Merge pull request #344 from booxter/sriov-conf-d-loading

neutron_sriov: install secrets from neutron-operator; load config files from neutron.conf.d
openstack-k8s-operators · Sep 19, 2023 · bfcbeb0 · bfcbeb0
2 parents 860413d + c471f69
commit bfcbeb0
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 20 deletions.
diff --git a/roles/edpm_neutron_sriov/defaults/main.yml b/roles/edpm_neutron_sriov/defaults/main.yml
@@ -24,7 +24,7 @@ edpm_neutron_sriov_image: "quay.io/podified-antelope-centos9/openstack-neutron-s
 edpm_neutron_sriov_common_volumes:
   - /lib/modules:/lib/modules:ro
   - /dev:/dev
-  - "{{ edpm_neutron_sriov_agent_config_dir }}:/etc/neutron:z"
+  - "{{ edpm_neutron_sriov_agent_config_dir }}:/etc/neutron.conf.d:z"
   - /var/lib/neutron:/var/lib/neutron:shared,z
   - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
   - /var/log/containers/neutron:/var/log/neutron:z
@@ -56,7 +56,7 @@ edpm_neutron_sriov_rootwrap_DEFAULT_rlimit_nofile: 1024
 # DEFAULT
 edpm_neutron_sriov_agent_DEFAULT_state_path: '/var/lib/neutron'
 # AGENT
-edpm_neutron_sriov_agent_AGENT_root_helper: 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'
+edpm_neutron_sriov_agent_AGENT_root_helper: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf'
 edpm_neutron_sriov_agent_AGENT_report_interval: 300
 edpm_neutron_sriov_agent_AGENT_extensions: 'qos'
 edpm_neutron_sriov_agent_AGENT_polling_interval: 2

diff --git a/roles/edpm_neutron_sriov/meta/argument_specs.yml b/roles/edpm_neutron_sriov/meta/argument_specs.yml
@@ -18,7 +18,7 @@ argument_specs:
         default:
           - /lib/modules:/lib/modules:ro
           - /dev:/dev
-          - "{{ edpm_neutron_sriov_agent_config_dir }}:/etc/neutron:z"
+          - "{{ edpm_neutron_sriov_agent_config_dir }}:/etc/neutron.conf.d:z"
           - /var/lib/neutron:/var/lib/neutron:shared,z
           - /var/lib/kolla/config_files/neutron_sriov_agent.json:/var/lib/kolla/config_files/config.json:ro
           - /var/log/containers/neutron:/var/log/neutron:z
@@ -81,7 +81,7 @@ argument_specs:
         description: ''
         type: str
       edpm_neutron_sriov_agent_AGENT_root_helper:
-        default: 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'
+        default: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf'
         description: ''
         type: str
       edpm_neutron_sriov_agent_AGENT_report_interval:

diff --git a/roles/edpm_neutron_sriov/molecule/default/converge.yml b/roles/edpm_neutron_sriov/molecule/default/converge.yml
@@ -19,4 +19,4 @@
   roles:
     - role: "edpm_neutron_sriov"
       vars:
-        edpm_neutron_sriov_DEFAULT_transport_url: "fake:/"
+        edpm_ovn_config_src: "{{lookup('env', 'MOLECULE_SCENARIO_DIRECTORY')}}/test-data"
diff --git a/roles/edpm_neutron_sriov/molecule/default/test-data/10-neutron-sriov.conf b/roles/edpm_neutron_sriov/molecule/default/test-data/10-neutron-sriov.conf
@@ -0,0 +1,2 @@
+[DEFAULT]
+transport_url = fake:/
diff --git a/roles/edpm_neutron_sriov/molecule/default/verify.yml b/roles/edpm_neutron_sriov/molecule/default/verify.yml
@@ -37,3 +37,17 @@
             that:
               - log_file.stat.exists
             fail_msg: "File /var/log/containers/neutron/neutron-sriov-nic-agent.log does not exist"
+
+    - name: Ensure that 10-neutron-sriov.conf was copied into the container
+      block:
+        - name: sriov config file exists
+          become: true
+          ansible.builtin.stat:
+            path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent/10-neutron-sriov.conf"
+          register: sriov_config
+
+        - name: assert that the config exists
+          ansible.builtin.assert:
+            that:
+              - sriov_config.stat.exists
+            fail_msg: "sriov agent config file does not exist"
diff --git a/roles/edpm_neutron_sriov/tasks/configure.yml b/roles/edpm_neutron_sriov/tasks/configure.yml
@@ -14,18 +14,39 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- name: Render neutron configuration files
-  ansible.builtin.template:
-    src: "{{ item.src }}"
-    dest: "{{ edpm_neutron_sriov_agent_config_dir }}/{{ item.dest }}"
-    setype: "container_file_t"
-    mode: "0644"
-  with_items:
-    - {"src": "neutron.conf.j2", "dest": "neutron.conf"}
-    - {"src": "rootwrap.conf.j2", "dest": "rootwrap.conf"}
-    - {"src": "neutron-sriov-agent.ini.j2", "dest": "neutron-sriov-agent.ini"}
-  tags:
-    - configure
-    - neutron
-  notify:
-  - restart neutron-sriov-agent
+- name: Configure neutron configuration files
+  block:
+    - name: Render neutron configuration files
+      ansible.builtin.template:
+        src: "{{ item.src }}"
+        dest: "{{ edpm_neutron_sriov_agent_config_dir }}/{{ item.dest }}"
+        setype: "container_file_t"
+        mode: "0644"
+      with_items:
+        - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"}
+        - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"}
+        - {"src": "neutron-sriov-agent.conf.j2", "dest": "01-neutron-sriov-agent.conf"}
+      tags:
+        - configure
+        - neutron
+      notify:
+      - restart neutron-sriov-agent
+
+    - name: discover secrets in {{ edpm_ovn_config_src }}
+      ansible.builtin.find:
+        paths: "{{ edpm_ovn_config_src }}"
+        file_type: file
+        recurse: yes
+        patterns:
+        - "*sriov*conf"
+      register: edpm_neutron_sriov_secrets
+      delegate_to: localhost
+      become: false
+
+    - name: flatten secrets into {{ edpm_neutron_sriov_agent_config_dir }}
+      ansible.builtin.copy:
+        src: "{{ item.path }}"
+        dest: "{{ edpm_neutron_sriov_agent_config_dir }}/{{ item.path | basename }}"
+        setype: "container_file_t"
+        mode: "0644"
+      with_items: "{{ edpm_neutron_sriov_secrets.files }}"
diff --git a/...riov/templates/neutron-sriov-agent.ini.j2 → ...iov/templates/neutron-sriov-agent.conf.j2 b/...riov/templates/neutron-sriov-agent.ini.j2 → ...iov/templates/neutron-sriov-agent.conf.j2