diff --git a/.github/workflows/molecule.yaml b/.github/workflows/molecule.yaml index 5d73d55d3..01bf34624 100644 --- a/.github/workflows/molecule.yaml +++ b/.github/workflows/molecule.yaml @@ -28,7 +28,6 @@ jobs: - edpm_neutron_sriov - edpm_nftables - edpm_nodes_validation - - edpm_nova_compute - edpm_ovn - edpm_sshd - edpm_ssh_known_hosts @@ -42,7 +41,6 @@ jobs: # - edpm_ovn_bgp_agent # - edpm_chrony # - edpm_podman - # - edpm_nova_libvirt # Will not be tested PR#94 # - edpm_module_load # - edpm_kernel # - edpm_frr diff --git a/docs/source/roles/role-edpm_nova_compute.rst b/docs/source/roles/role-edpm_nova_compute.rst deleted file mode 100644 index 7fdd42729..000000000 --- a/docs/source/roles/role-edpm_nova_compute.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============================== -Role - edpm_nova_compute -=============================== - -.. include:: - ../collections/osp/edpm/edpm_nova_compute_role.rst diff --git a/docs/source/roles/role-edpm_nova_libvirt.rst b/docs/source/roles/role-edpm_nova_libvirt.rst deleted file mode 100644 index 6574677f2..000000000 --- a/docs/source/roles/role-edpm_nova_libvirt.rst +++ /dev/null @@ -1,6 +0,0 @@ -=============================== -Role - edpm_nova_libvirt -=============================== - -.. include:: - ../collections/osp/edpm/edpm_nova_libvirt_role.rst diff --git a/roles/edpm_nova_compute/defaults/main.yml b/roles/edpm_nova_compute/defaults/main.yml deleted file mode 100644 index 53d84901c..000000000 --- a/roles/edpm_nova_compute/defaults/main.yml +++ /dev/null @@ -1,353 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "edpm_nova_compute" -edpm_service_net_map: "{{ service_net_map }}" -edpm_nova_compute_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -edpm_nova_compute_deploy_identifier: "{{ edpm_deploy_identifier | default('') }}" -edpm_nova_compute_hide_sensitive_logs: true -edpm_nova_compute_container_image: "quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified" # role specific -edpm_nova_compute_container_nova_libvirt_config_image: "{{ edpm_nova_libvirt_container_config_image | default(edpm_nova_compute_container_image) }}" -edpm_nova_compute_docker_ulimit: ['nofile=131072', 'memlock=67108864'] -edpm_nova_compute_logging_source: - tag: openstack.nova.compute - file: /var/log/containers/nova/nova-compute.log -edpm_nova_compute_ceph_config_path: "{{ edpm_ceph_config_path | default('/var/lib/edpm-config/ceph') }}" -edpm_nova_compute_ceph_client_user_name: "{{ edpm_ceph_client_user_name | default('openstack') }}" -edpm_nova_compute_enable_internal_tls: "{{ edpm_enable_internal_tls | default (false) }}" -edpm_nova_compute_use_tls_transport_for_live_migration: "{{ edpm_use_tls_transport_for_live_migration | default(true) }}" -edpm_nova_compute_instance_usage_audit: false -edpm_nova_compute_instance_usage_audit_period: hour -edpm_nova_compute_enable_rbd_backend: false # role specific -edpm_nova_compute_cinder_enable_rbd_backend: "{{ edpm_cinder_enable_rbd_backend | default(false) }}" -edpm_nova_compute_ceph_client_key: "{{ edpm_ceph_client_key | default('') }}" # sensitive data -edpm_nova_compute_ceph_cluster_fsid: "{{ edpm_ceph_cluster_fsid | default('') }}" -edpm_nova_compute_ceph_cluster_name: "{{ edpm_ceph_cluster_name | default('') }}" -edpm_nova_compute_cinder_rbd_multi_config: "{{ edpm_cinder_rbd_multi_config | default({}) }}" -edpm_nova_compute_type: kvm -edpm_nova_compute_monitoring_subscription: overcloud-nova-compute -edpm_nova_compute_migration_ssh_key: > - {{ edpm_migration_ssh_key | default({"public_key": "", "private_key": ""}) }} -edpm_nova_compute_migration_ssh_port: "{{ edpm_migration_ssh_port | default(2022) }}" -edpm_nova_compute_opt_volumes: [] # role specific -edpm_nova_compute_opt_env_vars: {} # role specific -edpm_nova_compute_rbd_disk_cachemodes: "{{ edpm_rbd_disk_cachemodes | default(['network=writeback']) }}" -edpm_nova_compute_startup_delay: 0 -edpm_nova_compute_enable_instance_ha: false -edpm_nova_compute_rbd_pool_name: vms # role specific -edpm_nova_compute_cinder_enable_nfs_backend: false -edpm_nova_compute_mkisofs_cmd: mkisofs # role specific -edpm_nova_compute_nfs_enabled: false # role specific -edpm_nova_compute_nfs_share: "" # role specific -edpm_nova_compute_nfs_options: "context=system_u:object_r:nfs_t:s0" # role specific -edpm_nova_compute_nfs_version: "4.2" # role specific -edpm_nova_compute_force_raw_images: true # role specific -edpm_nova_compute_use_cow_images: true # role specific -edpm_nova_compute_libvirt_pre_allocate_images: "none" # role specific -edpm_nova_compute_image_cache_manager_interval: 2400 # role specific -edpm_nova_compute_image_cache_remove_unused_base_images: true # role specific -edpm_nova_compute_image_cache_remove_unused_resized_minimum_age: 3600 # role specific -edpm_nova_compute_image_cache_precache_concurrency: 1 # role specific -# NOTE(bogdando): it defaults to '' in t-h-t, use str2dict? -edpm_nova_compute_pci_passthrough: {} # role specific -edpm_nova_compute_cpu_shared_set: [] # role specific -edpm_nova_compute_cpu_dedicated_set: [] # role specific -edpm_nova_compute_reserved_host_memory: 4096 # role specific -edpm_nova_compute_reserved_huge_pages: [] -edpm_nova_compute_kernel_args: "{{ edpm_kernel_args | default('') }}" # role specific -edpm_nova_compute_ovs_dpdk_socket_memory: "{{ edpm_ovs_dpdk_socket_memory | default('') }}" # role specific -edpm_nova_compute_verify_glance_signatures: false -edpm_nova_compute_auto_disabling: 10 -edpm_nova_compute_neutron_physnet_numa_nodes_mapping: {} # role specific -edpm_nova_compute_neutron_tunnel_numa_nodes: [] # role specific -edpm_nova_compute_resume_guests_state_on_host_boot: false # role specific -edpm_nova_compute_rx_queue_size: 512 # role specific -edpm_nova_compute_tx_queue_size: 512 # role specific -edpm_nova_compute_file_backed_memory: 0 # role specific -edpm_nova_compute_volume_use_multipath: false # role specific -edpm_nova_compute_hw_machine_type: "x86_64=q35" # role specific -edpm_nova_compute_additional_cell: false -edpm_nova_compute_cinder_password: "{{ edpm_cinder_password | default('') }}" # sensitive, assert not empty -edpm_nova_compute_keystone_region: regionOne -edpm_nova_compute_num_pcie_ports: 16 # role specific -edpm_nova_compute_mem_stats_period_seconds: 10 # role specific -edpm_nova_compute_live_migration_wait_for_vif_plug: true # role specific -edpm_nova_compute_live_migration_permit_post_copy: true # role specific -edpm_nova_compute_live_migration_permit_auto_converge: true # role specific -edpm_nova_compute_multipathd_enable: "{{ edpm_multipathd_enable | default(false) }}" # role specific -edpm_nova_compute_cpu_allocation_ratio: 0.0 # role specific -edpm_nova_compute_ram_allocation_ratio: 1.0 # role specific -edpm_nova_compute_disk_allocation_ratio: 0.0 # role specific -edpm_nova_compute_enable_vtpm: false # role specific -edpm_nova_compute_max_disk_devices_to_attach: -1 # role specific -edpm_nova_compute_mdev_types: {} # role specific -edpm_nova_compute_image_cache_ttl: 86400 # role specific -edpm_nova_compute_disable_irq_balance: false # role specific -edpm_nova_compute_cpu_mode: host-model # role specific -edpm_nova_compute_cpu_models: [] # role specific -edpm_nova_compute_cpu_model_extra_flags: "" # role specific -edpm_nova_compute_disable_image_download_to_rbd: false # role specific -edpm_nova_compute_disable_compute_service_check_for_ffu: false -edpm_nova_compute_statedir_ownership_skip: ["triliovault-mounts"] -edpm_nova_compute_image_type_exclude_list: [] # role specific -edpm_nova_compute_libvirt_max_queues: 0 # role specific -edpm_nova_compute_glance_rbd_pool_name: "{{ edpm_glance_rbd_pool_name | default('images') }}" -edpm_nova_compute_glance_multistore_config: "{{ edpm_glance_multistore_config | default({}) }}" -edpm_nova_compute_glance_enable_rbd_download: false # role specific -edpm_nova_compute_glance_rbd_download_multistore_id: "" # role specific -edpm_nova_compute_glance_backend_id: "{{ edpm_glance_backend_id | default('default_backend') }}" # role specific -edpm_nova_compute_glance_rbd_copy_poll_interval: 15 # role specific -edpm_nova_compute_glance_rbd_copy_timeout: 600 # role specific -edpm_nova_compute_custom_provider_inventories: {} # role specific -edpm_nova_compute_vcpu_pin_set: [] # role specific, DEPRECATED -edpm_nova_compute_vgpu_types_device_addresses_mapping: {} # role specific, DEPRECATED -edpm_nova_compute_root_stack_name: "{{ edpm_root_stack_name | default('') }}" # assert not empty -edpm_nova_compute_auth_cloud_name: "{{ edpm_auth_cloud_name | default('') }}" # assert not empty -edpm_nova_compute_libvirt_manage_libvirt_services: false - -edpm_nova_compute_common_volumes: "{{ edpm_container_standalone_common_volumes }}" - -edpm_nova_compute_config_use_ansible: true -edpm_nova_compute_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt - -edpm_nova_compute_volumes: - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - "{{ edpm_nova_compute_config_dir }}:/var/lib/kolla/config_files/src:ro" - - "{{ edpm_iscsid_config_volume }}:/var/lib/kolla/config_files/src-iscsid:ro" - - "{{ edpm_nova_compute_ceph_config_path }}:/var/lib/kolla/config_files/src-ceph:ro" - - /dev:/dev - - /lib/modules:/lib/modules:ro - - /run:/run - - /var/lib/iscsi:/var/lib/iscsi:z - - /var/lib/libvirt:/var/lib/libvirt:shared - - /sys/class/net:/sys/class/net - - /sys/bus/pci:/sys/bus/pci - - /boot:/boot:ro - - /var/lib/nova:/var/lib/nova:shared - -edpm_nova_compute_logging_volumes: - - /var/log/containers/nova:/var/log/nova:z - -edpm_nova_compute_environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - -edpm_nova_compute_logging_environment: {} - -edpm_nova_compute_DEFAULT_compute_driver: libvirt.LibvirtDriver -edpm_nova_compute_DEFAULT_dhcp_domain: '' -edpm_nova_compute_DEFAULT_force_config_drive: true -edpm_nova_compute_DEFAULT_host: '{{ ansible_facts["nodename"] }}' -edpm_nova_compute_DEFAULT_log_dir: /var/log/nova -edpm_nova_compute_DEFAULT_my_ip: '{{ hostvars[inventory_hostname][edpm_service_net_map["nova_api_network"] ~ "_ip"] }}' -edpm_nova_compute_DEFAULT_preallocate_images: none -edpm_nova_compute_DEFAULT_report_interval: 10 -edpm_nova_compute_DEFAULT_rootwrap_config: /etc/nova/rootwrap.conf -edpm_nova_compute_DEFAULT_rpc_response_timeout: 60 -edpm_nova_compute_DEFAULT_service_down_time: 60 -edpm_nova_compute_DEFAULT_ssl_only: false -edpm_nova_compute_DEFAULT_state_path: /var/lib/nova -edpm_nova_compute_DEFAULT_sync_power_state_interval: 600 -edpm_nova_compute_DEFAULT_transport_url: '' -edpm_nova_compute_DEFAULT_vif_plugging_is_fatal: true -edpm_nova_compute_DEFAULT_vif_plugging_timeout: 300 -edpm_nova_compute_cinder_auth_type: v3password -edpm_nova_compute_cinder_auth_url: '' -edpm_nova_compute_cinder_catalog_info: volumev3:cinderv3:internalURL -edpm_nova_compute_cross_az_attach: true -edpm_nova_compute_cinder_project_domain_name: Default -edpm_nova_compute_cinder_project_name: service -edpm_nova_compute_cinder_user_domain_name: Default -edpm_nova_compute_cinder_username: cinder -edpm_nova_compute_compute_consecutive_build_service_disable_threshold: 10 -edpm_nova_compute_compute_cpu_dedicated_set: '' -edpm_nova_compute_compute_cpu_shared_set: '' -edpm_nova_compute_compute_live_migration_wait_for_vif_plug: true -edpm_nova_compute_compute_max_disk_devices_to_attach: '-1' -edpm_nova_compute_compute_provider_config_location: /etc/nova/provider_config -edpm_nova_compute_key_manager_backend: nova.keymgr.conf_key_mgr.ConfKeyManager -edpm_nova_compute_libvirt_enabled_perf_events: '' -edpm_nova_compute_libvirt_inject_key: false -edpm_nova_compute_libvirt_inject_partition: '-2' -edpm_nova_compute_libvirt_inject_password: false -edpm_nova_compute_libvirt_live_migration_inbound_addr: '{{ hostvars[inventory_hostname]["fqdn_" ~ edpm_service_net_map["nova_libvirt_network"]] }}' -edpm_nova_compute_libvirt_live_migration_permit_auto_converge: true -edpm_nova_compute_libvirt_live_migration_permit_post_copy: true -edpm_nova_compute_libvirt_live_migration_tunnelled: false -edpm_nova_compute_libvirt_live_migration_uri: 'qemu+ssh://nova_migration@s:2022/system?keyfile=/etc/nova/migration/identity' -edpm_nova_compute_libvirt_virt_type: qemu -edpm_nova_compute_neutron_default_floating_pool: public -edpm_nova_compute_neutron_extension_sync_interval: 600 -edpm_nova_compute_neutron_ovs_bridge: br-int -edpm_nova_compute_neutron_timeout: 30 -edpm_nova_compute_neutron_valid_interfaces: internal -edpm_nova_compute_notifications_notification_format: unversioned -edpm_nova_compute_notifications_notify_on_state_change: vm_and_task_state -edpm_nova_compute_oslo_concurrency_lock_path: /var/lib/nova/tmp -edpm_nova_compute_oslo_messaging_notifications_driver: noop -edpm_nova_compute_oslo_messaging_notifications_transport_url: '' -edpm_nova_compute_oslo_messaging_rabbit_heartbeat_timeout_threshold: 60 -edpm_nova_compute_oslo_messaging_rabbit_ssl: false -edpm_nova_compute_oslo_policy_enforce_new_defaults: false -edpm_nova_compute_oslo_policy_enforce_scope: false -edpm_nova_compute_oslo_policy_policy_file: /etc/nova/policy.yaml -edpm_nova_compute_placement_api_interface: internal -edpm_nova_compute_spice_enabled: false -edpm_nova_compute_vendordata_dynamic_auth_project_domain_name: Default -edpm_nova_compute_vendordata_dynamic_auth_user_domain_name: Default -edpm_nova_compute_vif_plug_ovs_ovsdb_connection: '' -edpm_nova_compute_vnc_enabled: true -edpm_nova_compute_vncproxy_host: '' # EndpointMap, NovaPublic, host_nobrackets -edpm_nova_compute_vnc_server_listen: '{{ hostvars[inventory_hostname][edpm_service_net_map["nova_libvirt_network"] ~ "_ip"] }}' -edpm_nova_compute_vncserver_proxyclient_address: '{{ hostvars[inventory_hostname][edpm_service_net_map["nova_libvirt_network"] ~ "_ip"] }}' - -# TODO(bogdando): wire-in into aansible config templates -# from t-h-t hiera mappings, and/or user-provided config snippets -edpm_nova_compute_rbd_libvirt_images_rbd_ceph_conf: /etc/ceph/ + {{ edpm_nova_compute_ceph_cluster_name }} + .conf -edpm_nova_compute_rbd_rbd_keyring: client. + {{ edpm_nova_compute_ceph_client_user_name }} -edpm_nova_compute_libvirt_migration_support: false -edpm_nova_compute_migration_client_enabled: true -edpm_nova_compute_migration_client_ssh_private_key: '' # MigrationSshKey, private_key -# False, if is realtime set, or comes from RoleParametersValue nova_permit_auto_converge/nova_permit_post_copy -edpm_nova_compute_migration_libvirt_live_migration_permit_auto_converge: false -edpm_nova_compute_migration_libvirt_live_migration_permit_post_copy: false -edpm_nova_compute_migration_libvirt_live_migration_tunnelled: false -# from ceph multi-store config, set it via facts and jinja, -# or use direct inputs from user/tht -edpm_nova_compute_glance_rbd_ceph_conf: {} -edpm_nova_compute_glance_rbd_user: {} -# from t-h-t EndpointMap, NovaVNCProxyCellPublic, host_nobrackets/port/protocol -# or use direct inputs from user/tht -edpm_nova_compute_vncproxy_common_vncproxy_host: '' -edpm_nova_compute_vncproxy_common_vncproxy_port: '' -edpm_nova_compute_vncproxy_common_vncproxy_protocol: '' - -edpm_nova_compute_config: - DEFAULT: - compute_driver: '{{ edpm_nova_compute_DEFAULT_compute_driver }}' - cpu_allocation_ratio: '{{ edpm_nova_compute_cpu_allocation_ratio }}' - debug: '{{ edpm_nova_compute_debug }}' - dhcp_domain: '{{ edpm_nova_compute_DEFAULT_dhcp_domain }}' - disk_allocation_ratio: '{{ edpm_nova_compute_disk_allocation_ratio }}' - force_config_drive: '{{ edpm_nova_compute_DEFAULT_force_config_drive }}' - force_raw_images: '{{ edpm_nova_compute_force_raw_images }}' - host: '{{ edpm_nova_compute_DEFAULT_host }}' - log_dir: '{{ edpm_nova_compute_DEFAULT_log_dir }}' - mkisofs_cmd: '{{ edpm_nova_compute_mkisofs_cmd }}' - my_ip: '{{ edpm_nova_compute_DEFAULT_my_ip }}' - preallocate_images: '{{ edpm_nova_compute_DEFAULT_preallocate_images }}' - ram_allocation_ratio: '{{ edpm_nova_compute_ram_allocation_ratio }}' - report_interval: '{{ edpm_nova_compute_DEFAULT_report_interval }}' - reserved_host_memory_mb: '{{ edpm_nova_compute_reserved_host_memory }}' - resume_guests_state_on_host_boot: '{{ edpm_nova_compute_resume_guests_state_on_host_boot }}' - rootwrap_config: '{{ edpm_nova_compute_DEFAULT_rootwrap_config }}' - rpc_response_timeout: '{{ edpm_nova_compute_DEFAULT_rpc_response_timeout }}' - service_down_time: '{{ edpm_nova_compute_DEFAULT_service_down_time }}' - ssl_only: '{{ edpm_nova_compute_DEFAULT_ssl_only }}' - state_path: '{{ edpm_nova_compute_DEFAULT_state_path }}' - sync_power_state_interval: '{{ edpm_nova_compute_DEFAULT_sync_power_state_interval }}' - transport_url: '{{ edpm_nova_compute_DEFAULT_transport_url }}' - use_cow_images: '{{ edpm_nova_compute_use_cow_images }}' - vif_plugging_is_fatal: '{{ edpm_nova_compute_DEFAULT_vif_plugging_is_fatal }}' - vif_plugging_timeout: '{{ edpm_nova_compute_DEFAULT_vif_plugging_timeout }}' - cinder: - auth_type: '{{ edpm_nova_compute_cinder_auth_type }}' - auth_url: '{{ edpm_nova_compute_cinder_auth_url }}' - catalog_info: '{{ edpm_nova_compute_cinder_catalog_info }}' - cross_az_attach: '{{ edpm_nova_compute_cross_az_attach }}' - os_region_name: '{{ edpm_nova_compute_keystone_region }}' - password: '{{ edpm_nova_compute_cinder_password }}' - project_domain_name: '{{ edpm_nova_compute_cinder_project_domain_name }}' - project_name: '{{ edpm_nova_compute_cinder_project_name }}' - user_domain_name: '{{ edpm_nova_compute_cinder_user_domain_name }}' - username: '{{ edpm_nova_compute_cinder_username }}' - compute: - consecutive_build_service_disable_threshold: '{{ edpm_nova_compute_compute_consecutive_build_service_disable_threshold }}' - cpu_dedicated_set: '{{ edpm_nova_compute_compute_cpu_dedicated_set }}' - cpu_shared_set: '{{ edpm_nova_compute_compute_cpu_shared_set }}' - live_migration_wait_for_vif_plug: '{{ edpm_nova_compute_compute_live_migration_wait_for_vif_plug }}' - max_disk_devices_to_attach: '{{ edpm_nova_compute_compute_max_disk_devices_to_attach }}' - provider_config_location: '{{ edpm_nova_compute_compute_provider_config_location }}' - image_cache: - manager_interval: '{{ edpm_nova_compute_image_cache_manager_interval }}' - precache_concurrency: '{{ edpm_nova_compute_image_cache_precache_concurrency }}' - remove_unused_base_images: '{{ edpm_nova_compute_image_cache_remove_unused_base_images }}' - remove_unused_original_minimum_age_seconds: '{{ edpm_nova_compute_image_cache_ttl }}' - remove_unused_resized_minimum_age_seconds: '{{ edpm_nova_compute_image_cache_remove_unused_resized_minimum_age }}' - key_manager: - backend: '{{ edpm_nova_compute_key_manager_backend }}' - libvirt: - cpu_mode: '{{ edpm_nova_compute_cpu_mode }}' - cpu_model_extra_flags: '{{ edpm_nova_compute_cpu_model_extra_flags }}' - enabled_perf_events: '{{ edpm_nova_compute_libvirt_enabled_perf_events }}' - file_backed_memory: '{{ edpm_nova_compute_file_backed_memory }}' - hw_machine_type: '{{ edpm_nova_compute_hw_machine_type }}' - inject_key: '{{ edpm_nova_compute_libvirt_inject_key }}' - inject_partition: '{{ edpm_nova_compute_libvirt_inject_partition }}' - inject_password: '{{ edpm_nova_compute_libvirt_inject_password }}' - live_migration_inbound_addr: '{{ edpm_nova_compute_libvirt_live_migration_inbound_addr }}' - live_migration_permit_auto_converge: '{{ edpm_nova_compute_libvirt_live_migration_permit_auto_converge }}' - live_migration_permit_post_copy: '{{ edpm_nova_compute_libvirt_live_migration_permit_post_copy }}' - live_migration_tunnelled: '{{ edpm_nova_compute_libvirt_live_migration_tunnelled }}' - live_migration_uri: '{{ edpm_nova_compute_libvirt_live_migration_uri }}' - mem_stats_period_seconds: '{{ edpm_nova_compute_mem_stats_period_seconds }}' - num_pcie_ports: '{{ edpm_nova_compute_num_pcie_ports }}' - rx_queue_size: '{{ edpm_nova_compute_rx_queue_size }}' - swtpm_enabled: '{{ edpm_nova_compute_enable_vtpm }}' - tx_queue_size: '{{ edpm_nova_compute_tx_queue_size }}' - virt_type: '{{ edpm_nova_compute_libvirt_virt_type }}' - volume_use_multipath: '{{ edpm_nova_compute_volume_use_multipath }}' - neutron: - default_floating_pool: '{{ edpm_nova_compute_neutron_default_floating_pool }}' - extension_sync_interval: '{{ edpm_nova_compute_neutron_extension_sync_interval }}' - ovs_bridge: '{{ edpm_nova_compute_neutron_ovs_bridge }}' - timeout: '{{ edpm_nova_compute_neutron_timeout }}' - valid_interfaces: '{{ edpm_nova_compute_neutron_valid_interfaces }}' - notifications: - notification_format: '{{ edpm_nova_compute_notifications_notification_format }}' - notify_on_state_change: '{{ edpm_nova_compute_notifications_notify_on_state_change }}' - oslo_concurrency: - lock_path: '{{ edpm_nova_compute_oslo_concurrency_lock_path }}' - oslo_messaging_notifications: - driver: '{{ edpm_nova_compute_oslo_messaging_notifications_driver }}' - transport_url: '{{ edpm_nova_compute_oslo_messaging_notifications_transport_url }}' - oslo_messaging_rabbit: - heartbeat_timeout_threshold: '{{ edpm_nova_compute_oslo_messaging_rabbit_heartbeat_timeout_threshold }}' - ssl: '{{ edpm_nova_compute_oslo_messaging_rabbit_ssl }}' - oslo_policy: - enforce_new_defaults: '{{ edpm_nova_compute_oslo_policy_enforce_new_defaults }}' - enforce_scope: '{{ edpm_nova_compute_oslo_policy_enforce_scope }}' - policy_file: '{{ edpm_nova_compute_oslo_policy_policy_file }}' - spice: - enabled: '{{ edpm_nova_compute_spice_enabled }}' - vendordata_dynamic_auth: - project_domain_name: '{{ edpm_nova_compute_vendordata_dynamic_auth_project_domain_name }}' - user_domain_name: '{{ edpm_nova_compute_vendordata_dynamic_auth_user_domain_name }}' - vif_plug_ovs: - ovsdb_connection: '{{ edpm_nova_compute_vif_plug_ovs_ovsdb_connection }}' - vnc: - enabled: '{{ edpm_nova_compute_vnc_enabled }}' - novncproxy_base_url: '{{ edpm_nova_compute_vncproxy_host }}' - server_listen: '{{ edpm_nova_compute_vnc_server_listen }}' - server_proxyclient_address: '{{ edpm_nova_compute_vncserver_proxyclient_address }}' - workarounds: - disable_compute_service_check_for_ffu: '{{ edpm_nova_compute_disable_compute_service_check_for_ffu }}' - never_download_image_if_on_rbd: '{{ edpm_nova_compute_disable_image_download_to_rbd }}' - -edpm_nova_compute_config_overrides: {} diff --git a/roles/edpm_nova_compute/files/check-run-nova-compute b/roles/edpm_nova_compute/files/check-run-nova-compute deleted file mode 100644 index be5c8b2fb..000000000 --- a/roles/edpm_nova_compute/files/check-run-nova-compute +++ /dev/null @@ -1,168 +0,0 @@ -#!/usr/bin/env python - -import os -import sys -import time -import inspect -import logging -import argparse -import oslo_config.cfg -import requests.exceptions - -def is_forced_down(connection, hostname): - services = connection.services.list(host=hostname, binary="nova-compute") - for service in services: - if service.forced_down: - return True - return False - -def evacuations_done(connection, hostname): - # Get a list of migrations. - # :param host: (optional) filter migrations by host name. - # :param status: (optional) filter migrations by status. - # :param cell_name: (optional) filter migrations for a cell. - # - migrations = connection.migrations.list(host=hostname) - - print("Checking %d migrations" % len(migrations)) - for migration in migrations: - # print migration.to_dict() - # - # { - # u'status': u'error', - # u'dest_host': None, - # u'new_instance_type_id': 2, - # u'old_instance_type_id': 2, - # u'updated_at': u'2018-04-22T20:55:29.000000', - # u'dest_compute': - # u'overcloud-novacompute-2.localdomain', - # u'migration_type': u'live-migration', - # u'source_node': - # u'overcloud-novacompute-0.localdomain', - # u'id': 8, - # u'created_at': u'2018-04-22T20:52:58.000000', - # u'instance_uuid': - # u'd1c82ce8-3dc5-48db-b59f-854b3b984ef1', - # u'dest_node': - # u'overcloud-novacompute-2.localdomain', - # u'source_compute': - # u'overcloud-novacompute-0.localdomain' - # } - # Acceptable: done, completed, failed - if migration.status in ["running", "accepted", "pre-migrating"]: - return False - return True - -def safe_to_start(connection, hostname): - if is_forced_down(connection, hostname): - print("Waiting for fence-down flag to be cleared") - return False - if not evacuations_done(connection, hostname): - print("Waiting for evacuations to complete or fail") - return False - return True - -def create_nova_connection(options): - try: - from novaclient import client - from novaclient.exceptions import NotAcceptable - except ImportError: - print("Nova not found or not accessible") - sys.exit(1) - - from keystoneauth1 import loading - from keystoneauth1 import session - - # Prefer the oldest and strip the leading 'v' - kwargs = dict( - auth_url=options["auth_url"][0], - username=options["username"][0], - password=options["password"][0], - project_name=options["project_name"][0], - user_domain_name=options["user_domain_name"][0], - project_domain_name=options["project_domain_name"][0], - ) - - loader = loading.get_plugin_loader('password') - keystone_auth = loader.load_from_options(**kwargs) - keystone_session = session.Session(auth=keystone_auth, verify=(not options["insecure"])) - - nova_endpoint_type = 'internalURL' - # We default to internalURL but we allow this to be overridden via - # the [placement]/os_interface key. - if 'os_interface' in options and len(options["os_interface"]) == 1: - nova_endpoint_type = options["os_interface"][0] - # Via https://review.opendev.org/#/c/492247/ os_interface has been deprecated in queens - # and we need to use 'valid_interfaces' which is a: - # "List of interfaces, in order of preference, for endpoint URL. (list value)" - # Since it is not explicitely set in nova.conf we still keep the check for os_interface - elif 'valid_interfaces' in options and len(options["valid_interfaces"]) >= 1: - nova_endpoint_type = options["valid_interfaces"][0] - - # This mimicks the code in novaclient/shell.py - if nova_endpoint_type in ['internal', 'public', 'admin']: - nova_endpoint_type += 'URL' - - if 'region_name' in options: - region = options['region_name'][0] - elif 'os_region_name' in options: - region = options['os_region_name'][0] - else: # We actually try to make a client call even with an empty region - region = None - nova_versions = [ "2.23", "2" ] - for version in nova_versions: - nova = client.Client(version, - region_name=region, - session=keystone_session, auth=keystone_auth, - http_log_debug="verbose" in options, - endpoint_type=nova_endpoint_type) - - try: - nova.hypervisors.list() - return nova - - except NotAcceptable as e: - logging.warning(e) - - except Exception as e: - logging.warning("Nova connection failed. %s: %s" % (e.__class__.__name__, e)) - - print("Couldn't obtain a supported connection to nova, tried: %s\n" % repr(nova_versions)) - return None - - -parser = argparse.ArgumentParser(description='Process some integers.') -parser.add_argument('--config-file', dest='nova_config', action='store', - default="/etc/nova/nova.conf", - help='path to nova configuration (default: /etc/nova/nova.conf)') -parser.add_argument('--nova-binary', dest='nova_binary', action='store', - default="/usr/bin/nova-compute", - help='path to nova compute binary (default: /usr/bin/nova-compute)') -parser.add_argument('--enable-file', dest='enable_file', action='store', - default="/var/lib/nova/instanceha/enabled", - help='file exists if instance HA is enabled on this host '\ - '(default: /var/lib/nova/instanceha/enabled)') - - -sections = {} -(args, remaining) = parser.parse_known_args(sys.argv) - -config = oslo_config.cfg.ConfigParser(args.nova_config, sections) -config.parse() -config.sections["placement"]["insecure"] = 0 -config.sections["placement"]["verbose"] = 1 - -if os.path.isfile(args.enable_file): - connection = None - while not connection: - # Loop in case the control plane is recovering when we run - connection = create_nova_connection(config.sections["placement"]) - if not connection: - time.sleep(10) - - while not safe_to_start(connection, config.sections["DEFAULT"]["host"][0]): - time.sleep(10) - -real_args = [args.nova_binary, '--config-file', args.nova_config] -real_args.extend(remaining[1:]) -os.execv(args.nova_binary, real_args) diff --git a/roles/edpm_nova_compute/files/delay-nova-compute b/roles/edpm_nova_compute/files/delay-nova-compute deleted file mode 100644 index c7d226a6e..000000000 --- a/roles/edpm_nova_compute/files/delay-nova-compute +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/libexec/platform-python -""" -This wrapper was created to add an optional delay to the startup of nova-compute. -We know that instances will fail to boot, after a compute reboot, if ceph is not -healthy. - -Ideally, we would poll ceph to get its health, but it's not guaranteed that the -compute node will have access to the keys. -""" - -import os -import sys -import time -import logging -import argparse - -parser = argparse.ArgumentParser(description='Process some integers.') -parser.add_argument('--config-file', dest='nova_config', action='store', - default="/etc/nova/nova.conf", - help='path to nova configuration (default: /etc/nova/nova.conf)') -parser.add_argument('--nova-binary', dest='nova_binary', action='store', - default="/usr/bin/nova-compute", - help='path to nova compute binary (default: /usr/bin/nova-compute)') -parser.add_argument('--delay', dest='delay', action='store', - default=120, type=int, - help='Number of seconds to wait until nova-compute is started') -parser.add_argument('--state-file', dest='state_file', action='store', - default="/run/nova-compute-delayed", - help='file exists if we already delayed nova-compute startup'\ - '(default: /run/nova-compute-delayed)') - - -sections = {} -(args, remaining) = parser.parse_known_args(sys.argv) - -real_args = [args.nova_binary, '--config-file', args.nova_config] -real_args.extend(remaining[1:]) - -if not os.path.isfile(args.state_file): - logging.info("Delaying nova-compute startup by %s seconds" % args.delay) - time.sleep(args.delay) - open(args.state_file, 'a').close() - -logging.info("Executing %s" % real_args) -os.execv(args.nova_binary, real_args) diff --git a/roles/edpm_nova_compute/files/nova_statedir_ownership.py b/roles/edpm_nova_compute/files/nova_statedir_ownership.py deleted file mode 100644 index 727822eb7..000000000 --- a/roles/edpm_nova_compute/files/nova_statedir_ownership.py +++ /dev/null @@ -1,247 +0,0 @@ -#!/usr/bin/env python -# -# Copyright 2018 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -import logging -import os -import pwd -import selinux -import stat -import sys - -debug = os.getenv('__OS_DEBUG', 'false') - -if debug.lower() == 'true': - loglevel = logging.DEBUG -else: - loglevel = logging.INFO - -logging.basicConfig(stream=sys.stdout, level=loglevel) -LOG = logging.getLogger('nova_statedir') - - -class PathManager(object): - """Helper class to manipulate ownership of a given path""" - def __init__(self, path): - self.path = path - self.uid = None - self.gid = None - self.is_dir = None - self.secontext = None - self._update() - - def _update(self): - try: - statinfo = os.stat(self.path) - self.is_dir = stat.S_ISDIR(statinfo.st_mode) - self.uid = statinfo.st_uid - self.gid = statinfo.st_gid - self.secontext = selinux.lgetfilecon(self.path)[1] - except Exception: - LOG.exception('Could not update metadata for %s', self.path) - raise - - def __str__(self): - return "uid: {} gid: {} path: {}{}".format( - self.uid, - self.gid, - self.path, - '/' if self.is_dir else '' - ) - - def has_owner(self, uid, gid): - return self.uid == uid and self.gid == gid - - def has_either(self, uid, gid): - return self.uid == uid or self.gid == gid - - def chown(self, uid, gid): - target_uid = -1 - target_gid = -1 - if self.uid != uid: - target_uid = uid - if self.gid != gid: - target_gid = gid - if (target_uid, target_gid) != (-1, -1): - LOG.info('Changing ownership of %s from %d:%d to %d:%d', - self.path, - self.uid, - self.gid, - self.uid if target_uid == -1 else target_uid, - self.gid if target_gid == -1 else target_gid) - try: - os.chown(self.path, target_uid, target_gid) - self._update() - except Exception: - LOG.exception('Could not change ownership of %s: ', - self.path) - raise - else: - LOG.info('Ownership of %s already %d:%d', - self.path, - uid, - gid) - - def chcon(self, context): - # If dir returns whether to recusively set context - try: - try: - selinux.lsetfilecon(self.path, context) - LOG.info('Setting selinux context of %s to %s', - self.path, context) - return True - except OSError as e: - if self.is_dir and e.errno == 95: - # Operation not supported, assume NFS mount and skip - LOG.info('Setting selinux context not supported for %s', - self.path) - return False - else: - raise - except Exception: - LOG.exception('Could not set selinux context of %s to %s:', - self.path, context) - raise - - -class NovaStatedirOwnershipManager(object): - """Class to manipulate the ownership of the nova statedir (/var/lib/nova). - - The nova uid/gid differ on the host and container images. An upgrade - that switches from host systemd services to docker requires a change in - ownership. Previously this was a naive recursive chown, however this - causes issues if nova instance are shared via an NFS mount: any open - filehandles in qemu/libvirt fail with an I/O error (LP1778465). - - Instead the upgrade/FFU ansible tasks now lay down a marker file when - stopping and disabling the host systemd services. We use this file to - determine the host nova uid/gid. We then walk the tree and update any - files that have the host uid/gid to the docker nova uid/gid. As files - owned by root/qemu etc... are ignored this avoids the issues with open - filehandles. The marker is removed once the tree has been walked. - - For subsequent runs, or for a new deployment, we simply ensure that the - docker nova user/group owns all directories. This is required as the - directories are created with root ownership in host_prep_tasks (the - docker nova uid/gid is not known in this context). - """ - def __init__(self, statedir, upgrade_marker='upgrade_marker', - nova_user='nova', secontext_marker='../_nova_secontext', - exclude_paths=None): - self.statedir = statedir - self.nova_user = nova_user - - self.upgrade_marker_path = os.path.join(statedir, upgrade_marker) - self.secontext_marker_path = os.path.normpath(os.path.join(statedir, secontext_marker)) - self.upgrade = os.path.exists(self.upgrade_marker_path) - - self.exclude_paths = [self.upgrade_marker_path] - if exclude_paths is not None: - for p in exclude_paths: - if not p.startswith(os.path.sep): - p = os.path.join(self.statedir, p) - self.exclude_paths.append(p) - - self.target_uid, self.target_gid = self._get_nova_ids() - self.previous_uid, self.previous_gid = self._get_previous_nova_ids() - self.id_change = (self.target_uid, self.target_gid) != \ - (self.previous_uid, self.previous_gid) - self.target_secontext = self._get_secontext() - - def _get_nova_ids(self): - nova_uid, nova_gid = pwd.getpwnam(self.nova_user)[2:4] - return nova_uid, nova_gid - - def _get_previous_nova_ids(self): - if self.upgrade: - statinfo = os.stat(self.upgrade_marker_path) - return statinfo.st_uid, statinfo.st_gid - else: - return self._get_nova_ids() - - def _get_secontext(self): - if os.path.exists(self.secontext_marker_path): - return selinux.lgetfilecon(self.secontext_marker_path)[1] - else: - return None - - def _walk(self, top, chcon=True): - for f in os.listdir(top): - pathname = os.path.join(top, f) - - if pathname in self.exclude_paths: - continue - - try: - pathinfo = PathManager(pathname) - LOG.info("Checking %s", pathinfo) - if pathinfo.is_dir: - # Always chown the directories - pathinfo.chown(self.target_uid, self.target_gid) - chcon_r = chcon - if chcon: - chcon_r = pathinfo.chcon(self.target_secontext) - self._walk(pathname, chcon_r) - elif self.id_change: - # Only chown files if it's an upgrade and the file is owned by - # the host nova uid/gid - pathinfo.chown( - self.target_uid if pathinfo.uid == self.previous_uid - else pathinfo.uid, - self.target_gid if pathinfo.gid == self.previous_gid - else pathinfo.gid - ) - if chcon: - pathinfo.chcon(self.target_secontext) - except Exception: - # Likely to have been caused by external systems - # interacting with this directory tree, - # especially on NFS e.g snapshot dirs. - # Just ignore it and continue on to the next entry - continue - - def run(self): - LOG.info('Applying nova statedir ownership') - LOG.info('Target ownership for %s: %d:%d', - self.statedir, - self.target_uid, - self.target_gid) - - pathinfo = PathManager(self.statedir) - LOG.info("Checking %s", pathinfo) - pathinfo.chown(self.target_uid, self.target_gid) - chcon = self.target_secontext is not None - - if chcon: - pathinfo.chcon(self.target_secontext) - - self._walk(self.statedir, chcon) - - if self.upgrade: - LOG.info('Removing upgrade_marker %s', - self.upgrade_marker_path) - os.unlink(self.upgrade_marker_path) - - LOG.info('Nova statedir ownership complete') - - -def get_exclude_paths(): - exclude_paths = os.environ.get('NOVA_STATEDIR_OWNERSHIP_SKIP') - if exclude_paths is not None: - exclude_paths = exclude_paths.split(os.pathsep) - return exclude_paths - - -if __name__ == '__main__': - NovaStatedirOwnershipManager('/var/lib/nova', exclude_paths=get_exclude_paths()).run() diff --git a/roles/edpm_nova_compute/files/nova_wait_for_compute_service.yaml b/roles/edpm_nova_compute/files/nova_wait_for_compute_service.yaml deleted file mode 100644 index bad736335..000000000 --- a/roles/edpm_nova_compute/files/nova_wait_for_compute_service.yaml +++ /dev/null @@ -1,10 +0,0 @@ -command: python3 /container-config-scripts/nova_wait_for_compute_service.py -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true -permissions: - - path: /var/log/nova - owner: nova:nova - recurse: true diff --git a/roles/edpm_nova_compute/files/tests/test_nova_statedir_ownership.py b/roles/edpm_nova_compute/files/tests/test_nova_statedir_ownership.py deleted file mode 100644 index 7affa0b09..000000000 --- a/roles/edpm_nova_compute/files/tests/test_nova_statedir_ownership.py +++ /dev/null @@ -1,422 +0,0 @@ -# -# Copyright 2018 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from unittest import mock - -import contextlib -import os -from os import stat as orig_stat -import stat -import sys - -from oslotest import base - - -class FakeSelinux(object): - @staticmethod - def lgetfilecon(path): - pass - - @staticmethod - def lsetfilecon(path, context): - pass - - -sys.modules["selinux"] = FakeSelinux - -from container_config_scripts.nova_statedir_ownership import get_exclude_paths # noqa: E402 -from container_config_scripts.nova_statedir_ownership import \ - NovaStatedirOwnershipManager # noqa: E402 -from container_config_scripts.nova_statedir_ownership import PathManager # noqa: E402 - -# Real chown would require root, so in order to test this we need to fake -# all of the methods that interact with the filesystem - -current_uid = 100 -current_gid = 100 - - -class FakeStatInfo(object): - def __init__(self, st_mode, st_uid, st_gid): - self.st_mode = st_mode - self.st_uid = st_uid - self.st_gid = st_gid - - def get_ids(self): - return (self.st_uid, self.st_gid) - - -def generate_testtree1(nova_uid, nova_gid): - return { - '/var/lib/nova': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - }, - '/var/lib/_nova_secontext': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - }, - - '/var/lib/nova/instances': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - }, - '/var/lib/nova/instances/removeddir': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'listdir' - }, - '/var/lib/nova/instances/removedfile': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'lgetfilecon' - }, - '/var/lib/nova/instances/removedfile2': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'lsetfilecon' - }, - '/var/lib/nova/instances/removedfile3': { - 'nfs': False, - 'removed_when': 'stat' - }, - - '/var/lib/nova/instances/removeddir2': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': False, - 'removed_when': 'lsetfilecon' - }, - '/var/lib/nova/instances/foo': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/bar': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=0), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/baz': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/removeddir': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=nova_uid, - st_gid=nova_gid), - 'nfs': True, - 'removed_when': 'listdir' - }, - '/var/lib/nova/instances/foo/removeddir2': { - 'stat': FakeStatInfo(st_mode=stat.S_IFDIR, - st_uid=0, - st_gid=nova_gid), - 'nfs': True, - 'removed_when': 'chown' - }, - '/var/lib/nova/instances/foo/abc': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=0, - st_gid=nova_gid), - 'nfs': True, - }, - '/var/lib/nova/instances/foo/def': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=nova_uid, - st_gid=0), - 'nfs': True, - }, - } - - -def generate_testtree2(marker_uid, marker_gid, *args, **kwargs): - tree = generate_testtree1(*args, **kwargs) - tree.update({ - '/var/lib/nova/upgrade_marker': { - 'stat': FakeStatInfo(st_mode=stat.S_IFREG, - st_uid=marker_uid, - st_gid=marker_gid), - 'nfs': False, - } - }) - return tree - - -def check_removed(path, op, testtree): - if op == testtree.get(path, {}).get('removed_when', ''): - raise OSError(2, 'No such file or directory: ' + path) - - -def generate_fake_stat(testtree): - def fake_stat(path): - check_removed(path, 'stat', testtree) - if path.startswith('/var'): - return testtree.get(path, {}).get('stat') - else: - # Tracebacks need to use the real stat - return orig_stat(path) - return fake_stat - - -def generate_fake_chown(testtree): - def fake_chown(path, uid, gid): - check_removed(path, 'chown', testtree) - if uid != -1: - testtree[path]['stat'].st_uid = uid - if gid != -1: - testtree[path]['stat'].st_gid = gid - return fake_chown - - -def generate_fake_exists(testtree): - def fake_exists(path): - check_removed(path, 'exists', testtree) - return path in testtree - return fake_exists - - -def generate_fake_listdir(testtree): - def fake_listdir(path): - check_removed(path, 'listdir', testtree) - path_parts = path.split('/') - for entry in testtree: - entry_parts = entry.split('/') - if (entry_parts[:len(path_parts)] == path_parts - and len(entry_parts) == len(path_parts) + 1): - yield entry - return fake_listdir - - -def generate_fake_unlink(testtree): - def fake_unlink(path): - check_removed(path, 'unlink', testtree) - del testtree[path] - return fake_unlink - - -def generate_fake_lgetfilecon(testtree): - def fake_lgetfilecon(path): - check_removed(path, 'lgetfilecon', testtree) - - -def generate_fake_lsetfilecon(testtree): - def fake_lsetfilecon(path, context): - check_removed(path, 'lsetfilecon', testtree) - if testtree[path]['nfs']: - raise OSError(95, 'Operation not supported') - - -@contextlib.contextmanager -def fake_testtree(testtree): - fake_stat = generate_fake_stat(testtree) - fake_chown = generate_fake_chown(testtree) - fake_exists = generate_fake_exists(testtree) - fake_listdir = generate_fake_listdir(testtree) - fake_unlink = generate_fake_unlink(testtree) - fake_lsetfilecon = generate_fake_lsetfilecon(testtree) - fake_lgetfilecon = generate_fake_lgetfilecon(testtree) - with mock.patch('os.chown', - side_effect=fake_chown) as fake_chown: - with mock.patch('os.path.exists', - side_effect=fake_exists) as fake_exists: - with mock.patch('os.listdir', - side_effect=fake_listdir) as fake_listdir: - with mock.patch('pwd.getpwnam', - return_value=(0, 0, current_uid, current_gid)): - with mock.patch('os.stat', - side_effect=fake_stat) as fake_stat: - with mock.patch( - 'os.unlink', - side_effect=fake_unlink) as fake_unlink: - with mock.patch( - 'selinux.lgetfilecon', - side_effect=fake_lgetfilecon, - return_value=[10, 'newcontext']) as fake_lgetfilecon: - with mock.patch( - 'selinux.lsetfilecon', - side_effect=fake_lsetfilecon) as fake_lsetfilecon: - yield (fake_chown, - fake_exists, - fake_listdir, - fake_stat, - fake_unlink, - fake_lgetfilecon, - fake_lsetfilecon) - - -def assert_ids(testtree, path, uid, gid): - statinfo = testtree[path]['stat'] - assert (uid, gid) == (statinfo.st_uid, statinfo.st_gid), \ - "{}: expected ownership {}:{} actual {}:{}".format( - path, uid, gid, statinfo.st_uid, statinfo.st_gid) - - -class PathManagerCase(base.BaseTestCase): - def test_file(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - self.assertTrue(pathinfo.has_either(current_uid, 0)) - self.assertTrue(pathinfo.has_either(0, current_gid)) - self.assertFalse(pathinfo.is_dir) - self.assertEqual(str(pathinfo), 'uid: {} gid: {} path: {}'.format( - current_uid, current_gid, '/var/lib/nova/instances/foo/baz' - )) - - def test_dir(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - self.assertTrue(pathinfo.has_either(current_uid, 0)) - self.assertTrue(pathinfo.has_either(0, current_gid)) - self.assertTrue(pathinfo.is_dir) - self.assertEqual(str(pathinfo), 'uid: {} gid: {} path: {}'.format( - current_uid, current_gid, '/var/lib/nova/' - )) - - def test_chown(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - pathinfo.chown(current_uid + 1, current_gid) - assert_ids(testtree, pathinfo.path, current_uid + 1, current_gid) - - def test_chgrp(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - pathinfo.chown(current_uid, current_gid + 1) - assert_ids(testtree, pathinfo.path, current_uid, current_gid + 1) - - def test_chown_chgrp(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree): - pathinfo = PathManager('/var/lib/nova/instances/foo/baz') - self.assertTrue(pathinfo.has_owner(current_uid, current_gid)) - pathinfo.chown(current_uid + 1, current_gid + 1) - assert_ids(testtree, pathinfo.path, - current_uid + 1, current_gid + 1) - - -class NovaStatedirOwnershipManagerTestCase(base.BaseTestCase): - def test_no_upgrade_marker(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree) as (fake_chown, _, _, _, _, _, fake_lsetfilecon): - NovaStatedirOwnershipManager('/var/lib/nova').run() - fake_chown.assert_called_once_with('/var/lib/nova/instances/foo/removeddir2', 100, -1) - fake_lsetfilecon.assert_any_call('/var/lib/nova', 'newcontext') - fake_lsetfilecon.assert_any_call('/var/lib/nova/instances/foo', 'newcontext') - chcon_paths = [x[0][0] for x in fake_lsetfilecon.call_args_list] - self.assertNotIn('/var/lib/nova/instances/foo/bar', chcon_paths) - - def test_upgrade_marker_no_id_change(self): - testtree = generate_testtree2(current_uid, - current_gid, - current_uid, - current_gid) - - with fake_testtree(testtree) as (fake_chown, _, _, _, fake_unlink, _, _): - NovaStatedirOwnershipManager('/var/lib/nova').run() - fake_chown.assert_called_once_with('/var/lib/nova/instances/foo/removeddir2', 100, -1) - fake_unlink.assert_called_with('/var/lib/nova/upgrade_marker') - - def test_upgrade_marker_id_change(self): - other_uid = current_uid + 1 - other_gid = current_gid + 1 - testtree = generate_testtree2(other_uid, - other_gid, - other_uid, - other_gid) - - # Determine which paths should change uid/gid - expected_changes = {} - for k, v in testtree.items(): - if k == '/var/lib/nova/upgrade_marker': - # Ignore the marker, it should be deleted - continue - if k == '/var/lib/_nova_secontext': - # Ignore, outside tree - continue - if testtree[k].get('removed_when', False): - # Ignore, deleted - continue - v = v['stat'] - if v.st_uid == other_uid or v.st_gid == other_gid: - expected_changes[k] = ( - current_uid if v.st_uid == other_uid else v.st_uid, - current_gid if v.st_gid == other_gid else v.st_gid - ) - - with fake_testtree(testtree) as (_, _, _, _, fake_unlink, _, _): - NovaStatedirOwnershipManager('/var/lib/nova').run() - for fn, expected in expected_changes.items(): - assert_ids(testtree, fn, expected[0], expected[1]) - fake_unlink.assert_called_with('/var/lib/nova/upgrade_marker') - - def test_exclude_path(self): - testtree = generate_testtree1(current_uid, current_gid) - - with fake_testtree(testtree) as ( - fake_chown, _, fake_listdir, fake_stat, _, _, _): - manager = NovaStatedirOwnershipManager( - '/var/lib/nova', - exclude_paths=['instances/foo/bar', '/var/lib/nova/instances/foo/removeddir'] - ) - manager.run() - self.assertIn('/var/lib/nova/instances/foo/bar', manager.exclude_paths) - self.assertIn('/var/lib/nova/instances/foo/removeddir', manager.exclude_paths) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/bar'), fake_stat.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/bar'), fake_chown.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/removeddir'), fake_stat.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/removeddir'), fake_chown.call_args_list) - self.assertNotIn(mock.call('/var/lib/nova/instances/foo/removeddir'), fake_listdir.call_args_list) - - @mock.patch.dict(os.environ, {'NOVA_STATEDIR_OWNERSHIP_SKIP': 'foo:bar:foo/bar/baz'}) - def test_get_exclude_paths(self): - expected = [ - 'foo', - 'bar', - 'foo/bar/baz' - ] - exclude_paths = get_exclude_paths() - self.assertEqual(exclude_paths, expected) diff --git a/roles/edpm_nova_compute/handlers/main.yml b/roles/edpm_nova_compute/handlers/main.yml deleted file mode 100644 index 43f726edd..000000000 --- a/roles/edpm_nova_compute/handlers/main.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Remove nova_compute_config container - ansible.builtin.command: podman rm -f nova_compute_config diff --git a/roles/edpm_nova_compute/meta/argument_specs.yml b/roles/edpm_nova_compute/meta/argument_specs.yml deleted file mode 100644 index b7d1fc97b..000000000 --- a/roles/edpm_nova_compute/meta/argument_specs.yml +++ /dev/null @@ -1,922 +0,0 @@ ---- -argument_specs: - # ./roles/edpm_nova_compute/tasks/main.yml entry point - main: - short_description: The main entry point for the edpm_nova_compute role. - options: - service_net_map: - type: dict - required: true - description: Map of netwok, used to retrieve IP addresses to derive other parameters. - edpm_service_net_map: - type: dict - default: {} - description: > - Map of netwok, used to retrieve IP addresses to derive other parameters. - Set either directly or by `service_net_map`. - edpm_nova_compute_DEFAULT_compute_driver: - default: libvirt.LibvirtDriver - description: '' - type: str - edpm_nova_compute_DEFAULT_dhcp_domain: - default: '' - description: '' - type: str - edpm_nova_compute_DEFAULT_force_config_drive: - default: true - description: '' - type: bool - edpm_nova_compute_DEFAULT_host: - default: '{{ ansible_facts["nodename"] }}' - description: '' - type: str - edpm_nova_compute_DEFAULT_log_dir: - default: /var/log/nova - description: '' - type: str - edpm_nova_compute_DEFAULT_my_ip: - default: '{{ hostvars[inventory_hostname][edpm_service_net_map["nova_api_network"] ~ - "_ip"] }}' - description: '' - type: str - edpm_nova_compute_DEFAULT_preallocate_images: - default: none - description: '' - type: str - edpm_nova_compute_DEFAULT_report_interval: - default: 10 - description: '' - type: int - edpm_nova_compute_DEFAULT_rootwrap_config: - default: /etc/nova/rootwrap.conf - description: '' - type: str - edpm_nova_compute_DEFAULT_rpc_response_timeout: - default: 60 - description: '' - type: int - edpm_nova_compute_DEFAULT_service_down_time: - default: 60 - description: '' - type: int - edpm_nova_compute_DEFAULT_ssl_only: - default: false - description: '' - type: bool - edpm_nova_compute_DEFAULT_state_path: - default: /var/lib/nova - description: '' - type: str - edpm_nova_compute_DEFAULT_sync_power_state_interval: - default: 600 - description: '' - type: int - edpm_nova_compute_DEFAULT_transport_url: - default: '' - description: '' - type: str - edpm_nova_compute_DEFAULT_vif_plugging_is_fatal: - default: true - description: '' - type: bool - edpm_nova_compute_DEFAULT_vif_plugging_timeout: - default: 300 - description: '' - type: int - edpm_nova_compute_additional_cell: - default: false - description: '' - type: bool - edpm_nova_compute_auth_cloud_name: - default: '{{ edpm_auth_cloud_name | default('''') }}' - description: '' - type: str - edpm_nova_compute_auto_disabling: - default: 10 - description: '' - type: int - edpm_nova_compute_ceph_client_key: - default: '{{ edpm_ceph_client_key | default('''') }}' - description: '' - type: str - edpm_nova_compute_ceph_client_user_name: - default: '{{ edpm_ceph_client_user_name | default(''openstack'') }}' - description: '' - type: str - edpm_nova_compute_ceph_cluster_fsid: - default: '{{ edpm_ceph_cluster_fsid | default('''') }}' - description: '' - type: str - edpm_nova_compute_ceph_cluster_name: - default: '{{ edpm_ceph_cluster_name | default('''') }}' - description: '' - type: str - edpm_nova_compute_ceph_config_path: - default: '{{ edpm_ceph_config_path | default(''/var/lib/edpm-config/ceph'') }}' - description: '' - type: str - edpm_nova_compute_cinder_auth_type: - default: v3password - description: '' - type: str - edpm_nova_compute_cinder_auth_url: - default: '' - description: '' - type: str - edpm_nova_compute_cinder_catalog_info: - default: volumev3:cinderv3:internalURL - description: '' - type: str - edpm_nova_compute_cinder_enable_nfs_backend: - default: false - description: '' - type: bool - edpm_nova_compute_cinder_enable_rbd_backend: - default: '{{ edpm_cinder_enable_rbd_backend | default(false) }}' - description: '' - type: str - edpm_nova_compute_cinder_password: - default: '{{ edpm_cinder_password | default('''') }}' - description: '' - type: str - edpm_nova_compute_cinder_project_domain_name: - default: Default - description: '' - type: str - edpm_nova_compute_cinder_project_name: - default: service - description: '' - type: str - edpm_nova_compute_cinder_rbd_multi_config: - default: '{{ edpm_cinder_rbd_multi_config | default({}) }}' - description: '' - type: str - edpm_nova_compute_cinder_user_domain_name: - default: Default - description: '' - type: str - edpm_nova_compute_cinder_username: - default: cinder - description: '' - type: str - edpm_nova_compute_common_volumes: - default: '{{ edpm_container_standalone_common_volumes }}' - description: '' - type: str - edpm_nova_compute_compute_consecutive_build_service_disable_threshold: - default: 10 - description: '' - type: int - edpm_nova_compute_compute_cpu_dedicated_set: - default: '' - description: '' - type: str - edpm_nova_compute_compute_cpu_shared_set: - default: '' - description: '' - type: str - edpm_nova_compute_compute_live_migration_wait_for_vif_plug: - default: true - description: '' - type: bool - edpm_nova_compute_compute_max_disk_devices_to_attach: - default: '-1' - description: '' - type: str - edpm_nova_compute_compute_provider_config_location: - default: /etc/nova/provider_config - description: '' - type: str - edpm_nova_compute_config: - default: - DEFAULT: - compute_driver: '{{ edpm_nova_compute_DEFAULT_compute_driver }}' - cpu_allocation_ratio: '{{ edpm_nova_compute_cpu_allocation_ratio }}' - debug: '{{ edpm_nova_compute_debug }}' - dhcp_domain: '{{ edpm_nova_compute_DEFAULT_dhcp_domain }}' - disk_allocation_ratio: '{{ edpm_nova_compute_disk_allocation_ratio }}' - force_config_drive: '{{ edpm_nova_compute_DEFAULT_force_config_drive }}' - force_raw_images: '{{ edpm_nova_compute_force_raw_images }}' - host: '{{ edpm_nova_compute_DEFAULT_host }}' - log_dir: '{{ edpm_nova_compute_DEFAULT_log_dir }}' - mkisofs_cmd: '{{ edpm_nova_compute_mkisofs_cmd }}' - my_ip: '{{ edpm_nova_compute_DEFAULT_my_ip }}' - preallocate_images: '{{ edpm_nova_compute_DEFAULT_preallocate_images }}' - ram_allocation_ratio: '{{ edpm_nova_compute_ram_allocation_ratio }}' - report_interval: '{{ edpm_nova_compute_DEFAULT_report_interval }}' - reserved_host_memory_mb: '{{ edpm_nova_compute_reserved_host_memory }}' - resume_guests_state_on_host_boot: '{{ edpm_nova_compute_resume_guests_state_on_host_boot - }}' - rootwrap_config: '{{ edpm_nova_compute_DEFAULT_rootwrap_config }}' - rpc_response_timeout: '{{ edpm_nova_compute_DEFAULT_rpc_response_timeout }}' - service_down_time: '{{ edpm_nova_compute_DEFAULT_service_down_time }}' - ssl_only: '{{ edpm_nova_compute_DEFAULT_ssl_only }}' - state_path: '{{ edpm_nova_compute_DEFAULT_state_path }}' - sync_power_state_interval: '{{ edpm_nova_compute_DEFAULT_sync_power_state_interval - }}' - transport_url: '{{ edpm_nova_compute_DEFAULT_transport_url }}' - use_cow_images: '{{ edpm_nova_compute_use_cow_images }}' - vif_plugging_is_fatal: '{{ edpm_nova_compute_DEFAULT_vif_plugging_is_fatal }}' - vif_plugging_timeout: '{{ edpm_nova_compute_DEFAULT_vif_plugging_timeout }}' - cinder: - auth_type: '{{ edpm_nova_compute_cinder_auth_type }}' - auth_url: '{{ edpm_nova_compute_cinder_auth_url }}' - catalog_info: '{{ edpm_nova_compute_cinder_catalog_info }}' - cross_az_attach: '{{ edpm_nova_compute_cross_az_attach }}' - os_region_name: '{{ edpm_nova_compute_keystone_region }}' - password: '{{ edpm_nova_compute_cinder_password }}' - project_domain_name: '{{ edpm_nova_compute_cinder_project_domain_name }}' - project_name: '{{ edpm_nova_compute_cinder_project_name }}' - user_domain_name: '{{ edpm_nova_compute_cinder_user_domain_name }}' - username: '{{ edpm_nova_compute_cinder_username }}' - compute: - consecutive_build_service_disable_threshold: '{{ edpm_nova_compute_compute_consecutive_build_service_disable_threshold - }}' - cpu_dedicated_set: '{{ edpm_nova_compute_compute_cpu_dedicated_set }}' - cpu_shared_set: '{{ edpm_nova_compute_compute_cpu_shared_set }}' - live_migration_wait_for_vif_plug: '{{ edpm_nova_compute_compute_live_migration_wait_for_vif_plug - }}' - max_disk_devices_to_attach: '{{ edpm_nova_compute_compute_max_disk_devices_to_attach - }}' - provider_config_location: '{{ edpm_nova_compute_compute_provider_config_location - }}' - image_cache: - manager_interval: '{{ edpm_nova_compute_image_cache_manager_interval }}' - precache_concurrency: '{{ edpm_nova_compute_image_cache_precache_concurrency - }}' - remove_unused_base_images: '{{ edpm_nova_compute_image_cache_remove_unused_base_images - }}' - remove_unused_original_minimum_age_seconds: '{{ edpm_nova_compute_image_cache_ttl - }}' - remove_unused_resized_minimum_age_seconds: '{{ edpm_nova_compute_image_cache_remove_unused_resized_minimum_age - }}' - key_manager: - backend: '{{ edpm_nova_compute_key_manager_backend }}' - libvirt: - cpu_mode: '{{ edpm_nova_compute_cpu_mode }}' - cpu_model_extra_flags: '{{ edpm_nova_compute_cpu_model_extra_flags }}' - enabled_perf_events: '{{ edpm_nova_compute_libvirt_enabled_perf_events }}' - file_backed_memory: '{{ edpm_nova_compute_file_backed_memory }}' - hw_machine_type: '{{ edpm_nova_compute_hw_machine_type }}' - inject_key: '{{ edpm_nova_compute_libvirt_inject_key }}' - inject_partition: '{{ edpm_nova_compute_libvirt_inject_partition }}' - inject_password: '{{ edpm_nova_compute_libvirt_inject_password }}' - live_migration_inbound_addr: '{{ edpm_nova_compute_libvirt_live_migration_inbound_addr - }}' - live_migration_permit_auto_converge: '{{ edpm_nova_compute_libvirt_live_migration_permit_auto_converge - }}' - live_migration_permit_post_copy: '{{ edpm_nova_compute_libvirt_live_migration_permit_post_copy - }}' - live_migration_tunnelled: '{{ edpm_nova_compute_libvirt_live_migration_tunnelled - }}' - live_migration_uri: '{{ edpm_nova_compute_libvirt_live_migration_uri }}' - mem_stats_period_seconds: '{{ edpm_nova_compute_mem_stats_period_seconds }}' - num_pcie_ports: '{{ edpm_nova_compute_num_pcie_ports }}' - rx_queue_size: '{{ edpm_nova_compute_rx_queue_size }}' - swtpm_enabled: '{{ edpm_nova_compute_enable_vtpm }}' - tx_queue_size: '{{ edpm_nova_compute_tx_queue_size }}' - virt_type: '{{ edpm_nova_compute_libvirt_virt_type }}' - volume_use_multipath: '{{ edpm_nova_compute_volume_use_multipath }}' - neutron: - default_floating_pool: '{{ edpm_nova_compute_neutron_default_floating_pool }}' - extension_sync_interval: '{{ edpm_nova_compute_neutron_extension_sync_interval - }}' - ovs_bridge: '{{ edpm_nova_compute_neutron_ovs_bridge }}' - timeout: '{{ edpm_nova_compute_neutron_timeout }}' - valid_interfaces: '{{ edpm_nova_compute_neutron_valid_interfaces }}' - notifications: - notification_format: '{{ edpm_nova_compute_notifications_notification_format - }}' - notify_on_state_change: '{{ edpm_nova_compute_notifications_notify_on_state_change - }}' - oslo_concurrency: - lock_path: '{{ edpm_nova_compute_oslo_concurrency_lock_path }}' - oslo_messaging_notifications: - driver: '{{ edpm_nova_compute_oslo_messaging_notifications_driver }}' - transport_url: '{{ edpm_nova_compute_oslo_messaging_notifications_transport_url - }}' - oslo_messaging_rabbit: - heartbeat_timeout_threshold: '{{ edpm_nova_compute_oslo_messaging_rabbit_heartbeat_timeout_threshold - }}' - ssl: '{{ edpm_nova_compute_oslo_messaging_rabbit_ssl }}' - oslo_policy: - enforce_new_defaults: '{{ edpm_nova_compute_oslo_policy_enforce_new_defaults - }}' - enforce_scope: '{{ edpm_nova_compute_oslo_policy_enforce_scope }}' - policy_file: '{{ edpm_nova_compute_oslo_policy_policy_file }}' - spice: - enabled: '{{ edpm_nova_compute_spice_enabled }}' - vendordata_dynamic_auth: - project_domain_name: '{{ edpm_nova_compute_vendordata_dynamic_auth_project_domain_name - }}' - user_domain_name: '{{ edpm_nova_compute_vendordata_dynamic_auth_user_domain_name - }}' - vif_plug_ovs: - ovsdb_connection: '{{ edpm_nova_compute_vif_plug_ovs_ovsdb_connection }}' - vnc: - enabled: '{{ edpm_nova_compute_vnc_enabled }}' - novncproxy_base_url: '{{ edpm_nova_compute_vncproxy_host }}' - server_listen: '{{ edpm_nova_compute_vnc_server_listen }}' - server_proxyclient_address: '{{ edpm_nova_compute_vncserver_proxyclient_address - }}' - workarounds: - disable_compute_service_check_for_ffu: '{{ edpm_nova_compute_disable_compute_service_check_for_ffu - }}' - never_download_image_if_on_rbd: '{{ edpm_nova_compute_disable_image_download_to_rbd - }}' - description: > - This dictionary contains rendered configuration derived from previously set role parameters. - It can be overriden with customer supplied information, however this may have unforseen consequences. - type: dict - edpm_nova_compute_config_dir: - default: /var/lib/config-data/ansible-generated/nova_libvirt - description: '' - type: str - edpm_nova_compute_config_overrides: - default: {} - description: '' - type: dict - edpm_nova_compute_config_use_ansible: - default: true - description: '' - type: bool - edpm_nova_compute_container_image: - default: quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified - description: '' - type: str - edpm_nova_compute_container_nova_libvirt_config_image: - default: '{{ edpm_nova_libvirt_container_config_image | default(edpm_nova_compute_container_image) - }}' - description: '' - type: str - edpm_nova_compute_cpu_allocation_ratio: - default: 0.0 - description: '' - type: float - edpm_nova_compute_cpu_dedicated_set: - default: [] - description: '' - type: list - edpm_nova_compute_cpu_mode: - default: host-model - description: '' - type: str - edpm_nova_compute_cpu_model_extra_flags: - default: '' - description: '' - type: str - edpm_nova_compute_cpu_models: - default: [] - description: '' - type: list - edpm_nova_compute_cpu_shared_set: - default: [] - description: '' - type: list - edpm_nova_compute_cross_az_attach: - default: true - description: '' - type: bool - edpm_nova_compute_custom_provider_inventories: - default: {} - description: '' - type: dict - edpm_nova_compute_debug: - default: '{{ (ansible_verbosity | int) >= 2 | bool }}' - description: Sets `__OS_DEBUG` environment variable. - type: str - edpm_nova_compute_deploy_identifier: - default: '{{ edpm_deploy_identifier | default('''') }}' - description: '' - type: str - edpm_nova_compute_disable_compute_service_check_for_ffu: - default: false - description: '' - type: bool - edpm_nova_compute_disable_image_download_to_rbd: - default: false - description: '' - type: bool - edpm_nova_compute_disable_irq_balance: - default: false - description: '' - type: bool - edpm_nova_compute_disk_allocation_ratio: - default: 0.0 - description: '' - type: float - edpm_nova_compute_docker_ulimit: - default: - - nofile=131072 - - memlock=67108864 - description: '' - type: list - edpm_nova_compute_enable_instance_ha: - default: false - description: '' - type: bool - edpm_nova_compute_enable_internal_tls: - default: '{{ edpm_enable_internal_tls | default (false) }}' - description: '' - type: str - edpm_nova_compute_enable_rbd_backend: - default: false - description: '' - type: bool - edpm_nova_compute_enable_vtpm: - default: false - description: '' - type: bool - edpm_nova_compute_environment: - default: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - description: '' - type: dict - edpm_nova_compute_file_backed_memory: - default: 0 - description: '' - type: int - edpm_nova_compute_force_raw_images: - default: true - description: '' - type: bool - edpm_nova_compute_glance_backend_id: - default: '{{ edpm_glance_backend_id | default(''default_backend'') }}' - description: '' - type: str - edpm_nova_compute_glance_enable_rbd_download: - default: false - description: '' - type: bool - edpm_nova_compute_glance_multistore_config: - default: '{{ edpm_glance_multistore_config | default({}) }}' - description: '' - type: str - edpm_nova_compute_glance_rbd_ceph_conf: - default: {} - description: '' - type: dict - edpm_nova_compute_glance_rbd_copy_poll_interval: - default: 15 - description: '' - type: int - edpm_nova_compute_glance_rbd_copy_timeout: - default: 600 - description: '' - type: int - edpm_nova_compute_glance_rbd_download_multistore_id: - default: '' - description: '' - type: str - edpm_nova_compute_glance_rbd_pool_name: - default: '{{ edpm_glance_rbd_pool_name | default(''images'') }}' - description: '' - type: str - edpm_nova_compute_glance_rbd_user: - default: {} - description: '' - type: dict - edpm_nova_compute_hide_sensitive_logs: - default: true - description: '' - type: bool - edpm_nova_compute_hw_machine_type: - default: x86_64=q35 - description: '' - type: str - edpm_nova_compute_image_cache_manager_interval: - default: 2400 - description: '' - type: int - edpm_nova_compute_image_cache_precache_concurrency: - default: 1 - description: '' - type: int - edpm_nova_compute_image_cache_remove_unused_base_images: - default: true - description: '' - type: bool - edpm_nova_compute_image_cache_remove_unused_resized_minimum_age: - default: 3600 - description: '' - type: int - edpm_nova_compute_image_cache_ttl: - default: 86400 - description: '' - type: int - edpm_nova_compute_image_type_exclude_list: - default: [] - description: '' - type: list - edpm_nova_compute_instance_usage_audit: - default: false - description: '' - type: bool - edpm_nova_compute_instance_usage_audit_period: - default: hour - description: '' - type: str - edpm_nova_compute_kernel_args: - default: '{{ edpm_kernel_args | default('''') }}' - description: '' - type: str - edpm_nova_compute_key_manager_backend: - default: nova.keymgr.conf_key_mgr.ConfKeyManager - description: '' - type: str - edpm_nova_compute_keystone_region: - default: regionOne - description: '' - type: str - edpm_nova_compute_libvirt_enabled_perf_events: - default: '' - description: '' - type: str - edpm_nova_compute_libvirt_inject_key: - default: false - description: '' - type: bool - edpm_nova_compute_libvirt_inject_partition: - default: '-2' - description: '' - type: str - edpm_nova_compute_libvirt_inject_password: - default: false - description: '' - type: bool - edpm_nova_compute_libvirt_live_migration_inbound_addr: - default: '{{ hostvars[inventory_hostname]["fqdn_" ~ edpm_service_net_map["nova_libvirt_network"]] - }}' - description: '' - type: str - edpm_nova_compute_libvirt_live_migration_permit_auto_converge: - default: true - description: '' - type: bool - edpm_nova_compute_libvirt_live_migration_permit_post_copy: - default: true - description: '' - type: bool - edpm_nova_compute_libvirt_live_migration_tunnelled: - default: false - description: '' - type: bool - edpm_nova_compute_libvirt_live_migration_uri: - default: qemu+ssh://nova_migration@s:2022/system?keyfile=/etc/nova/migration/identity - description: '' - type: str - edpm_nova_compute_libvirt_manage_libvirt_services: - default: false - description: '' - type: bool - edpm_nova_compute_libvirt_max_queues: - default: 0 - description: '' - type: int - edpm_nova_compute_libvirt_migration_support: - default: false - description: '' - type: bool - edpm_nova_compute_libvirt_pre_allocate_images: - default: none - description: '' - type: str - edpm_nova_compute_libvirt_virt_type: - default: qemu - description: '' - type: str - edpm_nova_compute_live_migration_permit_auto_converge: - default: true - description: '' - type: bool - edpm_nova_compute_live_migration_permit_post_copy: - default: true - description: '' - type: bool - edpm_nova_compute_live_migration_wait_for_vif_plug: - default: true - description: '' - type: bool - edpm_nova_compute_logging_environment: - default: {} - description: '' - type: dict - edpm_nova_compute_logging_source: - default: - file: /var/log/containers/nova/nova-compute.log - tag: openstack.nova.compute - description: '' - type: dict - edpm_nova_compute_logging_volumes: - default: - - /var/log/containers/nova:/var/log/nova:z - description: '' - type: list - edpm_nova_compute_max_disk_devices_to_attach: - default: -1 - description: '' - type: int - edpm_nova_compute_mdev_types: - default: {} - description: '' - type: dict - edpm_nova_compute_mem_stats_period_seconds: - default: 10 - description: '' - type: int - edpm_nova_compute_migration_client_enabled: - default: true - description: '' - type: bool - edpm_nova_compute_migration_client_ssh_private_key: - default: '' - description: '' - type: str - edpm_nova_compute_migration_libvirt_live_migration_permit_auto_converge: - default: false - description: '' - type: bool - edpm_nova_compute_migration_libvirt_live_migration_permit_post_copy: - default: false - description: '' - type: bool - edpm_nova_compute_migration_libvirt_live_migration_tunnelled: - default: false - description: '' - type: bool - edpm_nova_compute_migration_ssh_key: - default: '{{ edpm_migration_ssh_key | default({"public_key": "", "private_key": - ""}) }} - - ' - description: Full ssh key, rendered from a template with previsously supplied variable values. - type: str - edpm_nova_compute_migration_ssh_port: - default: '{{ edpm_migration_ssh_port | default(2022) }}' - description: '' - type: str - edpm_nova_compute_mkisofs_cmd: - default: mkisofs - description: '' - type: str - edpm_nova_compute_monitoring_subscription: - default: overcloud-nova-compute - description: '' - type: str - edpm_nova_compute_multipathd_enable: - default: '{{ edpm_multipathd_enable | default(false) }}' - description: '' - type: str - edpm_nova_compute_neutron_default_floating_pool: - default: public - description: '' - type: str - edpm_nova_compute_neutron_extension_sync_interval: - default: 600 - description: '' - type: int - edpm_nova_compute_neutron_ovs_bridge: - default: br-int - description: '' - type: str - edpm_nova_compute_neutron_physnet_numa_nodes_mapping: - default: {} - description: '' - type: dict - edpm_nova_compute_neutron_timeout: - default: 30 - description: '' - type: int - edpm_nova_compute_neutron_tunnel_numa_nodes: - default: [] - description: '' - type: list - edpm_nova_compute_neutron_valid_interfaces: - default: internal - description: '' - type: str - edpm_nova_compute_nfs_enabled: - default: false - description: '' - type: bool - edpm_nova_compute_nfs_options: - default: context=system_u:object_r:nfs_t:s0 - description: '' - type: str - edpm_nova_compute_nfs_share: - default: '' - description: '' - type: str - edpm_nova_compute_nfs_version: - default: '4.2' - description: '' - type: str - edpm_nova_compute_notifications_notification_format: - default: unversioned - description: '' - type: str - edpm_nova_compute_notifications_notify_on_state_change: - default: vm_and_task_state - description: '' - type: str - edpm_nova_compute_num_pcie_ports: - default: 16 - description: '' - type: int - edpm_nova_compute_opt_env_vars: - default: {} - description: '' - type: dict - edpm_nova_compute_opt_volumes: - default: [] - description: '' - type: list - edpm_nova_compute_oslo_concurrency_lock_path: - default: /var/lib/nova/tmp - description: '' - type: str - edpm_nova_compute_oslo_messaging_notifications_driver: - default: noop - description: '' - type: str - edpm_nova_compute_oslo_messaging_notifications_transport_url: - default: '' - description: '' - type: str - edpm_nova_compute_oslo_messaging_rabbit_heartbeat_timeout_threshold: - default: 60 - description: '' - type: int - edpm_nova_compute_oslo_messaging_rabbit_ssl: - default: false - description: '' - type: bool - edpm_nova_compute_oslo_policy_enforce_new_defaults: - default: false - description: '' - type: bool - edpm_nova_compute_oslo_policy_enforce_scope: - default: false - description: '' - type: bool - edpm_nova_compute_oslo_policy_policy_file: - default: /etc/nova/policy.yaml - description: '' - type: str - edpm_nova_compute_ovs_dpdk_socket_memory: - default: '{{ edpm_ovs_dpdk_socket_memory | default('''') }}' - description: '' - type: str - edpm_nova_compute_pci_passthrough: - default: {} - description: '' - type: dict - edpm_nova_compute_placement_api_interface: - default: internal - description: '' - type: str - edpm_nova_compute_ram_allocation_ratio: - default: 1.0 - description: '' - type: float - edpm_nova_compute_rbd_disk_cachemodes: - default: '{{ edpm_rbd_disk_cachemodes | default([''network=writeback'']) }}' - description: '' - type: str - edpm_nova_compute_rbd_libvirt_images_rbd_ceph_conf: - default: /etc/ceph/ + {{ edpm_nova_compute_ceph_cluster_name }} + .conf - description: '' - type: str - edpm_nova_compute_rbd_pool_name: - default: vms - description: '' - type: str - edpm_nova_compute_rbd_rbd_keyring: - default: client. + {{ edpm_nova_compute_ceph_client_user_name }} - description: '' - type: str - edpm_nova_compute_reserved_host_memory: - default: 4096 - description: '' - type: int - edpm_nova_compute_reserved_huge_pages: - default: [] - description: '' - type: list - edpm_nova_compute_resume_guests_state_on_host_boot: - default: false - description: '' - type: bool - edpm_nova_compute_root_stack_name: - default: '{{ edpm_root_stack_name | default('''') }}' - description: '' - type: str - edpm_nova_compute_rx_queue_size: - default: 512 - description: '' - type: int - edpm_nova_compute_spice_enabled: - default: false - description: '' - type: bool - edpm_nova_compute_startup_delay: - default: 0 - description: '' - type: int - edpm_nova_compute_statedir_ownership_skip: - default: - - triliovault-mounts - description: '' - type: list - edpm_nova_compute_tx_queue_size: - default: 512 - description: '' - type: int - edpm_nova_compute_type: - default: kvm - description: '' - type: str - edpm_nova_compute_use_cow_images: - default: true - description: '' - type: bool - edpm_nova_compute_use_tls_transport_for_live_migration: - default: '{{ edpm_use_tls_transport_for_live_migration | default(true) }}' - description: '' - type: str - edpm_nova_compute_vcpu_pin_set: - default: [] - description: '' - type: list - edpm_nova_compute_vendordata_dynamic_auth_project_domain_name: - default: Default - description: '' - type: str - edpm_nova_compute_vendordata_dynamic_auth_user_domain_name: - default: Default - description: '' - type: str - edpm_nova_compute_verify_glance_signatures: - default: false - description: '' - type: bool - edpm_nova_compute_vgpu_types_device_addresses_mapping: - default: {} - description: '' - type: dict - edpm_nova_compute_vif_plug_ovs_ovsdb_connection: - default: '' - description: '' - type: str - edpm_nova_compute_vnc_enabled: - default: true - description: '' - type: bool - edpm_nova_compute_vnc_server_listen: - default: '{{ hostvars[inventory_hostname][edpm_service_net_map["nova_libvirt_network"] - ~ "_ip"] }}' - description: '' - type: str - edpm_nova_compute_vncproxy_common_vncproxy_host: - default: '' - description: '' - type: str - edpm_nova_compute_vncproxy_common_vncproxy_port: - default: '' - description: '' - type: str - edpm_nova_compute_vncproxy_common_vncproxy_protocol: - default: '' - description: '' - type: str - edpm_nova_compute_vncproxy_host: - default: '' - description: '' - type: str - edpm_nova_compute_vncserver_proxyclient_address: - default: '{{ hostvars[inventory_hostname][edpm_service_net_map["nova_libvirt_network"] - ~ "_ip"] }}' - description: '' - type: str - edpm_nova_compute_volume_use_multipath: - default: false - description: '' - type: bool - edpm_nova_compute_volumes: - default: - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - '{{ edpm_nova_compute_config_dir }}:/var/lib/kolla/config_files/src:ro' - - '{{ edpm_iscsid_config_volume }}:/var/lib/kolla/config_files/src-iscsid:ro' - - '{{ edpm_nova_compute_ceph_config_path }}:/var/lib/kolla/config_files/src-ceph:ro' - - /dev:/dev - - /lib/modules:/lib/modules:ro - - /run:/run - - /var/lib/iscsi:/var/lib/iscsi:z - - /var/lib/libvirt:/var/lib/libvirt:shared - - /sys/class/net:/sys/class/net - - /sys/bus/pci:/sys/bus/pci - - /boot:/boot:ro - - /var/lib/nova:/var/lib/nova:shared - description: List of volumes in a mount point format. - type: list diff --git a/roles/edpm_nova_compute/meta/main.yml b/roles/edpm_nova_compute/meta/main.yml deleted file mode 100644 index 4aaa271d6..000000000 --- a/roles/edpm_nova_compute/meta/main.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: EDPM OpenStack Role -- edpm_nova_compute - company: Red Hat - license: Apache-2.0 - min_ansible_version: '2.9' - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: 'EL' - versions: - - '8' - - '9' - - galaxy_tags: - - edpm - - -# List your role dependencies here, one per line. Be sure to remove the '[]' above, -# if you add dependencies to this list. -dependencies: [] diff --git a/roles/edpm_nova_compute/molecule/default/collections.yml b/roles/edpm_nova_compute/molecule/default/collections.yml deleted file mode 100644 index 424ad60b8..000000000 --- a/roles/edpm_nova_compute/molecule/default/collections.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: -- name: community.general diff --git a/roles/edpm_nova_compute/molecule/default/converge.yml b/roles/edpm_nova_compute/molecule/default/converge.yml deleted file mode 100644 index b7b4df36e..000000000 --- a/roles/edpm_nova_compute/molecule/default/converge.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - vars: - edpm_container_standalone_service: test - edpm_container_standalone_container_defs: - test: - image: quay.io/centos/centos:stream9 - net: host - privileged: true - restart: always - environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - edpm_container_standalone_kolla_config_files: - test: - command: 'sleep 3600' - pre_tasks: - - ansible.builtin.set_fact: - internal_api: - nova_api_network: mock_network - nova_libvirt_network: mock_network - internal_api_ip: 10.0.0.1 - fqdn_internal_api: mock_api - roles: - - role: "osp.edpm.edpm_container_standalone" - - role: "edpm_nova_compute" - service_net_map: - nova_api_network: internal_api - nova_libvirt_network: internal_api diff --git a/roles/edpm_nova_compute/molecule/default/molecule.yml b/roles/edpm_nova_compute/molecule/default/molecule.yml deleted file mode 100644 index b92f12485..000000000 --- a/roles/edpm_nova_compute/molecule/default/molecule.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -dependency: - name: galaxy - options: - role-file: collections.yml -driver: - name: podman -platforms: -- command: /sbin/init - dockerfile: ../../../../molecule/common/Containerfile.j2 - image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - name: instance - privileged: true - registry: - url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - ulimits: - - host - pkg_extras: podman -provisioner: - env: - ANSIBLE_STDOUT_CALLBACK: yaml - inventory: - hosts: - all: - hosts: - instance: - ansible_python_interpreter: /usr/bin/python3 - log: true - name: ansible -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - destroy -verifier: - name: testinfra diff --git a/roles/edpm_nova_compute/molecule/default/prepare.yml b/roles/edpm_nova_compute/molecule/default/prepare.yml deleted file mode 100644 index 9345a6f35..000000000 --- a/roles/edpm_nova_compute/molecule/default/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2023 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -- name: Prepare test_deps - hosts: all - roles: - - role: ../../../../molecule/common/test_deps -- name: Prepare - hosts: all - roles: - - role: osp.edpm.env_data diff --git a/roles/edpm_nova_compute/tasks/configure.yml b/roles/edpm_nova_compute/tasks/configure.yml deleted file mode 100644 index 6e32d6832..000000000 --- a/roles/edpm_nova_compute/tasks/configure.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Manage OS version 9 specific sysctls - when: - - ansible_facts['os_family'] == 'RedHat' - - ansible_facts['distribution_major_version'] is version('9', '==') - block: - - name: Enable post-copy by setting unprivileged_userfaultfd - ansible.posix.sysctl: - name: "vm.unprivileged_userfaultfd" - value: 1 - sysctl_set: true - sysctl_file: /etc/sysctl.d/99-edpm-postcopy.conf - state: present - reload: true - -- name: Configure nova.conf - when: edpm_nova_compute_config_use_ansible - block: - - name: Ensure {{ edpm_nova_compute_config_dir }}/etc/nova exists - ansible.builtin.file: - path: "{{ edpm_nova_compute_config_dir }}/etc/nova" - state: directory - recurse: true - - - name: Remove nova_compute_config container if exists - ansible.builtin.shell: | - podman rm -f nova_compute_config || : - - - name: Run nova_compute_config container - ansible.builtin.shell: podman run --detach --name nova_compute_config {{ edpm_nova_compute_container_nova_libvirt_config_image }} sleep infinity - register: config_container_id - - - name: Copy initial config files from nova_libvirt_config container - ansible.builtin.shell: | - mount_dir=$(podman mount nova_compute_config) - cp -a ${mount_dir}/etc/nova/nova.conf {{ edpm_nova_compute_config_dir }}/etc/nova/nova.conf - failed_when: false - notify: Remove nova_compute_config container - register: copy_config_files - - - name: Check for failure - ansible.builtin.debug: - msg: | - Copying config files failed - {{ copy_config_files.stdout }} - {{ copy_config_files.stderr }} - when: - - copy_config_files.rc != 0 - failed_when: true - - - name: Configure nova.conf - openstack.config_template.config_template: - remote_src: true - src: "{{ edpm_nova_compute_config_dir }}/etc/nova/nova.conf" - dest: "{{ edpm_nova_compute_config_dir }}/etc/nova/nova.conf" - config_type: ini - config_overrides: "{{ edpm_nova_compute_config | combine(edpm_nova_compute_config_overrides, recursive=True) }}" diff --git a/roles/edpm_nova_compute/tasks/externaldeploy.yml b/roles/edpm_nova_compute/tasks/externaldeploy.yml deleted file mode 100644 index 13c083ef1..000000000 --- a/roles/edpm_nova_compute/tasks/externaldeploy.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Check if discover hosts is required - when: - - not edpm_nova_compute_additional_cell|bool - - nova_cellv2_discovery_done is not defined - block: - - name: Discover via nova_manager? - ansible.builtin.set_fact: - nova_cellv2_discovery_delegate_host: "{{ groups['nova_manager'][0] }}" - nova_cellv2_discovery_container: nova_manager - when: - - groups['nova_manager'] is defined and (groups['nova_manager']|length>0) - - name: Discover via nova_api? - ansible.builtin.set_fact: - nova_cellv2_discovery_delegate_host: "{{ groups['nova_api'][0] }}" - nova_cellv2_discovery_container: nova_api - when: - - nova_cellv2_discovery_delegate_host is not defined - - groups['nova_api'] is defined and (groups['nova_api']|length>0) - - name: Warn if no discovery host available - ansible.builtin.fail: - msg: 'No hosts available to run nova cell_v2 host discovery.' - ignore_errors: true - when: - - nova_cellv2_discovery_delegate_host is not defined - - name: Discovering nova hosts - ansible.builtin.command: /bin/podman exec {{ nova_cellv2_discovery_container }} nova-manage cell_v2 discover_hosts --by-service - become: true - changed_when: false - delegate_to: '{{ nova_cellv2_discovery_delegate_host }}' - when: - - nova_cellv2_discovery_delegate_host is defined - # Could be included multiple times so ensure it only runs once - - name: Get nova_cellv2_discovery_done fact - ansible.builtin.set_fact: - nova_cellv2_discovery_done: true diff --git a/roles/edpm_nova_compute/tasks/install.yml b/roles/edpm_nova_compute/tasks/install.yml deleted file mode 100644 index 7f18161be..000000000 --- a/roles/edpm_nova_compute/tasks/install.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create persistent directories - ansible.builtin.file: - path: "{{ item.path }}" - setype: "{{ item.setype }}" - state: directory - mode: "{{ item.mode | default(omit) }}" - with_items: - - {'path': /var/lib/nova, 'setype': container_file_t} - - {'path': /var/lib/_nova_secontext, 'setype': container_file_t} - - {'path': /var/lib/nova/instances, 'setype': container_file_t} - - {'path': /var/lib/libvirt, 'setype': container_file_t} - - {'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750'} - -- name: Mount Nova NFS Share - ansible.posix.mount: - name: /var/lib/nova/instances - state: mounted - fstype: nfs4 - src: "{{ edpm_nova_compute_nfs_share }}" - opts: _netdev,bg,{{ edpm_nova_compute_nfs_options }},nfsvers={{ edpm_nova_compute_nfs_version }} - when: edpm_nova_compute_nfs_enabled|bool - -- name: Ensure ceph configurations exist - ansible.builtin.file: - path: "{{ edpm_nova_compute_ceph_config_path }}" - state: directory - mode: 0755 - -- name: Enable virt_sandbox_use_netlink for healthcheck - ansible.posix.seboolean: - name: virt_sandbox_use_netlink - persistent: true - state: true - when: - - ansible_facts.selinux is defined - - ansible_facts.selinux.status == "enabled" - -- name: Install Instance HA recovery script - when: edpm_nova_compute_enable_instance_ha|bool - block: - - name: Prepare Instance HA script directory - ansible.builtin.file: - path: /var/lib/nova/instanceha - state: directory - mode: 0755 - - - name: Install Instance HA script that runs nova-compute - ansible.builtin.copy: - content: check-run-nova-compute - dest: /var/lib/nova/instanceha/check-run-nova-compute - mode: 0755 - - - name: If instance HA is enabled on the node activate the evacuation completed check - ansible.builtin.file: - path: /var/lib/nova/instanceha/enabled - state: touch - mode: 0644 - when: inventory_hostname in groups["compute_instanceha"] | default([]) - - - name: Install nova-compute delay wrapper script - ansible.builtin.copy: - content: delay-nova-compute - dest: /var/lib/nova/delay-nova-compute - mode: 0755 - when: edpm_nova_compute_startup_delay|int > 0 - - - name: Disable irqbalance service on compute - when: edpm_nova_compute_disable_irq_balance|bool - ansible.builtin.service: - name: irqbalance.service - state: stopped - enabled: false diff --git a/roles/edpm_nova_compute/tasks/logging-install.yml b/roles/edpm_nova_compute/tasks/logging-install.yml deleted file mode 100644 index 8ba10cd0a..000000000 --- a/roles/edpm_nova_compute/tasks/logging-install.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Create persistent directories - ansible.builtin.file: - path: "{{ item.path }}" - setype: "{{ item.setype }}" - state: directory - mode: "{{ item.mode | default(omit) }}" - with_items: - - {'path': /var/log/containers/nova, 'setype': container_file_t, 'mode': '0750'} diff --git a/roles/edpm_nova_compute/tasks/logging-run.yml b/roles/edpm_nova_compute/tasks/logging-run.yml deleted file mode 100644 index 12132a4c7..000000000 --- a/roles/edpm_nova_compute/tasks/logging-run.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure /var/lib/container-config-scripts exists - ansible.builtin.file: - path: /var/lib/container-config-scripts - state: directory - mode: 0755 - -- name: Manage nova_compute_init_log container - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_compute_init_log - edpm_container_standalone_container_defs: - nova_compute_init_log: "{{ lookup('template', 'nova_compute_init_log.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_nova_compute/tasks/main.yml b/roles/edpm_nova_compute/tasks/main.yml deleted file mode 100644 index 4d78c3dcd..000000000 --- a/roles/edpm_nova_compute/tasks/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "edpm_nova_compute" will search for and load any operating system variable file - -# TODO: external_post_deploy_tasks, kolla config, docker config - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - ansible.builtin.include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Set facts for conditions - ansible.builtin.set_fact: - edpm_nova_compute_compute_startup_delay: "{{ edpm_nova_compute_startup_delay != 0 and not edpm_nova_compute_enable_instance_ha }}" - edpm_nova_compute_use_tls_for_live_migration: "{{ edpm_nova_compute_enable_internal_tls | bool and edpm_nova_compute_use_tls_transport_for_live_migration | bool }}" - edpm_nova_compute_libvirt_file_backed_memory_enabled: "{{ edpm_nova_compute_file_backed_memory == '' or edpm_nova_compute_file_backed_memory == 0 }}" - edpm_nova_compute_is_realtime: "{{ edpm_tuned_profile_name | default('throughput-performance') != 'realtime-virtual-host' }}" diff --git a/roles/edpm_nova_compute/tasks/run.yml b/roles/edpm_nova_compute/tasks/run.yml deleted file mode 100644 index aba9dde25..000000000 --- a/roles/edpm_nova_compute/tasks/run.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure /var/lib/container-config-scripts exists - ansible.builtin.file: - path: /var/lib/container-config-scripts - state: directory - mode: 0755 - -- name: Copy nova_statedir_ownership.py to /var/lib/container-config-scripts - ansible.builtin.copy: - src: files/nova_statedir_ownership.py - dest: /var/lib/container-config-scripts/nova_statedir_ownership.py - mode: 0644 - -- name: Manage nova_compute_statedir_owner container - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_compute_statedir_owner - edpm_container_standalone_container_defs: - nova_compute_statedir_owner: "{{ lookup('template', 'nova_compute_statedir_owner.yaml.j2') | from_yaml }}" - -- name: Manage nova_compute_init_log container - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_compute_init_log - edpm_container_standalone_container_defs: - nova_compute_init_log: "{{ lookup('template', 'nova_compute_init_log.yaml.j2') | from_yaml }}" - -- name: Manage nova_wait_for_compute_service container - when: edpm_nova_compute_additional_cell|bool - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_wait_for_compute_service - edpm_container_standalone_container_defs: - nova_wait_for_compute_service: "{{ lookup('template', 'nova_wait_for_compute_service.yaml.j2') | from_yaml }}" - edpm_container_standalone_kolla_config_files: - nova_wait_for_compute_service: "{{ lookup('file', 'files/nova_wait_for_compute_service.yaml') | from_yaml }}" - -- name: Manage nova_compute container - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_compute - edpm_container_standalone_container_defs: - nova_compute: "{{ lookup('template', 'nova_compute.yaml.j2') | from_yaml }}" - edpm_container_standalone_kolla_config_files: - nova_compute: "{{ lookup('template', 'templates/kolla_config/nova_compute.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_nova_compute/tasks/scale.yml b/roles/edpm_nova_compute/tasks/scale.yml deleted file mode 100644 index be4a0e92e..000000000 --- a/roles/edpm_nova_compute/tasks/scale.yml +++ /dev/null @@ -1,84 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Remove openstack-nova-compute and python-nova package during upgrade - ansible.builtin.package: - name: - - openstack-nova-compute - - python-nova - state: removed - failed_when: false - -- name: Scale down - tags: down - become: true - environment: - OS_CLOUD: >- - {% if auth_cloud_name_set %}{{ edpm_nova_compute_auth_cloud_name }}{% else %}{{ edpm_nova_compute_root_stack_name }}{% endif %} - block: - # Some tasks are running from the Undercloud which has - # the OpenStack clients installed. - - name: Get nova-compute service ID - ansible.builtin.command: openstack compute service list --service nova-compute --column ID --column Host --format yaml - register: nova_compute_service_result - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false - changed_when: false - - - name: Set fact for nova_compute services - ansible.builtin.set_fact: - nova_compute_service: "{{ nova_compute_service_result.stdout | from_yaml | selectattr('Host', 'match', ansible_facts['fqdn'] ~ '.*') | list }}" - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false - - - name: Check search output - ansible.builtin.fail: - msg: >- - Found multiple `{{ ansible_facts['fqdn'] }}`, which is unexpected. - This means that the FQDN of the selected device to disable is - either wrong or is sharing a name with another host, which is - also wrong. Please correct this issue before continuing. Nova - service list return data can be found here - -> {{ nova_compute_service }}. - when: - - (nova_compute_service | length) > 1 - - - name: Disable nova services - when: - - (nova_compute_service | length) == 1 - block: - - name: Disable nova-compute service - ansible.builtin.command: openstack compute service set {{ nova_compute_service[0].Host }} nova-compute --disable - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false - when: - - not edpm_nova_compute_additional_cell|bool - - - name: Stop nova-compute container - ansible.builtin.service: - name: edpm_nova_compute - state: stopped - enabled: false - become: true - register: stop_nova_compute - failed_when: "('msg' in stop_nova_compute and - 'Could not find the requested service edpm_nova_compute' not in stop_nova_compute.msg) or - ('rc' in stop_nova_compute and stop_nova_compute.rc != 0)" - - - name: Delete nova-compute service - ansible.builtin.command: openstack compute service delete {{ nova_compute_service[0].ID }} - delegate_to: "{{ groups['Undercloud'] | first }}" - check_mode: false diff --git a/roles/edpm_nova_compute/tasks/update.yml b/roles/edpm_nova_compute/tasks/update.yml deleted file mode 100644 index 0cd6e43e8..000000000 --- a/roles/edpm_nova_compute/tasks/update.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Remove old tmpfiles.d config - ansible.builtin.file: - path: /etc/tmpfiles.d/var-run-libvirt.conf - state: absent diff --git a/roles/edpm_nova_compute/tasks/upgrade.yml b/roles/edpm_nova_compute/tasks/upgrade.yml deleted file mode 100644 index 4b46f6ef9..000000000 --- a/roles/edpm_nova_compute/tasks/upgrade.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Include update tasks to upgrade Nova Libvirt - ansible.builtin.include_tasks: update.yml diff --git a/roles/edpm_nova_compute/tasks/validate.yml b/roles/edpm_nova_compute/tasks/validate.yml deleted file mode 100644 index f55d5c2ba..000000000 --- a/roles/edpm_nova_compute/tasks/validate.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Validate nova-compute container state - containers.podman.podman_container_info: - name: nova_compute - register: nova_compute_infos - failed_when: - - nova_compute_infos.containers.0.Healthcheck.Status is defined - - "'healthy' not in nova_compute_infos.containers.0.Healthcheck.Status" - retries: 10 - delay: 30 - tags: - - opendev-validation - - opendev-validation-nova - when: - - not container_healthcheck_disabled | default(false) | bool diff --git a/roles/edpm_nova_compute/templates/kolla_config/nova_compute.yaml.j2 b/roles/edpm_nova_compute/templates/kolla_config/nova_compute.yaml.j2 deleted file mode 100644 index 50bde9c46..000000000 --- a/roles/edpm_nova_compute/templates/kolla_config/nova_compute.yaml.j2 +++ /dev/null @@ -1,41 +0,0 @@ -command: -{%- if edpm_nova_compute_startup_delay != 0 -%} - '/var/lib/nova/delay-nova-compute --delay {{ edpm_nova_compute_startup_delay }} --nova-binary' -{% elif edpm_nova_compute_enable_instance_ha -%} - '/var/lib/nova/instanceha/check-run-nova-compute' -{% else %} - '/usr/bin/nova-compute' -{% endif -%} -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - # (TODO: slagle) This must be commented out until files exist at this path - # otherwise kolla-start fails. This can be enabled once the edpm_iscsid - # role is actually generating configuration. - # - source: "/var/lib/kolla/config_files/src-iscsid/*" - # dest: "/etc/iscsi/" - # merge: true - # preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: - - path: /var/log/nova - owner: nova:nova - recurse: true - - path: {{ "/etc/ceph/" ~ edpm_nova_compute_ceph_cluster_name ~ ".client." ~ edpm_nova_compute_ceph_client_user_name ~ ".keyring" }} - owner: nova:nova - perm: '0600' -{% for _, store in edpm_nova_compute_glance_multistore_config.items() %} - - path: /etc/ceph/{{ store.CephClusterName | default(edpm_nova_compute_ceph_cluster_name) }}.client.{{ store.CephClientUserName | default(edpm_nova_compute_ceph_client_user_name) }}.keyring - owner: nova:nova - perm: '0600' -{% endfor %} -{% for _, store in edpm_nova_compute_cinder_rbd_multi_config.items() %} - - path: /etc/ceph/{{ store.CephClusterName | default(edpm_nova_compute_ceph_cluster_name) }}.client.{{ store.CephClientUserName | default(edpm_nova_compute_ceph_client_user_name) }}.keyring - owner: nova:nova - perm: '0600' -{% endfor %} diff --git a/roles/edpm_nova_compute/templates/nova_compute.yaml.j2 b/roles/edpm_nova_compute/templates/nova_compute.yaml.j2 deleted file mode 100644 index e67d7c970..000000000 --- a/roles/edpm_nova_compute/templates/nova_compute.yaml.j2 +++ /dev/null @@ -1,32 +0,0 @@ -start_order: 3 -image: {{ edpm_nova_compute_container_image }} -ulimit: {{ edpm_nova_compute_docker_ulimit }} -ipc: host -net: host -privileged: true -user: nova -restart: always -depends_on: - - edpm_nova_libvirt.target -volumes: - {% set nova_compute_volumes = [] %} - {%- set nova_compute_volumes = - nova_compute_volumes + - edpm_nova_compute_common_volumes + - edpm_nova_compute_volumes + - edpm_nova_compute_opt_volumes -%} - {%- if edpm_nova_compute_multipathd_enable|bool -%} - {%- set nova_compute_volumes = - nova_compute_volumes + - ['/etc/multipath:/etc/multipath:z'] + - ['/etc/multipath.conf:/etc/multipath.conf:ro'] -%} - {%- endif %} - {%- set nova_compute_volumes = - nova_compute_volumes + - edpm_nova_compute_logging_volumes -%} - {{ nova_compute_volumes }} -environment: - {% set nova_compute_env = edpm_nova_compute_opt_env_vars %} - {%- set _ = nova_compute_env.update({'KOLLA_CONFIG_STRATEGY':'COPY_ALWAYS'}) -%} - {%- set _ = nova_compute_env.update({'LIBGUESTFS_BACKEND':'direct'}) -%} - {{ nova_compute_env }} diff --git a/roles/edpm_nova_compute/templates/nova_compute_init_log.yaml.j2 b/roles/edpm_nova_compute/templates/nova_compute_init_log.yaml.j2 deleted file mode 100644 index 0e3e8b354..000000000 --- a/roles/edpm_nova_compute/templates/nova_compute_init_log.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -image: {{ edpm_nova_compute_container_image }} -net: none -privileged: false -user: root -volumes: - - /var/log/containers/nova:/var/log/nova:z -command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] -environment: - EDPM_DEPLOY_IDENTIFIER: {{ edpm_nova_compute_deploy_identifier }} diff --git a/roles/edpm_nova_compute/templates/nova_compute_statedir_owner.yaml.j2 b/roles/edpm_nova_compute/templates/nova_compute_statedir_owner.yaml.j2 deleted file mode 100644 index 8cf96188c..000000000 --- a/roles/edpm_nova_compute/templates/nova_compute_statedir_owner.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -image: {{ edpm_nova_compute_container_image }} -net: none -user: root -security_opt: - - label=disable -privileged: false -detach: false -volumes: - - /var/lib/nova:/var/lib/nova:shared - - /var/lib/_nova_secontext:/var/lib/_nova_secontext:shared,z - - /var/lib/container-config-scripts:/container-config-scripts:z -command: "python3 /container-config-scripts/nova_statedir_ownership.py" -environment: - EDPM_DEPLOY_IDENTIFIER: {{ edpm_nova_compute_deploy_identifier }} - __OS_DEBUG: {{ edpm_nova_compute_debug or edpm_debug }} - NOVA_STATEDIR_OWNERSHIP_SKIP: {{ edpm_nova_compute_statedir_ownership_skip | join(':') }} diff --git a/roles/edpm_nova_compute/templates/nova_wait_for_compute_service.yaml.j2 b/roles/edpm_nova_compute/templates/nova_wait_for_compute_service.yaml.j2 deleted file mode 100644 index 0542d74e6..000000000 --- a/roles/edpm_nova_compute/templates/nova_wait_for_compute_service.yaml.j2 +++ /dev/null @@ -1,17 +0,0 @@ -start_order: 4 -image: {{ edpm_nova_compute_container_image }} -user: nova -net: host -detach: false -volumes: - {% set nova_compute_volumes = [] %} - {%- set nova_compute_volumes = - nova_compute_volumes + - edpm_nova_compute_common_volumes + - ['/var/lib/kolla/config_files/nova_wait_for_compute_service.json:/var/lib/kolla/config_files/config.json:ro'] + - ['/var/lib/container-config-scripts:/container-config-scripts'] + - edpm_nova_compute_logging_volumes -%} - {{ nova_compute_volumes }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - __OS_DEBUG: {{ edpm_nova_compute_debug or edpm_debug }} diff --git a/roles/edpm_nova_compute/vars/main.yml b/roles/edpm_nova_compute/vars/main.yml deleted file mode 100644 index deb5df099..000000000 --- a/roles/edpm_nova_compute/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "edpm_nova_compute" diff --git a/roles/edpm_nova_libvirt/defaults/main.yml b/roles/edpm_nova_libvirt/defaults/main.yml deleted file mode 100644 index a2adbd878..000000000 --- a/roles/edpm_nova_libvirt/defaults/main.yml +++ /dev/null @@ -1,204 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should be placed in this file. - -# All variables within this role should have a prefix of "edpm_nova_libvirt" -edpm_nova_libvirt_rootless_podman: false -edpm_nova_libvirt_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}" -edpm_nova_libvirt_deploy_identifier: "{{ edpm_deploy_identifier | default('') }}" -edpm_nova_libvirt_hide_sensitive_logs: true -edpm_nova_libvirt_container_image: "quay.io/podified-antelope-centos9/openstack-nova-libvirt:current-podified" # role specific -edpm_nova_libvirt_container_config_image: "{{ edpm_nova_libvirt_container_image }}" # role specific -edpm_nova_libvirt_container_ulimit: ['nofile=131072', 'nproc=126960'] -edpm_nova_libvirt_container_pid: host -edpm_nova_libvirt_container_pids_limit: 65536 -edpm_nova_libvirt_ceph_config_path: "{{ - edpm_ceph_config_path | default('/var/lib/edpm-config/ceph', true) }}" -edpm_nova_libvirt_ceph_client_user_name: "{{ - edpm_ceph_client_user_name | default('openstack', true) }}" -edpm_nova_libvirt_enable_internal_tls: "{{ edpm_enable_internal_tls | default(false) }}" -edpm_nova_libvirt_use_tls_transport_for_live_migration: "{{ - edpm_use_tls_transport_for_live_migration | default(true) }}" -edpm_nova_libvirt_enable_rbd_backend: false # role specific -edpm_nova_libvirt_cinder_enable_rbd_backend: "{{ edpm_cinder_enable_rbd_backend | default(false) }}" -edpm_nova_libvirt_ceph_client_key: "{{ edpm_ceph_client_key | default('', true) }}" # sensitive data -edpm_nova_libvirt_ceph_cluster_fsid: "{{ edpm_ceph_cluster_fsid | default('', true) }}" -edpm_nova_libvirt_ceph_cluster_name: "{{ edpm_ceph_cluster_name | default('ceph', true) }}" -edpm_nova_libvirt_cinder_rbd_multi_config: "{{ edpm_cinder_rbd_multi_config | default({}, true) }}" -edpm_nova_libvirt_use_tls_transport_for_vnc: true -edpm_nova_libvirt_use_tls_transport_for_nbd: true -edpm_nova_libvirt_internal_tlsca_file: "{{ edpm_internal_tls_ca_file | default('/etc/ipa/ca.crt', true) }}" -edpm_nova_libvirt_libvirt_ca_cert_real: "{{ edpm_nova_libvirt_libvirt_ca_cert | default(edpm_nova_libvirt_internal_tlsca_file) }}" -edpm_nova_libvirt_qemu_ca_cert_real: "{{ edpm_nova_libvirt_qemu_ca_cert | default(edpm_nova_libvirt_internal_tlsca_file) }}" -edpm_nova_libvirt_certificate_key_size_real: "{{ - edpm_nova_libvirt_certificate_key_size | - default(edpm_certificate_key_size | - default('2048', true) - ) }}" -edpm_nova_libvirt_qemu_server_certificate_key_size_real: "{{ - edpm_nova_libvirt_qemu_server_certificate_key_size | - default(edpm_certificate_key_size | - default('2048', true) - ) }}" -edpm_nova_libvirt_qemu_client_certificate_key_size_real: "{{ - edpm_nova_libvirt_qemu_client_certificate_key_size | - default(edpm_certificate_key_size | - default('2048', true) - ) }}" -edpm_nova_libvirt_qemu_memory_backing_dir: "" # role specific -edpm_nova_libvirt_nova_compute_libvirt_type: kvm -edpm_nova_libvirt_enabled_perf_events: [] -edpm_nova_libvirt_monitoring_subscription: overcloud-nova-libvirt -edpm_nova_libvirt_migration_ssh_key: > - {{ edpm_migration_ssh_key | default({"public_key": "", "private_key": ""}, true) }} -edpm_nova_libvirt_migration_ssh_port: "{{ edpm_migration_ssh_port | default('2022'.true) }}" -edpm_nova_libvirt_tls_password: "" # sensitive, assert not empty -edpm_nova_libvirt_qemu_default_tls_verify: true - -# TODO(bogdando): config it with ansible, by converting logic implemented in tht with these hiera mappings: -edpm_nova_libvirt_manage_libvirt_services: false -edpm_nova_libvirt_migration_support: false -edpm_nova_libvirt_qemu_configure_qemu: true # dup for edpm_nova_libvirt_migration_qemu_configure_qemu in puppet/hiera -edpm_nova_libvirt_qemu_max_files: 32768 -edpm_nova_libvirt_qemu_max_processes: 131072 -edpm_nova_libvirt_migration_qemu_migration_port_min: 61152 -edpm_nova_libvirt_migration_qemu_migration_port_max: 61215 -edpm_nova_libvirt_migration_client_libvirt_enabled: true -# TODO(bogdando): use IP / FQDN on edpm_nova_libvirt_network -edpm_nova_libvirt_migration_libvirt_listen_address: 0.0.0.0 -edpm_nova_libvirt_migration_libvirt_live_migration_inbound_addr: "{{ ansible_facts['fqdn'] }}" -edpm_nova_libvirt_vncserver_listen: 0.0.0.0 -edpm_nova_libvirt_migration_client_libvirt_tls: "{{ - edpm_nova_libvirt_enable_internal_tls | bool and - edpm_nova_libvirt_use_tls_transport_for_live_migration | bool }}" -edpm_nova_libvirt_qemu_nbd_tls: &edpm_nova_libvirt_use_tls_for_nbd "{{ - edpm_nova_libvirt_enable_internal_tls | bool or - edpm_nova_libvirt_use_tls_transport_for_nbd | bool }}" -edpm_nova_libvirt_migration_libvirt_live_migration_with_native_tls: *edpm_nova_libvirt_use_tls_for_nbd -edpm_nova_libvirt_qemu_vnc_tls: &edpm_nova_libvirt_use_tls_for_vnc "{{ - edpm_nova_libvirt_enable_internal_tls | bool or - edpm_nova_libvirt_use_tls_transport_for_vnc | bool }}" -edpm_nova_libvirt_qemu_vnc_tls_verify: *edpm_nova_libvirt_use_tls_for_vnc -edpm_nova_libvirt_rbd_libvirt_images_rbd_ceph_conf: /etc/ceph/{{ edpm_nova_libvirt_ceph_cluster_name }}.conf -edpm_nova_libvirt_rbd_rbd_keyring: client.{{ edpm_nova_libvirt_ceph_client_user_name }} - -# Redundant mappings, keep it for validation to not complain about missing hiera mappings -# edpm_nova_libvirt_migration_client_ssh_private_key: "{{ edpm_nova_libvirt_migration_ssh_key.private_key }}" - -# FIXME(bogdando): monolithic libvirt is not supported, remove these once removed from puppet and tht -# but keep it for new for the mappings validations to not complain about missing hiera mappings -# edpm_nova_libvirt_modular_libvirt -# edpm_nova_libvirt_services_modular_libvirt -# edpm_nova_libvirt_migration_libvirt_modular_libvirt - -edpm_nova_libvirt_services: - - virtlogd - - virtsecretd - - virtnodedevd - - virtstoraged - - virtqemud - - virtproxyd - -# logging configuration options -edpm_nova_libvirt_virtlogd_log_filters: "1:logging 4:object 4:json 4:event 1:util" -edpm_nova_libvirt_virtsecretd_log_filters: &logfilters "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" -edpm_nova_libvirt_virtnodedevd_log_filters: *logfilters -edpm_nova_libvirt_virtstoraged_log_filters: *logfilters -edpm_nova_libvirt_virtqemud_log_filters: *logfilters -edpm_nova_libvirt_virtproxyd_log_filters: *logfilters -# a new one, for ansible config templates engine, has yet a tht mapping -edpm_nova_libvirt_virtnwfilterd_log_filters: *logfilters - -edpm_nova_libvirt_virtlogd_log_outputs: "1:file:/var/log/libvirt/virtlogd.log" -edpm_nova_libvirt_virtsecretd_log_outputs: "1:file:/var/log/libvirt/virtsecretd.log" -edpm_nova_libvirt_virtnodedevd_log_outputs: "1:file:/var/log/libvirt/virtnodedevd.log" -edpm_nova_libvirt_virtstoraged_log_outputs: "1:file:/var/log/libvirt/virtstoraged.log" -edpm_nova_libvirt_virtqemud_log_outputs: "1:file:/var/log/libvirt/virtqemud.log" -edpm_nova_libvirt_virtproxyd_log_outputs: "1:file:/var/log/libvirt/virtproxyd.log" -# a new one, for ansible config templates engine, has yet a tht mapping -edpm_nova_libvirt_virtnwfilterd_log_outputs: "1:file:/var/log/libvirt/virtnwfilterd.log" - -edpm_nova_libvirt_tls_priority: "NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2" -edpm_nova_libvirt_opt_volumes: [] # role specific -edpm_nova_libvirt_rbd_disk_cachemodes: "{{ - edpm_rbd_disk_cachemodes | - default(['network=writeback'], true) }}" -edpm_nova_libvirt_network: internal_api -edpm_nova_libvirt_idm_realm: "{{ - edpm_idm_realm | - default( - lookup('ini', 'realm default=DEFAULT section=global file=/etc/ipa/default.conf') - ) }}" - -edpm_nova_libvirt_config_use_ansible: true -edpm_nova_libvirt_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt - -# TODO: align with facts set for https://review.opendev.org/839762 -edpm_nova_libvirt_common_volumes: - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /run:/run - - /sys/fs/cgroup:/sys/fs/cgroup - - /sys/fs/selinux:/sys/fs/selinux - - /etc/selinux/config:/etc/selinux/config:ro - - /etc/libvirt:/etc/libvirt:shared - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - - /run/libvirt:/run/libvirt:shared - - /var/lib/nova:/var/lib/nova:shared - - /var/lib/libvirt:/var/lib/libvirt:shared - - /var/cache/libvirt:/var/cache/libvirt:shared - - /var/lib/vhost_sockets:/var/lib/vhost_sockets - - /var/log/containers/libvirt:/var/log/libvirt:shared,z # +qemu subdir - - "{{ edpm_nova_libvirt_config_dir ~ - ':/var/lib/kolla/config_files/src:ro' }}" - -edpm_nova_libvirt_internal_tls_volumes: "{{ - edpm_nova_libvirt_enable_internal_tls | - ternary( - ['/etc/pki/CA/cacert.pem:/etc/pki/CA/cacert.pem:ro', - '/etc/pki/libvirt:/etc/pki/libvirt:ro', - '/etc/pki/qemu:/etc/pki/qemu:ro'], - []) }}" - -edpm_nova_libvirt_qemu_memory_backing_dir_volumes: "{{ - edpm_nova_libvirt_qemu_memory_backing_dir | - ternary( - [edpm_nova_libvirt_qemu_memory_backing_dir ~ ':' - ~ edpm_nova_libvirt_qemu_memory_backing_dir], - []) }}" - -edpm_nova_libvirt_ceph_volumes: - - "{{ edpm_nova_libvirt_ceph_config_path ~ - ':/var/lib/kolla/config_files/src-ceph:ro' }}" - -# TODO: restore facts and volumes for Ceph multiconfig info, keyring paths, -# Kolla permissions - and use the latter for actual kolla permissions -edpm_nova_libvirt_volumes: "{{ - edpm_container_standalone_volumes | default([]) + - edpm_nova_libvirt_common_volumes + - edpm_nova_libvirt_internal_tls_volumes + - edpm_nova_libvirt_qemu_memory_backing_dir_volumes + - edpm_nova_libvirt_ceph_volumes + - edpm_nova_libvirt_opt_volumes }}" - -# TODO(bogdando): implement edpm_nova_libvirt_config, like we do for nova compute -# but also supporting '' empty config section, like its puppet providers -edpm_nova_libvirt_config: - virtnwfilterd: - log_filters: '{{ edpm_nova_libvirt_virtnwfilterd_log_filters }}' - log_outputs: '{{ edpm_nova_libvirt_virtnwfilterd_log_outputs }}' diff --git a/roles/edpm_nova_libvirt/files/nova_libvirt_init_secret.sh b/roles/edpm_nova_libvirt/files/nova_libvirt_init_secret.sh deleted file mode 100755 index a84d2bf0b..000000000 --- a/roles/edpm_nova_libvirt/files/nova_libvirt_init_secret.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash - -set -e - -CEPH_INFO=($*) - -if [ -z "$CEPH_INFO" ]; then - echo "error: At least one CLUSTER:CLIENT tuple must be specified" - exit 1 -fi - -echo "------------------------------------------------" -echo "Initializing virsh secrets for: ${CEPH_INFO[@]}" - -for INFO in ${CEPH_INFO[@]}; do - IFS=: read CLUSTER CLIENT <<< $INFO - if [ ! -f /etc/ceph/${CLUSTER}.conf ]; then - echo "Error: /etc/ceph/${CLUSTER}.conf was not found" - echo "Path to nova_libvirt_init_secret was ${CEPH_INFO}" - exit 1 - fi - FSID=$(awk '$1 == "fsid" {print $3}' /etc/ceph/${CLUSTER}.conf) - if [ -z "${FSID}" ]; then - echo "Error: /etc/ceph/${CLUSTER}.conf contained an empty fsid definition" - echo "Check your ceph configuration" - exit 1 - fi - - echo "--------" - echo "Initializing the virsh secret for '$CLUSTER' cluster ($FSID) '$CLIENT' client" - - # Ensure the secret XML file exists. - # If the edpm_nova_libvirt role is used standalone without puppet, then - # secret.xml won't exist. Create the first cluster's secret with this script. - if [ ! -f "/etc/nova/secret.xml" ]; then - HAVE_FIRST_SECRET=0 - SECRET_FILE="/etc/nova/secret.xml" - SECRET_NAME="client.${CLIENT} secret" - else - HAVE_FIRST_SECRET=1 # either puppet or this script created it - fi - # If puppet, or this script created, a secret.xml file for the - # first cluster's secret, detect when to use that file. - if [ $HAVE_FIRST_SECRET -eq 1 ]; then - if grep -q $FSID /etc/nova/secret.xml; then - SECRET_FILE="/etc/nova/secret.xml" - SECRET_NAME="client.${CLIENT} secret" - else - SECRET_FILE="/etc/nova/${CLUSTER}-secret.xml" - SECRET_NAME="${CLUSTER}.client.${CLIENT} secret" - fi - fi - - if [ ! -f $SECRET_FILE ]; then - echo "Creating $SECRET_FILE" - cat < $SECRET_FILE - - - ${SECRET_NAME} - - ${FSID} - -EOF - else - echo "The $SECRET_FILE file already exists" - fi - - # Ensure the libvirt secret is defined - if /usr/bin/virsh secret-list | grep -q $FSID; then - echo "The virsh secret for $FSID has already been defined" - else - /usr/bin/virsh secret-define --file $SECRET_FILE - fi - - # Fetch the key from the keyring and ensure the secret is set - KEY=$(awk '$1 == "key" {print $3}' /etc/ceph/${CLUSTER}.client.${CLIENT}.keyring) - if /usr/bin/virsh secret-get-value $FSID 2>/dev/null | grep -q $KEY; then - echo "The virsh secret for $FSID has already been set" - else - /usr/bin/virsh secret-set-value --secret $FSID --base64 $KEY - fi -done diff --git a/roles/edpm_nova_libvirt/files/nova_libvirt_init_secret.yaml b/roles/edpm_nova_libvirt/files/nova_libvirt_init_secret.yaml deleted file mode 100644 index 389559745..000000000 --- a/roles/edpm_nova_libvirt/files/nova_libvirt_init_secret.yaml +++ /dev/null @@ -1 +0,0 @@ -#TBD as kolla config diff --git a/roles/edpm_nova_libvirt/files/nova_virtlogd.yaml b/roles/edpm_nova_libvirt/files/nova_virtlogd.yaml deleted file mode 100644 index 80a6cd271..000000000 --- a/roles/edpm_nova_libvirt/files/nova_virtlogd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/roles/edpm_nova_libvirt/files/nova_virtnodedevd.yaml b/roles/edpm_nova_libvirt/files/nova_virtnodedevd.yaml deleted file mode 100644 index b83224458..000000000 --- a/roles/edpm_nova_libvirt/files/nova_virtnodedevd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtnodedevd --config /etc/libvirt/virtnodedevd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/roles/edpm_nova_libvirt/files/nova_virtproxyd.yaml b/roles/edpm_nova_libvirt/files/nova_virtproxyd.yaml deleted file mode 100644 index 1640f3b42..000000000 --- a/roles/edpm_nova_libvirt/files/nova_virtproxyd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtproxyd --config /etc/libvirt/virtproxyd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/roles/edpm_nova_libvirt/files/nova_virtqemud.yaml b/roles/edpm_nova_libvirt/files/nova_virtqemud.yaml deleted file mode 100644 index 53035f62f..000000000 --- a/roles/edpm_nova_libvirt/files/nova_virtqemud.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtqemud --config /etc/libvirt/virtqemud.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/roles/edpm_nova_libvirt/files/nova_virtsecretd.yaml b/roles/edpm_nova_libvirt/files/nova_virtsecretd.yaml deleted file mode 100644 index 01d93fe58..000000000 --- a/roles/edpm_nova_libvirt/files/nova_virtsecretd.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtsecretd --config /etc/libvirt/virtsecretd.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/roles/edpm_nova_libvirt/files/nova_virtstoraged.yaml b/roles/edpm_nova_libvirt/files/nova_virtstoraged.yaml deleted file mode 100644 index f3e5ae8d2..000000000 --- a/roles/edpm_nova_libvirt/files/nova_virtstoraged.yaml +++ /dev/null @@ -1,11 +0,0 @@ -command: /usr/sbin/virtstoraged --config /etc/libvirt/virtstoraged.conf -config_files: - - source: "/var/lib/kolla/config_files/src/*" - dest: "/" - merge: true - preserve_properties: true - - source: "/var/lib/kolla/config_files/src-ceph/" - dest: "/etc/ceph/" - merge: true - preserve_properties: true -permissions: [] diff --git a/roles/edpm_nova_libvirt/handlers/main.yml b/roles/edpm_nova_libvirt/handlers/main.yml deleted file mode 100644 index ad7b502fe..000000000 --- a/roles/edpm_nova_libvirt/handlers/main.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Remove nova_libvirt_config container - ansible.builtin.shell: podman rm -f nova_libvirt_config - changed_when: false - failed_when: false diff --git a/roles/edpm_nova_libvirt/meta/argument_specs.yml b/roles/edpm_nova_libvirt/meta/argument_specs.yml deleted file mode 100644 index ac302e0b8..000000000 --- a/roles/edpm_nova_libvirt/meta/argument_specs.yml +++ /dev/null @@ -1,369 +0,0 @@ ---- -argument_specs: - # ./roles/edpm_nova_libvirt/tasks/main.yml entry point - main: - short_description: The main entry point for the edpm_nova_libvirt role. - options: - edpm_nova_libvirt_ceph_client_key: - default: '{{ edpm_ceph_client_key | default('''', true) }}' - description: '' - type: str - edpm_nova_libvirt_ceph_client_user_name: - default: '{{ edpm_ceph_client_user_name | default(''openstack'', true) }}' - description: '' - type: str - edpm_nova_libvirt_ceph_cluster_fsid: - default: '{{ edpm_ceph_cluster_fsid | default('''', true) }}' - description: '' - type: str - edpm_nova_libvirt_ceph_cluster_name: - default: '{{ edpm_ceph_cluster_name | default(''ceph'', true) }}' - description: '' - type: str - edpm_nova_libvirt_ceph_config_path: - default: '{{ edpm_ceph_config_path | default(''/var/lib/edpm-config/ceph'', true) - }}' - description: '' - type: str - edpm_nova_libvirt_ceph_volumes: - default: - - '{{ edpm_nova_libvirt_ceph_config_path ~ '':/var/lib/kolla/config_files/src-ceph:ro'' - }}' - description: '' - type: list - edpm_nova_libvirt_certificate_key_size_real: - default: '{{ edpm_nova_libvirt_certificate_key_size | default(edpm_certificate_key_size - | default(''2048'', true) ) }}' - description: '' - type: str - edpm_nova_libvirt_cinder_enable_rbd_backend: - default: '{{ edpm_cinder_enable_rbd_backend | default(false) }}' - description: '' - type: str - edpm_nova_libvirt_cinder_rbd_multi_config: - default: '{{ edpm_cinder_rbd_multi_config | default({}, true) }}' - description: '' - type: str - edpm_nova_libvirt_common_volumes: - default: - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /run:/run - - /sys/fs/cgroup:/sys/fs/cgroup - - /sys/fs/selinux:/sys/fs/selinux - - /etc/selinux/config:/etc/selinux/config:ro - - /etc/libvirt:/etc/libvirt:shared - - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro - - /run/libvirt:/run/libvirt:shared - - /var/lib/nova:/var/lib/nova:shared - - /var/lib/libvirt:/var/lib/libvirt:shared - - /var/cache/libvirt:/var/cache/libvirt:shared - - /var/lib/vhost_sockets:/var/lib/vhost_sockets - - /var/log/containers/libvirt:/var/log/libvirt:shared,z - - '{{ edpm_nova_libvirt_config_dir ~ '':/var/lib/kolla/config_files/src:ro'' }}' - description: '' - type: list - edpm_nova_libvirt_config: - default: - virtnwfilterd: - log_filters: '{{ edpm_nova_libvirt_virtnwfilterd_log_filters }}' - log_outputs: '{{ edpm_nova_libvirt_virtnwfilterd_log_outputs }}' - description: '' - type: dict - edpm_nova_libvirt_config_dir: - default: /var/lib/config-data/ansible-generated/nova_libvirt - description: '' - type: str - edpm_nova_libvirt_config_use_ansible: - default: true - description: '' - type: bool - edpm_nova_libvirt_container_config_image: - default: '{{ edpm_nova_libvirt_container_image }}' - description: '' - type: str - edpm_nova_libvirt_container_image: - default: quay.io/podified-antelope-centos9/openstack-nova-libvirt:current-podified - description: '' - type: str - edpm_nova_libvirt_container_pid: - default: host - description: '' - type: str - edpm_nova_libvirt_container_pids_limit: - default: 65536 - description: '' - type: int - edpm_nova_libvirt_container_ulimit: - default: - - nofile=131072 - - nproc=126960 - description: '' - type: list - edpm_nova_libvirt_deploy_identifier: - default: '{{ edpm_deploy_identifier | default('''') }}' - description: '' - type: str - edpm_nova_libvirt_enable_internal_tls: - default: '{{ edpm_enable_internal_tls | default(false) }}' - description: '' - type: str - edpm_nova_libvirt_enable_rbd_backend: - default: false - description: '' - type: bool - edpm_nova_libvirt_enabled_perf_events: - default: [] - description: '' - type: list - edpm_nova_libvirt_hide_sensitive_logs: - default: true - description: '' - type: bool - edpm_nova_libvirt_idm_realm: - default: '{{ edpm_idm_realm | default( lookup(''ini'', ''realm default=DEFAULT section=global - file=/etc/ipa/default.conf'') ) }}' - description: '' - type: str - edpm_nova_libvirt_internal_tls_volumes: - default: '{{ edpm_nova_libvirt_enable_internal_tls | ternary( [''/etc/pki/CA/cacert.pem:/etc/pki/CA/cacert.pem:ro'', - ''/etc/pki/libvirt:/etc/pki/libvirt:ro'', ''/etc/pki/qemu:/etc/pki/qemu:ro''], - []) }}' - description: '' - type: str - edpm_nova_libvirt_internal_tlsca_file: - default: '{{ edpm_internal_tls_ca_file | default(''/etc/ipa/ca.crt'', true) }}' - description: '' - type: str - edpm_nova_libvirt_libvirt_ca_cert_real: - default: '{{ edpm_nova_libvirt_libvirt_ca_cert | default(edpm_nova_libvirt_internal_tlsca_file) - }}' - description: '' - type: str - edpm_nova_libvirt_manage_libvirt_services: - default: false - description: '' - type: bool - edpm_nova_libvirt_migration_client_libvirt_enabled: - default: true - description: '' - type: bool - edpm_nova_libvirt_migration_client_libvirt_tls: - default: false - description: '' - type: bool - edpm_nova_libvirt_migration_libvirt_listen_address: - default: 0.0.0.0 - description: '' - type: str - edpm_nova_libvirt_migration_libvirt_live_migration_inbound_addr: - default: '{{ ansible_facts[''fqdn''] }}' - description: '' - type: str - edpm_nova_libvirt_migration_libvirt_live_migration_with_native_tls: - default: true - description: '' - type: bool - edpm_nova_libvirt_migration_qemu_migration_port_max: - default: 61215 - description: '' - type: int - edpm_nova_libvirt_migration_qemu_migration_port_min: - default: 61152 - description: '' - type: int - edpm_nova_libvirt_migration_ssh_key: - default: '{{ edpm_migration_ssh_key | default({"public_key": "", "private_key": - ""}, true) }} - - ' - description: '' - type: str - edpm_nova_libvirt_migration_ssh_port: - default: '{{ edpm_migration_ssh_port | default(''2022''.true) }}' - description: '' - type: str - edpm_nova_libvirt_migration_support: - default: false - description: '' - type: bool - edpm_nova_libvirt_monitoring_subscription: - default: overcloud-nova-libvirt - description: '' - type: str - edpm_nova_libvirt_network: - default: internal_api - description: '' - type: str - edpm_nova_libvirt_nova_compute_libvirt_type: - default: kvm - description: '' - type: str - edpm_nova_libvirt_opt_volumes: - default: [] - description: '' - type: list - edpm_nova_libvirt_qemu_ca_cert_real: - default: '{{ edpm_nova_libvirt_qemu_ca_cert | default(edpm_nova_libvirt_internal_tlsca_file) - }}' - description: '' - type: str - edpm_nova_libvirt_qemu_client_certificate_key_size_real: - default: '{{ edpm_nova_libvirt_qemu_client_certificate_key_size | default(edpm_certificate_key_size - | default(''2048'', true) ) }}' - description: '' - type: str - edpm_nova_libvirt_qemu_configure_qemu: - default: true - description: '' - type: bool - edpm_nova_libvirt_qemu_default_tls_verify: - default: true - description: '' - type: bool - edpm_nova_libvirt_qemu_max_files: - default: 32768 - description: '' - type: int - edpm_nova_libvirt_qemu_max_processes: - default: 131072 - description: '' - type: int - edpm_nova_libvirt_qemu_memory_backing_dir: - default: '' - description: '' - type: str - edpm_nova_libvirt_qemu_memory_backing_dir_volumes: - default: '{{ edpm_nova_libvirt_qemu_memory_backing_dir | ternary( [edpm_nova_libvirt_qemu_memory_backing_dir - ~ '':'' ~ edpm_nova_libvirt_qemu_memory_backing_dir], []) }}' - description: '' - type: str - edpm_nova_libvirt_qemu_nbd_tls: - default: true - description: '' - type: bool - edpm_nova_libvirt_qemu_server_certificate_key_size_real: - default: '{{ edpm_nova_libvirt_qemu_server_certificate_key_size | default(edpm_certificate_key_size - | default(''2048'', true) ) }}' - description: '' - type: str - edpm_nova_libvirt_qemu_vnc_tls: - default: true - description: '' - type: bool - edpm_nova_libvirt_qemu_vnc_tls_verify: - default: true - description: '' - type: bool - edpm_nova_libvirt_rbd_disk_cachemodes: - default: '{{ edpm_rbd_disk_cachemodes | default([''network=writeback''], true) }}' - description: '' - type: str - edpm_nova_libvirt_rbd_libvirt_images_rbd_ceph_conf: - default: /etc/ceph/{{ edpm_nova_libvirt_ceph_cluster_name }}.conf - description: '' - type: str - edpm_nova_libvirt_rbd_rbd_keyring: - default: client.{{ edpm_nova_libvirt_ceph_client_user_name }} - description: '' - type: str - edpm_nova_libvirt_rootless_podman: - default: false - description: '' - type: bool - edpm_nova_libvirt_services: - default: - - virtlogd - - virtsecretd - - virtnodedevd - - virtstoraged - - virtqemud - - virtproxyd - description: '' - type: list - edpm_nova_libvirt_tls_password: - default: '' - description: '' - type: str - edpm_nova_libvirt_tls_priority: - default: NORMAL:-VERS-SSL3.0:-VERS-TLS-ALL:+VERS-TLS1.2 - description: '' - type: str - edpm_nova_libvirt_use_tls_transport_for_live_migration: - default: '{{ edpm_use_tls_transport_for_live_migration | default(true) }}' - description: '' - type: str - edpm_nova_libvirt_use_tls_transport_for_nbd: - default: true - description: '' - type: bool - edpm_nova_libvirt_use_tls_transport_for_vnc: - default: true - description: '' - type: bool - edpm_nova_libvirt_virtlogd_log_filters: - default: 1:logging 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtlogd_log_outputs: - default: 1:file:/var/log/libvirt/virtlogd.log - description: '' - type: str - edpm_nova_libvirt_virtnodedevd_log_filters: - default: 1:qemu 1:libvirt 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtnodedevd_log_outputs: - default: 1:file:/var/log/libvirt/virtnodedevd.log - description: '' - type: str - edpm_nova_libvirt_virtnwfilterd_log_filters: - default: 1:qemu 1:libvirt 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtnwfilterd_log_outputs: - default: 1:file:/var/log/libvirt/virtnwfilterd.log - description: '' - type: str - edpm_nova_libvirt_virtproxyd_log_filters: - default: 1:qemu 1:libvirt 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtproxyd_log_outputs: - default: 1:file:/var/log/libvirt/virtproxyd.log - description: '' - type: str - edpm_nova_libvirt_virtqemud_log_filters: - default: 1:qemu 1:libvirt 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtqemud_log_outputs: - default: 1:file:/var/log/libvirt/virtqemud.log - description: '' - type: str - edpm_nova_libvirt_virtsecretd_log_filters: - default: 1:qemu 1:libvirt 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtsecretd_log_outputs: - default: 1:file:/var/log/libvirt/virtsecretd.log - description: '' - type: str - edpm_nova_libvirt_virtstoraged_log_filters: - default: 1:qemu 1:libvirt 4:object 4:json 4:event 1:util - description: '' - type: str - edpm_nova_libvirt_virtstoraged_log_outputs: - default: 1:file:/var/log/libvirt/virtstoraged.log - description: '' - type: str - edpm_nova_libvirt_vncserver_listen: - default: 0.0.0.0 - description: '' - type: str - edpm_nova_libvirt_volumes: - default: '{{ edpm_container_standalone_volumes | default([]) + edpm_nova_libvirt_common_volumes - + edpm_nova_libvirt_internal_tls_volumes + edpm_nova_libvirt_qemu_memory_backing_dir_volumes - + edpm_nova_libvirt_ceph_volumes + edpm_nova_libvirt_opt_volumes }}' - description: '' - type: str diff --git a/roles/edpm_nova_libvirt/meta/main.yml b/roles/edpm_nova_libvirt/meta/main.yml deleted file mode 100644 index 343626970..000000000 --- a/roles/edpm_nova_libvirt/meta/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -galaxy_info: - author: OpenStack - description: EDPM OpenStack Role -- edpm_nova_libvirt - company: Red Hat - license: Apache-2.0 - min_ansible_version: '2.9' - namespace: openstack - # - # Provide a list of supported platforms, and for each platform a list of versions. - # If you don't wish to enumerate all versions for a particular platform, use 'all'. - # To view available platforms and versions (or releases), visit: - # https://galaxy.ansible.com/api/v1/platforms/ - # - platforms: - - name: 'EL' - versions: - - '8' - - '9' - - galaxy_tags: - - edpm diff --git a/roles/edpm_nova_libvirt/molecule/configure/molecule.yml b/roles/edpm_nova_libvirt/molecule/configure/molecule.yml deleted file mode 100644 index c3bdaec47..000000000 --- a/roles/edpm_nova_libvirt/molecule/configure/molecule.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - # it starts podman containers to create configs, cannot use podman driver - name: delegated - options: - ansible_connection_options: - ansible_connection: local - ansible_host: localhost - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: configure - test_sequence: - - destroy - - create - - prepare - - converge - # TODO(bogdando): enable this after edpm ansible config template engine - # becomes idempotent - #- idempotence - - check - - verify - - destroy diff --git a/roles/edpm_nova_libvirt/molecule/configure/test_vars.yml b/roles/edpm_nova_libvirt/molecule/configure/test_vars.yml deleted file mode 100644 index a4ff4f9d6..000000000 --- a/roles/edpm_nova_libvirt/molecule/configure/test_vars.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# A test case to install, configure containers (do not run it), -# then to check a virtqemud container config -config: - - name: /var/lib/config-data/ansible-generated/nova_libvirt/etc/libvirt/virtqemud.conf - expected_lines: - - unix_sock_group = 'libvirt' - - unix_sock_ro_perms = '0444' - - unix_sock_rw_perms = '0770' - - auth_unix_ro = 'none' - - auth_unix_rw = 'none' - - log_filters = '1:qemu 1:libvirt 4:object 4:json 4:event 1:util' - - log_outputs = '1:file:/var/log/libvirt/virtqemud.log' -molecule_tags_enforce: false -test_tags: - - install - - configure -test_skip_tags: - - run diff --git a/roles/edpm_nova_libvirt/molecule/default/collections.yml b/roles/edpm_nova_libvirt/molecule/default/collections.yml deleted file mode 100644 index 424ad60b8..000000000 --- a/roles/edpm_nova_libvirt/molecule/default/collections.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -collections: -- name: community.general diff --git a/roles/edpm_nova_libvirt/molecule/default/molecule.yml b/roles/edpm_nova_libvirt/molecule/default/molecule.yml deleted file mode 100644 index 40494c6cb..000000000 --- a/roles/edpm_nova_libvirt/molecule/default/molecule.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -dependency: - name: galaxy - options: - role-file: collections.yml -driver: - name: podman -platforms: -- command: /sbin/init - dockerfile: ../../../../molecule/common/Containerfile.j2 - image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} - name: instance - privileged: true - registry: - url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} - ulimits: - - host -provisioner: - log: true - name: ansible - playbooks: - converge: ${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml - prepare: ${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml - verify: ${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml -scenario: - name: default - test_sequence: - - destroy - - create - - prepare - - converge - - idempotence - - check - - verify - - destroy -verifier: - name: ansible diff --git a/roles/edpm_nova_libvirt/molecule/default/prepare.yml b/roles/edpm_nova_libvirt/molecule/default/prepare.yml deleted file mode 100644 index eb69db884..000000000 --- a/roles/edpm_nova_libvirt/molecule/default/prepare.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -# Copyright 2023 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -- name: Prepare test_deps - hosts: all - roles: - - role: ../../../../molecule/common/test_deps diff --git a/roles/edpm_nova_libvirt/molecule/default/test_vars.yml b/roles/edpm_nova_libvirt/molecule/default/test_vars.yml deleted file mode 100644 index 30b8ad876..000000000 --- a/roles/edpm_nova_libvirt/molecule/default/test_vars.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# A test case to install only, no special checks but idempotence -test_skip_tags: - - configure - - run -test_tags: - - install -molecule_tags_enforce: false diff --git a/roles/edpm_nova_libvirt/molecule/run/molecule.yml b/roles/edpm_nova_libvirt/molecule/run/molecule.yml deleted file mode 100644 index e4066a81b..000000000 --- a/roles/edpm_nova_libvirt/molecule/run/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: delegated # cannot start containers from podman container - options: - ansible_connection_options: - ansible_connection: local - ansible_host: localhost - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: run - test_sequence: - - destroy - - create - - prepare - - converge - # TODO(bogdando): enable this after edpm container manager tasks - # become idempotent - #- idempotence - - check - - verify - - destroy diff --git a/roles/edpm_nova_libvirt/molecule/run/test_vars.yml b/roles/edpm_nova_libvirt/molecule/run/test_vars.yml deleted file mode 100644 index 15479ced4..000000000 --- a/roles/edpm_nova_libvirt/molecule/run/test_vars.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# A test case to install, configure all, then run all libvirt containers -# No config checks as libvirt containers got same config files generated diff --git a/roles/edpm_nova_libvirt/molecule/run_virtqemud/molecule.yml b/roles/edpm_nova_libvirt/molecule/run_virtqemud/molecule.yml deleted file mode 100644 index 913266c15..000000000 --- a/roles/edpm_nova_libvirt/molecule/run_virtqemud/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: delegated # cannot start containers from podman container - options: - ansible_connection_options: - ansible_connection: local - ansible_host: localhost - -provisioner: - playbooks: - prepare: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/prepare.yml" - verify: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/verify.yml" - converge: "${MOLECULE_SCENARIO_DIRECTORY}/../../resources/molecule/converge.yml" - -scenario: - name: run_virtqemud - test_sequence: - - destroy - - create - - prepare - - converge - # TODO(bogdando): enable this after edpm container manager tasks - # become idempotent - #- idempotence - - check - - verify - - destroy diff --git a/roles/edpm_nova_libvirt/molecule/run_virtqemud/test_vars.yml b/roles/edpm_nova_libvirt/molecule/run_virtqemud/test_vars.yml deleted file mode 100644 index 170c8e831..000000000 --- a/roles/edpm_nova_libvirt/molecule/run_virtqemud/test_vars.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# A test case to install, configure all, then run a virtqemud container -# and check its edpm configs -config: - - name: /var/lib/edpm-config/container-startup-config/nova_libvirt/nova_virtqemud.json - expected_lines: - - ' "image": "quay.io/podified-antelope-centos9/openstack-nova-libvirt:current-podified",' - - ' "nofile=131072",' - - ' "nproc=126960"' - - ' "pids_limit": 65536,' - - name: /var/lib/kolla/config_files/nova_virtqemud.json - expected_lines: - - ' "command": "/usr/sbin/virtqemud --config /etc/libvirt/virtqemud.conf",' -edpm_container_standalone_container_defs: - nova_virtqemud: "{{ lookup('template', 'nova_virtqemud.yaml.j2') | from_yaml }}" -edpm_container_standalone_kolla_config_files: - nova_virtqemud: "{{ lookup('file', 'files/nova_virtqemud.yaml') | from_yaml }}" diff --git a/roles/edpm_nova_libvirt/resources/molecule/converge.yml b/roles/edpm_nova_libvirt/resources/molecule/converge.yml deleted file mode 100644 index aecfabf49..000000000 --- a/roles/edpm_nova_libvirt/resources/molecule/converge.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Converge - hosts: all - become: true - vars_files: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - pre_tasks: - - name: Importing test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - tasks: - - name: Execute test case tasks - include_role: - name: osp.edpm.edpm_nova_libvirt - tasks_from: "{{ test_task | default('main.yml') }}" - tags: "{{ test_tags | default(omit) }}" diff --git a/roles/edpm_nova_libvirt/resources/molecule/prepare.yml b/roles/edpm_nova_libvirt/resources/molecule/prepare.yml deleted file mode 100644 index 92f1c02de..000000000 --- a/roles/edpm_nova_libvirt/resources/molecule/prepare.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - roles: - - role: ../../../../molecule/common/test_deps - test_deps_setup_edpm: true - - role: osp.edpm.env_data diff --git a/roles/edpm_nova_libvirt/resources/molecule/print_conf_content.yml b/roles/edpm_nova_libvirt/resources/molecule/print_conf_content.yml deleted file mode 100644 index 52b8341bf..000000000 --- a/roles/edpm_nova_libvirt/resources/molecule/print_conf_content.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: Debug - getting content of configs - command: grep -E '^[^#]' {{ item.name }} - register: _conf_content - loop: "{{ _configs }}" - -- name: Set facts for configs, expected lines and contents - set_fact: - _verify_content: "{{ _conf_content.results | map(attribute='stdout_lines') | list }}" - _verify_expected: "{{ _conf_content.results | map(attribute='item') | map(attribute='expected_lines') | list }}" - _verify_configs: "{{ _conf_content.results | map(attribute='item') | map(attribute='name') | list }}" - -- name: Debug - printing expected lines and actual configs contents - vars: - context: "{{ _verify_expected | zip(_verify_content) }}" - debug: - var: dict(_verify_configs|zip(context)) diff --git a/roles/edpm_nova_libvirt/resources/molecule/verify.yml b/roles/edpm_nova_libvirt/resources/molecule/verify.yml deleted file mode 100644 index acd8cb48c..000000000 --- a/roles/edpm_nova_libvirt/resources/molecule/verify.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Verify - hosts: all - become: true - gather_facts: false - any_errors_fatal: false - pre_tasks: - - name: Import test_vars - include_vars: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/test_vars.yml" - tasks: - - name: Validate configuration - when: config is defined and config - block: - - name: Check if changes applied to config files - lineinfile: - path: "{{ _conf.0.name }}" - line: "{{ _conf.1 }}" - state: present - check_mode: true - register: _conf_result - failed_when: _conf_result is changed or _conf_result is failed - with_subelements: - - "{{ config }}" - - expected_lines - loop_control: - loop_var: _conf - rescue: - - name: Output config - include_tasks: print_conf_content.yml - loop: - - "{{ config }}" - loop_control: - loop_var: _configs - - - name: Print failed lines - fail: - msg: | - - "FAILED: Not found in {{_entry.path}}: {{_entry.line}}" - failed_when: true - loop: "{{ _conf_result.results | selectattr('failed', 'equalto', true) | map(attribute='invocation') | map(attribute='module_args') }}" - loop_control: - loop_var: _entry - - - name: Debug - Scenario name - debug: - var: molecule_yml.scenario.name diff --git a/roles/edpm_nova_libvirt/tasks/configure.yml b/roles/edpm_nova_libvirt/tasks/configure.yml deleted file mode 100644 index 0af2cffb7..000000000 --- a/roles/edpm_nova_libvirt/tasks/configure.yml +++ /dev/null @@ -1,208 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Set facts for conditions - ansible.builtin.set_fact: - edpm_nova_libvirt_need_libvirt_secret: "{{ - edpm_nova_libvirt_enable_rbd_backend | bool or - edpm_nova_libvirt_cinder_enable_rbd_backend | bool }}" - -- name: Set facts for Ceph multiconfig keyring paths - vars: - _keyrings: - - "{{ edpm_nova_libvirt_ceph_cluster_name }}.client.{{ edpm_nova_libvirt_ceph_client_user_name }}.keyring" - ansible.builtin.set_fact: - edpm_nova_libvirt_ceph_multiconfig_keyrings: "{{ edpm_nova_libvirt_ceph_multiconfig_keyrings | default([]) + - [item.value['CephClusterName'] | default(edpm_nova_libvirt_ceph_cluster_name) ~ '.client.' ~ - item.value['CephClientUserName'] | default(edpm_nova_libvirt_ceph_client_user_name) ~ '.keyring'] }}" - with_items: "{{ (_keyrings + edpm_nova_libvirt_cinder_rbd_multi_config | dict2items) | unique }}" - -- name: Set facts for Ceph multiconfig Kolla permissions - ansible.builtin.set_fact: - edpm_nova_libvirt_ceph_multiconfig_permissions: "{{ edpm_nova_libvirt_ceph_multiconfig_permissions | default([]) + - [{'owner': 'nova:nova', 'perm': '0600', 'path': '/etc/ceph/' ~ item}] }}" - with_items: "{{ edpm_nova_libvirt_ceph_multiconfig_keyrings }}" - -- name: Set facts for Ceph multiconfig info - vars: - _multiconfig_info: - - "{{ edpm_nova_libvirt_ceph_cluster_name }}:{{ edpm_nova_libvirt_ceph_client_user_name }}" - ansible.builtin.set_fact: - edpm_nova_libvirt_ceph_multiconfig_info: "{{ edpm_nova_libvirt_ceph_multiconfig_info | default([]) + - [item.value['CephClusterName'] | default(edpm_nova_libvirt_ceph_cluster_name) ~ ':' ~ - item.value['CephClientUserName'] | default(edpm_nova_libvirt_ceph_client_user_name)] }}" - with_items: "{{ (_multiconfig_info + edpm_nova_libvirt_cinder_rbd_multi_config | dict2items) | unique }}" - -- name: Certificate generation for Nova Libvirt and QEMU - when: edpm_nova_libvirt_enable_internal_tls|bool - block: - - name: Create dirs for certificates and keys - ansible.builtin.file: - path: "{{ item }}" - state: directory - serole: object_r - setype: cert_t - seuser: system_u - with_items: - - '/etc/pki/libvirt' - - '/etc/pki/libvirt/private' - - '/etc/pki/qemu' - - name: Create certificates - ansible.builtin.include_role: - name: linux-system-roles.certificate - vars: - certificate_requests: - - name: libvirt-server-cert - dns: "{{ edpm_nova_libvirt_network }}" - principal: libvirt/{{ edpm_nova_libvirt_network }}@{{ edpm_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to libvirt dirs - cp {{ edpm_nova_libvirt_libvirt_ca_cert_real }} /etc/pki/CA/cacert.pem - chown root:root /etc/pki/CA/cacert.pem - chmod 644 /etc/pki/CA/cacert.pem - cp /etc/pki/tls/certs/libvirt-server-cert.crt /etc/pki/libvirt/servercert.pem - cp /etc/pki/tls/private/libvirt-server-cert.key /etc/pki/libvirt/private/serverkey.pem - systemctl reload edpm_nova_virtqemud - key_size: "{{ edpm_nova_libvirt_certificate_key_size_real }}" - ca: ipa - - name: libvirt-client-cert - dns: "{{ edpm_nova_libvirt_network }}" - principal: libvirt/{{ edpm_nova_libvirt_network }}@{{ edpm_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to libvirt dirs - cp /etc/pki/tls/certs/libvirt-client-cert.crt /etc/pki/libvirt/clientcert.pem - cp /etc/pki/tls/private/libvirt-client-cert.key /etc/pki/libvirt/private/clientkey.pem - systemctl reload edpm_nova_virtqemud - key_size: "{{ edpm_nova_libvirt_certificate_key_size_real }}" - ca: ipa - - name: qemu-server-cert - owner: root - group: qemu - dns: "{{ edpm_nova_libvirt_network }}" - principal: libvirt/{{ edpm_nova_libvirt_network }}@{{ edpm_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to qemu dir - cp {{ edpm_nova_libvirt_qemu_ca_cert_real }} /etc/pki/qemu/ca-cert.pem - chown root:root /etc/pki/qemu/ca-cert.pem - chmod 644 /etc/pki/qemu/ca-cert.pem - cp -a /etc/pki/tls/certs/qemu-server-cert.crt /etc/pki/qemu/server-cert.pem - cp -a /etc/pki/tls/private/qemu-server-cert.key /etc/pki/qemu/server-key.pem - chgrp qemu /etc/pki/qemu/server-* - chmod 0640 /etc/pki/qemu/server-cert.pem - chmod 0640 /etc/pki/qemu/server-key.pem - key_size: "{{ edpm_nova_libvirt_qemu_server_certificate_key_size_real }}" - ca: ipa - - name: qemu-client-cert - owner: root - group: qemu - dns: "{{ edpm_nova_libvirt_network }}" - principal: libvirt/{{ edpm_nova_libvirt_network }}@{{ edpm_nova_libvirt_idm_realm }} - run_after: | - # Copy cert and key to qemu dir - cp -a /etc/pki/tls/certs/qemu-client-cert.crt /etc/pki/qemu/client-cert.pem - cp -a /etc/pki/tls/private/qemu-client-cert.key /etc/pki/qemu/client-key.pem - chgrp qemu /etc/pki/qemu/client-* - chmod 0640 /etc/pki/qemu/client-cert.pem - chmod 0640 /etc/pki/qemu/client-key.pem - key_size: "{{ edpm_nova_libvirt_qemu_client_certificate_key_size_real }}" - ca: ipa - -- name: Configure libvirt - when: edpm_nova_libvirt_config_use_ansible|bool - block: - - name: Ensure {{ edpm_nova_libvirt_config_dir }}/etc/libvirt exists - ansible.builtin.file: - path: "{{ edpm_nova_libvirt_config_dir }}/etc/libvirt" - state: directory - recurse: true - - - name: Remove nova_libvirt_config container if exists - ansible.builtin.shell: podman rm -f nova_libvirt_config - changed_when: false - failed_when: false - - - name: Run nova_libvirt_config container - ansible.builtin.shell: podman run --detach --name nova_libvirt_config {{ edpm_nova_libvirt_container_config_image }} sleep infinity - notify: Remove nova_libvirt_config container - register: config_container_id - - - name: Copy initial config files from nova_libvirt_config container - ansible.builtin.shell: | - mount_dir=$(podman mount nova_libvirt_config) - cp -a ${mount_dir}/{{ item }} {{ edpm_nova_libvirt_config_dir }}/etc/libvirt - failed_when: false - changed_when: false - register: copy_config_files - loop: - - /etc/libvirt/virtlockd.conf - - /etc/libvirt/virtlogd.conf - - /etc/libvirt/virtnodedevd.conf - - /etc/libvirt/virtnwfilterd.conf - - /etc/libvirt/virtproxyd.conf - - /etc/libvirt/virtqemud.conf - - /etc/libvirt/virtsecretd.conf - - /etc/libvirt/virtstoraged.conf - - - name: Check for failure - ansible.builtin.debug: - msg: | - Copying config files failed - {{ copy_config_files.results | map(attribute='stdout') | list }} - {{ copy_config_files.results | map(attribute='stderr') | list }} - when: - - copy_config_files.results | selectattr('rc', 'ne', 0) | list | length != 0 - failed_when: true - - - name: Configure common nova_libvirt config values - community.general.ini_file: - path: "{{ edpm_nova_libvirt_config_dir }}/etc/libvirt/{{ item.1 ~ '.conf' }}" - section: "{{ item.0.section }}" - option: "{{ item.0.option }}" - value: "{{ item.0.value }}" - loop: "{{ configs | product(edpm_nova_libvirt_services) | list }}" - vars: - configs: - - section: null - option: unix_sock_group - value: "'libvirt'" - - section: null - option: unix_sock_ro_perms - value: "'0444'" - - section: null - option: unix_sock_rw_perms - value: "'0770'" - - section: null - option: auth_unix_ro - value: "'none'" - - section: null - option: auth_unix_rw - value: "'none'" - - - name: Configure nova_libvirt log_filters config values - community.general.ini_file: - path: "{{ edpm_nova_libvirt_config_dir }}/etc/libvirt/{{ item ~ '.conf' }}" - section: null - option: log_filters - value: "'{{ lookup('vars', 'edpm_nova_libvirt_' ~ item ~ '_log_filters') }}'" - loop: "{{ edpm_nova_libvirt_services }}" - - - name: Configure nova_libvirt log_outputs config values - community.general.ini_file: - path: "{{ edpm_nova_libvirt_config_dir }}/etc/libvirt/{{ item ~ '.conf' }}" - section: null - option: log_outputs - value: "'{{ lookup('vars', 'edpm_nova_libvirt_' ~ item ~ '_log_outputs') }}'" - loop: "{{ edpm_nova_libvirt_services }}" diff --git a/roles/edpm_nova_libvirt/tasks/install.yml b/roles/edpm_nova_libvirt/tasks/install.yml deleted file mode 100644 index 1f963c504..000000000 --- a/roles/edpm_nova_libvirt/tasks/install.yml +++ /dev/null @@ -1,83 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create libvirt persistent data directories - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype | default(omit) }}" - selevel: "{{ item.selevel | default(omit) }}" - recurse: "{{ item.recurse | default(omit) }}" - mode: "{{ item.mode | default(omit) }}" - with_items: - - {'path': /etc/libvirt, 'setype': container_file_t} - - {'path': /etc/libvirt/secrets, 'setype': container_file_t} - - {'path': /etc/libvirt/qemu, 'setype': container_file_t} - - {'path': /var/lib/libvirt, 'setype': container_file_t} - - {'path': /var/cache/libvirt} - - {'path': /var/lib/nova, 'setype': container_file_t} - - {'path': /run/libvirt, 'setype': virt_var_run_t} - # TODO(bogdando): use container_logwriter_t as of container-selinux v2.191.0 - - {'path': /var/log/containers/libvirt/swtpm, 'setype': container_file_t, 'mode': '0770'} - - {'path': /var/log/containers/libvirt, 'setype': container_ro_file_t, 'selevel': s0, 'mode': '0750'} - # NOTE(bogdando): this mostly replicates today t-h-t common/common-container-setup-tasks.yaml - # we can tweak it further later, or move to some common tasks later - - {'path': /var/lib/kolla/config_files, 'setype': container_file_t, 'selevel': s0, 'recurse': true} - - {'path': /var/lib/edpm-config, 'setype': container_file_t, 'selevel': s0, 'mode': '0750'} - - {'path': /var/lib/config-data, 'setype': container_file_t, 'selevel': s0, 'mode': '0755'} - - {'path': /var/lib/config-data/ansible-generated/nova_libvirt, 'setype': container_file_t, 'mode': '0755'} -- name: Ensure /etc/ssh/ssh_known_hosts for libvirt containers bind-mounts - ansible.builtin.copy: - content: "" - dest: /etc/ssh/ssh_known_hosts - force: false -- name: Ensure ceph configurations exist - ansible.builtin.file: - path: "{{ edpm_nova_libvirt_ceph_config_path }}" - state: directory -- name: Check if libvirt is installed - ansible.builtin.command: /usr/bin/rpm -q libvirt-daemon - failed_when: false - register: libvirt_installed - changed_when: false - check_mode: false -- name: Make sure libvirt services are disabled and masked - ansible.builtin.systemd: - name: "{{ item }}" - state: stopped - enabled: false - masked: true - daemon_reload: true - with_items: - - libvirtd.service - - virtlogd.socket - when: libvirt_installed.rc == 0 -- name: Ensure /run/libvirt is present upon reboot - ansible.builtin.copy: - dest: /etc/tmpfiles.d/run-libvirt.conf - content: | - d /run/libvirt 0755 root root - - -- name: Enable os_enable_vtpm SELinux boolean for vTPM - ansible.posix.seboolean: - name: os_enable_vtpm - persistent: true - state: true - when: - - ansible_facts.selinux is defined - - ansible_facts.selinux.status == "enabled" - # (slagle) Disable setting this boolean due to - # https://bugs.launchpad.net/edpm/+bug/1977873 - - ansible_facts['distribution_major_version'] is version('9', '<') diff --git a/roles/edpm_nova_libvirt/tasks/logging-install.yml b/roles/edpm_nova_libvirt/tasks/logging-install.yml deleted file mode 100644 index 7bed8c44b..000000000 --- a/roles/edpm_nova_libvirt/tasks/logging-install.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Create libvirt persistent data directories - ansible.builtin.file: - path: "{{ item.path }}" - state: directory - setype: "{{ item.setype | default(omit) }}" - selevel: "{{ item.selevel | default(omit) }}" - recurse: "{{ item.recurse | default(omit) }}" - mode: "{{ item.mode | default(omit) }}" - with_items: - # TODO(bogdando): use container_logwriter_t as of container-selinux v2.191.0 - - {'path': /var/log/containers/libvirt/swtpm, 'setype': container_file_t, 'mode': '0770'} - - {'path': /var/log/containers/libvirt, 'setype': container_ro_file_t, 'selevel': s0, 'mode': '0750'} diff --git a/roles/edpm_nova_libvirt/tasks/logging-run.yml b/roles/edpm_nova_libvirt/tasks/logging-run.yml deleted file mode 100644 index 562c8243c..000000000 --- a/roles/edpm_nova_libvirt/tasks/logging-run.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Ensure /var/lib/container-config-scripts exists - ansible.builtin.file: - path: /var/lib/container-config-scripts - state: directory - mode: 0755 - -- name: Manage nova_virtqemud_init_logs container - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_virtqemud_init_logs - edpm_container_standalone_container_defs: - nova_virtqemud_init_logs: "{{ lookup('template', 'nova_virtqemud_init_logs.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_nova_libvirt/tasks/main.yml b/roles/edpm_nova_libvirt/tasks/main.yml deleted file mode 100644 index 70c7a6c4a..000000000 --- a/roles/edpm_nova_libvirt/tasks/main.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "edpm_nova_libvirt" will search for and load any operating system variable file - -# found within the "vars/" path. If no OS files are found the task will skip. -- name: Gather variables for each operating system - ansible.builtin.include_vars: "{{ item }}" - with_first_found: - - skip: true - files: - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml" - - "{{ ansible_facts['distribution'] | lower }}.yml" - - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml" - - "{{ ansible_facts['os_family'] | lower }}.yml" - tags: - - always - -- name: Include host prep tasks for Nova libvirt - ansible.builtin.import_tasks: install.yml - tags: - - install - -- name: Configure Nova libvirt - ansible.builtin.import_tasks: configure.yml - tags: - - configure - -- name: Ensure containers running for Nova libvirt - ansible.builtin.import_tasks: run.yml - tags: - - run diff --git a/roles/edpm_nova_libvirt/tasks/run.yml b/roles/edpm_nova_libvirt/tasks/run.yml deleted file mode 100644 index a3f16feec..000000000 --- a/roles/edpm_nova_libvirt/tasks/run.yml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Manage containers for Nova - become: "{{ not edpm_nova_libvirt_rootless_podman | bool }}" - block: - - name: Ensure /usr/libexec/edpm-start-podman-container exists - ansible.builtin.import_role: - name: edpm_container_manage - tasks_from: shutdown.yml - - - name: Init logs for nova_virtqemud container - ansible.builtin.import_tasks: logging-run.yml - - - name: Run nova_libvirt containers - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_libvirt - edpm_container_standalone_container_defs: - nova_virtlogd: "{{ lookup('template', 'nova_virtlogd.yaml.j2') | from_yaml }}" - nova_virtnodedevd: "{{ lookup('template', 'nova_virtnodedevd.yaml.j2') | from_yaml }}" - nova_virtproxyd: "{{ lookup('template', 'nova_virtproxyd.yaml.j2') | from_yaml }}" - nova_virtqemud: "{{ lookup('template', 'nova_virtqemud.yaml.j2') | from_yaml }}" - nova_virtsecretd: "{{ lookup('template', 'nova_virtsecretd.yaml.j2') | from_yaml }}" - nova_virtstoraged: "{{ lookup('template', 'nova_virtstoraged.yaml.j2') | from_yaml }}" - edpm_container_standalone_kolla_config_files: - nova_virtlogd: "{{ lookup('file', 'files/nova_virtlogd.yaml') | from_yaml }}" - nova_virtnodedevd: "{{ lookup('file', 'files/nova_virtnodedevd.yaml') | from_yaml }}" - nova_virtproxyd: "{{ lookup('file', 'files/nova_virtproxyd.yaml') | from_yaml }}" - nova_virtqemud: "{{ lookup('file', 'files/nova_virtqemud.yaml') | from_yaml }}" - nova_virtsecretd: "{{ lookup('file', 'files/nova_virtsecretd.yaml') | from_yaml }}" - nova_virtstoraged: "{{ lookup('file', 'files/nova_virtstoraged.yaml') | from_yaml }}" - - - name: Ensure /var/lib/container-config-scripts exists - ansible.builtin.file: - path: /var/lib/container-config-scripts - state: directory - - - name: Copy nova_libvirt_init_secret.sh to /var/lib/container-config-scripts - ansible.builtin.copy: - src: files/nova_libvirt_init_secret.sh - dest: /var/lib/container-config-scripts/nova_libvirt_init_secret.sh - - - name: Create libvirt secret for ceph now that nova_virtsecretd is running - when: edpm_nova_libvirt_need_libvirt_secret|bool - ansible.builtin.include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: nova_libvirt_init_secret - edpm_container_standalone_container_defs: - nova_libvirt_init_secret: "{{ lookup('template', 'nova_libvirt_init_secret.yaml.j2') | from_yaml }}" - edpm_container_standalone_kolla_config_files: - nova_libvirt_init_secret: "{{ lookup('file', 'files/nova_libvirt_init_secret.yaml') | from_yaml }}" diff --git a/roles/edpm_nova_libvirt/tasks/update.yml b/roles/edpm_nova_libvirt/tasks/update.yml deleted file mode 100644 index 0cd6e43e8..000000000 --- a/roles/edpm_nova_libvirt/tasks/update.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Remove old tmpfiles.d config - ansible.builtin.file: - path: /etc/tmpfiles.d/var-run-libvirt.conf - state: absent diff --git a/roles/edpm_nova_libvirt/tasks/upgrade.yml b/roles/edpm_nova_libvirt/tasks/upgrade.yml deleted file mode 100644 index aaa650102..000000000 --- a/roles/edpm_nova_libvirt/tasks/upgrade.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Inlcude update tasks to upgrade Nova Libvirt - ansible.builtin.include_tasks: update.yml diff --git a/roles/edpm_nova_libvirt/templates/nova_libvirt_init_secret.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_libvirt_init_secret.yaml.j2 deleted file mode 100644 index f39f72f45..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_libvirt_init_secret.yaml.j2 +++ /dev/null @@ -1,18 +0,0 @@ -detach: false -image: {{ edpm_nova_libvirt_container_image }} -security_opt: - - label=disable -privileged: false -user: root -cgroupns: host -net: host -command: bash /nova_libvirt_init_secret.sh {{ edpm_nova_libvirt_ceph_multiconfig_info | join(' ') }} -volumes: - {% set nova_libvirt_volumes = [] %} - {%- set nova_libvirt_volumes = - ['/var/lib/config-data/ansible-generated/nova_libvirt/etc/nova:/etc/nova', - '/var/lib/container-config-scripts/nova_libvirt_init_secret.sh:/nova_libvirt_init_secret.sh:ro', - edpm_nova_libvirt_ceph_config_path ~ ':/etc/ceph:ro' ] -%} - {{ edpm_nova_libvirt_common_volumes + nova_libvirt_volumes | unique | list }} -environment: - LIBVIRT_DEFAULT_URI: qemu:///system diff --git a/roles/edpm_nova_libvirt/templates/nova_virtlogd.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtlogd.yaml.j2 deleted file mode 100644 index ec1d7f67f..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtlogd.yaml.j2 +++ /dev/null @@ -1,16 +0,0 @@ -start_order: 0 -image: {{ edpm_nova_libvirt_container_image }} -ulimit: {{ edpm_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ edpm_nova_libvirt_container_pid }} -pids_limit: {{ edpm_nova_libvirt_container_pids_limit }} -security_opt: - - label=disable -cap_add: SYS_ADMIN -restart: always -volumes: - {{ edpm_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_nova_libvirt/templates/nova_virtnodedevd.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtnodedevd.yaml.j2 deleted file mode 100644 index 0ce0d6e6a..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtnodedevd.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -start_order: 2 -image: {{ edpm_nova_libvirt_container_image }} -ulimit: {{ edpm_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ edpm_nova_libvirt_container_pid }} -pids_limit: {{ edpm_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: - - edpm_nova_virtlogd.service -volumes: - {{ edpm_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtnodedevd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_nova_libvirt/templates/nova_virtproxyd.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtproxyd.yaml.j2 deleted file mode 100644 index 432a75cbc..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtproxyd.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -start_order: 5 -image: {{ edpm_nova_libvirt_container_image }} -ulimit: {{ edpm_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ edpm_nova_libvirt_container_pid }} -pids_limit: {{ edpm_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: - - edpm_nova_virtlogd.service -volumes: - {{ edpm_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtproxyd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_nova_libvirt/templates/nova_virtqemud.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtqemud.yaml.j2 deleted file mode 100644 index 09a1216ca..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtqemud.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -start_order: 4 -image: {{ edpm_nova_libvirt_container_image }} -ulimit: {{ edpm_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ edpm_nova_libvirt_container_pid }} -pids_limit: {{ edpm_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: - - edpm_nova_virtlogd.service -volumes: - {{ edpm_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtqemud.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_nova_libvirt/templates/nova_virtqemud_init_logs.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtqemud_init_logs.yaml.j2 deleted file mode 100644 index 8539b0c67..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtqemud_init_logs.yaml.j2 +++ /dev/null @@ -1,9 +0,0 @@ -image: {{ edpm_nova_libvirt_container_image }} -net: none -privileged: false -user: root -volumes: - - /var/log/containers/libvirt/swtpm:/var/log/swtpm:shared,z -command: ['/bin/bash', '-c', 'chown -R tss:tss /var/log/swtpm'] -environment: - EDPM_DEPLOY_IDENTIFIER: "{{ edpm_deploy_identifier | default('') }}" diff --git a/roles/edpm_nova_libvirt/templates/nova_virtsecretd.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtsecretd.yaml.j2 deleted file mode 100644 index d6372b6f0..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtsecretd.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -start_order: 1 -image: {{ edpm_nova_libvirt_container_image }} -ulimit: {{ edpm_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ edpm_nova_libvirt_container_pid }} -pids_limit: {{ edpm_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: - - edpm_nova_virtlogd.service -volumes: - {{ edpm_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtsecretd.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_nova_libvirt/templates/nova_virtstoraged.yaml.j2 b/roles/edpm_nova_libvirt/templates/nova_virtstoraged.yaml.j2 deleted file mode 100644 index e729b5881..000000000 --- a/roles/edpm_nova_libvirt/templates/nova_virtstoraged.yaml.j2 +++ /dev/null @@ -1,20 +0,0 @@ -start_order: 3 -image: {{ edpm_nova_libvirt_container_image }} -ulimit: {{ edpm_nova_libvirt_container_ulimit }} -cgroupns: host -net: host -pid: {{ edpm_nova_libvirt_container_pid }} -pids_limit: {{ edpm_nova_libvirt_container_pids_limit }} -privileged: true -security_opt: - - label=level:s0 - - label=type:spc_t - - label=filetype:container_share_t -restart: always -depends_on: - - edpm_nova_virtlogd.service -volumes: - {{ edpm_nova_libvirt_volumes + - ['/var/lib/kolla/config_files/nova_virtstoraged.json:/var/lib/kolla/config_files/config.json:ro'] }} -environment: - KOLLA_CONFIG_STRATEGY: COPY_ALWAYS diff --git a/roles/edpm_nova_libvirt/vars/main.yml b/roles/edpm_nova_libvirt/vars/main.yml deleted file mode 100644 index e2aa225aa..000000000 --- a/roles/edpm_nova_libvirt/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2022 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "edpm_nova_libvirt"