noironetworks · tbachman · Dec 12, 2024
diff --git a/roles/edpm_cisco_neutron_opflex/defaults/main.yml b/roles/edpm_cisco_neutron_opflex/defaults/main.yml
@@ -0,0 +1,99 @@
+---
+# Copyright 2024 Cisco Systems Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should be placed in this file.
+# All variables within this role should have a prefix of "edpm_cisco_neutron_opflex"
+
+# service name this role manages
+edpm_cisco_neutron_opflex_service_name: cisco-neutron-opflex
+
+# seconds between retries for download tasks
+edpm_cisco_neutron_opflex_images_download_delay: 5
+
+# number of retries for download tasks
+edpm_cisco_neutron_opflex_images_download_retries: 5
+
+edpm_cisco_neutron_opflex_agent_config_src: "/var/lib/openstack/configs/{{ edpm_cisco_neutron_opflex_service_name }}"
+edpm_cisco_neutron_opflex_agent_config_dir: "/var/lib/config-data/ansible-generated/cisco-neutron-opflex-agent"
+edpm_cisco_neutron_opflex_agent_lib_dir: "/var/lib/neutron"
+edpm_cisco_neutron_opflex_image: "quay.io/podified-antelope-centos9/openstack-cisco-neutron-opflex-agent:current-podified"
+
+edpm_cisco_neutron_opflex_common_volumes:
+  - /run/netns:/run/netns:shared
+  - "{{ edpm_cisco_neutron_opflex_agent_config_dir }}:/etc/neutron.conf.d:z"
+  - "{{ edpm_cisco_neutron_opflex_agent_lib_dir }}:/var/lib/neutron:shared,z"
+  - /var/lib/kolla/config_files/cisco_neutron_opflex_agent.json:/var/lib/kolla/config_files/config.json:ro
+  - /run/openvswitch:/run/openvswitch:shared,z
+  - "{{ edpm_cisco_neutron_opflex_agent_lib_dir }}/dhcp_agent_haproxy_wrapper:/usr/local/bin/haproxy:ro"
+  - "{{ edpm_cisco_neutron_opflex_agent_lib_dir }}/kill_scripts:/etc/neutron/kill_scripts:ro"
+  - /var/lib/opflex/files/endpoints:/var/lib/opflex-agent-ovs/endpoints:shared,z
+  - /var/lib/opflex/files/services:/var/lib/opflex-agent-ovs/services:shared,z
+  - /var/lib/opflex/files/ids:/var/lib/opflex-agent-ovs/ids:shared,z
+  - /var/lib/opflex/files/mcast:/var/lib/opflex-agent-ovs/mcast:shared,z
+  - /var/lib/opflex/files/droplog:/var/lib/opflex-agent-ovs/droplog:shared,z
+  - /var/lib/opflex/files/faults:/var/lib/opflex-agent-ovs/faults:shared,z
+  - /var/lib/opflex/files/policy:/var/lib/opflex-agent-ovs/policy:shared,z
+  - /var/lib/opflex/files/restarts:/var/lib/opflex-agent-ovs/restarts:shared,z
+  - /var/lib/opflex/sockets:/var/lib/opflex-agent-ovs/sockets:shared,z
+
+edpm_cisco_neutron_opflex_tls_cacert_bundle_src: "/var/lib/openstack/cacerts/{{ edpm_cisco_neutron_opflex_service_name }}/tls-ca-bundle.pem"
+edpm_cisco_neutron_opflex_tls_cacert_bundle_dest: "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
+edpm_cisco_neutron_opflex_tls_cacert_volumes: []
+
+# Sidecar containers settings
+edpm_cisco_neutron_opflex_sidecar_debug: false
+edpm_cisco_neutron_opflex_sidecar_haproxy_image_name: "{{ edpm_cisco_neutron_opflex_image }}"
+
+# neutron.conf
+# DEFAULT
+edpm_cisco_neutron_opflex_DEFAULT_debug: false
+edpm_cisco_neutron_opflex_DEFAULT_rpc_response_timeout: 60
+edpm_cisco_neutron_opflex_DEFAULT_transport_url: ''
+
+# oslo_concurrency
+edpm_cisco_neutron_opflex_oslo_concurrency_lock_patch: '$state_path/lock'
+# oslo_messaging_rabbit
+edpm_cisco_neutron_opflex_oslo_messaging_rabbit_heartbeat_timeout_threshold: 60
+# oslo_middleware
+edpm_cisco_neutron_opflex_oslo_middleware_enable_proxy_headers_parsing: 60
+
+# rootwrap.conf
+# DEFAULT
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_filters_path: '/usr/share/neutron/rootwrap'
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_exec_dirs: '/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts'
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_use_syslog: false
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_syslog_log_facility: 'syslog'
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_syslog_log_level: 'ERROR'
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_daemon_timeout: 600
+edpm_cisco_neutron_opflex_rootwrap_DEFAULT_rlimit_nofile: 1024
+
+# cisco-neutron-opflex-agent.conf
+# DEFAULT
+edpm_cisco_neutron_opflex_agent_DEFAULT_state_path: '/var/lib/neutron'
+edpm_cisco_neutron_opflex_agent_DEFAULT_resync_interval: 5
+edpm_cisco_neutron_opflex_agent_DEFAULT_resync_throttle: 1
+edpm_cisco_neutron_opflex_agent_DEFAULT_dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq'
+edpm_cisco_neutron_opflex_agent_DEFAULT_enable_isolated_metadata: false
+edpm_cisco_neutron_opflex_agent_DEFAULT_force_metadata: false
+edpm_cisco_neutron_opflex_agent_DEFAULT_enable_metadata_network: false
+edpm_cisco_neutron_opflex_agent_DEFAULT_num_sync_threads: 4
+edpm_cisco_neutron_opflex_agent_DEFAULT_bulk_reload_interval: 0
+edpm_cisco_neutron_opflex_agent_DEFAULT_dhcp_broadcast_reply: false
+# AGENT
+edpm_cisco_neutron_opflex_agent_AGENT_root_helper: 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'
+edpm_cisco_neutron_opflex_agent_AGENT_report_interval: 30
+edpm_cisco_neutron_opflex_agent_AGENT_availability_zone: 'nova'
diff --git a/roles/edpm_cisco_neutron_opflex/files/.gitkeep b/roles/edpm_cisco_neutron_opflex/files/.gitkeep
diff --git a/roles/edpm_cisco_neutron_opflex/handlers/main.yml b/roles/edpm_cisco_neutron_opflex/handlers/main.yml
@@ -0,0 +1,22 @@
+---
+# Copyright 2024 Cisco Systems Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Restart cisco-neutron-opflex-agent container
+  become: true
+  ansible.builtin.systemd:
+    state: restarted
+    name: "edpm_cisco_neutron_opflex_agent.service"
+  listen: "Restart cisco-neutron-opflex-agent"
diff --git a/roles/edpm_cisco_neutron_opflex/meta/argument_specs.yml b/roles/edpm_cisco_neutron_opflex/meta/argument_specs.yml
@@ -0,0 +1,64 @@
+---
+argument_specs:
+  # ./roles/edpm_cisco_neutron_opflex/tasks/main.yml entry point
+  main:
+    short_description: The main entry point for the edpm_cisco_neutron_opflex role.
+    options:
+       edpm_cisco_neutron_opflex_images_download_delay:
+        type: int
+        default: 5
+        description: The seconds between retries for failed download tasks
+      edpm_cisco_neutron_opflex_images_download_retries:
+        type: int
+        default: 5
+        description: The number of retries for failed download tasks
+      edpm_cisco_neutron_opflex_agent_config_src:
+        default: "/var/lib/openstack/configs/cisco-neutron-opflex"
+        description: |
+          The path to the directory containing source of the Neutron DHCP
+          agent configs.
+        type: str
+      edpm_cisco_neutron_opflex_agent_config_dir:
+        default: "/var/lib/config-data/ansible-generated/cisco-neutron-opflex-agent"
+        description: |
+          The path to the directory containing Neutron DHCP agent config
+          files.
+        type: str
+      edpm_cisco_neutron_opflex_agent_lib_dir:
+        default: "/var/lib/neutron"
+        description: |
+          The path to the directory containing files required by the Neutron DHCP
+          agent, like e.g. sidecar container wrappers.
+        type: str
+      edpm_cisco_neutron_opflex_image:
+        default: "quay.io/podified-antelope-centos9/openstack-cisco-neutron-opflex-agent:current-podified"
+        description: Neutron DHCP agent container image.
+        type: str
+      edpm_cisco_neutron_opflex_common_volumes:
+        default:
+          - /run/netns:/run/netns:shared
+          - "{{ edpm_neutron_opflex_agent_config_dir }}:/etc/neutron.conf.d:z"
+          - "{{ edpm_neutron_opflex_agent_lib_dir }}:/var/lib/neutron:shared,z"
+          - /var/lib/kolla/config_files/neutron_opflex_agent.json:/var/lib/kolla/config_files/config.json:ro
+          - /run/openvswitch:/run/openvswitch:shared,z
+          - "{{ edpm_neutron_opflex_agent_lib_dir }}/opflex_agent_haproxy_wrapper:/usr/local/bin/haproxy:ro"
+          - "{{ edpm_neutron_opflex_agent_lib_dir }}/kill_scripts:/etc/neutron/kill_scripts:ro"
+          - /var/lib/opflex/files/endpoints:/var/lib/opflex-agent-ovs/endpoints:shared,z
+          - /var/lib/opflex/files/services:/var/lib/opflex-agent-ovs/services:shared,z
+          - /var/lib/opflex/files/ids:/var/lib/opflex-agent-ovs/ids:shared,z
+          - /var/lib/opflex/files/mcast:/var/lib/opflex-agent-ovs/mcast:shared,z
+          - /var/lib/opflex/files/droplog:/var/lib/opflex-agent-ovs/droplog:shared,z
+          - /var/lib/opflex/files/faults:/var/lib/opflex-agent-ovs/faults:shared,z
+          - /var/lib/opflex/files/policy:/var/lib/opflex-agent-ovs/policy:shared,z
+          - /var/lib/opflex/files/restarts:/var/lib/opflex-agent-ovs/restarts:shared,z
+          - /var/lib/opflex/sockets:/var/lib/opflex-agent-ovs/sockets:shared,z
+        description: List of volumes in a mount point form.
+        type: list
+      edpm_neutron_dhcp_agent_AGENT_root_helper:
+        default: 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'
+        description: ''
+        type: str
+      edpm_neutron_dhcp_agent_AGENT_report_interval:
+        default: 300
+        description: ''
+        type: int
diff --git a/roles/edpm_cisco_neutron_opflex/meta/main.yml b/roles/edpm_cisco_neutron_opflex/meta/main.yml
@@ -0,0 +1,43 @@
+---
+# Copyright 2024 Cisco Systems Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: EDPM OpenStack Role -- edpm_cisco_neutron_opflex
+  company: Cisco Systems
+  license: Apache-2.0
+  min_ansible_version: '2.14'
+  namespace: openstack
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: 'EL'
+      versions:
+        - '8'
+        - '9'
+
+  galaxy_tags:
+    - edpm
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []
diff --git a/roles/edpm_cisco_neutron_opflex/tasks/boostrap.yml b/roles/edpm_cisco_neutron_opflex/tasks/boostrap.yml
@@ -0,0 +1,20 @@
+---
+# Copyright 2024 Cisco Systems Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Ensure Openvswitch installed and running
+  ansible.builtin.include_role:
+    name: osp.edpm.edpm_ovs
+    tasks_from: "install.yml"
diff --git a/roles/edpm_cisco_neutron_opflex/tasks/configure.yml b/roles/edpm_cisco_neutron_opflex/tasks/configure.yml
@@ -0,0 +1,70 @@
+---
+# Copyright 2024 Cisco Systems Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Configure neutron configuration files
+  block:
+    - name: Render neutron configuration files
+      ansible.builtin.template:
+        src: "{{ item.src }}"
+        dest: "{{ edpm_cisco_neutron_opflex_agent_config_dir }}/{{ item.dest }}"
+        setype: "container_file_t"
+        mode: "0644"
+      loop:
+        - {"src": "neutron.conf.j2", "dest": "01-neutron.conf"}
+        - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"}
+        - {"src": "cisco-neutron-opflex-agent.conf.j2", "dest": "01-cisco-neutron-opflex-agent.conf"}
+      tags:
+        - configure
+        - neutron
+      notify:
+        - Restart cisco-neutron-opflex-agent
+
+    - name: Discover secrets in {{ edpm_cisco_neutron_opflex_agent_config_src }}
+      ansible.builtin.find:
+        paths: "{{ edpm_cisco_neutron_opflex_agent_config_src }}"
+        file_type: file
+        recurse: true
+        patterns:
+          - "*dhcp*conf"
+      register: edpm_cisco_neutron_opflex_secrets
+      delegate_to: localhost
+      become: false
+
+    - name: Flatten secrets into {{ edpm_cisco_neutron_opflex_agent_config_dir }}
+      ansible.builtin.copy:
+        src: "{{ item.path }}"
+        dest: "{{ edpm_cisco_neutron_opflex_agent_config_dir }}/{{ item.path | basename }}"
+        setype: "container_file_t"
+        mode: "0644"
+      loop: "{{ edpm_cisco_neutron_opflex_secrets.files }}"
+
+- name: Configure sidecar containers scripts
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ edpm_cisco_neutron_opflex_agent_lib_dir }}/{{ item.dest }}"
+    setype: "container_file_t"
+    mode: "0755"
+  loop:
+    - {"src": "wrappers/haproxy.j2", "dest": "dhcp_agent_haproxy_wrapper"}
+
+- name: Configure kill_scripts for sidecar containers
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ edpm_cisco_neutron_opflex_agent_lib_dir }}/kill_scripts/{{ item.dest }}"
+    setype: "container_file_t"
+    mode: "0755"
+  with_items:
+    - {"src": "wrappers/kill-script.j2", "dest": "haproxy-kill"}
diff --git a/roles/edpm_cisco_neutron_opflex/tasks/download_cache.yml b/roles/edpm_cisco_neutron_opflex/tasks/download_cache.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Download needed container images
+  containers.podman.podman_image:
+    name: "{{ edpm_cisco_neutron_opflex_image }}"
+    auth_file: "{{ edpm_download_cache_podman_auth_file }}"
+  become: true
+  register: edpm_cisco_neutron_opflex_images_download
+  until: edpm_cisco_neutron_opflex_images_download.failed == false
+  retries: "{{ edpm_cisco_neutron_opflex_images_download_retries }}"
+  delay: "{{ edpm_cisco_neutron_opflex_images_download_delay }}"