Add independent set of variables for guestagent configuration

As it's recommended to have an independent RabbitMQ cluster for Trove
Guestagent, we need to make it possible to easily use also different
user/password set for it.

It's also important to control quorum queues independently, as migration
between quorum queues and classic queues for guestagent cluster
is quite cumbersome and potentially should be avoided as might
bring severe disturbances.

Change-Id: Ib68778a8cb8535d7400be04f02d332ba0344d20e
This commit is contained in:
Dmitriy Rabotyagov 2024-04-25 15:45:38 +02:00 committed by Dmitriy Rabotyagov
parent 110feb6128
commit 0b4ddeecea
6 changed files with 85 additions and 10 deletions

View File

@ -160,6 +160,7 @@ trove_oslomsg_notify_ssl_ca_file: "{{ oslomsg_notify_ssl_ca_file | default('') }
trove_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}" trove_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}"
trove_oslomsg_rabbit_quorum_delivery_limit: "{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}" trove_oslomsg_rabbit_quorum_delivery_limit: "{{ oslomsg_rabbit_quorum_delivery_limit | default(0) }}"
trove_oslomsg_rabbit_quorum_max_memory_bytes: "{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}" trove_oslomsg_rabbit_quorum_max_memory_bytes: "{{ oslomsg_rabbit_quorum_max_memory_bytes | default(0) }}"
trove_guest_oslomsg_rabbit_quorum_queues: "{{ oslomsg_rabbit_quorum_queues | default(True) }}"
## Qdrouterd integration ## Qdrouterd integration
# TODO(ansmith): Change structure when more backends will be supported # TODO(ansmith): Change structure when more backends will be supported
@ -189,20 +190,39 @@ trove_provider_network: >-
# The name of the network interface # The name of the network interface
trove_provider_net_iface: "{{ (is_metal | bool) | ternary(trove_provider_network['container_bridge'], trove_provider_network['container_interface']) }}" trove_provider_net_iface: "{{ (is_metal | bool) | ternary(trove_provider_network['container_bridge'], trove_provider_network['container_interface']) }}"
trove_guest_endpoint_type: public trove_guest_endpoint_type: public
# Guestagent RPC configuration
trove_guest_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}" trove_guest_rpc_host_group: "{{ oslomsg_rpc_host_group | default('rabbitmq_all') }}"
trove_guest_oslomsg_rpc_servers: >- trove_guest_oslomsg_rpc_servers: >-
{{ {{
groups[trove_guest_rpc_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_') groups[trove_guest_rpc_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_')
) | map(attribute='ipv4.address') | join(',') ) | map(attribute='ipv4.address') | join(',')
}} }}
trove_guest_oslomsg_rpc_use_ssl: "{{ oslomsg_rpc_use_ssl | default(False) }}" trove_guest_oslomsg_rpc_use_ssl: "{{ trove_oslomsg_rpc_use_ssl }}"
trove_guest_oslomsg_rpc_port: "{{ trove_oslomsg_rpc_port }}"
trove_guest_oslomsg_rpc_userid: "{{ trove_oslomsg_rpc_userid }}"
trove_guest_oslomsg_rpc_password: "{{ trove_oslomsg_rpc_password }}"
trove_guest_oslomsg_rpc_ssl_version: "{{ trove_oslomsg_rpc_ssl_version }}"
trove_guest_oslomsg_rpc_ssl_ca_file: "{{ trove_oslomsg_rpc_ssl_ca_file }}"
trove_guest_oslomsg_rpc_vhost:
- name: /trove
state: "{{ trove_guest_oslomsg_rabbit_quorum_queues | ternary('absent', 'present') }}"
- name: trove
state: "{{ trove_guest_oslomsg_rabbit_quorum_queues | ternary('present', 'absent') }}"
trove_guest_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}" trove_guest_notify_host_group: "{{ oslomsg_notify_host_group | default('rabbitmq_all') }}"
trove_guest_oslomsg_notify_servers: >- trove_guest_oslomsg_notify_servers: >-
{{ {{
groups[trove_guest_notify_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_') groups[trove_guest_notify_host_group] | map('extract', hostvars, 'ansible_facts') | map(attribute=trove_provider_net_iface | replace('-','_')
) | map(attribute='ipv4.address') | join(',') ) | map(attribute='ipv4.address') | join(',')
}} }}
trove_guest_oslomsg_notify_use_ssl: "{{ oslomsg_notify_use_ssl | default(False) }}" trove_guest_oslomsg_notify_use_ssl: "{{ trove_oslomsg_notify_use_ssl }}"
trove_guest_oslomsg_notify_port: "{{ trove_oslomsg_notify_port }}"
trove_guest_oslomsg_notify_userid: "{{ trove_oslomsg_notify_userid }}"
trove_guest_oslomsg_notify_password: "{{ trove_oslomsg_notify_password }}"
trove_guest_oslomsg_notify_vhost: "{{ trove_guest_oslomsg_rpc_vhost }}"
trove_guest_oslomsg_notify_ssl_version: "{{ trove_oslomsg_notify_ssl_version }}"
trove_guest_oslomsg_notify_ssl_ca_file: "{{ trove_oslomsg_notify_ssl_ca_file }}"
# Trove image settings. # Trove image settings.
# Set the directory where the downloaded images will be stored # Set the directory where the downloaded images will be stored

View File

@ -187,9 +187,8 @@ to:
.. code-block:: yaml .. code-block:: yaml
oslomsg_rpc_host_group: trove_rabbitmq trove_guest_rpc_host_group: trove_rabbitmq
oslomsg_rpc_servers: "{{ groups[oslomsg_rpc_host_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}" trove_guest_oslomsg_rpc_password: SecretPassword
trove_guest_oslomsg_notify_servers: "{{ rabbitmq_servers }}"
#. Run playbooks to create rabbitmq containers and deploy cluster on them #. Run playbooks to create rabbitmq containers and deploy cluster on them

View File

@ -0,0 +1,21 @@
---
features:
- |
Trove role introduced variables to independently configure RPC/Notification
communication for Guest Agent:
- trove_guest_oslomsg_rabbit_quorum_queues
- trove_guest_oslomsg_rpc_port
- trove_guest_oslomsg_rpc_userid
- trove_guest_oslomsg_rpc_password
- trove_guest_oslomsg_rpc_vhost
upgrade:
- |
It is highly recommended to explicitly disable
``trove_guest_oslomsg_rabbit_quorum_queues`` during upgrade in case
``oslomsg_rabbit_quorum_queues: True``, which is default behaviour
since 2024.1 (Caracal).
Migration to Quorum queues for Trove Guestagent is not supported and
might be troublesome, as already spawned agents will not reload
configuration.
New deployments though may utilize quorum queues from the very
beginning safely.

View File

@ -85,6 +85,30 @@
tags: tags:
- always - always
- name: Including osa.mq_setup role
include_role:
name: openstack.osa.mq_setup
apply:
tags:
- common-mq
- trove-agent-config
when:
- _trove_is_first_play_host
- (trove_oslomsg_rpc_host_group != trove_guest_rpc_host_group) or (trove_oslomsg_notify_host_group != trove_guest_notify_host_group)
vars:
_oslomsg_rpc_setup_host: "{{ trove_guest_rpc_host_group }}"
_oslomsg_rpc_userid: "{{ trove_guest_oslomsg_rpc_userid }}"
_oslomsg_rpc_password: "{{ trove_guest_oslomsg_rpc_password }}"
_oslomsg_rpc_vhost: "{{ trove_guest_oslomsg_rpc_vhost }}"
_oslomsg_rpc_transport: "{{ trove_oslomsg_rpc_transport }}"
_oslomsg_notify_setup_host: "{{ trove_guest_notify_host_group }}"
_oslomsg_notify_userid: "{{ trove_guest_oslomsg_notify_userid }}"
_oslomsg_notify_password: "{{ trove_guest_oslomsg_notify_password }}"
_oslomsg_notify_vhost: "{{ trove_guest_oslomsg_notify_vhost }}"
_oslomsg_notify_transport: "{{ trove_oslomsg_notify_transport }}"
tags:
- always
- name: Importing trove_pre_install tasks - name: Importing trove_pre_install tasks
import_tasks: trove_pre_install.yml import_tasks: trove_pre_install.yml
tags: tags:

View File

@ -1,7 +1,7 @@
# {{ ansible_managed }} # {{ ansible_managed }}
[DEFAULT] [DEFAULT]
control_exchange = {{ trove_control_exchange }} control_exchange = {{ trove_control_exchange }}
transport_url = {{ trove_oslomsg_rpc_transport }}://{% for host in trove_guest_oslomsg_rpc_servers.split(',') %}{{ trove_oslomsg_rpc_userid }}:{{ trove_oslomsg_rpc_password }}@{{ host }}:{{ trove_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _trove_oslomsg_rpc_vhost_conf }}{% if trove_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ trove_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ trove_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} transport_url = {{ trove_oslomsg_rpc_transport }}://{% for host in trove_guest_oslomsg_rpc_servers.split(',') %}{{ trove_guest_oslomsg_rpc_userid }}:{{ trove_guest_oslomsg_rpc_password }}@{{ host }}:{{ trove_guest_oslomsg_rpc_port }}{% if not loop.last %},{% else %}/{{ _trove_guest_oslomsg_rpc_vhost_conf }}{% if trove_guest_oslomsg_rpc_use_ssl | bool %}?ssl=1&ssl_version={{ trove_guest_oslomsg_rpc_ssl_version }}&ssl_ca_file={{ trove_guest_oslomsg_rpc_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}
{% if trove_swift_enabled is defined %} {% if trove_swift_enabled is defined %}
swift_url = {{ trove_guest_swift_url }} swift_url = {{ trove_guest_swift_url }}
@ -31,7 +31,7 @@ user_domain_name = {{ trove_service_user_domain_name }}
# Connect over SSL for RabbitMQ. (boolean value) # Connect over SSL for RabbitMQ. (boolean value)
# Deprecated group/name - [DEFAULT]/rabbit_use_ssl # Deprecated group/name - [DEFAULT]/rabbit_use_ssl
ssl = {{ trove_guest_oslomsg_rpc_use_ssl }} ssl = {{ trove_guest_oslomsg_rpc_use_ssl }}
rabbit_quorum_queue = {{ trove_oslomsg_rabbit_quorum_queues }} rabbit_quorum_queue = {{ trove_guest_oslomsg_rabbit_quorum_queues }}
rabbit_quorum_delivery_limit = {{ trove_oslomsg_rabbit_quorum_delivery_limit }} rabbit_quorum_delivery_limit = {{ trove_oslomsg_rabbit_quorum_delivery_limit }}
rabbit_quorum_max_memory_bytes = {{ trove_oslomsg_rabbit_quorum_max_memory_bytes }} rabbit_quorum_max_memory_bytes = {{ trove_oslomsg_rabbit_quorum_max_memory_bytes }}
@ -45,4 +45,4 @@ rabbit_quorum_max_memory_bytes = {{ trove_oslomsg_rabbit_quorum_max_memory_bytes
{% endif %} {% endif %}
topics = {{ notification_topics | join(',') }} topics = {{ notification_topics | join(',') }}
driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }} driver = {{ (notification_topics | length > 0) | ternary('messagingv2', 'noop') }}
transport_url = {{ trove_oslomsg_notify_transport }}://{% for host in trove_guest_oslomsg_notify_servers.split(',') %}{{ trove_oslomsg_notify_userid }}:{{ trove_oslomsg_notify_password }}@{{ host }}:{{ trove_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _trove_oslomsg_notify_vhost_conf }}{% if trove_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ trove_oslomsg_notify_ssl_version }}&ssl_ca_file={{ trove_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %} transport_url = {{ trove_oslomsg_notify_transport }}://{% for host in trove_guest_oslomsg_notify_servers.split(',') %}{{ trove_guest_oslomsg_notify_userid }}:{{ trove_guest_oslomsg_notify_password }}@{{ host }}:{{ trove_guest_oslomsg_notify_port }}{% if not loop.last %},{% else %}/{{ _trove_guest_oslomsg_notify_vhost_conf }}{% if trove_guest_oslomsg_notify_use_ssl | bool %}?ssl=1&ssl_version={{ trove_guest_oslomsg_notify_ssl_version }}&ssl_ca_file={{ trove_guest_oslomsg_notify_ssl_ca_file }}{% else %}?ssl=0{% endif %}{% endif %}{% endfor %}

View File

@ -35,6 +35,17 @@ _trove_oslomsg_notify_vhost_conf: >-
trove_oslomsg_notify_vhost, trove_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first) trove_oslomsg_notify_vhost, trove_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first)
}} }}
_trove_guest_oslomsg_rpc_vhost_conf: >-
{{
(trove_guest_oslomsg_rpc_vhost is string) | ternary(
trove_guest_oslomsg_rpc_vhost, trove_guest_oslomsg_rpc_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first)
}}
_trove_guest_oslomsg_notify_vhost_conf: >-
{{
(trove_guest_oslomsg_notify_vhost is string) | ternary(
trove_guest_oslomsg_notify_vhost, trove_guest_oslomsg_notify_vhost | selectattr('state', 'eq', 'present') | map(attribute='name') | first)
}}
filtered_trove_services: |- filtered_trove_services: |-
{% set services = [] %} {% set services = [] %}
{% for key, value in trove_services.items() %} {% for key, value in trove_services.items() %}