Skip to content

Fdp update edpm #3467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fdp update edpm #3467

wants to merge 1 commit into from
+1,063 −0

Conversation

@mnietoji
Copy link
Contributor

@mnietoji mnietoji commented Nov 7, 2025
edited
Loading

Add fdp_update_edpm role for EDPM node updates

Implement EDPM node update automation for FDP updates:

  • Role fdp_update_edpm: Updates EDPM nodes declaratively via Kubernetes CRs
    • Patches OpenStackDataPlaneNodeSet CRs with updated container images
    • Configures package updates via edpm_bootstrap_packages
    • Sets up registry authentication and CA certificates
    • Creates OpenStackDataPlaneDeployment to apply changes
    • Includes hypervisor firewall configuration for registry access
  • Integration in post-deployment.yml after control plane updates
  • Zuul CI configuration for automated testing

This role enables updating Fast Data Path components on EDPM
(External Data Plane Management) nodes using a declarative approach.
Updates are applied by modifying Kubernetes CRs and letting the
OpenStack Data Plane Operator execute the changes via native
edpm-ansible roles. Works in conjunction with fdp_update_container_images
to provide a complete FDP update workflow across both control plane
and data plane.

Assisted-By: Claude [email protected]
Signed-off-by: Miguel Angel Nieto Jimenez [email protected]

@mnietoji mnietoji requested a review from a team as a code owner November 7, 2025 14:44
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 7, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mnietoji mnietoji closed this Nov 7, 2025
@mnietoji mnietoji reopened this Nov 7, 2025
@mnietoji mnietoji mentioned this pull request Nov 7, 2025
Closed
@mnietoji mnietoji force-pushed the fdp_update_edpm branch 3 times, most recently from b645ded to 02be96f Compare November 7, 2025 16:48
michburk
michburk previously requested changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@michburk michburk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this pr isn't split properly and also contains the changes from #3466

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Nov 7, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/381a8462756e461fa40fdad368f58ea3

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 44m 12s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 19m 14s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 30m 53s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 27s
✔️ noop SUCCESS in 0s
cifmw-pod-ansible-test TIMED_OUT in 30m 56s
cifmw-pod-pre-commit FAILURE in 7m 51s
✔️ build-push-container-cifmw-client SUCCESS in 18m 58s
✔️ cifmw-molecule-fdp_update_container_images SUCCESS in 2m 18s
✔️ cifmw-molecule-fdp_update_edpm SUCCESS in 2m 22s

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Nov 7, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/8dae75330b79473b922c4f394be22509

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 38m 24s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 19m 49s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 24m 29s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 38s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 10s
cifmw-pod-pre-commit FAILURE in 7m 49s
✔️ build-push-container-cifmw-client SUCCESS in 19m 15s
✔️ cifmw-molecule-fdp_update_container_images SUCCESS in 2m 19s
✔️ cifmw-molecule-fdp_update_edpm SUCCESS in 2m 17s

@mnietoji mnietoji force-pushed the fdp_update_edpm branch 2 times, most recently from d4a6725 to 6410812 Compare November 7, 2025 23:39
@mnietoji
Copy link
Contributor Author

mnietoji commented Nov 7, 2025

Looks like this pr isn't split properly and also contains the changes from #3466

This pr depends on the other one. When the other one is merged, i will rebase this one and I will only have one commit here

@mnietoji mnietoji force-pushed the fdp_update_edpm branch 2 times, most recently from f09d329 to 2f1a170 Compare November 7, 2025 23:52
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Nov 8, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/a31750715d0943f7889539e20267c60d

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 42m 49s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 17m 33s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 26m 30s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 36s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 8m 52s
cifmw-pod-pre-commit FAILURE in 7m 58s
✔️ build-push-container-cifmw-client SUCCESS in 22m 17s
✔️ cifmw-molecule-fdp_update_container_images SUCCESS in 1m 44s
✔️ cifmw-molecule-fdp_update_edpm SUCCESS in 1m 52s

danpawlik
danpawlik reviewed Nov 12, 2025
View reviewed changes
roles/fdp_update_container_images/defaults/main.yml
# ============================================================================

# Base directory for artifacts and temporary files
cifmw_fdp_update_container_images_basedir: "{{ cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data') }}"
Copy link
Contributor

@danpawlik danpawlik Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove default. It should start using group_vars/all.yml

danpawlik
danpawlik reviewed Nov 12, 2025
View reviewed changes
roles/fdp_update_container_images/defaults/main.yml

# Repository configuration
cifmw_fdp_update_container_images_repo_name: "custom-repo"
cifmw_fdp_update_container_images_repo_baseurl: "" # REQUIRED - must be set by user
Copy link
Contributor

@danpawlik danpawlik Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a nit: do we really want to have so much parameters available?

danpawlik
danpawlik reviewed Nov 12, 2025
View reviewed changes
roles/fdp_update_edpm/tasks/configure_ca_cert.yml
@@ -0,0 +1,65 @@
---
Copy link
Contributor

@danpawlik danpawlik Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are you sure we need that task?

danpawlik
danpawlik reviewed Nov 12, 2025
View reviewed changes
roles/fdp_update_edpm/tasks/create_deployment.yml
_cifmw_fdp_update_edpm_deployment_result.resources | length > 0 and
_cifmw_fdp_update_edpm_deployment_result.resources[0].status.conditions |
selectattr('type', 'equalto', 'Ready') |
map(attribute='status') | first | default('False') == 'True'
Copy link
Contributor

@danpawlik danpawlik Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

default is needed here?

danpawlik
danpawlik reviewed Nov 12, 2025
View reviewed changes
roles/fdp_update_edpm/tasks/setup_hypervisor_firewall.yml
@@ -0,0 +1,59 @@
---
Copy link
Contributor

@danpawlik danpawlik Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure we need that task.

@mnietoji
Add fdp_update_edpm role for EDPM node updates
8f40669 
Implement EDPM node update automation for FDP updates:
- Role fdp_update_edpm: Updates EDPM nodes declaratively via Kubernetes CRs
  * Patches OpenStackDataPlaneNodeSet CRs with updated container images
  * Configures package updates via edpm_bootstrap_packages
  * Sets up registry authentication and CA certificates
  * Creates OpenStackDataPlaneDeployment to apply changes
  * Includes hypervisor firewall configuration for registry access
- Integration in post-deployment.yml after control plane updates
- Zuul CI configuration for automated testing

This role enables updating Fast Data Path components on EDPM
(External Data Plane Management) nodes using a declarative approach.
Updates are applied by modifying Kubernetes CRs and letting the
OpenStack Data Plane Operator execute the changes via native
edpm-ansible roles. Works in conjunction with fdp_update_container_images
to provide a complete FDP update workflow across both control plane
and data plane.

Assisted-By: Claude <[email protected]>
Signed-off-by: Miguel Angel Nieto Jimenez <[email protected]>
@michburk michburk dismissed their stale review November 13, 2025 15:29

Other changes merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danpawlik danpawlik danpawlik left review comments

@michburk michburk michburk left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Ready For Review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mnietoji @danpawlik @michburk