The current redhat derived bases that Kolla ships use libreswan instead
of openswan (even running 'yum install openswan' on these bases results
in libreswan being installed).
This means we need to use this device_driver in vpnaas_agent.ini. Also
/lib/modules is required from the host for the ipsec driver.
Change-Id: I94480cda06718ab4aa10250520fa58956151e33a
Closes-Bug: #1644518
When using both /run and /run/netns in docker container, mount
propagation won't work when delete namespace after the containers are
restarted. This PS makes /run mount as shared.
Closes-Bug: #1616268
Change-Id: Ie16699e1b193b2bf1263d89ea634e89ea69add9e
Currently Kolla operators are restricted to configuring one physical
network (physnet1).
This change along with ml2_conf.ini augmentation can be used to setup
multiple physical networks in openvswitch.
E.g. To configure two physical networks, physnet1 and physnet2, with
ports eth1 and eth2 associated respectively:
In /etc/kolla/globals.yml, set
neutron_bridge_name: "br-ex,br-ex2"
neutron_external_interface: "eth1,eth2"
In /etc/kolla/config/neutron/ml2_conf.ini
[ovs]
bridge_mappings = physnet1:br-ex,physnet2:br-ex2
Co-Authored-By: Mick Thompson <michael.a.thompson@oracle.com>
Closes-Bug: #1625700
DocImpact
Change-Id: I9454ca98d9b058368129123109ccc56f95519874
Introduces a new property "enable_neutron_dvr", along with the
appropriate service and template changes to allow DVR.
Closes-Bug: #1623463
DocImpact: dvr changes network data paths and adds requirements for NICs
Co-Authored-By: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Change-Id: I87a26e9258228ae2ccb76be1e5f0bb44fac128df
Networking-SFC is a neutron big-tent project support Service Function
Chaining in Neutron.
* Rename the image from neutron-networking-sfc-agent to
neutron-sfc-agent.
* Add networking-sfc role in playbooks.
Co-Authored-by: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Change-Id: I1f99650eed85f59929d4ab6b2226603c54f29577
Implements: blueprint enable-networking-sfc-support
* copy the ml2_conf.ini file to the container
* map the host /etc/localtime file to the container
* remove the output_file and wrap_with options in the lbaas_agent.ini
file, which are useless
* remove the interface_driver in the lbaas_agent, which is configured
in the neutron.conf file
* install net-tools package into the container, which is used by the
neutron-lbaas
Change-Id: Ia58d825e41d3b843d8c6e6b3c9ee1756c1aed1ac
Closes-Bug: #1606755
Previously, kolla did not support neutron lbaas functionality.
Only Lbaasv2 is supported in Mitaka. Additional information can
be found here:
http://docs.openstack.org/mitaka/networking-guide/adv-config-lbaas.html
Magnum uses Neutron Lbaas to provide high availability to COE API
and Etcd endpoints within a bay. Therefore, Neutron Lbaas is required
for Kolla to support Magnum.
Co-Authored-By: Serguei Bezverkhi <sbezverk@cisco.com>
Partial-Bug: #1551992
Change-Id: I05360b7c447c601fcb3c2b6b2a913ef5cc0f3a1b
The generic driver for manila need the neutron agents
and OVS / Linuxbridge running on the same node as manila_share.
This is necessary when the DHSS (Driver Handles Share Servers)
is the value "True", so that the manila_share can talk
with NFS manager.
Change-Id: I21904659b1789fa71118401bfb6ac2227ae564da
Partially-Implements: blueprint enable-manila-containers
The extend_start.sh script for rsyslog is removed as it is no longer
needed. Docker no longer binds to /dev/log or /run/kolla/log
Closes-Bug: #1544545
Change-Id: Ic0a323a26ee4e9e15baf4598285844a8a4955f23
*** Requires Docker 1.10 which is released ***
Documentation will be in the next patch. You must set the following
in your docker.service daemon control file for propogation to work:
[Service]
MountFlags=shared
======================================================================
Thanks to mount propagation in Docker 1.10 we can use thin containers
finally! This is extremely useful to operators since now they can
access the network namespaces from the hosts (outside the neutron
container). But additionally it allows us to implement the VPN agent
and other services easier.
Neutron containers and the neutron role are brought into the standards
of the new Kolla. Completely with drop-root and ansible formating
updates.
The ip_wrapper.py script was (thankfully) not needed so it has been
removed from the repo.
Partially-Implements: blueprint upgrade-neutron
Change-Id: Iaf5555283240457e1912459f397a6393d886fba1
Docker 1.10 has broken the gate and this patch will correct that
breakage.
The issue comes with rsyslog. Due to a commit in Docker 1.10 [1] we
must change the way we get the log socket for rsyslog. The /dev/
folder will no longer populate as we used it. So instead we simply
make a new socket in a path we control and share that to the correct
location in the containers.
Additionally, adjust the gate for new Docker daemon.
[1] https://github.com/docker/docker/pull/16639
Partially-Implements: blueprint kolla-upgrade
Change-Id: I881a2ecdf6d7b35991e1d38a3f3e60d022d6577f
This intentionally leaves out rabbitmq from this patchset. It will
require additional work to remove its data container
UpgradeImpact
Partially-Implements: blueprint docker-named-volumes
Change-Id: Id68b8e43a3c077ef4f4f4d67ea34d0692e66eef7
- See instructions in doc/nova-fake-driver.rst
Implements: blueprint nova-fake-driver
Change-Id: I553a40c2df39bdcc391eb1b8b2b8fd5f4ed48c33
Signed-off-by: Hui Kang <kangh@us.ibm.com>
Signed-off-by: Marcio D. Silva <marcios@us.ibm.com>
- this change moves the ovs_ensure_configured.sh file to the
openvswitch-db container.
- this change reorders the plays in ansible/roles/neutron/tasks/start.yml
to configure the ovs bridges before starting the vswitchd container.
Change-Id: Ied1a82d48377534c15680406df9a96caf3b79515
Closes-Bug: #1522133
sudo requires a tty to function by default on centos. Instead of
tweaking the sudo conf we can just add a tty. This has the added
advantage of making the containers more friendly if you have to
`docker exec -i <container> bash` into them.
Change-Id: If97a02ca1d37c243a787d98ade54bde8d641aecd
backport: liberty
Partially-Implements: blueprint functional-testing-gate
Ansible 1.9.2 contains the fix needed for docker-py >1.2.0
This is needed for some gate reasons, but it is also a good version
bump because it fixes a few issues with delegate_to.
Change-Id: Iafbabb3b0232620849d0548c5cd9d8d316c2b0f3
backport: liberty
Partially-Implements: blueprint functional-testing-gate
This brings Kolla images inline with FHS and should make finding
locations of things more consistent and reliable with the linux world
at large.
Change-Id: Iece5b4da4bace0fb8b1f41a65ab2c852ec73e6f8
Closes-Bug: #1485742
Neutron Agents is a special case for json support. Since it's a fat
container, there will be multiple commnds that will need to be run
in the container. In order to account for this, the commands will be
hardcoded until the agents are split out to their own containers.
The files will be copied the normal way.
Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: I9fc226cc7b82c2594db5814d30d453a29a4af8c0
Partially-Implements: blueprint replace-config-external
Closes-Bug: #1500566
This is only for the Neutron thin containers. The Neutron agents
are still in a fat container. I'll replace in another patch.
Change-Id: I8533af52bfa3f268aa8ffb1c16ae49f5a300da27
Partially-Implements: blueprint replace-config-external
Allows the user to configure neutron_plugin_agent value for Ansible.
Current allowed values are openvswitch and linuxbridge.
Implements: blueprint ansible-neutron-linuxbridge
Change-Id: I0572464a5459d2f9da09b6da22db16e240511f99
The neutron-agents l3 agent requires access to the OVS database via
access to /run. It also needs to have ovs-vsctl binary available in
the container.
Change-Id: I903537b570cd60c9bb1088e9408a5f6ea4988d8f
Closes-Bug: #1477376
Ansible will exec a script in the OVS container to ensure the bridge and
ports are properly setup. The script is idempotent.
Change-Id: I5adca595a4d2ef4edf26c9635cfa5ceb30ca4a59
Closes-Bug: #1466375
