Adds notification transporturl

1 - human operator will update rabbitmq in openstackcontrolplane CR
a) under rabbitmq: add new rabbitmq, ex: rabbitmq-broadcaster, something like

           rabbitmq-broadcaster:
               replicas: 1
2 - human operator will update Nova in openstackcontrolplane CR
a) under nova.template.spec: register new rabbit
(as we do for new cell but not inside celltemplate, as this one is top-level)

     nova:
	  template:
               spec:
                  apiContainerImageURL: image_url
                  apiMessageBusInstance: rabbitmq
                  // new var
                  notificationsBusInstance: rabbitmq-broadcaster

in Nova CR instance.Spec.NotificationsBusInstance value

     nil                   : means not mentioned in CR, so disable it.
     ""                    : disable notification
     rabbitmq-broadcaster  : notification to a bus rabbitmq-broadcaster

3 - nova-operator will recognize notificationsBusInstance and
retrieve transport_url of new rabbit (rabbitmq-broadcaster)

4 - nova-operator will set this transport_url in nova.conf

Closes: OSPRH-15392

Author: auniyal61

api/v1beta1/conditions.go

@@ -54,6 +54,10 @@ const (
 	NovaAllControlPlaneComputesReadyCondition condition.Type = "NovaAllControlPlaneComputesReady"
 	//NovaCellsDeletionCondition indicates that the NovaCells deletion is in progress
 	NovaCellsDeletionCondition condition.Type = "NovaCellsDeletion"
+
+	// notifications
+	// NovaNotificationMQReadyCondition indicated that the top level notification message bus is ready
+	NovaNotificationMQReadyCondition condition.Type = "NovaNotificationMQReady"
 )
 
 // Common Messages used by API objects.
@@ -183,4 +187,19 @@ const (
 
 	// NovaCellsDeletionConditionReadyMessage
 	NovaCellsDeletionConditionReadyMessage = "There is no more NovaCells to delete"
+	// notifications
+	// NovaNotificationMQReadyInitMessage
+	NovaNotificationMQReadyInitMessage = "Notification message bus not started"
+
+	// NovaNotificationMQNotRequestedMessage
+	NovaNotificationMQNotRequestedMessage = "Notification message bus not requested"
+
+	// NovaNotificationMQReadyErrorMessage
+	NovaNotificationMQReadyErrorMessage = "Notification message bus creation failed: %s"
+
+	// NovaNotificationMQReadyCreatingMessage
+	NovaNotificationMQReadyCreatingMessage = "Notification message bus creation ongoing"
+
+	// NovaNotificationMQReadyMessage
+	NovaNotificationMQReadyMessage = "Notification message bus created successfully"
 )

controllers/common.go

@@ -96,6 +96,10 @@ const (
 	// Secret for the cell message bus transport URL
 	TransportURLSelector = "transport_url"
 
+	// NotificationTransportURLSelector is the name of
+	// top level notification message bus transport URL
+	NotificationTransportURLSelector = "notification_transport_url"
+
 	// fields to index to reconcile when change
 	passwordSecretField        = ".spec.secret"
 	caBundleSecretNameField    = ".spec.tls.caBundleSecretName" // #nosec G101

controllers/nova_controller.go

@@ -391,6 +391,49 @@ func (r *NovaReconciler) Reconcile(ctx context.Context, req ctrl.Request) (resul
 		return ctrl.Result{}, fmt.Errorf("%w from  for the API MQ: %d", util.ErrInvalidStatus, apiMQStatus)
 	}
 
+	// nova broadcaster rabbit
+	notificationBusName := ""
+	if instance.Spec.NotificationsBusInstance != nil {
+		notificationBusName = *instance.Spec.NotificationsBusInstance
+	}
+
+	var notificationTransportURL string
+	var notificationMQStatus nova.MessageBusStatus
+	var notificationMQError error
+
+	if notificationBusName != "" {
+		notificationTransportURL, notificationMQStatus, notificationMQError = r.ensureMQ(
+			ctx, h, instance, instance.Name+"-notification-transport", notificationBusName)
+
+		switch notificationMQStatus {
+		case nova.MQFailed:
+			instance.Status.Conditions.Set(condition.FalseCondition(
+				novav1.NovaNotificationMQReadyCondition,
+				condition.ErrorReason,
+				condition.SeverityError,
+				novav1.NovaNotificationMQReadyErrorMessage,
+				notificationMQError.Error(),
+			))
+		case nova.MQCreating:
+			instance.Status.Conditions.Set(condition.FalseCondition(
+				novav1.NovaNotificationMQReadyCondition,
+				condition.ErrorReason,
+				condition.SeverityError,
+				novav1.NovaNotificationMQReadyCreatingMessage,
+			))
+		case nova.MQCompleted:
+			instance.Status.Conditions.MarkTrue(
+				novav1.NovaNotificationMQReadyCondition, novav1.NovaNotificationMQReadyMessage)
+		default:
+			return ctrl.Result{}, fmt.Errorf("%w from  for the Notification MQ: %d",
+				util.ErrInvalidStatus, notificationMQStatus)
+		}
+	} else {
+		instance.Status.Conditions.MarkTrue(
+			novav1.NovaNotificationMQReadyCondition, novav1.NovaNotificationMQNotRequestedMessage)
+
+	}
+
 	cellMQs := map[string]*nova.MessageBus{}
 	var failedMQs []string
 	var creatingMQs []string
@@ -481,7 +524,7 @@ func (r *NovaReconciler) Reconcile(ctx context.Context, req ctrl.Request) (resul
 		}
 		cell, status, err := r.ensureCell(
 			ctx, h, instance, cellName, cellTemplate,
-			cellDB.Database, apiDB, cellMQ.TransportURL,
+			cellDB.Database, apiDB, cellMQ.TransportURL, notificationTransportURL,
 			keystoneInternalAuthURL, secret,
 		)
 		cells[cellName] = cell
@@ -546,7 +589,11 @@ func (r *NovaReconciler) Reconcile(ctx context.Context, req ctrl.Request) (resul
 		return ctrl.Result{}, nil
 	}
 
-	topLevelSecretName, err := r.ensureTopLevelSecret(ctx, h, instance, apiTransportURL, secret)
+	topLevelSecretName, err := r.ensureTopLevelSecret(
+		ctx, h, instance,
+		apiTransportURL,
+		notificationTransportURL,
+		secret)
 	if err != nil {
 		return ctrl.Result{}, err
 	}
@@ -936,6 +983,11 @@ func (r *NovaReconciler) initConditions(
 			condition.InitReason,
 			condition.MemcachedReadyInitMessage,
 		),
+		condition.UnknownCondition(
+			novav1.NovaNotificationMQReadyCondition,
+			condition.InitReason,
+			novav1.NovaNotificationMQReadyInitMessage,
+		),
 	)
 	instance.Status.Conditions.Init(&cl)
 	return nil
@@ -1133,12 +1185,16 @@ func (r *NovaReconciler) ensureCell(
 	cellDB *mariadbv1.Database,
 	apiDB *mariadbv1.Database,
 	cellTransportURL string,
+	notificationTransportURL string,
 	keystoneAuthURL string,
 	secret corev1.Secret,
 ) (*novav1.NovaCell, nova.CellDeploymentStatus, error) {
 	Log := r.GetLogger(ctx)
 
-	cellSecretName, err := r.ensureCellSecret(ctx, h, instance, cellName, cellTemplate, cellTransportURL, secret)
+	cellSecretName, err := r.ensureCellSecret(
+		ctx, h, instance, cellName, cellTemplate,
+		cellTransportURL, notificationTransportURL,
+		secret)
 	if err != nil {
 		return nil, nova.CellDeploying, err
 	}
@@ -1684,6 +1740,7 @@ func (r *NovaReconciler) ensureMQ(
 	}
 
 	secretName := types.NamespacedName{Namespace: instance.Namespace, Name: transportURL.Status.SecretName}
+
 	secret := &corev1.Secret{}
 	err = h.GetClient().Get(ctx, secretName, secret)
 	if err != nil {
@@ -1698,7 +1755,6 @@ func (r *NovaReconciler) ensureMQ(
 		return "", nova.MQFailed, fmt.Errorf(
 			"%w: the TransportURL secret %s does not have 'transport_url' field", util.ErrFieldNotFound, transportURL.Status.SecretName)
 	}
-
 	return string(url), nova.MQCompleted, nil
 }
 
@@ -1902,13 +1958,15 @@ func (r *NovaReconciler) ensureCellSecret(
 	cellName string,
 	cellTemplate novav1.NovaCellTemplate,
 	cellTransportURL string,
+	notificationTransportURL string,
 	externalSecret corev1.Secret,
 ) (string, error) {
 	// NOTE(gibi): We can move other sensitive data to the internal Secret from
 	// the NovaCellSpec fields, possibly hostnames or usernames.
 	data := map[string]string{
-		ServicePasswordSelector: string(externalSecret.Data[instance.Spec.PasswordSelectors.Service]),
-		TransportURLSelector:    cellTransportURL,
+		ServicePasswordSelector:          string(externalSecret.Data[instance.Spec.PasswordSelectors.Service]),
+		TransportURLSelector:             cellTransportURL,
+		NotificationTransportURLSelector: notificationTransportURL,
 	}
 
 	// If metadata is enabled in the cell then the cell secret needs the
@@ -1952,14 +2010,16 @@ func (r *NovaReconciler) ensureTopLevelSecret(
 	h *helper.Helper,
 	instance *novav1.Nova,
 	apiTransportURL string,
+	notificationTransportURL string,
 	externalSecret corev1.Secret,
 ) (string, error) {
 	// NOTE(gibi): We can move other sensitive data to the internal Secret from
 	// the subCR fields, possibly hostnames or usernames.
 	data := map[string]string{
-		ServicePasswordSelector: string(externalSecret.Data[instance.Spec.PasswordSelectors.Service]),
-		MetadataSecretSelector:  string(externalSecret.Data[instance.Spec.PasswordSelectors.MetadataSecret]),
-		TransportURLSelector:    apiTransportURL,
+		ServicePasswordSelector:          string(externalSecret.Data[instance.Spec.PasswordSelectors.Service]),
+		MetadataSecretSelector:           string(externalSecret.Data[instance.Spec.PasswordSelectors.MetadataSecret]),
+		TransportURLSelector:             apiTransportURL,
+		NotificationTransportURLSelector: notificationTransportURL,
 	}
 
 	// NOTE(gibi): When we switch to immutable secrets then we need to include

controllers/novaapi_controller.go

@@ -183,16 +183,19 @@ func (r *NovaAPIReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 	// detect if something is changed.
 	hashes := make(map[string]env.Setter)
 
-	secretHash, result, secret, err := ensureSecret(
-		ctx,
-		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
+	requiredSecretFields := []string{
 		// TODO(gibi): add keystoneAuthURL here is that is also passed via
 		// the Secret. Also add DB and MQ user name here too if those are
 		// passed via the Secret
-		[]string{
-			ServicePasswordSelector,
-			TransportURLSelector,
-		},
+		ServicePasswordSelector,
+		TransportURLSelector,
+		NotificationTransportURLSelector,
+	}
+
+	secretHash, result, secret, err := ensureSecret(
+		ctx,
+		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
+		requiredSecretFields,
 		h.GetClient(),
 		&instance.Status.Conditions,
 		r.RequeueTimeout,
@@ -473,28 +476,29 @@ func (r *NovaAPIReconciler) generateConfigs(
 		"keystone_internal_url": instance.Spec.KeystoneAuthURL,
 		// NOTE(gibi): As per the definition of www_authenticate_uri this
 		// always needs to point to the public keystone endpoint.
-		"www_authenticate_uri":     instance.Spec.KeystonePublicAuthURL,
-		"nova_keystone_user":       instance.Spec.ServiceUser,
-		"nova_keystone_password":   string(secret.Data[ServicePasswordSelector]),
-		"api_db_name":              NovaAPIDatabaseName,
-		"api_db_user":              apiDatabaseAccount.Spec.UserName,
-		"api_db_password":          string(apiDbSecret.Data[mariadbv1.DatabasePasswordSelector]),
-		"api_db_address":           instance.Spec.APIDatabaseHostname,
-		"api_db_port":              3306,
-		"cell_db_name":             NovaCell0DatabaseName,
-		"cell_db_user":             cellDatabaseAccount.Spec.UserName,
-		"cell_db_password":         string(cellDbSecret.Data[mariadbv1.DatabasePasswordSelector]),
-		"cell_db_address":          instance.Spec.Cell0DatabaseHostname,
-		"cell_db_port":             3306,
-		"openstack_region_name":    "regionOne", // fixme
-		"default_project_domain":   "Default",   // fixme
-		"default_user_domain":      "Default",   // fixme
-		"transport_url":            string(secret.Data[TransportURLSelector]),
-		"log_file":                 "/var/log/nova/nova-api.log",
-		"tls":                      false,
-		"MemcachedServers":         memcachedInstance.GetMemcachedServerListString(),
-		"MemcachedServersWithInet": memcachedInstance.GetMemcachedServerListWithInetString(),
-		"MemcachedTLS":             memcachedInstance.GetMemcachedTLSSupport(),
+		"www_authenticate_uri":       instance.Spec.KeystonePublicAuthURL,
+		"nova_keystone_user":         instance.Spec.ServiceUser,
+		"nova_keystone_password":     string(secret.Data[ServicePasswordSelector]),
+		"api_db_name":                NovaAPIDatabaseName,
+		"api_db_user":                apiDatabaseAccount.Spec.UserName,
+		"api_db_password":            string(apiDbSecret.Data[mariadbv1.DatabasePasswordSelector]),
+		"api_db_address":             instance.Spec.APIDatabaseHostname,
+		"api_db_port":                3306,
+		"cell_db_name":               NovaCell0DatabaseName,
+		"cell_db_user":               cellDatabaseAccount.Spec.UserName,
+		"cell_db_password":           string(cellDbSecret.Data[mariadbv1.DatabasePasswordSelector]),
+		"cell_db_address":            instance.Spec.Cell0DatabaseHostname,
+		"cell_db_port":               3306,
+		"openstack_region_name":      "regionOne", // fixme
+		"default_project_domain":     "Default",   // fixme
+		"default_user_domain":        "Default",   // fixme
+		"transport_url":              string(secret.Data[TransportURLSelector]),
+		"notification_transport_url": string(secret.Data[NotificationTransportURLSelector]),
+		"log_file":                   "/var/log/nova/nova-api.log",
+		"tls":                        false,
+		"MemcachedServers":           memcachedInstance.GetMemcachedServerListString(),
+		"MemcachedServersWithInet":   memcachedInstance.GetMemcachedServerListWithInetString(),
+		"MemcachedTLS":               memcachedInstance.GetMemcachedTLSSupport(),
 	}
 	// create httpd  vhost template parameters
 	httpdVhostConfig := map[string]interface{}{}

controllers/novacell_controller.go

@@ -144,14 +144,17 @@ func (r *NovaCellReconciler) Reconcile(ctx context.Context, req ctrl.Request) (r
 		}
 	}()
 
+	requiredSecretFields := []string{
+		ServicePasswordSelector,
+		TransportURLSelector,
+		NotificationTransportURLSelector,
+	}
+
 	// For the compute config generation we need to read the input secrets
 	_, result, secret, err := ensureSecret(
 		ctx,
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
-		[]string{
-			ServicePasswordSelector,
-			TransportURLSelector,
-		},
+		requiredSecretFields,
 		h.GetClient(),
 		&instance.Status.Conditions,
 		r.RequeueTimeout,
@@ -767,15 +770,16 @@ func (r *NovaCellReconciler) generateComputeConfigs(
 	secret corev1.Secret, vncProxyURL *string,
 ) error {
 	templateParameters := map[string]interface{}{
-		"service_name":           "nova-compute",
-		"keystone_internal_url":  instance.Spec.KeystoneAuthURL,
-		"nova_keystone_user":     instance.Spec.ServiceUser,
-		"nova_keystone_password": string(secret.Data[ServicePasswordSelector]),
-		"openstack_region_name":  "regionOne", // fixme
-		"default_project_domain": "Default",   // fixme
-		"default_user_domain":    "Default",   // fixme
-		"compute_driver":         "libvirt.LibvirtDriver",
-		"transport_url":          string(secret.Data[TransportURLSelector]),
+		"service_name":               "nova-compute",
+		"keystone_internal_url":      instance.Spec.KeystoneAuthURL,
+		"nova_keystone_user":         instance.Spec.ServiceUser,
+		"nova_keystone_password":     string(secret.Data[ServicePasswordSelector]),
+		"openstack_region_name":      "regionOne", // fixme
+		"default_project_domain":     "Default",   // fixme
+		"default_user_domain":        "Default",   // fixme
+		"compute_driver":             "libvirt.LibvirtDriver",
+		"transport_url":              string(secret.Data[TransportURLSelector]),
+		"notification_transport_url": string(secret.Data[NotificationTransportURLSelector]),
 	}
 	// vnc is optional so we only need to configure it for the compute
 	// if the proxy service is deployed in the cell

controllers/novacompute_controller.go

@@ -158,13 +158,16 @@ func (r *NovaComputeReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 
 	hashes := make(map[string]env.Setter)
 
+	requiredSecretFields := []string{
+		ServicePasswordSelector,
+		TransportURLSelector,
+		NotificationTransportURLSelector,
+	}
+
 	secretHash, result, secret, err := ensureSecret(
 		ctx,
 		types.NamespacedName{Namespace: instance.Namespace, Name: instance.Spec.Secret},
-		[]string{
-			ServicePasswordSelector,
-			TransportURLSelector,
-		},
+		requiredSecretFields,
 		h.GetClient(),
 		&instance.Status.Conditions,
 		r.RequeueTimeout,
@@ -336,15 +339,16 @@ func (r *NovaComputeReconciler) generateConfigs(
 	ctx context.Context, h *helper.Helper, instance *novav1.NovaCompute, hashes *map[string]env.Setter, secret corev1.Secret,
 ) error {
 	templateParameters := map[string]interface{}{
-		"service_name":           NovaComputeLabelPrefix,
-		"keystone_internal_url":  instance.Spec.KeystoneAuthURL,
-		"nova_keystone_user":     instance.Spec.ServiceUser,
-		"nova_keystone_password": string(secret.Data[ServicePasswordSelector]),
-		"openstack_region_name":  "regionOne", // fixme
-		"default_project_domain": "Default",   // fixme
-		"default_user_domain":    "Default",   // fixme
-		"transport_url":          string(secret.Data[TransportURLSelector]),
-		"compute_driver":         instance.Spec.ComputeDriver,
+		"service_name":               NovaComputeLabelPrefix,
+		"keystone_internal_url":      instance.Spec.KeystoneAuthURL,
+		"nova_keystone_user":         instance.Spec.ServiceUser,
+		"nova_keystone_password":     string(secret.Data[ServicePasswordSelector]),
+		"openstack_region_name":      "regionOne", // fixme
+		"default_project_domain":     "Default",   // fixme
+		"default_user_domain":        "Default",   // fixme
+		"transport_url":              string(secret.Data[TransportURLSelector]),
+		"notification_transport_url": string(secret.Data[NotificationTransportURLSelector]),
+		"compute_driver":             instance.Spec.ComputeDriver,
 		// Neither the ironic driver nor the fake driver support VNC
 		"vnc_enabled": false,
 	}