From 5cfd2ba5aef07e31efc6695a8f987a1b7391ba66 Mon Sep 17 00:00:00 2001
From: Pierre Riteau <pierre@stackhpc.com>
Date: Fri, 18 Dec 2020 09:54:35 +0100
Subject: [PATCH] Fixes for CentOS 8.3

* Bump stackhpc.libvirt-host to v1.7.1. On seed-hypervisors installed
  using CentOS 8.2 or earlier, interaction with libvirt may fail due to
  libgcrypt being incompatible. See
  https://github.com/stackhpc/ansible-role-libvirt-host/issues/42

* Bump MichaelRigart.interfaces to v1.9.2. The CentOS 8.3 cloud image
  includes an ifcfg-ens3-1 file. See
  https://github.com/michaelrigart/ansible-role-interfaces/pull/93

* Previously a second libvirt daemon was installed by Tenks on the host,
  however changes in libvirt 6.0.0 to separate libvirtd into multiple
  daemons do not allow for customisation of the PID files used by the
  new daemons. This leads to a conflict between the container and host
  daemons. Update the Tenks config to use the containerised Nova libvirt
  daemon. This depends on a change to the stackhpc.libvirt-host role:
  https://github.com/stackhpc/ansible-role-libvirt-host/pull/44

* Not CentOS 8.3 related, but tox jobs are now failing on python
  dependencies. Remove upper limits from docker and paramiko. Update
  hacking which is requiring an old version of ansible-lint through the
  new pip dependency resolver (cherry picked from commit
  7b605851349a8c469d11d0f9daacc0f56474d23f).

This also includes a backport of the following change:

CI: add dummy1 port for seed upgrade and VM jobs

For some reason this configuration was omitted or incomplete in these
jobs. Without this configuration, Kayobe development configuration adds
eth1 to the breth1 bridge if it exists, or leaves the bridge without a
port otherwise. This can lead to network connectivity issues, if the IP
address of eth1 becomes inaccessible when it is added to breth1.

This change fixes the issue by ensuring that the dummy1 interface
exists, and configuring the aio network to add it to breth1 as a port,
instead of eth1.

Backported Change-Id: I47115e5d8d1fb448cb9e46dc43b56c64987e428b
(cherry picked from commit 0766df1673da0cc8c3a3d3d03e357ec5836e2d94)

Depends-On: https://review.opendev.org/c/openstack/kayobe/+/767600

Story: 2008429
Task: 41378

Change-Id: Ie8fd965165e8d347d27528a2c16d0647e412ccdc
(cherry picked from commit 4398856ec80ae765e805df9aab7d6f2105a34009)
---
 bindep.txt                                    |  2 ++
 dev/tenks-deploy-config-compute.yml           | 20 +++++++++++++------
 .../kayobe-seed-upgrade-base/overrides.yml.j2 |  8 ++++++++
 playbooks/kayobe-seed-upgrade-base/pre.yml    |  8 ++++++++
 .../kayobe-seed-vm-base/overrides.yml.j2      |  7 +++++++
 .../notes/centos-8.3-89d07c8f8db5b17b.yaml    |  4 ++++
 requirements.yml                              |  4 ++--
 test-requirements.txt                         |  6 +++---
 tools/run-bashate.sh                          |  4 +++-
 9 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100644 bindep.txt
 create mode 100644 releasenotes/notes/centos-8.3-89d07c8f8db5b17b.yaml

diff --git a/bindep.txt b/bindep.txt
new file mode 100644
index 000000000..e05653404
--- /dev/null
+++ b/bindep.txt
@@ -0,0 +1,2 @@
+libpcre3-dev [platform:dpkg test]
+pcre-devel [platform:rpm test]
diff --git a/dev/tenks-deploy-config-compute.yml b/dev/tenks-deploy-config-compute.yml
index 2ff60889f..d73ae9800 100644
--- a/dev/tenks-deploy-config-compute.yml
+++ b/dev/tenks-deploy-config-compute.yml
@@ -34,10 +34,18 @@ physnet_mappings:
 deploy_kernel: ipa.kernel
 deploy_ramdisk: ipa.initramfs
 
-# Use a custom socket path to avoid a conflict with the nova_libvirt kolla
-# container which bind mounts /var/run/libvirt.
-libvirt_custom_socket_path: /var/run/libvirt-tenks
+# Use the libvirt daemon deployed by Kolla Ansible in the nova_libvirt
+# container. Tenks will install libvirt client packages.
+libvirt_host_install_daemon: false
 
-# Nested virtualisation is not working well in CI currently. Force the use of
-# QEMU.
-libvirt_vm_engine: "qemu"
+# QEMU may not be installed on the host, so set the path and avoid
+# autodetection.
+libvirt_vm_emulator: "/usr/libexec/qemu-kvm"
+
+# Specify a log path in the kolla_logs Docker volume. It is accessible on the
+# host at the same path.
+libvirt_vm_default_console_log_dir: "/var/log/kolla/tenks"
+
+# Console logs are owned by the ID of the Nova user in the nova_libvirt
+# container.
+libvirt_vm_log_owner: 42436
diff --git a/playbooks/kayobe-seed-upgrade-base/overrides.yml.j2 b/playbooks/kayobe-seed-upgrade-base/overrides.yml.j2
index f501782c5..c88b54808 100644
--- a/playbooks/kayobe-seed-upgrade-base/overrides.yml.j2
+++ b/playbooks/kayobe-seed-upgrade-base/overrides.yml.j2
@@ -14,6 +14,7 @@ kolla_ansible_source_url: "{{ ansible_env.PWD ~ '/' ~ zuul.projects['opendev.org
 kolla_ansible_source_version: "{{ zuul.projects['opendev.org/openstack/kolla-ansible'].checkout }}"
 pip_upper_constraints_file: "/tmp/upper-constraints.txt"
 {% endif %}
+kolla_openstack_logging_debug: True
 
 # NOTE(mgoddard): We're using a cirros image, which doesn't require the
 # resolv.conf work around used for CentOS.
@@ -22,3 +23,10 @@ overcloud_host_image_workaround_resolv_enabled: false
 # Use the CI infra's PyPI mirror.
 pip_local_mirror: true
 pip_index_url: "http://{{ zuul_site_mirror_fqdn }}/pypi/simple"
+
+# NOTE(mgoddard): CentOS 8 removes interfaces from their bridge during ifdown,
+# and removes the bridge if there are no interfaces left. When Kayobe bounces
+# veth links plugged into the bridge, it causes the bridge which has the IP we
+# are using for SSH to be removed. Use a dummy interface.
+aio_bridge_ports:
+  - dummy1
diff --git a/playbooks/kayobe-seed-upgrade-base/pre.yml b/playbooks/kayobe-seed-upgrade-base/pre.yml
index c38f7beb3..3d7c5af81 100644
--- a/playbooks/kayobe-seed-upgrade-base/pre.yml
+++ b/playbooks/kayobe-seed-upgrade-base/pre.yml
@@ -29,3 +29,11 @@
         - "ip l add breth1 type bridge"
         - "ip l set breth1 up"
         - "ip a add 192.168.33.5/24 dev breth1"
+        # NOTE(mgoddard): CentOS 8 removes interfaces from their bridge during
+        # ifdown, and removes the bridge if there are no interfaces left. When
+        # Kayobe bounces veth links plugged into the bridge, it causes the
+        # bridge which has the IP we are using for SSH to be removed. Use a
+        # dummy interface.
+        - "ip l add dummy1 type dummy"
+        - "ip l set dummy1 up"
+        - "ip l set dummy1 master breth1"
diff --git a/playbooks/kayobe-seed-vm-base/overrides.yml.j2 b/playbooks/kayobe-seed-vm-base/overrides.yml.j2
index 22061d14e..cb7594011 100644
--- a/playbooks/kayobe-seed-vm-base/overrides.yml.j2
+++ b/playbooks/kayobe-seed-vm-base/overrides.yml.j2
@@ -42,3 +42,10 @@ seed_vm_configdrive_device: disk
 # /etc/network/interfaces.
 configdrive_os_family: Debian
 configdrive_debian_network_interfaces_supports_glob: false
+
+# NOTE(mgoddard): CentOS 8 removes interfaces from their bridge during ifdown,
+# and removes the bridge if there are no interfaces left. When Kayobe bounces
+# veth links plugged into the bridge, it causes the bridge which has the IP we
+# are using for SSH to be removed. Use a dummy interface.
+aio_bridge_ports:
+  - dummy1
diff --git a/releasenotes/notes/centos-8.3-89d07c8f8db5b17b.yaml b/releasenotes/notes/centos-8.3-89d07c8f8db5b17b.yaml
new file mode 100644
index 000000000..a5883e2d7
--- /dev/null
+++ b/releasenotes/notes/centos-8.3-89d07c8f8db5b17b.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    Fixes a number of issues with using Kayobe on CentOS 8.3.
diff --git a/requirements.yml b/requirements.yml
index e79a01a4a..42d28a33b 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -5,7 +5,7 @@
   # There are no versioned releases of this role.
   version: 8438592c84585c86e62ae07e526d3da53629b377
 - src: MichaelRigart.interfaces
-  version: v1.6.0
+  version: v1.9.2
 - src: mrlesmithjr.manage-lvm
   version: v0.1.4
 - src: mrlesmithjr.mdadm
@@ -22,7 +22,7 @@
 - src: stackhpc.grafana-conf
   version: 1.1.0
 - src: stackhpc.libvirt-host
-  version: v1.7.0
+  version: v1.7.1
 - src: stackhpc.libvirt-vm
   version: v1.13.0
 - src: stackhpc.luks
diff --git a/test-requirements.txt b/test-requirements.txt
index a2229e97d..b7415e4a7 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -6,11 +6,11 @@ ansible-lint==4.2.0 # MIT
 bashate>=0.2 # Apache-2.0
 coverage>=4.0 # Apache-2.0
 doc8 # Apache-2.0
-docker<3 # Apache-2.0
-hacking>=0.12.0,<0.13 # Apache-2.0
+docker # Apache-2.0
+hacking>=3.0,<3.1.0 # Apache-2.0
 molecule<3 # MIT
 oslotest>=1.10.0 # Apache-2.0
 # paramiko 2.5.0 makes the kayobe-tox-molecule job fail.
-paramiko<2.5.0
+paramiko
 stestr # Apache-2.0
 yamllint # GPLv3
diff --git a/tools/run-bashate.sh b/tools/run-bashate.sh
index 897228c81..6bda1c654 100755
--- a/tools/run-bashate.sh
+++ b/tools/run-bashate.sh
@@ -3,5 +3,7 @@
 # Ignore E006 -- line length greater than 80 char
 
 ROOT=$(readlink -fn $(dirname $0)/.. )
+# NOTE(priteau): ignore E010 because it fails on one-liner bash loops:
+# https://bugs.launchpad.net/bash8/+bug/1895102
 find $ROOT -not -wholename \*.tox/\* -and -not -wholename \*.test/\* \
-    -and -name \*.sh -print0 | xargs -0 bashate -v --ignore E006
+    -and -name \*.sh -print0 | xargs -0 bashate -v --ignore E006 --ignore E010