Skip to content
This repository has been archived by the owner on Jun 25, 2024. It is now read-only.

Commit

Permalink
Add AnsibleVarsFrom
Browse files Browse the repository at this point in the history 
Inspired by Pod's Env x EnvFrom:
https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#define-an-environment-variable-for-a-container

https://github.com/kubernetes/kubernetes/blob/v1.28.7/pkg/apis/core/types.go#L2321-L2330

https://github.com/kubernetes/kubernetes/blob/v1.28.7/pkg/kubelet/kubelet_pods.go#L619

AnsibleVarsFrom will add variables from ConfigMap/Secret to the inventory,  variables from AnsibleVars will take precedence

Signed-off-by: Fabricio Aguiar <[email protected]>
  • Loading branch information
@fao89
fao89 committed Mar 6, 2024
1 parent 44f61e0 commit 574d504
Show file tree
Hide file tree
Showing 30 changed files with 593 additions and 75 deletions.
46 changes: 46 additions & 0 deletions api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,29 @@ spec:
type: string
ansibleVars:
x-kubernetes-preserve-unknown-fields: true
ansibleVarsFrom:
items:
properties:
configMapRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
type: string
secretRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
type: object
ansibleSSHPrivateKeySecret:
type: string
Expand Down Expand Up @@ -1078,6 +1101,29 @@ spec:
type: string
ansibleVars:
x-kubernetes-preserve-unknown-fields: true
ansibleVarsFrom:
items:
properties:
configMapRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
type: string
secretRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
type: object
extraMounts:
items:
Expand Down
5 changes: 5 additions & 0 deletions api/v1beta1/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ type AnsibleOpts struct {
// +kubebuilder:pruning:PreserveUnknownFields
// +kubebuilder:validation:Schemaless
AnsibleVars map[string]json.RawMessage `json:"ansibleVars,omitempty"`

// AnsibleVarsFrom is a list of sources to populate ansible variables from.
// Values defined by an AnsibleVars with a duplicate key take precedence.
// +kubebuilder:validation:Optional
AnsibleVarsFrom []corev1.EnvFromSource `json:"ansibleVarsFrom,omitempty"`
}

// NodeSection defines the top level attributes inherited by nodes in the CR.
Expand Down
7 changes: 7 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

46 changes: 46 additions & 0 deletions config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -277,6 +277,29 @@ spec:
type: string
ansibleVars:
x-kubernetes-preserve-unknown-fields: true
ansibleVarsFrom:
items:
properties:
configMapRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
type: string
secretRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
type: object
ansibleSSHPrivateKeySecret:
type: string
Expand Down Expand Up @@ -1078,6 +1101,29 @@ spec:
type: string
ansibleVars:
x-kubernetes-preserve-unknown-fields: true
ansibleVarsFrom:
items:
properties:
configMapRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
prefix:
type: string
secretRef:
properties:
name:
type: string
optional:
type: boolean
type: object
x-kubernetes-map-type: atomic
type: object
type: array
type: object
extraMounts:
items:
Expand Down
4 changes: 2 additions & 2 deletions config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,8 @@ spec:
ansibleVars:
# CHANGEME -- see https://access.redhat.com/solutions/253273
# edpm_bootstrap_command: |
# subscription-manager register --username <subscription_manager_username> --password <subscription_manager_password>
# podman login -u <registry_username> -p <registry_password> registry.redhat.io
# subscription-manager register --username {{ subscription_manager_username }} --password {{ subscription_manager_password }}
# podman login -u {{ registry_username }} -p {{ registry_password }} registry.redhat.io
edpm_network_config_template: |
---
{% set mtu_list = [ctlplane_mtu] %}
Expand Down
62 changes: 58 additions & 4 deletions docs/assemblies/ansible.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,65 @@ OpenStackDataPlaneServices>> section.
Common configurations that can be enabled with `ansibleVars` are also
documented at xref:common_configurations.adoc[Common Configurations].

'''

*NOTE*

[NOTE]
====
In the case of `ansibleVars`, the value is merged with that of the value from
the nodeTemplate. This makes it so that the entire value of `ansibleVars` from
the nodeTemplate does not need to be reproduced for each node just to set a few
node specific values.
====

== Importing ansible variables

`ansibleVarsFrom` allows you to set ansible variables for an `OpenStackDataPlaneNodeSet` by
referencing either a ConfigMap or a Secret. When you use `ansibleVarsFrom`, all the key-value
pairs in the referenced ConfigMap or Secret are set as environment variables for the `OpenStackDataPlaneNodeSet`.
You can also specify a common prefix string.

.Example:
Adding ansible variables from ConfigMap:

. Create a ConfigMap containing the ansible variables

apiVersion: v1
kind: ConfigMap
metadata:
name: common-edpm-vars
data:
edpm_config_var1: value1
edpm_config_var2: value2

. Update the `ansibleVarsFrom` with the ConfigMap name

ansibleVarsFrom:
- configMapRef:
name: common-edpm-vars

.Example:
Execute `subscription-manager register` from corresponding Secret

. Create a Secret containing the credentials

apiVersion: v1
kind: Secret
metadata:
name: subscription-manager
data:
username: <base64 encoded username>
password: <base64 encoded password>

. Update the `ansibleVarsFrom` with the Secret name, and `ansibleVars` with the variables generated from the Secret

ansibleVarsFrom:
- prefix: subscription_manager_
secretRef:
name: subscription-manager
ansibleVars:
edpm_bootstrap_command: |
subscription-manager register --username {{ subscription_manager_username }} --password {{ subscription_manager_password }}

+
[NOTE]
====
Values defined by an ansibleVars with a duplicate key take precedence
====
5 changes: 5 additions & 0 deletions docs/assemblies/custom_resources.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,11 @@ AnsibleOpts defines a logical grouping of Ansible related configuration options.
| AnsibleVars for configuring ansible
| map[string]json.RawMessage
| false
| ansibleVarsFrom
| AnsibleVarsFrom is a list of sources to populate ansible variables from. Values defined by an AnsibleVars with a duplicate key take precedence.
| []corev1.EnvFromSource
| false
|===
<<custom-resources,Back to Custom Resources>>
Expand Down
60 changes: 60 additions & 0 deletions docs/assemblies/proc_creating-a-set-of-data-plane-nodes.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,67 @@ spec:
----
+
You can copy a sample template from https://github.com/openstack-k8s-operators/dataplane-operator/tree/main/config/samples/nic-config-samples. For information about customizing the template, see link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html/installing_and_managing_red_hat_openstack_platform_with_director/assembly_configuring-overcloud-networking_installing-director-on-the-undercloud#ref_network-interface-configuration-options_custom-network-interface-templates[Network interface configuration options].
ifeval::["{build}" == "downstream"]
. Register the operating system of the nodes that are not registered to the Red Hat Customer Portal, and enable repositories for your nodes:
+
----
apiVersion: v1
kind: Secret
metadata:
name: subscription-manager
data:
username: <subscription_manager_username>
password: <subscription_manager_password>
----
+
* Replace `<subscription_manager_username>` with the applicable user name.
* Replace `<subscription_manager_password>` with the applicable password.

+
----
apiVersion: v1
kind: Secret
metadata:
name: redhat-registry
data:
username: <registry_username>
password: <registry_password>
----
+
* Replace `<registry_username>` with the applicable user name.
* Replace `<registry_password>` with the applicable password.

+
----
apiVersion: dataplane.openstack.org/v1beta1
kind: OpenStackDataPlaneNodeSet
metadata:
name: openstack-edpm-ipam
spec:
preProvisioned: True
...
nodeTemplate:
ansible:
...
ansibleVars:
edpm_bootstrap_command: |
subscription-manager register --username {{ subscription_manager_username }} --password {{ subscription_manager_password }}
subscription-manager release --set=9.2
subscription-manager repos --disable=*
subscription-manager repos --enable=rhel-9-for-x86_64-baseos-eus-rpms --enable=rhel-9-for-x86_64-appstream-eus-rpms --enable=rhel-9-for-x86_64-highavailability-eus-rpms --enable=openstack-17.1-for-rhel-9-x86_64-rpms --enable=fast-datapath-for-rhel-9-x86_64-rpms --enable=openstack-dev-preview-for-rhel-9-x86_64-rpms
podman login -u {{ registry_username }} -p {{ registry_password }} registry.redhat.io
ansibleVarsFrom:
- prefix: subscription_manager_
secretRef:
name: subscription-manager
- prefix: registry_
secretRef:
name: redhat-registry
----

+
For a complete list of the Red Hat Customer Portal registration commands, see https://access.redhat.com/solutions/253273. For information about how to log into `registry.redhat.io`, see https://access.redhat.com/RegistryAuthentication#creating-registry-service-accounts-6.
endif::[]
. If your nodes are bare metal, you must configure the bare metal template, see xref:con_provisioning-bare-metal-data-plane-nodes_{context}[Provisioning bare metal data plane nodes].

. Optional: The sample `OpenStackDataPlaneNodeSet` CR you copied includes default node configurations under the `nodes` section. You can add additional nodes, and edit the configured values as required. For example, to add node-specific Ansible variables that customize the node, add the following configuration to your `openstack-edpm.yaml` file:
Expand Down
13 changes: 13 additions & 0 deletions examples/base/config/varsfromname.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# This file is for teaching kustomize how to substitute ansibleVarsFrom name reference in OpenStackDataPlaneNodeSet
nameReference:
- kind: ConfigMap
version: v1
fieldSpecs:
- kind: OpenStackDataPlaneNodeSet
version: v1beta1
group: dataplane.openstack.org
path: spec/nodeTemplate/ansible/ansibleVarsFrom/configMapRef/name
- kind: OpenStackDataPlaneNodeSet
version: v1beta1
group: dataplane.openstack.org
path: spec/nodeTemplate/ansible/ansibleVarsFrom/secretRef/name
59 changes: 16 additions & 43 deletions examples/base/crs/openstackdataplanenodeset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,54 +44,27 @@ spec:
nodeTemplate:
ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret
ansible:
ansibleVarsFrom:
- prefix: edpm_
configMapRef:
name: network-config-template
- prefix: neutron_
configMapRef:
name: neutron-edpm
# CHANGEME -- see https://access.redhat.com/solutions/253273
# - prefix: subscription_manager_
# secretRef:
# name: subscription-manager
# - prefix: registry_
# secretRef:
# name: redhat-registry
ansibleVars:
# CHANGEME -- see https://access.redhat.com/solutions/253273
# edpm_bootstrap_command: |
# subscription-manager register --username <subscription_manager_username> --password <subscription_manager_password>
# podman login -u <registry_username> -p <registry_password> registry.redhat.io
edpm_network_config_template: |
---
{% set mtu_list = [ctlplane_mtu] %}
{% for network in role_networks %}
{{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }}
{%- endfor %}
{% set min_viable_mtu = mtu_list | max %}
network_config:
- type: ovs_bridge
name: {{ neutron_physical_bridge_name }}
mtu: {{ min_viable_mtu }}
use_dhcp: false
dns_servers: {{ ctlplane_dns_nameservers }}
domain: {{ dns_search_domains }}
addresses:
- ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }}
routes: {{ ctlplane_host_routes }}
members:
- type: interface
name: nic1
mtu: {{ min_viable_mtu }}
# force the MAC address of the bridge to this interface
primary: true
{% for network in role_networks %}
- type: vlan
mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }}
vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }}
addresses:
- ip_netmask:
{{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }}
routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }}
{% endfor %}
# These vars are for the network config templates themselves and are
# considered EDPM network defaults.
neutron_physical_bridge_name: br-ex
neutron_public_interface_name: eth0
# edpm_nodes_validation
# subscription-manager register --username {{ subscription_manager_username }} --password {{ subscription_manager_password }}
# podman login -u {{ registry_username }} -p {{ registry_password }} registry.redhat.io
edpm_nodes_validation_validate_controllers_icmp: false
edpm_nodes_validation_validate_gateway_icmp: false
ctlplane_dns_nameservers:
- 192.168.122.1
dns_search_domains: []
gather_facts: false
enable_debug: false
# edpm firewall, change the allowed CIDR if needed
Expand Down
Loading

0 comments on commit 574d504

Please sign in to comment.