diff --git a/plugins/modules/container_config_hash.py b/plugins/modules/container_config_hash.py index 8fc310768..c806986a6 100644 --- a/plugins/modules/container_config_hash.py +++ b/plugins/modules/container_config_hash.py @@ -55,7 +55,7 @@ description: - Config volume prefix type: str - default: '/var/lib/config-data' + default: '/var/lib/openstack' """ EXAMPLES = """ diff --git a/plugins/modules/edpm_nftables_from_files.py b/plugins/modules/edpm_nftables_from_files.py index d3bd4e8e3..d05756848 100644 --- a/plugins/modules/edpm_nftables_from_files.py +++ b/plugins/modules/edpm_nftables_from_files.py @@ -50,7 +50,7 @@ - name: Get nftables rules register: edpm_nftables_rules edpm_nftables_from_files: - src: /var/lib/edpm-config/firewall + src: /var/lib/openstack/firewall """ RETURN = """ diff --git a/plugins/modules/edpm_nftables_snippet.py b/plugins/modules/edpm_nftables_snippet.py index 45bc463f6..835944f4d 100644 --- a/plugins/modules/edpm_nftables_snippet.py +++ b/plugins/modules/edpm_nftables_snippet.py @@ -58,7 +58,7 @@ EXAMPLES = """ - name: Inject snippet for CI edpm_nftables_snippet: - dest: /var/lib/edpm-config/firewall/ci-rules.yaml + dest: /var/lib/openstack/firewall/ci-rules.yaml content: | - rule_name: 010 Allow SSH from everywhere rule: diff --git a/roles/edpm_container_quadlet/tasks/main.yml b/roles/edpm_container_quadlet/tasks/main.yml index ec3642aa3..495317c87 100644 --- a/roles/edpm_container_quadlet/tasks/main.yml +++ b/roles/edpm_container_quadlet/tasks/main.yml @@ -43,7 +43,7 @@ - name: "Render container definitions: [{{ edpm_container_quadlet_service }} ]" become: true ansible.builtin.template: - src: "templates/service-quadlet-template.yaml.j2" + src: "service-quadlet-template.yaml.j2" dest: "{{ edpm_container_quadlet_systemd_config_dir }}/{{ edpm_container_quadlet_service }}.yaml" mode: "0644" # NOTE(tkajinam): Some containers can contain secrets in their environments. diff --git a/roles/edpm_derive_pci_device_spec/defaults/main.yml b/roles/edpm_derive_pci_device_spec/defaults/main.yml index c612b3125..dae11aea2 100644 --- a/roles/edpm_derive_pci_device_spec/defaults/main.yml +++ b/roles/edpm_derive_pci_device_spec/defaults/main.yml @@ -19,7 +19,7 @@ # All variables within this role should have a prefix of "edpm_derive_pci_device_spec" # Defaults for PCI derive script (nic-partitioning is enabled) -edpm_derive_pci_device_spec_conf_dir: '/var/lib/config-data/ansible-generated/derive_devicespec' +edpm_derive_pci_device_spec_conf_dir: '/var/lib/openstack/derive_devicespec' edpm_derive_sriov_device_spec_list: '' edpm_derive_pci_device_spec_conf_file: 20-sriov-device-spec.conf diff --git a/roles/edpm_frr/defaults/main.yml b/roles/edpm_frr/defaults/main.yml index d2a3ef0fd..3d983d57e 100644 --- a/roles/edpm_frr/defaults/main.yml +++ b/roles/edpm_frr/defaults/main.yml @@ -54,7 +54,7 @@ edpm_frr_bgp_peers: [] edpm_frr_bgp_asn: 64999 edpm_frr_bgp_uplinks: [] edpm_frr_bgp_uplinks_scope: internal -edpm_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr" +edpm_frr_config_basedir: "/var/lib/openstack/frr" edpm_frr_defaults: traditional edpm_frr_hostname: "{{ ansible_facts['hostname'] | default('') }}" edpm_frr_log_level: informational diff --git a/roles/edpm_frr/templates/kolla_config/frr.yaml.j2 b/roles/edpm_frr/files/kolla_config/frr.yaml similarity index 100% rename from roles/edpm_frr/templates/kolla_config/frr.yaml.j2 rename to roles/edpm_frr/files/kolla_config/frr.yaml diff --git a/roles/edpm_frr/meta/argument_specs.yml b/roles/edpm_frr/meta/argument_specs.yml index cd7863584..8de281192 100644 --- a/roles/edpm_frr/meta/argument_specs.yml +++ b/roles/edpm_frr/meta/argument_specs.yml @@ -135,7 +135,7 @@ argument_specs: description: '' type: str edpm_frr_config_basedir: - default: /var/lib/config-data/ansible-generated/frr + default: /var/lib/openstack/frr description: Path to FRR configuration directory. type: path edpm_frr_defaults: @@ -181,7 +181,7 @@ argument_specs: - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro - /var/lib/kolla/config_files/frr.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ansible-generated/frr:/var/lib/kolla/config_files/src:ro + - /var/lib/openstack/frr:/var/lib/kolla/config_files/src:ro - /run/frr:/run/frr:shared,z description: List of FRR volumes in a mountpoint form. type: list diff --git a/roles/edpm_frr/molecule/default/verify.yml b/roles/edpm_frr/molecule/default/verify.yml index 14a0ca0fe..760ecc365 100644 --- a/roles/edpm_frr/molecule/default/verify.yml +++ b/roles/edpm_frr/molecule/default/verify.yml @@ -9,9 +9,9 @@ ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - "/var/lib/edpm-config/container-startup-config/frr" - - "/var/lib/config-data/ansible-generated/frr" + - "/var/lib/openstack/frr" - "/etc/tmpfiles.d/" - - "/var/lib/config-data/ansible-generated/frr/etc/frr" + - "/var/lib/openstack/frr/etc/frr" - name: ensure that /etc/tmpfiles.d/run-frr.conf file for frr exist become: true @@ -26,31 +26,31 @@ - check_frr_file.stat.exists fail_msg: "File /etc/tmpfiles.d/run-frr.conf does not exist" - - name: ensure that /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf file exist + - name: ensure that /var/lib/openstack/frr/etc/frr/frr.conf file exist become: true block: - - name: Check if file /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf exist + - name: Check if file /var/lib/openstack/frr/etc/frr/frr.conf exist ansible.builtin.stat: - path: /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf + path: /var/lib/openstack/frr/etc/frr/frr.conf register: check_frr_conf_file - - name: Assert file /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf exist + - name: Assert file /var/lib/openstack/frr/etc/frr/frr.conf exist ansible.builtin.assert: that: - check_frr_conf_file.stat.exists - fail_msg: "File /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf does not exist" + fail_msg: "File /var/lib/openstack/frr/etc/frr/frr.conf does not exist" - - name: ensure that /var/lib/config-data/ansible-generated/frr/etc/frr/daemons file exist + - name: ensure that /var/lib/openstack/frr/etc/frr/daemons file exist become: true block: - - name: Check if file /var/lib/config-data/ansible-generated/frr/etc/frr/daemons exist + - name: Check if file /var/lib/openstack/frr/etc/frr/daemons exist ansible.builtin.stat: - path: /var/lib/config-data/ansible-generated/frr/etc/frr/daemons + path: /var/lib/openstack/frr/etc/frr/daemons register: check_frr_daemons_file - - name: Assert file /var/lib/config-data/ansible-generated/frr/etc/frr/daemons exist + - name: Assert file /var/lib/openstack/frr/etc/frr/daemons exist ansible.builtin.assert: that: - check_frr_daemons_file.stat.exists - fail_msg: "File /var/lib/config-data/ansible-generated/frr/etc/frr/daemons does not exist" + fail_msg: "File /var/lib/openstack/frr/etc/frr/daemons does not exist" - name: verify frr BGP and BFD firewall rules are applied block: diff --git a/roles/edpm_frr/tasks/configure.yml b/roles/edpm_frr/tasks/configure.yml index 0ea10ab77..cb92b149e 100644 --- a/roles/edpm_frr/tasks/configure.yml +++ b/roles/edpm_frr/tasks/configure.yml @@ -60,7 +60,7 @@ - name: Configure FRR ansible.builtin.template: - src: frr.conf.j2 + src: config/frr.conf.j2 dest: "{{ edpm_frr_config_basedir }}/etc/frr/frr.conf" mode: '0644' selevel: s0 @@ -69,7 +69,7 @@ - name: Configure FRR daemons ansible.builtin.template: - src: daemons.j2 + src: config/daemons.j2 dest: "{{ edpm_frr_config_basedir }}/etc/frr/daemons" mode: '0644' selevel: s0 diff --git a/roles/edpm_frr/tasks/run.yml b/roles/edpm_frr/tasks/run.yml index a90786358..2579fcd1e 100644 --- a/roles/edpm_frr/tasks/run.yml +++ b/roles/edpm_frr/tasks/run.yml @@ -25,6 +25,6 @@ vars: edpm_container_standalone_service: frr edpm_container_standalone_container_defs: - frr: "{{ lookup('template', 'frr.yaml.j2') | from_yaml }}" + frr: "{{ lookup('template', 'container_defs/frr.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - frr: "{{ lookup('template', 'templates/kolla_config/frr.yaml.j2') | from_yaml }}" + frr: "{{ lookup('file', 'kolla_config/frr.yaml') | from_yaml }}" diff --git a/roles/edpm_frr/tasks/update.yml b/roles/edpm_frr/tasks/update.yml new file mode 100644 index 000000000..eeb44cbfe --- /dev/null +++ b/roles/edpm_frr/tasks/update.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - frr + become: true + ansible.builtin.file: + path: "{{ edpm_frr_config_basedir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Ensure config subdirectory exists + tags: + - update + - frr + become: true + ansible.builtin.file: + path: "{{ edpm_frr_config_basedir }}/etc/frr" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - frr + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/frr" + register: edpm_frr_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - frr + become: true + when: + - edpm_frr_old_config_dir.stat.exists + - edpm_frr_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/frr" + file_type: file + recurse: true + register: edpm_frr_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_frr_config_basedir }}/{{ item.path | regex_replace('^.*/frr/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_frr_old_config_files.files }}" + when: + - edpm_frr_old_config_files.files is defined + - edpm_frr_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/frr" + state: absent diff --git a/roles/edpm_frr/templates/daemons.j2 b/roles/edpm_frr/templates/config/daemons.j2 similarity index 100% rename from roles/edpm_frr/templates/daemons.j2 rename to roles/edpm_frr/templates/config/daemons.j2 diff --git a/roles/edpm_frr/templates/frr.conf.j2 b/roles/edpm_frr/templates/config/frr.conf.j2 similarity index 100% rename from roles/edpm_frr/templates/frr.conf.j2 rename to roles/edpm_frr/templates/config/frr.conf.j2 diff --git a/roles/edpm_frr/templates/frr.yaml.j2 b/roles/edpm_frr/templates/container_defs/frr.yaml.j2 similarity index 100% rename from roles/edpm_frr/templates/frr.yaml.j2 rename to roles/edpm_frr/templates/container_defs/frr.yaml.j2 diff --git a/roles/edpm_kernel/defaults/main.yml b/roles/edpm_kernel/defaults/main.yml index b33bbb65f..5cf97b6a1 100644 --- a/roles/edpm_kernel/defaults/main.yml +++ b/roles/edpm_kernel/defaults/main.yml @@ -32,7 +32,7 @@ edpm_kernel_hugepages: {} edpm_kernel_hugepages_remove: false # This should be synced with edpm_nova_compute role -edpm_nova_compute_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt +edpm_nova_compute_config_dir: /var/lib/openstack/nova_libvirt # KSM control edpm_kernel_enable_ksm: false diff --git a/roles/edpm_kernel/meta/argument_specs.yml b/roles/edpm_kernel/meta/argument_specs.yml index 39969e383..c6ccf6960 100644 --- a/roles/edpm_kernel/meta/argument_specs.yml +++ b/roles/edpm_kernel/meta/argument_specs.yml @@ -26,7 +26,7 @@ argument_specs: description: Additional sysctl settings. edpm_nova_compute_config_dir: type: path - default: /var/lib/config-data/ansible-generated/nova_libvirt + default: /var/lib/openstack/nova_libvirt description: This should be synced with edpm_nova_compute role edpm_kernel_args: type: str diff --git a/roles/edpm_multipathd/tasks/run.yml b/roles/edpm_multipathd/tasks/run.yml index 4d7e7214f..4086d30c4 100644 --- a/roles/edpm_multipathd/tasks/run.yml +++ b/roles/edpm_multipathd/tasks/run.yml @@ -29,9 +29,9 @@ vars: edpm_container_standalone_service: multipathd edpm_container_standalone_container_defs: - multipathd: "{{ lookup('template', 'multipathd.yaml.j2') | from_yaml }}" + multipathd: "{{ lookup('template', 'container_defs/multipathd.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - multipathd: "{{ lookup('template', 'kolla_multipathd.yaml.j2') | from_yaml }}" + multipathd: "{{ lookup('template', 'kolla_config/kolla_multipathd.yaml.j2') | from_yaml }}" register: manage_multipathd_stat - name: Check if the multipathd container restart is required diff --git a/roles/edpm_multipathd/templates/multipathd.yaml.j2 b/roles/edpm_multipathd/templates/container_defs/multipathd.yaml.j2 similarity index 100% rename from roles/edpm_multipathd/templates/multipathd.yaml.j2 rename to roles/edpm_multipathd/templates/container_defs/multipathd.yaml.j2 diff --git a/roles/edpm_multipathd/templates/kolla_multipathd.yaml.j2 b/roles/edpm_multipathd/templates/kolla_config/kolla_multipathd.yaml.j2 similarity index 100% rename from roles/edpm_multipathd/templates/kolla_multipathd.yaml.j2 rename to roles/edpm_multipathd/templates/kolla_config/kolla_multipathd.yaml.j2 diff --git a/roles/edpm_neutron_dhcp/defaults/main.yml b/roles/edpm_neutron_dhcp/defaults/main.yml index 573c5f428..d710352c4 100644 --- a/roles/edpm_neutron_dhcp/defaults/main.yml +++ b/roles/edpm_neutron_dhcp/defaults/main.yml @@ -28,7 +28,7 @@ edpm_neutron_dhcp_images_download_delay: "{{ edpm_download_delay | default(60) } edpm_neutron_dhcp_images_download_retries: "{{ edpm_download_retries | default(5) }}" edpm_neutron_dhcp_agent_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_dhcp_service_name }}" -edpm_neutron_dhcp_agent_config_dir: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" +edpm_neutron_dhcp_agent_config_dir: "/var/lib/openstack/neutron-dhcp-agent" edpm_neutron_dhcp_agent_lib_dir: "/var/lib/neutron" edpm_neutron_dhcp_image: "quay.io/podified-antelope-centos9/openstack-neutron-dhcp-agent:current-podified" diff --git a/roles/edpm_neutron_dhcp/templates/kolla_config/neutron_dhcp_agent.yaml.j2 b/roles/edpm_neutron_dhcp/files/kolla_config/neutron_dhcp_agent.yaml similarity index 100% rename from roles/edpm_neutron_dhcp/templates/kolla_config/neutron_dhcp_agent.yaml.j2 rename to roles/edpm_neutron_dhcp/files/kolla_config/neutron_dhcp_agent.yaml diff --git a/roles/edpm_neutron_dhcp/meta/argument_specs.yml b/roles/edpm_neutron_dhcp/meta/argument_specs.yml index 354ce3ceb..189d01326 100644 --- a/roles/edpm_neutron_dhcp/meta/argument_specs.yml +++ b/roles/edpm_neutron_dhcp/meta/argument_specs.yml @@ -19,7 +19,7 @@ argument_specs: agent configs. type: str edpm_neutron_dhcp_agent_config_dir: - default: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + default: "/var/lib/openstack/neutron-dhcp-agent" description: | The path to the directory containing Neutron DHCP agent config files. diff --git a/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py b/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py index 3920ee3ad..f1d0363c0 100644 --- a/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py +++ b/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py @@ -104,8 +104,8 @@ def test_required_directories_was_created(self): "/var/lib/neutron", "/var/lib/neutron/external/pids/", "/var/lib/neutron/ns-metadata-proxy/", - "/var/lib/openstack/config/containers", - "/var/lib/config-data/ansible-generated/neutron-dhcp-agent"]: + "/var/lib/edpm-config/container-startup-config", + "/var/lib/openstack/neutron-dhcp-agent"]: assert self.host.file(directory).is_directory def test_kolla_config_file_was_created(self): @@ -114,7 +114,7 @@ def test_kolla_config_file_was_created(self): def test_neutron_dhcp_agent_conf_was_copied_into_container(self): assert self.host.file( - "/var/lib/config-data/ansible-generated/neutron-dhcp-agent/" + "/var/lib/openstack/neutron-dhcp-agent/" "10-neutron-dhcp.conf" ).exists @@ -234,6 +234,6 @@ def test_dnsmasq_sidecar_container(self): def test_service_host_is_fqdn(self): assert "edpm-0.localdomain" in self.host.run( - "cat /var/lib/config-data/ansible-generated/" + "cat /var/lib/openstack/" "neutron-dhcp-agent/01-neutron-dhcp-agent.conf" ).stdout diff --git a/roles/edpm_neutron_dhcp/tasks/configure.yml b/roles/edpm_neutron_dhcp/tasks/configure.yml index 8d3dd140a..72cdf2a5e 100644 --- a/roles/edpm_neutron_dhcp/tasks/configure.yml +++ b/roles/edpm_neutron_dhcp/tasks/configure.yml @@ -23,9 +23,9 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"} - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-dhcp-agent.conf.j2", "dest": "01-neutron-dhcp-agent.conf"} + - {"src": "config/neutron.conf.j2", "dest": "01-neutron.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-dhcp-agent.conf.j2", "dest": "01-neutron-dhcp-agent.conf"} tags: - configure - neutron diff --git a/roles/edpm_neutron_dhcp/tasks/install.yml b/roles/edpm_neutron_dhcp/tasks/install.yml index b68ce264e..2adef6eae 100644 --- a/roles/edpm_neutron_dhcp/tasks/install.yml +++ b/roles/edpm_neutron_dhcp/tasks/install.yml @@ -32,7 +32,7 @@ group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - - {'path': "/var/lib/openstack/config/containers", "mode": "0750"} + - {'path': "/var/lib/edpm-config/container-startup-config", "mode": "0750"} - {'path': "/var/lib/neutron", "mode": "0750"} - {'path': "{{ edpm_neutron_dhcp_agent_config_dir }}", "mode": "0755"} - {'path': "{{ edpm_neutron_dhcp_agent_lib_dir }}", "mode": "0755"} @@ -46,8 +46,8 @@ - name: Render neutron-dhcp-agent container become: true ansible.builtin.template: - src: "neutron_dhcp_agent.yaml.j2" - dest: "/var/lib/openstack/config/containers/neutron_dhcp_agent.yaml" + src: "container_defs/neutron_dhcp_agent.yaml.j2" + dest: "/var/lib/edpm-config/container-startup-config/neutron_dhcp_agent.yaml" setype: "container_file_t" mode: "0644" notify: diff --git a/roles/edpm_neutron_dhcp/tasks/run.yml b/roles/edpm_neutron_dhcp/tasks/run.yml index 4b3d36e16..127f83693 100644 --- a/roles/edpm_neutron_dhcp/tasks/run.yml +++ b/roles/edpm_neutron_dhcp/tasks/run.yml @@ -39,6 +39,6 @@ vars: edpm_container_standalone_service: neutron_dhcp edpm_container_standalone_container_defs: - neutron_dhcp_agent: "{{ lookup('template', 'neutron_dhcp_agent.yaml.j2') | from_yaml }}" + neutron_dhcp_agent: "{{ lookup('template', 'container_defs/neutron_dhcp_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - neutron_dhcp_agent: "{{ lookup('template', 'kolla_config/neutron_dhcp_agent.yaml.j2') | from_yaml }}" + neutron_dhcp_agent: "{{ lookup('file', 'kolla_config/neutron_dhcp_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_dhcp/tasks/update.yml b/roles/edpm_neutron_dhcp/tasks/update.yml new file mode 100644 index 000000000..7960158a3 --- /dev/null +++ b/roles/edpm_neutron_dhcp/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_dhcp + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_dhcp_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_dhcp + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + register: edpm_neutron_dhcp_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_dhcp + become: true + when: + - edpm_neutron_dhcp_old_config_dir.stat.exists + - edpm_neutron_dhcp_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + file_type: file + recurse: false + register: edpm_neutron_dhcp_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_dhcp_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_dhcp_old_config_files.files }}" + when: + - edpm_neutron_dhcp_old_config_files.files is defined + - edpm_neutron_dhcp_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + state: absent diff --git a/roles/edpm_neutron_dhcp/templates/neutron-dhcp-agent.conf.j2 b/roles/edpm_neutron_dhcp/templates/config/neutron-dhcp-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/neutron-dhcp-agent.conf.j2 rename to roles/edpm_neutron_dhcp/templates/config/neutron-dhcp-agent.conf.j2 diff --git a/roles/edpm_neutron_dhcp/templates/neutron.conf.j2 b/roles/edpm_neutron_dhcp/templates/config/neutron.conf.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/neutron.conf.j2 rename to roles/edpm_neutron_dhcp/templates/config/neutron.conf.j2 diff --git a/roles/edpm_neutron_dhcp/templates/rootwrap.conf.j2 b/roles/edpm_neutron_dhcp/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_dhcp/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_dhcp/templates/neutron_dhcp_agent.yaml.j2 b/roles/edpm_neutron_dhcp/templates/container_defs/neutron_dhcp_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/neutron_dhcp_agent.yaml.j2 rename to roles/edpm_neutron_dhcp/templates/container_defs/neutron_dhcp_agent.yaml.j2 diff --git a/roles/edpm_neutron_metadata/defaults/main.yml b/roles/edpm_neutron_metadata/defaults/main.yml index 876c5a2c8..4b6adbcdd 100644 --- a/roles/edpm_neutron_metadata/defaults/main.yml +++ b/roles/edpm_neutron_metadata/defaults/main.yml @@ -11,7 +11,7 @@ edpm_neutron_metadata_images_download_delay: "{{ edpm_download_delay | default(6 edpm_neutron_metadata_images_download_retries: "{{ edpm_download_retries | default(5) }}" edpm_neutron_metadata_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_metadata_service_name }}" -edpm_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent +edpm_neutron_metadata_agent_config_dir: /var/lib/openstack/neutron-ovn-metadata-agent edpm_neutron_metadata_agent_lib_dir: "/var/lib/neutron" edpm_neutron_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified" diff --git a/roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/files/kolla_config/kolla_ovn_metadata_agent.yaml similarity index 100% rename from roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/files/kolla_config/kolla_ovn_metadata_agent.yaml diff --git a/roles/edpm_neutron_metadata/meta/argument_specs.yml b/roles/edpm_neutron_metadata/meta/argument_specs.yml index b40626ed5..c44f4466b 100644 --- a/roles/edpm_neutron_metadata/meta/argument_specs.yml +++ b/roles/edpm_neutron_metadata/meta/argument_specs.yml @@ -114,7 +114,7 @@ argument_specs: elements: str type: list edpm_neutron_metadata_agent_config_dir: - default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent + default: /var/lib/openstack/neutron-ovn-metadata-agent description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.' type: str edpm_neutron_metadata_agent_sidecar_debug: diff --git a/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py b/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py index 49c405c12..e93d7351e 100644 --- a/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py +++ b/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py @@ -98,7 +98,7 @@ def _find_haproxy_process(self, network_id): def test_neutron_metadata_conf_was_copied_into_container(self): assert self.host.file( - "/var/lib/config-data/ansible-generated/" + "/var/lib/openstack/" "neutron-ovn-metadata-agent/10-neutron-metadata.conf" ).exists diff --git a/roles/edpm_neutron_metadata/tasks/configure.yml b/roles/edpm_neutron_metadata/tasks/configure.yml index c8442981d..a892a7bab 100644 --- a/roles/edpm_neutron_metadata/tasks/configure.yml +++ b/roles/edpm_neutron_metadata/tasks/configure.yml @@ -23,8 +23,8 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} - name: Discover secrets in {{ edpm_neutron_metadata_config_src }} ansible.builtin.find: diff --git a/roles/edpm_neutron_metadata/tasks/run.yml b/roles/edpm_neutron_metadata/tasks/run.yml index 565d9271d..df7af1b83 100644 --- a/roles/edpm_neutron_metadata/tasks/run.yml +++ b/roles/edpm_neutron_metadata/tasks/run.yml @@ -42,6 +42,6 @@ vars: edpm_container_standalone_service: ovn_metadata_agent edpm_container_standalone_container_defs: - ovn_metadata_agent: "{{ lookup('template', 'ovn_metadata_agent.yaml.j2') | from_yaml }}" + ovn_metadata_agent: "{{ lookup('template', 'container_defs/ovn_metadata_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_metadata_agent: "{{ lookup('template', 'kolla_ovn_metadata_agent.yaml.j2') | from_yaml }}" + ovn_metadata_agent: "{{ lookup('file', 'kolla_config/kolla_ovn_metadata_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_metadata/tasks/update.yml b/roles/edpm_neutron_metadata/tasks/update.yml new file mode 100644 index 000000000..87a4ddc0c --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_metadata + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_metadata_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_metadata + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent" + register: edpm_neutron_metadata_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_metadata + become: true + when: + - edpm_neutron_metadata_old_config_dir.stat.exists + - edpm_neutron_metadata_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent" + file_type: file + recurse: false + register: edpm_neutron_metadata_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_metadata_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_metadata_old_config_files.files }}" + when: + - edpm_neutron_metadata_old_config_files.files is defined + - edpm_neutron_metadata_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent" + state: absent diff --git a/roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 b/roles/edpm_neutron_metadata/templates/config/neutron-ovn-metadata-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 rename to roles/edpm_neutron_metadata/templates/config/neutron-ovn-metadata-agent.conf.j2 diff --git a/roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 b/roles/edpm_neutron_metadata/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_metadata/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/templates/container_defs/ovn_metadata_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/templates/container_defs/ovn_metadata_agent.yaml.j2 diff --git a/roles/edpm_neutron_ovn/defaults/main.yml b/roles/edpm_neutron_ovn/defaults/main.yml index 2df8bc44e..70d17a7fb 100644 --- a/roles/edpm_neutron_ovn/defaults/main.yml +++ b/roles/edpm_neutron_ovn/defaults/main.yml @@ -11,7 +11,7 @@ edpm_neutron_ovn_images_download_delay: "{{ edpm_download_delay | default(60) }} edpm_neutron_ovn_images_download_retries: "{{ edpm_download_retries | default(5) }}" edpm_neutron_ovn_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_ovn_service_name }}" -edpm_neutron_ovn_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-agent +edpm_neutron_ovn_agent_config_dir: /var/lib/openstack/neutron-ovn-agent edpm_neutron_ovn_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-ovn-agent:current-podified" diff --git a/roles/edpm_neutron_ovn/templates/kolla_ovn_agent.yaml.j2 b/roles/edpm_neutron_ovn/files/kolla_config/kolla_ovn_agent.yaml similarity index 100% rename from roles/edpm_neutron_ovn/templates/kolla_ovn_agent.yaml.j2 rename to roles/edpm_neutron_ovn/files/kolla_config/kolla_ovn_agent.yaml diff --git a/roles/edpm_neutron_ovn/meta/argument_specs.yml b/roles/edpm_neutron_ovn/meta/argument_specs.yml index ae7d60cad..b1b701423 100644 --- a/roles/edpm_neutron_ovn/meta/argument_specs.yml +++ b/roles/edpm_neutron_ovn/meta/argument_specs.yml @@ -95,6 +95,6 @@ argument_specs: agent configs. type: str edpm_neutron_ovn_agent_config_dir: - default: /var/lib/config-data/ansible-generated/neutron-ovn-agent + default: /var/lib/openstack/neutron-ovn-agent description: 'The directory that contains configuration files for Neutron OVN Agent.' type: str diff --git a/roles/edpm_neutron_ovn/molecule/default/verify.yml b/roles/edpm_neutron_ovn/molecule/default/verify.yml index 6fbc4be3b..8404c6b69 100644 --- a/roles/edpm_neutron_ovn/molecule/default/verify.yml +++ b/roles/edpm_neutron_ovn/molecule/default/verify.yml @@ -11,7 +11,7 @@ - name: ovn-agent config file exists become: true ansible.builtin.stat: - path: "/var/lib/config-data/ansible-generated/neutron-ovn-agent/10-neutron-ovn.conf" + path: "/var/lib/openstack/neutron-ovn-agent/10-neutron-ovn.conf" register: ovn_agent_config - name: assert that the config exists @@ -26,7 +26,7 @@ - name: Slurp host specific config ansible.builtin.slurp: - src: /var/lib/config-data/ansible-generated/neutron-ovn-agent/01-neutron-ovn-agent.conf + src: /var/lib/openstack/neutron-ovn-agent/01-neutron-ovn-agent.conf register: host_specific_config - name: Assert that host is rendered into the host specific config diff --git a/roles/edpm_neutron_ovn/tasks/configure.yml b/roles/edpm_neutron_ovn/tasks/configure.yml index 0e8fda5f8..4535c098b 100644 --- a/roles/edpm_neutron_ovn/tasks/configure.yml +++ b/roles/edpm_neutron_ovn/tasks/configure.yml @@ -31,8 +31,8 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-ovn-agent.conf.j2", "dest": "01-neutron-ovn-agent.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-ovn-agent.conf.j2", "dest": "01-neutron-ovn-agent.conf"} - name: Discover secrets in {{ edpm_neutron_ovn_config_src }} ansible.builtin.find: diff --git a/roles/edpm_neutron_ovn/tasks/run.yml b/roles/edpm_neutron_ovn/tasks/run.yml index 49a82a045..3757711f0 100644 --- a/roles/edpm_neutron_ovn/tasks/run.yml +++ b/roles/edpm_neutron_ovn/tasks/run.yml @@ -38,6 +38,6 @@ vars: edpm_container_standalone_service: ovn_agent edpm_container_standalone_container_defs: - ovn_agent: "{{ lookup('template', 'ovn_agent.yaml.j2') | from_yaml }}" + ovn_agent: "{{ lookup('template', 'container_defs/ovn_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_agent: "{{ lookup('template', 'kolla_ovn_agent.yaml.j2') | from_yaml }}" + ovn_agent: "{{ lookup('file', 'kolla_config/kolla_ovn_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_ovn/tasks/update.yml b/roles/edpm_neutron_ovn/tasks/update.yml new file mode 100644 index 000000000..a9edb0f53 --- /dev/null +++ b/roles/edpm_neutron_ovn/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_ovn + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_ovn_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_ovn + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-agent" + register: edpm_neutron_ovn_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_ovn + become: true + when: + - edpm_neutron_ovn_old_config_dir.stat.exists + - edpm_neutron_ovn_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-ovn-agent" + file_type: file + recurse: false + register: edpm_neutron_ovn_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_ovn_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_ovn_old_config_files.files }}" + when: + - edpm_neutron_ovn_old_config_files.files is defined + - edpm_neutron_ovn_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-agent" + state: absent diff --git a/roles/edpm_neutron_ovn/templates/neutron-ovn-agent.conf.j2 b/roles/edpm_neutron_ovn/templates/config/neutron-ovn-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_ovn/templates/neutron-ovn-agent.conf.j2 rename to roles/edpm_neutron_ovn/templates/config/neutron-ovn-agent.conf.j2 diff --git a/roles/edpm_neutron_ovn/templates/rootwrap.conf.j2 b/roles/edpm_neutron_ovn/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_ovn/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_ovn/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_ovn/templates/ovn_agent.yaml.j2 b/roles/edpm_neutron_ovn/templates/container_defs/ovn_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_ovn/templates/ovn_agent.yaml.j2 rename to roles/edpm_neutron_ovn/templates/container_defs/ovn_agent.yaml.j2 diff --git a/roles/edpm_neutron_sriov/defaults/main.yml b/roles/edpm_neutron_sriov/defaults/main.yml index bfd768163..f34d0e6da 100644 --- a/roles/edpm_neutron_sriov/defaults/main.yml +++ b/roles/edpm_neutron_sriov/defaults/main.yml @@ -28,7 +28,7 @@ edpm_neutron_sriov_images_download_retries: "{{ edpm_download_retries | default( # All variables within this role should have a prefix of "edpm_neutron_sriov_agent" edpm_neutron_sriov_agent_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_sriov_service_name }}" -edpm_neutron_sriov_agent_config_dir: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" +edpm_neutron_sriov_agent_config_dir: "/var/lib/openstack/neutron-sriov-agent" edpm_neutron_sriov_image: "quay.io/podified-antelope-centos9/openstack-neutron-sriov-agent:current-podified" edpm_neutron_sriov_common_volumes: diff --git a/roles/edpm_neutron_sriov/templates/kolla_config/neutron_sriov_agent.yaml.j2 b/roles/edpm_neutron_sriov/files/kolla_config/kolla_neutron_sriov_agent.yaml similarity index 100% rename from roles/edpm_neutron_sriov/templates/kolla_config/neutron_sriov_agent.yaml.j2 rename to roles/edpm_neutron_sriov/files/kolla_config/kolla_neutron_sriov_agent.yaml diff --git a/roles/edpm_neutron_sriov/meta/argument_specs.yml b/roles/edpm_neutron_sriov/meta/argument_specs.yml index 447311546..4169823b8 100644 --- a/roles/edpm_neutron_sriov/meta/argument_specs.yml +++ b/roles/edpm_neutron_sriov/meta/argument_specs.yml @@ -19,7 +19,7 @@ argument_specs: agent configs. type: str edpm_neutron_sriov_agent_config_dir: - default: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + default: "/var/lib/openstack/neutron-sriov-agent" description: | The path to the directory containing Neutron SRIOV NIC agent config files. diff --git a/roles/edpm_neutron_sriov/molecule/default/verify.yml b/roles/edpm_neutron_sriov/molecule/default/verify.yml index 3fa411c09..c7f972ff0 100644 --- a/roles/edpm_neutron_sriov/molecule/default/verify.yml +++ b/roles/edpm_neutron_sriov/molecule/default/verify.yml @@ -12,9 +12,9 @@ ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - "/var/lib/neutron" - - "/var/lib/openstack/config/containers" + - "/var/lib/edpm-config/container-startup-config" - "/var/lib/kolla/config_files/neutron_sriov_agent.json" - - "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + - "/var/lib/openstack/neutron-sriov-agent" - name: ensure systemd services are defined and functional ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_systemd_unit.yaml" @@ -31,7 +31,7 @@ - name: sriov config file exists become: true ansible.builtin.stat: - path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent/10-neutron-sriov.conf" + path: "/var/lib/openstack/neutron-sriov-agent/10-neutron-sriov.conf" register: sriov_config - name: assert that the config exists @@ -46,7 +46,7 @@ - name: Slurp host specific config ansible.builtin.slurp: - src: /var/lib/config-data/ansible-generated/neutron-sriov-agent/01-neutron-sriov-agent.conf + src: /var/lib/openstack/neutron-sriov-agent/01-neutron-sriov-agent.conf register: host_specific_config - name: Assert that host is rendered into the host specific config diff --git a/roles/edpm_neutron_sriov/tasks/configure.yml b/roles/edpm_neutron_sriov/tasks/configure.yml index 7e745a467..53501bf05 100644 --- a/roles/edpm_neutron_sriov/tasks/configure.yml +++ b/roles/edpm_neutron_sriov/tasks/configure.yml @@ -23,9 +23,9 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"} - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-sriov-agent.conf.j2", "dest": "01-neutron-sriov-agent.conf"} + - {"src": "config/neutron.conf.j2", "dest": "01-neutron.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-sriov-agent.conf.j2", "dest": "01-neutron-sriov-agent.conf"} tags: - configure - neutron diff --git a/roles/edpm_neutron_sriov/tasks/install.yml b/roles/edpm_neutron_sriov/tasks/install.yml index 8e3370234..290b6b683 100644 --- a/roles/edpm_neutron_sriov/tasks/install.yml +++ b/roles/edpm_neutron_sriov/tasks/install.yml @@ -32,21 +32,16 @@ group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - - {'path': "/var/lib/openstack/config/containers", "mode": "0755", "owner": "{{ ansible_user }}", "group": "{{ ansible_user }}"} - - {'path': "/var/lib/neutron", "mode": "0750"} - - {'path': "{{ edpm_neutron_sriov_agent_config_dir }}", "mode": "0755", "owner": "{{ ansible_user }}", "group": "{{ ansible_user }}"} - tags: - - install - - neutron - -- name: Render neutron-sriov-agent container - ansible.builtin.template: - src: "neutron_sriov_agent.yaml.j2" - dest: "/var/lib/openstack/config/containers/neutron_sriov_agent.yaml" - setype: "container_file_t" - mode: "0644" - notify: - - Restart neutron-sriov-agent + - path: "/var/lib/edpm-config/container-startup-config/neutron-sriov-agent" + mode: "0755" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + - path: "/var/lib/neutron" + mode: "0750" + - path: "{{ edpm_neutron_sriov_agent_config_dir }}" + mode: "0755" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" tags: - install - neutron diff --git a/roles/edpm_neutron_sriov/tasks/run.yml b/roles/edpm_neutron_sriov/tasks/run.yml index 4b264fd16..a220c894f 100644 --- a/roles/edpm_neutron_sriov/tasks/run.yml +++ b/roles/edpm_neutron_sriov/tasks/run.yml @@ -39,6 +39,6 @@ vars: edpm_container_standalone_service: neutron_sriov_agent edpm_container_standalone_container_defs: - neutron_sriov_agent: "{{ lookup('template', 'neutron_sriov_agent.yaml.j2') | from_yaml }}" + neutron_sriov_agent: "{{ lookup('template', 'container_defs/neutron_sriov_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - neutron_sriov_agent: "{{ lookup('template', 'kolla_config/neutron_sriov_agent.yaml.j2') | from_yaml }}" + neutron_sriov_agent: "{{ lookup('file', 'files/kolla_config/kolla_neutron_sriov_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_sriov/tasks/update.yml b/roles/edpm_neutron_sriov/tasks/update.yml new file mode 100644 index 000000000..0ee43d746 --- /dev/null +++ b/roles/edpm_neutron_sriov/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_sriov + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_sriov_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_sriov + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + register: edpm_neutron_sriov_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_sriov + become: true + when: + - edpm_neutron_sriov_old_config_dir.stat.exists + - edpm_neutron_sriov_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + file_type: file + recurse: false + register: edpm_neutron_sriov_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_sriov_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_sriov_old_config_files.files }}" + when: + - edpm_neutron_sriov_old_config_files.files is defined + - edpm_neutron_sriov_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + state: absent diff --git a/roles/edpm_neutron_sriov/templates/neutron-sriov-agent.conf.j2 b/roles/edpm_neutron_sriov/templates/config/neutron-sriov-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/neutron-sriov-agent.conf.j2 rename to roles/edpm_neutron_sriov/templates/config/neutron-sriov-agent.conf.j2 diff --git a/roles/edpm_neutron_sriov/templates/neutron.conf.j2 b/roles/edpm_neutron_sriov/templates/config/neutron.conf.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/neutron.conf.j2 rename to roles/edpm_neutron_sriov/templates/config/neutron.conf.j2 diff --git a/roles/edpm_neutron_sriov/templates/rootwrap.conf.j2 b/roles/edpm_neutron_sriov/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_sriov/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2 b/roles/edpm_neutron_sriov/templates/container_defs/neutron_sriov_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2 rename to roles/edpm_neutron_sriov/templates/container_defs/neutron_sriov_agent.yaml.j2 diff --git a/roles/edpm_nova/defaults/main.yml b/roles/edpm_nova/defaults/main.yml index 3590ab577..ee8daa7cb 100644 --- a/roles/edpm_nova/defaults/main.yml +++ b/roles/edpm_nova/defaults/main.yml @@ -28,8 +28,8 @@ edpm_nova_image_download_retries: "{{ edpm_download_retries | default(5) }}" # Note that the src dir is in the AEE container but the # dest dir is on the target host -edpm_nova_config_src: /var/lib/openstack/configs -edpm_nova_config_dest: /var/lib/openstack/config/nova +edpm_nova_config_src: /var/lib/openstack/configs/{{ edpm_nova_service_name }} +edpm_nova_config_dest: /var/lib/openstack/{{ edpm_nova_service_name }} edpm_nova_compute_image: "quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified" # Libvirt TLS @@ -58,8 +58,9 @@ edpm_nova_old_tripleo_compute_sevices: edpm_nova_extra_bind_mounts: [] # NVMe cleaner config -edpm_nova_nvme_cleaner_config_dest: /var/lib/openstack/config/nova_nvme_cleaner edpm_nova_nvme_cleaner_command: "/usr/share/openstack-nova/contrib/clean-on-delete" edpm_nova_nvme_cleaner_args: "--nvme" # make cleaner optional edpm_nova_enable_nvme_cleaner: false + +edpm_nova_nvme_cleaner_config_dest: /var/lib/openstack/nova_nvme_cleaner diff --git a/roles/edpm_nova/files/kolla_config/nova_compute.yaml b/roles/edpm_nova/files/kolla_config/nova_compute.yaml new file mode 100644 index 000000000..a3062f45b --- /dev/null +++ b/roles/edpm_nova/files/kolla_config/nova_compute.yaml @@ -0,0 +1,43 @@ +command: nova-compute +config_files: + - source: /var/lib/kolla/config_files/src/nova-blank.conf + dest: /etc/nova/nova.conf + owner: nova + perm: "0600" + - source: /var/lib/kolla/config_files/src/*nova*.conf + dest: /etc/nova/nova.conf.d/ + owner: nova + perm: "0600" + - source: /var/lib/kolla/config_files/src/ceph + dest: /etc/ceph + owner: nova + perm: "0700" + optional: true + - source: /var/lib/kolla/config_files/src/ssh-privatekey + dest: /var/lib/nova/.ssh/ + owner: nova + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/ssh-config + dest: /var/lib/nova/.ssh/config + owner: nova + perm: "0600" + - source: /var/lib/kolla/config_files/src/provider*.yaml + dest: /etc/nova/provider_config/ + owner: nova + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/run-on-host + dest: /usr/sbin/iscsiadm + owner: root:root + perm: "0755" +permissions: + - path: /etc/ceph/* + owner: nova:nova + perm: "0600" + - path: /var/lib/nova/.ssh/ + owner: nova:nova + perm: "0700" + - path: /var/lib/nova/.ssh/* + owner: nova:nova + perm: "0600" diff --git a/roles/edpm_nova/templates/nova-blank.conf b/roles/edpm_nova/files/nova-blank.conf similarity index 100% rename from roles/edpm_nova/templates/nova-blank.conf rename to roles/edpm_nova/files/nova-blank.conf diff --git a/roles/edpm_nova/templates/nova_statedir_ownership.py b/roles/edpm_nova/files/nova_statedir_ownership.py similarity index 100% rename from roles/edpm_nova/templates/nova_statedir_ownership.py rename to roles/edpm_nova/files/nova_statedir_ownership.py diff --git a/roles/edpm_nova/templates/run-on-host b/roles/edpm_nova/files/run-on-host similarity index 100% rename from roles/edpm_nova/templates/run-on-host rename to roles/edpm_nova/files/run-on-host diff --git a/roles/edpm_nova/templates/ssh-config b/roles/edpm_nova/files/ssh-config similarity index 100% rename from roles/edpm_nova/templates/ssh-config rename to roles/edpm_nova/files/ssh-config diff --git a/roles/edpm_nova/meta/argument_specs.yml b/roles/edpm_nova/meta/argument_specs.yml index 1e2b8e540..8bfa43175 100644 --- a/roles/edpm_nova/meta/argument_specs.yml +++ b/roles/edpm_nova/meta/argument_specs.yml @@ -14,14 +14,14 @@ argument_specs: description: The number of retries for failed download tasks edpm_nova_config_src: type: str - default: /var/lib/openstack/config + default: /var/lib/openstack/configs/{{ edpm_nova_service_name }} description: | The path to the directory containing the nova config files in the ansibleEE container. This is the directory where all configmaps containing nova config files are mounted. edpm_nova_config_dest: type: str - default: /var/lib/openstack/config/nova + default: /var/lib/openstack/{{ edpm_nova_service_name }} description: | The path to the directory where the nova config files will be rendered on the compute node. diff --git a/roles/edpm_nova/molecule/default/prepare.yml b/roles/edpm_nova/molecule/default/prepare.yml index 2fcd7fb71..4c3fd5dfe 100644 --- a/roles/edpm_nova/molecule/default/prepare.yml +++ b/roles/edpm_nova/molecule/default/prepare.yml @@ -178,12 +178,12 @@ group: "{{ item.group | default(ansible_user) }}" mode: "{{ item.mode | default(omit) }}" loop: - - {"path": "/var/lib/openstack/config/nova", "mode": "0755"} + - {"path": "/var/lib/openstack/nova", "mode": "0755"} - name: Create a test file to be deleted become: true ansible.builtin.file: - path: '/var/lib/openstack/config/nova/test.conf' + path: '/var/lib/openstack/nova/test.conf' state: touch mode: 0644 diff --git a/roles/edpm_nova/molecule/default/verify.yml b/roles/edpm_nova/molecule/default/verify.yml index 9dc7d9b6f..ed013a96b 100644 --- a/roles/edpm_nova/molecule/default/verify.yml +++ b/roles/edpm_nova/molecule/default/verify.yml @@ -7,7 +7,7 @@ vars: test_helper_dir: "../../../../molecule/test-helpers" edpm_nova_tls_ca_src_dir: /tmp/pki - edpm_nova_config_dest: /var/lib/openstack/config/nova + edpm_nova_config_dest: /var/lib/openstack/nova tasks: - name: ensure expected directories exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" @@ -15,13 +15,12 @@ # common directories - "/etc/tmpfiles.d/" - "/var/lib/openstack" - - "/var/lib/openstack/config/containers" - "/etc/ssh/ssh_known_hosts" # extrenal deps - "/var/lib/openstack/config/ceph" # nova directories - "/var/lib/nova" - - "/var/lib/openstack/config/nova" + - "{{ edpm_nova_config_dest }}" - "/var/lib/_nova_secontext" - "/var/lib/nova/instances" # NOTE(sean-k-mooney): this directory is normaly created by the edpm_install_cert role @@ -39,10 +38,14 @@ - name: ensure nova config mounts are present for both nova_compute and nova_nvme_cleaner containers ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_mounts.yaml" loop: - - { "name": "nova_compute", "src": "{{ edpm_nova_config_dest }}", - "dest": "/var/lib/kolla/config_files", "options": "ro" } - - { "name": "nova_nvme_cleaner", "src": "{{ edpm_nova_config_dest }}", - "dest": "/var/lib/kolla/config_files/nova_shared", "options": "ro" } + - name: "nova_compute" + src: "{{ edpm_nova_config_dest }}" + dest: "/var/lib/kolla/config_files/src" + options: "ro" + - name: "nova_nvme_cleaner" + src: "{{ edpm_nova_config_dest }}" + dest: "/var/lib/kolla/config_files/src/nova_shared" + options: "ro" - name: ensure nvme cleaner container has /dev mounted ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_mounts.yaml" @@ -68,7 +71,7 @@ - name: read nvme cleaner kolla config become: true ansible.builtin.slurp: - src: /var/lib/openstack/config/nova_nvme_cleaner/config.json + src: /var/lib/kolla/config_files/nova_nvme_cleaner.json register: cleaner_kolla_cfg - name: parse nvme cleaner kolla config @@ -99,17 +102,17 @@ ansible.builtin.shell: | podman logs nova_compute 2>&1 | grep "{{item}}" > /dev/null loop: - - "Copying /var/lib/kolla/config_files/nova-blank.conf to /etc/nova/nova.conf" - - "Copying /var/lib/kolla/config_files/01-nova.conf to /etc/nova/nova.conf.d/01-nova.conf" - - "Copying /var/lib/kolla/config_files/ssh-config to /var/lib/nova/.ssh/config" - - "Copying /var/lib/kolla/config_files/ssh-privatekey to /var/lib/nova/.ssh/ssh-privatekey" - - "Copying /var/lib/kolla/config_files/02-nova-host-specific.conf to /etc/nova/nova.conf.d/02-nova-host-specific.conf" - - "Copying /var/lib/kolla/config_files/provider1.yaml to /etc/nova/provider_config/provider1.yaml" - - "Copying /var/lib/kolla/config_files/run-on-host to /usr/sbin/iscsiadm" + - "Copying /var/lib/kolla/config_files/src/nova-blank.conf to /etc/nova/nova.conf" + - "Copying /var/lib/kolla/config_files/src/01-nova.conf to /etc/nova/nova.conf.d/01-nova.conf" + - "Copying /var/lib/kolla/config_files/src/ssh-config to /var/lib/nova/.ssh/config" + - "Copying /var/lib/kolla/config_files/src/ssh-privatekey to /var/lib/nova/.ssh/ssh-privatekey" + - "Copying /var/lib/kolla/config_files/src/02-nova-host-specific.conf to /etc/nova/nova.conf.d/02-nova-host-specific.conf" + - "Copying /var/lib/kolla/config_files/src/provider1.yaml to /etc/nova/provider_config/provider1.yaml" + - "Copying /var/lib/kolla/config_files/src/run-on-host to /usr/sbin/iscsiadm" - name: slurp host specific config ansible.builtin.slurp: - src: /var/lib/openstack/config/nova/02-nova-host-specific.conf + src: "{{ edpm_nova_config_dest }}/02-nova-host-specific.conf" register: host_specific_config - name: Assert that my_ip is rendered into the host specific config @@ -180,10 +183,10 @@ - name: Check if after sync old file is removed ansible.builtin.stat: - path: '/var/lib/openstack/config/nova/test.conf' + path: '/var/lib/openstack/nova/test.conf' register: nova_host_specific_conf - - name: Assert that /var/lib/openstack/config/nova/test.conf file does not exist + - name: Assert that /var/lib/openstack/nova/test.conf file does not exist ansible.builtin.assert: that: - "not nova_host_specific_conf.stat.exists" diff --git a/roles/edpm_nova/tasks/configure.yml b/roles/edpm_nova/tasks/configure.yml index 2d132b368..2fed87c4d 100644 --- a/roles/edpm_nova/tasks/configure.yml +++ b/roles/edpm_nova/tasks/configure.yml @@ -86,9 +86,7 @@ mode: "{{ item.mode | default(omit) }}" loop: - {"path": "{{ edpm_nova_config_dest }}", "mode": "0755"} - - {"path": "/var/lib/openstack/config/containers", "mode": "0755"} - {"path": "{{ edpm_nova_nvme_cleaner_config_dest }}", "mode": "0755"} - - name: Create persistent directories tags: - configure @@ -165,9 +163,8 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "config.json.j2", "dest": "config.json"} - - {"src": "nova-blank.conf", "dest": "nova-blank.conf"} - - {"src": "ssh-config", "dest": "ssh-config"} + - {"src": "files/nova-blank.conf", "dest": "nova-blank.conf"} + - {"src": "files/ssh-config", "dest": "ssh-config"} # NOTE(gibi): This is unfortunate as we would like to avoid config # generation in ansible. This config is only needed to specify the IP # address of the node nova-compute should use. Right now this is hardcoded @@ -179,27 +176,13 @@ # remove this host specific configuration in the future (not earlier than # openstack Caracal) # https://blueprints.launchpad.net/nova/+spec/libvirt-migrate-with-hostname-instead-of-ip - - {"src": "02-nova-host-specific.conf.j2", "dest": "02-nova-host-specific.conf"} - - {"src": "nova_statedir_ownership.py", "dest": "nova_statedir_ownership.py"} - - {"src": "run-on-host", "dest": "run-on-host"} + - {"src": "config/02-nova-host-specific.conf.j2", "dest": "02-nova-host-specific.conf"} + - {"src": "files/nova_statedir_ownership.py", "dest": "nova_statedir_ownership.py"} + - {"src": "files/run-on-host", "dest": "run-on-host"} notify: - Restart nova init - Restart nova - -- name: Render nvme cleaner config files - when: edpm_nova_enable_nvme_cleaner - tags: - - configure - - nova - ansible.builtin.template: - src: "nova_nvme_cleaner_config.json.j2" - dest: "{{ edpm_nova_nvme_cleaner_config_dest }}/config.json" - setype: "container_file_t" - mode: "0644" - notify: - - Restart nova - - name: Create .ssh directory for the nova user on the host become: true ansible.builtin.file: diff --git a/roles/edpm_nova/tasks/install.yml b/roles/edpm_nova/tasks/install.yml index c30ba7d42..f6ebf0925 100644 --- a/roles/edpm_nova/tasks/install.yml +++ b/roles/edpm_nova/tasks/install.yml @@ -5,70 +5,31 @@ path: "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -- name: Render nova container - tags: - - install - - nova - ansible.builtin.template: - src: "nova_compute.json.j2" - dest: "/var/lib/openstack/config/containers/nova_compute.json" - setype: "container_file_t" - mode: "0644" - vars: - ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - notify: - - Restart nova - -- name: Render nova init container - tags: - - install - - nova - ansible.builtin.template: - src: "nova_compute_init.json.j2" - dest: "/var/lib/openstack/config/containers/nova_compute_init.json" - setype: "container_file_t" - mode: "0700" - notify: - - Restart nova init - - name: Deploy nova init container tags: - install - nova ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: '/var/lib/openstack/config/containers' - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: 'nova_compute_init.json' - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "nova_compute_init" + edpm_container_standalone_container_defs: + nova_compute_init: "{{ lookup('template', 'container_defs/nova_compute_init.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" -- name: Deploy nova container +- name: Deploy nova compute container tags: - install - nova ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage - vars: - edpm_container_manage_config: '/var/lib/openstack/config/containers' - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: 'nova_compute.json' - edpm_container_manage_clean_orphans: false - -- name: Render nvme cleaner container - when: edpm_nova_enable_nvme_cleaner - tags: - - install - - nova - ansible.builtin.template: - src: "nova_nvme_cleaner.json.j2" - dest: "/var/lib/openstack/config/containers/nova_nvme_cleaner.json" - setype: "container_file_t" - mode: "0644" + name: osp.edpm.edpm_container_standalone vars: + edpm_container_standalone_service: "nova_compute" + edpm_container_standalone_container_defs: + nova_compute: "{{ lookup('template', 'container_defs/nova_compute.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + nova_compute: "{{ lookup('file', 'files/kolla_config/nova_compute.yaml') | from_yaml }}" ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - notify: - - Restart nova - name: Deploy nvme cleaner container when: edpm_nova_enable_nvme_cleaner @@ -76,12 +37,14 @@ - install - nova ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: '/var/lib/openstack/config/containers' - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: 'nova_nvme_cleaner.json' - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "nova_nvme_cleaner" + edpm_container_standalone_container_defs: + nova_nvme_cleaner: "{{ lookup('template', 'container_defs/nova_nvme_cleaner.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + nova_nvme_cleaner: "{{ lookup('template', 'kolla_config/nova_nvme_cleaner.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - name: Remove nvme cleaner when disabled when: not edpm_nova_enable_nvme_cleaner diff --git a/roles/edpm_nova/tasks/update.yml b/roles/edpm_nova/tasks/update.yml index 4cd11f988..408e21f58 100644 --- a/roles/edpm_nova/tasks/update.yml +++ b/roles/edpm_nova/tasks/update.yml @@ -1,15 +1,124 @@ --- -- name: Render newly introduced nova config files +- name: Ensure new config directory exists tags: - update - nova - ansible.builtin.template: + become: true + ansible.builtin.file: + path: "{{ edpm_nova_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - nova + ansible.builtin.stat: + path: "/var/lib/openstack/config/nova" + register: edpm_nova_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - nova + become: true + when: + - edpm_nova_old_config_dir.stat.exists + - edpm_nova_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/nova" + file_type: file + recurse: true + register: edpm_nova_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_nova_config_dest }}/{{ item.path | regex_replace('^.*/config/nova/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_nova_old_config_files.files }}" + when: + - edpm_nova_old_config_files.files is defined + - edpm_nova_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/nova" + state: absent + +- name: Ensure nvme_cleaner config directory exists + tags: + - update + - nova + become: true + ansible.builtin.file: + path: "{{ edpm_nova_nvme_cleaner_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old nvme_cleaner config directory exists + tags: + - update + - nova + ansible.builtin.stat: + path: "/var/lib/openstack/config/nova_nvme_cleaner" + register: edpm_nova_old_nvme_cleaner_config_dir + +- name: Move nvme_cleaner config files from old location to new location + tags: + - update + - nova + become: true + when: + - edpm_nova_old_nvme_cleaner_config_dir.stat.exists + - edpm_nova_old_nvme_cleaner_config_dir.stat.isdir + block: + - name: Find nvme_cleaner config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/nova_nvme_cleaner" + file_type: file + recurse: true + register: edpm_nova_old_nvme_cleaner_config_files + + - name: Copy nvme_cleaner config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_nova_nvme_cleaner_config_dest }}/{{ item.path | regex_replace('^.*/config/nova_nvme_cleaner/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_nova_old_nvme_cleaner_config_files.files }}" + when: + - edpm_nova_old_nvme_cleaner_config_files.files is defined + - edpm_nova_old_nvme_cleaner_config_files.files | length > 0 + + - name: Remove old nvme_cleaner config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/nova_nvme_cleaner" + state: absent + +- name: Copy newly introduced nova config files + tags: + - update + - nova + ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ edpm_nova_config_dest }}/{{ item.dest }}" setype: "container_file_t" mode: "0644" loop: - {"src": "nova_statedir_ownership.py", "dest": "nova_statedir_ownership.py"} + - {"src": "run-on-host", "dest": "run-on-host"} - name: Run LVM bootstrap tasks tags: diff --git a/roles/edpm_nova/templates/config.json.j2 b/roles/edpm_nova/templates/config.json.j2 deleted file mode 100644 index 657f469e2..000000000 --- a/roles/edpm_nova/templates/config.json.j2 +++ /dev/null @@ -1,67 +0,0 @@ -{ - "command": "nova-compute", - "config_files": [ - { - "source": "/var/lib/kolla/config_files/nova-blank.conf", - "dest": "/etc/nova/nova.conf", - "owner": "nova", - "perm": "0600" - }, - { - "source": "/var/lib/kolla/config_files/*nova*.conf", - "dest": "/etc/nova/nova.conf.d/", - "owner": "nova", - "perm": "0600" - }, - { - "source": "/var/lib/kolla/config_files/ceph", - "dest": "/etc/ceph", - "owner": "nova", - "perm": "0700", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/ssh-privatekey", - "dest": "/var/lib/nova/.ssh/", - "owner": "nova", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/ssh-config", - "dest": "/var/lib/nova/.ssh/config", - "owner": "nova", - "perm": "0600" - }, - { - "source": "/var/lib/kolla/config_files/provider*.yaml", - "dest": "/etc/nova/provider_config/", - "owner": "nova", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/run-on-host", - "dest": "/usr/sbin/iscsiadm", - "owner": "root:root", - "perm": "0755" - } - ], - "permissions": [ - { - "path": "/etc/ceph/*", - "owner": "nova:nova", - "perm:": "0600" - }, - { - "path": "/var/lib/nova/.ssh/", - "owner": "nova:nova", - "perm:": "0700" - }, - { - "path": "/var/lib/nova/.ssh/*", - "owner": "nova:nova", - "perm:": "0600" - } - ] -} diff --git a/roles/edpm_nova/templates/02-nova-host-specific.conf.j2 b/roles/edpm_nova/templates/config/02-nova-host-specific.conf.j2 similarity index 100% rename from roles/edpm_nova/templates/02-nova-host-specific.conf.j2 rename to roles/edpm_nova/templates/config/02-nova-host-specific.conf.j2 diff --git a/roles/edpm_nova/templates/container_defs/nova_compute.yaml.j2 b/roles/edpm_nova/templates/container_defs/nova_compute.yaml.j2 new file mode 100644 index 000000000..4f88d0252 --- /dev/null +++ b/roles/edpm_nova/templates/container_defs/nova_compute.yaml.j2 @@ -0,0 +1,31 @@ +image: "{{ edpm_nova_compute_image }}" +privileged: true +user: nova +restart: always +command: kolla_start +net: host +pid: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS +volumes: + - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro + - "{{ edpm_nova_config_dest }}:/var/lib/kolla/config_files/src:ro" +{% if ca_bundle_exists|bool %} + - "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /dev:/dev + - /var/lib/libvirt:/var/lib/libvirt + - /run/libvirt:/run/libvirt:shared + - /var/lib/nova:/var/lib/nova:shared + - /var/lib/iscsi:/var/lib/iscsi + - /etc/multipath:/etc/multipath:z + - /etc/multipath.conf:/etc/multipath.conf:ro + - /etc/iscsi:/etc/iscsi:ro + - /etc/nvme:/etc/nvme + - /var/lib/openstack/config/ceph:/var/lib/kolla/config_files/src/ceph:ro + - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro +{% for bind_mount in edpm_nova_extra_bind_mounts %} + - "{{ bind_mount.src }}:{{ bind_mount.dest }}:{{ bind_mount.options | default('ro') }}" +{% endfor %} diff --git a/roles/edpm_nova/templates/container_defs/nova_compute_init.yaml.j2 b/roles/edpm_nova/templates/container_defs/nova_compute_init.yaml.j2 new file mode 100644 index 000000000..0423711b7 --- /dev/null +++ b/roles/edpm_nova/templates/container_defs/nova_compute_init.yaml.j2 @@ -0,0 +1,17 @@ +image: "{{ edpm_nova_compute_image }}" +privileged: false +user: root +restart: never +command: "bash -c $* -- eval python3 /sbin/nova_statedir_ownership.py | logger -t nova_compute_init" +net: none +security_opt: + - label=disable +detach: false +environment: + NOVA_STATEDIR_OWNERSHIP_SKIP: /var/lib/nova/compute_id + __OS_DEBUG: false +volumes: + - /dev/log:/dev/log + - /var/lib/nova:/var/lib/nova:shared + - /var/lib/_nova_secontext:/var/lib/_nova_secontext:shared,z + - "{{ edpm_nova_config_dest }}/nova_statedir_ownership.py:/sbin/nova_statedir_ownership.py:z" diff --git a/roles/edpm_nova/templates/container_defs/nova_nvme_cleaner.yaml.j2 b/roles/edpm_nova/templates/container_defs/nova_nvme_cleaner.yaml.j2 new file mode 100644 index 000000000..4ca339a93 --- /dev/null +++ b/roles/edpm_nova/templates/container_defs/nova_nvme_cleaner.yaml.j2 @@ -0,0 +1,16 @@ +image: "{{ edpm_nova_compute_image }}" +privileged: true +user: root +restart: always +command: kolla_start +net: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS +volumes: +{% if ca_bundle_exists|bool %} + - /var/lib/kolla/config_files/nova_nvme_cleaner.json:/var/lib/kolla/config_files/config.json:ro + - "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} + - "{{ edpm_nova_config_dest }}:/var/lib/kolla/config_files/src/nova_shared:ro" + - /dev:/dev + - /etc/nvme:/etc/nvme diff --git a/roles/edpm_nova/templates/kolla_config/nova_nvme_cleaner.yaml.j2 b/roles/edpm_nova/templates/kolla_config/nova_nvme_cleaner.yaml.j2 new file mode 100644 index 000000000..6e8bdf6f4 --- /dev/null +++ b/roles/edpm_nova/templates/kolla_config/nova_nvme_cleaner.yaml.j2 @@ -0,0 +1,12 @@ +command: "{{ edpm_nova_nvme_cleaner_command }} {{ edpm_nova_nvme_cleaner_args }}" +config_files: + - source: /var/lib/kolla/config_files/src/nova_shared/nova-blank.conf + dest: /etc/nova/nova.conf + owner: nova + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/nova_shared/*nova*.conf + dest: /etc/nova/nova.conf.d/ + owner: nova + perm: "0600" + optional: true diff --git a/roles/edpm_nova/templates/nova_compute_init.json.j2 b/roles/edpm_nova/templates/nova_compute_init.json.j2 deleted file mode 100644 index 2b81e6bf2..000000000 --- a/roles/edpm_nova/templates/nova_compute_init.json.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{ - "image": "{{ edpm_nova_compute_image }}", - "privileged": false, - "user": "root", - "restart": "never", - "command": "bash -c $* -- eval python3 /sbin/nova_statedir_ownership.py | logger -t nova_compute_init", - "net": "none", - "security_opt": ["label=disable"], - "detach": false, - "environment": { - "NOVA_STATEDIR_OWNERSHIP_SKIP": "/var/lib/nova/compute_id", - "__OS_DEBUG": false - }, - "volumes": [ - "/dev/log:/dev/log", - "/var/lib/nova:/var/lib/nova:shared", - "/var/lib/_nova_secontext:/var/lib/_nova_secontext:shared,z", - "/var/lib/openstack/config/nova/nova_statedir_ownership.py:/sbin/nova_statedir_ownership.py:z" - ] -} diff --git a/roles/edpm_nova/templates/nova_nvme_cleaner.json.j2 b/roles/edpm_nova/templates/nova_nvme_cleaner.json.j2 deleted file mode 100644 index 48881c980..000000000 --- a/roles/edpm_nova/templates/nova_nvme_cleaner.json.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{ - "image": "{{ edpm_nova_compute_image }}", - "privileged": true, - "user": "root", - "restart": "always", - "command": "kolla_start", - "net": "host", - "environment": { - "KOLLA_CONFIG_STRATEGY":"COPY_ALWAYS" - }, - "volumes": [ - "{{ edpm_nova_nvme_cleaner_config_dest }}:/var/lib/kolla/config_files:ro", -{% if ca_bundle_exists|bool %} - "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% endif %} - "{{ edpm_nova_config_dest }}:/var/lib/kolla/config_files/nova_shared:ro", - "/dev:/dev", - "/etc/nvme:/etc/nvme" - ] -} diff --git a/roles/edpm_nova/templates/nova_nvme_cleaner_config.json.j2 b/roles/edpm_nova/templates/nova_nvme_cleaner_config.json.j2 deleted file mode 100644 index 6c8e92f85..000000000 --- a/roles/edpm_nova/templates/nova_nvme_cleaner_config.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "command": "{{ edpm_nova_nvme_cleaner_command }} {{ edpm_nova_nvme_cleaner_args }}", - "config_files": [ - { - "source": "/var/lib/kolla/config_files/nova_shared/nova-blank.conf", - "dest": "/etc/nova/nova.conf", - "owner": "nova", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/nova_shared/*nova*.conf", - "dest": "/etc/nova/nova.conf.d/", - "owner": "nova", - "perm": "0600", - "optional": true - } - ] -} diff --git a/roles/edpm_ovn/tasks/run.yml b/roles/edpm_ovn/tasks/run.yml index 7fec6937f..fafc64961 100644 --- a/roles/edpm_ovn/tasks/run.yml +++ b/roles/edpm_ovn/tasks/run.yml @@ -42,6 +42,6 @@ vars: edpm_container_standalone_service: ovn_controller edpm_container_standalone_container_defs: - ovn_controller: "{{ lookup('template', 'ovn_controller.yaml.j2') | from_yaml }}" + ovn_controller: "{{ lookup('template', 'container_defs/ovn_controller.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_controller: "{{ lookup('template', 'kolla_ovn_controller.yaml.j2') | from_yaml }}" + ovn_controller: "{{ lookup('template', 'kolla_config/kolla_ovn_controller.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_ovn/templates/ovn_controller.yaml.j2 b/roles/edpm_ovn/templates/container_defs/ovn_controller.yaml.j2 similarity index 100% rename from roles/edpm_ovn/templates/ovn_controller.yaml.j2 rename to roles/edpm_ovn/templates/container_defs/ovn_controller.yaml.j2 diff --git a/roles/edpm_ovn/templates/kolla_ovn_controller.yaml.j2 b/roles/edpm_ovn/templates/kolla_config/kolla_ovn_controller.yaml.j2 similarity index 100% rename from roles/edpm_ovn/templates/kolla_ovn_controller.yaml.j2 rename to roles/edpm_ovn/templates/kolla_config/kolla_ovn_controller.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/defaults/main.yml b/roles/edpm_ovn_bgp_agent/defaults/main.yml index 8f784b882..467080f59 100644 --- a/roles/edpm_ovn_bgp_agent/defaults/main.yml +++ b/roles/edpm_ovn_bgp_agent/defaults/main.yml @@ -31,7 +31,7 @@ edpm_ovn_bgp_agent_private_key: /etc/pki/tls/private/ovndb.key edpm_ovn_bgp_agent_certificate: /etc/pki/tls/certs/ovndb.crt edpm_ovn_bgp_agent_ca_cert: /etc/pki/tls/certs/ovndbca.crt edpm_ovn_bgp_agent_internal_tls_enable: "{{ edpm_tls_certs_enabled | default(False) }}" -edpm_ovn_bgp_agent_config_basedir: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" +edpm_ovn_bgp_agent_config_basedir: "/var/lib/openstack/ovn-bgp-agent" edpm_ovn_bgp_agent_config_src: "/var/lib/openstack/configs/{{ edpm_ovn_bgp_agent_service_name }}" edpm_ovn_bgp_agent_bgp_as: 64999 edpm_ovn_bgp_agent_clear_vrf_routes_on_startup: false diff --git a/roles/edpm_ovn_bgp_agent/templates/kolla_config/ovn_bgp_agent.yaml.j2 b/roles/edpm_ovn_bgp_agent/files/kolla_config/ovn_bgp_agent.yaml similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/kolla_config/ovn_bgp_agent.yaml.j2 rename to roles/edpm_ovn_bgp_agent/files/kolla_config/ovn_bgp_agent.yaml diff --git a/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml b/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml index df3dcfa19..0fa63ff84 100644 --- a/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml +++ b/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml @@ -47,7 +47,7 @@ argument_specs: edpm_ovn_bgp_agent_config_basedir: description: Location of BGP agent configuration base directory. type: path - default: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + default: "/var/lib/openstack/ovn-bgp-agent" edpm_ovn_bgp_agent_bgp_as: description: BGP Autonomous System number type: int @@ -134,7 +134,7 @@ argument_specs: - /dev/log:/dev/log - /etc/iproute2:/etc/iproute2 - /var/lib/kolla/config_files/ovn_bgp_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ansible-generated/ovn-bgp-agent:/var/lib/kolla/config_files/src:ro + - /var/lib/openstack/ovn-bgp-agent:/var/lib/kolla/config_files/src:ro - /run/frr:/run/frr:shared,z - /run/openvswitch:/run/openvswitch:shared,z diff --git a/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml b/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml index a5fb4feb2..5e9884638 100644 --- a/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml +++ b/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml @@ -8,7 +8,7 @@ - name: ensure expected directories exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - - "/var/lib/config-data/ansible-generated/ovn-bgp-agent/etc/ovn-bgp-agent/bgp-agent.conf" + - "/var/lib/openstack/ovn-bgp-agent/etc/ovn-bgp-agent/bgp-agent.conf" - "/var/lib/edpm-config/container-startup-config/ovn_bgp_agent" - name: ensure podman container exists and are running diff --git a/roles/edpm_ovn_bgp_agent/tasks/configure.yml b/roles/edpm_ovn_bgp_agent/tasks/configure.yml index b4e241943..262930e22 100644 --- a/roles/edpm_ovn_bgp_agent/tasks/configure.yml +++ b/roles/edpm_ovn_bgp_agent/tasks/configure.yml @@ -23,7 +23,7 @@ block: - name: Render OVN BGP agent config files ansible.builtin.template: - src: ovn-bgp-agent.conf.j2 + src: config/ovn-bgp-agent.conf.j2 dest: "{{ edpm_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/bgp-agent.conf" mode: "0644" selevel: s0 diff --git a/roles/edpm_ovn_bgp_agent/tasks/run.yml b/roles/edpm_ovn_bgp_agent/tasks/run.yml index be7378975..bee00e574 100644 --- a/roles/edpm_ovn_bgp_agent/tasks/run.yml +++ b/roles/edpm_ovn_bgp_agent/tasks/run.yml @@ -38,6 +38,6 @@ vars: edpm_container_standalone_service: ovn_bgp_agent edpm_container_standalone_container_defs: - ovn_bgp_agent: "{{ lookup('template', 'ovn_bgp_agent.yaml.j2') | from_yaml }}" + ovn_bgp_agent: "{{ lookup('template', 'container_defs/ovn_bgp_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_bgp_agent: "{{ lookup('template', 'templates/kolla_config/ovn_bgp_agent.yaml.j2') | from_yaml }}" + ovn_bgp_agent: "{{ lookup('file', 'kolla_config/ovn_bgp_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml b/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml index deb18e4f3..6e5000d5c 100644 --- a/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml +++ b/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml @@ -38,9 +38,9 @@ vars: edpm_container_standalone_service: nb_db_server edpm_container_standalone_container_defs: - nb_db_server: "{{ lookup('template', 'nb_db_server.yaml.j2') | from_yaml }}" + nb_db_server: "{{ lookup('template', 'container_defs/nb_db_server.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - nb_db_server: "{{ lookup('template', 'templates/kolla_config/nb_db_server.yaml.j2') | from_yaml }}" + nb_db_server: "{{ lookup('template', 'kolla_config/nb_db_server.yaml.j2') | from_yaml }}" - name: Run SB DB container ansible.builtin.include_role: @@ -48,9 +48,9 @@ vars: edpm_container_standalone_service: sb_db_server edpm_container_standalone_container_defs: - sb_db_server: "{{ lookup('template', 'sb_db_server.yaml.j2') | from_yaml }}" + sb_db_server: "{{ lookup('template', 'container_defs/sb_db_server.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - sb_db_server: "{{ lookup('template', 'templates/kolla_config/sb_db_server.yaml.j2') | from_yaml }}" + sb_db_server: "{{ lookup('template', 'kolla_config/sb_db_server.yaml.j2') | from_yaml }}" - name: Run northd container ansible.builtin.include_role: @@ -58,9 +58,9 @@ vars: edpm_container_standalone_service: northd edpm_container_standalone_container_defs: - northd: "{{ lookup('template', 'northd.yaml.j2') | from_yaml }}" + northd: "{{ lookup('template', 'container_defs/northd.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - northd: "{{ lookup('template', 'templates/kolla_config/northd.yaml.j2') | from_yaml }}" + northd: "{{ lookup('template', 'kolla_config/northd.yaml.j2') | from_yaml }}" - name: Run ovn_controller container ansible.builtin.include_role: @@ -68,6 +68,6 @@ vars: edpm_container_standalone_service: bgp_ovn_controller edpm_container_standalone_container_defs: - bgp_ovn_controller: "{{ lookup('template', 'bgp_ovn_controller.yaml.j2') | from_yaml }}" + bgp_ovn_controller: "{{ lookup('template', 'container_defs/bgp_ovn_controller.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - bgp_ovn_controller: "{{ lookup('template', 'templates/kolla_config/bgp_ovn_controller.yaml.j2') | from_yaml }}" + bgp_ovn_controller: "{{ lookup('template', 'kolla_config/bgp_ovn_controller.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_ovn_bgp_agent/tasks/update.yml b/roles/edpm_ovn_bgp_agent/tasks/update.yml new file mode 100644 index 000000000..3bc3621ef --- /dev/null +++ b/roles/edpm_ovn_bgp_agent/tasks/update.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - ovn_bgp_agent + become: true + ansible.builtin.file: + path: "{{ edpm_ovn_bgp_agent_config_basedir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Ensure config subdirectory exists + tags: + - update + - ovn_bgp_agent + become: true + ansible.builtin.file: + path: "{{ edpm_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - ovn_bgp_agent + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + register: edpm_ovn_bgp_agent_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - ovn_bgp_agent + become: true + when: + - edpm_ovn_bgp_agent_old_config_dir.stat.exists + - edpm_ovn_bgp_agent_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + file_type: file + recurse: true + register: edpm_ovn_bgp_agent_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_ovn_bgp_agent_config_basedir }}/{{ item.path | regex_replace('^.*/ovn-bgp-agent/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_ovn_bgp_agent_old_config_files.files }}" + when: + - edpm_ovn_bgp_agent_old_config_files.files is defined + - edpm_ovn_bgp_agent_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + state: absent diff --git a/roles/edpm_ovn_bgp_agent/templates/ovn-bgp-agent.conf.j2 b/roles/edpm_ovn_bgp_agent/templates/config/ovn-bgp-agent.conf.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/ovn-bgp-agent.conf.j2 rename to roles/edpm_ovn_bgp_agent/templates/config/ovn-bgp-agent.conf.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/bgp_ovn_controller.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/bgp_ovn_controller.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/bgp_ovn_controller.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/bgp_ovn_controller.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/nb_db_server.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/nb_db_server.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/nb_db_server.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/nb_db_server.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/northd.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/northd.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/northd.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/northd.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/ovn_bgp_agent.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/ovn_bgp_agent.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/ovn_bgp_agent.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/ovn_bgp_agent.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/sb_db_server.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/sb_db_server.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/sb_db_server.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/sb_db_server.yaml.j2 diff --git a/roles/edpm_reboot/defaults/main.yaml b/roles/edpm_reboot/defaults/main.yaml index 37fe38ff1..75bbd8877 100644 --- a/roles/edpm_reboot/defaults/main.yaml +++ b/roles/edpm_reboot/defaults/main.yaml @@ -19,6 +19,6 @@ edpm_reboot_strategy: auto edpm_reboot_old_tripleo_node_config_dir: /var/lib/config-data/puppet-generated -edpm_reboot_edpm_node_config_dir: /var/lib/openstack/config +edpm_reboot_edpm_node_config_dir: /var/lib/openstack edpm_reboot_timeout_reboot: 3600 edpm_reboot_post_reboot_delay: 60 diff --git a/roles/edpm_reboot/meta/argument_specs.yml b/roles/edpm_reboot/meta/argument_specs.yml index fa4a2418e..55b08aa62 100644 --- a/roles/edpm_reboot/meta/argument_specs.yml +++ b/roles/edpm_reboot/meta/argument_specs.yml @@ -17,7 +17,7 @@ argument_specs: description: Path to check for tripleo pre-adopted nodes edpm_reboot_edpm_node_config_dir: type: path - default: /var/lib/openstack/config + default: /var/lib/openstack description: Path for storing configuration of edpm nodes. This should be synced with edpm-ansible roles. edpm_reboot_timeout_reboot: type: int diff --git a/roles/edpm_reboot/molecule/default/prepare.yml b/roles/edpm_reboot/molecule/default/prepare.yml index 6122529b1..4f75a954a 100644 --- a/roles/edpm_reboot/molecule/default/prepare.yml +++ b/roles/edpm_reboot/molecule/default/prepare.yml @@ -29,13 +29,13 @@ tasks: - name: Create nova config directory ansible.builtin.file: - path: /var/lib/openstack/config/nova + path: /var/lib/openstack/nova state: directory mode: "0775" - name: Create nova.conf ansible.builtin.copy: - dest: /var/lib/openstack/config/nova/01-nova.conf + dest: /var/lib/openstack/nova/01-nova.conf mode: "0644" owner: root group: root diff --git a/roles/edpm_swift/defaults/main.yml b/roles/edpm_swift/defaults/main.yml index 3c9282a9b..4de5fa64f 100644 --- a/roles/edpm_swift/defaults/main.yml +++ b/roles/edpm_swift/defaults/main.yml @@ -28,7 +28,7 @@ edpm_swift_images_download_retries: "{{ edpm_download_retries | default(5) }}" # Note that the src dir is in the AEE container but the # dest dir is on the target host edpm_swift_config_src: /var/lib/openstack/configs -edpm_swift_config_dest: /var/lib/openstack/config/swift +edpm_swift_config_dest: /var/lib/openstack/swift # We don't deploy the proxy service, but the image is used by some of the # storage services, thus defining it here too @@ -43,7 +43,7 @@ edpm_swift_storage_volumes: - /srv/node:/srv/node - /dev:/dev - /var/cache/swift:/var/cache/swift - - /var/lib/openstack/config/swift:/var/lib/kolla/config_files/src:ro + - "{{ edpm_swift_config_dest }}:/var/lib/kolla/config_files/src:ro" edpm_swift_account_auditor_volumes: - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro diff --git a/roles/edpm_swift/templates/kolla_config/rsync.yaml.j2 b/roles/edpm_swift/files/kolla_config/rsync.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/rsync.yaml.j2 rename to roles/edpm_swift/files/kolla_config/rsync.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_auditor.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_auditor.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_auditor.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_auditor.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_reaper.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_reaper.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_reaper.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_reaper.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_replicator.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_replicator.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_replicator.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_replicator.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_server.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_server.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_server.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_server.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_auditor.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_auditor.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_auditor.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_auditor.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_replicator.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_replicator.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_replicator.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_replicator.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_server.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_server.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_server.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_server.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_updater.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_updater.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_updater.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_updater.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_auditor.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_auditor.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_auditor.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_auditor.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_expirer.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_expirer.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_expirer.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_expirer.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_replicator.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_replicator.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_replicator.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_replicator.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_server.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_server.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_server.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_server.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_updater.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_updater.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_updater.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_updater.yaml diff --git a/roles/edpm_swift/tasks/run.yml b/roles/edpm_swift/tasks/run.yml index 39bb9422a..9732a184b 100644 --- a/roles/edpm_swift/tasks/run.yml +++ b/roles/edpm_swift/tasks/run.yml @@ -25,32 +25,32 @@ vars: edpm_container_standalone_service: swift edpm_container_standalone_container_defs: - swift_account_auditor: "{{ lookup('template', 'templates/swift_account_auditor.yaml.j2') | from_yaml }}" - swift_account_reaper: "{{ lookup('template', 'templates/swift_account_reaper.yaml.j2') | from_yaml }}" - swift_account_replicator: "{{ lookup('template', 'templates/swift_account_replicator.yaml.j2') | from_yaml }}" - swift_account_server: "{{ lookup('template', 'templates/swift_account_server.yaml.j2') | from_yaml }}" - swift_container_auditor: "{{ lookup('template', 'templates/swift_container_auditor.yaml.j2') | from_yaml }}" - swift_container_replicator: "{{ lookup('template', 'templates/swift_container_replicator.yaml.j2') | from_yaml }}" - swift_container_server: "{{ lookup('template', 'templates/swift_container_server.yaml.j2') | from_yaml }}" - swift_container_updater: "{{ lookup('template', 'templates/swift_container_updater.yaml.j2') | from_yaml }}" - swift_object_auditor: "{{ lookup('template', 'templates/swift_object_auditor.yaml.j2') | from_yaml }}" - swift_object_expirer: "{{ lookup('template', 'templates/swift_object_expirer.yaml.j2') | from_yaml }}" - swift_object_replicator: "{{ lookup('template', 'templates/swift_object_replicator.yaml.j2') | from_yaml }}" - swift_object_server: "{{ lookup('template', 'templates/swift_object_server.yaml.j2') | from_yaml }}" - swift_object_updater: "{{ lookup('template', 'templates/swift_object_updater.yaml.j2') | from_yaml }}" - rsync: "{{ lookup('template', 'templates/rsync.yaml.j2') | from_yaml }}" + swift_account_auditor: "{{ lookup('template', 'container_defs/swift_account_auditor.yaml.j2') | from_yaml }}" + swift_account_reaper: "{{ lookup('template', 'container_defs/swift_account_reaper.yaml.j2') | from_yaml }}" + swift_account_replicator: "{{ lookup('template', 'container_defs/swift_account_replicator.yaml.j2') | from_yaml }}" + swift_account_server: "{{ lookup('template', 'container_defs/swift_account_server.yaml.j2') | from_yaml }}" + swift_container_auditor: "{{ lookup('template', 'container_defs/swift_container_auditor.yaml.j2') | from_yaml }}" + swift_container_replicator: "{{ lookup('template', 'container_defs/swift_container_replicator.yaml.j2') | from_yaml }}" + swift_container_server: "{{ lookup('template', 'container_defs/swift_container_server.yaml.j2') | from_yaml }}" + swift_container_updater: "{{ lookup('template', 'container_defs/swift_container_updater.yaml.j2') | from_yaml }}" + swift_object_auditor: "{{ lookup('template', 'container_defs/swift_object_auditor.yaml.j2') | from_yaml }}" + swift_object_expirer: "{{ lookup('template', 'container_defs/swift_object_expirer.yaml.j2') | from_yaml }}" + swift_object_replicator: "{{ lookup('template', 'container_defs/swift_object_replicator.yaml.j2') | from_yaml }}" + swift_object_server: "{{ lookup('template', 'container_defs/swift_object_server.yaml.j2') | from_yaml }}" + swift_object_updater: "{{ lookup('template', 'container_defs/swift_object_updater.yaml.j2') | from_yaml }}" + rsync: "{{ lookup('template', 'container_defs/rsync.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - swift_account_auditor: "{{ lookup('template', 'templates/kolla_config/swift_account_auditor.yaml.j2') | from_yaml }}" - swift_account_reaper: "{{ lookup('template', 'templates/kolla_config/swift_account_reaper.yaml.j2') | from_yaml }}" - swift_account_replicator: "{{ lookup('template', 'templates/kolla_config/swift_account_replicator.yaml.j2') | from_yaml }}" - swift_account_server: "{{ lookup('template', 'templates/kolla_config/swift_account_server.yaml.j2') | from_yaml }}" - swift_container_auditor: "{{ lookup('template', 'templates/kolla_config/swift_container_auditor.yaml.j2') | from_yaml }}" - swift_container_replicator: "{{ lookup('template', 'templates/kolla_config/swift_container_replicator.yaml.j2') | from_yaml }}" - swift_container_server: "{{ lookup('template', 'templates/kolla_config/swift_container_server.yaml.j2') | from_yaml }}" - swift_container_updater: "{{ lookup('template', 'templates/kolla_config/swift_container_updater.yaml.j2') | from_yaml }}" - swift_object_auditor: "{{ lookup('template', 'templates/kolla_config/swift_object_auditor.yaml.j2') | from_yaml }}" - swift_object_expirer: "{{ lookup('template', 'templates/kolla_config/swift_object_expirer.yaml.j2') | from_yaml }}" - swift_object_replicator: "{{ lookup('template', 'templates/kolla_config/swift_object_replicator.yaml.j2') | from_yaml }}" - swift_object_server: "{{ lookup('template', 'templates/kolla_config/swift_object_server.yaml.j2') | from_yaml }}" - swift_object_updater: "{{ lookup('template', 'templates/kolla_config/swift_object_updater.yaml.j2') | from_yaml }}" - rsync: "{{ lookup('template', 'templates/kolla_config/rsync.yaml.j2') | from_yaml }}" + swift_account_auditor: "{{ lookup('file', 'kolla_config/swift_account_auditor.yaml') | from_yaml }}" + swift_account_reaper: "{{ lookup('file', 'kolla_config/swift_account_reaper.yaml') | from_yaml }}" + swift_account_replicator: "{{ lookup('file', 'kolla_config/swift_account_replicator.yaml') | from_yaml }}" + swift_account_server: "{{ lookup('file', 'kolla_config/swift_account_server.yaml') | from_yaml }}" + swift_container_auditor: "{{ lookup('file', 'kolla_config/swift_container_auditor.yaml') | from_yaml }}" + swift_container_replicator: "{{ lookup('file', 'kolla_config/swift_container_replicator.yaml') | from_yaml }}" + swift_container_server: "{{ lookup('file', 'kolla_config/swift_container_server.yaml') | from_yaml }}" + swift_container_updater: "{{ lookup('file', 'kolla_config/swift_container_updater.yaml') | from_yaml }}" + swift_object_auditor: "{{ lookup('file', 'kolla_config/swift_object_auditor.yaml') | from_yaml }}" + swift_object_expirer: "{{ lookup('file', 'kolla_config/swift_object_expirer.yaml') | from_yaml }}" + swift_object_replicator: "{{ lookup('file', 'kolla_config/swift_object_replicator.yaml') | from_yaml }}" + swift_object_server: "{{ lookup('file', 'kolla_config/swift_object_server.yaml') | from_yaml }}" + swift_object_updater: "{{ lookup('file', 'kolla_config/swift_object_updater.yaml') | from_yaml }}" + rsync: "{{ lookup('file', 'kolla_config/rsync.yaml') | from_yaml }}" diff --git a/roles/edpm_swift/tasks/update.yml b/roles/edpm_swift/tasks/update.yml new file mode 100644 index 000000000..38d2c4be3 --- /dev/null +++ b/roles/edpm_swift/tasks/update.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - swift + become: true + ansible.builtin.file: + path: "{{ edpm_swift_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - swift + ansible.builtin.stat: + path: "/var/lib/openstack/config/swift" + register: edpm_swift_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - swift + become: true + when: + - edpm_swift_old_config_dir.stat.exists + - edpm_swift_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/swift" + file_type: file + recurse: true + register: edpm_swift_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_swift_config_dest }}/{{ item.path | regex_replace('^.*/config/swift/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_swift_old_config_files.files }}" + when: + - edpm_swift_old_config_files.files is defined + - edpm_swift_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/swift" + state: absent diff --git a/roles/edpm_swift/templates/rsync.yaml.j2 b/roles/edpm_swift/templates/config/rsync.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/rsync.yaml.j2 rename to roles/edpm_swift/templates/config/rsync.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_auditor.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_auditor.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_auditor.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_auditor.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_reaper.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_reaper.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_reaper.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_reaper.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_replicator.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_replicator.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_replicator.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_replicator.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_server.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_server.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_server.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_server.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_auditor.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_auditor.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_auditor.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_auditor.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_replicator.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_replicator.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_replicator.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_replicator.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_server.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_server.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_server.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_server.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_updater.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_updater.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_updater.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_updater.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_auditor.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_auditor.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_auditor.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_auditor.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_expirer.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_expirer.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_expirer.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_expirer.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_replicator.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_replicator.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_replicator.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_replicator.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_server.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_server.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_server.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_server.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_updater.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_updater.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_updater.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_updater.yaml.j2 diff --git a/roles/edpm_telemetry/defaults/main.yml b/roles/edpm_telemetry/defaults/main.yml index a1ca80f96..e6afc9ccd 100644 --- a/roles/edpm_telemetry/defaults/main.yml +++ b/roles/edpm_telemetry/defaults/main.yml @@ -21,7 +21,7 @@ edpm_telemetry_service_name: telemetry # Directory in the ansibleEE container edpm_telemetry_config_src: "/var/lib/openstack/configs/{{ edpm_telemetry_service_name }}" # Directory in the compute node -edpm_telemetry_config_dest: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" +edpm_telemetry_config_dest: "/var/lib/openstack/{{ edpm_telemetry_service_name }}" # Image to use for node_exporter edpm_telemetry_node_exporter_image: quay.io/prometheus/node-exporter:v1.5.0 # Image to use for podman_exporter diff --git a/roles/edpm_telemetry/templates/ceilometer_prom_exporter.yaml.j2 b/roles/edpm_telemetry/files/ceilometer_prom_exporter.yaml similarity index 100% rename from roles/edpm_telemetry/templates/ceilometer_prom_exporter.yaml.j2 rename to roles/edpm_telemetry/files/ceilometer_prom_exporter.yaml diff --git a/roles/edpm_telemetry/templates/firewall.yaml.j2 b/roles/edpm_telemetry/files/firewall.yaml similarity index 100% rename from roles/edpm_telemetry/templates/firewall.yaml.j2 rename to roles/edpm_telemetry/files/firewall.yaml diff --git a/roles/edpm_telemetry/files/kolla_config/ceilometer_agent_compute.yaml b/roles/edpm_telemetry/files/kolla_config/ceilometer_agent_compute.yaml new file mode 100644 index 000000000..461ac349d --- /dev/null +++ b/roles/edpm_telemetry/files/kolla_config/ceilometer_agent_compute.yaml @@ -0,0 +1,20 @@ +command: /usr/bin/ceilometer-polling --polling-namespaces compute --logfile /dev/stdout +config_files: + - source: /var/lib/kolla/config_files/src/ceilometer.conf + dest: /etc/ceilometer/ceilometer.conf + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/polling.yaml + dest: /etc/ceilometer/polling.yaml + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/custom.conf + dest: /etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf + owner: ceilometer + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/ceilometer-host-specific.conf + dest: /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf + owner: ceilometer + perm: "0600" + optional: true diff --git a/roles/edpm_telemetry/templates/node_exporter.yaml.j2 b/roles/edpm_telemetry/files/node_exporter.yaml similarity index 100% rename from roles/edpm_telemetry/templates/node_exporter.yaml.j2 rename to roles/edpm_telemetry/files/node_exporter.yaml diff --git a/roles/edpm_telemetry/templates/podman_exporter.yaml.j2 b/roles/edpm_telemetry/files/podman_exporter.yaml similarity index 100% rename from roles/edpm_telemetry/templates/podman_exporter.yaml.j2 rename to roles/edpm_telemetry/files/podman_exporter.yaml diff --git a/roles/edpm_telemetry/molecule/default/verify.yml b/roles/edpm_telemetry/molecule/default/verify.yml index 7275ba06b..eeee24f9a 100644 --- a/roles/edpm_telemetry/molecule/default/verify.yml +++ b/roles/edpm_telemetry/molecule/default/verify.yml @@ -7,13 +7,13 @@ vars_files: - ../../defaults/main.yml tasks: - - name: ensure expected directories exist + - name: ensure expected config files exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - - "{{ edpm_telemetry_config_dest }}/ceilometer_agent_compute.json" - - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-compute.json" - "{{ edpm_telemetry_config_dest }}/ceilometer.conf" - "{{ edpm_telemetry_config_dest }}/polling.yaml" + - "{{ edpm_telemetry_config_dest }}/ceilometer-host-specific.conf" + - "{{ edpm_telemetry_config_dest }}/firewall.yaml" - name: ensure podman container exists and are running ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_podman.yaml" @@ -32,10 +32,10 @@ ansible.builtin.shell: | podman logs ceilometer_agent_compute 2>&1 | grep "{{item}}" > /dev/null loop: - - "Copying /var/lib/openstack/config/ceilometer.conf to /etc/ceilometer/ceilometer.conf" - - "Copying /var/lib/openstack/config/polling.yaml to /etc/ceilometer/polling.yaml" + - "Copying /var/lib/kolla/config_files/src/ceilometer.conf to /etc/ceilometer/ceilometer.conf" + - "Copying /var/lib/kolla/config_files/src/polling.yaml to /etc/ceilometer/polling.yaml" - "/usr/bin/ceilometer-polling --polling-namespaces compute --logfile /dev/stdout" - - "Copying /var/lib/openstack/config/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" + - "Copying /var/lib/kolla/config_files/src/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" - name: ensure that the correcty binary started with TLS become: true diff --git a/roles/edpm_telemetry/tasks/configure.yml b/roles/edpm_telemetry/tasks/configure.yml index 77d32b8c6..f1868245a 100644 --- a/roles/edpm_telemetry/tasks/configure.yml +++ b/roles/edpm_telemetry/tasks/configure.yml @@ -40,17 +40,6 @@ path: "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -- name: Render ceilometer config files - tags: - - edpm_telemetry - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item.dest }}" - setype: "container_file_t" - mode: "0644" - loop: - - {"src": "ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"} - - name: Ensure group libvirt always exists become: true ansible.builtin.group: @@ -103,17 +92,28 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat -- name: Render container config templates +- name: Render telemetry config files + tags: + - edpm_telemetry ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - mode: 0644 - with_fileglob: - - ../templates/*.j2 + src: "{{ item.src }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item.dest }}" + setype: "container_file_t" + mode: "0644" + loop: + - {"src": "config/ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"} + - {"src": "config/openstack_network_exporter.yaml.j2", "dest": "openstack_network_exporter.yaml"} vars: ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" +- name: Copy static config files + ansible.builtin.copy: + src: firewall.yaml + dest: "{{ edpm_telemetry_config_dest }}/firewall.yaml" + setype: "container_file_t" + mode: "0644" + - name: Configure tls if present when: - tls_crt_stat.stat.exists and tls_key_stat.stat.exists diff --git a/roles/edpm_telemetry/tasks/exporter.yml b/roles/edpm_telemetry/tasks/exporter.yml index d125d2718..61eaa3f82 100644 --- a/roles/edpm_telemetry/tasks/exporter.yml +++ b/roles/edpm_telemetry/tasks/exporter.yml @@ -10,17 +10,29 @@ mode: '0700' become: true +- name: Set cert existence facts for template + ansible.builtin.set_fact: + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" + +- name: Load container definition for exporter + ansible.builtin.set_fact: + _exporter_container_def: "{{ lookup('template', 'container_defs/{{ exporter }}.yaml.j2') | from_yaml }}" + +- name: Build container defs dict dynamically + ansible.builtin.set_fact: + _exporter_container_defs: "{{ {} | combine({(exporter | string): _exporter_container_def}) }}" + +- name: Build kolla config dict for exporters that need them + ansible.builtin.set_fact: + _exporter_kolla_config_dict: + ceilometer_agent_compute: "{{ lookup('file', 'files/kolla_config/ceilometer_agent_compute.yaml') | from_yaml }}" + when: exporter == 'ceilometer_agent_compute' + - name: Deploy exporter container ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: "{{ edpm_telemetry_config_dest }}" - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: "{{ exporter }}.json" - edpm_container_manage_clean_orphans: false - -- name: Restart exporter container - become: true - ansible.builtin.systemd: - state: restarted - name: "edpm_{{ exporter }}.service" + edpm_container_standalone_service: "{{ exporter }}" + edpm_container_standalone_container_defs: "{{ _exporter_container_defs }}" + edpm_container_standalone_kolla_config_files: "{{ _exporter_kolla_config_dict | default({}) }}" diff --git a/roles/edpm_telemetry/tasks/exporter_tls.yml b/roles/edpm_telemetry/tasks/exporter_tls.yml index 3d944fb94..768db85c5 100644 --- a/roles/edpm_telemetry/tasks/exporter_tls.yml +++ b/roles/edpm_telemetry/tasks/exporter_tls.yml @@ -1,7 +1,6 @@ --- - -- name: Create config file for exporter - ansible.builtin.template: +- name: Copy TLS config file for {{ exporter }} + ansible.builtin.copy: + src: "{{ exporter }}.yaml" dest: "{{ edpm_telemetry_config_dest }}/{{ exporter }}.yaml" - mode: "0644" - src: "{{ exporter }}.yaml.j2" + mode: 0644 diff --git a/roles/edpm_telemetry/tasks/install.yml b/roles/edpm_telemetry/tasks/install.yml index 500c9f790..53897f50c 100644 --- a/roles/edpm_telemetry/tasks/install.yml +++ b/roles/edpm_telemetry/tasks/install.yml @@ -14,6 +14,21 @@ # License for the specific language governing permissions and limitations # under the License. +- name: Determine if cacert file exists + ansible.builtin.stat: + path: "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem" + register: ca_bundle_stat_res + +- name: Check that tls.crt exists + ansible.builtin.stat: + path: "{{ edpm_telemetry_certs }}/tls.crt" + register: tls_crt_stat + +- name: Check that tls.key exists + ansible.builtin.stat: + path: "{{ edpm_telemetry_certs }}/tls.key" + register: tls_key_stat + - name: Create a directory for container health checks ansible.builtin.file: path: /var/lib/openstack/healthchecks diff --git a/roles/edpm_telemetry/tasks/post-install.yml b/roles/edpm_telemetry/tasks/post-install.yml index 32cf00043..f03b4663e 100644 --- a/roles/edpm_telemetry/tasks/post-install.yml +++ b/roles/edpm_telemetry/tasks/post-install.yml @@ -25,8 +25,8 @@ - name: Copy telemetry firewall config become: true - ansible.builtin.template: - src: "firewall.yaml.j2" + ansible.builtin.copy: + src: "firewall.yaml" dest: "/var/lib/edpm-config/firewall/telemetry.yaml" mode: "0640" diff --git a/roles/edpm_telemetry/tasks/update.yml b/roles/edpm_telemetry/tasks/update.yml index e7eadde31..e834502f0 100644 --- a/roles/edpm_telemetry/tasks/update.yml +++ b/roles/edpm_telemetry/tasks/update.yml @@ -1,4 +1,58 @@ --- +- name: Ensure new config directory exists + tags: + - update + - telemetry + become: true + ansible.builtin.file: + path: "{{ edpm_telemetry_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - telemetry + ansible.builtin.stat: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + register: edpm_telemetry_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - telemetry + become: true + when: + - edpm_telemetry_old_config_dir.stat.exists + - edpm_telemetry_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + file_type: file + recurse: true + register: edpm_telemetry_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item.path | regex_replace('^.*/config/' + edpm_telemetry_service_name + '/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_telemetry_old_config_files.files }}" + when: + - edpm_telemetry_old_config_files.files is defined + - edpm_telemetry_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + state: absent + - name: Check for openstack_network_exporter config ansible.builtin.stat: path: "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.json" @@ -23,14 +77,21 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat - - name: Render container config templates + - name: Render openstack_network_exporter config ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" + src: "config/openstack_network_exporter.yaml.j2" + dest: "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.yaml" mode: 0644 - with_items: - - ../templates/openstack_network_exporter.json.j2 - - ../templates/openstack_network_exporter.yaml.j2 vars: ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" + + - name: Deploy openstack_network_exporter container + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: "openstack_network_exporter" + edpm_container_standalone_container_defs: + openstack_network_exporter: "{{ lookup('template', 'container_defs/openstack_network_exporter.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" diff --git a/roles/edpm_telemetry/templates/ceilometer-agent-compute.json.j2 b/roles/edpm_telemetry/templates/ceilometer-agent-compute.json.j2 deleted file mode 100644 index 62ba12019..000000000 --- a/roles/edpm_telemetry/templates/ceilometer-agent-compute.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "command": "/usr/bin/ceilometer-polling --polling-namespaces compute --logfile /dev/stdout", - "config_files": [ - { - "source": "/var/lib/openstack/config/ceilometer.conf", - "dest": "/etc/ceilometer/ceilometer.conf", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/polling.yaml", - "dest": "/etc/ceilometer/polling.yaml", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/custom.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/openstack/config/ceilometer-host-specific.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - } - ] - } diff --git a/roles/edpm_telemetry/templates/ceilometer_agent_compute.json.j2 b/roles/edpm_telemetry/templates/ceilometer_agent_compute.json.j2 deleted file mode 100644 index e1d90e122..000000000 --- a/roles/edpm_telemetry/templates/ceilometer_agent_compute.json.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{ - "image": "{{ edpm_telemetry_ceilometer_compute_image }}", - "user": "ceilometer", - "restart": "always", - "command": "kolla_start", - "security_opt": "label:type:ceilometer_polling_t", - "net": "host", - "environment": { - "KOLLA_CONFIG_STRATEGY":"COPY_ALWAYS", - "OS_ENDPOINT_TYPE":"internal" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck compute", - "mount": "/var/lib/openstack/healthchecks/ceilometer_agent_compute" - }, -{% endif %} - "volumes": [ - "{{ edpm_telemetry_config_dest }}:/var/lib/openstack/config/:z", - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:z", - "/run/libvirt:/run/libvirt:shared,ro", - "/etc/hosts:/etc/hosts:ro", - "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", - "/etc/localtime:/etc/localtime:ro", - "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", -{% if ca_bundle_exists|bool %} - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% endif %} -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z", - {% endif %} - "/dev/log:/dev/log" - ] -} diff --git a/roles/edpm_telemetry/templates/ceilometer-host-specific.conf.j2 b/roles/edpm_telemetry/templates/config/ceilometer-host-specific.conf.j2 similarity index 100% rename from roles/edpm_telemetry/templates/ceilometer-host-specific.conf.j2 rename to roles/edpm_telemetry/templates/config/ceilometer-host-specific.conf.j2 diff --git a/roles/edpm_telemetry/templates/openstack_network_exporter.yaml.j2 b/roles/edpm_telemetry/templates/config/openstack_network_exporter.yaml.j2 similarity index 100% rename from roles/edpm_telemetry/templates/openstack_network_exporter.yaml.j2 rename to roles/edpm_telemetry/templates/config/openstack_network_exporter.yaml.j2 diff --git a/roles/edpm_telemetry/templates/container_defs/ceilometer_agent_compute.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/ceilometer_agent_compute.yaml.j2 new file mode 100644 index 000000000..221c9d8e5 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/ceilometer_agent_compute.yaml.j2 @@ -0,0 +1,30 @@ +image: {{ edpm_telemetry_ceilometer_compute_image }} +user: ceilometer +restart: always +command: kolla_start +security_opt: label:type:ceilometer_polling_t +net: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + OS_ENDPOINT_TYPE: internal +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck compute + mount: /var/lib/openstack/healthchecks/ceilometer_agent_compute +{% endif %} +volumes: + - "{{ edpm_telemetry_config_dest }}:/var/lib/kolla/config_files/src:z" + - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:z + - /run/libvirt:/run/libvirt:shared,ro + - /etc/hosts:/etc/hosts:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/localtime:/etc/localtime:ro + - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro +{% if ca_bundle_exists|bool %} + - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z" +{% endif %} + - /dev/log:/dev/log diff --git a/roles/edpm_telemetry/templates/container_defs/node_exporter.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/node_exporter.yaml.j2 new file mode 100644 index 000000000..ba6c3f9d3 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/node_exporter.yaml.j2 @@ -0,0 +1,42 @@ +image: {{ edpm_telemetry_node_exporter_image }} +restart: always +recreate: true +user: root +privileged: true +ports: + - "9100:9100" +command: +{% if tls_cert_exists|bool %} + - --web.config.file=/etc/node_exporter/node_exporter.yaml +{% endif %} + - --web.disable-exporter-metrics + - --collector.systemd + - --collector.systemd.unit-include=(edpm_.*|ovs.*|openvswitch|virt.*|rsyslog)\\.service + - --no-collector.dmi + - --no-collector.entropy + - --no-collector.thermal_zone + - --no-collector.time + - --no-collector.timex + - --no-collector.uname + - --no-collector.stat + - --no-collector.hwmon + - --no-collector.os + - --no-collector.selinux + - --no-collector.textfile + - --no-collector.powersupplyclass + - --no-collector.pressure + - --no-collector.rapl +net: host +environment: + OS_ENDPOINT_TYPE: internal +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck node_exporter + mount: /var/lib/openstack/healthchecks/node_exporter +{% endif %} +volumes: +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/node_exporter.yaml:/etc/node_exporter/node_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/node_exporter/tls:z" +{% endif %} + - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw diff --git a/roles/edpm_telemetry/templates/container_defs/openstack_network_exporter.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/openstack_network_exporter.yaml.j2 new file mode 100644 index 000000000..60d7c2b21 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/openstack_network_exporter.yaml.j2 @@ -0,0 +1,26 @@ +image: {{ edpm_telemetry_openstack_network_exporter_image }} +restart: always +recreate: true +privileged: true +ports: + - "9105:9105" +command: [] +net: host +environment: + OS_ENDPOINT_TYPE: internal + OPENSTACK_NETWORK_EXPORTER_YAML: /etc/openstack_network_exporter/openstack_network_exporter.yaml +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck openstack-netwo + mount: /var/lib/openstack/healthchecks/openstack_network_exporter +{% endif %} +volumes: + - "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.yaml:/etc/openstack_network_exporter/openstack_network_exporter.yaml:z" +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_certs }}:/etc/openstack_network_exporter/tls:z" +{% endif %} +{% if telemetry_test is not defined or not telemetry_test | bool %} + - /var/run/openvswitch:/run/openvswitch:rw,z + - /var/lib/openvswitch/ovn:/run/ovn:rw,z +{% endif %} + - /proc:/host/proc:ro diff --git a/roles/edpm_telemetry/templates/container_defs/podman_exporter.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/podman_exporter.yaml.j2 new file mode 100644 index 000000000..a30308985 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/podman_exporter.yaml.j2 @@ -0,0 +1,26 @@ +image: {{ edpm_telemetry_podman_exporter_image }} +restart: always +recreate: true +user: root +privileged: true +ports: + - "9882:9882" +net: host +{% if tls_cert_exists|bool %} +command: + - --web.config.file=/etc/podman_exporter/podman_exporter.yaml +{% endif %} +environment: + OS_ENDPOINT_TYPE: internal + CONTAINER_HOST: unix:///run/podman/podman.sock +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck podman_exporter + mount: /var/lib/openstack/healthchecks/podman_exporter +{% endif %} +volumes: +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/podman_exporter.yaml:/etc/podman_exporter/podman_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/podman_exporter/tls:z" +{% endif %} + - /run/podman/podman.sock:/run/podman/podman.sock:rw,z diff --git a/roles/edpm_telemetry/templates/node_exporter.json.j2 b/roles/edpm_telemetry/templates/node_exporter.json.j2 deleted file mode 100644 index 9b13922fb..000000000 --- a/roles/edpm_telemetry/templates/node_exporter.json.j2 +++ /dev/null @@ -1,47 +0,0 @@ -{ - "image": "{{ edpm_telemetry_node_exporter_image }}", - "restart": "always", - "recreate": true, - "user": "root", - "privileged": true, - "ports": ["9100:9100"], - "command": [ -{% if tls_cert_exists|bool %} - "--web.config.file=/etc/node_exporter/node_exporter.yaml", -{% endif %} - "--web.disable-exporter-metrics", - "--collector.systemd", - "--collector.systemd.unit-include=(edpm_.*|ovs.*|openvswitch|virt.*|rsyslog)\\.service", - "--no-collector.dmi", - "--no-collector.entropy", - "--no-collector.thermal_zone", - "--no-collector.time", - "--no-collector.timex", - "--no-collector.uname", - "--no-collector.stat", - "--no-collector.hwmon", - "--no-collector.os", - "--no-collector.selinux", - "--no-collector.textfile", - "--no-collector.powersupplyclass", - "--no-collector.pressure", - "--no-collector.rapl" - ], - "net": "host", - "environment": { - "OS_ENDPOINT_TYPE":"internal" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck node_exporter", - "mount": "/var/lib/openstack/healthchecks/node_exporter" - }, -{% endif %} - "volumes": [ -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/node_exporter.yaml:/etc/node_exporter/node_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/node_exporter/tls:z", -{% endif %} - "/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw" - ] -} diff --git a/roles/edpm_telemetry/templates/openstack_network_exporter.json.j2 b/roles/edpm_telemetry/templates/openstack_network_exporter.json.j2 deleted file mode 100644 index f999a0e0b..000000000 --- a/roles/edpm_telemetry/templates/openstack_network_exporter.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "image": "{{ edpm_telemetry_openstack_network_exporter_image }}", - "restart": "always", - "recreate": true, - "privileged": true, - "ports": ["9105:9105"], - "command": [], - "net": "host", - "environment": { - "OS_ENDPOINT_TYPE":"internal", - "OPENSTACK_NETWORK_EXPORTER_YAML":"/etc/openstack_network_exporter/openstack_network_exporter.yaml" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck openstack-netwo", - "mount": "/var/lib/openstack/healthchecks/openstack_network_exporter" - }, -{% endif %} - "volumes": [ - "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.yaml:/etc/openstack_network_exporter/openstack_network_exporter.yaml:z", -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_certs }}:/etc/openstack_network_exporter/tls:z", -{% endif %} -{% if telemetry_test is not defined or not telemetry_test | bool %} - "/var/run/openvswitch:/run/openvswitch:rw,z", - "/var/lib/openvswitch/ovn:/run/ovn:rw,z", -{% endif %} - "/proc:/host/proc:ro" - ] -} diff --git a/roles/edpm_telemetry/templates/podman_exporter.json.j2 b/roles/edpm_telemetry/templates/podman_exporter.json.j2 deleted file mode 100644 index 63226d17a..000000000 --- a/roles/edpm_telemetry/templates/podman_exporter.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "image": "{{ edpm_telemetry_podman_exporter_image }}", - "restart": "always", - "recreate": true, - "user": "root", - "privileged": true, - "ports": ["9882:9882"], - "net": "host", -{% if tls_cert_exists|bool %} - "command": [ - "--web.config.file=/etc/podman_exporter/podman_exporter.yaml" - ], -{% endif %} - "environment": { - "OS_ENDPOINT_TYPE": "internal", - "CONTAINER_HOST": "unix:///run/podman/podman.sock" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck podman_exporter", - "mount": "/var/lib/openstack/healthchecks/podman_exporter" - }, -{% endif %} - "volumes": [ -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/podman_exporter.yaml:/etc/podman_exporter/podman_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/podman_exporter/tls:z", -{% endif %} - "/run/podman/podman.sock:/run/podman/podman.sock:rw,z" - ] -} diff --git a/roles/edpm_telemetry_power_monitoring/defaults/main.yml b/roles/edpm_telemetry_power_monitoring/defaults/main.yml index ad3a1a16e..b57028367 100644 --- a/roles/edpm_telemetry_power_monitoring/defaults/main.yml +++ b/roles/edpm_telemetry_power_monitoring/defaults/main.yml @@ -21,7 +21,7 @@ edpm_telemetry_service_name: telemetry-power-monitoring # Directory in the ansibleEE container edpm_telemetry_config_src: "/var/lib/openstack/configs/{{ edpm_telemetry_service_name }}" # Directory in the compute node -edpm_telemetry_config_dest: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" +edpm_telemetry_config_dest: "/var/lib/openstack/{{ edpm_telemetry_service_name }}" # Image to use for Ceilometer Ipmi edpm_telemetry_ceilometer_ipmi_image: quay.io/podified-antelope-centos9/openstack-ceilometer-ipmi:current-podified # Certificates location for tls encryption diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_prom_exporter.yaml.j2 b/roles/edpm_telemetry_power_monitoring/files/ceilometer_prom_exporter.yaml similarity index 100% rename from roles/edpm_telemetry_power_monitoring/templates/ceilometer_prom_exporter.yaml.j2 rename to roles/edpm_telemetry_power_monitoring/files/ceilometer_prom_exporter.yaml diff --git a/roles/edpm_telemetry_power_monitoring/templates/firewall.yaml.j2 b/roles/edpm_telemetry_power_monitoring/files/firewall.yaml similarity index 100% rename from roles/edpm_telemetry_power_monitoring/templates/firewall.yaml.j2 rename to roles/edpm_telemetry_power_monitoring/files/firewall.yaml diff --git a/roles/edpm_telemetry_power_monitoring/files/kolla_config/ceilometer_agent_ipmi.yaml b/roles/edpm_telemetry_power_monitoring/files/kolla_config/ceilometer_agent_ipmi.yaml new file mode 100644 index 000000000..b221e95ef --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/files/kolla_config/ceilometer_agent_ipmi.yaml @@ -0,0 +1,20 @@ +command: /usr/bin/ceilometer-polling --polling-namespaces ipmi --logfile /dev/stdout +config_files: + - source: /var/lib/kolla/config_files/src/ceilometer.conf + dest: /etc/ceilometer/ceilometer.conf + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/polling.yaml + dest: /etc/ceilometer/polling.yaml + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/custom.conf + dest: /etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf + owner: ceilometer + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/ceilometer-host-specific.conf + dest: /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf + owner: ceilometer + perm: "0600" + optional: true diff --git a/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml b/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml index 85a2aca80..c966f57c3 100644 --- a/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml +++ b/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml @@ -21,13 +21,13 @@ vars_files: - ../../defaults/main.yml tasks: - - name: ensure expected directories exist + - name: ensure expected config files exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - - "{{ edpm_telemetry_config_dest }}/ceilometer_agent_ipmi.json" - - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-ipmi.json" - "{{ edpm_telemetry_config_dest }}/ceilometer.conf" - "{{ edpm_telemetry_config_dest }}/polling.yaml" + - "{{ edpm_telemetry_config_dest }}/ceilometer-host-specific.conf" + - "{{ edpm_telemetry_config_dest }}/firewall.yaml" - name: ensure podman container exists and are running ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_podman.yaml" @@ -46,10 +46,10 @@ ansible.builtin.shell: | podman logs ceilometer_agent_ipmi 2>&1 | grep "{{item}}" > /dev/null loop: - - "Copying /var/lib/openstack/config/ceilometer.conf to /etc/ceilometer/ceilometer.conf" - - "Copying /var/lib/openstack/config/polling.yaml to /etc/ceilometer/polling.yaml" + - "Copying /var/lib/kolla/config_files/src/ceilometer.conf to /etc/ceilometer/ceilometer.conf" + - "Copying /var/lib/kolla/config_files/src/polling.yaml to /etc/ceilometer/polling.yaml" - "/usr/bin/ceilometer-polling --polling-namespaces ipmi --logfile /dev/stdout" - - "Copying /var/lib/openstack/config/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" + - "Copying /var/lib/kolla/config_files/src/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" - name: ensure firewall is configured ansible.builtin.include_tasks: "test-helpers/kepler.yaml" diff --git a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml index 3b5a8c587..5e636f76c 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml @@ -41,16 +41,23 @@ path: "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -- name: Render ceilometer config files +- name: Render ceilometer config template tags: - edpm_telemetry_power_monitoring ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item.dest }}" + src: "config/ceilometer-host-specific.conf.j2" + dest: "{{ edpm_telemetry_config_dest }}/ceilometer-host-specific.conf" + setype: "container_file_t" + mode: "0644" + +- name: Copy static config files + tags: + - edpm_telemetry_power_monitoring + ansible.builtin.copy: + src: firewall.yaml + dest: "{{ edpm_telemetry_config_dest }}/firewall.yaml" setype: "container_file_t" mode: "0644" - loop: - - {"src": "ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"} - name: Configure ceilometer user and group on the host ansible.builtin.import_role: @@ -77,7 +84,7 @@ - name: Append custom.conf to config files ansible.builtin.set_fact: - configs: "{{ configs + [{ 'src': edpm_telemetry_config_src + '/custom.conf', 'dest': edpm_telemetry_config_dest + '/custom.conf' }] }}" + configs: "{{ configs + [{'src': edpm_telemetry_config_src + '/custom.conf', 'dest': edpm_telemetry_config_dest + '/custom.conf'}] }}" when: custom_ceilometer_conf.stat.exists - name: Copy generated ceilometer configs @@ -98,28 +105,16 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat -- name: Render container config templates - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - mode: 0644 - with_fileglob: - - ../templates/*.j2 - vars: - ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" - name: Configure tls if present when: - tls_crt_stat.stat.exists and tls_key_stat.stat.exists block: - - name: Create config file for exporters - ansible.builtin.include_tasks: - file: exporter_tls.yml - loop: - - ceilometer_prom_exporter - loop_control: - loop_var: exporter + - name: Copy TLS config for ceilometer_prom_exporter + ansible.builtin.copy: + src: ceilometer_prom_exporter.yaml + dest: "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml" + mode: 0644 - name: Change the owner of the crt become: true diff --git a/roles/edpm_telemetry_power_monitoring/tasks/exporter_tls.yml b/roles/edpm_telemetry_power_monitoring/tasks/exporter_tls.yml deleted file mode 100644 index 424a2f4fe..000000000 --- a/roles/edpm_telemetry_power_monitoring/tasks/exporter_tls.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Create config file for exporter - ansible.builtin.template: - dest: "{{ edpm_telemetry_config_dest }}/{{ exporter }}.yaml" - mode: "0644" - src: "{{ exporter }}.yaml.j2" diff --git a/roles/edpm_telemetry_power_monitoring/tasks/install.yml b/roles/edpm_telemetry_power_monitoring/tasks/install.yml index f8d7a6fd5..8a04973e4 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/install.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/install.yml @@ -35,23 +35,27 @@ become: true loop: "{{ edpm_telemetry_power_monitoring_healthcheck_sources | dict2items }}" -- name: Deploy ceilometer containers +- name: Deploy ceilometer ipmi container ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: "{{ edpm_telemetry_config_dest }}" - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: "ceilometer_agent_ipmi.json" - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "ceilometer_agent_ipmi" + edpm_container_standalone_container_defs: + ceilometer_agent_ipmi: "{{ lookup('template', 'container_defs/ceilometer_agent_ipmi.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + ceilometer_agent_ipmi: "{{ lookup('file', 'files/kolla_config/ceilometer_agent_ipmi.yaml') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" - name: Deploy Kepler container ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: "{{ edpm_telemetry_config_dest }}" - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: "kepler.json" - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "kepler" + edpm_container_standalone_container_defs: + kepler: "{{ lookup('template', 'container_defs/kepler.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" - name: Restart ceilometer ipmi become: true diff --git a/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml b/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml index 914b3e21c..bc193af66 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml @@ -10,8 +10,8 @@ - name: Copy kepler firewall config become: true - ansible.builtin.template: - src: "firewall.yaml.j2" + ansible.builtin.copy: + src: "firewall.yaml" dest: "/var/lib/edpm-config/firewall/kepler.yaml" mode: "0640" diff --git a/roles/edpm_telemetry_power_monitoring/tasks/update.yml b/roles/edpm_telemetry_power_monitoring/tasks/update.yml new file mode 100644 index 000000000..5cff47d0c --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/tasks/update.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - telemetry_power_monitoring + become: true + ansible.builtin.file: + path: "{{ edpm_telemetry_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - telemetry_power_monitoring + ansible.builtin.stat: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + register: edpm_telemetry_power_monitoring_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - telemetry_power_monitoring + become: true + when: + - edpm_telemetry_power_monitoring_old_config_dir.stat.exists + - edpm_telemetry_power_monitoring_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + file_type: file + recurse: true + register: edpm_telemetry_power_monitoring_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item.path | regex_replace('^.*/config/' + edpm_telemetry_service_name + '/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_telemetry_power_monitoring_old_config_files.files }}" + when: + - edpm_telemetry_power_monitoring_old_config_files.files is defined + - edpm_telemetry_power_monitoring_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + state: absent diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer-agent-ipmi.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/ceilometer-agent-ipmi.json.j2 deleted file mode 100644 index f302de56c..000000000 --- a/roles/edpm_telemetry_power_monitoring/templates/ceilometer-agent-ipmi.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "command": "/usr/bin/ceilometer-polling --polling-namespaces ipmi --logfile /dev/stdout", - "config_files": [ - { - "source": "/var/lib/openstack/config/ceilometer.conf", - "dest": "/etc/ceilometer/ceilometer.conf", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/polling.yaml", - "dest": "/etc/ceilometer/polling.yaml", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/custom.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/openstack/config/ceilometer-host-specific.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - } - ] - } diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 deleted file mode 100644 index b372dfc8f..000000000 --- a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{ - "image": "{{ edpm_telemetry_ceilometer_ipmi_image }}", - "user": "ceilometer", - "restart": "always", - "command": "kolla_start", - "security_opt": "label:type:ceilometer_polling_t", - "privileged": "true", - "net": "host", - "environment": { - "KOLLA_CONFIG_STRATEGY":"COPY_ALWAYS", - "OS_ENDPOINT_TYPE":"internal" - }, -{% if edpm_telemetry_power_monitoring_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck ipmi", - "mount": "/var/lib/openstack/healthchecks/ceilometer_agent_ipmi" - }, -{% endif %} - "volumes": [ - "{{ edpm_telemetry_config_dest }}:/var/lib/openstack/config/:z", - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:z", - "/etc/hosts:/etc/hosts:ro", - "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", - "/etc/localtime:/etc/localtime:ro", - "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", -{% if ca_bundle_exists|bool %} - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% endif %} -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z", - {% endif %} - "/dev/log:/dev/log" - ] -} diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer-host-specific.conf.j2 b/roles/edpm_telemetry_power_monitoring/templates/config/ceilometer-host-specific.conf.j2 similarity index 100% rename from roles/edpm_telemetry_power_monitoring/templates/ceilometer-host-specific.conf.j2 rename to roles/edpm_telemetry_power_monitoring/templates/config/ceilometer-host-specific.conf.j2 diff --git a/roles/edpm_telemetry_power_monitoring/templates/container_defs/ceilometer_agent_ipmi.yaml.j2 b/roles/edpm_telemetry_power_monitoring/templates/container_defs/ceilometer_agent_ipmi.yaml.j2 new file mode 100644 index 000000000..c3e917f6a --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/templates/container_defs/ceilometer_agent_ipmi.yaml.j2 @@ -0,0 +1,30 @@ +image: "{{ edpm_telemetry_ceilometer_ipmi_image }}" +user: ceilometer +restart: always +command: kolla_start +security_opt: label:type:ceilometer_polling_t +privileged: true +net: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + OS_ENDPOINT_TYPE: internal +{% if edpm_telemetry_power_monitoring_healthcheck %} +healthcheck: + test: /openstack/healthcheck ipmi + mount: /var/lib/openstack/healthchecks/ceilometer_agent_ipmi +{% endif %} +volumes: + - "{{ edpm_telemetry_config_dest }}:/var/lib/kolla/config_files/src:z" + - /var/lib/kolla/config_files/ceilometer_agent_ipmi.json:/var/lib/kolla/config_files/config.json:z + - /etc/hosts:/etc/hosts:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/localtime:/etc/localtime:ro + - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro +{% if ca_bundle_exists|bool %} + - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z" +{% endif %} + - /dev/log:/dev/log diff --git a/roles/edpm_telemetry_power_monitoring/templates/container_defs/kepler.yaml.j2 b/roles/edpm_telemetry_power_monitoring/templates/container_defs/kepler.yaml.j2 new file mode 100644 index 000000000..fe5645ec3 --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/templates/container_defs/kepler.yaml.j2 @@ -0,0 +1,25 @@ +image: "{{ edpm_telemetry_kepler_image }}" +privileged: true +restart: always +ports: + - 8888:8888 +net: host +command: -v=2 +recreate: true +environment: + ENABLE_GPU: "true" + EXPOSE_CONTAINER_METRICS: "true" + ENABLE_PROCESS_METRICS: "true" + EXPOSE_VM_METRICS: "true" + EXPOSE_ESTIMATED_IDLE_POWER_METRICS: "false" + LIBVIRT_METADATA_URI: http://openstack.org/xmlns/libvirt/nova/1.1 +{% if edpm_telemetry_power_monitoring_healthcheck %} +healthcheck: + test: /openstack/healthcheck kepler + mount: /var/lib/openstack/healthchecks/kepler +{% endif %} +volumes: + - /lib/modules:/lib/modules:ro + - /run/libvirt:/run/libvirt:shared,ro + - /sys:/sys + - /proc:/proc diff --git a/roles/edpm_telemetry_power_monitoring/templates/kepler.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/kepler.json.j2 deleted file mode 100644 index 603058d50..000000000 --- a/roles/edpm_telemetry_power_monitoring/templates/kepler.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "image": "{{ edpm_telemetry_kepler_image }}", - "privileged": "true", - "restart": "always", - "ports": ["8888:8888"], - "net": "host", - "command": "-v=2", - "recreate": true, - "environment": { - "ENABLE_GPU": "true", - "EXPOSE_CONTAINER_METRICS": "true", - "ENABLE_PROCESS_METRICS": "true", - "EXPOSE_VM_METRICS": "true", - "EXPOSE_ESTIMATED_IDLE_POWER_METRICS": "false", - "LIBVIRT_METADATA_URI": "http://openstack.org/xmlns/libvirt/nova/1.1" - }, -{% if edpm_telemetry_power_monitoring_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck kepler", - "mount": "/var/lib/openstack/healthchecks/kepler" - }, -{% endif %} - "volumes": [ - "/lib/modules:/lib/modules:ro", - "/run/libvirt:/run/libvirt:shared,ro", - "/sys:/sys", - "/proc:/proc" - ] -} diff --git a/roles/edpm_update/tasks/containers.yml b/roles/edpm_update/tasks/containers.yml index ea4dc0b57..81bbce98d 100644 --- a/roles/edpm_update/tasks/containers.yml +++ b/roles/edpm_update/tasks/containers.yml @@ -33,6 +33,15 @@ - edpm_update when: '"ovn" in edpm_update_running_services' +- name: Apply updates for edpm_frr role + ansible.builtin.include_role: + name: osp.edpm.edpm_frr + tasks_from: update.yml + tags: + - edpm_frr + - edpm_update + when: '"frr" in edpm_update_running_services' + - name: Updates containers for edpm_frr role ansible.builtin.include_role: name: osp.edpm.edpm_frr @@ -44,6 +53,15 @@ - edpm_update when: '"frr" in edpm_update_running_services' +- name: Apply updates for edpm_ovn_bgp_agent role + ansible.builtin.include_role: + name: osp.edpm.edpm_ovn_bgp_agent + tasks_from: update.yml + tags: + - edpm_ovn_bgp_agent + - edpm_update + when: '"ovn-bgp-agent" in edpm_update_running_services' + - name: Updates containers for edpm_ovn_bgp_agent role ansible.builtin.include_role: name: osp.edpm.edpm_ovn_bgp_agent @@ -55,6 +73,15 @@ - edpm_update when: '"ovn-bgp-agent" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_metadata role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_metadata + tasks_from: update.yml + tags: + - edpm_neutron_metadata + - edpm_update + when: '"neutron-metadata" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_metadata role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_metadata @@ -66,6 +93,15 @@ - edpm_update when: '"neutron-metadata" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_ovn role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_ovn + tasks_from: update.yml + tags: + - edpm_neutron_ovn + - edpm_update + when: '"neutron-ovn" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_ovn role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_ovn @@ -109,6 +145,15 @@ - edpm_update when: '"nova" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_sriov role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_sriov + tasks_from: update.yml + tags: + - edpm_neutron_sriov + - edpm_update + when: '"neutron-sriov" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_sriov role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_sriov @@ -120,6 +165,15 @@ - edpm_update when: '"neutron-sriov" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_dhcp role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_dhcp + tasks_from: update.yml + tags: + - edpm_neutron_dhcp + - edpm_update + when: '"neutron-dhcp" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_dhcp role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_dhcp diff --git a/roles/edpm_update_services/tasks/containers.yml b/roles/edpm_update_services/tasks/containers.yml index dd5ce969e..1838d71ea 100644 --- a/roles/edpm_update_services/tasks/containers.yml +++ b/roles/edpm_update_services/tasks/containers.yml @@ -33,6 +33,15 @@ - edpm_update_services when: '"ovn" in edpm_update_services_running_services' +- name: Apply updates for edpm_frr role + ansible.builtin.include_role: + name: osp.edpm.edpm_frr + tasks_from: update.yml + tags: + - edpm_frr + - edpm_update_services + when: '"frr" in edpm_update_services_running_services' + - name: Updates containers for edpm_frr role ansible.builtin.include_role: name: osp.edpm.edpm_frr @@ -44,6 +53,15 @@ - edpm_update_services when: '"frr" in edpm_update_services_running_services' +- name: Apply updates for edpm_ovn_bgp_agent role + ansible.builtin.include_role: + name: osp.edpm.edpm_ovn_bgp_agent + tasks_from: update.yml + tags: + - edpm_ovn_bgp_agent + - edpm_update_services + when: '"ovn-bgp-agent" in edpm_update_services_running_services' + - name: Updates containers for edpm_ovn_bgp_agent role ansible.builtin.include_role: name: osp.edpm.edpm_ovn_bgp_agent @@ -55,6 +73,15 @@ - edpm_update_services when: '"ovn-bgp-agent" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_metadata role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_metadata + tasks_from: update.yml + tags: + - edpm_neutron_metadata + - edpm_update_services + when: '"neutron-metadata" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_metadata role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_metadata @@ -66,6 +93,15 @@ - edpm_update_services when: '"neutron-metadata" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_ovn role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_ovn + tasks_from: update.yml + tags: + - edpm_neutron_ovn + - edpm_update_services + when: '"neutron-ovn" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_ovn role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_ovn @@ -109,6 +145,15 @@ - edpm_update_services when: '"nova" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_sriov role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_sriov + tasks_from: update.yml + tags: + - edpm_neutron_sriov + - edpm_update_services + when: '"neutron-sriov" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_sriov role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_sriov @@ -120,6 +165,15 @@ - edpm_update_services when: '"neutron-sriov" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_dhcp role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_dhcp + tasks_from: update.yml + tags: + - edpm_neutron_dhcp + - edpm_update_services + when: '"neutron-dhcp" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_dhcp role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_dhcp diff --git a/tests/test_nova_statedir_ownership.py b/tests/test_nova_statedir_ownership.py index 8eee891bc..ecc042781 100644 --- a/tests/test_nova_statedir_ownership.py +++ b/tests/test_nova_statedir_ownership.py @@ -34,7 +34,7 @@ def lsetfilecon(path, context): pass -sys.path.append('roles/edpm_nova/templates') +sys.path.append('roles/edpm_nova/files/') sys.modules["selinux"] = FakeSelinux from nova_statedir_ownership import get_exclude_paths # noqa: E402