From 6f8c7932b8f598fcffd5aa5beca2a3459397f056 Mon Sep 17 00:00:00 2001 From: Marcelo de Castro Loebens Date: Mon, 5 Dec 2022 08:32:29 -0400 Subject: [PATCH] Fix vim endpoint port for SystemController Added internal/admin endpoints to fix an issue with Puppet-Keystone 'keystone_endpoint' method for DC's SystemController vim endpoint, that wasn't being correctly updated when https was enabled. - Added script to support upgrades from previous versions (tested in AIO Duplex with SystemController). Test Plan: PASS: List OpenStack endpoints. For nfv/vim, SystemController region now must have 3 endpoints, one for each interface (public, internal and admin). For each interface, the endpoints must be configured with same base IP as the other services (i.e. Patching). PASS: Enable https. Wait for the endpoints to be applied. Public endpoint for vim in SystemController must become https. PASS: During upgrade, the script must run on activate stage and remove all previous endpoints for vim/nfv on SystemController, then create public, internal and admin endpoints already configurated. Closes-Bug: 1995951 Depends-on: https://review.opendev.org/c/starlingx/stx-puppet/+/866573 Signed-off-by: Marcelo de Castro Loebens Change-Id: I47acfc7009f4ef4b509d7ca976bcb7eef283c3a8 --- ...-recreate-vim-systemcontroller-endpoint.sh | 68 +++++++++++++++++++ sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py | 7 ++ 2 files changed, 75 insertions(+) create mode 100644 controllerconfig/controllerconfig/upgrade-scripts/19-recreate-vim-systemcontroller-endpoint.sh diff --git a/controllerconfig/controllerconfig/upgrade-scripts/19-recreate-vim-systemcontroller-endpoint.sh b/controllerconfig/controllerconfig/upgrade-scripts/19-recreate-vim-systemcontroller-endpoint.sh new file mode 100644 index 0000000000..e0deb4c526 --- /dev/null +++ b/controllerconfig/controllerconfig/upgrade-scripts/19-recreate-vim-systemcontroller-endpoint.sh @@ -0,0 +1,68 @@ +#!/bin/bash +# +# Copyright (c) 2022 Wind River Systems, Inc. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# This script is used to recreate vim/nfv endpoints in +# SystemController public interface when upgrading +# - Part of a bugfix on keystone_endpoint module + +NAME=$(basename $0) + +# The migration scripts are passed these parameters: +FROM_RELEASE=$1 +TO_RELEASE=$2 +ACTION=$3 +# Checks linux distro because keystone is not upgraded in centos +IS_DEBIAN=$(grep -c "ID=debian" /etc/os-release) + +#Get some variables +source /etc/platform/platform.conf + +#Define some strings +HIERADATA_FOLDER="/opt/platform/puppet/${sw_version}/hieradata" +TMP_FOLDER=$(mktemp -d /tmp/XXXXX) +MANIFEST_NAME="remove_vim" +MANIFEST_FILE="${TMP_FOLDER}/${MANIFEST_NAME}.yaml" + +# This will log to /var/log/platform.log +function log { + logger -p local1.info $1 +} + +# Script start +log "$NAME: Starting to recreate vim's keystone endpoints in SystemController from release $FROM_RELEASE to $TO_RELEASE with action $ACTION" + +if [[ "${ACTION}" == "activate" ]] && [[ "${TO_RELEASE}" == "22.12" ]] && [[ ${IS_DEBIAN} != 0 ]] && [[ $distributed_cloud_role == "systemcontroller" ]]; then + + source /etc/platform/openrc + + #Remove all endpoints for vim in SystemController region + log "$NAME: Removing old vim keystone endpoints for SystemController" + openstack endpoint list --region SystemController --service nfv -f value -c ID | \ + xargs -r openstack endpoint delete + + #Write manifest that recreates the endpoints + echo 'classes:' > ${MANIFEST_FILE} + echo '- platform::params' >> ${MANIFEST_FILE} + echo '- dcorch::keystone::auth' >> ${MANIFEST_FILE} + + #Find active controller's mgmt IP + ACTIVE_CONTROLLER_IP=$(cat /etc/hosts | awk -v host=$HOSTNAME '$2 == host {print $1}') + + log "$NAME: Using $HOSTNAME mgmt IP to apply manifest on puppet - $ACTIVE_CONTROLLER_IP" + + #Run manifest + /usr/local/bin/puppet-manifest-apply.sh ${HIERADATA_FOLDER} ${ACTIVE_CONTROLLER_IP} controller runtime ${MANIFEST_FILE} + + #Remove the file + rm ${MANIFEST_FILE} + + log "$NAME: SystemController's vim endpoints recreation finished successfully from $FROM_RELEASE to $TO_RELEASE" +else + log "$NAME: No actions required for from release $FROM_RELEASE to $TO_RELEASE with action $ACTION" +fi + +exit 0 diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py b/sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py index 72e328800a..755049ee62 100644 --- a/sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py +++ b/sysinv/sysinv/sysinv/sysinv/puppet/dcorch.py @@ -98,6 +98,10 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet): 'dcorch::keystone::auth::identity_proxy_internal_url': self.get_proxy_internal_url(self.IDENTITY_SERVICE_PORT, self.IDENTITY_SERVICE_PATH), + 'dcorch::keystone::auth::nfv_proxy_internal_url': + self.get_proxy_internal_url(self.NFV_SERVICE_PORT, + self.NFV_SERVICE_PATH), + 'dcorch::keystone::auth::neutron_proxy_public_url': self.get_proxy_public_url(self.NETWORKING_SERVICE_PORT, self.NETWORKING_SERVICE_PATH), @@ -132,6 +136,9 @@ class DCOrchPuppet(openstack.OpenstackBasePuppet): 'dcorch::keystone::auth::patching_proxy_admin_url': self.get_proxy_admin_url(self.PATCHING_SERVICE_PORT, self.PATCHING_SERVICE_PATH), + 'dcorch::keystone::auth::nfv_proxy_admin_url': + self.get_proxy_admin_url(self.NFV_SERVICE_PORT, + self.NFV_SERVICE_PATH), 'dcorch::keystone::auth::region': self.get_region_name(), 'dcorch::keystone::auth::auth_name': ksuser,