Browse Source

Merge "Add validation to check DockerInsecureRegistryAddress matches the UC hostname" into stable/train

changes/43/791543/1
Zuul 1 month ago
committed by Gerrit Code Review
parent
commit
20cfe96a4d
10 changed files with 386 additions and 2 deletions
  1. +8
    -0
      doc/source/roles/role-check_uc_hostname.rst
  2. +15
    -0
      playbooks/check-uc-hostname.yaml
  3. +39
    -0
      roles/check_uc_hostname/README.md
  4. +23
    -0
      roles/check_uc_hostname/defaults/main.yml
  5. +35
    -0
      roles/check_uc_hostname/molecule/default/Dockerfile
  6. +58
    -0
      roles/check_uc_hostname/molecule/default/converge.yml
  7. +49
    -0
      roles/check_uc_hostname/molecule/default/molecule.yml
  8. +72
    -0
      roles/check_uc_hostname/molecule/default/prepare.yml
  9. +72
    -0
      roles/check_uc_hostname/tasks/main.yml
  10. +15
    -2
      zuul.d/molecule.yaml

+ 8
- 0
doc/source/roles/role-check_uc_hostname.rst View File

@ -0,0 +1,8 @@
========================
Role - check_uc_hostname
========================
.. include:: ../../../roles/check_uc_hostname/README.md
.. ansibleautoplugin::
:role: roles/check_uc_hostname

+ 15
- 0
playbooks/check-uc-hostname.yaml View File

@ -0,0 +1,15 @@
---
- hosts: undercloud
gather_facts: false
vars:
metadata:
name: Check DockerInsecureRegistryAddress parameter points to correct UC hostname
description: |
This validation checks the DockerInsecureRegistryAddress parameter
points to the right UC hostname
groups:
- pre-overcloud-upgrade
- post-update
check_uc_hostname_debug: false
roles:
- check_uc_hostname

+ 39
- 0
roles/check_uc_hostname/README.md View File

@ -0,0 +1,39 @@
Check-uc-hostname
=================
Add Ansible role to check DockerInsecureRegistryAddress matches the UC hostname.
Requirements
------------
This role will be executed pre Overcloud Update, and post Update
Role Variables
--------------
* `check_uc_hostname_debug`: <'false'> -- debugging mode.
* `check_uc_hostname_containers`: <'{{ansible_env.HOME}}/containers-prepare-parameter.yaml'> -- Sets the default path to the `containers-prepare-parameters.yaml` file on the Undercloud.
* `check_uc_hostname_undercloud`: <'{{ ansible_env.HOME }}/undercloud.conf'> -- Sets the default path to the `undercloud.conf` file on the Undercloud.
Dependencies
------------
No Dependencies
Example Playbook
----------------
- hosts: servers
roles:
- { role: check_uc_hostname, check_uc_hostname_debug: true }
License
-------
Apache
Author Information
------------------
Red Hat TripleO DFG:Upgrades

+ 23
- 0
roles/check_uc_hostname/defaults/main.yml View File

@ -0,0 +1,23 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should place placed in this file.
# All variables within this role should have a prefix of "check_uc_hostname"
check_uc_hostname_debug: false
check_uc_hostname_containers: "{{ ansible_env.HOME }}/containers-prepare-parameter.yaml"
check_uc_hostname_undercloud: "{{ ansible_env.HOME }}/undercloud.conf"

+ 35
- 0
roles/check_uc_hostname/molecule/default/Dockerfile View File

@ -0,0 +1,35 @@
# Molecule managed
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 58
- 0
roles/check_uc_hostname/molecule/default/converge.yml View File

@ -0,0 +1,58 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Test working
block:
- include_role:
name: check_uc_hostname
vars:
check_uc_hostname_undercloud: "/tmp/undercloud.conf"
check_uc_hostname_containers: "/tmp/containers-prepare-parameter.yaml"
- name: Test failing
block:
- name: populate undercloud.conf
copy:
dest: "/tmp/undercloud.conf"
content: |
[DEFAULT]
undercloud_public_host = 192.168.24.2
- include_role:
name: check_uc_hostname
vars:
check_uc_hostname_undercloud: "/tmp/undercloud.conf"
check_uc_hostname_containers: "/tmp/containers-prepare-parameter.yaml"
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The check-uc-hostname validation failed to check that the hostnames
did not match.

+ 49
- 0
roles/check_uc_hostname/molecule/default/molecule.yml View File

@ -0,0 +1,49 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*-setuptools python*-pyyaml
privileged: true
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
- /opt/yum.repos.d:/etc/yum.repos.d:rw
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
ulimits: &ulimit
- host
provisioner:
name: ansible
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

+ 72
- 0
roles/check_uc_hostname/molecule/default/prepare.yml View File

@ -0,0 +1,72 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: populate undercloud.conf
copy:
dest: "/tmp/undercloud.conf"
content: |
[DEFAULT]
undercloud_public_host = 192.168.24.1
- name: populate containers-prepare-parameter.yaml
copy:
dest: "/tmp/containers-prepare-parameter.yaml"
content: |
parameter_defaults:
DockerInsecureRegistryAddress:
- 192.168.24.1:8787
- docker.io
ContainerImagePrepare:
- push_destination: "192.168.24.1:8787"
set:
tag: "current-tripleo"
namespace: "docker.io/tripleomaster"
name_prefix: "openstack"
name_suffix: ""
rhel_containers: "false"
ceph_namespace: "quay.ceph.io/ceph-ci"
ceph_image: "daemon"
ceph_tag: "v5.0.7-stable-5.0-octopus-centos-8-x86_64"
openshift_tag: "v3.11.0"
- name: Prepare localhost
hosts: localhost
gather_facts: false
tasks:
- name: populate containers-prepare-parameter.yaml
copy:
dest: "/tmp/containers-prepare-parameter.yaml"
content: |
parameter_defaults:
DockerInsecureRegistryAddress:
- 192.168.24.1:8787
- docker.io
ContainerImagePrepare:
- push_destination: "192.168.24.1:8787"
set:
tag: "current-tripleo"
namespace: "docker.io/tripleomaster"
name_prefix: "openstack"
name_suffix: ""
rhel_containers: "false"
ceph_namespace: "quay.ceph.io/ceph-ci"
ceph_image: "daemon"
ceph_tag: "v5.0.7-stable-5.0-octopus-centos-8-x86_64"
openshift_tag: "v3.11.0"

+ 72
- 0
roles/check_uc_hostname/tasks/main.yml View File

@ -0,0 +1,72 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Ensure we get needed facts
setup:
gather_subset:
- '!all'
- '!any'
- '!min'
- env
- name: Check undercloud.conf
stat:
path: "{{ check_uc_hostname_undercloud }}"
register: stat_result_uc_hostname_undercloud
- name: Check containers-prepare-parameter
stat:
path: "{{ check_uc_hostname_containers }}"
register: stat_result_uc_hostname_containers
- name: Fail if one of those files is missing
fail:
msg: |
The following configuration file(s) is/are missing:
{% if not stat_result_uc_hostname_undercloud.stat.exists %}
- "{{ check_uc_hostname_undercloud }}"
{% endif %}
{% if not stat_result_uc_hostname_containers.stat.exists %}
- "{{ check_uc_hostname_containers }}"
{% endif %}
when: not stat_result_uc_hostname_undercloud.stat.exists or not stat_result_uc_hostname_containers.stat.exists
- when:
- stat_result_uc_hostname_undercloud.stat.exists
- stat_result_uc_hostname_containers.stat.exists
block:
- name: Get undercloud_public_host value from undercloud.conf file
validations_read_ini:
path: "{{ check_uc_hostname_undercloud }}"
section: DEFAULT
key: undercloud_public_host
register: uc_hostname_undercloud
- name: Get DockerInsecureRegistryAddress value from containers file
set_fact:
uc_hostname_containers: "{{ item.split(':')[0] }}"
with_items: "{{ (lookup('template', '{{ check_uc_hostname_containers }}')
| from_yaml).parameter_defaults.DockerInsecureRegistryAddress
| list
| first }}"
- name: Verify UC hostnames match
fail:
msg: |
The UC hostnames from undercloud.conf and containers-prepare-parameter.yaml must match
UC hostname from undercloud.conf is {{ uc_hostname_undercloud.value }}
UC hostname from containers-prepare-parameter.yaml is {{ uc_hostname_containers }}
failed_when: uc_hostname_undercloud.value != uc_hostname_containers

+ 15
- 2
zuul.d/molecule.yaml View File

@ -2,11 +2,11 @@
- project-template:
check:
jobs:
- tripleo-validations-centos-8-molecule-system_encoding
- tripleo-validations-centos-8-molecule-ceph
- tripleo-validations-centos-8-molecule-check_network_gateway
- tripleo-validations-centos-8-molecule-check_rhsm_version
- tripleo-validations-centos-8-molecule-check_undercloud_conf
- tripleo-validations-centos-8-molecule-check_uc_hostname
- tripleo-validations-centos-8-molecule-controller_token
- tripleo-validations-centos-8-molecule-controller_ulimits
- tripleo-validations-centos-8-molecule-ctlplane_ip_range
@ -16,16 +16,17 @@
- tripleo-validations-centos-8-molecule-rabbitmq_limits
- tripleo-validations-centos-8-molecule-repos
- tripleo-validations-centos-8-molecule-stonith_exists
- tripleo-validations-centos-8-molecule-system_encoding
- tripleo-validations-centos-8-molecule-tls_everywhere
- tripleo-validations-centos-8-molecule-undercloud_debug
- tripleo-validations-centos-8-molecule-undercloud_heat_purge_deleted
- tripleo-validations-centos-8-molecule-undercloud_tokenflush
gate:
jobs:
- tripleo-validations-centos-8-molecule-system_encoding
- tripleo-validations-centos-8-molecule-ceph
- tripleo-validations-centos-8-molecule-check_network_gateway
- tripleo-validations-centos-8-molecule-check_rhsm_version
- tripleo-validations-centos-8-molecule-check_uc_hostname
- tripleo-validations-centos-8-molecule-check_undercloud_conf
- tripleo-validations-centos-8-molecule-controller_token
- tripleo-validations-centos-8-molecule-controller_ulimits
@ -36,6 +37,7 @@
- tripleo-validations-centos-8-molecule-rabbitmq_limits
- tripleo-validations-centos-8-molecule-repos
- tripleo-validations-centos-8-molecule-stonith_exists
- tripleo-validations-centos-8-molecule-system_encoding
- tripleo-validations-centos-8-molecule-tls_everywhere
- tripleo-validations-centos-8-molecule-undercloud_debug
- tripleo-validations-centos-8-molecule-undercloud_heat_purge_deleted
@ -331,3 +333,14 @@
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: check_undercloud_conf
- job:
files:
- ^roles/check_uc_hostname/.*
- ^tests/prepare-test-host.yml
- ^ci/playbooks/pre.yml
- ^ci/playbooks/run.yml
name: tripleo-validations-centos-8-molecule-check_uc_hostname
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: check_uc_hostname

Loading…
Cancel
Save