diff --git a/roles/oslo_config_validator/meta/main.yml b/roles/oslo_config_validator/meta/main.yml new file mode 100644 index 000000000..ac0f831b1 --- /dev/null +++ b/roles/oslo_config_validator/meta/main.yml @@ -0,0 +1,42 @@ +--- +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + namespace: openstack + author: OpenStack + description: TripleO OpenStack Role -- oslo_config_validator + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.7 + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: CentOS + versions: + - 7 + - 8 + - 9 + + galaxy_tags: + - tripleo + +collections: + - containers.podman diff --git a/roles/oslo_config_validator/molecule/default/molecule.yml b/roles/oslo_config_validator/molecule/default/molecule.yml index 8ab97b1ce..7f6ab74ea 100644 --- a/roles/oslo_config_validator/molecule/default/molecule.yml +++ b/roles/oslo_config_validator/molecule/default/molecule.yml @@ -16,20 +16,32 @@ provisioner: log: true env: ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}:../../resources/library" MOLECULE_OCV: service_name: nova_compute config_file: etc/nova/nova.conf config_folder: /var/lib/config-data/puppet-generated/nova_libvirt - # yamllint disable rule:line-length - validator_out: | + validator_out: >- ERROR:root:DEFAULT/ovsdb_connection not found + ERROR:root:cinder/region_name not found - INFO:root:Ignoring missing option "auth_url" from group "keystone_authtoken" because the group is known to have incomplete sample config data and thus cannot be validated properly. - INFO:root:Ignoring missing option "username" from group "keystone_authtoken" because the group is known to have incomplete sample config data and thus cannot be validated properly. - INFO:root:Ignoring missing option "password" from group "keystone_authtoken" because the group is known to have incomplete sample config data and thus cannot be validated properly. - INFO:root:Ignoring missing option "user_domain_name" from group "keystone_authtoken" because the group is known to have incomplete sample config data and thus cannot be validated properly. - INFO:root:Ignoring missing option "project_name" from group "keystone_authtoken" because the group is known to have incomplete sample config data and thus cannot be validated properly. - INFO:root:Ignoring missing option "project_domain_name" from group "keystone_authtoken" because the group is known to have incomplete sample config data and thus cannot be validated properly. + + INFO:root:Ignoring missing option "auth_url" from group "keystone_authtoken" because the group + is known to have incomplete sample config data and thus cannot be validated properly. + + INFO:root:Ignoring missing option "username" from group "keystone_authtoken" because the group + is known to have incomplete sample config data and thus cannot be validated properly. + + INFO:root:Ignoring missing option "password" from group "keystone_authtoken" because the group + is known to have incomplete sample config data and thus cannot be validated properly. + + INFO:root:Ignoring missing option "user_domain_name" from group "keystone_authtoken" because + the group is known to have incomplete sample config data and thus cannot be validated properly. + + INFO:root:Ignoring missing option "project_name" from group "keystone_authtoken" because the + group is known to have incomplete sample config data and thus cannot be validated properly. + + INFO:root:Ignoring missing option "project_domain_name" from group "keystone_authtoken" + because the group is known to have incomplete sample config data and thus cannot be validated + properly. + ERROR:root:service_user/region_name not found - # yamllint enable rule:line-length diff --git a/roles/oslo_config_validator/molecule/mocked_failure/molecule.yml b/roles/oslo_config_validator/molecule/mocked_failure/molecule.yml index 9ede1bd5a..e324d6aaa 100644 --- a/roles/oslo_config_validator/molecule/mocked_failure/molecule.yml +++ b/roles/oslo_config_validator/molecule/mocked_failure/molecule.yml @@ -16,7 +16,6 @@ provisioner: log: true env: ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}:../../resources/library" MOLECULE_OCV: service_name: nova_compute config_file: etc/nova/nova.conf diff --git a/roles/oslo_config_validator/resources/library/podman b/roles/oslo_config_validator/resources/library/podman new file mode 100755 index 000000000..74f2241b4 --- /dev/null +++ b/roles/oslo_config_validator/resources/library/podman @@ -0,0 +1,297 @@ +#!/usr/bin/python3 +# Copyright 2021 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# This script is to mock podman command when testing containers +# created by the ansible collection containers.podman. + +from json import dumps +from yaml import safe_load as yaml_safe_load +import sys + +sample = { + "Id": "21d8b432eaec1b4eac2a21a78de524bdbb2f074d4ea43d3605b2b072ffe21878", + "State": { + "Status": "running", + "Running": True, + }, + "HostConfig": { + "Binds": [], + "CgroupManager": "systemd", + "CgroupMode": "private", + "ContainerIDFile": "", + "LogConfig": { + "Type": "k8s-file", + "Config": None, + "Path": "/ctr.log", + "Tag": "", + "Size": "0B" + }, + "NetworkMode": "slirp4netns", + "RestartPolicy": { + "Name": "", + "MaximumRetryCount": 0 + }, + "AutoRemove": False, + "VolumeDriver": "", + "VolumesFrom": None, + "CapAdd": [], + "CapDrop": [ + "CAP_AUDIT_WRITE", + "CAP_MKNOD", + "CAP_NET_RAW" + ], + "Dns": [], + "DnsOptions": [], + "DnsSearch": [], + "ExtraHosts": [], + "GroupAdd": [], + "IpcMode": "private", + "Cgroup": "", + "Cgroups": "default", + "Links": None, + "OomScoreAdj": 0, + "PidMode": "private", + "Privileged": False, + "PublishAllPorts": False, + "ReadonlyRootfs": False, + "SecurityOpt": [], + "Tmpfs": {}, + "UTSMode": "private", + "UsernsMode": "", + "ShmSize": 65536000, + "Runtime": "oci", + "ConsoleSize": [ + 0, + 0 + ], + "Isolation": "", + "CpuShares": 0, + "Memory": 0, + "NanoCpus": 0, + "CgroupParent": "user.slice", + "BlkioWeight": 0, + "BlkioWeightDevice": None, + "BlkioDeviceReadBps": None, + "BlkioDeviceWriteBps": None, + "BlkioDeviceReadIOps": None, + "BlkioDeviceWriteIOps": None, + "CpuPeriod": 0, + "CpuQuota": 0, + "CpuRealtimePeriod": 0, + "CpuRealtimeRuntime": 0, + "CpusetCpus": "", + "CpusetMems": "", + "Devices": [], + "DiskQuota": 0, + "KernelMemory": 0, + "MemoryReservation": 0, + "MemorySwap": 0, + "MemorySwappiness": 0, + "OomKillDisable": False, + "PidsLimit": 2048, + "Ulimits": [], + "CpuCount": 0, + "CpuPercent": 0, + "IOMaximumIOps": 0, + "IOMaximumBandwidth": 0, + "CgroupConf": None + }, + "Config": { + "Hostname": "9d8048113074", + "Domainname": "", + "User": "1001", + "AttachStdin": False, + "AttachStdout": False, + "AttachStderr": False, + "Tty": False, + "OpenStdin": False, + "StdinOnce": False, + "Env": [ + "PATH=/opt/app-root/src/bin:/opt/app-root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", + "container=oci", + "STI_SCRIPTS_URL=image:///usr/libexec/s2i", + "STI_SCRIPTS_PATH=/usr/libexec/s2i", + "HOME=/var/lib/redis", + "REDIS_VERSION=5", + "REDIS_PREFIX=/usr", + "CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/redis", + "APP_ROOT=/opt/app-root", + "PLATFORM=el8", + "HOSTNAME=9d8048113074" + ], + "Cmd": [ + "run-redis" + ], + "Image": "registry.redhat.io/rhel8/redis-5:latest", + "Volumes": [], + "WorkingDir": "/opt/app-root/src", + "Entrypoint": "container-entrypoint", + "OnBuild": None, + "Labels": { + "architecture": "x86_64", + "build-date": "2021-05-05T06:23:07.897115", + "vcs-ref": "ea375e008017960b0b749c1aae4dcd386ee68205", + "vcs-type": "git", + }, + "Annotations": { + "io.container.manager": "libpod", + "io.kubernetes.cri-o.Created": "2021-05-22T10:08:18.243648647-04:00", + "io.kubernetes.cri-o.TTY": "false", + "io.podman.annotations.autoremove": "FALSE", + "io.podman.annotations.init": "FALSE", + "io.podman.annotations.privileged": "FALSE", + "io.podman.annotations.publish-all": "FALSE", + "org.opencontainers.image.stopSignal": "15" + }, + "StopSignal": 15, + "Umask": "0022", + "Timeout": 0, + "StopTimeout": 10 + }, + "Image": "0ece6dfb3015c221c8ad6d364dea7884ae3e24becd60e94b80d5361f4ed78f47", + "ImageName": "undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhosp16-openstack-nova-compute:16.1_20210430.1", + "Name": "nova_compute", + "Mounts": [], + "OCIRuntime": "crun", + "ConmonPidFile": "/run/user/1000/containers/overlay-containers/9d8048113074bdd2c25ba3b0e0606608fbb6e82173afe61696f7bd48f61d7aa4/userdata/conmon.pid", + "PidFile": "", + "RestartCount": 0, + "MountLabel": "system_u:object_r:container_file_t:s0:c738,c1002", + "ProcessLabel": "system_u:system_r:container_t:s0:c738,c1002", + "AppArmorProfile": "", + "EffectiveCaps": None, + "BoundingCaps": [ + "CAP_CHOWN", + "CAP_DAC_OVERRIDE", + "CAP_FOWNER", + "CAP_FSETID", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETFCAP", + "CAP_SETGID", + "CAP_SETPCAP", + "CAP_SETUID", + "CAP_SYS_CHROOT" + ], + "ExecIDs": [], +} +image_get = { + "Id": "1f202f9b76988ef7cd962db56a801b89539e0dcf1bc03953883faaaf83f4c654", + "Digest": "sha256:ab901ece87a1bad3bbf7581356f18c1f79527124ed4792158c2b0b43a4896994", + "RepoTags": [ + "something/something:latest" + ], + "RepoDigests": [ + "something/something@sha256:ab901ece87a1bad3bbf7581356f18c1f79527124ed4792158c2b0b43a4896994" + ], + "Parent": "5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6", + "Comment": "", + "Created": "2021-09-27T21:49:36.486090789Z", + "Config": { + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Cmd": [ + "sleep", + "infinity" + ], + "Labels": { + "build_date": "2021-09-27", + "description": "something", + "io.buildah.version": "1.23.0", + "maintainer": "David Vallee Delisle \u003cdvd@redhat.com\u003e", + "name": "something", + "org.label-schema.build-date": "20210915", + "org.label-schema.license": "GPLv2", + "vendor": "Red Hat" + } + }, + "Version": "", + "Author": "David Vallee Delisle", + "Architecture": "amd64", + "Os": "linux", + "Size": 1004968286, + "VirtualSize": 1004968286, + "GraphDriver": { + "Name": "overlay", + "Data": { + "LowerDir": "/home/dvd/.local/share/containers/storage/overlay/74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59/diff", + "UpperDir": "/home/dvd/.local/share/containers/storage/overlay/1e79d79d8ad3c6eb4446e0c429275c70f0e2918f2e0038441cd11e6f3e0b2aaf/diff", + "WorkDir": "/home/dvd/.local/share/containers/storage/overlay/1e79d79d8ad3c6eb4446e0c429275c70f0e2918f2e0038441cd11e6f3e0b2aaf/work" + } + }, + "RootFS": { + "Type": "layers", + "Layers": [ + "sha256:74ddd0ec08fa43d09f32636ba91a0a3053b02cb4627c35051aff89f853606b59", + "sha256:47bd6062c936b8eead8f0c88a7023a4e2f8c6e53086d201c9da048dde7e3b9a3" + ] + }, + "Labels": { + "build_date": "2021-09-27", + "description": "something", + "io.buildah.version": "1.23.0", + "maintainer": "David Vallee Delisle \u003cdvd@redhat.com\u003e", + "name": "something", + "org.label-schema.build-date": "20210915", + "org.label-schema.license": "GPLv2", + "vendor": "Red Hat" + }, + "Annotations": { + "org.opencontainers.image.base.digest": "sha256:a1801b843b1bfaf77c501e7a6d3f709401a1e0c83863037fa3aab063a7fdb9dc", + "org.opencontainers.image.base.name": "quay.io/centos/centos:8" + }, + "ManifestType": "application/vnd.oci.image.manifest.v1+json", + "User": "", +} + + +def read_config(config='/test.config.yml'): + with open(config, 'r') as yaml_config: + test_config = yaml_safe_load(yaml_config) + return test_config + + +def container_list(): + test_config = read_config('/test.config.yml') + config_folder = test_config.get('config_folder') + sample['Name'] = test_config.get('service_name') + sample['State']['Running'] = bool(test_config.get('service_running', True)) + sample['Mounts'].append({'Type': 'bind', 'Source': config_folder}) + return [sample] + + +def container_exec(): + test_config = read_config('/test.config.yml') + return test_config.get('validator_out') + + +if __name__ == '__main__': + if "image" in sys.argv[1]: + print(dumps([image_get])) + elif "version" in sys.argv[1]: + print("podman version 3.3.1") + elif len(sys.argv) > 1 and sys.argv[2] == "run": + print(container_exec()) + elif sys.argv[1] == "container": + container = container_list() + container[0]['cmd'] = sys.argv + print(dumps(container)) + else: + print(container_exec()) + print(sys.argv) diff --git a/roles/oslo_config_validator/resources/library/podman_container.py b/roles/oslo_config_validator/resources/library/podman_container.py deleted file mode 100644 index 7771b93e6..000000000 --- a/roles/oslo_config_validator/resources/library/podman_container.py +++ /dev/null @@ -1,903 +0,0 @@ -#!/usr/bin/python -# Copyright (c) 2019 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# flake8: noqa: E501 - -from __future__ import absolute_import, division, print_function -from yaml import safe_load as yaml_safe_load - -__metaclass__ = type - - -DOCUMENTATION = r""" -module: mocked podman_container -author: - - "David Vallee Delisle (@dvd)" -version_added: '1.0.0' -short_description: mocked Manage podman containers -notes: [] -description: - - mocked Start, stop, restart and manage Podman containers -requirements: - - podman -options: - name: - description: - - Name of the container - required: True - type: str - executable: - description: - - Path to C(podman) executable if it is not in the C($PATH) on the - machine running C(podman) - default: 'podman' - type: str - state: - description: - - I(absent) - A container matching the specified name will be stopped and - removed. - - I(present) - Asserts the existence of a container matching the name and - any provided configuration parameters. If no container matches the - name, a container will be created. If a container matches the name but - the provided configuration does not match, the container will be - updated, if it can be. If it cannot be updated, it will be removed and - re-created with the requested config. Image version will be taken into - account when comparing configuration. Use the recreate option to force - the re-creation of the matching container. - - I(started) - Asserts there is a running container matching the name and - any provided configuration. If no container matches the name, a - container will be created and started. Use recreate to always re-create - a matching container, even if it is running. Use force_restart to force - a matching container to be stopped and restarted. - - I(stopped) - Asserts that the container is first I(present), and then - if the container is running moves it to a stopped state. - - I(created) - Asserts that the container exists with given configuration. - If container doesn't exist, the module creates it and leaves it in - 'created' state. If configuration doesn't match or 'recreate' option is - set, the container will be recreated - type: str - default: started - choices: - - absent - - present - - stopped - - started - - created - image: - description: - - Repository path (or image name) and tag used to create the container. - If an image is not found, the image will be pulled from the registry. - If no tag is included, C(latest) will be used. - - Can also be an image ID. If this is the case, the image is assumed to - be available locally. - type: str - annotation: - description: - - Add an annotation to the container. The format is key value, multiple - times. - type: dict - authfile: - description: - - Path of the authentication file. Default is - ``${XDG_RUNTIME_DIR}/containers/auth.json`` - (Not available for remote commands) You can also override the default - path of the authentication file by setting the ``REGISTRY_AUTH_FILE`` - environment variable. ``export REGISTRY_AUTH_FILE=path`` - type: path - blkio_weight: - description: - - Block IO weight (relative weight) accepts a weight value between 10 and - 1000 - type: int - blkio_weight_device: - description: - - Block IO weight (relative device weight, format DEVICE_NAME[:]WEIGHT). - type: dict - cap_add: - description: - - List of capabilities to add to the container. - type: list - elements: str - aliases: - - capabilities - cap_drop: - description: - - List of capabilities to drop from the container. - type: list - elements: str - cgroup_parent: - description: - - Path to cgroups under which the cgroup for the container will be - created. - If the path is not absolute, the path is considered to be relative to - the cgroups path of the init process. Cgroups will be created if they - do not already exist. - type: path - cgroupns: - description: - - Path to cgroups under which the cgroup for the container will be - created. - type: str - cgroups: - description: - - Determines whether the container will create CGroups. - Valid values are enabled and disabled, which the default being enabled. - The disabled option will force the container to not create CGroups, - and thus conflicts with CGroup options cgroupns and cgroup-parent. - type: str - choices: - - default - - disabled - cidfile: - description: - - Write the container ID to the file - type: path - cmd_args: - description: - - Any additional command options you want to pass to podman command, - cmd_args - ['--other-param', 'value'] - Be aware module doesn't support idempotency if this is set. - type: list - elements: str - conmon_pidfile: - description: - - Write the pid of the conmon process to a file. - conmon runs in a separate process than Podman, - so this is necessary when using systemd to restart Podman containers. - type: path - command: - description: - - Override command of container. Can be a string or a list. - type: raw - cpu_period: - description: - - Limit the CPU real-time period in microseconds - type: int - cpu_rt_period: - description: - - Limit the CPU real-time period in microseconds. - Limit the container's Real Time CPU usage. This flag tell the kernel to - restrict the container's Real Time CPU usage to the period you specify. - type: int - cpu_rt_runtime: - description: - - Limit the CPU real-time runtime in microseconds. - This flag tells the kernel to limit the amount of time in a given CPU - period Real Time tasks may consume. - type: int - cpu_shares: - description: - - CPU shares (relative weight) - type: int - cpus: - description: - - Number of CPUs. The default is 0.0 which means no limit. - type: str - cpuset_cpus: - description: - - CPUs in which to allow execution (0-3, 0,1) - type: str - cpuset_mems: - description: - - Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only - effective on NUMA systems. - type: str - detach: - description: - - Run container in detach mode - type: bool - default: True - debug: - description: - - Return additional information which can be helpful for investigations. - type: bool - default: False - detach_keys: - description: - - Override the key sequence for detaching a container. Format is a single - character or ctrl-value - type: str - device: - description: - - Add a host device to the container. - The format is [:][:] - (e.g. device /dev/sdc:/dev/xvdc:rwm) - type: list - elements: str - device_read_bps: - description: - - Limit read rate (bytes per second) from a device - (e.g. device-read-bps /dev/sda:1mb) - type: list - device_read_iops: - description: - - Limit read rate (IO per second) from a device - (e.g. device-read-iops /dev/sda:1000) - type: list - device_write_bps: - description: - - Limit write rate (bytes per second) to a device - (e.g. device-write-bps /dev/sda:1mb) - type: list - device_write_iops: - description: - - Limit write rate (IO per second) to a device - (e.g. device-write-iops /dev/sda:1000) - type: list - dns: - description: - - Set custom DNS servers - type: list - elements: str - aliases: - - dns_servers - dns_option: - description: - - Set custom DNS options - type: str - aliases: - - dns_opts - dns_search: - description: - - Set custom DNS search domains (Use dns_search with '' if you don't wish - to set the search domain) - type: str - aliases: - - dns_search_domains - entrypoint: - description: - - Overwrite the default ENTRYPOINT of the image - type: str - env: - description: - - Set environment variables. - This option allows you to specify arbitrary environment variables that - are available for the process that will be launched inside of the - container. - type: dict - env_file: - description: - - Read in a line delimited file of environment variables - type: path - env_host: - description: - - Use all current host environment variables in container. - Defaults to false. - type: bool - etc_hosts: - description: - - Dict of host-to-IP mappings, where each host name is a key in the - dictionary. Each host name will be added to the container's - ``/etc/hosts`` file. - type: dict - aliases: - - add_hosts - expose: - description: - - Expose a port, or a range of ports (e.g. expose "3300-3310") to set up - port redirection on the host system. - type: list - elements: str - aliases: - - exposed - - exposed_ports - force_restart: - description: - - Force restart of container. - type: bool - default: False - aliases: - - restart - gidmap: - description: - - Run the container in a new user namespace using the supplied mapping. - type: str - group_add: - description: - - Add additional groups to run as - type: list - aliases: - - groups - healthcheck: - description: - - Set or alter a healthcheck command for a container. - type: str - healthcheck_interval: - description: - - Set an interval for the healthchecks - (a value of disable results in no automatic timer setup) - (default "30s") - type: str - healthcheck_retries: - description: - - The number of retries allowed before a healthcheck is considered to be - unhealthy. The default value is 3. - type: int - healthcheck_start_period: - description: - - The initialization time needed for a container to bootstrap. - The value can be expressed in time format like 2m3s. The default value - is 0s - type: str - healthcheck_timeout: - description: - - The maximum time allowed to complete the healthcheck before an interval - is considered failed. Like start-period, the value can be expressed in - a time format such as 1m22s. The default value is 30s - type: str - hostname: - description: - - Container host name. Sets the container host name that is available - inside the container. - type: str - http_proxy: - description: - - By default proxy environment variables are passed into the container if - set for the podman process. This can be disabled by setting the - http_proxy option to false. The environment variables passed in - include http_proxy, https_proxy, ftp_proxy, no_proxy, and also the - upper case versions of those. - Defaults to true - type: bool - image_volume: - description: - - Tells podman how to handle the builtin image volumes. - The options are bind, tmpfs, or ignore (default bind) - type: str - choices: - - 'bind' - - 'tmpfs' - - 'ignore' - image_strict: - description: - - Whether to compare images in idempotency by taking into account a full - name with registry and namespaces. - type: bool - default: False - init: - description: - - Run an init inside the container that forwards signals and reaps - processes. The default is false. - type: bool - init_path: - description: - - Path to the container-init binary. - type: str - interactive: - description: - - Keep STDIN open even if not attached. The default is false. - When set to true, keep stdin open even if not attached. - The default is false. - type: bool - ip: - description: - - Specify a static IP address for the container, for example - '10.88.64.128'. - Can only be used if no additional CNI networks to join were specified - via 'network:', and if the container is not joining another container's - network namespace via 'network container:'. - The address must be within the default CNI network's pool - (default 10.88.0.0/16). - type: str - ipc: - description: - - Default is to create a private IPC namespace (POSIX SysV IPC) for the - container - type: str - aliases: - - ipc_mode - kernel_memory: - description: - - Kernel memory limit - (format [], where unit = b, k, m or g) - Note - idempotency is supported for integers only. - type: str - label: - description: - - Add metadata to a container, pass dictionary of label names and values - aliases: - - labels - type: dict - label_file: - description: - - Read in a line delimited file of labels - type: str - log_driver: - description: - - Logging driver. Used to set the log driver for the container. - For example log_driver "k8s-file". - type: str - choices: - - k8s-file - - journald - - json-file - log_level: - description: - - Logging level for Podman. Log messages above specified level - ("debug"|"info"|"warn"|"error"|"fatal"|"panic") (default "error") - type: str - choices: - - debug - - info - - warn - - error - - fatal - - panic - log_opt: - description: - - Logging driver specific options. Used to set the path to the container - log file. For example log_opt - "path=/var/log/container/mycontainer.json" - type: str - aliases: - - log_options - mac_address: - description: - - Specify a MAC address for the container, for example - '92:d0:c6:0a:29:33'. - Don't forget that it must be unique within one Ethernet network. - type: str - memory: - description: - - Memory limit (format 10k, where unit = b, k, m or g) - Note - idempotency is supported for integers only. - type: str - memory_reservation: - description: - - Memory soft limit (format 100m, where unit = b, k, m or g) - Note - idempotency is supported for integers only. - type: str - memory_swap: - description: - - A limit value equal to memory plus swap. Must be used with the -m - (--memory) flag. - The swap LIMIT should always be larger than -m (--memory) value. - By default, the swap LIMIT will be set to double the value of --memory - Note - idempotency is supported for integers only. - type: str - memory_swappiness: - description: - - Tune a container's memory swappiness behavior. Accepts an integer - between 0 and 100. - type: int - mount: - description: - - Attach a filesystem mount to the container. bind or tmpfs - For example mount - "type=bind,source=/path/on/host,destination=/path/in/container" - type: str - network: - description: - - Set the Network mode for the container - * bridge create a network stack on the default bridge - * none no networking - * container: reuse another container's network stack - * host use the podman host network stack. - * | connect to a user-defined network - * ns: path to a network namespace to join - * slirp4netns use slirp4netns to create a user network stack. - This is the default for rootless containers - type: list - elements: str - aliases: - - net - - network_mode - no_hosts: - description: - - Do not create /etc/hosts for the container - Default is false. - type: bool - oom_kill_disable: - description: - - Whether to disable OOM Killer for the container or not. - Default is false. - type: bool - oom_score_adj: - description: - - Tune the host's OOM preferences for containers (accepts -1000 to 1000) - type: int - pid: - description: - - Set the PID mode for the container - type: str - aliases: - - pid_mode - pids_limit: - description: - - Tune the container's PIDs limit. Set -1 to have unlimited PIDs for the - container. - type: str - pod: - description: - - Run container in an existing pod. - If you want podman to make the pod for you, preference the pod name - with "new:" - type: str - privileged: - description: - - Give extended privileges to this container. The default is false. - type: bool - publish: - description: - - Publish a container's port, or range of ports, to the host. - Format - ip:hostPort:containerPort | ip::containerPort | - hostPort:containerPort | containerPort - In case of only containerPort is set, the hostPort will chosen - randomly by Podman. - type: list - elements: str - aliases: - - ports - - published - - published_ports - publish_all: - description: - - Publish all exposed ports to random ports on the host interfaces. The - default is false. - type: bool - read_only: - description: - - Mount the container's root filesystem as read only. Default is false - type: bool - read_only_tmpfs: - description: - - If container is running in --read-only mode, then mount a read-write - tmpfs on /run, /tmp, and /var/tmp. The default is true - type: bool - recreate: - description: - - Use with present and started states to force the re-creation of an - existing container. - type: bool - default: False - restart_policy: - description: - - Restart policy to follow when containers exit. - Restart policy will not take effect if a container is stopped via the - podman kill or podman stop commands. Valid values are - * no - Do not restart containers on exit - * on-failure[:max_retries] - Restart containers when they exit with a - non-0 exit code, retrying indefinitely - or until the optional max_retries count is hit - * always - Restart containers when they exit, regardless of status, - retrying indefinitely - type: str - rm: - description: - - Automatically remove the container when it exits. The default is false. - type: bool - aliases: - - remove - - auto_remove - rootfs: - description: - - If true, the first argument refers to an exploded container on the file - system. The default is false. - type: bool - security_opt: - description: - - Security Options. For example security_opt "seccomp=unconfined" - type: list - elements: str - shm_size: - description: - - Size of /dev/shm. The format is . number must be greater - than 0. - Unit is optional and can be b (bytes), k (kilobytes), m(megabytes), or - g (gigabytes). - If you omit the unit, the system uses bytes. If you omit the size - entirely, the system uses 64m - type: str - sig_proxy: - description: - - Proxy signals sent to the podman run command to the container process. - SIGCHLD, SIGSTOP, and SIGKILL are not proxied. The default is true. - type: bool - stop_signal: - description: - - Signal to stop a container. Default is SIGTERM. - type: int - stop_timeout: - description: - - Timeout (in seconds) to stop a container. Default is 10. - type: int - subgidname: - description: - - Run the container in a new user namespace using the map with 'name' in - the /etc/subgid file. - type: str - subuidname: - description: - - Run the container in a new user namespace using the map with 'name' in - the /etc/subuid file. - type: str - sysctl: - description: - - Configure namespaced kernel parameters at runtime - type: dict - systemd: - description: - - Run container in systemd mode. The default is true. - type: bool - tmpfs: - description: - - Create a tmpfs mount. For example tmpfs - "/tmp" "rw,size=787448k,mode=1777" - type: dict - tty: - description: - - Allocate a pseudo-TTY. The default is false. - type: bool - uidmap: - description: - - Run the container in a new user namespace using the supplied mapping. - type: list - ulimit: - description: - - Ulimit options - type: list - aliases: - - ulimits - user: - description: - - Sets the username or UID used and optionally the groupname or GID for - the specified command. - type: str - userns: - description: - - Set the user namespace mode for the container. - It defaults to the PODMAN_USERNS environment variable. - An empty value means user namespaces are disabled. - type: str - aliases: - - userns_mode - uts: - description: - - Set the UTS mode for the container - type: str - volume: - description: - - Create a bind mount. If you specify, volume /HOST-DIR:/CONTAINER-DIR, - podman bind mounts /HOST-DIR in the host to /CONTAINER-DIR in the - podman container. - type: list - elements: str - aliases: - - volumes - volumes_from: - description: - - Mount volumes from the specified container(s). - type: list - elements: str - workdir: - description: - - Working directory inside the container. - The default working directory for running binaries within a container - is the root directory (/). - type: str - aliases: - - working_dir -""" - -EXAMPLES = r""" -- name: Run container - podman_container: - name: container - image: quay.io/bitnami/wildfly - state: started - -- name: Create a data container - podman_container: - name: mydata - image: busybox - volume: - - /tmp/data - -- name: Re-create a redis container - podman_container: - name: myredis - image: redis - command: redis-server --appendonly yes - state: present - recreate: yes - expose: - - 6379 - volumes_from: - - mydata - -- name: Restart a container - podman_container: - name: myapplication - image: redis - state: started - restart: yes - etc_hosts: - other: "127.0.0.1" - restart_policy: "no" - device: "/dev/sda:/dev/xvda:rwm" - ports: - - "8080:9000" - - "127.0.0.1:8081:9001/udp" - env: - SECRET_KEY: "ssssh" - BOOLEAN_KEY: "yes" - -- name: Container present - podman_container: - name: mycontainer - state: present - image: ubuntu:14.04 - command: "sleep 1d" - -- name: Stop a container - podman_container: - name: mycontainer - state: stopped - -- name: Start 4 load-balanced containers - podman_container: - name: "container{{ item }}" - recreate: yes - image: someuser/anotherappimage - command: sleep 1d - with_sequence: count=4 - -- name: remove container - podman_container: - name: ohno - state: absent - -- name: Writing output - podman_container: - name: myservice - image: busybox - log_options: path=/var/log/container/mycontainer.json - log_driver: k8s-file -""" - -RETURN = r""" -container: - description: - - Facts representing the current state of the container. Matches the - podman inspection output. - - Note that facts are part of the registered vars since Ansible 2.8. For - compatibility reasons, the facts - are also accessible directly as C(podman_container). Note that the - returned fact will be removed in Ansible 2.12. - - Empty if C(state) is I(absent). - returned: always - type: dict - sample: '{ - "AppArmorProfile": "", - "Args": [ - "sh" - ], - "BoundingCaps": [ - "CAP_CHOWN", - ... - ], - "Config": { - "Annotations": { - "io.kubernetes.cri-o.ContainerType": "sandbox", - "io.kubernetes.cri-o.TTY": "false" - }, - "AttachStderr": false, - "AttachStdin": false, - "AttachStdout": false, - "Cmd": [ - "sh" - ], - "Domainname": "", - "Entrypoint": "", - "Env": [ - "PATH=/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm", - "HOSTNAME=", - "container=podman" - ], - "Hostname": "", - "Image": "docker.io/library/busybox:latest", - "Labels": null, - "OpenStdin": false, - "StdinOnce": false, - "StopSignal": 15, - "Tty": false, - "User": { - "gid": 0, - "uid": 0 - }, - "Volumes": null, - "WorkingDir": "/" - }, - "ConmonPidFile": "...", - "Created": "2019-06-17T19:13:09.873858307+03:00", - "Dependencies": [], - "Driver": "overlay", - "EffectiveCaps": [ - "CAP_CHOWN", - ... - ], - "ExecIDs": [], - "ExitCommand": [ - "/usr/bin/podman", - "--root", - ... - ], - "GraphDriver": { - ... - }, - "HostConfig": { - ... - }, - "HostnamePath": "...", - "HostsPath": "...", - "ID": "...", - "Image": "...", - "ImageName": "docker.io/library/busybox:latest", - "IsInfra": false, - "LogPath": "/tmp/container/mycontainer.json", - "MountLabel": "system_u:object_r:container_file_t:s0:c282,c782", - "Mounts": [ - ... - ], - "Name": "myservice", - "Namespace": "", - "NetworkSettings": { - "Bridge": "", - ... - }, - "Path": "sh", - "ProcessLabel": "system_u:system_r:container_t:s0:c282,c782", - "ResolvConfPath": "...", - "RestartCount": 0, - "Rootfs": "", - "State": { - "Dead": false, - "Error": "", - "ExitCode": 0, - "FinishedAt": "2019-06-17T19:13:10.157518963+03:00", - "Healthcheck": { - "FailingStreak": 0, - "Log": null, - "Status": "" - }, - "OOMKilled": false, - "OciVersion": "1.0.1-dev", - "Paused": false, - "Pid": 4083, - "Restarting": false, - "Running": false, - "StartedAt": "2019-06-17T19:13:10.152479729+03:00", - "Status": "exited" - }, - "StaticDir": "..." - ... - }' -""" - -from ansible.module_utils.basic import AnsibleModule # noqa: F402 - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'], - supports_check_mode=True, - ) - with open('/test.config.yml', 'r') as yaml_config: - test_config = yaml_safe_load(yaml_config) - returned = test_config.get('validator_out') - module.fail_json(msg=returned, stderr=returned, stdout=returned) - -if __name__ == '__main__': - main() diff --git a/roles/oslo_config_validator/resources/library/podman_container_info.py b/roles/oslo_config_validator/resources/library/podman_container_info.py deleted file mode 100644 index 63db71727..000000000 --- a/roles/oslo_config_validator/resources/library/podman_container_info.py +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -from __future__ import absolute_import, division, print_function -__metaclass__ = type - - -DOCUMENTATION = r''' -module: mocked podman_container_info -author: - - David Vallee Delisle (@dvd) -short_description: Mocking gather facts about containers using podman -description: - - Mocking gather facts about containers using podman -''' - -EXAMPLES = r""" -- name: Gather facts for all containers - podman_container_info: -""" - -RETURN = r""" -containers: - description: Facts from all or specificed containers - returned: always - type: list - elements: dict - sample: { - "Id": "21d8b432eaec1b4eac2a21a78de524bdbb2f074d4ea43d3605b2b072ffe21878", - "State": { - "Status": "running", - "Running": true, - }, - "Image": "0ece6dfb3015c221c8ad6d364dea7884ae3e24becd60e94b80d5361f4ed78f47", - "ImageName": "undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhosp16-openstack-nova-compute:16.1_20210430.1", - "Name": "nova_compute", - "Mounts": [], - } -""" - -from ansible.module_utils.basic import AnsibleModule # noqa: F402 -from yaml import safe_load as yaml_safe_load - - -def main(): - module = AnsibleModule({}, supports_check_mode=True) - sample = yaml_safe_load(RETURN)['containers']['sample'] - with open('/test.config.yml', 'r') as yaml_config: - test_config = yaml_safe_load(yaml_config) - config_folder = test_config.get('config_folder') - sample['Name'] = test_config.get('service_name') - sample['State']['Running'] = bool(test_config.get('service_running', True)) - sample['Mounts'].append({'Type': 'bind', 'Source': config_folder}) - module.exit_json(**{ - "changed": False, - "containers": [sample], - }) - -if __name__ == '__main__': - main() diff --git a/roles/oslo_config_validator/resources/playbooks/converge.yml b/roles/oslo_config_validator/resources/playbooks/converge.yml index 857453c35..d2208e767 100644 --- a/roles/oslo_config_validator/resources/playbooks/converge.yml +++ b/roles/oslo_config_validator/resources/playbooks/converge.yml @@ -25,6 +25,8 @@ - name: Include the oslo_config_validator role include_role: name: oslo_config_validator + vars: + oslo_config_validator_debug: true rescue: - fail: msg: "Default test failed" diff --git a/roles/oslo_config_validator/resources/playbooks/prepare.yml b/roles/oslo_config_validator/resources/playbooks/prepare.yml index 21dbf40cf..d1444ac31 100644 --- a/roles/oslo_config_validator/resources/playbooks/prepare.yml +++ b/roles/oslo_config_validator/resources/playbooks/prepare.yml @@ -1,6 +1,14 @@ --- - hosts: all tasks: + - name: Copy fake podman to path + become: true + copy: + src: "{{ playbook_dir }}/../library/podman" + dest: /bin/podman + backup: true + mode: '0777' + - name: Save test config from environment variable set_fact: test_config: "{{ lookup('env', 'MOLECULE_OCV') }}" diff --git a/roles/oslo_config_validator/tasks/build_validation_config.yml b/roles/oslo_config_validator/tasks/build_validation_config.yml index ff6966ce1..6a0a0865b 100644 --- a/roles/oslo_config_validator/tasks/build_validation_config.yml +++ b/roles/oslo_config_validator/tasks/build_validation_config.yml @@ -46,7 +46,7 @@ - name: podman - Gather facts for all containers become: true - podman_container_info: + containers.podman.podman_container_info: register: containers_facts - name: Generating config_location dict diff --git a/roles/oslo_config_validator/tasks/container_run.yml b/roles/oslo_config_validator/tasks/container_run.yml index 55a3b64d9..c241ed6b5 100644 --- a/roles/oslo_config_validator/tasks/container_run.yml +++ b/roles/oslo_config_validator/tasks/container_run.yml @@ -100,13 +100,13 @@ dest: "{{ oslo_config_validator_work_path }}" - name: Run oslo-config container - podman_container: + containers.podman.podman_container: name: "{{ container_name }}" image: "{{ config_file.image }}" state: started detach: false rm: true - user: 0 + user: "0" mount: "type=bind,source={{ oslo_config_validator_work_path }},destination=/oslo_config_validation" network: none command: "{{ oslo_command }}"