From ad197204447bb60f6850a3fc72ee15f623f7e896 Mon Sep 17 00:00:00 2001 From: "Markin, Sergiy (sm515x)" Date: Thu, 22 Sep 2022 22:32:23 +0000 Subject: [PATCH] [zuul] Added a flush node firewall task to Airskiff gates Airskiff gates are setting up a k8s cluster by minikube, so test node needs a clear firewall rules in order to let calico to get initialized. So a task that flushes firewall rules and deploy-package role have been added to ansible in gates. Change-Id: I19f9c8a28b394fa239313bda8b008d79cc048469 --- tools/gate/playbooks/airskiff-deploy.yaml | 1 + .../gate/playbooks/airskiff-reduce-site.yaml | 17 +++++++ .../roles/deploy-package/defaults/main.yml | 18 ++++++++ .../gate/roles/deploy-package/tasks/dist.yaml | 46 +++++++++++++++++++ .../gate/roles/deploy-package/tasks/pip.yaml | 27 +++++++++++ 5 files changed, 109 insertions(+) create mode 100644 tools/gate/roles/deploy-package/defaults/main.yml create mode 100644 tools/gate/roles/deploy-package/tasks/dist.yaml create mode 100644 tools/gate/roles/deploy-package/tasks/pip.yaml diff --git a/tools/gate/playbooks/airskiff-deploy.yaml b/tools/gate/playbooks/airskiff-deploy.yaml index ab1b11a6..05687aff 100644 --- a/tools/gate/playbooks/airskiff-deploy.yaml +++ b/tools/gate/playbooks/airskiff-deploy.yaml @@ -23,6 +23,7 @@ daemon_reload: yes name: systemd-resolved become: yes + - name: ensure pip3 installed apt: name: "{{ item }}" diff --git a/tools/gate/playbooks/airskiff-reduce-site.yaml b/tools/gate/playbooks/airskiff-reduce-site.yaml index 55f56ffe..b57dc3a6 100644 --- a/tools/gate/playbooks/airskiff-reduce-site.yaml +++ b/tools/gate/playbooks/airskiff-reduce-site.yaml @@ -24,6 +24,23 @@ - python3-yaml become: yes + + - name: deploy iptables packages + include_role: + name: deploy-package + tasks_from: dist + vars: + packages: + deb: + - iptables + rpm: + - iptables + - command: sudo iptables -S + - command: sudo iptables -F + - command: sudo iptables -P INPUT ACCEPT + - command: sudo iptables -S + become: yes + - name: Overwrite Armada manifest shell: | git checkout v1.9 diff --git a/tools/gate/roles/deploy-package/defaults/main.yml b/tools/gate/roles/deploy-package/defaults/main.yml new file mode 100644 index 00000000..b1a6fabd --- /dev/null +++ b/tools/gate/roles/deploy-package/defaults/main.yml @@ -0,0 +1,18 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +proxy: + http: null + https: null + noproxy: null +... diff --git a/tools/gate/roles/deploy-package/tasks/dist.yaml b/tools/gate/roles/deploy-package/tasks/dist.yaml new file mode 100644 index 00000000..73939ffd --- /dev/null +++ b/tools/gate/roles/deploy-package/tasks/dist.yaml @@ -0,0 +1,46 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: managing distro packages for ubuntu + become: true + become_user: root + when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' + vars: + state: present + apt: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages.deb }}" + +- name: managing distro packages for centos + become: true + become_user: root + when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + vars: + state: present + yum: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages.rpm }}" + +- name: managing distro packages for fedora + become: true + become_user: root + when: ansible_distribution == 'Fedora' + vars: + state: present + dnf: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages.rpm }}" +... diff --git a/tools/gate/roles/deploy-package/tasks/pip.yaml b/tools/gate/roles/deploy-package/tasks/pip.yaml new file mode 100644 index 00000000..0b2a4836 --- /dev/null +++ b/tools/gate/roles/deploy-package/tasks/pip.yaml @@ -0,0 +1,27 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +- name: managing pip packages + become: true + become_user: root + environment: + http_proxy: "{{ proxy.http }}" + https_proxy: "{{ proxy.https }}" + no_proxy: "{{ proxy.noproxy }}" + vars: + state: present + pip: + name: "{{ item }}" + state: "{{ state }}" + with_items: "{{ packages }}" +...