Skip to content

Playbooks & scripts for building, registering and rotating octavia amphora images #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Playbooks & scripts for building, registering and rotating octavia amphora images #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
25397c6
octavia: add playbooks to build and register amphora images
markgoddard Dec 17, 2021
9b4ecb4
Add a script to fail over octavia load balancers
markgoddard Dec 17, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
95 changes: 95 additions & 0 deletions octavia-amphora-image-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
---
- name: Build an Octavia Amphora image
hosts: seed
tasks:
- name: Ensure packages are installed
become: true
vars:
packages_for_os_family:
RedHat:
- debootstrap
- qemu-img
- git
- e2fsprogs
- policycoreutils-python-utils
- yum-utils
Debian:
- debootstrap
- qemu-utils
- git
- kpartx
package:
name: "{{ packages_for_os_family[ansible_facts.os_family] }}"

- name: Create a temporary directory
tempfile:
state: directory
register: tempfile_result

- block:
- name: Check whether the image cache directory exists
stat:
path: "{{ image_cache_path }}"
get_md5: False
get_checksum: False
mime: False
register: image_cache_stat

- name: Ensure the image cache directory exists
file:
path: "{{ image_cache_path }}"
state: directory
owner: "{{ ansible_facts.user_uid }}"
group: "{{ ansible_facts.user_gid }}"
become: true
when: >-
not image_cache_stat.stat.exists or
not image_cache_stat.stat.writeable

- name: Set path facts
vars:
work_path: "{{ tempfile_result.path }}"
set_fact:
src_path: "{{ work_path }}/octavia"
venv_path: "{{ work_path }}/venv"
work_path: "{{ work_path }}"

- name: Clone Octavia source code
git:
depth: 1
dest: "{{ src_path }}"
repo: "https://opendev.org/openstack/octavia"
version: "{{ openstack_branch }}"

- name: Install diskimage-builder in a virtual environment
pip:
name: diskimage-builder
# NOTE: Ussuri-Wallably upper constraints all fail to build the image.
# This is just for diskimage-builder, and doesn't affect the version of amphora.
extra_args: "-c https://opendev.org/openstack/requirements/raw/branch/stable/xena/upper-constraints.txt"
virtualenv: "{{ venv_path }}"

- name: Create build log file (/var/log/octavia-amphora-image-build.log)
file:
path: /var/log/octavia-amphora-image-build.log
state: touch
owner: "{{ ansible_facts.user_uid }}"
owner: "{{ ansible_facts.user_gid }}"
become: true

- name: Create the Amphora image
shell:
cmd: "source {{ venv_path }}/bin/activate && ./diskimage-create.sh -i ubuntu-minimal -s 3 -g {{ openstack_branch }} >> /var/log/octavia-amphora-image-build.log 2>&1"
chdir: "{{ src_path }}/diskimage-create"
changed_when: true

- name: Copy image to image store
copy:
src: "{{ src_path }}/diskimage-create/amphora-x64-haproxy.qcow2"
dest: "{{ image_cache_path }}/amphora-x64-haproxy-{{ openstack_release }}.qcow2"
remote_src: true
always:
- name: Remove temporary files
file:
path: "{{ work_path }}"
state: absent
79 changes: 79 additions & 0 deletions octavia-amphora-image-register.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
---
- name: Register an Octavia Amphora image in Glance
gather_facts: yes
hosts: seed
vars:
venv: "{{ virtualenv_path }}/octavia-amphora"
tasks:
- name: Fail if not using octavia user and service project
fail:
msg: >-
Source the octavia-openrc.sh file before executing this playbook
when: >-
lookup('env', 'OS_USERNAME') != 'octavia' or
lookup('env', 'OS_PROJECT_NAME') != 'service'

- name: Set up openstack virtualenv
pip:
virtualenv: "{{ venv }}"
name:
- openstacksdk
- python-openstackclient
state: latest
extra_args: "{% if pip_upper_constraints_file %}-c {{ pip_upper_constraints_file }}{% endif %}"

- name: Query Octavia Amphora image
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
os_image_info:
auth_type: password
auth: "{{ openstack_auth }}"
ca_cert: "{{ openstack_cacert }}"
interface: "{{ openstack_interface }}"
image: amphora-x64-haproxy.qcow2
register: image_info

- name: Get image checksum
stat:
path: "{{ image_cache_path }}/amphora-x64-haproxy-{{ openstack_release }}.qcow2"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason to include the qcow2 file extension in the image name?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrong line, see: https://github.com/stackhpc/kayobe-ops/pull/12/files#diff-e5ac2a54d5ef4bca658be8fff362434d7d5155f62c23e1b7106198e815f0ff76R64

checksum_algorithm: md5
changed_when: false
register: image_checksum
when: image_info.openstack_image

- name: Ensure Octavia Amphora image is renamed
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
shell:
cmd: >-
{{ venv }}/bin/openstack image set amphora-x64-haproxy.qcow2 --name amphora-x64-haproxy-{{ ansible_facts.date_time.iso8601_basic_short }}.qcow2
when:
- image_info.openstack_image
- image_info.openstack_image.checksum != image_checksum.stat.checksum
changed_when: true
environment: "{{ openstack_auth_env }}"

- name: Ensure Octavia Amphora image is registered
vars:
ansible_python_interpreter: "{{ venv }}/bin/python"
os_image:
auth_type: password
auth: "{{ openstack_auth }}"
ca_cert: "{{ openstack_cacert }}"
interface: "{{ openstack_interface }}"
name: amphora-x64-haproxy.qcow2
container_format: bare
disk_format: qcow2
is_public: no
filename: "{{ image_cache_path }}/amphora-x64-haproxy-{{ openstack_release }}.qcow2"
properties:
hw_architecture: x86_64
hw_rng_model: virtio

# FIXME: Use 'tags' parameter of os_image module available from
# openstack.cloud.image 1.5.0.
- name: Ensure Octavia Amphora image is tagged
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we untag the old image? This seems to trigger a warning:

https://github.com/openstack/octavia/blob/bd01ad94dcea3eca7636f1286ceed0753b563a28/octavia/image/drivers/glance_driver.py#L65

This isn't mentioned in the docs and would appear not to have a negative impact as it seems like it would just select the image that was uploaded last.

shell:
cmd: >-
{{ venv }}/bin/openstack image set amphora-x64-haproxy.qcow2 --tag amphora
environment: "{{ openstack_auth_env }}"
18 changes: 18 additions & 0 deletions tools/loadbalancer-failover.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/bin/bash

# Fail over octavia loadbalancers to the latest amphora image.

set -ex

expected_image=$(openstack image show amphora-x64-haproxy.qcow2 -f value -c id)

openstack loadbalancer amphora list --status ALLOCATED -f value -c id | while read a; do
image=$(openstack loadbalancer amphora show $a -f value -c image_id)
if [[ $image != "None" ]] && [[ $image != $expected_image ]]; then
lb_id=$(openstack loadbalancer amphora show $a -f value -c loadbalancer_id)
echo "Failing over loadbalancer $lb_id (amphora $a)"
if ! openstack loadbalancer failover $lb_id --wait; then
echo "Failed failing over loadbalancer $lb_id"
fi
fi
done