + labels: + app: neutron-server + spec: + nodeSelector: + {{ .Values.labels.server.node_selector_key }}: {{ .Values.labels.server.node_selector_value }} + containers: + - name: neutron-server + image: {{ .Values.images.server }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-server --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.server.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.server.service }}" + ports: + - containerPort: {{ .Values.network.port.server }} + readinessProbe: + tcpSocket: + port: {{ .Values.network.port.server }} + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc \ No newline at end of file diff --git a/neutron/templates/etc/_dhcp-agent.ini.tpl b/neutron/templates/etc/_dhcp-agent.ini.tpl new file mode 100644 index 0000000000..f580c1190f --- /dev/null +++ b/neutron/templates/etc/_dhcp-agent.ini.tpl @@ -0,0 +1,5 @@ +[DEFAULT] +dnsmasq_config_file = /etc/neutron/dnsmasq.conf +enable_isolated_metadata = true +force_metadata = true +interface_driver = openvswitch \ No newline at end of file diff --git a/neutron/templates/etc/_l3-agent.ini.tpl b/neutron/templates/etc/_l3-agent.ini.tpl new file mode 100644 index 0000000000..38b17395c9 --- /dev/null +++ b/neutron/templates/etc/_l3-agent.ini.tpl @@ -0,0 +1,4 @@ +[DEFAULT] +agent_mode = legacy +enable_metadata_proxy = True +enable_isolated_metadata = True \ No newline at end of file diff --git a/neutron/templates/etc/_metadata-agent.ini.tpl b/neutron/templates/etc/_metadata-agent.ini.tpl new file mode 100644 index 0000000000..c0239e974d --- /dev/null +++ b/neutron/templates/etc/_metadata-agent.ini.tpl @@ -0,0 +1,31 @@ +[DEFAULT] +debug = {{ .Values.metadata_agent.default.debug }} + +# Neutron credentials for API access +auth_plugin = password +auth_url = {{ include "endpoint_keystone_admin" . }} +auth_uri = {{ include "endpoint_keystone_internal" . }} +auth_region = {{ .Values.keystone.neutron_region_name }} +admin_tenant_name = service +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.admin_user }} +password = {{ .Values.keystone.admin_password }} +endpoint_type = adminURL + +# Nova metadata service IP and port +nova_metadata_ip = {{ include "nova_metadata_host" . }} +nova_metadata_port = {{ .Values.network.port.metadata }} +nova_metadata_protocol = http + +# Metadata proxy shared secret +metadata_proxy_shared_secret = {{ .Values.neutron.metadata_secret }} + +metadata_port = {{ .Values.network.port.metadata }} + +# Workers and backlog requests +metadata_workers = {{ .Values.metadata.workers }} + +# Caching +cache_url = memory://?default_ttl=5 \ No newline at end of file diff --git a/neutron/templates/etc/_ml2-conf.ini.tpl b/neutron/templates/etc/_ml2-conf.ini.tpl new file mode 100644 index 0000000000..8a903a1715 --- /dev/null +++ b/neutron/templates/etc/_ml2-conf.ini.tpl @@ -0,0 +1,43 @@ +[ml2] +# Changing type_drivers after bootstrap can lead to database inconsistencies +type_drivers = {{ include "joinListWithColon" .Values.ml2.type_drivers }} +tenant_network_types = {{ .Values.ml2.tenant_network_types }} +mechanism_drivers = {{ include "joinListWithColon" .Values.ml2.mechanism_drivers }} + +[ml2_type_flat] +flat_networks = {{ include "joinListWithColon" .Values.ml2.ml2_type_flat.flat_networks }} + +[ml2_type_gre] +# (ListOpt) Comma-separated list of : tuples enumerating ranges +# of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = {{ .Values.ml2.ml2_type_gre.tunnel_id_ranges }} + +[ml2_type_vxlan] +vni_ranges = {{ .Values.ml2.ml2_type_vxlan.vni_ranges }} +vxlan_group = {{ .Values.ml2.ml2_type_vxlan.vxlan_group }} + +[ml2_type_vlan] +# (ListOpt) List of [::] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +network_vlan_ranges = {{ .Values.ml2.ml2_type_vlan.network_vlan_ranges }} + +[securitygroup] +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +{{- if .Values.ml2.agent.tunnel_types }} +[agent] +tunnel_types = {{ .Values.ml2.agent.tunnel_types }} +l2_population = false +arp_responder = false +{{- end }} + +[ovs] +bridge_mappings = {{ include "joinListWithColon" .Values.ml2.ovs.bridge_mappings }} +tenant_network_type = {{ .Values.ml2.agent.tunnel_types }} + +[vxlan] +l2_population = true +ovsdb_interface = {{ .Values.network.interface.openvswitch | default .Values.network.interface.default }} diff --git a/neutron/templates/etc/_neutron.conf.tpl b/neutron/templates/etc/_neutron.conf.tpl new file mode 100644 index 0000000000..859dd817d8 --- /dev/null +++ b/neutron/templates/etc/_neutron.conf.tpl @@ -0,0 +1,71 @@ +[DEFAULT] +debug = {{ .Values.neutron.default.debug }} +use_syslog = False +use_stderr = True + +bind_host = {{ .Values.network.ip_address }} +bind_port = {{ .Values.network.port.server }} + +#lock_path = /var/lock/neutron +api_paste_config = /usr/share/neutron/api-paste.ini + +api_workers = {{ .Values.neutron.workers }} + +allow_overlapping_ips = True +core_plugin = ml2 +service_plugins = router + +interface_driver = openvswitch + +metadata_proxy_socket = /var/lib/neutron/openstack-helm/metadata_proxy + +allow_automatic_l3agent_failover = True +l3_ha = true +min_l3_agents_per_router = 1 +max_l3_agents_per_router = 2 +l3_ha_network_type = {{ .Values.neutron.default.l3_ha_network_type }} + +dhcp_agents_per_network = 3 + +network_auto_schedule = True +router_auto_schedule = True + +transport_url = rabbit://{{ .Values.rabbitmq.admin_user }}:{{ .Values.rabbitmq.admin_password }}@{{ .Values.rabbitmq.address }}:{{ .Values.rabbitmq.port }} + +[nova] +auth_url = {{ include "endpoint_keystone_internal" . }} +auth_plugin = password +project_domain_id = default +user_domain_id = default +endpoint_type = internal +region_name = {{ .Values.keystone.nova_region_name }} +project_name = service +username = {{ .Values.keystone.nova_user }} +password = {{ .Values.keystone.nova_password }} + +[oslo_concurrency] +lock_path = /var/lib/neutron/tmp + +[ovs] +ovsdb_connection = unix:/var/run/openvswitch/db.sock + +[agent] +root_helper = sudo /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf +l2_population = true +arp_responder = true + +[database] +connection = mysql+pymysql://{{ .Values.database.neutron_user }}:{{ .Values.database.neutron_password }}@{{ include "neutron_db_host" . }}/{{ .Values.database.neutron_database_name }} +max_retries = -1 + +[keystone_authtoken] +auth_url = {{ include "endpoint_keystone_internal" . }} +auth_type = password +project_domain_id = default +user_domain_id = default +project_name = service +username = {{ .Values.keystone.neutron_user }} +password = {{ .Values.keystone.neutron_password }} + +[oslo_messaging_notifications] +driver = noop \ No newline at end of file diff --git a/neutron/templates/etc/_resolv.conf.tpl b/neutron/templates/etc/_resolv.conf.tpl new file mode 100644 index 0000000000..68dc696756 --- /dev/null +++ b/neutron/templates/etc/_resolv.conf.tpl @@ -0,0 +1,5 @@ +search {{ .Release.Namespace }}.svc.{{ .Values.network.dns.kubernetes_domain }} svc.{{ .Values.network.dns.kubernetes_domain }} {{ .Values.network.dns.kubernetes_domain }} +{{- range .Values.network.dns.servers }} +nameserver {{ . | title }} +{{- end }} +options ndots:5 \ No newline at end of file diff --git a/neutron/templates/job-db-sync.yaml b/neutron/templates/job-db-sync.yaml new file mode 100644 index 0000000000..1514fe87a0 --- /dev/null +++ b/neutron/templates/job-db-sync.yaml @@ -0,0 +1,43 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-db-sync +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-db-sync + image: {{ .Values.images.db_sync }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2-conf.ini upgrade head" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.db_sync.service }}" + volumeMounts: + - name: neutronconf + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + - name: ml2confini + mountPath: /etc/neutron/plugins/ml2/ml2-conf.ini + subPath: ml2-conf.ini + volumes: + - name: neutronconf + configMap: + name: neutron-etc + - name: ml2confini + configMap: + name: neutron-etc \ No newline at end of file diff --git a/neutron/templates/job-init.yaml b/neutron/templates/job-init.yaml new file mode 100644 index 0000000000..c21cd69324 --- /dev/null +++ b/neutron/templates/job-init.yaml @@ -0,0 +1,37 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-init +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-init + image: {{ .Values.images.init }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/init.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.init.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.init.service }}" + volumeMounts: + - name: initsh + mountPath: /tmp/init.sh + subPath: init.sh + volumes: + - name: initsh + configMap: + name: neutron-bin \ No newline at end of file diff --git a/neutron/templates/job-post.yaml b/neutron/templates/job-post.yaml new file mode 100644 index 0000000000..936d299fe3 --- /dev/null +++ b/neutron/templates/job-post.yaml @@ -0,0 +1,39 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-post +spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: neutron-post + image: {{ .Values.images.post }} + imagePullPolicy: {{ .Values.images.pull_policy }} + env: + - name: INTERFACE_NAME + value: "eth0" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: COMMAND + value: "bash /tmp/post.sh" + - name: DEPENDENCY_JOBS + value: "{{ include "joinListWithColon" .Values.dependencies.post.jobs }}" + - name: DEPENDENCY_SERVICE + value: "{{ include "joinListWithColon" .Values.dependencies.post.service }}" + - name: ANSIBLE_LIBRARY + value: /usr/share/ansible/ + volumeMounts: + - name: postsh + mountPath: /tmp/post.sh + subPath: post.sh + volumes: + - name: postsh + configMap: + name: neutron-bin \ No newline at end of file diff --git a/neutron/templates/service.yaml b/neutron/templates/service.yaml new file mode 100644 index 0000000000..24aa4cef30 --- /dev/null +++ b/neutron/templates/service.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Service +metadata: + name: neutron-server +spec: + ports: + - port: {{ .Values.network.port.server }} + selector: + app: neutron-server \ No newline at end of file diff --git a/neutron/values.yaml b/neutron/values.yaml new file mode 100644 index 0000000000..3c6268f45b --- /dev/null +++ b/neutron/values.yaml @@ -0,0 +1,241 @@ +# Default values for memcached. +# This is a YAML-formatted file. +# Declare name/value pairs to be passed into your templates. +# name: value + +replicas: + server: 1 + +images: + init: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + db_sync: quay.io/stackanetes/stackanetes-neutron-server:barcelona + server: quay.io/stackanetes/stackanetes-neutron-server:barcelona + dhcp: quay.io/stackanetes/stackanetes-neutron-dhcp-agent:barcelona + metadata: quay.io/stackanetes/stackanetes-neutron-metadata-agent:barcelona + l3: quay.io/stackanetes/stackanetes-neutron-l3-agent:barcelona + neutron_openvswitch_agent: quay.io/stackanetes/stackanetes-neutron-openvswitch-agent:barcelona + openvswitch_db_server: quay.io/attcomdev/openvswitch-vswitchd:latest + openvswitch_vswitchd: quay.io/attcomdev/openvswitch-vswitchd:latest + post: quay.io/stackanetes/stackanetes-kolla-toolbox:barcelona + entrypoint: quay.io/stackanetes/kubernetes-entrypoint:v0.1.0 + pull_policy: "IfNotPresent" + +labels: + # ovs is a special case, requiring a special + # label that can apply to both control hosts + # and compute hosts, until we get more sophisticated + # with our daemonset scheduling + ovs: + node_selector_key: openvswitch + node_selector_value: enabled + agent: + dhcp: + node_selector_key: openstack-control-plane + node_selector_value: enabled + l3: + node_selector_key: openstack-control-plane + node_selector_value: enabled + metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled + server: + node_selector_key: openstack-control-plane + node_selector_value: enabled + +network: + dns: + kubernetes_domain: cluster.local + # this must list the skydns server first, and in calico + # this is consistently 10.96.0.10 + servers: + - 10.96.0.10 + - 8.8.8.8 + external_bridge: br-ex + ip_address: 0.0.0.0 + interface: + external: enp12s0f0 + default: enp11s0f0 + port: + server: 9696 + metadata: 8775 + +memcached: + address: "memcached:11211" + +rabbitmq: + address: rabbitmq + admin_user: rabbitmq + admin_password: password + port: 5672 + +keystone: + admin_user: "admin" + admin_password: "password" + admin_project_name: "admin" + admin_region_name: "RegionOne" + domain_name: "default" + tenant_name: "admin" + + neutron_user: "neutron" + neutron_password: "password" + neutron_region_name: "RegionOne" + + nova_user: "nova" + nova_password: "password" + nova_region_name: "RegionOne" + +database: + port: 3306 + root_user: root + root_password: password + neutron_database_name: neutron + neutron_password: password + neutron_user: neutron + +metadata_agent: + default: + debug: 'True' + +neutron: + workers: 4 + default: + l3_ha_network_type: gre + debug: 'True' +metadata: + workers: 4 + +ml2: + tenant_network_types: "flat" + agent: + tunnel_types: null + type_drivers: + - flat + mechanism_drivers: + - openvswitch + - l2population + ml2_type_vxlan: + vni_ranges: "1:1000" + vxlan_group: 239.1.1.1 + ml2_type_gre: + tunnel_id_ranges: "1:1000" + ml2_type_flat: + flat_networks: + - "*" + ml2_type_vlan: + network_vlan_ranges: "physnet1:1100:1110" + ovs: + auto_bridge_add: + br-physnet1: enp11s0f0 + bridge_mappings: + - "physnet1:br-physnet1" + +dependencies: + server: + jobs: + - neutron-db-sync + - mariadb-seed + service: + - rabbitmq + - mariadb + - keystone-api + - memcached + dhcp: + service: + - neutron-server + - rabbitmq + - nova-api + jobs: + - neutron-init + - nova-post + daemonset: + - neutron-openvswitch + metadata: + jobs: + - neutron-init + - nova-post + service: + - neutron-server + - rabbitmq + - nova-api + daemonset: + - neutron-openvswitch + openvswitchagent: + jobs: + - neutron-post + - nova-post + service: + - keystone-api + - rabbitmq + - neutron-server + container: + - openvswitch-db-server + - openvswitch-vswitchd + l3: + jobs: + - nova-init + - neutron-init + - nova-post + service: + - neutron-server + - rabbitmq + - nova-api + daemonset: + - neutron-openvswitch + db_sync: + jobs: + - neutron-init + - mariadb-seed + service: + - mariadb + init: + jobs: + - mariadb-seed + service: + - mariadb + post: + jobs: + - neutron-db-sync + service: + - keystone-api + - neutron-server + +# typically overriden by environmental +# values, but should include all endpoints +# required by this chart +endpoints: + glance: + hosts: + default: glance-api + type: image + path: null + scheme: 'http' + port: + api: 9292 + registry: 9191 + nova: + hosts: + default: nova-api + path: "/v2/%(tenant_id)s" + type: compute + scheme: 'http' + port: + api: 8774 + metadata: 8775 + novncproxy: 6080 + keystone: + hosts: + default: keystone-api + path: /v3 + type: identity + scheme: 'http' + port: + admin: 35357 + public: 5000 + neutron: + hosts: + default: neutron-server + path: null + type: network + scheme: 'http' + port: + api: 9696