diff --git a/roles/tripleo_overcloud_admin_authorize/README.md b/roles/tripleo_overcloud_admin_authorize/README.md new file mode 100644 index 0000000..cd30aae --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/README.md @@ -0,0 +1,59 @@ +tripleo_overcloud_admin_authorize +================================= + +A role to run the overcloud admin authorize action. + +Requirements +------------ + +None. + +Role Variables +-------------- + +* `tripleo_overcloud_admin_authorize_debug`: (Boolean) Flag used to enable the debug version of commands. Default: false +* `tripleo_overcloud_admin_authorize_os_cloud`: (String) OS_CLOUD value to use when running the command. If tripleo_os_cloud is defined, it will be the default. Otherwise the default is ''. This variable takes precedence over `tripleo_overcloud_admin_authorize_rc_file`. +* `tripleo_overcloud_admin_authorize_output_dir`: (String) Directory to output ansible.cfg and ansible.log files. Default: "{{ ansible_env.HOME }}" +* `tripleo_overcloud_admin_authorize_poll`: (Integer) Number of seconds to wait between each checks to see if the deployment command has completed. Default: 10 +* `tripleo_overcloud_admin_authorize_rc_file`: (String) Path to the credential file to use. If tripleo_rc_file is defined, it will be the default. Default: "{{ ansible_env.HOME }}/overcloudrc" +* `tripleo_overcloud_admin_authorize_ssh_enable_timeout`: (Integer) Timeout for the ssh enable process to finish (Train version only) +* `tripleo_overcloud_admin_authorize_ssh_key`: (String) Path to ssh key for the overcloud nodes. +* `tripleo_overcloud_admin_authorize_ssh_network`: (String) Network name to use for ssh access to the overcloud nodes. +* `tripleo_overcloud_admin_authorize_ssh_port_timeout`: (Integer) Timeout for teh ssh port to become active. +* `tripleo_overcloud_admin_authorize_ssh_user`: (String) User for ssh access to overcloud nodes +* `tripleo_overcloud_admin_authorize_stack`: (String) Name or ID of the heat stack +* `tripleo_overcloud_admin_authorize_timeout`: (Integer) Number in seconds to wait for the ansible execution of the deployment command to finish. Default: 3600 + +Output Variables +---------------- + +* `tripleo_overcloud_admin_authorize_output`: (String) The command standard output. +* `tripleo_overcloud_admin_authorize_result`: Ansible shell execution results + +Dependencies +------------ + +None. + +Example Playbook +---------------- + +Example execution playbook + +```yaml +- hosts: undercloud + gather_facts: true + tasks: + - name: Deploy the ssh key for the overcloud + import_role: + name: tripleo_overcloud_admin_authorize + vars: + tripleo_overcloud_admin_authorize_stack: overcloud + tripleo_overcloud_admin_authorize_ssh_user: admin + tripleo_overcloud_admin_authorize_ssh_key: "/home/stack/my_key.pub" +``` + +License +------- + +Apache-2.0 diff --git a/roles/tripleo_overcloud_admin_authorize/defaults/main.yml b/roles/tripleo_overcloud_admin_authorize/defaults/main.yml new file mode 100644 index 0000000..215be2e --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# defaults file for tripleo_overcloud_admin_authorize +openstack_bin: openstack +tripleo_overcloud_admin_authorize_debug: false +tripleo_overcloud_admin_authorize_os_cloud: "{{ tripleo_os_cloud | default('') }}" +tripleo_overcloud_admin_authorize_output_dir: "{{ ansible_env.HOME }}" +tripleo_overcloud_admin_authorize_poll: 10 +tripleo_overcloud_admin_authorize_rc_file: "{{ tripleo_rc_file | default(ansible_env.HOME ~ '/overcloudrc') }}" +tripleo_overcloud_admin_authorize_ssh_enable_timeout: +tripleo_overcloud_admin_authorize_ssh_key: +tripleo_overcloud_admin_authorize_ssh_network: +tripleo_overcloud_admin_authorize_ssh_port_timeout: +tripleo_overcloud_admin_authorize_ssh_user: +tripleo_overcloud_admin_authorize_timeout: 3600 +tripleo_overcloud_admin_authorize_stack: diff --git a/roles/tripleo_overcloud_admin_authorize/meta/main.yml b/roles/tripleo_overcloud_admin_authorize/meta/main.yml new file mode 100644 index 0000000..3cb2d9e --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/meta/main.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2019 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: OpenStack + description: TripleO Operator Role -- tripleo_overcloud_admin_authorize + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.8 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: CentOS + versions: + - 7 + - 8 + + galaxy_tags: + - tripleo + + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/roles/tripleo_overcloud_admin_authorize/molecule/default/converge.yml b/roles/tripleo_overcloud_admin_authorize/molecule/default/converge.yml new file mode 100644 index 0000000..31d4ab7 --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/molecule/default/converge.yml @@ -0,0 +1,92 @@ +--- +- name: Converge + hosts: all + collections: + - tripleo.operator + vars: + openstack_bin: echo + tripleo_os_cloud: undercloud + tripleo_overcloud_admin_authorize_debug: true + tripleo_overcloud_admin_authorize_output_dir: + tasks: + + - name: "Include tripleo_overcloud_admin_authorize" + include_role: + name: "tripleo_overcloud_admin_authorize" + + - name: Check role + assert: + that: + - tripleo_overcloud_admin_authorize_output == "overcloud admin authorize" + + - name: Check parameter "tripleo_overcloud_admin_authorize_stack" + include_role: + name: "tripleo_overcloud_admin_authorize" + vars: + tripleo_overcloud_admin_authorize_stack: foo + + - name: Assert "tripleo_overcloud_admin_authorize_stack" + assert: + that: + - tripleo_overcloud_admin_authorize_output == + "overcloud admin authorize --stack foo" + + - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_user" + include_role: + name: "tripleo_overcloud_admin_authorize" + vars: + tripleo_overcloud_admin_authorize_ssh_user: foo + + - name: Assert "tripleo_overcloud_admin_authorize_ssh_user" + assert: + that: + - tripleo_overcloud_admin_authorize_output == + "overcloud admin authorize --overcloud-ssh-user foo" + + - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_key" + include_role: + name: "tripleo_overcloud_admin_authorize" + vars: + tripleo_overcloud_admin_authorize_ssh_key: /home/stack/foo.pub + + - name: Assert "tripleo_overcloud_admin_authorize_ssh_key" + assert: + that: + - tripleo_overcloud_admin_authorize_output == + "overcloud admin authorize --overcloud-ssh-key /home/stack/foo.pub" + + - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_network" + include_role: + name: "tripleo_overcloud_admin_authorize" + vars: + tripleo_overcloud_admin_authorize_ssh_network: internal + + - name: Assert "tripleo_overcloud_admin_authorize_ssh_network" + assert: + that: + - tripleo_overcloud_admin_authorize_output == + "overcloud admin authorize --overcloud-ssh-network internal" + + - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_enable_timeout" + include_role: + name: "tripleo_overcloud_admin_authorize" + vars: + tripleo_overcloud_admin_authorize_ssh_enable_timeout: 10 + + - name: Assert "tripleo_overcloud_admin_authorize_ssh_enable_timeout" + assert: + that: + - tripleo_overcloud_admin_authorize_output == + "overcloud admin authorize --overcloud-ssh-enable-timeout 10" + + - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_port_timeout" + include_role: + name: "tripleo_overcloud_admin_authorize" + vars: + tripleo_overcloud_admin_authorize_ssh_port_timeout: 10 + + - name: Assert "tripleo_overcloud_admin_authorize_ssh_port_timeout" + assert: + that: + - tripleo_overcloud_admin_authorize_output == + "overcloud admin authorize --overcloud-ssh-port-timeout 10" diff --git a/roles/tripleo_overcloud_admin_authorize/molecule/default/molecule.yml b/roles/tripleo_overcloud_admin_authorize/molecule/default/molecule.yml new file mode 100644 index 0000000..2841806 --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/molecule/default/molecule.yml @@ -0,0 +1,19 @@ +--- +driver: + name: delegated + options: + managed: false + ansible_connection_options: + ansible_connection: local +log: true +platforms: + - name: instance +provisioner: + name: ansible +scenario: + name: default + test_sequence: + - prepare + - syntax + - converge + - verify diff --git a/roles/tripleo_overcloud_admin_authorize/molecule/default/prepare.yml b/roles/tripleo_overcloud_admin_authorize/molecule/default/prepare.yml new file mode 100644 index 0000000..63bb6ab --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/molecule/default/prepare.yml @@ -0,0 +1,8 @@ +--- +- name: Prepare + hosts: all + tasks: + + - name: Include molecule prep + include_role: + name: test_molecule_prep diff --git a/roles/tripleo_overcloud_admin_authorize/tasks/main.yml b/roles/tripleo_overcloud_admin_authorize/tasks/main.yml new file mode 100644 index 0000000..d545842 --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: Setup config overcloud admin authorize ansible facts + set_fact: + _authorize_cmd: >- + {{ tripleo_overcloud_admin_authorize_os_cloud | ternary('', "source " ~ tripleo_overcloud_admin_authorize_rc_file ~ "; ") }} + {{ openstack_bin }} overcloud admin authorize + {{ tripleo_overcloud_admin_authorize_stack | ternary("--stack $AUTHORIZE_STACK", '') }} + {{ tripleo_overcloud_admin_authorize_ssh_user | ternary("--overcloud-ssh-user $AUTHORIZE_SSH_USER", '') }} + {{ tripleo_overcloud_admin_authorize_ssh_key | ternary("--overcloud-ssh-key $AUTHORIZE_SSH_KEY", '') }} + {{ tripleo_overcloud_admin_authorize_ssh_network | ternary("--overcloud-ssh-network $AUTHORIZE_SSH_NETWORK", '') }} + {{ tripleo_overcloud_admin_authorize_ssh_enable_timeout | ternary("--overcloud-ssh-enable-timeout $AUTHORIZE_SSH_ENABLE_TIMEOUT", '') }} + {{ tripleo_overcloud_admin_authorize_ssh_port_timeout | ternary("--overcloud-ssh-port-timeout $AUTHORIZE_SSH_PORT_TIMEOUT", '') }} + {{ tripleo_overcloud_admin_authorize_output_dir | ternary("--output-dir $AUTHORIZE_OUTPUT_DIR", '') }} + _authorize_env: + AUTHORIZE_STACK: "{{ tripleo_overcloud_admin_authorize_stack }}" + AUTHORIZE_SSH_USER: "{{ tripleo_overcloud_admin_authorize_ssh_user }}" + AUTHORIZE_SSH_KEY: "{{ tripleo_overcloud_admin_authorize_ssh_key }}" + AUTHORIZE_SSH_NETWORK: "{{ tripleo_overcloud_admin_authorize_ssh_network }}" + AUTHORIZE_SSH_ENABLE_TIMEOUT: "{{ tripleo_overcloud_admin_authorize_ssh_enable_timeout }}" + AUTHORIZE_SSH_PORT_TIMEOUT: "{{ tripleo_overcloud_admin_authorize_ssh_port_timeout }}" + AUTHORIZE_OUTPUT_DIR: "{{ tripleo_overcloud_admin_authorize_output_dir }}" + OS_CLOUD: "{{ tripleo_overcloud_admin_authorize_os_cloud }}" + +- name: Show debug information + when: tripleo_overcloud_admin_authorize_debug|bool + block: + - name: Show the overcloud admin authorize command + debug: + var: _authorize_cmd + - name: Show the overcloud admin authorize ansible environment + debug: + var: _authorize_env + +- name: overcloud admin authorize + shell: "{{ _authorize_cmd }}" # noqa 305 + args: + warn: false + environment: "{{ _authorize_env }}" + async: "{{ tripleo_overcloud_admin_authorize_timeout }}" + poll: "{{ tripleo_overcloud_admin_authorize_poll }}" + register: tripleo_overcloud_admin_authorize_result + changed_when: true + +- name: Set output fact + set_fact: + tripleo_overcloud_admin_authorize_output: "{{ tripleo_overcloud_admin_authorize_result.stdout }}" diff --git a/roles/tripleo_overcloud_admin_authorize/tests/inventory b/roles/tripleo_overcloud_admin_authorize/tests/inventory new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/roles/tripleo_overcloud_admin_authorize/tests/test.yml b/roles/tripleo_overcloud_admin_authorize/tests/test.yml new file mode 100644 index 0000000..12f30fe --- /dev/null +++ b/roles/tripleo_overcloud_admin_authorize/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - tripleo_overcloud_admin_authorize diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 8ae7c1f..1c6851f 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -12,6 +12,7 @@ - tripleo-operator-molecule-tripleo_container_image_show - tripleo-operator-molecule-tripleo_overcloud_image_upload - tripleo-operator-molecule-tripleo_deploy + - tripleo-operator-molecule-tripleo_overcloud_admin_authorize - tripleo-operator-molecule-tripleo_overcloud_deploy - tripleo-operator-molecule-tripleo_overcloud_export - tripleo-operator-molecule-tripleo_overcloud_failures @@ -44,6 +45,7 @@ - tripleo-operator-molecule-tripleo_container_image_show - tripleo-operator-molecule-tripleo_overcloud_image_upload - tripleo-operator-molecule-tripleo_deploy + - tripleo-operator-molecule-tripleo_overcloud_admin_authorize - tripleo-operator-molecule-tripleo_overcloud_deploy - tripleo-operator-molecule-tripleo_overcloud_export - tripleo-operator-molecule-tripleo_overcloud_failures @@ -185,6 +187,20 @@ vars: tox_extra_args: tripleo_deploy +- job: + files: + - ^roles/tripleo_overcloud_admin_authorize/.* + - ^bindep.txt + - ^galaxy.yml + - ^requirements.txt + - ^setup.cfg + - ^test-requirements.txt + - ^tox.ini + name: tripleo-operator-molecule-tripleo_overcloud_admin_authorize + parent: tripleo-operator-molecule-base + vars: + tox_extra_args: tripleo_overcloud_admin_authorize + - job: files: - ^roles/tripleo_overcloud_deploy/.*