From f2fd735d510205d569c688495df501223ca07ae5 Mon Sep 17 00:00:00 2001 From: Eduardo Gonzalez Date: Mon, 12 Jun 2017 17:07:33 +0200 Subject: [PATCH] Fix kuryr ansible deployment Missing config options in kuryr.conf Missing kuryr logging Remove useless bootstrap task, justs create a directory Wrong user permissions in config.json file. Missing volumes Missing container capabilities Depends-On: I4c08a21df263fdefe1fe991cb7ad41cfee65019d Change-Id: Id4577a78ebf3f1cda5ee36d14e2cc017f38e0f07 Closes-bug: #1697480 --- .../templates/conf/filter/01-rewrite.conf.j2 | 1 + ansible/roles/kuryr/defaults/main.yml | 4 ++++ ansible/roles/kuryr/handlers/main.yml | 1 + ansible/roles/kuryr/tasks/bootstrap.yml | 19 ------------------- ansible/roles/kuryr/tasks/config.yml | 1 + ansible/roles/kuryr/tasks/deploy.yml | 2 -- ansible/roles/kuryr/tasks/upgrade.yml | 2 -- ansible/roles/kuryr/templates/kuryr.conf.j2 | 5 +++++ ansible/roles/kuryr/templates/kuryr.json.j2 | 9 ++++++++- 9 files changed, 20 insertions(+), 24 deletions(-) delete mode 100644 ansible/roles/kuryr/tasks/bootstrap.yml diff --git a/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 b/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 index f56adb3c8f..6c4880b5d7 100644 --- a/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 +++ b/ansible/roles/common/templates/conf/filter/01-rewrite.conf.j2 @@ -26,4 +26,5 @@ rewriterule23 programname ^(freezer-api|freezer-api_access|freezer-manage).* openstack_python rewriterule24 programname ^(octavia-api|octavia-health-manager|octavia-housekeeping|octavia-worker).* openstack_python rewriterule25 programname ^(zun-compute).* openstack_python + rewriterule26 programname ^(kuryr-server).* openstack_python diff --git a/ansible/roles/kuryr/defaults/main.yml b/ansible/roles/kuryr/defaults/main.yml index 0beda9cb64..25a2672b32 100644 --- a/ansible/roles/kuryr/defaults/main.yml +++ b/ansible/roles/kuryr/defaults/main.yml @@ -14,11 +14,15 @@ kuryr_services: enabled: True image: "{{ kuryr_image_full }}" privileged: True + cap_add: + - NET_ADMIN volumes: - "{{ node_config_directory }}/kuryr/:{{ container_config_directory }}/:ro" - "/etc/localtime:/etc/localtime:ro" + - "/lib/modules:/lib/modules:ro" - "/run:/run:shared" - "/usr/lib/docker:/usr/lib/docker" + - "kolla_logs:/var/log/kolla/" #################### diff --git a/ansible/roles/kuryr/handlers/main.yml b/ansible/roles/kuryr/handlers/main.yml index 84f8445da0..df37073aaa 100644 --- a/ansible/roles/kuryr/handlers/main.yml +++ b/ansible/roles/kuryr/handlers/main.yml @@ -13,6 +13,7 @@ name: "{{ service.container_name }}" image: "{{ service.image }}" privileged: "{{ service.privileged | default(False) }}" + cap_add: "{{ service.cap_add }}" volumes: "{{ service.volumes }}" when: - action != "config" diff --git a/ansible/roles/kuryr/tasks/bootstrap.yml b/ansible/roles/kuryr/tasks/bootstrap.yml deleted file mode 100644 index c8fa0cff49..0000000000 --- a/ansible/roles/kuryr/tasks/bootstrap.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: Running Kuryr bootstrap container - vars: - kuryr: "{{ kuryr_services['kuryr'] }}" - kolla_docker: - action: "start_container" - common_options: "{{ docker_common_options }}" - detach: False - environment: - KOLLA_BOOTSTRAP: - KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" - image: "{{ kuryr.image }}" - labels: - BOOTSTRAP: - name: "bootstrap_kuryr" - restart_policy: "never" - volumes: "{{ kuryr.volumes }}" - run_once: True - delegate_to: "{{ groups[kuryr.group][0] }}" diff --git a/ansible/roles/kuryr/tasks/config.yml b/ansible/roles/kuryr/tasks/config.yml index 22e8154ef4..21d5f49584 100644 --- a/ansible/roles/kuryr/tasks/config.yml +++ b/ansible/roles/kuryr/tasks/config.yml @@ -81,6 +81,7 @@ name: "{{ item.value.container_name }}" image: "{{ item.value.image }}" privileged: "{{ item.value.privileged|default(False) }}" + cap_add: "{{ item.value.cap_add }}" volumes: "{{ item.value.volumes }}" register: check_kuryr_containers when: diff --git a/ansible/roles/kuryr/tasks/deploy.yml b/ansible/roles/kuryr/tasks/deploy.yml index 864362ba5f..6b896c6e55 100644 --- a/ansible/roles/kuryr/tasks/deploy.yml +++ b/ansible/roles/kuryr/tasks/deploy.yml @@ -3,7 +3,5 @@ - include: config.yml -- include: bootstrap.yml - - name: Flush handlers meta: flush_handlers diff --git a/ansible/roles/kuryr/tasks/upgrade.yml b/ansible/roles/kuryr/tasks/upgrade.yml index 9eca42dec5..dd26ecc34d 100644 --- a/ansible/roles/kuryr/tasks/upgrade.yml +++ b/ansible/roles/kuryr/tasks/upgrade.yml @@ -1,7 +1,5 @@ --- - include: config.yml -- include: bootstrap.yml - - name: Flush handlers meta: flush_handlers diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2 index 4cd7924848..04b94a0ec9 100644 --- a/ansible/roles/kuryr/templates/kuryr.conf.j2 +++ b/ansible/roles/kuryr/templates/kuryr.conf.j2 @@ -1,8 +1,13 @@ [DEFAULT] kuryr_uri = http://{{ api_interface_address }}:{{ kuryr_port }} debug = {{ kuryr_logging_debug }} +log_dir = /var/log/kolla/kuryr + +capability_scope = global +bindir = /var/lib/kolla/venv/libexec/kuryr [binding] +driver = kuryr.lib.binding.drivers.veth [neutron] auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} diff --git a/ansible/roles/kuryr/templates/kuryr.json.j2 b/ansible/roles/kuryr/templates/kuryr.json.j2 index 76602c1943..5a8d709266 100644 --- a/ansible/roles/kuryr/templates/kuryr.json.j2 +++ b/ansible/roles/kuryr/templates/kuryr.json.j2 @@ -4,7 +4,7 @@ { "source": "{{ container_config_directory }}/kuryr.conf", "dest": "/etc/kuryr/kuryr.conf", - "owner": "root", + "owner": "kuryr", "perm": "0600" }, { @@ -20,5 +20,12 @@ "perm": "0600", "optional": true } + ], + "permissions": [ + { + "path": "/var/log/kolla/kuryr", + "owner": "kuryr:kolla", + "recurse": true + } ] }