Remove NetworkConfig override handling

This change removes the CRD level override for network config files. Instead, this allows us to use the Ansible variable directly to set any require network config customizations. Depends-On: openstack-k8s-operators/edpm-ansible#341 Depends-On: openstack-k8s-operators/ci-framework#560 Signed-off-by: Brendan Shephard <[email protected]>
openstack-k8s-operators · Sep 21, 2023 · 1faa6bd · 1faa6bd
1 parent ac44a01
commit 1faa6bd
Show file tree

Hide file tree

Showing 21 changed files with 428 additions and 160 deletions.
diff --git a/api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml b/api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml
@@ -1021,11 +1021,10 @@ spec:
                     type: array
                   managementNetwork:
                     type: string
-                  networkConfig:
-                    properties:
-                      template:
-                        type: string
-                    type: object
+                  networkAttachments:
+                    items:
+                      type: string
+                    type: array
                   networkData:
                     properties:
                       name:
@@ -1826,11 +1825,6 @@ spec:
                       type: string
                     managementNetwork:
                       type: string
-                    networkConfig:
-                      properties:
-                        template:
-                          type: string
-                      type: object
                     networkData:
                       properties:
                         name:

diff --git a/api/v1beta1/common.go b/api/v1beta1/common.go
@@ -52,11 +52,6 @@ type NodeSection struct {
 	// +kubebuilder:validation:Optional
 	HostName string `json:"hostName,omitempty"`
 
-	// NetworkConfig - Network configuration details. Contains os-net-config
-	// related properties.
-	// +kubebuilder:validation:Optional
-	NetworkConfig NetworkConfigSection `json:"networkConfig"`
-
 	// Networks - Instance networks
 	// +kubebuilder:validation:Optional
 	Networks []infranetworkv1.IPSetNetwork `json:"networks,omitempty"`
@@ -93,10 +88,10 @@ type NodeTemplate struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:io.kubernetes:Secret"}
 	AnsibleSSHPrivateKeySecret string `json:"ansibleSSHPrivateKeySecret"`
 
-	// NetworkConfig - Network configuration details. Contains os-net-config
-	// related properties.
+	// NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource
+	// which allows to connect the ansibleee runner to the given network
 	// +kubebuilder:validation:Optional
-	NetworkConfig NetworkConfigSection `json:"networkConfig,omitempty"`
+	NetworkAttachments []string `json:"networkAttachments,omitempty"`
 
 	// Networks - Instance networks
 	// +kubebuilder:validation:Optional
@@ -123,13 +118,24 @@ type NodeTemplate struct {
 	NetworkData *corev1.SecretReference `json:"networkData,omitempty"`
 }
 
-// NetworkConfigSection is a specification of the Network configuration details
-type NetworkConfigSection struct {
+// DeployStrategySection for fields controlling the deployment
+type DeployStrategySection struct {
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"}
+	// Deploy boolean to trigger ansible execution
+	// +kubebuilder:default=true
+	Deploy bool `json:"deploy"`
 
-	// Template - Contains a Ansible j2 nic config template to use when applying node
-	// network configuration
+	// AnsibleTags for ansible execution
 	// +kubebuilder:validation:Optional
-	Template string `json:"template,omitempty" yaml:"template,omitempty"`
+	AnsibleTags string `json:"ansibleTags,omitempty"`
+
+	// AnsibleLimit for ansible execution
+	// +kubebuilder:validation:Optional
+	AnsibleLimit string `json:"ansibleLimit,omitempty"`
+
+	// AnsibleSkipTags for ansible execution
+	// +kubebuilder:validation:Optional
+	AnsibleSkipTags string `json:"ansibleSkipTags,omitempty"`
 }
 
 // AnsibleEESpec is a specification of the ansible EE attributes

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml b/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml
@@ -1021,11 +1021,10 @@ spec:
                     type: array
                   managementNetwork:
                     type: string
-                  networkConfig:
-                    properties:
-                      template:
-                        type: string
-                    type: object
+                  networkAttachments:
+                    items:
+                      type: string
+                    type: array
                   networkData:
                     properties:
                       name:
@@ -1826,11 +1825,6 @@ spec:
                       type: string
                     managementNetwork:
                       type: string
-                    networkConfig:
-                      properties:
-                        template:
-                          type: string
-                      type: object
                     networkData:
                       properties:
                         name:

diff --git a/config/samples/dataplane_v1beta1_openstackdataplane_baremetal_with_ipam.yaml b/config/samples/dataplane_v1beta1_openstackdataplane_baremetal_with_ipam.yaml
@@ -0,0 +1,165 @@
+apiVersion: dataplane.openstack.org/v1beta1
+kind: OpenStackDataPlaneNodeSet
+metadata:
+  name: openstack-edpm-ipam
+spec:
+  env:
+    - name: ANSIBLE_FORCE_COLOR
+      value: "True"
+    - name: ANSIBLE_ENABLE_TASK_DEBUGGER
+      value: "True"
+  services:
+    - configure-network
+    - validate-network
+    - install-os
+    - configure-os
+    - run-os
+    - ovn
+    - libvirt
+    - nova
+  deployStrategy:
+      deploy: true
+  baremetalSetTemplate:
+    bmhNamespace: openstack
+    deploymentSSHSecret: dataplane-ansible-ssh-private-key-secret
+    bmhLabelSelector:
+      app: openstack
+    ctlplaneInterface: enp1s0
+    dnsSearchDomains:
+      - osptest.openstack.org
+    cloudUserName: cloud-admin
+  nodeTemplate:
+    ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret
+    nodes:
+       edpm-compute-0:
+         hostName: edpm-compute-0
+         ansible:
+           ansibleUser: root
+           ansibleHost: 192.168.122.100
+           ansibleVars:
+             ctlplane_ip: 192.168.122.100
+             internal_api_ip: 172.17.0.100
+             storage_ip: 172.18.0.100
+             tenant_ip: 172.19.0.100
+             fqdn_internal_api: edpm-compute-0.example.com
+         networks:
+         - name: CtlPlane
+           subnetName: subnet1
+           defaultRoute: true
+           fixedIP: 192.168.122.100
+         - name: InternalApi
+           subnetName: subnet1
+         - name: Storage
+           subnetName: subnet1
+         - name: Tenant
+           subnetName: subnet1
+    managementNetwork: ctlplane
+    ansible:
+      ansibleUser: root
+      ansiblePort: 22
+      ansibleVars:
+         service_net_map:
+           nova_api_network: internal_api
+           nova_libvirt_network: internal_api
+         edpm_chrony_ntp_servers:
+           - clock.redhat.com
+         # edpm_network_config
+         # Default nic config template for a EDPM compute node
+         # These vars are edpm_network_config role vars
+         edpm_network_config_hide_sensitive_logs: false
+         edpm_network_config_template: templates/single_nic_vlans/single_nic_vlans.j2
+         edpm_network_config_override: |
+              ---
+              {% set mtu_list = [ctlplane_mtu] %}
+              {% for network in role_networks %}
+              {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }}
+              {%- endfor %}
+              {% set min_viable_mtu = mtu_list | max %}
+              network_config:
+              - type: ovs_bridge
+                name: {{ neutron_physical_bridge_name }}
+                mtu: {{ min_viable_mtu }}
+                use_dhcp: false
+                dns_servers: {{ ctlplane_dns_nameservers }}
+                domain: {{ dns_search_domains }}
+                addresses:
+                - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }}
+                routes: {{ ctlplane_host_routes }}
+                members:
+                - type: interface
+                  name: nic1
+                  mtu: {{ min_viable_mtu }}
+                  # force the MAC address of the bridge to this interface
+                  primary: true
+              {% for network in role_networks %}
+                - type: vlan
+                  mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }}
+                  vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }}
+                  addresses:
+                  - ip_netmask:
+                      {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }}
+                  routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }}
+              {% endfor %}
+         # These vars are for the network config templates themselves and are
+         # considered EDPM network defaults.
+         neutron_physical_bridge_name: br-ex
+         neutron_public_interface_name: eth0
+         ctlplane_mtu: 1500
+         ctlplane_subnet_cidr: 24
+         ctlplane_gateway_ip: 192.168.122.1
+         ctlplane_host_routes:
+         - ip_netmask: 0.0.0.0/0
+           next_hop: 192.168.122.1
+         external_mtu: 1500
+         external_vlan_id: 44
+         external_cidr: '24'
+         external_host_routes: []
+         internal_api_mtu: 1500
+         internal_api_vlan_id: 20
+         internal_api_cidr: '24'
+         internal_api_host_routes: []
+         storage_mtu: 1500
+         storage_vlan_id: 21
+         storage_cidr: '24'
+         storage_host_routes: []
+         tenant_mtu: 1500
+         tenant_vlan_id: 22
+         tenant_cidr: '24'
+         tenant_host_routes: []
+         role_networks:
+         - InternalApi
+         - Storage
+         - Tenant
+         networks_lower:
+           External: external
+           InternalApi: internal_api
+           Storage: storage
+           Tenant: tenant
+         # edpm_nodes_validation
+         edpm_nodes_validation_validate_controllers_icmp: false
+         edpm_nodes_validation_validate_gateway_icmp: false
+         edpm_ovn_metadata_agent_DEFAULT_transport_url: rabbit://[email protected]:5672
+         edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: tcp:10.217.5.121:6642
+         edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: 127.0.0.1
+         edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: 12345678
+         edpm_ovn_metadata_agent_DEFAULT_bind_host: 127.0.0.1
+         ctlplane_dns_nameservers:
+         - 192.168.122.1
+         dns_search_domains: []
+         edpm_ovn_dbs:
+         - 192.168.122.1
+         registry_url: quay.io/podified-antelope-centos9
+         image_tag: current-podified
+         edpm_ovn_controller_agent_image: "{{ registry_url }}/openstack-ovn-controller:{{ image_tag }}"
+         edpm_iscsid_image: "{{ registry_url }}/openstack-iscsid:{{ image_tag }}"
+         edpm_logrotate_crond_image: "{{ registry_url }}/openstack-cron:{{ image_tag }}"
+         edpm_nova_compute_container_image: "{{ registry_url }}/openstack-nova-compute:{{ image_tag }}"
+         edpm_nova_libvirt_container_image: "{{ registry_url }}/openstack-nova-libvirt:{{ image_tag }}"
+         edpm_ovn_metadata_agent_image: "{{ registry_url }}/openstack-neutron-metadata-agent-ovn:{{ image_tag }}"
+         gather_facts: false
+         enable_debug: false
+         # edpm firewall, change the allowed CIDR if needed
+         edpm_sshd_configure_firewall: true
+         edpm_sshd_allowed_ranges: ['192.168.122.0/24']
+         # SELinux module
+         edpm_selinux_mode: enforcing
diff --git a/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml b/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml
@@ -47,6 +47,39 @@ spec:
          # These vars are edpm_network_config role vars
          edpm_network_config_hide_sensitive_logs: false
          edpm_network_config_template: templates/single_nic_vlans/single_nic_vlans.j2
+         edpm_network_config_override: |
+              ---
+              {% set mtu_list = [ctlplane_mtu] %}
+              {% for network in role_networks %}
+              {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }}
+              {%- endfor %}
+              {% set min_viable_mtu = mtu_list | max %}
+              network_config:
+              - type: ovs_bridge
+                name: {{ neutron_physical_bridge_name }}
+                mtu: {{ min_viable_mtu }}
+                use_dhcp: false
+                dns_servers: {{ ctlplane_dns_nameservers }}
+                domain: {{ dns_search_domains }}
+                addresses:
+                - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }}
+                routes: {{ ctlplane_host_routes }}
+                members:
+                - type: interface
+                  name: nic1
+                  mtu: {{ min_viable_mtu }}
+                  # force the MAC address of the bridge to this interface
+                  primary: true
+              {% for network in role_networks %}
+                - type: vlan
+                  mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }}
+                  vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }}
+                  addresses:
+                  - ip_netmask:
+                      {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }}
+                  routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }}
+              {% endfor %}
+
          # These vars are for the network config templates themselves and are
          # considered EDPM network defaults.
          neutron_physical_bridge_name: br-ex