From 0b4ddeeceaa086e9d23ae47a63ed07709c4b4b6e Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Thu, 25 Apr 2024 15:45:38 +0200
Subject: [PATCH] Add independent set of variables for guestagent configuration

As it's recommended to have an independent RabbitMQ cluster for Trove
Guestagent, we need to make it possible to easily use also different
user/password set for it.

It's also important to control quorum queues independently, as migration
between quorum queues and classic queues for guestagent cluster
is quite cumbersome and potentially should be avoided as might
bring severe disturbances.

Change-Id: Ib68778a8cb8535d7400be04f02d332ba0344d20e
---
 defaults/main.yml                             | 24 +++++++++++++++++--
 doc/source/configure-trove.rst                |  9 ++++---
 ..._guest_quorum_queues-bdba87bbe0fba3f3.yaml | 21 ++++++++++++++++
 tasks/main.yml                                | 24 +++++++++++++++++++
 templates/trove-guestagent.conf.j2            |  6 ++---
 vars/main.yml                                 | 11 +++++++++
 6 files changed, 85 insertions(+), 10 deletions(-)
 create mode 100644 releasenotes/notes/trove_guest_quorum_queues-bdba87bbe0fba3f3.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index a23f854..54a0b69 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -160,6 +160,7 @@ trove_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }
 trove_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}"
 trove_oslomsg_rabbit_quorum_delivery_limit: "{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}"
 trove_oslomsg_rabbit_quorum_max_memory_bytes: "{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}"
+trove_guest_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}"
 
 ## Qdrouterd integration
 # TODO(ansmith): Change structure when more backends will be supported
@@ -189,20 +190,39 @@ trove_provider_network: >-
 # The name of the network interface
 trove_provider_net_iface: "{{ (is_metal | bool) | ternary(trove_provider_network['container_bridge'], trove_provider_network['container_interface']) }}"
 trove_guest_endpoint_type: public
+
+# Guestagent RPC configuration
 trove_guest_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
 trove_guest_oslomsg_rpc_servers: >-
   {{
     groups[trove_guest_rpc_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_')
       ) | map(attribute='ipv4.address') | join(',')
   }}
-trove_guest_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}"
+trove_guest_oslomsg_rpc_use_ssl: "{{ trove_oslomsg_rpc_use_ssl }}"
+trove_guest_oslomsg_rpc_port: "{{ trove_oslomsg_rpc_port }}"
+trove_guest_oslomsg_rpc_userid: "{{ trove_oslomsg_rpc_userid }}"
+trove_guest_oslomsg_rpc_password: "{{ trove_oslomsg_rpc_password }}"
+trove_guest_oslomsg_rpc_ssl_version: "{{ trove_oslomsg_rpc_ssl_version }}"
+trove_guest_oslomsg_rpc_ssl_ca_file: "{{ trove_oslomsg_rpc_ssl_ca_file }}"
+trove_guest_oslomsg_rpc_vhost:
+  - name: /trove
+    state: "{{ trove_guest_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}"
+  - name: trove
+    state: "{{ trove_guest_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}"
+
 trove_guest_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
 trove_guest_oslomsg_notify_servers: >-
   {{
     groups[trove_guest_notify_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_')
       ) | map(attribute='ipv4.address') | join(',')
   }}
-trove_guest_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}"
+trove_guest_oslomsg_notify_use_ssl: "{{ trove_oslomsg_notify_use_ssl }}"
+trove_guest_oslomsg_notify_port: "{{ trove_oslomsg_notify_port }}"
+trove_guest_oslomsg_notify_userid: "{{ trove_oslomsg_notify_userid }}"
+trove_guest_oslomsg_notify_password: "{{ trove_oslomsg_notify_password }}"
+trove_guest_oslomsg_notify_vhost: "{{ trove_guest_oslomsg_rpc_vhost }}"
+trove_guest_oslomsg_notify_ssl_version: "{{ trove_oslomsg_notify_ssl_version }}"
+trove_guest_oslomsg_notify_ssl_ca_file: "{{ trove_oslomsg_notify_ssl_ca_file }}"
 
 # Trove image settings.
 # Set the directory where the downloaded images will be stored
diff --git a/doc/source/configure-trove.rst b/doc/source/configure-trove.rst
index 37a621c..a49d4c8 100644
--- a/doc/source/configure-trove.rst
+++ b/doc/source/configure-trove.rst
@@ -154,9 +154,9 @@ to:
 
 #. Add to the dbaas network mapping for the new group:
 
-.. code-block:: yaml
+    .. code-block:: yaml
 
-     - network:
+      - network:
         container_bridge: "br-dbaas"
         container_type: "veth"
         container_interface: "eth14"
@@ -187,9 +187,8 @@ to:
 
     .. code-block:: yaml
 
-        oslomsg_rpc_host_group: trove_rabbitmq
-        oslomsg_rpc_servers: "{{ groups[oslomsg_rpc_host_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}"
-        trove_guest_oslomsg_notify_servers: "{{ rabbitmq_servers }}"
+        trove_guest_rpc_host_group: trove_rabbitmq
+        trove_guest_oslomsg_rpc_password: SecretPassword
 
 #. Run playbooks to create rabbitmq containers and deploy cluster on them
 
diff --git a/releasenotes/notes/trove_guest_quorum_queues-bdba87bbe0fba3f3.yaml b/releasenotes/notes/trove_guest_quorum_queues-bdba87bbe0fba3f3.yaml
new file mode 100644
index 0000000..e92db91
--- /dev/null
+++ b/releasenotes/notes/trove_guest_quorum_queues-bdba87bbe0fba3f3.yaml
@@ -0,0 +1,21 @@
+---
+features:
+  - |
+    Trove role introduced variables to independently configure RPC/Notification
+    communication for Guest Agent:
+    - trove_guest_oslomsg_rabbit_quorum_queues
+    - trove_guest_oslomsg_rpc_port
+    - trove_guest_oslomsg_rpc_userid
+    - trove_guest_oslomsg_rpc_password
+    - trove_guest_oslomsg_rpc_vhost
+upgrade:
+  - |
+    It is highly recommended to explicitly disable
+    ``trove_guest_oslomsg_rabbit_quorum_queues`` during upgrade in case
+    ``oslomsg_rabbit_quorum_queues: True``, which is default behaviour
+    since 2024.1 (Caracal).
+    Migration to Quorum queues for Trove Guestagent is not supported and
+    might be troublesome, as already spawned agents will not reload
+    configuration.
+    New deployments though may utilize quorum queues from the very
+    beginning safely.
diff --git a/tasks/main.yml b/tasks/main.yml
index cfb9b32..061af98 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -85,6 +85,30 @@
   tags:
     - always
 
+- name: Including osa.mq_setup role
+  include_role:
+    name: openstack.osa.mq_setup
+    apply:
+      tags:
+        - common-mq
+        - trove-agent-config
+  when:
+    - _trove_is_first_play_host
+    - (trove_oslomsg_rpc_host_group != trove_guest_rpc_host_group) or (trove_oslomsg_notify_host_group != trove_guest_notify_host_group)
+  vars:
+    _oslomsg_rpc_setup_host: "{{ trove_guest_rpc_host_group }}"
+    _oslomsg_rpc_userid: "{{ trove_guest_oslomsg_rpc_userid }}"
+    _oslomsg_rpc_password: "{{ trove_guest_oslomsg_rpc_password }}"
+    _oslomsg_rpc_vhost: "{{ trove_guest_oslomsg_rpc_vhost }}"
+    _oslomsg_rpc_transport: "{{ trove_oslomsg_rpc_transport }}"
+    _oslomsg_notify_setup_host: "{{ trove_guest_notify_host_group }}"
+    _oslomsg_notify_userid: "{{ trove_guest_oslomsg_notify_userid }}"
+    _oslomsg_notify_password: "{{ trove_guest_oslomsg_notify_password }}"
+    _oslomsg_notify_vhost: "{{ trove_guest_oslomsg_notify_vhost }}"
+    _oslomsg_notify_transport: "{{ trove_oslomsg_notify_transport }}"
+  tags:
+    - always
+
 - name: Importing trove_pre_install tasks
   import_tasks: trove_pre_install.yml
   tags:
diff --git a/templates/trove-guestagent.conf.j2 b/templates/trove-guestagent.conf.j2
index ef51ed4..7910be4 100644
--- a/templates/trove-guestagent.conf.j2
+++ b/templates/trove-guestagent.conf.j2
@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 [DEFAULT]
 control_exchange = {{ trove_control_exchange }}
-transport_url = {{ trove_oslomsg_rpc_transport }}://{% for host in trove_guest_oslomsg_rpc_servers.split(',') %}{{ trove_oslomsg_rpc_userid }}:{{ trove_oslomsg_rpc_password }}@{{ host }}:{{ trove_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _trove_oslomsg_rpc_vhost_conf }}{% if trove_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ trove_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ trove_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
+transport_url = {{ trove_oslomsg_rpc_transport }}://{% for host in trove_guest_oslomsg_rpc_servers.split(',') %}{{ trove_guest_oslomsg_rpc_userid }}:{{ trove_guest_oslomsg_rpc_password }}@{{ host }}:{{ trove_guest_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _trove_guest_oslomsg_rpc_vhost_conf }}{% if trove_guest_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ trove_guest_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ trove_guest_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
 
 {% if trove_swift_enabled is defined %}
 swift_url = {{ trove_guest_swift_url }}
@@ -31,7 +31,7 @@ user_domain_name = {{ trove_service_user_domain_name }}
 # Connect over SSL for RabbitMQ. (boolean value)
 # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
 ssl = {{ trove_guest_oslomsg_rpc_use_ssl }}
-rabbit_quorum_queue = {{ trove_oslomsg_rabbit_quorum_queues }}
+rabbit_quorum_queue = {{ trove_guest_oslomsg_rabbit_quorum_queues }}
 rabbit_quorum_delivery_limit = {{ trove_oslomsg_rabbit_quorum_delivery_limit }}
 rabbit_quorum_max_memory_bytes = {{ trove_oslomsg_rabbit_quorum_max_memory_bytes }}
 
@@ -45,4 +45,4 @@ rabbit_quorum_max_memory_bytes = {{ trove_oslomsg_rabbit_quorum_max_memory_bytes
 {% endif %}
 topics = {{ notification_topics | join(',') }}
 driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }}
-transport_url = {{ trove_oslomsg_notify_transport }}://{% for host in trove_guest_oslomsg_notify_servers.split(',') %}{{ trove_oslomsg_notify_userid }}:{{ trove_oslomsg_notify_password }}@{{ host }}:{{ trove_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _trove_oslomsg_notify_vhost_conf }}{% if trove_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ trove_oslomsg_notify_ssl_version }}&ssl_ca_file={{ trove_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
+transport_url = {{ trove_oslomsg_notify_transport }}://{% for host in trove_guest_oslomsg_notify_servers.split(',') %}{{ trove_guest_oslomsg_notify_userid }}:{{ trove_guest_oslomsg_notify_password }}@{{ host }}:{{ trove_guest_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _trove_guest_oslomsg_notify_vhost_conf }}{% if trove_guest_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ trove_guest_oslomsg_notify_ssl_version }}&ssl_ca_file={{ trove_guest_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
diff --git a/vars/main.yml b/vars/main.yml
index 2f96935..eeba3d1 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -35,6 +35,17 @@ _trove_oslomsg_notify_vhost_conf: >-
       trove_oslomsg_notify_vhost, trove_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first)
   }}
 
+_trove_guest_oslomsg_rpc_vhost_conf: >-
+  {{
+    (trove_guest_oslomsg_rpc_vhost is string) | ternary(
+      trove_guest_oslomsg_rpc_vhost, trove_guest_oslomsg_rpc_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first)
+  }}
+_trove_guest_oslomsg_notify_vhost_conf: >-
+  {{
+    (trove_guest_oslomsg_notify_vhost is string) | ternary(
+      trove_guest_oslomsg_notify_vhost, trove_guest_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first)
+  }}
+
 filtered_trove_services: |-
   {% set services = [] %}
   {% for key, value in trove_services.items() %}