Add an Ansible execution environment to our Build

This change adds an ansible execution environment to our build tools, which will allow us to run with execution environments via tripleoclient in the future. This build simply pulls in the base ansible-runner image, and provides an interface to download/install roles and collections as needed. It also contains: - the tripleo-ansible roles and collections contents via RPM. - tripleo-ansible ansible contents are symlinked back with the /runner directory. - ansible-runner settings included in /runner/env - custom entrypoint for tripleo specific usecase, which later on appends the ansible-runner entrypoint This image will be consumed in tripleo-ci-centos-9-singlenode-external-compute-via-ee job defined in https://review.opendev.org/c/openstack/tripleo-ci/+/843836. Depends-On: https://review.opendev.org/c/openstack/tripleo-quickstart-extras/+/852720 Change-Id: I56cabb9aa8483c5039b5920db96a00509dc730cc Signed-off-by: Kevin Carter <kecarter@redhat.com> Co-authored-by: Chandan Kumar <chkumar@redhat.com>
2021-02-19 10:58:01 -06:00 · 2021-02-19 10:58:01 -06:00 · 54a6bac5d5
commit 54a6bac5d5
parent 615cf9ff6e
6 changed files with 124 additions and 0 deletions
--- a/container-images/kolla/tripleo-ansible-ee/requirements.yaml
+++ b/container-images/kolla/tripleo-ansible-ee/requirements.yaml
@ -0,0 +1,37 @@
+---
+# Copyright 2021 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Roles and collections dependencies of tripleo-ansible
+# https://opendev.org/openstack/tripleo-ansible/src/branch/master/tripleo_ansible/requirements.yml
+collections:
+  - name: https://opendev.org/openstack/ansible-collections-openstack.git
+    type: git
+  - containers.podman
+  - community.general
+  - ansible.posix
+  - community.crypto
+roles:
+  - name: openstack-operations
+    scm: git
+    src: https://opendev.org/openstack/ansible-role-openstack-operations
+    version: master
+    trackbranch: master
+  # ansible-config_template action plugin
+  - name: config_template
+    scm: git
+    src: https://opendev.org/openstack/ansible-config_template
+    version: master
+    trackbranch: master
--- a/container-images/kolla/tripleo-ansible-ee/settings
+++ b/container-images/kolla/tripleo-ansible-ee/settings
@ -0,0 +1,26 @@
+# If no output is detected from ansible in this number of seconds the execution will
+# be terminated.
+idle_timeout: ${RUNNER_IDLE_TIMEOUT:-600}
+# The maximum amount of time to allow the job to run for, exceeding this and the
+# execution will be terminated.
+job_timeout: ${RUNNER_JOB_TIMEOUT:-3600}
+
+# Number of seconds for the internal pexpect command to wait to block on
+# input before continuing.
+pexpect_timeout: ${RUNNER_PEXPECT_TIMEOUT:-10}
+# Use poll() function for communication with child processes instead of select().
+# select() is used when the value is set to False. select() has a known limitation of
+# using only up to 1024 file descriptors.
+pexpect_use_poll: ${RUNNER_PEXPECT_USE_POLL:-True}
+
+# Allow output from ansible to not be streamed to the stdout or stderr files inside
+# of the artifacts directory.
+suppress_output_file: ${RUNNER_SUPPRESS_OUTPUT_FILE:-False}
+# Allow output from ansible to not be printed to the screen.
+suppress_ansible_output: ${RUNNER_SUPPRESS_ANSIBLE_OUTPUT:-False}
+
+# The directory relative to artifacts where jsonfile fact caching will be stored.
+# Defaults to fact_cache. This is ignored if fact_cache_type is different than jsonfile.
+fact_cache: ${RUNNER_FACT_CACHE:-'fact_cache'}
+# The type of fact cache to use. Defaults to jsonfile.
+fact_cache_type: ${RUNNER_FACT_CACHE_TYPE:-'jsonfile'}
--- a/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh
+++ b/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# Adding tripleo ansible-runner specific scripts here
+# Expand the variables
+eval "echo \"$(cat /runner/env/settings)\"" > /runner/env/settings
+
+# Contents from ansible-runner entrypoint
--- a/container-images/tcib/tripleo-ansible-ee/tripleo-ansible-ee.yaml
+++ b/container-images/tcib/tripleo-ansible-ee/tripleo-ansible-ee.yaml
@ -0,0 +1,48 @@
+tcib_args:
+  TRIPLEO_ANSIBLE_REQ: "/usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/requirements.yaml"
+  ANSIBLE_RUNNER_IMAGE: quay.io/tripleoansible/ansible-runner:stream9
+tcib_from: $ANSIBLE_RUNNER_IMAGE
+tcib_actions:
+- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
+- user: root
+- run: >-
+    cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/settings /runner/env/settings &&
+    chmod 777 /runner/env/settings
+# To be able for ansible to deal with the arbirtray uid's that Openshift is enforcing
+# in its default scc, it would be necessary to add "RUN chmod g=u /etc/passwd /etc/group"
+# to the tcib file so the subsequent image let the operator set temporary permissions
+# on the openshift uid for ansible to work.
+- run: chmod g=u /etc/passwd /etc/group
+- workdir: /usr/share/ansible/roles
+- run: >-
+    if [ -f "$TRIPLEO_ANSIBLE_REQ" ]; then
+    ansible-galaxy role install -r $TRIPLEO_ANSIBLE_REQ --roles-path /usr/share/ansible/roles; fi
+- workdir: /usr/share/ansible/collections
+- run: >-
+    if [ -f "$TRIPLEO_ANSIBLE_REQ" ]; then
+    ansible-galaxy collection install -r $TRIPLEO_ANSIBLE_REQ --collections-path /usr/share/ansible/collections; fi
+- workdir: /runner
+- run: >-
+    if [ -d "/usr/share/ansible/roles" ]; then
+    rm -rf /runner/roles && ln -snf /usr/share/ansible/ansible roles; fi
+- run: >-
+    if [ -d "/usr/share/ansible/tripleo-playbooks" ]; then
+    rm -rf /runner/project && ln -snf /usr/share/ansible/tripleo-playbooks project; fi
+- run: >-
+    if [ -d "/usr/share/ansible/tripleo-inventory" ]; then
+    rm -rf /runner/inventory && ln -snf /usr/share/ansible/tripleo-inventory inventory; fi
+# Append the ansible-runner entrypoint content in tripleo_entrypoint by removing bash shebang
+- run: >-
+    cp /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleo-ansible-ee/tripleo_entrypoint.sh /bin/tripleo_entrypoint &&
+    sed -i '1d' /bin/entrypoint &&
+    cat /bin/entrypoint >> /bin/tripleo_entrypoint &&
+    chmod +x /bin/tripleo_entrypoint
+- user: 1001
+tcib_entrypoint: tripleo_entrypoint
+# Install dumb-init from package instead from pip, used in ansible-runner entrypoint.
+tcib_packages:
+  common:
+  - ansible-role-chrony
+  - dumb-init
+  - openstack-tripleo-common-containers
+  - tripleo-ansible
--- a/container-images/tripleo_containers.yaml
+++ b/container-images/tripleo_containers.yaml
@ -189,3 +189,5 @@ container_images:
  image_source: tripleo
 - imagename: quay.io/tripleomastercentos9/openstack-tripleoclient:current-tripleo
  image_source: tripleo
+- imagename: quay.io/tripleomastercentos9/tripleo-ansible-ee:current-tripleo
+  image_source: tripleo
--- a/container-images/tripleo_containers.yaml.j2
+++ b/container-images/tripleo_containers.yaml.j2
@ -735,3 +735,7 @@ container_images_template:
  services:
  - OS::TripleO::Services::TripleoClient

+- imagename: "{{namespace}}/tripleo-ansible-ee:{{tag}}"
+  image_source: tripleo
+  params:
+  - ContainerAEEImage