From aeb1dbf1dd1b0f035b499130c12af867b16d0478 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Tue, 29 Nov 2022 19:47:30 +0100
Subject: [PATCH] Add coordination to octavia

This also enables usage of amphorav2 when coordination is
available.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-zookeeper/+/867049
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/867052
Change-Id: I1234d36c58da3f6754cda1951ee4cc49f979ae0c
---
 defaults/main.yml                             | 14 ++++++++++++++
 .../octavia_jobboard-6fce898eac4f15d4.yaml    |  8 ++++++++
 tasks/main.yml                                |  5 +++++
 tasks/octavia_db_sync.yml                     |  7 +++++++
 templates/octavia.conf.j2                     | 19 ++++++++++++++++++-
 vars/main.yml                                 | 11 +++++++++++
 6 files changed, 63 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/octavia_jobboard-6fce898eac4f15d4.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index aa7a9f9d..6a289381 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -71,6 +71,7 @@ octavia_db_setup_python_interpreter: "{{ openstack_db_setup_python_interpreter |
 octavia_galera_address: "{{ galera_address | default('127.0.0.1') }}"
 octavia_galera_user: octavia
 octavia_galera_database: octavia
+octavia_galera_persistence_database: octavia_persistence
 octavia_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 octavia_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('') }}"
 octavia_db_max_overflow: "{{ openstack_db_max_overflow | default('50') }}"
@@ -79,6 +80,16 @@ octavia_db_pool_timeout: "{{ openstack_db_pool_timeout | default('30') }}"
 octavia_db_connection_recycle_time: "{{ openstack_db_connection_recycle_time | default('600') }}"
 octavia_galera_port: "{{ galera_port | default('3306') }}"
 
+## Coordination info
+# NOTE: Only Zookeeper and Redis are supported for Octavia
+octavia_coordination_driver: "{{ coordination_driver | default('zookeeper') }}"
+octavia_coordination_group: "{{ coordination_host_group | default('zookeeper_all') }}"
+octavia_coordination_enable: "{{ octavia_coordination_group in groups and groups[octavia_coordination_group] | length > 0 }}"
+octavia_coordination_namespace: octavia_jobboard
+octavia_coordination_client_ssl: "{{ coordination_client_ssl | default(True) }}"
+octavia_coordination_verify_cert: "{{ coordination_verify_cert | default(True) }}"
+octavia_coordination_port: "{{ coordination_port | default(octavia_coordination_client_ssl | ternary('2281', '2181')) }}"
+
 ## Oslo Messaging
 
 # RPC
@@ -179,6 +190,7 @@ octavia_pip_packages:
   - python-octaviaclient
   - "git+{{ octavia_git_repo }}@{{ octavia_git_install_branch }}#egg=octavia"
   - systemd-python
+  - "tooz[{{ octavia_coordination_driver }}]"
 
 # Memcached override
 octavia_memcached_servers: "{{ memcached_servers }}"
@@ -424,6 +436,8 @@ octavia_uwsgi_bind_address: "{{ openstack_service_bind_address | default('0.0.0.
 octavia_api_uwsgi_ini_overrides: {}
 
 # Set up the drivers
+octavia_enabled_provider_drivers: "{{ _octavia_enabled_provider_drivers }}"
+octavia_default_provider_driver: "{{ (octavia_coordination_enable | bool) | ternary('amphorav2', 'amphora') }}"
 octavia_amphora_driver: amphora_haproxy_rest_driver
 octavia_compute_driver: compute_nova_driver
 octavia_network_driver: allowed_address_pairs_driver
diff --git a/releasenotes/notes/octavia_jobboard-6fce898eac4f15d4.yaml b/releasenotes/notes/octavia_jobboard-6fce898eac4f15d4.yaml
new file mode 100644
index 00000000..7b3ae0ba
--- /dev/null
+++ b/releasenotes/notes/octavia_jobboard-6fce898eac4f15d4.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    With adding zookeeper as coordination backend Octavia will be configured
+    to use amphorav2 as default provider driver. This will result in creating
+    a new database and jobboard configuration. You can control database name
+    with variable ``octavia_galera_persistence_database`` and existing octavia
+    db user will be granted ALL permissions to that database.
diff --git a/tasks/main.yml b/tasks/main.yml
index e86da0c3..a4fa59db 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -70,6 +70,11 @@
         users:
           - username: "{{ octavia_galera_user }}"
             password: "{{ octavia_container_mysql_password }}"
+      - name: "{{ octavia_galera_persistence_database }}"
+        condition: "{{ octavia_coordination_enable | bool }}"
+        users:
+          - username: "{{ octavia_galera_user }}"
+            password: "{{ octavia_container_mysql_password }}"
   tags:
     - always
 
diff --git a/tasks/octavia_db_sync.yml b/tasks/octavia_db_sync.yml
index 132aea45..9680ee47 100644
--- a/tasks/octavia_db_sync.yml
+++ b/tasks/octavia_db_sync.yml
@@ -18,3 +18,10 @@
   become: yes
   become_user: "{{ octavia_system_user_name }}"
   changed_when: false
+
+- name: Perform a octavia DB sync
+  command: "{{ octavia_bin }}/octavia-db-manage upgrade_persistence"
+  become: yes
+  become_user: "{{ octavia_system_user_name }}"
+  changed_when: false
+  when: octavia_coordination_enable | bool
diff --git a/templates/octavia.conf.j2 b/templates/octavia.conf.j2
index c5732a56..74ca8478 100644
--- a/templates/octavia.conf.j2
+++ b/templates/octavia.conf.j2
@@ -14,6 +14,9 @@ auth_strategy = {{ octavia_auth_strategy }}
 # Allow users to create TLS Terminated listeners?
 allow_tls_terminated_listeners = {{ octavia_tls_listener_enabled }}
 
+default_provider_driver = {{ octavia_default_provider_driver }}
+enabled_provider_drivers = {{ octavia_enabled_provider_drivers }}
+
 [oslo_messaging]
 topic = octavia_prov
 
@@ -113,9 +116,23 @@ loadbalancer_topology = {{ octavia_loadbalancer_topology }}
 
 
 [task_flow]
-# engine = serial
 max_workers = {{ octavia_task_flow_max_workers }}
 
+{% if octavia_coordination_enable %}
+persistence_connection = mysql+pymysql://{{ octavia_galera_user }}:{{ octavia_container_mysql_password }}@{{ octavia_galera_address }}/{{ octavia_galera_persistence_database }}?charset=utf8{% if octavia_galera_use_ssl | bool %}&ssl_verify_cert=true{% if octavia_galera_ssl_ca_cert | length > 0 %}&ssl_ca={{ octavia_galera_ssl_ca_cert }}{% endif %}{% endif +%}
+jobboard_enabled = True
+jobboard_backend_driver = {{ _octavia_jobboard_driver_map[octavia_coordination_driver] }}
+jobboard_backend_hosts = {{ groups[octavia_coordination_group] | map('extract', hostvars, 'ansible_host') | list | join(',') }}
+jobboard_backend_port = {{ octavia_coordination_port }}
+jobboard_backend_namespace = {{ octavia_coordination_namespace }}
+
+{% if octavia_coordination_driver == 'zookeeper' %}
+jobboard_zookeeper_ssl_options = use_ssl:{{ octavia_coordination_client_ssl | bool }},verify_certs:{{ octavia_coordination_verify_cert | bool }}
+{% endif %}
+{% if octavia_coordination_driver == 'redis' %}
+jobboard_redis_backend_ssl_options = ssl:{{ octavia_coordination_client_ssl | bool }},ssl_cert_reqs:{{ octavia_coordination_verify_cert | ternary('required', 'None') }}
+{% endif %}
+{% endif %}
 
 [service_auth]
 insecure = {{ keystone_service_internaluri_insecure | bool }}
diff --git a/vars/main.yml b/vars/main.yml
index 10631a86..cb840628 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -72,3 +72,14 @@ _octavia_legacy_policies:
     "load-balancer:read-quota": "rule:admin_or_owner"
     "load-balancer:read-quota-global": "is_admin:True"
     "load-balancer:write-quota": "is_admin:True"
+
+_octavia_jobboard_driver_map:
+  zookeeper: zookeeper_taskflow_driver
+  redis: redis_taskflow_driver
+
+_octavia_enabled_provider_drivers: |-
+  {% set drivers = ["amphora:'The Octavia Amphora driver.'", "octavia:'Deprecated name of Amphora driver.'"] %}
+  {% if (octavia_coordination_enable | bool) %}
+  {%   set _ = drivers.append("amphorav2:'The Octavia Amphora v2 driver.'") %}
+  {% endif %}
+  {{ drivers | join(',') }}