Merge pull request #382 from luis5tb/metadata

Split ovn-controller and neutron-metadata-agent roles

.github/workflows/molecule.yaml

@@ -27,6 +27,7 @@ jobs:
         - edpm_logrotate_crond
         - edpm_multipathd
         - edpm_network_config
+        - edpm_neutron_metadata
         - edpm_neutron_sriov
         - edpm_nftables
         - edpm_nodes_validation

playbooks/neutron_metadata.yaml

@@ -0,0 +1,11 @@
+---
+- name: Deploy EDPM Neutron OVN Metadata agent
+  hosts: all
+  strategy: linear
+  become: true
+  tasks:
+    - name: Neutron OVN Metadata agent
+      import_role:
+        name: osp.edpm.edpm_neutron_metadata
+      tags:
+        - edpm_neutron_metadata

roles/edpm_download_cache/tasks/container_images.yml

@@ -38,6 +38,13 @@
     tasks_from: download_cache.yml
   tags:
     - edpm_ovn_bgp_agent
+
+- name: Download images for edpm_neutron_metadata role
+  ansible.builtin.include_role:
+    name: osp.edpm.edpm_neutron_metadata
+    tasks_from: download_cache.yml
+  tags:
+    - edpm_neutron_metadata
     - download_cache
 
 - name: Download images for edpm_multipathd role

roles/edpm_neutron_metadata/OWNERS

@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+approvers:
+  - slawqo
+  - luis5tb
+  - network-approvers
+
+reviewers:
+  - slawqo
+  - luis5tb
+  - network-approvers

roles/edpm_neutron_metadata/defaults/main.yml

@@ -0,0 +1,52 @@
+---
+# defaults file for edpm_ovn
+
+# seconds between retries for download tasks
+edpm_neutron_metadata_images_download_delay: 5
+
+# number of retries for download tasks
+edpm_neutron_metadata_images_download_retries: 5
+
+edpm_neutron_metadata_config_src: /var/lib/openstack/configs/neutron-metadata
+edpm_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent
+edpm_neutron_metadata_agent_log_dir: "/var/log/neutron"
+
+edpm_neutron_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified"
+
+edpm_neutron_metadata_common_volumes:
+  - /run/openvswitch:/run/openvswitch:z
+  - "{{ edpm_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z"
+  - /run/netns:/run/netns:shared
+  - /var/log/containers/neutron:/var/log/neutron:z
+  - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
+
+# Neutron conf
+# DEFAULT
+edpm_neutron_metadata_agent_DEFAULT_host: '{{ ansible_facts["nodename"] }}' # also in missing vars
+#edpm_ovn_metadata_agent_DEFAULT_: ''
+# oslo_concurrency
+edpm_neutron_metadata_agent_oslo_concurrency_lock_patch: '$state_path/lock'
+# agent
+edpm_neutron_metadata_agent_agent_report_interval: '300'
+
+# rootwrap.conf
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_filters_path: '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap'
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_exec_dirs: '/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts'
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_use_syslog: 'False'
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: 'syslog'
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_level: 'ERROR'
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_daemon_timeout: '600'
+edpm_neutron_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: '1024'
+
+# neutron-ovn-metadata-agent.conf
+edpm_neutron_metadata_agent_DEFAULT_debug: 'True'
+edpm_neutron_metadata_agent_DEFAULT_nova_metadata_host: '{{ edpm_neutron_metadata_agent_DEFAULT_host }}'
+edpm_neutron_metadata_agent_DEFAULT_nova_metadata_protocol: 'http'
+edpm_neutron_metadata_agent_DEFAULT_metadata_proxy_shared_secret: ''
+edpm_neutron_metadata_agent_DEFAULT_metadata_workers: '2'
+edpm_neutron_metadata_agent_DEFAULT_state_path: '/var/lib/neutron'
+edpm_neutron_metadata_agent_agent_root_helper: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf'
+edpm_neutron_metadata_agent_ovs_ovsdb_connection: 'tcp:127.0.0.1:6640'
+edpm_neutron_metadata_agent_ovs_ovsdb_connection_timeout: '180'
+edpm_neutron_metadata_agent_ovn_ovsdb_probe_interval: '60000'
+edpm_neutron_metadata_agent_ovn_ovn_sb_connection: ''

roles/edpm_neutron_metadata/meta/argument_specs.yml

@@ -0,0 +1,115 @@
+---
+argument_specs:
+  # ./roles/edpm_neutron_metadata/tasks/main.yml entry point
+  main:
+    short_description: The main entry point for the edpm_neutron_metadata role.
+    options:
+      edpm_neutron_metadata_images_download_delay:
+        type: int
+        default: 5
+        description: The seconds between retries for failed download tasks
+      edpm_neutron_metadata_images_download_retries:
+        type: int
+        default: 5
+        description: The number of retries for failed download tasks
+      edpm_neutron_metadata_agent_agent_report_interval:
+        default: '300'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_image:
+        default: quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_log_dir:
+        default: /var/log/neutron
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_DEFAULT_debug:
+        default: 'True'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_DEFAULT_metadata_proxy_shared_secret:
+        default: ''
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_DEFAULT_metadata_workers:
+        default: '2'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_DEFAULT_nova_metadata_host:
+        default: '{{ edpm_neutron_metadata_agent_DEFAULT_host }}'
+        description: 'Nova Metadata host to forward metadata requests to.'
+        type: str
+      edpm_neutron_metadata_agent_DEFAULT_nova_metadata_protocol:
+        default: http
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_DEFAULT_state_path:
+        default: /var/lib/neutron
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_agent_root_helper:
+        default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_ovn_ovn_sb_connection:
+        default: ''
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_ovn_ovsdb_probe_interval:
+        default: '60000'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_ovs_ovsdb_connection:
+        default: tcp:127.0.0.1:6640
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_ovs_ovsdb_connection_timeout:
+        default: '180'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_oslo_concurrency_lock_patch:
+        default: $state_path/lock
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_daemon_timeout:
+        default: '600'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_exec_dirs:
+        default: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_filters_path:
+        default: /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_rlimit_nofile:
+        default: '1024'
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_facility:
+        default: syslog
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_syslog_log_level:
+        default: ERROR
+        description: ''
+        type: str
+      edpm_neutron_metadata_agent_rootwrap_DEFAULT_use_syslog:
+        default: 'False'
+        description: ''
+        type: str
+      edpm_neutron_metadata_common_volumes:
+        default:
+        - /run/openvswitch:/run/openvswitch:z
+        - '{{ edpm_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z'
+        - /run/netns:/run/netns:shared
+        - /var/log/containers/neutron:/var/log/neutron:z
+        - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
+        description: ''
+        type: list
+      edpm_neutron_metadata_agent_config_dir:
+        default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent
+        description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.'
+        type: str

roles/edpm_neutron_metadata/meta/main.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2023 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  namespace: openstack
+  author: OpenStack
+  description: EDPM OpenStack Role -- edpm_neutron_metadata
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: '2.9'
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: 'EL'
+      versions:
+        - '8'
+        - '9'
+
+  galaxy_tags:
+    - edpm
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

roles/edpm_neutron_metadata/molecule/default/collections.yml

@@ -0,0 +1,3 @@
+---
+collections:
+- name: community.general

roles/edpm_neutron_metadata/molecule/default/converge.yml

@@ -0,0 +1,28 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Converge
+  hosts: all
+  gather_facts: true
+  become: true
+  tasks:
+    - ansible.builtin.include_role:
+        name: "osp.edpm.edpm_neutron_metadata"
+      vars:
+        tenant_ip: "{{ ansible_host }}"
+        edpm_ovn_dbs:
+          - "{{ ansible_host }}"
+        edpm_neutron_metadata_config_src: "{{lookup('env', 'MOLECULE_SCENARIO_DIRECTORY')}}/test-data"

roles/edpm_neutron_metadata/molecule/default/molecule.yml

@@ -0,0 +1,31 @@
+---
+dependency:
+  name: galaxy
+  options:
+    role-file: collections.yml
+driver:
+  name: podman
+platforms:
+- command: /sbin/init
+  dockerfile: ../../../../molecule/common/Containerfile.j2
+  image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"}
+  name: instance
+  privileged: true
+  registry:
+    url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"}
+  ulimits:
+  - host
+provisioner:
+  log: true
+  name: ansible
+scenario:
+  test_sequence:
+  - dependency
+  - destroy
+  - create
+  - prepare
+  - converge
+  - verify
+  - destroy
+verifier:
+  name: ansible

roles/edpm_neutron_metadata/molecule/default/prepare.yml

@@ -0,0 +1,41 @@
+---
+# Copyright 2023 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+- name: Prepare test_deps
+  hosts: all
+  roles:
+    - role: ../../../../molecule/common/test_deps
+      test_deps_setup_edpm: true
+      test_deps_setup_stream: true
+      test_deps_extra_packages:
+        - openvswitch
+        - iproute
+        - podman
+- name: Prepare
+  hosts: all
+  gather_facts: true
+  tasks:
+    - ansible.builtin.include_role:
+        name: osp.edpm.env_data
+
+    # The openvswitch kernel module needs to be loaded on the host
+    - name: install and modprobe openvswitch
+      shell: |
+        sudo dnf -y install openvswitch
+        sudo modprobe openvswitch
+      delegate_to: localhost
+      run_once: true
+
+  post_tasks: []

roles/edpm_neutron_metadata/molecule/default/verify.yml

@@ -0,0 +1,17 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+    - name: Ensure that 10-neutron-metadata.conf was copied into the container
+      block:
+        - name: metadata config file exists
+          become: true
+          ansible.builtin.stat:
+            path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent/10-neutron-metadata.conf"
+          register: metadata_config
+
+        - name: assert that the config exists
+          ansible.builtin.assert:
+            that:
+              - metadata_config.stat.exists
+            fail_msg: "metadata agent config file does not exist"