From 23992a3576e1da633808939937639cc3bd465a31 Mon Sep 17 00:00:00 2001 From: David Vallee Delisle Date: Fri, 4 Jun 2021 17:15:14 +0000 Subject: [PATCH] Moving setting validation from nova_event_callback The newly introduced role oslo_config_validator is probably a better framework to validate settings as it's centralized and will most probably be called by sosreport for troubleshooting purpose. It only makes sense to move some setting validations to this new role when possible. This patch also adds the nova_event_callback role documentation in sphinx. Closes-Bug: #1934609 Change-Id: Iac8126429773d3b63d17ad851d24e8c6f498f557 --- doc/source/roles/role-nova_event_callback.rst | 42 ++++++++++++ playbooks/nova-event-callback.yaml | 21 +----- roles/nova_event_callback/defaults/main.yml | 8 +-- roles/nova_event_callback/tasks/main.yml | 65 +------------------ roles/nova_event_callback/vars/main.yml | 14 ++-- 5 files changed, 51 insertions(+), 99 deletions(-) diff --git a/doc/source/roles/role-nova_event_callback.rst b/doc/source/roles/role-nova_event_callback.rst index 6883c97ab..4015444b4 100644 --- a/doc/source/roles/role-nova_event_callback.rst +++ b/doc/source/roles/role-nova_event_callback.rst @@ -2,6 +2,48 @@ nova_event_callback =================== +-------------- +About the role +-------------- + +An Ansible role to check if the **Nova** ``auth_url`` in **Neutron** is +configured correctly on the **Overcloud Controller(s)**. + +Requirements +============ + +None. + +Dependencies +============ + +None. + +Example Playbook +================ + +.. code-block:: yaml + + - hosts: Controller + vars: + neutron_config_file: /path/to/neutron.conf + roles: + - nova_event_callback + +License +======= + +Apache + +Author Information +================== + +**Red Hat TripleO DFG:Compute Deployment Squad** + +---------------- +Full Description +---------------- + .. ansibleautoplugin:: :role: roles/nova_event_callback diff --git a/playbooks/nova-event-callback.yaml b/playbooks/nova-event-callback.yaml index 6f81450d4..10d4a1490 100644 --- a/playbooks/nova-event-callback.yaml +++ b/playbooks/nova-event-callback.yaml @@ -4,19 +4,11 @@ metadata: name: Nova Event Callback Configuration Check description: | - This validations verifies that the Nova Event Callback feature is - configured which is generally enabled by default. + This validations verifies that the Nova auth_url in neutron, + which is generally enabled by default, is configured correctly It checks the following files on the Overcloud Controller(s): - - /etc/nova/nova.conf: - [DEFAULT]/vif_plugging_is_fatal = True - [DEFAULT]/vif_plugging_timeout >= 300 - - /etc/neutron/neutron.conf: - [nova]/auth_url = 'http://nova_admin_auth_ip:5000' - [nova]/tenant_name = 'service' - [DEFAULT]/notify_nova_on_port_data_changes = True - [DEFAULT]/notify_nova_on_port_status_changes = True - + - **/etc/neutron/neutron.conf**: [nova]/auth_url = 'http://nova_admin_auth_ip:5000' groups: - post-deployment categories: @@ -25,13 +17,6 @@ - neutron products: - tripleo - nova_config_file: /var/lib/config-data/puppet-generated/nova/etc/nova/nova.conf neutron_config_file: /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf - vif_plugging_fatal_check: "vif_plugging_is_fatal" - vif_plugging_timeout_check: "vif_plugging_timeout" - vif_plugging_timeout_value_min: 300 - notify_nova_on_port_data_check: "notify_nova_on_port_data_changes" - notify_nova_on_port_status_check: "notify_nova_on_port_status_changes" - tenant_name_check: "tenant_name" roles: - nova_event_callback diff --git a/roles/nova_event_callback/defaults/main.yml b/roles/nova_event_callback/defaults/main.yml index 7760e6444..1389ac2b8 100644 --- a/roles/nova_event_callback/defaults/main.yml +++ b/roles/nova_event_callback/defaults/main.yml @@ -1,9 +1,3 @@ --- -nova_config_file: /var/lib/config-data/puppet-generated/nova/etc/nova/nova.conf +# Absolute path of the neutron configuration file neutron_config_file: /var/lib/config-data/puppet-generated/neutron/etc/neutron/neutron.conf -vif_plugging_fatal_check: "vif_plugging_is_fatal" -vif_plugging_timeout_check: "vif_plugging_timeout" -vif_plugging_timeout_value_min: 300 -notify_nova_on_port_data_check: "notify_nova_on_port_data_changes" -notify_nova_on_port_status_check: "notify_nova_on_port_status_changes" -tenant_name_check: "tenant_name" diff --git a/roles/nova_event_callback/tasks/main.yml b/roles/nova_event_callback/tasks/main.yml index c2c6d8965..4ea4a82e3 100644 --- a/roles/nova_event_callback/tasks/main.yml +++ b/roles/nova_event_callback/tasks/main.yml @@ -1,35 +1,7 @@ --- -- name: Get vif_plugging_fatal value from nova.conf - become: true - validations_read_ini: - path: "{{ nova_config_file }}" - section: DEFAULT - key: "{{ vif_plugging_fatal_check }}" - ignore_missing_file: true - register: vif_plugging_fatal_value - -- name: Get vif_plugging_timeout value from nova.conf - become: true - validations_read_ini: - path: "{{ nova_config_file }}" - section: DEFAULT - key: "{{ vif_plugging_timeout_check }}" - ignore_missing_file: true - register: vif_plugging_timeout_value - -- name: Ensure vif plugging timeout minimum - fail: - msg: "vif_plugging_timeout is below minimum value. Minimum: {{ vif_plugging_timeout_value_min|ing }}. Current value: {{ vig_plugging_timeout_value }}" - when: "{{ vif_plugging_timeout_value|int < vif_plugging_timeout_value_min|int }}" - -- name: Ensure vif plugging is fatal - fail: - msg: "vif_plugging_fatal should be set to True. Current value: {{ vif_plugging_fatal_value }}." - when: "not {{ vif_plugging_fatal_value|bool }}" - - name: Get auth_url value from hiera become: true - command: hiera -c /etc/puppet/hiera.yaml neutron::server::notifications::auth_url + command: hiera -c /etc/puppet/hiera.yaml neutron::server::notifications::nova::auth_url ignore_errors: true changed_when: false register: auth_url @@ -50,38 +22,3 @@ {{ neutron_auth_url_result.value or 'None' }} but it should be set to {{ auth_url.stdout }}. failed_when: "neutron_auth_url_result.value != auth_url.stdout" - -- name: Get Notify Nova settings values from neutron.conf - become: true - validations_read_ini: - path: "{{ neutron_config_file }}" - section: DEFAULT - key: "{{ item }}" - ignore_missing_file: true - register: neutron_notify_nova_result - with_items: - - "{{ notify_nova_on_port_data_check }}" - - "{{ notify_nova_on_port_status_check }}" - -- name: Check Notify Nova settings values - fail: - msg: "{{ item.item }} should be set ro True. Current value: {{ item.value }}." - when: not item.value|bool or item.value == None - with_items: "{{ neutron_notify_nova_result.results }}" - -- name: Get Tenant Name setting value from neutron.conf - become: true - validations_read_ini: - path: "{{ neutron_config_file }}" - section: nova - key: "{{ tenant_name_check }}" - ignore_missing_file: true - register: neutron_tenant_name_result - -- name: Check Tenant Name settings value - fail: - msg: >- - [nova]/tenant_name from {{ neutron_config_file }} is set to - {{ neutron_tenant_name_result.value or 'None' }} - but it should be set to 'service'. - when: neutron_tenant_name_result.value != 'service' diff --git a/roles/nova_event_callback/vars/main.yml b/roles/nova_event_callback/vars/main.yml index 817d375ed..65a6e584d 100644 --- a/roles/nova_event_callback/vars/main.yml +++ b/roles/nova_event_callback/vars/main.yml @@ -2,16 +2,10 @@ metadata: name: Nova Event Callback Configuration Check description: > - This validations verifies that the Nova Event Callback feature is - configured which is generally enabled by default. + This validations verifies that the Nova auth_url in neutron, + which is generally enabled by default, is configured correctly It checks the following files on the Overcloud Controller(s): - - /etc/nova/nova.conf: - [DEFAULT]/vif_plugging_is_fatal = True - [DEFAULT]/vif_plugging_timeout >= 300 - - /etc/neutron/neutron.conf: - [nova]/auth_url = 'http://nova_admin_auth_ip:5000' - [nova]/tenant_name = 'service' - [DEFAULT]/notify_nova_on_port_data_changes = True - [DEFAULT]/notify_nova_on_port_status_changes = True + - /etc/neutron/neutron.conf: + [nova]/auth_url = 'http://nova_admin_auth_ip:5000' groups: - post-deployment