Add tripleo_nova_migration_target role

nova_migration_target standalone role for TripleO.

TBD: puppet hiera mappings configured with ansible

Co-authored-by: Bogdan Dobrelya <bdobreli@redhat.com>
Change-Id: I71ab8617785da72a0b0ba834943737d477ce7e30

doc/source/roles/role-tripleo_nova_migration_target.rst

@@ -0,0 +1,6 @@
+====================================
+Role - tripleo_nova_migration_target
+====================================
+
+.. ansibleautoplugin::
+  :role: tripleo_ansible/roles/tripleo_nova_migration_target

tripleo_ansible/roles/tripleo_nova_migration_target/defaults/main.yml

@@ -0,0 +1,59 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+
+# All variables within this role should have a prefix of "tripleo_nova_migration_target"
+tripleo_nova_migration_target_debug: "{{ (ansible_verbosity | int) >= 2 | bool }}"
+
+tripleo_nova_migration_target_hide_sensitive_logs: true
+
+tripleo_nova_migration_target_config_image: ""
+tripleo_nova_migration_target_volumes:
+  - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro
+  - /var/lib/config-data/puppet-generated/nova_libvirt:/var/lib/kolla/config_files/src:ro
+  - /etc/ssh:/host-ssh:ro
+  - /run/libvirt:/run/libvirt:shared,z
+  - /var/lib/nova:/var/lib/nova:shared
+tripleo_nova_migration_target_sshd_port: "{{ tripleo_migration_ssh_port | default('2022'. true) }}"
+tripleo_nova_migration_target_ssh_key: >
+  {{ tripleo_migration_ssh_key | default({"public_key": "", "private_key": ""}, true) }}
+
+# from t-h-t hiera mappings
+tripleo_nova_migration_target_sshd_password_authentication: 'no' # not a boolean
+tripleo_nova_migration_target_sshd_listen: internal_api # NovaApiNetwork
+tripleo_nova_migration_target_ssh_authorized_keys: >
+  {{ tripleo_nova_migration_target_ssh_key["public_key"] }}
+tripleo_nova_migration_target_sshd_options:
+  HostKey:
+    - '/etc/ssh/ssh_host_rsa_key'
+    - '/etc/ssh/ssh_host_ecdsa_key'
+    - '/etc/ssh/ssh_host_ed25519_key'
+  SyslogFacility: 'AUTHPRIV'
+  AuthorizedKeysFile: '.ssh/authorized_keys'
+  ChallengeResponseAuthentication: 'no'
+  GSSAPIAuthentication: 'no'
+  GSSAPICleanupCredentials: 'no'
+  UsePAM: 'yes'
+  UseDNS: 'no'
+  X11Forwarding: 'yes'
+  AcceptEnv:
+    - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+    - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+    - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+    - 'XMODIFIERS'
+  Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'

tripleo_ansible/roles/tripleo_nova_migration_target/files/nova_migration_target.yaml

@@ -0,0 +1,10 @@
+command: /usr/sbin/sshd -D -p "{{ tripleo_nova_migration_target_sshd_port }}"
+config_files:
+  - source: "/var/lib/kolla/config_files/src/*"
+    dest: "/"
+    merge: true
+    preserve_properties: true
+  - source: /host-ssh/ssh_host_*_key
+    dest: /etc/ssh/
+    owner: "root"
+    perm: "0600"

tripleo_ansible/roles/tripleo_nova_migration_target/handlers/main.yml

@@ -0,0 +1,15 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.

tripleo_ansible/roles/tripleo_nova_migration_target/meta/main.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO OpenStack Role -- tripleo_nova_migration_target
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.7
+  namespace: openstack
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: CentOS
+      versions:
+        - 8
+        - 9
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/converge.yml

@@ -0,0 +1,21 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  hosts: all
+  roles:
+    - role: "tripleo_nova_migration_target"

tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/molecule.yml

@@ -0,0 +1,28 @@
+---
+driver:
+  name: podman
+
+provisioner:
+  inventory:
+    hosts:
+      all:
+        hosts:
+          centos:
+            ansible_python_interpreter: /usr/bin/python3
+  name: ansible
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+  test_sequence:
+    - destroy
+    - create
+    - prepare
+    - converge
+    - check
+    - verify
+    - destroy
+
+verifier:
+  name: testinfra

tripleo_ansible/roles/tripleo_nova_migration_target/molecule/default/prepare.yml

@@ -0,0 +1,21 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+  hosts: all
+  roles:
+    - role: test_deps

tripleo_ansible/roles/tripleo_nova_migration_target/tasks/configure.yaml

@@ -0,0 +1,25 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: validate nova-migration-target container state
+  containers.podman.podman_containers_info:
+    name: nova_migration_target
+  register: nova_migration_target_infos
+  failed_when:
+    - nova_migration_target_infos.containers.0.Healthcheck.Status is defined
+    - "'healthy' not in nova_migration_target_infos.containers.0.Healthcheck.Status"
+  retries: 10
+  delay: 30

tripleo_ansible/roles/tripleo_nova_migration_target/tasks/install.yaml

@@ -0,0 +1,28 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Create libvirt persistent data directories
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    setype: "{{ item.setype }}"
+  loop:
+    - { 'path': /run/libvirt, 'setype': virt_var_run_t }
+- name: ensure /run/libvirt is present upon reboot
+  copy:
+    dest: /etc/tmpfiles.d/run-libvirt.conf
+    content: |
+                    d /run/libvirt 0755 root root - -

tripleo_ansible/roles/tripleo_nova_migration_target/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# "tripleo_nova_migration_target" will search for and load any operating system variable file
+
+# found within the "vars/" path. If no OS files are found the task will skip.
+- name: Gather variables for each operating system
+  include_vars: "{{ item }}"
+  with_first_found:
+    - skip: true
+      files:
+        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
+        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
+        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
+        - "{{ ansible_facts['distribution'] | lower }}.yml"
+        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_version'].split('.')[0] }}.yml"
+        - "{{ ansible_facts['os_family'] | lower }}.yml"
+  tags:
+    - always

tripleo_ansible/roles/tripleo_nova_migration_target/tasks/run.yaml

@@ -0,0 +1,25 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Manage nova_migration_target containers
+  include_role:
+    name: tripleo_container_standalone
+  vars:
+    tripleo_container_standalone_service: nova_migration_target
+    tripleo_container_standalone_container_defs:
+      nova_migration_target: "{{ lookup('template'), 'nova_migration_target.yaml.j2') | from_yaml }}"
+    tripleo_container_standalone_kolla_config_files:
+      nova_migration_target: "{{ lookup('file', 'files/nova_migration_target.yaml') | from_yaml }}"

tripleo_ansible/roles/tripleo_nova_migration_target/tasks/update.yaml

@@ -0,0 +1,20 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: nova migration target tempfile cleanup
+  file:
+    path: /etc/tmpfiles.d/var-run-libvirt.conf
+    state: absent

tripleo_ansible/roles/tripleo_nova_migration_target/tasks/upgrade.yaml

@@ -0,0 +1,18 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: nova migration target tempfile cleanup
+  include_tasks: nova_migration_target_update.yaml

tripleo_ansible/roles/tripleo_nova_migration_target/templates/nova_migration_target.yaml.j2

@@ -0,0 +1,11 @@
+image: {{ tripleo_nova_migration_target_config_image }}
+net: host
+previleged: true
+user: root
+restart: always
+healthcheck:
+  test: /openstack/healthcheck
+volumes:
+  {{ tripleo_container_standalone_common_volumes | default([]) + tripleo_nova_migration_target_volumes }}
+environment:
+  KOLLA_CONFIG_STRATEGY: COPY_ALWAYS

tripleo_ansible/roles/tripleo_nova_migration_target/vars/main.yml

@@ -0,0 +1,22 @@
+---
+# Copyright 2022 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# While options found within the vars/ path can be overridden using extra
+# vars, items within this path are considered part of the role and not
+# intended to be modified.
+
+# All variables within this role should have a prefix of "tripleo_nova_migration_target"