Add playbook to stop containers

We need to stop several containers on the upgrades workflow.

This submission allows to reduce the duplicated code in THT.
It also handles the case in which we have podman as the CLI
but the containers running with docker.

Change-Id: I4fcc0858cac8f59d797d62f6de18c02e4b1819dc

doc/source/roles/role-tripleo-container-stop.rst

@@ -0,0 +1,6 @@
+=============================
+Role - tripleo-container-stop
+=============================
+
+.. ansibleautoplugin::
+   :role: tripleo_ansible/roles/tripleo-container-stop

tripleo_ansible/roles/tripleo-container-stop/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+tripleo_containers_to_stop: "{{ default([]) }}"
+tripleo_delegate_to: ["localhost"]

tripleo_ansible/roles/tripleo-container-stop/meta/main.yml

@@ -0,0 +1,44 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO OpenStack Role -- tripleo-container-stop
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.7
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: Fedora
+      versions:
+        - 28
+    - name: CentOS
+      versions:
+        - 7
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []

tripleo_ansible/roles/tripleo-container-stop/molecule/default/Dockerfile

@@ -0,0 +1,37 @@
+# Molecule managed
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
+
+{% for pkg in item.easy_install | default([]) %}
+# install pip for centos where there is no python-pip rpm in default repos
+RUN easy_install {{ pkg }}
+{% endfor %}
+
+
+CMD ["sh", "-c", "while true; do sleep 10000; done"]

tripleo_ansible/roles/tripleo-container-stop/molecule/default/molecule.yml

@@ -0,0 +1,54 @@
+---
+driver:
+  name: delegated
+  options:
+    managed: false
+    login_cmd_template: >-
+      ssh
+      -o UserKnownHostsFile=/dev/null
+      -o StrictHostKeyChecking=no
+      -o Compression=no
+      -o TCPKeepAlive=yes
+      -o VerifyHostKeyDNS=no
+      -o ForwardX11=no
+      -o ForwardAgent=no
+      {instance}
+    ansible_connection_options:
+      ansible_connection: ssh
+
+log: true
+
+platforms:
+  - name: instance
+
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      fact_caching: jsonfile
+      fact_caching_connection: /tmp/molecule/facts
+  inventory:
+    hosts:
+      all:
+        hosts:
+          instance:
+            ansible_host: localhost
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+    ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles"
+
+scenario:
+  name: default
+  test_sequence:
+    - prepare
+    - converge
+    - verify
+
+lint:
+  enabled: false
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8

tripleo_ansible/roles/tripleo-container-stop/molecule/default/playbook.yml

@@ -0,0 +1,27 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  become: true
+  hosts: all
+  roles:
+    - role: tripleo-container-stop
+      tripleo_containers_to_stop:
+        - docker-container1
+        - docker-container2
+  vars:
+    ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"

tripleo_ansible/roles/tripleo-container-stop/molecule/default/prepare.yml

@@ -0,0 +1,76 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+  hosts: all
+  become: true
+  gather_facts: true
+  pre_tasks:
+    - name: Check for docker cli
+      command: "command -v docker"
+      register: docker_cli
+      failed_when: false
+      changed_when: false
+
+    - name: Check for docker connection
+      command: "docker ps"
+      register: docker_ps
+      failed_when: false
+      changed_when: false
+
+    - name: set basic user fact
+      set_fact:
+        ansible_user: "{{ lookup('env', 'USER') }}"
+      when:
+        - ansible_user is undefined
+
+    - name: set basic home fact
+      set_fact:
+        ansible_user_dir: "{{ lookup('env', 'HOME') }}"
+      when:
+        - ansible_user_dir is undefined
+  roles:
+    - role: test_deps
+    - role: install-docker
+      when:
+        - (docker_cli.rc != 0) or
+          (docker_ps.rc != 0)
+  post_tasks:
+    - name: Install docker-sdk
+      pip:
+        name: docker
+        virtualenv: "{{ ansible_user_dir }}/test-python"
+        virtualenv_site_packages: true
+
+    - name: pull an image
+      docker_image:
+        name: fedora:28
+        source: pull
+      vars:
+        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"
+
+    - name: Create a data container
+      docker_container:
+        name: "{{ item }}"
+        image: fedora:28
+        detach: true
+        command: sleep 1d
+      with_items:
+        - docker-container1
+        - docker-container2
+      vars:
+        ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"

tripleo_ansible/roles/tripleo-container-stop/molecule/podman/Dockerfile

@@ -0,0 +1,37 @@
+# Molecule managed
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
+
+{% for pkg in item.easy_install | default([]) %}
+# install pip for centos where there is no python-pip rpm in default repos
+RUN easy_install {{ pkg }}
+{% endfor %}
+
+
+CMD ["sh", "-c", "while true; do sleep 10000; done"]

tripleo_ansible/roles/tripleo-container-stop/molecule/podman/molecule.yml

@@ -0,0 +1,54 @@
+---
+driver:
+  name: delegated
+  options:
+    managed: false
+    login_cmd_template: >-
+      ssh
+      -o UserKnownHostsFile=/dev/null
+      -o StrictHostKeyChecking=no
+      -o Compression=no
+      -o TCPKeepAlive=yes
+      -o VerifyHostKeyDNS=no
+      -o ForwardX11=no
+      -o ForwardAgent=no
+      {instance}
+    ansible_connection_options:
+      ansible_connection: ssh
+
+log: true
+
+platforms:
+  - name: instance
+
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      fact_caching: jsonfile
+      fact_caching_connection: /tmp/molecule/facts
+  inventory:
+    hosts:
+      all:
+        hosts:
+          instance:
+            ansible_host: localhost
+  log: true
+  env:
+    ANSIBLE_STDOUT_CALLBACK: yaml
+    ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles"
+
+scenario:
+  name: podman
+  test_sequence:
+    - prepare
+    - converge
+    - verify
+
+lint:
+  enabled: false
+
+verifier:
+  name: testinfra
+  lint:
+    name: flake8

tripleo_ansible/roles/tripleo-container-stop/molecule/podman/playbook.yml

@@ -0,0 +1,27 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Converge
+  become: true
+  hosts: all
+  roles:
+    - role: tripleo-container-stop
+      tripleo_containers_to_stop:
+        - podman-container1
+        - podman-container2
+  vars:
+    ansible_python_interpreter: "{{ ansible_user_dir }}/test-python/bin/python"

tripleo_ansible/roles/tripleo-container-stop/molecule/podman/prepare.yml

@@ -0,0 +1,41 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+- name: Prepare
+  hosts: all
+  become: true
+  gather_facts: true
+  vars:
+    required_packages:
+      - podman
+  roles:
+    - role: test_deps
+  post_tasks:
+    - name: Install podman
+      become: true
+      package:
+        name: "{{ required_packages }}"
+        state: latest
+
+    - name: Pull container image
+      command: "podman pull fedora:28"
+
+    - name: Create test containers
+      command: "podman run -itd --systemd --name {{ item }} fedora bash"
+      with_items:
+        - podman-container1
+        - podman-container2

tripleo_ansible/roles/tripleo-container-stop/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+# "tripleo-container-stop" will search for and load any operating system variable file
+
+# found within the "vars/" path. If no OS files are found the task will skip.
+
+- name: Fail if tripleo_delegate_to is undefined
+  fail: msg="tripleo_delegate_to is a mandatory variable"
+  when:
+    - not ((tripleo_delegate_to is defined) and (tripleo_delegate_to | length > 0))
+
+- include_tasks: "tripleo_container_stop.yaml"
+  vars:
+    container: "{{ item }}"
+  with_items: "{{ tripleo_containers_to_stop }}"

tripleo_ansible/roles/tripleo-container-stop/tasks/tripleo_container_stop.yaml

@@ -0,0 +1,19 @@
+---
+- name: Make sure the container {{ container }} is stopped even if container_cli do not match
+  become: true
+  shell: |
+    # We need to make sure that containers are stopped
+    # as we might have different CLIs to interact with
+    # them. I.e the container_cli might be setted to be podman
+    # but we might have the containers running with docker.
+    set -eu
+    if command -v podman && podman exec {{ container }} /bin/true; then
+        systemctl stop tripleo_{{ container }}.service
+    fi
+    if type docker &> /dev/null && docker exec {{ container }} /bin/true; then
+        docker stop {{ container }}
+    fi
+  delegate_to: "{{ tripleo_delegate_to_item }}"
+  with_items: "{{ tripleo_delegate_to }}"
+  loop_control:
+    loop_var: tripleo_delegate_to_item

zuul.d/molecule.yaml

@@ -22,6 +22,7 @@
       - tripleo-ansible-centos-7-molecule-login-defs
       - tripleo-ansible-centos-7-molecule-tripleo-time
       - tripleo-ansible-centos-7-molecule-tripleo-config
+      - tripleo-ansible-centos-7-molecule-tripleo-container-stop
     gate:
       jobs:
       - tripleo-ansible-centos-7-molecule-aide
@@ -44,6 +45,7 @@
       - tripleo-ansible-centos-7-molecule-login-defs
       - tripleo-ansible-centos-7-molecule-tripleo-time
       - tripleo-ansible-centos-7-molecule-tripleo-config
+      - tripleo-ansible-centos-7-molecule-tripleo-container-stop
     name: tripleo-ansible-molecule-jobs
 - job:
     files:
@@ -191,3 +193,10 @@
     parent: tripleo-ansible-centos-7-base
     vars:
       tripleo_role_name: tripleo-config
+- job:
+    files:
+    - ^tripleo_ansible/roles/tripleo-container-stop/.*
+    name: tripleo-ansible-centos-7-molecule-tripleo-container-stop
+    parent: tripleo-ansible-centos-7-base
+    vars:
+      tripleo_role_name: tripleo-container-stop