From f2fd735d510205d569c688495df501223ca07ae5 Mon Sep 17 00:00:00 2001
From: Eduardo Gonzalez <dabarren@gmail.com>
Date: Mon, 12 Jun 2017 17:07:33 +0200
Subject: [PATCH] Fix kuryr ansible deployment
Missing config options in kuryr.conf
Missing kuryr logging
Remove useless bootstrap task, justs create a directory
Wrong user permissions in config.json file.
Missing volumes
Missing container capabilities
Depends-On: I4c08a21df263fdefe1fe991cb7ad41cfee65019d
Change-Id: Id4577a78ebf3f1cda5ee36d14e2cc017f38e0f07
Closes-bug: #1697480
---
.../templates/conf/filter/01-rewrite.conf.j2 | 1 +
ansible/roles/kuryr/defaults/main.yml | 4 ++++
ansible/roles/kuryr/handlers/main.yml | 1 +
ansible/roles/kuryr/tasks/bootstrap.yml | 19 -------------------
ansible/roles/kuryr/tasks/config.yml | 1 +
ansible/roles/kuryr/tasks/deploy.yml | 2 --
ansible/roles/kuryr/tasks/upgrade.yml | 2 --
ansible/roles/kuryr/templates/kuryr.conf.j2 | 5 +++++
ansible/roles/kuryr/templates/kuryr.json.j2 | 9 ++++++++-
9 files changed, 20 insertions(+), 24 deletions(-)
delete mode 100644 ansible/roles/kuryr/tasks/bootstrap.yml
diff --git a/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 b/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2
index f56adb3c8f..6c4880b5d7 100644
--- a/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2
+++ b/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2
@@ -26,4 +26,5 @@
rewriterule23 programname ^(freezer-api|freezer-api_access|freezer-manage).* openstack_python
rewriterule24 programname ^(octavia-api|octavia-health-manager|octavia-housekeeping|octavia-worker).* openstack_python
rewriterule25 programname ^(zun-compute).* openstack_python
+ rewriterule26 programname ^(kuryr-server).* openstack_python
</match>
diff --git a/ansible/roles/kuryr/defaults/main.yml b/ansible/roles/kuryr/defaults/main.yml
index 0beda9cb64..25a2672b32 100644
--- a/ansible/roles/kuryr/defaults/main.yml
+++ b/ansible/roles/kuryr/defaults/main.yml
@@ -14,11 +14,15 @@ kuryr_services:
enabled: True
image: "{{ kuryr_image_full }}"
privileged: True
+ cap_add:
+ - NET_ADMIN
volumes:
- "{{ node_config_directory }}/kuryr/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
+ - "/lib/modules:/lib/modules:ro"
- "/run:/run:shared"
- "/usr/lib/docker:/usr/lib/docker"
+ - "kolla_logs:/var/log/kolla/"
####################
diff --git a/ansible/roles/kuryr/handlers/main.yml b/ansible/roles/kuryr/handlers/main.yml
index 84f8445da0..df37073aaa 100644
--- a/ansible/roles/kuryr/handlers/main.yml
+++ b/ansible/roles/kuryr/handlers/main.yml
@@ -13,6 +13,7 @@
name: "{{ service.container_name }}"
image: "{{ service.image }}"
privileged: "{{ service.privileged | default(False) }}"
+ cap_add: "{{ service.cap_add }}"
volumes: "{{ service.volumes }}"
when:
- action != "config"
diff --git a/ansible/roles/kuryr/tasks/bootstrap.yml b/ansible/roles/kuryr/tasks/bootstrap.yml
deleted file mode 100644
index c8fa0cff49..0000000000
--- a/ansible/roles/kuryr/tasks/bootstrap.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: Running Kuryr bootstrap container
- vars:
- kuryr: "{{ kuryr_services['kuryr'] }}"
- kolla_docker:
- action: "start_container"
- common_options: "{{ docker_common_options }}"
- detach: False
- environment:
- KOLLA_BOOTSTRAP:
- KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
- image: "{{ kuryr.image }}"
- labels:
- BOOTSTRAP:
- name: "bootstrap_kuryr"
- restart_policy: "never"
- volumes: "{{ kuryr.volumes }}"
- run_once: True
- delegate_to: "{{ groups[kuryr.group][0] }}"
diff --git a/ansible/roles/kuryr/tasks/config.yml b/ansible/roles/kuryr/tasks/config.yml
index 22e8154ef4..21d5f49584 100644
--- a/ansible/roles/kuryr/tasks/config.yml
+++ b/ansible/roles/kuryr/tasks/config.yml
@@ -81,6 +81,7 @@
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
privileged: "{{ item.value.privileged|default(False) }}"
+ cap_add: "{{ item.value.cap_add }}"
volumes: "{{ item.value.volumes }}"
register: check_kuryr_containers
when:
diff --git a/ansible/roles/kuryr/tasks/deploy.yml b/ansible/roles/kuryr/tasks/deploy.yml
index 864362ba5f..6b896c6e55 100644
--- a/ansible/roles/kuryr/tasks/deploy.yml
+++ b/ansible/roles/kuryr/tasks/deploy.yml
@@ -3,7 +3,5 @@
- include: config.yml
-- include: bootstrap.yml
-
- name: Flush handlers
meta: flush_handlers
diff --git a/ansible/roles/kuryr/tasks/upgrade.yml b/ansible/roles/kuryr/tasks/upgrade.yml
index 9eca42dec5..dd26ecc34d 100644
--- a/ansible/roles/kuryr/tasks/upgrade.yml
+++ b/ansible/roles/kuryr/tasks/upgrade.yml
@@ -1,7 +1,5 @@
---
- include: config.yml
-- include: bootstrap.yml
-
- name: Flush handlers
meta: flush_handlers
diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2
index 4cd7924848..04b94a0ec9 100644
--- a/ansible/roles/kuryr/templates/kuryr.conf.j2
+++ b/ansible/roles/kuryr/templates/kuryr.conf.j2
@@ -1,8 +1,13 @@
[DEFAULT]
kuryr_uri = http://{{ api_interface_address }}:{{ kuryr_port }}
debug = {{ kuryr_logging_debug }}
+log_dir = /var/log/kolla/kuryr
+
+capability_scope = global
+bindir = /var/lib/kolla/venv/libexec/kuryr
[binding]
+driver = kuryr.lib.binding.drivers.veth
[neutron]
auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
diff --git a/ansible/roles/kuryr/templates/kuryr.json.j2 b/ansible/roles/kuryr/templates/kuryr.json.j2
index 76602c1943..5a8d709266 100644
--- a/ansible/roles/kuryr/templates/kuryr.json.j2
+++ b/ansible/roles/kuryr/templates/kuryr.json.j2
@@ -4,7 +4,7 @@
{
"source": "{{ container_config_directory }}/kuryr.conf",
"dest": "/etc/kuryr/kuryr.conf",
- "owner": "root",
+ "owner": "kuryr",
"perm": "0600"
},
{
@@ -20,5 +20,12 @@
"perm": "0600",
"optional": true
}
+ ],
+ "permissions": [
+ {
+ "path": "/var/log/kolla/kuryr",
+ "owner": "kuryr:kolla",
+ "recurse": true
+ }
]
}