From d151a8165042205e6ff6a26de9eb8dbf5e15f7c0 Mon Sep 17 00:00:00 2001
From: ricolin <rlin@vexxhost.com>
Date: Tue, 7 May 2024 21:07:42 +0800
Subject: [PATCH] Allows Octavia Amphore V2

Add support for Octavia Amphore V2

For backward compatibility the default driver still Amphore v1.

One can use Amphore V2 as driver, by specify
`config.octavia.api_settings.default_provider_driver`
`config.octavia.api_settings.enabled_provider_drivers`

Also for authentication, you can provide
`.Values.endpoints.valkey.password` to use password auth, but more
recommanded way is to use CA cert access.
And then add path to
`config.octavia.task_flow.jobboard_redis_backend_ssl_options` and
`config.octavia.task_flow.jobboard_redis_sentinel_ssl_options`.

Change-Id: I6e652c1ed3a6ae45c72bb47809a1f8d846352314
---
 octavia/templates/bin/_db-sync.sh.tpl        |  2 +
 octavia/templates/configmap-etc.yaml         | 16 +++++++
 octavia/templates/job-db-drop.yaml           |  6 ++-
 octavia/templates/job-db-init.yaml           |  9 +++-
 octavia/templates/secret-db-persistence.yaml | 19 ++++++++
 octavia/values.yaml                          | 47 ++++++++++++++++++++
 6 files changed, 97 insertions(+), 2 deletions(-)
 create mode 100644 octavia/templates/secret-db-persistence.yaml

diff --git a/octavia/templates/bin/_db-sync.sh.tpl b/octavia/templates/bin/_db-sync.sh.tpl
index ae7e3c8961..120087a894 100644
--- a/octavia/templates/bin/_db-sync.sh.tpl
+++ b/octavia/templates/bin/_db-sync.sh.tpl
@@ -19,3 +19,5 @@ limitations under the License.
 set -ex
 
 octavia-db-manage upgrade head
+
+octavia-db-manage upgrade_persistence
diff --git a/octavia/templates/configmap-etc.yaml b/octavia/templates/configmap-etc.yaml
index b8005a58a2..a398914ae0 100644
--- a/octavia/templates/configmap-etc.yaml
+++ b/octavia/templates/configmap-etc.yaml
@@ -84,6 +84,22 @@ limitations under the License.
 {{- $_ := tuple "oslo_db" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.database "connection" -}}
 {{- end -}}
 
+{{- if empty .Values.conf.octavia.task_flow.persistence_connection -}}
+{{- $_ := tuple "oslo_db_persistence" "internal" "octavia" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.octavia.task_flow "persistence_connection" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_hosts -}}
+{{- $_ := tuple "valkey" "internal" . | include "helm-toolkit.endpoints.endpoint_host_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_hosts" -}}
+{{- end -}}
+
+{{- if empty .Values.conf.octavia.task_flow.jobboard_backend_port -}}
+{{- $_ := tuple "valkey" "sentinel" "server" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | set .Values.conf.octavia.task_flow "jobboard_backend_port" -}}
+{{- end -}}
+
+{{- if and (empty .Values.conf.octavia.task_flow.jobboard_backend_password) (not (empty .Values.endpoints.valkey.password) ) -}}
+{{- $_ := set .Values.conf.octavia.task_flow "jobboard_backend_password" .Values.endpoints.valkey.password -}}
+{{- end -}}
+
 {{- if empty .Values.conf.octavia.DEFAULT.transport_url -}}
 {{- $_ := tuple "oslo_messaging" "internal" "octavia" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.octavia.DEFAULT "transport_url" -}}
 {{- end -}}
diff --git a/octavia/templates/job-db-drop.yaml b/octavia/templates/job-db-drop.yaml
index 1975d7d593..ea9085aa35 100644
--- a/octavia/templates/job-db-drop.yaml
+++ b/octavia/templates/job-db-drop.yaml
@@ -15,6 +15,10 @@ limitations under the License.
 */}}
 
 {{- if .Values.manifests.job_db_drop }}
-{{- $dbDropJob := dict "envAll" . "serviceName" "octavia" -}}
+{{- $serviceName := "octavia" -}}
+{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
+{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
+{{- $dbsToDrop := list $dbSvc $dbPersist }}
+{{- $dbDropJob := dict "envAll" . "serviceName" $serviceName "dbsToDrop" $dbsToDrop -}}
 {{ $dbDropJob | include "helm-toolkit.manifests.job_db_drop_mysql" }}
 {{- end }}
diff --git a/octavia/templates/job-db-init.yaml b/octavia/templates/job-db-init.yaml
index b1ca9f6451..c532cc998f 100644
--- a/octavia/templates/job-db-init.yaml
+++ b/octavia/templates/job-db-init.yaml
@@ -20,6 +20,13 @@ helm.sh/hook-weight: "-5"
 {{- end }}
 
 {{- if .Values.manifests.job_db_init }}
-{{- $dbInitJob := dict "envAll" . "serviceName" "octavia" "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) -}}
+{{- $serviceName := "octavia" -}}
+{{- $dbSvc := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "database" "configDbKey" "connection" -}}
+{{- $dbPersist := dict "adminSecret" .Values.secrets.oslo_db.admin "configFile" (printf "/etc/%s/%s.conf" $serviceName $serviceName ) "logConfigFile" (printf "/etc/%s/logging.conf" $serviceName ) "configDbSection" "task_flow" "configDbKey" "persistence_connection" -}}
+{{- $dbsToInit := list $dbSvc $dbPersist }}
+{{- $dbInitJob := dict "envAll" . "serviceName" $serviceName "dbsToInit" $dbsToInit -}}
+{{- if .Values.helm3_hook }}
+{{- $_ := set $dbInitJob "jobAnnotations" (include "metadata.annotations.job.db_init" . | fromYaml) }}
+{{- end }}
 {{ $dbInitJob | include "helm-toolkit.manifests.job_db_init_mysql" }}
 {{- end }}
diff --git a/octavia/templates/secret-db-persistence.yaml b/octavia/templates/secret-db-persistence.yaml
new file mode 100644
index 0000000000..cd58e04a79
--- /dev/null
+++ b/octavia/templates/secret-db-persistence.yaml
@@ -0,0 +1,19 @@
+{{/*
+Copyright 2024 Vexxhost Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.manifests.secret_db_persistence }}
+{{- $envAll := . }}
+{{- range $key1, $userClass := tuple "admin" "octavia" }}
+{{- $secretName := index $envAll.Values.secrets.oslo_db_persistence $userClass }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+type: Opaque
+data:
+  DB_CONNECTION: {{ tuple "oslo_db_persistence" "internal" $userClass "mysql" $envAll | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | b64enc -}}
+{{- end }}
+{{- end }}
diff --git a/octavia/values.yaml b/octavia/values.yaml
index 3d48c1e000..fc5605cce2 100644
--- a/octavia/values.yaml
+++ b/octavia/values.yaml
@@ -107,6 +107,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_persistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -124,6 +126,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_persistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -143,6 +147,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_persistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -162,6 +168,8 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_persistence
         - endpoint: internal
           service: identity
         - endpoint: internal
@@ -176,12 +184,16 @@ dependencies:
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_persistence
     db_sync:
       jobs:
         - octavia-db-init
       services:
         - endpoint: internal
           service: oslo_db
+        - endpoint: internal
+          service: oslo_db_persistence
     ks_endpoints:
       jobs:
         - octavia-ks-service
@@ -263,6 +275,8 @@ conf:
       cafile: ""
       auth_version: v3
       memcache_security_strategy: ENCRYPT
+    task_flow:
+      jobboard_enabled: true
   logging:
     loggers:
       keys:
@@ -361,6 +375,9 @@ secrets:
   oslo_db:
     admin: octavia-db-admin
     octavia: octavia-db-user
+  oslo_db_persistence:
+    admin: octavia-persistence-db-admin
+    octavia: octavia-persistence-db-user
   oslo_messaging:
     admin: octavia-rabbitmq-admin
     octavia: octavia-rabbitmq-user
@@ -471,6 +488,23 @@ endpoints:
     port:
       mysql:
         default: 3306
+  oslo_db_persistence:
+    auth:
+      admin:
+        username: root
+        password: password
+      octavia:
+        username: octavia
+        password: password
+    hosts:
+      default: mariadb
+    host_fqdn_override:
+      default: null
+    path: /octavia_persistence
+    scheme: mysql+pymysql
+    port:
+      mysql:
+        default: 3306
   oslo_cache:
     auth:
       # NOTE(portdirect): this is used to define the value for keystone
@@ -523,6 +557,18 @@ endpoints:
       api:
         default: 9696
         public: 80
+  valkey:
+    name: valkey
+    hosts:
+      default: valkey
+    # NOTE(rlin): we should only provide password when not using CA cert.
+    password: null
+    host_fqdn_override:
+      default: null
+    port:
+      server:
+        default: 6379
+        sentinel: 26379
 
 pod:
   security_context:
@@ -739,6 +785,7 @@ manifests:
   network_policy: false
   secret_credential_keys: true
   secret_db: true
+  secret_db_persistence: true
   secret_ingress_tls: true
   secret_keystone: true
   secret_rabbitmq: true