From 5d1a09a3c12f546e695bbe8c2bda9b5dbc70169c Mon Sep 17 00:00:00 2001
From: ricolin <rlin@vexxhost.com>
Date: Tue, 7 May 2024 15:46:20 +0000
Subject: [PATCH] Add Octavia Amphere v2 support

---
 .charts.yml                                   |  4 ++
 charts/octavia/templates/bin/_db-sync.sh.tpl  |  2 +
 charts/octavia/templates/configmap-etc.yaml   | 12 ++++
 charts/octavia/templates/job-db-drop.yaml     |  6 +-
 charts/octavia/templates/job-db-init.yaml     |  9 ++-
 .../templates/secret-db-persistence.yaml      | 30 ++++++++++
 charts/octavia/values.yaml                    | 57 +++++++++++++++++++
 images/octavia/Dockerfile                     |  3 +-
 roles/octavia/meta/main.yml                   |  1 +
 roles/openstack_helm_endpoints/vars/main.yml  | 17 ++++++
 10 files changed, 138 insertions(+), 3 deletions(-)
 create mode 100644 charts/octavia/templates/secret-db-persistence.yaml

diff --git a/.charts.yml b/.charts.yml
index 42cdf481b..ff7fa08be 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -151,6 +151,10 @@ charts:
     version: 0.2.14
     repository: *openstack_helm_repository
     dependencies: *openstack_helm_dependencies
+    patches:
+      gerrit:
+        review.opendev.org:
+          - 918447
   - name: openvswitch
     version: 0.1.19
     repository: *openstack_helm_infra_repository
diff --git a/charts/octavia/templates/bin/_db-sync.sh.tpl b/charts/octavia/templates/bin/_db-sync.sh.tpl
index ae7e3c896..120087a89 100644
--- a/charts/octavia/templates/bin/_db-sync.sh.tpl
+++ b/charts/octavia/templates/bin/_db-sync.sh.tpl
@@ -19,3 +19,5 @@ limitations under the License.
 set -ex
 
 octavia-db-manage upgrade head
+
+octavia-db-manage upgrade_persistence
diff --git a/charts/octavia/templates/configmap-etc.yaml b/charts/octavia/templates/configmap-etc.yaml
index b8005a58a..fedc15476 100644
--- a/charts/octavia/templates/configmap-etc.yaml
+++ b/charts/octavia/templates/configmap-etc.yaml
@@ -84,6 +84,18 @@ limitations under the License.
 {{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}}
 {{- end -}}
 
+{{- if empty .Values.conf.octavia.task_flow.persistence_connection -}}
+{{- $_ := tuple "oslo_db_presistence" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.task_flow "persistence_connection" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_port -}}
+{{- $_ := tuple "redis" "service" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_port" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_hosts -}}
+{{- $_ := tuple "redis" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_hosts" -}}
+{{- end -}}
+
 {{- if empty .Values.conf.octavia.DEFAULT.transport_url -}}
 {{- $_ := tuple "oslo_messaging" "internal" "octavia" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.octavia.DEFAULT "transport_url" -}}
 {{- end -}}
diff --git a/charts/octavia/templates/job-db-drop.yaml b/charts/octavia/templates/job-db-drop.yaml
index 1975d7d59..ea9085aa3 100644
--- a/charts/octavia/templates/job-db-drop.yaml
+++ b/charts/octavia/templates/job-db-drop.yaml
@@ -15,6 +15,10 @@ limitations under the License.
 */}}
 
 {{- if .Values.manifests.job_db_drop }}
-{{- $dbDropJob := dict "envAll" . "serviceName" "octavia" -}}
+{{- $serviceName := "octavia" -}}
+{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
+{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
+{{- $dbsToDrop := list $dbSvc $dbPersist }}
+{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbsToDrop" $dbsToDrop -}}
 {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
 {{- end }}
diff --git a/charts/octavia/templates/job-db-init.yaml b/charts/octavia/templates/job-db-init.yaml
index b1ca9f645..c532cc998 100644
--- a/charts/octavia/templates/job-db-init.yaml
+++ b/charts/octavia/templates/job-db-init.yaml
@@ -20,6 +20,13 @@ helm.sh/hook-weight: "-5"
 {{- end }}
 
 {{- if .Values.manifests.job_db_init }}
-{{- $dbInitJob := dict "envAll" . "serviceName" "octavia" "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}}
+{{- $serviceName := "octavia" -}}
+{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
+{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
+{{- $dbsToInit := list $dbSvc $dbPersist }}
+{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
+{{- if .Values.helm3_hook }}
+{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
+{{- end }}
 {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
 {{- end }}
diff --git a/charts/octavia/templates/secret-db-persistence.yaml b/charts/octavia/templates/secret-db-persistence.yaml
new file mode 100644
index 000000000..41e68d045
--- /dev/null
+++ b/charts/octavia/templates/secret-db-persistence.yaml
@@ -0,0 +1,30 @@
+{{/*
+Copyright 2024 Vexxhost Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_db_presistence }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "octavia" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_db_presistence $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+type: Opaque
+data:
+  DB_CONNECTION: {{ tuple "oslo_db_presistence" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
+{{- end }}
+{{- end }}
diff --git a/charts/octavia/values.yaml b/charts/octavia/values.yaml
index 563e603e4..99a5b215c 100644
--- a/charts/octavia/values.yaml
+++ b/charts/octavia/values.yaml
@@ -106,6 +106,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -123,6 +125,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -142,6 +146,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -161,6 +167,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -175,12 +183,16 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
     db_sync:
       jobs:
         - octavia-db-init
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_presistence
     ks_endpoints:
       jobs:
         - octavia-ks-service
@@ -211,6 +223,8 @@ conf:
     api_settings:
       api_handler: queue_producer
       bind_host: 0.0.0.0
+      default_provider_driver: amphorav2
+      enabled_provider_drivers: amphorav2:'The v2 amphora driver.',amphora:'The Octavia Amphora driver.',octavia:'Deprecated name of Amphora driver.'
     database:
       max_retries: -1
     health_manager:
@@ -259,6 +273,11 @@ conf:
       cafile: ""
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+    task_flow:
+      jobboard_enabled: true
+      jobboard_backend_driver: 'redis_taskflow_driver'
+      jobboard_backend_namespace: 'octavia_jobboard'
+      jobboard_expiration_time: 100
   logging:
     loggers:
       keys:
@@ -362,6 +381,9 @@ secrets:
   oslo_db:
     admin: octavia-db-admin
     octavia: octavia-db-user
+  oslo_db_presistence:
+    admin: octavia-presistence-db-admin
+    octavia: octavia-presistence-db-user
   oslo_messaging:
     admin: octavia-rabbitmq-admin
     octavia: octavia-rabbitmq-user
@@ -472,6 +494,23 @@ endpoints:
     port:
       mysql:
         default: 3306
+  oslo_db_presistence:
+    auth:
+      admin:
+        username: root
+        password: password
+      octavia:
+        username: octavia
+        password: password
+    hosts:
+      default: mariadb
+    host_fqdn_override:
+      default: null
+    path: /octavia_persistence
+    scheme: mysql+pymysql
+    port:
+      mysql:
+        default: 3306
   oslo_cache:
     auth:
       # NOTE(portdirect): this is used to define the value for keystone
@@ -524,6 +563,19 @@ endpoints:
       api:
         default: 9696
         public: 80
+  redis:
+    name: redis
+    hosts:
+      default: redis
+    host_fqdn_override:
+      default: null
+    path:
+      default: null
+    scheme:
+      default: 'http'
+    port:
+      server:
+        default: 6379
 
 pod:
   user:
@@ -692,6 +744,10 @@ network_policy:
     ingress:
       - {}
 
+# NOTE(helm_hook): helm_hook might break for helm2 binary.
+# set helm3_hook: false when using the helm2 binary.
+helm3_hook: true
+
 manifests:
   configmap_bin: true
   configmap_etc: true
@@ -714,6 +770,7 @@ manifests:
   network_policy: false
   secret_credential_keys: true
   secret_db: true
+  secret_db_presistence: true
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true
diff --git a/images/octavia/Dockerfile b/images/octavia/Dockerfile
index 53baf56f9..c5a584bb8 100644
--- a/images/octavia/Dockerfile
+++ b/images/octavia/Dockerfile
@@ -24,7 +24,8 @@ RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF b
 pip3 install \
     --constraint /upper-constraints.txt \
         /src/octavia \
-        /src/ovn-octavia-provider
+        /src/ovn-octavia-provider \
+        redis[hiredis]
 EOF
 
 FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE}
diff --git a/roles/octavia/meta/main.yml b/roles/octavia/meta/main.yml
index a066500d5..f27292962 100644
--- a/roles/octavia/meta/main.yml
+++ b/roles/octavia/meta/main.yml
@@ -28,6 +28,7 @@ galaxy_info:
         - jammy
 
 dependencies:
+  - role: redis
   - role: defaults
   - role: openstacksdk
   - role: openstack_cli
diff --git a/roles/openstack_helm_endpoints/vars/main.yml b/roles/openstack_helm_endpoints/vars/main.yml
index a615fd254..b4071730f 100644
--- a/roles/openstack_helm_endpoints/vars/main.yml
+++ b/roles/openstack_helm_endpoints/vars/main.yml
@@ -366,15 +366,32 @@ _openstack_helm_endpoints_load_balancer:
     port:
       api:
         public: 443
+  redis:
+    hosts:
+      default: redis-master
   oslo_db:
     auth:
       octavia:
         password: "{{ openstack_helm_endpoints_octavia_mariadb_password }}"
+  oslo_db_presistence:
+    auth:
+      octavia:
+        password: "{{ openstack_helm_endpoints_octavia_mariadb_password }}"
   oslo_messaging:
     auth:
       octavia:
         password: "{{ openstack_helm_endpoints_octavia_rabbitmq_password }}"
 
+_openstack_helm_endpoints_oslo_db_presistence:
+  oslo_db_presistence:
+    auth:
+      admin:
+        password: "{{ openstack_helm_endpoints_mariadb_admin_password }}"
+      octavia:
+        password: "{{ openstack_helm_endpoints_octavia_mariadb_password }}"
+    hosts:
+      default: percona-xtradb-haproxy
+
 _openstack_helm_endpoints_cloudformation:
   cloudformation:
     scheme: