From a4eb720d3eb364bb2c2085deea79313954918751 Mon Sep 17 00:00:00 2001 From: Brendan Shephard Date: Wed, 1 Nov 2023 12:06:41 +1000 Subject: [PATCH] Refactor base templates This change removes some unnecessary items from the base config samples. Namely: 1. Removes unnecessary or unused AnsibleVars such as the selinux variable, or variables that are just setting default or unnecessary values from edpm-ansible. 2. Limit the number of parameters configured in the baremetal-ipam sample, since these are already demonstrated in the base nodeset templates. Such as the spec.env example. Depends-On: https://github.com/openstack-k8s-operators/install_yamls/pull/644 Depends-On: https://github.com/openstack-k8s-operators/edpm-ansible/pull/508 Signed-off-by: Brendan Shephard --- ...nstack.org_openstackdataplanenodesets.yaml | 3 + api/v1beta1/common.go | 10 +- ...nstack.org_openstackdataplanenodesets.yaml | 3 + ...ane_v1beta1_openstackdataplanenodeset.yaml | 64 ++------ ...1_openstackdataplanenodeset_baremetal.yaml | 155 ------------------ ...kdataplanenodeset_baremetal_with_ipam.yaml | 18 +- docs/openstack_dataplanedeployment.md | 6 +- docs/openstack_dataplanenodeset.md | 6 +- docs/openstack_dataplaneservice.md | 6 +- ...enstackdataplanenodeset_controller_test.go | 2 +- 10 files changed, 35 insertions(+), 238 deletions(-) delete mode 100644 config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal.yaml diff --git a/api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml b/api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml index 4e48feaf2..835f19631 100644 --- a/api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml +++ b/api/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml @@ -268,6 +268,7 @@ spec: ansiblePort: type: integer ansibleUser: + default: cloud-user type: string ansibleVars: x-kubernetes-preserve-unknown-fields: true @@ -1020,6 +1021,7 @@ spec: type: object type: array managementNetwork: + default: ctlplane type: string networkData: properties: @@ -1068,6 +1070,7 @@ spec: ansiblePort: type: integer ansibleUser: + default: cloud-user type: string ansibleVars: x-kubernetes-preserve-unknown-fields: true diff --git a/api/v1beta1/common.go b/api/v1beta1/common.go index e38f4ca8b..9e3c909d2 100644 --- a/api/v1beta1/common.go +++ b/api/v1beta1/common.go @@ -28,7 +28,8 @@ import ( type AnsibleOpts struct { // AnsibleUser SSH user for Ansible connection // +kubebuilder:validation:Optional - AnsibleUser string `json:"ansibleUser,omitempty"` + // +kubebuilder:default="cloud-user" + AnsibleUser string `json:"ansibleUser"` // AnsibleHost SSH host for Ansible connection // +kubebuilder:validation:Optional @@ -47,7 +48,6 @@ type AnsibleOpts struct { // NodeSection defines the top level attributes inherited by nodes in the CR. type NodeSection struct { - // HostName - node name // +kubebuilder:validation:Optional HostName string `json:"hostName,omitempty"` @@ -94,7 +94,8 @@ type NodeTemplate struct { // ManagementNetwork - Name of network to use for management (SSH/Ansible) // +kubebuilder:validation:Optional - ManagementNetwork string `json:"managementNetwork,omitempty"` + // +kubebuilder:default=ctlplane + ManagementNetwork string `json:"managementNetwork"` // Ansible is the group of Ansible related configuration options. // +kubebuilder:validation:Optional @@ -116,9 +117,10 @@ type NodeTemplate struct { // AnsibleEESpec is a specification of the ansible EE attributes type AnsibleEESpec struct { // +kubebuilder:validation:Optional + // +kubebuilder:default={ctlplane} // NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource // which allows to connect the ansibleee runner to the given network - NetworkAttachments []string `json:"networkAttachments,omitempty"` + NetworkAttachments []string `json:"networkAttachments"` // +kubebuilder:validation:Optional // OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image OpenStackAnsibleEERunnerImage string `json:"openStackAnsibleEERunnerImage,omitempty"` diff --git a/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml b/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml index 4e48feaf2..835f19631 100644 --- a/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml +++ b/config/crd/bases/dataplane.openstack.org_openstackdataplanenodesets.yaml @@ -268,6 +268,7 @@ spec: ansiblePort: type: integer ansibleUser: + default: cloud-user type: string ansibleVars: x-kubernetes-preserve-unknown-fields: true @@ -1020,6 +1021,7 @@ spec: type: object type: array managementNetwork: + default: ctlplane type: string networkData: properties: @@ -1068,6 +1070,7 @@ spec: ansiblePort: type: integer ansibleUser: + default: cloud-user type: string ansibleVars: x-kubernetes-preserve-unknown-fields: true diff --git a/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml b/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml index be02cb0ce..8a4676d0f 100644 --- a/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml +++ b/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml @@ -25,30 +25,20 @@ spec: hostName: edpm-compute-0 ansible: ansibleHost: 192.168.122.100 - ansibleVars: - ctlplane_ip: 192.168.122.100 - internal_api_ip: 172.17.0.100 - storage_ip: 172.18.0.100 - tenant_ip: 172.19.0.100 - fqdn_internal_api: edpm-compute-0.example.com - networkAttachments: - - ctlplane nodeTemplate: + networks: + - name: CtlPlane + subnetName: subnet1 + defaultRoute: true + - name: InternalApi + subnetName: subnet1 + - name: Storage + subnetName: subnet1 + - name: Tenant + subnetName: subnet1 ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret - managementNetwork: ctlplane ansible: - ansibleUser: cloud-admin - ansiblePort: 22 ansibleVars: - service_net_map: - nova_api_network: internal_api - nova_libvirt_network: internal_api - timesync_ntp_servers: - - hostname: pool.ntp.org - # edpm_network_config - # Default nic config template for a EDPM compute node - # These vars are edpm_network_config role vars - edpm_network_config_hide_sensitive_logs: false edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} @@ -86,37 +76,6 @@ spec: # considered EDPM network defaults. neutron_physical_bridge_name: br-ex neutron_public_interface_name: eth0 - ctlplane_mtu: 1500 - ctlplane_subnet_cidr: 24 - ctlplane_gateway_ip: 192.168.122.1 - ctlplane_host_routes: - - ip_netmask: 0.0.0.0/0 - next_hop: 192.168.122.1 - external_mtu: 1500 - external_vlan_id: 44 - external_cidr: '24' - external_host_routes: [] - internal_api_mtu: 1500 - internal_api_vlan_id: 20 - internal_api_cidr: '24' - internal_api_host_routes: [] - storage_mtu: 1500 - storage_vlan_id: 21 - storage_cidr: '24' - storage_host_routes: [] - tenant_mtu: 1500 - tenant_vlan_id: 22 - tenant_cidr: '24' - tenant_host_routes: [] - role_networks: - - InternalApi - - Storage - - Tenant - networks_lower: - External: external - InternalApi: internal_api - Storage: storage - Tenant: tenant # edpm_nodes_validation edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false @@ -126,7 +85,4 @@ spec: gather_facts: false enable_debug: false # edpm firewall, change the allowed CIDR if needed - edpm_sshd_configure_firewall: true edpm_sshd_allowed_ranges: ['192.168.122.0/24'] - # SELinux module - edpm_selinux_mode: enforcing diff --git a/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal.yaml b/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal.yaml deleted file mode 100644 index fa3f4f658..000000000 --- a/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal.yaml +++ /dev/null @@ -1,155 +0,0 @@ ---- -apiVersion: dataplane.openstack.org/v1beta1 -kind: OpenStackDataPlaneNodeSet -metadata: - name: openstack-edpm -spec: - env: - - name: ANSIBLE_FORCE_COLOR - value: "True" - services: - - download-cache - - bootstrap - - configure-network - - validate-network - - install-os - - configure-os - - run-os - - ovn - - neutron-metadata - - libvirt - - nova - - telemetry - baremetalSetTemplate: - bmhLabelSelector: - app: openstack - ctlplaneInterface: enp1s0 - ctlplaneGateway: 192.168.111.1 - ctlplaneNetmask: 255.255.255.0 - domainName: osptest.openstack.org - bootstrapDns: - - 192.168.111.1 - dnsSearchDomains: - - osptest.openstack.org - nodes: - edpm-compute-0: - hostName: edpm-compute-0 - ansible: - ansibleHost: 192.168.111.100 - ansibleVars: - ctlplane_ip: 192.168.111.100 - internal_api_ip: 172.17.0.100 - storage_ip: 172.18.0.100 - tenant_ip: 172.19.0.100 - fqdn_internal_api: edpm-compute-0.example.com - edpm-compute-1: - hostName: edpm-compute-1 - ansible: - ansibleHost: 192.168.111.101 - ansibleVars: - ctlplane_ip: 192.168.111.101 - internal_api_ip: 172.17.0.101 - storage_ip: 172.18.0.101 - tenant_ip: 172.19.0.101 - fqdn_internal_api: edpm-compute-1.example.com - networkAttachments: - - ctlplane - nodeTemplate: - ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret - ansible: - ansibleUser: cloud-admin - ansiblePort: 22 - ansibleVars: - service_net_map: - nova_api_network: internal_api - nova_libvirt_network: internal_api - timesync_ntp_servers: - - hostname: pool.ntp.org - # edpm_network_config - # Default nic config template for a EDPM compute node - # These vars are edpm_network_config role vars - edpm_network_config_hide_sensitive_logs: false - edpm_network_config_template: | - --- - {% set mtu_list = [ctlplane_mtu] %} - {% for network in role_networks %} - {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} - {%- endfor %} - {% set min_viable_mtu = mtu_list | max %} - network_config: - - type: ovs_bridge - name: {{ neutron_physical_bridge_name }} - mtu: {{ min_viable_mtu }} - use_dhcp: false - dns_servers: {{ ctlplane_dns_nameservers }} - domain: {{ dns_search_domains }} - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} - routes: {{ ctlplane_host_routes }} - members: - - type: interface - name: nic1 - mtu: {{ min_viable_mtu }} - # force the MAC address of the bridge to this interface - primary: true - {% for network in role_networks %} - - type: vlan - mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} - vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} - addresses: - - ip_netmask: - {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} - routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} - {% endfor %} - # These vars are for the network config templates themselves and are - # considered EDPM network defaults. - neutron_physical_bridge_name: br-ex - neutron_public_interface_name: eth0 - ctlplane_mtu: 1500 - ctlplane_subnet_cidr: 24 - ctlplane_gateway_ip: 192.168.111.1 - ctlplane_host_routes: - - ip_netmask: 0.0.0.0/0 - next_hop: 192.168.111.1 - external_mtu: 1500 - external_vlan_id: 44 - external_cidr: '24' - external_host_routes: [] - internal_api_mtu: 1500 - internal_api_vlan_id: 20 - internal_api_cidr: '24' - internal_api_host_routes: [] - storage_mtu: 1500 - storage_vlan_id: 21 - storage_cidr: '24' - storage_host_routes: [] - tenant_mtu: 1500 - tenant_vlan_id: 22 - tenant_cidr: '24' - tenant_host_routes: [] - role_networks: - - InternalApi - - Storage - - Tenant - networks_lower: - External: external - InternalApi: internal_api - Storage: storage - Tenant: tenant - - # edpm_nodes_validation - edpm_nodes_validation_validate_controllers_icmp: false - edpm_nodes_validation_validate_gateway_icmp: false - - ctlplane_dns_nameservers: - - 192.168.111.1 - dns_search_domains: [] - - - gather_facts: false - enable_debug: false - # edpm firewall, change the allowed CIDR if needed - edpm_sshd_configure_firewall: true - edpm_sshd_allowed_ranges: ['192.168.111.0/24'] - # SELinux module - edpm_selinux_mode: enforcing diff --git a/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal_with_ipam.yaml b/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal_with_ipam.yaml index cf6562567..95de02671 100644 --- a/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal_with_ipam.yaml +++ b/config/samples/dataplane_v1beta1_openstackdataplanenodeset_baremetal_with_ipam.yaml @@ -7,8 +7,8 @@ spec: - name: ANSIBLE_FORCE_COLOR value: "True" services: - - download-cache - bootstrap + - download-cache - configure-network - validate-network - install-os @@ -27,6 +27,8 @@ spec: nodes: edpm-compute-0: hostName: edpm-compute-0 + ansible: + ansibleHost: 192.168.122.100 networkAttachments: - ctlplane nodeTemplate: @@ -43,18 +45,7 @@ spec: subnetName: subnet1 managementNetwork: ctlplane ansible: - ansibleUser: cloud-admin - ansiblePort: 22 ansibleVars: - service_net_map: - nova_api_network: internal_api - nova_libvirt_network: internal_api - timesync_ntp_servers: - - hostname: pool.ntp.org - # edpm_network_config - # Default nic config template for a EDPM compute node - # These vars are edpm_network_config role vars - edpm_network_config_hide_sensitive_logs: false edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} @@ -97,7 +88,4 @@ spec: gather_facts: false enable_debug: false # edpm firewall, change the allowed CIDR if needed - edpm_sshd_configure_firewall: true edpm_sshd_allowed_ranges: ['192.168.111.0/24'] - # SELinux module - edpm_selinux_mode: enforcing diff --git a/docs/openstack_dataplanedeployment.md b/docs/openstack_dataplanedeployment.md index 1944bba2c..9bab3261d 100644 --- a/docs/openstack_dataplanedeployment.md +++ b/docs/openstack_dataplanedeployment.md @@ -19,7 +19,7 @@ AnsibleEESpec is a specification of the ansible EE attributes | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| networkAttachments | NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource which allows to connect the ansibleee runner to the given network | []string | false | +| networkAttachments | NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource which allows to connect the ansibleee runner to the given network | []string | true | | openStackAnsibleEERunnerImage | OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image | string | false | | ansibleTags | AnsibleTags for ansible execution | string | false | | ansibleLimit | AnsibleLimit for ansible execution | string | false | @@ -36,7 +36,7 @@ AnsibleOpts defines a logical grouping of Ansible related configuration options. | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| ansibleUser | AnsibleUser SSH user for Ansible connection | string | false | +| ansibleUser | AnsibleUser SSH user for Ansible connection | string | true | | ansibleHost | AnsibleHost SSH host for Ansible connection | string | false | | ansiblePort | AnsiblePort SSH port for Ansible connection | int | false | | ansibleVars | AnsibleVars for configuring ansible | map[string]json.RawMessage | false | @@ -67,7 +67,7 @@ NodeTemplate is a specification of the node attributes that override top level a | ----- | ----------- | ------ | -------- | | ansibleSSHPrivateKeySecret | AnsibleSSHPrivateKeySecret Name of a private SSH key secret containing private SSH key for connecting to node. The named secret must be of the form: Secret.data.ssh-privatekey: | string | true | | networks | Networks - Instance networks | []infranetworkv1.IPSetNetwork | false | -| managementNetwork | ManagementNetwork - Name of network to use for management (SSH/Ansible) | string | false | +| managementNetwork | ManagementNetwork - Name of network to use for management (SSH/Ansible) | string | true | | ansible | Ansible is the group of Ansible related configuration options. | [AnsibleOpts](#ansibleopts) | false | | extraMounts | ExtraMounts containing files which can be mounted into an Ansible Execution Pod | []storage.VolMounts | false | | userData | UserData node specific user-data | *corev1.SecretReference | false | diff --git a/docs/openstack_dataplanenodeset.md b/docs/openstack_dataplanenodeset.md index e8c3e0a5f..5197ada10 100644 --- a/docs/openstack_dataplanenodeset.md +++ b/docs/openstack_dataplanenodeset.md @@ -20,7 +20,7 @@ AnsibleEESpec is a specification of the ansible EE attributes | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| networkAttachments | NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource which allows to connect the ansibleee runner to the given network | []string | false | +| networkAttachments | NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource which allows to connect the ansibleee runner to the given network | []string | true | | openStackAnsibleEERunnerImage | OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image | string | false | | ansibleTags | AnsibleTags for ansible execution | string | false | | ansibleLimit | AnsibleLimit for ansible execution | string | false | @@ -37,7 +37,7 @@ AnsibleOpts defines a logical grouping of Ansible related configuration options. | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| ansibleUser | AnsibleUser SSH user for Ansible connection | string | false | +| ansibleUser | AnsibleUser SSH user for Ansible connection | string | true | | ansibleHost | AnsibleHost SSH host for Ansible connection | string | false | | ansiblePort | AnsiblePort SSH port for Ansible connection | int | false | | ansibleVars | AnsibleVars for configuring ansible | map[string]json.RawMessage | false | @@ -68,7 +68,7 @@ NodeTemplate is a specification of the node attributes that override top level a | ----- | ----------- | ------ | -------- | | ansibleSSHPrivateKeySecret | AnsibleSSHPrivateKeySecret Name of a private SSH key secret containing private SSH key for connecting to node. The named secret must be of the form: Secret.data.ssh-privatekey: | string | true | | networks | Networks - Instance networks | []infranetworkv1.IPSetNetwork | false | -| managementNetwork | ManagementNetwork - Name of network to use for management (SSH/Ansible) | string | false | +| managementNetwork | ManagementNetwork - Name of network to use for management (SSH/Ansible) | string | true | | ansible | Ansible is the group of Ansible related configuration options. | [AnsibleOpts](#ansibleopts) | false | | extraMounts | ExtraMounts containing files which can be mounted into an Ansible Execution Pod | []storage.VolMounts | false | | userData | UserData node specific user-data | *corev1.SecretReference | false | diff --git a/docs/openstack_dataplaneservice.md b/docs/openstack_dataplaneservice.md index d59b7fbee..9740ebad0 100644 --- a/docs/openstack_dataplaneservice.md +++ b/docs/openstack_dataplaneservice.md @@ -20,7 +20,7 @@ AnsibleEESpec is a specification of the ansible EE attributes | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| networkAttachments | NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource which allows to connect the ansibleee runner to the given network | []string | false | +| networkAttachments | NetworkAttachments is a list of NetworkAttachment resource names to pass to the ansibleee resource which allows to connect the ansibleee runner to the given network | []string | true | | openStackAnsibleEERunnerImage | OpenStackAnsibleEERunnerImage image to use as the ansibleEE runner image | string | false | | ansibleTags | AnsibleTags for ansible execution | string | false | | ansibleLimit | AnsibleLimit for ansible execution | string | false | @@ -37,7 +37,7 @@ AnsibleOpts defines a logical grouping of Ansible related configuration options. | Field | Description | Scheme | Required | | ----- | ----------- | ------ | -------- | -| ansibleUser | AnsibleUser SSH user for Ansible connection | string | false | +| ansibleUser | AnsibleUser SSH user for Ansible connection | string | true | | ansibleHost | AnsibleHost SSH host for Ansible connection | string | false | | ansiblePort | AnsiblePort SSH port for Ansible connection | int | false | | ansibleVars | AnsibleVars for configuring ansible | map[string]json.RawMessage | false | @@ -68,7 +68,7 @@ NodeTemplate is a specification of the node attributes that override top level a | ----- | ----------- | ------ | -------- | | ansibleSSHPrivateKeySecret | AnsibleSSHPrivateKeySecret Name of a private SSH key secret containing private SSH key for connecting to node. The named secret must be of the form: Secret.data.ssh-privatekey: | string | true | | networks | Networks - Instance networks | []infranetworkv1.IPSetNetwork | false | -| managementNetwork | ManagementNetwork - Name of network to use for management (SSH/Ansible) | string | false | +| managementNetwork | ManagementNetwork - Name of network to use for management (SSH/Ansible) | string | true | | ansible | Ansible is the group of Ansible related configuration options. | [AnsibleOpts](#ansibleopts) | false | | extraMounts | ExtraMounts containing files which can be mounted into an Ansible Execution Pod | []storage.VolMounts | false | | userData | UserData node specific user-data | *corev1.SecretReference | false | diff --git a/tests/functional/openstackdataplanenodeset_controller_test.go b/tests/functional/openstackdataplanenodeset_controller_test.go index 5b9afab15..de8d43b20 100644 --- a/tests/functional/openstackdataplanenodeset_controller_test.go +++ b/tests/functional/openstackdataplanenodeset_controller_test.go @@ -141,7 +141,7 @@ var _ = Describe("Dataplane NodeSet Test", func() { NodeTemplate: dataplanev1.NodeTemplate{ AnsibleSSHPrivateKeySecret: "dataplane-ansible-ssh-private-key-secret", Networks: nil, - ManagementNetwork: "", + ManagementNetwork: "ctlplane", Ansible: dataplanev1.AnsibleOpts{ AnsibleUser: "", AnsibleHost: "",