kolla-ansible/ansible/roles/ovs-dpdk/defaults/main.yml
Michal Nasiadka 227008cf68 Change /run bind mount for neutron/openvswitch
Currently we have a very wide /run mount for all Neutron/OVS services,
which allows sudo/rootwrap to contact with the hosts dbus - all symptoms
are documented in the related bug.

Since we use tcp connections to OVS from Neutron agents - removing
bind mounts.

Closes-Bug: #1861792

Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
2020-02-20 09:09:12 +01:00

95 lines
4.3 KiB
YAML

---
####################
# Services
####################
ovsdpdk_services:
ovsdpdk-db:
container_name: "ovsdpdk_db"
image: "{{ ovsdpdk_db_image_full }}"
enabled: "{{ neutron_plugin_agent in ['openvswitch'] }}"
host_in_groups: >-
{{
inventory_hostname in groups['compute']
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent']
}}
volumes: "{{ ovsdpdk_db_default_volumes + ovsdpdk_db_extra_volumes }}"
dimensions: "{{ ovsdpdk_db_dimensions }}"
ovsdpdk-vswitchd:
container_name: "ovsdpdk_vswitchd"
image: "{{ ovsdpdk_vswitchd_image_full }}"
enabled: "{{ neutron_plugin_agent in ['openvswitch'] }}"
privileged: True
host_in_groups: >-
{{
inventory_hostname in groups['compute']
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
or inventory_hostname in groups['neutron-dhcp-agent']
or inventory_hostname in groups['neutron-l3-agent']
or inventory_hostname in groups['neutron-metadata-agent']
}}
volumes: "{{ ovsdpdk_vswitchd_default_volumes + ovsdpdk_vswitchd_extra_volumes }}"
dimensions: "{{ ovsdpdk_vswitchd_dimensions }}"
####################
# OVS
####################
ovs_bridge_mappings: "{% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}"
ovs_port_mappings: "{% for bridge in neutron_bridge_name.split(',') %} {{ neutron_external_interface.split(',')[loop.index0] }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}"
dpdk_tunnel_interface: "{{neutron_external_interface}}"
dpdk_tunnel_interface_address: "{{ 'dpdk_tunnel' | kolla_address }}"
tunnel_interface_network: "{{ hostvars[inventory_hostname]['ansible_' + dpdk_tunnel_interface]['ipv4']['network']}}/{{hostvars[inventory_hostname]['ansible_' + dpdk_tunnel_interface]['ipv4']['netmask']}}"
tunnel_interface_cidr: "{{dpdk_tunnel_interface_address}}/{{ tunnel_interface_network | ipaddr('prefix') }}"
ovs_cidr_mappings: "{% if neutron_bridge_name.split(',')|length != 1 %} {neutron_bridge_name.split(',')[0]}:{{ tunnel_interface_cidr }} {% else %} {{ neutron_bridge_name }}:{{ tunnel_interface_cidr }} {% endif %}"
ovs_mem_channels: 4
ovs_socket_mem: 1024
ovs_hugepage_mountpoint: /dev/hugepages
# ovs <2.7 required dpdk phyical port names to be index
# in pci address order as dpdkX where X is the index
# ovs>=2.7 allows arbitray names but the pci address
# must be set in a new dpdkdev-opt field
# valid values are indexed or named.
ovs_physical_port_policy: named
project_name: "ovs"
neutron_bridge_name: "br_dpdk"
####################
# Docker
####################
ovsdpdk_install_type: "{{ kolla_install_type }}"
ovsdpdk_tag: "{{ openstack_tag }}"
ovsdpdk_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovsdpdk_install_type }}-ovsdpdk-db"
ovsdpdk_db_tag: "{{ ovsdpdk_tag }}"
ovsdpdk_db_image_full: "{{ ovsdpdk_db_image }}:{{ ovsdpdk_db_tag }}"
ovsdpdk_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovsdpdk_install_type }}-ovsdpdk-vswitchd"
ovsdpdk_vswitchd_tag: "{{ ovsdpdk_tag }}"
ovsdpdk_vswitchd_image_full: "{{ ovsdpdk_vswitchd_image }}:{{ ovsdpdk_vswitchd_tag }}"
ovsdpdk_db_dimensions: "{{ default_container_dimensions }}"
ovsdpdk_vswitchd_dimensions: "{{ default_container_dimensions }}"
ovsdpdk_db_default_volumes:
- "{{ node_config_directory }}/ovsdpdk-db/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/run/openvswitch:/run/openvswitch:shared"
- "kolla_logs:/var/log/kolla/"
- "ovsdpdk_db:/var/lib/openvswitch/"
ovsdpdk_vswitchd_default_volumes:
- "{{ node_config_directory }}/ovsdpdk-vswitchd/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/lib/modules:/lib/modules:ro"
- "/run/openvswitch:/run/openvswitch:shared"
- "/dev:/dev:shared"
- "kolla_logs:/var/log/kolla/"
ovsdpdk_extra_volumes: "{{ default_extra_volumes }}"
ovsdpdk_db_extra_volumes: "{{ ovsdpdk_extra_volumes }}"
ovsdpdk_vswitchd_extra_volumes: "{{ ovsdpdk_extra_volumes }}"