[openstack-dev] [lbaas][octavia] suggestion for today's meeting agenda: How to make the Amphora-agent support additional Linux flavors

Kosnik, Lubosz lubosz.kosnik at intel.com
Thu Jun 30 04:03:34 UTC 2016

Like Doug said Amphora suppose to be a black box. It suppose to get some data - like info in /etc/defaults and do everything inside on its own.
Everyone will be able to prepare his own implementation of this image without mixing things between each other.

Lubosz Kosnik
Cloud Software Engineer OSIC
lubosz.kosnik at intel.com<mailto:lubosz.kosnik at intel.com>

On Jun 29, 2016, at 3:17 PM, Gregory Haynes <greg at greghaynes.net<mailto:greg at greghaynes.net>> wrote:

On Wed, Jun 29, 2016, at 02:18 PM, Nir Magnezi wrote:
Hi Greg,

Thanks for the replay, comments inline.

On Wed, Jun 29, 2016 at 9:59 PM, Gregory Haynes <greg at greghaynes.net<mailto:greg at greghaynes.net>> wrote:

On Wed, Jun 29, 2016, at 10:26 AM, Nir Magnezi wrote:

Lately, I've been working on a fix[1] for the amhpora-agent, which currently only support Debian based flavors such as Ubuntu.

The main Issues here:
1. NIC hot plugs: Ubuntu's ethX.cfg files looks different from ifcfg-ethX files which are accepted in Linux flavors such a RHEL, CentOS and Fedora, read more in the fix commit msg.
2. The usage of Flavor specific features such as 'upstart'.

I would like to have a discussion about the second bullet mentioned above.
Due to the fact that in Octavia the loadbalancer runs inside of an instance (Amphora), There are few actions that need to take place in the Amphora instance boot process:
a. namespace and NIC created.
b. amphora agent starts
c. haproxy (and possibly keepalived) start

The Amphora-agent leverages[2] the capabilities of 'upstart' to make that happen, which is a bit problematic if we wish it to work on other flavors.
The default cloud image for Amphora today is Ubuntu, yet there are few more options[3] such as CentOS and Fedora.
Unlike the Ubuntu base image, which uses 'sysvinit', The latter two flavors use 'systemd'.
This creates incompatibility with the jinja2[4][5] templates used by the agent.

The way I see it there are two possible solutions for this:
1. Include a systemd equivalent in the fix[1] that will essentially duplicate the functionality mentioned above and work in the other flavors.
2. Have a the amphora agent be the only binary that needs to be configured to start upon boot, and that agent will take care of plugging namespaces and NICs and also spawning needs processes. This is how it is done in lbaas and l3 agents.

While the latter solution looks like a more "clean" design, the trade-off here is a bigger change to the amphora agent.

[1] https://review.openstack.org/#/c/331841/
[2] https://github.com/openstack/octavia/blob/master/octavia/amphorae/backends/agent/api_server/listener.py#L128
[3] https://github.com/openstack/octavia/blob/master/diskimage-create/diskimage-create.sh#L27
[4] https://github.com/openstack/octavia/blob/master/octavia/amphorae/backends/agent/api_server/templates/upstart.conf.j2
[5] https://github.com/openstack/octavia/blob/master/octavia/amphorae/backends/agent/api_server/templates/sysvinit.conf.j2


I have an alternative suggestion - Maybe we shouldn't be templating out the init scripts? What we are effectively doing here is code-gen which leads to problems exactly like this, and fixing it with more code gen actually makes the problem more difficult.

The incompatibility to systemd is not due to usage of templates and code generated files is a nice and useful tool to have.

Sure, its not a direct result, but it just shouldn't be necessary here and it makes this problem far more complicated than it needs to be. If we weren't using templating then supporting non-upstart would be as easy as creating a trivial init script and including it in the amphora element (which only requies copying a file in to that element, done.).

I see two fairly straightforward ways to not require this templating:

1) Use the agent to write out config for the init scripts in to /etc/defaults/amphora and have the init scripts consume that file (source variables in that file). The init script can then simply be a static file which we can even bake in to the image directly.

systemd does not use init script, which is why the current code is incompatible to the distros i mentioned.

Right, what I am saying is to separate out configuration from the init/upstart/systemd files and if necessary source that configuration. This is how init/upstart/systemd scripts are written for almost every application for a reason and why ubuntu has /etc/defaults and why systemd has things like EnvironmentFile. It sounds like the second option is what were leaning towards though, in which case this isn't needed.

2) Move the code which requires the templating in to another executable which the init scripts call out to. e.g. create a amphora-net-init executable that runs the same code as in the pre-up section of the upstart script. Then there is no need for templating in the init scripts themselves (they will all simply call the same executable) and we can also do something like bake init scripts directly in to the image.

I'm not sure I follow you here. but anyhow we cannot just give up the templates. how would you handle the parameters currently passed to those templates? some if them you cannot know in advance and just hardcode.

That is exactly what I am trying to explain :). It seems like most of the parameters simply don't need to be (why does pidfile path need to be a templated parameter? This isn't exactly unique to this application, almost every init script on the system uses a pidfile without this issue). The ones that absolutely require configuration (maybe amphora_nsname) can be split out of the init script either by using /etc/defaults or EnvironmentFile or by using the 2) proposed solution (remove the code requiring this variable in to a separate executable).

My thinking is that this is only going to get more complex - what are we going to do to support the new ubuntu LTS which is systemd based? Or if folk show up with other distros that match neither? Its a lot easier to decouple the init scripts, which are target specific, from configuration specific components and avoid this issues all together.

Well, there is a solution that I mentioned in my first mail. both neutron LBaaS and L3 agents take care of everything needed as far as namespaces , nics and processes. that would leave you with a single binary to activate upon boot.

Ah, sorry I missed that - I think having the agent 'just work' on startup sounds ideal. If that is the case then you shouldn't have any need to template out the init scripts, either and we can remove a lot of code and complexity :).



OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160630/0e3f84fc/attachment-0001.html>

More information about the OpenStack-dev mailing list