openstack/kolla-ansible
Code Issues Proposed changes

Convert Neutron to thin containers

Browse Source 
*** Requires Docker 1.10 which is released ***

Documentation will be in the next patch. You must set the following
in your docker.service daemon control file for propogation to work:

    [Service]
    MountFlags=shared

======================================================================

Thanks to mount propagation in Docker 1.10 we can use thin containers
finally! This is extremely useful to operators since now they can
access the network namespaces from the hosts (outside the neutron
container). But additionally it allows us to implement the VPN agent
and other services easier.

Neutron containers and the neutron role are brought into the standards
of the new Kolla. Completely with drop-root and ansible formating
updates.

The ip_wrapper.py script was (thankfully) not needed so it has been
removed from the repo.

Partially-Implements: blueprint upgrade-neutron
Change-Id: Iaf5555283240457e1912459f397a6393d886fba1
This commit is contained in:
SamYaple 2016-01-26 19:50:43 +00:00
parent 2514bcf0c3
commit ddb7cd88c5
36 changed files with 325 additions and 265 deletions

8
ansible/inventory/all-in-one

@ -118,7 +118,13 @@ nova
[neutron-server:children]
neutron
[neutron-agents:children]
[neutron-dhcp-agent:children]
neutron
[neutron-l3-agent:children]
neutron
[neutron-metadata-agent:children]
neutron
# Cinder

8
ansible/inventory/multinode

@ -130,7 +130,13 @@ nova
[neutron-server:children]
control
[neutron-agents:children]
[neutron-dhcp-agent:children]
neutron
[neutron-l3-agent:children]
neutron
[neutron-metadata-agent:children]
neutron
# Cinder

34
ansible/roles/neutron/defaults/main.yml

@ -12,30 +12,38 @@ neutron_database_address: "{{ kolla_internal_address }}"
####################
# Docker
####################
neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-server"
neutron_server_tag: "{{ openstack_release }}"
neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}"
neutron_dhcp_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-dhcp-agent"
neutron_dhcp_agent_tag: "{{ openstack_release }}"
neutron_dhcp_agent_image_full: "{{ neutron_dhcp_agent_image }}:{{ neutron_dhcp_agent_tag }}"
neutron_agents_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-agents"
neutron_agents_tag: "{{ openstack_release }}"
neutron_agents_image_full: "{{ neutron_agents_image }}:{{ neutron_agents_tag }}"
neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-openvswitch-agent"
neutron_openvswitch_agent_tag: "{{ openstack_release }}"
neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}"
neutron_l3_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-l3-agent"
neutron_l3_agent_tag: "{{ openstack_release }}"
neutron_l3_agent_image_full: "{{ neutron_l3_agent_image }}:{{ neutron_l3_agent_tag }}"
neutron_linuxbridge_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-linuxbridge-agent"
neutron_linuxbridge_agent_tag: "{{ openstack_release }}"
neutron_linuxbridge_agent_image_full: "{{ neutron_linuxbridge_agent_image }}:{{ neutron_linuxbridge_agent_tag }}"
openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd"
openvswitch_vswitchd_tag: "{{ openstack_release }}"
openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}"
neutron_metadata_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-metadata-agent"
neutron_metadata_agent_tag: "{{ openstack_release }}"
neutron_metadata_agent_image_full: "{{ neutron_metadata_agent_image }}:{{ neutron_metadata_agent_tag }}"
neutron_openvswitch_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-openvswitch-agent"
neutron_openvswitch_agent_tag: "{{ openstack_release }}"
neutron_openvswitch_agent_image_full: "{{ neutron_openvswitch_agent_image }}:{{ neutron_openvswitch_agent_tag }}"
neutron_server_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-neutron-server"
neutron_server_tag: "{{ openstack_release }}"
neutron_server_image_full: "{{ neutron_server_image }}:{{ neutron_server_tag }}"
openvswitch_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-db-server"
openvswitch_db_tag: "{{ openstack_release }}"
openvswitch_db_image_full: "{{ openvswitch_db_image }}:{{ openvswitch_db_tag }}"
openvswitch_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ kolla_install_type }}-openvswitch-vswitchd"
openvswitch_vswitchd_tag: "{{ openstack_release }}"
openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitch_vswitchd_tag }}"
####################
# Openstack

4
ansible/roles/neutron/tasks/config-neutron-fake.yml

@ -14,7 +14,6 @@
with_sequence: start=1 end={{ num_nova_fake_per_node }}
when:
- inventory_hostname in groups['compute']
- enable_nova_fake | bool
- neutron_plugin_agent == "openvswitch"
- name: Copying over neutron.conf
@ -31,7 +30,6 @@
when:
- inventory_hostname in groups['compute']
- neutron_plugin_agent == "openvswitch"
- enable_nova_fake | bool
- name: Copying over ml2_conf.ini
merge_configs:
@ -43,5 +41,3 @@
when:
- inventory_hostname in groups['compute']
- neutron_plugin_agent == "openvswitch"
- enable_nova_fake | bool

43
ansible/roles/neutron/tasks/config.yml

@ -3,7 +3,7 @@
sysctl: name="net.ipv4.ip_forward" value=1 sysctl_set=yes
when:
- set_sysctl | bool
- inventory_hostname in groups['neutron-agents']
- inventory_hostname in groups['neutron-l3-agent']
- name: Disabling reverse path filter on network node
sysctl: name="net.ipv4.conf.{{ item }}.rp_filter" value=0 sysctl_set=yes
@ -12,7 +12,7 @@
- "default"
when:
- set_sysctl | bool
- inventory_hostname in groups['neutron-agents']
- inventory_hostname in groups['neutron-l3-agent']
- name: Ensuring config directories exist
file:
@ -20,8 +20,10 @@
state: "directory"
recurse: yes
with_items:
- "neutron-agents"
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-openvswitch-agent"
- "neutron-server"
- "openvswitch-db-server"
@ -32,8 +34,10 @@
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "neutron-agents"
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-openvswitch-agent"
- "neutron-server"
- "openvswitch-db-server"
@ -52,8 +56,10 @@
- "/etc/kolla/config/neutron/{{ item }}.conf"
dest: "{{ node_config_directory }}/{{ item }}/neutron.conf"
with_items:
- "neutron-agents"
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-openvswitch-agent"
- "neutron-server"
@ -66,10 +72,12 @@
- "/etc/kolla/config/neutron/ml2_conf.ini"
dest: "{{ node_config_directory }}/{{ item }}/ml2_conf.ini"
with_items:
- "neutron-server"
- "neutron-agents"
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-openvswitch-agent"
- "neutron-server"
- name: Copying over dhcp_agent.ini
merge_configs:
@ -80,12 +88,14 @@
- "/etc/kolla/config/neutron/dhcp_agent.ini"
dest: "{{ node_config_directory }}/{{ item }}/dhcp_agent.ini"
with_items:
- "neutron-agents"
- "neutron-dhcp-agent"
- name: Copying over dnsmasq.conf
template:
src: "dnsmasq.conf.j2"
dest: "{{ node_config_directory }}/neutron-agents/dnsmasq.conf"
dest: "{{ node_config_directory }}/{{ item }}/dnsmasq.conf"
with_items:
- "neutron-dhcp-agent"
- name: Copying over l3_agent.ini
merge_configs:
@ -96,7 +106,18 @@
- "/etc/kolla/config/neutron/l3_agent.ini"
dest: "{{ node_config_directory }}/{{ item }}/l3_agent.ini"
with_items:
- "neutron-agents"
- "neutron-l3-agent"
- name: Copying over fwaas_driver.ini
merge_configs:
vars:
service_name: "{{ item }}"
sources:
- "{{ role_path }}/templates/fwaas_driver.ini.j2"
- "/etc/kolla/config/neutron/fwaas_driver.ini"
dest: "{{ node_config_directory }}/{{ item }}/fwaas_driver.ini"
with_items:
- "neutron-l3-agent"
- name: Copying over metadata_agent.ini
merge_configs:
@ -107,4 +128,4 @@
- "/etc/kolla/config/neutron/metadata_agent.ini"
dest: "{{ node_config_directory }}/{{ item }}/metadata_agent.ini"
with_items:
- "neutron-agents"
- "neutron-metadata-agent"

16
ansible/roles/neutron/tasks/deploy.yml

@ -6,9 +6,11 @@
when: inventory_hostname in groups['neutron-server']
- include: config.yml
when: inventory_hostname in groups['compute'] or
inventory_hostname in groups['neutron-agents'] or
inventory_hostname in groups['neutron-server']
when: inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent']
or inventory_hostname in groups['neutron-server']
- include: config-neutron-fake.yml
when:
@ -19,6 +21,8 @@
when: inventory_hostname in groups['neutron-server']
- include: start.yml
when: inventory_hostname in groups['compute'] or
inventory_hostname in groups['neutron-agents'] or
inventory_hostname in groups['neutron-server']
when: inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent']
or inventory_hostname in groups['neutron-server']

4
ansible/roles/neutron/tasks/ironic-check.yml

@ -1,4 +1,6 @@
---
# TODO(SamYaple): run verification checks at start of playbook
- fail: msg="neutron_plugin_agent must use openvswitch with Ironic"
when: enable_ironic | bool and neutron_plugin_agent != "openvswitch"
when:
- enable_ironic | bool
- neutron_plugin_agent != "openvswitch"

40
ansible/roles/neutron/tasks/pull.yml

@ -1,10 +1,17 @@
---
- name: Pulling neutron-agents image
- name: Pulling neutron-dhcp-agent image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_agents_image_full }}"
when: inventory_hostname in groups['neutron-agents']
image: "{{ neutron_dhcp_agent_image_full }}"
when: inventory_hostname in groups['neutron-dhcp-agent']
- name: Pulling neutron-l3-agent image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_l3_agent_image_full }}"
when: inventory_hostname in groups['neutron-l3-agent']
- name: Pulling neutron-linuxbridge-agent image
kolla_docker:
@ -12,16 +19,29 @@
common_options: "{{ docker_common_options }}"
image: "{{ neutron_linuxbridge_agent_image_full }}"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "linuxbridge"
- name: Pulling neutron-metadata-agent image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_metadata_agent_image_full }}"
when: inventory_hostname in groups['neutron-metadata-agent']
- name: Pulling neutron-openvswitch-agent image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_openvswitch_agent_image_full }}"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "openvswitch"
- name: Pulling neutron-server image
@ -37,7 +57,10 @@
common_options: "{{ docker_common_options }}"
image: "{{ openvswitch_db_image_full }}"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "openvswitch"
- name: Pulling openvswitch-vswitchd image
@ -46,5 +69,8 @@
common_options: "{{ docker_common_options }}"
image: "{{ openvswitch_vswitchd_image_full }}"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "openvswitch"

81
ansible/roles/neutron/tasks/start.yml

@ -10,7 +10,10 @@
- "/run:/run"
- "openvswitch_db:/var/lib/openvswitch/"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "openvswitch"
- name: Ensuring OVS bridge is properly setup
@ -18,7 +21,10 @@
register: status
changed_when: status.stdout.find('changed') != -1
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "openvswitch"
- name: Starting openvswitch-vswitchd container
@ -33,7 +39,10 @@
- "/lib/modules:/lib/modules:ro"
- "/run:/run"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "openvswitch"
- name: Starting neutron-server container
@ -60,11 +69,22 @@
- "/run:/run"
- "/run/kolla/log:/dev/log"
when:
- (
( inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent']
and not enable_nova_fake | bool
) or
( inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent']
and enable_nova_fake | bool
)
)
- neutron_plugin_agent == "openvswitch"
- ((inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents']) and not (enable_nova_fake | bool)) or
((inventory_hostname in groups['neutron-agents']) and (enable_nova_fake | bool))
- name: Starting Neutron-openvswitch-agent container for fake nova compute
- name: Starting neutron-openvswitch-agent container for fake nova compute
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
@ -99,18 +119,55 @@
- "/run:/run"
- "/run/kolla/log:/dev/log"
when:
- (inventory_hostname in groups['compute'] or inventory_hostname in groups['neutron-agents'])
- (inventory_hostname in groups['compute']
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent'])
- neutron_plugin_agent == "linuxbridge"
- name: Starting neutron-agents container
- name: Starting neutron-dhcp-agent container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_agents_image_full }}"
name: "neutron_agents"
image: "{{ neutron_dhcp_agent_image_full }}"
name: "neutron_dhcp_agent"
privileged: True
volumes:
- "{{ node_config_directory }}/neutron-agents/:{{ container_config_directory }}/:ro"
- "{{ node_config_directory }}/neutron-dhcp-agent/:{{ container_config_directory }}/:ro"
- "/run/:/run/"
- "/run/kolla/log:/dev/log"
- "/run/netns/:/run/netns/:shared"
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
when:
- inventory_hostname in groups['neutron-dhcp-agent']
- name: Starting neutron-l3-agent container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_l3_agent_image_full }}"
name: "neutron_l3_agent"
privileged: True
volumes:
- "{{ node_config_directory }}/neutron-l3-agent/:{{ container_config_directory }}/:ro"
- "/run:/run"
- "/run/kolla/log:/dev/log"
when: inventory_hostname in groups['neutron-agents']
- "/run/netns/:/run/netns/:shared"
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
when:
- inventory_hostname in groups['neutron-l3-agent']
- name: Starting neutron-metadata-agent container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ neutron_metadata_agent_image_full }}"
name: "neutron_metadata_agent"
privileged: True
volumes:
- "{{ node_config_directory }}/neutron-metadata-agent/:{{ container_config_directory }}/:ro"
- "/run/kolla/log:/dev/log"
- "/run/netns/:/run/netns/:shared"
- "neutron_metadata_socket:/var/lib/neutron/kolla/"
when:
- inventory_hostname in groups['neutron-metadata-agent']

1
ansible/roles/neutron/templates/fwaas_driver.ini.j2 Normal file

@ -0,0 +1 @@
[fwaas]

26
ansible/roles/neutron/templates/neutron-agents.json.j2 → ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2

@ -1,5 +1,5 @@
{
"command": "",
"command": "neutron-dhcp-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
@ -7,6 +7,12 @@
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/dhcp_agent.ini",
"dest": "/etc/neutron/dhcp_agent.ini",
@ -18,24 +24,6 @@
"dest": "/etc/neutron/dnsmasq.conf",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/l3_agent.ini",
"dest": "/etc/neutron/l3_agent.ini",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/metadata_agent.ini",
"dest": "/etc/neutron/metadata_agent.ini",
"owner": "neutron",
"perm": "0600"
}
]
}

29
ansible/roles/neutron/templates/neutron-l3-agent.json.j2 Normal file

@ -0,0 +1,29 @@
{
"command": "neutron-l3-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
"dest": "/etc/neutron/neutron.conf",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/fwaas_driver.ini",
"dest": "/etc/neutron/fwaas_driver.ini",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/l3_agent.ini",
"dest": "/etc/neutron/l3_agent.ini",
"owner": "neutron",
"perm": "0600"
}
]
}

23
ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 Normal file

@ -0,0 +1,23 @@
{
"command": "neutron-metadata-agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini",
"config_files": [
{
"source": "{{ container_config_directory }}/neutron.conf",
"dest": "/etc/neutron/neutron.conf",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
},
{
"source": "{{ container_config_directory }}/metadata_agent.ini",
"dest": "/etc/neutron/metadata_agent.ini",
"owner": "neutron",
"perm": "0600"
}
]
}

5
ansible/roles/neutron/templates/neutron.conf.j2

@ -8,9 +8,12 @@ syslog_log_facility = LOG_LOCAL0
bind_host = {{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}
bind_port = {{ neutron_server_port }}
#lock_path = /var/lock/neutron
api_paste_config = /usr/share/neutron/api-paste.ini
# NOTE(SamYaple): We must specify this value here rather than the metadata conf
# because it is used by the l3 and dhcp agents. The reason the path has 'kolla'
# in it is because we are sharing this socket in a volume which is it's own dir
metadata_proxy_socket = /var/lib/neutron/kolla/metadata_proxy
{% if neutron_plugin_agent == "openvswitch" %}
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

2
ansible/roles/nova/tasks/config.yml

@ -15,7 +15,7 @@
- "default"
when:
- set_sysctl | bool
- inventory_hostname in groups['neutron-agents']
- inventory_hostname in groups['compute']
- name: Ensuring config directories exist
file:

4
ansible/site.yml

@ -94,7 +94,9 @@
- hosts:
- compute
- neutron-agents
- neutron-dhcp-agent
- neutron-l3-agent
- neutron-metadata-agent
- neutron-server
- rabbitmq
roles:

52
docker/neutron/neutron-agents/Dockerfile.j2

@ -1,52 +0,0 @@
FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }}
MAINTAINER {{ maintainer }}
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
RUN yum install -y \
openvswitch \
supervisor \
&& yum clean all
COPY supervisord.conf /etc/
{% elif base_distro in ['ubuntu', 'debian'] %}
RUN apt-get install -y --no-install-recommends supervisor \
&& apt-get clean
COPY supervisord.conf /etc/supervisor/
{% if install_type == 'binary' %}
RUN apt-get install -y --no-install-recommends \
neutron-metadata-agent \
neutron-dhcp-agent \
neutron-l3-agent \
&& apt-get clean
{% endif %}
{% endif %}
# TODO: SamYaple FWaaS is part of the l3-agent, not a separate agent that is
# why this file is needed. To support FWaaS we cannot have a separate container
# I need to figure out the best way to make this work together
#
# This file _does_ _not_ need to exist, you must remove referencing it from the
# exec line in the start script. Also all these config options can exist in the
# main neutron.conf if we wish
COPY fwaas_driver.ini /etc/neutron/
COPY neutron-dhcp-agent/ /var/lib/kolla/neutron-dhcp-agent
COPY neutron-l3-agent/ /var/lib/kolla/neutron-l3-agent
COPY neutron-metadata-agent/ /var/lib/kolla/neutron-metadata-agent
COPY config-sudoers.sh /var/lib/kolla/
COPY start.sh /
# We will remove this line in Docker 1.10 when namespace propagation works
VOLUME /run/netns
CMD ["/start.sh"]
{{ include_footer }}

12
docker/neutron/neutron-agents/config-sudoers.sh

@ -1,12 +0,0 @@
#!/bin/bash
# Neutron uses rootwrap which requires a tty for sudo.
# Since the container is running in daemon mode, a tty
# is not present and requiretty must be commented out.
if [ ! -f /sudo-modified ]; then
chmod 0640 /etc/sudoers
sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers
chmod 0440 /etc/sudoers
fi
touch /sudo-modified

1
docker/neutron/neutron-agents/fwaas_driver.ini

@ -1 +0,0 @@
neutron-l3-agent/fwaas_driver.ini

11
docker/neutron/neutron-agents/neutron-dhcp-agent/start.sh

@ -1,11 +0,0 @@
#!/bin/bash
set -o errexit
# Loading common functions.
source /var/lib/kolla/config-sudoers.sh
# Will be removed when neutron-agents is a thin container
CMD="neutron-dhcp-agent"
ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini"
exec $CMD $ARGS

3
docker/neutron/neutron-agents/neutron-l3-agent/fwaas_driver.ini

@ -1,3 +0,0 @@
[fwaas]
#driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
#enabled = True

11
docker/neutron/neutron-agents/neutron-l3-agent/start.sh

@ -1,11 +0,0 @@
#!/bin/bash
set -o errexit
# Loading common functions.
source /var/lib/kolla/config-sudoers.sh
# Will be removed when this container is broken out into thin containers
CMD="neutron-l3-agent"
ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-file /etc/neutron/fwaas_driver.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini"
exec $CMD $ARGS

11
docker/neutron/neutron-agents/neutron-metadata-agent/start.sh

@ -1,11 +0,0 @@
#!/bin/bash
set -o errexit
# Loading common functions.
source /var/lib/kolla/config-sudoers.sh
# Will be removed when this container is broken out in thin containers
CMD="neutron-metadata-agent"
ARGS="--config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini"
exec $CMD $ARGS

10
docker/neutron/neutron-agents/start.sh

@ -1,10 +0,0 @@
#!/bin/bash
set -o errexit
# We must remove all of the stale namespaces if they exist
rm -f /run/netns/*
# Processing /var/lib/kolla/config_files/config.json
python /usr/local/bin/kolla_set_configs
exec /usr/bin/supervisord

40
docker/neutron/neutron-agents/supervisord.conf

@ -1,40 +0,0 @@
[unix_http_server]
file = /var/run/supervisor.sock
[inet_http_server]
port = 127.0.0.1:9001
[supervisord]
nodaemon=true
logfile = /var/log/supervisor/supervisord.log
logfile_maxbytes = 200KB
logfile_backups = 1
pidfile = /var/run/supervisord.pid
childlogdir = /var/log/supervisor
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl = unix:///var/run/supervisor.sock
[program:neutron-dhcp-agent]
command=/var/lib/kolla/neutron-dhcp-agent/start.sh
priority=40
startsec=10
stderr_events_enabled=true
stdout_events_enabled=true
[program:neutron-metadata-agent]
command=/var/lib/kolla/neutron-metadata-agent/start.sh
priority=40
startsec=10
stderr_events_enabled=true
stdout_events_enabled=true
[program:neutron-l3-agent]
command=/var/lib/kolla/neutron-l3-agent/start.sh
priority=40
startsec=10
stderr_events_enabled=true
stdout_events_enabled=true

15
docker/neutron/neutron-base/Dockerfile.j2

@ -36,11 +36,12 @@ RUN yum -y install \
{% elif base_distro in ['ubuntu', 'debian'] %}
RUN apt-get install -y --no-install-recommends \
iptables \
arping \
dnsmasq \
uuid-runtime \
ipset \
iptables \
openvswitch-switch \
uuid-runtime \
&& apt-get clean
{% endif %}
@ -49,15 +50,17 @@ ADD neutron-base-archive /neutron-base-source
RUN ln -s neutron-base-source/* neutron \
&& useradd --user-group neutron \
&& /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /neutron \
&& mkdir -p /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \
&& mkdir -p /etc/neutron /usr/share/neutron /var/lib/neutron /var/log/neutron /home/neutron \
&& cp -r /neutron/etc/* /etc/neutron/ \
&& cp -r /neutron/etc/neutron/* /etc/neutron/ \
&& cp /neutron/etc/api-paste.ini /usr/share/neutron \
&& mv /etc/neutron/neutron/ /etc/neutron/plugins/ \
&& chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \
&& chown -R neutron: /etc/neutron /usr/share/neutron /var/lib/neutron /var/log/neutron /home/neutron \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf
{% endif %}
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start
COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers
RUN usermod -a -G kolla neutron \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/neutron_sudoers

11
docker/neutron/neutron-base/extend_start.sh

@ -1,11 +0,0 @@
#!/bin/bash
# Neutron uses rootwrap which requires a tty for sudo.
# Since the container is running in daemon mode, a tty
# is not present and requiretty must be commented out.
if [ ! -f /sudo-modified ]; then
chmod 0640 /etc/sudoers
sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers
chmod 0440 /etc/sudoers
touch /sudo-modified
fi

1
docker/neutron/neutron-base/neutron_sudoers Normal file

@ -0,0 +1 @@
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *

16
docker/neutron/neutron-dhcp-agent/Dockerfile.j2 Normal file

@ -0,0 +1,16 @@
FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }}
MAINTAINER {{ maintainer }}
{% if base_distro in ['ubuntu', 'debian'] %}
{% if install_type == 'binary' %}
RUN apt-get install -y --no-install-recommends \
neutron-dhcp-agent \
&& apt-get clean
{% endif %}
{% endif %}
{{ include_footer }}
USER neutron

16
docker/neutron/neutron-l3-agent/Dockerfile.j2 Normal file

@ -0,0 +1,16 @@
FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }}
MAINTAINER {{ maintainer }}
{% if base_distro in ['ubuntu', 'debian'] %}
{% if install_type == 'binary' %}
RUN apt-get install -y --no-install-recommends \
neutron-l3-agent \
&& apt-get clean
{% endif %}
{% endif %}
{{ include_footer }}
USER neutron

23
docker/neutron/neutron-metadata-agent/Dockerfile.j2 Normal file

@ -0,0 +1,23 @@
FROM {{ namespace }}/{{ image_prefix }}neutron-base:{{ tag }}
MAINTAINER {{ maintainer }}
{% if base_distro in ['ubuntu', 'debian'] %}
{% if install_type == 'binary' %}
RUN apt-get install -y --no-install-recommends \
neutron-metadata-agent \
&& apt-get clean
{% endif %}
{% endif %}
COPY neutron_sudoers /etc/sudoers.d/neutron_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/neutron_sudoers \
&& usermod -a -G kolla neutron
{{ include_footer }}
USER neutron

6
docker/neutron/neutron-metadata-agent/extend_start.sh Normal file

@ -0,0 +1,6 @@
#!/bin/bash
# Only update permissions if permissions need to be updated
if [[ $(stat -c %U:%G /var/lib/neutron/kolla) != "neutron:neutron" ]]; then
sudo chown neutron: /var/lib/neutron/kolla
fi

1
docker/neutron/neutron-metadata-agent/neutron_sudoers Normal file

@ -0,0 +1 @@
%kolla ALL=(root) NOPASSWD: /bin/chown neutron\: /var/lib/neutron/kolla, /usr/bin/chown neutron\: /var/lib/neutron/kolla

8
docker/neutron/neutron-openvswitch-agent/Dockerfile.j2

@ -18,14 +18,6 @@ RUN apt-get install -y --no-install-recommends \
neutron-plugin-openvswitch-agent \
&& apt-get clean
{% endif %}
{% elif install_type == 'source' %}
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
# Install required packages
RUN yum install -y openvswitch \
&& yum clean all
{% endif %}
{% endif %}

2
docker/neutron/neutron-server/Dockerfile.j2

@ -9,3 +9,5 @@ RUN chmod 755 /usr/local/bin/kolla_extend_start \
fi
{{ include_footer }}
USER neutron

12
docker/neutron/neutron-server/extend_start.sh

@ -3,16 +3,6 @@
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo -H -u neutron neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
exit 0
fi
# Neutron uses rootwrap which requires a tty for sudo.
# Since the container is running in daemon mode, a tty
# is not present and requiretty must be commented out.
if [ ! -f /sudo-modified ]; then
chmod 0640 /etc/sudoers
sed -i '/Defaults requiretty/s/^/#/' /etc/sudoers
chmod 0440 /etc/sudoers
touch /sudo-modified
fi