From e1304ee54e0dcdf5a0876eb59c7c06a5d9644eec Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 26 May 2026 13:10:18 -0400
Subject: [PATCH] Add Octavia SKMO playbooks for amphora and network setup

Add two new SKMO hook playbooks for Octavia multi-region support:

- upload-octavia-amphora-images.yaml: Wait for amphora image upload
  to complete in both regionOne and regionTwo before proceeding
- configure-octavia-network.yaml: Ensure br-octavia OVS bridges are
  UP on all master nodes for routing between worker pods and amphora
  instances

These fix connectivity issues where Neutron router gateway ports fail
to schedule on chassis due to missing active bridge mappings.

Assisted-by: Claude Opus 4.6
Signed-off-by: Ade Lee <alee@redhat.com>
---
 .../skmo/configure-octavia-network.yaml       | 41 ++++++++++++
 .../skmo/upload-octavia-amphora-images.yaml   | 63 +++++++++++++++++++
 2 files changed, 104 insertions(+)
 create mode 100644 hooks/playbooks/skmo/configure-octavia-network.yaml
 create mode 100644 hooks/playbooks/skmo/upload-octavia-amphora-images.yaml

diff --git a/hooks/playbooks/skmo/configure-octavia-network.yaml b/hooks/playbooks/skmo/configure-octavia-network.yaml
new file mode 100644
index 000000000..5d1418565
--- /dev/null
+++ b/hooks/playbooks/skmo/configure-octavia-network.yaml
@@ -0,0 +1,41 @@
+---
+# Configure Octavia network infrastructure on master nodes
+# This ensures br-octavia OVS bridges are UP for routing between
+# worker pods and amphora instances.
+- name: Configure Octavia network on master nodes
+  hosts: "{{ cifmw_target_host | default('localhost') }}"
+  gather_facts: false
+  tasks:
+    - name: Get master node names
+      environment:
+        KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+        PATH: "{{ cifmw_path }}"
+      ansible.builtin.command:
+        cmd: >-
+          oc get nodes
+          -l node-role.kubernetes.io/master
+          -o jsonpath='{.items[*].metadata.name}'
+      register: _master_nodes_result
+      changed_when: false
+
+    - name: Ensure br-octavia is UP on all master nodes
+      environment:
+        KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+        PATH: "{{ cifmw_path }}"
+      ansible.builtin.shell: |
+        set -xe -o pipefail
+        oc debug node/{{ item }} -- chroot /host ip link set br-octavia up
+      loop: "{{ _master_nodes_result.stdout.split() }}"
+      register: _br_octavia_result
+
+    - name: Verify br-octavia is UP on all master nodes
+      environment:
+        KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+        PATH: "{{ cifmw_path }}"
+      ansible.builtin.shell: |
+        set -xe -o pipefail
+        oc debug node/{{ item }} -- chroot /host ip link show br-octavia | grep -q "state UP"
+      loop: "{{ _master_nodes_result.stdout.split() }}"
+      changed_when: false
+      retries: 3
+      delay: 5
diff --git a/hooks/playbooks/skmo/upload-octavia-amphora-images.yaml b/hooks/playbooks/skmo/upload-octavia-amphora-images.yaml
new file mode 100644
index 000000000..633cc6908
--- /dev/null
+++ b/hooks/playbooks/skmo/upload-octavia-amphora-images.yaml
@@ -0,0 +1,63 @@
+---
+# Wait for Octavia amphora image upload to complete in both regions
+# The octavia-operator automatically creates octavia-image-upload Jobs
+# when amphoraImageContainerImage is set in the OSCP CR (via architecture).
+# This playbook just waits for those uploads to complete before proceeding.
+- name: Wait for Octavia amphora image upload in both regions
+  hosts: "{{ cifmw_target_host | default('localhost') }}"
+  gather_facts: false
+  vars:
+    cifmw_skmo_central_namespace: openstack
+    cifmw_skmo_leaf_namespace: openstack2
+  tasks:
+    - name: Wait for amphora image upload to complete in central region
+      kubernetes.core.k8s_info:
+        api_version: octavia.openstack.org/v1beta1
+        kind: Octavia
+        name: octavia
+        namespace: "{{ cifmw_skmo_central_namespace }}"
+      register: _octavia_central
+      until:
+        - _octavia_central.resources | length > 0
+        - _octavia_central.resources[0].status.conditions |
+          selectattr('type', 'equalto', 'OctaviaAmphoraImagesReady') |
+          selectattr('status', 'equalto', 'True') | list | length > 0
+      retries: 40
+      delay: 15
+
+    - name: Verify amphora image is active in central region
+      kubernetes.core.k8s_exec:
+        namespace: "{{ cifmw_skmo_central_namespace }}"
+        pod: openstackclient
+        command: >-
+            openstack image list --tag amphora-image -f value -c Status
+      register: _amphora_image_central_result
+      until: "'active' in _amphora_image_central_result.stdout"
+      retries: 60
+      delay: 30
+
+    - name: Wait for amphora image upload to complete in leaf region
+      kubernetes.core.k8s_info:
+        api_version: octavia.openstack.org/v1beta1
+        kind: Octavia
+        name: octavia
+        namespace: "{{ cifmw_skmo_leaf_namespace }}"
+      register: _octavia_leaf
+      until:
+        - _octavia_leaf.resources | length > 0
+        - _octavia_leaf.resources[0].status.conditions |
+          selectattr('type', 'equalto', 'OctaviaAmphoraImagesReady') |
+          selectattr('status', 'equalto', 'True') | list | length > 0
+      retries: 40
+      delay: 15
+
+    - name: Verify amphora image is active in leaf region
+      kubernetes.core.k8s_exec:
+        namespace: "{{ cifmw_skmo_leaf_namespace }}"
+        pod: openstackclient
+        command: >-
+            openstack image list --tag amphora-image -f value -c Status
+      register: _amphora_image_leaf_result
+      until: "'active' in _amphora_image_leaf_result.stdout"
+      retries: 60
+      delay: 30