chore: rename roles
diff --git a/roles/nova/README.md b/roles/nova/README.md
new file mode 100644
index 0000000..0a4b9db
--- /dev/null
+++ b/roles/nova/README.md
@@ -0,0 +1 @@
+# `nova`
diff --git a/roles/nova/defaults/main.yml b/roles/nova/defaults/main.yml
new file mode 100644
index 0000000..3aa38d4
--- /dev/null
+++ b/roles/nova/defaults/main.yml
@@ -0,0 +1,29 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+nova_helm_release_name: nova
+nova_helm_chart_path: "{{ role_path }}/../../charts/nova/"
+nova_helm_chart_ref: /usr/local/src/nova
+
+nova_helm_release_namespace: openstack
+nova_helm_values: {}
+
+# Private SSH key used for cold & live migration
+nova_ssh_key: "{{ undef(hint='You must specifiy an SSH key for Nova.') }}"
+
+# List of flavors to provision inside Nova
+nova_flavors: []
+
+# List of annotations to apply to the Ingress
+nova_ingress_annotations: {}
diff --git a/roles/nova/meta/main.yml b/roles/nova/meta/main.yml
new file mode 100644
index 0000000..7b289d3
--- /dev/null
+++ b/roles/nova/meta/main.yml
@@ -0,0 +1,35 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+galaxy_info:
+ author: VEXXHOST, Inc.
+ description: Ansible role for OpenStack Nova
+ license: Apache-2.0
+ min_ansible_version: 5.5.0
+ standalone: false
+ platforms:
+ - name: Ubuntu
+ versions:
+ - focal
+
+dependencies:
+ - role: defaults
+ - role: openstacksdk
+ - role: openstack_helm_endpoints
+ vars:
+ openstack_helm_endpoints_chart: nova
+ - role: upload_helm_chart
+ vars:
+ upload_helm_chart_src: "{{ nova_helm_chart_path }}"
+ upload_helm_chart_dest: "{{ nova_helm_chart_ref }}"
diff --git a/roles/nova/tasks/main.yml b/roles/nova/tasks/main.yml
new file mode 100644
index 0000000..518409d
--- /dev/null
+++ b/roles/nova/tasks/main.yml
@@ -0,0 +1,135 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Uninstall the legacy HelmRelease
+ run_once: true
+ block:
+ - name: Suspend the existing HelmRelease
+ kubernetes.core.k8s:
+ state: patched
+ api_version: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: "{{ nova_helm_release_name }}"
+ namespace: "{{ nova_helm_release_namespace }}"
+ definition:
+ spec:
+ suspend: true
+
+ - name: Remove the existing HelmRelease
+ kubernetes.core.k8s:
+ state: absent
+ api_version: helm.toolkit.fluxcd.io/v2beta1
+ kind: HelmRelease
+ name: "{{ nova_helm_release_name }}"
+ namespace: "{{ nova_helm_release_namespace }}"
+
+- name: Generate public key for SSH private key
+ become: false
+ delegate_to: localhost
+ block:
+ - name: Generate temporary file for SSH public key
+ changed_when: false
+ ansible.builtin.tempfile:
+ state: file
+ prefix: nova_ssh_key_
+ register: _nova_ssh_key_tempfile
+ # NOTE(mnaser): It's important to add a trailing newline at the end of this
+ # string or else `ssh-keygen` will not be happy.`
+ - name: Write contents of current private SSH key
+ changed_when: false
+ ansible.builtin.copy:
+ dest: "{{ _nova_ssh_key_tempfile.path }}"
+ content: "{{ nova_ssh_key }}\n"
+ mode: "0600"
+ - name: Generate public key for SSH private key
+ changed_when: false
+ community.crypto.openssh_keypair:
+ path: "{{ _nova_ssh_key_tempfile.path }}"
+ regenerate: never
+ register: _nova_ssh_publickey
+ always:
+ - name: Delete temporary file for public SSH key
+ changed_when: false
+ ansible.builtin.file:
+ path: "{{ _nova_ssh_key_tempfile.path }}"
+ state: absent
+
+- name: Deploy Helm chart
+ run_once: true
+ kubernetes.core.helm:
+ name: "{{ nova_helm_release_name }}"
+ chart_ref: "{{ nova_helm_chart_ref }}"
+ release_namespace: "{{ nova_helm_release_namespace }}"
+ create_namespace: true
+ kubeconfig: /etc/kubernetes/admin.conf
+ values: "{{ _nova_helm_values | combine(nova_helm_values, recursive=True) }}"
+
+- name: Create Ingress
+ ansible.builtin.include_role:
+ name: openstack_helm_ingress
+ vars:
+ openstack_helm_ingress_endpoint: compute
+ openstack_helm_ingress_service_name: nova-api
+ openstack_helm_ingress_service_port: 8774
+ openstack_helm_ingress_annotations: "{{ nova_ingress_annotations }}"
+
+- name: Create Ingress
+ ansible.builtin.include_role:
+ name: openstack_helm_ingress
+ vars:
+ openstack_helm_ingress_endpoint: compute_novnc_proxy
+ openstack_helm_ingress_service_name: nova-novncproxy
+ openstack_helm_ingress_service_port: 6080
+ openstack_helm_ingress_annotations: "{{ nova_ingress_annotations }}"
+
+- name: Create flavors
+ when: nova_flavors | length > 0
+ block:
+ - name: Wait until compute api service ready
+ kubernetes.core.k8s_info:
+ api_version: apps/v1
+ kind: Deployment
+ name: nova-api-osapi
+ namespace: openstack
+ wait_sleep: 10
+ wait_timeout: 600
+ wait: true
+ wait_condition:
+ type: Available
+ status: true
+
+ - name: Create flavors
+ openstack.cloud.compute_flavor:
+ cloud: atmosphere
+ # Flavor settings
+ flavorid: "{{ item.flavorid | default(omit) }}"
+ name: "{{ item.name }}"
+ vcpus: "{{ item.vcpus }}"
+ ram: "{{ item.ram }}"
+ disk: "{{ item.disk | default(omit) }}"
+ ephemeral: "{{ item.ephemeral | default(omit) }}"
+ swap: "{{ item.swap | default(omit) }}"
+ is_public: "{{ item.is_public | default(omit) }}"
+ rxtx_factor: "{{ item.rxtx_factor | default(omit) }}"
+ extra_specs: "{{ item.extra_specs | default(omit) }}"
+ loop: "{{ nova_flavors }}"
+ # NOTE(mnaser): This often fails with a 503 since we're sending a request
+ # way too fast after the service is ready, retry for now
+ # but the Helm chart should be fixed.
+ #
+ # See: https://github.com/vexxhost/atmosphere/issues/72
+ retries: 60
+ delay: 5
+ register: _result
+ until: _result is not failed
diff --git a/roles/nova/vars/main.yml b/roles/nova/vars/main.yml
new file mode 100644
index 0000000..820b12c
--- /dev/null
+++ b/roles/nova/vars/main.yml
@@ -0,0 +1,111 @@
+# Copyright (c) 2022 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+_nova_helm_values:
+ endpoints: "{{ openstack_helm_endpoints }}"
+ labels:
+ agent:
+ compute_ironic:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
+ images:
+ tags: "{{ atmosphere_images | vexxhost.atmosphere.openstack_helm_image_tags('nova') }}"
+ network:
+ ssh:
+ enabled: true
+ public_key: "{{ _nova_ssh_publickey.public_key }}"
+ private_key: "{{ nova_ssh_key }}"
+ bootstrap:
+ structured:
+ flavors:
+ enabled: false
+ pod:
+ replicas:
+ api_metadata: 3
+ osapi: 3
+ conductor: 3
+ scheduler: 3
+ novncproxy: 3
+ spiceproxy: 3
+ conf:
+ ceph:
+ enabled: "{{ atmosphere_ceph_enabled | default(true) | bool }}"
+ paste:
+ composite:openstack_compute_api_v21:
+ keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21
+ composite:openstack_compute_api_v21_legacy_v2_compatible:
+ keystone: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
+ nova:
+ DEFAULT:
+ allow_resize_to_same_host: true
+ cpu_allocation_ratio: 4.5
+ ram_allocation_ratio: 0.9
+ disk_allocation_ratio: 3.0
+ resume_guests_state_on_host_boot: true
+ osapi_compute_workers: 8
+ metadata_workers: 8
+ cache:
+ backend: oslo_cache.memcache_pool
+ cinder:
+ catalog_info: volumev3::internalURL
+ conductor:
+ workers: 8
+ compute:
+ consecutive_build_service_disable_threshold: 0
+ cors:
+ allowed_origin: "*"
+ allow_headers: "X-Auth-Token,X-OpenStack-Nova-API-Version"
+ filter_scheduler:
+ enabled_filters:
+ AvailabilityZoneFilter,
+ ComputeFilter,
+ AggregateTypeAffinityFilter,
+ ComputeCapabilitiesFilter,
+ PciPassthroughFilter,
+ ImagePropertiesFilter,
+ ServerGroupAntiAffinityFilter,
+ ServerGroupAffinityFilter
+ image_properties_default_architecture: x86_64
+ max_instances_per_host: 200
+ glance:
+ enable_rbd_download: true
+ neutron:
+ metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
+ oslo_messaging_notifications:
+ driver: noop
+ scheduler:
+ workers: 8
+ nova_ironic:
+ DEFAULT:
+ log_config_append: null
+ force_config_drive: true
+ manifests:
+ deployment_consoleauth: false
+ deployment_placement: false
+ ingress_metadata: false
+ ingress_novncproxy: false
+ ingress_osapi: false
+ ingress_placement: false
+ job_db_init_placement: false
+ job_ks_placement_endpoints: false
+ job_ks_placement_service: false
+ job_ks_placement_user: false
+ secret_keystone_placement: false
+ service_ingress_metadata: false
+ service_ingress_novncproxy: false
+ service_ingress_osapi: false
+ service_ingress_placement: false
+ service_placement: false
+ # NOTE(mnaser): Enable this once we've got Ironic deployed.
+ statefulset_compute_ironic: false