openstack/openstack-ansible
Code Issues Proposed changes

Use FQCN for modules and fix YAML issues

Browse Source 
With migration to FQCN in roles it's time to adjust our integrated
repo content to match the same pattern and pass modern ansible-lint
checks.

Change-Id: Ieb58c77a8b36b9a508f9b726b688898d83092031
This commit is contained in:
Dmitriy Rabotyagov
2025-04-01 16:03:41 +02:00
parent 756618d250
commit 96b0b4a7b6
35 changed files with 358 additions and 315 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/get-ansible-collection-requirements.yml
View File

@ -20,15 +20,15 @@
gather_facts: false
tasks:
- name: Ensure the default collections directory exists
file:
ansible.builtin.file:
path: "{{ collection_path_default }}/ansible_collections"
state: directory
recurse: yes
recurse: true
- name: Installing required Ansible collections
block:
- name: Create temporary file for galaxy collection requirements
tempfile:
ansible.builtin.tempfile:
register: collection_requirements_tmpfile
- name: Copy content into galaxy collection requirements temporary file
@ -38,13 +38,13 @@
_user_collections: "{{ user_collections.collections | default([]) | selectattr('source', 'defined') }}"
content_var:
collections: "{{ _default_collections + _user_collections }}"
copy:
ansible.builtin.copy:
content: "{{ content_var | to_nice_yaml }}"
dest: "{{ collection_requirements_tmpfile.path }}"
mode: "0644"
- name: Install collection requirements with ansible galaxy # noqa: no-changed-when
command: >
ansible.builtin.command: >
/opt/ansible-runtime/bin/ansible-galaxy collection install --force
-r "{{ collection_requirements_tmpfile.path }}"
-p "{{ collection_path_default }}"
@ -54,12 +54,12 @@
delay: 2
- name: Show collection install output
debug:
ansible.builtin.debug:
msg: "{{ collection_install.stdout_lines }}"
always:
- name: Clean up temporary file
file:
ansible.builtin.file:
path: "{{ collection_requirements_tmpfile.path }}"
state: absent

14
scripts/get-ansible-role-requirements.yml
View File

@ -20,11 +20,11 @@
gather_facts: false
tasks:
- name: Gather minimal facts
setup:
ansible.builtin.setup:
gather_subset: '!all'
- name: Find the git version
command:
ansible.builtin.command:
cmd: "git --version"
register: _git_version
changed_when: false
@ -32,7 +32,7 @@
- skip_ansible_lint
- name: Set the git user agent for the deploy host
git_config:
community.general.git_config:
scope: system
name: http.https://opendev.org/.userAgent
value: "{{ 'git/' ~ _git_version.stdout.split(' ')[2] ~ ' (osa/' ~ lookup('env', 'CURRENT_OSA_VERSION') ~ '/deploy)' }}"
@ -42,11 +42,11 @@
_default_roles: "{{ required_roles | rejectattr('name', 'in', user_roles | map(attribute='name')) }}"
_user_roles_filtered: "{{ user_roles | rejectattr('src', 'undefined') }}"
_role_list: "{{ _default_roles + _user_roles_filtered }}"
set_fact:
ansible.builtin.set_fact:
clone_roles: "{{ _role_list | selectattr('scm', 'undefined') + _role_list | selectattr('scm', 'eq', 'git') }}"
- name: Remove target directory if required
file:
ansible.builtin.file:
path: "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}"
state: absent
when:
@ -55,7 +55,7 @@
with_items: "{{ clone_roles }}"
- name: Ensure the default roles directory exists
file:
ansible.builtin.file:
path: "{{ role_path_default }}"
state: directory
mode: "0755"
@ -74,7 +74,7 @@
core_multiplier: 4
rescue:
- name: Clone git repos (with git)
git:
ansible.builtin.git:
repo: "{{ item.src }}"
dest: "{{ item.path | default(role_path_default) }}/{{ item.name | default(item.src | basename) }}"
version: "{{ item.version | default('master') }}"

14
tests/bootstrap-aio.yml
View File

@ -15,20 +15,20 @@
- name: Bootstrap the All-In-One (AIO)
hosts: localhost
gather_facts: True
gather_facts: true
user: root
roles:
- role: "bootstrap-host"
environment: "{{ deployment_environment_variables | default({}) }}"
pre_tasks:
- name: Run setup module
setup:
ansible.builtin.setup:
gather_subset:
- network
- hardware
- virtual
- name: Ensure sshd is installed
package:
ansible.builtin.package:
name: openssh-server
state: present
- name: Ensure sshd is running
@ -36,16 +36,16 @@
_ssh_service_name:
redhat: sshd
debian: ssh
service:
ansible.builtin.service:
name: "{{ _ssh_service_name[ansible_facts['os_family'] | lower] }}"
state: started
enabled: yes
enabled: true
post_tasks:
- name: Check that new network interfaces are up
assert:
ansible.builtin.assert:
that:
- ansible_facts['eth12']['active'] | bool
- ansible_facts['eth13']['active'] | bool
- ansible_facts['eth14']['active'] | bool
- name: Clear facts
meta: clear_facts
ansible.builtin.meta: clear_facts

28
tests/roles/bootstrap-host/defaults/main.yml
View File

@ -15,14 +15,14 @@
## AIO user-space configuration options
# Scenario used to bootstrap the host
bootstrap_host_scenario: "{{ lookup('env','SCENARIO') | default('aio_lxc', true) }}"
bootstrap_host_scenario: "{{ lookup('env', 'SCENARIO') | default('aio_lxc', true) }}"
#
# Action used (deploy, upgrade, ...)
bootstrap_host_action: "{{ lookup('env', 'ACTION') | default('deploy', true) }}"
#
# Boolean option to implement OpenStack-Ansible configuration for an AIO
# Switch to no for a multi-node configuration
bootstrap_host_aio_config: yes
bootstrap_host_aio_config: true
#
# Path to the location of the bootstrapping configuration files
bootstrap_host_aio_config_path: "{{ playbook_dir }}/../etc/openstack_deploy"
@ -50,42 +50,42 @@ bootstrap_user_variables_template: user_variables.aio.yml.j2
# The size of the loopback volumes can be customized here (in gigabytes).
#
# Boolean option to deploy the loopback disk for Swap
bootstrap_host_loopback_swap: no
bootstrap_host_loopback_swap: false
# Size of the Swap loopback disk in gigabytes (GB).
bootstrap_host_loopback_swap_size: 4096
#
# Boolean option to deploy the loopback disk for Cinder
bootstrap_host_loopback_cinder: yes
bootstrap_host_loopback_cinder: true
# Size of the Cinder loopback disk in gigabytes (GB).
bootstrap_host_loopback_cinder_size: 1024
#
# Boolean option to deploy the loopback disk for Swift
bootstrap_host_loopback_swift: yes
bootstrap_host_loopback_swift: true
# Size of the Swift loopback disk in gigabytes (GB).
bootstrap_host_loopback_swift_size: 1024
#
# Boolean option to deploy the loopback disk for Nova
bootstrap_host_loopback_nova: yes
bootstrap_host_loopback_nova: true
# Size of the Nova loopback disk in gigabytes (GB).
bootstrap_host_loopback_nova_size: 1024
#
# Boolean option to deploy the loopback disk for Manila
bootstrap_host_loopback_manila: yes
bootstrap_host_loopback_manila: true
# Size of the Manila loopback disk in gigabytes (GB).
bootstrap_host_loopback_manila_size: 1024
#
# Boolean option to deploy the loopback disk for machines
bootstrap_host_loopback_machines: yes
bootstrap_host_loopback_machines: true
# Size of the machines loopback disk in gigabytes (GB).
bootstrap_host_loopback_machines_size: 128
#
# Boolean option to deploy the loopback disk for btrfs
bootstrap_host_loopback_btrfs: yes
bootstrap_host_loopback_btrfs: true
# Size of the btrfs loopback disk in gigabytes (GB).
bootstrap_host_loopback_btrfs_size: 1024
#
# Boolean option to deploy the loopback disk for zfs
bootstrap_host_loopback_zfs: yes
bootstrap_host_loopback_zfs: true
# Size of the zfs loopback disk in gigabytes (GB).
bootstrap_host_loopback_zfs_size: 1024
#
@ -153,12 +153,12 @@ bootstrap_host_data_disk_device: null
bootstrap_host_data_disk_fs_type: ext4
#
# Boolean value to force the repartitioning of the secondary device.
bootstrap_host_data_disk_device_force: no
bootstrap_host_data_disk_device_force: false
#
# If the storage capacity on this device is greater than or equal to this
# size (in GB), the bootstrap process will use it.
# If metal, we don't need that much storage space.
bootstrap_host_data_disk_min_size: "{{ (bootstrap_host_scenario is search('metal')) | ternary(10,50) }}"
bootstrap_host_data_disk_min_size: "{{ (bootstrap_host_scenario is search('metal')) | ternary(10, 50) }}"
#
# Set the data disk formats table. If the backing store is set to lvm the option
# the partition will not actually be formatted however for parted, ext2 is used.
@ -195,10 +195,10 @@ bootstrap_host_data_disk2_path: '/var/lib/lxc'
# Specify the public IP address for the host.
# By default the address will be set to the ipv4 address of the
# host's network interface that has the default route on it.
#bootstrap_host_public_address: 0.0.0.0
# bootstrap_host_public_address: 0.0.0.0
# Set the install method for the deployment. Options are ['source', 'distro']
bootstrap_host_install_method: "{{ lookup('env', 'INSTALL_METHOD') | default('source', true) }}"
bootstrap_host_install_method: "{{ lookup('env', 'INSTALL_METHOD') | default('source', true) }}"
# step-ca
step_ca_user: step

2
tests/roles/bootstrap-host/handlers/main.yml
View File

@ -14,6 +14,6 @@
# limitations under the License.
- name: Restart squid
service:
ansible.builtin.service:
name: squid
state: restarted

46
tests/roles/bootstrap-host/tasks/check-requirements.yml
View File

@ -14,22 +14,22 @@
# limitations under the License.
- name: Check for a supported Operating System
assert:
ansible.builtin.assert:
that:
(ansible_facts['distribution'] == 'Debian' and ansible_facts['distribution_release'] == 'bookworm') or
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'jammy') or
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'noble') or
(ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '9')
(ansible_facts['distribution'] == 'Debian' and ansible_facts['distribution_release'] == 'bookworm') or
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'jammy') or
(ansible_facts['distribution'] == 'Ubuntu' and ansible_facts['distribution_release'] == 'noble') or
(ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] == '9')
msg: >-
The only supported platforms for this release are Debian 12 (Bookworm),
Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble), CentOS Stream 9,
and derivatives such as Rocky Linux.
The only supported platforms for this release are Debian 12 (Bookworm),
Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble), CentOS Stream 9,
and derivatives such as Rocky Linux.
when: (check_operating_system | default(True))| bool
tags:
- check-operating-system
- name: Check that bootstrap_host_scenario is not set with mutually exclusive options
assert:
ansible.builtin.assert:
that:
- not item.conditional
msg: "{{ item.msg }}"
@ -44,7 +44,7 @@
# https://btrfs.wiki.kernel.org/index.php/FAQ#How_much_free_space_do_I_have.3F
# As such, use the btrfs tools to determine the real available size on the
# disk
shell: |
ansible.builtin.shell: |
set -o pipefail
if [[ $(df -T / | tail -n 1 | awk '{print $2}') == "btrfs" ]]; then
btrfs fi du -s --raw / 2>/dev/null | awk '/[0-9]/ {print $2*1024}'
@ -64,15 +64,15 @@
# Convert root_space_available to bytes.
- name: Set root disk facts
set_fact:
host_root_space_available_bytes: "{{ ( root_space_available.stdout | int) * 1024 | int }}"
ansible.builtin.set_fact:
host_root_space_available_bytes: "{{ (root_space_available.stdout | int) * 1024 | int }}"
when:
- bootstrap_host_data_disk_device == None
tags:
- check-disk-size
- name: Fail when disk can not be found
fail:
ansible.builtin.fail:
msg: |
Can not find disk {{ bootstrap_host_data_disk_device }}
when:
@ -83,7 +83,7 @@
- check-disk-size
- name: Set data disk facts
set_fact:
ansible.builtin.set_fact:
host_data_disk_sectors: "{{ (ansible_facts['devices'][bootstrap_host_data_disk_device]['sectors'] | int) }}"
host_data_disk_sectorsize: "{{ (ansible_facts['devices'][bootstrap_host_data_disk_device]['sectorsize'] | int) }}"
when:
@ -93,7 +93,7 @@
# Calculate the size of the bootstrap_host_data_disk_device by muliplying sectors with sectorsize.
- name: Calculate data disk size
set_fact:
ansible.builtin.set_fact:
host_data_disk_size_bytes: "{{ ((host_data_disk_sectors | int) * (host_data_disk_sectorsize | int)) | int }}"
when:
- bootstrap_host_data_disk_device != None
@ -102,27 +102,27 @@
# Convert bootstrap_host_data_disk_min_size to bytes.
- name: Set min size fact
set_fact:
ansible.builtin.set_fact:
host_data_disk_min_size_bytes: "{{ ((bootstrap_host_data_disk_min_size | int) * 1024**3) | int }}"
tags:
- check-disk-size
- name: Set size facts
set_fact:
root_gb_available: "{{ ((host_root_space_available_bytes | int ) / 1024**3) | round(2, 'floor') }}"
ansible.builtin.set_fact:
root_gb_available: "{{ ((host_root_space_available_bytes | int) / 1024**3) | round(2, 'floor') }}"
when: bootstrap_host_data_disk_device == None
tags:
- check-disk-size
- name: Set disk size facts
set_fact:
disk_gb_available: "{{ ((host_data_disk_size_bytes | int ) / 1024**3) | round(2, 'floor') }}"
ansible.builtin.set_fact:
disk_gb_available: "{{ ((host_data_disk_size_bytes | int) / 1024**3) | round(2, 'floor') }}"
when: bootstrap_host_data_disk_device != None
tags:
- check-disk-size
- name: Fail if there is not enough space available in /
fail:
ansible.builtin.fail:
msg: |
Not enough space available in /.
Found {{ root_gb_available }} GB, required {{ bootstrap_host_data_disk_min_size }} GB)
@ -133,7 +133,7 @@
- check-disk-size
- name: Fail if there is not enough disk space available (disk specified)
fail:
ansible.builtin.fail:
msg: |
Not enough disk space available.
Found {{ disk_gb_available }} GB, required {{ bootstrap_host_data_disk_min_size }} GB)
@ -144,7 +144,7 @@
- check-disk-size
- name: Ensure that the kernel has VXLAN, VLAN, and bonding support
modprobe:
community.general.modprobe:
name: "{{ item }}"
state: present
with_items:

4
tests/roles/bootstrap-host/tasks/detect_data_disk_device.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Locate data disk candidates
shell: >
ansible.builtin.shell: >
set -o pipefail;
lsblk -brndo NAME,TYPE,RO,SIZE |
awk '/d[b-z]+ disk 0/{ if ($4>m && $4>={{ bootstrap_host_data_disk_min_size }}){m=$4; d=$1} }; END{print d}'
@ -24,7 +24,7 @@
register: _data_disk
- name: Set the data disk device
set_fact:
ansible.builtin.set_fact:
bootstrap_host_data_disk_device: "{{ _data_disk.stdout }}"
when:
- _data_disk.stdout | length > 0

9
tests/roles/bootstrap-host/tasks/gather_nodepool_vars.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Detect whether the host is an OpenStack-CI host
stat:
ansible.builtin.stat:
path: /etc/nodepool
register: nodepool_dir
@ -22,14 +22,15 @@
when:
- nodepool_dir.stat.exists
block:
- name: Read nodepool environment variables
shell: |
- name: Read nodepool environment variables # noqa: risky-shell-pipe
ansible.builtin.shell: |
source /etc/ci/mirror_info.sh
env | grep NODEPOOL | sed 's/=/: /g'
args:
executable: /bin/bash
changed_when: false
register: nodepool_env
- name: Set nodepool environment variables fact
set_fact:
ansible.builtin.set_fact:
nodepool_vars: "{{ nodepool_env.stdout | from_yaml }}"

5
tests/roles/bootstrap-host/tasks/install_packages.yml
View File

@ -14,17 +14,16 @@
# limitations under the License.
- name: Remove known problem packages
package:
ansible.builtin.package:
name: "{{ packages_remove }}"
state: absent
tags:
- remove-packages
- name: Install packages
package:
ansible.builtin.package:
name: "{{ packages_install }}"
state: present
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
tags:
- install-packages

74
tests/roles/bootstrap-host/tasks/main.yml
View File

@ -14,23 +14,26 @@
# limitations under the License.
# Identify AIO builds in the git user-agent
- include_tasks: prepare_git_useragent.yml
- name: Include prepare_git_useragent tasks
ansible.builtin.include_tasks: prepare_git_useragent.yml
# Attempt data device detection if enabled
- include_tasks: detect_data_disk_device.yml
- name: Include detect_data_disk_device tasks
ansible.builtin.include_tasks: detect_data_disk_device.yml
when:
- bootstrap_host_data_disk_device is none
- bootstrap_host_data_disk_device_detect | bool
# Before we do anything, check the minimum requirements
- import_tasks: check-requirements.yml
- name: Import check-requirements tasks
ansible.builtin.import_tasks: check-requirements.yml
tags:
- check-requirements
# We will look for the most specific variable files first and eventually
# end up with the least-specific files.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
ansible.builtin.include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
@ -41,25 +44,28 @@
- always
- name: Gather nodepool variables
import_tasks: gather_nodepool_vars.yml
ansible.builtin.import_tasks: gather_nodepool_vars.yml
tags:
- always
- name: Create the required directories
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "0755"
with_items:
- "/openstack"
tags:
- create-directories
- import_tasks: install_packages.yml
- name: Import install_packages tasks
ansible.builtin.import_tasks: install_packages.yml
tags:
- install-packages
# Prepare the data disk, if one is provided
- include_tasks: prepare_data_disk.yml
- name: Include prepare_data_disk tasks
ansible.builtin.include_tasks: prepare_data_disk.yml
when:
- bootstrap_host_data_disk_device != None
args:
@ -74,23 +80,25 @@
- name: Use on-disk repos for openstack services in CI
block:
- name: Symlink /openstack/src to /home/zuul/src
file:
ansible.builtin.file:
src: "{{ lookup('env', 'ZUUL_SRC_PATH') }}"
dest: '/openstack/src'
state: link
- name: Create override for zuul git server to local repos
copy:
ansible.builtin.copy:
content: |
openstack_opendev_base_url: "file:///openstack/src/opendev.org"
dest: "/etc/openstack_deploy/user_variables_zuulrepos.yml"
mode: "0644"
when:
- "lookup('env', 'ZUUL_SRC_PATH') | length > 0"
# Prepare the swap space loopback disk
# This is only necessary if there isn't swap already
- include_tasks: prepare_loopback_swap.yml
- name: Include prepare_loopback_swap
ansible.builtin.include_tasks: prepare_loopback_swap.yml
when:
- bootstrap_host_loopback_swap | bool
- ansible_facts['swaptotal_mb'] < 1
@ -102,7 +110,8 @@
- always
# Prepare the zfs storage loopback disk
- include_tasks: prepare_loopback_zfs.yml
- name: Include prepare_loopback_zfs tasks
ansible.builtin.include_tasks: prepare_loopback_zfs.yml
when:
- bootstrap_host_loopback_zfs | bool
- bootstrap_host_data_disk_device == None
@ -115,7 +124,8 @@
- always
# Prepare the btrfs storage loopback disk
- include_tasks: prepare_loopback_btrfs.yml
- name: Include prepare_loopback_btrfs tasks
ansible.builtin.include_tasks: prepare_loopback_btrfs.yml
when:
- bootstrap_host_loopback_btrfs | bool
- bootstrap_host_data_disk_device == None
@ -129,7 +139,8 @@
# Prepare the Cinder LVM VG loopback disk
# This is only necessary if bootstrap_host_loopback_cinder is set to yes
- include_tasks: prepare_loopback_cinder.yml
- name: Include prepare_loopback_cinder tasks
ansible.builtin.include_tasks: prepare_loopback_cinder.yml
when:
- bootstrap_host_loopback_cinder | bool
args:
@ -140,7 +151,8 @@
- always
# Prepare the Nova instance storage loopback disk
- include_tasks: prepare_loopback_nova.yml
- name: Include prepare_loopback_nova tasks
ansible.builtin.include_tasks: prepare_loopback_nova.yml
when:
- bootstrap_host_loopback_nova | bool
args:
@ -151,7 +163,8 @@
- always
# Prepare the Swift data storage loopback disks
- include_tasks: prepare_loopback_swift.yml
- name: Include prepare_loopback_swift tasks
ansible.builtin.include_tasks: prepare_loopback_swift.yml
when:
- bootstrap_host_loopback_swift | bool
args:
@ -162,7 +175,8 @@
- always
# Prepare the Manila data storage loopback disks
- include_tasks: prepare_loopback_manila.yml
- name: Include prepare_loopback_manila tasks
ansible.builtin.include_tasks: prepare_loopback_manila.yml
when:
- bootstrap_host_loopback_manila | bool
args:
@ -173,7 +187,8 @@
- always
# Prepare the Ceph cluster UUID and loopback disks
- include_tasks: prepare_ceph.yml
- name: Include prepare_ceph tasks
ansible.builtin.include_tasks: prepare_ceph.yml
when:
- bootstrap_host_ceph | bool
args:
@ -184,7 +199,8 @@
- always
# Prepare the NFS server and loopback disks
- include_tasks: prepare_nfs.yml
- name: Include prepare_nfs tasks
ansible.builtin.include_tasks: prepare_nfs.yml
when:
- bootstrap_host_nfs | bool
args:
@ -195,22 +211,26 @@
- always
# Ensure hostname/ip is consistent with inventory
- import_tasks: prepare_hostname.yml
- name: Import prepare_hostname tasks
ansible.builtin.import_tasks: prepare_hostname.yml
tags:
- prepare-hostname
# Prepare the network interfaces
- import_tasks: prepare_networking.yml
- name: Import prepare_networking tasks
ansible.builtin.import_tasks: prepare_networking.yml
tags:
- prepare-networking
# Ensure that there are both private and public ssh keys for root
- import_tasks: prepare_ssh_keys.yml
- name: Import prepare_ssh_keys tasks
ansible.builtin.import_tasks: prepare_ssh_keys.yml
tags:
- prepare-ssh-keys
# Prepare local squid proxy
- include_tasks: prepare_squid.yml
- name: Include prepare_squid tasks
ansible.builtin.include_tasks: prepare_squid.yml
when:
- "'proxy' in bootstrap_host_scenarios_expanded"
args:
@ -221,7 +241,8 @@
- always
# Prepare local step-ca certificate authority
- include_tasks: prepare_step_ca.yml
- name: Include prepare_step_ca tasks
ansible.builtin.include_tasks: prepare_step_ca.yml
when:
- "'stepca' in bootstrap_host_scenarios_expanded"
args:
@ -231,10 +252,9 @@
tags:
- always
# Put the OpenStack-Ansible configuration for an All-In-One on the host
- include_tasks: prepare_aio_config.yml
- name: Include prepare_aio_config tasks
ansible.builtin.include_tasks: prepare_aio_config.yml
when:
- bootstrap_host_aio_config | bool
args:

36
tests/roles/bootstrap-host/tasks/prepare_aio_config.yml
View File

@ -14,15 +14,16 @@
# limitations under the License.
- name: Create the required deployment directories
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "0755"
with_items: "{{ bootstrap_host_target_config_paths }}"
tags:
- create-directories
- name: Find user conf.d configurations to deploy
stat:
ansible.builtin.stat:
path: "{{ bootstrap_host_aio_config_path }}/conf.d/{{ item }}.yml.aio"
register: conf_d_stat
with_items: "{{ bootstrap_host_scenarios_expanded }}"
@ -62,7 +63,7 @@
- deploy-user-secrets
- name: Generate any missing values in user_secrets
command: >
ansible.builtin.command: >
/opt/ansible-runtime/bin/python
{{ bootstrap_host_aio_script_path }}/pw-token-gen.py
--file /etc/openstack_deploy/{{ bootstrap_host_user_secrets_filename }}
@ -88,18 +89,19 @@
# we only run ceph jobs on ubuntu in CI so this is sufficient
# NOTE(jrosser)
# re-enable these local CI repos when the reef release is mirrored
#ceph_stable_repo: "http://{{ nodepool_vars.NODEPOOL_MIRROR_HOST }}/ceph-deb-reef"
# ceph_stable_repo: "http://{{ nodepool_vars.NODEPOOL_MIRROR_HOST }}/ceph-deb-reef"
# we must set the ceph repo seperatley for the ceph_client role
#ceph_apt_repos:
# ceph_apt_repos:
# ceph:
# state: "present"
# repo: "deb http://{{ nodepool_vars.NODEPOOL_MIRROR_HOST }}/ceph-deb-reef {{ ansible_facts['distribution_release'] }} main"
copy:
ansible.builtin.copy:
dest: /etc/openstack_deploy/user_openstackci.yml
content: "{{ (nodepool_overrides | combine(_ubuntu_conditional_vars)) | to_nice_yaml }}"
mode: "0644"
- name: Set the package cache timeout to 60 mins in OpenStack-CI
set_fact:
ansible.builtin.set_fact:
cache_timeout: 3600
when:
- cache_timeout is not defined
@ -108,14 +110,14 @@
# Enforcing mode by default. While I am normally a supporter of this change,
# the SELinux policy work for CentOS is not done yet.
- name: Set SELinux to permissive mode in OpenStack-CI
selinux:
ansible.posix.selinux:
policy: targeted
state: permissive
when:
- ansible_facts['selinux']['status'] == "enabled"
- name: Get systemd version
command: "rpm -q systemd" # noqa command-instead-of-module
ansible.builtin.command: "rpm -q systemd" # noqa command-instead-of-module
changed_when: false
register: systemd_version
when: ansible_facts['os_family'] | lower == 'redhat'
@ -128,9 +130,10 @@
config_type: yaml
- name: Set http proxy user variables
copy:
ansible.builtin.copy:
src: "user_variables_proxy.yml"
dest: "/etc/openstack_deploy/user_variables_proxy.yml"
mode: "0644"
when:
- "lookup('env', 'http_proxy')|length > 0"
@ -193,27 +196,30 @@
condition: "{{ 'tls' in bootstrap_host_scenarios_expanded }}"
- name: Copy modified cinder-volume env.d file for ceph scenario
copy:
ansible.builtin.copy:
src: "{{ playbook_dir }}/../etc/openstack_deploy/env.d/cinder-volume.yml.container.example"
dest: "/etc/openstack_deploy/env.d/cinder-volume.yml"
mode: "0644"
when:
- "'ceph' in bootstrap_host_scenarios_expanded"
- name: Create vars override folders if we need to test them
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "0755"
with_items:
- /etc/openstack_deploy/group_vars
- /etc/openstack_deploy/host_vars
when: "(lookup('env','ACTION') | default(false,true)) == 'varstest'"
- name: Create user-space overrides
lineinfile:
ansible.builtin.lineinfile:
path: "{{ item.path }}"
state: present
line: "{{ item.line }}"
create: yes
line: "{{ item.line }}"
create: true
mode: "0644"
with_items:
- path: /etc/openstack_deploy/group_vars/hosts.yml
line: 'babar: "elephant"'

20
tests/roles/bootstrap-host/tasks/prepare_ceph.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Create sparse ceph OSD files
command: truncate -s {{ bootstrap_host_loopback_ceph_size }}G /openstack/{{ item }}.img
ansible.builtin.command: truncate -s {{ bootstrap_host_loopback_ceph_size }}G /openstack/{{ item }}.img
args:
creates: "/openstack/{{ item }}.img"
with_items: "{{ ceph_osd_images }}"
@ -23,23 +23,23 @@
- ceph-file-create
- name: Run the systemd service role
include_role:
ansible.builtin.include_role:
name: systemd_service
vars:
systemd_services:
- service_name: "loop-{{ loopback_var }}"
config_overrides:
Unit:
Description: no
Description: false
After: systemd-udev-settle.service
Service:
RemainAfterExit: yes
RemainAfterExit: true
service_type: oneshot
execstarts:
- /bin/bash -c "/sbin/losetup $(/sbin/losetup -f) /openstack/{{ loopback_var }}.img"
execstops:
- /bin/bash -c "losetup -d $(losetup -l | awk '/{{ loopback_var }}.img/ {print $1}')"
enabled: yes
enabled: true
state: started
systemd_tempd_prefix: openstack
with_items: "{{ ceph_osd_images }}"
@ -57,7 +57,7 @@
- skip_ansible_lint
- name: Set permissions on loopback devices
file:
ansible.builtin.file:
path: "{{ item.stdout }}"
mode: "0777"
with_items: "{{ ceph_create_loopback.results }}"
@ -67,13 +67,13 @@
# Work around this with manual LVM creation and the advanced lvm OSD
# scenario
- name: Create LVM VG
lvg:
community.general.lvg:
vg: "vg-{{ item.stdout | basename }}"
pvs: "{{ item.stdout }}"
loop: "{{ ceph_create_loopback.results }}"
- name: Create LVM LV
lvol:
community.general.lvol:
lv: "lv-{{ item.stdout | basename }}"
vg: "vg-{{ item.stdout | basename }}"
size: 100%FREE
@ -82,7 +82,7 @@
# TODO(logan): Move these vars to user_variables.ceph.yml.j2 once LP #1649381
# is fixed and eliminate this task.
- name: Write ceph cluster config
copy:
ansible.builtin.copy:
content: |
---
lvm_volumes:
@ -106,7 +106,7 @@
- high-iops
- ultra-high-iops
dest: /etc/openstack_deploy/user_ceph_aio.yml
force: no
force: false
become: false
when: not ceph_create_loopback is skipped
tags:

36
tests/roles/bootstrap-host/tasks/prepare_data_disk.yml
View File

@ -19,7 +19,7 @@
# formatted as ext4. This is an attempt to achieve idempotency just
# in case these tasks are executed multiple times.
- name: Determine whether partitions labeled openstack-data{1,2} are present
shell: |
ansible.builtin.shell: |
set -o pipefail;
parted --script -l -m | egrep -q ':{{ bootstrap_host_data_disk_fs_type }}:openstack-data[12]:;$'
args:
@ -31,14 +31,14 @@
- check-data-disk-partitions
- name: Set bootstrap host data disk fact
set_fact:
ansible.builtin.set_fact:
bootstrap_host_data_disk_device_force: true
_bootstrap_host_data_disk_device: "{{ (bootstrap_host_data_disk_device | regex_replace('!','/')).strip() }}"
_bootstrap_host_data_disk_device: "{{ (bootstrap_host_data_disk_device | regex_replace('!', '/')).strip() }}"
when:
- data_disk_partitions.rc == 1
- name: Dismount and remove fstab entries for anything on the data disk device
mount:
ansible.posix.mount:
name: "{{ item.mount }}"
src: "{{ item.device }}"
fstype: "{{ bootstrap_host_data_disk_fs_type }}"
@ -49,8 +49,8 @@
with_items:
- "{{ ansible_facts['mounts'] }}"
- name: Partition the whole data disk for our usage
command: "{{ item }}"
- name: Partition the whole data disk for our usage # noqa: no-changed-when
ansible.builtin.command: "{{ item }}"
when:
- bootstrap_host_data_disk_device_force | bool
with_items:
@ -61,7 +61,7 @@
- create-data-disk-partitions
- name: Determine partition names
command: "lsblk /dev/{{ _bootstrap_host_data_disk_device }} -o NAME --noheadings --list"
ansible.builtin.command: "lsblk /dev/{{ _bootstrap_host_data_disk_device }} -o NAME --noheadings --list"
register: data_disk_partitions
when:
- bootstrap_host_data_disk_device_force | bool
@ -70,13 +70,13 @@
- create-data-disk-partitions
- name: Set bootstrap host data disk partitions fact
set_fact:
ansible.builtin.set_fact:
_bootstrap_host_data_partition_devices: "{{ data_disk_partitions.stdout_lines[1:] | list }}"
when:
- bootstrap_host_data_disk_device_force | bool
- name: Format the partition 1
filesystem:
community.general.filesystem:
fstype: "{{ bootstrap_host_data_disk_fs_type }}"
dev: "/dev/{{ _bootstrap_host_data_partition_devices[0] }}"
opts: "{{ bootstrap_host_format_options[bootstrap_host_data_disk_fs_type] | default(omit) }}"
@ -86,7 +86,7 @@
- format-data-partitions
- name: Format the partition 2
filesystem:
community.general.filesystem:
fstype: "{{ bootstrap_host_data_disk2_fs }}"
dev: "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
opts: "{{ bootstrap_host_format_options[bootstrap_host_data_disk2_fs] | default(omit) }}"
@ -98,7 +98,7 @@
- format-data-partitions
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:
@ -112,7 +112,7 @@
- data-config
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:
@ -132,7 +132,7 @@
when: _lxc_container_backing_store == 'zfs'
block:
- name: Install zfs packages
package:
ansible.builtin.package:
name: "{{ packages_install_zfs }}"
state: present
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
@ -140,14 +140,14 @@
- install-packages
- name: Create the ZFS pool
command: zpool create osa-test-pool "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
ansible.builtin.command: zpool create osa-test-pool "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
args:
creates: /osa-test-pool
when:
- bootstrap_host_data_disk_device_force | bool
- name: Create the ZFS osa-test-pool/lxc volume
shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
ansible.builtin.shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
when:
- bootstrap_host_data_disk_device_force | bool
tags:
@ -157,7 +157,7 @@
when: _lxc_container_backing_store == 'lvm'
block:
- name: Make LVM physical volume on the cinder device
shell: "pvcreate /dev/{{ _bootstrap_host_data_partition_devices[1] }} && touch /openstack/lxc.pvcreate"
ansible.builtin.shell: "pvcreate /dev/{{ _bootstrap_host_data_partition_devices[1] }} && touch /openstack/lxc.pvcreate"
args:
creates: "/openstack/lxc.pvcreate"
tags:
@ -165,13 +165,13 @@
- data-config
- name: Run pvscan
command: "pvscan"
ansible.builtin.command: "pvscan"
changed_when: false
tags:
- cinder-lvm-pv
- name: Add cinder-volumes volume group
lvg:
community.general.lvg:
vg: lxc
pvs: "/dev/{{ _bootstrap_host_data_partition_devices[1] }}"
tags:

4
tests/roles/bootstrap-host/tasks/prepare_git_useragent.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Find the git version
command:
ansible.builtin.command:
cmd: "git --version"
register: _git_version
changed_when: false
@ -22,7 +22,7 @@
- skip_ansible_lint
- name: Set the git user agent for the AIO
git_config:
community.general.git_config:
scope: system
name: http.https://opendev.org/.userAgent
value: "{{ 'git/' ~ _git_version.stdout.split(' ')[2] ~ ' (osa/' ~ lookup('env', 'OSA_VERSION') ~ '/aio)' }}"

7
tests/roles/bootstrap-host/tasks/prepare_hostname.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Ensure the hosts file is templated appropriately
copy:
ansible.builtin.copy:
content: |
127.0.0.1 localhost
@ -32,8 +32,9 @@
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
dest: /etc/hosts
backup: yes
backup: true
mode: "0644"
- name: Ensure hostname is set
hostname:
ansible.builtin.hostname:
name: aio1

6
tests/roles/bootstrap-host/tasks/prepare_loopback_btrfs.yml
View File

@ -14,18 +14,18 @@
# limitations under the License.
- name: Create sparse lxc-btrfs file
command: "truncate -s {{ bootstrap_host_loopback_btrfs_size }}G /openstack/lxc-btrfs.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_btrfs_size }}G /openstack/lxc-btrfs.img"
args:
creates: /openstack/lxc-btrfs.img
- name: Format the lxc-btrfs file
filesystem:
community.general.filesystem:
fstype: btrfs
opts: "{{ bootstrap_host_format_options['btrfs'] | default(omit) }}"
dev: /openstack/lxc-btrfs.img
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:

18
tests/roles/bootstrap-host/tasks/prepare_loopback_cinder.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Create sparse Cinder file
command: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_cinder_size }}G /openstack/cinder.img"
args:
creates: /openstack/cinder.img
register: cinder_create
@ -22,40 +22,40 @@
- cinder-file-create
- name: Run the systemd service role
include_role:
ansible.builtin.include_role:
name: systemd_service
vars:
systemd_services:
- service_name: "loop-cinder"
config_overrides:
Unit:
Description: no
Description: false
After: systemd-udev-settle.service
Before: lvm2-activation-early.service
Wants: systemd-udev-settle.service
Service:
RemainAfterExit: yes
RemainAfterExit: true
service_type: oneshot
execstarts:
- /bin/bash -c "/sbin/losetup $(/sbin/losetup -f) /openstack/cinder.img"
- /sbin/pvscan
execstops:
- /bin/bash -c "losetup -d $(losetup -l | awk '/cinder.img/ {print $1}')"
enabled: yes
enabled: true
state: started
systemd_tempd_prefix: openstack
tags:
- cinder-config
- name: Get loopback device
shell: "losetup -l | awk '/cinder.img/ {print $1}'"
ansible.builtin.shell: "losetup -l | awk '/cinder.img/ {print $1}'"
changed_when: false
register: cinder_losetup
tags:
- skip_ansible_lint
- name: Make LVM physical volume on the cinder device
shell: "pvcreate {{ cinder_losetup.stdout }} && touch /openstack/cinder.pvcreate"
ansible.builtin.shell: "pvcreate {{ cinder_losetup.stdout }} && touch /openstack/cinder.pvcreate"
args:
creates: "/openstack/cinder.pvcreate"
tags:
@ -63,13 +63,13 @@
- cinder-lvm-pv
- name: Run pvscan
command: "pvscan"
ansible.builtin.command: "pvscan"
changed_when: false
tags:
- cinder-lvm-pv
- name: Add cinder-volumes volume group
lvg:
community.general.lvg:
vg: cinder-volumes
pvs: "{{ cinder_losetup.stdout }}"
tags:

14
tests/roles/bootstrap-host/tasks/prepare_loopback_manila.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Create sparse manila file
command: "truncate -s {{ bootstrap_host_loopback_manila_size }}G /openstack/manila.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_manila_size }}G /openstack/manila.img"
args:
creates: /openstack/manila.img
register: manila_create
@ -22,26 +22,26 @@
- manila-file-create
- name: Run the systemd service role
include_role:
ansible.builtin.include_role:
name: systemd_service
vars:
systemd_services:
- service_name: "loop-manila"
config_overrides:
Unit:
Description: no
Description: false
After: systemd-udev-settle.service
Before: lvm2-activation-early.service
Wants: systemd-udev-settle.service
Service:
RemainAfterExit: yes
RemainAfterExit: true
service_type: oneshot
execstarts:
- /bin/bash -c "/sbin/losetup $(/sbin/losetup -f) /openstack/manila.img"
- /sbin/pvscan
execstops:
- /bin/bash -c "losetup -d $(losetup -l | awk '/manila.img/ {print $1}')"
enabled: yes
enabled: true
state: started
systemd_tempd_prefix: openstack
tags:
@ -63,13 +63,13 @@
- manila-lvm-pv
- name: Run pvscan
command: "pvscan"
ansible.builtin.command: "pvscan"
changed_when: false
tags:
- manila-lvm-pv
- name: Add manila-shares volume group
lvg:
community.general.lvg:
vg: manila-shares
pvs: "{{ manila_losetup.stdout }}"
tags:

6
tests/roles/bootstrap-host/tasks/prepare_loopback_nova.yml
View File

@ -14,14 +14,14 @@
# limitations under the License.
- name: Create sparse Nova file
command: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_nova_size }}G /openstack/nova.img"
args:
creates: /openstack/nova.img
tags:
- nova-file-create
- name: Format the Nova file
filesystem:
community.general.filesystem:
fstype: xfs
dev: /openstack/nova.img
opts: "{{ bootstrap_host_format_options['xfs'] | default(omit) }}"
@ -29,7 +29,7 @@
- nova-format-file
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:

8
tests/roles/bootstrap-host/tasks/prepare_loopback_swap.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Create swap file
command: "dd if=/dev/zero of=/openstack/swap.img bs=1M count={{ bootstrap_host_loopback_swap_size }}"
ansible.builtin.command: "dd if=/dev/zero of=/openstack/swap.img bs=1M count={{ bootstrap_host_loopback_swap_size }}"
args:
creates: /openstack/swap.img
register: swap_create
@ -22,7 +22,7 @@
- swap-file-create
- name: Format the swap file
command: mkswap /openstack/swap.img
ansible.builtin.command: mkswap /openstack/swap.img
when:
- swap_create is changed
tags:
@ -30,7 +30,7 @@
- skip_ansible_lint
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:
@ -44,7 +44,7 @@
- swap-config
- name: Set system swappiness
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: 10
state: present

6
tests/roles/bootstrap-host/tasks/prepare_loopback_swift.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Create sparse Swift files
command: "truncate -s {{ bootstrap_host_loopback_swift_size }}G /openstack/{{ item }}.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_swift_size }}G /openstack/{{ item }}.img"
args:
creates: "/openstack/{{ item }}.img"
with_items:
@ -25,7 +25,7 @@
- swift-file-create
- name: Format the Swift files
filesystem:
community.general.filesystem:
fstype: xfs
opts: "{{ bootstrap_host_format_options['xfs'] | default(omit) }}"
dev: "/openstack/{{ item }}.img"
@ -37,7 +37,7 @@
- swift-format-file
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:

8
tests/roles/bootstrap-host/tasks/prepare_loopback_zfs.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Install zfs packages
package:
ansible.builtin.package:
name: "{{ packages_install_zfs }}"
state: present
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
@ -22,16 +22,16 @@
- install-packages
- name: Create sparse ZFS backing file
command: "truncate -s {{ bootstrap_host_loopback_zfs_size }}G /openstack/lxc-zfs.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_zfs_size }}G /openstack/lxc-zfs.img"
args:
creates: /openstack/lxc-zfs.img
- name: Create the ZFS pool
command: zpool create osa-test-pool /openstack/lxc-zfs.img
ansible.builtin.command: zpool create osa-test-pool /openstack/lxc-zfs.img
args:
creates: /osa-test-pool
- name: Create the ZFS pool/lxc volume
shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
ansible.builtin.shell: "(zfs list | grep lxc) || zfs create -o mountpoint=/var/lib/lxc osa-test-pool/lxc"
tags:
- skip_ansible_lint

28
tests/roles/bootstrap-host/tasks/prepare_networking.yml
View File

@ -14,15 +14,15 @@
# limitations under the License.
- name: Check if firewalld is installed
command: rpm -q firewalld
ansible.builtin.command: rpm -q firewalld # noqa: command-instead-of-module
register: firewalld_check
changed_when: false
failed_when: firewalld_check.rc > 1
when: ansible_facts['os_family'] == 'RedHat'
- name: Disable firewalld
become: True
service:
become: true
ansible.builtin.service:
name: "{{ item }}"
enabled: false
state: stopped
@ -33,17 +33,17 @@
- firewalld_check.rc == 0
- name: Disable NetworkManager
become: True
service:
become: true
ansible.builtin.service:
name: NetworkManager
state: stopped
enabled: no
masked: yes
enabled: false
masked: true
when:
- ansible_facts['os_family'] == 'RedHat'
- name: Run the systemd-networkd role
include_role:
ansible.builtin.include_role:
name: systemd_networkd
vars:
systemd_networkd_prefix: "osa_testing"
@ -192,13 +192,13 @@
# NOTE(jrosser) The systemd_networkd role uses a handler to restart the networking service
# This will normally not run until the end of the play, so we must force it here
- name: Force systemd_networkd hander to run
meta: flush_handlers
ansible.builtin.meta: flush_handlers
# NOTE(jrosser) The intention here is not to proceed further until the network bridges are up
# This ensures there will be no race between the bridges coming up and subsequent tasks which
# require functional network interfaces
- name: Check that network bridges are up
wait_for:
ansible.builtin.wait_for:
port: 22
timeout: 30
host: "{{ item }}"
@ -211,7 +211,7 @@
- 172.29.228.100 # br-bmaas
- name: Run the systemd service role
include_role:
ansible.builtin.include_role:
name: systemd_service
vars:
systemd_services:
@ -222,7 +222,7 @@
After: network-online.target
Wants: network-online.target
Service:
RemainAfterExit: yes
RemainAfterExit: true
service_type: oneshot
execstarts:
- "-{{ bootstrap_host_iptables_path }} -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
@ -247,14 +247,14 @@
- "-{{ bootstrap_host_ethtool_path }} -K eth15 gso off sg off tso off tx off"
execstops:
- "{{ bootstrap_host_iptables_path }} -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
enabled: yes
enabled: true
state: started
systemd_tempd_prefix: openstack
tags:
- network-config
- name: Updating the facts due to net changes
setup:
ansible.builtin.setup:
gather_subset: network
tags:
- networking

34
tests/roles/bootstrap-host/tasks/prepare_nfs.yml
View File

@ -14,14 +14,14 @@
# limitations under the License.
- name: Create sparse NFS volume
command: "truncate -s {{ bootstrap_host_loopback_nfs_size }}G /openstack/nfs.img"
ansible.builtin.command: "truncate -s {{ bootstrap_host_loopback_nfs_size }}G /openstack/nfs.img"
args:
creates: /openstack/nfs.img
tags:
- nfs-file-create
- name: Format the NFS file
filesystem:
community.general.filesystem:
fstype: xfs
dev: /openstack/nfs.img
opts: "{{ bootstrap_host_format_options['xfs'] | default(omit) }}"
@ -29,7 +29,7 @@
- nfs-format-file
- name: Run the systemd mount role
include_role:
ansible.builtin.include_role:
name: systemd_mount
vars:
systemd_mounts:
@ -43,19 +43,19 @@
- nfs-config
- name: Install NFS packages
package:
ansible.builtin.package:
name: "{{ nfs_package }}"
state: present
- name: create the system group for nfs
group:
- name: Create the system group for nfs
ansible.builtin.group:
name: "nfs-user"
gid: "10000"
state: "present"
system: "yes"
- name: Create the system user for nfs
user:
ansible.builtin.user:
name: "nfs-user"
uid: "10000"
group: "nfs-user"
@ -66,36 +66,38 @@
home: "/srv/nfs"
- name: Create base directories
file:
ansible.builtin.file:
path: "{{ item }}"
state: "directory"
owner: "nfs-user"
group: "nfs-user"
mode: "0755"
with_items:
- "/srv/nfs/glance"
- "/srv/nfs/cinder"
- name: Create exports file
lineinfile:
ansible.builtin.lineinfile:
path: /etc/exports
line: '{{ item }} {{ storage_range }}.0/{{ netmask }}(rw,sync,no_subtree_check,insecure,all_squash,anonuid=10000,anongid=10000)'
owner: root
group: root
mode: 0644
create: yes
mode: "0644"
create: true
with_items:
- "/srv/nfs/glance"
- "/srv/nfs/cinder"
register: nfs_exportfs
- name: Restart nfs-server
systemd:
daemon_reload: yes
- name: Restart nfs-server # noqa: no-handler
ansible.builtin.systemd:
daemon_reload: true
name: "nfs-server"
enabled: "yes"
enabled: true
state: "restarted"
when:
- nfs_exportfs is changed
- name: Export NFS
command: exportfs -rav
ansible.builtin.command: exportfs -rav
changed_when: false

5
tests/roles/bootstrap-host/tasks/prepare_squid.yml
View File

@ -14,7 +14,7 @@
# limitations under the License.
- name: Install squid packages
package:
ansible.builtin.package:
name: squid
state: present
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
@ -23,6 +23,7 @@
- install-packages
- name: Install squid config
copy:
ansible.builtin.copy:
src: "squid.conf"
dest: "/etc/squid/squid.conf"
mode: "0644"

26
tests/roles/bootstrap-host/tasks/prepare_ssh_keys.yml
View File

@ -14,31 +14,31 @@
# limitations under the License.
- name: Ensure root has a .ssh directory
file:
ansible.builtin.file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700
mode: "0700"
tags:
- ssh-key-dir
- name: Check for existing ssh private key file
stat:
ansible.builtin.stat:
path: /root/.ssh/id_rsa
register: ssh_key_private
tags:
- ssh-key-check
- name: Check for existing ssh public key file
stat:
ansible.builtin.stat:
path: /root/.ssh/id_rsa.pub
register: ssh_key_public
tags:
- ssh-key-check
- name: Remove an existing private/public ssh keys if one is missing
file:
ansible.builtin.file:
path: "/root/.ssh/{{ item }}"
state: absent
when: not ssh_key_public.stat.exists or not ssh_key_private.stat.exists
@ -49,27 +49,27 @@
- ssh-key-clean
- name: Create ssh key pair for root
user:
ansible.builtin.user:
name: root
generate_ssh_key: yes
generate_ssh_key: true
ssh_key_bits: 2048
ssh_key_file: /root/.ssh/id_rsa
tags:
- ssh-key-generate
- name: Fetch the generated public ssh key
fetch:
ansible.builtin.fetch:
src: "/root/.ssh/id_rsa.pub"
dest: "/tmp/id_rsa.pub"
flat: yes
flat: true
when: inventory_hostname == groups['all'][0]
tags:
- ssh-key-authorized
- name: Ensure root's new public ssh key is in authorized_keys
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ lookup('file','/tmp/id_rsa.pub') }}"
manage_dir: no
key: "{{ lookup('file', '/tmp/id_rsa.pub') }}"
manage_dir: false
tags:
- ssh-key-authorized
- ssh-key-authorized

55
tests/roles/bootstrap-host/tasks/prepare_step_ca.yml
View File

@ -15,105 +15,110 @@
# This is packaged in ubuntu for Kinetic and later
- name: Install step-ca packages
package:
ansible.builtin.package:
deb: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(item, omit) }}"
name: "{{ (ansible_facts['pkg_mgr'] == 'dnf') | ternary(item, omit) }}"
with_items: "{{ step_ca_package_urls }}"
- name: Ensure user is present
user:
ansible.builtin.user:
name: "{{ step_ca_user }}"
state: present
create_home: yes
create_home: true
home: "{{ step_ca_config_dir }}"
system: yes
system: true
shell: /bin/bash
- name: Ensure group is present
group:
ansible.builtin.group:
name: "{{ step_ca_group }}"
state: present
system: yes
system: true
- name: Set STEPPATH variable to point to config directory to allow CLI commands to work
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/environment
line: 'STEPPATH="{{ step_ca_config_dir }}"'
state: present
mode: "0644"
- name: Ensure that the config and db directories exists
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "{{ step_ca_user }}"
group: "{{ step_ca_group }}"
recurse: true
mode: "0755"
with_items:
- "{{ step_ca_config_dir }}"
- "{{ step_ca_config_dir }}/config"
- "{{ step_ca_config_dir }}/db"
- name: Ensure that the intermediate key password file is created
copy:
ansible.builtin.copy:
content: "{{ step_ca_intermediate_password }}"
dest: "{{ step_ca_config_dir}}/config/password.txt"
mode: 0600
dest: "{{ step_ca_config_dir }}/config/password.txt"
mode: "0600"
owner: "{{ step_ca_user }}"
- name: Intialise Step-CA, only if config file doesn't exist
become: yes
become: true
become_user: "{{ step_ca_user }}"
command: >
ansible.builtin.command: >
step ca init
--name="{{ step_ca_name }}"
--dns="{{ step_ca_dns_name | join(',') }}"
--provisioner=delete-me
--password-file="{{ step_ca_config_dir}}/config/password.txt"
--password-file="{{ step_ca_config_dir }}/config/password.txt"
--address="{{ step_ca_listen_address }}"
args:
creates: "{{ step_ca_config_dir }}/config/ca.json"
- name: Create systemd unit file
template:
ansible.builtin.template:
src: step-ca.service.j2
dest: /etc/systemd/system/step-ca.service
mode: "0644"
- name: Restart step-ca to use initial configuration
systemd:
ansible.builtin.systemd:
name: step-ca
state: restarted
daemon_reload: true
- name: Create Go Template for x509 Certificate
copy:
ansible.builtin.copy:
src: step_ca_x509_template.tpl
dest: "{{ step_ca_config_dir }}/templates/x509_template.tpl"
owner: "{{ step_ca_user }}"
group: "{{ step_ca_group }}"
mode: 0600
mode: "0600"
- name: Check for ACME provisioner
become: yes
become: true
become_user: "{{ step_ca_user }}"
shell: 'step ca provisioner list | grep acme-osa'
ansible.builtin.shell: 'step ca provisioner list | grep acme-osa'
failed_when: false
changed_when: false
register: step_ca_find_provisioner
- name: Create ACME provisioner
become: yes
- name: Create ACME provisioner # noqa: no-changed-when
become: true
become_user: "{{ step_ca_user }}"
command: >
ansible.builtin.command: >
step ca provisioner add acme-osa --type ACME
when: step_ca_find_provisioner.rc != 0
- name: Restart step-ca to use the ACME provisioner
systemd:
ansible.builtin.systemd:
name: step-ca
state: restarted
when: step_ca_find_provisioner.rc != 0
- name: Retrieve the Root CA bundle from the CA server
get_url:
ansible.builtin.get_url:
url: https://127.0.0.1:8889/roots.pem
validate_certs: false
dest: /opt/step_ca_roots.pem
mode: "0644"

21
tests/test-upstream-shas.yml
View File

@ -15,32 +15,35 @@
- name: Ensuring upstream SHAs validity
hosts: "localhost"
gather_facts: no
gather_facts: false
connection: local
user: root
tasks:
- name: Include repo_packages variables
include_vars:
ansible.builtin.include_vars:
dir: "{{ playbook_dir }}/../inventory/group_vars"
files_matching: source_git.yml
ignore_unknown_extensions: True
ignore_unknown_extensions: true
extensions:
- 'yml'
- name: Define list of services tracked
set_fact:
service_projects: "{{ hostvars[inventory_hostname] | select('match', '^([a-z_]*)_git_track_branch') | map('regex_replace', '^([a-z_]*)_git_track_branch', '\\1') | list }}"
ansible.builtin.set_fact:
service_projects: >-
{{
hostvars[inventory_hostname] | select('match', '^([a-z_]*)_git_track_branch') | map('regex_replace', '^([a-z_]*)_git_track_branch', '\\1') | list
}}
- name: Clone git repos
git:
ansible.builtin.git:
repo: "{{ hostvars[inventory_hostname][item ~ '_git_repo'] }}"
dest: "/tmp/opendev/{{ hostvars[inventory_hostname][item ~ '_git_repo'] | basename }}"
version: "{{ hostvars[inventory_hostname][item ~ '_git_install_branch'] }}"
depth: "10"
depth: 10
update: true
force: true
with_items: "{{ service_projects }}"
register: git_clone
until: git_clone is success
retries: "2"
delay: "10"
retries: 2
delay: 10

14
tests/test-vars-overrides.yml
View File

@ -15,34 +15,34 @@
- name: Ensuring group vars
hosts: "hosts"
gather_facts: no
gather_facts: false
connection: local
user: root
tasks:
- name: Ensuring existing group vars are well applied
assert:
ansible.builtin.assert:
that:
- "openstack_release is defined"
- name: Ensuring babar is well defined
assert:
ansible.builtin.assert:
that:
- "babar == 'elephant'"
- name: Ensuring lxc_hosts_package_state is well overridden
assert:
ansible.builtin.assert:
that:
- "lxc_hosts_package_state == 'present'"
- name: Ensuring host vars
hosts: localhost
gather_facts: no
gather_facts: false
connection: local
user: root
tasks:
- name: Ensuring tintin has milou
assert:
ansible.builtin.assert:
that:
- "tintin == 'milou'"
- name: Ensuring security_package_state is overridden
assert:
ansible.builtin.assert:
that:
- "security_package_state == 'present'"

18
zuul.d/playbooks/post.yml
View File

@ -13,12 +13,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- hosts: all
- name: Post-run tasks
hosts: all
tasks:
- name: Run log collection script
command: scripts/log-collect.sh
become: yes
ansible.builtin.command: scripts/log-collect.sh
become: true
become_user: root
changed_when: false
args:
chdir: "src/opendev.org/openstack/openstack-ansible"
environment:
@ -32,15 +34,15 @@
WORKING_DIR: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible"
- name: Check whether a logs folder exists
stat:
ansible.builtin.stat:
path: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible/logs"
get_attributes: no
get_checksum: no
get_mime: no
get_attributes: false
get_checksum: false
get_mime: false
register: logs_folder
- name: Copy logs back to the executor
synchronize:
ansible.posix.synchronize:
src: "{{ ansible_user_dir }}/src/opendev.org/openstack/openstack-ansible/logs"
dest: "{{ zuul.executor.log_root }}/"
mode: pull

18
zuul.d/playbooks/pre-gate-cleanup.yml
View File

@ -15,11 +15,11 @@
- name: Cleanup gate images
hosts: all
become: yes
become: true
become_user: root
tasks:
- name: Switch apt source from https to http
replace:
ansible.builtin.replace:
path: /etc/apt/sources.list
regexp: 'https'
replace: "http"
@ -27,7 +27,7 @@
- ansible_facts['distribution_release'] in ['jammy']
- name: Remove package excludes for yum/dnf
lineinfile:
ansible.builtin.lineinfile:
dest: '/etc/dnf/dnf.conf'
regexp: "^exclude="
state: absent
@ -38,7 +38,7 @@
- ansible_facts['distribution'] | lower == 'rocky'
block:
- name: Comment out mirrorlist for Rocky
replace:
ansible.builtin.replace:
path: "/etc/yum.repos.d/{{ item }}"
regexp: "^(mirrorlist=.*)$"
replace: "#\\1"
@ -49,7 +49,7 @@
- rocky-addons.repo
- name: Uncomment baseurl for Rocky
replace:
ansible.builtin.replace:
path: "/etc/yum.repos.d/{{ item }}"
regexp: "^#(baseurl=.*)$"
replace: "\\1"
@ -68,7 +68,7 @@
value: "no"
- name: PasswordAuthentication
value: "no"
blockinfile:
ansible.builtin.blockinfile:
dest: /etc/ssh/sshd_config
state: present
marker: "# {mark} MANAGED BY PRE-OSA step"
@ -82,14 +82,14 @@
- Restart ssh
- name: Remove motd from pam.d
lineinfile:
ansible.builtin.lineinfile:
path: /etc/pam.d/sshd
regexp: '^(session\s*optional\s*pam_motd.so.*)$'
line: '# \1'
backrefs: yes
backrefs: true
handlers:
- name: Restart ssh
service:
ansible.builtin.service:
name: "sshd"
state: restarted

18
zuul.d/playbooks/pre-gate-scenario.yml
View File

@ -22,7 +22,7 @@
zuul_user_vars_file: "{{ ansible_env.HOME }}/osa-job-vars.yml"
tasks:
- name: Dynamically create scenario if not set
set_fact:
ansible.builtin.set_fact:
scenario: |-
{% set _scenario = [] %}
{# Add the scenarios based on the job name #}
@ -76,26 +76,26 @@
- scenario is not defined
- name: Dynamically set action if not set
set_fact:
action: "{{ zuul.job | regex_replace('^openstack-ansible-([^-]+)-.*$', '\\1') }}"
ansible.builtin.set_fact:
action: "{{ zuul.job | regex_replace('^openstack-ansible-([^-]+)-.*$', '\\1') }}" # noqa: var-naming[no-reserved]
when:
- action is not defined
- name: Dynamically set install method if not set
set_fact:
ansible.builtin.set_fact:
install_method: "{{ (scenario.split('_') | intersect(install_methods))[0] }}"
when:
- install_method is not defined
- scenario.split('_') | intersect(install_methods) | length > 0
- name: Set install method to source as a baseline default
set_fact:
ansible.builtin.set_fact:
install_method: source
when:
- install_method is not defined
- name: Print gate check configuration
debug:
ansible.builtin.debug:
msg: |-
Running gate-check-commit with the following arguments:
Scenario: {{ scenario }}
@ -106,9 +106,10 @@
# Other playbooks can consume this vars file as shown in run.yml
# This file is stored in work/osa-gate-scenario.yml on the Zuul executor
- name: Log the gate check configuration to a vars file
template:
ansible.builtin.template:
src: osa-gate-scenario.yml.j2
dest: "{{ zuul.executor.work_root }}/osa-gate-scenario.yml"
mode: "0644"
delegate_to: localhost
# Other playbooks can consume this vars file to access the
@ -119,6 +120,7 @@
zuul: "{{ zuul }}"
zuul_site_mirror_info_helper_var:
zuul_site_mirror_info: "{{ zuul_site_mirror_info | default({}) }}"
template:
ansible.builtin.template:
src: osa-job-vars.yml.j2
dest: "{{ zuul_user_vars_file }}"
mode: "0644"

16
zuul.d/playbooks/pre-osa-aio.yml
View File

@ -21,17 +21,17 @@
_zuul_src_path: "{{ ansible_user_dir }}/src"
tasks:
- name: Mark OSA repository as safe
become: yes
become: true
become_user: root
git_config:
community.general.git_config:
name: safe.directory
scope: global
value: "{{ _zuul_src_path }}/opendev.org/openstack/openstack-ansible"
- name: Run bootstrap-ansible script
become: yes
- name: Run bootstrap-ansible script # noqa: no-changed-when
become: true
become_user: root
shell: scripts/bootstrap-ansible.sh
ansible.builtin.shell: scripts/bootstrap-ansible.sh
args:
chdir: "src/opendev.org/openstack/openstack-ansible"
executable: /bin/bash
@ -45,10 +45,10 @@
- "'upgrade' not in action"
- osa_pre_run_bootstrap | default(True)
- name: Run bootstrap-aio script
become: yes
- name: Run bootstrap-aio script # noqa: no-changed-when
become: true
become_user: root
shell: scripts/bootstrap-aio.sh
ansible.builtin.shell: scripts/bootstrap-aio.sh
args:
chdir: "src/opendev.org/openstack/openstack-ansible"
executable: /bin/bash

30
zuul.d/playbooks/pre-osa-requirements.yml
View File

@ -19,13 +19,13 @@
_zuul_src_path: "{{ lookup('env', 'ZUUL_SRC_PATH') | default(lookup('env', 'HOME') ~ '/src') }}"
tasks:
- name: Loading osa-gate-scenario vars
include_vars:
ansible.builtin.include_vars:
file: "{{ zuul.executor.work_root | default('') }}/osa-gate-scenario.yml"
when: load_zuul_vars | default(true) | bool
- name: Ensure required directory exists
become: true
file:
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: '0755'
@ -39,25 +39,25 @@
- "'upgrade' not in action"
block:
- name: Check the Zuul src dir for cloned roles
stat:
ansible.builtin.stat:
path: "{{ _zuul_src_path }}/{{ item.src.split('/')[-3:] | join('/') }}"
get_attributes: no
get_checksum: no
get_mime: no
get_attributes: false
get_checksum: false
get_mime: false
register: zuul_roles
when:
- item.scm == "git" or item.scm is undefined
with_items: "{{ lookup('file', playbook_dir | dirname | dirname ~ '/ansible-role-requirements.yml') | from_yaml }}"
- name: Remove target directory if required
file:
ansible.builtin.file:
path: "/etc/ansible/roles/{{ item.item.name | default(item.item.src | basename) }}"
state: absent
with_items: "{{ (lookup('env', 'DROP_ROLE_DIRS') | bool is true) | ternary(zuul_roles.results | selectattr('stat.exists'), []) }}"
- name: Link the Zuul provided roles
become: true
file:
ansible.builtin.file:
src: "{{ _zuul_src_path }}/{{ item.item.src.split('/')[-3:] | join('/') }}"
dest: "/etc/ansible/roles/{{ item.item.name | default(item.item.src | basename) }}"
state: link
@ -69,7 +69,7 @@
# are checked out by Zuul so we hard fail
# if any roles are not.
- name: Fail if any roles were not cloned
fail:
ansible.builtin.fail:
msg: |
The following roles were not cloned automatically by Zuul,
make sure that they're included in required-projects {{ uncloned_roles | join(',') }}
@ -84,7 +84,7 @@
- name: Prevent prepared roles from being cloned
become: true
copy:
ansible.builtin.copy:
content: |-
{% set ignored_roles = [] %}
{% for role in zuul_roles.results | selectattr('stat.exists') | map(attribute='item') %}
@ -101,11 +101,11 @@
- "'upgrade' not in action"
block:
- name: Check the Zuul src dir for cloned collections
stat:
ansible.builtin.stat:
path: "{{ _zuul_src_path }}/{{ item.source.split('/')[2:] | join('/') | split('#') | first }}"
get_attributes: no
get_checksum: no
get_mime: no
get_attributes: false
get_checksum: false
get_mime: false
register: zuul_collections
with_items: "{{ (lookup('file', playbook_dir | dirname | dirname ~ '/ansible-collection-requirements.yml') | from_yaml).collections }}"
@ -126,7 +126,7 @@
{% endif %}
{% endfor %}
{{ collections }}
copy:
ansible.builtin.copy:
content: "{{ content_var | to_nice_yaml }}"
dest: "/etc/openstack_deploy/user-collection-requirements.yml"
mode: "0644"

11
zuul.d/playbooks/run.yml
View File

@ -1,11 +1,12 @@
- hosts: all[0]
- name: Run tests
hosts: all[0]
vars_files:
- "{{ zuul.executor.work_root }}/osa-gate-scenario.yml"
tasks:
- name: Run gate-check-commit.sh script
become: yes
- name: Run gate-check-commit.sh script # noqa: no-changed-when
become: true
become_user: root
shell: >-
ansible.builtin.shell: >-
scripts/gate-check-commit.sh
{{ scenario | quote }}
{{ action | quote }}
@ -17,7 +18,7 @@
skip_bootstrap:
# NOTE(logan): ARA is already installed in the gate environment by the
# pre-osa-aio pre-run playbook
SETUP_ARA: False
SETUP_ARA: False # noqa: yaml[truthy]
# NOTE(logan): The project is bootstrapped in the pre playbook so the
# bootstrapping can be skipped here
SKIP_OSA_RUNTIME_VENV_BUILD: 1