Merge branch 'main' into PUC-503

.github/workflows/code-test.yaml

@@ -7,7 +7,7 @@ on:
     paths:
       - "python/**"
       - ".github/workflows/code-test.yaml"
-  pull_request_target:
+  pull_request:
     paths:
       - "python/**"
       - ".github/workflows/code-test.yaml"
@@ -45,7 +45,7 @@ jobs:
           cache: "poetry"
       - run: poetry install --sync --with test
       - run: poetry build
-      - run: "poetry run pytest --cov-report xml:coverage.xml"
+      - run: "poetry run pytest --cov --cov-report xml:coverage.xml"
       - uses: orgoro/coverage@3f13a558c5af7376496aa4848bf0224aead366ac # v3.2
         with:
           coverageFile: python/${{ matrix.project }}/coverage.xml

components/glance/aio-values.yaml

@@ -59,6 +59,7 @@ manifests:
   pod_rally_test: false
   secret_db: false
   secret_keystone: true
+  service_ingress_api: false
 
 # We don't want to enable OpenStack Helm's
 # helm.sh/hooks because they set them as

components/horizon/aio-values.yaml

@@ -32,6 +32,8 @@ dependencies:
 
 manifests:
   job_db_init: false
+  secret_db: false
+  service_ingress: false
 
 # We don't want to enable OpenStack Helm's
 # helm.sh/hooks because they set them as

components/ironic/aio-values.yaml

@@ -129,6 +129,7 @@ manifests:
   secret_db: false
   secret_rabbitmq: false
   secret_registry: false
+  service_ingress_api: false
 
 pod:
   mounts:

components/keystone/aio-values.yaml

@@ -10,12 +10,6 @@ bootstrap:
           --user="${OS_USERNAME}" \
           --domain="${OS_DEFAULT_DOMAIN}" \
           "admin"
-    # TODO: only create this actually requested
-    # create 'demo' user with sufficient permissions
-    openstack user create --or-show --password demo --email '[email protected]' demo
-    openstack user set --email '[email protected]' demo
-    # add 'demo' user to 'ucadmin' group
-    openstack group add user ucadmin demo
     # create 'argoworkflow' user
     # credentials for ironic-nautobot-sync and other argo workflows
     openstack project create undercloud --or-show
@@ -90,6 +84,13 @@ bootstrap:
     openstack role add --group ucadmin --domain default admin
     openstack role add --group ucadmin --project undercloud admin
 
+    # TODO: only create this actually requested
+    # create 'demo' user with sufficient permissions
+    openstack user create --or-show --password demo --email '[email protected]' demo
+    openstack user set --email '[email protected]' demo
+    # add 'demo' user to 'ucadmin' group
+    openstack group add user ucadmin demo
+
 network:
   # configure OpenStack Helm to use Undercloud's ingress
   # instead of expecting the ingress controller provided
@@ -304,6 +305,11 @@ endpoints:
       name: rabbitmq-server
     hosts:
       default: rabbitmq-nodes
+  identity:
+    # upstream uses 'keystone' here which causes traffic to go via an internal ingress
+    # which is wired back to keystone-api via the service_ingress_api manifest. just
+    # go direct to the service
+    default: keystone-api
 
 manifests:
   job_credential_cleanup: false
@@ -312,6 +318,7 @@ manifests:
   pod_rally_test: false
   secret_db: false
   secret_keystone: true
+  service_ingress_api: false
 
 # we don't want to enable OpenStack Helm's
 # helm.sh/hooks because they set them as

components/neutron/aio-values.yaml

@@ -98,6 +98,7 @@ manifests:
   daemonset_bgp_dragent: false
   daemonset_netns_cleanup_cron: false
   deployment_ironic_agent: true
+  service_ingress_server: false
 
 # We don't want to enable OpenStack Helm's
 # helm.sh/hooks because they set them as

components/nova/aio-values.yaml

@@ -116,6 +116,8 @@ manifests:
   secret_db_cell0: true
   secret_db: true
   secret_keystone: true
+  service_ingress_metadata: false
+  service_ingress_osapi: false
   daemonset_compute: false
   statefulset_compute_ironic: true
 

components/placement/aio-values.yaml

@@ -25,6 +25,8 @@ pod:
 
 manifests:
   job_db_init: false
+  secret_db: false
+  service_ingress: false
 
 # We don't want to enable OpenStack Helm's
 # helm.sh/hooks because they set them as

containers/argo_utils/README.md

@@ -24,7 +24,7 @@ however they will likely fail until a proper get-bmc-creds Workflow is created.
 
 ## Example
 ```bash
-argo -n argo-events submit --from workflowtemplate/get-device-nautobot --parameter hostname=host.domain.local
+argo -n argo-events submit --from workflowtemplate/get-device-nautobot --parameter device_id=1de4f169-9848-4d8e-921b-65338c1e00ca
 
 Name:                get-device-nautobot-g5wlz
 Namespace:           argo-events
@@ -33,7 +33,7 @@ Status:              Pending
 Created:             Tue Apr 23 13:50:57 -0400 (now)
 Progress:
 Parameters:
-  hostname:          some-host.domain.local
+  device_id:         1de4f169-9848-4d8e-921b-65338c1e00ca
 ```
 
 ```bash
@@ -52,7 +52,7 @@ Finished:            Tue Apr 23 13:51:27 -0400 (8 seconds ago)
 Duration:            30 seconds
 Progress:            1/1
 Parameters:
-  hostname:          some-host.domain.local
+  device_id:         1de4f169-9848-4d8e-921b-65338c1e00ca
 
 STEP                          TEMPLATE           PODNAME  DURATION  MESSAGE
  ✔ get-device-nautobot-g5wlz  main

containers/argo_utils/code/argo_python/__init__.py

@@ -45,7 +45,7 @@ def create_secret(self, name: str, data: Dict, persist=False) -> str:
             try:
                 # if KUBERNETES_POD_UID is not explicitly defined in the container env, pod get permissions will need
                 # be set for the service account running this workflow
-                owner_name = os.environ["HOSTNAME"]
+                owner_name = os.environ["DEVICE_ID"]
                 owner_id = os.getenv("KUBERNETES_POD_UID")
                 if not owner_id:
                     owner_metadata = self.get_pod(owner_name)

containers/bmc-utils/README.md

@@ -8,7 +8,7 @@ The WorkflowTemplates provided in this directory were created to provide common
 
 ## Example
 ```bash
-argo -n argo-events submit --from  workflowtemplate/bmc-sync-creds --parameter hostname=host.domain.local
+argo -n argo-events submit --from  workflowtemplate/bmc-sync-creds --parameter device_id=1de4f169-9848-4d8e-921b-65338c1e00ca
 
 # TODO: Once we merge changes we will need to update these example with bmc-sync-creds events
 Name:                obm-sync-creds-wrn2c
@@ -18,7 +18,7 @@ Status:              Pending
 Created:             Tue Apr 23 14:24:07 -0400 (now)
 Progress:
 Parameters:
-  hostname:          host.domain.local
+  device_id:         1de4f169-9848-4d8e-921b-65338c1e00ca
 ```
 
 ```bash
@@ -36,7 +36,7 @@ Duration:            58 seconds
 Progress:            2/3
 ResourcesDuration:   0s*(1 cpu),5s*(100Mi memory)
 Parameters:
-  hostname:          host.domain.local
+  device_id:         1de4f169-9848-4d8e-921b-65338c1e00ca
 
 # TODO: Once we merge changes we will need to update these example with bmc-sync-creds events
 STEP                         TEMPLATE                 PODNAME                                         DURATION  MESSAGE

containers/bmc-utils/requirements.txt

@@ -1,4 +1,4 @@
 requests==2.32.3
-pynautobot==2.1.1
+pynautobot==2.2.1
 sushy==5.2.0
 IdracRedfishSupport==0.0.8

docs/component-argo-workflows.md

@@ -8,12 +8,12 @@ set of WorkflowTemplates below.
 
 | WorkflowTemplate      | Description                                               | Input                   | Output     |   |
 |---------------------- |-----------------------------------------------------------|-------------------------|------------|---|
-| get-device-nautobot   | Return Device Information from Nautobot                   | hostname                | device     |   |
-| get-bmc-creds         | Get BMC credentials for the target Device                 | hostname                | secret     | * |
-| get-bmc-ip            | Get BMC IP address for target Device                      | hostname                | ip         |   |
-| nautobot-api          | HTTP Template Workflow to query the Nautobot API          | method,nautobot_url,uri | result     |   |
-| bmc-firmware-update   | Update BMC firmware on target Device                      | hostname                |            |   |
-| bmc-sync-creds        | Sync's a devices BMC password with what we have on record | hostname                |            |   |
+| get-device-nautobot   | Return Device Information from Nautobot                   | device_id                | device     |   |
+| get-bmc-creds         | Get BMC credentials for the target Device                 | device_id                | secret     | * |
+| get-bmc-ip            | Get BMC IP address for target Device                      | device_id                | ip         |   |
+| nautobot-api          | HTTP Template Workflow to query the Nautobot API          | method,nautobot_url,uri  | result     |   |
+| bmc-firmware-update   | Update BMC firmware on target Device                      | device_id                |            |   |
+| bmc-sync-creds        | Sync's a devices BMC password with what we have on record | device_id                |            |   |
 
 \* WorkflowTemplate which requires a manual / custom implementation.
 
@@ -62,7 +62,7 @@ Argo Workflows has a CLI and the installation instrucutions can be found [here](
 Usage:
 
 ```bash
-argo -n argo-events submit --from workflowtemplate/get-device-nautobot --parameter hostname=host.domain.local
+argo -n argo-events submit --from workflowtemplate/get-device-nautobot --parameter device_id=1de4f169-9848-4d8e-921b-65338c1e00ca
 
 Name:                get-device-nautobot-g5wlz
 Namespace:           argo-events
@@ -71,7 +71,7 @@ Status:              Pending
 Created:             Tue Apr 23 13:50:57 -0400 (now)
 Progress:
 Parameters:
-  hostname:          host.domain.local
+  device_id:         1de4f169-9848-4d8e-921b-65338c1e00ca
 ```
 
 ```bash
@@ -90,7 +90,7 @@ Finished:            Tue Apr 23 13:51:27 -0400 (8 seconds ago)
 Duration:            30 seconds
 Progress:            1/1
 Parameters:
-  hostname:          host.domain.local
+  device_id:         1de4f169-9848-4d8e-921b-65338c1e00ca
 
 STEP                          TEMPLATE           PODNAME  DURATION  MESSAGE
  ✔ get-device-nautobot-g5wlz  main

operators/external-secrets/kustomization.yaml

@@ -7,5 +7,5 @@ helmCharts:
   includeCRDs: true
   namespace: external-secrets
   releaseName: external-secrets
-  version: 0.9.20
+  version: 0.10.3
   repo: https://charts.external-secrets.io

operators/rabbitmq-system/cluster-operator/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - https://github.com/rabbitmq/cluster-operator/releases/download/v2.10.0/cluster-operator.yml
+
+# this needs to be here to remove the namespace from the above
+# because the cluster-operator defines the same namespace and it would conflict
+patches:
+- patch: |-
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: rabbitmq-system
+    $patch: delete

operators/rabbitmq-system/kustomization.yaml

@@ -1,19 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-
 resources:
-  - https://github.com/rabbitmq/cluster-operator/releases/latest/download/cluster-operator.yml
-
-# this needs to be here to remove the namespace from the above
-# because the messaging-topology-operator defines the same namespace and it would conflict
-patches:
-- patch: |-
-    apiVersion: v1
-    kind: Namespace
-    metadata:
-      name: rabbitmq-system
-    $patch: delete
-
-# have to put this after the patch above
-resources:  # yamllint disable-line rule:key-duplicates
-  - https://github.com/rabbitmq/messaging-topology-operator/releases/download/v1.13.0/messaging-topology-operator-with-certmanager.yaml
+- cluster-operator/
+- messaging-topology/

operators/rabbitmq-system/messaging-topology/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - https://github.com/rabbitmq/messaging-topology-operator/releases/download/v1.13.0/messaging-topology-operator-with-certmanager.yaml
+# this needs to be here to remove the namespace from the above
+# because the messaging-topology-operator defines the same namespace and it would conflict
+patches:
+- patch: |-
+    apiVersion: v1
+    kind: Namespace
+    metadata:
+      name: rabbitmq-system
+    $patch: delete

operators/rook/values-cluster.yaml

@@ -20,7 +20,7 @@ cephBlockPools:
     storageClass:
       enabled: true
       name: ceph-block-replicated
-      isDefault: false
+      isDefault: true
       reclaimPolicy: Retain
       allowVolumeExpansion: true
       volumeBindingMode: "Immediate"

python/neutron-understack/neutron_understack/tests/conftest.py

@@ -0,0 +1,26 @@
+import random
+import uuid
+
+import pytest
+
+
+@pytest.fixture
+def device_id() -> uuid.UUID:
+    return uuid.uuid4()
+
+
+@pytest.fixture
+def mac_address() -> str:
+    return (
+        f"{random.randint(0, 255):02x}:"
+        f"{random.randint(0, 255):02x}:"
+        f"{random.randint(0, 255):02x}:"
+        f"{random.randint(0, 255):02x}:"
+        f"{random.randint(0, 255):02x}:"
+        f"{random.randint(0, 255):02x}"
+    )
+
+
+@pytest.fixture
+def network_id() -> uuid.UUID:
+    return uuid.uuid4()

python/neutron-understack/neutron_understack/tests/test_neutron_understack_mech.py

@@ -2,32 +2,33 @@
 
 import pytest
 
-from neutron_understack.neutron_understack_mech import UnderstackDriver
 from neutron_understack.argo.workflows import ArgoClient
+from neutron_understack.neutron_understack_mech import UnderstackDriver
 
 
 @pytest.fixture
 def argo_client() -> ArgoClient:
     return MagicMock(spec_set=ArgoClient)
 
 
-def test_move_to_network__provisioning(argo_client):
+def test_move_to_network__provisioning(argo_client, device_id, network_id, mac_address):
     driver = UnderstackDriver()
     driver._move_to_network(
         vif_type="other",
-        mac_address="fa:16:3e:35:1c:3d",
-        device_uuid="41d18c6a-5548-4ee9-926f-4e3ebf43153f",
-        network_id="c2702769-5592-4555-8ae6-e670db82c31e",
+        mac_address=mac_address,
+        device_uuid=str(device_id),
+        network_id=str(network_id),
         argo_client=argo_client,
     )
 
     argo_client.submit.assert_called_once_with(
         template_name="undersync-device",
         entrypoint="trigger-undersync",
         parameters={
-            "interface_mac": "fa:16:3e:35:1c:3d",
-            "device_uuid": "41d18c6a-5548-4ee9-926f-4e3ebf43153f",
+            "interface_mac": mac_address,
+            "device_uuid": str(device_id),
             "network_name": "tenant",
+            "network_id": str(network_id),
             "dry_run": True,
             "force": False,
         },

python/neutron-understack/pyproject.toml

@@ -1,3 +1,7 @@
+[build-system]
+requires = ["poetry-core>=1.0.0", "poetry-dynamic-versioning>=1.0.0,<2.0.0"]
+build-backend = "poetry_dynamic_versioning.backend"
+
 [tool.poetry]
 name = "neutron-understack"
 version = "0.1.0"
@@ -64,3 +68,6 @@ ignore = [
 [tool.ruff.lint.pydocstyle]
 # enable the google doc style rules by default
 convention = "google"
+
+[tool.poetry.plugins."neutron.ml2.mechanism_drivers"]
+understack = "neutron_understack.neutron_understack_mech:UnderstackDriver"