openstack/openstack-helm
Code Issues Proposed changes

Merge "Kernel Modules: Load via chroot into host"

Browse Source
This commit is contained in:
Zuul 2017-11-13 20:08:00 +00:00 committed by Gerrit Code Review
commit f8377b1258
11 changed files with 133 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
neutron/templates/bin/_neutron-linuxbridge-agent-init-modules.sh.tpl Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
chroot /mnt/host-rootfs modprobe ip6_tables
chroot /mnt/host-rootfs modprobe ebtables

2
neutron/templates/bin/_neutron-linuxbridge-agent-init.sh.tpl
View File

@ -18,8 +18,6 @@ limitations under the License.
set -ex set -ex
modprobe ebtables
# configure external bridge # configure external bridge
external_bridge="{{- .Values.network.external_bridge -}}" external_bridge="{{- .Values.network.external_bridge -}}"
external_interface="{{- .Values.network.interface.external -}}" external_interface="{{- .Values.network.interface.external -}}"

20
neutron/templates/bin/_neutron-openvswitch-agent-init-modules.sh.tpl Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
chroot /mnt/host-rootfs modprobe ip6_tables

4
neutron/templates/configmap-bin.yaml
View File

@ -49,6 +49,8 @@ data:
{{ tuple "bin/_neutron-linuxbridge-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-linuxbridge-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-linuxbridge-agent-init.sh: |+ neutron-linuxbridge-agent-init.sh: |+
{{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-linuxbridge-agent-init-modules.sh: |+
{{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-metadata-agent.sh: |+ neutron-metadata-agent.sh: |+
{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-metadata-agent-init.sh: |+ neutron-metadata-agent-init.sh: |+
@ -57,6 +59,8 @@ data:
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent-init.sh: |+ neutron-openvswitch-agent-init.sh: |+
{{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-openvswitch-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent-init-modules.sh: |+
{{ tuple "bin/_neutron-openvswitch-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-server.sh: |+ neutron-server.sh: |+
{{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_neutron-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}

30
neutron/templates/daemonset-lb-agent.yaml
View File

@ -40,6 +40,24 @@ spec:
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_lb_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_lb_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: neutron-lb-agent-kernel-modules
image: {{ .Values.images.tags.neutron_linuxbridge_agent }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- SYS_MODULE
runAsUser: 0
command:
- /tmp/neutron-linuxbridge-agent-init-modules.sh
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-linuxbridge-agent-init-modules.sh
subPath: neutron-linuxbridge-agent-init-modules.sh
readOnly: true
- name: host-rootfs
mountPath: /mnt/host-rootfs
readOnly: true
- name: neutron-lb-agent-init - name: neutron-lb-agent-init
image: {{ .Values.images.tags.neutron_linuxbridge_agent }} image: {{ .Values.images.tags.neutron_linuxbridge_agent }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
@ -119,9 +137,6 @@ spec:
mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
subPath: openvswitch-plugin.filters subPath: openvswitch-plugin.filters
readOnly: true readOnly: true
- name: libmodules
mountPath: /lib/modules
readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
@ -211,9 +226,6 @@ spec:
mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
subPath: openvswitch-plugin.filters subPath: openvswitch-plugin.filters
readOnly: true readOnly: true
- name: libmodules
mountPath: /lib/modules
readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
{{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_neutron_lb_agent.volumeMounts }}{{ toYaml $mounts_neutron_lb_agent.volumeMounts | indent 12 }}{{ end }}
@ -228,11 +240,11 @@ spec:
configMap: configMap:
name: neutron-etc name: neutron-etc
defaultMode: 0444 defaultMode: 0444
- name: libmodules
hostPath:
path: /lib/modules
- name: run - name: run
hostPath: hostPath:
path: /run path: /run
- name: host-rootfs
hostPath:
path: /
{{ if $mounts_neutron_lb_agent.volumes }}{{ toYaml $mounts_neutron_lb_agent.volumes | indent 8 }}{{ end }} {{ if $mounts_neutron_lb_agent.volumes }}{{ toYaml $mounts_neutron_lb_agent.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

30
neutron/templates/daemonset-ovs-agent.yaml
View File

@ -40,6 +40,24 @@ spec:
hostNetwork: true hostNetwork: true
initContainers: initContainers:
{{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{ tuple $envAll $dependencies $mounts_neutron_ovs_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: neutron-openvswitch-agent-kernel-modules
image: {{ .Values.images.tags.neutron_openvswitch_agent }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- SYS_MODULE
runAsUser: 0
command:
- /tmp/neutron-openvswitch-agent-init-modules.sh
volumeMounts:
- name: neutron-bin
mountPath: /tmp/neutron-openvswitch-agent-init-modules.sh
subPath: neutron-openvswitch-agent-init-modules.sh
readOnly: true
- name: host-rootfs
mountPath: /mnt/host-rootfs
readOnly: true
- name: neutron-ovs-agent-init - name: neutron-ovs-agent-init
image: {{ .Values.images.tags.neutron_openvswitch_agent }} image: {{ .Values.images.tags.neutron_openvswitch_agent }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
@ -119,9 +137,6 @@ spec:
mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
subPath: openvswitch-plugin.filters subPath: openvswitch-plugin.filters
readOnly: true readOnly: true
- name: libmodules
mountPath: /lib/modules
readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
@ -213,9 +228,6 @@ spec:
mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters mountPath: /etc/neutron/rootwrap.d/openvswitch-plugin.filters
subPath: openvswitch-plugin.filters subPath: openvswitch-plugin.filters
readOnly: true readOnly: true
- name: libmodules
mountPath: /lib/modules
readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
{{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }} {{ if $mounts_neutron_ovs_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovs_agent.volumeMounts | indent 12 }}{{ end }}
@ -232,11 +244,11 @@ spec:
configMap: configMap:
name: neutron-etc name: neutron-etc
defaultMode: 0444 defaultMode: 0444
- name: libmodules
hostPath:
path: /lib/modules
- name: run - name: run
hostPath: hostPath:
path: /run path: /run
- name: host-rootfs
hostPath:
path: /
{{ if $mounts_neutron_ovs_agent.volumes }}{{ toYaml $mounts_neutron_ovs_agent.volumes | indent 8 }}{{ end }} {{ if $mounts_neutron_ovs_agent.volumes }}{{ toYaml $mounts_neutron_ovs_agent.volumes | indent 8 }}{{ end }}
{{- end }} {{- end }}

22
openvswitch/templates/bin/_openvswitch-vswitchd-init-modules.sh.tpl Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
chroot /mnt/host-rootfs modprobe openvswitch
chroot /mnt/host-rootfs modprobe gre
chroot /mnt/host-rootfs modprobe vxlan

6
openvswitch/templates/bin/_openvswitch-vswitchd.sh.tpl
View File

@ -18,12 +18,6 @@ limitations under the License.
set -ex set -ex
# load tunnel kernel modules we may use and gre/vxlan
modprobe openvswitch
modprobe gre
modprobe vxlan
sock="/var/run/openvswitch/db.sock" sock="/var/run/openvswitch/db.sock"
t=0 t=0
while [ ! -e "${sock}" ] ; do while [ ! -e "${sock}" ] ; do

2
openvswitch/templates/configmap-bin.yaml
View File

@ -26,4 +26,6 @@ data:
{{ tuple "bin/_openvswitch-db-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_openvswitch-db-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
openvswitch-vswitchd.sh: |+ openvswitch-vswitchd.sh: |+
{{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_openvswitch-vswitchd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
openvswitch-vswitchd-init-modules.sh: |+
{{ tuple "bin/_openvswitch-vswitchd-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}

28
openvswitch/templates/daemonset-ovs-vswitchd.yaml
View File

@ -34,6 +34,25 @@ spec:
{{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
dnsPolicy: ClusterFirstWithHostNet dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true hostNetwork: true
initContainers:
- name: openvswitch-vswitchd-modules
image: {{ .Values.images.tags.openvswitch_vswitchd }}
imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
capabilities:
add:
- SYS_MODULE
runAsUser: 0
command:
- /tmp/openvswitch-vswitchd-init-modules.sh
volumeMounts:
- name: openvswitch-bin
mountPath: /tmp/openvswitch-vswitchd-init-modules.sh
subPath: openvswitch-vswitchd-init-modules.sh
readOnly: true
- name: host-rootfs
mountPath: /mnt/host-rootfs
readOnly: true
containers: containers:
- name: openvswitch-vswitchd - name: openvswitch-vswitchd
image: {{ .Values.images.tags.openvswitch_vswitchd }} image: {{ .Values.images.tags.openvswitch_vswitchd }}
@ -56,9 +75,6 @@ spec:
mountPath: /tmp/openvswitch-vswitchd.sh mountPath: /tmp/openvswitch-vswitchd.sh
subPath: openvswitch-vswitchd.sh subPath: openvswitch-vswitchd.sh
readOnly: true readOnly: true
- name: libmodules
mountPath: /lib/modules
readOnly: true
- name: run - name: run
mountPath: /run mountPath: /run
volumes: volumes:
@ -66,10 +82,10 @@ spec:
configMap: configMap:
name: openvswitch-bin name: openvswitch-bin
defaultMode: 0555 defaultMode: 0555
- name: libmodules
hostPath:
path: /lib/modules
- name: run - name: run
hostPath: hostPath:
path: /run path: /run
- name: host-rootfs
hostPath:
path: /
{{- end }} {{- end }}

9
tools/gate/funcs/common.sh
View File

@ -71,15 +71,6 @@ function base_install {
sdn_lb_support_install sdn_lb_support_install
fi fi
# NOTE(portdirect): Temp workaround until module loading is supported by
# OpenStack-Helm in Fedora
if [ "x$HOST_OS" == "xfedora" ]; then
sudo modprobe openvswitch
sudo modprobe ebtables
sudo modprobe gre
sudo modprobe vxlan
sudo modprobe ip6_tables
fi
} }
function json_to_yaml { function json_to_yaml {