From 9743b73de65fc599158036565ec9305d30d1ad0a Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Wed, 24 Jul 2019 10:46:02 -0500 Subject: [PATCH] Import Hiera roles The hiera roles (data and upgrade) have been imported. These roles will now be tested using molecule which will ensure functionality via multiple scenarios tests which should provide coverage for all currently available code path's. Because these roles use the ip filter from Ansible a change to the test requirements has been made to include the require python library, netaddr. Hieradata Test Matrix: - Default - Runs through the role top to bottom with all default settings - hieradata_vars - Rests role include functionality to generate hiera templates - per-host - Tests running with hiera config with host specific values - all-hosts - Tests running through a standard multi-node deployment using mock hieradata Hiera Upgrade Test Matix: - Default - Runs through the role top to bottom with all default settings To ensure we maintain coverage for the hieradata and upgrade roles additional voting scenario jobs have been added to the layout. These jobs will execute whenever a change is made to either of the hiera roles ensuring we're not experiencing any regressions on a critical part of our deployment process. Story: 2006044 Task: 34726 Task: 34728 Task: 34729 Story: 2006044 Task: 34730 Task: 34732 Task: 34733 Change-Id: I7f9e993735a0347aac12f728393639d88c80ff0f Signed-off-by: Kevin Carter --- doc/source/roles/role-tripleo-hieradata.rst | 6 + .../roles/role-tripleo-upgrade-hiera.rst | 6 + test-requirements.txt | 3 +- .../roles/tripleo-hieradata/defaults/main.yml | 54 + .../roles/tripleo-hieradata/handlers/main.yml | 22 + .../roles/tripleo-hieradata/meta/main.yml | 44 + .../molecule/all-hosts/Dockerfile | 37 + .../molecule/all-hosts/mock-hieradata.j2.yaml | 1111 +++++++++++++++++ .../molecule/all-hosts/molecule.yml | 48 + .../molecule/all-hosts/playbook.yml | 22 + .../molecule/all-hosts/prepare.yml | 21 + .../molecule/all-hosts/tests/test_default.py | 28 + .../molecule/default/Dockerfile | 37 + .../molecule/default/molecule.yml | 48 + .../molecule/default/playbook.yml | 21 + .../molecule/default/prepare.yml | 21 + .../molecule/hieradata_vars/Dockerfile | 37 + .../hieradata_vars/mock-hieradata.j2.yaml | 3 + .../molecule/hieradata_vars/molecule.yml | 225 ++++ .../molecule/hieradata_vars/playbook.yml | 46 + .../molecule/hieradata_vars/prepare.yml | 21 + .../tests/test_hieradata_vars.py | 44 + .../molecule/per-host/Dockerfile | 37 + .../molecule/per-host/mock-hieradata.j2.yaml | 16 + .../molecule/per-host/molecule.yml | 48 + .../molecule/per-host/playbook.yml | 26 + .../molecule/per-host/prepare.yml | 21 + .../molecule/per-host/tests/test_default.py | 29 + .../tripleo-hieradata/tasks/all_hosts.yml | 24 + .../tasks/hieradata_vars.yaml | 21 + .../roles/tripleo-hieradata/tasks/main.yml | 74 ++ .../tripleo-hieradata/tasks/per_host.yml | 22 + .../tripleo-hieradata/templates/all_nodes.j2 | 42 + .../templates/bootstrap_node.j2 | 4 + .../templates/cloud_domain.j2 | 4 + .../templates/extraconfig.j2 | 1 + .../roles/tripleo-hieradata/templates/fqdn.j2 | 12 + .../tripleo-hieradata/templates/net_ip_map.j2 | 18 + .../templates/role_extraconfig.j2 | 1 + .../templates/service_configs.j2 | 1 + .../tripleo-hieradata/templates/vip_data.j2 | 45 + .../tripleo-upgrade-hiera/defaults/main.yml | 17 + .../roles/tripleo-upgrade-hiera/meta/main.yml | 44 + .../molecule/default/Dockerfile | 37 + .../molecule/default/molecule.yml | 48 + .../molecule/default/playbook.yml | 62 + .../molecule/default/prepare.yml | 21 + .../tasks/create-tripleo-upgrade-file.yml | 54 + .../tripleo-upgrade-hiera/tasks/main.yml | 21 + .../tasks/remove-all.yml | 21 + .../tripleo-upgrade-hiera/tasks/remove.yml | 37 + .../roles/tripleo-upgrade-hiera/tasks/set.yml | 29 + zuul.d/layout.yaml | 57 +- zuul.d/molecule.yaml | 18 + 54 files changed, 2795 insertions(+), 22 deletions(-) create mode 100644 doc/source/roles/role-tripleo-hieradata.rst create mode 100644 doc/source/roles/role-tripleo-upgrade-hiera.rst create mode 100644 tripleo_ansible/roles/tripleo-hieradata/defaults/main.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/handlers/main.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/mock-hieradata.j2.yaml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/tests/test_default.py create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/default/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/default/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/mock-hieradata.j2.yaml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/mock-hieradata.j2.yaml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/tests/test_default.py create mode 100644 tripleo_ansible/roles/tripleo-hieradata/tasks/all_hosts.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/tasks/hieradata_vars.yaml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/tasks/per_host.yml create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/all_nodes.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/bootstrap_node.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/cloud_domain.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/extraconfig.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/fqdn.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/net_ip_map.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/role_extraconfig.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/service_configs.j2 create mode 100644 tripleo_ansible/roles/tripleo-hieradata/templates/vip_data.j2 create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/defaults/main.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/main.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove-all.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove.yml create mode 100644 tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/set.yml diff --git a/doc/source/roles/role-tripleo-hieradata.rst b/doc/source/roles/role-tripleo-hieradata.rst new file mode 100644 index 000000000..c10ec25b8 --- /dev/null +++ b/doc/source/roles/role-tripleo-hieradata.rst @@ -0,0 +1,6 @@ +======================== +Role - tripleo-hieradata +======================== + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo-hieradata diff --git a/doc/source/roles/role-tripleo-upgrade-hiera.rst b/doc/source/roles/role-tripleo-upgrade-hiera.rst new file mode 100644 index 000000000..0f24b1a09 --- /dev/null +++ b/doc/source/roles/role-tripleo-upgrade-hiera.rst @@ -0,0 +1,6 @@ +============================ +Role - tripleo-upgrade-hiera +============================ + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo-upgrade-hiera diff --git a/test-requirements.txt b/test-requirements.txt index 0dbc7e8aa..e15dd0c3c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1 +1,2 @@ -pre-commit # MIT \ No newline at end of file +pre-commit # MIT +netaddr # BSD diff --git a/tripleo_ansible/roles/tripleo-hieradata/defaults/main.yml b/tripleo_ansible/roles/tripleo-hieradata/defaults/main.yml new file mode 100644 index 000000000..08c19f780 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/defaults/main.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# `hieradata_content` can be formatted for all hosts or for specific hosts +# containing potentially different values. +# +# Host specific example: +# +# controller1: +# extraconfig: +# foo: bar +# foo2: bar2 +# other_hierafile: +# foo: bar3 +# controller2: +# extraconfig: +# foo: bar2 +# foo2: bar3 +# other_hierafile: +# foo: bar +# +# +# Global format example: +# +# extraconfig: +# foo: bar +# foo2: bar2 +# other_hierafile: +# foo: bar3 +# +hieradata_template: "" +hieradata_files: [] +# jinja2 escape trick for simple {{ and }} strings: +hieradata_variable_start_string: "{{ '{{' }}" +hieradata_variable_end_string: "{{ '}}' }}" +hieradata_per_host: false +hieradata_templates_list: + - bootstrap_node + - all_nodes + - vip_data diff --git a/tripleo_ansible/roles/tripleo-hieradata/handlers/main.yml b/tripleo_ansible/roles/tripleo-hieradata/handlers/main.yml new file mode 100644 index 000000000..9a05a60ce --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/handlers/main.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Cleanup temp file + file: + path: "{{ tempfile_1.path }}" + state: absent + delegate_to: localhost + connection: local diff --git a/tripleo_ansible/roles/tripleo-hieradata/meta/main.yml b/tripleo_ansible/roles/tripleo-hieradata/meta/main.yml new file mode 100644 index 000000000..5c2b95930 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-hieradata + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/Dockerfile b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/mock-hieradata.j2.yaml b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/mock-hieradata.j2.yaml new file mode 100644 index 000000000..6b7fe8add --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/mock-hieradata.j2.yaml @@ -0,0 +1,1111 @@ +--- +datafiles: + extraconfig: {} + service_configs: + apache::default_vhost: false + apache::ip: '%{hiera(''ctlplane'')}' + apache::mod::alias::icons_options: None + apache::mod::prefork::maxclients: 256 + apache::mod::prefork::serverlimit: 256 + apache::mod::remoteip::proxy_ips: + - 192.168.24.2/24 + apache::server_signature: 'Off' + apache::server_tokens: Prod + apache::trace_enable: 'Off' + cinder::api::bind_host: '%{hiera(''fqdn_ctlplane'')}' + cinder::api::default_volume_type: tripleo + cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: compute:nova:internalURL + cinder::api::os_region_name: regionOne + cinder::api::service_name: httpd + cinder::ceilometer::notification_driver: messagingv2 + cinder::config: + DEFAULT/swift_catalog_info: + value: object-store:swift:internalURL + cinder::cron::db_purge::age: '30' + cinder::cron::db_purge::destination: /var/log/cinder/cinder-rowsflush.log + cinder::cron::db_purge::hour: '0' + cinder::cron::db_purge::max_delay: '3600' + cinder::cron::db_purge::minute: '1' + cinder::cron::db_purge::month: '*' + cinder::cron::db_purge::monthday: '*' + cinder::cron::db_purge::user: cinder + cinder::cron::db_purge::weekday: '*' + cinder::database_connection: >- + mysql+pymysql://cinder:x@192.168.24.2/cinder?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + cinder::db::database_db_max_retries: -1 + cinder::db::database_max_retries: -1 + cinder::db::mysql::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + cinder::db::mysql::dbname: cinder + cinder::db::mysql::host: 192.168.24.2 + cinder::db::mysql::password: oZzyrfo77XIrMgnyrbqn2D4t0 + cinder::db::mysql::user: cinder + cinder::glance::glance_api_servers: http://192.168.24.2:9292 + cinder::keystone::auth::admin_url: http://192.168.24.2:8776/v1/%(tenant_id)s + cinder::keystone::auth::admin_url_v2: http://192.168.24.2:8776/v2/%(tenant_id)s + cinder::keystone::auth::admin_url_v3: http://192.168.24.2:8776/v3/%(tenant_id)s + cinder::keystone::auth::internal_url: http://192.168.24.2:8776/v1/%(tenant_id)s + cinder::keystone::auth::internal_url_v2: http://192.168.24.2:8776/v2/%(tenant_id)s + cinder::keystone::auth::internal_url_v3: http://192.168.24.2:8776/v3/%(tenant_id)s + cinder::keystone::auth::password: oZzyrfo77XIrMgnyrbqn2D4t0 + cinder::keystone::auth::public_url: http://192.168.24.2:8776/v1/%(tenant_id)s + cinder::keystone::auth::public_url_v2: http://192.168.24.2:8776/v2/%(tenant_id)s + cinder::keystone::auth::public_url_v3: http://192.168.24.2:8776/v3/%(tenant_id)s + cinder::keystone::auth::region: regionOne + cinder::keystone::auth::tenant: service + cinder::keystone::authtoken::auth_uri: http://192.168.24.2:5000 + cinder::keystone::authtoken::auth_url: http://192.168.24.2:5000 + cinder::keystone::authtoken::password: oZzyrfo77XIrMgnyrbqn2D4t0 + cinder::keystone::authtoken::project_domain_name: Default + cinder::keystone::authtoken::project_name: service + cinder::keystone::authtoken::region_name: regionOne + cinder::keystone::authtoken::user_domain_name: Default + cinder::keystone::authtoken::www_authenticate_uri: http://192.168.24.2:5000 + cinder::logging::debug: true + cinder::nova::auth_type: password + cinder::nova::auth_url: http://192.168.24.2:5000/ + cinder::nova::interface: admin + cinder::nova::password: h394xFqQIyNp3zKTApR0kbwdr + cinder::nova::project_name: service + cinder::policy::policies: {} + cinder::rabbit_heartbeat_timeout_threshold: 60 + cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler + cinder::storage_availability_zone: nova + cinder::wsgi::apache::bind_host: '%{hiera(''ctlplane'')}' + cinder::wsgi::apache::servername: '%{hiera(''fqdn_ctlplane'')}' + cinder::wsgi::apache::ssl: false + cinder::wsgi::apache::workers: '%{::os_workers}' + cold_migration_ssh_inbound_addr: '%{hiera(''ctlplane'')}' + compute_enable_ksm: false + enable_galera: true + glance::api::authtoken::auth_uri: http://192.168.24.2:5000 + glance::api::authtoken::auth_url: http://192.168.24.2:5000 + glance::api::authtoken::password: eUBg3LjB9UVrvBwdgevwMOviM + glance::api::authtoken::project_name: service + glance::api::authtoken::region_name: regionOne + glance::api::bind_host: '%{hiera(''ctlplane'')}' + glance::api::bind_port: '9292' + glance::api::database_connection: >- + mysql+pymysql://glance:x@192.168.24.2/glance?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + glance::api::enable_proxy_headers_parsing: true + glance::api::enable_v1_api: false + glance::api::enable_v2_api: true + glance::api::enabled_import_methods: + - web-download + glance::api::ignore_user_roles: + - admin + glance::api::image_conversion_output_format: raw + glance::api::image_import_plugins: + - image_conversion + glance::api::image_member_quota: 128 + glance::api::inject_metadata_properties: [] + glance::api::logging::debug: true + glance::api::node_staging_uri: file:///var/lib/glance/staging + glance::api::os_region_name: regionOne + glance::api::pipeline: keystone + glance::api::show_image_direct_url: true + glance::api::show_multiple_locations: true + glance::api::sync_db: false + glance::backend::rbd::rbd_store_ceph_conf: /etc/ceph/ceph.conf + glance::backend::rbd::rbd_store_pool: images + glance::backend::rbd::rbd_store_user: openstack + glance::backend::swift::swift_store_auth_address: http://192.168.24.2:5000/v3 + glance::backend::swift::swift_store_auth_version: 3 + glance::backend::swift::swift_store_create_container_on_put: true + glance::backend::swift::swift_store_key: eUBg3LjB9UVrvBwdgevwMOviM + glance::backend::swift::swift_store_user: service:glance + glance::db::mysql::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + glance::db::mysql::dbname: glance + glance::db::mysql::host: 192.168.24.2 + glance::db::mysql::password: eUBg3LjB9UVrvBwdgevwMOviM + glance::db::mysql::user: glance + glance::keystone::auth::admin_url: http://192.168.24.2:9292 + glance::keystone::auth::internal_url: http://192.168.24.2:9292 + glance::keystone::auth::password: eUBg3LjB9UVrvBwdgevwMOviM + glance::keystone::auth::public_url: http://192.168.24.2:9292 + glance::keystone::auth::region: regionOne + glance::keystone::auth::tenant: service + glance::keystone::authtoken::project_domain_name: Default + glance::keystone::authtoken::user_domain_name: Default + glance::notify::rabbitmq::notification_driver: messagingv2 + glance::policy::policies: {} + glance_backend: rbd + glance_log_file: '' + glance_notifier_strategy: noop + horizon::allowed_hosts: + - '*' + horizon::bind_address: '%{hiera(''ctlplane'')}' + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::customization_module: '' + horizon::disable_password_reveal: true + horizon::disallow_iframe_embed: true + horizon::django_debug: true + horizon::django_session_engine: django.contrib.sessions.backends.cache + horizon::enable_secure_proxy_ssl_header: true + horizon::enforce_password_check: true + horizon::horizon_ca: /etc/ipa/ca.crt + horizon::keystone_url: http://192.168.24.2:5000/v3 + horizon::listen_ssl: false + horizon::password_validator: '' + horizon::password_validator_help: '' + horizon::secret_key: KCJZe5lLuK + horizon::secure_cookies: false + horizon::servername: '%{hiera(''fqdn_ctlplane'')}' + horizon::timezone: UTC + horizon::vhost_extra_params: + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + add_listen: true + options: + - FollowSymLinks + - MultiViews + priority: 10 + kernel_modules: + nf_conntrack: {} + keystone::admin_bind_host: '%{hiera(''fqdn_ctlplane'')}' + keystone::admin_password: T65kUrDRVCjSEeZUi6c2PaPZl + keystone::admin_port: '35357' + keystone::admin_token: ozgltQyymaJ0B2bmE1jCnVxKr + keystone::config::keystone_config: + ec2/driver: + value: keystone.contrib.ec2.backends.sql.Ec2 + keystone::credential_keys: + /etc/keystone/credential-keys/0: + content: 9T7xVi2GGlWiJl5goN8VyvhJdbV24kbsEZg6nBRwdRI= + /etc/keystone/credential-keys/1: + content: Kai2wqK79vmuDbaHrHsx4KQFmNQ1wsoXpP5EJ4kKPvw= + keystone::cron::token_flush::destination: /var/log/keystone/keystone-tokenflush.log + keystone::cron::token_flush::ensure: present + keystone::cron::token_flush::hour: + - '*' + keystone::cron::token_flush::maxdelay: 0 + keystone::cron::token_flush::minute: + - '1' + keystone::cron::token_flush::month: + - '*' + keystone::cron::token_flush::monthday: + - '*' + keystone::cron::token_flush::user: keystone + keystone::cron::token_flush::weekday: + - '*' + keystone::database_connection: >- + mysql+pymysql://keystone:x@192.168.24.2/keystone?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 + keystone::db::mysql::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + keystone::db::mysql::dbname: keystone + keystone::db::mysql::host: 192.168.24.2 + keystone::db::mysql::password: ozgltQyymaJ0B2bmE1jCnVxKr + keystone::db::mysql::user: keystone + keystone::enable_credential_setup: true + keystone::enable_fernet_setup: true + keystone::enable_proxy_headers_parsing: true + keystone::enable_ssl: false + keystone::endpoint::admin_url: http://192.168.24.2:35357 + keystone::endpoint::internal_url: http://192.168.24.2:5000 + keystone::endpoint::public_url: http://192.168.24.2:5000 + keystone::endpoint::region: regionOne + keystone::endpoint::version: '' + keystone::fernet_keys: + /etc/keystone/fernet-keys/0: + content: oxZcZ-VW-EWyyZGbtYNVnIHXOuuwhkgvZPKDcbGzf2U= + /etc/keystone/fernet-keys/1: + content: MPSoYf6XnfGrx_yvjMT0sMRxL3KnqhdJyhET447MrAk= + keystone::fernet_max_active_keys: 5 + keystone::fernet_replace_keys: true + keystone::logging::debug: true + keystone::notification_driver: messagingv2 + keystone::notification_format: basic + keystone::policy::policies: {} + keystone::public_bind_host: '%{hiera(''fqdn_ctlplane'')}' + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::roles::admin::admin_tenant: admin + keystone::roles::admin::email: admin@example.com + keystone::roles::admin::password: T65kUrDRVCjSEeZUi6c2PaPZl + keystone::roles::admin::service_tenant: service + keystone::service_name: httpd + keystone::token_expiration: 3600 + keystone::token_provider: fernet + keystone::wsgi::apache::api_port: + - 5000 + - '35357' + keystone::wsgi::apache::bind_host: + - '%{hiera(''ctlplane'')}' + - '%{hiera(''ctlplane'')}' + keystone::wsgi::apache::servername: '%{hiera(''fqdn_ctlplane'')}' + keystone::wsgi::apache::servername_admin: '%{hiera(''fqdn_ctlplane'')}' + keystone::wsgi::apache::ssl: false + keystone::wsgi::apache::threads: 1 + keystone::wsgi::apache::workers: '%{::os_workers}' + keystone_enable_db_purge: true + keystone_enable_member: true + keystone_ssl_certificate: '' + keystone_ssl_certificate_key: '' + live_migration_ssh_inbound_addr: '%{hiera(''ctlplane'')}' + localhost_address: localhost + memcached::disable_cachedump: true + memcached::listen_ip: '%{hiera(''ctlplane'')}' + memcached::listen_ip_uri: '%{hiera(''ctlplane_uri'')}' + memcached::max_memory: 50% + memcached::udp_port: 0 + memcached::verbosity: vv + memcached_ipv6: false + mysql::server::manage_config_file: true + mysql::server::package_name: mariadb-galera-server + mysql::server::root_password: Bv2PBHraHd + mysql_bind_host: '%{hiera(''ctlplane'')}' + mysql_clustercheck_password: mQ1zv8k87pC4Ns1HTBeBxcA15 + mysql_ipv6: false + mysql_max_connections: 4096 + neutron::agents::ovn_metadata::auth_password: SmzeVqkpnfK0HGDXDxd5SYvAS + neutron::agents::ovn_metadata::auth_tenant: service + neutron::agents::ovn_metadata::auth_url: http://192.168.24.2:5000 + neutron::agents::ovn_metadata::debug: true + neutron::agents::ovn_metadata::metadata_host: '%{hiera(''cloud_name_ctlplane'')}' + neutron::agents::ovn_metadata::metadata_ip: '%{hiera(''nova_metadata_vip'')}' + neutron::agents::ovn_metadata::metadata_protocol: http + neutron::agents::ovn_metadata::ovsdb_connection_timeout: 180 + neutron::agents::ovn_metadata::shared_secret: 83FhfOLJYdypn8u1hG6RexYal + neutron::allow_overlapping_ips: true + neutron::bind_host: '%{hiera(''ctlplane'')}' + neutron::core_plugin: ml2 + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 + neutron::db::mysql::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + neutron::db::mysql::dbname: ovs_neutron + neutron::db::mysql::host: 192.168.24.2 + neutron::db::mysql::password: SmzeVqkpnfK0HGDXDxd5SYvAS + neutron::db::mysql::user: neutron + neutron::db::sync::db_sync_timeout: 300 + neutron::db::sync::extra_params: '' + neutron::dhcp_agent_notification: true + neutron::dns_domain: localdomain + neutron::global_physnet_mtu: 1500 + neutron::host: '%{hiera(''fqdn_canonical'')}' + neutron::keystone::auth::admin_url: http://192.168.24.2:9696 + neutron::keystone::auth::internal_url: http://192.168.24.2:9696 + neutron::keystone::auth::password: SmzeVqkpnfK0HGDXDxd5SYvAS + neutron::keystone::auth::public_url: http://192.168.24.2:9696 + neutron::keystone::auth::region: regionOne + neutron::keystone::auth::tenant: service + neutron::keystone::authtoken::auth_uri: http://192.168.24.2:5000 + neutron::keystone::authtoken::auth_url: http://192.168.24.2:5000 + neutron::keystone::authtoken::password: SmzeVqkpnfK0HGDXDxd5SYvAS + neutron::keystone::authtoken::project_domain_name: Default + neutron::keystone::authtoken::project_name: service + neutron::keystone::authtoken::region_name: regionOne + neutron::keystone::authtoken::user_domain_name: Default + neutron::keystone::authtoken::www_authenticate_uri: http://192.168.24.2:5000 + neutron::logging::debug: true + neutron::notification_driver: messagingv2 + neutron::plugins::ml2::extension_drivers: + - qos + - port_security + neutron::plugins::ml2::firewall_driver: iptables_hybrid + neutron::plugins::ml2::flat_networks: + - datacentre + neutron::plugins::ml2::max_header_size: 38 + neutron::plugins::ml2::mechanism_drivers: + - ovn + neutron::plugins::ml2::network_vlan_ranges: + - datacentre:1:1000 + neutron::plugins::ml2::overlay_ip_version: 4 + neutron::plugins::ml2::ovn::dns_servers: [] + neutron::plugins::ml2::ovn::dvr_enabled: true + neutron::plugins::ml2::ovn::neutron_sync_mode: log + neutron::plugins::ml2::ovn::ovn_l3_mode: true + neutron::plugins::ml2::ovn::ovn_metadata_enabled: true + neutron::plugins::ml2::ovn::ovsdb_connection_timeout: 180 + neutron::plugins::ml2::ovn::vif_type: ovs + neutron::plugins::ml2::tenant_network_types: + - geneve + neutron::plugins::ml2::tunnel_id_ranges: + - 1:4094 + neutron::plugins::ml2::type_drivers: + - geneve + - vlan + - flat + neutron::plugins::ml2::vni_ranges: + - 1:65536 + neutron::policy::policies: {} + neutron::purge_config: false + neutron::quota::quota_port: '500' + neutron::rabbit_heartbeat_timeout_threshold: 60 + neutron::server::allow_automatic_l3agent_failover: 'True' + neutron::server::database_connection: >- + mysql+pymysql://neutron:x@192.168.24.2/ovs_neutron?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + neutron::server::enable_proxy_headers_parsing: true + neutron::server::notifications::auth_url: http://192.168.24.2:5000 + neutron::server::notifications::endpoint_type: internal + neutron::server::notifications::password: h394xFqQIyNp3zKTApR0kbwdr + neutron::server::notifications::project_name: service + neutron::server::notifications::region_name: regionOne + neutron::server::notifications::tenant_name: service + neutron::server::placement::auth_type: password + neutron::server::placement::auth_url: http://192.168.24.2:5000 + neutron::server::placement::password: h394xFqQIyNp3zKTApR0kbwdr + neutron::server::placement::project_domain_name: Default + neutron::server::placement::project_name: service + neutron::server::placement::region_name: regionOne + neutron::server::placement::user_domain_name: Default + neutron::server::placement::username: nova + neutron::server::placement::www_authenticate_uri: http://192.168.24.2:5000 + neutron::server::qos_notification_drivers: ovn-qos + neutron::server::sync_db: true + neutron::service_plugins: + - qos + - ovn-router + - trunk + - segments + neutron::vlan_transparent: false + nfs_backend_enable: false + nfs_options: context=system_u:object_r:nfs_t:s0 + nfs_share: '' + nfs_vers: '4' + nova::api::api_bind_address: '%{hiera(''fqdn_ctlplane'')}' + nova::api::default_floating_pool: public + nova::api::enable_proxy_headers_parsing: true + nova::api::enabled: true + nova::api::instance_name_template: instance-%08x + nova::api::neutron_metadata_proxy_shared_secret: 83FhfOLJYdypn8u1hG6RexYal + nova::api::service_name: httpd + nova::api::sync_db_api: true + nova::api_database_connection: >- + mysql+pymysql://nova_api:x@192.168.24.2/nova_api?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + nova::cell0_database_connection: >- + mysql+pymysql://nova:x@192.168.24.2/nova_cell0?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + nova::cinder::auth_type: v3password + nova::cinder::auth_url: http://192.168.24.2:5000/v3 + nova::cinder::password: oZzyrfo77XIrMgnyrbqn2D4t0 + nova::cinder::project_name: service + nova::cinder::region_name: regionOne + nova::cinder::username: cinder + nova::cinder_catalog_info: volumev3:cinderv3:internalURL + nova::compute::consecutive_build_service_disable_threshold: '10' + nova::compute::cpu_shared_set: [] + nova::compute::instance_usage_audit: true + nova::compute::instance_usage_audit_period: hour + nova::compute::libvirt::file_backed_memory: 0 + nova::compute::libvirt::libvirt_enabled_perf_events: [] + nova::compute::libvirt::libvirt_hw_machine_type: >- + x86_64=pc-i440fx-rhel7.6.0,aarch64=virt-rhel7.6.0,ppc64=pseries-rhel7.6.0,ppc64le=pseries-rhel7.6.0 + nova::compute::libvirt::libvirt_virt_type: kvm + nova::compute::libvirt::manage_libvirt_services: false + nova::compute::libvirt::mem_stats_period_seconds: 10 + nova::compute::libvirt::migration_support: false + nova::compute::libvirt::num_pcie_ports: 16 + nova::compute::libvirt::qemu::configure_qemu: true + nova::compute::libvirt::qemu::max_files: 32768 + nova::compute::libvirt::qemu::max_processes: 131072 + nova::compute::libvirt::qemu::memory_backing_dir: '' + nova::compute::libvirt::rx_queue_size: 512 + nova::compute::libvirt::services::libvirt_virt_type: kvm + nova::compute::libvirt::tx_queue_size: 512 + nova::compute::libvirt::vncserver_listen: '%{hiera(''ctlplane'')}' + nova::compute::libvirt::volume_use_multipath: false + nova::compute::live_migration_wait_for_vif_plug: false + nova::compute::neutron::libvirt_vif_driver: '' + nova::compute::neutron_physnets_numa_nodes_mapping: {} + nova::compute::neutron_tunnel_numa_nodes: [] + nova::compute::pci::passthrough: '' + nova::compute::rbd::ephemeral_storage: true + nova::compute::rbd::libvirt_images_rbd_ceph_conf: /etc/ceph/ceph.conf + nova::compute::rbd::libvirt_images_rbd_pool: vms + nova::compute::rbd::libvirt_rbd_secret_key: AQCfJTpdAAAAABAAFXy6NxAX+NLafeeoG8PJyQ== + nova::compute::rbd::libvirt_rbd_secret_uuid: 1953d132-af27-11e9-b0aa-525401f8c930 + nova::compute::rbd::libvirt_rbd_user: openstack + nova::compute::rbd::rbd_keyring: client.openstack + nova::compute::reserved_host_memory: 4096 + nova::compute::resume_guests_state_on_host_boot: false + nova::compute::sync_power_state_interval: 0 + nova::compute::vcpu_pin_set: [] + nova::compute::verify_glance_signatures: false + nova::compute::vncproxy_host: 192.168.24.2 + nova::compute::vncserver_proxyclient_address: '%{hiera(''ctlplane'')}' + nova::cron::archive_deleted_rows::destination: /var/log/nova/nova-rowsflush.log + nova::cron::archive_deleted_rows::hour: '0' + nova::cron::archive_deleted_rows::max_rows: '100' + nova::cron::archive_deleted_rows::maxdelay: '3600' + nova::cron::archive_deleted_rows::minute: '1' + nova::cron::archive_deleted_rows::month: '*' + nova::cron::archive_deleted_rows::monthday: '*' + nova::cron::archive_deleted_rows::purge: false + nova::cron::archive_deleted_rows::until_complete: true + nova::cron::archive_deleted_rows::user: nova + nova::cron::archive_deleted_rows::weekday: '*' + nova::cron::purge_shadow_tables::age: 14 + nova::cron::purge_shadow_tables::all_cells: false + nova::cron::purge_shadow_tables::destination: /var/log/nova/nova-rowspurge.log + nova::cron::purge_shadow_tables::hour: '5' + nova::cron::purge_shadow_tables::minute: '0' + nova::cron::purge_shadow_tables::month: '*' + nova::cron::purge_shadow_tables::monthday: '*' + nova::cron::purge_shadow_tables::user: nova + nova::cron::purge_shadow_tables::verbose: false + nova::cron::purge_shadow_tables::weekday: '*' + nova::database_connection: >- + mysql+pymysql://nova:x@192.168.24.2/nova?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 + nova::db::mysql::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + nova::db::mysql::dbname: nova + nova::db::mysql::host: 192.168.24.2 + nova::db::mysql::password: h394xFqQIyNp3zKTApR0kbwdr + nova::db::mysql::user: nova + nova::db::mysql_api::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::host: 192.168.24.2 + nova::db::mysql_api::password: h394xFqQIyNp3zKTApR0kbwdr + nova::db::mysql_api::setup_cell0: true + nova::db::mysql_api::user: nova_api + nova::db::sync::db_sync_timeout: 300 + nova::db::sync_api::db_sync_timeout: 300 + nova::glance_api_servers: http://192.168.24.2:9292 + nova::host: '%{hiera(''fqdn_canonical'')}' + nova::keystone::auth::admin_url: http://192.168.24.2:8774/v2.1 + nova::keystone::auth::internal_url: http://192.168.24.2:8774/v2.1 + nova::keystone::auth::password: h394xFqQIyNp3zKTApR0kbwdr + nova::keystone::auth::public_url: http://192.168.24.2:8774/v2.1 + nova::keystone::auth::region: regionOne + nova::keystone::auth::tenant: service + nova::keystone::authtoken::auth_uri: http://192.168.24.2:5000 + nova::keystone::authtoken::auth_url: http://192.168.24.2:35357 + nova::keystone::authtoken::password: h394xFqQIyNp3zKTApR0kbwdr + nova::keystone::authtoken::project_domain_name: Default + nova::keystone::authtoken::project_name: service + nova::keystone::authtoken::region_name: regionOne + nova::keystone::authtoken::user_domain_name: Default + nova::keystone::authtoken::www_authenticate_uri: http://192.168.24.2:5000 + nova::logging::debug: true + nova::metadata::dhcp_domain: '' + nova::metadata::enable_proxy_headers_parsing: true + nova::metadata::neutron_metadata_proxy_shared_secret: 83FhfOLJYdypn8u1hG6RexYal + nova::migration::libvirt::live_migration_inbound_addr: '%{hiera(''fqdn_ctlplane'')}' + nova::migration::live_migration_tunnelled: true + nova::migration::qemu::configure_qemu: true + nova::migration::qemu::migration_port_max: 61215 + nova::migration::qemu::migration_port_min: 61152 + nova::my_ip: '%{hiera(''ctlplane'')}' + nova::network::neutron::neutron_auth_type: v3password + nova::network::neutron::neutron_auth_url: http://192.168.24.2:5000/v3 + nova::network::neutron::neutron_ovs_bridge: br-int + nova::network::neutron::neutron_password: SmzeVqkpnfK0HGDXDxd5SYvAS + nova::network::neutron::neutron_project_name: service + nova::network::neutron::neutron_region_name: regionOne + nova::network::neutron::neutron_username: neutron + nova::notification_driver: messagingv2 + nova::notification_format: unversioned + nova::notify_on_state_change: vm_and_task_state + nova::os_region_name: regionOne + nova::ovsdb_connection: '' + nova::placement::auth_url: http://192.168.24.2:5000 + nova::placement::password: NeIqTAUTKw4SgOJrFpO24LOFf + nova::placement::project_name: service + nova::placement::region_name: regionOne + nova::placement::valid_interfaces: internal + nova::policy::policies: {} + nova::purge_config: false + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::rabbit_use_ssl: 'False' + nova::ram_allocation_ratio: '1.0' + nova::scheduler::discover_hosts_in_cells_interval: -1 + nova::scheduler::filter::scheduler_available_filters: [] + nova::scheduler::filter::scheduler_default_filters: [] + nova::scheduler::filter::scheduler_max_attempts: 3 + nova::scheduler::limit_tenants_to_placement_aggregate: false + nova::scheduler::query_placement_for_image_type_support: true + nova::use_ipv6: false + nova::vncproxy::common::vncproxy_host: 192.168.24.2 + nova::vncproxy::common::vncproxy_port: '6080' + nova::vncproxy::common::vncproxy_protocol: http + nova::vncproxy::enabled: true + nova::vncproxy::host: '%{hiera(''ctlplane'')}' + nova::workarounds::enable_numa_live_migration: false + nova::wsgi::apache_api::bind_host: '%{hiera(''ctlplane'')}' + nova::wsgi::apache_api::servername: '%{hiera(''fqdn_ctlplane'')}' + nova::wsgi::apache_api::ssl: false + nova::wsgi::apache_metadata::api_port: '8775' + nova::wsgi::apache_metadata::bind_host: '%{hiera(''ctlplane'')}' + nova::wsgi::apache_metadata::servername: '%{hiera(''fqdn_ctlplane'')}' + nova::wsgi::apache_metadata::ssl: false + nova_enable_db_archive: true + nova_enable_db_purge: true + nova_is_additional_cell: false + nova_metadata_wsgi_enabled: true + nova_wsgi_enabled: true + oslo_messaging_notify_password: Ad0ES3lVFkiFpd8Cc8rieyCgY + oslo_messaging_notify_port: 5672 + oslo_messaging_notify_scheme: rabbit + oslo_messaging_notify_use_ssl: 'False' + oslo_messaging_notify_user_name: guest + oslo_messaging_rpc_password: Ad0ES3lVFkiFpd8Cc8rieyCgY + oslo_messaging_rpc_port: 5672 + oslo_messaging_rpc_scheme: rabbit + oslo_messaging_rpc_use_ssl: 'False' + oslo_messaging_rpc_user_name: guest + ovn::controller::enable_hw_offload: false + ovn::controller::hostname: '%{hiera(''fqdn_canonical'')}' + ovn::controller::ovn_bridge: br-int + ovn::controller::ovn_bridge_mappings: + - datacentre:br-ctlplane + ovn::controller::ovn_cms_options: '' + ovn::controller::ovn_encap_ip: '%{hiera(''ctlplane'')}' + ovn::northbound::port: 6641 + ovn::northd::dbs_listen_ip: '%{hiera(''ctlplane'')}' + ovn::southbound::port: 6642 + placement::db::database_connection: >- + mysql+pymysql://placement:x@192.168.24.2/placement?read_default_group=tripleo&read_default_file=/etc/my.cnf.d/tripleo.cnf + placement::db::mysql::allowed_hosts: + - '%' + - '%{hiera(''mysql_bind_host'')}' + placement::db::mysql::dbname: placement + placement::db::mysql::host: 192.168.24.2 + placement::db::mysql::password: NeIqTAUTKw4SgOJrFpO24LOFf + placement::db::mysql::user: placement + placement::keystone::auth::admin_url: http://192.168.24.2:8778/placement + placement::keystone::auth::internal_url: http://192.168.24.2:8778/placement + placement::keystone::auth::password: NeIqTAUTKw4SgOJrFpO24LOFf + placement::keystone::auth::public_url: http://192.168.24.2:8778/placement + placement::keystone::auth::region: regionOne + placement::keystone::auth::tenant: service + placement::keystone::authtoken::auth_uri: http://192.168.24.2:5000 + placement::keystone::authtoken::auth_url: http://192.168.24.2:5000 + placement::keystone::authtoken::password: NeIqTAUTKw4SgOJrFpO24LOFf + placement::keystone::authtoken::project_name: service + placement::keystone::authtoken::www_authenticate_uri: http://192.168.24.2:5000 + placement::wsgi::apache::api_port: '8778' + placement::wsgi::apache::bind_host: '%{hiera(''ctlplane'')}' + placement::wsgi::apache::servername: '%{hiera(''fqdn_ctlplane'')}' + placement::wsgi::apache::ssl: false + rabbit_ipv6: false + rabbitmq::admin_enable: false + rabbitmq::collect_statistics_interval: 30000 + rabbitmq::config_management_variables: + rates_mode: none + rabbitmq::default_pass: Ad0ES3lVFkiFpd8Cc8rieyCgY + rabbitmq::default_user: guest + rabbitmq::delete_guest_user: false + rabbitmq::erlang_cookie: tuUwS7YJ4PSxIGygyhaB + rabbitmq::file_limit: 65536 + rabbitmq::interface: '%{hiera(''ctlplane'')}' + rabbitmq::management_enable: true + rabbitmq::management_ip_address: 127.0.0.1 + rabbitmq::nr_ha_queues: 0 + rabbitmq::package_provider: yum + rabbitmq::package_source: undef + rabbitmq::port: 5672 + rabbitmq::repos_ensure: false + rabbitmq::ssl: false + rabbitmq::ssl_depth: 1 + rabbitmq::ssl_erl_dist: false + rabbitmq::ssl_interface: '%{hiera(''ctlplane'')}' + rabbitmq::ssl_only: false + rabbitmq::ssl_port: 5672 + rabbitmq::tcp_keepalive: true + rabbitmq::use_config_file_for_plugins: true + rabbitmq::wipe_db_on_cookie_change: true + rabbitmq_config_variables: + cluster_partition_handling: ignore + loopback_users: '[]' + queue_master_locator: <<"min-masters">> + rabbitmq_environment: + LANG: en_US.UTF-8 + LC_ALL: en_US.UTF-8 + NODE_IP_ADDRESS: '' + NODE_PORT: '' + RABBITMQ_NODENAME: rabbit@%{::hostname} + RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS: '''+sbwt none''' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options + [{nodelay,true}]"' + export ERL_EPMD_ADDRESS: '%{hiera(''rabbitmq::interface'')}' + rabbitmq_kernel_variables: + inet_dist_listen_max: '25672' + inet_dist_listen_min: '25672' + net_ticktime: 15 + rbd_persistent_storage: true + snmp::agentaddress: + - udp:161 + - udp6:[::1]:161 + snmp::snmpd_options: -LS0-5d + swift::keystone::auth::admin_url: http://192.168.24.2:8080 + swift::keystone::auth::admin_url_s3: http://192.168.24.2:8080 + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::internal_url: http://192.168.24.2:8080/v1/AUTH_%(tenant_id)s + swift::keystone::auth::internal_url_s3: http://192.168.24.2:8080 + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::keystone::auth::password: nV40MDtEbpvokWhEKmoDE52TV + swift::keystone::auth::public_url: http://192.168.24.2:8080/v1/AUTH_%(tenant_id)s + swift::keystone::auth::public_url_s3: http://192.168.24.2:8080 + swift::keystone::auth::region: regionOne + swift::keystone::auth::tenant: service + swift::proxy::account_autocreate: true + swift::proxy::authtoken::auth_uri: http://192.168.24.2:5000 + swift::proxy::authtoken::auth_url: http://192.168.24.2:5000 + swift::proxy::authtoken::password: nV40MDtEbpvokWhEKmoDE52TV + swift::proxy::authtoken::project_name: service + swift::proxy::keystone::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::proxy::node_timeout: 60 + swift::proxy::pipeline: + - catch_errors + - healthcheck + - proxy-logging + - cache + - ratelimit + - bulk + - tempurl + - formpost + - authtoken + - s3api + - s3token + - keystone + - staticweb + - copy + - container_quotas + - account_quotas + - slo + - dlo + - versioned_writes + - proxy-logging + - proxy-server + swift::proxy::port: '8080' + swift::proxy::proxy_local_net_ip: '%{hiera(''ctlplane'')}' + swift::proxy::s3token::auth_uri: http://192.168.24.2:5000/v3 + swift::proxy::staticweb::url_base: http://192.168.24.2:8080 + swift::proxy::versioned_writes::allow_versioned_writes: true + swift::storage::all::account_pipeline: + - healthcheck + - account-server + swift::storage::all::container_pipeline: + - healthcheck + - container-server + swift::storage::all::incoming_chmod: Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r + swift::storage::all::mount_check: false + swift::storage::all::object_pipeline: + - healthcheck + - recon + - object-server + swift::storage::all::outgoing_chmod: Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r + swift::storage::all::storage_local_net_ip: '%{hiera(''ctlplane'')}' + swift::storage::disks::args: {} + swift::swift_hash_path_suffix: Go8IO3qI6N4oN4ogtOToa6hrK + sysctl_settings: + fs.inotify.max_user_instances: + value: 1024 + fs.suid_dumpable: + value: 0 + kernel.dmesg_restrict: + value: 1 + kernel.pid_max: + value: 1048576 + net.core.netdev_max_backlog: + value: 10000 + net.ipv4.conf.all.arp_accept: + value: 1 + net.ipv4.conf.all.arp_notify: + value: 1 + net.ipv4.conf.all.log_martians: + value: 1 + net.ipv4.conf.all.secure_redirects: + value: 0 + net.ipv4.conf.all.send_redirects: + value: 0 + net.ipv4.conf.default.accept_redirects: + value: 0 + net.ipv4.conf.default.log_martians: + value: 1 + net.ipv4.conf.default.secure_redirects: + value: 0 + net.ipv4.conf.default.send_redirects: + value: 0 + net.ipv4.ip_forward: + value: 1 + net.ipv4.ip_nonlocal_bind: + value: 1 + net.ipv4.neigh.default.gc_thresh1: + value: 1024 + net.ipv4.neigh.default.gc_thresh2: + value: 2048 + net.ipv4.neigh.default.gc_thresh3: + value: 4096 + net.ipv4.tcp_keepalive_intvl: + value: 1 + net.ipv4.tcp_keepalive_probes: + value: 5 + net.ipv4.tcp_keepalive_time: + value: 5 + net.ipv6.conf.all.accept_ra: + value: 0 + net.ipv6.conf.all.accept_redirects: + value: 0 + net.ipv6.conf.all.autoconf: + value: 0 + net.ipv6.conf.all.disable_ipv6: + value: 0 + net.ipv6.conf.all.ndisc_notify: + value: 1 + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.default.accept_redirects: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 + net.ipv6.conf.default.disable_ipv6: + value: 0 + net.ipv6.conf.lo.disable_ipv6: + value: 0 + net.ipv6.ip_nonlocal_bind: + value: 1 + net.netfilter.nf_conntrack_max: + value: 500000 + net.nf_conntrack_max: + value: 500000 + tripleo::ceph_mgr::firewall_rules: + 113 ceph_mgr: + dport: + - 6800-7300 + tripleo::ceph_mon::firewall_rules: + 110 ceph_mon: + dport: + - 6789 + - 3300 + tripleo::ceph_osd::firewall_rules: + 111 ceph_osd: + dport: + - 6800-7300 + tripleo::cinder_api::firewall_rules: + 119 cinder: + dport: + - 8776 + - 13776 + tripleo::cinder_volume::firewall_rules: + 120 iscsi initiator: + dport: 3260 + tripleo::docker_registry::firewall_rules: + 155 docker-registry: + dport: + - 8787 + - 13787 + tripleo::firewall::manage_firewall: true + tripleo::firewall::purge_firewall_rules: false + tripleo::glance_api::firewall_rules: + 112 glance_api: + dport: + - 9292 + - 13292 + tripleo::haproxy::ovn_dbs_manage_lb: true + tripleo::horizon::firewall_rules: + 126 horizon: + dport: + - 80 + - 443 + tripleo::keystone::firewall_rules: + 111 keystone: + dport: + - 5000 + - 13000 + - '35357' + tripleo::memcached::firewall_rules: + 121 memcached 192.168.24.2/24: + dport: 11211 + proto: tcp + source: 192.168.24.2/24 + tripleo::mysql::firewall_rules: + 104 mysql galera: + dport: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + tripleo::neutron_api::firewall_rules: + 114 neutron api: + dport: + - 9696 + - 13696 + tripleo::nova_api::firewall_rules: + 113 nova_api: + dport: + - 8774 + - 13774 + tripleo::nova_libvirt::firewall_rules: + 200 nova_libvirt: + dport: + - 16514 + - 61152-61215 + - 5900-6923 + tripleo::nova_metadata::firewall_rules: + 139 nova_metadata: + dport: + - 8775 + - 13775 + tripleo::nova_migration_target::firewall_rules: + 113 nova_migration_target: + dport: + - 2022 + tripleo::nova_vnc_proxy::firewall_rules: + 137 nova_vnc_proxy: + dport: + - 6080 + - 13080 + tripleo::ntp::firewall_rules: + 105 ntp: + dport: 123 + proto: udp + tripleo::oslo_messaging_rpc::firewall_rules: + 109 rabbitmq: + dport: + - 4369 + - 5672 + - 25672 + tripleo::ovn_controller::firewall_rules: + 118 neutron vxlan networks: + dport: 4789 + proto: udp + 119 neutron geneve networks: + dport: 6081 + proto: udp + tripleo::ovn_dbs::firewall_rules: + 121 OVN DB server ports: + dport: + - 6641 + - 6642 + proto: tcp + tripleo::packages::enable_install: true + tripleo::placement::firewall_rules: + 138 placement: + dport: + - 8778 + - 13778 + tripleo::profile::base::cinder::cinder_enable_db_purge: true + tripleo::profile::base::cinder::volume::cinder_enable_iscsi_backend: false + tripleo::profile::base::cinder::volume::cinder_enable_nfs_backend: false + tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: true + tripleo::profile::base::cinder::volume::cinder_volume_cluster: '' + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '%{hiera(''ctlplane'')}' + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: lioadm + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: iscsi + tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: 10280 + tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: 'False' + tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: 'False' + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: '' + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: [] + tripleo::profile::base::cinder::volume::nfs::cinder_nfs_snapshot_support: true + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_ceph_conf: /etc/ceph/ceph.conf + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: [] + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: volumes + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_secret_uuid: 1953d132-af27-11e9-b0aa-525401f8c930 + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: openstack + tripleo::profile::base::database::mysql::bind_address: '%{hiera(''fqdn_ctlplane'')}' + tripleo::profile::base::database::mysql::client::enable_ssl: false + tripleo::profile::base::database::mysql::client::mysql_client_bind_address: '%{hiera(''ctlplane'')}' + tripleo::profile::base::database::mysql::client::ssl_ca: /etc/ipa/ca.crt + tripleo::profile::base::database::mysql::client_bind_address: '%{hiera(''ctlplane'')}' + tripleo::profile::base::database::mysql::generate_dropin_file_limit: true + tripleo::profile::base::database::mysql::mysql_server_options: + mysqld: + pid-file: /var/lib/mysql/mariadb.pid + mysqld_safe: + pid-file: /var/lib/mysql/mariadb.pid + tripleo::profile::base::glance::api::tls_proxy_bind_ip: '%{hiera(''ctlplane'')}' + tripleo::profile::base::glance::api::tls_proxy_fqdn: '%{hiera(''fqdn_ctlplane'')}' + tripleo::profile::base::glance::api::tls_proxy_port: '9292' + tripleo::profile::base::keystone::extra_notification_topics: [] + tripleo::profile::base::logging::logrotate::maxsize: 10M + tripleo::profile::base::logging::logrotate::purge_after_days: '14' + tripleo::profile::base::logging::logrotate::rotate: '14' + tripleo::profile::base::logging::logrotate::rotation: daily + tripleo::profile::base::lvm::enable_udev: false + tripleo::profile::base::neutron::agents::ovn::ovn_db_host: 192.168.24.2 + tripleo::profile::base::neutron::container_cli: podman + tripleo::profile::base::neutron::ovn_metadata::ovn_db_host: 192.168.24.2 + tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::debug: true + tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::enable_haproxy_wrapper: true + tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_image: >- + docker.io/tripleomaster/centos-binary-neutron-metadata-agent-ovn:current-tripleo + tripleo::profile::base::neutron::ovn_metadata_agent_wrappers::haproxy_process_wrapper: /var/lib/neutron/ovn_metadata_haproxy_wrapper + tripleo::profile::base::neutron::server::l3_ha_override: '' + tripleo::profile::base::neutron::server::tls_proxy_bind_ip: '%{hiera(''ctlplane'')}' + tripleo::profile::base::neutron::server::tls_proxy_fqdn: '%{hiera(''fqdn_ctlplane'')}' + tripleo::profile::base::neutron::server::tls_proxy_port: '9696' + tripleo::profile::base::nova::compute::cinder_nfs_backend: false + tripleo::profile::base::nova::compute::nova_nfs_enabled: false + tripleo::profile::base::nova::migration::client::libvirt_enabled: true + tripleo::profile::base::nova::migration::client::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::ssh_port: 2022 + tripleo::profile::base::nova::migration::client::ssh_private_key: '-----BEGIN + RSA PRIVATE KEY----- + + MIIEowIBAAKCAQEAruCFZsiDGTHk3ThZeS+/9TsRlf729wnzsLFVjhMJ8Fa4E2vv + + 9ibMgxEW5tsgy4axd7D/HfvC1VucIEVyX73sE8iGUl1qf0q7ZrpzWqKXDiWaLFzv + + HTJ7OMtnprP/7GndMgqinBLZLnMRdNFp/e9k9oRZjbnPX/B8WVVyJ8vfWohCU7LL + + 1Kcm0rjqu0tuTAnVYNeUYhGBxo+x6UneEmrc3Qj4GOXVug/dkEAQVe87NG0qwvSX + + ceN0KGO3k347e48KC2HPjd9i/Ta7elQIQ4xW/dJuo2N8TMq51lsUSJubnkzWB68F + + 28dwGrXdueNdUIdkl+ykzn9sh1qbXfmDegVZdQIDAQABAoIBADJa1i7Vd+JuWn9U + + tXbOyBBeFN9DDmvuAqyTM5Z4Zvk8jz6QawVPAL6Q0i5hVJ0mSL21SpCgqOZ0vY0R + + UjC9aFf9+qeG3J6Qr0uSTpr/jE13iGBT1kpq+c5Ny6fV1tCFXzsEkvQr/TuByLoB + + fuqu3zyYuYy0v0DZ54R1tSw+aS8Q6SJRxYAxpjlGz0a7YZgYtQlyioJLbCJuDB6F + + PBPpnX720/YIURYYaYLtkA4gBdUf4kVifgG+PNb3et2loeMAsPQHoQx9ekCzH8Nh + + aK30YnoLHDFZwnFYJ9InRX0UaowOD2OLJXhvtTL77NndZiIjMZsfjy2DFNDSWSY6 + + Uwez81UCgYEA4gdlq4P3QgPBNkNRHjTr+wPkAhraLfKuatnuTxnA8XaUfrrAaa// + + /te5vU6iETVUVtIGr+vkpnzgc//7NPMlHDac86AnHzReoSpj3pUWpuucXRPhSAvP + + 8Iol/bgltniVI1nSzy0Nyao61hpr5yTNsQ6yMsmWlhWbrjt2J/0Ex2cCgYEAxhDD + + JqoY3659mvigdlNmHbqMLG2wi6cjNqM/QIunOlvbD0IPrKk/8F2CxTPSwrDk4Q48 + + EK3HzL6mVXRG0DTy/5Q3Dgn71uczA7D1VKA2+xkDZa0AU/uYmEs6uQl3+cm/MZ6e + + WnmIBJOZySDQJCUPZl6aM8PKS/Bd3Q0x4LQ3GsMCgYEAhLSvHsp2S44EzKUtZTzR + + KCmanxnA66VGfnnBjzOhsqNagCWJfwPUm31xEhKu2Mek4uyg/HzVXGKJLdInXWk8 + + apouAGQRVCLdRGatCCwkhpBi18sqQ7Cbv7B8qcCKc93MQlskiHr9U1/c94O/wpA7 + + LC9itKri/O9m3h8POl81hRUCgYBqBYUBCGJCMfwoXVg/nor19OqdyaWMS85sq9vq + + 6BZ/BbZwJ3OOgBaqytN6TjBOaTRLSDxczTk7Xv5YleJmB0HgD22dBTkaoy3Klwnr + + 38suhAguf/nB+taHBxYLAIeJXTYMEJVBZvapRH04jWj9QB1LNe6jMPXzylnkPvDp + + EG7C0wKBgFjEa7ElbdNEu05VuqD19PLQTM2rc6v4j3WwnQbzGDk7JiCgASaBxLt9 + + rRRi0Sn/E44WKUnJoSGBF0PhzXRFYHU++NGIT4HnTPh1TNt34LAKRnyrTJSqPcXH + + xBNtIzdco6nTGob+KhvOEukfr2UcavrBhu5C8odWksHYtVqlAavt + + -----END RSA PRIVATE KEY----- + + ' + tripleo::profile::base::nova::migration::target::ssh_authorized_keys: + - ssh-rsa AAAA Generated by TripleO + tripleo::profile::base::nova::migration::target::ssh_localaddrs: + - '%{hiera(''cold_migration_ssh_inbound_addr'')}' + - '%{hiera(''live_migration_ssh_inbound_addr'')}' + tripleo::profile::base::rabbitmq::enable_internal_tls: false + tripleo::profile::base::snmp::snmpd_password: ZkddlmhkuIlSEtarb13ZXwXOj + tripleo::profile::base::snmp::snmpd_user: ro_snmp_user + tripleo::profile::base::sshd::bannertext: '' + tripleo::profile::base::sshd::motd: '' + tripleo::profile::base::sshd::options: + AcceptEnv: + - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES + - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT + - LC_IDENTIFICATION LC_ALL LANGUAGE + - XMODIFIERS + AuthorizedKeysFile: .ssh/authorized_keys + ChallengeResponseAuthentication: 'no' + GSSAPIAuthentication: 'yes' + GSSAPICleanupCredentials: 'no' + HostKey: + - /etc/ssh/ssh_host_rsa_key + - /etc/ssh/ssh_host_ecdsa_key + - /etc/ssh/ssh_host_ed25519_key + Subsystem: sftp /usr/libexec/openssh/sftp-server + SyslogFacility: AUTHPRIV + UseDNS: 'no' + UsePAM: 'yes' + UsePrivilegeSeparation: sandbox + X11Forwarding: 'yes' + tripleo::profile::base::sshd::password_authentication: 'no' + tripleo::profile::base::sshd::port: + - 22 + tripleo::profile::base::swift::proxy::ceilometer_enabled: false + tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: 'False' + tripleo::profile::base::swift::proxy::tls_proxy_bind_ip: '%{hiera(''ctlplane'')}' + tripleo::profile::base::swift::proxy::tls_proxy_fqdn: '%{hiera(''fqdn_ctlplane'')}' + tripleo::profile::base::swift::proxy::tls_proxy_port: '8080' + tripleo::profile::base::swift::ringbuilder::build_ring: true + tripleo::profile::base::swift::ringbuilder::min_part_hours: 1 + tripleo::profile::base::swift::ringbuilder::part_power: 10 + tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: r1z1- + tripleo::profile::base::swift::ringbuilder::raw_disks: + - :%PORT%/d1 + tripleo::profile::base::swift::ringbuilder::replicas: 1 + tripleo::profile::base::swift::ringbuilder::swift_ring_get_tempurl: '' + tripleo::profile::base::swift::ringbuilder::swift_ring_put_tempurl: '' + tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true + tripleo::profile::base::swift::storage::use_local_dir: true + tripleo::rabbitmq::firewall_rules: + 109 rabbitmq: + dport: + - 4369 + - 5672 + - 25672 + tripleo::snmp::firewall_rules: + 124 snmp 192.168.24.2/24: + dport: 161 + proto: udp + source: 192.168.24.2/24 + tripleo::sshd::firewall_rules: + 003 accept ssh from all: + dport: 22 + proto: tcp + tripleo::swift_proxy::firewall_rules: + 122 swift proxy: + dport: + - 8080 + - 13808 + tripleo::swift_storage::firewall_rules: + 123 swift storage: + dport: + - 873 + - 6000 + - 6001 + - 6002 + tripleo::tripleo_firewall::firewall_rules: + 003 accept ssh from ctlplane subnet 192.168.24.2/24: + dport: 22 + proto: tcp + source: 192.168.24.2/24 + tripleo::trusted_cas::ca_map: {} + vhostuser_socket_group: qemu + standalone_extraconfig: + sensu::subscriptions: + - overcloud-cinder-api + - overcloud-cinder-scheduler + - overcloud-cinder-volume + - overcloud-glance-api + - overcloud-horizon + - overcloud-keystone + - overcloud-memcached + - overcloud-neutron-server + - overcloud-nova-api + - overcloud-nova-compute + - overcloud-nova-conductor + - overcloud-nova-libvirt + - overcloud-nova-metadata + - overcloud-nova-scheduler + - overcloud-ovn-metadata + - overcloud-rabbitmq + - overcloud-swift-proxy +type: json diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/molecule.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/playbook.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/playbook.yml new file mode 100644 index 000000000..448959a62 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/playbook.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: tripleo-hieradata + hieradata_template: "{{ playbook_dir }}/mock-hieradata.j2.yaml" diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/prepare.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/tests/test_default.py b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/tests/test_default.py new file mode 100644 index 000000000..6892bf33d --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/all-hosts/tests/test_default.py @@ -0,0 +1,28 @@ +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os +import json + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hieradata_files(host): + assert host.file("/etc/puppet/hieradata/standalone_extraconfig.json").exists diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/playbook.yml new file mode 100644 index 000000000..9ba06f6ef --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/playbook.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: tripleo-hieradata diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/default/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/Dockerfile b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/mock-hieradata.j2.yaml b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/mock-hieradata.j2.yaml new file mode 100644 index 000000000..c593bbb80 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/mock-hieradata.j2.yaml @@ -0,0 +1,3 @@ +--- + +datafiles: {} diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/molecule.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/molecule.yml new file mode 100644 index 000000000..76eae946f --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/molecule.yml @@ -0,0 +1,225 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + inventory: + hosts: + all: + vars: + all_nodes_extra_map_data: {} + bootstrap_nodeid: standalone + cloud_domain: localdomain + cloud_names: + cloud_name_ctlplane: standalone.ctlplane.localdomain + container_cli: podman + control_virtual_ip: 192.168.24.1 + ctlplane_ip: 192.168.24.2 + ctlplane_subnet_cidr: 24 + deploy_artifact_urls: '' + deploy_identifier: '1564455089' + deploy_steps_max: 6 + enable_internal_tls: false + enabled_networks: [] + enabled_services: + - keystone_admin_api + - keystone_public_api + - ca_certs + - ceph_client + - ceph_mds + - ceph_mgr + - ceph_mon + - ceph_rgw + - ceph_osd + - certmonger_user + - clustercheck + - container_image_prepare + - logrotate_crond + - docker + - docker_registry + - glance_api + - haproxy + - iscsid + - kernel + - keystone + - manila_api + - manila_backend_cephfs + - manila_scheduler + - manila_share + - memcached + - mysql + - mysql_client + - neutron_api + - neutron_plugin_ml2_ovn + - nova_api + - nova_compute + - nova_conductor + - nova_libvirt + - nova_metadata + - nova_migration_target + - nova_scheduler + - nova_vnc_proxy + - ovn_controller + - ovn_dbs + - ovn_metadata + - openstack_clients + - oslo_messaging_notify + - oslo_messaging_rpc + - pacemaker + - placement + - podman + - snmp + - sshd + - chrony + - timezone + - logrotate_tmpwatch + - tripleo_firewall + - tripleo_packages + - tuned + extraconfig: + foo: bar1 + foo2: bar2 + hosts_entry: ' + + 192.168.24.1 standalone.localdomain standalone + + 192.168.24.1 standalone.ctlplane.localdomain standalone.ctlplane + + ' + net_vip_map: + ctlplane: 192.168.24.1 + ctlplane_subnet: 192.168.24.1/24 + ctlplane_uri: 192.168.24.1 + redis: 192.168.24.1 + network_virtual_ips: + ctlplane: + index: 1 + ip_address: 192.168.24.1 + network_cidrs: + External_cidr: 192.168.24.2/24 + networks: null + nova_additional_cell: false + ping_test_ips: + Standalone: 192.168.24.1 + primary_role_name: Standalone + role_networks: + - Internal + service_configs: + foo: bar3 + service_net_map: + aodh_api_network: ctlplane + apache_network: ctlplane + barbican_api_network: ctlplane + bindnetwork: ctlplane + ceph_cluster_network: ctlplane + ceph_grafana_network: ctlplane + ceph_mon_network: ctlplane + ceph_rgw_network: ctlplane + cinder_api_network: ctlplane + cinder_iscsi_network: ctlplane + designate_api_network: ctlplane + docker_registry_network: ctlplane + ec2_api_metadata_network: ctlplane + ec2_api_network: ctlplane + etcd_network: ctlplane + ganesha_network: ctlplane + glance_api_network: ctlplane + gnocchi_api_network: ctlplane + haproxy_network: ctlplane + heat_api_cfn_network: ctlplane + heat_api_cloudwatch_network: ctlplane + heat_api_network: ctlplane + horizon_network: ctlplane + ironic_api_network: ctlplane + ironic_inspector_network: ctlplane + ironic_network: ctlplane + keystone_admin_api_network: ctlplane + keystone_public_api_network: ctlplane + manila_api_network: ctlplane + memcached_network: ctlplane + metrics_qdr_network: ctlplane + mistral_api_network: ctlplane + mongodb_network: ctlplane + mysql_network: ctlplane + neutron_api_network: ctlplane + neutron_tenant_network: ctlplane + nova_api_network: ctlplane + nova_libvirt_network: ctlplane + nova_metadata_network: ctlplane + nova_vnc_proxy_network: ctlplane + novajoin_network: ctlplane + octavia_api_network: ctlplane + opendaylight_api_network: ctlplane + openshift_infra_network: ctlplane + openshift_master_network: ctlplane + oslo_messaging_notify_network: ctlplane + oslo_messaging_rpc_network: ctlplane + ovn_dbs_network: ctlplane + pacemaker_network: ctlplane + pacemaker_remote_network: ctlplane + panko_api_network: ctlplane + placement_network: ctlplane + public_network: ctlplane + qdr_network: ctlplane + rabbitmq_network: ctlplane + redis_network: ctlplane + sahara_api_network: ctlplane + snmpd_network: ctlplane + standalone_hostname_resolve_network: ctlplane + swift_proxy_network: ctlplane + swift_storage_network: ctlplane + tacker_api_network: ctlplane + zaqar_api_network: ctlplane + stack_action: CREATE + stack_update_type: '' + validate_controllers_icmp: true + validate_fqdn: false + validate_gateways_icmp: true + validate_ntp: true + Standalone: + hosts: + fedora28: {} + centos7: {} + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/playbook.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/playbook.yml new file mode 100644 index 000000000..40bc29b6d --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/playbook.yml @@ -0,0 +1,46 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + pre_tasks: + - name: Create puppet hieradata directory + file: + path: /etc/puppet/hieradata + state: directory + + - name: Set mock network ip facts + set_fact: + CTRLPlane_ip: 192.168.24.2 + ctlplane_ip: 192.168.24.2 + Internal_ip: 192.168.25.2 + + tasks: + - name: Create hieradata from templates + include_role: + name: tripleo-hieradata + tasks_from: hieradata_vars.yaml + vars: + hieradata_templates_list: + - all_nodes + - bootstrap_node + - cloud_domain + - extraconfig + - fqdn + - net_ip_map + - service_configs + - vip_data diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/prepare.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py new file mode 100644 index 000000000..0e45fe6ad --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/hieradata_vars/tests/test_hieradata_vars.py @@ -0,0 +1,44 @@ +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os +import json + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_json_render(host): + rendered_files = [ + "all_nodes", + "bootstrap_node", + "cloud_domain", + "extraconfig", + "fqdn", + "net_ip_map", + "service_configs", + "vip_data" + ] + + for f in rendered_files: + json.loads( + host.file( + '/etc/puppet/hieradata/{}.json'.format(f) + ).content_string + ) diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/Dockerfile b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/mock-hieradata.j2.yaml b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/mock-hieradata.j2.yaml new file mode 100644 index 000000000..70d413d4e --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/mock-hieradata.j2.yaml @@ -0,0 +1,16 @@ +--- + +fedora28: + datafiles: + extraconfig: + foo: bar1 + foo2: bar2 + service_configs: + foo: bar3 +centos7: + datafiles: + extraconfig: + foo: bar1 + foo2: bar2 + service_configs: + foo: bar3 diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/molecule.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/playbook.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/playbook.yml new file mode 100644 index 000000000..be8425488 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/playbook.yml @@ -0,0 +1,26 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: tripleo-hieradata + hieradata_template: "{{ playbook_dir }}/mock-hieradata.j2.yaml" + hieradata_per_host: true + hieradata_files: + - node + - common diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/prepare.yml b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/tests/test_default.py b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/tests/test_default.py new file mode 100644 index 000000000..12e55cf9a --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/molecule/per-host/tests/test_default.py @@ -0,0 +1,29 @@ +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +import os +import json + +import testinfra.utils.ansible_runner + + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_hieradata_files(host): + assert host.file("/etc/puppet/hieradata/extraconfig.json").exists + assert host.file("/etc/puppet/hieradata/service_configs.json").exists diff --git a/tripleo_ansible/roles/tripleo-hieradata/tasks/all_hosts.yml b/tripleo_ansible/roles/tripleo-hieradata/tasks/all_hosts.yml new file mode 100644 index 000000000..c735a1dbe --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/tasks/all_hosts.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Copy hieradata files + copy: + dest: /etc/puppet/hieradata/{{ item.key }}.json + mode: 0600 + content: "{{ item.value }}" + loop: "{{ hieradata_content['datafiles'] | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" diff --git a/tripleo_ansible/roles/tripleo-hieradata/tasks/hieradata_vars.yaml b/tripleo_ansible/roles/tripleo-hieradata/tasks/hieradata_vars.yaml new file mode 100644 index 000000000..6192c3c5a --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/tasks/hieradata_vars.yaml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Render hieradata from template + template: + src: templates/{{ item }}.j2 + dest: "{{ dest_path | default('/etc/puppet/hieradata/' ~ item ~ '.json') }}" + loop: "{{ hieradata_templates_list }}" diff --git a/tripleo_ansible/roles/tripleo-hieradata/tasks/main.yml b/tripleo_ansible/roles/tripleo-hieradata/tasks/main.yml new file mode 100644 index 000000000..e9b1b596c --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/tasks/main.yml @@ -0,0 +1,74 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create /etc/puppet/hieradata + file: + path: /etc/puppet/hieradata + state: directory + mode: 0700 + +- name: Write hiera config + when: + - (hieradata_files | length) > 0 + copy: + mode: 0600 + dest: /etc/puppet/hiera.yaml + # TODO(emilien) Switch to Hiera5 format once we stop calling Hiera CLI + # which is deprecated and should be replaced by "puppet lookup" command. + content: | + --- + :backends: + - json + :json: + :datadir: /etc/puppet/hieradata + :hierarchy: + {{ hieradata_files }} + +- name: hieradata block + run_once: true + block: + - name: Create temporary file + tempfile: + state: file + suffix: temp + register: tempfile_1 + changed_when: false + notify: + - Cleanup temp file + + - name: Template hieradata file + template: + src: "{{ hieradata_template }}" + dest: "{{ tempfile_1.path }}" + variable_start_string: "{{ hieradata_variable_start_string }}" + variable_end_string: "{{ hieradata_variable_end_string }}" + changed_when: false + when: + - (hieradata_template | string) + notify: + - Cleanup temp file + + - name: Read temp file + slurp: + src: "{{ tempfile_1.path }}" + register: tempfile_1_slurp + changed_when: false + notify: + - Cleanup temp file + +- include_tasks: "{{ (hieradata_per_host | bool) | ternary('per_host.yml', 'all_hosts.yml') }}" + vars: + hieradata_content: "{{ tempfile_1_slurp['content'] | b64decode | from_yaml }}" diff --git a/tripleo_ansible/roles/tripleo-hieradata/tasks/per_host.yml b/tripleo_ansible/roles/tripleo-hieradata/tasks/per_host.yml new file mode 100644 index 000000000..4e36ff2b5 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/tasks/per_host.yml @@ -0,0 +1,22 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Copy hieradata for host {{ inventory_hostname }} + copy: + dest: "/etc/puppet/hieradata/{{ item }}.json" + mode: 0600 + content: "{{ hieradata_content[inventory_hostname]['datafiles'][item] }}" + loop: "{{ hieradata_content[inventory_hostname]['datafiles'] | list }}" diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/all_nodes.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/all_nodes.j2 new file mode 100644 index 000000000..8dae1b1f8 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/all_nodes.j2 @@ -0,0 +1,42 @@ +{% set all_nodes = {} %} +{% set _ = all_nodes.__setitem__('enabled_services', (enabled_services | unique)) %} +{% for service in enabled_services %} +{# _enabled: true #} +{% set _ = all_nodes.__setitem__((service ~ '_enabled'), true) %} +{# _node_ips: #} +{% set _ = all_nodes.__setitem__((service ~ '_node_ips'), (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_ip') | list)) %} +{% if nova_additional_cell %} +{# _cell_node_names: #} +{% set _ = all_nodes.__setitem__((service ~ '_cell_node_names'), (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_hostname') | list)) %} +{% else %} +{# _node_names: #} +{% set _ = all_nodes.__setitem__((service ~ '_node_names'), (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_hostname') | list)) %} +{% endif %} +{# _short_node_names: #} +{% set _ = all_nodes.__setitem__((service ~ '_short_node_names'), (groups[service] | default ([]) | map('extract', hostvars, 'inventory_hostname') | list)) %} +{# _short_bootstrap_node_name: hostname #} +{% set services = (groups[service] | default ([]) | map('extract', hostvars, 'inventory_hostname')) | list %} +{% if (services | length) > 0 %} +{% set _ = all_nodes.__setitem__((service ~ '_short_bootstrap_node_name'), (services | first)) %} +{% endif %} +{# _bootstrap_node_ip: hostname #} +{% set services = (groups[service] | default ([]) | map('extract', hostvars, service_net_map[service ~ '_network'] | default('ctlplane') ~ '_ip')) | list %} +{% if (services | length) > 0 %} +{% set _ = all_nodes.__setitem__((service ~ '_bootstrap_node_ip'), (services | first)) %} +{% endif %} +{% endfor %} +{# _network: #} +{% for key, value in service_net_map.items() %} +{% set _ = all_nodes.__setitem__(key, value) %} +{% endfor %} +{% if 'redis' in enabled_services %} +{% set _ = all_nodes.__setitem__('redis_vip', (net_vip_map.redis)) %} +{% endif %} +{% set _ = all_nodes.__setitem__('deploy_identifier', deploy_identifier) %} +{% set _ = all_nodes.__setitem__('stack_action', stack_action) %} +{% set _ = all_nodes.__setitem__('stack_update_type', stack_update_type) %} +{% set _ = all_nodes.__setitem__('container_cli', container_cli) %} +{% set _ = all_nodes.__setitem__('controller_node_ips', (groups[primary_role_name] | default([]) | map('extract', hostvars, 'ctlplane_ip') | list | join(','))) %} +{% set _ = all_nodes.__setitem__('controller_node_names', (groups[primary_role_name] | default([]) | map('extract', hostvars, 'inventory_hostname') | list | join(','))) %} +{# RENDER #} +{{ all_nodes | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/bootstrap_node.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/bootstrap_node.j2 new file mode 100644 index 000000000..e129963f8 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/bootstrap_node.j2 @@ -0,0 +1,4 @@ +{% set boostrap_node = {} %} +{% set _ = boostrap_node.__setitem__('boostrap_node_id', bootstrap_nodeid) %} +{# RENDER #} +{{ boostrap_node | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/cloud_domain.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/cloud_domain.j2 new file mode 100644 index 000000000..6c95d6c4a --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/cloud_domain.j2 @@ -0,0 +1,4 @@ +{% set cloud_domain_data = {} %} +{% set _ = cloud_domain_data.__setitem__('tripleo::clouddomain', cloud_domain) %} +{# RENDER #} +{{ cloud_domain_data | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/extraconfig.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/extraconfig.j2 new file mode 100644 index 000000000..fb6bcd890 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/extraconfig.j2 @@ -0,0 +1 @@ +{{ extraconfig | default({}) | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/fqdn.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/fqdn.j2 new file mode 100644 index 000000000..4a20c356a --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/fqdn.j2 @@ -0,0 +1,12 @@ +{% set fqdn = {} %} +{% set _ = fqdn.__setitem__('fqdn_ctlplane', (inventory_hostname ~ '.ctlplane.' ~ cloud_domain)) %} +{% set _ = fqdn.__setitem__('fqdn_canonical', (inventory_hostname ~ '.' ~ cloud_domain)) %} +{% if role_networks %} +{% for network in enabled_networks %} +{% if network in role_networks %} +{% set _ = fqdn.__setitem__(('fqdn_' ~ networks[network]['name_lower']), (inventory_hostname ~ '.' ~ network | lower ~ '.' ~ cloud_domain)) %} +{% endif %} +{% endfor %} +{% endif %} +{# RENDER #} +{{ fqdn | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/net_ip_map.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/net_ip_map.j2 new file mode 100644 index 000000000..edbeedcd0 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/net_ip_map.j2 @@ -0,0 +1,18 @@ +{% set net_ip_map = {} %} +{% set _ = net_ip_map.__setitem__('ctlplane', ctlplane_ip) %} +{% set _ = net_ip_map.__setitem__('ctlplane_subnet', ctlplane_ip ~ '/' ~ ctlplane_subnet_cidr) %} +{% set _ = net_ip_map.__setitem__('ctlplane_uri', (ctlplane_ip | ipwrap)) %} +{% for network in enabled_networks %} +{% if network_cidrs and ((network ~ '_cidr') in network_cidrs) %} +{% set _ = net_ip_map.__setitem__(networks[network]['name'], (hostvars[inventory_hostname][networks[network]['name'] ~ '_ip'])) %} +{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_subnet'), (hostvars[inventory_hostname][networks[network]['name'] ~ '_ip'] ~ '/' ~ network_cidrs[network ~ '_cidr'])) %} +{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_uri'), (hostvars[inventory_hostname][networks[network]['name'] ~ '_ip'] | ipwrap)) %} +{% else %} +{# just add empty entries for this network if it doesn't apply to this role. matches previous behavior from Heat #} +{% set _ = net_ip_map.__setitem__(networks[network]['name'], "") %} +{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_subnet'), "") %} +{% set _ = net_ip_map.__setitem__((networks[network]['name'] ~ '_uri'), "") %} +{% endif %} +{% endfor %} +{# RENDER #} +{{ net_ip_map | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/role_extraconfig.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/role_extraconfig.j2 new file mode 100644 index 000000000..3cf3f1322 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/role_extraconfig.j2 @@ -0,0 +1 @@ +{{ role_extraconfig | default({}) | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/service_configs.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/service_configs.j2 new file mode 100644 index 000000000..c5d980b66 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/service_configs.j2 @@ -0,0 +1 @@ +{{ service_configs | default({}) | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-hieradata/templates/vip_data.j2 b/tripleo_ansible/roles/tripleo-hieradata/templates/vip_data.j2 new file mode 100644 index 000000000..531c8634f --- /dev/null +++ b/tripleo_ansible/roles/tripleo-hieradata/templates/vip_data.j2 @@ -0,0 +1,45 @@ +{% set vip_data = {} %} +{% set _ = vip_data.__setitem__('controller_virtual_ip', control_virtual_ip) %} +{% set _ = vip_data.__setitem__('keystone_admin_api_vip', (net_vip_map[service_net_map['keystone_admin_api_network']])) %} +{% set _ = vip_data.__setitem__('keystone_public_api_vip', (net_vip_map[service_net_map['keystone_public_api_network']])) %} +{% if 'External' in enabled_networks %} +{% set _ = vip_data.__setitem__('public_virtual_ip', (net_vip_map[networks['External']['name_lower']])) %} +{% else %} +{% set _ = vip_data.__setitem__('public_virtual_ip', (net_vip_map.ctlplane)) %} +{% endif %} +{% if 'InternalApi' in enabled_networks %} +{# the internal_api_virtual_ip is needed for contrail only #} +{% set _ = vip_data.__setitem__('internal_api_virtual_ip', (net_vip_map[networks['InternalApi']['name_lower']])) %} +{% endif %} +{% set _ = vip_data.__setitem__('network_virtual_ips', network_virtual_ips) %} +{% for network in enabled_networks %} +{% if network == 'StorageNFS' %} +{% set _ = vip_data.__setitem__('ganesha_vip', (net_vip_map[storagenfs_net_name])) %} +{% endif %} +{% endfor %} +{# public_virtual_ip and controller_virtual_ip are needed in both HAproxy & keepalived. #} +{% if 'External' in enabled_networks %} +{% set _ = vip_data.__setitem__('tripleo::haproxy::public_virtual_ip', (net_vip_map[networks['External']['name_lower']])) %} +{% set _ = vip_data.__setitem__('tripleo::keepalived::public_virtual_ip', (net_vip_map[networks['External']['name_lower']])) %} +{% else %} +{% set _ = vip_data.__setitem__('tripleo::haproxy::public_virtual_ip', (net_vip_map.ctlplane)) %} +{% set _ = vip_data.__setitem__('tripleo::keepalived::public_virtual_ip', (net_vip_map.ctlplane)) %} +{% endif %} +{% set _ = vip_data.__setitem__('tripleo::haproxy::controller_virtual_ip', (net_vip_map.ctlplane)) %} +{% set _ = vip_data.__setitem__('tripleo::keepalived::controller_virtual_ip', (net_vip_map.ctlplane)) %} +{% set _ = vip_data.__setitem__('tripleo::keepalived::redis_virtual_ip', (net_vip_map.redis)) %} +{% set _ = vip_data.__setitem__('tripleo::redis_notification::haproxy_monitor_ip', (net_vip_map.ctlplane)) %} +{% for key, value in cloud_names.items() %} +{% set _ = vip_data.__setitem__(key, value) %} +{% endfor %} +{% set _ = vip_data.__setitem__('enable_internal_tls', (enable_internal_tls | lower | bool)) %} +{% for service in enabled_services %} +{% if service_net_map.get(service ~ '_network', 'noop') in net_vip_map %} +{# we set explicit vips for these services, no need to calculate them dynamically #} +{% if service not in ['redis', 'ganesha', 'keystone_admin_api_vip', 'keystone_public_api_vip'] %} +{% set _ = vip_data.__setitem__((service ~ '_vip'), (net_vip_map[service_net_map[service ~ '_network']])) %} +{% endif %} +{% endif %} +{% endfor %} +{# RENDER #} +{{ vip_data | to_nice_json }} diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/defaults/main.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/defaults/main.yml new file mode 100644 index 000000000..822a397ab --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/defaults/main.yml @@ -0,0 +1,17 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +tripleo_upgrade_hiera_file: /etc/puppet/hieradata/upgrade.json diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/meta/main.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/meta/main.yml new file mode 100644 index 000000000..9cc08e587 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-upgrade-hiera + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/playbook.yml new file mode 100644 index 000000000..2f4c027e5 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/playbook.yml @@ -0,0 +1,62 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: tripleo-upgrade-hiera + + post_tasks: + - name: test tripleo-upgrade-hiera - add a first value + include_role: + name: tripleo-upgrade-hiera + tasks_from: set.yml + vars: + tripleo_upgrade_key: pacemaker_short_node_names_override + tripleo_upgrade_value: + - "controller-0" + + - name: test tripleo-upgrade-hiera - add another value + include_role: + name: tripleo-upgrade-hiera + tasks_from: set.yml + vars: + tripleo_upgrade_key: mysql_short_node_names_override + tripleo_upgrade_value: + - "controller-0" + - "controller-1" + + - name: test tripleo-upgrade-hiera - update a value + include_role: + name: tripleo-upgrade-hiera + tasks_from: set.yml + vars: + tripleo_upgrade_key: mysql_short_node_names_override + tripleo_upgrade_value: + - "controller-1" + + - name: test tripleo-upgrade-hiera - remove a value + include_role: + name: tripleo-upgrade-hiera + tasks_from: remove.yml + vars: + tripleo_upgrade_key: pacemaker_short_node_names_override + + - name: test tripleo-upgrade-hiera - remove all values + include_role: + name: tripleo-upgrade-hiera + tasks_from: remove-all.yml diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/molecule/default/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml new file mode 100644 index 000000000..5c30b9ab7 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/create-tripleo-upgrade-file.yml @@ -0,0 +1,54 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: create the directory for hiera file + file: + path: "{{ tripleo_upgrade_hiera_file | dirname }}" + owner: "root" + group: "root" + mode: 0755 + state: directory + become: true + +- name: check if the upgrade file exists. + stat: + path: "{{ tripleo_upgrade_hiera_file }}" + register: _tripleo_upgrade_hiera_file + become: true + +- name: check if the file contains valid json + command: "jq . {{ tripleo_upgrade_hiera_file }}" + register: _tripleo_upgrade_hiera_test + become: true + when: + - _tripleo_upgrade_hiera_file.stat.exists | bool + +- name: create the hiera file when no file or empty file. + copy: + dest: "{{ tripleo_upgrade_hiera_file }}" + owner: "root" + group: "root" + mode: 0644 + content: "{}" + become: true + when: + - not (_tripleo_upgrade_hiera_file.stat.exists | bool) or + (_tripleo_upgrade_hiera_test.stdout | length) > 0 + +- name: load the json hiera data + command: "jq . {{ tripleo_upgrade_hiera_file }}" + register: tripleo_upgrade_hiera_command + become: true diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/main.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/main.yml new file mode 100644 index 000000000..3372d33a7 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Install jq package + package: + name: jq + state: present diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove-all.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove-all.yml new file mode 100644 index 000000000..40c6a98fb --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove-all.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: delete the upgrade hiera file + file: + path: "{{ tripleo_upgrade_hiera_file }}" + state: absent + become: true diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove.yml new file mode 100644 index 000000000..92dba8d39 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/remove.yml @@ -0,0 +1,37 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: ensure tripleo-upgrade hiera file exists + include_tasks: create-tripleo-upgrade-file.yml + +- name: reset tripleo_upgrade_hiera_data_del fact + set_fact: + tripleo_upgrade_hiera_data_del: {} + +- name: remove a tripleo-upgrade key + set_fact: + tripleo_upgrade_hiera_data_del: "{{ tripleo_upgrade_hiera_data_del|combine({upgrade_hiera_item.key: upgrade_hiera_item.value}) }}" + cacheable: false + when: upgrade_hiera_item.key != tripleo_upgrade_key + loop_control: + loop_var: upgrade_hiera_item + loop: "{{ tripleo_upgrade_hiera_command.stdout | from_json | default({}) | dict2items }}" + +- name: write the updated tripleo-upgrade hiera data + copy: + content: "{{ tripleo_upgrade_hiera_data_del | to_nice_json }}" + dest: "{{ tripleo_upgrade_hiera_file }}" + become: true diff --git a/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/set.yml b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/set.yml new file mode 100644 index 000000000..b79d6688f --- /dev/null +++ b/tripleo_ansible/roles/tripleo-upgrade-hiera/tasks/set.yml @@ -0,0 +1,29 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: ensure tripleo-upgrade hiera file exists + include_tasks: create-tripleo-upgrade-file.yml + +- name: set/update the tripleo-upgrade key/value + set_fact: + tripleo_upgrade_hiera_data_add: "{{ tripleo_upgrade_hiera_command.stdout | from_json | combine({ tripleo_upgrade_key: tripleo_upgrade_value }) }}" + cacheable: false + +- name: write the updated tripleo-upgrade hiera data + copy: + content: "{{ tripleo_upgrade_hiera_data_add | to_nice_json }}" + dest: "{{ tripleo_upgrade_hiera_file }}" + become: true diff --git a/zuul.d/layout.yaml b/zuul.d/layout.yaml index 006f8e2de..63680ce55 100644 --- a/zuul.d/layout.yaml +++ b/zuul.d/layout.yaml @@ -7,40 +7,55 @@ jobs: - openstack-tox-linters - tripleo-ansible-docs - - tripleo-ci-centos-7-scenario004-standalone: - files: &scenario004 - - ^tripleo_ansible/.* + - tripleo-ci-centos-7-containers-multinode: &containers_multinode + files: + - ^tripleo_ansible/roles/tripleo-hieradata/.* + - ^tripleo_ansible/roles/tripleo-upgrade-hiera/.* irrelevant-files: &irrelevant_scenario_files - .*.md$ - .*.rst$ - .*.txt$ - ^tripleo_ansible/.*molecule.* - ^tripleo_ansible/.*meta.* - - tripleo-ci-centos-7-scenario010-standalone: - files: &scenario010 + - tripleo-ci-centos-7-scenario001-standalone: &scenario001 + files: + - ^tripleo_ansible/roles/tripleo-hieradata/.* + - ^tripleo_ansible/roles/tripleo-upgrade-hiera/.* + irrelevant-files: *irrelevant_scenario_files + - tripleo-ci-centos-7-scenario002-standalone: &scenario002 + files: + - ^tripleo_ansible/roles/tripleo-hieradata/.* + - ^tripleo_ansible/roles/tripleo-upgrade-hiera/.* + irrelevant-files: *irrelevant_scenario_files + - tripleo-ci-centos-7-scenario003-standalone: &scenario003 + files: + - ^tripleo_ansible/roles/tripleo-create-admin/.* + - ^tripleo_ansible/roles/tripleo-hieradata/.* + - ^tripleo_ansible/roles/tripleo-upgrade-hiera/.* + irrelevant-files: *irrelevant_scenario_files + - tripleo-ci-centos-7-scenario004-standalone: &scenario004 + files: + - ^tripleo_ansible/.* + irrelevant-files: *irrelevant_scenario_files + - tripleo-ci-centos-7-scenario010-standalone: &scenario010 + files: - ^tripleo_ansible/.*octavia.* irrelevant-files: *irrelevant_scenario_files - - tripleo-ci-centos-7-scenario003-standalone: - files: &scenario003 - - ^tripleo_ansible/roles/tripleo-create-admin/.* - irrelevant-files: *irrelevant_scenario_files - - tripleo-ci-centos-7-scenario012-standalone: - files: &scenario012 - - ^tripleo_ansible/roles/tripleo-module-load/.* + - tripleo-ci-centos-7-standalone-upgrade: &standalone_upgrade + files: + - ^tripleo_ansible/roles/tripleo-hieradata/.* + - ^tripleo_ansible/roles/tripleo-upgrade-hiera/.* irrelevant-files: *irrelevant_scenario_files gate: jobs: - openstack-tox-linters - tripleo-ansible-docs - - tripleo-ci-centos-7-scenario004-standalone: - files: *scenario004 - irrelevant-files: *irrelevant_scenario_files - - tripleo-ci-centos-7-scenario010-standalone: - files: *scenario010 - irrelevant-files: *irrelevant_scenario_files - - tripleo-ci-centos-7-scenario003-standalone: - files: *scenario003 - irrelevant-files: *irrelevant_scenario_files + - tripleo-ci-centos-7-containers-multinode: *containers_multinode + - tripleo-ci-centos-7-scenario001-standalone: *scenario001 + - tripleo-ci-centos-7-scenario002-standalone: *scenario002 + - tripleo-ci-centos-7-scenario003-standalone: *scenario003 + - tripleo-ci-centos-7-scenario004-standalone: *scenario004 + - tripleo-ci-centos-7-scenario010-standalone: *scenario010 post: jobs: - publish-openstack-python-branch-tarball diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 70ba062f8..f86136919 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -24,6 +24,8 @@ - tripleo-ansible-centos-7-molecule-tripleo-timezone - tripleo-ansible-centos-7-molecule-tripleo-config - tripleo-ansible-centos-7-molecule-tripleo-container-stop + - tripleo-ansible-centos-7-molecule-tripleo-hieradata + - tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera gate: jobs: - tripleo-ansible-centos-7-molecule-aide @@ -48,6 +50,8 @@ - tripleo-ansible-centos-7-molecule-tripleo-timezone - tripleo-ansible-centos-7-molecule-tripleo-config - tripleo-ansible-centos-7-molecule-tripleo-container-stop + - tripleo-ansible-centos-7-molecule-tripleo-hieradata + - tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera name: tripleo-ansible-molecule-jobs - job: files: @@ -209,3 +213,17 @@ parent: tripleo-ansible-centos-7-base vars: tripleo_role_name: tripleo-container-stop +- job: + files: + - ^tripleo_ansible/roles/tripleo-hieradata/.* + name: tripleo-ansible-centos-7-molecule-tripleo-hieradata + parent: tripleo-ansible-centos-7-base + vars: + tripleo_role_name: tripleo-hieradata +- job: + files: + - ^tripleo_ansible/roles/tripleo-upgrade-hiera/.* + name: tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera + parent: tripleo-ansible-centos-7-base + vars: + tripleo_role_name: tripleo-upgrade-hiera