diff --git a/docs/source/roles/role-edpm_container_manage.rst b/docs/source/roles/role-edpm_container_manage.rst index fa30a264c..c12821e64 100644 --- a/docs/source/roles/role-edpm_container_manage.rst +++ b/docs/source/roles/role-edpm_container_manage.rst @@ -143,7 +143,6 @@ overrides the image setting in one-off. edpm_container_manage_config_patterns: 'haproxy.json' edpm_container_manage_config: "/var/lib/edpm-config/container-startup-config/step_1" edpm_container_manage_config_id: "edpm_step1" - edpm_container_manage_clean_orphans: false edpm_container_manage_config_overrides: haproxy: image: quay.io/edpmmastercentos9/centos-binary-haproxy:hotfix @@ -164,10 +163,11 @@ containers by Ansible. $ ansible-playbook haproxy.yaml --check --diff -The ``edpm_container_manage_clean_orphans`` parameter is optional -and can be set to `false` to not clean orphaned containers for a -config_id. It can be used to manage a single container without -impacting other running containers with same config_id. +.. warning:: + + The ``edpm_container_manage_clean_orphans`` parameter is **deprecated** and will be removed in a future release. + While it still functions, users should migrate to using ``edpm_cleanup_orphaned_containers`` in the + ``edpm_container_standalone`` role instead, which provides better state-file aware orphan cleanup. The ``edpm_container_manage_config_overrides`` parameter is optional and can be used to override a specific container attribute like the image diff --git a/playbooks/cleanup.yml b/playbooks/cleanup.yml new file mode 100644 index 000000000..1112175b6 --- /dev/null +++ b/playbooks/cleanup.yml @@ -0,0 +1,41 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Cleanup EDPM Services + hosts: "{{ edpm_override_hosts | default('all', true) }}" + strategy: linear + gather_facts: "{{ gather_facts | default(false) }}" + any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}" + max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}" + environment: "{{ edpm_playbook_environment | default({}) }}" + tasks: + - name: Display cleanup information + ansible.builtin.debug: + msg: + - "==========================================" + - "Services to keep (from edpm_service_types):" + - "{{ edpm_service_types | default([]) | join(', ') }}" + - "==========================================" + - "This will clean up all services NOT in edpm_service_types:" + - " - Stop and disable systemd services" + - " - Remove containers" + - " - Remove configuration directories" + - " - Update state file" + - "==========================================" + + - name: Cleanup services + ansible.builtin.include_role: + name: osp.edpm.edpm_cleanup diff --git a/playbooks/nova.yml b/playbooks/nova.yml index 2f60736c0..0b56e9e12 100644 --- a/playbooks/nova.yml +++ b/playbooks/nova.yml @@ -2,6 +2,9 @@ - name: Deploy EDPM Nova storage infrastructure ansible.builtin.import_playbook: nova_storage.yml + vars: + edpm_service_name: nova + - name: Deploy EDPM Nova hosts: "{{ edpm_override_hosts | default('all', true) }}" strategy: linear diff --git a/plugins/filter/helpers.py b/plugins/filter/helpers.py index ab1fd509d..871b2e68c 100644 --- a/plugins/filter/helpers.py +++ b/plugins/filter/helpers.py @@ -41,7 +41,7 @@ def needs_delete(self, container_infos, config, config_id, :param container_infos: list :param config: dict :param config_id: string - :param clean_orphans: bool + :param clean_orphans: bool (DEPRECATED - use edpm_cleanup_orphaned_containers instead) :param check_config: bool to whether or not check if config changed :returns: list """ diff --git a/plugins/filter/needs_delete.yml b/plugins/filter/needs_delete.yml deleted file mode 100644 index 95c6bea53..000000000 --- a/plugins/filter/needs_delete.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -DOCUMENTATION: - name: needs_delete - author: "EDPM team" - version_added: 2.9 - short_description: Check which containers need removal - description: | - This filter will check which containers need to be removed for these - reasons: no config_data, updated config_data or container not - part of the global config. -EXAMPLES: | - {{ podman_containers.containers | osp.edpm.needs_delete(config=all_containers_hash, - config_id=edpm_container_manage_config_id, check_config=False, - clean_orphans=True) }} -RETURN: - _value: - description: list of containers to delete - type: list diff --git a/plugins/modules/container_config_hash.py b/plugins/modules/container_config_hash.py index 8fc310768..c806986a6 100644 --- a/plugins/modules/container_config_hash.py +++ b/plugins/modules/container_config_hash.py @@ -55,7 +55,7 @@ description: - Config volume prefix type: str - default: '/var/lib/config-data' + default: '/var/lib/openstack' """ EXAMPLES = """ diff --git a/plugins/modules/edpm_container_manage.py b/plugins/modules/edpm_container_manage.py index 687572ff2..64c86e0c1 100644 --- a/plugins/modules/edpm_container_manage.py +++ b/plugins/modules/edpm_container_manage.py @@ -81,6 +81,13 @@ - Number of podman actions to run at the same time type: int default: 1 + containers: + description: + - List of specific container names to manage + - If empty, all containers matching the pattern will be managed + type: list + elements: str + default: [] debug: description: - Enable debug @@ -127,6 +134,7 @@ def __init__(self, module, results): self.config_dir = args.get('config_dir') self.config_patterns = args.get('config_patterns') self.config_overrides = args['config_overrides'] + self.containers = args.get('containers', []) self.log_base_path = args.get('log_base_path') self.debug = args.get('debug') @@ -155,6 +163,11 @@ def _get_configs(self): self.config_patterns)) for match in matches: name = os.path.splitext(os.path.basename(match))[0] + # Skip if specific containers list provided and this isn't in it + if self.containers and name not in self.containers: + if self.debug: + self.module.debug(f'Skipping {name} - not in containers list') + continue with open(match, 'r') as data: config = json.loads(data.read()) if self.debug: diff --git a/plugins/modules/edpm_nftables_from_files.py b/plugins/modules/edpm_nftables_from_files.py index d3bd4e8e3..d05756848 100644 --- a/plugins/modules/edpm_nftables_from_files.py +++ b/plugins/modules/edpm_nftables_from_files.py @@ -50,7 +50,7 @@ - name: Get nftables rules register: edpm_nftables_rules edpm_nftables_from_files: - src: /var/lib/edpm-config/firewall + src: /var/lib/openstack/firewall """ RETURN = """ diff --git a/plugins/modules/edpm_nftables_snippet.py b/plugins/modules/edpm_nftables_snippet.py index 45bc463f6..835944f4d 100644 --- a/plugins/modules/edpm_nftables_snippet.py +++ b/plugins/modules/edpm_nftables_snippet.py @@ -58,7 +58,7 @@ EXAMPLES = """ - name: Inject snippet for CI edpm_nftables_snippet: - dest: /var/lib/edpm-config/firewall/ci-rules.yaml + dest: /var/lib/openstack/firewall/ci-rules.yaml content: | - rule_name: 010 Allow SSH from everywhere rule: diff --git a/roles/edpm_cleanup/README.md b/roles/edpm_cleanup/README.md new file mode 100644 index 000000000..69af90568 --- /dev/null +++ b/roles/edpm_cleanup/README.md @@ -0,0 +1,263 @@ +# edpm_cleanup Role + +## Overview + +The `edpm_cleanup` role provides a unified mechanism for cleaning up EDPM services and their associated resources. It automatically determines which services to clean up based on `edpm_service_types` - cleaning up all services in the state file that are NOT in `edpm_service_types`. + +## Basic Usage + +### Using the Cleanup Playbook + +The cleanup role automatically cleans up all services that are NOT in `edpm_service_types`. If `edpm_service_types` is empty or not defined, all services will be cleaned up. + +**Keep specific services (cleanup everything else):** +```bash +ansible-playbook playbooks/cleanup.yml \ + -e "edpm_service_types=['nova', 'neutron_metadata']" +``` + +This will keep `nova` and `neutron_metadata`, and clean up all other services. + +**With inventory/vars file:** +```yaml +# group_vars/all/cleanup.yml +edpm_service_types: + - nova + - neutron_metadata + +# Then run: +ansible-playbook playbooks/cleanup.yml +``` + +**Keep only nova:** +```bash +ansible-playbook playbooks/cleanup.yml \ + -e "edpm_service_types=['nova']" +``` + +This will keep only `nova` and clean up all other services, including their containers (e.g., neutron_metadata containers, telemetry containers, etc.). + +**Clean up everything:** +```bash +ansible-playbook playbooks/cleanup.yml \ + -e "edpm_service_types=[]" +``` + +This will clean up all services since `edpm_service_types` is empty. + +### Cleanup During Deployment + +You can also trigger cleanup during a deployment playbook by using the `edpm_cleanup` role: + +```yaml +- hosts: edpm_nodes + vars: + edpm_service_types: + - nova + - neutron_dhcp + roles: + - osp.edpm.edpm_cleanup + - edpm_neutron_ovn +``` + +The cleanup role will clean up all services NOT in `edpm_service_types`. + +## The Cleanup Process + +When you run the cleanup playbook: +1. Reads the state file to get all deployed services +2. Compares with `edpm_service_types` to determine which services to keep +3. Cleans up all services NOT in `edpm_service_types` +4. Displays which services will be cleaned up +5. For each service: + - Reads the state file to get all containers + - Verifies containers have `managed_by=edpm_ansible` label + - For each container: + - Stops and disables systemd service + - Removes healthcheck service and timer + - Removes systemd requires directory + - Removes the container + - Removes container startup config directories + - Runs service-specific cleanup tasks (if available) +6. Updates state file to remove cleaned up services + +## Files and Resources Cleaned Up + +The cleanup process automatically removes: + +**Container-related:** +- Container instances +- Systemd service files (`/etc/systemd/system/edpm_.service`) +- Systemd healthcheck services (`/etc/systemd/system/edpm__healthcheck.service`) +- Systemd healthcheck timers (`/etc/systemd/system/edpm__healthcheck.timer`) +- Systemd requires directories (`/etc/systemd/system/edpm_.service.requires`) + +**Configuration files (automatic cleanup):** +- Container startup config directory and all JSON files within: + - `/var/lib/edpm-config/container-startup-config//` (entire directory) + - Contains all `.json` files for the service +- Kolla config files for each container: + - `/var/lib/kolla/config_files/.json` (one per container) +- Healthcheck scripts: + - `/var/lib/openstack/healthchecks/` +- Service config directories: + - `/var/lib/openstack/` + +**Configurable:** +- Additional paths can be cleaned up via `edpm_cleanup_generic_paths` +- Each path supports `__SERVICE_NAME__` placeholder that gets replaced with the actual service name + +**Service-specific cleanup (optional):** +- Services can provide a `tasks/cleanup.yml` file in their role to clean up additional resources +- Examples: data directories, certificates, logs, etc. + +## Configuration Variables + +### Required Variables + +- `edpm_service_types`: List of service names to keep (all others will be cleaned up) + +### Optional Variables + +```yaml +# Generic container variables (shared across roles) +edpm_container_state_file: /var/lib/edpm-config/deployed_services.yaml +edpm_container_startup_config_dir: /var/lib/edpm-config/container-startup-config +edpm_container_kolla_config_dir: /var/lib/kolla/config_files + +# Remove container startup config directories during cleanup +edpm_cleanup_remove_config_dirs: true + +# Remove containers with managed_by=edpm_ansible label that are not tracked in state file +edpm_cleanup_orphaned_containers: false + +# Generic paths to clean up per service +# Use __SERVICE_NAME__ as a placeholder that will be replaced during cleanup +edpm_cleanup_generic_paths: + - "/var/lib/openstack/healthchecks/__SERVICE_NAME__" + - "/var/lib/openstack/__SERVICE_NAME__" +``` + +## Custom Cleanup Paths + +Add custom paths to clean up per service: + +```yaml +edpm_cleanup_generic_paths: + - "/var/lib/openstack/healthchecks/__SERVICE_NAME__" + - "/var/lib/openstack/__SERVICE_NAME__" + - "/var/log/containers/__SERVICE_NAME__" + - "/etc/__SERVICE_NAME__/custom-config" +``` + +The `__SERVICE_NAME__` placeholder is automatically replaced with the actual service name during cleanup. + +## Service-Specific Cleanup + +Services can provide a `tasks/cleanup.yml` file in their role to clean up additional resources: + +```yaml +# roles/edpm_myservice/tasks/cleanup.yml +--- +- name: Remove service-specific data + become: true + ansible.builtin.file: + path: "{{ item }}" + state: absent + loop: + - /var/cache/myservice + - /etc/pki/myservice/special-cert.pem +``` + +The cleanup role will automatically look for and execute `tasks/cleanup.yml` in each service's role directory if it exists. + +## Orphaned Container Cleanup + +**What are orphaned containers?** +Containers with `managed_by=edpm_ansible` label that are not tracked in the state file. These can occur due to: +- Failed deployments +- Manual state file modifications +- Bugs or migration issues + +**Enable orphaned cleanup:** +```yaml +edpm_cleanup_orphaned_containers: true +``` + +**How it works:** +1. Queries all containers with `managed_by=edpm_ansible` label +2. Compares against containers tracked in state file +3. Removes any containers not found in state file +4. Logs the list of orphaned containers before removal + +**Use Cases:** +- Cleaning up after failed migrations +- Removing containers from manual testing +- Recovering from state file corruption +- General cleanup of untracked resources + +## Container Label Requirements + +Cleanup only removes containers with the `managed_by=edpm_ansible` label. This label is automatically added by the `edpm_container_manage` role. + +All containers also include: +- `container_name=` +- `config_data=` (full definition) + +## Migrating from edpm_container_manage Cleanup + +The old `edpm_container_manage_clean_orphans` feature is **deprecated**. Migrate to using `edpm_cleanup_orphaned_containers` in the `edpm_cleanup` role instead: + +**Old approach (deprecated):** +```yaml +edpm_container_manage_clean_orphans: true +``` + +**New approach:** +```yaml +edpm_cleanup_orphaned_containers: true +``` + +Benefits of the new approach: +- State-file aware (knows which containers should exist) +- Better logging and visibility +- Unified cleanup mechanism +- More granular control + +## Examples + +### Cleanup All Services Except Nova + +```yaml +- hosts: edpm_nodes + vars: + edpm_service_types: + - nova + roles: + - osp.edpm.edpm_cleanup +``` + +### Cleanup During Deployment + +```yaml +- hosts: edpm_nodes + vars: + edpm_service_types: + - nova + - neutron_dhcp + roles: + - osp.edpm.edpm_cleanup # Clean up first + - osp.edpm.edpm_neutron_ovn # Then deploy +``` + +### Cleanup with Orphaned Container Removal + +```yaml +- hosts: edpm_nodes + vars: + edpm_service_types: + - nova + edpm_cleanup_orphaned_containers: true + roles: + - osp.edpm.edpm_cleanup +``` diff --git a/roles/edpm_cleanup/defaults/main.yml b/roles/edpm_cleanup/defaults/main.yml new file mode 100644 index 000000000..843ad8d96 --- /dev/null +++ b/roles/edpm_cleanup/defaults/main.yml @@ -0,0 +1,36 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# All variables intended for modification should be placed in this file. +# All variables within this role should have a prefix of "edpm_cleanup" + +# Generic container variables (shared across roles) +# These defaults ensure the cleanup role can work independently +edpm_container_state_file: /var/lib/edpm-config/deployed_services.yaml +edpm_container_startup_config_dir: /var/lib/edpm-config/container-startup-config +edpm_container_kolla_config_dir: /var/lib/kolla/config_files + +# Remove container startup config directories during cleanup +edpm_cleanup_remove_config_dirs: true + +# Remove containers with managed_by=edpm_ansible label that are not tracked in state file +edpm_cleanup_orphaned_containers: false + +# Generic paths to clean up per service +# Use __SERVICE_NAME__ as a placeholder that will be replaced during cleanup +edpm_cleanup_generic_paths: + - "/var/lib/openstack/healthchecks/__SERVICE_NAME__" + - "/var/lib/openstack/__SERVICE_NAME__" diff --git a/roles/edpm_cleanup/meta/argument_specs.yml b/roles/edpm_cleanup/meta/argument_specs.yml new file mode 100644 index 000000000..4bcf4f1ed --- /dev/null +++ b/roles/edpm_cleanup/meta/argument_specs.yml @@ -0,0 +1,59 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +argument_specs: + main: + short_description: Cleanup EDPM services + description: | + This role provides cleanup functionality for EDPM containerized services. + It removes containers, configuration directories, and updates the state file. + author: + - "EDPM team" + options: + edpm_container_state_file: + default: /var/lib/edpm-config/deployed_services.yaml + description: Path to state file tracking deployed services + type: path + edpm_container_startup_config_dir: + default: /var/lib/edpm-config/container-startup-config + description: Directory for container startup configs + type: path + edpm_container_kolla_config_dir: + default: /var/lib/kolla/config_files + description: Directory for kolla config files + type: path + edpm_cleanup_remove_config_dirs: + default: true + description: | + Remove container startup config directories during cleanup. + Deletes /var/lib/edpm-config/container-startup-config// + including all *.json container definition files within it. + type: bool + edpm_cleanup_orphaned_containers: + default: false + description: | + Remove containers with managed_by=edpm_ansible label that are not tracked in state file. + Use with caution - only enable if you want to clean up orphaned containers. + type: bool + edpm_cleanup_generic_paths: + default: + - "/var/lib/openstack/healthchecks/__SERVICE_NAME__" + - "/var/lib/openstack/__SERVICE_NAME__" + description: >- + List of generic file/directory paths to clean up per service. + Use __SERVICE_NAME__ as a placeholder for the service name. + type: list + elements: str diff --git a/roles/edpm_cleanup/meta/main.yml b/roles/edpm_cleanup/meta/main.yml new file mode 100644 index 000000000..ab172aa0c --- /dev/null +++ b/roles/edpm_cleanup/meta/main.yml @@ -0,0 +1,32 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +galaxy_info: + author: OpenStack + description: EDPM OpenStack Role -- edpm_cleanup + company: Red Hat + license: Apache-2.0 + min_ansible_version: '2.9' + namespace: openstack + platforms: + - name: 'EL' + versions: + - '8' + - '9' + galaxy_tags: + - edpm + +dependencies: [] diff --git a/roles/edpm_cleanup/molecule/default/collections.yml b/roles/edpm_cleanup/molecule/default/collections.yml new file mode 100644 index 000000000..424ad60b8 --- /dev/null +++ b/roles/edpm_cleanup/molecule/default/collections.yml @@ -0,0 +1,3 @@ +--- +collections: +- name: community.general diff --git a/roles/edpm_cleanup/molecule/default/converge.yml b/roles/edpm_cleanup/molecule/default/converge.yml new file mode 100644 index 000000000..f62c8b580 --- /dev/null +++ b/roles/edpm_cleanup/molecule/default/converge.yml @@ -0,0 +1,308 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Deploy first service + hosts: all + gather_facts: false + pre_tasks: + - name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + + - name: Set basic user fact + ansible.builtin.set_fact: + ansible_user: "{{ ansible_user_id | default(lookup('env', 'USER')) }}" + when: + - ansible_user is undefined + vars: + edpm_container_standalone_service: test_service1 + edpm_container_standalone_container_defs: + test_service1_container: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service1_container: + command: 'sleep 3600' + roles: + - role: "osp.edpm.edpm_container_standalone" + post_tasks: + - name: Verify test_service1_container is running + command: podman container exists test_service1_container + changed_when: false + +- name: Deploy second service + hosts: all + gather_facts: false + vars: + edpm_container_standalone_service: test_service2 + edpm_container_standalone_container_defs: + test_service2_container: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service2_container: + command: 'sleep 3600' + roles: + - role: "osp.edpm.edpm_container_standalone" + post_tasks: + - name: Verify test_service2_container is running + command: podman container exists test_service2_container + changed_when: false + +- name: Verify both services are in state file + hosts: all + gather_facts: false + tasks: + - name: Read deployed services state file + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file + + - name: Parse state data + ansible.builtin.set_fact: + _state_data: "{{ _state_file.content | b64decode | from_yaml }}" + + - name: Verify both services are tracked + ansible.builtin.assert: + that: + - "'test_service1' in _state_data.services" + - "'test_service2' in _state_data.services" + - "'test_service1_container' in _state_data.services.test_service1.containers" + - "'test_service2_container' in _state_data.services.test_service2.containers" + fail_msg: "Both services should be tracked in state file" + success_msg: "Both services are properly tracked" + +- name: Cleanup first service (keep only test_service2) + hosts: all + gather_facts: false + vars: + edpm_service_types: + - test_service2 + roles: + - role: osp.edpm.edpm_cleanup + +- name: Verify cleanup worked correctly + hosts: all + gather_facts: false + tasks: + - name: Check if test_service1_container still exists + command: podman container exists test_service1_container + register: _service1_check + failed_when: false + changed_when: false + + - name: Check if test_service2_container still exists + command: podman container exists test_service2_container + register: _service2_check + failed_when: false + changed_when: false + + - name: Verify test_service1_container was removed + ansible.builtin.assert: + that: + - _service1_check.rc != 0 + fail_msg: "test_service1_container should have been removed" + success_msg: "test_service1_container was successfully removed" + + - name: Verify test_service2_container still exists + ansible.builtin.assert: + that: + - _service2_check.rc == 0 + fail_msg: "test_service2_container should still exist" + success_msg: "test_service2_container still exists as expected" + + - name: Read state file after cleanup + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file_after + + - name: Parse state data after cleanup + ansible.builtin.set_fact: + _state_data_after: "{{ _state_file_after.content | b64decode | from_yaml }}" + + - name: Verify state file was updated + ansible.builtin.assert: + that: + - "'test_service1' not in _state_data_after.services" + - "'test_service2' in _state_data_after.services" + fail_msg: "State file should have test_service1 removed but test_service2 present" + success_msg: "State file correctly updated after cleanup" + +- name: Deploy service with multiple containers + hosts: all + gather_facts: false + vars: + edpm_container_standalone_service: test_service3 + edpm_container_standalone_container_defs: + test_service3_container_a: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + test_service3_container_b: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service3_container_a: + command: 'sleep 3600' + test_service3_container_b: + command: 'sleep 3600' + roles: + - role: osp.edpm.edpm_container_standalone + post_tasks: + - name: Verify both containers are running + command: "podman container exists {{ item }}" + changed_when: false + loop: + - test_service3_container_a + - test_service3_container_b + + - name: Read state file + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file_initial + + - name: Parse state data + ansible.builtin.set_fact: + _state_data_initial: "{{ _state_file_initial.content | b64decode | from_yaml }}" + + - name: Verify both containers are tracked + ansible.builtin.assert: + that: + - "'test_service3' in _state_data_initial.services" + - "'test_service3_container_a' in _state_data_initial.services.test_service3.containers" + - "'test_service3_container_b' in _state_data_initial.services.test_service3.containers" + fail_msg: "Both containers should be tracked in state file" + success_msg: "Both containers are properly tracked" + +- name: Update service - remove container_b and add container_c + hosts: all + gather_facts: false + vars: + edpm_container_standalone_service: test_service3 + edpm_container_standalone_container_defs: + test_service3_container_a: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + test_service3_container_c: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service3_container_a: + command: 'sleep 3600' + test_service3_container_c: + command: 'sleep 3600' + roles: + - role: osp.edpm.edpm_container_standalone + tasks: + - name: Cleanup orphaned containers (will remove container_b) + ansible.builtin.include_role: + name: osp.edpm.edpm_cleanup + vars: + edpm_service_types: + - test_service3 + edpm_cleanup_orphaned_containers: true + post_tasks: + - name: Check if container_a still exists + command: podman container exists test_service3_container_a + register: _container_a_check + failed_when: false + changed_when: false + + - name: Check if container_b still exists (should be removed) + command: podman container exists test_service3_container_b + register: _container_b_check + failed_when: false + changed_when: false + + - name: Check if container_c exists (should be new) + command: podman container exists test_service3_container_c + register: _container_c_check + failed_when: false + changed_when: false + + - name: Verify container_a still exists + ansible.builtin.assert: + that: + - _container_a_check.rc == 0 + fail_msg: "test_service3_container_a should still exist" + success_msg: "test_service3_container_a exists as expected" + + - name: Verify container_b was removed + ansible.builtin.assert: + that: + - _container_b_check.rc != 0 + fail_msg: "test_service3_container_b should have been removed" + success_msg: "test_service3_container_b was successfully removed" + + - name: Verify container_c was created + ansible.builtin.assert: + that: + - _container_c_check.rc == 0 + fail_msg: "test_service3_container_c should exist" + success_msg: "test_service3_container_c exists as expected" + + - name: Read state file after update + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file_updated + + - name: Parse updated state data + ansible.builtin.set_fact: + _state_data_updated: "{{ _state_file_updated.content | b64decode | from_yaml }}" + + - name: Verify state file reflects the update + ansible.builtin.assert: + that: + - "'test_service3' in _state_data_updated.services" + - "'test_service3_container_a' in _state_data_updated.services.test_service3.containers" + - "'test_service3_container_b' not in _state_data_updated.services.test_service3.containers" + - "'test_service3_container_c' in _state_data_updated.services.test_service3.containers" + fail_msg: >- + State file should have container_a and container_c but not container_b + success_msg: "State file correctly reflects the updated service" diff --git a/roles/edpm_cleanup/molecule/default/molecule.yml b/roles/edpm_cleanup/molecule/default/molecule.yml new file mode 100644 index 000000000..a34a25ca2 --- /dev/null +++ b/roles/edpm_cleanup/molecule/default/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + options: + role-file: collections.yml +driver: + name: podman +platforms: +- command: /sbin/init + dockerfile: ../../../../molecule/common/Containerfile.j2 + image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} + name: instance + privileged: true + registry: + url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} + ulimits: + - host +provisioner: + log: true + name: ansible +scenario: + test_sequence: + - dependency + - destroy + - create + - prepare + - converge + - verify + - destroy +verifier: + name: ansible diff --git a/roles/edpm_cleanup/molecule/default/prepare.yml b/roles/edpm_cleanup/molecule/default/prepare.yml new file mode 100644 index 000000000..76c2dea8a --- /dev/null +++ b/roles/edpm_cleanup/molecule/default/prepare.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Prepare test_deps + hosts: all + gather_facts: false + roles: + - role: ../../../../molecule/common/test_deps + test_deps_extra_packages: + - podman + test_deps_setup_edpm: true + test_deps_setup_stream: true +- name: Prepare + hosts: all + gather_facts: false + become: true + roles: + - role: osp.edpm.env_data diff --git a/roles/edpm_cleanup/tasks/cleanup_services.yml b/roles/edpm_cleanup/tasks/cleanup_services.yml new file mode 100644 index 000000000..9575f38cd --- /dev/null +++ b/roles/edpm_cleanup/tasks/cleanup_services.yml @@ -0,0 +1,133 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Check if state file exists + ansible.builtin.stat: + path: "{{ edpm_container_state_file }}" + register: _edpm_cleanup_state_file_stat + +- name: Fail if state file doesn't exist + ansible.builtin.fail: + msg: "State file {{ edpm_container_state_file }} not found. Cannot proceed with cleanup." + when: not _edpm_cleanup_state_file_stat.stat.exists + +- name: Read state file + ansible.builtin.slurp: + src: "{{ edpm_container_state_file }}" + register: _edpm_cleanup_state_file_content + +- name: Parse state file data + ansible.builtin.set_fact: + _edpm_cleanup_state_data: >- + {{ + (_edpm_cleanup_state_file_content.content | b64decode | from_yaml | default({})) | + combine({'services': {}}, recursive=True) + }} + +- name: Determine services to clean up (services in state file not in edpm_service_types) + ansible.builtin.set_fact: + _edpm_services_to_cleanup: >- + {{ + _edpm_cleanup_state_data.services.keys() | default([]) | + difference(edpm_service_types | default([])) | + list + }} + +- name: Cleanup each service + ansible.builtin.include_tasks: cleanup_single_service.yml + loop: "{{ _edpm_services_to_cleanup }}" + loop_control: + loop_var: _edpm_cleanup_service_name + when: + - _edpm_services_to_cleanup | length > 0 + - _edpm_cleanup_service_name in _edpm_cleanup_state_data.services.keys() + +- name: Remove services from state file + when: + - _edpm_services_to_cleanup | length > 0 + block: + - name: Initialize filtered services dict + ansible.builtin.set_fact: + _edpm_cleanup_services_filtered: {} + + - name: Add services to filtered dict (exclude services to remove) + ansible.builtin.set_fact: + _edpm_cleanup_services_filtered: >- + {{ + _edpm_cleanup_services_filtered | combine({ + item.key: item.value + }) + }} + loop: "{{ _edpm_cleanup_state_data.services | dict2items }}" + when: item.key not in _edpm_services_to_cleanup + + - name: Update state data with filtered services + ansible.builtin.set_fact: + _edpm_cleanup_state_data: + services: "{{ _edpm_cleanup_services_filtered }}" + + - name: Write updated state file + become: true + ansible.builtin.copy: + content: "{{ _edpm_cleanup_state_data | to_nice_yaml }}" + dest: "{{ edpm_container_state_file }}" + mode: '0644' + +- name: Cleanup orphaned containers + when: edpm_cleanup_orphaned_containers | bool + block: + - name: Get all edpm_ansible managed containers + become: true + containers.podman.podman_container_info: + register: _edpm_all_containers + + - name: Build list of tracked container names + ansible.builtin.set_fact: + _edpm_tracked_containers: >- + {{ + _edpm_cleanup_state_data.services.values() | + map(attribute='containers') | + flatten | + list + }} + + - name: Build list of managed containers + ansible.builtin.set_fact: + _edpm_all_managed_containers: [] + + - name: Filter managed containers + ansible.builtin.set_fact: + _edpm_all_managed_containers: "{{ _edpm_all_managed_containers + [item.Name] }}" + loop: "{{ _edpm_all_containers.containers | default([]) }}" + when: + - item['Config'] is defined + - item['Config']['Labels'] is defined + - item['Config']['Labels']['managed_by'] is defined + - item['Config']['Labels']['managed_by'] == 'edpm_ansible' + + - name: Identify orphaned containers + ansible.builtin.set_fact: + _edpm_orphaned_containers: "{{ _edpm_all_managed_containers | difference(_edpm_tracked_containers) }}" + + - name: Remove orphaned containers + ansible.builtin.include_role: + name: edpm_container_rm + vars: + edpm_containers_to_rm: ["{{ _edpm_orphaned_container }}"] + loop: "{{ _edpm_orphaned_containers }}" + loop_control: + loop_var: _edpm_orphaned_container + when: _edpm_orphaned_containers | length > 0 diff --git a/roles/edpm_cleanup/tasks/cleanup_single_service.yml b/roles/edpm_cleanup/tasks/cleanup_single_service.yml new file mode 100644 index 000000000..f11e6810f --- /dev/null +++ b/roles/edpm_cleanup/tasks/cleanup_single_service.yml @@ -0,0 +1,73 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Get containers for service from state file + ansible.builtin.set_fact: + _edpm_cleanup_service_containers: "{{ _edpm_cleanup_state_data.services[_edpm_cleanup_service_name].containers | default([]) }}" + +- name: Query and verify containers before removal + become: true + containers.podman.podman_container_info: + name: "{{ _edpm_cleanup_service_containers }}" + register: _edpm_cleanup_container_info + failed_when: false + +- name: Remove each container + ansible.builtin.include_role: + name: edpm_container_rm + vars: + edpm_containers_to_rm: ["{{ item.Name }}"] + loop: "{{ _edpm_cleanup_container_info.containers | default([]) }}" + when: + - item['Config'] is defined + - item['Config']['Labels'] is defined + - item['Config']['Labels']['managed_by'] is defined + - item['Config']['Labels']['managed_by'] == 'edpm_ansible' + +- name: Remove container startup config directory and all JSON files + ansible.builtin.file: + path: "{{ edpm_container_startup_config_dir }}/{{ _edpm_cleanup_service_name }}" + state: absent + when: edpm_cleanup_remove_config_dirs | bool + # This removes /var/lib/edpm-config/container-startup-config// + # including all *.json container definition files within it + +- name: Remove generic service files and directories + become: true + ansible.builtin.file: + path: "{{ item | replace('__SERVICE_NAME__', _edpm_cleanup_service_name) }}" + state: absent + loop: "{{ edpm_cleanup_generic_paths }}" + +- name: Remove kolla config files for each container + become: true + ansible.builtin.file: + path: "{{ edpm_container_kolla_config_dir }}/{{ item }}.json" + state: absent + loop: "{{ _edpm_cleanup_service_containers }}" + +- name: Check for service-specific cleanup tasks + ansible.builtin.stat: + path: "{{ role_path }}/../edpm_{{ _edpm_cleanup_service_name }}/tasks/cleanup.yml" + register: _edpm_service_cleanup_task + delegate_to: localhost + +- name: Run service-specific cleanup if available + ansible.builtin.include_role: + name: "osp.edpm.edpm_{{ _edpm_cleanup_service_name }}" + tasks_from: cleanup.yml + when: + - _edpm_service_cleanup_task.stat.exists diff --git a/roles/edpm_cleanup/tasks/main.yml b/roles/edpm_cleanup/tasks/main.yml new file mode 100644 index 000000000..2af0710f3 --- /dev/null +++ b/roles/edpm_cleanup/tasks/main.yml @@ -0,0 +1,18 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Cleanup services + ansible.builtin.include_tasks: cleanup_services.yml diff --git a/roles/edpm_container_manage/defaults/main.yml b/roles/edpm_container_manage/defaults/main.yml index 10b4fc1d5..5e9eb317f 100644 --- a/roles/edpm_container_manage/defaults/main.yml +++ b/roles/edpm_container_manage/defaults/main.yml @@ -17,6 +17,9 @@ # All variables intended for modification should place placed in this file. edpm_container_manage_hide_sensitive_logs: "{{ hide_sensitive_logs | default(true) }}" +# DEPRECATED: This functionality still works but is deprecated. +# Orphan cleanup should now be done via edpm_cleanup_orphaned_containers in edpm_container_standalone role. +# This variable will be removed in a future release. edpm_container_manage_clean_orphans: true # All variables within this role should have a prefix of "edpm_container_manage" @@ -27,6 +30,7 @@ edpm_container_manage_config: "/var/lib/edpm-config/" edpm_container_manage_config_id: edpm edpm_container_manage_config_overrides: {} edpm_container_manage_config_patterns: '*.json' +edpm_container_manage_containers: [] # If set, only manage these specific containers edpm_container_manage_healthcheck_disabled: false edpm_container_manage_log_path: '/var/log/containers/stdouts' # DEPRECATED: ignored, services log to journald edpm_container_manage_systemd_teardown: true diff --git a/roles/edpm_container_manage/meta/argument_specs.yml b/roles/edpm_container_manage/meta/argument_specs.yml index 6755b0c53..a4ba9e6eb 100644 --- a/roles/edpm_container_manage/meta/argument_specs.yml +++ b/roles/edpm_container_manage/meta/argument_specs.yml @@ -10,6 +10,10 @@ argument_specs: edpm_container_manage_clean_orphans: type: bool default: true + description: >- + DEPRECATED: Still functional but deprecated. + Use edpm_cleanup_orphaned_containers in edpm_container_standalone role instead. + Will be removed in future release. edpm_container_manage_update_config_hash: type: bool default: true @@ -31,6 +35,13 @@ argument_specs: edpm_container_manage_config_patterns: type: str default: '*.json' + edpm_container_manage_containers: + type: list + elements: str + default: [] + description: >- + List of specific container names to manage. + If empty, all containers matching the pattern will be managed. edpm_container_manage_healthcheck_disabled: type: bool default: false diff --git a/roles/edpm_container_manage/tasks/create.yml b/roles/edpm_container_manage/tasks/create.yml index 03aa32a44..c79707159 100644 --- a/roles/edpm_container_manage/tasks/create.yml +++ b/roles/edpm_container_manage/tasks/create.yml @@ -20,6 +20,7 @@ config_dir: "{{ edpm_container_manage_config }}" config_patterns: "{{ edpm_container_manage_config_patterns }}" config_overrides: "{{ edpm_container_manage_config_overrides }}" + containers: "{{ edpm_container_manage_containers }}" concurrency: "{{ edpm_container_manage_concurrency }}" - name: Check if /etc/sysconfig/podman_drop_in exists diff --git a/roles/edpm_container_manage/tasks/delete_orphan.yml b/roles/edpm_container_manage/tasks/delete_orphan.yml index b0505e051..8e7967aeb 100644 --- a/roles/edpm_container_manage/tasks/delete_orphan.yml +++ b/roles/edpm_container_manage/tasks/delete_orphan.yml @@ -14,6 +14,9 @@ # License for the specific language governing permissions and limitations # under the License. +# DEPRECATED: This functionality is deprecated and will be removed in a future release. +# Use edpm_cleanup_orphaned_containers in edpm_container_standalone role instead. + - name: Gather podman infos containers.podman.podman_container_info: {} register: podman_containers diff --git a/roles/edpm_container_manage/tasks/main.yml b/roles/edpm_container_manage/tasks/main.yml index bd1ce0376..b6b193cea 100644 --- a/roles/edpm_container_manage/tasks/main.yml +++ b/roles/edpm_container_manage/tasks/main.yml @@ -23,9 +23,24 @@ config_pattern: "{{ edpm_container_manage_config_patterns }}" config_overrides: "{{ edpm_container_manage_config_overrides }}" register: container_configuration - - name: Finalise hashes for all containers + + - name: Initialize all_containers_hash for this invocation + ansible.builtin.set_fact: + all_containers_hash: {} + when: edpm_container_manage_containers | length > 0 + + - name: Filter configs if container list provided + ansible.builtin.set_fact: + all_containers_hash: "{{ all_containers_hash | combine({item: container_configuration.configs[item]}) }}" + loop: "{{ edpm_container_manage_containers }}" + when: + - edpm_container_manage_containers | length > 0 + - item in container_configuration.configs + + - name: Use all configs if no filter ansible.builtin.set_fact: all_containers_hash: "{{ container_configuration.configs }}" + when: edpm_container_manage_containers | length == 0 - name: "Manage containers from {{ edpm_container_manage_config }}" when: @@ -37,7 +52,7 @@ container_config_hash: when: - edpm_container_manage_update_config_hash|bool - - name: "Delete orphan containers from {{ edpm_container_manage_config }}" + - name: Delete orphan containers (DEPRECATED) ansible.builtin.include_tasks: delete_orphan.yml when: - edpm_container_manage_clean_orphans|bool diff --git a/roles/edpm_container_quadlet/tasks/main.yml b/roles/edpm_container_quadlet/tasks/main.yml index ec3642aa3..495317c87 100644 --- a/roles/edpm_container_quadlet/tasks/main.yml +++ b/roles/edpm_container_quadlet/tasks/main.yml @@ -43,7 +43,7 @@ - name: "Render container definitions: [{{ edpm_container_quadlet_service }} ]" become: true ansible.builtin.template: - src: "templates/service-quadlet-template.yaml.j2" + src: "service-quadlet-template.yaml.j2" dest: "{{ edpm_container_quadlet_systemd_config_dir }}/{{ edpm_container_quadlet_service }}.yaml" mode: "0644" # NOTE(tkajinam): Some containers can contain secrets in their environments. diff --git a/roles/edpm_container_standalone/README.md b/roles/edpm_container_standalone/README.md new file mode 100644 index 000000000..eea2409c6 --- /dev/null +++ b/roles/edpm_container_standalone/README.md @@ -0,0 +1,307 @@ +# edpm_container_standalone Role + +## Overview + +The `edpm_container_standalone` role provides a unified interface for deploying and managing containerized services in EDPM. It wraps the lower-level `edpm_container_manage` role with additional features including: + +- **Automatic state tracking** of deployed services +- **Service lifecycle management** (deployment) +- **Container grouping** under logical service names +- **Atomic state file operations** for safe concurrent deployments + +**Key Concept:** Services are defined at the playbook level, not the role level. When a playbook deploys multiple roles, they can all be tracked under a single service name for unified lifecycle management. + +## Basic Usage + +### Deploying a Simple Service + +```yaml +- name: Deploy my service + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: myservice + edpm_container_standalone_container_defs: + myservice_container: + image: quay.io/myorg/myservice:latest + command: /usr/bin/myservice-server + net: host + privileged: false + restart: always + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + myservice_container: + command: /usr/bin/myservice-server + config_files: + - source: /var/lib/kolla/config_files/myservice.conf + dest: /etc/myservice/myservice.conf + owner: myservice + perm: "0600" +``` + +This will: +1. Create kolla configuration files in `/var/lib/kolla/config_files/` +2. Create container definition JSON in `/var/lib/edpm-config/container-startup-config/myservice/` +3. Use `edpm_container_manage` to create and start the container +4. Register the service in the state file +5. Create systemd services for the container + +### Required Variables + +- `edpm_container_standalone_service`: Service name (used for directory naming) +- `edpm_container_standalone_container_defs`: Dictionary of container definitions +- `edpm_container_standalone_kolla_config_files`: Kolla configuration per container + +### Optional Variables + +- `edpm_service_name`: Override service name for state tracking (enables container grouping) +- `edpm_container_state_append`: Append containers to existing service (default: false) +- `edpm_container_track_state`: Enable state tracking (default: true) + +## State File Tracking + +The `edpm_container_standalone` role automatically tracks deployed services in `/var/lib/edpm-config/deployed_services.yaml`. + +**Key Concept:** Services are defined at the playbook level, not the role level. A service like "nova" includes all containers deployed by the nova.yml playbook, including dependencies like iscsid and multipathd. + +### Automatic Registration + +When a role uses `edpm_container_standalone`, its containers are automatically registered in the state file: + +```yaml +- name: Deploy my service + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: myservice + edpm_container_standalone_container_defs: + myservice_container1: {...} + myservice_container2: {...} +``` + +This creates an entry in the state file: +```yaml +services: + myservice: + containers: + - myservice_container1 + - myservice_container2 + last_updated: "2025-10-30T10:00:00Z" +``` + +## Grouping Containers Under a Service + +To group multiple containers under a single service, set the `edpm_service_name` variable. All containers will be registered under this service name instead of their individual container names. + +### Example: Grouping Nova Containers + +```yaml +# In roles/edpm_nova/tasks/install.yml + +- name: Deploy nova init container + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: "nova_compute_init" + edpm_service_name: "{{ edpm_nova_service_name }}" # Group under "nova" + edpm_container_standalone_container_defs: + nova_compute_init: {...} + +- name: Deploy nova compute container + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: "nova_compute" + edpm_service_name: "{{ edpm_nova_service_name }}" # Group under "nova" + edpm_container_standalone_container_defs: + nova_compute: {...} +``` + +This results in: +```yaml +services: + nova: + containers: + - nova_compute_init + - nova_compute + last_updated: "2025-10-30T10:00:00Z" +``` + +## Real World Example: Nova Service + +The `nova.yml` playbook demonstrates how to group containers from multiple roles under one service: + +```yaml +# playbooks/nova.yml +- name: Deploy EDPM Nova storage infrastructure + ansible.builtin.import_playbook: nova_storage.yml + vars: + edpm_service_name: nova # All storage containers belong to "nova" service + +- name: Deploy EDPM Nova + hosts: all + tasks: + - name: Deploy EDPM Nova + ansible.builtin.import_role: + name: osp.edpm.edpm_nova +``` + +The storage roles (iscsid, multipathd, nvmeof) inherit `edpm_service_name: nova` from the playbook import. +The nova role explicitly sets `edpm_service_name: "{{ edpm_nova_service_name }}"` (which defaults to "nova"). + +This creates ONE service "nova" containing ALL containers: +```yaml +services: + nova: + containers: + - iscsid # From edpm_iscsid + - multipathd # From edpm_multipathd + - nvmeof # From edpm_nvmeof + - nova_compute_init # From edpm_nova + - nova_compute # From edpm_nova + - nova_nvme_cleaner # From edpm_nova (if enabled) + last_updated: "2025-10-30T15:00:00Z" +``` + +## Configuration Variables + +### In roles/edpm_container_standalone/defaults/main.yml: + +```yaml +# State file tracking +edpm_container_track_state: true +edpm_container_state_file: /var/lib/edpm-config/deployed_services.yaml + +# Service name - if set, containers are grouped under this service +# edpm_service_name: "" # Optional: defaults to edpm_container_standalone_service +``` + +## How It Works + +### Without `edpm_service_name` +Each container is tracked separately: +```yaml +services: + nova_compute: + containers: [nova_compute] + nova_compute_init: + containers: [nova_compute_init] + iscsid: + containers: [iscsid] +``` + +### With `edpm_service_name: nova` +All containers are grouped under "nova": +```yaml +services: + nova: + containers: [nova_compute, nova_compute_init, iscsid] +``` + +The state tracking logic: +- If `edpm_service_name` is set and different from `edpm_container_standalone_service`, containers are **appended** to the service +- If `edpm_service_name` is not set, the container is registered as its own service + +## Implementation Details + +### State File Management + +The state file operations are handled using standard Ansible tasks: + +**Features:** +- Read state file using `ansible.builtin.slurp` +- Parse YAML content using `from_yaml` filter +- Update state data using `ansible.builtin.set_fact` +- Write updated state file using `ansible.builtin.copy` +- Supports adding services and appending containers to existing services +- Handles empty or missing state files gracefully + +**Implementation:** +The state file updates are handled in `tasks/state_file_update.yml` which: +1. Reads the current state file (if it exists) +2. Parses the YAML content +3. Updates the service entry with container information +4. Writes the updated state file atomically + +**Example usage:** +```yaml +- name: Update service state file + ansible.builtin.include_tasks: state_file_update.yml + vars: + _edpm_service_name: nova + edpm_container_standalone_container_defs: + nova_compute: {...} + nova_compute_init: {...} + edpm_container_state_append: false # Set true to append containers +``` + +### Race Condition Prevention + +The state file updates use standard Ansible tasks. While file locking is not explicitly implemented, Ansible's task execution model provides some protection: + +- **Sequential Execution**: Ansible executes tasks sequentially within a playbook run +- **Idempotency**: The state file operations are designed to be idempotent +- **Directory Safety**: The state file directory is created if it doesn't exist + +Note: For environments with concurrent playbook executions, consider implementing additional synchronization mechanisms if needed. + +## Implementing for Other Services + +To add state tracking to your playbook: + +1. **Set service name in playbook** when importing dependencies: + ```yaml + - name: Deploy My Service infrastructure + ansible.builtin.import_playbook: my_service_deps.yml + vars: + edpm_service_name: myservice + ``` + +2. **Set service name in roles** when calling `edpm_container_standalone`: + ```yaml + - ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: "myservice_container" + edpm_service_name: "{{ edpm_myservice_service_name }}" + ``` + +## Advanced Configuration + +### State Append Mode + +When deploying multiple containers under the same service name in separate calls (e.g., in a loop or sequential tasks), use `edpm_container_state_append`: + +```yaml +# First container: Replace existing state +- name: Deploy first container + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_service_name: myservice + edpm_container_state_append: false # Replace + edpm_container_standalone_container_defs: + container1: {...} + +# Subsequent containers: Append to state +- name: Deploy additional containers + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_service_name: myservice + edpm_container_state_append: true # Append + edpm_container_standalone_container_defs: + container2: {...} +``` + +**Examples in the codebase:** +- `edpm_telemetry`: Loops through exporters, replace on first, append on rest +- `edpm_nova`: Deploys 3 containers sequentially, replace on first, append on rest + +### Container Labels + +All containers managed by this role include the following labels: +- `managed_by=edpm_ansible` - Identifies containers managed by EDPM Ansible +- `container_name=` +- `config_data=` (full definition) diff --git a/roles/edpm_container_standalone/defaults/main.yml b/roles/edpm_container_standalone/defaults/main.yml index ff54cd0b3..fc5c34845 100644 --- a/roles/edpm_container_standalone/defaults/main.yml +++ b/roles/edpm_container_standalone/defaults/main.yml @@ -22,9 +22,9 @@ # Service name. Use for creating directories, container labels, etc edpm_container_standalone_service: "" # Directory for kolla config files -edpm_container_standalone_kolla_config_dir: /var/lib/kolla/config_files +edpm_container_kolla_config_dir: /var/lib/kolla/config_files # Directory for container startup configs -edpm_container_standalone_container_startup_config_dir: /var/lib/edpm-config/container-startup-config +edpm_container_startup_config_dir: /var/lib/edpm-config/container-startup-config # Hash with keys of container name and value of YAML kolla config file. edpm_container_standalone_kolla_config_files: {} # Hash with keys of container name and value of YAML container definition @@ -64,3 +64,8 @@ edpm_container_standalone_volumes: "{{ }}" edpm_deploy_identifier: '' + +# State file tracking +edpm_container_track_state: true +edpm_container_state_file: /var/lib/edpm-config/deployed_services.yaml +edpm_container_state_append: false # Set true when deploying multiple containers in a loop diff --git a/roles/edpm_container_standalone/meta/argument_specs.yml b/roles/edpm_container_standalone/meta/argument_specs.yml index e55737d2c..b2a966817 100644 --- a/roles/edpm_container_standalone/meta/argument_specs.yml +++ b/roles/edpm_container_standalone/meta/argument_specs.yml @@ -20,7 +20,7 @@ argument_specs: default: {} description: Parsed container definitions. type: dict - edpm_container_standalone_container_startup_config_dir: + edpm_container_startup_config_dir: default: /var/lib/edpm-config/container-startup-config description: Path to configuration directory. type: path @@ -30,7 +30,7 @@ argument_specs: - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro description: List of TLS volumes in a mount point format. type: list - edpm_container_standalone_kolla_config_dir: + edpm_container_kolla_config_dir: default: /var/lib/kolla/config_files description: Path to Kolla configuration directory. type: path @@ -63,3 +63,26 @@ argument_specs: default: /etc/ipa/ca.crt description: Path to TLS certificate. type: path + edpm_container_track_state: + default: true + description: Enable state file tracking of deployed services + type: bool + edpm_container_state_file: + default: /var/lib/edpm-config/deployed_services.yaml + description: Path to state file tracking deployed services + type: path + edpm_container_state_append: + default: false + description: | + If true, append containers to existing service entry in state file. + If false (default), replace the entire container list for the service. + Set to true when deploying multiple containers under same service name in separate calls (e.g., looping). + type: bool + edpm_service_name: + description: | + Service name for grouping containers. + If set, containers will be registered under this service name. + Used to group multiple containers (e.g., nova, iscsid, multipathd) under one service. + If not set, defaults to edpm_container_standalone_service. + type: str + required: false diff --git a/roles/edpm_container_standalone/molecule/default/converge.yml b/roles/edpm_container_standalone/molecule/default/converge.yml index 9e485b6ab..b281db072 100644 --- a/roles/edpm_container_standalone/molecule/default/converge.yml +++ b/roles/edpm_container_standalone/molecule/default/converge.yml @@ -15,21 +15,195 @@ # under the License. -- name: Converge +- name: Deploy first service + hosts: all + gather_facts: false + pre_tasks: + - name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + + - name: Set basic user fact + ansible.builtin.set_fact: + ansible_user: "{{ ansible_user_id | default(lookup('env', 'USER')) }}" + when: + - ansible_user is undefined + vars: + edpm_container_standalone_service: test_service1 + edpm_container_standalone_container_defs: + test_service1_container: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service1_container: + command: 'sleep 3600' + roles: + - role: "osp.edpm.edpm_container_standalone" + post_tasks: + - name: Verify test_service1_container is running + command: podman container exists test_service1_container + changed_when: false + +- name: Deploy second service hosts: all gather_facts: false vars: - edpm_container_standalone_service: test + edpm_container_standalone_service: test_service2 edpm_container_standalone_container_defs: - test: + test_service2_container: image: quay.io/centos/centos:stream9 net: host privileged: true restart: always + command: sleep 3600 environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS edpm_container_standalone_kolla_config_files: - test: + test_service2_container: command: 'sleep 3600' roles: - role: "osp.edpm.edpm_container_standalone" + post_tasks: + - name: Verify test_service2_container is running + command: podman container exists test_service2_container + changed_when: false + +- name: Verify both services are in state file + hosts: all + gather_facts: false + tasks: + - name: Read deployed services state file + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file + + - name: Parse state data + ansible.builtin.set_fact: + _state_data: "{{ _state_file.content | b64decode | from_yaml }}" + + - name: Verify both services are tracked + ansible.builtin.assert: + that: + - "'test_service1' in _state_data.services" + - "'test_service2' in _state_data.services" + - "'test_service1_container' in _state_data.services.test_service1.containers" + - "'test_service2_container' in _state_data.services.test_service2.containers" + fail_msg: "Both services should be tracked in state file" + success_msg: "Both services are properly tracked" + +- name: Deploy service with multiple containers + hosts: all + gather_facts: false + vars: + edpm_container_standalone_service: test_service3 + edpm_container_standalone_container_defs: + test_service3_container_a: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + test_service3_container_b: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service3_container_a: + command: 'sleep 3600' + test_service3_container_b: + command: 'sleep 3600' + roles: + - role: osp.edpm.edpm_container_standalone + post_tasks: + - name: Verify both containers are running + command: "podman container exists {{ item }}" + changed_when: false + loop: + - test_service3_container_a + - test_service3_container_b + + - name: Read state file + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file_initial + + - name: Parse state data + ansible.builtin.set_fact: + _state_data_initial: "{{ _state_file_initial.content | b64decode | from_yaml }}" + + - name: Verify both containers are tracked + ansible.builtin.assert: + that: + - "'test_service3' in _state_data_initial.services" + - "'test_service3_container_a' in _state_data_initial.services.test_service3.containers" + - "'test_service3_container_b' in _state_data_initial.services.test_service3.containers" + fail_msg: "Both containers should be tracked in state file" + success_msg: "Both containers are properly tracked" + +- name: Update service - remove container_b and add container_c + hosts: all + gather_facts: false + vars: + edpm_container_standalone_service: test_service3 + edpm_container_standalone_container_defs: + test_service3_container_a: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + test_service3_container_c: + image: quay.io/centos/centos:stream9 + net: host + privileged: true + restart: always + command: sleep 3600 + environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + edpm_container_standalone_kolla_config_files: + test_service3_container_a: + command: 'sleep 3600' + test_service3_container_c: + command: 'sleep 3600' + roles: + - role: osp.edpm.edpm_container_standalone + post_tasks: + - name: Verify container_c was created + command: podman container exists test_service3_container_c + changed_when: false + + - name: Read state file after update + ansible.builtin.slurp: + src: /var/lib/edpm-config/deployed_services.yaml + register: _state_file_updated + + - name: Parse updated state data + ansible.builtin.set_fact: + _state_data_updated: "{{ _state_file_updated.content | b64decode | from_yaml }}" + + - name: Verify state file reflects the update + ansible.builtin.assert: + that: + - "'test_service3' in _state_data_updated.services" + - "'test_service3_container_a' in _state_data_updated.services.test_service3.containers" + - "'test_service3_container_b' not in _state_data_updated.services.test_service3.containers" + - "'test_service3_container_c' in _state_data_updated.services.test_service3.containers" + fail_msg: >- + State file should have container_a and container_c but not container_b + success_msg: "State file correctly reflects the updated service" diff --git a/roles/edpm_container_standalone/tasks/main.yml b/roles/edpm_container_standalone/tasks/main.yml index e9e986dd7..35b3b6e6a 100644 --- a/roles/edpm_container_standalone/tasks/main.yml +++ b/roles/edpm_container_standalone/tasks/main.yml @@ -17,10 +17,20 @@ # "edpm_container_standalone" will search for and load any operating system variable file -- name: "Ensure directory exists: {{ edpm_container_standalone_kolla_config_dir }}" +- name: Ensure /var/lib/edpm-config exists with correct ownership become: true ansible.builtin.file: - path: "{{ edpm_container_standalone_kolla_config_dir }}" + path: /var/lib/edpm-config + state: directory + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + recurse: true + +- name: "Ensure directory exists: {{ edpm_container_kolla_config_dir }}" + become: true + ansible.builtin.file: + path: "{{ edpm_container_kolla_config_dir }}" state: directory recurse: true setype: container_file_t @@ -29,22 +39,20 @@ become: true ansible.builtin.copy: content: "{{ item.value | to_nice_json }}" - dest: "{{ edpm_container_standalone_kolla_config_dir ~ '/' ~ item.key ~ '.json' }}" + dest: "{{ edpm_container_kolla_config_dir ~ '/' ~ item.key ~ '.json' }}" mode: "0600" loop: "{{ edpm_container_standalone_kolla_config_files | dict2items }}" -- name: "Create config file {{ edpm_container_standalone_container_startup_config_dir + '/' + edpm_container_standalone_service }}" - become: true +- name: "Create config file {{ edpm_container_startup_config_dir + '/' + edpm_container_standalone_service }}" ansible.builtin.file: - path: "{{ edpm_container_standalone_container_startup_config_dir }}/{{ edpm_container_standalone_service }}" + path: "{{ edpm_container_startup_config_dir }}/{{ edpm_container_standalone_service }}" state: directory mode: "0755" - name: "Render container definitions: [{{ edpm_container_standalone_service }} ]" - become: true ansible.builtin.copy: content: "{{ item.value | to_nice_json }}" - dest: "{{ edpm_container_standalone_container_startup_config_dir }}/{{ edpm_container_standalone_service }}/{{ item.key }}.json" + dest: "{{ edpm_container_startup_config_dir }}/{{ edpm_container_standalone_service }}/{{ item.key }}.json" mode: "0644" # NOTE(tkajinam): Some containers can contain secrets in their environments. # Hide the output to avoid dumping these to output. @@ -55,6 +63,14 @@ ansible.builtin.include_role: name: edpm_container_manage vars: - edpm_container_manage_config: "{{ edpm_container_standalone_container_startup_config_dir }}/{{ edpm_container_standalone_service }}" + edpm_container_manage_config: "{{ edpm_container_startup_config_dir }}/{{ edpm_container_standalone_service }}" edpm_container_manage_config_patterns: "*.json" edpm_container_manage_config_id: "{{ edpm_container_standalone_service }}" + edpm_container_manage_containers: "{{ edpm_container_standalone_container_defs.keys() | list }}" + +- name: Update service state file + ansible.builtin.include_tasks: state_file_update.yml + when: + - edpm_container_track_state | bool + - edpm_container_standalone_service is defined + - edpm_container_standalone_service != "" diff --git a/roles/edpm_container_standalone/tasks/state_file_update.yml b/roles/edpm_container_standalone/tasks/state_file_update.yml new file mode 100644 index 000000000..3126be48f --- /dev/null +++ b/roles/edpm_container_standalone/tasks/state_file_update.yml @@ -0,0 +1,61 @@ +--- +# Copyright 2025 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Read current state file + ansible.builtin.slurp: + src: "{{ edpm_container_state_file }}" + register: _edpm_state_file_content + failed_when: false + changed_when: false + +- name: Parse state file data + ansible.builtin.set_fact: + _edpm_state_data: >- + {{ + (_edpm_state_file_content.content | default('') | b64decode | from_yaml) | + default({'services': {}}) + }} + when: _edpm_state_file_content.content is defined + +- name: Initialize empty state data if file doesn't exist + ansible.builtin.set_fact: + _edpm_state_data: + services: {} + when: _edpm_state_file_content.content is not defined + +- name: Update service in state data + ansible.builtin.set_fact: + _edpm_state_data: >- + {{ + _edpm_state_data | combine({ + 'services': _edpm_state_data.services | combine({ + (_edpm_service_name | default(edpm_container_standalone_service)): { + 'containers': ( + _edpm_state_data.services.get(_edpm_service_name | default(edpm_container_standalone_service), {}).get('containers', []) + + edpm_container_standalone_container_defs.keys() | list + ) if edpm_container_state_append else (edpm_container_standalone_container_defs.keys() | list), + 'updated_at': lookup('pipe', 'date -Iseconds') + } + }, recursive=True) + }, recursive=True) + }} + +- name: Write updated state file + become: true + ansible.builtin.copy: + content: "{{ _edpm_state_data | to_nice_yaml }}" + dest: "{{ edpm_container_state_file }}" + mode: '0644' diff --git a/roles/edpm_derive_pci_device_spec/defaults/main.yml b/roles/edpm_derive_pci_device_spec/defaults/main.yml index c612b3125..dae11aea2 100644 --- a/roles/edpm_derive_pci_device_spec/defaults/main.yml +++ b/roles/edpm_derive_pci_device_spec/defaults/main.yml @@ -19,7 +19,7 @@ # All variables within this role should have a prefix of "edpm_derive_pci_device_spec" # Defaults for PCI derive script (nic-partitioning is enabled) -edpm_derive_pci_device_spec_conf_dir: '/var/lib/config-data/ansible-generated/derive_devicespec' +edpm_derive_pci_device_spec_conf_dir: '/var/lib/openstack/derive_devicespec' edpm_derive_sriov_device_spec_list: '' edpm_derive_pci_device_spec_conf_file: 20-sriov-device-spec.conf diff --git a/roles/edpm_frr/defaults/main.yml b/roles/edpm_frr/defaults/main.yml index d2a3ef0fd..3d983d57e 100644 --- a/roles/edpm_frr/defaults/main.yml +++ b/roles/edpm_frr/defaults/main.yml @@ -54,7 +54,7 @@ edpm_frr_bgp_peers: [] edpm_frr_bgp_asn: 64999 edpm_frr_bgp_uplinks: [] edpm_frr_bgp_uplinks_scope: internal -edpm_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr" +edpm_frr_config_basedir: "/var/lib/openstack/frr" edpm_frr_defaults: traditional edpm_frr_hostname: "{{ ansible_facts['hostname'] | default('') }}" edpm_frr_log_level: informational diff --git a/roles/edpm_frr/templates/kolla_config/frr.yaml.j2 b/roles/edpm_frr/files/kolla_config/frr.yaml similarity index 100% rename from roles/edpm_frr/templates/kolla_config/frr.yaml.j2 rename to roles/edpm_frr/files/kolla_config/frr.yaml diff --git a/roles/edpm_frr/meta/argument_specs.yml b/roles/edpm_frr/meta/argument_specs.yml index cd7863584..8de281192 100644 --- a/roles/edpm_frr/meta/argument_specs.yml +++ b/roles/edpm_frr/meta/argument_specs.yml @@ -135,7 +135,7 @@ argument_specs: description: '' type: str edpm_frr_config_basedir: - default: /var/lib/config-data/ansible-generated/frr + default: /var/lib/openstack/frr description: Path to FRR configuration directory. type: path edpm_frr_defaults: @@ -181,7 +181,7 @@ argument_specs: - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro - /var/lib/kolla/config_files/frr.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ansible-generated/frr:/var/lib/kolla/config_files/src:ro + - /var/lib/openstack/frr:/var/lib/kolla/config_files/src:ro - /run/frr:/run/frr:shared,z description: List of FRR volumes in a mountpoint form. type: list diff --git a/roles/edpm_frr/molecule/default/verify.yml b/roles/edpm_frr/molecule/default/verify.yml index 14a0ca0fe..760ecc365 100644 --- a/roles/edpm_frr/molecule/default/verify.yml +++ b/roles/edpm_frr/molecule/default/verify.yml @@ -9,9 +9,9 @@ ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - "/var/lib/edpm-config/container-startup-config/frr" - - "/var/lib/config-data/ansible-generated/frr" + - "/var/lib/openstack/frr" - "/etc/tmpfiles.d/" - - "/var/lib/config-data/ansible-generated/frr/etc/frr" + - "/var/lib/openstack/frr/etc/frr" - name: ensure that /etc/tmpfiles.d/run-frr.conf file for frr exist become: true @@ -26,31 +26,31 @@ - check_frr_file.stat.exists fail_msg: "File /etc/tmpfiles.d/run-frr.conf does not exist" - - name: ensure that /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf file exist + - name: ensure that /var/lib/openstack/frr/etc/frr/frr.conf file exist become: true block: - - name: Check if file /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf exist + - name: Check if file /var/lib/openstack/frr/etc/frr/frr.conf exist ansible.builtin.stat: - path: /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf + path: /var/lib/openstack/frr/etc/frr/frr.conf register: check_frr_conf_file - - name: Assert file /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf exist + - name: Assert file /var/lib/openstack/frr/etc/frr/frr.conf exist ansible.builtin.assert: that: - check_frr_conf_file.stat.exists - fail_msg: "File /var/lib/config-data/ansible-generated/frr/etc/frr/frr.conf does not exist" + fail_msg: "File /var/lib/openstack/frr/etc/frr/frr.conf does not exist" - - name: ensure that /var/lib/config-data/ansible-generated/frr/etc/frr/daemons file exist + - name: ensure that /var/lib/openstack/frr/etc/frr/daemons file exist become: true block: - - name: Check if file /var/lib/config-data/ansible-generated/frr/etc/frr/daemons exist + - name: Check if file /var/lib/openstack/frr/etc/frr/daemons exist ansible.builtin.stat: - path: /var/lib/config-data/ansible-generated/frr/etc/frr/daemons + path: /var/lib/openstack/frr/etc/frr/daemons register: check_frr_daemons_file - - name: Assert file /var/lib/config-data/ansible-generated/frr/etc/frr/daemons exist + - name: Assert file /var/lib/openstack/frr/etc/frr/daemons exist ansible.builtin.assert: that: - check_frr_daemons_file.stat.exists - fail_msg: "File /var/lib/config-data/ansible-generated/frr/etc/frr/daemons does not exist" + fail_msg: "File /var/lib/openstack/frr/etc/frr/daemons does not exist" - name: verify frr BGP and BFD firewall rules are applied block: diff --git a/roles/edpm_frr/tasks/configure.yml b/roles/edpm_frr/tasks/configure.yml index 0ea10ab77..cb92b149e 100644 --- a/roles/edpm_frr/tasks/configure.yml +++ b/roles/edpm_frr/tasks/configure.yml @@ -60,7 +60,7 @@ - name: Configure FRR ansible.builtin.template: - src: frr.conf.j2 + src: config/frr.conf.j2 dest: "{{ edpm_frr_config_basedir }}/etc/frr/frr.conf" mode: '0644' selevel: s0 @@ -69,7 +69,7 @@ - name: Configure FRR daemons ansible.builtin.template: - src: daemons.j2 + src: config/daemons.j2 dest: "{{ edpm_frr_config_basedir }}/etc/frr/daemons" mode: '0644' selevel: s0 diff --git a/roles/edpm_frr/tasks/run.yml b/roles/edpm_frr/tasks/run.yml index a90786358..2579fcd1e 100644 --- a/roles/edpm_frr/tasks/run.yml +++ b/roles/edpm_frr/tasks/run.yml @@ -25,6 +25,6 @@ vars: edpm_container_standalone_service: frr edpm_container_standalone_container_defs: - frr: "{{ lookup('template', 'frr.yaml.j2') | from_yaml }}" + frr: "{{ lookup('template', 'container_defs/frr.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - frr: "{{ lookup('template', 'templates/kolla_config/frr.yaml.j2') | from_yaml }}" + frr: "{{ lookup('file', 'kolla_config/frr.yaml') | from_yaml }}" diff --git a/roles/edpm_frr/tasks/update.yml b/roles/edpm_frr/tasks/update.yml new file mode 100644 index 000000000..eeb44cbfe --- /dev/null +++ b/roles/edpm_frr/tasks/update.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - frr + become: true + ansible.builtin.file: + path: "{{ edpm_frr_config_basedir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Ensure config subdirectory exists + tags: + - update + - frr + become: true + ansible.builtin.file: + path: "{{ edpm_frr_config_basedir }}/etc/frr" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - frr + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/frr" + register: edpm_frr_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - frr + become: true + when: + - edpm_frr_old_config_dir.stat.exists + - edpm_frr_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/frr" + file_type: file + recurse: true + register: edpm_frr_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_frr_config_basedir }}/{{ item.path | regex_replace('^.*/frr/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_frr_old_config_files.files }}" + when: + - edpm_frr_old_config_files.files is defined + - edpm_frr_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/frr" + state: absent diff --git a/roles/edpm_frr/templates/daemons.j2 b/roles/edpm_frr/templates/config/daemons.j2 similarity index 100% rename from roles/edpm_frr/templates/daemons.j2 rename to roles/edpm_frr/templates/config/daemons.j2 diff --git a/roles/edpm_frr/templates/frr.conf.j2 b/roles/edpm_frr/templates/config/frr.conf.j2 similarity index 100% rename from roles/edpm_frr/templates/frr.conf.j2 rename to roles/edpm_frr/templates/config/frr.conf.j2 diff --git a/roles/edpm_frr/templates/frr.yaml.j2 b/roles/edpm_frr/templates/container_defs/frr.yaml.j2 similarity index 100% rename from roles/edpm_frr/templates/frr.yaml.j2 rename to roles/edpm_frr/templates/container_defs/frr.yaml.j2 diff --git a/roles/edpm_kernel/defaults/main.yml b/roles/edpm_kernel/defaults/main.yml index b33bbb65f..5cf97b6a1 100644 --- a/roles/edpm_kernel/defaults/main.yml +++ b/roles/edpm_kernel/defaults/main.yml @@ -32,7 +32,7 @@ edpm_kernel_hugepages: {} edpm_kernel_hugepages_remove: false # This should be synced with edpm_nova_compute role -edpm_nova_compute_config_dir: /var/lib/config-data/ansible-generated/nova_libvirt +edpm_nova_compute_config_dir: /var/lib/openstack/nova_libvirt # KSM control edpm_kernel_enable_ksm: false diff --git a/roles/edpm_kernel/meta/argument_specs.yml b/roles/edpm_kernel/meta/argument_specs.yml index 39969e383..c6ccf6960 100644 --- a/roles/edpm_kernel/meta/argument_specs.yml +++ b/roles/edpm_kernel/meta/argument_specs.yml @@ -26,7 +26,7 @@ argument_specs: description: Additional sysctl settings. edpm_nova_compute_config_dir: type: path - default: /var/lib/config-data/ansible-generated/nova_libvirt + default: /var/lib/openstack/nova_libvirt description: This should be synced with edpm_nova_compute role edpm_kernel_args: type: str diff --git a/roles/edpm_multipathd/tasks/run.yml b/roles/edpm_multipathd/tasks/run.yml index 4d7e7214f..4086d30c4 100644 --- a/roles/edpm_multipathd/tasks/run.yml +++ b/roles/edpm_multipathd/tasks/run.yml @@ -29,9 +29,9 @@ vars: edpm_container_standalone_service: multipathd edpm_container_standalone_container_defs: - multipathd: "{{ lookup('template', 'multipathd.yaml.j2') | from_yaml }}" + multipathd: "{{ lookup('template', 'container_defs/multipathd.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - multipathd: "{{ lookup('template', 'kolla_multipathd.yaml.j2') | from_yaml }}" + multipathd: "{{ lookup('template', 'kolla_config/kolla_multipathd.yaml.j2') | from_yaml }}" register: manage_multipathd_stat - name: Check if the multipathd container restart is required diff --git a/roles/edpm_multipathd/templates/multipathd.yaml.j2 b/roles/edpm_multipathd/templates/container_defs/multipathd.yaml.j2 similarity index 100% rename from roles/edpm_multipathd/templates/multipathd.yaml.j2 rename to roles/edpm_multipathd/templates/container_defs/multipathd.yaml.j2 diff --git a/roles/edpm_multipathd/templates/kolla_multipathd.yaml.j2 b/roles/edpm_multipathd/templates/kolla_config/kolla_multipathd.yaml.j2 similarity index 100% rename from roles/edpm_multipathd/templates/kolla_multipathd.yaml.j2 rename to roles/edpm_multipathd/templates/kolla_config/kolla_multipathd.yaml.j2 diff --git a/roles/edpm_network_config/molecule/default/converge.yml b/roles/edpm_network_config/molecule/default/converge.yml index b97840b05..76c97996a 100644 --- a/roles/edpm_network_config/molecule/default/converge.yml +++ b/roles/edpm_network_config/molecule/default/converge.yml @@ -34,5 +34,18 @@ edpm_network_config_manage_service: false edpm_network_config_hide_sensitive_logs: false edpm_network_config_nmstate: false + pre_tasks: + - name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + + - name: set basic user fact + ansible.builtin.set_fact: + ansible_user: "{{ ansible_user_id | default(lookup('env', 'USER')) }}" + when: + - ansible_user is undefined roles: - role: "osp.edpm.edpm_network_config" diff --git a/roles/edpm_network_config/molecule/nmstate/converge.yml b/roles/edpm_network_config/molecule/nmstate/converge.yml index f765a26c4..5f39159bc 100644 --- a/roles/edpm_network_config/molecule/nmstate/converge.yml +++ b/roles/edpm_network_config/molecule/nmstate/converge.yml @@ -34,5 +34,18 @@ prefix-length: 24 dhcp: false enabled: true + pre_tasks: + - name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + + - name: set basic user fact + ansible.builtin.set_fact: + ansible_user: "{{ ansible_user_id | default(lookup('env', 'USER')) }}" + when: + - ansible_user is undefined roles: - role: osp.edpm.edpm_network_config diff --git a/roles/edpm_network_config/tasks/pre_config.yml b/roles/edpm_network_config/tasks/pre_config.yml index 7bd7096c3..246db4239 100644 --- a/roles/edpm_network_config/tasks/pre_config.yml +++ b/roles/edpm_network_config/tasks/pre_config.yml @@ -56,9 +56,11 @@ ansible.builtin.file: path: /var/lib/edpm-config state: directory + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" setype: container_file_t selevel: s0 - mode: "0750" + mode: "0755" - name: Ensure we get cloud-init ansible.builtin.stat: diff --git a/roles/edpm_neutron_dhcp/defaults/main.yml b/roles/edpm_neutron_dhcp/defaults/main.yml index 573c5f428..d710352c4 100644 --- a/roles/edpm_neutron_dhcp/defaults/main.yml +++ b/roles/edpm_neutron_dhcp/defaults/main.yml @@ -28,7 +28,7 @@ edpm_neutron_dhcp_images_download_delay: "{{ edpm_download_delay | default(60) } edpm_neutron_dhcp_images_download_retries: "{{ edpm_download_retries | default(5) }}" edpm_neutron_dhcp_agent_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_dhcp_service_name }}" -edpm_neutron_dhcp_agent_config_dir: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" +edpm_neutron_dhcp_agent_config_dir: "/var/lib/openstack/neutron-dhcp-agent" edpm_neutron_dhcp_agent_lib_dir: "/var/lib/neutron" edpm_neutron_dhcp_image: "quay.io/podified-antelope-centos9/openstack-neutron-dhcp-agent:current-podified" diff --git a/roles/edpm_neutron_dhcp/templates/kolla_config/neutron_dhcp_agent.yaml.j2 b/roles/edpm_neutron_dhcp/files/kolla_config/neutron_dhcp_agent.yaml similarity index 100% rename from roles/edpm_neutron_dhcp/templates/kolla_config/neutron_dhcp_agent.yaml.j2 rename to roles/edpm_neutron_dhcp/files/kolla_config/neutron_dhcp_agent.yaml diff --git a/roles/edpm_neutron_dhcp/meta/argument_specs.yml b/roles/edpm_neutron_dhcp/meta/argument_specs.yml index 354ce3ceb..189d01326 100644 --- a/roles/edpm_neutron_dhcp/meta/argument_specs.yml +++ b/roles/edpm_neutron_dhcp/meta/argument_specs.yml @@ -19,7 +19,7 @@ argument_specs: agent configs. type: str edpm_neutron_dhcp_agent_config_dir: - default: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + default: "/var/lib/openstack/neutron-dhcp-agent" description: | The path to the directory containing Neutron DHCP agent config files. diff --git a/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py b/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py index 3920ee3ad..f1d0363c0 100644 --- a/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py +++ b/roles/edpm_neutron_dhcp/molecule/default/tests/test_neutron_dhcp.py @@ -104,8 +104,8 @@ def test_required_directories_was_created(self): "/var/lib/neutron", "/var/lib/neutron/external/pids/", "/var/lib/neutron/ns-metadata-proxy/", - "/var/lib/openstack/config/containers", - "/var/lib/config-data/ansible-generated/neutron-dhcp-agent"]: + "/var/lib/edpm-config/container-startup-config", + "/var/lib/openstack/neutron-dhcp-agent"]: assert self.host.file(directory).is_directory def test_kolla_config_file_was_created(self): @@ -114,7 +114,7 @@ def test_kolla_config_file_was_created(self): def test_neutron_dhcp_agent_conf_was_copied_into_container(self): assert self.host.file( - "/var/lib/config-data/ansible-generated/neutron-dhcp-agent/" + "/var/lib/openstack/neutron-dhcp-agent/" "10-neutron-dhcp.conf" ).exists @@ -234,6 +234,6 @@ def test_dnsmasq_sidecar_container(self): def test_service_host_is_fqdn(self): assert "edpm-0.localdomain" in self.host.run( - "cat /var/lib/config-data/ansible-generated/" + "cat /var/lib/openstack/" "neutron-dhcp-agent/01-neutron-dhcp-agent.conf" ).stdout diff --git a/roles/edpm_neutron_dhcp/tasks/configure.yml b/roles/edpm_neutron_dhcp/tasks/configure.yml index 8d3dd140a..72cdf2a5e 100644 --- a/roles/edpm_neutron_dhcp/tasks/configure.yml +++ b/roles/edpm_neutron_dhcp/tasks/configure.yml @@ -23,9 +23,9 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"} - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-dhcp-agent.conf.j2", "dest": "01-neutron-dhcp-agent.conf"} + - {"src": "config/neutron.conf.j2", "dest": "01-neutron.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-dhcp-agent.conf.j2", "dest": "01-neutron-dhcp-agent.conf"} tags: - configure - neutron diff --git a/roles/edpm_neutron_dhcp/tasks/install.yml b/roles/edpm_neutron_dhcp/tasks/install.yml index b68ce264e..2adef6eae 100644 --- a/roles/edpm_neutron_dhcp/tasks/install.yml +++ b/roles/edpm_neutron_dhcp/tasks/install.yml @@ -32,7 +32,7 @@ group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - - {'path': "/var/lib/openstack/config/containers", "mode": "0750"} + - {'path': "/var/lib/edpm-config/container-startup-config", "mode": "0750"} - {'path': "/var/lib/neutron", "mode": "0750"} - {'path': "{{ edpm_neutron_dhcp_agent_config_dir }}", "mode": "0755"} - {'path': "{{ edpm_neutron_dhcp_agent_lib_dir }}", "mode": "0755"} @@ -46,8 +46,8 @@ - name: Render neutron-dhcp-agent container become: true ansible.builtin.template: - src: "neutron_dhcp_agent.yaml.j2" - dest: "/var/lib/openstack/config/containers/neutron_dhcp_agent.yaml" + src: "container_defs/neutron_dhcp_agent.yaml.j2" + dest: "/var/lib/edpm-config/container-startup-config/neutron_dhcp_agent.yaml" setype: "container_file_t" mode: "0644" notify: diff --git a/roles/edpm_neutron_dhcp/tasks/run.yml b/roles/edpm_neutron_dhcp/tasks/run.yml index 4b3d36e16..127f83693 100644 --- a/roles/edpm_neutron_dhcp/tasks/run.yml +++ b/roles/edpm_neutron_dhcp/tasks/run.yml @@ -39,6 +39,6 @@ vars: edpm_container_standalone_service: neutron_dhcp edpm_container_standalone_container_defs: - neutron_dhcp_agent: "{{ lookup('template', 'neutron_dhcp_agent.yaml.j2') | from_yaml }}" + neutron_dhcp_agent: "{{ lookup('template', 'container_defs/neutron_dhcp_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - neutron_dhcp_agent: "{{ lookup('template', 'kolla_config/neutron_dhcp_agent.yaml.j2') | from_yaml }}" + neutron_dhcp_agent: "{{ lookup('file', 'kolla_config/neutron_dhcp_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_dhcp/tasks/update.yml b/roles/edpm_neutron_dhcp/tasks/update.yml new file mode 100644 index 000000000..7960158a3 --- /dev/null +++ b/roles/edpm_neutron_dhcp/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_dhcp + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_dhcp_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_dhcp + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + register: edpm_neutron_dhcp_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_dhcp + become: true + when: + - edpm_neutron_dhcp_old_config_dir.stat.exists + - edpm_neutron_dhcp_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + file_type: file + recurse: false + register: edpm_neutron_dhcp_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_dhcp_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_dhcp_old_config_files.files }}" + when: + - edpm_neutron_dhcp_old_config_files.files is defined + - edpm_neutron_dhcp_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-dhcp-agent" + state: absent diff --git a/roles/edpm_neutron_dhcp/templates/neutron-dhcp-agent.conf.j2 b/roles/edpm_neutron_dhcp/templates/config/neutron-dhcp-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/neutron-dhcp-agent.conf.j2 rename to roles/edpm_neutron_dhcp/templates/config/neutron-dhcp-agent.conf.j2 diff --git a/roles/edpm_neutron_dhcp/templates/neutron.conf.j2 b/roles/edpm_neutron_dhcp/templates/config/neutron.conf.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/neutron.conf.j2 rename to roles/edpm_neutron_dhcp/templates/config/neutron.conf.j2 diff --git a/roles/edpm_neutron_dhcp/templates/rootwrap.conf.j2 b/roles/edpm_neutron_dhcp/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_dhcp/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_dhcp/templates/neutron_dhcp_agent.yaml.j2 b/roles/edpm_neutron_dhcp/templates/container_defs/neutron_dhcp_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_dhcp/templates/neutron_dhcp_agent.yaml.j2 rename to roles/edpm_neutron_dhcp/templates/container_defs/neutron_dhcp_agent.yaml.j2 diff --git a/roles/edpm_neutron_metadata/defaults/main.yml b/roles/edpm_neutron_metadata/defaults/main.yml index 876c5a2c8..4b6adbcdd 100644 --- a/roles/edpm_neutron_metadata/defaults/main.yml +++ b/roles/edpm_neutron_metadata/defaults/main.yml @@ -11,7 +11,7 @@ edpm_neutron_metadata_images_download_delay: "{{ edpm_download_delay | default(6 edpm_neutron_metadata_images_download_retries: "{{ edpm_download_retries | default(5) }}" edpm_neutron_metadata_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_metadata_service_name }}" -edpm_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent +edpm_neutron_metadata_agent_config_dir: /var/lib/openstack/neutron-ovn-metadata-agent edpm_neutron_metadata_agent_lib_dir: "/var/lib/neutron" edpm_neutron_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified" diff --git a/roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/files/kolla_config/kolla_ovn_metadata_agent.yaml similarity index 100% rename from roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/files/kolla_config/kolla_ovn_metadata_agent.yaml diff --git a/roles/edpm_neutron_metadata/meta/argument_specs.yml b/roles/edpm_neutron_metadata/meta/argument_specs.yml index b40626ed5..c44f4466b 100644 --- a/roles/edpm_neutron_metadata/meta/argument_specs.yml +++ b/roles/edpm_neutron_metadata/meta/argument_specs.yml @@ -114,7 +114,7 @@ argument_specs: elements: str type: list edpm_neutron_metadata_agent_config_dir: - default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent + default: /var/lib/openstack/neutron-ovn-metadata-agent description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.' type: str edpm_neutron_metadata_agent_sidecar_debug: diff --git a/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py b/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py index 49c405c12..e93d7351e 100644 --- a/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py +++ b/roles/edpm_neutron_metadata/molecule/default/tests/test_neutron_metadata.py @@ -98,7 +98,7 @@ def _find_haproxy_process(self, network_id): def test_neutron_metadata_conf_was_copied_into_container(self): assert self.host.file( - "/var/lib/config-data/ansible-generated/" + "/var/lib/openstack/" "neutron-ovn-metadata-agent/10-neutron-metadata.conf" ).exists diff --git a/roles/edpm_neutron_metadata/tasks/configure.yml b/roles/edpm_neutron_metadata/tasks/configure.yml index c8442981d..a892a7bab 100644 --- a/roles/edpm_neutron_metadata/tasks/configure.yml +++ b/roles/edpm_neutron_metadata/tasks/configure.yml @@ -23,8 +23,8 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} - name: Discover secrets in {{ edpm_neutron_metadata_config_src }} ansible.builtin.find: diff --git a/roles/edpm_neutron_metadata/tasks/run.yml b/roles/edpm_neutron_metadata/tasks/run.yml index 565d9271d..04eb540d6 100644 --- a/roles/edpm_neutron_metadata/tasks/run.yml +++ b/roles/edpm_neutron_metadata/tasks/run.yml @@ -41,7 +41,8 @@ name: osp.edpm.edpm_container_standalone vars: edpm_container_standalone_service: ovn_metadata_agent + edpm_service_name: "{{ edpm_neutron_metadata_service_name }}" edpm_container_standalone_container_defs: - ovn_metadata_agent: "{{ lookup('template', 'ovn_metadata_agent.yaml.j2') | from_yaml }}" + ovn_metadata_agent: "{{ lookup('template', 'container_defs/ovn_metadata_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_metadata_agent: "{{ lookup('template', 'kolla_ovn_metadata_agent.yaml.j2') | from_yaml }}" + ovn_metadata_agent: "{{ lookup('file', 'kolla_config/kolla_ovn_metadata_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_metadata/tasks/update.yml b/roles/edpm_neutron_metadata/tasks/update.yml new file mode 100644 index 000000000..87a4ddc0c --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_metadata + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_metadata_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_metadata + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent" + register: edpm_neutron_metadata_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_metadata + become: true + when: + - edpm_neutron_metadata_old_config_dir.stat.exists + - edpm_neutron_metadata_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent" + file_type: file + recurse: false + register: edpm_neutron_metadata_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_metadata_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_metadata_old_config_files.files }}" + when: + - edpm_neutron_metadata_old_config_files.files is defined + - edpm_neutron_metadata_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent" + state: absent diff --git a/roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 b/roles/edpm_neutron_metadata/templates/config/neutron-ovn-metadata-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 rename to roles/edpm_neutron_metadata/templates/config/neutron-ovn-metadata-agent.conf.j2 diff --git a/roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 b/roles/edpm_neutron_metadata/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_metadata/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_metadata/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/templates/container_defs/ovn_metadata_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/templates/container_defs/ovn_metadata_agent.yaml.j2 diff --git a/roles/edpm_neutron_ovn/defaults/main.yml b/roles/edpm_neutron_ovn/defaults/main.yml index 2df8bc44e..70d17a7fb 100644 --- a/roles/edpm_neutron_ovn/defaults/main.yml +++ b/roles/edpm_neutron_ovn/defaults/main.yml @@ -11,7 +11,7 @@ edpm_neutron_ovn_images_download_delay: "{{ edpm_download_delay | default(60) }} edpm_neutron_ovn_images_download_retries: "{{ edpm_download_retries | default(5) }}" edpm_neutron_ovn_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_ovn_service_name }}" -edpm_neutron_ovn_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-agent +edpm_neutron_ovn_agent_config_dir: /var/lib/openstack/neutron-ovn-agent edpm_neutron_ovn_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-ovn-agent:current-podified" diff --git a/roles/edpm_neutron_ovn/templates/kolla_ovn_agent.yaml.j2 b/roles/edpm_neutron_ovn/files/kolla_config/kolla_ovn_agent.yaml similarity index 100% rename from roles/edpm_neutron_ovn/templates/kolla_ovn_agent.yaml.j2 rename to roles/edpm_neutron_ovn/files/kolla_config/kolla_ovn_agent.yaml diff --git a/roles/edpm_neutron_ovn/meta/argument_specs.yml b/roles/edpm_neutron_ovn/meta/argument_specs.yml index ae7d60cad..b1b701423 100644 --- a/roles/edpm_neutron_ovn/meta/argument_specs.yml +++ b/roles/edpm_neutron_ovn/meta/argument_specs.yml @@ -95,6 +95,6 @@ argument_specs: agent configs. type: str edpm_neutron_ovn_agent_config_dir: - default: /var/lib/config-data/ansible-generated/neutron-ovn-agent + default: /var/lib/openstack/neutron-ovn-agent description: 'The directory that contains configuration files for Neutron OVN Agent.' type: str diff --git a/roles/edpm_neutron_ovn/molecule/default/verify.yml b/roles/edpm_neutron_ovn/molecule/default/verify.yml index 6fbc4be3b..8404c6b69 100644 --- a/roles/edpm_neutron_ovn/molecule/default/verify.yml +++ b/roles/edpm_neutron_ovn/molecule/default/verify.yml @@ -11,7 +11,7 @@ - name: ovn-agent config file exists become: true ansible.builtin.stat: - path: "/var/lib/config-data/ansible-generated/neutron-ovn-agent/10-neutron-ovn.conf" + path: "/var/lib/openstack/neutron-ovn-agent/10-neutron-ovn.conf" register: ovn_agent_config - name: assert that the config exists @@ -26,7 +26,7 @@ - name: Slurp host specific config ansible.builtin.slurp: - src: /var/lib/config-data/ansible-generated/neutron-ovn-agent/01-neutron-ovn-agent.conf + src: /var/lib/openstack/neutron-ovn-agent/01-neutron-ovn-agent.conf register: host_specific_config - name: Assert that host is rendered into the host specific config diff --git a/roles/edpm_neutron_ovn/tasks/configure.yml b/roles/edpm_neutron_ovn/tasks/configure.yml index 0e8fda5f8..4535c098b 100644 --- a/roles/edpm_neutron_ovn/tasks/configure.yml +++ b/roles/edpm_neutron_ovn/tasks/configure.yml @@ -31,8 +31,8 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-ovn-agent.conf.j2", "dest": "01-neutron-ovn-agent.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-ovn-agent.conf.j2", "dest": "01-neutron-ovn-agent.conf"} - name: Discover secrets in {{ edpm_neutron_ovn_config_src }} ansible.builtin.find: diff --git a/roles/edpm_neutron_ovn/tasks/run.yml b/roles/edpm_neutron_ovn/tasks/run.yml index 49a82a045..3757711f0 100644 --- a/roles/edpm_neutron_ovn/tasks/run.yml +++ b/roles/edpm_neutron_ovn/tasks/run.yml @@ -38,6 +38,6 @@ vars: edpm_container_standalone_service: ovn_agent edpm_container_standalone_container_defs: - ovn_agent: "{{ lookup('template', 'ovn_agent.yaml.j2') | from_yaml }}" + ovn_agent: "{{ lookup('template', 'container_defs/ovn_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_agent: "{{ lookup('template', 'kolla_ovn_agent.yaml.j2') | from_yaml }}" + ovn_agent: "{{ lookup('file', 'kolla_config/kolla_ovn_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_ovn/tasks/update.yml b/roles/edpm_neutron_ovn/tasks/update.yml new file mode 100644 index 000000000..a9edb0f53 --- /dev/null +++ b/roles/edpm_neutron_ovn/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_ovn + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_ovn_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_ovn + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-agent" + register: edpm_neutron_ovn_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_ovn + become: true + when: + - edpm_neutron_ovn_old_config_dir.stat.exists + - edpm_neutron_ovn_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-ovn-agent" + file_type: file + recurse: false + register: edpm_neutron_ovn_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_ovn_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_ovn_old_config_files.files }}" + when: + - edpm_neutron_ovn_old_config_files.files is defined + - edpm_neutron_ovn_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-agent" + state: absent diff --git a/roles/edpm_neutron_ovn/templates/neutron-ovn-agent.conf.j2 b/roles/edpm_neutron_ovn/templates/config/neutron-ovn-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_ovn/templates/neutron-ovn-agent.conf.j2 rename to roles/edpm_neutron_ovn/templates/config/neutron-ovn-agent.conf.j2 diff --git a/roles/edpm_neutron_ovn/templates/rootwrap.conf.j2 b/roles/edpm_neutron_ovn/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_ovn/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_ovn/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_ovn/templates/ovn_agent.yaml.j2 b/roles/edpm_neutron_ovn/templates/container_defs/ovn_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_ovn/templates/ovn_agent.yaml.j2 rename to roles/edpm_neutron_ovn/templates/container_defs/ovn_agent.yaml.j2 diff --git a/roles/edpm_neutron_sriov/defaults/main.yml b/roles/edpm_neutron_sriov/defaults/main.yml index bfd768163..f34d0e6da 100644 --- a/roles/edpm_neutron_sriov/defaults/main.yml +++ b/roles/edpm_neutron_sriov/defaults/main.yml @@ -28,7 +28,7 @@ edpm_neutron_sriov_images_download_retries: "{{ edpm_download_retries | default( # All variables within this role should have a prefix of "edpm_neutron_sriov_agent" edpm_neutron_sriov_agent_config_src: "/var/lib/openstack/configs/{{ edpm_neutron_sriov_service_name }}" -edpm_neutron_sriov_agent_config_dir: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" +edpm_neutron_sriov_agent_config_dir: "/var/lib/openstack/neutron-sriov-agent" edpm_neutron_sriov_image: "quay.io/podified-antelope-centos9/openstack-neutron-sriov-agent:current-podified" edpm_neutron_sriov_common_volumes: diff --git a/roles/edpm_neutron_sriov/templates/kolla_config/neutron_sriov_agent.yaml.j2 b/roles/edpm_neutron_sriov/files/kolla_config/kolla_neutron_sriov_agent.yaml similarity index 100% rename from roles/edpm_neutron_sriov/templates/kolla_config/neutron_sriov_agent.yaml.j2 rename to roles/edpm_neutron_sriov/files/kolla_config/kolla_neutron_sriov_agent.yaml diff --git a/roles/edpm_neutron_sriov/meta/argument_specs.yml b/roles/edpm_neutron_sriov/meta/argument_specs.yml index 447311546..4169823b8 100644 --- a/roles/edpm_neutron_sriov/meta/argument_specs.yml +++ b/roles/edpm_neutron_sriov/meta/argument_specs.yml @@ -19,7 +19,7 @@ argument_specs: agent configs. type: str edpm_neutron_sriov_agent_config_dir: - default: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + default: "/var/lib/openstack/neutron-sriov-agent" description: | The path to the directory containing Neutron SRIOV NIC agent config files. diff --git a/roles/edpm_neutron_sriov/molecule/default/verify.yml b/roles/edpm_neutron_sriov/molecule/default/verify.yml index 3fa411c09..c7f972ff0 100644 --- a/roles/edpm_neutron_sriov/molecule/default/verify.yml +++ b/roles/edpm_neutron_sriov/molecule/default/verify.yml @@ -12,9 +12,9 @@ ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - "/var/lib/neutron" - - "/var/lib/openstack/config/containers" + - "/var/lib/edpm-config/container-startup-config" - "/var/lib/kolla/config_files/neutron_sriov_agent.json" - - "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + - "/var/lib/openstack/neutron-sriov-agent" - name: ensure systemd services are defined and functional ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_systemd_unit.yaml" @@ -31,7 +31,7 @@ - name: sriov config file exists become: true ansible.builtin.stat: - path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent/10-neutron-sriov.conf" + path: "/var/lib/openstack/neutron-sriov-agent/10-neutron-sriov.conf" register: sriov_config - name: assert that the config exists @@ -46,7 +46,7 @@ - name: Slurp host specific config ansible.builtin.slurp: - src: /var/lib/config-data/ansible-generated/neutron-sriov-agent/01-neutron-sriov-agent.conf + src: /var/lib/openstack/neutron-sriov-agent/01-neutron-sriov-agent.conf register: host_specific_config - name: Assert that host is rendered into the host specific config diff --git a/roles/edpm_neutron_sriov/tasks/configure.yml b/roles/edpm_neutron_sriov/tasks/configure.yml index 7e745a467..53501bf05 100644 --- a/roles/edpm_neutron_sriov/tasks/configure.yml +++ b/roles/edpm_neutron_sriov/tasks/configure.yml @@ -23,9 +23,9 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"} - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-sriov-agent.conf.j2", "dest": "01-neutron-sriov-agent.conf"} + - {"src": "config/neutron.conf.j2", "dest": "01-neutron.conf"} + - {"src": "config/rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "config/neutron-sriov-agent.conf.j2", "dest": "01-neutron-sriov-agent.conf"} tags: - configure - neutron diff --git a/roles/edpm_neutron_sriov/tasks/install.yml b/roles/edpm_neutron_sriov/tasks/install.yml index 8e3370234..290b6b683 100644 --- a/roles/edpm_neutron_sriov/tasks/install.yml +++ b/roles/edpm_neutron_sriov/tasks/install.yml @@ -32,21 +32,16 @@ group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - - {'path': "/var/lib/openstack/config/containers", "mode": "0755", "owner": "{{ ansible_user }}", "group": "{{ ansible_user }}"} - - {'path': "/var/lib/neutron", "mode": "0750"} - - {'path': "{{ edpm_neutron_sriov_agent_config_dir }}", "mode": "0755", "owner": "{{ ansible_user }}", "group": "{{ ansible_user }}"} - tags: - - install - - neutron - -- name: Render neutron-sriov-agent container - ansible.builtin.template: - src: "neutron_sriov_agent.yaml.j2" - dest: "/var/lib/openstack/config/containers/neutron_sriov_agent.yaml" - setype: "container_file_t" - mode: "0644" - notify: - - Restart neutron-sriov-agent + - path: "/var/lib/edpm-config/container-startup-config/neutron-sriov-agent" + mode: "0755" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + - path: "/var/lib/neutron" + mode: "0750" + - path: "{{ edpm_neutron_sriov_agent_config_dir }}" + mode: "0755" + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" tags: - install - neutron diff --git a/roles/edpm_neutron_sriov/tasks/run.yml b/roles/edpm_neutron_sriov/tasks/run.yml index 4b264fd16..a220c894f 100644 --- a/roles/edpm_neutron_sriov/tasks/run.yml +++ b/roles/edpm_neutron_sriov/tasks/run.yml @@ -39,6 +39,6 @@ vars: edpm_container_standalone_service: neutron_sriov_agent edpm_container_standalone_container_defs: - neutron_sriov_agent: "{{ lookup('template', 'neutron_sriov_agent.yaml.j2') | from_yaml }}" + neutron_sriov_agent: "{{ lookup('template', 'container_defs/neutron_sriov_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - neutron_sriov_agent: "{{ lookup('template', 'kolla_config/neutron_sriov_agent.yaml.j2') | from_yaml }}" + neutron_sriov_agent: "{{ lookup('file', 'files/kolla_config/kolla_neutron_sriov_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_neutron_sriov/tasks/update.yml b/roles/edpm_neutron_sriov/tasks/update.yml new file mode 100644 index 000000000..0ee43d746 --- /dev/null +++ b/roles/edpm_neutron_sriov/tasks/update.yml @@ -0,0 +1,79 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Gather user fact + ansible.builtin.setup: + gather_subset: + - "!all" + - "!min" + - "user" + when: + - ansible_user is undefined + +- name: Ensure new config directory exists + tags: + - update + - neutron_sriov + become: true + ansible.builtin.file: + path: "{{ edpm_neutron_sriov_agent_config_dir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - neutron_sriov + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + register: edpm_neutron_sriov_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - neutron_sriov + become: true + when: + - edpm_neutron_sriov_old_config_dir.stat.exists + - edpm_neutron_sriov_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + file_type: file + recurse: false + register: edpm_neutron_sriov_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_neutron_sriov_agent_config_dir }}/{{ item.path | basename }}" + remote_src: true + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0644" + loop: "{{ edpm_neutron_sriov_old_config_files.files }}" + when: + - edpm_neutron_sriov_old_config_files.files is defined + - edpm_neutron_sriov_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/neutron-sriov-agent" + state: absent diff --git a/roles/edpm_neutron_sriov/templates/neutron-sriov-agent.conf.j2 b/roles/edpm_neutron_sriov/templates/config/neutron-sriov-agent.conf.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/neutron-sriov-agent.conf.j2 rename to roles/edpm_neutron_sriov/templates/config/neutron-sriov-agent.conf.j2 diff --git a/roles/edpm_neutron_sriov/templates/neutron.conf.j2 b/roles/edpm_neutron_sriov/templates/config/neutron.conf.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/neutron.conf.j2 rename to roles/edpm_neutron_sriov/templates/config/neutron.conf.j2 diff --git a/roles/edpm_neutron_sriov/templates/rootwrap.conf.j2 b/roles/edpm_neutron_sriov/templates/config/rootwrap.conf.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/rootwrap.conf.j2 rename to roles/edpm_neutron_sriov/templates/config/rootwrap.conf.j2 diff --git a/roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2 b/roles/edpm_neutron_sriov/templates/container_defs/neutron_sriov_agent.yaml.j2 similarity index 100% rename from roles/edpm_neutron_sriov/templates/neutron_sriov_agent.yaml.j2 rename to roles/edpm_neutron_sriov/templates/container_defs/neutron_sriov_agent.yaml.j2 diff --git a/roles/edpm_nova/defaults/main.yml b/roles/edpm_nova/defaults/main.yml index 3590ab577..ee8daa7cb 100644 --- a/roles/edpm_nova/defaults/main.yml +++ b/roles/edpm_nova/defaults/main.yml @@ -28,8 +28,8 @@ edpm_nova_image_download_retries: "{{ edpm_download_retries | default(5) }}" # Note that the src dir is in the AEE container but the # dest dir is on the target host -edpm_nova_config_src: /var/lib/openstack/configs -edpm_nova_config_dest: /var/lib/openstack/config/nova +edpm_nova_config_src: /var/lib/openstack/configs/{{ edpm_nova_service_name }} +edpm_nova_config_dest: /var/lib/openstack/{{ edpm_nova_service_name }} edpm_nova_compute_image: "quay.io/podified-antelope-centos9/openstack-nova-compute:current-podified" # Libvirt TLS @@ -58,8 +58,9 @@ edpm_nova_old_tripleo_compute_sevices: edpm_nova_extra_bind_mounts: [] # NVMe cleaner config -edpm_nova_nvme_cleaner_config_dest: /var/lib/openstack/config/nova_nvme_cleaner edpm_nova_nvme_cleaner_command: "/usr/share/openstack-nova/contrib/clean-on-delete" edpm_nova_nvme_cleaner_args: "--nvme" # make cleaner optional edpm_nova_enable_nvme_cleaner: false + +edpm_nova_nvme_cleaner_config_dest: /var/lib/openstack/nova_nvme_cleaner diff --git a/roles/edpm_nova/files/kolla_config/nova_compute.yaml b/roles/edpm_nova/files/kolla_config/nova_compute.yaml new file mode 100644 index 000000000..a3062f45b --- /dev/null +++ b/roles/edpm_nova/files/kolla_config/nova_compute.yaml @@ -0,0 +1,43 @@ +command: nova-compute +config_files: + - source: /var/lib/kolla/config_files/src/nova-blank.conf + dest: /etc/nova/nova.conf + owner: nova + perm: "0600" + - source: /var/lib/kolla/config_files/src/*nova*.conf + dest: /etc/nova/nova.conf.d/ + owner: nova + perm: "0600" + - source: /var/lib/kolla/config_files/src/ceph + dest: /etc/ceph + owner: nova + perm: "0700" + optional: true + - source: /var/lib/kolla/config_files/src/ssh-privatekey + dest: /var/lib/nova/.ssh/ + owner: nova + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/ssh-config + dest: /var/lib/nova/.ssh/config + owner: nova + perm: "0600" + - source: /var/lib/kolla/config_files/src/provider*.yaml + dest: /etc/nova/provider_config/ + owner: nova + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/run-on-host + dest: /usr/sbin/iscsiadm + owner: root:root + perm: "0755" +permissions: + - path: /etc/ceph/* + owner: nova:nova + perm: "0600" + - path: /var/lib/nova/.ssh/ + owner: nova:nova + perm: "0700" + - path: /var/lib/nova/.ssh/* + owner: nova:nova + perm: "0600" diff --git a/roles/edpm_nova/templates/nova-blank.conf b/roles/edpm_nova/files/nova-blank.conf similarity index 100% rename from roles/edpm_nova/templates/nova-blank.conf rename to roles/edpm_nova/files/nova-blank.conf diff --git a/roles/edpm_nova/templates/nova_statedir_ownership.py b/roles/edpm_nova/files/nova_statedir_ownership.py similarity index 100% rename from roles/edpm_nova/templates/nova_statedir_ownership.py rename to roles/edpm_nova/files/nova_statedir_ownership.py diff --git a/roles/edpm_nova/templates/run-on-host b/roles/edpm_nova/files/run-on-host similarity index 100% rename from roles/edpm_nova/templates/run-on-host rename to roles/edpm_nova/files/run-on-host diff --git a/roles/edpm_nova/templates/ssh-config b/roles/edpm_nova/files/ssh-config similarity index 100% rename from roles/edpm_nova/templates/ssh-config rename to roles/edpm_nova/files/ssh-config diff --git a/roles/edpm_nova/meta/argument_specs.yml b/roles/edpm_nova/meta/argument_specs.yml index 1e2b8e540..8bfa43175 100644 --- a/roles/edpm_nova/meta/argument_specs.yml +++ b/roles/edpm_nova/meta/argument_specs.yml @@ -14,14 +14,14 @@ argument_specs: description: The number of retries for failed download tasks edpm_nova_config_src: type: str - default: /var/lib/openstack/config + default: /var/lib/openstack/configs/{{ edpm_nova_service_name }} description: | The path to the directory containing the nova config files in the ansibleEE container. This is the directory where all configmaps containing nova config files are mounted. edpm_nova_config_dest: type: str - default: /var/lib/openstack/config/nova + default: /var/lib/openstack/{{ edpm_nova_service_name }} description: | The path to the directory where the nova config files will be rendered on the compute node. diff --git a/roles/edpm_nova/molecule/default/prepare.yml b/roles/edpm_nova/molecule/default/prepare.yml index 2fcd7fb71..4c3fd5dfe 100644 --- a/roles/edpm_nova/molecule/default/prepare.yml +++ b/roles/edpm_nova/molecule/default/prepare.yml @@ -178,12 +178,12 @@ group: "{{ item.group | default(ansible_user) }}" mode: "{{ item.mode | default(omit) }}" loop: - - {"path": "/var/lib/openstack/config/nova", "mode": "0755"} + - {"path": "/var/lib/openstack/nova", "mode": "0755"} - name: Create a test file to be deleted become: true ansible.builtin.file: - path: '/var/lib/openstack/config/nova/test.conf' + path: '/var/lib/openstack/nova/test.conf' state: touch mode: 0644 diff --git a/roles/edpm_nova/molecule/default/verify.yml b/roles/edpm_nova/molecule/default/verify.yml index 9dc7d9b6f..ed013a96b 100644 --- a/roles/edpm_nova/molecule/default/verify.yml +++ b/roles/edpm_nova/molecule/default/verify.yml @@ -7,7 +7,7 @@ vars: test_helper_dir: "../../../../molecule/test-helpers" edpm_nova_tls_ca_src_dir: /tmp/pki - edpm_nova_config_dest: /var/lib/openstack/config/nova + edpm_nova_config_dest: /var/lib/openstack/nova tasks: - name: ensure expected directories exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" @@ -15,13 +15,12 @@ # common directories - "/etc/tmpfiles.d/" - "/var/lib/openstack" - - "/var/lib/openstack/config/containers" - "/etc/ssh/ssh_known_hosts" # extrenal deps - "/var/lib/openstack/config/ceph" # nova directories - "/var/lib/nova" - - "/var/lib/openstack/config/nova" + - "{{ edpm_nova_config_dest }}" - "/var/lib/_nova_secontext" - "/var/lib/nova/instances" # NOTE(sean-k-mooney): this directory is normaly created by the edpm_install_cert role @@ -39,10 +38,14 @@ - name: ensure nova config mounts are present for both nova_compute and nova_nvme_cleaner containers ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_mounts.yaml" loop: - - { "name": "nova_compute", "src": "{{ edpm_nova_config_dest }}", - "dest": "/var/lib/kolla/config_files", "options": "ro" } - - { "name": "nova_nvme_cleaner", "src": "{{ edpm_nova_config_dest }}", - "dest": "/var/lib/kolla/config_files/nova_shared", "options": "ro" } + - name: "nova_compute" + src: "{{ edpm_nova_config_dest }}" + dest: "/var/lib/kolla/config_files/src" + options: "ro" + - name: "nova_nvme_cleaner" + src: "{{ edpm_nova_config_dest }}" + dest: "/var/lib/kolla/config_files/src/nova_shared" + options: "ro" - name: ensure nvme cleaner container has /dev mounted ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_mounts.yaml" @@ -68,7 +71,7 @@ - name: read nvme cleaner kolla config become: true ansible.builtin.slurp: - src: /var/lib/openstack/config/nova_nvme_cleaner/config.json + src: /var/lib/kolla/config_files/nova_nvme_cleaner.json register: cleaner_kolla_cfg - name: parse nvme cleaner kolla config @@ -99,17 +102,17 @@ ansible.builtin.shell: | podman logs nova_compute 2>&1 | grep "{{item}}" > /dev/null loop: - - "Copying /var/lib/kolla/config_files/nova-blank.conf to /etc/nova/nova.conf" - - "Copying /var/lib/kolla/config_files/01-nova.conf to /etc/nova/nova.conf.d/01-nova.conf" - - "Copying /var/lib/kolla/config_files/ssh-config to /var/lib/nova/.ssh/config" - - "Copying /var/lib/kolla/config_files/ssh-privatekey to /var/lib/nova/.ssh/ssh-privatekey" - - "Copying /var/lib/kolla/config_files/02-nova-host-specific.conf to /etc/nova/nova.conf.d/02-nova-host-specific.conf" - - "Copying /var/lib/kolla/config_files/provider1.yaml to /etc/nova/provider_config/provider1.yaml" - - "Copying /var/lib/kolla/config_files/run-on-host to /usr/sbin/iscsiadm" + - "Copying /var/lib/kolla/config_files/src/nova-blank.conf to /etc/nova/nova.conf" + - "Copying /var/lib/kolla/config_files/src/01-nova.conf to /etc/nova/nova.conf.d/01-nova.conf" + - "Copying /var/lib/kolla/config_files/src/ssh-config to /var/lib/nova/.ssh/config" + - "Copying /var/lib/kolla/config_files/src/ssh-privatekey to /var/lib/nova/.ssh/ssh-privatekey" + - "Copying /var/lib/kolla/config_files/src/02-nova-host-specific.conf to /etc/nova/nova.conf.d/02-nova-host-specific.conf" + - "Copying /var/lib/kolla/config_files/src/provider1.yaml to /etc/nova/provider_config/provider1.yaml" + - "Copying /var/lib/kolla/config_files/src/run-on-host to /usr/sbin/iscsiadm" - name: slurp host specific config ansible.builtin.slurp: - src: /var/lib/openstack/config/nova/02-nova-host-specific.conf + src: "{{ edpm_nova_config_dest }}/02-nova-host-specific.conf" register: host_specific_config - name: Assert that my_ip is rendered into the host specific config @@ -180,10 +183,10 @@ - name: Check if after sync old file is removed ansible.builtin.stat: - path: '/var/lib/openstack/config/nova/test.conf' + path: '/var/lib/openstack/nova/test.conf' register: nova_host_specific_conf - - name: Assert that /var/lib/openstack/config/nova/test.conf file does not exist + - name: Assert that /var/lib/openstack/nova/test.conf file does not exist ansible.builtin.assert: that: - "not nova_host_specific_conf.stat.exists" diff --git a/roles/edpm_nova/tasks/configure.yml b/roles/edpm_nova/tasks/configure.yml index 2d132b368..2fed87c4d 100644 --- a/roles/edpm_nova/tasks/configure.yml +++ b/roles/edpm_nova/tasks/configure.yml @@ -86,9 +86,7 @@ mode: "{{ item.mode | default(omit) }}" loop: - {"path": "{{ edpm_nova_config_dest }}", "mode": "0755"} - - {"path": "/var/lib/openstack/config/containers", "mode": "0755"} - {"path": "{{ edpm_nova_nvme_cleaner_config_dest }}", "mode": "0755"} - - name: Create persistent directories tags: - configure @@ -165,9 +163,8 @@ setype: "container_file_t" mode: "0644" loop: - - {"src": "config.json.j2", "dest": "config.json"} - - {"src": "nova-blank.conf", "dest": "nova-blank.conf"} - - {"src": "ssh-config", "dest": "ssh-config"} + - {"src": "files/nova-blank.conf", "dest": "nova-blank.conf"} + - {"src": "files/ssh-config", "dest": "ssh-config"} # NOTE(gibi): This is unfortunate as we would like to avoid config # generation in ansible. This config is only needed to specify the IP # address of the node nova-compute should use. Right now this is hardcoded @@ -179,27 +176,13 @@ # remove this host specific configuration in the future (not earlier than # openstack Caracal) # https://blueprints.launchpad.net/nova/+spec/libvirt-migrate-with-hostname-instead-of-ip - - {"src": "02-nova-host-specific.conf.j2", "dest": "02-nova-host-specific.conf"} - - {"src": "nova_statedir_ownership.py", "dest": "nova_statedir_ownership.py"} - - {"src": "run-on-host", "dest": "run-on-host"} + - {"src": "config/02-nova-host-specific.conf.j2", "dest": "02-nova-host-specific.conf"} + - {"src": "files/nova_statedir_ownership.py", "dest": "nova_statedir_ownership.py"} + - {"src": "files/run-on-host", "dest": "run-on-host"} notify: - Restart nova init - Restart nova - -- name: Render nvme cleaner config files - when: edpm_nova_enable_nvme_cleaner - tags: - - configure - - nova - ansible.builtin.template: - src: "nova_nvme_cleaner_config.json.j2" - dest: "{{ edpm_nova_nvme_cleaner_config_dest }}/config.json" - setype: "container_file_t" - mode: "0644" - notify: - - Restart nova - - name: Create .ssh directory for the nova user on the host become: true ansible.builtin.file: diff --git a/roles/edpm_nova/tasks/install.yml b/roles/edpm_nova/tasks/install.yml index c30ba7d42..ae675deeb 100644 --- a/roles/edpm_nova/tasks/install.yml +++ b/roles/edpm_nova/tasks/install.yml @@ -5,70 +5,35 @@ path: "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -- name: Render nova container - tags: - - install - - nova - ansible.builtin.template: - src: "nova_compute.json.j2" - dest: "/var/lib/openstack/config/containers/nova_compute.json" - setype: "container_file_t" - mode: "0644" - vars: - ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - notify: - - Restart nova - -- name: Render nova init container - tags: - - install - - nova - ansible.builtin.template: - src: "nova_compute_init.json.j2" - dest: "/var/lib/openstack/config/containers/nova_compute_init.json" - setype: "container_file_t" - mode: "0700" - notify: - - Restart nova init - - name: Deploy nova init container tags: - install - nova ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: '/var/lib/openstack/config/containers' - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: 'nova_compute_init.json' - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "nova_compute_init" + edpm_service_name: "{{ edpm_nova_service_name }}" + edpm_container_state_append: false # First container - replace existing state + edpm_container_standalone_container_defs: + nova_compute_init: "{{ lookup('template', 'container_defs/nova_compute_init.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" -- name: Deploy nova container +- name: Deploy nova compute container tags: - install - nova ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage - vars: - edpm_container_manage_config: '/var/lib/openstack/config/containers' - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: 'nova_compute.json' - edpm_container_manage_clean_orphans: false - -- name: Render nvme cleaner container - when: edpm_nova_enable_nvme_cleaner - tags: - - install - - nova - ansible.builtin.template: - src: "nova_nvme_cleaner.json.j2" - dest: "/var/lib/openstack/config/containers/nova_nvme_cleaner.json" - setype: "container_file_t" - mode: "0644" + name: osp.edpm.edpm_container_standalone vars: + edpm_container_standalone_service: "nova_compute" + edpm_service_name: "{{ edpm_nova_service_name }}" + edpm_container_state_append: true # Append to nova service + edpm_container_standalone_container_defs: + nova_compute: "{{ lookup('template', 'container_defs/nova_compute.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + nova_compute: "{{ lookup('file', 'files/kolla_config/nova_compute.yaml') | from_yaml }}" ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - notify: - - Restart nova - name: Deploy nvme cleaner container when: edpm_nova_enable_nvme_cleaner @@ -76,12 +41,16 @@ - install - nova ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: '/var/lib/openstack/config/containers' - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: 'nova_nvme_cleaner.json' - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "nova_nvme_cleaner" + edpm_service_name: "{{ edpm_nova_service_name }}" + edpm_container_state_append: true # Append to nova service + edpm_container_standalone_container_defs: + nova_nvme_cleaner: "{{ lookup('template', 'container_defs/nova_nvme_cleaner.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + nova_nvme_cleaner: "{{ lookup('template', 'kolla_config/nova_nvme_cleaner.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - name: Remove nvme cleaner when disabled when: not edpm_nova_enable_nvme_cleaner diff --git a/roles/edpm_nova/tasks/update.yml b/roles/edpm_nova/tasks/update.yml index 4cd11f988..408e21f58 100644 --- a/roles/edpm_nova/tasks/update.yml +++ b/roles/edpm_nova/tasks/update.yml @@ -1,15 +1,124 @@ --- -- name: Render newly introduced nova config files +- name: Ensure new config directory exists tags: - update - nova - ansible.builtin.template: + become: true + ansible.builtin.file: + path: "{{ edpm_nova_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - nova + ansible.builtin.stat: + path: "/var/lib/openstack/config/nova" + register: edpm_nova_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - nova + become: true + when: + - edpm_nova_old_config_dir.stat.exists + - edpm_nova_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/nova" + file_type: file + recurse: true + register: edpm_nova_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_nova_config_dest }}/{{ item.path | regex_replace('^.*/config/nova/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_nova_old_config_files.files }}" + when: + - edpm_nova_old_config_files.files is defined + - edpm_nova_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/nova" + state: absent + +- name: Ensure nvme_cleaner config directory exists + tags: + - update + - nova + become: true + ansible.builtin.file: + path: "{{ edpm_nova_nvme_cleaner_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old nvme_cleaner config directory exists + tags: + - update + - nova + ansible.builtin.stat: + path: "/var/lib/openstack/config/nova_nvme_cleaner" + register: edpm_nova_old_nvme_cleaner_config_dir + +- name: Move nvme_cleaner config files from old location to new location + tags: + - update + - nova + become: true + when: + - edpm_nova_old_nvme_cleaner_config_dir.stat.exists + - edpm_nova_old_nvme_cleaner_config_dir.stat.isdir + block: + - name: Find nvme_cleaner config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/nova_nvme_cleaner" + file_type: file + recurse: true + register: edpm_nova_old_nvme_cleaner_config_files + + - name: Copy nvme_cleaner config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_nova_nvme_cleaner_config_dest }}/{{ item.path | regex_replace('^.*/config/nova_nvme_cleaner/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_nova_old_nvme_cleaner_config_files.files }}" + when: + - edpm_nova_old_nvme_cleaner_config_files.files is defined + - edpm_nova_old_nvme_cleaner_config_files.files | length > 0 + + - name: Remove old nvme_cleaner config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/nova_nvme_cleaner" + state: absent + +- name: Copy newly introduced nova config files + tags: + - update + - nova + ansible.builtin.copy: src: "{{ item.src }}" dest: "{{ edpm_nova_config_dest }}/{{ item.dest }}" setype: "container_file_t" mode: "0644" loop: - {"src": "nova_statedir_ownership.py", "dest": "nova_statedir_ownership.py"} + - {"src": "run-on-host", "dest": "run-on-host"} - name: Run LVM bootstrap tasks tags: diff --git a/roles/edpm_nova/templates/config.json.j2 b/roles/edpm_nova/templates/config.json.j2 deleted file mode 100644 index 657f469e2..000000000 --- a/roles/edpm_nova/templates/config.json.j2 +++ /dev/null @@ -1,67 +0,0 @@ -{ - "command": "nova-compute", - "config_files": [ - { - "source": "/var/lib/kolla/config_files/nova-blank.conf", - "dest": "/etc/nova/nova.conf", - "owner": "nova", - "perm": "0600" - }, - { - "source": "/var/lib/kolla/config_files/*nova*.conf", - "dest": "/etc/nova/nova.conf.d/", - "owner": "nova", - "perm": "0600" - }, - { - "source": "/var/lib/kolla/config_files/ceph", - "dest": "/etc/ceph", - "owner": "nova", - "perm": "0700", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/ssh-privatekey", - "dest": "/var/lib/nova/.ssh/", - "owner": "nova", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/ssh-config", - "dest": "/var/lib/nova/.ssh/config", - "owner": "nova", - "perm": "0600" - }, - { - "source": "/var/lib/kolla/config_files/provider*.yaml", - "dest": "/etc/nova/provider_config/", - "owner": "nova", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/run-on-host", - "dest": "/usr/sbin/iscsiadm", - "owner": "root:root", - "perm": "0755" - } - ], - "permissions": [ - { - "path": "/etc/ceph/*", - "owner": "nova:nova", - "perm:": "0600" - }, - { - "path": "/var/lib/nova/.ssh/", - "owner": "nova:nova", - "perm:": "0700" - }, - { - "path": "/var/lib/nova/.ssh/*", - "owner": "nova:nova", - "perm:": "0600" - } - ] -} diff --git a/roles/edpm_nova/templates/02-nova-host-specific.conf.j2 b/roles/edpm_nova/templates/config/02-nova-host-specific.conf.j2 similarity index 100% rename from roles/edpm_nova/templates/02-nova-host-specific.conf.j2 rename to roles/edpm_nova/templates/config/02-nova-host-specific.conf.j2 diff --git a/roles/edpm_nova/templates/container_defs/nova_compute.yaml.j2 b/roles/edpm_nova/templates/container_defs/nova_compute.yaml.j2 new file mode 100644 index 000000000..4f88d0252 --- /dev/null +++ b/roles/edpm_nova/templates/container_defs/nova_compute.yaml.j2 @@ -0,0 +1,31 @@ +image: "{{ edpm_nova_compute_image }}" +privileged: true +user: nova +restart: always +command: kolla_start +net: host +pid: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS +volumes: + - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro + - "{{ edpm_nova_config_dest }}:/var/lib/kolla/config_files/src:ro" +{% if ca_bundle_exists|bool %} + - "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /dev:/dev + - /var/lib/libvirt:/var/lib/libvirt + - /run/libvirt:/run/libvirt:shared + - /var/lib/nova:/var/lib/nova:shared + - /var/lib/iscsi:/var/lib/iscsi + - /etc/multipath:/etc/multipath:z + - /etc/multipath.conf:/etc/multipath.conf:ro + - /etc/iscsi:/etc/iscsi:ro + - /etc/nvme:/etc/nvme + - /var/lib/openstack/config/ceph:/var/lib/kolla/config_files/src/ceph:ro + - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro +{% for bind_mount in edpm_nova_extra_bind_mounts %} + - "{{ bind_mount.src }}:{{ bind_mount.dest }}:{{ bind_mount.options | default('ro') }}" +{% endfor %} diff --git a/roles/edpm_nova/templates/container_defs/nova_compute_init.yaml.j2 b/roles/edpm_nova/templates/container_defs/nova_compute_init.yaml.j2 new file mode 100644 index 000000000..0423711b7 --- /dev/null +++ b/roles/edpm_nova/templates/container_defs/nova_compute_init.yaml.j2 @@ -0,0 +1,17 @@ +image: "{{ edpm_nova_compute_image }}" +privileged: false +user: root +restart: never +command: "bash -c $* -- eval python3 /sbin/nova_statedir_ownership.py | logger -t nova_compute_init" +net: none +security_opt: + - label=disable +detach: false +environment: + NOVA_STATEDIR_OWNERSHIP_SKIP: /var/lib/nova/compute_id + __OS_DEBUG: false +volumes: + - /dev/log:/dev/log + - /var/lib/nova:/var/lib/nova:shared + - /var/lib/_nova_secontext:/var/lib/_nova_secontext:shared,z + - "{{ edpm_nova_config_dest }}/nova_statedir_ownership.py:/sbin/nova_statedir_ownership.py:z" diff --git a/roles/edpm_nova/templates/container_defs/nova_nvme_cleaner.yaml.j2 b/roles/edpm_nova/templates/container_defs/nova_nvme_cleaner.yaml.j2 new file mode 100644 index 000000000..4ca339a93 --- /dev/null +++ b/roles/edpm_nova/templates/container_defs/nova_nvme_cleaner.yaml.j2 @@ -0,0 +1,16 @@ +image: "{{ edpm_nova_compute_image }}" +privileged: true +user: root +restart: always +command: kolla_start +net: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS +volumes: +{% if ca_bundle_exists|bool %} + - /var/lib/kolla/config_files/nova_nvme_cleaner.json:/var/lib/kolla/config_files/config.json:ro + - "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} + - "{{ edpm_nova_config_dest }}:/var/lib/kolla/config_files/src/nova_shared:ro" + - /dev:/dev + - /etc/nvme:/etc/nvme diff --git a/roles/edpm_nova/templates/kolla_config/nova_nvme_cleaner.yaml.j2 b/roles/edpm_nova/templates/kolla_config/nova_nvme_cleaner.yaml.j2 new file mode 100644 index 000000000..6e8bdf6f4 --- /dev/null +++ b/roles/edpm_nova/templates/kolla_config/nova_nvme_cleaner.yaml.j2 @@ -0,0 +1,12 @@ +command: "{{ edpm_nova_nvme_cleaner_command }} {{ edpm_nova_nvme_cleaner_args }}" +config_files: + - source: /var/lib/kolla/config_files/src/nova_shared/nova-blank.conf + dest: /etc/nova/nova.conf + owner: nova + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/nova_shared/*nova*.conf + dest: /etc/nova/nova.conf.d/ + owner: nova + perm: "0600" + optional: true diff --git a/roles/edpm_nova/templates/nova_compute_init.json.j2 b/roles/edpm_nova/templates/nova_compute_init.json.j2 deleted file mode 100644 index 2b81e6bf2..000000000 --- a/roles/edpm_nova/templates/nova_compute_init.json.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{ - "image": "{{ edpm_nova_compute_image }}", - "privileged": false, - "user": "root", - "restart": "never", - "command": "bash -c $* -- eval python3 /sbin/nova_statedir_ownership.py | logger -t nova_compute_init", - "net": "none", - "security_opt": ["label=disable"], - "detach": false, - "environment": { - "NOVA_STATEDIR_OWNERSHIP_SKIP": "/var/lib/nova/compute_id", - "__OS_DEBUG": false - }, - "volumes": [ - "/dev/log:/dev/log", - "/var/lib/nova:/var/lib/nova:shared", - "/var/lib/_nova_secontext:/var/lib/_nova_secontext:shared,z", - "/var/lib/openstack/config/nova/nova_statedir_ownership.py:/sbin/nova_statedir_ownership.py:z" - ] -} diff --git a/roles/edpm_nova/templates/nova_nvme_cleaner.json.j2 b/roles/edpm_nova/templates/nova_nvme_cleaner.json.j2 deleted file mode 100644 index 48881c980..000000000 --- a/roles/edpm_nova/templates/nova_nvme_cleaner.json.j2 +++ /dev/null @@ -1,20 +0,0 @@ -{ - "image": "{{ edpm_nova_compute_image }}", - "privileged": true, - "user": "root", - "restart": "always", - "command": "kolla_start", - "net": "host", - "environment": { - "KOLLA_CONFIG_STRATEGY":"COPY_ALWAYS" - }, - "volumes": [ - "{{ edpm_nova_nvme_cleaner_config_dest }}:/var/lib/kolla/config_files:ro", -{% if ca_bundle_exists|bool %} - "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% endif %} - "{{ edpm_nova_config_dest }}:/var/lib/kolla/config_files/nova_shared:ro", - "/dev:/dev", - "/etc/nvme:/etc/nvme" - ] -} diff --git a/roles/edpm_nova/templates/nova_nvme_cleaner_config.json.j2 b/roles/edpm_nova/templates/nova_nvme_cleaner_config.json.j2 deleted file mode 100644 index 6c8e92f85..000000000 --- a/roles/edpm_nova/templates/nova_nvme_cleaner_config.json.j2 +++ /dev/null @@ -1,19 +0,0 @@ -{ - "command": "{{ edpm_nova_nvme_cleaner_command }} {{ edpm_nova_nvme_cleaner_args }}", - "config_files": [ - { - "source": "/var/lib/kolla/config_files/nova_shared/nova-blank.conf", - "dest": "/etc/nova/nova.conf", - "owner": "nova", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/kolla/config_files/nova_shared/*nova*.conf", - "dest": "/etc/nova/nova.conf.d/", - "owner": "nova", - "perm": "0600", - "optional": true - } - ] -} diff --git a/roles/edpm_ovn/tasks/run.yml b/roles/edpm_ovn/tasks/run.yml index 7fec6937f..f99e82d40 100644 --- a/roles/edpm_ovn/tasks/run.yml +++ b/roles/edpm_ovn/tasks/run.yml @@ -41,7 +41,8 @@ name: osp.edpm.edpm_container_standalone vars: edpm_container_standalone_service: ovn_controller + edpm_service_name: "{{ edpm_ovn_service_name }}" edpm_container_standalone_container_defs: - ovn_controller: "{{ lookup('template', 'ovn_controller.yaml.j2') | from_yaml }}" + ovn_controller: "{{ lookup('template', 'container_defs/ovn_controller.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_controller: "{{ lookup('template', 'kolla_ovn_controller.yaml.j2') | from_yaml }}" + ovn_controller: "{{ lookup('template', 'kolla_config/kolla_ovn_controller.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_ovn/templates/ovn_controller.yaml.j2 b/roles/edpm_ovn/templates/container_defs/ovn_controller.yaml.j2 similarity index 100% rename from roles/edpm_ovn/templates/ovn_controller.yaml.j2 rename to roles/edpm_ovn/templates/container_defs/ovn_controller.yaml.j2 diff --git a/roles/edpm_ovn/templates/kolla_ovn_controller.yaml.j2 b/roles/edpm_ovn/templates/kolla_config/kolla_ovn_controller.yaml.j2 similarity index 100% rename from roles/edpm_ovn/templates/kolla_ovn_controller.yaml.j2 rename to roles/edpm_ovn/templates/kolla_config/kolla_ovn_controller.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/defaults/main.yml b/roles/edpm_ovn_bgp_agent/defaults/main.yml index 8f784b882..467080f59 100644 --- a/roles/edpm_ovn_bgp_agent/defaults/main.yml +++ b/roles/edpm_ovn_bgp_agent/defaults/main.yml @@ -31,7 +31,7 @@ edpm_ovn_bgp_agent_private_key: /etc/pki/tls/private/ovndb.key edpm_ovn_bgp_agent_certificate: /etc/pki/tls/certs/ovndb.crt edpm_ovn_bgp_agent_ca_cert: /etc/pki/tls/certs/ovndbca.crt edpm_ovn_bgp_agent_internal_tls_enable: "{{ edpm_tls_certs_enabled | default(False) }}" -edpm_ovn_bgp_agent_config_basedir: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" +edpm_ovn_bgp_agent_config_basedir: "/var/lib/openstack/ovn-bgp-agent" edpm_ovn_bgp_agent_config_src: "/var/lib/openstack/configs/{{ edpm_ovn_bgp_agent_service_name }}" edpm_ovn_bgp_agent_bgp_as: 64999 edpm_ovn_bgp_agent_clear_vrf_routes_on_startup: false diff --git a/roles/edpm_ovn_bgp_agent/templates/kolla_config/ovn_bgp_agent.yaml.j2 b/roles/edpm_ovn_bgp_agent/files/kolla_config/ovn_bgp_agent.yaml similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/kolla_config/ovn_bgp_agent.yaml.j2 rename to roles/edpm_ovn_bgp_agent/files/kolla_config/ovn_bgp_agent.yaml diff --git a/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml b/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml index df3dcfa19..0fa63ff84 100644 --- a/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml +++ b/roles/edpm_ovn_bgp_agent/meta/argument_specs.yml @@ -47,7 +47,7 @@ argument_specs: edpm_ovn_bgp_agent_config_basedir: description: Location of BGP agent configuration base directory. type: path - default: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + default: "/var/lib/openstack/ovn-bgp-agent" edpm_ovn_bgp_agent_bgp_as: description: BGP Autonomous System number type: int @@ -134,7 +134,7 @@ argument_specs: - /dev/log:/dev/log - /etc/iproute2:/etc/iproute2 - /var/lib/kolla/config_files/ovn_bgp_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ansible-generated/ovn-bgp-agent:/var/lib/kolla/config_files/src:ro + - /var/lib/openstack/ovn-bgp-agent:/var/lib/kolla/config_files/src:ro - /run/frr:/run/frr:shared,z - /run/openvswitch:/run/openvswitch:shared,z diff --git a/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml b/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml index a5fb4feb2..5e9884638 100644 --- a/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml +++ b/roles/edpm_ovn_bgp_agent/molecule/default/verify.yml @@ -8,7 +8,7 @@ - name: ensure expected directories exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - - "/var/lib/config-data/ansible-generated/ovn-bgp-agent/etc/ovn-bgp-agent/bgp-agent.conf" + - "/var/lib/openstack/ovn-bgp-agent/etc/ovn-bgp-agent/bgp-agent.conf" - "/var/lib/edpm-config/container-startup-config/ovn_bgp_agent" - name: ensure podman container exists and are running diff --git a/roles/edpm_ovn_bgp_agent/tasks/configure.yml b/roles/edpm_ovn_bgp_agent/tasks/configure.yml index b4e241943..262930e22 100644 --- a/roles/edpm_ovn_bgp_agent/tasks/configure.yml +++ b/roles/edpm_ovn_bgp_agent/tasks/configure.yml @@ -23,7 +23,7 @@ block: - name: Render OVN BGP agent config files ansible.builtin.template: - src: ovn-bgp-agent.conf.j2 + src: config/ovn-bgp-agent.conf.j2 dest: "{{ edpm_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent/bgp-agent.conf" mode: "0644" selevel: s0 diff --git a/roles/edpm_ovn_bgp_agent/tasks/run.yml b/roles/edpm_ovn_bgp_agent/tasks/run.yml index be7378975..bee00e574 100644 --- a/roles/edpm_ovn_bgp_agent/tasks/run.yml +++ b/roles/edpm_ovn_bgp_agent/tasks/run.yml @@ -38,6 +38,6 @@ vars: edpm_container_standalone_service: ovn_bgp_agent edpm_container_standalone_container_defs: - ovn_bgp_agent: "{{ lookup('template', 'ovn_bgp_agent.yaml.j2') | from_yaml }}" + ovn_bgp_agent: "{{ lookup('template', 'container_defs/ovn_bgp_agent.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - ovn_bgp_agent: "{{ lookup('template', 'templates/kolla_config/ovn_bgp_agent.yaml.j2') | from_yaml }}" + ovn_bgp_agent: "{{ lookup('file', 'kolla_config/ovn_bgp_agent.yaml') | from_yaml }}" diff --git a/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml b/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml index deb18e4f3..6e5000d5c 100644 --- a/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml +++ b/roles/edpm_ovn_bgp_agent/tasks/run_ovn.yml @@ -38,9 +38,9 @@ vars: edpm_container_standalone_service: nb_db_server edpm_container_standalone_container_defs: - nb_db_server: "{{ lookup('template', 'nb_db_server.yaml.j2') | from_yaml }}" + nb_db_server: "{{ lookup('template', 'container_defs/nb_db_server.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - nb_db_server: "{{ lookup('template', 'templates/kolla_config/nb_db_server.yaml.j2') | from_yaml }}" + nb_db_server: "{{ lookup('template', 'kolla_config/nb_db_server.yaml.j2') | from_yaml }}" - name: Run SB DB container ansible.builtin.include_role: @@ -48,9 +48,9 @@ vars: edpm_container_standalone_service: sb_db_server edpm_container_standalone_container_defs: - sb_db_server: "{{ lookup('template', 'sb_db_server.yaml.j2') | from_yaml }}" + sb_db_server: "{{ lookup('template', 'container_defs/sb_db_server.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - sb_db_server: "{{ lookup('template', 'templates/kolla_config/sb_db_server.yaml.j2') | from_yaml }}" + sb_db_server: "{{ lookup('template', 'kolla_config/sb_db_server.yaml.j2') | from_yaml }}" - name: Run northd container ansible.builtin.include_role: @@ -58,9 +58,9 @@ vars: edpm_container_standalone_service: northd edpm_container_standalone_container_defs: - northd: "{{ lookup('template', 'northd.yaml.j2') | from_yaml }}" + northd: "{{ lookup('template', 'container_defs/northd.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - northd: "{{ lookup('template', 'templates/kolla_config/northd.yaml.j2') | from_yaml }}" + northd: "{{ lookup('template', 'kolla_config/northd.yaml.j2') | from_yaml }}" - name: Run ovn_controller container ansible.builtin.include_role: @@ -68,6 +68,6 @@ vars: edpm_container_standalone_service: bgp_ovn_controller edpm_container_standalone_container_defs: - bgp_ovn_controller: "{{ lookup('template', 'bgp_ovn_controller.yaml.j2') | from_yaml }}" + bgp_ovn_controller: "{{ lookup('template', 'container_defs/bgp_ovn_controller.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - bgp_ovn_controller: "{{ lookup('template', 'templates/kolla_config/bgp_ovn_controller.yaml.j2') | from_yaml }}" + bgp_ovn_controller: "{{ lookup('template', 'kolla_config/bgp_ovn_controller.yaml.j2') | from_yaml }}" diff --git a/roles/edpm_ovn_bgp_agent/tasks/update.yml b/roles/edpm_ovn_bgp_agent/tasks/update.yml new file mode 100644 index 000000000..3bc3621ef --- /dev/null +++ b/roles/edpm_ovn_bgp_agent/tasks/update.yml @@ -0,0 +1,81 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - ovn_bgp_agent + become: true + ansible.builtin.file: + path: "{{ edpm_ovn_bgp_agent_config_basedir }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Ensure config subdirectory exists + tags: + - update + - ovn_bgp_agent + become: true + ansible.builtin.file: + path: "{{ edpm_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - ovn_bgp_agent + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + register: edpm_ovn_bgp_agent_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - ovn_bgp_agent + become: true + when: + - edpm_ovn_bgp_agent_old_config_dir.stat.exists + - edpm_ovn_bgp_agent_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + file_type: file + recurse: true + register: edpm_ovn_bgp_agent_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_ovn_bgp_agent_config_basedir }}/{{ item.path | regex_replace('^.*/ovn-bgp-agent/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_ovn_bgp_agent_old_config_files.files }}" + when: + - edpm_ovn_bgp_agent_old_config_files.files is defined + - edpm_ovn_bgp_agent_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/config-data/ansible-generated/ovn-bgp-agent" + state: absent diff --git a/roles/edpm_ovn_bgp_agent/templates/ovn-bgp-agent.conf.j2 b/roles/edpm_ovn_bgp_agent/templates/config/ovn-bgp-agent.conf.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/ovn-bgp-agent.conf.j2 rename to roles/edpm_ovn_bgp_agent/templates/config/ovn-bgp-agent.conf.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/bgp_ovn_controller.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/bgp_ovn_controller.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/bgp_ovn_controller.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/bgp_ovn_controller.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/nb_db_server.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/nb_db_server.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/nb_db_server.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/nb_db_server.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/northd.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/northd.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/northd.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/northd.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/ovn_bgp_agent.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/ovn_bgp_agent.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/ovn_bgp_agent.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/ovn_bgp_agent.yaml.j2 diff --git a/roles/edpm_ovn_bgp_agent/templates/sb_db_server.yaml.j2 b/roles/edpm_ovn_bgp_agent/templates/container_defs/sb_db_server.yaml.j2 similarity index 100% rename from roles/edpm_ovn_bgp_agent/templates/sb_db_server.yaml.j2 rename to roles/edpm_ovn_bgp_agent/templates/container_defs/sb_db_server.yaml.j2 diff --git a/roles/edpm_reboot/defaults/main.yaml b/roles/edpm_reboot/defaults/main.yaml index 37fe38ff1..75bbd8877 100644 --- a/roles/edpm_reboot/defaults/main.yaml +++ b/roles/edpm_reboot/defaults/main.yaml @@ -19,6 +19,6 @@ edpm_reboot_strategy: auto edpm_reboot_old_tripleo_node_config_dir: /var/lib/config-data/puppet-generated -edpm_reboot_edpm_node_config_dir: /var/lib/openstack/config +edpm_reboot_edpm_node_config_dir: /var/lib/openstack edpm_reboot_timeout_reboot: 3600 edpm_reboot_post_reboot_delay: 60 diff --git a/roles/edpm_reboot/meta/argument_specs.yml b/roles/edpm_reboot/meta/argument_specs.yml index fa4a2418e..55b08aa62 100644 --- a/roles/edpm_reboot/meta/argument_specs.yml +++ b/roles/edpm_reboot/meta/argument_specs.yml @@ -17,7 +17,7 @@ argument_specs: description: Path to check for tripleo pre-adopted nodes edpm_reboot_edpm_node_config_dir: type: path - default: /var/lib/openstack/config + default: /var/lib/openstack description: Path for storing configuration of edpm nodes. This should be synced with edpm-ansible roles. edpm_reboot_timeout_reboot: type: int diff --git a/roles/edpm_reboot/molecule/default/prepare.yml b/roles/edpm_reboot/molecule/default/prepare.yml index 6122529b1..4f75a954a 100644 --- a/roles/edpm_reboot/molecule/default/prepare.yml +++ b/roles/edpm_reboot/molecule/default/prepare.yml @@ -29,13 +29,13 @@ tasks: - name: Create nova config directory ansible.builtin.file: - path: /var/lib/openstack/config/nova + path: /var/lib/openstack/nova state: directory mode: "0775" - name: Create nova.conf ansible.builtin.copy: - dest: /var/lib/openstack/config/nova/01-nova.conf + dest: /var/lib/openstack/nova/01-nova.conf mode: "0644" owner: root group: root diff --git a/roles/edpm_swift/defaults/main.yml b/roles/edpm_swift/defaults/main.yml index 3c9282a9b..4de5fa64f 100644 --- a/roles/edpm_swift/defaults/main.yml +++ b/roles/edpm_swift/defaults/main.yml @@ -28,7 +28,7 @@ edpm_swift_images_download_retries: "{{ edpm_download_retries | default(5) }}" # Note that the src dir is in the AEE container but the # dest dir is on the target host edpm_swift_config_src: /var/lib/openstack/configs -edpm_swift_config_dest: /var/lib/openstack/config/swift +edpm_swift_config_dest: /var/lib/openstack/swift # We don't deploy the proxy service, but the image is used by some of the # storage services, thus defining it here too @@ -43,7 +43,7 @@ edpm_swift_storage_volumes: - /srv/node:/srv/node - /dev:/dev - /var/cache/swift:/var/cache/swift - - /var/lib/openstack/config/swift:/var/lib/kolla/config_files/src:ro + - "{{ edpm_swift_config_dest }}:/var/lib/kolla/config_files/src:ro" edpm_swift_account_auditor_volumes: - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro diff --git a/roles/edpm_swift/templates/kolla_config/rsync.yaml.j2 b/roles/edpm_swift/files/kolla_config/rsync.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/rsync.yaml.j2 rename to roles/edpm_swift/files/kolla_config/rsync.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_auditor.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_auditor.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_auditor.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_auditor.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_reaper.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_reaper.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_reaper.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_reaper.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_replicator.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_replicator.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_replicator.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_replicator.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_account_server.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_account_server.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_account_server.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_account_server.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_auditor.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_auditor.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_auditor.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_auditor.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_replicator.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_replicator.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_replicator.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_replicator.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_server.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_server.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_server.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_server.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_container_updater.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_container_updater.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_container_updater.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_container_updater.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_auditor.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_auditor.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_auditor.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_auditor.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_expirer.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_expirer.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_expirer.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_expirer.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_replicator.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_replicator.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_replicator.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_replicator.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_server.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_server.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_server.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_server.yaml diff --git a/roles/edpm_swift/templates/kolla_config/swift_object_updater.yaml.j2 b/roles/edpm_swift/files/kolla_config/swift_object_updater.yaml similarity index 100% rename from roles/edpm_swift/templates/kolla_config/swift_object_updater.yaml.j2 rename to roles/edpm_swift/files/kolla_config/swift_object_updater.yaml diff --git a/roles/edpm_swift/tasks/run.yml b/roles/edpm_swift/tasks/run.yml index 39bb9422a..9732a184b 100644 --- a/roles/edpm_swift/tasks/run.yml +++ b/roles/edpm_swift/tasks/run.yml @@ -25,32 +25,32 @@ vars: edpm_container_standalone_service: swift edpm_container_standalone_container_defs: - swift_account_auditor: "{{ lookup('template', 'templates/swift_account_auditor.yaml.j2') | from_yaml }}" - swift_account_reaper: "{{ lookup('template', 'templates/swift_account_reaper.yaml.j2') | from_yaml }}" - swift_account_replicator: "{{ lookup('template', 'templates/swift_account_replicator.yaml.j2') | from_yaml }}" - swift_account_server: "{{ lookup('template', 'templates/swift_account_server.yaml.j2') | from_yaml }}" - swift_container_auditor: "{{ lookup('template', 'templates/swift_container_auditor.yaml.j2') | from_yaml }}" - swift_container_replicator: "{{ lookup('template', 'templates/swift_container_replicator.yaml.j2') | from_yaml }}" - swift_container_server: "{{ lookup('template', 'templates/swift_container_server.yaml.j2') | from_yaml }}" - swift_container_updater: "{{ lookup('template', 'templates/swift_container_updater.yaml.j2') | from_yaml }}" - swift_object_auditor: "{{ lookup('template', 'templates/swift_object_auditor.yaml.j2') | from_yaml }}" - swift_object_expirer: "{{ lookup('template', 'templates/swift_object_expirer.yaml.j2') | from_yaml }}" - swift_object_replicator: "{{ lookup('template', 'templates/swift_object_replicator.yaml.j2') | from_yaml }}" - swift_object_server: "{{ lookup('template', 'templates/swift_object_server.yaml.j2') | from_yaml }}" - swift_object_updater: "{{ lookup('template', 'templates/swift_object_updater.yaml.j2') | from_yaml }}" - rsync: "{{ lookup('template', 'templates/rsync.yaml.j2') | from_yaml }}" + swift_account_auditor: "{{ lookup('template', 'container_defs/swift_account_auditor.yaml.j2') | from_yaml }}" + swift_account_reaper: "{{ lookup('template', 'container_defs/swift_account_reaper.yaml.j2') | from_yaml }}" + swift_account_replicator: "{{ lookup('template', 'container_defs/swift_account_replicator.yaml.j2') | from_yaml }}" + swift_account_server: "{{ lookup('template', 'container_defs/swift_account_server.yaml.j2') | from_yaml }}" + swift_container_auditor: "{{ lookup('template', 'container_defs/swift_container_auditor.yaml.j2') | from_yaml }}" + swift_container_replicator: "{{ lookup('template', 'container_defs/swift_container_replicator.yaml.j2') | from_yaml }}" + swift_container_server: "{{ lookup('template', 'container_defs/swift_container_server.yaml.j2') | from_yaml }}" + swift_container_updater: "{{ lookup('template', 'container_defs/swift_container_updater.yaml.j2') | from_yaml }}" + swift_object_auditor: "{{ lookup('template', 'container_defs/swift_object_auditor.yaml.j2') | from_yaml }}" + swift_object_expirer: "{{ lookup('template', 'container_defs/swift_object_expirer.yaml.j2') | from_yaml }}" + swift_object_replicator: "{{ lookup('template', 'container_defs/swift_object_replicator.yaml.j2') | from_yaml }}" + swift_object_server: "{{ lookup('template', 'container_defs/swift_object_server.yaml.j2') | from_yaml }}" + swift_object_updater: "{{ lookup('template', 'container_defs/swift_object_updater.yaml.j2') | from_yaml }}" + rsync: "{{ lookup('template', 'container_defs/rsync.yaml.j2') | from_yaml }}" edpm_container_standalone_kolla_config_files: - swift_account_auditor: "{{ lookup('template', 'templates/kolla_config/swift_account_auditor.yaml.j2') | from_yaml }}" - swift_account_reaper: "{{ lookup('template', 'templates/kolla_config/swift_account_reaper.yaml.j2') | from_yaml }}" - swift_account_replicator: "{{ lookup('template', 'templates/kolla_config/swift_account_replicator.yaml.j2') | from_yaml }}" - swift_account_server: "{{ lookup('template', 'templates/kolla_config/swift_account_server.yaml.j2') | from_yaml }}" - swift_container_auditor: "{{ lookup('template', 'templates/kolla_config/swift_container_auditor.yaml.j2') | from_yaml }}" - swift_container_replicator: "{{ lookup('template', 'templates/kolla_config/swift_container_replicator.yaml.j2') | from_yaml }}" - swift_container_server: "{{ lookup('template', 'templates/kolla_config/swift_container_server.yaml.j2') | from_yaml }}" - swift_container_updater: "{{ lookup('template', 'templates/kolla_config/swift_container_updater.yaml.j2') | from_yaml }}" - swift_object_auditor: "{{ lookup('template', 'templates/kolla_config/swift_object_auditor.yaml.j2') | from_yaml }}" - swift_object_expirer: "{{ lookup('template', 'templates/kolla_config/swift_object_expirer.yaml.j2') | from_yaml }}" - swift_object_replicator: "{{ lookup('template', 'templates/kolla_config/swift_object_replicator.yaml.j2') | from_yaml }}" - swift_object_server: "{{ lookup('template', 'templates/kolla_config/swift_object_server.yaml.j2') | from_yaml }}" - swift_object_updater: "{{ lookup('template', 'templates/kolla_config/swift_object_updater.yaml.j2') | from_yaml }}" - rsync: "{{ lookup('template', 'templates/kolla_config/rsync.yaml.j2') | from_yaml }}" + swift_account_auditor: "{{ lookup('file', 'kolla_config/swift_account_auditor.yaml') | from_yaml }}" + swift_account_reaper: "{{ lookup('file', 'kolla_config/swift_account_reaper.yaml') | from_yaml }}" + swift_account_replicator: "{{ lookup('file', 'kolla_config/swift_account_replicator.yaml') | from_yaml }}" + swift_account_server: "{{ lookup('file', 'kolla_config/swift_account_server.yaml') | from_yaml }}" + swift_container_auditor: "{{ lookup('file', 'kolla_config/swift_container_auditor.yaml') | from_yaml }}" + swift_container_replicator: "{{ lookup('file', 'kolla_config/swift_container_replicator.yaml') | from_yaml }}" + swift_container_server: "{{ lookup('file', 'kolla_config/swift_container_server.yaml') | from_yaml }}" + swift_container_updater: "{{ lookup('file', 'kolla_config/swift_container_updater.yaml') | from_yaml }}" + swift_object_auditor: "{{ lookup('file', 'kolla_config/swift_object_auditor.yaml') | from_yaml }}" + swift_object_expirer: "{{ lookup('file', 'kolla_config/swift_object_expirer.yaml') | from_yaml }}" + swift_object_replicator: "{{ lookup('file', 'kolla_config/swift_object_replicator.yaml') | from_yaml }}" + swift_object_server: "{{ lookup('file', 'kolla_config/swift_object_server.yaml') | from_yaml }}" + swift_object_updater: "{{ lookup('file', 'kolla_config/swift_object_updater.yaml') | from_yaml }}" + rsync: "{{ lookup('file', 'kolla_config/rsync.yaml') | from_yaml }}" diff --git a/roles/edpm_swift/tasks/update.yml b/roles/edpm_swift/tasks/update.yml new file mode 100644 index 000000000..38d2c4be3 --- /dev/null +++ b/roles/edpm_swift/tasks/update.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - swift + become: true + ansible.builtin.file: + path: "{{ edpm_swift_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - swift + ansible.builtin.stat: + path: "/var/lib/openstack/config/swift" + register: edpm_swift_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - swift + become: true + when: + - edpm_swift_old_config_dir.stat.exists + - edpm_swift_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/swift" + file_type: file + recurse: true + register: edpm_swift_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_swift_config_dest }}/{{ item.path | regex_replace('^.*/config/swift/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_swift_old_config_files.files }}" + when: + - edpm_swift_old_config_files.files is defined + - edpm_swift_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/swift" + state: absent diff --git a/roles/edpm_swift/templates/rsync.yaml.j2 b/roles/edpm_swift/templates/config/rsync.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/rsync.yaml.j2 rename to roles/edpm_swift/templates/config/rsync.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_auditor.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_auditor.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_auditor.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_auditor.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_reaper.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_reaper.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_reaper.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_reaper.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_replicator.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_replicator.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_replicator.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_replicator.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_account_server.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_account_server.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_account_server.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_account_server.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_auditor.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_auditor.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_auditor.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_auditor.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_replicator.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_replicator.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_replicator.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_replicator.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_server.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_server.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_server.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_server.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_container_updater.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_container_updater.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_container_updater.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_container_updater.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_auditor.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_auditor.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_auditor.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_auditor.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_expirer.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_expirer.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_expirer.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_expirer.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_replicator.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_replicator.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_replicator.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_replicator.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_server.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_server.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_server.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_server.yaml.j2 diff --git a/roles/edpm_swift/templates/swift_object_updater.yaml.j2 b/roles/edpm_swift/templates/container_defs/swift_object_updater.yaml.j2 similarity index 100% rename from roles/edpm_swift/templates/swift_object_updater.yaml.j2 rename to roles/edpm_swift/templates/container_defs/swift_object_updater.yaml.j2 diff --git a/roles/edpm_telemetry/defaults/main.yml b/roles/edpm_telemetry/defaults/main.yml index a1ca80f96..e6afc9ccd 100644 --- a/roles/edpm_telemetry/defaults/main.yml +++ b/roles/edpm_telemetry/defaults/main.yml @@ -21,7 +21,7 @@ edpm_telemetry_service_name: telemetry # Directory in the ansibleEE container edpm_telemetry_config_src: "/var/lib/openstack/configs/{{ edpm_telemetry_service_name }}" # Directory in the compute node -edpm_telemetry_config_dest: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" +edpm_telemetry_config_dest: "/var/lib/openstack/{{ edpm_telemetry_service_name }}" # Image to use for node_exporter edpm_telemetry_node_exporter_image: quay.io/prometheus/node-exporter:v1.5.0 # Image to use for podman_exporter diff --git a/roles/edpm_telemetry/templates/ceilometer_prom_exporter.yaml.j2 b/roles/edpm_telemetry/files/ceilometer_prom_exporter.yaml similarity index 100% rename from roles/edpm_telemetry/templates/ceilometer_prom_exporter.yaml.j2 rename to roles/edpm_telemetry/files/ceilometer_prom_exporter.yaml diff --git a/roles/edpm_telemetry/templates/firewall.yaml.j2 b/roles/edpm_telemetry/files/firewall.yaml similarity index 100% rename from roles/edpm_telemetry/templates/firewall.yaml.j2 rename to roles/edpm_telemetry/files/firewall.yaml diff --git a/roles/edpm_telemetry/files/kolla_config/ceilometer_agent_compute.yaml b/roles/edpm_telemetry/files/kolla_config/ceilometer_agent_compute.yaml new file mode 100644 index 000000000..461ac349d --- /dev/null +++ b/roles/edpm_telemetry/files/kolla_config/ceilometer_agent_compute.yaml @@ -0,0 +1,20 @@ +command: /usr/bin/ceilometer-polling --polling-namespaces compute --logfile /dev/stdout +config_files: + - source: /var/lib/kolla/config_files/src/ceilometer.conf + dest: /etc/ceilometer/ceilometer.conf + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/polling.yaml + dest: /etc/ceilometer/polling.yaml + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/custom.conf + dest: /etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf + owner: ceilometer + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/ceilometer-host-specific.conf + dest: /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf + owner: ceilometer + perm: "0600" + optional: true diff --git a/roles/edpm_telemetry/templates/node_exporter.yaml.j2 b/roles/edpm_telemetry/files/node_exporter.yaml similarity index 100% rename from roles/edpm_telemetry/templates/node_exporter.yaml.j2 rename to roles/edpm_telemetry/files/node_exporter.yaml diff --git a/roles/edpm_telemetry/templates/podman_exporter.yaml.j2 b/roles/edpm_telemetry/files/podman_exporter.yaml similarity index 100% rename from roles/edpm_telemetry/templates/podman_exporter.yaml.j2 rename to roles/edpm_telemetry/files/podman_exporter.yaml diff --git a/roles/edpm_telemetry/molecule/default/verify.yml b/roles/edpm_telemetry/molecule/default/verify.yml index 7275ba06b..eeee24f9a 100644 --- a/roles/edpm_telemetry/molecule/default/verify.yml +++ b/roles/edpm_telemetry/molecule/default/verify.yml @@ -7,13 +7,13 @@ vars_files: - ../../defaults/main.yml tasks: - - name: ensure expected directories exist + - name: ensure expected config files exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - - "{{ edpm_telemetry_config_dest }}/ceilometer_agent_compute.json" - - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-compute.json" - "{{ edpm_telemetry_config_dest }}/ceilometer.conf" - "{{ edpm_telemetry_config_dest }}/polling.yaml" + - "{{ edpm_telemetry_config_dest }}/ceilometer-host-specific.conf" + - "{{ edpm_telemetry_config_dest }}/firewall.yaml" - name: ensure podman container exists and are running ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_podman.yaml" @@ -32,10 +32,10 @@ ansible.builtin.shell: | podman logs ceilometer_agent_compute 2>&1 | grep "{{item}}" > /dev/null loop: - - "Copying /var/lib/openstack/config/ceilometer.conf to /etc/ceilometer/ceilometer.conf" - - "Copying /var/lib/openstack/config/polling.yaml to /etc/ceilometer/polling.yaml" + - "Copying /var/lib/kolla/config_files/src/ceilometer.conf to /etc/ceilometer/ceilometer.conf" + - "Copying /var/lib/kolla/config_files/src/polling.yaml to /etc/ceilometer/polling.yaml" - "/usr/bin/ceilometer-polling --polling-namespaces compute --logfile /dev/stdout" - - "Copying /var/lib/openstack/config/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" + - "Copying /var/lib/kolla/config_files/src/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" - name: ensure that the correcty binary started with TLS become: true diff --git a/roles/edpm_telemetry/tasks/configure.yml b/roles/edpm_telemetry/tasks/configure.yml index 77d32b8c6..f1868245a 100644 --- a/roles/edpm_telemetry/tasks/configure.yml +++ b/roles/edpm_telemetry/tasks/configure.yml @@ -40,17 +40,6 @@ path: "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -- name: Render ceilometer config files - tags: - - edpm_telemetry - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item.dest }}" - setype: "container_file_t" - mode: "0644" - loop: - - {"src": "ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"} - - name: Ensure group libvirt always exists become: true ansible.builtin.group: @@ -103,17 +92,28 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat -- name: Render container config templates +- name: Render telemetry config files + tags: + - edpm_telemetry ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - mode: 0644 - with_fileglob: - - ../templates/*.j2 + src: "{{ item.src }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item.dest }}" + setype: "container_file_t" + mode: "0644" + loop: + - {"src": "config/ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"} + - {"src": "config/openstack_network_exporter.yaml.j2", "dest": "openstack_network_exporter.yaml"} vars: ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" +- name: Copy static config files + ansible.builtin.copy: + src: firewall.yaml + dest: "{{ edpm_telemetry_config_dest }}/firewall.yaml" + setype: "container_file_t" + mode: "0644" + - name: Configure tls if present when: - tls_crt_stat.stat.exists and tls_key_stat.stat.exists diff --git a/roles/edpm_telemetry/tasks/exporter.yml b/roles/edpm_telemetry/tasks/exporter.yml index d125d2718..c6e179ccd 100644 --- a/roles/edpm_telemetry/tasks/exporter.yml +++ b/roles/edpm_telemetry/tasks/exporter.yml @@ -10,17 +10,31 @@ mode: '0700' become: true +- name: Set cert existence facts for template + ansible.builtin.set_fact: + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" + +- name: Load container definition for exporter + ansible.builtin.set_fact: + _exporter_container_def: "{{ lookup('template', 'container_defs/{{ exporter }}.yaml.j2') | from_yaml }}" + +- name: Build container defs dict dynamically + ansible.builtin.set_fact: + _exporter_container_defs: "{{ {} | combine({(exporter | string): _exporter_container_def}) }}" + +- name: Build kolla config dict for exporters that need them + ansible.builtin.set_fact: + _exporter_kolla_config_dict: + ceilometer_agent_compute: "{{ lookup('file', 'files/kolla_config/ceilometer_agent_compute.yaml') | from_yaml }}" + when: exporter == 'ceilometer_agent_compute' + - name: Deploy exporter container ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: "{{ edpm_telemetry_config_dest }}" - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: "{{ exporter }}.json" - edpm_container_manage_clean_orphans: false - -- name: Restart exporter container - become: true - ansible.builtin.systemd: - state: restarted - name: "edpm_{{ exporter }}.service" + edpm_container_standalone_service: "{{ exporter }}" + edpm_service_name: "{{ edpm_telemetry_service_name }}" + edpm_container_state_append: "{{ exporter != edpm_telemetry_enabled_exporters[0] }}" # Replace on first, append on rest + edpm_container_standalone_container_defs: "{{ _exporter_container_defs }}" + edpm_container_standalone_kolla_config_files: "{{ _exporter_kolla_config_dict | default({}) }}" diff --git a/roles/edpm_telemetry/tasks/exporter_tls.yml b/roles/edpm_telemetry/tasks/exporter_tls.yml index 3d944fb94..768db85c5 100644 --- a/roles/edpm_telemetry/tasks/exporter_tls.yml +++ b/roles/edpm_telemetry/tasks/exporter_tls.yml @@ -1,7 +1,6 @@ --- - -- name: Create config file for exporter - ansible.builtin.template: +- name: Copy TLS config file for {{ exporter }} + ansible.builtin.copy: + src: "{{ exporter }}.yaml" dest: "{{ edpm_telemetry_config_dest }}/{{ exporter }}.yaml" - mode: "0644" - src: "{{ exporter }}.yaml.j2" + mode: 0644 diff --git a/roles/edpm_telemetry/tasks/install.yml b/roles/edpm_telemetry/tasks/install.yml index 500c9f790..53897f50c 100644 --- a/roles/edpm_telemetry/tasks/install.yml +++ b/roles/edpm_telemetry/tasks/install.yml @@ -14,6 +14,21 @@ # License for the specific language governing permissions and limitations # under the License. +- name: Determine if cacert file exists + ansible.builtin.stat: + path: "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem" + register: ca_bundle_stat_res + +- name: Check that tls.crt exists + ansible.builtin.stat: + path: "{{ edpm_telemetry_certs }}/tls.crt" + register: tls_crt_stat + +- name: Check that tls.key exists + ansible.builtin.stat: + path: "{{ edpm_telemetry_certs }}/tls.key" + register: tls_key_stat + - name: Create a directory for container health checks ansible.builtin.file: path: /var/lib/openstack/healthchecks diff --git a/roles/edpm_telemetry/tasks/post-install.yml b/roles/edpm_telemetry/tasks/post-install.yml index 32cf00043..f03b4663e 100644 --- a/roles/edpm_telemetry/tasks/post-install.yml +++ b/roles/edpm_telemetry/tasks/post-install.yml @@ -25,8 +25,8 @@ - name: Copy telemetry firewall config become: true - ansible.builtin.template: - src: "firewall.yaml.j2" + ansible.builtin.copy: + src: "firewall.yaml" dest: "/var/lib/edpm-config/firewall/telemetry.yaml" mode: "0640" diff --git a/roles/edpm_telemetry/tasks/update.yml b/roles/edpm_telemetry/tasks/update.yml index e7eadde31..e834502f0 100644 --- a/roles/edpm_telemetry/tasks/update.yml +++ b/roles/edpm_telemetry/tasks/update.yml @@ -1,4 +1,58 @@ --- +- name: Ensure new config directory exists + tags: + - update + - telemetry + become: true + ansible.builtin.file: + path: "{{ edpm_telemetry_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - telemetry + ansible.builtin.stat: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + register: edpm_telemetry_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - telemetry + become: true + when: + - edpm_telemetry_old_config_dir.stat.exists + - edpm_telemetry_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + file_type: file + recurse: true + register: edpm_telemetry_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item.path | regex_replace('^.*/config/' + edpm_telemetry_service_name + '/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_telemetry_old_config_files.files }}" + when: + - edpm_telemetry_old_config_files.files is defined + - edpm_telemetry_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + state: absent + - name: Check for openstack_network_exporter config ansible.builtin.stat: path: "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.json" @@ -23,14 +77,21 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat - - name: Render container config templates + - name: Render openstack_network_exporter config ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" + src: "config/openstack_network_exporter.yaml.j2" + dest: "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.yaml" mode: 0644 - with_items: - - ../templates/openstack_network_exporter.json.j2 - - ../templates/openstack_network_exporter.yaml.j2 vars: ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" + + - name: Deploy openstack_network_exporter container + ansible.builtin.include_role: + name: osp.edpm.edpm_container_standalone + vars: + edpm_container_standalone_service: "openstack_network_exporter" + edpm_container_standalone_container_defs: + openstack_network_exporter: "{{ lookup('template', 'container_defs/openstack_network_exporter.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" diff --git a/roles/edpm_telemetry/templates/ceilometer-agent-compute.json.j2 b/roles/edpm_telemetry/templates/ceilometer-agent-compute.json.j2 deleted file mode 100644 index 62ba12019..000000000 --- a/roles/edpm_telemetry/templates/ceilometer-agent-compute.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "command": "/usr/bin/ceilometer-polling --polling-namespaces compute --logfile /dev/stdout", - "config_files": [ - { - "source": "/var/lib/openstack/config/ceilometer.conf", - "dest": "/etc/ceilometer/ceilometer.conf", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/polling.yaml", - "dest": "/etc/ceilometer/polling.yaml", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/custom.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/openstack/config/ceilometer-host-specific.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - } - ] - } diff --git a/roles/edpm_telemetry/templates/ceilometer_agent_compute.json.j2 b/roles/edpm_telemetry/templates/ceilometer_agent_compute.json.j2 deleted file mode 100644 index e1d90e122..000000000 --- a/roles/edpm_telemetry/templates/ceilometer_agent_compute.json.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{ - "image": "{{ edpm_telemetry_ceilometer_compute_image }}", - "user": "ceilometer", - "restart": "always", - "command": "kolla_start", - "security_opt": "label:type:ceilometer_polling_t", - "net": "host", - "environment": { - "KOLLA_CONFIG_STRATEGY":"COPY_ALWAYS", - "OS_ENDPOINT_TYPE":"internal" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck compute", - "mount": "/var/lib/openstack/healthchecks/ceilometer_agent_compute" - }, -{% endif %} - "volumes": [ - "{{ edpm_telemetry_config_dest }}:/var/lib/openstack/config/:z", - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:z", - "/run/libvirt:/run/libvirt:shared,ro", - "/etc/hosts:/etc/hosts:ro", - "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", - "/etc/localtime:/etc/localtime:ro", - "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", -{% if ca_bundle_exists|bool %} - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% endif %} -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z", - {% endif %} - "/dev/log:/dev/log" - ] -} diff --git a/roles/edpm_telemetry/templates/ceilometer-host-specific.conf.j2 b/roles/edpm_telemetry/templates/config/ceilometer-host-specific.conf.j2 similarity index 100% rename from roles/edpm_telemetry/templates/ceilometer-host-specific.conf.j2 rename to roles/edpm_telemetry/templates/config/ceilometer-host-specific.conf.j2 diff --git a/roles/edpm_telemetry/templates/openstack_network_exporter.yaml.j2 b/roles/edpm_telemetry/templates/config/openstack_network_exporter.yaml.j2 similarity index 100% rename from roles/edpm_telemetry/templates/openstack_network_exporter.yaml.j2 rename to roles/edpm_telemetry/templates/config/openstack_network_exporter.yaml.j2 diff --git a/roles/edpm_telemetry/templates/container_defs/ceilometer_agent_compute.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/ceilometer_agent_compute.yaml.j2 new file mode 100644 index 000000000..221c9d8e5 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/ceilometer_agent_compute.yaml.j2 @@ -0,0 +1,30 @@ +image: {{ edpm_telemetry_ceilometer_compute_image }} +user: ceilometer +restart: always +command: kolla_start +security_opt: label:type:ceilometer_polling_t +net: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + OS_ENDPOINT_TYPE: internal +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck compute + mount: /var/lib/openstack/healthchecks/ceilometer_agent_compute +{% endif %} +volumes: + - "{{ edpm_telemetry_config_dest }}:/var/lib/kolla/config_files/src:z" + - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:z + - /run/libvirt:/run/libvirt:shared,ro + - /etc/hosts:/etc/hosts:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/localtime:/etc/localtime:ro + - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro +{% if ca_bundle_exists|bool %} + - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z" +{% endif %} + - /dev/log:/dev/log diff --git a/roles/edpm_telemetry/templates/container_defs/node_exporter.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/node_exporter.yaml.j2 new file mode 100644 index 000000000..ba6c3f9d3 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/node_exporter.yaml.j2 @@ -0,0 +1,42 @@ +image: {{ edpm_telemetry_node_exporter_image }} +restart: always +recreate: true +user: root +privileged: true +ports: + - "9100:9100" +command: +{% if tls_cert_exists|bool %} + - --web.config.file=/etc/node_exporter/node_exporter.yaml +{% endif %} + - --web.disable-exporter-metrics + - --collector.systemd + - --collector.systemd.unit-include=(edpm_.*|ovs.*|openvswitch|virt.*|rsyslog)\\.service + - --no-collector.dmi + - --no-collector.entropy + - --no-collector.thermal_zone + - --no-collector.time + - --no-collector.timex + - --no-collector.uname + - --no-collector.stat + - --no-collector.hwmon + - --no-collector.os + - --no-collector.selinux + - --no-collector.textfile + - --no-collector.powersupplyclass + - --no-collector.pressure + - --no-collector.rapl +net: host +environment: + OS_ENDPOINT_TYPE: internal +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck node_exporter + mount: /var/lib/openstack/healthchecks/node_exporter +{% endif %} +volumes: +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/node_exporter.yaml:/etc/node_exporter/node_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/node_exporter/tls:z" +{% endif %} + - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw diff --git a/roles/edpm_telemetry/templates/container_defs/openstack_network_exporter.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/openstack_network_exporter.yaml.j2 new file mode 100644 index 000000000..60d7c2b21 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/openstack_network_exporter.yaml.j2 @@ -0,0 +1,26 @@ +image: {{ edpm_telemetry_openstack_network_exporter_image }} +restart: always +recreate: true +privileged: true +ports: + - "9105:9105" +command: [] +net: host +environment: + OS_ENDPOINT_TYPE: internal + OPENSTACK_NETWORK_EXPORTER_YAML: /etc/openstack_network_exporter/openstack_network_exporter.yaml +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck openstack-netwo + mount: /var/lib/openstack/healthchecks/openstack_network_exporter +{% endif %} +volumes: + - "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.yaml:/etc/openstack_network_exporter/openstack_network_exporter.yaml:z" +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_certs }}:/etc/openstack_network_exporter/tls:z" +{% endif %} +{% if telemetry_test is not defined or not telemetry_test | bool %} + - /var/run/openvswitch:/run/openvswitch:rw,z + - /var/lib/openvswitch/ovn:/run/ovn:rw,z +{% endif %} + - /proc:/host/proc:ro diff --git a/roles/edpm_telemetry/templates/container_defs/podman_exporter.yaml.j2 b/roles/edpm_telemetry/templates/container_defs/podman_exporter.yaml.j2 new file mode 100644 index 000000000..a30308985 --- /dev/null +++ b/roles/edpm_telemetry/templates/container_defs/podman_exporter.yaml.j2 @@ -0,0 +1,26 @@ +image: {{ edpm_telemetry_podman_exporter_image }} +restart: always +recreate: true +user: root +privileged: true +ports: + - "9882:9882" +net: host +{% if tls_cert_exists|bool %} +command: + - --web.config.file=/etc/podman_exporter/podman_exporter.yaml +{% endif %} +environment: + OS_ENDPOINT_TYPE: internal + CONTAINER_HOST: unix:///run/podman/podman.sock +{% if edpm_telemetry_healthcheck %} +healthcheck: + test: /openstack/healthcheck podman_exporter + mount: /var/lib/openstack/healthchecks/podman_exporter +{% endif %} +volumes: +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/podman_exporter.yaml:/etc/podman_exporter/podman_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/podman_exporter/tls:z" +{% endif %} + - /run/podman/podman.sock:/run/podman/podman.sock:rw,z diff --git a/roles/edpm_telemetry/templates/node_exporter.json.j2 b/roles/edpm_telemetry/templates/node_exporter.json.j2 deleted file mode 100644 index 9b13922fb..000000000 --- a/roles/edpm_telemetry/templates/node_exporter.json.j2 +++ /dev/null @@ -1,47 +0,0 @@ -{ - "image": "{{ edpm_telemetry_node_exporter_image }}", - "restart": "always", - "recreate": true, - "user": "root", - "privileged": true, - "ports": ["9100:9100"], - "command": [ -{% if tls_cert_exists|bool %} - "--web.config.file=/etc/node_exporter/node_exporter.yaml", -{% endif %} - "--web.disable-exporter-metrics", - "--collector.systemd", - "--collector.systemd.unit-include=(edpm_.*|ovs.*|openvswitch|virt.*|rsyslog)\\.service", - "--no-collector.dmi", - "--no-collector.entropy", - "--no-collector.thermal_zone", - "--no-collector.time", - "--no-collector.timex", - "--no-collector.uname", - "--no-collector.stat", - "--no-collector.hwmon", - "--no-collector.os", - "--no-collector.selinux", - "--no-collector.textfile", - "--no-collector.powersupplyclass", - "--no-collector.pressure", - "--no-collector.rapl" - ], - "net": "host", - "environment": { - "OS_ENDPOINT_TYPE":"internal" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck node_exporter", - "mount": "/var/lib/openstack/healthchecks/node_exporter" - }, -{% endif %} - "volumes": [ -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/node_exporter.yaml:/etc/node_exporter/node_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/node_exporter/tls:z", -{% endif %} - "/var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket:rw" - ] -} diff --git a/roles/edpm_telemetry/templates/openstack_network_exporter.json.j2 b/roles/edpm_telemetry/templates/openstack_network_exporter.json.j2 deleted file mode 100644 index f999a0e0b..000000000 --- a/roles/edpm_telemetry/templates/openstack_network_exporter.json.j2 +++ /dev/null @@ -1,30 +0,0 @@ -{ - "image": "{{ edpm_telemetry_openstack_network_exporter_image }}", - "restart": "always", - "recreate": true, - "privileged": true, - "ports": ["9105:9105"], - "command": [], - "net": "host", - "environment": { - "OS_ENDPOINT_TYPE":"internal", - "OPENSTACK_NETWORK_EXPORTER_YAML":"/etc/openstack_network_exporter/openstack_network_exporter.yaml" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck openstack-netwo", - "mount": "/var/lib/openstack/healthchecks/openstack_network_exporter" - }, -{% endif %} - "volumes": [ - "{{ edpm_telemetry_config_dest }}/openstack_network_exporter.yaml:/etc/openstack_network_exporter/openstack_network_exporter.yaml:z", -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_certs }}:/etc/openstack_network_exporter/tls:z", -{% endif %} -{% if telemetry_test is not defined or not telemetry_test | bool %} - "/var/run/openvswitch:/run/openvswitch:rw,z", - "/var/lib/openvswitch/ovn:/run/ovn:rw,z", -{% endif %} - "/proc:/host/proc:ro" - ] -} diff --git a/roles/edpm_telemetry/templates/podman_exporter.json.j2 b/roles/edpm_telemetry/templates/podman_exporter.json.j2 deleted file mode 100644 index 63226d17a..000000000 --- a/roles/edpm_telemetry/templates/podman_exporter.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "image": "{{ edpm_telemetry_podman_exporter_image }}", - "restart": "always", - "recreate": true, - "user": "root", - "privileged": true, - "ports": ["9882:9882"], - "net": "host", -{% if tls_cert_exists|bool %} - "command": [ - "--web.config.file=/etc/podman_exporter/podman_exporter.yaml" - ], -{% endif %} - "environment": { - "OS_ENDPOINT_TYPE": "internal", - "CONTAINER_HOST": "unix:///run/podman/podman.sock" - }, -{% if edpm_telemetry_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck podman_exporter", - "mount": "/var/lib/openstack/healthchecks/podman_exporter" - }, -{% endif %} - "volumes": [ -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/podman_exporter.yaml:/etc/podman_exporter/podman_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/podman_exporter/tls:z", -{% endif %} - "/run/podman/podman.sock:/run/podman/podman.sock:rw,z" - ] -} diff --git a/roles/edpm_telemetry_power_monitoring/defaults/main.yml b/roles/edpm_telemetry_power_monitoring/defaults/main.yml index ad3a1a16e..b57028367 100644 --- a/roles/edpm_telemetry_power_monitoring/defaults/main.yml +++ b/roles/edpm_telemetry_power_monitoring/defaults/main.yml @@ -21,7 +21,7 @@ edpm_telemetry_service_name: telemetry-power-monitoring # Directory in the ansibleEE container edpm_telemetry_config_src: "/var/lib/openstack/configs/{{ edpm_telemetry_service_name }}" # Directory in the compute node -edpm_telemetry_config_dest: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" +edpm_telemetry_config_dest: "/var/lib/openstack/{{ edpm_telemetry_service_name }}" # Image to use for Ceilometer Ipmi edpm_telemetry_ceilometer_ipmi_image: quay.io/podified-antelope-centos9/openstack-ceilometer-ipmi:current-podified # Certificates location for tls encryption diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_prom_exporter.yaml.j2 b/roles/edpm_telemetry_power_monitoring/files/ceilometer_prom_exporter.yaml similarity index 100% rename from roles/edpm_telemetry_power_monitoring/templates/ceilometer_prom_exporter.yaml.j2 rename to roles/edpm_telemetry_power_monitoring/files/ceilometer_prom_exporter.yaml diff --git a/roles/edpm_telemetry_power_monitoring/templates/firewall.yaml.j2 b/roles/edpm_telemetry_power_monitoring/files/firewall.yaml similarity index 100% rename from roles/edpm_telemetry_power_monitoring/templates/firewall.yaml.j2 rename to roles/edpm_telemetry_power_monitoring/files/firewall.yaml diff --git a/roles/edpm_telemetry_power_monitoring/files/kolla_config/ceilometer_agent_ipmi.yaml b/roles/edpm_telemetry_power_monitoring/files/kolla_config/ceilometer_agent_ipmi.yaml new file mode 100644 index 000000000..b221e95ef --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/files/kolla_config/ceilometer_agent_ipmi.yaml @@ -0,0 +1,20 @@ +command: /usr/bin/ceilometer-polling --polling-namespaces ipmi --logfile /dev/stdout +config_files: + - source: /var/lib/kolla/config_files/src/ceilometer.conf + dest: /etc/ceilometer/ceilometer.conf + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/polling.yaml + dest: /etc/ceilometer/polling.yaml + owner: ceilometer + perm: "0600" + - source: /var/lib/kolla/config_files/src/custom.conf + dest: /etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf + owner: ceilometer + perm: "0600" + optional: true + - source: /var/lib/kolla/config_files/src/ceilometer-host-specific.conf + dest: /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf + owner: ceilometer + perm: "0600" + optional: true diff --git a/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml b/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml index 85a2aca80..c966f57c3 100644 --- a/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml +++ b/roles/edpm_telemetry_power_monitoring/molecule/default/verify.yml @@ -21,13 +21,13 @@ vars_files: - ../../defaults/main.yml tasks: - - name: ensure expected directories exist + - name: ensure expected config files exist ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_dir.yaml" loop: - - "{{ edpm_telemetry_config_dest }}/ceilometer_agent_ipmi.json" - - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-ipmi.json" - "{{ edpm_telemetry_config_dest }}/ceilometer.conf" - "{{ edpm_telemetry_config_dest }}/polling.yaml" + - "{{ edpm_telemetry_config_dest }}/ceilometer-host-specific.conf" + - "{{ edpm_telemetry_config_dest }}/firewall.yaml" - name: ensure podman container exists and are running ansible.builtin.include_tasks: "{{test_helper_dir}}/verify_podman.yaml" @@ -46,10 +46,10 @@ ansible.builtin.shell: | podman logs ceilometer_agent_ipmi 2>&1 | grep "{{item}}" > /dev/null loop: - - "Copying /var/lib/openstack/config/ceilometer.conf to /etc/ceilometer/ceilometer.conf" - - "Copying /var/lib/openstack/config/polling.yaml to /etc/ceilometer/polling.yaml" + - "Copying /var/lib/kolla/config_files/src/ceilometer.conf to /etc/ceilometer/ceilometer.conf" + - "Copying /var/lib/kolla/config_files/src/polling.yaml to /etc/ceilometer/polling.yaml" - "/usr/bin/ceilometer-polling --polling-namespaces ipmi --logfile /dev/stdout" - - "Copying /var/lib/openstack/config/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" + - "Copying /var/lib/kolla/config_files/src/ceilometer-host-specific.conf to /etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf" - name: ensure firewall is configured ansible.builtin.include_tasks: "test-helpers/kepler.yaml" diff --git a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml index 3b5a8c587..5e636f76c 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/configure.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/configure.yml @@ -41,16 +41,23 @@ path: "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -- name: Render ceilometer config files +- name: Render ceilometer config template tags: - edpm_telemetry_power_monitoring ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item.dest }}" + src: "config/ceilometer-host-specific.conf.j2" + dest: "{{ edpm_telemetry_config_dest }}/ceilometer-host-specific.conf" + setype: "container_file_t" + mode: "0644" + +- name: Copy static config files + tags: + - edpm_telemetry_power_monitoring + ansible.builtin.copy: + src: firewall.yaml + dest: "{{ edpm_telemetry_config_dest }}/firewall.yaml" setype: "container_file_t" mode: "0644" - loop: - - {"src": "ceilometer-host-specific.conf.j2", "dest": "ceilometer-host-specific.conf"} - name: Configure ceilometer user and group on the host ansible.builtin.import_role: @@ -77,7 +84,7 @@ - name: Append custom.conf to config files ansible.builtin.set_fact: - configs: "{{ configs + [{ 'src': edpm_telemetry_config_src + '/custom.conf', 'dest': edpm_telemetry_config_dest + '/custom.conf' }] }}" + configs: "{{ configs + [{'src': edpm_telemetry_config_src + '/custom.conf', 'dest': edpm_telemetry_config_dest + '/custom.conf'}] }}" when: custom_ceilometer_conf.stat.exists - name: Copy generated ceilometer configs @@ -98,28 +105,16 @@ path: "{{ edpm_telemetry_certs }}/tls.key" register: tls_key_stat -- name: Render container config templates - ansible.builtin.template: - src: "{{ item }}" - dest: "{{ edpm_telemetry_config_dest }}/{{ item | basename | regex_replace('\\.j2$', '') }}" - mode: 0644 - with_fileglob: - - ../templates/*.j2 - vars: - ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" - name: Configure tls if present when: - tls_crt_stat.stat.exists and tls_key_stat.stat.exists block: - - name: Create config file for exporters - ansible.builtin.include_tasks: - file: exporter_tls.yml - loop: - - ceilometer_prom_exporter - loop_control: - loop_var: exporter + - name: Copy TLS config for ceilometer_prom_exporter + ansible.builtin.copy: + src: ceilometer_prom_exporter.yaml + dest: "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml" + mode: 0644 - name: Change the owner of the crt become: true diff --git a/roles/edpm_telemetry_power_monitoring/tasks/exporter_tls.yml b/roles/edpm_telemetry_power_monitoring/tasks/exporter_tls.yml deleted file mode 100644 index 424a2f4fe..000000000 --- a/roles/edpm_telemetry_power_monitoring/tasks/exporter_tls.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Create config file for exporter - ansible.builtin.template: - dest: "{{ edpm_telemetry_config_dest }}/{{ exporter }}.yaml" - mode: "0644" - src: "{{ exporter }}.yaml.j2" diff --git a/roles/edpm_telemetry_power_monitoring/tasks/install.yml b/roles/edpm_telemetry_power_monitoring/tasks/install.yml index f8d7a6fd5..8a04973e4 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/install.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/install.yml @@ -35,23 +35,27 @@ become: true loop: "{{ edpm_telemetry_power_monitoring_healthcheck_sources | dict2items }}" -- name: Deploy ceilometer containers +- name: Deploy ceilometer ipmi container ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: "{{ edpm_telemetry_config_dest }}" - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: "ceilometer_agent_ipmi.json" - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "ceilometer_agent_ipmi" + edpm_container_standalone_container_defs: + ceilometer_agent_ipmi: "{{ lookup('template', 'container_defs/ceilometer_agent_ipmi.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + ceilometer_agent_ipmi: "{{ lookup('file', 'files/kolla_config/ceilometer_agent_ipmi.yaml') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" - name: Deploy Kepler container ansible.builtin.include_role: - name: osp.edpm.edpm_container_manage + name: osp.edpm.edpm_container_standalone vars: - edpm_container_manage_config: "{{ edpm_telemetry_config_dest }}" - edpm_container_manage_healthcheck_disabled: true - edpm_container_manage_config_patterns: "kepler.json" - edpm_container_manage_clean_orphans: false + edpm_container_standalone_service: "kepler" + edpm_container_standalone_container_defs: + kepler: "{{ lookup('template', 'container_defs/kepler.yaml.j2') | from_yaml }}" + ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" + tls_cert_exists: "{{ tls_crt_stat.stat.exists and tls_key_stat.stat.exists }}" - name: Restart ceilometer ipmi become: true diff --git a/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml b/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml index 914b3e21c..bc193af66 100644 --- a/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml +++ b/roles/edpm_telemetry_power_monitoring/tasks/post-install.yml @@ -10,8 +10,8 @@ - name: Copy kepler firewall config become: true - ansible.builtin.template: - src: "firewall.yaml.j2" + ansible.builtin.copy: + src: "firewall.yaml" dest: "/var/lib/edpm-config/firewall/kepler.yaml" mode: "0640" diff --git a/roles/edpm_telemetry_power_monitoring/tasks/update.yml b/roles/edpm_telemetry_power_monitoring/tasks/update.yml new file mode 100644 index 000000000..5cff47d0c --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/tasks/update.yml @@ -0,0 +1,68 @@ +--- +# Copyright 2024 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Ensure new config directory exists + tags: + - update + - telemetry_power_monitoring + become: true + ansible.builtin.file: + path: "{{ edpm_telemetry_config_dest }}" + state: directory + setype: "container_file_t" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" + mode: "0755" + +- name: Check if old config directory exists + tags: + - update + - telemetry_power_monitoring + ansible.builtin.stat: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + register: edpm_telemetry_power_monitoring_old_config_dir + +- name: Move config files from old location to new location + tags: + - update + - telemetry_power_monitoring + become: true + when: + - edpm_telemetry_power_monitoring_old_config_dir.stat.exists + - edpm_telemetry_power_monitoring_old_config_dir.stat.isdir + block: + - name: Find config files in old location + ansible.builtin.find: + paths: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + file_type: file + recurse: true + register: edpm_telemetry_power_monitoring_old_config_files + + - name: Copy config files to new location + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_telemetry_config_dest }}/{{ item.path | regex_replace('^.*/config/' + edpm_telemetry_service_name + '/', '') }}" + remote_src: true + setype: "container_file_t" + mode: "0644" + loop: "{{ edpm_telemetry_power_monitoring_old_config_files.files }}" + when: + - edpm_telemetry_power_monitoring_old_config_files.files is defined + - edpm_telemetry_power_monitoring_old_config_files.files | length > 0 + + - name: Remove old config directory + ansible.builtin.file: + path: "/var/lib/openstack/config/{{ edpm_telemetry_service_name }}" + state: absent diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer-agent-ipmi.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/ceilometer-agent-ipmi.json.j2 deleted file mode 100644 index f302de56c..000000000 --- a/roles/edpm_telemetry_power_monitoring/templates/ceilometer-agent-ipmi.json.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{ - "command": "/usr/bin/ceilometer-polling --polling-namespaces ipmi --logfile /dev/stdout", - "config_files": [ - { - "source": "/var/lib/openstack/config/ceilometer.conf", - "dest": "/etc/ceilometer/ceilometer.conf", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/polling.yaml", - "dest": "/etc/ceilometer/polling.yaml", - "owner": "ceilometer", - "perm": "0600" - }, - { - "source": "/var/lib/openstack/config/custom.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/01-ceilometer-custom.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - }, - { - "source": "/var/lib/openstack/config/ceilometer-host-specific.conf", - "dest": "/etc/ceilometer/ceilometer.conf.d/02-ceilometer-host-specific.conf", - "owner": "ceilometer", - "perm": "0600", - "optional": true - } - ] - } diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 deleted file mode 100644 index b372dfc8f..000000000 --- a/roles/edpm_telemetry_power_monitoring/templates/ceilometer_agent_ipmi.json.j2 +++ /dev/null @@ -1,35 +0,0 @@ -{ - "image": "{{ edpm_telemetry_ceilometer_ipmi_image }}", - "user": "ceilometer", - "restart": "always", - "command": "kolla_start", - "security_opt": "label:type:ceilometer_polling_t", - "privileged": "true", - "net": "host", - "environment": { - "KOLLA_CONFIG_STRATEGY":"COPY_ALWAYS", - "OS_ENDPOINT_TYPE":"internal" - }, -{% if edpm_telemetry_power_monitoring_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck ipmi", - "mount": "/var/lib/openstack/healthchecks/ceilometer_agent_ipmi" - }, -{% endif %} - "volumes": [ - "{{ edpm_telemetry_config_dest }}:/var/lib/openstack/config/:z", - "{{ edpm_telemetry_config_dest }}/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:z", - "/etc/hosts:/etc/hosts:ro", - "/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro", - "/etc/localtime:/etc/localtime:ro", - "/etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro", -{% if ca_bundle_exists|bool %} - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% endif %} -{% if tls_cert_exists|bool %} - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z", - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z", - {% endif %} - "/dev/log:/dev/log" - ] -} diff --git a/roles/edpm_telemetry_power_monitoring/templates/ceilometer-host-specific.conf.j2 b/roles/edpm_telemetry_power_monitoring/templates/config/ceilometer-host-specific.conf.j2 similarity index 100% rename from roles/edpm_telemetry_power_monitoring/templates/ceilometer-host-specific.conf.j2 rename to roles/edpm_telemetry_power_monitoring/templates/config/ceilometer-host-specific.conf.j2 diff --git a/roles/edpm_telemetry_power_monitoring/templates/container_defs/ceilometer_agent_ipmi.yaml.j2 b/roles/edpm_telemetry_power_monitoring/templates/container_defs/ceilometer_agent_ipmi.yaml.j2 new file mode 100644 index 000000000..c3e917f6a --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/templates/container_defs/ceilometer_agent_ipmi.yaml.j2 @@ -0,0 +1,30 @@ +image: "{{ edpm_telemetry_ceilometer_ipmi_image }}" +user: ceilometer +restart: always +command: kolla_start +security_opt: label:type:ceilometer_polling_t +privileged: true +net: host +environment: + KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + OS_ENDPOINT_TYPE: internal +{% if edpm_telemetry_power_monitoring_healthcheck %} +healthcheck: + test: /openstack/healthcheck ipmi + mount: /var/lib/openstack/healthchecks/ceilometer_agent_ipmi +{% endif %} +volumes: + - "{{ edpm_telemetry_config_dest }}:/var/lib/kolla/config_files/src:z" + - /var/lib/kolla/config_files/ceilometer_agent_ipmi.json:/var/lib/kolla/config_files/config.json:z + - /etc/hosts:/etc/hosts:ro + - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro + - /etc/localtime:/etc/localtime:ro + - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro +{% if ca_bundle_exists|bool %} + - "{{ edpm_telemetry_cacerts }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z" +{% endif %} +{% if tls_cert_exists|bool %} + - "{{ edpm_telemetry_config_dest }}/ceilometer_prom_exporter.yaml:/etc/ceilometer/ceilometer_prom_exporter.yaml:z" + - "{{ edpm_telemetry_certs }}:/etc/ceilometer/tls:z" +{% endif %} + - /dev/log:/dev/log diff --git a/roles/edpm_telemetry_power_monitoring/templates/container_defs/kepler.yaml.j2 b/roles/edpm_telemetry_power_monitoring/templates/container_defs/kepler.yaml.j2 new file mode 100644 index 000000000..fe5645ec3 --- /dev/null +++ b/roles/edpm_telemetry_power_monitoring/templates/container_defs/kepler.yaml.j2 @@ -0,0 +1,25 @@ +image: "{{ edpm_telemetry_kepler_image }}" +privileged: true +restart: always +ports: + - 8888:8888 +net: host +command: -v=2 +recreate: true +environment: + ENABLE_GPU: "true" + EXPOSE_CONTAINER_METRICS: "true" + ENABLE_PROCESS_METRICS: "true" + EXPOSE_VM_METRICS: "true" + EXPOSE_ESTIMATED_IDLE_POWER_METRICS: "false" + LIBVIRT_METADATA_URI: http://openstack.org/xmlns/libvirt/nova/1.1 +{% if edpm_telemetry_power_monitoring_healthcheck %} +healthcheck: + test: /openstack/healthcheck kepler + mount: /var/lib/openstack/healthchecks/kepler +{% endif %} +volumes: + - /lib/modules:/lib/modules:ro + - /run/libvirt:/run/libvirt:shared,ro + - /sys:/sys + - /proc:/proc diff --git a/roles/edpm_telemetry_power_monitoring/templates/kepler.json.j2 b/roles/edpm_telemetry_power_monitoring/templates/kepler.json.j2 deleted file mode 100644 index 603058d50..000000000 --- a/roles/edpm_telemetry_power_monitoring/templates/kepler.json.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ - "image": "{{ edpm_telemetry_kepler_image }}", - "privileged": "true", - "restart": "always", - "ports": ["8888:8888"], - "net": "host", - "command": "-v=2", - "recreate": true, - "environment": { - "ENABLE_GPU": "true", - "EXPOSE_CONTAINER_METRICS": "true", - "ENABLE_PROCESS_METRICS": "true", - "EXPOSE_VM_METRICS": "true", - "EXPOSE_ESTIMATED_IDLE_POWER_METRICS": "false", - "LIBVIRT_METADATA_URI": "http://openstack.org/xmlns/libvirt/nova/1.1" - }, -{% if edpm_telemetry_power_monitoring_healthcheck %} - "healthcheck": { - "test": "/openstack/healthcheck kepler", - "mount": "/var/lib/openstack/healthchecks/kepler" - }, -{% endif %} - "volumes": [ - "/lib/modules:/lib/modules:ro", - "/run/libvirt:/run/libvirt:shared,ro", - "/sys:/sys", - "/proc:/proc" - ] -} diff --git a/roles/edpm_update/tasks/containers.yml b/roles/edpm_update/tasks/containers.yml index ea4dc0b57..81bbce98d 100644 --- a/roles/edpm_update/tasks/containers.yml +++ b/roles/edpm_update/tasks/containers.yml @@ -33,6 +33,15 @@ - edpm_update when: '"ovn" in edpm_update_running_services' +- name: Apply updates for edpm_frr role + ansible.builtin.include_role: + name: osp.edpm.edpm_frr + tasks_from: update.yml + tags: + - edpm_frr + - edpm_update + when: '"frr" in edpm_update_running_services' + - name: Updates containers for edpm_frr role ansible.builtin.include_role: name: osp.edpm.edpm_frr @@ -44,6 +53,15 @@ - edpm_update when: '"frr" in edpm_update_running_services' +- name: Apply updates for edpm_ovn_bgp_agent role + ansible.builtin.include_role: + name: osp.edpm.edpm_ovn_bgp_agent + tasks_from: update.yml + tags: + - edpm_ovn_bgp_agent + - edpm_update + when: '"ovn-bgp-agent" in edpm_update_running_services' + - name: Updates containers for edpm_ovn_bgp_agent role ansible.builtin.include_role: name: osp.edpm.edpm_ovn_bgp_agent @@ -55,6 +73,15 @@ - edpm_update when: '"ovn-bgp-agent" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_metadata role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_metadata + tasks_from: update.yml + tags: + - edpm_neutron_metadata + - edpm_update + when: '"neutron-metadata" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_metadata role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_metadata @@ -66,6 +93,15 @@ - edpm_update when: '"neutron-metadata" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_ovn role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_ovn + tasks_from: update.yml + tags: + - edpm_neutron_ovn + - edpm_update + when: '"neutron-ovn" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_ovn role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_ovn @@ -109,6 +145,15 @@ - edpm_update when: '"nova" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_sriov role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_sriov + tasks_from: update.yml + tags: + - edpm_neutron_sriov + - edpm_update + when: '"neutron-sriov" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_sriov role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_sriov @@ -120,6 +165,15 @@ - edpm_update when: '"neutron-sriov" in edpm_update_running_services' +- name: Apply updates for edpm_neutron_dhcp role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_dhcp + tasks_from: update.yml + tags: + - edpm_neutron_dhcp + - edpm_update + when: '"neutron-dhcp" in edpm_update_running_services' + - name: Updates containers for edpm_neutron_dhcp role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_dhcp diff --git a/roles/edpm_update_services/tasks/containers.yml b/roles/edpm_update_services/tasks/containers.yml index dd5ce969e..1838d71ea 100644 --- a/roles/edpm_update_services/tasks/containers.yml +++ b/roles/edpm_update_services/tasks/containers.yml @@ -33,6 +33,15 @@ - edpm_update_services when: '"ovn" in edpm_update_services_running_services' +- name: Apply updates for edpm_frr role + ansible.builtin.include_role: + name: osp.edpm.edpm_frr + tasks_from: update.yml + tags: + - edpm_frr + - edpm_update_services + when: '"frr" in edpm_update_services_running_services' + - name: Updates containers for edpm_frr role ansible.builtin.include_role: name: osp.edpm.edpm_frr @@ -44,6 +53,15 @@ - edpm_update_services when: '"frr" in edpm_update_services_running_services' +- name: Apply updates for edpm_ovn_bgp_agent role + ansible.builtin.include_role: + name: osp.edpm.edpm_ovn_bgp_agent + tasks_from: update.yml + tags: + - edpm_ovn_bgp_agent + - edpm_update_services + when: '"ovn-bgp-agent" in edpm_update_services_running_services' + - name: Updates containers for edpm_ovn_bgp_agent role ansible.builtin.include_role: name: osp.edpm.edpm_ovn_bgp_agent @@ -55,6 +73,15 @@ - edpm_update_services when: '"ovn-bgp-agent" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_metadata role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_metadata + tasks_from: update.yml + tags: + - edpm_neutron_metadata + - edpm_update_services + when: '"neutron-metadata" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_metadata role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_metadata @@ -66,6 +93,15 @@ - edpm_update_services when: '"neutron-metadata" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_ovn role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_ovn + tasks_from: update.yml + tags: + - edpm_neutron_ovn + - edpm_update_services + when: '"neutron-ovn" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_ovn role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_ovn @@ -109,6 +145,15 @@ - edpm_update_services when: '"nova" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_sriov role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_sriov + tasks_from: update.yml + tags: + - edpm_neutron_sriov + - edpm_update_services + when: '"neutron-sriov" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_sriov role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_sriov @@ -120,6 +165,15 @@ - edpm_update_services when: '"neutron-sriov" in edpm_update_services_running_services' +- name: Apply updates for edpm_neutron_dhcp role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_dhcp + tasks_from: update.yml + tags: + - edpm_neutron_dhcp + - edpm_update_services + when: '"neutron-dhcp" in edpm_update_services_running_services' + - name: Updates containers for edpm_neutron_dhcp role ansible.builtin.include_role: name: osp.edpm.edpm_neutron_dhcp diff --git a/tests/test_nova_statedir_ownership.py b/tests/test_nova_statedir_ownership.py index 8eee891bc..ecc042781 100644 --- a/tests/test_nova_statedir_ownership.py +++ b/tests/test_nova_statedir_ownership.py @@ -34,7 +34,7 @@ def lsetfilecon(path, context): pass -sys.path.append('roles/edpm_nova/templates') +sys.path.append('roles/edpm_nova/files/') sys.modules["selinux"] = FakeSelinux from nova_statedir_ownership import get_exclude_paths # noqa: E402