diff --git a/openstack/neutron/templates/deployment-ovn-northd.yaml b/openstack/neutron/templates/deployment-ovn-northd.yaml index 2565a8dd0b4..918e92cc45c 100644 --- a/openstack/neutron/templates/deployment-ovn-northd.yaml +++ b/openstack/neutron/templates/deployment-ovn-northd.yaml @@ -9,15 +9,15 @@ metadata: kubernetes.io/description: This Deployment launches the ovn-northd. spec: progressDeadlineSeconds: 600 - replicas: 1 + replicas: {{ .Values.pod.replicas.ovn_northd }} revisionHistoryLimit: 10 selector: matchLabels: name: neutron-ovn-northd strategy: rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 + maxSurge: 2 + maxUnavailable: {{ sub .Values.pod.replicas.ovn_northd 1 }} type: RollingUpdate template: metadata: @@ -39,8 +39,9 @@ spec: command: ["/usr/bin/ovn-northd"] args: - "-vfile:off" - - "-vconsole:{{ .Values.ovn.logLevel | default "info" }}" - - "--n-threads={{ .Values.ovn.nThreads | default 1 }}" + - "-vconsole:{{ .Values.ovn.logLevel | default "INFO" }}" + - --pidfile + - --n-threads={{ .Values.ovn.nThreads | default 1 }} {{- if .Values.ovn.enableSsl }} - --certificate=/etc/pki/tls/certs/ovndb.crt - --private_key=/etc/pki/tls/certs/ovndb.key @@ -58,13 +59,10 @@ spec: value: "tcp:neutron-ovsdb-sb.{{ .Release.Namespace }}.svc.kubernetes.{{ .Values.global.region }}.cloud.sap:{{ $ovsdb_sb.DB_PORT }}" readinessProbe: exec: - command: ["/usr/bin/pidof", "ovn-northd"] - initialDelaySeconds: 5 - timeoutSeconds: 3 - periodSeconds: 3 - livenessProbe: - exec: - command: ["/usr/bin/pidof", "ovn-northd"] + command: + - sh + - -c + - ovn-appctl --target=/tmp/ovn-northd.1.ctl status | grep -qE "active|standby" initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 5 diff --git a/openstack/neutron/templates/etc/_ml2-conf.ini.tpl b/openstack/neutron/templates/etc/_ml2-conf.ini.tpl index 1c98c5e833f..d837464be55 100644 --- a/openstack/neutron/templates/etc/_ml2-conf.ini.tpl +++ b/openstack/neutron/templates/etc/_ml2-conf.ini.tpl @@ -62,6 +62,18 @@ enable_vxlan = false [ovn] {{- $ovsdb_nb := index (index .Values "ovsdb-nb") }} {{- $ovsdb_sb := index (index .Values "ovsdb-sb") }} +# we always use TCP, encryption is recommended to be done by reverse proxy ovn_nb_connection = tcp:{{ required "ovsdb-nb.EXTERNAL_IP required!" $ovsdb_nb.EXTERNAL_IP }}:{{ $ovsdb_nb.DB_PORT }} ovn_sb_connection = tcp:{{ required "ovsdb-sb.EXTERNAL_IP required!" $ovsdb_sb.EXTERNAL_IP }}:{{ $ovsdb_sb.DB_PORT }} + +ovn_l3_mode = false +ovsdb_log_level = {{ .Values.ovn.logLevel | default "INFO" }} +ovn_metadata_enabled = {{ .Values.ovn.metadata_enabled | default "false" }} +disable_ovn_dhcp_for_baremetal_ports = {{ .Values.ovn.disable_ovn_dhcp_for_baremetal_ports | default "false" }} +{{ with .Values.ovn.dns_servers }}dns_servers = {{ . | join "," }}{{ end }} +{{ with .Values.ovn.ovn_dhcp4_global_options }}ovn_dhcp4_global_options = {{ . }}{{ end }} +{{ with .Values.ovn.ovn_dhcp6_global_options }}ovn_dhcp6_global_options = {{ . }}{{ end }} +{{ with .Values.ovn.dhcp_default_lease_time }}dhcp_default_lease_time = {{ . }}{{ end }} +mac_binding_age_threshold = 86400 {{- end }} + diff --git a/openstack/neutron/templates/etc/_uwsgi.ini.tpl b/openstack/neutron/templates/etc/_uwsgi.ini.tpl index 1519e13cd09..6f7763e07d0 100644 --- a/openstack/neutron/templates/etc/_uwsgi.ini.tpl +++ b/openstack/neutron/templates/etc/_uwsgi.ini.tpl @@ -13,6 +13,9 @@ http = :{{.Values.global.neutron_api_port_internal | default 9696}} plugins-dir = /var/lib/openstack/lib need-plugins = shortmsecs +# For ML2/OVN hash register initialization +start-time = %t + # Connection tuning vacuum = true lazy-apps = true diff --git a/openstack/neutron/templates/job-ovn-db-sync.yaml b/openstack/neutron/templates/job-ovn-db-sync.yaml new file mode 100644 index 00000000000..0f622254f55 --- /dev/null +++ b/openstack/neutron/templates/job-ovn-db-sync.yaml @@ -0,0 +1,79 @@ +{{- if .Values.ovn.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: neutron-ovn-db-sync-{{ randAlphaNum 4 | lower }} + labels: + system: openstack + type: configuration + component: neutron +spec: + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: "{{ .Release.Name }}-ovn-db-sync" + spec: + restartPolicy: OnFailure + {{ include "utils.proxysql.job_pod_settings" . | nindent 6 }} + initContainers: + - name: dependencies + image: {{.Values.global.registry}}/loci-neutron:{{default .Values.imageVersion | required "Please set neutron.imageVersion or similar"}} + imagePullPolicy: IfNotPresent + command: + - kubernetes-entrypoint + env: + - name: COMMAND + value: "true" + - name: NAMESPACE + value: {{ .Release.Namespace }} + - name: DEPENDENCY_SERVICE + value: "{{ .Release.Name }}-server,{{ .Release.Name }}-ovsdb-nb,{{ .Release.Name }}-ovsdb-sb,{{ .Release.Name }}-mariadb" + {{ include "utils.sentry_config" . | nindent 12 }} + containers: + - name: {{ .Release.Name }}-ovn-db-sync + image: {{.Values.global.registry}}/loci-neutron:{{default .Values.imageVersion | required "Please set neutron.imageVersion or similar"}} + imagePullPolicy: IfNotPresent + command: ["dumb-init", "--"] + args: + - bash + - -c + - | + set -e + neutron-ovn-db-sync-util \ + --config-file /etc/neutron/neutron.conf \ + --config-file /etc/neutron/ml2-conf.ini \ + --config-dir /etc/neutron/secrets \ + --ovn-neutron_sync_mod repair + {{ include "utils.script.job_finished_hook" . | nindent 14 }} + env: + {{ include "utils.trust_bundle.env" . | nindent 12 }} + volumeMounts: + - mountPath: /etc/neutron + name: etc-neutron + readOnly: true + {{ include "utils.trust_bundle.volume_mount" . | nindent 12 }} + {{ include "utils.proxysql.volume_mount" . | nindent 12 }} + {{ include "utils.proxysql.container" . | nindent 8 }} + volumes: + - name: etc-neutron + projected: + defaultMode: 420 + sources: + - configMap: + items: + - key: neutron.conf + path: neutron.conf + - key: ml2-conf.ini + path: ml2-conf.ini + - key: logging.conf + path: logging.conf + name: neutron-etc + - secret: + name: neutron-server-secrets + items: + - key: neutron-server-secrets.conf + path: secrets/neutron-server-secrets.conf + {{ include "utils.trust_bundle.volumes" . | nindent 8 }} + {{ include "utils.proxysql.volumes" . | nindent 8 }} +{{- end }} diff --git a/openstack/neutron/values.yaml b/openstack/neutron/values.yaml index 01d364ab3ce..8cd73058cb0 100644 --- a/openstack/neutron/values.yaml +++ b/openstack/neutron/values.yaml @@ -38,7 +38,7 @@ pod: replicas: server: 3 rpc_server: 2 - ovn_db: 3 + ovn_northd: 2 lifecycle: upgrades: deployments: @@ -252,6 +252,11 @@ ovn: enableSsl: false ovsdb-sb: + service: + # requirements to be accessible from outside with Calico + type: LoadBalancer + external_traffic_policy: Local + replicaCount: 3 RAFT_PORT: 6644 DB_TYPE: sb DB_PORT: 6442 @@ -259,12 +264,16 @@ ovsdb-sb: OVN_ELECTION_TIMER: "10000" OVN_INACTIVITY_PROBE: "60000" OVN_PROBE_INTERVAL_TO_ACTIVE: "60000" - service: - # requirements to be accessible from outside with Calico - type: LoadBalancer - external_traffic_policy: Local + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi ovsdb-nb: + replicaCount: 3 RAFT_PORT: 6643 DB_TYPE: nb DB_PORT: 6441 @@ -272,6 +281,13 @@ ovsdb-nb: OVN_ELECTION_TIMER: "10000" OVN_INACTIVITY_PROBE: "60000" OVN_PROBE_INTERVAL_TO_ACTIVE: "60000" + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi asr: config_agents: [] @@ -465,6 +481,9 @@ logging_sapccsentry: networking_arista: handlers: stdout, sentry_events, sentry_breadcrumbs level: DEBUG + neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovsdb_monitor: + handlers: stdout, sentry_events, sentry_breadcrumbs + level: INFO pgmetrics: