openqa/worker: add NM-based tap setup and test on p09-worker01

network-scripts-openvswitch was removed in f40 and network-scripts is going away in f41; we really need to get off using them. This attempts to implement the same setup using NetworkManager, based on a few different NM/ovs references, and the source of openQA upstream's os-autoinst-setup-multi-machine . It might need a bit of tweaking, so for now, we make it a separate task and use it only on p09-worker01 for testing. This doesn't handle tearing down the old network-scripts-based config as that's pretty complex and will only need to happen once; I'll do it manually before trying this out. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2024-07-25 13:50:39 -07:00 · 2024-07-25 13:50:39 -07:00 · 690a5eb951
commit 690a5eb951
parent 2ea8ffa760
4 changed files with 79 additions and 1 deletions
--- a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org
+++ b/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org
@ -57,3 +57,5 @@ sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
 tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153']
 # this box is encrypted
 openqa_nbde: true
+# testing nm deployment
+openqa_tap_nm: true
--- a/roles/openqa/worker/defaults/main.yml
+++ b/roles/openqa/worker/defaults/main.yml
@ -3,4 +3,5 @@ openqa_repo: updates
 openqa_createhdds_branch: main
 openqa_nfs_worker: false
 openqa_tap: ""
+openqa_tap_nm: false
 openqa_hdds_worker: false
--- a/roles/openqa/worker/tasks/main.yml
+++ b/roles/openqa/worker/tasks/main.yml
@ -167,7 +167,10 @@
  when: openqa_nfs_worker|bool

 - include_tasks: tap-setup.yml
-  when: openqa_tap
+  when: "openqa_tap and not openqa_tap_nm|bool"
+
+- include_tasks: tap-setup-nm.yml
+  when: "openqa_tap and openqa_tap_nm|bool"

 - name: Tell git it's OK for _openqa-worker to run 'git' on the test dir
  copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
--- a/roles/openqa/worker/tasks/tap-setup-nm.yml
+++ b/roles/openqa/worker/tasks/tap-setup-nm.yml
@ -0,0 +1,72 @@
+- name: Install packages
+  package:
+    name: ['os-autoinst-openvswitch', 'tunctl', 'NetworkManager-ovs']
+    state: latest
+    enablerepo: "{{ openqa_repo }}"
+  tags:
+  - packages
+  register: packages
+
+- name: Ensure NetworkManager service is enabled and started
+  service: name=NetworkManager enabled=yes state=started
+
+- name: Restart NetworkManager service if we just installed or updated packages
+  service: name=NetworkManager state=restarted
+  when: "(packages is defined) and (packages is changed)"
+
+- name: Enable ipv4_forward in sysctl
+  sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes
+
+- name: Start openvswitch service
+  service: name=openvswitch enabled=yes state=started
+
+- name: Create openvswitch bridge
+  community.general.nmcli:
+    conn_name: ovs-br
+    ifname: br0
+    type: ovs-bridge
+    state: present
+
+- name: Create openvswitch port for openvswitch bridge
+  community.general.nmcli:
+    conn_name: ovs-br-port
+    ifname: br0
+    master: br0
+    type: ovs-port
+    state: present
+
+- name: Create openvswitch interface for openvswitch bridge
+  community.general.nmcli:
+    conn_name: ovs-br-if
+    ifname: br0
+    master: br0
+    ip4: '172.16.2.2/15'
+    type: ovs-interface
+    state: present
+
+- name: Create openvswitch ports for tap devices
+  community.general.nmcli:
+    conn_name: ovs-tap{{ item }}-port
+    ifname: tap{{ item }}
+    master: br0
+    type: ovs-port
+    state: present
+  with_sequence: start=0 end={{ openqa_workers | int }}
+
+# nmcli collection does not support tun type
+- name: Check whether tap device interface connection profiles exist
+  shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)"
+  register: tapsexist
+  changed_when: "1 != 1"
+  failed_when: "1 != 1"
+
+- name: Create openvswitch interfaces for tap devices
+  shell: "nmcli con add type tun mode tap owner '$(id -u _openqa-worker)' group '$(getent group nogroup | cut -f3 -d:)' con.int 'tap{{ item }}' master 'tap{{ item }}'"
+  with_sequence: start=0 end={{ openqa_workers | int }}
+  when: tapsexist.rc > 0
+
+- name: Install openvswitch sysconfig file
+  copy: src=os-autoinst-openvswitch.sysconfig dest=/etc/sysconfig/os-autoinst-openvswitch owner=root group=root mode=0644
+
+- name: Enable and start os-autoinst openvswitch service
+  service: name=os-autoinst-openvswitch enabled=yes state=started