fix(octavia): force internal endpoint usage
diff --git a/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch b/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch
new file mode 100644
index 0000000..f113d64
--- /dev/null
+++ b/images/octavia/patches/octavia/0000-fix-specify-endpoint-info.-for-neutron-client.patch
@@ -0,0 +1,37 @@
+From efd289b950b32d3e6ad160b7c7f2901bca7c7e55 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Tue, 16 Jan 2024 17:13:19 -0500
+Subject: [PATCH] fix: specify endpoint info. for neutron client
+
+Closes bug: #2049551
+
+Change-Id: I80a266e500958415a70d462ddfe57e9e03e6ef13
+---
+ octavia/common/clients.py | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/octavia/common/clients.py b/octavia/common/clients.py
+index b13642bb..2abcc67b 100644
+--- a/octavia/common/clients.py
++++ b/octavia/common/clients.py
+@@ -80,10 +80,16 @@ class NeutronAuth(object):
+ if not cls.neutron_client:
+ sess = ksession.get_session()
+
+- kwargs = {}
++ kwargs = {
++ 'region_name': CONF.neutron.region_name,
++ 'interface': CONF.neutron.valid_interfaces
++ }
+ if CONF.neutron.endpoint_override:
+ kwargs['network_endpoint_override'] = (
+ CONF.neutron.endpoint_override)
++ if CONF.neutron.endpoint_override.startswith("https"):
++ kwargs['insecure'] = CONF.neutron.insecure
++ kwargs['cacert'] = CONF.neutron.cafile
+
+ conn = openstack.connection.Connection(
+ session=sess, **kwargs)
+--
+2.34.1
+
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 1711fe5..dc98056 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -147,12 +147,12 @@
nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:c5118e27245b53db06e5098e980816d5f2a8f2615dde49d5e0c5b3172ee69bf6
nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:584c9e0a1c503110c95ff511610993e9b41d99091579291c7726db155b6fa0ca
nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:584c9e0a1c503110c95ff511610993e9b41d99091579291c7726db155b6fa0ca
- octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
- octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
+ octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+ octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:c5118e27245b53db06e5098e980816d5f2a8f2615dde49d5e0c5b3172ee69bf6
- octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
- octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
- octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
+ octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+ octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+ octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:c68347b6b1479fda5ccf3165492b989ebe49985fa30661ed4f1ea208fa2a110e
openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:c68347b6b1479fda5ccf3165492b989ebe49985fa30661ed4f1ea208fa2a110e
ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:03b4174e347d14e370aff7399a34f5fcbab1176dcf72c22ffbb0e8c1f66628a6
diff --git a/roles/octavia/tasks/generate_resources.yml b/roles/octavia/tasks/generate_resources.yml
index 1c4c87e..32ee815 100644
--- a/roles/octavia/tasks/generate_resources.yml
+++ b/roles/octavia/tasks/generate_resources.yml
@@ -169,6 +169,11 @@
stringData:
id_rsa: $(privateKey)
id_rsa.pub: $(authorizedKey)
+ config: |
+ Host *
+ User ubuntu
+ StrictHostKeyChecking no
+ UserKnownHostsFile /dev/null
wait: true
wait_timeout: 60
wait_condition:
diff --git a/roles/octavia/vars/main.yml b/roles/octavia/vars/main.yml
index 2a69cd9..f83ae85 100644
--- a/roles/octavia/vars/main.yml
+++ b/roles/octavia/vars/main.yml
@@ -39,15 +39,8 @@
mountPath: /etc/octavia/certs/server
- name: octavia-client-certs
mountPath: /etc/octavia/certs/client
- - name: octavia-amphora-ssh-key-dir
+ - name: octavia-amphora-ssh-key
mountPath: /var/lib/octavia/.ssh
- - name: octavia-amphora-ssh-key
- mountPath: /var/lib/octavia/.ssh/id_rsa
- subPath: id_rsa
- readOnly: true
- - name: octavia-amphora-ssh-key
- mountPath: /var/lib/octavia/.ssh/id_rsa.pub
- subPath: id_rsa.pub
readOnly: true
volumes:
- name: octavia-server-ca
@@ -56,14 +49,10 @@
- name: octavia-client-certs
secret:
secretName: octavia-client-certs
- - name: octavia-amphora-ssh-key-dir
- emptyDir: {}
- name: octavia-amphora-ssh-key
secret:
secretName: "{{ octavia_ssh_key_secret.resources[0]['metadata']['name'] }}"
defaultMode: 0444 # noqa: yaml[octal-values]
- - name: octavia-amphora-ssh-key-dir
- emptyDir: {}
octavia_housekeeping:
octavia_housekeeping:
volumeMounts:
@@ -128,6 +117,7 @@
driver: noop
neutron:
endpoint_type: internalURL
+ valid_interfaces: internal
nova:
endpoint_type: internalURL
service_auth: