From 690a5eb951b88c9f94f5bf03bf115b9566c3b87e Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Jul 25 2024 20:50:39 +0000
Subject: openqa/worker: add NM-based tap setup and test on p09-worker01


network-scripts-openvswitch was removed in f40 and network-scripts
is going away in f41; we really need to get off using them.
This attempts to implement the same setup using NetworkManager,
based on a few different NM/ovs references, and the source of
openQA upstream's os-autoinst-setup-multi-machine . It might
need a bit of tweaking, so for now, we make it a separate task
and use it only on p09-worker01 for testing. This doesn't handle
tearing down the old network-scripts-based config as that's
pretty complex and will only need to happen once; I'll do it
manually before trying this out.

Signed-off-by: Adam Williamson <awilliam@redhat.com>

---

diff --git a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org b/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org
index 5451613..db1bab4 100644
--- a/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org
+++ b/inventory/host_vars/openqa-p09-worker01.iad2.fedoraproject.org
@@ -57,3 +57,5 @@ sudoers: "{{ private }}/files/sudo/qavirt-sudoers"
 tcp_ports: ['20013', '20023', '20033', '20043', '20053', '20063', '20073', '20083', '20093', '20103', '20113', '20123', '20133', '20143', '20153']
 # this box is encrypted
 openqa_nbde: true
+# testing nm deployment
+openqa_tap_nm: true
diff --git a/roles/openqa/worker/defaults/main.yml b/roles/openqa/worker/defaults/main.yml
index 848e7df..73e7813 100644
--- a/roles/openqa/worker/defaults/main.yml
+++ b/roles/openqa/worker/defaults/main.yml
@@ -3,4 +3,5 @@ openqa_repo: updates
 openqa_createhdds_branch: main
 openqa_nfs_worker: false
 openqa_tap: ""
+openqa_tap_nm: false
 openqa_hdds_worker: false
diff --git a/roles/openqa/worker/tasks/main.yml b/roles/openqa/worker/tasks/main.yml
index a4b45cb..3ab734c 100644
--- a/roles/openqa/worker/tasks/main.yml
+++ b/roles/openqa/worker/tasks/main.yml
@@ -167,7 +167,10 @@
   when: openqa_nfs_worker|bool
 
 - include_tasks: tap-setup.yml
-  when: openqa_tap
+  when: "openqa_tap and not openqa_tap_nm|bool"
+
+- include_tasks: tap-setup-nm.yml
+  when: "openqa_tap and openqa_tap_nm|bool"
 
 - name: Tell git it's OK for _openqa-worker to run 'git' on the test dir
   copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
diff --git a/roles/openqa/worker/tasks/tap-setup-nm.yml b/roles/openqa/worker/tasks/tap-setup-nm.yml
new file mode 100644
index 0000000..3a1a095
--- /dev/null
+++ b/roles/openqa/worker/tasks/tap-setup-nm.yml
@@ -0,0 +1,72 @@
+- name: Install packages
+  package:
+    name: ['os-autoinst-openvswitch', 'tunctl', 'NetworkManager-ovs']
+    state: latest
+    enablerepo: "{{ openqa_repo }}"
+  tags:
+  - packages
+  register: packages
+
+- name: Ensure NetworkManager service is enabled and started
+  service: name=NetworkManager enabled=yes state=started
+
+- name: Restart NetworkManager service if we just installed or updated packages
+  service: name=NetworkManager state=restarted
+  when: "(packages is defined) and (packages is changed)"
+
+- name: Enable ipv4_forward in sysctl
+  sysctl: name=net.ipv4.ip_forward value=1 state=present sysctl_set=yes reload=yes
+
+- name: Start openvswitch service
+  service: name=openvswitch enabled=yes state=started
+
+- name: Create openvswitch bridge
+  community.general.nmcli:
+    conn_name: ovs-br
+    ifname: br0
+    type: ovs-bridge
+    state: present
+
+- name: Create openvswitch port for openvswitch bridge
+  community.general.nmcli:
+    conn_name: ovs-br-port
+    ifname: br0
+    master: br0
+    type: ovs-port
+    state: present
+
+- name: Create openvswitch interface for openvswitch bridge
+  community.general.nmcli:
+    conn_name: ovs-br-if
+    ifname: br0
+    master: br0
+    ip4: '172.16.2.2/15'
+    type: ovs-interface
+    state: present
+
+- name: Create openvswitch ports for tap devices
+  community.general.nmcli:
+    conn_name: ovs-tap{{ item }}-port
+    ifname: tap{{ item }}
+    master: br0
+    type: ovs-port
+    state: present
+  with_sequence: start=0 end={{ openqa_workers | int }}
+
+# nmcli collection does not support tun type
+- name: Check whether tap device interface connection profiles exist
+  shell: "(for i in {0..{{ openqa_workers | int }}}; do ip addr show tap$i || exit 1; done)"
+  register: tapsexist
+  changed_when: "1 != 1"
+  failed_when: "1 != 1"
+
+- name: Create openvswitch interfaces for tap devices
+  shell: "nmcli con add type tun mode tap owner '$(id -u _openqa-worker)' group '$(getent group nogroup | cut -f3 -d:)' con.int 'tap{{ item }}' master 'tap{{ item }}'"
+  with_sequence: start=0 end={{ openqa_workers | int }}
+  when: tapsexist.rc > 0
+
+- name: Install openvswitch sysconfig file
+  copy: src=os-autoinst-openvswitch.sysconfig dest=/etc/sysconfig/os-autoinst-openvswitch owner=root group=root mode=0644
+
+- name: Enable and start os-autoinst openvswitch service
+  service: name=os-autoinst-openvswitch enabled=yes state=started