From c83582a866672c1d8b54a5c5173d10e858083852 Mon Sep 17 00:00:00 2001 From: Sadegh Hayeri Date: Tue, 14 Mar 2023 14:05:25 +0330 Subject: [PATCH] Add ovn Change-Id: Iacf6423399d51134af5b00b472ef6b42e17dfd6a --- neutron/Chart.yaml | 2 +- .../_neutron-ovn-metadata-agent-init.sh.tpl | 27 ++ .../bin/_neutron-ovn-metadata-agent.sh.tpl | 33 +++ .../bin/_neutron-server-ovn-init.sh.tpl | 26 ++ neutron/templates/bin/_neutron-server.sh.tpl | 2 + neutron/templates/configmap-bin.yaml | 19 +- neutron/templates/configmap-etc.yaml | 7 +- .../daemonset-ovn-metadata-agent.yaml | 243 ++++++++++++++++++ neutron/templates/deployment-server.yaml | 27 ++ neutron/values.yaml | 69 ++++- neutron/values_overrides/ovn.yaml | 57 ++++ .../values_overrides/xena-ubuntu_focal.yaml | 1 + .../values_overrides/yoga-ubuntu_focal.yaml | 1 + nova/Chart.yaml | 2 +- nova/values_overrides/ovn.yaml | 12 + releasenotes/notes/neutron.yaml | 1 + releasenotes/notes/nova.yaml | 1 + .../developer/ovn/120-openvswitch.sh | 33 +++ tools/deployment/developer/ovn/125-ovn.sh | 33 +++ .../developer/ovn/140-compute-kit.sh | 66 +++++ 20 files changed, 654 insertions(+), 8 deletions(-) create mode 100644 neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl create mode 100644 neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl create mode 100644 neutron/templates/bin/_neutron-server-ovn-init.sh.tpl create mode 100644 neutron/templates/daemonset-ovn-metadata-agent.yaml create mode 100644 neutron/values_overrides/ovn.yaml create mode 100644 nova/values_overrides/ovn.yaml create mode 100755 tools/deployment/developer/ovn/120-openvswitch.sh create mode 100755 tools/deployment/developer/ovn/125-ovn.sh create mode 100755 tools/deployment/developer/ovn/140-compute-kit.sh diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index d5290f4e16..6a2e6c6f09 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.3.2 +version: 0.3.3 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl b/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl new file mode 100644 index 0000000000..5b6ce43e1d --- /dev/null +++ b/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl @@ -0,0 +1,27 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm + +{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} +mkdir -p /tmp/pod-shared +tee > /tmp/pod-shared/neutron-agent.ini << EOF +[DEFAULT] +host = $(hostname --fqdn) +EOF +{{- end }} diff --git a/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl b/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl new file mode 100644 index 0000000000..e4ce5fc29d --- /dev/null +++ b/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl @@ -0,0 +1,33 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -x + +cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini + +# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection! +sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini +sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini +sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini +sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini + +exec neutron-ovn-metadata-agent \ + --config-file /etc/neutron/neutron.conf \ +{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }} + --config-file /tmp/pod-shared/neutron-agent.ini \ +{{- end }} + --config-file /tmp/ovn_metadata_agent.ini + diff --git a/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl b/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl new file mode 100644 index 0000000000..866175484a --- /dev/null +++ b/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl @@ -0,0 +1,26 @@ +#!/bin/bash + +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex + +mkdir -p /tmp/pod-shared +cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini + +# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection! +sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini +sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini +sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini +sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini diff --git a/neutron/templates/bin/_neutron-server.sh.tpl b/neutron/templates/bin/_neutron-server.sh.tpl index 83ca918658..9cffb7b8cc 100644 --- a/neutron/templates/bin/_neutron-server.sh.tpl +++ b/neutron/templates/bin/_neutron-server.sh.tpl @@ -22,6 +22,8 @@ function start () { --config-file /etc/neutron/neutron.conf \ {{- if ( has "tungstenfabric" .Values.network.backend ) }} --config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini +{{- else if ( has "ovn" .Values.network.backend ) }} + --config-file /tmp/pod-shared/ml2_conf.ini {{- else }} --config-file /etc/neutron/plugins/ml2/ml2_conf.ini {{- end }} diff --git a/neutron/templates/configmap-bin.yaml b/neutron/templates/configmap-bin.yaml index 2a6b9cffb0..a701c52a30 100644 --- a/neutron/templates/configmap-bin.yaml +++ b/neutron/templates/configmap-bin.yaml @@ -59,10 +59,6 @@ data: {{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-linuxbridge-agent-init-modules.sh: | {{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - neutron-metadata-agent.sh: | -{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} - neutron-metadata-agent-init.sh: | -{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent.sh: | {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} neutron-openvswitch-agent-init.sh: | @@ -95,6 +91,21 @@ data: {{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }} neutron-test-force-cleanup.sh: | {{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + +{{- if ( has "ovn" .Values.network.backend ) }} + neutron-ovn-metadata-agent.sh: | +{{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-ovn-metadata-agent-init.sh: | +{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-server-ovn-init.sh: | +{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- else }} + neutron-metadata-agent.sh: | +{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + neutron-metadata-agent-init.sh: | +{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} +{{- end }} + {{- if ( has "tungstenfabric" .Values.network.backend ) }} tf-plugin.pth: | /opt/plugin/site-packages diff --git a/neutron/templates/configmap-etc.yaml b/neutron/templates/configmap-etc.yaml index 36af849163..50de6f01df 100644 --- a/neutron/templates/configmap-etc.yaml +++ b/neutron/templates/configmap-etc.yaml @@ -263,7 +263,6 @@ data: api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }} dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }} l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }} - metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }} metering_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc) }} taas_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc) }} ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }} @@ -284,6 +283,12 @@ data: auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }} dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }} update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }} +{{- if ( has "ovn" .Values.network.backend ) }} + ovn_metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_metadata_agent | b64enc }} +{{- else }} + metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }} +{{- end }} + {{- if .Values.manifests.certificates }} {{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }} {{- end }} diff --git a/neutron/templates/daemonset-ovn-metadata-agent.yaml b/neutron/templates/daemonset-ovn-metadata-agent.yaml new file mode 100644 index 0000000000..511eb26066 --- /dev/null +++ b/neutron/templates/daemonset-ovn-metadata-agent.yaml @@ -0,0 +1,243 @@ +{{/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "ovnMetadataAgentReadinessProbeTemplate" }} +exec: + command: + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/ovn_metadata_agent.ini +{{- if .Values.pod.use_fqdn.neutron_agent }} + - --use-fqdn +{{- end }} +{{- end }} +{{- define "ovnMetadataAgentLivenessProbeTemplate" }} +exec: + command: + - python + - /tmp/health-probe.py + - --config-file + - /etc/neutron/neutron.conf + - --config-file + - /etc/neutron/ovn_metadata_agent.ini + - --liveness-probe +{{- if .Values.pod.use_fqdn.neutron_agent }} + - --use-fqdn +{{- end }} +{{- end }} + +{{- define "neutron.ovn_metadata_agent.daemonset" }} +{{- $daemonset := index . 0 }} +{{- $configMapName := index . 1 }} +{{- $serviceAccountName := index . 2 }} +{{- $envAll := index . 3 }} +{{- with $envAll }} + +{{- $mounts_neutron_ovn_metadata_agent := .Values.pod.mounts.neutron_ovn_metadata_agent.neutron_ovn_metadata_agent }} +{{- $mounts_neutron_ovn_metadata_agent_init := .Values.pod.mounts.neutron_ovn_metadata_agent.init_container }} + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: neutron-ovn-metadata-agent + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + labels: +{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +spec: + selector: + matchLabels: +{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll "ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} + template: + metadata: + labels: +{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: +{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} +{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} + spec: +{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} + serviceAccountName: {{ $serviceAccountName }} +{{ if $envAll.Values.pod.tolerations.neutron.enabled }} +{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} +{{ end }} + nodeSelector: + {{ .Values.labels.agent.ovn_metadata.node_selector_key }}: {{ .Values.labels.agent.ovn_metadata.node_selector_value }} + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: true + {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }} + shareProcessNamespace: true + {{- else }} + hostPID: true + {{- end }} + initContainers: +{{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: neutron-ovn-metadata-agent-init +{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + env: + - name: NEUTRON_USER_UID + value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}" + command: + - /tmp/neutron-ovn-metadata-agent-init.sh + volumeMounts: + - name: run + mountPath: /run + - name: pod-tmp + mountPath: /tmp + - name: neutron-bin + mountPath: /tmp/neutron-ovn-metadata-agent-init.sh + subPath: neutron-ovn-metadata-agent-init.sh + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + - name: socket + mountPath: /var/lib/neutron/openstack-helm + containers: + - name: neutron-ovn-metadata-agent +{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + env: + - name: RPC_PROBE_TIMEOUT + value: "{{ .Values.pod.probes.rpc_timeout }}" + - name: RPC_PROBE_RETRIES + value: "{{ .Values.pod.probes.rpc_retries }}" +{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "readiness" "probeTemplate" (include "ovnMetadataAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "liveness" "probeTemplate" (include "ovnMetadataAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + securityContext: + privileged: true + command: + - /tmp/neutron-ovn-metadata-agent.sh + volumeMounts: + - name: run + mountPath: /run + - name: pod-tmp + mountPath: /tmp + - name: pod-var-neutron + mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} + - name: neutron-bin + mountPath: /tmp/neutron-ovn-metadata-agent.sh + subPath: neutron-ovn-metadata-agent.sh + readOnly: true + - name: neutron-bin + mountPath: /tmp/health-probe.py + subPath: health-probe.py + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/neutron.conf + subPath: neutron.conf + readOnly: true + {{- if .Values.conf.neutron.DEFAULT.log_config_append }} + - name: neutron-etc + mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + {{- if ( has "openvswitch" .Values.network.backend ) }} + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini + subPath: openvswitch_agent.ini + readOnly: true + {{- end }} + - name: neutron-etc + mountPath: /etc/neutron/ovn_metadata_agent.ini + subPath: ovn_metadata_agent.ini + readOnly: true + - name: neutron-etc + # NOTE (Portdirect): We mount here to override Kollas + # custom sudoers file when using Kolla images, this + # location will also work fine for other images. + mountPath: /etc/sudoers.d/kolla_neutron_sudoers + subPath: neutron_sudoers + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/rootwrap.conf + subPath: rootwrap.conf + readOnly: true + {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }} + {{- if ( has "ovn_metadata_agent" $value.pods ) }} + {{- $filePrefix := replace "_" "-" $key }} + {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }} + - name: neutron-etc + mountPath: {{ $rootwrapFile }} + subPath: {{ base $rootwrapFile }} + readOnly: true + {{- end }} + {{- end }} + - name: socket + mountPath: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + mountPath: /run/netns + mountPropagation: Bidirectional + {{- end }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }} +{{ if $mounts_neutron_ovn_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumeMounts | indent 12 }}{{ end }} + volumes: + - name: pod-tmp + emptyDir: {} + - name: pod-var-neutron + emptyDir: {} + - name: run + hostPath: + path: /run + - name: neutron-bin + configMap: + name: neutron-bin + defaultMode: 0555 + - name: neutron-etc + secret: + secretName: {{ $configMapName }} + defaultMode: 0444 + - name: socket + hostPath: + path: /var/lib/neutron/openstack-helm + {{- if .Values.network.share_namespaces }} + - name: host-run-netns + hostPath: + path: /run/netns + {{- end }} +{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }} +{{ if $mounts_neutron_ovn_metadata_agent.volumes }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumes | indent 8 }}{{ end }} +{{- end }} +{{- end }} + +{{- if .Values.manifests.daemonset_ovn_metadata_agent }} +{{- $envAll := . }} +{{- $daemonset := "ovn-metadata-agent" }} +{{- $configMapName := "neutron-etc" }} +{{- $serviceAccountName := "neutron-ovn-metadata-agent" }} +{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}} +{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }} +{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }} +{{- $configmap_yaml := "neutron.configmap.etc" }} +{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }} +{{- end }} diff --git a/neutron/templates/deployment-server.yaml b/neutron/templates/deployment-server.yaml index 2e39a40e31..91d9793e6a 100644 --- a/neutron/templates/deployment-server.yaml +++ b/neutron/templates/deployment-server.yaml @@ -91,6 +91,29 @@ spec: terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }} initContainers: {{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + {{- if ( has "ovn" .Values.network.backend ) }} + - name: ovn-neutron-init +{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }} + command: + - /tmp/neutron-server-ovn-init.sh + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: pod-shared + mountPath: /tmp/pod-shared + - name: neutron-bin + mountPath: /tmp/neutron-server-ovn-init.sh + subPath: neutron-server-ovn-init.sh + readOnly: true + - name: neutron-etc + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + readOnly: true + - name: neutron-etc + mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini + subPath: ml2_conf.ini + readOnly: true + {{- end }} {{- if ( has "tungstenfabric" .Values.network.backend ) }} - name: tungstenfabric-neutron-init image: {{ .Values.images.tags.tf_neutron_init }} @@ -176,6 +199,8 @@ spec: volumeMounts: - name: pod-tmp mountPath: /tmp + - name: pod-shared + mountPath: /tmp/pod-shared - name: pod-var-neutron mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }} - name: neutron-bin @@ -258,6 +283,8 @@ spec: volumes: - name: pod-tmp emptyDir: {} + - name: pod-shared + emptyDir: {} {{- if .Values.manifests.certificates }} - name: wsgi-neutron emptyDir: {} diff --git a/neutron/values.yaml b/neutron/values.yaml index 0fb26452fd..d3b314e8e1 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -33,6 +33,7 @@ images: neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic + neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic @@ -62,6 +63,9 @@ labels: metadata: node_selector_key: openstack-control-plane node_selector_value: enabled + ovn_metadata: + node_selector_key: openstack-control-plane + node_selector_value: enabled l2gw: node_selector_key: openstack-control-plane node_selector_value: enabled @@ -156,6 +160,7 @@ dependencies: sriov: {} l2gateway: {} bagpipe_bgp: {} + ovn: {} openvswitch: dhcp: pod: @@ -279,6 +284,19 @@ dependencies: service: compute - endpoint: public service: compute_metadata + ovn_metadata: + pod: null + jobs: + - neutron-rabbit-init + services: + - endpoint: internal + service: oslo_messaging + - endpoint: internal + service: network + - endpoint: internal + service: compute + - endpoint: public + service: compute_metadata ovs_agent: jobs: - neutron-rabbit-init @@ -385,6 +403,20 @@ pod: initialDelaySeconds: 120 periodSeconds: 600 timeoutSeconds: 580 + ovn_metadata_agent: + ovn_metadata_agent: + readiness: + enabled: true + params: + initialDelaySeconds: 30 + periodSeconds: 190 + timeoutSeconds: 185 + liveness: + enabled: true + params: + initialDelaySeconds: 120 + periodSeconds: 600 + timeoutSeconds: 580 ovs_agent: ovs_agent: readiness: @@ -490,6 +522,13 @@ pod: neutron_metadata_agent_init: runAsUser: 0 readOnlyRootFilesystem: true + neutron_ovn_metadata_agent: + pod: + runAsUser: 42424 + container: + neutron_ovn_metadata_agent_init: + runAsUser: 0 + readOnlyRootFilesystem: true neutron_ovs_agent: pod: runAsUser: 42424 @@ -584,6 +623,11 @@ pod: neutron_metadata_agent: volumeMounts: volumes: + neutron_ovn_metadata_agent: + init_container: null + neutron_ovn_metadata_agent: + volumeMounts: + volumes: neutron_ovs_agent: init_container: null neutron_ovs_agent: @@ -661,6 +705,10 @@ pod: enabled: true min_ready_seconds: 0 max_unavailable: 1 + ovn_metadata_agent: + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 ovs_agent: enabled: true min_ready_seconds: 0 @@ -712,6 +760,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + ovn_metadata: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" ovs: requests: memory: "128Mi" @@ -1233,6 +1288,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1260,6 +1316,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1285,6 +1342,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1306,6 +1364,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1396,6 +1455,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent - netns_cleanup_cron @@ -1418,6 +1478,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent - netns_cleanup_cron @@ -1467,6 +1528,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1487,6 +1549,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1523,6 +1586,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1560,6 +1624,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent content: | @@ -1597,6 +1662,7 @@ conf: - l3_agent - lb_agent - metadata_agent + - ovn_metadata_agent - ovs_agent - sriov_agent - netns_cleanup_cron @@ -1814,7 +1880,7 @@ conf: # (NOTE)portdirect: if unset this is populated dyanmicly from the value # in 'network.backend' to sane defaults. mechanism_drivers: null - type_drivers: flat,vlan,vxlan + type_drivers: flat,vlan,vxlan,local tenant_network_types: vxlan ml2_type_vxlan: vni_ranges: 1:1000 @@ -1903,6 +1969,7 @@ conf: enabled: true backend: dogpile.cache.memcached bagpipe_bgp: {} + ovn_metadata_agent: {} rabbitmq: # NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones diff --git a/neutron/values_overrides/ovn.yaml b/neutron/values_overrides/ovn.yaml new file mode 100644 index 0000000000..d7d9914066 --- /dev/null +++ b/neutron/values_overrides/ovn.yaml @@ -0,0 +1,57 @@ +--- +network: + backend: + - openvswitch + - ovn + +conf: + neutron: + DEFAULT: + router_distributed: True + service_plugins: ovn-router + l3_ha_network_type: geneve + plugins: + ml2_conf: + ml2: + extension_drivers: port_security + mechanism_drivers: ovn + type_drivers: flat,vxlan,geneve + tenant_network_types: geneve + overlay_ip_version: 4 + ml2_type_geneve: + vni_ranges: 1:65536 + max_header_size: 38 + securitygroup: + enable_security_group: True + firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + ovn: + ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__ + ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__ + enable_distributed_floating_ip: True + ovn_l3_scheduler: leastloaded + dns_servers: 8.8.8.8,1.1.1.1 + ovn_metadata_agent: + DEFAULT: + # we cannot change the proxy socket path as it is declared + # as a hostPath volume from agent daemonsets + metadata_proxy_socket: /var/lib/neutron/openstack-helm/metadata_proxy + metadata_proxy_shared_secret: "password" + metadata_workers: 2 + cache: + enabled: true + backend: dogpile.cache.memcached + ovs: + ovsdb_connection: tcp:127.0.0.1:6640 + ovsdb_timeout: 180 + ovn: + ovn_metadata_enabled: True + ovn_nb_connection: tcp:__OVN_NB_DB_SERVICE_HOST__:__OVN_NB_DB_SERVICE_PORT__ + ovn_sb_connection: tcp:__OVN_SB_DB_SERVICE_HOST__:__OVN_SB_DB_SERVICE_PORT__ + +manifests: + daemonset_dhcp_agent: false + daemonset_l3_agent: false + daemonset_metadata_agent: false + daemonset_ovs_agent: false + + daemonset_ovn_metadata_agent: true diff --git a/neutron/values_overrides/xena-ubuntu_focal.yaml b/neutron/values_overrides/xena-ubuntu_focal.yaml index ce35a2bfc4..4e19953b96 100644 --- a/neutron/values_overrides/xena-ubuntu_focal.yaml +++ b/neutron/values_overrides/xena-ubuntu_focal.yaml @@ -13,6 +13,7 @@ images: neutron_l2gw: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_metadata: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" + neutron_ovn_metadata: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_server: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" neutron_rpc_server: "docker.io/openstackhelm/neutron:xena-ubuntu_focal" diff --git a/neutron/values_overrides/yoga-ubuntu_focal.yaml b/neutron/values_overrides/yoga-ubuntu_focal.yaml index c730693427..077c8c467c 100644 --- a/neutron/values_overrides/yoga-ubuntu_focal.yaml +++ b/neutron/values_overrides/yoga-ubuntu_focal.yaml @@ -13,6 +13,7 @@ images: neutron_l2gw: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_linuxbridge_agent: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_metadata: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" + neutron_ovn_metadata: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_openvswitch_agent: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_server: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" neutron_rpc_server: "docker.io/openstackhelm/neutron:yoga-ubuntu_focal" diff --git a/nova/Chart.yaml b/nova/Chart.yaml index a776f82650..7556276031 100644 --- a/nova/Chart.yaml +++ b/nova/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nova name: nova -version: 0.3.3 +version: 0.3.4 home: https://docs.openstack.org/nova/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png sources: diff --git a/nova/values_overrides/ovn.yaml b/nova/values_overrides/ovn.yaml new file mode 100644 index 0000000000..ee149545b5 --- /dev/null +++ b/nova/values_overrides/ovn.yaml @@ -0,0 +1,12 @@ +dependencies: + dynamic: + targeted: + openvswitch: + compute: + pod: [] + +conf: + nova: + DEFAULT: + vif_plugging_is_fatal: true + vif_plugging_timeout: 300 diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index e292ac8ea8..34bfe91bc3 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -44,4 +44,5 @@ neutron: - 0.3.0 Remove support for Train and Ussuri - 0.3.1 Remove default policy rules - 0.3.2 Use correct labels for ovs which uses one daemonset for ovs-db and ovs-vswitchd + - 0.3.3 Add OVN Support ... diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml index 33495d1591..d932dac80c 100644 --- a/releasenotes/notes/nova.yaml +++ b/releasenotes/notes/nova.yaml @@ -72,4 +72,5 @@ nova: - 0.3.1 Added backoffLimit for bootstrap job - 0.3.2 Remove un-used configs for Nova - 0.3.3 Update all Ceph images to Focal + - 0.3.4 Add OVN values_override, disable dependency to ovn-agent and vif configs for ovn ... diff --git a/tools/deployment/developer/ovn/120-openvswitch.sh b/tools/deployment/developer/ovn/120-openvswitch.sh new file mode 100755 index 0000000000..7d955aea32 --- /dev/null +++ b/tools/deployment/developer/ovn/120-openvswitch.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +export FEATURE_GATES="ovn" + +#NOTE: Get the over-rides to use +export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}" +: ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH:="$(./tools/deployment/common/get-values-overrides.sh openvswitch)"} + +#NOTE: Lint and package chart +make -C ${HELM_CHART_ROOT_PATH} openvswitch + +#NOTE: Deploy command +: ${OSH_EXTRA_HELM_ARGS:=""} +helm upgrade --install openvswitch ${HELM_CHART_ROOT_PATH}/openvswitch \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS} \ + ${OSH_EXTRA_HELM_ARGS_OPENVSWITCH} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack diff --git a/tools/deployment/developer/ovn/125-ovn.sh b/tools/deployment/developer/ovn/125-ovn.sh new file mode 100755 index 0000000000..35f117c5bb --- /dev/null +++ b/tools/deployment/developer/ovn/125-ovn.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +export FEATURE_GATES="ovn" + +#NOTE: Get the over-rides to use +export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}" +: ${OSH_EXTRA_HELM_ARGS_OVN:="$(./tools/deployment/common/get-values-overrides.sh ovn)"} + +#NOTE: Lint and package chart +make -C ${HELM_CHART_ROOT_PATH} ovn + +#NOTE: Deploy command +: ${OSH_EXTRA_HELM_ARGS:=""} +helm upgrade --install ovn ${HELM_CHART_ROOT_PATH}/ovn \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS} \ + ${OSH_EXTRA_HELM_ARGS_OVN} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack diff --git a/tools/deployment/developer/ovn/140-compute-kit.sh b/tools/deployment/developer/ovn/140-compute-kit.sh new file mode 100755 index 0000000000..9c19a6234f --- /dev/null +++ b/tools/deployment/developer/ovn/140-compute-kit.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +set -xe + +export FEATURE_GATES="ovn" + +: ${RUN_HELM_TESTS:="yes"} + +#NOTE: Get the over-rides to use +: ${OSH_EXTRA_HELM_ARGS_NOVA:="$(./tools/deployment/common/get-values-overrides.sh nova)"} + +tee /tmp/pvc-ceph-client-key.yaml << EOF +AQAk//BhgQMXDxAAPwH86gbDjEEpmXC4s2ontw== +EOF +kubectl -n openstack create secret generic pvc-ceph-client-key --from-file=key=/tmp/pvc-ceph-client-key.yaml || true +rm -f /tmp/pvc-ceph-client-key.yaml + + +#NOTE: Lint and package chart +make nova + +helm upgrade --install nova ./nova \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS:=} \ + ${OSH_EXTRA_HELM_ARGS_NOVA} + +# Get overrides +: ${OSH_EXTRA_HELM_ARGS_PLACEMENT:="$(./tools/deployment/common/get-values-overrides.sh placement)"} + +# Lint and package +make placement + +# Deploy +helm upgrade --install placement ./placement \ + --namespace=openstack \ + ${OSH_EXTRA_HELM_ARGS:=} \ + ${OSH_EXTRA_HELM_ARGS_PLACEMENT} + +#NOTE: Get the over-rides to use +: ${OSH_EXTRA_HELM_ARGS_NEUTRON:="$(./tools/deployment/common/get-values-overrides.sh neutron)"} + +#NOTE: Lint and package chart +make neutron + +helm upgrade --install neutron ./neutron \ + --namespace=openstack \ + ${OSH_RELEASE_OVERRIDES_NEUTRON} \ + ${OSH_EXTRA_HELM_ARGS} \ + ${OSH_EXTRA_HELM_ARGS_NEUTRON} + +#NOTE: Wait for deploy +./tools/deployment/common/wait-for-pods.sh openstack + +./tools/deployment/common/run-helm-tests.sh nova +./tools/deployment/common/run-helm-tests.sh neutron