commit fcc1a6d22e9dd3b4228b900fbd5857eaecac2527
author Mohammed Naser <mnaser@vexxhost.com> Wed Jan 17 17:12:31 2024 -0500
committer Mohammed Naser <mnaser@vexxhost.com> Wed Jan 17 17:12:31 2024 -0500
tree f73ea936170e2b13b4541f0bb8069b852f469740
parent 0ca3a72aa7ba04291922abef2b30b36c5213a04e

fix(octavia): force internal endpoint usage

roles/defaults/vars/main.yml

diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 1711fe5..dc98056 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -147,12 +147,12 @@
   nova_service_cleaner: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:c5118e27245b53db06e5098e980816d5f2a8f2615dde49d5e0c5b3172ee69bf6
   nova_spiceproxy_assets: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:584c9e0a1c503110c95ff511610993e9b41d99091579291c7726db155b6fa0ca
   nova_spiceproxy: ghcr.io/vexxhost/atmosphere/nova:zed@sha256:584c9e0a1c503110c95ff511610993e9b41d99091579291c7726db155b6fa0ca
-  octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
-  octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
+  octavia_api: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+  octavia_db_sync: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
   octavia_health_manager_init: ghcr.io/vexxhost/atmosphere/heat:2023.2@sha256:c5118e27245b53db06e5098e980816d5f2a8f2615dde49d5e0c5b3172ee69bf6
-  octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
-  octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
-  octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:52d00cb9b4a42a915a52956e4fad09e71f43e79d1a5a55bf538879a6602f7348
+  octavia_health_manager: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+  octavia_housekeeping: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
+  octavia_worker: ghcr.io/vexxhost/atmosphere/octavia:2023.2@sha256:36ed47c546eebd36fa0b067d55443b4eb77568bdad432e93c0f4f56c8b533117
   openvswitch_db_server: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:c68347b6b1479fda5ccf3165492b989ebe49985fa30661ed4f1ea208fa2a110e
   openvswitch_vswitchd: ghcr.io/vexxhost/atmosphere/openvswitch:3.1.0-65@sha256:c68347b6b1479fda5ccf3165492b989ebe49985fa30661ed4f1ea208fa2a110e
   ovn_controller: ghcr.io/vexxhost/atmosphere/ovn-host:23.03.0-69@sha256:03b4174e347d14e370aff7399a34f5fcbab1176dcf72c22ffbb0e8c1f66628a6

roles/octavia/tasks/generate_resources.yml

diff --git a/roles/octavia/tasks/generate_resources.yml b/roles/octavia/tasks/generate_resources.yml
index 1c4c87e..32ee815 100644
--- a/roles/octavia/tasks/generate_resources.yml
+++ b/roles/octavia/tasks/generate_resources.yml
@@ -169,6 +169,11 @@
           stringData:
             id_rsa: $(privateKey)
             id_rsa.pub: $(authorizedKey)
+            config: |
+              Host *
+                User ubuntu
+                StrictHostKeyChecking no
+                UserKnownHostsFile /dev/null
     wait: true
     wait_timeout: 60
     wait_condition:

roles/octavia/vars/main.yml

diff --git a/roles/octavia/vars/main.yml b/roles/octavia/vars/main.yml
index 2a69cd9..f83ae85 100644
--- a/roles/octavia/vars/main.yml
+++ b/roles/octavia/vars/main.yml
@@ -39,15 +39,8 @@
               mountPath: /etc/octavia/certs/server
             - name: octavia-client-certs
               mountPath: /etc/octavia/certs/client
-            - name: octavia-amphora-ssh-key-dir
+            - name: octavia-amphora-ssh-key
               mountPath: /var/lib/octavia/.ssh
-            - name: octavia-amphora-ssh-key
-              mountPath: /var/lib/octavia/.ssh/id_rsa
-              subPath: id_rsa
-              readOnly: true
-            - name: octavia-amphora-ssh-key
-              mountPath: /var/lib/octavia/.ssh/id_rsa.pub
-              subPath: id_rsa.pub
               readOnly: true
           volumes:
             - name: octavia-server-ca
@@ -56,14 +49,10 @@
             - name: octavia-client-certs
               secret:
                 secretName: octavia-client-certs
-            - name: octavia-amphora-ssh-key-dir
-              emptyDir: {}
             - name: octavia-amphora-ssh-key
               secret:
                 secretName: "{{ octavia_ssh_key_secret.resources[0]['metadata']['name'] }}"
                 defaultMode: 0444 # noqa: yaml[octal-values]
-            - name: octavia-amphora-ssh-key-dir
-              emptyDir: {}
       octavia_housekeeping:
         octavia_housekeeping:
           volumeMounts:
@@ -128,6 +117,7 @@
         driver: noop
       neutron:
         endpoint_type: internalURL
+        valid_interfaces: internal
       nova:
         endpoint_type: internalURL
       service_auth: