Merge pull request #151 from stackhpc/backports/octavia

Victoria: Backport Octavia / OVN related changes

Author: cityofships

ansible/group_vars/all.yml

@@ -668,6 +668,7 @@ enable_neutron_port_forwarding: "no"
 enable_nova_serialconsole_proxy: "no"
 enable_nova_ssh: "yes"
 enable_octavia: "no"
+enable_octavia_driver_agent: "{{ enable_octavia | bool and neutron_plugin_agent == 'ovn' }}"
 enable_openvswitch: "{{ enable_neutron | bool and neutron_plugin_agent != 'linuxbridge' }}"
 enable_ovn: "{{ enable_neutron | bool and neutron_plugin_agent == 'ovn' }}"
 enable_ovs_dpdk: "no"

ansible/inventory/all-in-one

@@ -631,6 +631,9 @@ searchlight
 [octavia-api:children]
 octavia
 
+[octavia-driver-agent:children]
+octavia
+
 [octavia-health-manager:children]
 octavia
 

ansible/inventory/multinode

@@ -649,6 +649,9 @@ searchlight
 [octavia-api:children]
 octavia
 
+[octavia-driver-agent:children]
+octavia
+
 [octavia-health-manager:children]
 octavia
 

ansible/roles/octavia/defaults/main.yml

@@ -20,6 +20,13 @@ octavia_services:
         mode: "http"
         external: true
         port: "{{ octavia_api_port }}"
+  octavia-driver-agent:
+    container_name: octavia_driver_agent
+    group: octavia-driver-agent
+    enabled: "{{ enable_octavia_driver_agent }}"
+    image: "{{ octavia_driver_agent_image_full }}"
+    volumes: "{{ octavia_driver_agent_default_volumes + octavia_driver_agent_extra_volumes }}"
+    dimensions: "{{ octavia_driver_agent_dimensions }}"
   octavia-health-manager:
     container_name: octavia_health_manager
     group: octavia-health-manager
@@ -68,6 +75,10 @@ octavia_api_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ doc
 octavia_api_tag: "{{ octavia_tag }}"
 octavia_api_image_full: "{{ octavia_api_image }}:{{ octavia_api_tag }}"
 
+octavia_driver_agent_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-driver-agent"
+octavia_driver_agent_tag: "{{ octavia_tag }}"
+octavia_driver_agent_image_full: "{{ octavia_driver_agent_image }}:{{ octavia_driver_agent_tag }}"
+
 octavia_health_manager_image: "{{ docker_registry ~ '/' if docker_registry else '' }}{{ docker_namespace }}/{{ kolla_base_distro }}-{{ octavia_install_type }}-octavia-health-manager"
 octavia_health_manager_tag: "{{ octavia_tag }}"
 octavia_health_manager_image_full: "{{ octavia_health_manager_image }}:{{ octavia_health_manager_tag }}"
@@ -81,6 +92,7 @@ octavia_worker_tag: "{{ octavia_tag }}"
 octavia_worker_image_full: "{{ octavia_worker_image }}:{{ octavia_worker_tag }}"
 
 octavia_api_dimensions: "{{ default_container_dimensions }}"
+octavia_driver_agent_dimensions: "{{ default_container_dimensions }}"
 octavia_health_manager_dimensions: "{{ default_container_dimensions }}"
 octavia_housekeeping_dimensions: "{{ default_container_dimensions }}"
 octavia_worker_dimensions: "{{ default_container_dimensions }}"
@@ -91,12 +103,20 @@ octavia_api_default_volumes:
   - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
   - "kolla_logs:/var/log/kolla/"
   - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
+  - "octavia_driver_agent:/var/run/octavia/"
 octavia_health_manager_default_volumes:
   - "{{ node_config_directory }}/octavia-health-manager/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"
   - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
   - "kolla_logs:/var/log/kolla/"
   - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
+octavia_driver_agent_default_volumes:
+  - "{{ node_config_directory }}/octavia-driver-agent/:{{ container_config_directory }}/:ro"
+  - "/etc/localtime:/etc/localtime:ro"
+  - "{{ '/etc/timezone:/etc/timezone:ro' if ansible_os_family == 'Debian' else '' }}"
+  - "kolla_logs:/var/log/kolla/"
+  - "{{ kolla_dev_repos_directory ~ '/octavia/octavia:/var/lib/kolla/venv/lib/python' ~ distro_python_version ~ '/site-packages/octavia' if octavia_dev_mode | bool else '' }}"
+  - "octavia_driver_agent:/var/run/octavia/"
 octavia_housekeeping_default_volumes:
   - "{{ node_config_directory }}/octavia-housekeeping/:{{ container_config_directory }}/:ro"
   - "/etc/localtime:/etc/localtime:ro"
@@ -112,6 +132,7 @@ octavia_worker_default_volumes:
 
 octavia_extra_volumes: "{{ default_extra_volumes }}"
 octavia_api_extra_volumes: "{{ octavia_extra_volumes }}"
+octavia_driver_agent_extra_volumes: "{{ octavia_extra_volumes }}"
 octavia_health_manager_extra_volumes: "{{ octavia_extra_volumes }}"
 octavia_housekeeping_extra_volumes: "{{ octavia_extra_volumes }}"
 octavia_worker_extra_volumes: "{{ octavia_extra_volumes }}"
@@ -238,3 +259,7 @@ octavia_amp_network:
 
 # Octavia management network subnet CIDR.
 octavia_amp_network_cidr: 10.1.0.0/24
+
+# Octavia provider drivers
+octavia_provider_drivers: "amphora:Amphora provider{% if neutron_plugin_agent == 'ovn'%}, ovn:OVN provider{% endif %}"
+octavia_provider_agents: "amphora_agent{% if neutron_plugin_agent == 'ovn'%}, ovn{% endif %}"

ansible/roles/octavia/handlers/main.yml

@@ -14,6 +14,21 @@
   when:
     - kolla_action != "config"
 
+- name: Restart octavia-driver-agent container
+  vars:
+    service_name: "octavia-driver-agent"
+    service: "{{ octavia_services[service_name] }}"
+  become: true
+  kolla_docker:
+    action: "recreate_or_restart_container"
+    common_options: "{{ docker_common_options }}"
+    name: "{{ service.container_name }}"
+    image: "{{ service.image }}"
+    volumes: "{{ service.volumes | reject('equalto', '') | list }}"
+    dimensions: "{{ service.dimensions }}"
+  when:
+    - kolla_action != "config"
+
 - name: Restart octavia-health-manager container
   vars:
     service_name: "octavia-health-manager"

ansible/roles/octavia/tasks/check-containers.yml

@@ -9,7 +9,7 @@
     volumes: "{{ item.value.volumes }}"
     dimensions: "{{ item.value.dimensions }}"
   when:
-    - inventory_hostname in groups[item.value.group]
+    - inventory_hostname in groups.get(item.value.group, [])
     - item.value.enabled | bool
   with_dict: "{{ octavia_services }}"
   notify:

ansible/roles/octavia/tasks/config.yml

@@ -8,7 +8,7 @@
     mode: "0770"
   become: true
   when:
-    - inventory_hostname in groups[item.value.group]
+    - inventory_hostname in groups.get(item.value.group, [])
     - item.value.enabled | bool
   with_dict: "{{ octavia_services }}"
 
@@ -39,7 +39,7 @@
   become: true
   when:
     - octavia_policy_file is defined
-    - inventory_hostname in groups[item.value.group]
+    - inventory_hostname in groups.get(item.value.group, [])
     - item.value.enabled | bool
   with_dict: "{{ octavia_services }}"
   notify:
@@ -56,7 +56,7 @@
     mode: "0660"
   become: true
   when:
-    - inventory_hostname in groups[item.value.group]
+    - inventory_hostname in groups.get(item.value.group, [])
     - item.value.enabled | bool
   with_dict: "{{ octavia_services }}"
   notify:
@@ -76,75 +76,73 @@
     mode: "0660"
   become: true
   when:
-    - inventory_hostname in groups[item.value.group]
+    - inventory_hostname in groups.get(item.value.group, [])
     - item.value.enabled | bool
   with_dict: "{{ octavia_services }}"
   notify:
     - "Restart {{ item.key }} container"
 
-- name: Copying over Octavia SSH key
-  copy:
-    content: "{{ octavia_amp_ssh_key.private_key }}"
-    dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
-    owner: "{{ config_owner_user }}"
-    group: "{{ config_owner_group }}"
-    mode: "0400"
-  become: True
-  when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
+- block:
 
-- name: Copying certificate files for octavia-worker
-  vars:
-    service: "{{ octavia_services['octavia-worker'] }}"
-  copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
-    mode: "0660"
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-worker container
+    - name: Copying over Octavia SSH key
+      copy:
+        content: "{{ octavia_amp_ssh_key.private_key }}"
+        dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
+        owner: "{{ config_owner_user }}"
+        group: "{{ config_owner_group }}"
+        mode: "0400"
+      become: True
+      when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
 
-- name: Copying certificate files for octavia-housekeeping
-  vars:
-    service: "{{ octavia_services['octavia-housekeeping'] }}"
-  copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
-    mode: "0660"
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-housekeeping container
+    - name: Copying certificate files for octavia-worker
+      vars:
+        service: "{{ octavia_services['octavia-worker'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-worker container
+
+    - name: Copying certificate files for octavia-housekeeping
+      vars:
+        service: "{{ octavia_services['octavia-housekeeping'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-housekeeping container
+
+    - name: Copying certificate files for octavia-health-manager
+      vars:
+        service: "{{ octavia_services['octavia-health-manager'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-health-manager container
 
-- name: Copying certificate files for octavia-health-manager
+  when: "'amphora' in octavia_provider_drivers"
   vars:
-    service: "{{ octavia_services['octavia-health-manager'] }}"
-  copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
-    mode: "0660"
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-health-manager container
+    octavia_amphora_keys:
+      - client.cert-and-key.pem
+      - client_ca.cert.pem
+      - server_ca.cert.pem
+      - server_ca.key.pem

ansible/roles/octavia/tasks/precheck.yml

@@ -41,6 +41,7 @@
       Octavia's certificate configuration has been changed since Train. The new
       configuration requires 4 PEM files. Please check certificate configuration
       guide at https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
+  when: "'amphora' in octavia_provider_drivers"
 
 - name: Checking certificate files exist for octavia
   stat:
@@ -49,7 +50,9 @@
   run_once: True
   register: result
   failed_when: not result.stat.exists
-  when: inventory_hostname in groups['octavia-worker']
+  when:
+    - inventory_hostname in groups['octavia-worker']
+    - "'amphora' in octavia_provider_drivers"
   with_items:
     - client.cert-and-key.pem
     - client_ca.cert.pem

ansible/roles/octavia/templates/octavia-api.json.j2

@@ -13,5 +13,11 @@
             "owner": "octavia",
             "perm": "0600"
         }{% endif %}
+    ],
+    "permissions": [
+        {
+            "path": "/var/run/octavia",
+            "owner": "octavia:octavia"
+        }
     ]
 }

ansible/roles/octavia/templates/octavia-driver-agent.json.j2

@@ -0,0 +1,23 @@
+{
+    "command": "octavia-driver-agent --config-file /etc/octavia/octavia.conf",
+    "config_files": [
+        {
+            "source": "{{ container_config_directory }}/octavia.conf",
+            "dest": "/etc/octavia/octavia.conf",
+            "owner": "octavia",
+            "perm": "0600"
+        }{% if octavia_policy_file is defined %},
+        {
+            "source": "{{ container_config_directory }}/{{ octavia_policy_file }}",
+            "dest": "/etc/octavia/{{ octavia_policy_file }}",
+            "owner": "octavia",
+            "perm": "0600"
+        }{% endif %}
+    ],
+    "permissions": [
+        {
+            "path": "/var/run/octavia",
+            "owner": "octavia:octavia"
+        }
+    ]
+}