From 68408b7677e0e4e9819c0882a3a42a7f8ab5da53 Mon Sep 17 00:00:00 2001 From: Luis Tomas Bolivar Date: Fri, 29 Sep 2023 17:17:52 +0200 Subject: [PATCH] Split ovn-controller and neutron-metadata-agent roles This allows for network node deployment, where most of the time the metadata agent is not needed --- .github/workflows/molecule.yaml | 1 + playbooks/neutron_metadata.yaml | 11 ++ .../tasks/container_images.yml | 7 + roles/edpm_neutron_metadata/OWNERS | 10 + roles/edpm_neutron_metadata/defaults/main.yml | 52 ++++++ .../meta/argument_specs.yml | 115 ++++++++++++ roles/edpm_neutron_metadata/meta/main.yml | 43 +++++ .../molecule/default/collections.yml | 3 + .../molecule/default/converge.yml | 28 +++ .../molecule/default/molecule.yml | 31 ++++ .../molecule/default/prepare.yml | 41 +++++ .../test-data/10-neutron-metadata.conf | 0 .../molecule/default/verify.yml | 17 ++ .../edpm_neutron_metadata/tasks/bootstrap.yml | 25 +++ .../edpm_neutron_metadata/tasks/configure.yml | 46 +++++ .../tasks/download_cache.yml | 12 ++ roles/edpm_neutron_metadata/tasks/install.yml | 34 ++++ roles/edpm_neutron_metadata/tasks/main.yml | 26 +++ roles/edpm_neutron_metadata/tasks/run.yml | 30 +++ .../kolla_ovn_metadata_agent.yaml.j2 | 2 +- .../neutron-ovn-metadata-agent.conf.j2 | 18 ++ .../templates/ovn_metadata_agent.yaml.j2 | 16 ++ .../templates/rootwrap.conf.j2 | 8 + roles/edpm_ovn/defaults/main.yml | 44 ----- roles/edpm_ovn/meta/argument_specs.yml | 172 ------------------ roles/edpm_ovn/molecule/default/converge.yml | 2 +- roles/edpm_ovn/molecule/default/prepare.yml | 2 +- roles/edpm_ovn/molecule/default/verify.yml | 18 +- roles/edpm_ovn/tasks/bootstrap.yml | 5 + roles/edpm_ovn/tasks/configure.yml | 31 ---- roles/edpm_ovn/tasks/download_cache.yml | 1 - roles/edpm_ovn/tasks/install.yml | 2 - roles/edpm_ovn/tasks/run.yml | 12 +- .../neutron-ovn-metadata-agent.conf.j2 | 18 -- roles/edpm_ovn/templates/neutron.conf.j2 | 10 - .../templates/ovn_metadata_agent.yaml.j2 | 16 -- roles/edpm_ovn/templates/rootwrap.conf.j2 | 8 - 37 files changed, 585 insertions(+), 332 deletions(-) create mode 100644 playbooks/neutron_metadata.yaml create mode 100644 roles/edpm_neutron_metadata/OWNERS create mode 100644 roles/edpm_neutron_metadata/defaults/main.yml create mode 100644 roles/edpm_neutron_metadata/meta/argument_specs.yml create mode 100644 roles/edpm_neutron_metadata/meta/main.yml create mode 100644 roles/edpm_neutron_metadata/molecule/default/collections.yml create mode 100644 roles/edpm_neutron_metadata/molecule/default/converge.yml create mode 100644 roles/edpm_neutron_metadata/molecule/default/molecule.yml create mode 100644 roles/edpm_neutron_metadata/molecule/default/prepare.yml rename roles/{edpm_ovn => edpm_neutron_metadata}/molecule/default/test-data/10-neutron-metadata.conf (100%) create mode 100644 roles/edpm_neutron_metadata/molecule/default/verify.yml create mode 100644 roles/edpm_neutron_metadata/tasks/bootstrap.yml create mode 100644 roles/edpm_neutron_metadata/tasks/configure.yml create mode 100644 roles/edpm_neutron_metadata/tasks/download_cache.yml create mode 100644 roles/edpm_neutron_metadata/tasks/install.yml create mode 100644 roles/edpm_neutron_metadata/tasks/main.yml create mode 100644 roles/edpm_neutron_metadata/tasks/run.yml rename roles/{edpm_ovn => edpm_neutron_metadata}/templates/kolla_ovn_metadata_agent.yaml.j2 (76%) create mode 100644 roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 create mode 100644 roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 create mode 100644 roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 delete mode 100644 roles/edpm_ovn/templates/neutron-ovn-metadata-agent.conf.j2 delete mode 100644 roles/edpm_ovn/templates/neutron.conf.j2 delete mode 100644 roles/edpm_ovn/templates/ovn_metadata_agent.yaml.j2 delete mode 100644 roles/edpm_ovn/templates/rootwrap.conf.j2 diff --git a/.github/workflows/molecule.yaml b/.github/workflows/molecule.yaml index 8fbb25a62..3e8c32f43 100644 --- a/.github/workflows/molecule.yaml +++ b/.github/workflows/molecule.yaml @@ -27,6 +27,7 @@ jobs: - edpm_logrotate_crond - edpm_multipathd - edpm_network_config + - edpm_neutron_metadata - edpm_neutron_sriov - edpm_nftables - edpm_nodes_validation diff --git a/playbooks/neutron_metadata.yaml b/playbooks/neutron_metadata.yaml new file mode 100644 index 000000000..95b356d27 --- /dev/null +++ b/playbooks/neutron_metadata.yaml @@ -0,0 +1,11 @@ +--- +- name: Deploy EDPM Neutron OVN Metadata agent + hosts: all + strategy: linear + become: true + tasks: + - name: Neutron OVN Metadata agent + import_role: + name: osp.edpm.edpm_neutron_metadata + tags: + - edpm_neutron_metadata diff --git a/roles/edpm_download_cache/tasks/container_images.yml b/roles/edpm_download_cache/tasks/container_images.yml index ecffba13e..fcc082ac4 100644 --- a/roles/edpm_download_cache/tasks/container_images.yml +++ b/roles/edpm_download_cache/tasks/container_images.yml @@ -38,6 +38,13 @@ tasks_from: download_cache.yml tags: - edpm_ovn_bgp_agent + +- name: Download images for edpm_neutron_metadata role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_metadata + tasks_from: download_cache.yml + tags: + - edpm_neutron_metadata - download_cache - name: Download images for edpm_multipathd role diff --git a/roles/edpm_neutron_metadata/OWNERS b/roles/edpm_neutron_metadata/OWNERS new file mode 100644 index 000000000..7c70389c8 --- /dev/null +++ b/roles/edpm_neutron_metadata/OWNERS @@ -0,0 +1,10 @@ +# See the OWNERS docs at https://go.k8s.io/owners +approvers: + - slawqo + - luis5tb + - network-approvers + +reviewers: + - slawqo + - luis5tb + - network-approvers diff --git a/roles/edpm_neutron_metadata/defaults/main.yml b/roles/edpm_neutron_metadata/defaults/main.yml new file mode 100644 index 000000000..2d9a012f8 --- /dev/null +++ b/roles/edpm_neutron_metadata/defaults/main.yml @@ -0,0 +1,52 @@ +--- +# defaults file for edpm_ovn + +# seconds between retries for download tasks +edpm_neutron_metadata_images_download_delay: 5 + +# number of retries for download tasks +edpm_neutron_metadata_images_download_retries: 5 + +edpm_neutron_metadata_config_src: /var/lib/openstack/configs/neutron-metadata +edpm_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent +edpm_neutron_metadata_agent_log_dir: "/var/log/neutron" + +edpm_neutron_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified" + +edpm_neutron_metadata_common_volumes: + - /run/openvswitch:/run/openvswitch:z + - "{{ edpm_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z" + - /run/netns:/run/netns:shared + - /var/log/containers/neutron:/var/log/neutron:z + - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro + +# Neutron conf +# DEFAULT +edpm_neutron_metadata_agent_DEFAULT_host: '{{ ansible_facts["nodename"] }}' # also in missing vars +#edpm_ovn_metadata_agent_DEFAULT_: '' +# oslo_concurrency +edpm_neutron_metadata_agent_oslo_concurrency_lock_patch: '$state_path/lock' +# agent +edpm_neutron_metadata_agent_agent_report_interval: '300' + +# rootwrap.conf +edpm_neutron_metadata_agent_rootwrap_DEFAULT_filters_path: '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap' +edpm_neutron_metadata_agent_rootwrap_DEFAULT_exec_dirs: '/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts' +edpm_neutron_metadata_agent_rootwrap_DEFAULT_use_syslog: 'False' +edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: 'syslog' +edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_level: 'ERROR' +edpm_neutron_metadata_agent_rootwrap_DEFAULT_daemon_timeout: '600' +edpm_neutron_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: '1024' + +# neutron-ovn-metadata-agent.conf +edpm_neutron_metadata_agent_DEFAULT_debug: 'True' +edpm_neutron_metadata_agent_DEFAULT_nova_metadata_host: '{{ edpm_neutron_metadata_agent_DEFAULT_host }}' +edpm_neutron_metadata_agent_DEFAULT_nova_metadata_protocol: 'http' +edpm_neutron_metadata_agent_DEFAULT_metadata_proxy_shared_secret: '' +edpm_neutron_metadata_agent_DEFAULT_metadata_workers: '2' +edpm_neutron_metadata_agent_DEFAULT_state_path: '/var/lib/neutron' +edpm_neutron_metadata_agent_agent_root_helper: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf' +edpm_neutron_metadata_agent_ovs_ovsdb_connection: 'tcp:127.0.0.1:6640' +edpm_neutron_metadata_agent_ovs_ovsdb_connection_timeout: '180' +edpm_neutron_metadata_agent_ovn_ovsdb_probe_interval: '60000' +edpm_neutron_metadata_agent_ovn_ovn_sb_connection: '' diff --git a/roles/edpm_neutron_metadata/meta/argument_specs.yml b/roles/edpm_neutron_metadata/meta/argument_specs.yml new file mode 100644 index 000000000..b264baf3d --- /dev/null +++ b/roles/edpm_neutron_metadata/meta/argument_specs.yml @@ -0,0 +1,115 @@ +--- +argument_specs: + # ./roles/edpm_neutron_metadata/tasks/main.yml entry point + main: + short_description: The main entry point for the edpm_neutron_metadata role. + options: + edpm_neutron_metadata_images_download_delay: + type: int + default: 5 + description: The seconds between retries for failed download tasks + edpm_neutron_metadata_images_download_retries: + type: int + default: 5 + description: The number of retries for failed download tasks + edpm_neutron_metadata_agent_agent_report_interval: + default: '300' + description: '' + type: str + edpm_neutron_metadata_agent_image: + default: quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified + description: '' + type: str + edpm_neutron_metadata_agent_log_dir: + default: /var/log/neutron + description: '' + type: str + edpm_neutron_metadata_agent_DEFAULT_debug: + default: 'True' + description: '' + type: str + edpm_neutron_metadata_agent_DEFAULT_metadata_proxy_shared_secret: + default: '' + description: '' + type: str + edpm_neutron_metadata_agent_DEFAULT_metadata_workers: + default: '2' + description: '' + type: str + edpm_neutron_metadata_agent_DEFAULT_nova_metadata_host: + default: '{{ edpm_neutron_metadata_agent_DEFAULT_host }}' + description: 'Nova Metadata host to forward metadata requests to.' + type: str + edpm_neutron_metadata_agent_DEFAULT_nova_metadata_protocol: + default: http + description: '' + type: str + edpm_neutron_metadata_agent_DEFAULT_state_path: + default: /var/lib/neutron + description: '' + type: str + edpm_neutron_metadata_agent_agent_root_helper: + default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf + description: '' + type: str + edpm_neutron_metadata_agent_ovn_ovn_sb_connection: + default: '' + description: '' + type: str + edpm_neutron_metadata_agent_ovn_ovsdb_probe_interval: + default: '60000' + description: '' + type: str + edpm_neutron_metadata_agent_ovs_ovsdb_connection: + default: tcp:127.0.0.1:6640 + description: '' + type: str + edpm_neutron_metadata_agent_ovs_ovsdb_connection_timeout: + default: '180' + description: '' + type: str + edpm_neutron_metadata_agent_oslo_concurrency_lock_patch: + default: $state_path/lock + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_daemon_timeout: + default: '600' + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_exec_dirs: + default: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_filters_path: + default: /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: + default: '1024' + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: + default: syslog + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_level: + default: ERROR + description: '' + type: str + edpm_neutron_metadata_agent_rootwrap_DEFAULT_use_syslog: + default: 'False' + description: '' + type: str + edpm_neutron_metadata_common_volumes: + default: + - /run/openvswitch:/run/openvswitch:z + - '{{ edpm_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z' + - /run/netns:/run/netns:shared + - /var/log/containers/neutron:/var/log/neutron:z + - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro + description: '' + type: list + edpm_neutron_metadata_agent_config_dir: + default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent + description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.' + type: str diff --git a/roles/edpm_neutron_metadata/meta/main.yml b/roles/edpm_neutron_metadata/meta/main.yml new file mode 100644 index 000000000..3741ff4ae --- /dev/null +++ b/roles/edpm_neutron_metadata/meta/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + namespace: openstack + author: OpenStack + description: EDPM OpenStack Role -- edpm_neutron_metadata + company: Red Hat + license: Apache-2.0 + min_ansible_version: '2.9' + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: 'EL' + versions: + - '8' + - '9' + + galaxy_tags: + - edpm + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/roles/edpm_neutron_metadata/molecule/default/collections.yml b/roles/edpm_neutron_metadata/molecule/default/collections.yml new file mode 100644 index 000000000..424ad60b8 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/collections.yml @@ -0,0 +1,3 @@ +--- +collections: +- name: community.general diff --git a/roles/edpm_neutron_metadata/molecule/default/converge.yml b/roles/edpm_neutron_metadata/molecule/default/converge.yml new file mode 100644 index 000000000..703c68aad --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/converge.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Converge + hosts: all + gather_facts: true + become: true + tasks: + - ansible.builtin.include_role: + name: "osp.edpm.edpm_neutron_metadata" + vars: + tenant_ip: "{{ ansible_host }}" + edpm_ovn_dbs: + - "{{ ansible_host }}" + edpm_neutron_metadata_config_src: "{{lookup('env', 'MOLECULE_SCENARIO_DIRECTORY')}}/test-data" diff --git a/roles/edpm_neutron_metadata/molecule/default/molecule.yml b/roles/edpm_neutron_metadata/molecule/default/molecule.yml new file mode 100644 index 000000000..a34a25ca2 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + options: + role-file: collections.yml +driver: + name: podman +platforms: +- command: /sbin/init + dockerfile: ../../../../molecule/common/Containerfile.j2 + image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} + name: instance + privileged: true + registry: + url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} + ulimits: + - host +provisioner: + log: true + name: ansible +scenario: + test_sequence: + - dependency + - destroy + - create + - prepare + - converge + - verify + - destroy +verifier: + name: ansible diff --git a/roles/edpm_neutron_metadata/molecule/default/prepare.yml b/roles/edpm_neutron_metadata/molecule/default/prepare.yml new file mode 100644 index 000000000..da5e98136 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/prepare.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Prepare test_deps + hosts: all + roles: + - role: ../../../../molecule/common/test_deps + test_deps_setup_edpm: true + test_deps_setup_stream: true + test_deps_extra_packages: + - openvswitch + - iproute + - podman +- name: Prepare + hosts: all + gather_facts: true + tasks: + - ansible.builtin.include_role: + name: osp.edpm.env_data + + # The openvswitch kernel module needs to be loaded on the host + - name: install and modprobe openvswitch + shell: | + sudo dnf -y install openvswitch + sudo modprobe openvswitch + delegate_to: localhost + run_once: true + + post_tasks: [] diff --git a/roles/edpm_ovn/molecule/default/test-data/10-neutron-metadata.conf b/roles/edpm_neutron_metadata/molecule/default/test-data/10-neutron-metadata.conf similarity index 100% rename from roles/edpm_ovn/molecule/default/test-data/10-neutron-metadata.conf rename to roles/edpm_neutron_metadata/molecule/default/test-data/10-neutron-metadata.conf diff --git a/roles/edpm_neutron_metadata/molecule/default/verify.yml b/roles/edpm_neutron_metadata/molecule/default/verify.yml new file mode 100644 index 000000000..e6a5dd944 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/verify.yml @@ -0,0 +1,17 @@ +--- +- name: Verify + hosts: all + tasks: + - name: Ensure that 10-neutron-metadata.conf was copied into the container + block: + - name: metadata config file exists + become: true + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent/10-neutron-metadata.conf" + register: metadata_config + + - name: assert that the config exists + ansible.builtin.assert: + that: + - metadata_config.stat.exists + fail_msg: "metadata agent config file does not exist" diff --git a/roles/edpm_neutron_metadata/tasks/bootstrap.yml b/roles/edpm_neutron_metadata/tasks/bootstrap.yml new file mode 100644 index 000000000..9484621d7 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/bootstrap.yml @@ -0,0 +1,25 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure the Openvswitch package is installed + ansible.builtin.package: + name: openvswitch + state: present + +- name: Ensure the OVS service is running + ansible.builtin.systemd: + name: openvswitch + state: started diff --git a/roles/edpm_neutron_metadata/tasks/configure.yml b/roles/edpm_neutron_metadata/tasks/configure.yml new file mode 100644 index 000000000..b924c4bfc --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/configure.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Configure neutron configuration files + block: + - name: Render neutron config files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ edpm_neutron_metadata_agent_config_dir }}/{{ item.dest }}" + setype: "container_file_t" + mode: "0644" + loop: + - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} + + - name: Discover secrets in {{ edpm_neutron_metadata_config_src }} + ansible.builtin.find: + paths: "{{ edpm_neutron_metadata_config_src }}" + file_type: file + recurse: yes + patterns: + - "*metadata*conf" + register: edpm_neutron_metadata_secrets + delegate_to: localhost + become: false + + - name: Flatten secrets into {{ edpm_neutron_metadata_agent_config_dir }} + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_metadata_agent_config_dir }}/{{ item.path | basename }}" + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_neutron_metadata_secrets.files }}" diff --git a/roles/edpm_neutron_metadata/tasks/download_cache.yml b/roles/edpm_neutron_metadata/tasks/download_cache.yml new file mode 100644 index 000000000..ce9988dc0 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/download_cache.yml @@ -0,0 +1,12 @@ +--- + +- name: Download needed container images + containers.podman.podman_image: + name: "{{ item }}" + loop: + - "{{ edpm_neutron_metadata_agent_image }}" + become: true + register: edpm_neutron_metadata_images_download + until: edpm_neutron_metadata_images_download.failed == false + retries: "{{ edpm_neutron_metadata_images_download_retries }}" + delay: "{{ edpm_neutron_metadata_images_download_delay }}" diff --git a/roles/edpm_neutron_metadata/tasks/install.yml b/roles/edpm_neutron_metadata/tasks/install.yml new file mode 100644 index 000000000..c38bc2512 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/install.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create persistent directories + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + setype: "container_file_t" + mode: "{{ item.mode | default(omit) }}" + loop: + - {'path': "{{ edpm_neutron_metadata_agent_config_dir }}"} + - {'path': "/var/log/containers/neutron"} + +- name: Enable virt_sandbox_use_netlink for healthcheck + ansible.posix.seboolean: + name: virt_sandbox_use_netlink + persistent: true + state: true + when: + - ansible_facts.selinux is defined + - ansible_facts.selinux.status == "enabled" diff --git a/roles/edpm_neutron_metadata/tasks/main.yml b/roles/edpm_neutron_metadata/tasks/main.yml new file mode 100644 index 000000000..2fcab6292 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/main.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Include host prep tasks + ansible.builtin.import_tasks: install.yml + +- name: Include bootstrap tasks + ansible.builtin.import_tasks: bootstrap.yml + +- name: Configure neutron metadata agent + ansible.builtin.import_tasks: configure.yml + +- name: Ensure neutron-metadata-agent is running + ansible.builtin.import_tasks: run.yml diff --git a/roles/edpm_neutron_metadata/tasks/run.yml b/roles/edpm_neutron_metadata/tasks/run.yml new file mode 100644 index 000000000..63319371b --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/run.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure /usr/libexec/edpm-start-podman-container exists + ansible.builtin.import_role: + name: edpm_container_manage + tasks_from: shutdown.yml + +- name: Run ovn_metadata_agent container + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: ovn_metadata_agent + edpm_container_standalone_container_defs: + ovn_metadata_agent: "{{ lookup('template', 'ovn_metadata_agent.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + ovn_metadata_agent: "{{ lookup('template', 'kolla_ovn_metadata_agent.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_ovn/templates/kolla_ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 similarity index 76% rename from roles/edpm_ovn/templates/kolla_ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 index da08ffa6f..2fda3d420 100644 --- a/roles/edpm_ovn/templates/kolla_ovn_metadata_agent.yaml.j2 +++ b/roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 @@ -1,4 +1,4 @@ -command: "neutron-ovn-metadata-agent --log-file={{ edpm_ovn_metadata_agent_log_dir }}/ovn-metadata-agent.log" +command: "neutron-ovn-metadata-agent --log-file={{ edpm_neutron_metadata_agent_log_dir }}/ovn-metadata-agent.log" permissions: - owner: neutron:neutron path: /var/log/neutron diff --git a/roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 b/roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 new file mode 100644 index 000000000..b9d64ce3a --- /dev/null +++ b/roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 @@ -0,0 +1,18 @@ +[DEFAULT] +debug = {{ edpm_neutron_metadata_agent_DEFAULT_debug }} +nova_metadata_host = {{ edpm_neutron_metadata_agent_DEFAULT_nova_metadata_host }} +nova_metadata_protocol = {{ edpm_neutron_metadata_agent_DEFAULT_nova_metadata_protocol }} +metadata_proxy_shared_secret = {{ edpm_neutron_metadata_agent_DEFAULT_metadata_proxy_shared_secret }} +metadata_workers = {{ edpm_neutron_metadata_agent_DEFAULT_metadata_workers }} +state_path = {{ edpm_neutron_metadata_agent_DEFAULT_state_path }} + +[agent] +root_helper = {{ edpm_neutron_metadata_agent_agent_root_helper }} + +[ovs] +ovsdb_connection = {{ edpm_neutron_metadata_agent_ovs_ovsdb_connection }} +ovsdb_connection_timeout = {{ edpm_neutron_metadata_agent_ovs_ovsdb_connection_timeout }} + +[ovn] +ovsdb_probe_interval = {{ edpm_neutron_metadata_agent_ovn_ovsdb_probe_interval }} +ovn_sb_connection = {{ edpm_neutron_metadata_agent_ovn_ovn_sb_connection }} diff --git a/roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 new file mode 100644 index 000000000..89071c7a9 --- /dev/null +++ b/roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 @@ -0,0 +1,16 @@ +start_order: 2 +image: "{{ edpm_neutron_metadata_agent_image }}" +net: host +privileged: true +user: root +restart: always +depends_on: + - openvswitch.service +volumes: + {% set edpm_neutron_metadata_volumes = [] %} + {%- set edpm_neutron_metadata_volumes = + edpm_neutron_metadata_volumes + + edpm_neutron_metadata_common_volumes %} + {{ edpm_neutron_metadata_volumes }} +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 b/roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 new file mode 100644 index 000000000..eb5ca7f8e --- /dev/null +++ b/roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 @@ -0,0 +1,8 @@ +[DEFAULT] +filters_path = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_filters_path }} +exec_dirs = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_exec_dirs }} +use_syslog = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_use_syslog }} +syslog_log_facility = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_facility }} +syslog_log_level = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_level }} +daemon_timeout = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_daemon_timeout }} +rlimit_nofile = {{ edpm_neutron_metadata_agent_rootwrap_DEFAULT_rlimit_nofile }} diff --git a/roles/edpm_ovn/defaults/main.yml b/roles/edpm_ovn/defaults/main.yml index ca27a126e..63c3dfd7b 100644 --- a/roles/edpm_ovn/defaults/main.yml +++ b/roles/edpm_ovn/defaults/main.yml @@ -8,8 +8,6 @@ edpm_ovn_images_download_delay: 5 edpm_ovn_images_download_retries: 5 edpm_ovn_config_src: /var/lib/openstack/configs/ovn -edpm_ovn_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent -edpm_ovn_metadata_agent_log_dir: "/var/log/neutron" edpm_ovn_bridge: br-int edpm_ovn_bridge_mappings: ["datacentre:br-ex"] @@ -47,7 +45,6 @@ edpm_ovn_of_probe_interval: 60 edpm_ovn_remote_probe_interval: 60000 edpm_ovn_ofctrl_wait_before_clear: 8000 edpm_ovn_controller_agent_image: "quay.io/podified-antelope-centos9/openstack-ovn-controller:current-podified" -edpm_ovn_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified" edpm_ovn_encap_ip: "{{ tenant_ip }}" edpm_ovn_protocol: "{% if edpm_enable_internal_tls | bool %}ssl{% else %}tcp{% endif %}" @@ -59,14 +56,6 @@ edpm_ovn_controller_common_volumes: - /var/log/containers/openvswitch:/var/log/ovn:z - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro -edpm_ovn_metadata_common_volumes: - - /lib/modules:/lib/modules:ro - - /run/openvswitch:/run/openvswitch:z - - "{{ edpm_ovn_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z" - - /run/netns:/run/netns:shared - - /var/log/containers/neutron:/var/log/neutron:z - - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - edpm_ovn_controller_tls_volumes: - /etc/pki/tls/certs/:/etc/pki/tls/certs/ - /etc/pki/tls/private/:/etc/pki/tls/private/ @@ -95,36 +84,3 @@ edpm_ovn_ovs_external_ids: # Set openvswitch other_config. edpm_ovn_ovs_other_config: vlan-limit: 0 - -# Neutron conf -# DEFAULT -edpm_ovn_metadata_agent_DEFAULT_debug: false -edpm_ovn_metadata_agent_DEFAULT_log_dir: '/var/log/neutron' -edpm_ovn_metadata_agent_DEFAULT_host: '{{ ansible_facts["nodename"] }}' # also in missing vars -#edpm_ovn_metadata_agent_DEFAULT_: '' -# oslo_concurrency -edpm_ovn_metadata_agent_oslo_concurrency_lock_patch: '$state_path/lock' -# agent -edpm_ovn_metadata_agent_agent_report_interval: '300' - -# rootwrap.conf -edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path: '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs: '/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog: 'False' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: 'syslog' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level: 'ERROR' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout: '600' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: '1024' - -# neutron-ovn-metadata-agent.conf -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug: 'True' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol: 'http' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: '' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers: '2' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path: '/var/lib/neutron' -edpm_ovn_metadata_agent_metadata_agent_agent_root_helper: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf' -edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection: 'tcp:127.0.0.1:6640' -edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout: '180' -edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval: '60000' -edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: '' diff --git a/roles/edpm_ovn/meta/argument_specs.yml b/roles/edpm_ovn/meta/argument_specs.yml index dbbc7edea..605a287fa 100644 --- a/roles/edpm_ovn/meta/argument_specs.yml +++ b/roles/edpm_ovn/meta/argument_specs.yml @@ -92,182 +92,10 @@ argument_specs: default: geneve description: '' type: str - edpm_ovn_metadata_agent_DEFAULT_debug: - default: false - description: '' - type: bool - edpm_ovn_metadata_agent_DEFAULT_host: - default: '{{ ansible_facts["nodename"] }}' - description: '' - type: str - edpm_ovn_metadata_agent_DEFAULT_log_dir: - default: /var/log/neutron - description: '' - type: str - edpm_ovn_metadata_agent_agent_report_interval: - default: '300' - description: '' - type: str - edpm_ovn_metadata_agent_agent_root_helper: - default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf - description: '' - type: str - edpm_ovn_metadata_agent_image: - default: quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified - description: '' - type: str - edpm_ovn_metadata_agent_log_dir: - default: /var/log/neutron - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug: - default: 'True' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: - default: '' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers: - default: '2' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: - default: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' - description: 'Nova Metadata host to forward metadata requests to.' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol: - default: http - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path: - default: /var/lib/neutron - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_agent_root_helper: - default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_config: - default: - DEFAULT: - debug: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug }}' - metadata_proxy_shared_secret: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret - }}' - metadata_workers: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers - }}' - nova_metadata_host: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host - }}' - nova_metadata_protocol: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol - }}' - state_path: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path }}' - agent: - root_helper: '{{ edpm_ovn_metadata_agent_metadata_agent_agent_root_helper }}' - ovn: - ovn_sb_connection: '{{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection - }}' - ovsdb_probe_interval: '{{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval - }}' - ovs: - ovsdb_connection: '{{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection - }}' - ovsdb_connection_timeout: '{{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout - }}' - description: '' - type: dict - edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: - default: '' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval: - default: '60000' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection: - default: tcp:127.0.0.1:6640 - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout: - default: '180' - description: '' - type: str - edpm_ovn_metadata_agent_neutron_config: - default: - DEFAULT: - debug: '{{ edpm_ovn_metadata_agent_DEFAULT_debug }}' - host: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' - log_dir: '{{ edpm_ovn_metadata_agent_DEFAULT_log_dir }}' - agent: - report_interval: '{{ edpm_ovn_metadata_agent_agent_report_interval }}' - oslo_concurrency: - lock_path: '{{ edpm_ovn_metadata_agent_oslo_concurrency_lock_patch }}' - description: '' - type: dict - edpm_ovn_metadata_agent_oslo_concurrency_lock_patch: - default: $state_path/lock - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout: - default: '600' - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs: - default: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path: - default: /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: - default: '1024' - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: - default: syslog - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level: - default: ERROR - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog: - default: 'False' - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_config: - default: - DEFAULT: - daemon_timeout: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout - }}' - exec_dirs: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs }}' - filters_path: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path }}' - rlimit_nofile: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile }}' - syslog_log_facility: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility - }}' - syslog_log_level: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level - }}' - use_syslog: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog }}' - description: '' - type: dict - edpm_ovn_metadata_common_volumes: - default: - - /lib/modules:/lib/modules:ro - - /run/openvswitch:/run/openvswitch:z - - '{{ edpm_ovn_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z' - - /run/netns:/run/netns:shared - - /var/log/containers/neutron:/var/log/neutron:z - - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - description: '' - type: list edpm_ovn_multi_rhel: default: false description: '' type: bool - edpm_ovn_neutron_metadata_agent_config_dir: - default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent - description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.' - type: str edpm_ovn_of_probe_interval: default: 60 description: '' diff --git a/roles/edpm_ovn/molecule/default/converge.yml b/roles/edpm_ovn/molecule/default/converge.yml index 6cd5f206d..8e5d2a733 100644 --- a/roles/edpm_ovn/molecule/default/converge.yml +++ b/roles/edpm_ovn/molecule/default/converge.yml @@ -19,7 +19,7 @@ gather_facts: true become: true tasks: - - include_role: + - ansible.builtin.include_role: name: "osp.edpm.edpm_ovn" vars: tenant_ip: "{{ ansible_host }}" diff --git a/roles/edpm_ovn/molecule/default/prepare.yml b/roles/edpm_ovn/molecule/default/prepare.yml index 895c13ea2..794873dbb 100644 --- a/roles/edpm_ovn/molecule/default/prepare.yml +++ b/roles/edpm_ovn/molecule/default/prepare.yml @@ -27,7 +27,7 @@ hosts: all gather_facts: true tasks: - - include_role: + - ansible.builtin.include_role: name: osp.edpm.env_data # The openvswitch kernel module needs to be loaded on the host diff --git a/roles/edpm_ovn/molecule/default/verify.yml b/roles/edpm_ovn/molecule/default/verify.yml index d076d2442..31c359975 100644 --- a/roles/edpm_ovn/molecule/default/verify.yml +++ b/roles/edpm_ovn/molecule/default/verify.yml @@ -17,9 +17,9 @@ register: output failed_when: output.stdout != 'geneve' - - name: verify ovn firewall rules are applied + - name: Verify ovn firewall rules are applied block: - - name: rule source file exists + - name: Rule source file exists become: true ansible.builtin.stat: path: "/var/lib/edpm-config/firewall/ovn.yaml" @@ -98,17 +98,3 @@ - item.rc == 0 fail_msg: "rule {{ item.item }} not loaded" loop: "{{ notrack_rules_loaded.results }}" - - - name: Ensure that 10-neutron-metadata.conf was copied into the container - block: - - name: metadata config file exists - become: true - ansible.builtin.stat: - path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent/10-neutron-metadata.conf" - register: metadata_config - - - name: assert that the config exists - ansible.builtin.assert: - that: - - metadata_config.stat.exists - fail_msg: "metadata agent config file does not exist" diff --git a/roles/edpm_ovn/tasks/bootstrap.yml b/roles/edpm_ovn/tasks/bootstrap.yml index 4688de8bb..fb11067bd 100644 --- a/roles/edpm_ovn/tasks/bootstrap.yml +++ b/roles/edpm_ovn/tasks/bootstrap.yml @@ -14,6 +14,11 @@ # License for the specific language governing permissions and limitations # under the License. +- name: Ensure the Openvswitch package is installed + ansible.builtin.package: + name: openvswitch + state: present + - name: Ensure the OVS service is running ansible.builtin.systemd: name: openvswitch diff --git a/roles/edpm_ovn/tasks/configure.yml b/roles/edpm_ovn/tasks/configure.yml index 5fdd2b635..935759095 100644 --- a/roles/edpm_ovn/tasks/configure.yml +++ b/roles/edpm_ovn/tasks/configure.yml @@ -79,34 +79,3 @@ ansible.builtin.shell: > ovs-vsctl --timeout=5 --id=@manager -- create Manager target=\"ptcp:6640:127.0.0.1\" -- add Open_vSwitch . manager_options @manager when: ovs_manager_configured.rc == 1 - -- name: Configure neutron configuration files - block: - - name: render neutron config files - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ edpm_ovn_neutron_metadata_agent_config_dir }}/{{ item.dest }}" - setype: "container_file_t" - mode: "0644" - loop: - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} - - - name: discover secrets in {{ edpm_ovn_config_src }} - ansible.builtin.find: - paths: "{{ edpm_ovn_config_src }}" - file_type: file - recurse: yes - patterns: - - "*metadata*conf" - register: edpm_neutron_metadata_secrets - delegate_to: localhost - become: false - - - name: flatten secrets into {{ edpm_ovn_neutron_metadata_agent_config_dir }} - ansible.builtin.copy: - src: "{{ item.path }}" - dest: "{{ edpm_ovn_neutron_metadata_agent_config_dir }}/{{ item.path | basename }}" - setype: "container_file_t" - mode: "0644" - loop: "{{ edpm_neutron_metadata_secrets.files }}" diff --git a/roles/edpm_ovn/tasks/download_cache.yml b/roles/edpm_ovn/tasks/download_cache.yml index b9869a6b3..73abe4af4 100644 --- a/roles/edpm_ovn/tasks/download_cache.yml +++ b/roles/edpm_ovn/tasks/download_cache.yml @@ -5,7 +5,6 @@ name: "{{ item }}" loop: - "{{ edpm_ovn_controller_agent_image }}" - - "{{ edpm_ovn_metadata_agent_image }}" become: true register: edpm_ovn_images_download until: edpm_ovn_images_download.failed == false diff --git a/roles/edpm_ovn/tasks/install.yml b/roles/edpm_ovn/tasks/install.yml index b73a105e9..724a89c6a 100644 --- a/roles/edpm_ovn/tasks/install.yml +++ b/roles/edpm_ovn/tasks/install.yml @@ -21,9 +21,7 @@ setype: "container_file_t" mode: "{{ item.mode | default(omit) }}" loop: - - {'path': "{{ edpm_ovn_neutron_metadata_agent_config_dir }}"} - {'path': /var/log/containers/openvswitch, 'mode': '0750'} - - {'path': /var/log/containers/neutron, 'mode': '0750'} - {'path': /var/lib/edpm-config/firewall, 'mode': '0750'} - {'path': /var/lib/openvswitch/ovn} diff --git a/roles/edpm_ovn/tasks/run.yml b/roles/edpm_ovn/tasks/run.yml index 897478d72..528ec2ebf 100644 --- a/roles/edpm_ovn/tasks/run.yml +++ b/roles/edpm_ovn/tasks/run.yml @@ -19,19 +19,9 @@ name: edpm_container_manage tasks_from: shutdown.yml -- name: Run ovn_metadata_agent container - include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: ovn_metadata_agent - edpm_container_standalone_container_defs: - ovn_metadata_agent: "{{ lookup('template', 'ovn_metadata_agent.yaml.j2') | from_yaml }}" - edpm_container_standalone_kolla_config_files: - ovn_metadata_agent: "{{ lookup('template', 'kolla_ovn_metadata_agent.yaml.j2') | from_yaml }}" - - name: Run ovn_controller container ansible.builtin.include_role: - name: edpm_container_standalone + name: osp.edpm.edpm_container_standalone vars: edpm_container_standalone_service: ovn_controller edpm_container_standalone_container_defs: diff --git a/roles/edpm_ovn/templates/neutron-ovn-metadata-agent.conf.j2 b/roles/edpm_ovn/templates/neutron-ovn-metadata-agent.conf.j2 deleted file mode 100644 index bb551e7ae..000000000 --- a/roles/edpm_ovn/templates/neutron-ovn-metadata-agent.conf.j2 +++ /dev/null @@ -1,18 +0,0 @@ -[DEFAULT] -debug = {{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug }} -nova_metadata_host = {{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host }} -nova_metadata_protocol = {{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol }} -metadata_proxy_shared_secret = {{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret }} -metadata_workers = {{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers }} -state_path = {{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path }} - -[agent] -root_helper = {{ edpm_ovn_metadata_agent_metadata_agent_agent_root_helper }} - -[ovs] -ovsdb_connection = {{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection }} -ovsdb_connection_timeout = {{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout }} - -[ovn] -ovsdb_probe_interval = {{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval }} -ovn_sb_connection = {{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection }} diff --git a/roles/edpm_ovn/templates/neutron.conf.j2 b/roles/edpm_ovn/templates/neutron.conf.j2 deleted file mode 100644 index 02bf0e689..000000000 --- a/roles/edpm_ovn/templates/neutron.conf.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[DEFAULT] -debug = {{ edpm_ovn_metadata_agent_DEFAULT_debug }} -log_dir = {{ edpm_ovn_metadata_agent_DEFAULT_log_dir }} -host = {{ edpm_ovn_metadata_agent_DEFAULT_host }} - -[oslo_concurrency] -lock_path = {{ edpm_ovn_metadata_agent_oslo_concurrency_lock_patch }} - -[agent] -report_interval = {{ edpm_ovn_metadata_agent_agent_report_interval }} diff --git a/roles/edpm_ovn/templates/ovn_metadata_agent.yaml.j2 b/roles/edpm_ovn/templates/ovn_metadata_agent.yaml.j2 deleted file mode 100644 index a7d5ec8f8..000000000 --- a/roles/edpm_ovn/templates/ovn_metadata_agent.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -start_order: 2 -image: "{{ edpm_ovn_metadata_agent_image }}" -net: host -privileged: true -user: root -restart: always -depends_on: - - openvswitch.service -volumes: - {% set edpm_ovn_metadata_volumes = [] %} - {%- set edpm_ovn_metadata_volumes = - edpm_ovn_metadata_volumes + - edpm_ovn_metadata_common_volumes %} - {{ edpm_ovn_metadata_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_ovn/templates/rootwrap.conf.j2 b/roles/edpm_ovn/templates/rootwrap.conf.j2 deleted file mode 100644 index 543e6336c..000000000 --- a/roles/edpm_ovn/templates/rootwrap.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -[DEFAULT] -filters_path = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path }} -exec_dirs = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs }} -use_syslog = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog }} -syslog_log_facility = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility }} -syslog_log_level = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level }} -daemon_timeout = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout }} -rlimit_nofile = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile }}