From b967495dc3f5423984077d383163fd4a9609b57d Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Mon, 16 Mar 2020 10:01:14 +1100 Subject: [PATCH] nodepool-builder: put container configs in /etc Currently we deploy the openstacksdk config into ~nodepool/.config on the container, and then map this directory back to /etc/openstack in the docker-compose. The config-file still hard-codes the limestone.pem file to ~nodepool/.config. Switch the nodepool-builder_opendev group to install to /etc/openstack, and update the nodepool config file template to use the configured directory for the .pem path. Also update the testing paths. Story: #2007407 Task: #39015 Change-Id: I9ca77927046e2b2e3cee9a642d0bc566e3871515 --- playbooks/group_vars/nodepool-builder_opendev.yaml | 6 +++--- .../nodepool-builder/templates/docker-compose.yaml.j2 | 8 +++----- .../templates/clouds/nodepool_builder_clouds.yaml.j2 | 4 ++-- testinfra/test_nodepool.py | 7 ++++++- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/playbooks/group_vars/nodepool-builder_opendev.yaml b/playbooks/group_vars/nodepool-builder_opendev.yaml index 81cac6a1aa..ccb4fda33d 100644 --- a/playbooks/group_vars/nodepool-builder_opendev.yaml +++ b/playbooks/group_vars/nodepool-builder_opendev.yaml @@ -1,4 +1,4 @@ -openstacksdk_config_dir: /home/nodepool/.config/openstack -openstacksdk_config_owner: nodepool -openstacksdk_config_group: nodepool +openstacksdk_config_dir: /etc/openstack +openstacksdk_config_owner: root +openstacksdk_config_group: root openstacksdk_config_template: clouds/nodepool_clouds.yaml.j2 diff --git a/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2 b/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2 index ae46229323..55bcfa559c 100644 --- a/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2 +++ b/playbooks/roles/nodepool-builder/templates/docker-compose.yaml.j2 @@ -12,12 +12,10 @@ services: - DEBUG=1 volumes: - # NOTE(ianw): for non-containerised builds the base roles - # (configure-openstacksdk) have always deployed the cloud config - # in ~nodepool/.config. - - /home/nodepool/.config/openstack:/etc/openstack:ro # nodepool config - /etc/nodepool:/etc/nodepool:ro + # openstacksdk config + - /etc/openstack:/etc/openstack:ro # project-config - /opt/project-config:/opt/project-config:ro # dib temporary storage; see config in project-config @@ -25,4 +23,4 @@ services: # dib image output; see config in project-config - /opt/nodepool_dib:/opt/nodepool_dib:rw # logs (builder + dib build logs under /build) - - /var/log/nodepool:/var/log/nodepool:rw \ No newline at end of file + - /var/log/nodepool:/var/log/nodepool:rw diff --git a/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2 b/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2 index 9c0e3f452f..8a7dbd62bf 100644 --- a/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2 +++ b/playbooks/templates/clouds/nodepool_builder_clouds.yaml.j2 @@ -3,7 +3,7 @@ # # This file is deployed to nodepool builder hosts as # -# ~nodepool/.config/openstack/config/clouds.yaml +# {{ openstacksdk_config_dir }}/clouds.yaml # # and is used there to authenticate nodepool operations to clouds. # The naming should correspond that used in nodepool configuration @@ -155,7 +155,7 @@ clouds: api_timeout: 60 identity_api_version: 3 floating_ip_source: None - cacert: /home/nodepool/.config/openstack/limestone_cacert.pem + cacert: '{{ openstacksdk_config_dir }}/limestone_cacert.pem' packethost: regions: - name: us-west-1 diff --git a/testinfra/test_nodepool.py b/testinfra/test_nodepool.py index d591748ab2..46d11ba616 100644 --- a/testinfra/test_nodepool.py +++ b/testinfra/test_nodepool.py @@ -19,7 +19,12 @@ testinfra_hosts = ['nl01.openstack.org', 'nb01.openstack.org', def test_clouds_yaml(host): - clouds_yaml = host.file('/home/nodepool/.config/openstack/clouds.yaml') + if host.backend.get_hostname().endswith('openstack.org'): + cfg_file = '/home/nodepool/.config/openstack/clouds.yaml' + else: + cfg_file = '/etc/openstack/clouds.yaml' + + clouds_yaml = host.file(cfg_file) assert clouds_yaml.exists assert b'password' in clouds_yaml.content