From b4897d0385f72afafc88808cc2b0c58244aacac5 Mon Sep 17 00:00:00 2001 From: Hongbin Lu Date: Sun, 22 Apr 2018 17:18:35 +0000 Subject: [PATCH] Configure kuryr not creating SGs Zun will manage security groups by itself so it is unnecessary for kuryr to create additional security groups if it is used with Zun. Disable it will significant improve the performance on starting/stopping containers. Depends-On: I6d6d176512e6b30bb7372408aec1a7bac12335ab Change-Id: Ic281e17ef3920c0e85c3b52b97e1b43887040caf --- devstack/local.conf.sample | 1 + devstack/local.conf.subnode.sample | 1 + doc/source/install/compute-install-ubuntu.rst | 4 +++- playbooks/zun-devstack-base-multinode/run.yaml | 1 + playbooks/zun-devstack-base/run.yaml | 1 + 5 files changed, 7 insertions(+), 1 deletion(-) diff --git a/devstack/local.conf.sample b/devstack/local.conf.sample index 77024663f..e10dba6fe 100644 --- a/devstack/local.conf.sample +++ b/devstack/local.conf.sample @@ -16,6 +16,7 @@ enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devs # but we must change it to `global` in the multinode scenario. KURYR_CAPABILITY_SCOPE=global KURYR_ETCD_PORT=2379 +KURYR_PROCESS_EXTERNAL_CONNECTIVITY=False enable_plugin kuryr-libnetwork https://git.openstack.org/openstack/kuryr-libnetwork # install python-zunclient from git diff --git a/devstack/local.conf.subnode.sample b/devstack/local.conf.subnode.sample index 422fa7d50..748743923 100644 --- a/devstack/local.conf.subnode.sample +++ b/devstack/local.conf.subnode.sample @@ -9,6 +9,7 @@ enable_plugin devstack-plugin-container https://git.openstack.org/openstack/devs enable_plugin zun https://git.openstack.org/openstack/zun KURYR_CAPABILITY_SCOPE=global +KURYR_PROCESS_EXTERNAL_CONNECTIVITY=False enable_plugin kuryr-libnetwork https://git.openstack.org/openstack/kuryr-libnetwork # Following is for multi host settings diff --git a/doc/source/install/compute-install-ubuntu.rst b/doc/source/install/compute-install-ubuntu.rst index e0892ebf9..b61f6063b 100644 --- a/doc/source/install/compute-install-ubuntu.rst +++ b/doc/source/install/compute-install-ubuntu.rst @@ -204,13 +204,15 @@ Install and configure components # systemctl restart docker * Edit the Kuryr config file ``/etc/kuryr/kuryr.conf``. - Set capability_scope to global: + Set ``capability_scope`` to ``global`` and + ``process_external_connectivity`` to ``False``: .. code-block:: ini [DEFAULT] ... capability_scope = global + process_external_connectivity = False * Restart Kuryr-libnetwork: diff --git a/playbooks/zun-devstack-base-multinode/run.yaml b/playbooks/zun-devstack-base-multinode/run.yaml index 9cd705060..032ca0247 100644 --- a/playbooks/zun-devstack-base-multinode/run.yaml +++ b/playbooks/zun-devstack-base-multinode/run.yaml @@ -32,6 +32,7 @@ enable_plugin zun git://git.openstack.org/openstack/zun LIBS_FROM_GIT="python-zunclient" KURYR_CAPABILITY_SCOPE=global + KURYR_PROCESS_EXTERNAL_CONNECTIVITY=False EOF executable: /bin/bash diff --git a/playbooks/zun-devstack-base/run.yaml b/playbooks/zun-devstack-base/run.yaml index 5b39b8e3e..c7e983eac 100644 --- a/playbooks/zun-devstack-base/run.yaml +++ b/playbooks/zun-devstack-base/run.yaml @@ -31,6 +31,7 @@ [[local|localrc]] enable_plugin zun git://git.openstack.org/openstack/zun LIBS_FROM_GIT="python-zunclient" + KURYR_PROCESS_EXTERNAL_CONNECTIVITY=False EOF executable: /bin/bash