From 19aebca3e747eb9d4b257694d1694433a8e190de Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 22 Aug 2018 09:46:07 -0700 Subject: [PATCH] Add system-config-run-base job This adds a job which creates a bridge-like node and bootstraps it, and then runs the base playbook against all of the node types we use in our control plane. It uses testinfra to validate the results. Change-Id: Ibdbaf511bbdaee46e1335f2c83b95ba1553a1d94 Depends-On: https://review.openstack.org/595905 --- .zuul.yaml | 21 ++++++++ .../roles/base-server/defaults/main.yaml | 1 + playbooks/roles/base-server/tasks/main.yaml | 3 +- playbooks/zuul/run-base-pre.yaml | 5 ++ playbooks/zuul/run-base.yaml | 51 +++++++++++++++++++ .../zuul/templates/group_vars/all.yaml.j2 | 10 ++++ test-requirements.txt | 4 ++ testinfra/test_base.py | 23 +++++++++ tox.ini | 3 ++ 9 files changed, 119 insertions(+), 2 deletions(-) create mode 100644 playbooks/zuul/run-base-pre.yaml create mode 100644 playbooks/zuul/run-base.yaml create mode 100644 playbooks/zuul/templates/group_vars/all.yaml.j2 create mode 100644 testinfra/test_base.py diff --git a/.zuul.yaml b/.zuul.yaml index 61ac9575d4..4984146f58 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -22,6 +22,26 @@ vars: project_src_dir: "{{ zuul.project.src_dir }}/modules/openstack_project" +- job: + name: system-config-run-base + nodeset: + nodes: + - name: bridge.openstack.org + label: ubuntu-bionic + - name: trusty + label: ubuntu-trusty + - name: xenial + label: ubuntu-xenial + - name: bionic + label: ubuntu-bionic + - name: centos7 + label: centos-7 + pre-run: playbooks/zuul/run-base-pre.yaml + run: playbooks/zuul/run-base.yaml + files: + - playbooks/.* + - roles/.* + - project: check: jobs: @@ -29,6 +49,7 @@ - puppet-beaker-rspec-infra-centos-7-system-config - puppet-beaker-rspec-puppet-4-infra-system-config - puppet-beaker-rspec-puppet-4-centos-7-infra-system-config + - system-config-run-base gate: jobs: - puppet-beaker-rspec-infra-system-config diff --git a/playbooks/roles/base-server/defaults/main.yaml b/playbooks/roles/base-server/defaults/main.yaml index e5189dd8f4..570a19838f 100644 --- a/playbooks/roles/base-server/defaults/main.yaml +++ b/playbooks/roles/base-server/defaults/main.yaml @@ -1,5 +1,6 @@ bastion_ipv4: 23.253.245.198,23.253.234.219 bastion_ipv6: 2001:4800:7818:101:3c21:a454:23ed:4072,2001:4800:7817:103:be76:4eff:fe04:5a1d +bastion_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp puppet-remote-2014-09-15 base_packages: - at - git diff --git a/playbooks/roles/base-server/tasks/main.yaml b/playbooks/roles/base-server/tasks/main.yaml index c31b014260..2ccbf01ca1 100644 --- a/playbooks/roles/base-server/tasks/main.yaml +++ b/playbooks/roles/base-server/tasks/main.yaml @@ -36,8 +36,7 @@ state: present user: root exclusive: yes - key: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp puppet-remote-2014-09-15 + key: "{{ bastion_public_key }}" key_options: | from="{{ bastion_ipv4 }},{{ bastion_ipv6 }},localhost" diff --git a/playbooks/zuul/run-base-pre.yaml b/playbooks/zuul/run-base-pre.yaml new file mode 100644 index 0000000000..3f74a35928 --- /dev/null +++ b/playbooks/zuul/run-base-pre.yaml @@ -0,0 +1,5 @@ +- hosts: all + roles: + - ensure-tox + - multi-node-known-hosts + - copy-build-sshkey diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml new file mode 100644 index 0000000000..f1caf79f96 --- /dev/null +++ b/playbooks/zuul/run-base.yaml @@ -0,0 +1,51 @@ +- import_playbook: ../bridge.yaml + vars: + root_rsa_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa') }}" + +- hosts: bridge.openstack.org + become: true + tasks: + - name: Write inventory on bridge + include_role: + name: write-inventory + vars: + write_inventory_dest: /etc/ansible/hosts/inventory.yaml + write_inventory_exclude_hostvars: + - ansible_user + - name: Update ansible.cfg to use job inventory + ini_file: + path: /etc/ansible/ansible.cfg + section: defaults + option: inventory + value: /etc/ansible/hosts/inventory.yaml + - name: Set up /opt/system-config repo + git: + repo: /home/zuul/src/git.openstack.org/openstack-infra/system-config + dest: /opt/system-config + force: yes + - name: Make host_vars directory + file: + path: "/etc/ansible/hosts/host_vars" + state: directory + - name: Make group_vars directory + file: + path: "/etc/ansible/hosts/group_vars" + state: directory + - name: Write hostvars files + vars: + bastion_ipv4: "{{ nodepool['public_ipv4'] }}" + bastion_ipv6: "{{ nodepool['public_ipv6'] }}" + bastion_public_key: "{{ lookup('file', zuul.executor.work_root + '/' + zuul.build + '_id_rsa.pub') }}" + template: + src: "templates/{{ item }}.j2" + dest: "/etc/ansible/hosts/{{ item }}" + loop: + - group_vars/all.yaml + - name: Run base.yaml + command: ansible-playbook /home/zuul/src/git.openstack.org/openstack-infra/system-config/playbooks/base.yaml + - name: Run testinfra to validate configuration + include_role: + name: tox + vars: + tox_envlist: testinfra + tox_extra_args: testinfra/test_base.py diff --git a/playbooks/zuul/templates/group_vars/all.yaml.j2 b/playbooks/zuul/templates/group_vars/all.yaml.j2 new file mode 100644 index 0000000000..42d75091d7 --- /dev/null +++ b/playbooks/zuul/templates/group_vars/all.yaml.j2 @@ -0,0 +1,10 @@ +# If the bastion ipv4 or v6 addresses aren't available (because this +# job runs in an environment without them) just fall back to the +# defaults for the real bridge. +{% if bastion_ipv4 %} +bastion_ipv4: {{ bastion_ipv4 }} +{% endif %} +{% if bastion_ipv6 %} +bastion_ipv6: {{ bastion_ipv6 }} +{% endif %} +bastion_public_key: {{ bastion_public_key }} diff --git a/test-requirements.txt b/test-requirements.txt index 7e91d8cd73..069a94eccb 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7,3 +7,7 @@ PyYAML>=3.10.0 # MIT ansible-lint openstacksdk zuul-sphinx>=0.2.3 +testinfra +# pytest-xdist is a plugin for pytest which allows parallel execution, +# used by testinfra +pytest-xdist diff --git a/testinfra/test_base.py b/testinfra/test_base.py new file mode 100644 index 0000000000..2b0909f0f9 --- /dev/null +++ b/testinfra/test_base.py @@ -0,0 +1,23 @@ +# Copyright 2018 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +def test_exim_is_installed(host): + if host.system_info.distribution in ['ubuntu', 'debian']: + exim = host.package("exim4-base") + else: + exim = host.package("exim") + assert exim.is_installed + + cmd = host.run("exim -bt root") + assert cmd.rc == 0 diff --git a/tox.ini b/tox.ini index ea8a97d99e..2af1468850 100644 --- a/tox.ini +++ b/tox.ini @@ -29,6 +29,9 @@ commands = {posargs} deps = -r{toxinidir}/doc/requirements.txt commands = sphinx-build -W -E -b html doc/source doc/build/html +[testenv:testinfra] +commands = py.test -n 5 --connection=ansible --ansible-inventory=/etc/ansible/hosts/inventory.yaml --hosts=all -v {posargs} + [flake8] show-source = True exclude = .tox,.eggs