From bc9fe7f8277ceafda81991cae3cfc6c75c0a2d03 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Fri, 2 Aug 2019 14:35:37 -0500 Subject: [PATCH] Create tripleo container image prepare role This change creates a role for the tripleo heat template content for "container-image-prepare-baremetal-ansible.j2.yaml". This change will ensure our task process is tested using molecule and scenario tests while also streamlining our process. Test Matrix: - default - tests role using all default options - build - tests end to end building containers using mock data A new playbook for docker vfs setup has been added. This was added to allow some tests to run docker workloads within a local filesystem. Without this change, docker workloads would fail because docker is not able to run an overlayfs job from within an overlayfs environment. This new playbook will be used within our zuul jobs whenever the variable `docker_enable_vfs`, is set to "true". Change-Id: Ic6e26eb95734ccf17e42e649b5e5808e1a096a78 Story: 2005985 Task: 34438 Task: 34440 Task: 34441 Signed-off-by: Kevin Carter --- .../role-tripleo-container-image-prepare.rst | 6 + .../docker_enable_vfs-c8b41b02111341df.yaml | 5 + roles | 1 + .../playbooks/docker-vfs-setup.yml | 110 ++++++++++++++++++ tripleo_ansible/roles/test_deps/README.md | 29 ----- .../roles/test_deps/defaults/main.yml | 19 +++ .../roles/test_deps/tasks/main.yml | 23 +++- .../roles/test_deps/tasks/tripleo-setup.yml | 44 +++++++ .../roles/test_deps/vars/centos-7.yml | 23 ++++ .../roles/test_deps/vars/fedora.yml | 24 ++++ .../roles/tripleo-config/defaults/main.yml | 1 + .../roles/tripleo-config/tasks/main.yml | 2 +- .../tripleo-config/templates/json-config.j2 | 1 + .../defaults/main.yml | 24 ++++ .../handlers/main.yml | 30 +++++ .../meta/main.yml | 44 +++++++ .../molecule/build/Dockerfile | 37 ++++++ .../molecule/build/DockerfileRegistry | 26 +++++ .../molecule/build/molecule.yml | 88 ++++++++++++++ .../build/playbook-docker-vfs-setup.yml | 1 + .../molecule/build/playbook.yml | 91 +++++++++++++++ .../molecule/build/prepare.yml | 43 +++++++ .../molecule/default/Dockerfile | 37 ++++++ .../molecule/default/molecule.yml | 48 ++++++++ .../molecule/default/playbook.yml | 21 ++++ .../molecule/default/prepare.yml | 21 ++++ .../tasks/main.yml | 65 +++++++++++ zuul.d/molecule.yaml | 11 ++ zuul.d/playbooks/pre.yml | 15 +++ 29 files changed, 856 insertions(+), 34 deletions(-) create mode 100644 doc/source/roles/role-tripleo-container-image-prepare.rst create mode 100644 releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml create mode 120000 roles create mode 100644 tripleo_ansible/playbooks/docker-vfs-setup.yml delete mode 100644 tripleo_ansible/roles/test_deps/README.md create mode 100644 tripleo_ansible/roles/test_deps/defaults/main.yml create mode 100644 tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml create mode 100644 tripleo_ansible/roles/test_deps/vars/centos-7.yml create mode 100644 tripleo_ansible/roles/test_deps/vars/fedora.yml create mode 100644 tripleo_ansible/roles/tripleo-config/templates/json-config.j2 create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/defaults/main.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/handlers/main.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/meta/main.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/DockerfileRegistry create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/molecule.yml create mode 120000 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook-docker-vfs-setup.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/Dockerfile create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/molecule.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/playbook.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/prepare.yml create mode 100644 tripleo_ansible/roles/tripleo-container-image-prepare/tasks/main.yml diff --git a/doc/source/roles/role-tripleo-container-image-prepare.rst b/doc/source/roles/role-tripleo-container-image-prepare.rst new file mode 100644 index 000000000..20c3360d9 --- /dev/null +++ b/doc/source/roles/role-tripleo-container-image-prepare.rst @@ -0,0 +1,6 @@ +====================================== +Role - tripleo-container-image-prepare +====================================== + +.. ansibleautoplugin:: + :role: tripleo_ansible/roles/tripleo-container-image-prepare diff --git a/releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml b/releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml new file mode 100644 index 000000000..26efa368d --- /dev/null +++ b/releasenotes/notes/docker_enable_vfs-c8b41b02111341df.yaml @@ -0,0 +1,5 @@ +--- +other: + - Zuul jobs can now run docker workloads using the VFS storage driver. + More on the VFS storage driver can be seen here + https://docs.docker.com/storage/storagedriver/vfs-driver diff --git a/roles b/roles new file mode 120000 index 000000000..3a166856b --- /dev/null +++ b/roles @@ -0,0 +1 @@ +tripleo_ansible/roles \ No newline at end of file diff --git a/tripleo_ansible/playbooks/docker-vfs-setup.yml b/tripleo_ansible/playbooks/docker-vfs-setup.yml new file mode 100644 index 000000000..892dfce6d --- /dev/null +++ b/tripleo_ansible/playbooks/docker-vfs-setup.yml @@ -0,0 +1,110 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Docker vfs setup + hosts: all + gather_facts: true + handlers: + - name: Stop docker daemon + become: true + systemd: + name: docker + state: stopped + listen: Restart docker + + - name: Start docker daemon + become: true + systemd: + name: docker + state: started + listen: Restart docker + + - name: Cleanup temp json file + become: true + file: + path: "{{ tripleo_docker_temp_file }}" + state: absent + pre_tasks: + - name: Set temp file fact + set_fact: + tripleo_docker_temp_file: "{{ ansible_user_dir }}/.ansible/tmp/docker-daemon-{{ inventory_hostname }}.json" + when: + - tripleo_docker_temp_file is undefined + tasks: + - name: Storage driver block + become: true + when: + - (tripleo_docker_enable_vfs | default(false)) | bool + block: + - name: Create ansible temp directory + file: + path: "{{ tripleo_docker_temp_file | dirname }}" + state: directory + + - name: Check for docker json file + stat: + path: /etc/docker/daemon.json + register: daemon_json + + - name: Store config file + fetch: + src: /etc/docker/daemon.json + dest: "{{ tripleo_docker_temp_file }}" + flat: true + register: stored_file + when: + - daemon_json.stat.exists | bool + notify: + - Cleanup temp json file + + - name: Insert storage-driver into docker daemon config (existing) + include_role: + name: tripleo-config + vars: + tripleo_config_src: "{{ tripleo_docker_temp_file }}" + tripleo_config_type: json + tripleo_config_dest: /etc/docker/daemon.json + tripleo_config_overrides: + storage-driver: vfs + when: + - daemon_json.stat.exists | bool + + - name: Insert storage-driver into docker daemon config (new) + include_role: + name: tripleo-config + vars: + tripleo_config_type: json + tripleo_config_dest: /etc/docker/daemon.json + tripleo_config_overrides: + storage-driver: vfs + when: + - not (daemon_json.stat.exists | bool) + post_tasks: + - name: Get checksum from running docker config + stat: + path: /etc/docker/daemon.json + register: running_file + + - name: Notify config changes + debug: + msg: "Configuration changes detected notifying handlers" + changed_when: true + when: + - (not (stored_file.changed | bool)) or + (stored_file.checksum != running_file.stat.checksum) + notify: + - Restart docker diff --git a/tripleo_ansible/roles/test_deps/README.md b/tripleo_ansible/roles/test_deps/README.md deleted file mode 100644 index 51675fb1b..000000000 --- a/tripleo_ansible/roles/test_deps/README.md +++ /dev/null @@ -1,29 +0,0 @@ -Role Name -========= - -A brief description of the role goes here. - - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should -be mentioned here. - - -Role Variables --------------- - -A description of the settable variables for this role should go here, including -any variables that are in defaults/main.yml, vars/main.yml, and any variables -that can/should be set via parameters to the role. Any variables that are read -from other roles and/or the global scope (ie. hostvars, group vars, etc.) -should be mentioned here as well. - - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in -regards to parameters that may need to be set for other roles, or variables -that are used from other roles. diff --git a/tripleo_ansible/roles/test_deps/defaults/main.yml b/tripleo_ansible/roles/test_deps/defaults/main.yml new file mode 100644 index 000000000..2783978e8 --- /dev/null +++ b/tripleo_ansible/roles/test_deps/defaults/main.yml @@ -0,0 +1,19 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +test_deps_extra_packages: [] +test_deps_setup_tripleo: false diff --git a/tripleo_ansible/roles/test_deps/tasks/main.yml b/tripleo_ansible/roles/test_deps/tasks/main.yml index 085b7cd4b..f60bfe16c 100644 --- a/tripleo_ansible/roles/test_deps/tasks/main.yml +++ b/tripleo_ansible/roles/test_deps/tasks/main.yml @@ -31,25 +31,40 @@ tags: - always +- include_tasks: tripleo-setup.yml + when: + - (ansible_os_family | lower) == 'redhat' + - test_deps_setup_tripleo | bool + - name: RHEL Block become: true when: - (ansible_os_family | lower) == 'redhat' + - not (test_deps_setup_tripleo | bool) block: - name: install deplorean repo - become: true get_url: url: "https://trunk.rdoproject.org/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-master/current-tripleo/delorean.repo" dest: /etc/yum.repos.d/delorean.repo - when: - - (ansible_os_family | lower) == 'redhat' - name: install deplorean-deps repo get_url: url: "https://trunk.rdoproject.org/{{ ansible_distribution | lower }}{{ ansible_distribution_major_version }}-master/delorean-deps.repo" dest: /etc/yum.repos.d/delorean-deps.repo +- name: Package block + become: true + block: - name: Install selinux python libs package: - name: libselinux-python + name: "{{ test_deps_selinux_packages }}" state: present + when: + - (ansible_os_family | lower) == 'redhat' + + - name: Install extra packages + package: + name: "{{ test_deps_extra_packages }}" + state: present + when: + - (test_deps_extra_packages | length) > 0 diff --git a/tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml b/tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml new file mode 100644 index 000000000..b291f1adc --- /dev/null +++ b/tripleo_ansible/roles/test_deps/tasks/tripleo-setup.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: fetch latest repo version + uri: + url: "{{ test_deps_repo }}/" + return_content: true + register: tripleo_packages + +- name: Set package fact + set_fact: + tripleo_package_fact: "{{ (tripleo_packages.content | regex_search('(\\B\"python.*tripleo-repos.*rpm\\b\")', multiline=True)).strip('\"') }}" + +- name: TripleO package block + become: true + block: + - name: install tripleo repository + package: + name: "{{ test_deps_repo }}/{{ tripleo_package_fact }}" + state: present + + - name: Enable tripleo repository + command: >- + tripleo-repos {{ test_deps_tripleo_repos }} + changed_when: false + + - name: Install tripleo packages + package: + name: "{{ test_deps_tripleo_packages }}" + state: present diff --git a/tripleo_ansible/roles/test_deps/vars/centos-7.yml b/tripleo_ansible/roles/test_deps/vars/centos-7.yml new file mode 100644 index 000000000..082e54a5c --- /dev/null +++ b/tripleo_ansible/roles/test_deps/vars/centos-7.yml @@ -0,0 +1,23 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +test_deps_repo: https://trunk.rdoproject.org/centos7/current +test_deps_selinux_packages: + - libselinux-python +test_deps_tripleo_packages: + - python-tripleoclient +test_deps_tripleo_repos: current-tripleo-dev diff --git a/tripleo_ansible/roles/test_deps/vars/fedora.yml b/tripleo_ansible/roles/test_deps/vars/fedora.yml new file mode 100644 index 000000000..71071f57c --- /dev/null +++ b/tripleo_ansible/roles/test_deps/vars/fedora.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +test_deps_repo: https://trunk.rdoproject.org/fedora/current +test_deps_selinux_packages: + - python3-libselinux + - python2-libselinux +test_deps_tripleo_packages: + - python3-tripleoclient +test_deps_tripleo_repos: current-tripleo diff --git a/tripleo_ansible/roles/tripleo-config/defaults/main.yml b/tripleo_ansible/roles/tripleo-config/defaults/main.yml index a2bb606c5..91628a8ce 100644 --- a/tripleo_ansible/roles/tripleo-config/defaults/main.yml +++ b/tripleo_ansible/roles/tripleo-config/defaults/main.yml @@ -19,6 +19,7 @@ # All variables within this role should have a prefix of "tripleo-config" tripleo_config_type: ini +tripleo_config_src: "{{ tripleo_config_type }}-config.j2" tripleo_config_owner: root tripleo_config_group: root tripleo_config_mode: 0644 diff --git a/tripleo_ansible/roles/tripleo-config/tasks/main.yml b/tripleo_ansible/roles/tripleo-config/tasks/main.yml index e432077ff..1a290b3f8 100644 --- a/tripleo_ansible/roles/tripleo-config/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo-config/tasks/main.yml @@ -23,7 +23,7 @@ - name: "Generate {{ tripleo_config_dest }} config" config_template: - src: "{{ tripleo_config_type }}-config.j2" + src: "{{ tripleo_config_src }}" dest: "{{ tripleo_config_dest }}" owner: "{{ tripleo_config_owner }}" group: "{{ tripleo_config_group }}" diff --git a/tripleo_ansible/roles/tripleo-config/templates/json-config.j2 b/tripleo_ansible/roles/tripleo-config/templates/json-config.j2 new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-config/templates/json-config.j2 @@ -0,0 +1 @@ +{} diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/defaults/main.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/defaults/main.yml new file mode 100644 index 000000000..16a8b7024 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/defaults/main.yml @@ -0,0 +1,24 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +# All variables within this role should have a prefix of "tripleo_tripleo_container_image_prepare" +tripleo_container_image_prepare_debug: false +tripleo_container_image_prepare_content: {} +tripleo_container_image_prepare_roles: [] +tripleo_container_image_prepare_log_file: /var/log/tripleo-container-image-prepare.log diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/handlers/main.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/handlers/main.yml new file mode 100644 index 000000000..8e9fbef65 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/handlers/main.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Delete param file + file: + dest: "{{ prepare_param.path }}" + state: absent + check_mode: false + become: true + +- name: Delete role file + file: + dest: "{{ role_data.path }}" + state: absent + check_mode: false + become: true diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/meta/main.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/meta/main.yml new file mode 100644 index 000000000..988796342 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/meta/main.yml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO OpenStack Role -- tripleo-container-image-prepare + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: Fedora + versions: + - 28 + - name: CentOS + versions: + - 7 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/Dockerfile b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/DockerfileRegistry b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/DockerfileRegistry new file mode 100644 index 000000000..10597f707 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/DockerfileRegistry @@ -0,0 +1,26 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN apk add python + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/molecule.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/molecule.yml new file mode 100644 index 000000000..5feae85d9 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/molecule.yml @@ -0,0 +1,88 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + command: /sbin/init + security_opts: + - seccomp=unconfined + tmpfs: + - /run + - /tmp + capabilities: + - ALL + volumes: &vols + - /run/udev:/run/udev:ro + - /sys/fs/cgroup:/sys/fs/cgroup:ro + - /var/run/docker.sock:/var/run/docker.sock + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + command: /sbin/init + privileged: true + security_opts: + - seccomp=unconfined + tmpfs: + - /run + - /tmp + capabilities: + - ALL + volumes: *vols + + - name: registry + hostname: registry + image: registry:2 + dockerfile: DockerfileRegistry + environment: + <<: *env + command: /etc/docker/registry/config.yml + exposed_ports: + - 5000/udp + - 5000/tcp + published_ports: + - 0.0.0.0:8787:5000/udp + - 0.0.0.0:8787:5000/tcp + +provisioner: + name: ansible + config_options: + defaults: + fact_caching: jsonfile + fact_caching_connection: /tmp/molecule/facts + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook-docker-vfs-setup.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook-docker-vfs-setup.yml new file mode 120000 index 000000000..82428c2df --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook-docker-vfs-setup.yml @@ -0,0 +1 @@ +../default/playbook-docker-vfs-setup.yml \ No newline at end of file diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook.yml new file mode 100644 index 000000000..db72d40cc --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/playbook.yml @@ -0,0 +1,91 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + serial: 1 + roles: + - role: "tripleo-container-image-prepare" + when: + - inventory_hostname != "registry" + tripleo_container_image_prepare_debug: true + tripleo_container_image_prepare_content: + parameter_defaults: + AdditionalArchitectures: [] + ContainerImagePrepare: + - modify_append_tag: -updated-TEST + modify_only_with_labels: + - kolla_version + modify_role: tripleo-modify-image + modify_vars: + tasks_from: yum_update.yml + update_repo: gating-repo,delorean-current,quickstart-centos-ceph-nautilus + yum_repos_dir_path: /etc/yum.repos.d + push_destination: "{{ hostvars['registry']['ansible_default_ipv4']['address'] }}:5000" + set: + ceph_alertmanager_image: alertmanager + ceph_alertmanager_namespace: docker.io/prom + ceph_alertmanager_tag: latest + ceph_grafana_image: grafana + ceph_grafana_namespace: docker.io/grafana + ceph_grafana_tag: latest + ceph_image: daemon + ceph_namespace: docker.io/ceph + ceph_node_exporter_image: node-exporter + ceph_node_exporter_namespace: docker.io/prom + ceph_node_exporter_tag: latest + ceph_prometheus_image: prometheus + ceph_prometheus_namespace: docker.io/prom + ceph_prometheus_tag: latest + ceph_tag: v4.0.0-stable-4.0-nautilus-centos-7-x86_64 + name_prefix: centos-binary- + name_suffix: '' + namespace: docker.io/tripleomaster + neutron_driver: ovn + tag: master + tag_from_label: null + ContainerImageRegistryCredentials: {} + DockerInsecureRegistryAddress: + - "{{ hostvars['registry']['ansible_default_ipv4']['address'] }}:5000" + DockerRegistryMirror: "https://registry-1.docker.io/" + NeutronMechanismDrivers: + - ovn + StandaloneCount: 1 + StandaloneServices: + - OS::TripleO::Services::CACerts + tripleo_container_image_prepare_roles: + - CountDefault: 1 + ServicesDefault: + - OS::TripleO::Services::CACerts + description: 'Testing' + disable_constraints: true + name: Standalone + networks: + External: + subnet: external_subnet + InternalApi: + subnet: internal_api_subnet + Storage: + subnet: storage_subnet + StorageMgmt: + subnet: storage_mgmt_subnet + Tenant: + subnet: tenant_subnet + tags: + - primary + - controller + - standalone diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/prepare.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/prepare.yml new file mode 100644 index 000000000..a976c3612 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/build/prepare.yml @@ -0,0 +1,43 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps + test_deps_setup_tripleo: true + when: + - inventory_hostname != "registry" + post_tasks: + - name: Install docker + package: + name: docker + state: present + - name: Create buildah directory + file: + path: /etc/containers + state: directory + - name: Create buildah registries config + copy: + content: |- + [registries.search] + registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] + [registries.insecure] + registries = ["{{ hostvars['registry']['ansible_default_ipv4']['address'] }}:5000"] + [registries.block] + registries = [] + dest: /etc/containers/registries.conf diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/Dockerfile b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/Dockerfile new file mode 100644 index 000000000..1b91a0e0b --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/Dockerfile @@ -0,0 +1,37 @@ +# Molecule managed +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/molecule.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/molecule.yml new file mode 100644 index 000000000..3a32890d4 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/molecule.yml @@ -0,0 +1,48 @@ +--- +driver: + name: docker + +log: true + +platforms: + - name: centos7 + hostname: centos7 + image: centos:7 + dockerfile: Dockerfile + pkg_extras: python-setuptools + easy_install: + - pip + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + + - name: fedora28 + hostname: fedora28 + image: fedora:28 + dockerfile: Dockerfile + pkg_extras: python*-setuptools + environment: + <<: *env + +provisioner: + name: ansible + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +lint: + enabled: false + +verifier: + name: testinfra + lint: + name: flake8 diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/playbook.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/playbook.yml new file mode 100644 index 000000000..4f9382ad9 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/playbook.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + roles: + - role: "tripleo-container-image-prepare" diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/prepare.yml new file mode 100644 index 000000000..ef85c3128 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/molecule/default/prepare.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + roles: + - role: test_deps diff --git a/tripleo_ansible/roles/tripleo-container-image-prepare/tasks/main.yml b/tripleo_ansible/roles/tripleo-container-image-prepare/tasks/main.yml new file mode 100644 index 000000000..288b44487 --- /dev/null +++ b/tripleo_ansible/roles/tripleo-container-image-prepare/tasks/main.yml @@ -0,0 +1,65 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# "tripleo-container-image-prepare" will search for and load any operating system variable file +- name: Container image prepare + become: true + block: + - name: Create temp file for prepare parameter + tempfile: + state: file + suffix: -prepare-param + register: prepare_param + check_mode: false + notify: + - Delete param file + + - name: Write ContainerImagePrepare parameter file + copy: + dest: "{{ prepare_param.path }}" + content: "{{ tripleo_container_image_prepare_content }}" + + - name: Create temp file for role data + tempfile: + state: file + suffix: -role-data + register: role_data + check_mode: false + notify: + - Delete role file + + - name: Write role data file + copy: + dest: "{{ role_data.path }}" + content: "{{ tripleo_container_image_prepare_roles }}" + + - name: "Run tripleo-container-image-prepare logged to: {{ tripleo_container_image_prepare_log_file }}" + command: >- + /usr/bin/tripleo-container-image-prepare + --roles-file {{ role_data.path }} + --environment-file {{ prepare_param.path }} + --cleanup partial + --log-file {{ tripleo_container_image_prepare_log_file }} + {% if (tripleo_container_image_prepare_debug | bool) %} + --debug + {% endif %} + no_log: "{{ not (tripleo_container_image_prepare_debug | bool) }}" + when: + - (tripleo_container_image_prepare_content | dict2items | length) > 0 + - (tripleo_container_image_prepare_roles | length) > 0 + tags: + - container_image_prepare diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index bb9a06d69..c0de0cba9 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -27,6 +27,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-hieradata - tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera - tripleo-ansible-centos-7-molecule-tripleo-kernel + - tripleo-ansible-centos-7-molecule-tripleo-container-image-prepare gate: jobs: - tripleo-ansible-centos-7-molecule-aide @@ -54,6 +55,7 @@ - tripleo-ansible-centos-7-molecule-tripleo-hieradata - tripleo-ansible-centos-7-molecule-tripleo-upgrade-hiera - tripleo-ansible-centos-7-molecule-tripleo-kernel + - tripleo-ansible-centos-7-molecule-tripleo-container-image-prepare name: tripleo-ansible-molecule-jobs - job: files: @@ -236,3 +238,12 @@ parent: tripleo-ansible-centos-7-base vars: tripleo_role_name: tripleo-kernel +- job: + files: + - ^tripleo_ansible/roles/tripleo-container-image-prepare/.* + name: tripleo-ansible-centos-7-molecule-tripleo-container-image-prepare + parent: tripleo-ansible-centos-7-base + vars: + tripleo_docker_enable_vfs: true + tripleo_docker_temp_file: "{{ zuul.executor.work_root }}/.tmp/docker-daemon-{{ inventory_hostname }}.json" + tripleo_role_name: tripleo-container-image-prepare diff --git a/zuul.d/playbooks/pre.yml b/zuul.d/playbooks/pre.yml index 3e980f845..1a92f0fac 100644 --- a/zuul.d/playbooks/pre.yml +++ b/zuul.d/playbooks/pre.yml @@ -46,3 +46,18 @@ ANSIBLE_ROLES_PATH: "{{ tripleo_ansible_project_path }}/tripleo_ansible/roles.galaxy" roles: - role: install-docker + post_tasks: + - name: Run docker vfs setup + shell: |- + . {{ ansible_user_dir }}/test-python/bin/activate + . {{ tripleo_ansible_project_path }}/ansible-test-env.rc + ansible-playbook -i 'localhost,' \ + -e tripleo_docker_enable_vfs={{ tripleo_docker_enable_vfs }} \ + docker-vfs-setup.yml + args: + chdir: "{{ tripleo_ansible_project_path }}/tripleo_ansible/playbooks" + executable: /bin/bash + environment: + ANSIBLE_ACTION_PLUGINS: "{{ tripleo_action_plugins_paths | join(':') }}" + when: + - tripleo_docker_enable_vfs is defined