Update zuul environment to support helm chart

This patch changes the following to support helm chart spec and
to test instantiate/terminate cnf with helm chart.
* Add `extra` field to vims db.
* Add `setup-helm` task to ansible-playbook roles.
  [On controller-k8s node]
  * Create and setup helm user for executing helm command.
  * Install helm.
  * Create folder for putting local helm chart.
  * Enable password authentication in sshd_config and restart sshd.

  [On controller node]
  * Update Vims DB of vim-kubernetes to modify extra field that include
    helm access information.

Implements: blueprint helmchart-k8s-vim
Change-Id: Iaf7c11c5bedb77e9cd21074be2b4f73528aa2ce7

.zuul.yaml

@@ -472,6 +472,7 @@
             controller_worker:
               amp_active_retries: 9999
       kuryr_k8s_api_url: "http://{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}:8080"
+      helm_version: "3.5.4"
       test_matrix_configs: [neutron]
       zuul_work_dir: src/opendev.org/openstack/tacker
       zuul_copy_output:

playbooks/devstack/pre.yaml

@@ -4,6 +4,7 @@
     - orchestrate-devstack
     - modify-heat-policy
     - setup-default-vim
+    - setup-helm
     - role: bindep
       bindep_profile: test
       bindep_dir: "{{ zuul_work_dir }}"

roles/setup-helm/defaults/main.yaml

@@ -0,0 +1,4 @@
+helm_user_home_dir: /home/helm
+helm_user_password: helm_password
+helm_chart_dir: /var/tacker/helm
+vim_name: vim-kubernetes

roles/setup-helm/files/50_helm_sh

@@ -0,0 +1 @@
+helm ALL=(root) NOPASSWD:ALL

roles/setup-helm/tasks/main.yaml

@@ -0,0 +1,106 @@
+- block:
+  - name: Create helm group
+    group:
+      name: helm
+    become: yes
+
+  - name: Create the helm user home folder
+    file:
+      path: "{{ helm_user_home_dir }}"
+      state: directory
+    become: yes
+
+  - name: Create helm user
+    user:
+      name: helm
+      password: "{{ helm_user_password | password_hash('sha512') }}"
+      shell: /bin/bash
+      home: "{{ helm_user_home_dir }}"
+      group: helm
+    become: yes
+
+  - name: Set helm user home directory permissions and ownership
+    file:
+      path: '{{ helm_user_home_dir }}'
+      mode: 0755
+      owner: helm
+      group: helm
+    become: yes
+
+  - name: Copy 50_helm_sh file to /etc/sudoers.d
+    copy:
+      src: 50_helm_sh
+      dest: /etc/sudoers.d
+      mode: 0440
+      owner: root
+      group: root
+    become: yes
+
+  - name: Copy kube config to helm user home folder
+    copy:
+      src: "{{ devstack_base_dir }}/.kube"
+      dest: "{{ helm_user_home_dir }}"
+      mode: 0755
+      owner: helm
+      group: helm
+      remote_src: yes
+    become: yes
+
+  - name: Download Helm
+    get_url:
+      url: "https://get.helm.sh/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+      dest: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+      force: yes
+
+  - name: Unarchive Helm
+    unarchive:
+      src: "/tmp/helm-v{{ helm_version }}-linux-amd64.tar.gz"
+      dest: "/tmp"
+      remote_src: yes
+    become: yes
+
+  - name: Move Helm binary
+    shell: mv /tmp/linux-amd64/helm /usr/local/bin/helm
+    become: yes
+
+  - name: Create folder to store helm charts
+    file:
+      path: "{{ helm_chart_dir }}"
+      state: directory
+    become: yes
+
+  - name: Enable PasswordAuthentication
+    lineinfile:
+      dest: /etc/ssh/sshd_config
+      regexp: "^PasswordAuthentication"
+      insertafter: "^#PasswordAuthentication"
+      line: "PasswordAuthentication yes"
+    become: yes
+
+  - name: Restart sshd service
+    service:
+      name: sshd
+      state: restarted
+    become: yes
+
+  when:
+    - inventory_hostname == 'controller-k8s'
+    - helm_version is defined
+
+- block:
+  - name: Update extra field of k8s vim
+    command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "update vims set extra='{\"helm_info\":\"{\'masternode_ip\':[\'{{ hostvars['controller-k8s']['nodepool']['private_ipv4'] }}\'],\'masternode_username\':\'helm\',\'masternode_password\':\'{{ helm_user_password }}\'}\"}' where name='{{ vim_name }}'"
+
+  - name: Get extra field of k8s vim after updating
+    command: mysql -uroot -p{{ devstack_localrc['DATABASE_PASSWORD'] }} -hlocalhost tacker -e "select extra from vims where name='{{ vim_name }}'"
+    register: result
+
+  - name: Print result
+    debug:
+      var: result.stdout
+    when: result.rc == 0
+
+  when:
+    - inventory_hostname == 'controller'
+    - helm_version is defined
+

tacker/db/migration/alembic_migrations/versions/6dc60a5760e5_add_extra_field_to_vims_db.py

@@ -0,0 +1,36 @@
+# Copyright 2021 OpenStack Foundation
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+#
+
+# flake8: noqa: E402
+
+"""add extra field to vims db
+
+Revision ID: 6dc60a5760e5
+Revises: c31f65e0d099
+Create Date: 2021-07-26 12:28:13.797458
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '6dc60a5760e5'
+down_revision = 'c31f65e0d099'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade(active_plugins=None, options=None):
+    op.add_column('vims',
+                  sa.Column('extra', sa.JSON(), nullable=True))

tacker/db/migration/alembic_migrations/versions/HEAD

@@ -1 +1 @@
-c31f65e0d099
+6dc60a5760e5