From f8f74e11ce26424004c0af89f29b7d206ab4452a Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Thu, 23 Apr 2020 15:35:34 -0600 Subject: [PATCH] Add ansible hieradata file Currently there isn't a good way to pass dynamic information from ansible to puppet to end up in the configuration. This change adds an ansible_managed hierafile that can be updated via ansible to pass dynamic variables into a future puppet execution. An example playbook would be: - name: Set my data set_fact: my_data: foo - name: Add my_data to hieradata include_role: name: tripleo_hieradata tasks_from: ansible_hierdata.yml vars: hieradata_ansible_data: my_magical_var: "{{ my_data }}" The puppet code that would be executed later would just be: class myclass( $my_data = lookup('my_magical_var', 'bar') ) { file { '/var/tmp/data': ensure = present, content = $my_data } } Change-Id: I52ba520dbdd97b25cb093f7e09609e6e1797e3a1 --- .../roles/tripleo_hieradata/defaults/main.yml | 2 + .../molecule/ansible_hieradata/Dockerfile | 37 +++ .../molecule/ansible_hieradata/converge.yml | 89 ++++++ .../molecule/ansible_hieradata/molecule.yml | 279 ++++++++++++++++++ .../molecule/ansible_hieradata/prepare.yml | 21 ++ .../tasks/ansible_hieradata.yml | 25 ++ 6 files changed, 453 insertions(+) create mode 100644 tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml create mode 100644 tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml diff --git a/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml b/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml index ecafaaef9..32f6471b9 100644 --- a/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo_hieradata/defaults/main.yml @@ -56,3 +56,5 @@ hieradata_templates_list: # loopback device the local address will be set to "localhost" otherwise # the local address will be defined as "127.0.0.1". hieradata_localhost_address: "{{ ('ipv6' in (ansible_lo | default({}))) | ternary('localhost', '127.0.0.1') }}" +# file included in hieradata hierarchy for ansible to pass data to puppet +hieradata_ansible_file: /etc/puppet/hieradata/ansible_managed.json diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/Dockerfile b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/Dockerfile new file mode 100644 index 000000000..e0534b4d1 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml new file mode 100644 index 000000000..352a96b18 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/converge.yml @@ -0,0 +1,89 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + pre_tasks: + - name: Create puppet hieradata directory + file: + path: /etc/puppet/hieradata + state: directory + tasks: + - name: Create ansible_managed.json + include_role: + name: tripleo_hieradata + tasks_from: ansible_hieradata.yml + + - name: Check file exists + when: + - not ansible_check_mode|bool + block: + - name: Stat file + stat: + path: /etc/puppet/hieradata/ansible_managed.json + become: true + register: _managed_file + - name: Assert file exists + assert: + that: + - _managed_file.stat.exists + + - name: Check file contents + when: + - not ansible_check_mode|bool + block: + - name: Get contents + slurp: + src: /etc/puppet/hieradata/ansible_managed.json + become: true + register: _managed_file + - name: Set contents fact + set_fact: + _data: "{{ _managed_file['content'] | b64decode }}" + - name: Assert file contents + assert: + that: + - _data == {} + + - name: Configure data + include_role: + name: tripleo_hieradata + tasks_from: ansible_hieradata.yml + vars: + hieradata_ansible_data: + my_var: foo + + - name: Check file contents + when: + - not ansible_check_mode|bool + block: + - name: Get contents + slurp: + src: /etc/puppet/hieradata/ansible_managed.json + become: true + register: _managed_file + - name: Set contents fact + set_fact: + _data: "{{ _managed_file['content'] | b64decode }}" + - name: Set expected + set_fact: + expected: + my_var: foo + - name: Assert file contents + assert: + that: + - _data == expected diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml new file mode 100644 index 000000000..dd670ed26 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/molecule.yml @@ -0,0 +1,279 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + volumes: + - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: centos8 + hostname: centos8 + image: centos:8 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + volumes: + - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro + environment: + <<: *env + +provisioner: + name: ansible + inventory: + hosts: + all: + vars: + all_nodes_extra_map_data: {} + cloud_domain: localdomain + cloud_names: + cloud_name_ctlplane: standalone.ctlplane.localdomain + container_cli: podman + control_virtual_ip: 192.168.24.1 + ctlplane_ip: 192.168.24.2 + ctlplane_subnet_cidr: 24 + deploy_artifact_urls: '' + deploy_identifier: '1564455089' + deploy_steps_max: 6 + enable_internal_tls: false + enabled_networks: [] + enabled_services: + - keystone_admin_api + - keystone_public_api + - ca_certs + - ceph_client + - ceph_mds + - ceph_mgr + - ceph_mon + - ceph_rgw + - ceph_osd + - certmonger_user + - clustercheck + - container_image_prepare + - logrotate_crond + - docker + - docker_registry + - glance_api + - haproxy + - iscsid + - kernel + - keystone + - manila_api + - manila_backend_cephfs + - manila_scheduler + - manila_share + - memcached + - mysql + - mysql_client + - neutron_api + - neutron_plugin_ml2_ovn + - nova_api + - nova_compute + - nova_conductor + - nova_libvirt + - nova_metadata + - nova_migration_target + - nova_scheduler + - nova_vnc_proxy + - ovn_controller + - ovn_dbs + - ovn_metadata + - openstack_clients + - oslo_messaging_notify + - oslo_messaging_rpc + - pacemaker + - placement + - podman + - snmp + - sshd + - chrony + - timezone + - logrotate_tmpwatch + - tripleo_firewall + - tripleo_packages + - tuned + extraconfig: + foo: bar1 + foo2: bar2 + hosts_entry: ' + + 192.168.24.1 standalone.localdomain standalone + + 192.168.24.1 standalone.ctlplane.localdomain standalone.ctlplane + + ' + net_vip_map: + ctlplane: 192.168.24.1 + ctlplane_subnet: 192.168.24.1/24 + ctlplane_uri: 192.168.24.1 + redis: 192.168.24.1 + ovn_dbs: 192.168.24.1 + network_virtual_ips: + ctlplane: + index: 1 + ip_address: 192.168.24.1 + network_cidrs: + External_cidr: 192.168.24.2/24 + networks: null + nova_additional_cell: false + ping_test_ips: + Standalone: 192.168.24.1 + primary_role_name: Standalone + role_networks: + - Internal + service_configs: + foo: bar3 + service_names: + - ca_certs + - ceph_client + - ceph_mds + - ceph_mgr + - ceph_mon + - ceph_rgw + - ceph_osd + - certmonger_user + - clustercheck + - container_image_prepare + - logrotate_crond + - docker + - docker_registry + - glance_api + - haproxy + - iscsid + - kernel + - keystone + - manila_api + - manila_backend_cephfs + - manila_scheduler + - manila_share + - memcached + - mysql + - mysql_client + - neutron_api + - neutron_plugin_ml2_ovn + - nova_api + - nova_compute + - nova_conductor + - nova_libvirt + - nova_metadata + - nova_migration_target + - nova_scheduler + - nova_vnc_proxy + - ovn_controller + - ovn_dbs + - ovn_metadata + - openstack_clients + - oslo_messaging_notify + - oslo_messaging_rpc + - pacemaker + - placement + - podman + - snmp + - sshd + - chrony + - timezone + - logrotate_tmpwatch + - tripleo_firewall + - tripleo_packages + - tuned + service_net_map: + aodh_api_network: ctlplane + apache_network: ctlplane + barbican_api_network: ctlplane + bindnetwork: ctlplane + ceph_cluster_network: ctlplane + ceph_grafana_network: ctlplane + ceph_mon_network: ctlplane + ceph_rgw_network: ctlplane + cinder_api_network: ctlplane + cinder_iscsi_network: ctlplane + designate_api_network: ctlplane + docker_registry_network: ctlplane + ec2_api_metadata_network: ctlplane + ec2_api_network: ctlplane + etcd_network: ctlplane + ganesha_network: ctlplane + glance_api_network: ctlplane + gnocchi_api_network: ctlplane + haproxy_network: ctlplane + heat_api_cfn_network: ctlplane + heat_api_cloudwatch_network: ctlplane + heat_api_network: ctlplane + horizon_network: ctlplane + ironic_api_network: ctlplane + ironic_inspector_network: ctlplane + ironic_network: ctlplane + keystone_admin_api_network: ctlplane + keystone_public_api_network: ctlplane + manila_api_network: ctlplane + memcached_network: ctlplane + metrics_qdr_network: ctlplane + mistral_api_network: ctlplane + mongodb_network: ctlplane + mysql_network: ctlplane + neutron_api_network: ctlplane + neutron_tenant_network: ctlplane + nova_api_network: ctlplane + nova_libvirt_network: ctlplane + nova_metadata_network: ctlplane + nova_vnc_proxy_network: ctlplane + novajoin_network: ctlplane + octavia_api_network: ctlplane + opendaylight_api_network: ctlplane + openshift_infra_network: ctlplane + openshift_master_network: ctlplane + oslo_messaging_notify_network: ctlplane + oslo_messaging_rpc_network: ctlplane + ovn_dbs_network: ctlplane + pacemaker_network: ctlplane + pacemaker_remote_network: ctlplane + panko_api_network: ctlplane + placement_network: ctlplane + public_network: ctlplane + qdr_network: ctlplane + rabbitmq_network: ctlplane + redis_network: ctlplane + sahara_api_network: ctlplane + snmpd_network: ctlplane + standalone_hostname_resolve_network: ctlplane + swift_proxy_network: ctlplane + swift_storage_network: ctlplane + tacker_api_network: ctlplane + zaqar_api_network: ctlplane + stack_action: CREATE + stack_update_type: '' + tripleo_role_name: Standalone + validate_controllers_icmp: true + validate_fqdn: false + validate_gateways_icmp: true + validate_ntp: true + Standalone: + hosts: + centos8: {} + centos7: {} + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - check + - verify + - destroy + +verifier: + name: testinfra diff --git a/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo_hieradata/molecule/ansible_hieradata/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml b/tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml new file mode 100644 index 000000000..90d7de53a --- /dev/null +++ b/tripleo_ansible/roles/tripleo_hieradata/tasks/ansible_hieradata.yml @@ -0,0 +1,25 @@ +--- +- name: Check for hieradata file + stat: + path: + src: "{{ hieradata_ansible_file }}" + register: _hiera_file +- block: + - name: Get existing data + slurp: "{{ hieradata_ansible_file }}" + register: _file_data + become: true + - name: Set data fact + set_fact: + heradata_content: "{{ _file_data['content'] | b64decode }}" + when: + - _hiera_file.stat is defined + - _hiera_file.stat.exists +- name: Write ansible hieradata file + copy: + dest: "{{ hieradata_ansible_file }}" + content: "{{ hieradata_content | default({}) | combine(hieradata_ansible_data | default({})) | to_json }}" + owner: root + group: root + mode: '0644' + become: true