fix(neutron): sync paste config
* fix(chart): Import paste.deploy patch and bump chart versions to latest
* Remove paste.deploy config override
* Remove paste.deploy config override for nova and neutron
* Add ovn_metadata image
* Remove orig file and update gitignore
* fix typo in gitignore
---------
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
diff --git a/charts/neutron/Chart.yaml b/charts/neutron/Chart.yaml
index 4270928..52b6060 100644
--- a/charts/neutron/Chart.yaml
+++ b/charts/neutron/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/neutron
- https://opendev.org/openstack/openstack-helm
-version: 0.3.2
+version: 0.3.8
diff --git a/charts/neutron/charts/helm-toolkit/Chart.yaml b/charts/neutron/charts/helm-toolkit/Chart.yaml
index c1296b9..7d3703e 100644
--- a/charts/neutron/charts/helm-toolkit/Chart.yaml
+++ b/charts/neutron/charts/helm-toolkit/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://opendev.org/openstack/openstack-helm-infra
- https://opendev.org/openstack/openstack-helm
-version: 0.2.51
+version: 0.2.53
diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
index 4294d40..6027b95 100644
--- a/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/scripts/_db-init.py.tpl
@@ -133,8 +133,10 @@
# Create DB User
try:
root_engine.execute(
- "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\' IDENTIFIED BY \'{2}\' {3}".format(
- database, user, password, mysql_x509))
+ "CREATE USER IF NOT EXISTS \'{0}\'@\'%%\' IDENTIFIED BY \'{1}\' {2}".format(
+ user, password, mysql_x509))
+ root_engine.execute(
+ "GRANT ALL ON `{0}`.* TO \'{1}\'@\'%%\'".format(database, user))
logger.info("Created user {0} for {1}".format(user, database))
except:
logger.critical("Could not create user {0} for {1}".format(user, database))
diff --git a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
index 9597d34..3963bd4 100644
--- a/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
+++ b/charts/neutron/charts/helm-toolkit/templates/scripts/db-backup-restore/_backup_main.sh.tpl
@@ -214,7 +214,7 @@
fi
# load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
+ DELAY=$((1 + ${RANDOM} % 30))
echo "Sleeping for ${DELAY} seconds to spread the load in time..."
sleep ${DELAY}
@@ -231,31 +231,17 @@
return 2
fi
- # load balance delay
- DELAY=$((1 + ${RANDOM} % 300))
- echo "Sleeping for ${DELAY} seconds to spread the load in time..."
- sleep ${DELAY}
-
- # Calculation remote file SHA256 hash
- REMOTE_FILE=$(mktemp -p /tmp)
- openstack object save --file ${REMOTE_FILE} $CONTAINER_NAME $FILE
- if [[ $? -ne 0 ]]; then
- log WARN "${DB_NAME}_backup" "Unable to save container object $FILE for SHA256 hash verification."
- rm -rf ${REMOTE_FILE}
- return 1
- fi
-
# Remote backup verification
- SHA256_REMOTE=$(cat ${REMOTE_FILE} | sha256sum | awk '{print $1}')
- SHA256_LOCAL=$(cat ${FILEPATH}/${FILE} | sha256sum | awk '{print $1}')
- log INFO "${DB_NAME}_backup" "Calculated SHA256 hashes for the file $FILE in container $CONTAINER_NAME."
- log INFO "${DB_NAME}_backup" "Local SHA256 hash is ${SHA256_LOCAL}."
- log INFO "${DB_NAME}_backup" "Remote SHA256 hash is ${SHA256_REMOTE}."
- if [[ "${SHA256_LOCAL}" == "${SHA256_REMOTE}" ]]; then
- log INFO "${DB_NAME}_backup" "The local backup & remote backup SHA256 hash values are matching for file $FILE in container $CONTAINER_NAME."
+ MD5_REMOTE=$(openstack object show $CONTAINER_NAME $FILE -f json | jq -r ".etag")
+ MD5_LOCAL=$(cat ${FILEPATH}/${FILE} | md5sum | awk '{print $1}')
+ log INFO "${DB_NAME}_backup" "Obtained MD5 hash for the file $FILE in container $CONTAINER_NAME."
+ log INFO "${DB_NAME}_backup" "Local MD5 hash is ${MD5_LOCAL}."
+ log INFO "${DB_NAME}_backup" "Remote MD5 hash is ${MD5_REMOTE}."
+ if [[ "${MD5_LOCAL}" == "${MD5_REMOTE}" ]]; then
+ log INFO "${DB_NAME}_backup" "The local backup & remote backup MD5 hash values are matching for file $FILE in container $CONTAINER_NAME."
else
- log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup sha256 hash values"
- return 1
+ log ERROR "${DB_NAME}_backup" "Mismatch between the local backup & remote backup MD5 hash values"
+ return 2
fi
rm -rf ${REMOTE_FILE}
diff --git a/charts/neutron/requirements.lock b/charts/neutron/requirements.lock
index ba587c5..39a58b5 100644
--- a/charts/neutron/requirements.lock
+++ b/charts/neutron/requirements.lock
@@ -1,6 +1,6 @@
dependencies:
- name: helm-toolkit
repository: file://../../openstack-helm-infra/helm-toolkit
- version: 0.2.51
-digest: sha256:9fe05ff9103d825422e13cdd8ce9852c3dacfadc12751b7883affdbe483b1b3b
-generated: "2023-01-30T23:09:52.301841195Z"
+ version: 0.2.53
+digest: sha256:f8f4fbba6f638b79447f7e458933b07deb792ae30a14df5900bde542cf0e64a6
+generated: "2023-05-16T04:42:11.158271588Z"
diff --git a/charts/neutron/templates/bin/_health-probe.py.tpl b/charts/neutron/templates/bin/_health-probe.py.tpl
index 1ba4107..266c3d8 100644
--- a/charts/neutron/templates/bin/_health-probe.py.tpl
+++ b/charts/neutron/templates/bin/_health-probe.py.tpl
@@ -212,8 +212,9 @@
required=False))
cfg.CONF(sys.argv[1:])
- agentq = "metadata_agent"
- tcp_socket_state_check(agentq)
+ if "ovn_metadata_agent.ini" not in ','.join(sys.argv):
+ agentq = "metadata_agent"
+ tcp_socket_state_check(agentq)
try:
metadata_proxy_socket = cfg.CONF.metadata_proxy_socket
diff --git a/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
new file mode 100644
index 0000000..5b6ce43
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent-init.sh.tpl
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
+
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+mkdir -p /tmp/pod-shared
+tee > /tmp/pod-shared/neutron-agent.ini << EOF
+[DEFAULT]
+host = $(hostname --fqdn)
+EOF
+{{- end }}
diff --git a/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
new file mode 100644
index 0000000..b559b07
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-ovn-metadata-agent.sh.tpl
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -x
+
+cp /etc/neutron/ovn_metadata_agent.ini /tmp/ovn_metadata_agent.ini
+
+# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
+sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/ovn_metadata_agent.ini
+sed -i -e "s|__NOVA_METADATA_SERVICE_HOST__|$NOVA_METADATA_SERVICE_HOST|g" /tmp/ovn_metadata_agent.ini
+
+exec neutron-ovn-metadata-agent \
+ --config-file /etc/neutron/neutron.conf \
+{{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
+ --config-file /tmp/pod-shared/neutron-agent.ini \
+{{- end }}
+ --config-file /tmp/ovn_metadata_agent.ini
+
diff --git a/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl b/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
new file mode 100644
index 0000000..8661754
--- /dev/null
+++ b/charts/neutron/templates/bin/_neutron-server-ovn-init.sh.tpl
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+set -ex
+
+mkdir -p /tmp/pod-shared
+cp /etc/neutron/plugins/ml2/ml2_conf.ini /tmp/pod-shared/ml2_conf.ini
+
+# This is because neutron doesn't support DNS names for ovsdb-nb-connection and ovsdb-sb-connection!
+sed -i -e "s|__OVN_NB_DB_SERVICE_HOST__|$OVN_NB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_NB_DB_SERVICE_PORT__|$OVN_NB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_HOST__|$OVN_SB_DB_SERVICE_HOST|g" /tmp/pod-shared/ml2_conf.ini
+sed -i -e "s|__OVN_SB_DB_SERVICE_PORT__|$OVN_SB_DB_SERVICE_PORT|g" /tmp/pod-shared/ml2_conf.ini
diff --git a/charts/neutron/templates/bin/_neutron-server.sh.tpl b/charts/neutron/templates/bin/_neutron-server.sh.tpl
index 83ca918..9cffb7b 100644
--- a/charts/neutron/templates/bin/_neutron-server.sh.tpl
+++ b/charts/neutron/templates/bin/_neutron-server.sh.tpl
@@ -22,6 +22,8 @@
--config-file /etc/neutron/neutron.conf \
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
--config-file /etc/neutron/plugins/tungstenfabric/tf_plugin.ini
+{{- else if ( has "ovn" .Values.network.backend ) }}
+ --config-file /tmp/pod-shared/ml2_conf.ini
{{- else }}
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
{{- end }}
diff --git a/charts/neutron/templates/configmap-bin.yaml b/charts/neutron/templates/configmap-bin.yaml
index 2a6b9cf..a701c52 100644
--- a/charts/neutron/templates/configmap-bin.yaml
+++ b/charts/neutron/templates/configmap-bin.yaml
@@ -59,10 +59,6 @@
{{ tuple "bin/_neutron-linuxbridge-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-linuxbridge-agent-init-modules.sh: |
{{ tuple "bin/_neutron-linuxbridge-agent-init-modules.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- neutron-metadata-agent.sh: |
-{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
- neutron-metadata-agent-init.sh: |
-{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent.sh: |
{{ tuple "bin/_neutron-openvswitch-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
neutron-openvswitch-agent-init.sh: |
@@ -95,6 +91,21 @@
{{- include "helm-toolkit.scripts.rabbit_init" . | indent 4 }}
neutron-test-force-cleanup.sh: |
{{ tuple "bin/_neutron-test-force-cleanup.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+
+{{- if ( has "ovn" .Values.network.backend ) }}
+ neutron-ovn-metadata-agent.sh: |
+{{ tuple "bin/_neutron-ovn-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-ovn-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-ovn-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-server-ovn-init.sh: |
+{{ tuple "bin/_neutron-server-ovn-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- else }}
+ neutron-metadata-agent.sh: |
+{{ tuple "bin/_neutron-metadata-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+ neutron-metadata-agent-init.sh: |
+{{ tuple "bin/_neutron-metadata-agent-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
+{{- end }}
+
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
tf-plugin.pth: |
/opt/plugin/site-packages
diff --git a/charts/neutron/templates/configmap-etc.yaml b/charts/neutron/templates/configmap-etc.yaml
index 9266081..45176b9 100644
--- a/charts/neutron/templates/configmap-etc.yaml
+++ b/charts/neutron/templates/configmap-etc.yaml
@@ -66,6 +66,10 @@
{{- end -}}
{{- end }}
+{{- if not .Values.conf.paste }}
+{{- $_ := set $envAll.Values.conf.neutron.DEFAULT "api_paste_config" "/var/lib/openstack/etc/neutron/api-paste.ini" -}}
+{{- end }}
+
{{- if empty $envAll.Values.conf.neutron.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "neutron" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set $envAll.Values.conf.neutron.DEFAULT "transport_url" -}}
{{- end }}
@@ -279,14 +283,15 @@
type: Opaque
data:
rally_tests.yaml: {{ toYaml $envAll.Values.conf.rally_tests.tests | b64enc }}
+ {{- if .Values.conf.paste }}
api-paste.ini: {{ include "helm-toolkit.utils.to_ini" $envAll.Values.conf.paste | b64enc }}
+ {{- end }}
policy.yaml: {{ toYaml $envAll.Values.conf.policy | b64enc }}
neutron.conf: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.neutron | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
api_audit_map.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.api_audit_map | b64enc }}
dhcp_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.dhcp_agent | b64enc }}
l3_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.l3_agent | b64enc }}
- metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
metering_agent.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metering_agent | b64enc) }}
taas_plugin.ini: {{ default "\"\"" (include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.taas_plugin | b64enc) }}
ml2_conf.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.plugins.ml2_conf | b64enc }}
@@ -307,6 +312,12 @@
auto_bridge_add: {{ toJson $envAll.Values.conf.auto_bridge_add | b64enc }}
dpdk.conf: {{ toJson $envAll.Values.conf.ovs_dpdk | b64enc }}
update_dpdk_bond_config: {{ $envAll.Values.conf.ovs_dpdk.update_dpdk_bond_config | toString | b64enc }}
+{{- if ( has "ovn" .Values.network.backend ) }}
+ ovn_metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.ovn_metadata_agent | b64enc }}
+{{- else }}
+ metadata_agent.ini: {{ include "helm-toolkit.utils.to_oslo_conf" $envAll.Values.conf.metadata_agent | b64enc }}
+{{- end }}
+
{{- if .Values.manifests.certificates }}
{{- include "helm-toolkit.snippets.values_template_renderer" ( dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
{{- end }}
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
new file mode 100644
index 0000000..511eb26
--- /dev/null
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -0,0 +1,243 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- define "ovnMetadataAgentReadinessProbeTemplate" }}
+exec:
+ command:
+ - python
+ - /tmp/health-probe.py
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/ovn_metadata_agent.ini
+{{- if .Values.pod.use_fqdn.neutron_agent }}
+ - --use-fqdn
+{{- end }}
+{{- end }}
+{{- define "ovnMetadataAgentLivenessProbeTemplate" }}
+exec:
+ command:
+ - python
+ - /tmp/health-probe.py
+ - --config-file
+ - /etc/neutron/neutron.conf
+ - --config-file
+ - /etc/neutron/ovn_metadata_agent.ini
+ - --liveness-probe
+{{- if .Values.pod.use_fqdn.neutron_agent }}
+ - --use-fqdn
+{{- end }}
+{{- end }}
+
+{{- define "neutron.ovn_metadata_agent.daemonset" }}
+{{- $daemonset := index . 0 }}
+{{- $configMapName := index . 1 }}
+{{- $serviceAccountName := index . 2 }}
+{{- $envAll := index . 3 }}
+{{- with $envAll }}
+
+{{- $mounts_neutron_ovn_metadata_agent := .Values.pod.mounts.neutron_ovn_metadata_agent.neutron_ovn_metadata_agent }}
+{{- $mounts_neutron_ovn_metadata_agent_init := .Values.pod.mounts.neutron_ovn_metadata_agent.init_container }}
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: neutron-ovn-metadata-agent
+ annotations:
+ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
+ labels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
+spec:
+ selector:
+ matchLabels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
+{{ tuple $envAll "ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
+ template:
+ metadata:
+ labels:
+{{ tuple $envAll "neutron" "ovn-metadata-agent" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+ annotations:
+{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
+ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
+ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "neutron-ovn-metadata-agent-default" "containerNames" (list "neutron-ovn-metadata-agent" "neutron-ovn-metadata-agent-init" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
+ spec:
+{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
+ serviceAccountName: {{ $serviceAccountName }}
+{{ if $envAll.Values.pod.tolerations.neutron.enabled }}
+{{ tuple $envAll "neutron" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
+{{ end }}
+ nodeSelector:
+ {{ .Values.labels.agent.ovn_metadata.node_selector_key }}: {{ .Values.labels.agent.ovn_metadata.node_selector_value }}
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true
+ {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "10" ) }}
+ shareProcessNamespace: true
+ {{- else }}
+ hostPID: true
+ {{- end }}
+ initContainers:
+{{ tuple $envAll "pod_dependency" $mounts_neutron_ovn_metadata_agent_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ - name: neutron-ovn-metadata-agent-init
+{{ tuple $envAll "neutron_ovn_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_ovn_metadata_agent" "container" "neutron_ovn_metadata_agent_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ env:
+ - name: NEUTRON_USER_UID
+ value: "{{ .Values.pod.security_context.neutron_ovn_metadata_agent.pod.runAsUser }}"
+ command:
+ - /tmp/neutron-ovn-metadata-agent-init.sh
+ volumeMounts:
+ - name: run
+ mountPath: /run
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: neutron-bin
+ mountPath: /tmp/neutron-ovn-metadata-agent-init.sh
+ subPath: neutron-ovn-metadata-agent-init.sh
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ - name: socket
+ mountPath: /var/lib/neutron/openstack-helm
+ containers:
+ - name: neutron-ovn-metadata-agent
+{{ tuple $envAll "neutron_metadata" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.agent.ovn_metadata | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+ env:
+ - name: RPC_PROBE_TIMEOUT
+ value: "{{ .Values.pod.probes.rpc_timeout }}"
+ - name: RPC_PROBE_RETRIES
+ value: "{{ .Values.pod.probes.rpc_retries }}"
+{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "readiness" "probeTemplate" (include "ovnMetadataAgentReadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" $envAll "component" "ovn_metadata_agent" "container" "ovn_metadata_agent" "type" "liveness" "probeTemplate" (include "ovnMetadataAgentLivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ securityContext:
+ privileged: true
+ command:
+ - /tmp/neutron-ovn-metadata-agent.sh
+ volumeMounts:
+ - name: run
+ mountPath: /run
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: pod-var-neutron
+ mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
+ - name: neutron-bin
+ mountPath: /tmp/neutron-ovn-metadata-agent.sh
+ subPath: neutron-ovn-metadata-agent.sh
+ readOnly: true
+ - name: neutron-bin
+ mountPath: /tmp/health-probe.py
+ subPath: health-probe.py
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ {{- if .Values.conf.neutron.DEFAULT.log_config_append }}
+ - name: neutron-etc
+ mountPath: {{ .Values.conf.neutron.DEFAULT.log_config_append }}
+ subPath: {{ base .Values.conf.neutron.DEFAULT.log_config_append }}
+ readOnly: true
+ {{- end }}
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+ subPath: ml2_conf.ini
+ readOnly: true
+ {{- if ( has "openvswitch" .Values.network.backend ) }}
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/openvswitch_agent.ini
+ subPath: openvswitch_agent.ini
+ readOnly: true
+ {{- end }}
+ - name: neutron-etc
+ mountPath: /etc/neutron/ovn_metadata_agent.ini
+ subPath: ovn_metadata_agent.ini
+ readOnly: true
+ - name: neutron-etc
+ # NOTE (Portdirect): We mount here to override Kollas
+ # custom sudoers file when using Kolla images, this
+ # location will also work fine for other images.
+ mountPath: /etc/sudoers.d/kolla_neutron_sudoers
+ subPath: neutron_sudoers
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/rootwrap.conf
+ subPath: rootwrap.conf
+ readOnly: true
+ {{- range $key, $value := $envAll.Values.conf.rootwrap_filters }}
+ {{- if ( has "ovn_metadata_agent" $value.pods ) }}
+ {{- $filePrefix := replace "_" "-" $key }}
+ {{- $rootwrapFile := printf "/etc/neutron/rootwrap.d/%s.filters" $filePrefix }}
+ - name: neutron-etc
+ mountPath: {{ $rootwrapFile }}
+ subPath: {{ base $rootwrapFile }}
+ readOnly: true
+ {{- end }}
+ {{- end }}
+ - name: socket
+ mountPath: /var/lib/neutron/openstack-helm
+ {{- if .Values.network.share_namespaces }}
+ - name: host-run-netns
+ mountPath: /run/netns
+ mountPropagation: Bidirectional
+ {{- end }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal "path" "/etc/rabbitmq/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
+{{ if $mounts_neutron_ovn_metadata_agent.volumeMounts }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumeMounts | indent 12 }}{{ end }}
+ volumes:
+ - name: pod-tmp
+ emptyDir: {}
+ - name: pod-var-neutron
+ emptyDir: {}
+ - name: run
+ hostPath:
+ path: /run
+ - name: neutron-bin
+ configMap:
+ name: neutron-bin
+ defaultMode: 0555
+ - name: neutron-etc
+ secret:
+ secretName: {{ $configMapName }}
+ defaultMode: 0444
+ - name: socket
+ hostPath:
+ path: /var/lib/neutron/openstack-helm
+ {{- if .Values.network.share_namespaces }}
+ - name: host-run-netns
+ hostPath:
+ path: /run/netns
+ {{- end }}
+{{- dict "enabled" .Values.manifests.certificates "name" .Values.secrets.tls.compute_metadata.metadata.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{- dict "enabled" $envAll.Values.manifests.certificates "name" $envAll.Values.endpoints.oslo_messaging.auth.admin.secret.tls.internal | include "helm-toolkit.snippets.tls_volume" | indent 8 }}
+{{ if $mounts_neutron_ovn_metadata_agent.volumes }}{{ toYaml $mounts_neutron_ovn_metadata_agent.volumes | indent 8 }}{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.manifests.daemonset_ovn_metadata_agent }}
+{{- $envAll := . }}
+{{- $daemonset := "ovn-metadata-agent" }}
+{{- $configMapName := "neutron-etc" }}
+{{- $serviceAccountName := "neutron-ovn-metadata-agent" }}
+{{- $dependencyOpts := dict "envAll" $envAll "dependencyMixinParam" $envAll.Values.network.backend "dependencyKey" "ovn-metadata" -}}
+{{- $_ := include "helm-toolkit.utils.dependency_resolver" $dependencyOpts | toString | fromYaml }}
+{{ tuple $envAll "pod_dependency" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+{{- $daemonset_yaml := list $daemonset $configMapName $serviceAccountName . | include "neutron.ovn_metadata_agent.daemonset" | toString | fromYaml }}
+{{- $configmap_yaml := "neutron.configmap.etc" }}
+{{- list $daemonset $daemonset_yaml $configmap_yaml $configMapName . | include "helm-toolkit.utils.daemonset_overrides" }}
+{{- end }}
diff --git a/charts/neutron/templates/deployment-server.yaml b/charts/neutron/templates/deployment-server.yaml
index 2e39a40..12ca245 100644
--- a/charts/neutron/templates/deployment-server.yaml
+++ b/charts/neutron/templates/deployment-server.yaml
@@ -91,6 +91,29 @@
terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.server.timeout | default "30" }}
initContainers:
{{ tuple $envAll "pod_dependency" $mounts_neutron_server_init | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ {{- if ( has "ovn" .Values.network.backend ) }}
+ - name: ovn-neutron-init
+{{ tuple $envAll "neutron_server" | include "helm-toolkit.snippets.image" | indent 10 }}
+ command:
+ - /tmp/neutron-server-ovn-init.sh
+ volumeMounts:
+ - name: pod-tmp
+ mountPath: /tmp
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
+ - name: neutron-bin
+ mountPath: /tmp/neutron-server-ovn-init.sh
+ subPath: neutron-server-ovn-init.sh
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ readOnly: true
+ - name: neutron-etc
+ mountPath: /etc/neutron/plugins/ml2/ml2_conf.ini
+ subPath: ml2_conf.ini
+ readOnly: true
+ {{- end }}
{{- if ( has "tungstenfabric" .Values.network.backend ) }}
- name: tungstenfabric-neutron-init
image: {{ .Values.images.tags.tf_neutron_init }}
@@ -176,6 +199,8 @@
volumeMounts:
- name: pod-tmp
mountPath: /tmp
+ - name: pod-shared
+ mountPath: /tmp/pod-shared
- name: pod-var-neutron
mountPath: {{ .Values.conf.neutron.DEFAULT.state_path }}
- name: neutron-bin
@@ -243,10 +268,12 @@
subPath: l2gw_plugin.ini
readOnly: true
{{ end }}
+ {{- if .Values.conf.paste }}
- name: neutron-etc
mountPath: /etc/neutron/api-paste.ini
subPath: api-paste.ini
readOnly: true
+ {{ end }}
- name: neutron-etc
mountPath: /etc/neutron/policy.yaml
subPath: policy.yaml
@@ -258,6 +285,8 @@
volumes:
- name: pod-tmp
emptyDir: {}
+ - name: pod-shared
+ emptyDir: {}
{{- if .Values.manifests.certificates }}
- name: wsgi-neutron
emptyDir: {}
diff --git a/charts/neutron/values.yaml b/charts/neutron/values.yaml
index 57a93a8..fa311b4 100644
--- a/charts/neutron/values.yaml
+++ b/charts/neutron/values.yaml
@@ -33,6 +33,7 @@
neutron_server: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_dhcp: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
+ neutron_ovn_metadata: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_l3: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_l2gw: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
neutron_openvswitch_agent: docker.io/openstackhelm/neutron:stein-ubuntu_bionic
@@ -62,6 +63,9 @@
metadata:
node_selector_key: openstack-control-plane
node_selector_value: enabled
+ ovn_metadata:
+ node_selector_key: openstack-compute-node
+ node_selector_value: enabled
l2gw:
node_selector_key: openstack-control-plane
node_selector_value: enabled
@@ -156,6 +160,7 @@
sriov: {}
l2gateway: {}
bagpipe_bgp: {}
+ ovn: {}
openvswitch:
dhcp:
pod:
@@ -279,6 +284,19 @@
service: compute
- endpoint: public
service: compute_metadata
+ ovn_metadata:
+ pod: null
+ jobs:
+ - neutron-rabbit-init
+ services:
+ - endpoint: internal
+ service: oslo_messaging
+ - endpoint: internal
+ service: network
+ - endpoint: internal
+ service: compute
+ - endpoint: public
+ service: compute_metadata
ovs_agent:
jobs:
- neutron-rabbit-init
@@ -385,6 +403,20 @@
initialDelaySeconds: 120
periodSeconds: 600
timeoutSeconds: 580
+ ovn_metadata_agent:
+ ovn_metadata_agent:
+ readiness:
+ enabled: true
+ params:
+ initialDelaySeconds: 30
+ periodSeconds: 190
+ timeoutSeconds: 185
+ liveness:
+ enabled: true
+ params:
+ initialDelaySeconds: 120
+ periodSeconds: 600
+ timeoutSeconds: 580
ovs_agent:
ovs_agent:
readiness:
@@ -490,6 +522,13 @@
neutron_metadata_agent_init:
runAsUser: 0
readOnlyRootFilesystem: true
+ neutron_ovn_metadata_agent:
+ pod:
+ runAsUser: 42424
+ container:
+ neutron_ovn_metadata_agent_init:
+ runAsUser: 0
+ readOnlyRootFilesystem: true
neutron_ovs_agent:
pod:
runAsUser: 42424
@@ -558,6 +597,9 @@
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
+ - key: node-role.kubernetes.io/control-plane
+ operator: Exists
+ effect: NoSchedule
mounts:
neutron_server:
init_container: null
@@ -584,6 +626,11 @@
neutron_metadata_agent:
volumeMounts:
volumes:
+ neutron_ovn_metadata_agent:
+ init_container: null
+ neutron_ovn_metadata_agent:
+ volumeMounts:
+ volumes:
neutron_ovs_agent:
init_container: null
neutron_ovs_agent:
@@ -661,6 +708,10 @@
enabled: true
min_ready_seconds: 0
max_unavailable: 1
+ ovn_metadata_agent:
+ enabled: true
+ min_ready_seconds: 0
+ max_unavailable: 1
ovs_agent:
enabled: true
min_ready_seconds: 0
@@ -712,6 +763,13 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+ ovn_metadata:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "1024Mi"
+ cpu: "2000m"
ovs:
requests:
memory: "128Mi"
@@ -1122,43 +1180,7 @@
sla:
failure_rate:
max: 0
- paste:
- composite:neutron:
- use: egg:Paste#urlmap
- /: neutronversions_composite
- /v2.0: neutronapi_v2_0
- composite:neutronapi_v2_0:
- use: call:neutron.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
- keystone: cors http_proxy_to_wsgi request_id catch_errors authtoken audit keystonecontext extensions neutronapiapp_v2_0
- composite:neutronversions_composite:
- use: call:neutron.auth:pipeline_factory
- noauth: cors http_proxy_to_wsgi neutronversions
- keystone: cors http_proxy_to_wsgi neutronversions
- filter:request_id:
- paste.filter_factory: oslo_middleware:RequestId.factory
- filter:catch_errors:
- paste.filter_factory: oslo_middleware:CatchErrors.factory
- filter:cors:
- paste.filter_factory: oslo_middleware.cors:filter_factory
- oslo_config_project: neutron
- filter:http_proxy_to_wsgi:
- paste.filter_factory: oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
- filter:keystonecontext:
- paste.filter_factory: neutron.auth:NeutronKeystoneContext.factory
- filter:authtoken:
- paste.filter_factory: keystonemiddleware.auth_token:filter_factory
- filter:audit:
- paste.filter_factory: keystonemiddleware.audit:filter_factory
- audit_map_file: /etc/neutron/api_audit_map.conf
- filter:extensions:
- paste.filter_factory: neutron.api.extensions:plugin_aware_extension_middleware_factory
- app:neutronversions:
- paste.app_factory: neutron.pecan_wsgi.app:versions_factory
- app:neutronapiapp_v2_0:
- paste.app_factory: neutron.api.v2.router:APIRouter.factory
- filter:osprofiler:
- paste.filter_factory: osprofiler.web:WsgiMiddleware.factory
+ paste: {}
policy: {}
api_audit_map:
DEFAULT:
@@ -1233,6 +1255,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1260,6 +1283,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1285,6 +1309,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1306,6 +1331,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1396,6 +1422,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@@ -1418,6 +1445,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@@ -1467,6 +1495,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1487,6 +1516,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1523,6 +1553,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1560,6 +1591,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
content: |
@@ -1597,6 +1629,7 @@
- l3_agent
- lb_agent
- metadata_agent
+ - ovn_metadata_agent
- ovs_agent
- sriov_agent
- netns_cleanup_cron
@@ -1743,6 +1776,7 @@
memcache_security_strategy: ENCRYPT
auth_type: password
auth_version: v3
+ service_type: network
octavia:
request_poll_timeout: 3000
logging:
@@ -1818,7 +1852,7 @@
# (NOTE)portdirect: if unset this is populated dyanmicly from the value
# in 'network.backend' to sane defaults.
mechanism_drivers: null
- type_drivers: flat,vlan,vxlan
+ type_drivers: flat,vlan,vxlan,local
tenant_network_types: vxlan
ml2_type_vxlan:
vni_ranges: 1:1000
@@ -1907,6 +1941,7 @@
enabled: true
backend: dogpile.cache.memcached
bagpipe_bgp: {}
+ ovn_metadata_agent: {}
rabbitmq:
# NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones