Merge "Removing lbaasv2 related code"
This commit is contained in:
commit
3fbb26b011
|
@ -1,39 +0,0 @@
|
|||
# Copyright 2018 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- job:
|
||||
name: kuryr-kubernetes-tempest-lbaasv2
|
||||
parent: kuryr-kubernetes-tempest-base
|
||||
description: |
|
||||
Kuryr-Kubernetes tempest job using lbaasv2
|
||||
host-vars:
|
||||
controller:
|
||||
devstack_plugins:
|
||||
neutron-lbaas: https://git.openstack.org/openstack/neutron-lbaas
|
||||
vars:
|
||||
devstack_localrc:
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2: 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'
|
||||
KURYR_K8S_LBAAS_USE_OCTAVIA: False
|
||||
devstack_services:
|
||||
q-lbaasv2: true
|
||||
kuryr-daemon: false
|
||||
|
||||
- job:
|
||||
name: kuryr-kubernetes-tempest-daemon-lbaasv2
|
||||
parent: kuryr-kubernetes-tempest-lbaasv2
|
||||
description: |
|
||||
Kuryr-Kubernetes tempest job using lbaasv2 and CNI daemon
|
||||
vars:
|
||||
devstack_services:
|
||||
kuryr-daemon: true
|
|
@ -19,7 +19,6 @@
|
|||
- kuryr-kubernetes-tempest-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-openshift-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-lbaasv2
|
||||
- kuryr-kubernetes-tempest-daemon-containerized-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-containerized-ovn
|
||||
- kuryr-kubernetes-tempest-daemon-octavia-py36
|
||||
|
@ -30,7 +29,6 @@
|
|||
jobs:
|
||||
- kuryr-kubernetes-tempest-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-lbaasv2
|
||||
- kuryr-kubernetes-tempest-daemon-containerized-octavia
|
||||
- kuryr-kubernetes-tempest-daemon-octavia-py36
|
||||
- kuryr-kubernetes-tempest-daemon-containerized-octavia-py36
|
||||
|
|
|
@ -40,11 +40,7 @@ function ovs_bind_for_kubelet() {
|
|||
kubelet-"${HOSTNAME}")
|
||||
# Need to enable Amphorae subnet access to the kubelet iface for API
|
||||
# access
|
||||
local use_octavia
|
||||
use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
|
||||
if [[ "$use_octavia" == "True" ]]; then
|
||||
openstack port set "$port_id" --security-group service_pod_access
|
||||
fi
|
||||
openstack port set "$port_id" --security-group service_pod_access
|
||||
if [[ "$KURYR_SG_DRIVER" == "namespace" ]]; then
|
||||
openstack port set "$port_id" --security-group allow_from_namespace
|
||||
openstack port set "$port_id" --security-group allow_from_default
|
||||
|
@ -293,22 +289,6 @@ function create_k8s_subnet {
|
|||
"Failed to enable routing for K8s ${subnet_name} subnet"
|
||||
}
|
||||
|
||||
# create_k8s_router_fake_service
|
||||
# Description: Creates an endpoint-less kubernetes service to keep Kubernetes
|
||||
# API server from allocating the service subnet router IP for
|
||||
# another service
|
||||
function create_k8s_router_fake_service {
|
||||
local router_ip
|
||||
local fake_svc_name
|
||||
|
||||
fake_svc_name='kuryr-svc-router'
|
||||
router_ip=$(openstack --os-cloud devstack-admin \
|
||||
--os-region "$REGION_NAME" \
|
||||
subnet show "$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
|
||||
-f value -c gateway_ip)
|
||||
create_k8s_fake_service $fake_svc_name $router_ip
|
||||
}
|
||||
|
||||
# create_k8s_fake_service
|
||||
# Description: Creates an endpoint-less kubernetes service to keep Kubernetes
|
||||
# API server from allocating this IP for another service
|
||||
|
@ -875,14 +855,8 @@ function lb_state {
|
|||
local lb_id
|
||||
|
||||
lb_id="$1"
|
||||
# Checks Neutron lbaas for the Load balancer state
|
||||
if is_service_enabled octavia; then
|
||||
openstack loadbalancer show "$lb_id" | \
|
||||
awk '/provisioning_status/ {print $4}'
|
||||
else
|
||||
neutron lbaas-loadbalancer-show "$lb_id" | \
|
||||
awk '/provisioning_status/ {print $4}'
|
||||
fi
|
||||
openstack loadbalancer show "$lb_id" | \
|
||||
awk '/provisioning_status/ {print $4}'
|
||||
}
|
||||
|
||||
function wait_for_lb {
|
||||
|
@ -933,13 +907,8 @@ function create_load_balancer {
|
|||
lb_params+=" --vip-address $4"
|
||||
fi
|
||||
|
||||
if is_service_enabled octavia; then
|
||||
lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
|
||||
openstack loadbalancer create $lb_params
|
||||
else
|
||||
lb_params+=" --tenant-id ${project_id} $lb_vip_subnet"
|
||||
neutron lbaas-loadbalancer-create $lb_params
|
||||
fi
|
||||
lb_params+=" --project ${project_id} --vip-subnet-id $lb_vip_subnet"
|
||||
openstack loadbalancer create $lb_params
|
||||
}
|
||||
|
||||
# create_load_balancer_listener
|
||||
|
@ -972,20 +941,12 @@ function create_load_balancer_listener {
|
|||
# Octavia needs the LB to be active for the listener
|
||||
wait_for_lb $lb $max_timeout
|
||||
|
||||
if is_service_enabled octavia; then
|
||||
openstack loadbalancer listener create --name "$name" \
|
||||
--protocol "$protocol" \
|
||||
--protocol-port "$port" \
|
||||
--timeout-client-data "$data_timeouts" \
|
||||
--timeout-member-data "$data_timeouts" \
|
||||
"$lb"
|
||||
else
|
||||
neutron lbaas-listener-create --name "$name" \
|
||||
--protocol "$protocol" \
|
||||
--protocol-port "$port" \
|
||||
--tenant-id "$project_id" \
|
||||
--loadbalancer "$lb"
|
||||
fi
|
||||
openstack loadbalancer listener create --name "$name" \
|
||||
--protocol "$protocol" \
|
||||
--protocol-port "$port" \
|
||||
--timeout-client-data "$data_timeouts" \
|
||||
--timeout-member-data "$data_timeouts" \
|
||||
"$lb"
|
||||
}
|
||||
|
||||
# create_load_balancer_pool
|
||||
|
@ -1018,19 +979,10 @@ function create_load_balancer_pool {
|
|||
# We must wait for the LB to be active before we can put a Pool for it
|
||||
wait_for_lb $lb
|
||||
|
||||
if is_service_enabled octavia; then
|
||||
openstack loadbalancer pool create --name "$name" \
|
||||
--listener "$listener" \
|
||||
--protocol "$protocol" \
|
||||
--lb-algorithm "$algorithm"
|
||||
else
|
||||
neutron lbaas-pool-create --name "$name" \
|
||||
--loadbalancer "$lb" \
|
||||
--listener "$listener" \
|
||||
--protocol "$protocol" \
|
||||
--tenant-id "$project_id" \
|
||||
--lb-algorithm "$algorithm"
|
||||
fi
|
||||
openstack loadbalancer pool create --name "$name" \
|
||||
--listener "$listener" \
|
||||
--protocol "$protocol" \
|
||||
--lb-algorithm "$algorithm"
|
||||
}
|
||||
|
||||
# create_load_balancer_member
|
||||
|
@ -1063,19 +1015,10 @@ function create_load_balancer_member {
|
|||
# We must wait for the pool creation update before we can add members
|
||||
wait_for_lb $lb
|
||||
|
||||
if is_service_enabled octavia; then
|
||||
openstack loadbalancer member create --name "$name" \
|
||||
--address "$address" \
|
||||
--protocol-port "$port" \
|
||||
"$pool"
|
||||
else
|
||||
neutron lbaas-member-create --name "$name" \
|
||||
--subnet "$subnet" \
|
||||
--address "$address" \
|
||||
--protocol-port "$port" \
|
||||
--tenant-id "$project_id" \
|
||||
"$pool"
|
||||
fi
|
||||
openstack loadbalancer member create --name "$name" \
|
||||
--address "$address" \
|
||||
--protocol-port "$port" \
|
||||
"$pool"
|
||||
}
|
||||
|
||||
# split_subnet
|
||||
|
@ -1111,11 +1054,7 @@ function get_loadbalancer_attribute {
|
|||
lb_name="$1"
|
||||
lb_attr="$2"
|
||||
|
||||
if is_service_enabled octavia; then
|
||||
openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value
|
||||
else
|
||||
neutron lbaas-loadbalancer-show "$lb_name" -c "$lb_attr" -f value
|
||||
fi
|
||||
openstack loadbalancer show "$lb_name" -c "$lb_attr" -f value
|
||||
}
|
||||
|
||||
# openshift_node_set_dns_config
|
||||
|
|
|
@ -53,40 +53,32 @@ TUNNEL_TYPE=vxlan
|
|||
DF_SELECTIVE_TOPO_DIST=False
|
||||
|
||||
# OCTAVIA
|
||||
KURYR_K8S_LBAAS_USE_OCTAVIA=False
|
||||
# Uncomment it to use L2 communication between loadbalancer and member pods
|
||||
# KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
|
||||
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
else
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas \
|
||||
git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
fi
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
# By default use all the services from the kuryr-kubernetes plugin
|
||||
|
||||
|
@ -211,11 +203,7 @@ enable_service kuryr-daemon
|
|||
|
||||
# Increase Octavia amphorae timeout so that the first LB amphora has time to
|
||||
# build and boot
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
else
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
fi
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
[[post-config|$OCTAVIA_CONF]]
|
||||
[controller_worker]
|
||||
|
|
|
@ -34,40 +34,32 @@ enable_service q-l3
|
|||
enable_service q-svc
|
||||
|
||||
# OCTAVIA
|
||||
KURYR_K8S_LBAAS_USE_OCTAVIA=True
|
||||
# Uncomment it to use L2 communication between loadbalancer and member pods
|
||||
# KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
|
||||
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
else
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas \
|
||||
git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
fi
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
|
||||
# Keystone
|
||||
|
@ -216,11 +208,7 @@ enable_service kuryr-daemon
|
|||
|
||||
# Increase Octavia amphorae timeout so that the first LB amphora has time to
|
||||
# build and boot
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
else
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
fi
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
[[post-config|$OCTAVIA_CONF]]
|
||||
[controller_worker]
|
||||
|
|
|
@ -42,8 +42,6 @@ enable_service q-svc
|
|||
VAR_RUN_PATH=/usr/local/var/run
|
||||
|
||||
# OCTAVIA
|
||||
KURYR_K8S_LBAAS_USE_OCTAVIA=True
|
||||
|
||||
# Uncomment it to use L2 communication between loadbalancer and member pods
|
||||
# KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
|
||||
|
||||
|
@ -64,36 +62,29 @@ KURYR_K8S_LBAAS_USE_OCTAVIA=True
|
|||
|
||||
|
||||
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
else
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas \
|
||||
git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
fi
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
|
||||
# Keystone
|
||||
|
@ -248,11 +239,7 @@ KURYR_K8S_CONTAINERIZED_DEPLOYMENT=True
|
|||
|
||||
# Increase Octavia amphorae timeout so that the first LB amphora has time to
|
||||
# build and boot
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
else
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
fi
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
[[post-config|$OCTAVIA_CONF]]
|
||||
[controller_worker]
|
||||
|
|
|
@ -30,10 +30,39 @@ disable_service q-agt
|
|||
# We have to disable the neutron dhcp agent. DF does not use the dhcp agent.
|
||||
disable_service q-dhcp
|
||||
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
# Current Octavia image generation using diskimage-builder is broken ATM
|
||||
# You can fetch a precreated qcow image from here [1] and set up octavia to
|
||||
# use it by uncommenting the following lines.
|
||||
# [1] https://tarballs.openstack.org/octavia/test-images/
|
||||
# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_SIZE=3
|
||||
# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
# Enable heat services if you want to deploy overcloud using Heat stack
|
||||
enable_plugin heat https://git.openstack.org/openstack/heat
|
||||
|
|
|
@ -39,9 +39,37 @@ disable_service q-meta
|
|||
enable_plugin neutron https://git.openstack.org/openstack/neutron
|
||||
enable_service q-trunk
|
||||
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
# Current Octavia image generation using diskimage-builder is broken ATM
|
||||
# You can fetch a precreated qcow image from here [1] and set up octavia to
|
||||
# use it by uncommenting the following lines.
|
||||
# [1] https://tarballs.openstack.org/octavia/test-images/
|
||||
# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_SIZE=3
|
||||
# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas \
|
||||
git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
|
|
|
@ -21,11 +21,39 @@ TUNNEL_TYPE=vxlan
|
|||
# Enable Keystone v3
|
||||
IDENTITY_API_VERSION=3
|
||||
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas \
|
||||
git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
# Current Octavia image generation using diskimage-builder is broken ATM
|
||||
# You can fetch a precreated qcow image from here [1] and set up octavia to
|
||||
# use it by uncommenting the following lines.
|
||||
# [1] https://tarballs.openstack.org/octavia/test-images/
|
||||
# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_SIZE=3
|
||||
# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
[[post-config|/$Q_PLUGIN_CONF_FILE]]
|
||||
[securitygroup]
|
||||
|
|
|
@ -38,48 +38,40 @@ enable_service q-svc
|
|||
# VAR_RUN_PATH=/var/run
|
||||
|
||||
# OCTAVIA
|
||||
KURYR_K8S_LBAAS_USE_OCTAVIA=True
|
||||
# Uncomment it to use L2 communication between loadbalancer and member pods
|
||||
# KURYR_K8S_OCTAVIA_MEMBER_MODE=L2
|
||||
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
# Current Octavia image generation using diskimage-builder is broken ATM
|
||||
# You can fetch a precreated qcow image from here [1] and set up octavia to
|
||||
# use it by uncommenting the following lines.
|
||||
# [1] https://tarballs.openstack.org/octavia/test-images/
|
||||
# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_SIZE=3
|
||||
# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
else
|
||||
# LBaaSv2 service and Haproxy agent
|
||||
enable_plugin neutron-lbaas \
|
||||
git://git.openstack.org/openstack/neutron-lbaas
|
||||
enable_service q-lbaasv2
|
||||
fi
|
||||
# Octavia LBaaSv2
|
||||
LIBS_FROM_GIT+=python-octaviaclient
|
||||
enable_plugin octavia https://git.openstack.org/openstack/octavia
|
||||
enable_service octavia
|
||||
enable_service o-api
|
||||
enable_service o-cw
|
||||
enable_service o-hm
|
||||
enable_service o-hk
|
||||
## Octavia Deps
|
||||
# Current Octavia image generation using diskimage-builder is broken ATM
|
||||
# You can fetch a precreated qcow image from here [1] and set up octavia to
|
||||
# use it by uncommenting the following lines.
|
||||
# [1] https://tarballs.openstack.org/octavia/test-images/
|
||||
# test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_FILE=/tmp/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
|
||||
# OCTAVIA_AMP_IMAGE_SIZE=3
|
||||
# OCTAVIA_AMP_IMAGE_NAME=test-only-amphora-x64-haproxy-ubuntu-xenial
|
||||
### Image
|
||||
### Barbican
|
||||
enable_plugin barbican https://git.openstack.org/openstack/barbican
|
||||
### Nova
|
||||
enable_service n-api
|
||||
enable_service n-api-meta
|
||||
enable_service n-cpu
|
||||
enable_service n-cond
|
||||
enable_service n-sch
|
||||
enable_service placement-api
|
||||
enable_service placement-client
|
||||
### Glance
|
||||
enable_service g-api
|
||||
enable_service g-reg
|
||||
|
||||
|
||||
# Keystone
|
||||
|
@ -238,11 +230,7 @@ enable_service kuryr-daemon
|
|||
|
||||
# Increase Octavia amphorae timeout so that the first LB amphora has time to
|
||||
# build and boot
|
||||
if [[ "$KURYR_K8S_LBAAS_USE_OCTAVIA" == "True" ]]; then
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
else
|
||||
NEUTRON_LBAAS_SERVICE_PROVIDERV2="LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default"
|
||||
fi
|
||||
IMAGE_URLS+=",http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img"
|
||||
|
||||
[[post-config|$OCTAVIA_CONF]]
|
||||
[controller_worker]
|
||||
|
|
|
@ -294,14 +294,12 @@ function configure_neutron_defaults {
|
|||
pod_subnet_id="$(openstack subnet show -c id -f value \
|
||||
"${KURYR_NEUTRON_DEFAULT_POD_SUBNET}")"
|
||||
|
||||
local use_octavia
|
||||
use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
|
||||
create_k8s_subnet "$project_id" \
|
||||
"$KURYR_NEUTRON_DEFAULT_SERVICE_NET" \
|
||||
"$KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET" \
|
||||
"$subnetpool_id" \
|
||||
"$router" \
|
||||
"$use_octavia"
|
||||
"True"
|
||||
service_subnet_id="$(openstack subnet show -c id -f value \
|
||||
"${KURYR_NEUTRON_DEFAULT_SERVICE_SUBNET}")"
|
||||
|
||||
|
@ -343,15 +341,13 @@ function configure_neutron_defaults {
|
|||
--remote-ip "$service_cidr" --ethertype IPv4 --protocol udp \
|
||||
"$service_pod_access_sg_id"
|
||||
|
||||
if [[ "$use_octavia" == "True" && \
|
||||
"$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
|
||||
if [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L3" ]]; then
|
||||
if [ -n "$sg_ids" ]; then
|
||||
sg_ids+=",${service_pod_access_sg_id}"
|
||||
else
|
||||
sg_ids="${service_pod_access_sg_id}"
|
||||
fi
|
||||
elif [[ "$use_octavia" == "True" && \
|
||||
"$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
|
||||
elif [[ "$KURYR_K8S_OCTAVIA_MEMBER_MODE" == "L2" ]]; then
|
||||
# In case the member connectivity is L2, Octavia by default uses the
|
||||
# admin 'default' sg to create a port for the amphora load balancer
|
||||
# at the member ports subnet. Thus we need to allow L2 communication
|
||||
|
@ -447,15 +443,13 @@ function configure_neutron_defaults {
|
|||
iniset "$KURYR_CONFIG" neutron_defaults external_svc_net "$ext_svc_net_id"
|
||||
iniset "$KURYR_CONFIG" octavia_defaults member_mode "$KURYR_K8S_OCTAVIA_MEMBER_MODE"
|
||||
iniset "$KURYR_CONFIG" octavia_defaults sg_mode "$KURYR_K8S_OCTAVIA_SG_MODE"
|
||||
if [[ "$use_octavia" == "True" ]]; then
|
||||
# Octavia takes a very long time to start the LB in the gate. We need
|
||||
# to tweak the timeout for the LB creation. Let's be generous and give
|
||||
# it up to 20 minutes.
|
||||
# FIXME(dulek): This might be removed when bug 1753653 is fixed and
|
||||
# Kuryr restarts waiting for LB on timeouts.
|
||||
iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200
|
||||
iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER"
|
||||
fi
|
||||
# Octavia takes a very long time to start the LB in the gate. We need
|
||||
# to tweak the timeout for the LB creation. Let's be generous and give
|
||||
# it up to 20 minutes.
|
||||
# FIXME(dulek): This might be removed when bug 1753653 is fixed and
|
||||
# Kuryr restarts waiting for LB on timeouts.
|
||||
iniset "$KURYR_CONFIG" neutron_defaults lbaas_activation_timeout 1200
|
||||
iniset "$KURYR_CONFIG" kubernetes endpoints_driver_octavia_provider "$KURYR_EP_DRIVER_OCTAVIA_PROVIDER"
|
||||
}
|
||||
|
||||
function configure_k8s_pod_sg_rules {
|
||||
|
@ -872,8 +866,6 @@ function configure_overcloud_vm_k8s_svc_sg {
|
|||
|
||||
function update_tempest_conf_file {
|
||||
|
||||
local use_octavia="$1"
|
||||
|
||||
if [[ "$KURYR_USE_PORT_POOLS" == "True" ]]; then
|
||||
iniset $TEMPEST_CONFIG kuryr_kubernetes port_pool_enabled True
|
||||
fi
|
||||
|
@ -896,10 +888,8 @@ function update_tempest_conf_file {
|
|||
iniset $TEMPEST_CONFIG kuryr_kubernetes kuryr_daemon_enabled False
|
||||
fi
|
||||
# NOTE(yboaron): Services with protocol UDP are supported in Kuryr
|
||||
# starting from Stein release and only for Octavia
|
||||
if [[ "$use_octavia" == "True" ]]; then
|
||||
iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
|
||||
fi
|
||||
# starting from Stein release
|
||||
iniset $TEMPEST_CONFIG kuryr_kubernetes test_udp_services True
|
||||
if [[ "$KURYR_CONTROLLER_HA" == "True" ]]; then
|
||||
iniset $TEMPEST_CONFIG kuryr_kubernetes ap_ha True
|
||||
fi
|
||||
|
@ -1062,12 +1052,6 @@ if [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
|||
|
||||
elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
|
||||
if is_service_enabled kuryr-kubernetes; then
|
||||
# NOTE(dulek): This is so late, because Devstack's Octavia is unable
|
||||
# to create loadbalancers until test-config phase.
|
||||
use_octavia=$(trueorfalse True KURYR_K8S_LBAAS_USE_OCTAVIA)
|
||||
if [[ "$use_octavia" == "False" ]]; then
|
||||
create_k8s_router_fake_service
|
||||
fi
|
||||
create_k8s_api_service
|
||||
#create Ingress L7 router if required
|
||||
enable_ingress=$(trueorfalse False KURYR_ENABLE_INGRESS)
|
||||
|
@ -1095,7 +1079,7 @@ elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
|
|||
fi
|
||||
fi
|
||||
if is_service_enabled tempest; then
|
||||
update_tempest_conf_file "$use_octavia"
|
||||
update_tempest_conf_file
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
@ -55,7 +55,6 @@ OPENSHIFT_API_URL=${OPENSHIFT_API_URL:-https://${HOST_IP}:${OPENSHIFT_API_PORT}}
|
|||
OPENSHIFT_CNI_BINARY_URL=${OPENSHIFT_CNI_BINARY_URL:-https://github.com/containernetworking/cni/releases/download/v0.5.2/cni-v0.5.2.tgz}
|
||||
|
||||
# Octavia
|
||||
KURYR_K8S_LBAAS_USE_OCTAVIA=${KURYR_K8S_LBAAS_USE_OCTAVIA:-True}
|
||||
KURYR_K8S_OCTAVIA_MEMBER_MODE=${KURYR_K8S_OCTAVIA_MEMBER_MODE:-L3}
|
||||
KURYR_K8S_OCTAVIA_SG_MODE=${KURYR_K8S_OCTAVIA_SG_MODE:-update}
|
||||
|
||||
|
|
|
@ -138,11 +138,7 @@ k8s_opts = [
|
|||
cfg.StrOpt('endpoints_lbaas_driver',
|
||||
help=_("The driver that provides LoadBalancers for "
|
||||
"Kubernetes Endpoints"),
|
||||
default='lbaasv2',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason="Default and supported lbaas endpoint is "
|
||||
"now Octavia",
|
||||
deprecated_since="Rocky"),
|
||||
default='lbaasv2'),
|
||||
cfg.StrOpt('endpoints_driver_octavia_provider',
|
||||
help=_("The Octavia load balancer provider that will be used "
|
||||
"to support Kubernetes Endpoints"),
|
||||
|
|
|
@ -27,7 +27,6 @@ from oslo_log import log as logging
|
|||
from oslo_utils import timeutils
|
||||
|
||||
from kuryr_kubernetes import clients
|
||||
from kuryr_kubernetes import constants as const
|
||||
from kuryr_kubernetes.controller.drivers import base
|
||||
from kuryr_kubernetes import exceptions as k_exc
|
||||
from kuryr_kubernetes.objects import lbaas as obj_lbaas
|
||||
|
@ -76,13 +75,6 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
|||
# deleted externally between 'create' and 'find'
|
||||
raise k_exc.ResourceNotReady(request)
|
||||
|
||||
try:
|
||||
if security_groups_ids is not None:
|
||||
self._ensure_security_groups(response, service_type)
|
||||
except n_exc.NeutronClientException:
|
||||
self.release_loadbalancer(response)
|
||||
raise
|
||||
|
||||
return response
|
||||
|
||||
def release_loadbalancer(self, loadbalancer):
|
||||
|
@ -112,59 +104,6 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
|||
except n_exc.NotFound:
|
||||
LOG.debug('Security group %s already deleted', sg_id)
|
||||
|
||||
def _ensure_security_groups(self, loadbalancer, service_type):
|
||||
# We only handle SGs for legacy LBaaSv2, Octavia handles it dynamically
|
||||
# according to listener ports.
|
||||
if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
|
||||
neutron = clients.get_neutron_client()
|
||||
sg_id = None
|
||||
try:
|
||||
# NOTE(dulek): We're creating another security group to
|
||||
# overcome LBaaS v2 limitations and handle SGs
|
||||
# ourselves.
|
||||
if service_type == 'LoadBalancer':
|
||||
sg_id = self._find_listeners_sg(loadbalancer)
|
||||
if not sg_id:
|
||||
sg = neutron.create_security_group({
|
||||
'security_group': {
|
||||
'name': loadbalancer.name,
|
||||
'project_id': loadbalancer.project_id,
|
||||
},
|
||||
})
|
||||
sg_id = sg['security_group']['id']
|
||||
loadbalancer.security_groups.append(sg_id)
|
||||
|
||||
neutron.update_port(
|
||||
loadbalancer.port_id,
|
||||
{'port': {
|
||||
'security_groups': loadbalancer.security_groups}})
|
||||
except n_exc.NeutronClientException:
|
||||
LOG.exception('Failed to set SG for LBaaS v2 VIP port %s.',
|
||||
loadbalancer.port_id)
|
||||
if sg_id:
|
||||
neutron.delete_security_group(sg_id)
|
||||
raise
|
||||
|
||||
def _ensure_lb_security_group_rule(self, loadbalancer, listener):
|
||||
sg_id = self._find_listeners_sg(loadbalancer)
|
||||
if sg_id:
|
||||
try:
|
||||
neutron = clients.get_neutron_client()
|
||||
neutron.create_security_group_rule({
|
||||
'security_group_rule': {
|
||||
'direction': 'ingress',
|
||||
'port_range_min': listener.port,
|
||||
'port_range_max': listener.port,
|
||||
'protocol': listener.protocol,
|
||||
'security_group_id': sg_id,
|
||||
'description': listener.name,
|
||||
},
|
||||
})
|
||||
except n_exc.NeutronClientException as ex:
|
||||
if ex.status_code != requests.codes.conflict:
|
||||
LOG.exception('Failed when creating security group rule '
|
||||
'for listener %s.', listener.name)
|
||||
|
||||
def _create_lb_security_group_rule(self, loadbalancer, listener):
|
||||
neutron = clients.get_neutron_client()
|
||||
sg_id = self._find_listeners_sg(loadbalancer)
|
||||
|
@ -371,9 +310,7 @@ class LBaaSv2Driver(base.LBaaSDriver):
|
|||
CONF.kubernetes.service_security_groups_driver == 'namespace')
|
||||
create_sg = CONF.octavia_defaults.sg_mode == 'create'
|
||||
|
||||
if loadbalancer.provider == const.NEUTRON_LBAAS_HAPROXY_PROVIDER:
|
||||
self._ensure_lb_security_group_rule(loadbalancer, listener)
|
||||
elif namespace_isolation and service_type == 'ClusterIP':
|
||||
if namespace_isolation and service_type == 'ClusterIP':
|
||||
self._extend_lb_security_group_rules(loadbalancer, listener)
|
||||
elif create_sg:
|
||||
self._create_lb_security_group_rule(loadbalancer, listener)
|
||||
|
|
Loading…
Reference in New Issue