Make config directories consistent across services

plugins/modules/container_config_hash.py

@@ -55,7 +55,7 @@
     description:
       - Config volume prefix
     type: str
-    default: '/var/lib/config-data'
+    default: '/var/lib/openstack'
 """
 
 EXAMPLES = """

plugins/modules/edpm_nftables_from_files.py

@@ -50,7 +50,7 @@
 - name: Get nftables rules
   register: edpm_nftables_rules
   edpm_nftables_from_files:
-    src: /var/lib/edpm-config/firewall
+    src: /var/lib/openstack/firewall
 """
 
 RETURN = """

plugins/modules/edpm_nftables_snippet.py

@@ -58,7 +58,7 @@
 EXAMPLES = """
 - name: Inject snippet for CI
   edpm_nftables_snippet:
-    dest: /var/lib/edpm-config/firewall/ci-rules.yaml
+    dest: /var/lib/openstack/firewall/ci-rules.yaml
     content: |
       - rule_name: 010 Allow SSH from everywhere
         rule:

roles/edpm_container_quadlet/tasks/main.yml

@@ -43,7 +43,7 @@
 - name: "Render container definitions: [{{ edpm_container_quadlet_service }} ]"
   become: true
   ansible.builtin.template:
-    src: "templates/service-quadlet-template.yaml.j2"
+    src: "service-quadlet-template.yaml.j2"
     dest: "{{ edpm_container_quadlet_systemd_config_dir }}/{{ edpm_container_quadlet_service }}.yaml"
     mode: "0644"
   # NOTE(tkajinam): Some containers can contain secrets in their environments.

roles/edpm_derive_pci_device_spec/defaults/main.yml

@@ -19,7 +19,7 @@
 # All variables within this role should have a prefix of "edpm_derive_pci_device_spec"
 
 # Defaults for PCI derive script (nic-partitioning is enabled)
-edpm_derive_pci_device_spec_conf_dir: '/var/lib/config-data/ansible-generated/derive_devicespec'
+edpm_derive_pci_device_spec_conf_dir: '/var/lib/openstack/derive_devicespec'
 
 edpm_derive_sriov_device_spec_list: ''
 edpm_derive_pci_device_spec_conf_file: 20-sriov-device-spec.conf

roles/edpm_frr/defaults/main.yml

@@ -54,7 +54,7 @@ edpm_frr_bgp_peers: []
 edpm_frr_bgp_asn: 64999
 edpm_frr_bgp_uplinks: []
 edpm_frr_bgp_uplinks_scope: internal
-edpm_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr"
+edpm_frr_config_basedir: "/var/lib/openstack/frr"
 edpm_frr_defaults: traditional
 edpm_frr_hostname: "{{ ansible_facts['hostname'] | default('') }}"
 edpm_frr_log_level: informational

roles/edpm_frr/meta/argument_specs.yml

@@ -135,7 +135,7 @@ argument_specs:
         description: ''
         type: str
       edpm_frr_config_basedir:
-        default: /var/lib/config-data/ansible-generated/frr
+        default: /var/lib/openstack/frr
         description: Path to FRR configuration directory.
         type: path
       edpm_frr_defaults:
@@ -181,7 +181,7 @@ argument_specs:
           - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
           - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
           - /var/lib/kolla/config_files/frr.json:/var/lib/kolla/config_files/config.json:ro
-          - /var/lib/config-data/ansible-generated/frr:/var/lib/kolla/config_files/src:ro
+          - /var/lib/openstack/frr:/var/lib/kolla/config_files/src:ro
           - /run/frr:/run/frr:shared,z
         description: List of FRR volumes in a mountpoint form.
         type: list

roles/edpm_frr/molecule/default/verify.yml

@@ -9,9 +9,9 @@
       ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml"
       loop:
         - "/var/lib/edpm-config/container-startup-config/frr"
-        - "/var/lib/config-data/ansible-generated/frr"
+        - "/var/lib/openstack/frr"
         - "/etc/tmpfiles.d/"
-        - "/var/lib/config-data/ansible-generated/frr/etc/frr"
+        - "/var/lib/openstack/frr/etc/frr"
 
     - name: ensure that /etc/tmpfiles.d/run-frr.conf file for frr exist
       become: true
@@ -26,31 +26,31 @@
               - check_frr_file.stat.exists
             fail_msg: "File /etc/tmpfiles.d/run-frr.conf does not exist"
 
-    - name: ensure that /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf file exist
+    - name: ensure that /var/lib/openstack/frr/etc/frr/frr.conf file exist
       become: true
       block:
-        - name: Check if file /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf exist
+        - name: Check if file /var/lib/openstack/frr/etc/frr/frr.conf exist
           ansible.builtin.stat:
-            path: /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf
+            path: /var/lib/openstack/frr/etc/frr/frr.conf
           register: check_frr_conf_file
-        - name: Assert file /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf exist
+        - name: Assert file /var/lib/openstack/frr/etc/frr/frr.conf exist
           ansible.builtin.assert:
             that:
               - check_frr_conf_file.stat.exists
-            fail_msg: "File /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf does not exist"
+            fail_msg: "File /var/lib/openstack/frr/etc/frr/frr.conf does not exist"
 
-    - name: ensure that /var/lib/config-data/ansible-generated/frr/etc/frr/daemons file exist
+    - name: ensure that /var/lib/openstack/frr/etc/frr/daemons file exist
       become: true
       block:
-        - name: Check if file /var/lib/config-data/ansible-generated/frr/etc/frr/daemons exist
+        - name: Check if file /var/lib/openstack/frr/etc/frr/daemons exist
           ansible.builtin.stat:
-            path: /var/lib/config-data/ansible-generated/frr/etc/frr/daemons
+            path: /var/lib/openstack/frr/etc/frr/daemons
           register: check_frr_daemons_file
-        - name: Assert file /var/lib/config-data/ansible-generated/frr/etc/frr/daemons exist
+        - name: Assert file /var/lib/openstack/frr/etc/frr/daemons exist
           ansible.builtin.assert:
             that:
               - check_frr_daemons_file.stat.exists
-            fail_msg: "File /var/lib/config-data/ansible-generated/frr/etc/frr/daemons does not exist"
+            fail_msg: "File /var/lib/openstack/frr/etc/frr/daemons does not exist"
 
     - name: verify frr BGP and BFD firewall rules are applied
       block:

roles/edpm_frr/tasks/configure.yml

@@ -60,7 +60,7 @@
 
 - name: Configure FRR
   ansible.builtin.template:
-    src: frr.conf.j2
+    src: config/frr.conf.j2
     dest: "{{ edpm_frr_config_basedir }}/etc/frr/frr.conf"
     mode: '0644'
     selevel: s0
@@ -69,7 +69,7 @@
 
 - name: Configure FRR daemons
   ansible.builtin.template:
-    src: daemons.j2
+    src: config/daemons.j2
     dest: "{{ edpm_frr_config_basedir }}/etc/frr/daemons"
     mode: '0644'
     selevel: s0

roles/edpm_frr/tasks/run.yml

@@ -25,6 +25,6 @@
   vars:
     edpm_container_standalone_service: frr
     edpm_container_standalone_container_defs:
-      frr: "{{ lookup('template', 'frr.yaml.j2') | from_yaml }}"
+      frr: "{{ lookup('template', 'container_defs/frr.yaml.j2') | from_yaml }}"
     edpm_container_standalone_kolla_config_files:
-      frr: "{{ lookup('template', 'templates/kolla_config/frr.yaml.j2') | from_yaml }}"
+      frr: "{{ lookup('file', 'kolla_config/frr.yaml') | from_yaml }}"

roles/edpm_frr/tasks/update.yml

@@ -0,0 +1,81 @@
+---
+# Copyright 2023 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+- name: Ensure new config directory exists
+  tags:
+    - update
+    - frr
+  become: true
+  ansible.builtin.file:
+    path: "{{ edpm_frr_config_basedir }}"
+    state: directory
+    setype: "container_file_t"
+    owner: "{{ ansible_user | default(ansible_user_id) }}"
+    group: "{{ ansible_user | default(ansible_user_id) }}"
+    mode: "0755"
+
+- name: Ensure config subdirectory exists
+  tags:
+    - update
+    - frr
+  become: true
+  ansible.builtin.file:
+    path: "{{ edpm_frr_config_basedir }}/etc/frr"
+    state: directory
+    setype: "container_file_t"
+    owner: "{{ ansible_user | default(ansible_user_id) }}"
+    group: "{{ ansible_user | default(ansible_user_id) }}"
+    mode: "0755"
+
+- name: Check if old config directory exists
+  tags:
+    - update
+    - frr
+  ansible.builtin.stat:
+    path: "/var/lib/config-data/ansible-generated/frr"
+  register: edpm_frr_old_config_dir
+
+- name: Move config files from old location to new location
+  tags:
+    - update
+    - frr
+  become: true
+  when:
+    - edpm_frr_old_config_dir.stat.exists
+    - edpm_frr_old_config_dir.stat.isdir
+  block:
+    - name: Find config files in old location
+      ansible.builtin.find:
+        paths: "/var/lib/config-data/ansible-generated/frr"
+        file_type: file
+        recurse: true
+      register: edpm_frr_old_config_files
+
+    - name: Copy config files to new location
+      ansible.builtin.copy:
+        src: "{{ item.path }}"
+        dest: "{{ edpm_frr_config_basedir }}/{{ item.path | regex_replace('^.*/frr/', '') }}"
+        remote_src: true
+        setype: "container_file_t"
+        mode: "0644"
+      loop: "{{ edpm_frr_old_config_files.files }}"
+      when:
+        - edpm_frr_old_config_files.files is defined
+        - edpm_frr_old_config_files.files | length > 0
+
+    - name: Remove old config directory
+      ansible.builtin.file:
+        path: "/var/lib/config-data/ansible-generated/frr"
+        state: absent

roles/edpm_kernel/defaults/main.yml

@@ -32,7 +32,7 @@ edpm_kernel_hugepages: {}
 edpm_kernel_hugepages_remove: false
 
 # This should be synced with edpm_nova_compute role
-edpm_nova_compute_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt
+edpm_nova_compute_config_dir: /var/lib/openstack/nova_libvirt
 
 # KSM control
 edpm_kernel_enable_ksm: false

roles/edpm_kernel/meta/argument_specs.yml

@@ -26,7 +26,7 @@ argument_specs:
         description: Additional sysctl settings.
       edpm_nova_compute_config_dir:
         type: path
-        default: /var/lib/config-data/ansible-generated/nova_libvirt
+        default: /var/lib/openstack/nova_libvirt
         description: This should be synced with edpm_nova_compute role
       edpm_kernel_args:
         type: str

roles/edpm_multipathd/tasks/run.yml

@@ -29,9 +29,9 @@
   vars:
     edpm_container_standalone_service: multipathd
     edpm_container_standalone_container_defs:
-      multipathd: "{{ lookup('template', 'multipathd.yaml.j2') | from_yaml }}"
+      multipathd: "{{ lookup('template', 'container_defs/multipathd.yaml.j2') | from_yaml }}"
     edpm_container_standalone_kolla_config_files:
-      multipathd: "{{ lookup('template', 'kolla_multipathd.yaml.j2') | from_yaml }}"
+      multipathd: "{{ lookup('template', 'kolla_config/kolla_multipathd.yaml.j2') | from_yaml }}"
   register: manage_multipathd_stat
 
 - name: Check if the multipathd container restart is required

roles/edpm_neutron_dhcp/defaults/main.yml

@@ -28,7 +28,7 @@ edpm_neutron_dhcp_images_download_delay: "{{ edpm_download_delay | default(60) }
 edpm_neutron_dhcp_images_download_retries: "{{ edpm_download_retries | default(5) }}"
 
 edpm_neutron_dhcp_agent_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_dhcp_service_name }}"
-edpm_neutron_dhcp_agent_config_dir: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent"
+edpm_neutron_dhcp_agent_config_dir: "/var/lib/openstack/neutron-dhcp-agent"
 edpm_neutron_dhcp_agent_lib_dir: "/var/lib/neutron"
 edpm_neutron_dhcp_image: "quay.io/podified-antelope-centos9/openstack-neutron-dhcp-agent:current-podified"
 

roles/edpm_neutron_dhcp/meta/argument_specs.yml

@@ -19,7 +19,7 @@ argument_specs:
           agent configs.
         type: str
       edpm_neutron_dhcp_agent_config_dir:
-        default: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent"
+        default: "/var/lib/openstack/neutron-dhcp-agent"
         description: |
           The path to the directory containing Neutron DHCP agent config
           files.

roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py

@@ -104,8 +104,8 @@ def test_required_directories_was_created(self):
                 "/var/lib/neutron",
                 "/var/lib/neutron/external/pids/",
                 "/var/lib/neutron/ns-metadata-proxy/",
-                "/var/lib/openstack/config/containers",
-                "/var/lib/config-data/ansible-generated/neutron-dhcp-agent"]:
+                "/var/lib/edpm-config/container-startup-config",
+                "/var/lib/openstack/neutron-dhcp-agent"]:
             assert self.host.file(directory).is_directory
 
     def test_kolla_config_file_was_created(self):
@@ -114,7 +114,7 @@ def test_kolla_config_file_was_created(self):
 
     def test_neutron_dhcp_agent_conf_was_copied_into_container(self):
         assert self.host.file(
-            "/var/lib/config-data/ansible-generated/neutron-dhcp-agent/"
+            "/var/lib/openstack/neutron-dhcp-agent/"
             "10-neutron-dhcp.conf"
         ).exists
 
@@ -234,6 +234,6 @@ def test_dnsmasq_sidecar_container(self):
 
     def test_service_host_is_fqdn(self):
         assert "edpm-0.localdomain" in self.host.run(
-            "cat /var/lib/config-data/ansible-generated/"
+            "cat /var/lib/openstack/"
             "neutron-dhcp-agent/01-neutron-dhcp-agent.conf"
         ).stdout

roles/edpm_neutron_dhcp/tasks/configure.yml

@@ -23,9 +23,9 @@
         setype: "container_file_t"
         mode: "0644"
       loop:
-        - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"}
-        - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"}
-        - {"src": "neutron-dhcp-agent.conf.j2", "dest": "01-neutron-dhcp-agent.conf"}
+        - {"src": "config/neutron.conf.j2", "dest": "01-neutron.conf"}
+        - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"}
+        - {"src": "config/neutron-dhcp-agent.conf.j2", "dest": "01-neutron-dhcp-agent.conf"}
       tags:
         - configure
         - neutron

roles/edpm_neutron_dhcp/tasks/install.yml

@@ -32,7 +32,7 @@
     group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}"
     mode: "{{ item.mode | default(omit) }}"
   loop:
-    - {'path': "/var/lib/openstack/config/containers", "mode": "0750"}
+    - {'path': "/var/lib/edpm-config/container-startup-config", "mode": "0750"}
     - {'path': "/var/lib/neutron", "mode": "0750"}
     - {'path': "{{ edpm_neutron_dhcp_agent_config_dir }}", "mode": "0755"}
     - {'path': "{{ edpm_neutron_dhcp_agent_lib_dir }}", "mode": "0755"}
@@ -46,8 +46,8 @@
 - name: Render neutron-dhcp-agent container
   become: true
   ansible.builtin.template:
-    src: "neutron_dhcp_agent.yaml.j2"
-    dest: "/var/lib/openstack/config/containers/neutron_dhcp_agent.yaml"
+    src: "container_defs/neutron_dhcp_agent.yaml.j2"
+    dest: "/var/lib/edpm-config/container-startup-config/neutron_dhcp_agent.yaml"
     setype: "container_file_t"
     mode: "0644"
   notify:

roles/edpm_neutron_dhcp/tasks/run.yml

@@ -39,6 +39,6 @@
   vars:
     edpm_container_standalone_service: neutron_dhcp
     edpm_container_standalone_container_defs:
-      neutron_dhcp_agent: "{{ lookup('template', 'neutron_dhcp_agent.yaml.j2') | from_yaml }}"
+      neutron_dhcp_agent: "{{ lookup('template', 'container_defs/neutron_dhcp_agent.yaml.j2') | from_yaml }}"
     edpm_container_standalone_kolla_config_files:
-      neutron_dhcp_agent: "{{ lookup('template', 'kolla_config/neutron_dhcp_agent.yaml.j2') | from_yaml }}"
+      neutron_dhcp_agent: "{{ lookup('file', 'kolla_config/neutron_dhcp_agent.yaml') | from_yaml }}"