diff --git a/.github/workflows/molecule.yaml b/.github/workflows/molecule.yaml index 01bf34624..5fdcd2dfd 100644 --- a/.github/workflows/molecule.yaml +++ b/.github/workflows/molecule.yaml @@ -29,6 +29,7 @@ jobs: - edpm_nftables - edpm_nodes_validation - edpm_ovn + - edpm_neutron_metadata - edpm_sshd - edpm_ssh_known_hosts - edpm_timezone diff --git a/playbooks/neutron_metadata.yaml b/playbooks/neutron_metadata.yaml new file mode 100644 index 000000000..076d4989e --- /dev/null +++ b/playbooks/neutron_metadata.yaml @@ -0,0 +1,11 @@ +--- +- name: Deploy EDPM Neutron Metadata agent + hosts: all + strategy: linear + become: true + tasks: + - name: Neutron Metadata agent + import_role: + name: osp.edpm.edpm_neutron_metadata + tags: + - edpm_neutron_metadata \ No newline at end of file diff --git a/roles/edpm_download_cache/tasks/container_images.yml b/roles/edpm_download_cache/tasks/container_images.yml index 81b2e28f7..e6a5dec85 100644 --- a/roles/edpm_download_cache/tasks/container_images.yml +++ b/roles/edpm_download_cache/tasks/container_images.yml @@ -24,6 +24,14 @@ - edpm_ovn - download_cache +- name: Download images for edpm_neutron_metadata role + ansible.builtin.include_role: + name: osp.edpm.edpm_neutron_metadata + tasks_from: download_cache.yml + tags: + - edpm_neutron_metadata + - download_cache + - name: Download images for edpm_multipathd role ansible.builtin.include_role: name: osp.edpm.edpm_multipathd diff --git a/roles/edpm_neutron_metadata/OWNERS b/roles/edpm_neutron_metadata/OWNERS new file mode 100644 index 000000000..f5da27625 --- /dev/null +++ b/roles/edpm_neutron_metadata/OWNERS @@ -0,0 +1,6 @@ +# See the OWNERS docs at https://go.k8s.io/owners +approvers: + - network-approvers + +reviewers: + - network-approvers diff --git a/roles/edpm_neutron_metadata/defaults/main.yml b/roles/edpm_neutron_metadata/defaults/main.yml new file mode 100644 index 000000000..efeb6d8b1 --- /dev/null +++ b/roles/edpm_neutron_metadata/defaults/main.yml @@ -0,0 +1,55 @@ +--- +# defaults file for edpm_ovn + +# seconds between retries for download tasks +edpm_neutron_metadata_images_download_delay: 5 + +# number of retries for download tasks +edpm_neutron_metadata_images_download_retries: 5 + +edpm_ovn_neutron_metadata_config_src: /var/lib/openstack/configs/neutron-metadata +edpm_ovn_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent +edpm_ovn_metadata_agent_log_dir: "/var/log/neutron" + +edpm_ovn_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified" + +edpm_ovn_metadata_common_volumes: + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch:z + - "{{ edpm_ovn_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z" + - /run/netns:/run/netns:shared + - /var/log/containers/neutron:/var/log/neutron:z + - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro + +# Neutron conf +# DEFAULT +edpm_ovn_metadata_agent_DEFAULT_debug: false +edpm_ovn_metadata_agent_DEFAULT_log_dir: '/var/log/neutron' +edpm_ovn_metadata_agent_DEFAULT_host: '{{ ansible_facts["nodename"] }}' # also in missing vars +#edpm_ovn_metadata_agent_DEFAULT_: '' +# oslo_concurrency +edpm_ovn_metadata_agent_oslo_concurrency_lock_patch: '$state_path/lock' +# agent +edpm_ovn_metadata_agent_agent_report_interval: '300' + +# rootwrap.conf +edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path: '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap' +edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs: '/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts' +edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog: 'False' +edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: 'syslog' +edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level: 'ERROR' +edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout: '600' +edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: '1024' + +# neutron-ovn-metadata-agent.conf +edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug: 'True' +edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' +edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol: 'http' +edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: '' +edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers: '2' +edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path: '/var/lib/neutron' +edpm_ovn_metadata_agent_metadata_agent_agent_root_helper: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf' +edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection: 'tcp:127.0.0.1:6640' +edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout: '180' +edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval: '60000' +edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: '' diff --git a/roles/edpm_neutron_metadata/meta/argument_specs.yml b/roles/edpm_neutron_metadata/meta/argument_specs.yml new file mode 100644 index 000000000..e79fa2bdd --- /dev/null +++ b/roles/edpm_neutron_metadata/meta/argument_specs.yml @@ -0,0 +1,174 @@ +--- +argument_specs: + # ./roles/edpm_neutron_metadata/tasks/main.yml entry point + main: + short_description: The main entry point for the edpm_neutron_metadata role. + options: + edpm_neutron_metadata_images_download_delay: + type: int + default: 5 + description: The seconds between retries for failed download tasks + edpm_neutron_metadata_images_download_retries: + type: int + default: 5 + description: The number of retries for failed download tasks + edpm_ovn_metadata_agent_agent_report_interval: + default: '300' + description: '' + type: str + edpm_ovn_metadata_agent_agent_root_helper: + default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf + description: '' + type: str + edpm_ovn_metadata_agent_image: + default: quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified + description: '' + type: str + edpm_ovn_metadata_agent_log_dir: + default: /var/log/neutron + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug: + default: 'True' + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: + default: '' + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers: + default: '2' + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: + default: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' + description: 'Nova Metadata host to forward metadata requests to.' + type: str + edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol: + default: http + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path: + default: /var/lib/neutron + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_agent_root_helper: + default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_config: + default: + DEFAULT: + debug: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug }}' + metadata_proxy_shared_secret: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret + }}' + metadata_workers: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers + }}' + nova_metadata_host: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host + }}' + nova_metadata_protocol: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol + }}' + state_path: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path }}' + agent: + root_helper: '{{ edpm_ovn_metadata_agent_metadata_agent_agent_root_helper }}' + ovn: + ovn_sb_connection: '{{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection + }}' + ovsdb_probe_interval: '{{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval + }}' + ovs: + ovsdb_connection: '{{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection + }}' + ovsdb_connection_timeout: '{{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout + }}' + description: '' + type: dict + edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: + default: '' + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval: + default: '60000' + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection: + default: tcp:127.0.0.1:6640 + description: '' + type: str + edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout: + default: '180' + description: '' + type: str + edpm_ovn_metadata_agent_neutron_config: + default: + DEFAULT: + debug: '{{ edpm_ovn_metadata_agent_DEFAULT_debug }}' + host: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' + log_dir: '{{ edpm_ovn_metadata_agent_DEFAULT_log_dir }}' + agent: + report_interval: '{{ edpm_ovn_metadata_agent_agent_report_interval }}' + oslo_concurrency: + lock_path: '{{ edpm_ovn_metadata_agent_oslo_concurrency_lock_patch }}' + description: '' + type: dict + edpm_ovn_metadata_agent_oslo_concurrency_lock_patch: + default: $state_path/lock + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout: + default: '600' + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs: + default: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path: + default: /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: + default: '1024' + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: + default: syslog + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level: + default: ERROR + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog: + default: 'False' + description: '' + type: str + edpm_ovn_metadata_agent_rootwrap_config: + default: + DEFAULT: + daemon_timeout: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout + }}' + exec_dirs: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs }}' + filters_path: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path }}' + rlimit_nofile: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile }}' + syslog_log_facility: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility + }}' + syslog_log_level: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level + }}' + use_syslog: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog }}' + description: '' + type: dict + edpm_ovn_metadata_common_volumes: + default: + - /lib/modules:/lib/modules:ro + - /run/openvswitch:/run/openvswitch:z + - '{{ edpm_ovn_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z' + - /run/netns:/run/netns:shared + - /var/log/containers/neutron:/var/log/neutron:z + - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro + description: '' + type: list + edpm_ovn_neutron_metadata_agent_config_dir: + default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent + description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.' + type: str diff --git a/roles/edpm_neutron_metadata/meta/main.yml b/roles/edpm_neutron_metadata/meta/main.yml new file mode 100644 index 000000000..bdd00f502 --- /dev/null +++ b/roles/edpm_neutron_metadata/meta/main.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + namespace: openstack + author: OpenStack + description: EDPM OpenStack Role -- edpm_neutron_metadata + company: Red Hat + license: Apache-2.0 + min_ansible_version: '2.9' + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: 'EL' + versions: + - '8' + - '9' + + galaxy_tags: + - edpm + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/roles/edpm_neutron_metadata/molecule/default/collections.yml b/roles/edpm_neutron_metadata/molecule/default/collections.yml new file mode 100644 index 000000000..424ad60b8 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/collections.yml @@ -0,0 +1,3 @@ +--- +collections: +- name: community.general diff --git a/roles/edpm_neutron_metadata/molecule/default/converge.yml b/roles/edpm_neutron_metadata/molecule/default/converge.yml new file mode 100644 index 000000000..6b8efe32b --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/converge.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Converge + hosts: all + gather_facts: true + become: true + tasks: + - include_role: + name: "osp.edpm.edpm_neutron_metadata" + vars: + tenant_ip: "{{ ansible_host }}" + edpm_ovn_dbs: + - "{{ ansible_host }}" + edpm_ovn_neutron_metadata_config_src: "{{lookup('env', 'MOLECULE_SCENARIO_DIRECTORY')}}/test-data" diff --git a/roles/edpm_neutron_metadata/molecule/default/molecule.yml b/roles/edpm_neutron_metadata/molecule/default/molecule.yml new file mode 100644 index 000000000..a34a25ca2 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/molecule.yml @@ -0,0 +1,31 @@ +--- +dependency: + name: galaxy + options: + role-file: collections.yml +driver: + name: podman +platforms: +- command: /sbin/init + dockerfile: ../../../../molecule/common/Containerfile.j2 + image: ${EDPM_ANSIBLE_MOLECULE_IMAGE:-"ubi9/ubi-init"} + name: instance + privileged: true + registry: + url: ${EDPM_ANSIBLE_MOLECULE_REGISTRY:-"registry.access.redhat.com"} + ulimits: + - host +provisioner: + log: true + name: ansible +scenario: + test_sequence: + - dependency + - destroy + - create + - prepare + - converge + - verify + - destroy +verifier: + name: ansible diff --git a/roles/edpm_neutron_metadata/molecule/default/prepare.yml b/roles/edpm_neutron_metadata/molecule/default/prepare.yml new file mode 100644 index 000000000..af38ac0fb --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/prepare.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2023 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Prepare test_deps + hosts: all + roles: + - role: ../../../../molecule/common/test_deps + test_deps_extra_packages: + - iproute + - podman diff --git a/roles/edpm_ovn/molecule/default/test-data/10-neutron-metadata.conf b/roles/edpm_neutron_metadata/molecule/default/test-data/10-neutron-metadata.conf similarity index 100% rename from roles/edpm_ovn/molecule/default/test-data/10-neutron-metadata.conf rename to roles/edpm_neutron_metadata/molecule/default/test-data/10-neutron-metadata.conf diff --git a/roles/edpm_neutron_metadata/molecule/default/verify.yml b/roles/edpm_neutron_metadata/molecule/default/verify.yml new file mode 100644 index 000000000..cc1022e32 --- /dev/null +++ b/roles/edpm_neutron_metadata/molecule/default/verify.yml @@ -0,0 +1,20 @@ +--- +- name: Verify + hosts: all + tasks: + # we have to use shell to extract the values because openvswitch ansible + # module doesn't seem to support dashes in key names, see: + # https://github.com/ansible-collections/openvswitch.openvswitch/issues/111 + - name: Ensure that 10-neutron-metadata.conf was copied into the container + block: + - name: metadata config file exists + become: true + ansible.builtin.stat: + path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent/10-neutron-metadata.conf" + register: metadata_config + + - name: assert that the config exists + ansible.builtin.assert: + that: + - metadata_config.stat.exists + fail_msg: "metadata agent config file does not exist" diff --git a/roles/edpm_neutron_metadata/tasks/bootstrap.yml b/roles/edpm_neutron_metadata/tasks/bootstrap.yml new file mode 100644 index 000000000..4688de8bb --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/bootstrap.yml @@ -0,0 +1,20 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure the OVS service is running + ansible.builtin.systemd: + name: openvswitch + state: started diff --git a/roles/edpm_neutron_metadata/tasks/configure.yml b/roles/edpm_neutron_metadata/tasks/configure.yml new file mode 100644 index 000000000..523235c10 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/configure.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Configure neutron configuration files + block: + - name: render neutron config files + ansible.builtin.template: + src: "{{ item.src }}" + dest: "{{ edpm_ovn_neutron_metadata_agent_config_dir }}/{{ item.dest }}" + setype: "container_file_t" + mode: "0644" + with_items: + - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} + - {"src": "neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} + + - name: discover secrets in {{ edpm_ovn_neutron_metadata_config_src }} + ansible.builtin.find: + paths: "{{ edpm_ovn_neutron_metadata_config_src }}" + file_type: file + recurse: yes + patterns: + - "*metadata*conf" + register: edpm_neutron_metadata_secrets + delegate_to: localhost + become: false + + - name: flatten secrets into {{ edpm_ovn_neutron_metadata_agent_config_dir }} + ansible.builtin.copy: + src: "{{ item.path }}" + dest: "{{ edpm_ovn_neutron_metadata_agent_config_dir }}/{{ item.path | basename }}" + setype: "container_file_t" + mode: "0644" + with_items: "{{ edpm_neutron_metadata_secrets.files }}" diff --git a/roles/edpm_neutron_metadata/tasks/download_cache.yml b/roles/edpm_neutron_metadata/tasks/download_cache.yml new file mode 100644 index 000000000..0485b4a92 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/download_cache.yml @@ -0,0 +1,12 @@ +--- + +- name: Download needed container images + containers.podman.podman_image: + name: "{{ item }}" + loop: + - "{{ edpm_ovn_metadata_agent_image }}" + become: true + register: edpm_neutron_metadata_images_download + until: edpm_neutron_metadata_images_download.failed == false + retries: "{{ edpm_neutron_metadata_images_download_retries }}" + delay: "{{ edpm_neutron_metadata_images_download_delay }}" diff --git a/roles/edpm_neutron_metadata/tasks/install.yml b/roles/edpm_neutron_metadata/tasks/install.yml new file mode 100644 index 000000000..438031563 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/install.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create persistent directories + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + setype: "container_file_t" + mode: "{{ item.mode | default(omit) }}" + loop: + - {'path': "{{ edpm_ovn_neutron_metadata_agent_config_dir }}"} + +- name: Enable virt_sandbox_use_netlink for healthcheck + ansible.posix.seboolean: + name: virt_sandbox_use_netlink + persistent: true + state: true + when: + - ansible_facts.selinux is defined + - ansible_facts.selinux.status == "enabled" diff --git a/roles/edpm_neutron_metadata/tasks/main.yml b/roles/edpm_neutron_metadata/tasks/main.yml new file mode 100644 index 000000000..7b74367b1 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/main.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +- name: Include host prep tasks + ansible.builtin.import_tasks: install.yml + +- name: Include bootstrap tasks + ansible.builtin.import_tasks: bootstrap.yml + +- name: Configure OVS + ansible.builtin.import_tasks: configure.yml + +- name: Ensure ovn_controller is running + ansible.builtin.import_tasks: run.yml diff --git a/roles/edpm_neutron_metadata/tasks/run.yml b/roles/edpm_neutron_metadata/tasks/run.yml new file mode 100644 index 000000000..5f003af16 --- /dev/null +++ b/roles/edpm_neutron_metadata/tasks/run.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2022 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure /usr/libexec/edpm-start-podman-container exists + ansible.builtin.import_role: + name: edpm_container_manage + tasks_from: shutdown.yml + +- name: Run ovn_metadata_agent container + include_role: + name: edpm_container_standalone + vars: + edpm_container_standalone_service: ovn_metadata_agent + edpm_container_standalone_container_defs: + ovn_metadata_agent: "{{ lookup('template', 'ovn_metadata_agent.yaml.j2') | from_yaml }}" + edpm_container_standalone_kolla_config_files: + ovn_metadata_agent: "{{ lookup('template', 'kolla_ovn_metadata_agent.yaml.j2') | from_yaml }}" \ No newline at end of file diff --git a/roles/edpm_ovn/templates/kolla_ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 similarity index 100% rename from roles/edpm_ovn/templates/kolla_ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/templates/kolla_ovn_metadata_agent.yaml.j2 diff --git a/roles/edpm_ovn/templates/neutron-ovn-metadata-agent.conf.j2 b/roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 similarity index 100% rename from roles/edpm_ovn/templates/neutron-ovn-metadata-agent.conf.j2 rename to roles/edpm_neutron_metadata/templates/neutron-ovn-metadata-agent.conf.j2 diff --git a/roles/edpm_ovn/templates/ovn_metadata_agent.yaml.j2 b/roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 similarity index 100% rename from roles/edpm_ovn/templates/ovn_metadata_agent.yaml.j2 rename to roles/edpm_neutron_metadata/templates/ovn_metadata_agent.yaml.j2 diff --git a/roles/edpm_ovn/defaults/main.yml b/roles/edpm_ovn/defaults/main.yml index ca27a126e..63c3dfd7b 100644 --- a/roles/edpm_ovn/defaults/main.yml +++ b/roles/edpm_ovn/defaults/main.yml @@ -8,8 +8,6 @@ edpm_ovn_images_download_delay: 5 edpm_ovn_images_download_retries: 5 edpm_ovn_config_src: /var/lib/openstack/configs/ovn -edpm_ovn_neutron_metadata_agent_config_dir: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent -edpm_ovn_metadata_agent_log_dir: "/var/log/neutron" edpm_ovn_bridge: br-int edpm_ovn_bridge_mappings: ["datacentre:br-ex"] @@ -47,7 +45,6 @@ edpm_ovn_of_probe_interval: 60 edpm_ovn_remote_probe_interval: 60000 edpm_ovn_ofctrl_wait_before_clear: 8000 edpm_ovn_controller_agent_image: "quay.io/podified-antelope-centos9/openstack-ovn-controller:current-podified" -edpm_ovn_metadata_agent_image: "quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified" edpm_ovn_encap_ip: "{{ tenant_ip }}" edpm_ovn_protocol: "{% if edpm_enable_internal_tls | bool %}ssl{% else %}tcp{% endif %}" @@ -59,14 +56,6 @@ edpm_ovn_controller_common_volumes: - /var/log/containers/openvswitch:/var/log/ovn:z - /var/lib/kolla/config_files/ovn_controller.json:/var/lib/kolla/config_files/config.json:ro -edpm_ovn_metadata_common_volumes: - - /lib/modules:/lib/modules:ro - - /run/openvswitch:/run/openvswitch:z - - "{{ edpm_ovn_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z" - - /run/netns:/run/netns:shared - - /var/log/containers/neutron:/var/log/neutron:z - - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - edpm_ovn_controller_tls_volumes: - /etc/pki/tls/certs/:/etc/pki/tls/certs/ - /etc/pki/tls/private/:/etc/pki/tls/private/ @@ -95,36 +84,3 @@ edpm_ovn_ovs_external_ids: # Set openvswitch other_config. edpm_ovn_ovs_other_config: vlan-limit: 0 - -# Neutron conf -# DEFAULT -edpm_ovn_metadata_agent_DEFAULT_debug: false -edpm_ovn_metadata_agent_DEFAULT_log_dir: '/var/log/neutron' -edpm_ovn_metadata_agent_DEFAULT_host: '{{ ansible_facts["nodename"] }}' # also in missing vars -#edpm_ovn_metadata_agent_DEFAULT_: '' -# oslo_concurrency -edpm_ovn_metadata_agent_oslo_concurrency_lock_patch: '$state_path/lock' -# agent -edpm_ovn_metadata_agent_agent_report_interval: '300' - -# rootwrap.conf -edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path: '/etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs: '/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog: 'False' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: 'syslog' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level: 'ERROR' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout: '600' -edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: '1024' - -# neutron-ovn-metadata-agent.conf -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug: 'True' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol: 'http' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: '' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers: '2' -edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path: '/var/lib/neutron' -edpm_ovn_metadata_agent_metadata_agent_agent_root_helper: 'sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf' -edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection: 'tcp:127.0.0.1:6640' -edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout: '180' -edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval: '60000' -edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: '' diff --git a/roles/edpm_ovn/meta/argument_specs.yml b/roles/edpm_ovn/meta/argument_specs.yml index dbbc7edea..605a287fa 100644 --- a/roles/edpm_ovn/meta/argument_specs.yml +++ b/roles/edpm_ovn/meta/argument_specs.yml @@ -92,182 +92,10 @@ argument_specs: default: geneve description: '' type: str - edpm_ovn_metadata_agent_DEFAULT_debug: - default: false - description: '' - type: bool - edpm_ovn_metadata_agent_DEFAULT_host: - default: '{{ ansible_facts["nodename"] }}' - description: '' - type: str - edpm_ovn_metadata_agent_DEFAULT_log_dir: - default: /var/log/neutron - description: '' - type: str - edpm_ovn_metadata_agent_agent_report_interval: - default: '300' - description: '' - type: str - edpm_ovn_metadata_agent_agent_root_helper: - default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf - description: '' - type: str - edpm_ovn_metadata_agent_image: - default: quay.io/podified-antelope-centos9/openstack-neutron-metadata-agent-ovn:current-podified - description: '' - type: str - edpm_ovn_metadata_agent_log_dir: - default: /var/log/neutron - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug: - default: 'True' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret: - default: '' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers: - default: '2' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host: - default: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' - description: 'Nova Metadata host to forward metadata requests to.' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol: - default: http - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path: - default: /var/lib/neutron - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_agent_root_helper: - default: sudo neutron-rootwrap /etc/neutron.conf.d/01-rootwrap.conf - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_config: - default: - DEFAULT: - debug: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_debug }}' - metadata_proxy_shared_secret: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_proxy_shared_secret - }}' - metadata_workers: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_metadata_workers - }}' - nova_metadata_host: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_host - }}' - nova_metadata_protocol: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_nova_metadata_protocol - }}' - state_path: '{{ edpm_ovn_metadata_agent_metadata_agent_DEFAULT_state_path }}' - agent: - root_helper: '{{ edpm_ovn_metadata_agent_metadata_agent_agent_root_helper }}' - ovn: - ovn_sb_connection: '{{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection - }}' - ovsdb_probe_interval: '{{ edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval - }}' - ovs: - ovsdb_connection: '{{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection - }}' - ovsdb_connection_timeout: '{{ edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout - }}' - description: '' - type: dict - edpm_ovn_metadata_agent_metadata_agent_ovn_ovn_sb_connection: - default: '' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_ovn_ovsdb_probe_interval: - default: '60000' - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection: - default: tcp:127.0.0.1:6640 - description: '' - type: str - edpm_ovn_metadata_agent_metadata_agent_ovs_ovsdb_connection_timeout: - default: '180' - description: '' - type: str - edpm_ovn_metadata_agent_neutron_config: - default: - DEFAULT: - debug: '{{ edpm_ovn_metadata_agent_DEFAULT_debug }}' - host: '{{ edpm_ovn_metadata_agent_DEFAULT_host }}' - log_dir: '{{ edpm_ovn_metadata_agent_DEFAULT_log_dir }}' - agent: - report_interval: '{{ edpm_ovn_metadata_agent_agent_report_interval }}' - oslo_concurrency: - lock_path: '{{ edpm_ovn_metadata_agent_oslo_concurrency_lock_patch }}' - description: '' - type: dict - edpm_ovn_metadata_agent_oslo_concurrency_lock_patch: - default: $state_path/lock - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout: - default: '600' - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs: - default: /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin,/etc/neutron/kill_scripts - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path: - default: /etc/neutron/rootwrap.d,/usr/share/neutron/rootwrap - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile: - default: '1024' - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility: - default: syslog - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level: - default: ERROR - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog: - default: 'False' - description: '' - type: str - edpm_ovn_metadata_agent_rootwrap_config: - default: - DEFAULT: - daemon_timeout: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout - }}' - exec_dirs: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs }}' - filters_path: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path }}' - rlimit_nofile: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile }}' - syslog_log_facility: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility - }}' - syslog_log_level: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level - }}' - use_syslog: '{{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog }}' - description: '' - type: dict - edpm_ovn_metadata_common_volumes: - default: - - /lib/modules:/lib/modules:ro - - /run/openvswitch:/run/openvswitch:z - - '{{ edpm_ovn_neutron_metadata_agent_config_dir }}:/etc/neutron.conf.d:z' - - /run/netns:/run/netns:shared - - /var/log/containers/neutron:/var/log/neutron:z - - /var/lib/kolla/config_files/ovn_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - description: '' - type: list edpm_ovn_multi_rhel: default: false description: '' type: bool - edpm_ovn_neutron_metadata_agent_config_dir: - default: /var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent - description: 'The directory that contains configuration files for Neutron OVN Metadata Agent.' - type: str edpm_ovn_of_probe_interval: default: 60 description: '' diff --git a/roles/edpm_ovn/molecule/default/verify.yml b/roles/edpm_ovn/molecule/default/verify.yml index 7ce21b547..e1b74bad9 100644 --- a/roles/edpm_ovn/molecule/default/verify.yml +++ b/roles/edpm_ovn/molecule/default/verify.yml @@ -97,18 +97,4 @@ that: - item.rc == 0 fail_msg: "rule {{ item.item }} not loaded" - with_items: "{{ notrack_rules_loaded.results }}" - - - name: Ensure that 10-neutron-metadata.conf was copied into the container - block: - - name: metadata config file exists - become: true - ansible.builtin.stat: - path: "/var/lib/config-data/ansible-generated/neutron-ovn-metadata-agent/10-neutron-metadata.conf" - register: metadata_config - - - name: assert that the config exists - ansible.builtin.assert: - that: - - metadata_config.stat.exists - fail_msg: "metadata agent config file does not exist" + with_items: "{{ notrack_rules_loaded.results }}" \ No newline at end of file diff --git a/roles/edpm_ovn/tasks/configure.yml b/roles/edpm_ovn/tasks/configure.yml index effeaa4b8..fe25a7cdf 100644 --- a/roles/edpm_ovn/tasks/configure.yml +++ b/roles/edpm_ovn/tasks/configure.yml @@ -79,34 +79,4 @@ ansible.builtin.shell: > ovs-vsctl --timeout=5 --id=@manager -- create Manager target=\"ptcp:6640:127.0.0.1\" -- add Open_vSwitch . manager_options @manager when: ovs_manager_configured.rc == 1 - -- name: Configure neutron configuration files - block: - - name: render neutron config files - ansible.builtin.template: - src: "{{ item.src }}" - dest: "{{ edpm_ovn_neutron_metadata_agent_config_dir }}/{{ item.dest }}" - setype: "container_file_t" - mode: "0644" - with_items: - - {"src": "rootwrap.conf.j2", "dest": "01-rootwrap.conf"} - - {"src": "neutron-ovn-metadata-agent.conf.j2", "dest": "01-neutron-ovn-metadata-agent.conf"} - - - name: discover secrets in {{ edpm_ovn_config_src }} - ansible.builtin.find: - paths: "{{ edpm_ovn_config_src }}" - file_type: file - recurse: yes - patterns: - - "*metadata*conf" - register: edpm_neutron_metadata_secrets - delegate_to: localhost - become: false - - - name: flatten secrets into {{ edpm_ovn_neutron_metadata_agent_config_dir }} - ansible.builtin.copy: - src: "{{ item.path }}" - dest: "{{ edpm_ovn_neutron_metadata_agent_config_dir }}/{{ item.path | basename }}" - setype: "container_file_t" - mode: "0644" - with_items: "{{ edpm_neutron_metadata_secrets.files }}" += \ No newline at end of file diff --git a/roles/edpm_ovn/tasks/download_cache.yml b/roles/edpm_ovn/tasks/download_cache.yml index b9869a6b3..73abe4af4 100644 --- a/roles/edpm_ovn/tasks/download_cache.yml +++ b/roles/edpm_ovn/tasks/download_cache.yml @@ -5,7 +5,6 @@ name: "{{ item }}" loop: - "{{ edpm_ovn_controller_agent_image }}" - - "{{ edpm_ovn_metadata_agent_image }}" become: true register: edpm_ovn_images_download until: edpm_ovn_images_download.failed == false diff --git a/roles/edpm_ovn/tasks/install.yml b/roles/edpm_ovn/tasks/install.yml index b73a105e9..5fbae5f42 100644 --- a/roles/edpm_ovn/tasks/install.yml +++ b/roles/edpm_ovn/tasks/install.yml @@ -21,7 +21,6 @@ setype: "container_file_t" mode: "{{ item.mode | default(omit) }}" loop: - - {'path': "{{ edpm_ovn_neutron_metadata_agent_config_dir }}"} - {'path': /var/log/containers/openvswitch, 'mode': '0750'} - {'path': /var/log/containers/neutron, 'mode': '0750'} - {'path': /var/lib/edpm-config/firewall, 'mode': '0750'} diff --git a/roles/edpm_ovn/tasks/run.yml b/roles/edpm_ovn/tasks/run.yml index 897478d72..92e4a30db 100644 --- a/roles/edpm_ovn/tasks/run.yml +++ b/roles/edpm_ovn/tasks/run.yml @@ -19,16 +19,6 @@ name: edpm_container_manage tasks_from: shutdown.yml -- name: Run ovn_metadata_agent container - include_role: - name: edpm_container_standalone - vars: - edpm_container_standalone_service: ovn_metadata_agent - edpm_container_standalone_container_defs: - ovn_metadata_agent: "{{ lookup('template', 'ovn_metadata_agent.yaml.j2') | from_yaml }}" - edpm_container_standalone_kolla_config_files: - ovn_metadata_agent: "{{ lookup('template', 'kolla_ovn_metadata_agent.yaml.j2') | from_yaml }}" - - name: Run ovn_controller container ansible.builtin.include_role: name: edpm_container_standalone diff --git a/roles/edpm_ovn/templates/neutron.conf.j2 b/roles/edpm_ovn/templates/neutron.conf.j2 deleted file mode 100644 index 02bf0e689..000000000 --- a/roles/edpm_ovn/templates/neutron.conf.j2 +++ /dev/null @@ -1,10 +0,0 @@ -[DEFAULT] -debug = {{ edpm_ovn_metadata_agent_DEFAULT_debug }} -log_dir = {{ edpm_ovn_metadata_agent_DEFAULT_log_dir }} -host = {{ edpm_ovn_metadata_agent_DEFAULT_host }} - -[oslo_concurrency] -lock_path = {{ edpm_ovn_metadata_agent_oslo_concurrency_lock_patch }} - -[agent] -report_interval = {{ edpm_ovn_metadata_agent_agent_report_interval }} diff --git a/roles/edpm_ovn/templates/rootwrap.conf.j2 b/roles/edpm_ovn/templates/rootwrap.conf.j2 deleted file mode 100644 index 543e6336c..000000000 --- a/roles/edpm_ovn/templates/rootwrap.conf.j2 +++ /dev/null @@ -1,8 +0,0 @@ -[DEFAULT] -filters_path = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_filters_path }} -exec_dirs = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_exec_dirs }} -use_syslog = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_use_syslog }} -syslog_log_facility = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_facility }} -syslog_log_level = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_syslog_log_level }} -daemon_timeout = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_daemon_timeout }} -rlimit_nofile = {{ edpm_ovn_metadata_agent_rootwrap_DEFAULT_rlimit_nofile }}