Switch to local patch for OVN network logging
Skip-Release-Notes
Change-Id: Ibcf174489ef4c2560deda0f3017c9bd25f5e24a8
(cherry picked from commit 2ec9b4659e9b9e5f5eb6830a667e93bdf468176a)
diff --git a/.charts.yml b/.charts.yml
index 07f2ac54..c6d6d8c 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -175,7 +175,6 @@
gerrit:
review.opendev.org:
- 934929
- - 934931
- name: placement
version: 0.3.9
repository: *openstack_helm_repository
diff --git a/charts/patches/ovn/0002-add-ovn-network-logging-parser.patch b/charts/patches/ovn/0002-add-ovn-network-logging-parser.patch
new file mode 100644
index 0000000..cb50183
--- /dev/null
+++ b/charts/patches/ovn/0002-add-ovn-network-logging-parser.patch
@@ -0,0 +1,333 @@
+From fea8c6e46350ecdaa6bf43aaafc22313910f7cf4 Mon Sep 17 00:00:00 2001
+From: ricolin <rlin@vexxhost.com>
+Date: Wed, 13 Nov 2024 16:49:53 +0800
+Subject: [PATCH] Add OVN network logging parser
+
+Change-Id: I03a1c600c161536e693743219912199fabc1e5a5
+---
+
+diff --git a/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl b/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl
+new file mode 100644
+index 0000000..06eaaa7
+--- /dev/null
++++ b/ovn/templates/bin/_ovn-network-logging-parser.sh.tpl
+@@ -0,0 +1,28 @@
++#!/bin/bash
++
++{{/*
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++set -ex
++COMMAND="${@:-start}"
++
++function start () {
++ exec uwsgi --ini /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
++}
++
++function stop () {
++ kill -TERM 1
++}
++
++$COMMAND
+diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
+index 82001f9..7754747 100644
+--- a/ovn/templates/configmap-bin.yaml
++++ b/ovn/templates/configmap-bin.yaml
+@@ -26,4 +26,6 @@
+ {{- end }}
+ ovn-controller-init.sh: |
+ {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
++ ovn-network-logging-parser.sh: |
++{{ tuple "bin/_ovn-network-logging-parser.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ {{- end }}
+diff --git a/ovn/templates/configmap-etc.yaml b/ovn/templates/configmap-etc.yaml
+index 47b84be..0d221f1 100644
+--- a/ovn/templates/configmap-etc.yaml
++++ b/ovn/templates/configmap-etc.yaml
+@@ -17,6 +17,12 @@
+ {{- $envAll := index . 1 }}
+ {{- with $envAll }}
+
++{{- if empty (index .Values.conf.ovn_network_logging_parser_uwsgi.uwsgi "http-socket") -}}
++{{- $http_socket_port := tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | toString }}
++{{- $http_socket := printf "0.0.0.0:%s" $http_socket_port }}
++{{- $_ := set .Values.conf.ovn_network_logging_parser_uwsgi.uwsgi "http-socket" $http_socket -}}
++{{- end -}}
++
+ ---
+ apiVersion: v1
+ kind: Secret
+@@ -25,7 +31,7 @@
+ type: Opaque
+ data:
+ auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
+-
++ neutron-ovn-network-logging-parser-uwsgi.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ovn_network_logging_parser_uwsgi | b64enc }}
+ {{- end }}
+ {{- end }}
+
+diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
+index ae6b33c..3c2933f 100644
+--- a/ovn/templates/daemonset-controller.yaml
++++ b/ovn/templates/daemonset-controller.yaml
+@@ -156,6 +156,52 @@
+ mountPath: /var/log/ovn
+ - name: run-openvswitch
+ mountPath: /run/ovn
++ {{- if .Values.pod.sidecars.vector }}
++ - name: vector
++{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++ command:
++ - vector
++ - --config
++ - /etc/vector/vector.toml
++ volumeMounts:
++ - name: vector-config
++ mountPath: /etc/vector
++ - name: logs
++ mountPath: /logs
++ - name: vector-data
++ mountPath: /var/lib/vector
++ {{- end }}
++ {{- if .Values.pod.sidecars.ovn_logging_parser }}
++ - name: log-parser
++{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++ command:
++ - /tmp/ovn-network-logging-parser.sh
++ - start
++ env:
++ - name: VECTOR_HTTP_ENDPOINT
++ value: http://localhost:5001
++ ports:
++ - name: http
++ containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
++ protocol: TCP
++ volumeMounts:
++ - name: neutron-etc
++ mountPath: /etc/neutron/neutron.conf
++ subPath: neutron.conf
++ readOnly: true
++ - name: ovn-bin
++ mountPath: /tmp/ovn-network-logging-parser.sh
++ subPath: ovn-network-logging-parser.sh
++ readOnly: true
++ - name: ovn-etc
++ mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
++ subPath: neutron-ovn-network-logging-parser-uwsgi.ini
++ readOnly: true
++ {{- end }}
+ volumes:
+ - name: ovn-bin
+ configMap:
+@@ -179,4 +225,17 @@
+ type: DirectoryOrCreate
+ - name: gw-enabled
+ emptyDir: {}
++ {{- if .Values.pod.sidecars.vector }}
++ - name: vector-config
++ secret:
++ secretName: ovn-vector-config
++ - name: vector-data
++ emptyDir: {}
++ {{- end }}
++ {{- if .Values.pod.sidecars.ovn_logging_parser }}
++ - name: neutron-etc
++ secret:
++ secretName: neutron-etc
++ defaultMode: 0444
++ {{- end }}
+ {{- end }}
+diff --git a/ovn/templates/secret-vector.yaml b/ovn/templates/secret-vector.yaml
+new file mode 100644
+index 0000000..989f3af
+--- /dev/null
++++ b/ovn/templates/secret-vector.yaml
+@@ -0,0 +1,26 @@
++{{/*
++Licensed under the Apache License, Version 2.0 (the "License");
++you may not use this file except in compliance with the License.
++You may obtain a copy of the License at
++
++ http://www.apache.org/licenses/LICENSE-2.0
++
++Unless required by applicable law or agreed to in writing, software
++distributed under the License is distributed on an "AS IS" BASIS,
++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++See the License for the specific language governing permissions and
++limitations under the License.
++*/}}
++
++{{- if .Values.pod.sidecars.vector }}
++{{- $envAll := . }}
++
++---
++apiVersion: v1
++kind: Secret
++metadata:
++ name: ovn-vector-config
++type: Opaque
++data:
++{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.vector "key" "vector.toml" "format" "Secret" ) | indent 2 }}
++{{- end }}
+diff --git a/ovn/values.yaml b/ovn/values.yaml
+index ca60650..0191c85 100644
+--- a/ovn/values.yaml
++++ b/ovn/values.yaml
+@@ -27,6 +27,8 @@
+ ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
+ image_repo_sync: docker.io/library/docker:17.07.0
++ vector: docker.io/timberio/vector:0.39.0-debian
++ ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
+ pull_policy: "IfNotPresent"
+ local_registry:
+ active: false
+@@ -82,6 +84,55 @@
+ # br-private: eth0
+ # br-public: eth1
+ auto_bridge_add: {}
++ ovn_network_logging_parser_uwsgi:
++ uwsgi:
++ add-header: "Connection: close"
++ buffer-size: 65535
++ die-on-term: true
++ enable-threads: true
++ exit-on-reload: false
++ hook-master-start: unix_signal:15 gracefully_kill_them_all
++ lazy-apps: true
++ log-x-forwarded-for: true
++ master: true
++ processes: 1
++ procname-prefix-spaced: "neutron-ovn-network-logging-parser:"
++ route-user-agent: '^kube-probe.* donotlog:'
++ thunder-lock: true
++ worker-reload-mercy: 80
++ wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
++ vector: |
++ [sources.file_logs]
++ type = "file"
++ include = [ "/logs/ovn-controller.log" ]
++
++ [sinks.ovn_log_parser_in]
++ type = "http"
++ inputs = ["file_logs"]
++ uri = "{{ tuple "ovn_logging_parser" "default" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" }}"
++ encoding.codec = "json"
++ method = "post"
++
++ [sources.ovn_log_parser_out]
++ type = "http_server"
++ address = "0.0.0.0:5001"
++ encoding = "json"
++
++ [transforms.parse_log_message]
++ type = "remap"
++ inputs = ["ovn_log_parser_out"]
++ source = '''
++ del(.source_type)
++ del(.path)
++ '''
++
++ [sinks.loki_sink]
++ type = "loki"
++ labels.event_source = "network_logs"
++ inputs = ["parse_log_message"]
++ endpoint = "http://loki.monitoring:3100"
++ encoding.codec = "json"
++ tenant_id = "{{`{{ project_id }}`}}"
+
+ pod:
+ # NOTE: should be same as nova.pod.use_fqdn.compute
+@@ -102,6 +153,12 @@
+ controller:
+ readOnlyRootFilesystem: true
+ privileged: true
++ ovn_logging_parser:
++ allowPrivilegeEscalation: false
++ readOnlyRootFilesystem: true
++ vector:
++ allowPrivilegeEscalation: false
++ readOnlyRootFilesystem: true
+ tolerations:
+ ovn_ovsdb_nb:
+ enabled: false
+@@ -216,6 +273,20 @@
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
++ ovn_logging_parser:
++ requests:
++ memory: "128Mi"
++ cpu: "100m"
++ limits:
++ memory: "256Mi"
++ cpu: "500m"
++ vector:
++ requests:
++ memory: "128Mi"
++ cpu: "100m"
++ limits:
++ memory: "256Mi"
++ cpu: "500m"
+ jobs:
+ image_repo_sync:
+ requests:
+@@ -225,6 +296,10 @@
+ memory: "1024Mi"
+ cpu: "2000m"
+
++ sidecars:
++ ovn_logging_parser: false
++ vector: false
++
+ secrets:
+ oci_image_registry:
+ ovn: ovn-oci-image-registry-key
+@@ -283,6 +358,22 @@
+ default: 6642
+ raft:
+ default: 6644
++ ovn_logging_parser:
++ name: ovn-logging-parser
++ namespace: null
++ hosts:
++ default: localhost
++ host_fqdn_override:
++ default: localhost
++ scheme:
++ default: 'http'
++ service: 'http'
++ path:
++ default: "/logs"
++ port:
++ api:
++ default: 9697
++ service: 9697
+
+ network_policy:
+ ovn_ovsdb_nb:
+diff --git a/releasenotes/notes/ovn-a82eced671495a3d.yaml b/releasenotes/notes/ovn-a82eced671495a3d.yaml
+new file mode 100644
+index 0000000..c429489
+--- /dev/null
++++ b/releasenotes/notes/ovn-a82eced671495a3d.yaml
+@@ -0,0 +1,4 @@
++---
++ovn:
++ - Add OVN network logging parser
++...