From e8c2f875c812117d32c68a025652a58b77882a2d Mon Sep 17 00:00:00 2001 From: omcgonag Date: Sat, 3 Apr 2021 09:13:14 -0400 Subject: [PATCH] Check for dangling images Make sure before update we do not have any dangling images. Basically - make sure the command: $ podman images --filter "dangling=true" -q --no-trunc returns empty. Co-authored-by: Daniel Bengtsson Change-Id: I70acd9cef9e84d2c68b7bd3d82dcbd0f99c79fb9 (cherry picked from commit bd87790cf9f14b8846944202fa949d680aaf1e4a) --- .../roles/role-check_for_dangling_images.rst | 8 +++ playbooks/check-for-dangling-images.yaml | 13 ++++ roles/check_for_dangling_images/README.md | 37 ++++++++++++ .../defaults/main.yml | 21 +++++++ .../molecule/default/Dockerfile | 35 +++++++++++ .../molecule/default/converge.yml | 60 +++++++++++++++++++ .../molecule/default/molecule.yml | 47 +++++++++++++++ .../check_for_dangling_images/tasks/main.yml | 28 +++++++++ zuul.d/molecule.yaml | 12 ++++ 9 files changed, 261 insertions(+) create mode 100644 doc/source/roles/role-check_for_dangling_images.rst create mode 100644 playbooks/check-for-dangling-images.yaml create mode 100644 roles/check_for_dangling_images/README.md create mode 100644 roles/check_for_dangling_images/defaults/main.yml create mode 100644 roles/check_for_dangling_images/molecule/default/Dockerfile create mode 100644 roles/check_for_dangling_images/molecule/default/converge.yml create mode 100644 roles/check_for_dangling_images/molecule/default/molecule.yml create mode 100644 roles/check_for_dangling_images/tasks/main.yml diff --git a/doc/source/roles/role-check_for_dangling_images.rst b/doc/source/roles/role-check_for_dangling_images.rst new file mode 100644 index 000000000..ca8a3256d --- /dev/null +++ b/doc/source/roles/role-check_for_dangling_images.rst @@ -0,0 +1,8 @@ +================================ +Role - check_for_dangling_images +================================ + +.. include:: ../../../roles/check_for_dangling_images/README.md + +.. ansibleautoplugin:: + :role: roles/check_for_dangling_images diff --git a/playbooks/check-for-dangling-images.yaml b/playbooks/check-for-dangling-images.yaml new file mode 100644 index 000000000..1117a0f51 --- /dev/null +++ b/playbooks/check-for-dangling-images.yaml @@ -0,0 +1,13 @@ +--- +- hosts: undercloud + gather_facts: false + vars: + metadata: + name: Check for podman dangling images + description: | + Make sure before update we do not have any dangling images. + groups: + - pre-update + check_for_dangling_images_debug: false + roles: + - check_for_dangling_images diff --git a/roles/check_for_dangling_images/README.md b/roles/check_for_dangling_images/README.md new file mode 100644 index 000000000..8623140b2 --- /dev/null +++ b/roles/check_for_dangling_images/README.md @@ -0,0 +1,37 @@ +Check-for-dangling-images +========================= + +Add Ansible role to check for dangling images + +Requirements +------------ + +This role will be executed pre Update. + + +Role Variables +-------------- + +* `check_for_dangling_images_debug`: <'false'> -- debugging mode. + +Dependencies +------------ + +No Dependencies + +Example Playbook +---------------- + + - hosts: servers + roles: + - { role: check_for_dangling_images, check_for_dangling_images_debug: true } + +License +------- + +Apache + +Author Information +------------------ + +Red Hat TripleO DFG:Upgrades diff --git a/roles/check_for_dangling_images/defaults/main.yml b/roles/check_for_dangling_images/defaults/main.yml new file mode 100644 index 000000000..d14e829d6 --- /dev/null +++ b/roles/check_for_dangling_images/defaults/main.yml @@ -0,0 +1,21 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should place placed in this file. + +# All variables within this role should have a prefix of "check_for_dangling_images" +check_for_dangling_images_debug: false diff --git a/roles/check_for_dangling_images/molecule/default/Dockerfile b/roles/check_for_dangling_images/molecule/default/Dockerfile new file mode 100644 index 000000000..792f46043 --- /dev/null +++ b/roles/check_for_dangling_images/molecule/default/Dockerfile @@ -0,0 +1,35 @@ +# Molecule managed +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi + +{% for pkg in item.easy_install | default([]) %} +# install pip for centos where there is no python-pip rpm in default repos +RUN easy_install {{ pkg }} +{% endfor %} + +CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/check_for_dangling_images/molecule/default/converge.yml b/roles/check_for_dangling_images/molecule/default/converge.yml new file mode 100644 index 000000000..194cc1d2a --- /dev/null +++ b/roles/check_for_dangling_images/molecule/default/converge.yml @@ -0,0 +1,60 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + gather_facts: false + + tasks: + - name: Populate successful podman CLI + copy: + dest: /usr/bin/podman + mode: 0755 + content: | + #!/bin/bash + + - name: Test good values + include_role: + name: check_for_dangling_images + + - name: Populate failing podman CLI + copy: + dest: /usr/bin/podman + mode: 0755 + content: | + #!/bin/bash + echo 4199acc83c6a43243392aecbff22764dbb501aef81a26d7c4c8c69064f84ef47 + + - name: Test failing + block: + - name: Catch when images exist + include_role: + name: check_for_dangling_images + rescue: + - name: Clear host errors + meta: clear_host_errors + + - debug: + msg: The validation works! End the playbook run + + - name: End play + meta: end_play + + - name: Fail the test + fail: + msg: | + Found dangling podman images diff --git a/roles/check_for_dangling_images/molecule/default/molecule.yml b/roles/check_for_dangling_images/molecule/default/molecule.yml new file mode 100644 index 000000000..1e6692d57 --- /dev/null +++ b/roles/check_for_dangling_images/molecule/default/molecule.yml @@ -0,0 +1,47 @@ +--- +driver: + name: podman + +log: true + +platforms: + - name: ubi8 + hostname: ubi8 + image: ubi8/ubi-init + registry: + url: registry.access.redhat.com + dockerfile: Dockerfile + pkg_extras: python*-setuptools + privileged: true + volumes: + - /etc/yum.repos.d:/etc/yum.repos.d:rw + environment: &env + http_proxy: "{{ lookup('env', 'http_proxy') }}" + https_proxy: "{{ lookup('env', 'https_proxy') }}" + ulimits: &ulimit + - host + +provisioner: + name: ansible + inventory: + hosts: + all: + hosts: + ubi8: + ansible_python_interpreter: /usr/bin/python3 + log: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" + +scenario: + test_sequence: + - destroy + - create + - prepare + - converge + - verify + - destroy + +verifier: + name: testinfra diff --git a/roles/check_for_dangling_images/tasks/main.yml b/roles/check_for_dangling_images/tasks/main.yml new file mode 100644 index 000000000..951ae35f5 --- /dev/null +++ b/roles/check_for_dangling_images/tasks/main.yml @@ -0,0 +1,28 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# "check_for_dangling_images" tasks + +- name: Get podman check for images + shell: podman images --filter "dangling=true" -q --no-trunc + register: dangling_images + +- name: Verify no images exist + fail: + msg: >- + Error - podman images were found using 'podman images --filter "dangling=true" -q --no-trunc' + failed_when: dangling_images.stdout != "" diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 2178b2068..7275dddbe 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -3,6 +3,7 @@ check: jobs: - tripleo-validations-centos-8-molecule-ceph + - tripleo-validations-centos-8-molecule-check_for_dangling_images - tripleo-validations-centos-8-molecule-check_network_gateway - tripleo-validations-centos-8-molecule-check_rhsm_version - tripleo-validations-centos-8-molecule-check_undercloud_conf @@ -25,6 +26,7 @@ gate: jobs: - tripleo-validations-centos-8-molecule-ceph + - tripleo-validations-centos-8-molecule-check_for_dangling_images - tripleo-validations-centos-8-molecule-check_network_gateway - tripleo-validations-centos-8-molecule-check_rhsm_version - tripleo-validations-centos-8-molecule-check_uc_hostname @@ -350,3 +352,13 @@ parent: tripleo-validations-centos-8-base vars: tripleo_validations_role_name: check_uc_hostname +- job: + files: + - ^roles/check_for_dangling_images/.* + - ^tests/prepare-test-host.yml + - ^ci/playbooks/pre.yml + - ^ci/playbooks/run.yml + name: tripleo-validations-centos-8-molecule-check_for_dangling_images + parent: tripleo-validations-centos-8-base + vars: + tripleo_validations_role_name: check_for_dangling_images