From 84252f4e260f10ac32a4d0cacde3eb712693813a Mon Sep 17 00:00:00 2001 From: Lewis Date: Tue, 17 May 2022 16:21:01 +1000 Subject: [PATCH] Migrate tripleo_ovn host_prep_tasks to tripleo-ansible Migrate the tripleo-heat-template ansible tasks into the tripleo_ovn standalone ansible role. Change-Id: Ic381cd8504b4b20d28a424fe9a0be4307783d041 --- .../roles/tripleo_ovn/defaults/main.yml | 2 + .../roles/tripleo_ovn/files/neutron-cleanup | 24 +++++++++ .../tripleo_ovn/files/neutron-cleanup.service | 12 +++++ .../roles/tripleo_ovn/meta/main.yml | 44 ++++++++++++++++ .../tripleo_ovn/molecule/default/converge.yml | 21 ++++++++ .../tripleo_ovn/molecule/default/molecule.yml | 28 ++++++++++ .../tripleo_ovn/molecule/default/prepare.yml | 23 ++++++++ .../roles/tripleo_ovn/tasks/hostprep.yml | 52 +++++++++++++++++++ .../roles/tripleo_ovn/tasks/main.yml | 17 ++++++ 9 files changed, 223 insertions(+) create mode 100644 tripleo_ansible/roles/tripleo_ovn/defaults/main.yml create mode 100755 tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup create mode 100644 tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service create mode 100644 tripleo_ansible/roles/tripleo_ovn/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml create mode 100644 tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo_ovn/tasks/hostprep.yml create mode 100644 tripleo_ansible/roles/tripleo_ovn/tasks/main.yml diff --git a/tripleo_ansible/roles/tripleo_ovn/defaults/main.yml b/tripleo_ansible/roles/tripleo_ovn/defaults/main.yml new file mode 100644 index 000000000..853f60630 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tripleo_ovn diff --git a/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup b/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup new file mode 100755 index 000000000..c994501a3 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup @@ -0,0 +1,24 @@ +#!/bin/bash +# Cleanup neutron OVS bridges. To be called on startup to avoid +# "difficult-to-debug" issues with partially configured resources. + +NEUTRON_OVS_CONF=/var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/ml2/openvswitch_agent.ini + +if [ -e ${NEUTRON_OVS_CONF} ]; then + INT_BRIDGE=`crudini --get ${NEUTRON_OVS_CONF} ovs integration_bridge` + TUN_BRIDGE=`crudini --get ${NEUTRON_OVS_CONF} ovs tunnel_bridge` +fi + +for port in `ovs-vsctl list-ports ${INT_BRIDGE:-"br-int"}`; do + skip_cleanup=`ovs-vsctl --if-exists get Interface $port external_ids:skip_cleanup` + if ! [[ "x$skip_cleanup" == "x\"true\"" ]]; then + ovs-vsctl del-port ${INT_BRIDGE:-"br-int"} $port + fi +done + +ovs-vsctl --if-exists del-br ${TUN_BRIDGE:-"br-tun"} + +# Clean up trunk port bridges +for br in $(ovs-vsctl list-br | egrep 'tbr-[0-9a-f\-]+'); do + ovs-vsctl --if-exists del-br $br +done diff --git a/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service b/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service new file mode 100644 index 000000000..efbd07f79 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/files/neutron-cleanup.service @@ -0,0 +1,12 @@ +[Unit] +Description=Neutron cleanup on startup +After=openvswitch.service network.target +Before=tripleo_neutron_ovs_agent.service tripleo_neutron_dhcp.service tripleo_neutron_l3_agent.service tripleo_nova_compute.service +RefuseManualStop=yes + +[Service] +Type=oneshot +ExecStart=/usr/libexec/neutron-cleanup + +[Install] +WantedBy=multi-user.target diff --git a/tripleo_ansible/roles/tripleo_ovn/meta/main.yml b/tripleo_ansible/roles/tripleo_ovn/meta/main.yml new file mode 100644 index 000000000..2734c7abb --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + namespace: openstack + author: OpenStack + description: TripleO OpenStack Role -- tripleo_ovn + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: CentOS + versions: + - 7 + - 8 + - 9 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml new file mode 100644 index 000000000..879a8b992 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/molecule/default/converge.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Converge + hosts: all + gather_facts: true + roles: + - role: "tripleo_ovn" diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml new file mode 100644 index 000000000..20d7e2005 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/molecule/default/molecule.yml @@ -0,0 +1,28 @@ +--- +driver: + name: podman + +provisioner: + inventory: + hosts: + all: + hosts: + centos: + ansible_python_interpreter: /usr/bin/python3 + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - check + - verify + - destroy + +verifier: + name: testinfra diff --git a/tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml new file mode 100644 index 000000000..cd70ddf56 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/molecule/default/prepare.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + gather_facts: true + roles: + - role: test_deps + test_deps_setup_stream: true diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/hostprep.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/hostprep.yml new file mode 100644 index 000000000..0cc24ac3d --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/tasks/hostprep.yml @@ -0,0 +1,52 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: create persistent directories + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + setype: "{{ item.setype }}" + mode: "{{ item.mode|default(omit) }}" + loop: + - { 'path': /var/log/containers/openvswitch, 'setype': container_file_t, 'mode': '0750' } + - { 'path': /var/lib/openvswitch/ovn, 'setype': container_file_t } + +- name: enable virt_sandbox_use_netlink for healthcheck + ansible.builtin.seboolean: + name: virt_sandbox_use_netlink + persistent: true + state: true + when: + - ansible_facts.selinux is defined + - ansible_facts.selinux.status == "enabled" + +- name: Copy in cleanup script + ansible.builtin.copy: + src: neutron-cleanup + dest: '/usr/libexec/neutron-cleanup' + force: true + mode: '0755' + +- name: Copy in cleanup service + ansible.builtin.copy: + src: neutron-cleanup.service + dest: '/usr/lib/systemd/system/neutron-cleanup.service' + force: true + +- name: Enabling the cleanup service + ansible.builtin.service: + name: neutron-cleanup + enabled: true diff --git a/tripleo_ansible/roles/tripleo_ovn/tasks/main.yml b/tripleo_ansible/roles/tripleo_ovn/tasks/main.yml new file mode 100644 index 000000000..9633d5274 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ovn/tasks/main.yml @@ -0,0 +1,17 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Include host prep tasks + include_tasks: hostprep.yml