Merge pull request #857 from rackerlabs/puc-844-provisioning-network

feat: PUC-844: use ansible to create provisioning network

Author: haseebsyed12

ansible/playbooks/openstack_network.yaml

@@ -0,0 +1,29 @@
+---
+# Copyright (c) 2025 Rackspace Technology, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Openstack Network
+  hosts: neutron
+  connection: local
+
+  pre_tasks:
+    - name: Fail if ENV variables are not set
+      ansible.builtin.fail:
+        msg: "Environment variable {{ item }} is not set. Exiting playbook."
+      when: lookup('env', item) == ''
+      loop:
+        - OS_CLOUD
+
+  roles:
+    - role: openstack_network

ansible/roles/openstack_network/defaults/main.yml

@@ -0,0 +1 @@
+---

ansible/roles/openstack_network/tasks/main.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Get network info
+  openstack.cloud.networks_info:
+    name: "{{ item.network_name }}"
+  loop: "{{ fabric_wide_layer_3_infrastructure_networks }}"
+  loop_control:
+    label: "{{ item.network_name }}"
+  register: existing_networks
+
+- name: Create network if not exists
+  openstack.cloud.network:
+    name: "{{ item.item.network_name }}"
+    provider_network_type: "{{ item.item.network_type }}"
+    state: present
+  when: item.networks | length == 0
+  loop: "{{ existing_networks.results }}"
+  loop_control:
+    label: "{{ item.item.network_name }}"

workflows/openstack/kustomization.yaml

@@ -21,3 +21,4 @@ resources:
   - sensors/sensor-neutron-event-network-segment-range.yaml
   - sensors/sensor-ironic-reclean.yaml
   - secrets/nautobot-token.yaml
+  - secrets/openstack-svc-acct.yaml

workflows/openstack/secrets/openstack-svc-acct.yaml

@@ -0,0 +1,30 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: openstack-svc-acct
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: openstack
+  target:
+    name: openstack-svc-acct
+    template:
+      engineVersion: v2
+      data:
+        clouds.yaml: |
+          clouds:
+            understack:
+              auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3
+              user_domain_name: {{ .user_domain }}
+              username: {{ .username }}
+              password: {{ .password }}
+              project_domain_name: infra
+              project_name: baremetal
+  dataFrom:
+    - extract:
+        key: svc-acct-argoworkflow
+        # necessary to avoid argoproj/argo-cd#13004
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None

workflows/openstack/sensors/sensor-k8s-neutron-deployment.yaml

@@ -28,63 +28,31 @@ spec:
                 template:
                   spec:
                     containers:
-                      - name: create-network
-                        image: docker.io/openstackhelm/openstack-client:2024.2
-                        command:
-                          - /bin/bash
-                          - '-c'
-                          - >-
-                            openstack network create --description "${PROVISIONING_NETWORK_DESCRIPTION}" \
-                            --no-share --provider-network-type "${PROVISIONING_NETWORK_TYPE}" \
-                            --provider-physical-network "${PROVISIONING_PHYSICAL_NETWORK}" \
-                            --tag "${PROVISIONING_NETWORK_TAGS}" \
-                            "${PROVISIONING_NETWORK_NAME}"
+                      - name: create-provisioning-network
+                        image: ghcr.io/rackerlabs/understack/ansible:pr-857
+                        imagePullPolicy: Always
+                        command: ["ansible-runner", "run", "/runner", "--playbook", "openstack_network.yaml"]
                         env:
-                          - name: PROVISIONING_NETWORK_NAME
-                            valueFrom:
-                              configMapKeyRef:
-                                name: provisioning-network-config
-                                key: network_name
-                          - name: PROVISIONING_NETWORK_TYPE
-                            valueFrom:
-                              configMapKeyRef:
-                                name: provisioning-network-config
-                                key: network_type
-                          - name: PROVISIONING_PHYSICAL_NETWORK
-                            valueFrom:
-                              configMapKeyRef:
-                                name: provisioning-network-config
-                                key: physical_network
-                          - name: PROVISIONING_NETWORK_TAGS
-                            valueFrom:
-                              configMapKeyRef:
-                                name: provisioning-network-config
-                                key: tags
-                          - name: PROVISIONING_NETWORK_DESCRIPTION
-                            valueFrom:
-                              configMapKeyRef:
-                                name: provisioning-network-config
-                                key: description
-                          - name: OS_AUTH_URL
-                            value: "http://keystone-api.openstack.svc.cluster.local:5000/v3"
-                          - name: OS_PROJECT_DOMAIN_NAME
-                            value: "infra"
-                          - name: OS_PROJECT_NAME
-                            value: "baremetal"
-                          - name: OS_USER_DOMAIN_NAME
-                            valueFrom:
-                              secretKeyRef:
-                                name: svc-acct-argoworkflow
-                                key: user_domain
-                          - name: OS_USERNAME
-                            valueFrom:
-                              secretKeyRef:
-                                name: svc-acct-argoworkflow
-                                key: username
-                          - name: OS_PASSWORD
-                            valueFrom:
-                              secretKeyRef:
-                                name: svc-acct-argoworkflow
-                                key: password
-                        imagePullPolicy: IfNotPresent
+                          - name: OS_CLOUD
+                            value: understack
+                        volumeMounts:
+                          - name: ansible-inventory
+                            mountPath: /runner/inventory/
+                          - name: ansible-group-vars
+                            mountPath: /runner/inventory/group_vars/
+                          - name: openstack-svc-acct
+                            mountPath: /etc/openstack
+                            readOnly: true
+                    volumes:
+                      - name: runner-data
+                        emptyDir: {}
+                      - name: ansible-inventory
+                        configMap:
+                          name: ansible-inventory
+                      - name: ansible-group-vars
+                        configMap:
+                          name: ansible-group-vars
+                      - name: openstack-svc-acct
+                        secret:
+                          secretName: openstack-svc-acct
                     restartPolicy: OnFailure