Move n-ovs-agent to Kubernetes

Change-Id: I8e6d62341b327137c69585a26a3d37cf5554ea08
2020-08-19 08:38:25 -04:00
parent 0b8ebbe7ae
commit 7bb267c7f9
12 changed files with 229 additions and 4 deletions
--- a/devstack/lib/neutron-legacy
+++ b/devstack/lib/neutron-legacy
@@ -87,6 +87,26 @@ function start_neutron_service_and_check {
 }
 export -f start_neutron_service_and_check
 function start_mutnauq_l2_agent {
 	kubernetes_rollout_restart daemonset/neutron-openvswitch-agent
 	kubernetes_rollout_status daemonset/neutron-openvswitch-agent
 	if is_provider_network && [[ $Q_AGENT == "openvswitch" ]]; then
 		sudo ovs-vsctl --no-wait -- --may-exist add-port $OVS_PHYSICAL_BRIDGE $PUBLIC_INTERFACE
 		sudo ip link set $OVS_PHYSICAL_BRIDGE up
 		sudo ip link set br-int up
 		sudo ip link set $PUBLIC_INTERFACE up
 		if is_ironic_hardware; then
 			for IP in $(ip addr show dev $PUBLIC_INTERFACE | grep ' inet ' | awk '{print $2}'); do
 				sudo ip addr del $IP dev $PUBLIC_INTERFACE
 				sudo ip addr add $IP dev $OVS_PHYSICAL_BRIDGE
 			done
 			sudo ip route replace $FIXED_RANGE via $NETWORK_GATEWAY dev $OVS_PHYSICAL_BRIDGE
 		fi
 	fi
 }
 export -f start_neutron_agents
 function _configure_neutron_common {
 	_create_neutron_conf_dir
--- a/images/neutron/Dockerfile
+++ b/images/neutron/Dockerfile
@@ -25,3 +25,7 @@ CMD ["/usr/local/bin/uwsgi", "--ini", "/etc/uwsgi/uwsgi.ini"]
 FROM neutron-base AS neutron-rpc-server
 COPY neutron-rpc-server /usr/local/bin/neutron-rpc-server
 CMD ["/usr/local/bin/neutron-rpc-server"]
 FROM neutron-base AS neutron-openvswitch-agent
 COPY neutron-openvswitch-agent /usr/local/bin/neutron-openvswitch-agent
 CMD ["/usr/local/bin/neutron-openvswitch-agent", "--config-file", "/etc/neutron/neutron.conf", "--config-file", "/etc/neutron/plugins/ml2/ml2_conf.ini"]
--- a/images/neutron/bindep.txt
+++ b/images/neutron/bindep.txt
@@ -1,2 +1,4 @@
 gcc [compile]
 libc-dev [compile]
 sudo
 openvswitch-common
--- a/images/neutron/neutron-openvswitch-agent
+++ b/images/neutron/neutron-openvswitch-agent
@@ -0,0 +1,29 @@
 #!/usr/local/bin/python
 # Copyright (c) 2020 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 # implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import pkg_resources
 import re
 import sys
 import sentry_sdk
 from neutron.cmd.eventlet.plugins.ovs_neutron_agent import main
 VERSION = pkg_resources.get_distribution("neutron").version
 sentry_sdk.init(release="neutron@%s" % VERSION)
 sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0])
 sys.exit(main())
--- a/images/neutron/setup-repos.sh
+++ b/images/neutron/setup-repos.sh
@@ -0,0 +1,55 @@
 #!/bin/bash
 # Copyright (c) 2020 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 # implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -xe
 apt-get install -y gnupg2
 cat <<EOF | apt-key add -
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 mQINBF3u81cBEACbfsspk7WNkcXCn3N5T9VKYt/dmvSsEW8nIIf/iwV7dSISmruz
 1b7bviqfekEvf37yiFwHVFxxS70ry/ofXp51X7RUVytrJY/hNMvr7C7zyNqM928+
 c8TP3FjGsPvFiWw/L2JgGl9/4+OYW5yF3HabMOa63xbFPAU891o9HIN5YfFDZZWD
 VNsMyXCUjVB9wy7anF77moqXuews1OmvMSArE7erLjAnC5HHGdTeZO7KfDCylqPB
 oBWF3pzNU1Vu6wEq9vL5NDYglsbN7jmDA+8mS0SyAnFxvTsqjisR8gpNtPaatQqM
 wTdOydscSoXS9MfpCrxPne0dBmpAlcVdI4hq1T4l9Osf2x5s+Kb9JxF+Q4V87n4q
 8fjusePRIMxO7aZjFUEvL8uIzg7VvF3b1X9UXkS6LH2YPLOqOf3lhvyk5RwwMfHp
 p99KOVrTWbaBYVKuxR17oWkYBPOPp+4ld8F6zSk36GK+lzPP8814X28kS357lg1y
 4kla/CfNav3AXdnsZkCvJhrwwR8HCXwTYaF2TzrZPqv5TZB1k9iBuL2X52BSxobR
 PvTTM00iZhipC/EsA7vQu4FOla/ySb/R6cfFIiDyOrDiOJ3+zlWDQ0uBikCP4lIY
 uUB+uVIWd8F7Us1voqsqUrVL1CSu1cYn+NOhf12eZsA740wgUZfCU2qmGwARAQAB
 tBhyZXBvIDxyZXBvQHZleHhob3N0Lm5ldD6JAjkEEwEIACMFAl3u81cCGy8HCwkI
 BwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRDETupUFYbjJ7WxD/9HcMd9HMwg7WC3
 eKSFeHGJXtN/0IuCJ6r3q10/dhb8QqqZ+Rnlr5CH4DAHdkhnL5+OvnHVYu/LVejX
 17dZUS0uB+JXZpMdfsv8i2g/c8uxi2KPsRa3pxXudb+WhjbxhRxeMpsQNbMc5M5+
 cYseUYj1nzTioDn9MQH43GcYBuhydiWsp7zRs2CNWrWJgwTOwnd/g4YV+9VWqshM
 x+/N0bdD+LIT0MmYYGBaK6vBnM2kG6gcwc0ZMwMYHJk+MotuFNM7KDu06XWkp/Uq
 8uzi7tZKHTa/kc+LrJrIOwLIkFH1uMvRZXma+JwASbcEW97YCUw/vhLa3AbZvCum
 9QLHv28zyUXfo9QLEhkOGC/ykkYOSt0u/lznokpf840tmYHBCLavFzOPJ0Nc2T7Y
 tCyEA5sV2UVI4hdBtwG1Vz8rAggDu0NWDW3BGyP0X2x1jddzzNRhevqQqcAe83Ei
 XOOP1aunhtUKUe+sXLFOY0d3OK0RysKAn9kdxcZ9qqZdrKhj+dwuvMBeZPau0ZGT
 t81b/zv6hiwA1b1b4X6EKz/aZwQyQ3/UUovM0KC9rMSzm5kKYWwcfkSDY6aLZtgc
 GBc+auY+9Mwcp4V5kEH6zMXF4baJzMj2m7LFYlLRVofY5kxlrr86TAK0jMmiDOx8
 AcjcZTiXBPNU8sK+VbsXvtB0Mel7Vw==
 =hpXM
 -----END PGP PUBLIC KEY BLOCK-----
 EOF
 cat <<EOF | tee /etc/apt/sources.list.d/vexxhost.list
 deb http://repo.vexxhost.net/ buster main
 EOF
--- a/openstack_operator/neutron.py
+++ b/openstack_operator/neutron.py
@@ -40,7 +40,9 @@ def create_or_resume(spec, **_):
    database.ensure_mysql_cluster("neutron")
    utils.create_or_update('neutron/rabbitmq.yml.j2')
-    utils.create_or_update('neutron/daemonset.yml.j2', spec=spec)
+    utils.create_or_update('neutron/daemonset-server.yml.j2', spec=spec)
    utils.create_or_update('neutron/daemonset-openvswitch-agent.yml.j2',
                           spec=spec)
    utils.create_or_update('neutron/service.yml.j2')
    identity.ensure_application_credential(name="neutron")
--- a/openstack_operator/openstack/identity/applicationcredential.py
+++ b/openstack_operator/openstack/identity/applicationcredential.py
@@ -54,6 +54,18 @@ def create_or_resume(name, **_):
            'identity/secret-applicationcredential.yml.j2',
            name=name, secret=credential.secret,
            id=credential.id, adopt=True)
        return
    # NOTE(Alex): Sometimes, double POST application_credential requests
    # are made to keystone API at the "same time".
    # The credential secret is not created in this case.
    # The following codes should fix this case.
    if utils.get_secret(name=name+"-application-credential",
                        namespace="openstack") is None:
        utils.create_or_update(
            'identity/secret-applicationcredential.yml.j2',
            name=name, secret=credential.secret,
            id=credential.id, adopt=True)
@kopf.on.delete('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
--- a/openstack_operator/openstack/identity/services.py
+++ b/openstack_operator/openstack/identity/services.py
@@ -33,8 +33,8 @@ def _get_service(conn, name, service_type):
    try:
        services = conn.search_services(name_or_id=name,
                                        filters={"type": service_type})
-    except ConnectionRefusedError:
+    except ConnectionRefusedError as ex:
-        raise kopf.TemporaryError("Keystone is not up yet", delay=5)
+        raise kopf.TemporaryError(str(ex), delay=5)
    if len(services) > 1:
        raise RuntimeError("Found multiple services with name and type")
--- a/openstack_operator/templates/neutron/daemonset-openvswitch-agent.yml.j2
+++ b/openstack_operator/templates/neutron/daemonset-openvswitch-agent.yml.j2
@@ -0,0 +1,97 @@
 ---
 # Copyright 2020 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 # http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: neutron-openvswitch-agent
  namespace: openstack
  labels:
    {{ labels("neutron", component="openvswitch-agent") | indent(4) }}
 spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
  selector:
    matchLabels:
      {{ labels("neutron", component="openvswitch-agent") | indent(6) }}
  template:
    metadata:
      labels:
        {{ labels("neutron", component="openvswitch-agent") | indent(8) }}
    spec:
      automountServiceAccountToken: false
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      initContainers:
      # TODO(mnaser): This should parse the configuration file and then create
      #               the bridges as needed.
      - name: create-bridge
        image: vexxhost/neutron-openvswitch-agent:latest
        imagePullPolicy: Always
        command:
        - ovs-vsctl
        - --may-exist
        - add-br
        - br-ex
        volumeMounts:
        - name: config
          mountPath: /etc/neutron
        - name: ml2-config
          mountPath: /etc/neutron/plugins/ml2
        - name: host-run-ovs
          mountPath: /run/openvswitch
      containers:
      - name: agent
        image: vexxhost/neutron-openvswitch-agent:latest
        imagePullPolicy: Always
        env:
        {% if 'sentryDSN' in spec %}
        - name: SENTRY_DSN
          value: {{ spec.sentryDSN }}
        {% endif %}
        - name: OS_OVS__LOCAL_IP
          valueFrom:
            fieldRef:
              fieldPath: status.hostIP
        securityContext:
          # NOTE(mnaser): We need to revisit this
          privileged: true
        volumeMounts:
        - name: config
          mountPath: /etc/neutron
        - name: ml2-config
          mountPath: /etc/neutron/plugins/ml2
        - name: host-run-ovs
          mountPath: /run/openvswitch
      volumes:
      - name: config
        secret:
          secretName: neutron-config
      - name: ml2-config
        secret:
          secretName: neutron-ml2-config
      - name: host-run-ovs
        hostPath:
          path: /run/openvswitch
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
 {% if 'hostAliases' in spec %}
      hostAliases:
        {{ spec.hostAliases | to_yaml | indent(8) }}
 {% endif %}
--- a/openstack_operator/templates/neutron/daemonset-server.yml.j2
+++ b/openstack_operator/templates/neutron/daemonset-server.yml.j2
--- a/zuul.d/functional-jobs.yaml
+++ b/zuul.d/functional-jobs.yaml
@@ -50,7 +50,8 @@
      - magnum-tempest-plugin
      - tempest-horizon
      devstack_localrc:
-        NEUTRON_DEPLOY_MOD_WSGI: True
+        NEUTRON_DEPLOY_MOD_WSGI: true
        Q_USE_ROOTWRAP: false
        TEMPEST_PLUGINS: /opt/stack/barbican-tempest-plugin /opt/stack/heat-tempest-plugin
          /opt/stack/magnum-tempest-plugin /opt/stack/tempest-horizon
      docker_use_buildset_registry: true
--- a/zuul.d/neutron-jobs.yaml
+++ b/zuul.d/neutron-jobs.yaml
@@ -17,6 +17,9 @@
      - context: images/neutron
        repository: vexxhost/neutron-rpc-server
        target: neutron-rpc-server
      - context: images/neutron
        repository: vexxhost/neutron-openvswitch-agent
        target: neutron-openvswitch-agent
    dependencies:
    - openstack-operator:images:build:openstack-operator
    files: &id003