Browse Source

Merge "Add tripleo_ovn_cluster role"

changes/48/789548/1
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
8482efdc0b
12 changed files with 370 additions and 0 deletions
  1. +6
    -0
      doc/source/roles/role-tripleo_ovn_cluster.rst
  2. +5
    -0
      releasenotes/notes/add-tripleo_ovn_cluster-role-f70990a8282d722e.yaml
  3. +44
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/defaults/main.yml
  4. +42
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/meta/main.yml
  5. +37
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/Dockerfile
  6. +20
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/converge.yml
  7. +54
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/molecule.yml
  8. +22
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/prepare.yml
  9. +47
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/tasks/main.yml
  10. +29
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/tasks/restart.yml
  11. +54
    -0
      tripleo_ansible/roles/tripleo_ovn_cluster/templates/ovn_cluster.j2
  12. +10
    -0
      zuul.d/molecule.yaml

+ 6
- 0
doc/source/roles/role-tripleo_ovn_cluster.rst View File

@ -0,0 +1,6 @@
==========================
Role - tripleo_ovn_cluster
==========================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo_ovn_cluster

+ 5
- 0
releasenotes/notes/add-tripleo_ovn_cluster-role-f70990a8282d722e.yaml View File

@ -0,0 +1,5 @@
---
features:
- |
Added a new role for ``tripleo_ovn_cluster`` to configure OVN DBs clustered
for TripleO deployments.

+ 44
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/defaults/main.yml View File

@ -0,0 +1,44 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should be placed in this file.
# All variables within this role should have a prefix of "tripleo_ovn_cluster"
tripleo_ovn_cluster_config_basedir: /var/lib/config-data/ansible-generated/ovn
tripleo_ovn_cluster_network: ctlplane
tripleo_ovn_cluster_nb_db_protocol: "{{ enable_internal_tls | bool | ternary('ssl', 'tcp') }}"
tripleo_ovn_cluster_nb_db_port: 6641
tripleo_ovn_cluster_nb_local_port: 6643
tripleo_ovn_cluster_nb_remote_port: 6643
tripleo_ovn_cluster_nb_ssl_key: /etc/pki/tls/private/ovn_dbs.key
tripleo_ovn_cluster_nb_ssl_cert: /etc/pki/tls/certs/ovn_dbs.crt
tripleo_ovn_cluster_nb_ssl_ca_cert: /etc/ipa/ca.crt
tripleo_ovn_cluster_sb_db_protocol: "{{ enable_internal_tls | bool | ternary('ssl', 'tcp') }}"
tripleo_ovn_cluster_sb_db_port: 6642
tripleo_ovn_cluster_sb_local_port: 6644
tripleo_ovn_cluster_sb_remote_port: 6644
tripleo_ovn_cluster_sb_ssl_key: /etc/pki/tls/private/ovn_dbs.key
tripleo_ovn_cluster_sb_ssl_cert: /etc/pki/tls/certs/ovn_dbs.crt
tripleo_ovn_cluster_sb_ssl_ca_cert: /etc/ipa/ca.crt
tripleo_ovn_cluster_northd_protocol: "{{ enable_internal_tls | bool | ternary('ssl', 'tcp') }}"
tripleo_ovn_cluster_northd_ssl_key: /etc/pki/tls/private/ovn_dbs.key
tripleo_ovn_cluster_northd_ssl_cert: /etc/pki/tls/certs/ovn_dbs.crt
tripleo_ovn_cluster_northd_ssl_ca_cert: /etc/ipa/ca.crt

+ 42
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/meta/main.yml View File

@ -0,0 +1,42 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
galaxy_info:
author: OpenStack
description: TripleO OpenStack Role -- tripleo_ovn_cluster
company: Red Hat
license: Apache-2.0
min_ansible_version: 2.7
#
# Provide a list of supported platforms, and for each platform a list of versions.
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
# To view available platforms and versions (or releases), visit:
# https://galaxy.ansible.com/api/v1/platforms/
#
platforms:
- name: CentOS
versions:
- 7
- 8
galaxy_tags:
- tripleo
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.
dependencies: []

+ 37
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/Dockerfile View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 20
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/converge.yml View File

@ -0,0 +1,20 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
roles:
- role: "tripleo_ovn_cluster"

+ 54
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/molecule.yml View File

@ -0,0 +1,54 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
- /etc/dnf/vars:/etc/dnf/vars
privileged: true
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
ulimits: &ulimit
- host
provisioner:
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
vars:
ctlplane_ip: 192.168.24.2
enable_internal_tls: true
ovn_dbs_bootstrap_node_ip: 10.0.0.20
ovn_dbs_node_ips: 10.0.0.20,10.0.0.30,10.0.0.40
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- check
- verify
- destroy
verifier:
name: testinfra

+ 22
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/molecule/default/prepare.yml View File

@ -0,0 +1,22 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
roles:
- role: test_deps
test_deps_setup_stream: false

+ 47
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/tasks/main.yml View File

@ -0,0 +1,47 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: create directory {{ tripleo_ovn_cluster_config_basedir }}
become: true
ansible.builtin.file:
path: "{{ tripleo_ovn_cluster_config_basedir }}/etc/sysconfig"
recurse: true
state: directory
selevel: s0
setype: container_file_t
- name: set is_ovn_dbs_bootstrap_node fact
set_fact:
is_ovn_dbs_bootstrap_node: "{{ ovn_dbs_short_bootstrap_node_name|default('')|lower == ansible_facts['hostname']|lower }}"
when: is_ovn_dbs_bootstrap_node is undefined
- name: render OVN cluster configuration
become: true
ansible.builtin.template:
src: ovn_cluster.j2
dest: "{{ tripleo_ovn_cluster_config_basedir }}/etc/sysconfig/ovn_cluster"
mode: '640'
selevel: s0
setype: container_file_t
register: _ovn_cluster_config_result
- name: restart OVN northd and north and south databases
include_tasks: restart.yml
when: _ovn_cluster_config_result.changed
loop:
- tripleo_cluster_north_db_server
- tripleo_cluster_south_db_server
- tripleo_cluster_northd

+ 29
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/tasks/restart.yml View File

@ -0,0 +1,29 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: check if {{ item }} systemd service is active
become: true
shell: "systemctl is-active --quiet {{ item }}"
failed_when: false
register: ovn_active_service
- name: restart {{ item }} systemd service
become: true
systemd:
name: "{{ item }}"
state: restarted
when:
- ovn_active_service.rc == 0

+ 54
- 0
tripleo_ansible/roles/tripleo_ovn_cluster/templates/ovn_cluster.j2 View File

@ -0,0 +1,54 @@
# {{ ansible_managed }}
# OVN Northbound Database
OVN_NB_DB_OPTS="
{% if tripleo_ovn_cluster_nb_db_protocol == 'ssl' %}
--db-nb-create-insecure-remote=no \
--ovn-nb-db-ssl-key={{ tripleo_ovn_cluster_nb_ssl_key }} \
--ovn-nb-db-ssl-cert={{ tripleo_ovn_cluster_nb_ssl_cert }} \
--ovn-nb-db-ssl-ca-cert={{ tripleo_ovn_cluster_nb_ssl_ca_cert }} \
{% else %}
--db-nb-create-insecure-remote=yes \
{% endif %}
{% if not is_ovn_dbs_bootstrap_node|bool %}
--db-nb-cluster-remote-proto={{ tripleo_ovn_cluster_nb_db_protocol }} \
--db-nb-cluster-remote-addr={{ ovn_dbs_bootstrap_node_ip }} \
--db-nb-cluster-remote-port={{ tripleo_ovn_cluster_nb_remote_port }} \
{% endif %}
--db-nb-cluster-local-proto={{ tripleo_ovn_cluster_nb_db_protocol }} \
--db-nb-cluster-local-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] }} \
--db-nb-cluster-local-port={{ tripleo_ovn_cluster_nb_local_port }} \
--db-nb-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] }} \
--db-nb-port={{ tripleo_ovn_cluster_nb_db_port }}"
# OVN Southbound Database
OVN_SB_DB_OPTS="
{% if tripleo_ovn_cluster_sb_db_protocol == 'ssl' %}
--db-sb-create-insecure-remote=no \
--ovn-sb-db-ssl-key={{ tripleo_ovn_cluster_sb_ssl_key }} \
--ovn-sb-db-ssl-cert={{ tripleo_ovn_cluster_sb_ssl_cert }} \
--ovn-sb-db-ssl-ca-cert={{ tripleo_ovn_cluster_sb_ssl_ca_cert }} \
{% else %}
--db-sb-create-insecure-remote=yes \
{% endif %}
{% if not is_ovn_dbs_bootstrap_node|bool %}
--db-sb-cluster-remote-proto={{ tripleo_ovn_cluster_sb_db_protocol }} \
--db-sb-cluster-remote-addr={{ ovn_dbs_bootstrap_node_ip }} \
--db-sb-cluster-remote-port={{ tripleo_ovn_cluster_sb_remote_port }} \
{% endif %}
--db-sb-cluster-local-proto={{ tripleo_ovn_cluster_sb_db_protocol }} \
--db-sb-cluster-local-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] }} \
--db-sb-cluster-local-port={{ tripleo_ovn_cluster_sb_local_port }} \
--db-sb-addr={{ hostvars[inventory_hostname][tripleo_ovn_cluster_network ~ '_ip'] }} \
--db-sb-port={{ tripleo_ovn_cluster_sb_db_port }}"
# OVN Northd
OVN_NORTHD_OPTS="
--no-chdir -vconsole:emer -vsyslog:err -vfile:info --pidfile=/run/openvswitch/ovn-northd.pid --log-file=/var/log/openvswitch/ovn-northd.log \
{% if tripleo_ovn_cluster_northd_protocol == 'ssl' %}
--private-key={{ tripleo_ovn_cluster_northd_ssl_key }} \
--certificate={{ tripleo_ovn_cluster_northd_ssl_cert }} \
--ca-cert={{ tripleo_ovn_cluster_northd_ssl_ca_cert }} \
{% endif %}
--ovnnb-db={{ [tripleo_ovn_cluster_nb_db_protocol] | product(ovn_dbs_node_ips) | map('join', ':') | product([tripleo_ovn_cluster_nb_db_port]) | map('join', ':') | join(',') }} \
--ovnsb-db={{ [tripleo_ovn_cluster_nb_db_protocol] | product(ovn_dbs_node_ips) | map('join', ':') | product([tripleo_ovn_cluster_sb_db_port]) | map('join', ':') | join(',') }}"

+ 10
- 0
zuul.d/molecule.yaml View File

@ -42,6 +42,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_nodes_validation
- tripleo-ansible-centos-8-molecule-tripleo_nova_image_cache
- tripleo-ansible-centos-8-molecule-tripleo_nvdimm
- tripleo-ansible-centos-8-molecule-tripleo_ovn_cluster
- tripleo-ansible-centos-8-molecule-tripleo_ovs_dpdk
- tripleo-ansible-centos-8-molecule-tripleo_packages
- tripleo-ansible-centos-8-molecule-tripleo_persist
@ -103,6 +104,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_nodes_validation
- tripleo-ansible-centos-8-molecule-tripleo_nova_image_cache
- tripleo-ansible-centos-8-molecule-tripleo_nvdimm
- tripleo-ansible-centos-8-molecule-tripleo_ovn_cluster
- tripleo-ansible-centos-8-molecule-tripleo_ovs_dpdk
- tripleo-ansible-centos-8-molecule-tripleo_packages
- tripleo-ansible-centos-8-molecule-tripleo_persist
@ -163,6 +165,7 @@
- tripleo-ansible-centos-8-molecule-tripleo_nodes_validation
- tripleo-ansible-centos-8-molecule-tripleo_nova_image_cache
- tripleo-ansible-centos-8-molecule-tripleo_nvdimm
- tripleo-ansible-centos-8-molecule-tripleo_ovn_cluster
- tripleo-ansible-centos-8-molecule-tripleo_ovs_dpdk
- tripleo-ansible-centos-8-molecule-tripleo_packages
- tripleo-ansible-centos-8-molecule-tripleo_persist
@ -465,6 +468,13 @@
parent: tripleo-ansible-centos-8-base
vars:
tripleo_role_name: tripleo_nvdimm
- job:
files:
- ^tripleo_ansible/roles/tripleo_ovn_cluster/.*
name: tripleo-ansible-centos-8-molecule-tripleo_ovn_cluster
parent: tripleo-ansible-centos-8-base
vars:
tripleo_role_name: tripleo_ovn_cluster
- job:
files:
- ^tripleo_ansible/roles/tripleo_ovs_dpdk/.*


Loading…
Cancel
Save