227008cf68
Currently we have a very wide /run mount for all Neutron/OVS services, which allows sudo/rootwrap to contact with the hosts dbus - all symptoms are documented in the related bug. Since we use tcp connections to OVS from Neutron agents - removing bind mounts. Closes-Bug: #1861792 Change-Id: Ifee4bec7b2e9ef4e2d624b1411f1a9e6332325c6
95 lines
4.3 KiB
YAML
95 lines
4.3 KiB
YAML
---
|
|
####################
|
|
# Services
|
|
####################
|
|
|
|
ovsdpdk_services:
|
|
ovsdpdk-db:
|
|
container_name: "ovsdpdk_db"
|
|
image: "{{ ovsdpdk_db_image_full }}"
|
|
enabled: "{{ neutron_plugin_agent in ['openvswitch'] }}"
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['compute']
|
|
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
|
|
or inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
}}
|
|
volumes: "{{ ovsdpdk_db_default_volumes + ovsdpdk_db_extra_volumes }}"
|
|
dimensions: "{{ ovsdpdk_db_dimensions }}"
|
|
ovsdpdk-vswitchd:
|
|
container_name: "ovsdpdk_vswitchd"
|
|
image: "{{ ovsdpdk_vswitchd_image_full }}"
|
|
enabled: "{{ neutron_plugin_agent in ['openvswitch'] }}"
|
|
privileged: True
|
|
host_in_groups: >-
|
|
{{
|
|
inventory_hostname in groups['compute']
|
|
or (enable_manila | bool and inventory_hostname in groups['manila-share'])
|
|
or inventory_hostname in groups['neutron-dhcp-agent']
|
|
or inventory_hostname in groups['neutron-l3-agent']
|
|
or inventory_hostname in groups['neutron-metadata-agent']
|
|
}}
|
|
volumes: "{{ ovsdpdk_vswitchd_default_volumes + ovsdpdk_vswitchd_extra_volumes }}"
|
|
dimensions: "{{ ovsdpdk_vswitchd_dimensions }}"
|
|
|
|
####################
|
|
# OVS
|
|
####################
|
|
ovs_bridge_mappings: "{% for bridge in neutron_bridge_name.split(',') %}physnet{{ loop.index0 + 1 }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}"
|
|
ovs_port_mappings: "{% for bridge in neutron_bridge_name.split(',') %} {{ neutron_external_interface.split(',')[loop.index0] }}:{{ bridge }}{% if not loop.last %},{% endif %}{% endfor %}"
|
|
dpdk_tunnel_interface: "{{neutron_external_interface}}"
|
|
dpdk_tunnel_interface_address: "{{ 'dpdk_tunnel' | kolla_address }}"
|
|
tunnel_interface_network: "{{ hostvars[inventory_hostname]['ansible_' + dpdk_tunnel_interface]['ipv4']['network']}}/{{hostvars[inventory_hostname]['ansible_' + dpdk_tunnel_interface]['ipv4']['netmask']}}"
|
|
tunnel_interface_cidr: "{{dpdk_tunnel_interface_address}}/{{ tunnel_interface_network | ipaddr('prefix') }}"
|
|
ovs_cidr_mappings: "{% if neutron_bridge_name.split(',')|length != 1 %} {neutron_bridge_name.split(',')[0]}:{{ tunnel_interface_cidr }} {% else %} {{ neutron_bridge_name }}:{{ tunnel_interface_cidr }} {% endif %}"
|
|
ovs_mem_channels: 4
|
|
ovs_socket_mem: 1024
|
|
ovs_hugepage_mountpoint: /dev/hugepages
|
|
|
|
# ovs <2.7 required dpdk phyical port names to be index
|
|
# in pci address order as dpdkX where X is the index
|
|
# ovs>=2.7 allows arbitray names but the pci address
|
|
# must be set in a new dpdkdev-opt field
|
|
# valid values are indexed or named.
|
|
ovs_physical_port_policy: named
|
|
|
|
project_name: "ovs"
|
|
neutron_bridge_name: "br_dpdk"
|
|
|
|
|
|
####################
|
|
# Docker
|
|
####################
|
|
ovsdpdk_install_type: "{{ kolla_install_type }}"
|
|
ovsdpdk_tag: "{{ openstack_tag }}"
|
|
|
|
ovsdpdk_db_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovsdpdk_install_type }}-ovsdpdk-db"
|
|
ovsdpdk_db_tag: "{{ ovsdpdk_tag }}"
|
|
ovsdpdk_db_image_full: "{{ ovsdpdk_db_image }}:{{ ovsdpdk_db_tag }}"
|
|
|
|
ovsdpdk_vswitchd_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ ovsdpdk_install_type }}-ovsdpdk-vswitchd"
|
|
ovsdpdk_vswitchd_tag: "{{ ovsdpdk_tag }}"
|
|
ovsdpdk_vswitchd_image_full: "{{ ovsdpdk_vswitchd_image }}:{{ ovsdpdk_vswitchd_tag }}"
|
|
ovsdpdk_db_dimensions: "{{ default_container_dimensions }}"
|
|
ovsdpdk_vswitchd_dimensions: "{{ default_container_dimensions }}"
|
|
|
|
ovsdpdk_db_default_volumes:
|
|
- "{{ node_config_directory }}/ovsdpdk-db/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/run/openvswitch:/run/openvswitch:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
- "ovsdpdk_db:/var/lib/openvswitch/"
|
|
ovsdpdk_vswitchd_default_volumes:
|
|
- "{{ node_config_directory }}/ovsdpdk-vswitchd/:{{ container_config_directory }}/:ro"
|
|
- "/etc/localtime:/etc/localtime:ro"
|
|
- "/lib/modules:/lib/modules:ro"
|
|
- "/run/openvswitch:/run/openvswitch:shared"
|
|
- "/dev:/dev:shared"
|
|
- "kolla_logs:/var/log/kolla/"
|
|
|
|
ovsdpdk_extra_volumes: "{{ default_extra_volumes }}"
|
|
ovsdpdk_db_extra_volumes: "{{ ovsdpdk_extra_volumes }}"
|
|
ovsdpdk_vswitchd_extra_volumes: "{{ ovsdpdk_extra_volumes }}"
|