Import tripleo-container-rm role

Also add Molecule tests. The sudo test environment is required
to run tests with docker and podman.

Change-Id: I434a822ac071b8a2fb6f54ddf4c03ac7450fccc6
Signed-off-by: Luke Short <ekultails@gmail.com>

doc/source/roles/role-tripleo-container-rm.rst

@@ -0,0 +1,31 @@
+===========================================
+TripleO-Ansible Role - tripleo-container-rm
+===========================================
+
+This role provides for the following services:
+
+    * tripleo-container-rm
+
+
+Default variables
+~~~~~~~~~~~~~~~~~
+
+.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-container-rm/defaults/main.yml
+  :language: yaml
+  :start-after: under the License.
+
+
+Example default playbook
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-container-rm/molecule/default/playbook.yml
+  :language: yaml
+  :start-after: under the License.
+
+
+Example docker playbook
+~~~~~~~~~~~~~~~~~~~~~~~
+
+.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-container-rm/molecule/docker/playbook.yml
+  :language: yaml
+  :start-after: under the License.

tox.ini

@@ -256,3 +256,21 @@ basepython = {[testenv:mol]basepython}
 deps = {[testenv:mol]deps}
 changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-tag
 commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=podman
+
+[testenv:mol-tripleo-container-rm]
+basepython = {[testenv:mol]basepython}
+deps = {[testenv:mol]deps}
+changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-rm
+commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py
+
+[testenv:mol-tripleo-container-rm-default]
+basepython = {[testenv:mol]basepython}
+deps = {[testenv:mol]deps}
+changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-rm
+commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=default
+
+[testenv:mol-tripleo-container-rm-docker]
+basepython = {[testenv:mol]basepython}
+deps = {[testenv:mol]deps}
+changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-rm
+commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=docker

tripleo_ansible/roles/tripleo-container-rm/defaults/main.yml

@@ -0,0 +1,32 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# All variables intended for modification should place placed in this file.
+
+# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high
+#                  probability of creating conflicts with other roles in the greater
+#                  ansible ecosystem. To ensure that we're able to retain existing
+#                  variable functionality the "modules" option will supersede
+#                  "tripleo_modules" if defined. This default should be removed
+#                  just as soon as we're validate that the non-namespaced option
+#                  is no longer in use.
+#
+# Set the container command line entry-point
+tripleo_container_cli: "{{ container_cli | default('podman') }}"
+
+# List of containers to delete
+tripleo_containers_to_rm: "{{ containers_to_rm | default([]) }}"

tripleo_ansible/roles/tripleo-container-rm/meta/main.yml

@@ -0,0 +1,44 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO OpenStack Role -- tripleo-container-rm
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.7
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: Fedora
+      versions:
+        - 28
+    - name: CentOS
+      versions:
+        - 7
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

tripleo_ansible/roles/tripleo-container-rm/molecule/default/molecule.yml

@@ -0,0 +1,49 @@
+---
+driver:
+  name: delegated
+  options:
+    managed: false
+    login_cmd_template: >-
+      ssh
+      -o UserKnownHostsFile=/dev/null
+      -o StrictHostKeyChecking=no
+      -o Compression=no
+      -o TCPKeepAlive=yes
+      -o VerifyHostKeyDNS=no
+      -o ForwardX11=no
+      -o ForwardAgent=no
+      {instance}
+    ansible_connection_options:
+      ansible_connection: ssh
+
+log: true
+
+platforms:
+  - name: instance
+
+provisioner:
+  name: ansible
+  inventory:
+    hosts:
+      all:
+        hosts:
+          instance:
+            ansible_host: localhost
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+  name: default
+  test_sequence:
+    - prepare
+    - converge
+    - verify
+
+lint:
+  enabled: false
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8

tripleo_ansible/roles/tripleo-container-rm/molecule/default/playbook.yml

@@ -0,0 +1,25 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  become: true
+  hosts: all
+  roles:
+    - role: tripleo-container-rm
+      containers_to_rm:
+        - podman-container1
+        - podman-container2

tripleo_ansible/roles/tripleo-container-rm/molecule/default/prepare.yml

@@ -0,0 +1,43 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- import_playbook: ../pre-prepare.yml
+
+- name: Prepare
+  hosts: all
+  become: true
+  gather_facts: true
+  vars:
+    required_packages:
+      - podman
+  roles:
+    - role: test_deps
+  post_tasks:
+    - name: Install podman
+      become: true
+      package:
+        name: "{{ required_packages }}"
+        state: latest
+
+    - name: Pull container image
+      command: "podman pull fedora:28"
+
+    - name: Create test containers
+      command: "podman run -itd --systemd --name {{ item }} fedora bash"
+      with_items:
+        - podman-container1
+        - podman-container2

tripleo_ansible/roles/tripleo-container-rm/molecule/docker/molecule.yml

@@ -0,0 +1,49 @@
+---
+driver:
+  name: delegated
+  options:
+    managed: false
+    login_cmd_template: >-
+      ssh
+      -o UserKnownHostsFile=/dev/null
+      -o StrictHostKeyChecking=no
+      -o Compression=no
+      -o TCPKeepAlive=yes
+      -o VerifyHostKeyDNS=no
+      -o ForwardX11=no
+      -o ForwardAgent=no
+      {instance}
+    ansible_connection_options:
+      ansible_connection: ssh
+
+log: true
+
+platforms:
+  - name: instance
+
+provisioner:
+  name: ansible
+  inventory:
+    hosts:
+      all:
+        hosts:
+          instance:
+            ansible_host: localhost
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+
+scenario:
+  name: docker
+  test_sequence:
+    - prepare
+    - converge
+    - verify
+
+lint:
+  enabled: false
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8

tripleo_ansible/roles/tripleo-container-rm/molecule/docker/playbook.yml

@@ -0,0 +1,29 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  become: true
+  hosts: all
+  roles:
+    - role: tripleo-container-rm
+      tripleo_containers_to_rm:
+        - docker-container1
+        - docker-container2
+      tripleo_container_cli: docker
+
+  vars:
+    ansible_python_interpreter: /opt/tripleo-ansible/bin/python

tripleo_ansible/roles/tripleo-container-rm/molecule/docker/prepare.yml

@@ -0,0 +1,84 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- import_playbook: ../pre-prepare.yml
+
+- name: Prepare
+  hosts: all
+  become: true
+  gather_facts: true
+  vars:
+    required_packages:
+      - docker
+      - python-docker-py
+      - python-virtualenv
+  pre_tasks:
+    - name: Set current user fact
+      set_fact:
+        current_user: "{{ lookup('env','USER') }}"
+  roles:
+    - role: test_deps
+  post_tasks:
+    - name: Docker block
+      block:
+        - name: Install docker
+          package:
+            name: "{{ required_packages }}"
+            state: latest
+
+        - name: Ensure "docker" group exists
+          group:
+            name: docker
+            state: present
+
+        - name: Ensure the ansible user can access docker
+          user:
+            name: "{{ ansible_user | default(current_user) }}"
+            groups: docker
+
+        - name: Start docker
+          systemd:
+            name: docker
+            state: started
+
+        - name: Install python-docker in venv
+          pip:
+            name: "docker"
+            virtualenv: /opt/tripleo-ansible
+            virtualenv_site_packages: true
+
+    - name: reset ssh connection to allow user changes to take affect
+      meta: reset_connection
+
+    - name: pull an image
+      vars:
+        ansible_python_interpreter: /opt/tripleo-ansible/bin/python
+      docker_image:
+        name: fedora:28
+        source: pull
+
+    - name: Create a data container
+      vars:
+        ansible_python_interpreter: /opt/tripleo-ansible/bin/python
+      docker_container:
+        name: "{{ item }}"
+        image: fedora:28
+        detach: true
+        command: sleep 1d
+      with_items:
+        - docker-container1
+        - docker-container2

tripleo_ansible/roles/tripleo-container-rm/molecule/docker/verify.yml

@@ -0,0 +1,15 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.

tripleo_ansible/roles/tripleo-container-rm/molecule/pre-prepare.yml

@@ -0,0 +1,46 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: pre prepare
+  connection: local
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Set current user fact
+      set_fact:
+        current_user_home: "{{ lookup('env','HOME') }}"
+        current_user: "{{ lookup('env','USER') }}"
+
+    - name: Ensure the user has a .ssh directory
+      file:
+        path: "{{ current_user_home }}/.ssh"
+        state: directory
+        owner: "{{ ansible_user | default(current_user) }}"
+        group: "{{ ansible_user | default(current_user) }}"
+        mode: "0700"
+
+    - name: Create ssh key pair
+      user:
+        name: "{{ ansible_user | default(current_user) }}"
+        generate_ssh_key: true
+        ssh_key_bits: 2048
+        ssh_key_file: "{{ current_user_home }}/.ssh/id_rsa"
+
+    - name: Ensure can ssh to can connect to localhost
+      authorized_key:
+        user: "{{ ansible_user | default(current_user) }}"
+        key: "{{ lookup('file', (current_user_home ~ '/.ssh/id_rsa.pub')) }}"

tripleo_ansible/roles/tripleo-container-rm/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- include_tasks: "tripleo_{{ tripleo_container_cli }}_container_rm.yml"
+  vars:
+    container: "{{ item }}"
+  with_items: "{{ tripleo_containers_to_rm }}"

tripleo_ansible/roles/tripleo-container-rm/tasks/tripleo_docker_container_rm.yml

@@ -0,0 +1,21 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: remove "{{ container }}" container
+  docker_container:
+    name: "{{ container }}"
+    state: absent

tripleo_ansible/roles/tripleo-container-rm/tasks/tripleo_podman_container_rm.yml

@@ -0,0 +1,83 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: "check if {{ container }} service healthcheck exists in systemd"
+  stat:
+    path: "/etc/systemd/system/tripleo_{{ container }}_healthcheck.service"
+  register: systemd_healthcheck_exists
+
+- name: "tear-down {{ container }} healthcheck"
+  when:
+    - systemd_healthcheck_exists.stat.exists
+  block:
+    - name: "stop and disable {{ container }} healthcheck"
+      systemd:
+        name: "tripleo_{{ container }}_healthcheck"
+        state: stopped
+        enabled: false
+
+    - name: "remove {{ container }} healthcheck service"
+      file:
+        path: "/etc/systemd/system/tripleo_{{ container }}_healthcheck.service"
+        state: absent
+
+    - name: "remove {{ container }} healthcheck timer"
+      file:
+        path: "/etc/systemd/system/tripleo_{{ container }}_healthcheck.timer"
+        state: absent
+
+- name: "check if {{ container }} service exists in systemd"
+  stat:
+    path: "/etc/systemd/system/tripleo_{{ container }}.service"
+  register: systemd_exists
+
+- name: "tear-down {{ container }} container"
+  when:
+    - systemd_exists.stat.exists
+  block:
+    - name: "stop and disable {{ container }}"
+      systemd:
+        name: "tripleo_{{ container }}"
+        state: stopped
+        enabled: false
+
+    - name: "remove {{ container }} systemd service"
+      file:
+        path: "/etc/systemd/system/tripleo_{{ container }}.service"
+        state: absent
+
+- name: Reload systemd services if needed
+  when:
+    - systemd_healthcheck_exists.stat.exists or systemd_exists.stat.exists
+  systemd:
+    daemon_reload: true
+
+- name: "stat {{ container }} container"
+  command: "podman container exists {{ container }}"
+  failed_when: false
+  changed_when: false
+  register: stat_container
+
+- name: Stop and remove container
+  when:
+    - stat_container.rc == 0
+  block:
+    - name: Stop container
+      command: podman container kill "{{ container }}"
+
+    - name: "remove {{ container }} container"
+      command: "podman container rm {{ container }}"

zuul.d/molecule.yaml

@@ -13,6 +13,7 @@
       - tripleo-ansible-centos-7-molecule-tripleo-module-load
       - tripleo-ansible-centos-7-molecule-tripleo-ssh-known-hosts
       - tripleo-ansible-centos-7-molecule-tripleo-container-tag
+      - tripleo-ansible-centos-7-molecule-tripleo-container-rm
     gate:
       jobs:
       - tripleo-ansible-centos-7-molecule-aide
@@ -26,6 +27,7 @@
       - tripleo-ansible-centos-7-molecule-tripleo-module-load
       - tripleo-ansible-centos-7-molecule-tripleo-ssh-known-hosts
       - tripleo-ansible-centos-7-molecule-tripleo-container-tag
+      - tripleo-ansible-centos-7-molecule-tripleo-container-rm
     name: tripleo-ansible-molecule-jobs
 - job:
     files:
@@ -108,3 +110,10 @@
     parent: tripleo-ansible-centos-sudo
     vars:
       tox_envlist: mol-tripleo-container-tag
+- job:
+    files:
+    - ^tripleo_ansible/roles/tripleo-container-rm/.*
+    name: tripleo-ansible-centos-7-molecule-tripleo-container-rm
+    parent: tripleo-ansible-centos-sudo
+    vars:
+      tox_envlist: mol-tripleo-container-rm