24 Commits

Author SHA1 Message Date
Ian Wienand
f07bf2a507 Import install-docker role
This is a role for installing docker on our control-plane servers.

It is based on install-docker from zuul-jobs.

Basic testinfra tests are added; because docker fiddles the iptables
rules in magic ways, the firewall testing is moved out of the base
tests and modified to partially match our base firewall configuration.

Change-Id: Ia4de5032789ff0f2b07d4f93c0c52cf94aa9c25c
2018-12-14 11:30:47 -08:00
Ian Wienand
3bed6e0fd3
Enable ARA reports for system-config bridge CI jobs
This change takes the ARA report from the "inner" run of the base
playbooks on our bridge.o.o node and publishes it into the final log
output.  This is then displayed by the middleware.

Create a new log hierarchy with a "bridge.o.o" to make it clear the
logs here are related to the test running on that node.  Move the
ansible config under there too.

Change-Id: I74122db09f0f712836a0ee820c6fac87c3c9c734
2018-12-04 17:46:47 -05:00
Jens Harbott
7833dcd12d Make system-config-run-base-ansible-devel non-voting
Due to an issue with the current ansible branch, this check is failing
currently, make it non-voting to unblock other changes.

[0] https://github.com/ansible/ansible/issues/49430

Change-Id: I2fcf3abd69103a3e0b8eb56528650481a865a1cc
2018-12-03 13:48:34 +00:00
Ian Wienand
06da49c6e2 bridge.o.o: Use latest openstacksdk
Similar to the pinning introduced in
Ic465efb637c0a1eb475f04b0b0e356d8797ecdeb, use the "latest"
openstacksdk package and allow for passing of pinned versions if
required.

Update the devel test to also use the master of opensatcksdk

Change-Id: I4b437ca9024c87903bdd3569c8309cde725ce28e
2018-11-08 09:50:58 +11:00
Ian Wienand
24c81fb0c3 Pin bridge.o.o to ansible 2.7.0, add devel testing job
This adds arguments to "install-ansible" to allow us to specify the
package name and version.

This is used to pin bridge.o.o to 2.7.0 (see
I9cf4baf1b15893f0c677567f5afede0d0234f0b2).

A new job is added to test against the ansible-devel branch. Added as
voting for now, until it proves to be a concern.

Change-Id: Ic465efb637c0a1eb475f04b0b0e356d8797ecdeb
2018-11-08 09:50:53 +11:00
James E. Blair
dae1a0351c Configure opendev nameservers using ansible
Change-Id: Ie6430053159bf5a09b2c002ad6a4f84334a5bca3
2018-11-02 13:49:38 -07:00
James E. Blair
90e6088881 Configure adns1.opendev.org server via ansible
Change-Id: Ib4d3cd7501a276bff62e3bc0998d93c41f3ab185
2018-11-02 13:49:38 -07:00
James E. Blair
14b9027da2 Use the empty nodeset for bride playbook runs
We need no nodes for this.

Change-Id: I3af7de061b0052a584c783371d9ebb94680b8106
2018-09-14 10:30:59 -06:00
James E. Blair
0f69aa3321 Add infra-run-zuul_reconfigure
Add a job to reconfigure zuul, and rename its parent job to use
a shorter name.

Change-Id: Id049086e138f6c98bb0c223284d5df9b73c4d4bf
2018-09-12 13:57:37 -06:00
Clark Boylan
0e9d830a64 Add job to run playbook on bridge.o.o
This new job is a parent job allowing us to CD from Zuul via
bridge.openstack.org. Using Zuul project ssh keys we add_host bridge.o.o
to our running inventory on the executor then run ansible on bridge.o.o
to run an ansible playbook in
bridge.openstack.org:/opt/system-config/playbooks.

Change-Id: I5cd2dcc53ac480459a22d9e19ef38af78a9e90f7
2018-09-12 11:26:55 -06:00
James E. Blair
8847ced8bf Move project config in repo
It's very convenient to be able to temporarily stop running all
these heavyweight jobs when developing new jobs.  Also, the config
is currently split in a strange way.  Move it all in-repo for
convenience.

Change-Id: I4da96050f1a20438ca29454de33cd871f5b282c8
2018-09-06 09:14:48 -07:00
James E. Blair
c34860d166 Add a run-nodepool job
Change-Id: I9d0721a7db7f355683895fca5a2a5f152d147034
2018-09-05 15:52:36 -07:00
James E. Blair
6dab882147 Refactor run-base jobs
Create a parent run job and inherit from it.  This reduces duplicate
'run' parameters, and corrects the omission of run-post from the
eavesdrop job.

Change-Id: Ib2a21b7190bf3611972097d6db545989cd54b3d4
2018-08-30 10:48:58 -07:00
James E. Blair
09b1ff4bc3 Add system-config-run-eavesdrop
Add a job which runs testinfra for the eavesdrop server.  When we
have a per-hostgroup playbook, we will add it to this job too.

The puppet group is removed from the run-base job because the
groups.yaml file is now used to construct groups (as it does
in production) and will construct the group correctly.

The testinfra iptables module may throw an error if it's run
multiple times simultaneously on the same host.  To avoid this,
stop using parallel execution.

Change-Id: I1a7bab5c14b0da22393ab568000d0921c28675aa
2018-08-30 10:25:23 -07:00
Paul Belanger
20286235b6 Generate junit.xml file for testinfra
And collect it on post, it is helpful to see the results.

Change-Id: I0dbecf57bf9182168eb6f99cdf88329fcdeb1bdc
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2018-08-29 12:00:43 -04:00
Ian Wienand
7bd8117e2a Add install-puppet to base playbook
This role manages puppet on the host and should be applied to all
puppet hosts.

The dependent change is required to get the "puppet" group into the
generated inventory for the system-config-run-base test.

Change-Id: I0e18c53836baca743d32abf1bb4b7a3f63c025bb
Depends-On: https://review.openstack.org/596994
2018-08-28 17:54:09 +10:00
Ian Wienand
ee7faefe08 Create ansible roles to install puppet
Currently our puppet-requiring hosts (all !bridge) do not manage their
puppet installs.  This is OK for existing servers, but new servers
come up without puppet installed.

This is playbooks to manage puppet installs on hosts.  It is mostly a
port of the relevant parts of ./install_puppet.sh for our various
control-plane platforms.

Basic testing with zuul-integration jobs is added.  Using this in the
control-plane base.yaml playbooks will be a follow-on.

Change-Id: Id5b2f5eb0f1ade198acf53a7c886dd5b3ab79816
2018-08-28 16:42:45 +10:00
Ian Wienand
d049cf45fb Only run role integration tests on role changes
Change-Id: I531dd10da459b36e3f2f02d65e8f3baa961aade2
2018-08-28 11:28:42 +10:00
Ian Wienand
7bfb0db43f Add role integration jobs
The top-level roles in roles/* should be usable as roles under Zuul
and as generic Ansible roles (for control plane).

Add an integration job to ensure this.  Start with the kerberos and
afs roles.

Change-Id: I9f5d572d5f69ca4b58e6e62b06fc873fe7a1e2f0
2018-08-28 11:28:42 +10:00
James E. Blair
055f29d8ab Use python2 on centos/trusty in system-config-run-base
This mirrors the group var we set for hosts which run on centos
and trusty.

Change-Id: I5f0f9eee04e45c35566bd4f4990ee527184f4d90
2018-08-27 15:39:16 -07:00
James E. Blair
9decd58b41 Add system-config-run-base to gate
And run on testinfra changes.

Change-Id: I146c0cf847c0c355af4351f89c2ed530990497dc
2018-08-24 09:28:10 -07:00
James E. Blair
19aebca3e7 Add system-config-run-base job
This adds a job which creates a bridge-like node and bootstraps it,
and then runs the base playbook against all of the node types we
use in our control plane.  It uses testinfra to validate the results.

Change-Id: Ibdbaf511bbdaee46e1335f2c83b95ba1553a1d94
Depends-On: https://review.openstack.org/595905
2018-08-24 08:50:01 -07:00
Colleen Murphy
79e04fedd7 Stop installing puppet with puppet
Currently, the openstack_project::server class unconditionally ensures
the 'puppet' package is installed. As long as we're using puppet 3, this
is a noop: if puppet is running, then it's already installled. However,
if we have installed puppet 4 from the puppetlabs repositories, then the
puppet 4 package is actually called 'puppet-agent', and reinstalling the
'puppet' package from the distro repositories will clobber it. We could
work around this in two ways: one is to add logic to the
openstack_project::server class to manage the correct package name and
correct package version based on a parameter or the current state of the
system, and the other is to stop managing it entirely from puppet. Since
we're already managing it from ansible, let's go with the
less-puppet-code option.

This change also lets us make the puppet-4 system-config-specific beaker
jobs voting.

Change-Id: I32c02302a5009dcd3a54fae7fb346f2214be886a
2018-07-20 09:24:31 +02:00
Colleen Murphy
b21cf38fab Add beaker tests for openstack_project::server
The openstack_project::server class is the most important piece of
puppet configuration we have, so add tests for it so that we can be
confident about upgrading it.

Unlike the other puppet modules, this module is a subdirectory of the
main repository, so all the tests and Gemfile need to be there. We
symlink back to the main Gemfile in the root of the repository (which is
used by the puppet-syntax check) and update it to be Zuul-compatible
like the Gemfiles in the other modules.

The spec helper depends on having a metadata.json file so it can read
the module name, so add that.

Add in-repo zuul jobs that inherit from the main jobs defined in
openstack-zuul-jobs. We're defining them in-repo instead of just adding
system-config to the list of repositories using these jobs because we
need to override the project_src_dir variable.

Depends-On: https://review.openstack.org/581308
Depends-On: https://review.openstack.org/581004
Depends-On: https://review.openstack.org/581448

Change-Id: Ic56d258573aa2a18d7ca27ea7fe1c2f121cd268f
2018-07-10 22:04:57 +02:00