diff --git a/doc/source/roles/role-tripleo-container-tag.rst b/doc/source/roles/role-tripleo-container-tag.rst new file mode 100644 index 000000000..2b526e1a9 --- /dev/null +++ b/doc/source/roles/role-tripleo-container-tag.rst @@ -0,0 +1,31 @@ +============================ +Role - tripleo-container-tag +============================ + +This role provides for the following services: + + * tripleo-container-tag + + +Default variables +~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-container-tag/defaults/main.yml + :language: yaml + :start-after: under the License. + + +Example default playbook +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-container-tag/molecule/default/playbook.yml + :language: yaml + :start-after: under the License. + + +Example podman playbook +~~~~~~~~~~~~~~~~~~~~~~~ + +.. literalinclude:: ../../../tripleo_ansible/roles/tripleo-container-tag/molecule/podman/playbook.yml + :language: yaml + :start-after: under the License. diff --git a/tox.ini b/tox.ini index 7692cae73..5dc0879a2 100644 --- a/tox.ini +++ b/tox.ini @@ -19,6 +19,7 @@ setenv = ANSIBLE_NOCOWS=1 ANSIBLE_RETRY_FILES_ENABLED=0 ANSIBLE_STDOUT_CALLBACK=debug + ANSIBLE_LOG_PATH={envlogdir}/ansible-execution.log VIRTUAL_ENV={envdir} # pip: Avoid 2020-01-01 warnings: https://github.com/pypa/pip/issues/6207 # paramiko CryptographyDeprecationWarning: https://github.com/ansible/ansible/issues/52598 @@ -237,3 +238,21 @@ basepython = {[testenv:mol]basepython} deps = {[testenv:mol]deps} changedir = {toxinidir}/tripleo_ansible/roles/tripleo-ssh-known-hosts commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py + +[testenv:mol-tripleo-container-tag] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-tag +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py + +[testenv:mol-tripleo-container-tag-default] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-tag +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=default + +[testenv:mol-tripleo-container-tag-podman] +basepython = {[testenv:mol]basepython} +deps = {[testenv:mol]deps} +changedir = {toxinidir}/tripleo_ansible/roles/tripleo-container-tag +commands = python -m pytest --color=yes --html={envlogdir}/reports.html --self-contained-html {tty:-s} {toxinidir}/tests/test_molecule.py --scenario=podman diff --git a/tripleo_ansible/roles/test_deps/tasks/main.yml b/tripleo_ansible/roles/test_deps/tasks/main.yml index 6a8dd398f..b40311d91 100644 --- a/tripleo_ansible/roles/test_deps/tasks/main.yml +++ b/tripleo_ansible/roles/test_deps/tasks/main.yml @@ -32,11 +32,17 @@ - always - name: install deplorean repo + become: true get_url: url: "https://trunk.rdoproject.org/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-master/current-tripleo/delorean.repo" dest: /etc/yum.repos.d/delorean.repo + when: + - (ansible_os_family | lower) == 'redhat' - name: install deplorean-deps repo + become: true get_url: url: "https://trunk.rdoproject.org/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-master/delorean-deps.repo" dest: /etc/yum.repos.d/delorean-deps.repo + when: + - (ansible_os_family | lower) == 'redhat' diff --git a/tripleo_ansible/roles/tripleo-container-tag/README.md b/tripleo_ansible/roles/tripleo-container-tag/README.md new file mode 100644 index 000000000..da81c477c --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/README.md @@ -0,0 +1,42 @@ +tripleo-container-tag +===================== + +An Ansible role to tag Pacemaker-managed containers. + +Requirements +------------ + +It requires Docker or Podman on the host, depending which container CLI +is used. + +Role variables +-------------- + +- container_image: -- Name of the container image to tag. +- container_image_latest: -- Name of the tag. +- container_cli: -- Name of the Container CLI tool (default to docker). +- pull_image: -- Pulling or not the image passed in container_image variable ( default to true). + +Example Playbook +---------------- + +Sample playbook to call the role: + + - name: Tag Pacemaker containers + hosts: all + roles: + - tripleo-container-tag + vars: + container_image: haproxy + container_image_latest: pcmklatest + container_cli: docker + +License +------- + +Free software: Apache License (2.0) + +Author Information +------------------ + +OpenStack TripleO team diff --git a/tripleo_ansible/roles/tripleo-container-tag/defaults/main.yml b/tripleo_ansible/roles/tripleo-container-tag/defaults/main.yml new file mode 100644 index 000000000..f74b82afd --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/defaults/main.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +# All variables within this role should have a prefix of "tripleo-container-tag" + +# NOTE(cloudnull): This role used to use a non-namespaced option, which has a high +# probability of creating conflicts with other roles in the greater +# ansible ecosystem. To ensure that we're able to retain existing +# variable functionality the "modules" option will supersede +# "tripleo_modules" if defined. This default should be removed +# just as soon as we're validate that the non-namespaced option +# is no longer in use. +# +# Set the container command line entry-point +tripleo_container_cli: "{{ container_cli | default('docker') }}" + +# Enable or disable pulling images. +tripleo_container_pull_image: "{{ pull_image | default(true) }}" + +# Name of the tag +tripleo_container_image_latest: "{{ container_image_latest | default('latest') }}" diff --git a/tripleo_ansible/roles/tripleo-container-tag/meta/main.yml b/tripleo_ansible/roles/tripleo-container-tag/meta/main.yml new file mode 100644 index 000000000..b0936bb05 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-container-tag + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/default/molecule.yml new file mode 100644 index 000000000..97e31714b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: delegated + options: + managed: false + login_cmd_template: >- + ssh + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o Compression=no + -o TCPKeepAlive=yes + -o VerifyHostKeyDNS=no + -o ForwardX11=no + -o ForwardAgent=no + {instance} + ansible_connection_options: + ansible_connection: ssh + +log: true + +platforms: + - name: instance + +provisioner: + name: ansible + inventory: + hosts: + all: + hosts: + instance: + ansible_host: localhost + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - prepare + - converge + - verify + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/default/playbook.yml new file mode 100644 index 000000000..7bd3a9d07 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/default/playbook.yml @@ -0,0 +1,31 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + become: true + hosts: all + roles: + - role: "tripleo-container-tag" + tripleo_container_image: fedora:28 + tripleo_container_image_latest: test-latest + tripleo_container_cli: docker + tripleo_container_pull_image: true + - role: "tripleo-container-tag" + tripleo_container_image: fedora:28 + tripleo_container_image_latest: test-latest-2 + tripleo_container_cli: docker + tripleo_container_pull_image: false diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/default/prepare.yml new file mode 100644 index 000000000..8a3a18d44 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/default/prepare.yml @@ -0,0 +1,78 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- import_playbook: ../pre-prepare.yml + +- name: Prepare + hosts: all + become: true + gather_facts: true + vars: + required_packages: + - docker + - python-virtualenv + pre_tasks: + - name: Set current user fact + set_fact: + current_user: "{{ lookup('env','USER') }}" + roles: + - role: test_deps + post_tasks: + - name: Docker block + block: + - name: Install docker + package: + name: "{{ required_packages }}" + state: latest + + - name: Ensure "docker" group exists + group: + name: docker + state: present + + - name: Ensure the ansible user can access docker + user: + name: "{{ ansible_user | default(current_user) }}" + groups: docker + + - name: Start docker + systemd: + name: docker + state: started + + - name: Install python-docker in venv + pip: + name: "docker" + virtualenv: /opt/tripleo-ansible + virtualenv_site_packages: true + + - name: reset ssh connection to allow user changes to take affect + meta: reset_connection + + - name: pull an image + vars: + ansible_python_interpreter: /opt/tripleo-ansible/bin/python + docker_image: + name: fedora:28 + source: pull + + - name: Create a data container + vars: + ansible_python_interpreter: /opt/tripleo-ansible/bin/python + docker_container: + name: test-container + image: fedora:28 diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/molecule.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/molecule.yml new file mode 100644 index 000000000..97e31714b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: delegated + options: + managed: false + login_cmd_template: >- + ssh + -o UserKnownHostsFile=/dev/null + -o StrictHostKeyChecking=no + -o Compression=no + -o TCPKeepAlive=yes + -o VerifyHostKeyDNS=no + -o ForwardX11=no + -o ForwardAgent=no + {instance} + ansible_connection_options: + ansible_connection: ssh + +log: true + +platforms: + - name: instance + +provisioner: + name: ansible + inventory: + hosts: + all: + hosts: + instance: + ansible_host: localhost + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - prepare + - converge + - verify + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/playbook.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/playbook.yml new file mode 100644 index 000000000..897f205cc --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/playbook.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + become: true + roles: + - role: "tripleo-container-tag" + tripleo_container_image: fedora:28 + tripleo_container_image_latest: test-latest + tripleo_container_cli: podman + - role: "tripleo-container-tag" + tripleo_container_image: fedora:28 + tripleo_container_image_latest: test-latest-2 + tripleo_container_cli: podman + tripleo_container_pull_image: false diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/prepare.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/prepare.yml new file mode 100644 index 000000000..979a60611 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/podman/prepare.yml @@ -0,0 +1,34 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- import_playbook: ../pre-prepare.yml + +- name: Prepare + hosts: all + become: true + gather_facts: true + vars: + required_packages: + - podman + roles: + - role: test_deps + post_tasks: + - name: Install podman + become: true + package: + name: "{{ required_packages }}" + state: latest diff --git a/tripleo_ansible/roles/tripleo-container-tag/molecule/pre-prepare.yml b/tripleo_ansible/roles/tripleo-container-tag/molecule/pre-prepare.yml new file mode 100644 index 000000000..096979415 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/molecule/pre-prepare.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: pre prepare + connection: local + hosts: all + gather_facts: false + tasks: + - name: Set current user fact + set_fact: + current_user_home: "{{ lookup('env','HOME') }}" + current_user: "{{ lookup('env','USER') }}" + + - name: Ensure the user has a .ssh directory + file: + path: "{{ current_user_home }}/.ssh" + state: directory + owner: "{{ ansible_user | default(current_user) }}" + group: "{{ ansible_user | default(current_user) }}" + mode: "0700" + + - name: Create ssh key pair + user: + name: "{{ ansible_user | default(current_user) }}" + generate_ssh_key: true + ssh_key_bits: 2048 + ssh_key_file: "{{ current_user_home }}/.ssh/id_rsa" + + - name: Ensure can ssh to can connect to localhost + authorized_key: + user: "{{ ansible_user | default(current_user) }}" + key: "{{ lookup('file', (current_user_home ~ '/.ssh/id_rsa.pub')) }}" diff --git a/tripleo_ansible/roles/tripleo-container-tag/tasks/main.yml b/tripleo_ansible/roles/tripleo-container-tag/tasks/main.yml new file mode 100644 index 000000000..8d6c1c94a --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-tag/tasks/main.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# "tripleo-container-tag" will search for and load any operating system variable file + +- name: Pull {{ tripleo_container_image }} image + shell: "{{ tripleo_container_cli }} pull {{ tripleo_container_image }}" + when: + - tripleo_container_pull_image | bool + +- name: Tag {{ tripleo_container_image_latest }} to latest {{ tripleo_container_image }} image + shell: "{{ tripleo_container_cli }} tag {{ tripleo_container_image }} {{ tripleo_container_image_latest }}" diff --git a/zuul.d/base.yaml b/zuul.d/base.yaml index 89070369d..d7ae6cef1 100644 --- a/zuul.d/base.yaml +++ b/zuul.d/base.yaml @@ -6,6 +6,13 @@ timeout: 900 nodeset: centos-7 voting: true +- job: + name: tripleo-ansible-centos-sudo + parent: openstack-tox-with-sudo + description: Basic tripleo-ansible tox job with sudo + timeout: 900 + nodeset: centos-7 + voting: true - job: name: tripleo-ansible-docs parent: openstack-tox-docs diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index f7140299c..39926ee0f 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -12,6 +12,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-create-admin - tripleo-ansible-centos-7-molecule-tripleo-module-load - tripleo-ansible-centos-7-molecule-tripleo-ssh-known-hosts + - tripleo-ansible-centos-7-molecule-tripleo-container-tag gate: jobs: - tripleo-ansible-centos-7-molecule-aide @@ -24,6 +25,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-create-admin - tripleo-ansible-centos-7-molecule-tripleo-module-load - tripleo-ansible-centos-7-molecule-tripleo-ssh-known-hosts + - tripleo-ansible-centos-7-molecule-tripleo-container-tag name: tripleo-ansible-molecule-jobs - job: files: @@ -99,3 +101,10 @@ parent: tripleo-ansible-centos vars: tox_envlist: mol-tripleo-ssh-known-hosts +- job: + files: + - ^tripleo_ansible/roles/tripleo-container-tag/.* + name: tripleo-ansible-centos-7-molecule-tripleo-container-tag + parent: tripleo-ansible-centos-sudo + vars: + tox_envlist: mol-tripleo-container-tag