Fix vim endpoint port for SystemController

Added internal/admin endpoints to fix an issue with Puppet-Keystone 'keystone_endpoint' method for DC's SystemController vim endpoint, that wasn't being correctly updated when https was enabled. - Added script to support upgrades from previous versions (tested in AIO Duplex with SystemController). Test Plan: PASS: List OpenStack endpoints. For nfv/vim, SystemController region now must have 3 endpoints, one for each interface (public, internal and admin). For each interface, the endpoints must be configured with same base IP as the other services (i.e. Patching). PASS: Enable https. Wait for the endpoints to be applied. Public endpoint for vim in SystemController must become https. PASS: During upgrade, the script must run on activate stage and remove all previous endpoints for vim/nfv on SystemController, then create public, internal and admin endpoints already configurated. Closes-Bug: 1995951 Depends-on: https://review.opendev.org/c/starlingx/stx-puppet/+/866573 Signed-off-by: Marcelo de Castro Loebens <Marcelo.DeCastroLoebens@windriver.com> Change-Id: I47acfc7009f4ef4b509d7ca976bcb7eef283c3a8
2022-12-05 08:32:29 -04:00 · 2022-12-05 08:32:29 -04:00 · 6f8c7932b8
commit 6f8c7932b8
parent eb7a41d913
2 changed files with 75 additions and 0 deletions
--- a/controllerconfig/controllerconfig/upgrade-scripts/19-recreate-vim-systemcontroller-endpoint.sh
+++ b/controllerconfig/controllerconfig/upgrade-scripts/19-recreate-vim-systemcontroller-endpoint.sh
@ -0,0 +1,68 @@
+#!/bin/bash
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# This script is used to recreate vim/nfv endpoints in
+# SystemController public interface when upgrading
+# - Part of a bugfix on keystone_endpoint module
+
+NAME=$(basename $0)
+
+# The migration scripts are passed these parameters:
+FROM_RELEASE=$1
+TO_RELEASE=$2
+ACTION=$3
+# Checks linux distro because keystone is not upgraded in centos
+IS_DEBIAN=$(grep -c "ID=debian" /etc/os-release)
+
+#Get some variables
+source /etc/platform/platform.conf
+
+#Define some strings
+HIERADATA_FOLDER="/opt/platform/puppet/${sw_version}/hieradata"
+TMP_FOLDER=$(mktemp -d /tmp/XXXXX)
+MANIFEST_NAME="remove_vim"
+MANIFEST_FILE="${TMP_FOLDER}/${MANIFEST_NAME}.yaml"
+
+# This will log to /var/log/platform.log
+function log {
+    logger -p local1.info $1
+}
+
+# Script start
+log "$NAME: Starting to recreate vim's keystone endpoints in SystemController from release $FROM_RELEASE to $TO_RELEASE with action $ACTION"
+
+if [[ "${ACTION}" == "activate" ]] && [[ "${TO_RELEASE}" == "22.12" ]] && [[ ${IS_DEBIAN} != 0 ]] && [[ $distributed_cloud_role == "systemcontroller" ]]; then
+
+    source /etc/platform/openrc
+
+    #Remove all endpoints for vim in SystemController region
+    log "$NAME: Removing old vim keystone endpoints for SystemController"
+    openstack endpoint list --region SystemController --service nfv -f value -c ID | \
+    xargs -r openstack endpoint delete
+
+    #Write manifest that recreates the endpoints
+    echo 'classes:' > ${MANIFEST_FILE}
+    echo '- platform::params' >> ${MANIFEST_FILE}
+    echo '- dcorch::keystone::auth' >> ${MANIFEST_FILE}
+
+    #Find active controller's mgmt IP
+    ACTIVE_CONTROLLER_IP=$(cat /etc/hosts | awk -v host=$HOSTNAME '$2 == host {print $1}')
+
+    log "$NAME: Using $HOSTNAME mgmt IP to apply manifest on puppet - $ACTIVE_CONTROLLER_IP"
+
+    #Run manifest
+    /usr/local/bin/puppet-manifest-apply.sh ${HIERADATA_FOLDER} ${ACTIVE_CONTROLLER_IP} controller runtime ${MANIFEST_FILE}
+
+    #Remove the file
+    rm ${MANIFEST_FILE}
+
+    log "$NAME: SystemController's vim endpoints recreation finished successfully from $FROM_RELEASE to $TO_RELEASE"
+else
+    log "$NAME: No actions required for from release $FROM_RELEASE to $TO_RELEASE with action $ACTION"
+fi
+
+exit 0
--- a/sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py
@ -98,6 +98,10 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
            'dcorch::keystone::auth::identity_proxy_internal_url':
                self.get_proxy_internal_url(self.IDENTITY_SERVICE_PORT,
                                            self.IDENTITY_SERVICE_PATH),
+            'dcorch::keystone::auth::nfv_proxy_internal_url':
+                self.get_proxy_internal_url(self.NFV_SERVICE_PORT,
+                                            self.NFV_SERVICE_PATH),
+
            'dcorch::keystone::auth::neutron_proxy_public_url':
                self.get_proxy_public_url(self.NETWORKING_SERVICE_PORT,
                                          self.NETWORKING_SERVICE_PATH),
@ -132,6 +136,9 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet):
            'dcorch::keystone::auth::patching_proxy_admin_url':
                self.get_proxy_admin_url(self.PATCHING_SERVICE_PORT,
                                         self.PATCHING_SERVICE_PATH),
+            'dcorch::keystone::auth::nfv_proxy_admin_url':
+                self.get_proxy_admin_url(self.NFV_SERVICE_PORT,
+                                         self.NFV_SERVICE_PATH),

            'dcorch::keystone::auth::region': self.get_region_name(),
            'dcorch::keystone::auth::auth_name': ksuser,