This exposes new var for tripleo_container_manage. Also,
removes the check to force set clean_orphans=True in
needs_delete filter, when there is one or no item in
the startup config.
There is a possibility when disabling services, there would
be one or zero container_startup_configs for a step.
Partial-Bug: #1893335
Change-Id: I9d08168015487c48d8b380a9575ba236b7fb7d0d
If an operator would have disabled or stopped the service, we make sure
that it is again enabled and started when a deployment occurs.
We also add test coverage for it in molecule.
Change-Id: I97a6819574772835eb4a291b63bb05551fe4439a
Add a test case where we disable the systemd service and make sure that
tripleo_container_manage role will handle the restart.
Change-Id: I28eb64ee938744adc8a50182e7a3a6a6e3570d6a
Instead of running a bunch of tasks to manage systemd resources, move
it into an action plugin which should make the execution faster and
easier to debug as well.
Example of task:
- name: Manage container systemd services
container_systemd:
container_config:
- keystone:
image: quay.io/tripleo/keystone
restart: always
- mysql:
image: quay.io/tripleo/mysql
stop_grace_period: 25
restart: always
The output is "restarted" for the list of services that were actually
restarted in systemd.
Note on testing: since that module is consummed by
tripleo_container_manage role, there is no need to create dedicated
molecule tests, we already cover containers with restart policy in that
role's molecule tests. So we'll re-use it.
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Kevin Carter <kecarter@redhat.com>
Change-Id: I614766bd9b111bda9ddfea0a60b032e1dee09abc
Instead of running a bunch of tasks to figure out what container
commands have been run, which ones did not terminate after 5 minutes,
which ones failed or finished with a wrong exit code. We now have an
action plugin that will do it faster and with better logging.
Faster before it reduces the number of tasks.
Better logging is provided, now displaying all errors during a run and
fail at the end.
Supporting check-mode.
Re-using tripleo_container_manage role for molecule testing.
Co-Authored-By: Alex Schultz <aschultz@redhat.com>
Co-Authored-By: Kevin Carter <kecarter@redhat.com>
Change-Id: Ie7f8c9cceaf9540d7d33a9bb5f33258c46185e77
- helpers/haskey: add excluded_keys argument. It allows to return the
config that has an attribute but also where some attributed are
excluded. The use case here is that we have some container configs
which have both "command" and "action". We want to use that filter to
build a list of containers where the return code has to be checked;
which is the not the case for the containers with "action" in their
configs; since they are used for "podman exec" configs (and there is
nothing to check in return from podman inspect).
- check_exit_code: change the list of containers to check the exit code
to include all the containers with a "command" but not "action".
It should cover all the containers which are used to run some
non-services things like db_sync etc.
- molecule: change the fedora_bis and fedora_three containers to run
short sleep so we can actually test that change against these
containers and also on the first deployment of fedora_bis and
fedora_three, we'll check their return code.
Change-Id: I466a57bd788e02c32b1efb0ac0223684f0d39393
Closes-Bug: #1878074
Now that Podman natively supports healthchecks, let's use them; which
will reduce our footprint in how we consume Podman.
Using native healthcheck brings a few benefits:
- Less Ansible tasks to manage the systemd resources, so deployment
should be slightly faster.
- Leverage features into the container tooling directly; not in tripleo.
This patch does the following:
- Fix the podman arguments for healthcheck options in podman_container
module, transparent for the end-user. Indeed, the args are "health-*".
- Remove the management of timers and healthcheck services and their
requires.
- New playbook "healthcheck_cleanup" to cleanup previous systemd
healthchecks if they exist.
- Update molecule default testing to test if new healthchecks work fine.
- Update the role manual for healthchecks usage.
This patch should be transparent for the end-users except that the
systemd healthchecks won't exist anymore:
Instead of running: "systemctl status tripleo_keystone_healthcheck.timer
status", we would run "podman healthcheck run keystone" or check the
output of "podman inspect keystone".
The document has also been updated in the role manual.
It requires at least Podman 1.6 where this patch has been tested.
Depends-On: https://review.opendev.org/720089
Change-Id: I37508cd8243999389f9e17d5ea354529bb042279
If a container config has by mistake a healthcheck but no systemd
restart policy, we don't want to manage the healthcheck because it
requires its service to be created.
To prevent that situation, we'll create the healthchecks only if they
are already part of the systemd services list that was created earlier.
For that, we're using the intersect() filter which allows to
get the intersection of 2 lists (systemd services and healthchecks to
create).
Adding molecule coverage to test this scenario.
Closes-Bug: #1873249
Change-Id: Id5cc784bae597def0648f07d28b6463b387d2212
Add a test that update a container managed by systemd; with a new image.
The container should be removed and re-created; and its systemd files.
We have seen race conditions in Ansible/Systemd where the unit file
could not be found. This patch will prevent that to happen thanks to a
functional test.
Change-Id: I7b7392f68d7f5b4b991c5238e7abd40d72a08b10
Add testing coverage for:
- Idempotency. Apply no change to the config and run Ansible again, make
sure the container didn't change.
- Manage only one contianer and make sure others aren't touched.
- Manage a wrong config pattern and make sure nothing has changed.
- Test a container removal and make sure the container was removed but
not the others.
- Test a container update and make sure the config was applied.
- Test a container config override.
- Run the tripleo_container_manage molecule job when changes are done in
tripleo_container_rm role to avoid regressions.
Change-Id: I5fb17aeac6533da6f2e3f6cb211ed3e2131b0de5
This change replaces all of the roles references in our various files with the
new role name. This is being done because Ansible no longer allows hyphens in
role names.
Change-Id: Ie899714aca49781ccd240bb259901d76f177d2ae
Signed-off-by: Kevin Carter <kecarter@redhat.com>
All roles that have a hyphen in them need to be renamed to use an
underscore. This change creates a symlink to all roles using their
original name which will ensure we maintain compatibility with
the rest of the TripleO stack. This is being done because roles with
hyphens are no longer valid within collections.
A temp PBR update has been made to accomodate all of the symlinks to
the legacy role names.
[0] https://docs.ansible.com/ansible/devel/dev_guide/developing_collections.html#roles-directory
Change-Id: Id00a3670351990e5489a297c4c7200f8c05af096
Signed-off-by: Kevin Carter <kecarter@redhat.com>
Rabi Mishra
Emilien Macchi
Sorin Sbarnea
Kevin Carter