From b32d456ea23fe9bb999c06b0c6942bd89c9c1108 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Tue, 15 Nov 2022 18:20:32 +0000
Subject: [PATCH] ovn: Change NB/SB connection setup to allow usage of
inactivity probe
We have been using --db-nb-create-insecure-remote=yes - that results
a TCP method is set by ovn-ctl script to run ovsdb-server.
Downside is - we can't configure inactivity probe on that connection.
Closes-Bug: #1917484
Change-Id: I550aa4fe92aadea2a49ca5aff49c0183609b9470
---
ansible/roles/ovn-db/defaults/main.yml | 12 +++++
ansible/roles/ovn-db/handlers/main.yml | 28 -----------
ansible/roles/ovn-db/tasks/bootstrap-db.yml | 48 +++++++++++++++++++
ansible/roles/ovn-db/tasks/deploy.yml | 5 ++
.../roles/ovn-db/templates/ovn-nb-db.json.j2 | 2 +-
.../roles/ovn-db/templates/ovn-sb-db.json.j2 | 2 +-
6 files changed, 67 insertions(+), 30 deletions(-)
create mode 100644 ansible/roles/ovn-db/tasks/bootstrap-db.yml
diff --git a/ansible/roles/ovn-db/defaults/main.yml b/ansible/roles/ovn-db/defaults/main.yml
index 7ce7895815..ab97210185 100644
--- a/ansible/roles/ovn-db/defaults/main.yml
+++ b/ansible/roles/ovn-db/defaults/main.yml
@@ -63,3 +63,15 @@ ovn_db_extra_volumes: "{{ default_extra_volumes }}"
ovn_northd_extra_volumes: "{{ ovn_db_extra_volumes }}"
ovn_nb_db_extra_volumes: "{{ ovn_db_extra_volumes }}"
ovn_sb_db_extra_volumes: "{{ ovn_db_extra_volumes }}"
+
+#####
+# OVN
+#####
+# Configure OVN remote probe interval time in ms
+ovn_remote_probe_interval: "60000"
+# Configure OVN openflow interval in s
+ovn_openflow_probe_interval: "60"
+# Configure OVN DB inactivity probe time in ms
+ovn_db_inactivity_probe: "60000"
+ovn_sb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}"
+ovn_nb_db_inactivity_probe: "{{ ovn_db_inactivity_probe }}"
diff --git a/ansible/roles/ovn-db/handlers/main.yml b/ansible/roles/ovn-db/handlers/main.yml
index 8c9c15a356..88939501dd 100644
--- a/ansible/roles/ovn-db/handlers/main.yml
+++ b/ansible/roles/ovn-db/handlers/main.yml
@@ -29,34 +29,6 @@
when:
- kolla_action != "config"
-- name: Wait for ovn-nb-db
- wait_for:
- host: "{{ api_interface_address }}"
- port: "{{ ovn_nb_db_port }}"
- connect_timeout: 1
- timeout: 60
- register: check_ovn_nb_db_port
- until: check_ovn_nb_db_port is success
- retries: 10
- delay: 6
- listen: "Restart ovn-nb-db container"
- when:
- - kolla_action != "config"
-
-- name: Wait for ovn-sb-db
- wait_for:
- host: "{{ api_interface_address }}"
- port: "{{ ovn_sb_db_port }}"
- connect_timeout: 1
- timeout: 60
- register: check_ovn_sb_db_port
- until: check_ovn_sb_db_port is success
- retries: 10
- delay: 6
- listen: "Restart ovn-sb-db container"
- when:
- - kolla_action != "config"
-
- name: Restart ovn-northd container
vars:
service_name: "ovn-northd"
diff --git a/ansible/roles/ovn-db/tasks/bootstrap-db.yml b/ansible/roles/ovn-db/tasks/bootstrap-db.yml
new file mode 100644
index 0000000000..55bd13deb7
--- /dev/null
+++ b/ansible/roles/ovn-db/tasks/bootstrap-db.yml
@@ -0,0 +1,48 @@
+---
+- name: Get OVN_Northbound cluster leader
+ become: true
+ command: "docker exec ovn_nb_db ovs-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/status OVN_Northbound"
+ changed_when: False
+ register: ovn_nb_cluster_status
+
+- name: Configure OVN NB connection settings
+ vars:
+ search_string: "Role: leader"
+ become: true
+ command: "docker exec ovn_nb_db ovn-nbctl --inactivity-probe={{ ovn_nb_db_inactivity_probe }} set-connection ptcp:{{ ovn_nb_db_port }}:0.0.0.0"
+ when: ovn_nb_cluster_status is search(search_string)
+
+- name: Get OVN_Southbound cluster leader
+ become: true
+ command: "docker exec ovn_sb_db ovs-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/status OVN_Southbound"
+ changed_when: False
+ register: ovn_sb_cluster_status
+
+- name: Configure OVN SB connection settings
+ vars:
+ search_string: "Role: leader"
+ become: true
+ command: "docker exec ovn_sb_db ovn-sbctl --inactivity-probe={{ ovn_sb_db_inactivity_probe }} set-connection ptcp:{{ ovn_sb_db_port }}:0.0.0.0"
+ when: ovn_sb_cluster_status is search(search_string)
+
+- name: Wait for ovn-nb-db
+ wait_for:
+ host: "{{ api_interface_address }}"
+ port: "{{ ovn_nb_db_port }}"
+ connect_timeout: 1
+ timeout: 60
+ register: check_ovn_nb_db_port
+ until: check_ovn_nb_db_port is success
+ retries: 10
+ delay: 6
+
+- name: Wait for ovn-sb-db
+ wait_for:
+ host: "{{ api_interface_address }}"
+ port: "{{ ovn_sb_db_port }}"
+ connect_timeout: 1
+ timeout: 60
+ register: check_ovn_sb_db_port
+ until: check_ovn_sb_db_port is success
+ retries: 10
+ delay: 6
diff --git a/ansible/roles/ovn-db/tasks/deploy.yml b/ansible/roles/ovn-db/tasks/deploy.yml
index 49edff81e3..1c68ca7eca 100644
--- a/ansible/roles/ovn-db/tasks/deploy.yml
+++ b/ansible/roles/ovn-db/tasks/deploy.yml
@@ -5,3 +5,8 @@
- name: Flush handlers
meta: flush_handlers
+
+- import_tasks: bootstrap-db.yml
+ when:
+ - inventory_hostname in groups['ovn-nb-db']
+ - inventory_hostname in groups['ovn-sb-db']
diff --git a/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2 b/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2
index bc10ebd5c8..a977a4882c 100644
--- a/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2
+++ b/ansible/roles/ovn-db/templates/ovn-nb-db.json.j2
@@ -1,5 +1,5 @@
{
- "command": "/usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb --db-nb-create-insecure-remote=yes --db-nb-addr={{ api_interface_address | put_address_in_context('url') }} --db-nb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-nb-db'] | length > 1 and inventory_hostname != groups['ovn-nb-db'][0] %} --db-nb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-nb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-nb-sock=/run/ovn/ovnnb_db.sock --db-nb-pid=/run/ovn/ovnnb_db.pid --db-nb-file=/var/lib/openvswitch/ovn-nb/ovnnb.db --ovn-nb-logfile=/var/log/kolla/openvswitch/ovn-nb-db.log",
+ "command": "/usr/share/ovn/scripts/ovn-ctl run_nb_ovsdb --db-nb-addr={{ api_interface_address | put_address_in_context('url') }} --db-nb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-nb-db'] | length > 1 and inventory_hostname != groups['ovn-nb-db'][0] %} --db-nb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-nb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-nb-sock=/run/ovn/ovnnb_db.sock --db-nb-pid=/run/ovn/ovnnb_db.pid --db-nb-file=/var/lib/openvswitch/ovn-nb/ovnnb.db --ovn-nb-logfile=/var/log/kolla/openvswitch/ovn-nb-db.log",
"permissions": [
{
"path": "/var/log/kolla/openvswitch",
diff --git a/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2 b/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2
index 8d3d746394..4d693e6325 100644
--- a/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2
+++ b/ansible/roles/ovn-db/templates/ovn-sb-db.json.j2
@@ -1,5 +1,5 @@
{
- "command": "/usr/share/ovn/scripts/ovn-ctl run_sb_ovsdb --db-sb-create-insecure-remote=yes --db-sb-addr={{ api_interface_address | put_address_in_context('url') }} --db-sb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-sb-db'] | length > 1 and inventory_hostname != groups['ovn-sb-db'][0] %} --db-sb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-sb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-sb-sock=/run/ovn/ovnsb_db.sock --db-sb-pid=/run/ovn/ovnsb_db.pid --db-sb-file=/var/lib/openvswitch/ovn-sb/ovnsb.db --ovn-sb-logfile=/var/log/kolla/openvswitch/ovn-sb-db.log",
+ "command": "/usr/share/ovn/scripts/ovn-ctl run_sb_ovsdb --db-sb-addr={{ api_interface_address | put_address_in_context('url') }} --db-sb-cluster-local-addr={{ api_interface_address | put_address_in_context('url') }} {% if groups['ovn-sb-db'] | length > 1 and inventory_hostname != groups['ovn-sb-db'][0] %} --db-sb-cluster-remote-addr={{ 'api' | kolla_address(groups['ovn-sb-db'][0]) | put_address_in_context('url') }} {% endif %} --db-sb-sock=/run/ovn/ovnsb_db.sock --db-sb-pid=/run/ovn/ovnsb_db.pid --db-sb-file=/var/lib/openvswitch/ovn-sb/ovnsb.db --ovn-sb-logfile=/var/log/kolla/openvswitch/ovn-sb-db.log",
"permissions": [
{
"path": "/var/log/kolla/openvswitch",