From fa349ee4f4a6dfe8eca2076722bf04fecaeea638 Mon Sep 17 00:00:00 2001 From: Numan Siddique Date: Tue, 22 Oct 2019 19:25:35 +0530 Subject: [PATCH] ovn standalone: Start OVN ovsdb-servers using the kolla startup script Prior to this patch, ovsdb-servers are started directly. This doesn't take care of any ovsdb schema updates. Instead, if we use the start-nb/sb-db-server.sh (generated by kolla OVN images [1]) it takes care of creating the db file from the schema file if the db file doesn't exist. It also takes care of updating the db file if schema was updated. The start-nb/sb-db-server.sh used ovn-ctl script internally. This patch also prepares the ground for using the latest OVN. OVN is split from openvswitch and it has its own code repo. After the split, OVN has its own run dir (/var/run/ovn), db dir (/etc/ovn/), log dir (/var/logs/ovn) and datadir - /usr/share/ovn/scripts. With this patch, it supports running older version (2.11) or new version (2.12) without any issues. It mounts the host directories accordingly so that there is no impact when OVN is updated and it is transparent. Closes-bug: #1853272 Change-Id: I1fbfaf43af17b558497fd2b46fc4278b4703ec74 Signed-off-by: Numan Siddique --- .../ovn/ovn-controller-container-puppet.yaml | 6 ++ deployment/ovn/ovn-dbs-container-puppet.yaml | 88 ++++++------------- 2 files changed, 31 insertions(+), 63 deletions(-) diff --git a/deployment/ovn/ovn-controller-container-puppet.yaml b/deployment/ovn/ovn-controller-container-puppet.yaml index 310f335ceb..79ab58859c 100644 --- a/deployment/ovn/ovn-controller-container-puppet.yaml +++ b/deployment/ovn/ovn-controller-container-puppet.yaml @@ -204,6 +204,9 @@ outputs: - path: /var/log/openvswitch owner: root:root recurse: true + - path: /var/log/ovn + owner: root:root + recurse: true metadata_settings: if: - internal_tls_enabled @@ -252,7 +255,9 @@ outputs: # openvswitch systemd script is fixed to not delete /run/openvswitch # folder in the host when openvswitch service is stopped. - /run:/run + - /var/lib/openvswitch/ovn:/run/ovn:shared,z - /var/log/containers/openvswitch:/var/log/openvswitch:z + - /var/log/containers/openvswitch:/var/log/ovn:z - if: - internal_tls_enabled - @@ -274,6 +279,7 @@ outputs: setype: "{{ item.setype }}" with_items: - { 'path': /var/log/containers/openvswitch, 'setype': svirt_sandbox_file_t, 'mode': '0750' } + - { 'path': /var/lib/openvswitch/ovn, 'setype': svirt_sandbox_file_t } - name: enable virt_sandbox_use_netlink for healthcheck seboolean: name: virt_sandbox_use_netlink diff --git a/deployment/ovn/ovn-dbs-container-puppet.yaml b/deployment/ovn/ovn-dbs-container-puppet.yaml index 3bc906c053..7f41819a23 100644 --- a/deployment/ovn/ovn-dbs-container-puppet.yaml +++ b/deployment/ovn/ovn-dbs-container-puppet.yaml @@ -86,43 +86,23 @@ outputs: include ::tripleo::profile::base::neutron::ovn_northd #unused kolla_config: /var/lib/kolla/config_files/ovn_north_db_server.json: - command: - list_join: - - ' ' - - - '/usr/sbin/ovsdb-server' - - '/var/lib/openvswitch/ovnnb.db' - - '--pidfile=/run/openvswitch/ovnnb_db.pid' - - '-vconsole:emer -vsyslog:err -vfile:info' - - '--remote=punix:/run/openvswitch/ovnnb_db.sock' - - '--unixctl=/run/openvswitch/ovnnb_db.ctl' - - '--remote=db:OVN_Northbound,NB_Global,connections' - - '--private-key=db:OVN_Northbound,SSL,private_key' - - '--certificate=db:OVN_Northbound,SSL,certificate' - - '--ca-cert=db:OVN_Northbound,SSL,ca_cert' - - '--log-file=/var/log/openvswitch/ovsdb-server-nb.log' + command: /usr/local/bin/start-nb-db-server permissions: - path: /var/log/openvswitch owner: root:root recurse: true + - path: /var/log/ovn + owner: root:root + recurse: true /var/lib/kolla/config_files/ovn_south_db_server.json: - command: - list_join: - - ' ' - - - '/usr/sbin/ovsdb-server' - - '/var/lib/openvswitch/ovnsb.db' - - '--pidfile=/run/openvswitch/ovnsb_db.pid' - - '-vconsole:emer -vsyslog:err -vfile:info' - - '--remote=punix:/run/openvswitch/ovnsb_db.sock' - - '--unixctl=/run/openvswitch/ovnsb_db.ctl' - - '--remote=db:OVN_Southbound,SB_Global,connections' - - '--private-key=db:OVN_Southbound,SSL,private_key' - - '--certificate=db:OVN_Southbound,SSL,certificate' - - '--ca-cert=db:OVN_Southbound,SSL,ca_cert' - - '--log-file=/var/log/openvswitch/ovsdb-server-sb.log' + command: /usr/local/bin/start-sb-db-server permissions: - path: /var/log/openvswitch owner: root:root recurse: true + - path: /var/log/ovn + owner: root:root + recurse: true /var/lib/kolla/config_files/ovn_northd.json: command: list_join: @@ -136,44 +116,14 @@ outputs: - path: /var/log/openvswitch owner: root:root recurse: true + - path: /var/log/ovn + owner: root:root + recurse: true docker_config: - step_3: - ovn_north_db_init: - image: &northd_db_image {get_param: ContainerOvnNbDbImage} - net: host - privileged: false - detach: false - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro - - /lib/modules:/lib/modules:ro - - /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z - - /var/lib/openvswitch/ovn:/run/openvswitch:shared,z - - /var/log/containers/openvswitch:/var/log/openvswitch:z - command: "ovsdb-tool create /var/lib/openvswitch/ovnnb.db /usr/share/openvswitch/ovn-nb.ovsschema" - ovn_south_db_init: - image: &south_db_image {get_param: ContainerOvnSbDbImage} - net: host - privileged: false - detach: false - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/ovn_north_db_server.json:/var/lib/kolla/config_files/config.json:ro - - /lib/modules:/lib/modules:ro - - /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z - - /var/lib/openvswitch/ovn:/run/openvswitch:shared,z - - /var/log/containers/openvswitch:/var/log/openvswitch:z - command: "ovsdb-tool create /var/lib/openvswitch/ovnsb.db /usr/share/openvswitch/ovn-sb.ovsschema" step_4: ovn_north_db_server: start_order: 0 - image: *northd_db_image + image: {get_param: ContainerOvnNbDbImage} net: host privileged: false restart: always @@ -186,11 +136,16 @@ outputs: - /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z - /var/lib/openvswitch/ovn:/run/openvswitch:shared,z - /var/log/containers/openvswitch:/var/log/openvswitch:z + - /var/lib/openvswitch/ovn:/var/lib/ovn:shared,z + - /var/lib/openvswitch/ovn:/etc/openvswitch:shared,z + - /var/lib/openvswitch/ovn:/etc/ovn:shared,z + - /var/lib/openvswitch/ovn:/run/ovn:shared,z + - /var/log/containers/openvswitch:/var/log/ovn:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS ovn_south_db_server: start_order: 0 - image: *south_db_image + image: {get_param: ContainerOvnSbDbImage} net: host privileged: false restart: always @@ -203,6 +158,11 @@ outputs: - /var/lib/openvswitch/ovn:/var/lib/openvswitch:shared,z - /var/lib/openvswitch/ovn:/run/openvswitch:shared,z - /var/log/containers/openvswitch:/var/log/openvswitch:z + - /var/lib/openvswitch/ovn:/var/lib/ovn:shared,z + - /var/lib/openvswitch/ovn:/etc/openvswitch:shared,z + - /var/lib/openvswitch/ovn:/etc/ovn:shared,z + - /var/lib/openvswitch/ovn:/run/ovn:shared,z + - /var/log/containers/openvswitch:/var/log/ovn:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS configure_ovn_north_db_server: @@ -231,6 +191,8 @@ outputs: - /lib/modules:/lib/modules:ro - /var/lib/openvswitch/ovn:/run/openvswitch:shared,z - /var/log/containers/openvswitch:/var/log/openvswitch:z + - /var/lib/openvswitch/ovn:/run/ovn:shared,z + - /var/log/containers/openvswitch:/var/log/ovn:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS host_prep_tasks: