Browse Source

Merge "Remove objects migrated to validations-common"

tags/12.5.0
Zuul 1 week ago
committed by Gerrit Code Review
parent
commit
72ad1fa69d
100 changed files with 0 additions and 2949 deletions
  1. +0
    -15
      doc/source/modules/modules-advanced_format.rst
  2. +0
    -15
      doc/source/modules/modules-check_package_update.rst
  3. +0
    -15
      doc/source/modules/modules-haproxy_conf.rst
  4. +0
    -15
      doc/source/modules/modules-hiera.rst
  5. +0
    -14
      doc/source/modules/modules-reportentry.rst
  6. +0
    -15
      doc/source/modules/modules-validations_read_ini.rst
  7. +0
    -15
      doc/source/modules/modules-warn.rst
  8. +0
    -7
      doc/source/roles/role-advanced_format_512e_support.rst
  9. +0
    -6
      doc/source/roles/role-check_latest_packages_version.rst
  10. +0
    -7
      doc/source/roles/role-dns.rst
  11. +0
    -7
      doc/source/roles/role-haproxy.rst
  12. +0
    -7
      doc/source/roles/role-no_op.rst
  13. +0
    -7
      doc/source/roles/role-ntp.rst
  14. +0
    -7
      doc/source/roles/role-service_status.rst
  15. +0
    -7
      doc/source/roles/role-undercloud_cpu.rst
  16. +0
    -7
      doc/source/roles/role-undercloud_ram.rst
  17. +0
    -7
      doc/source/roles/role-undercloud_selinux_mode.rst
  18. +0
    -6
      doc/source/roles/role-validate_selinux.rst
  19. +0
    -8
      doc/source/roles/role-xfs_check_ftype.rst
  20. +0
    -97
      library/advanced_format.py
  21. +0
    -145
      library/check_package_update.py
  22. +0
    -89
      library/haproxy_conf.py
  23. +0
    -64
      library/hiera.py
  24. +0
    -89
      library/reportentry.py
  25. +0
    -166
      library/validations_read_ini.py
  26. +0
    -55
      library/warn.py
  27. +0
    -13
      playbooks/512e.yaml
  28. +0
    -12
      playbooks/check-ftype.yaml
  29. +0
    -13
      playbooks/check-latest-packages-version.yaml
  30. +0
    -12
      playbooks/dns.yaml
  31. +0
    -17
      playbooks/haproxy.yaml
  32. +0
    -12
      playbooks/no-op.yaml
  33. +0
    -14
      playbooks/ntp.yaml
  34. +0
    -16
      playbooks/service-status.yaml
  35. +0
    -16
      playbooks/undercloud-cpu.yaml
  36. +0
    -17
      playbooks/undercloud-ram.yaml
  37. +0
    -13
      playbooks/undercloud-selinux-mode.yaml
  38. +0
    -21
      playbooks/validate-selinux.yaml
  39. +0
    -37
      roles/advanced_format_512e_support/molecule/default/Dockerfile.j2
  40. +0
    -26
      roles/advanced_format_512e_support/molecule/default/converge.yml
  41. +0
    -46
      roles/advanced_format_512e_support/molecule/default/molecule.yml
  42. +0
    -10
      roles/advanced_format_512e_support/tasks/main.yml
  43. +0
    -9
      roles/advanced_format_512e_support/vars/main.yml
  44. +0
    -10
      roles/check_latest_packages_version/defaults/main.yml
  45. +0
    -37
      roles/check_latest_packages_version/molecule/default/Dockerfile.j2
  46. +0
    -51
      roles/check_latest_packages_version/molecule/default/converge.yml
  47. +0
    -46
      roles/check_latest_packages_version/molecule/default/molecule.yml
  48. +0
    -25
      roles/check_latest_packages_version/molecule/default/prepare.yml
  49. +0
    -16
      roles/check_latest_packages_version/tasks/main.yml
  50. +0
    -8
      roles/check_latest_packages_version/vars/main.yml
  51. +0
    -2
      roles/dns/defaults/main.yml
  52. +0
    -37
      roles/dns/molecule/default/Dockerfile.j2
  53. +0
    -47
      roles/dns/molecule/default/converge.yml
  54. +0
    -45
      roles/dns/molecule/default/molecule.yml
  55. +0
    -4
      roles/dns/tasks/main.yml
  56. +0
    -7
      roles/dns/vars/main.yml
  57. +0
    -42
      roles/haproxy/README.md
  58. +0
    -8
      roles/haproxy/defaults/main.yml
  59. +0
    -37
      roles/haproxy/molecule/default/Dockerfile
  60. +0
    -71
      roles/haproxy/molecule/default/converge.yml
  61. +0
    -48
      roles/haproxy/molecule/default/molecule.yml
  62. +0
    -51
      roles/haproxy/tasks/main.yml
  63. +0
    -6
      roles/haproxy/vars/main.yml
  64. +0
    -4
      roles/no_op/tasks/main.yml
  65. +0
    -8
      roles/no_op/vars/main.yml
  66. +0
    -37
      roles/ntp/molecule/default/Dockerfile.j2
  67. +0
    -26
      roles/ntp/molecule/default/converge.yml
  68. +0
    -46
      roles/ntp/molecule/default/molecule.yml
  69. +0
    -26
      roles/ntp/tasks/main.yml
  70. +0
    -10
      roles/ntp/vars/main.yml
  71. +0
    -2
      roles/service_status/defaults/main.yaml
  72. +0
    -37
      roles/service_status/molecule/default/Dockerfile.j2
  73. +0
    -25
      roles/service_status/molecule/default/converge.yml
  74. +0
    -48
      roles/service_status/molecule/default/molecule.yml
  75. +0
    -37
      roles/service_status/molecule/docker/Dockerfile.j2
  76. +0
    -59
      roles/service_status/molecule/docker/converge.yml
  77. +0
    -56
      roles/service_status/molecule/docker/molecule.yml
  78. +0
    -65
      roles/service_status/molecule/docker/prepare.yml
  79. +0
    -37
      roles/service_status/molecule/podman/Dockerfile.j2
  80. BIN
      roles/service_status/molecule/podman/bolt_state.db
  81. +0
    -46
      roles/service_status/molecule/podman/converge.yml
  82. +0
    -48
      roles/service_status/molecule/podman/molecule.yml
  83. +0
    -39
      roles/service_status/molecule/podman/prepare.yml
  84. +0
    -37
      roles/service_status/molecule/systemd/Dockerfile.j2
  85. +0
    -44
      roles/service_status/molecule/systemd/converge.yml
  86. +0
    -48
      roles/service_status/molecule/systemd/molecule.yml
  87. +0
    -39
      roles/service_status/molecule/systemd/prepare.yml
  88. +0
    -59
      roles/service_status/tasks/containers.yaml
  89. +0
    -3
      roles/service_status/tasks/main.yaml
  90. +0
    -13
      roles/service_status/tasks/systemd.yaml
  91. +0
    -36
      roles/undercloud_cpu/README.md
  92. +0
    -3
      roles/undercloud_cpu/defaults/main.yml
  93. +0
    -37
      roles/undercloud_cpu/molecule/default/Dockerfile.j2
  94. +0
    -42
      roles/undercloud_cpu/molecule/default/converge.yml
  95. +0
    -45
      roles/undercloud_cpu/molecule/default/molecule.yml
  96. +0
    -7
      roles/undercloud_cpu/tasks/main.yml
  97. +0
    -10
      roles/undercloud_cpu/vars/main.yaml
  98. +0
    -36
      roles/undercloud_ram/README.md
  99. +0
    -3
      roles/undercloud_ram/defaults/main.yml
  100. +0
    -37
      roles/undercloud_ram/molecule/default/Dockerfile.j2

+ 0
- 15
doc/source/modules/modules-advanced_format.rst View File

@@ -1,15 +0,0 @@
========================
Module - advanced_format
========================


This module provides for the following ansible plugin:

* advanced_format


.. ansibleautoplugin::
:module: library/advanced_format.py
:documentation: true
:examples: true


+ 0
- 15
doc/source/modules/modules-check_package_update.rst View File

@@ -1,15 +0,0 @@
=============================
Module - check_package_update
=============================


This module provides for the following ansible plugin:

* check_package_update


.. ansibleautoplugin::
:module: library/check_package_update.py
:documentation: true
:examples: true


+ 0
- 15
doc/source/modules/modules-haproxy_conf.rst View File

@@ -1,15 +0,0 @@
=====================
Module - haproxy_conf
=====================


This module provides for the following ansible plugin:

* haproxy_conf


.. ansibleautoplugin::
:module: library/haproxy_conf.py
:documentation: true
:examples: true


+ 0
- 15
doc/source/modules/modules-hiera.rst View File

@@ -1,15 +0,0 @@
==============
Module - hiera
==============


This module provides for the following ansible plugin:

* hiera


.. ansibleautoplugin::
:module: library/hiera.py
:documentation: true
:examples: true


+ 0
- 14
doc/source/modules/modules-reportentry.rst View File

@@ -1,14 +0,0 @@
====================
Module - reportentry
====================


This module provides for the following ansible plugin:

* reportentry


.. ansibleautoplugin::
:module: library/reportentry.py
:documentation: true
:examples: true

+ 0
- 15
doc/source/modules/modules-validations_read_ini.rst View File

@@ -1,15 +0,0 @@
=============================
Module - validations_read_ini
=============================


This module provides for the following ansible plugin:

* validations_read_ini


.. ansibleautoplugin::
:module: library/validations_read_ini.py
:documentation: true
:examples: true


+ 0
- 15
doc/source/modules/modules-warn.rst View File

@@ -1,15 +0,0 @@
=============
Module - warn
=============


This module provides for the following ansible plugin:

* warn


.. ansibleautoplugin::
:module: library/warn.py
:documentation: true
:examples: true


+ 0
- 7
doc/source/roles/role-advanced_format_512e_support.rst View File

@@ -1,7 +0,0 @@
============================
advanced_format_512e_support
============================

.. ansibleautoplugin::
:role: roles/advanced_format_512e_support


+ 0
- 6
doc/source/roles/role-check_latest_packages_version.rst View File

@@ -1,6 +0,0 @@
=============================
check_latest_packages_version
=============================

.. ansibleautoplugin::
:role: roles/check_latest_packages_version

+ 0
- 7
doc/source/roles/role-dns.rst View File

@@ -1,7 +0,0 @@
===
dns
===

.. ansibleautoplugin::
:role: roles/dns


+ 0
- 7
doc/source/roles/role-haproxy.rst View File

@@ -1,7 +0,0 @@
=======
haproxy
=======

.. ansibleautoplugin::
:role: roles/haproxy


+ 0
- 7
doc/source/roles/role-no_op.rst View File

@@ -1,7 +0,0 @@
=====
no_op
=====

.. ansibleautoplugin::
:role: roles/no_op


+ 0
- 7
doc/source/roles/role-ntp.rst View File

@@ -1,7 +0,0 @@
===
ntp
===

.. ansibleautoplugin::
:role: roles/ntp


+ 0
- 7
doc/source/roles/role-service_status.rst View File

@@ -1,7 +0,0 @@
==============
service_status
==============

.. ansibleautoplugin::
:role: roles/service_status


+ 0
- 7
doc/source/roles/role-undercloud_cpu.rst View File

@@ -1,7 +0,0 @@
==============
undercloud_cpu
==============

.. ansibleautoplugin::
:role: roles/undercloud_cpu


+ 0
- 7
doc/source/roles/role-undercloud_ram.rst View File

@@ -1,7 +0,0 @@
==============
undercloud_ram
==============

.. ansibleautoplugin::
:role: roles/undercloud_ram


+ 0
- 7
doc/source/roles/role-undercloud_selinux_mode.rst View File

@@ -1,7 +0,0 @@
=======================
undercloud_selinux_mode
=======================

.. ansibleautoplugin::
:role: roles/undercloud_selinux_mode


+ 0
- 6
doc/source/roles/role-validate_selinux.rst View File

@@ -1,6 +0,0 @@
================
validate_selinux
================

.. ansibleautoplugin::
:role: roles/validate_selinux

+ 0
- 8
doc/source/roles/role-xfs_check_ftype.rst View File

@@ -1,8 +0,0 @@
===============
xfs_check_ftype
===============

.. ansibleautoplugin::
:role: roles/xfs_check_ftype



+ 0
- 97
library/advanced_format.py View File

@@ -1,97 +0,0 @@
#!/usr/bin/env python
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from os import path
from yaml import safe_load as yaml_safe_load

from ansible.module_utils.basic import AnsibleModule

DOCUMENTATION = '''
---
module: advanced_format
short_description: Check for advanced disk format
description:
- Check whether a drive uses advanced format
options:
drive:
required: true
description:
- drive name
type: str
author: "Martin Andre (@mandre)"
'''

EXAMPLES = '''
- hosts: webservers
tasks:
- name: Detect whether the drive uses Advanced Format
advanced_format: drive=vda
'''


def read_int(module, file_path):
'''Read a file and convert its value to int.

Raise ansible failure otherwise.
'''
try:
with open(file_path) as f:
file_contents = f.read()
return int(file_contents)
except IOError:
module.fail_json(msg="Cannot open '%s'" % file_path)
except ValueError:
module.fail_json(msg="The '%s' file doesn't contain an integer value" %
file_path)


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

drive = module.params.get('drive')
queue_path = path.join('/sys/class/block', drive, 'queue')

physical_block_size_path = path.join(queue_path, 'physical_block_size')
logical_block_size_path = path.join(queue_path, 'logical_block_size')

physical_block_size = read_int(module, physical_block_size_path)
logical_block_size = read_int(module, logical_block_size_path)

if physical_block_size == logical_block_size:
module.exit_json(
changed=False,
msg="The disk %s probably doesn't use Advance Format." % drive,
)
else:
module.exit_json(
# NOTE(shadower): we're marking this as `changed`, to make it
# visually stand out when running via Ansible directly instead of
# using the API.
#
# The API & UI is planned to look for the `warnings` field and
# display it differently.
changed=True,
warnings=["Physical and logical block sizes of drive %s differ "
"(%s vs. %s). This can mean the disk uses Advance "
"Format." %
(drive, physical_block_size, logical_block_size)],
)


if __name__ == '__main__':
main()

+ 0
- 145
library/check_package_update.py View File

@@ -1,145 +0,0 @@
#!/usr/bin/env python
# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

""" Check for available updates for a given package."""

import collections
import subprocess

from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load

DOCUMENTATION = '''
---
module: check_package_update
short_description: Check for available updates for a given package
description:
- Check for available updates for a given package
options:
package:
required: true
description:
- The name of the package you want to check
type: str
pkg_mgr:
required: true
description:
- Supported Package Manager, DNF or YUM
type: str
author: "Florian Fuchs"
'''

EXAMPLES = '''
- hosts: webservers
tasks:
- name: Get available updates for packages
check_package_update:
package: python-tripleoclient
pkg_mgr: "{{ ansible_pkg_mgr}}"
'''

SUPPORTED_PKG_MGRS = (
'yum',
'dnf',
)


PackageDetails = collections.namedtuple('PackageDetails',
['name', 'version', 'release', 'arch'])


def get_package_details(output):
if output:
return PackageDetails(
output.split('|')[0],
output.split('|')[1],
output.split('|')[2],
output.split('|')[3],
)


def _command(command):
# Return the result of a subprocess call
# as [stdout, stderr]
process = subprocess.Popen(command,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
return process.communicate()


def check_update(module, package, pkg_mgr):
if pkg_mgr not in SUPPORTED_PKG_MGRS:
module.fail_json(
msg='Package manager "{}" is not supported.'.format(pkg_mgr))
return

installed_stdout, installed_stderr = _command(
['rpm', '-qa', '--qf',
'%{NAME}|%{VERSION}|%{RELEASE}|%{ARCH}',
package])

# Fail the module if for some reason we can't lookup the current package.
if installed_stderr != '':
module.fail_json(msg=installed_stderr)
return
elif not installed_stdout:
module.fail_json(
msg='"{}" is not an installed package.'.format(package))
return

installed = get_package_details(installed_stdout)

pkg_mgr_option = 'available'
if pkg_mgr == 'dnf':
pkg_mgr_option = '--available'

available_stdout, available_stderr = _command(
[pkg_mgr, '-q', 'list', pkg_mgr_option, installed.name])

if available_stdout:
new_pkg_info = available_stdout.split('\n')[1].rstrip().split()[:2]
new_ver, new_rel = new_pkg_info[1].split('-')

module.exit_json(
changed=False,
name=installed.name,
current_version=installed.version,
current_release=installed.release,
new_version=new_ver,
new_release=new_rel)
else:
module.exit_json(
changed=False,
name=installed.name,
current_version=installed.version,
current_release=installed.release,
new_version=None,
new_release=None)


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

check_update(module,
module.params.get('package'),
module.params.get('pkg_mgr'))


if __name__ == '__main__':
main()

+ 0
- 89
library/haproxy_conf.py View File

@@ -1,89 +0,0 @@
#!/usr/bin/env python

# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import re

from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load

DOCUMENTATION = '''
---
module: haproxy_conf
short_description: Gather the HAProxy config
description:
- Gather the HAProxy config
options:
path:
required: true
description:
- file path to the config file
type: str
author: "Tomas Sedovic"
'''

EXAMPLES = '''
- hosts: webservers
tasks:
- name: Gather the HAProxy config
haproxy_conf: path=/etc/haproxy/haproxy.cfg
'''


# ConfigParser chokes on both mariadb and haproxy files. Luckily They have
# a syntax approaching ini config file so they are relatively easy to parse.
# This generic ini style config parser is not perfect -- it can ignore some
# valid options -- but good enough for our use case.
def generic_ini_style_conf_parser(file_path, section_regex, option_regex):
config = {}
current_section = None
with open(file_path) as config_file:
for line in config_file:
match_section = re.match(section_regex, line)
if match_section:
current_section = match_section.group(1)
config[current_section] = {}
match_option = re.match(option_regex, line)
if match_option and current_section:
option = re.sub(r'\s+', ' ', match_option.group(1))
config[current_section][option] = match_option.group(2)
return config


def parse_haproxy_conf(file_path):
section_regex = r'^(\w+)'
option_regex = r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
return generic_ini_style_conf_parser(file_path, section_regex,
option_regex)


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

haproxy_conf_path = module.params.get('path')

try:
config = parse_haproxy_conf(haproxy_conf_path)
except IOError:
module.fail_json(msg="Could not open the haproxy conf file at: '%s'" %
haproxy_conf_path)

module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config})


if __name__ == '__main__':
main()

+ 0
- 64
library/hiera.py View File

@@ -1,64 +0,0 @@
#!/usr/bin/env python
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

import subprocess

from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load

DOCUMENTATION = '''
---
module: hiera
short_description: Get data from hiera
description:
- Get data from hiera
options:
name:
required: true
description:
- Name to lookup
type: str
author: "Martin Andre (@mandre)"
'''

EXAMPLES = '''
- hosts: webservers
tasks:
- name: Lookup foo
hiera: name=foo
'''


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

name = module.params.get('name')

cmd = ['/usr/bin/hiera', '-c', '/etc/puppet/hiera.yaml', name]
result = subprocess.check_output(cmd, universal_newlines=True).rstrip()

if result == 'nil':
module.fail_json(msg="Failed to retrieve hiera data for {}"
.format(name))

module.exit_json(changed=False,
ansible_facts={name: result})


if __name__ == '__main__':
main()

+ 0
- 89
library/reportentry.py View File

@@ -1,89 +0,0 @@
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load

DOCUMENTATION = '''
---
module: reportentry
short_description: Print a custom report
description:
- Print a custom report
options:
report_status:
required: true
description:
- The report status. Should be 'OK', 'ERROR' or 'SKIPPED'.
choices:
- 'OK'
- 'ERROR'
- 'SKIPPED'
type: str
report_reason:
required: true
description:
- The reason of the report
type: str
report_recommendations:
required: true
description:
- A list of recommendations to do.
type: list
author: "Gael Chamoulaud"
'''

EXAMPLES = '''
- hosts: undercloud
tasks:
- name: Report DNS setup in undercloud.conf
reportentry:
report_status: "ERROR"
report_reason: "DNS is not setup correctly in undercloud.conf"
report_recommendations:
- "Please set the 'undercloud_nameservers' param in undercloud.conf"
'''


def format_msg_report(status, reason, recommendations):
msg = ("[{}] '{}'\n".format(status, reason))
if recommendations:
for rec in recommendations:
msg += " - RECOMMENDATION: {}\n".format(rec)

return msg


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

status = module.params.get('report_status')
msg = format_msg_report(module.params.get('report_status'),
module.params.get('report_reason'),
module.params.get('report_recommendations'))

if status == 'ERROR':
module.fail_json(msg=msg)
elif status == "SKIPPED":
module.exit_json(changed=False,
warnings=msg)
else:
module.exit_json(changed=False,
msg=msg)


if __name__ == '__main__':
main()

+ 0
- 166
library/validations_read_ini.py View File

@@ -1,166 +0,0 @@
#!/usr/bin/env python

# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Ansible module to read a value from an Ini file.
# Usage:
# - validations_read_ini: path=/path/to/file.ini section=default key=something
# register: my_ini
#
# This will read the `path/to/file.ini` file and read the `Hello!` value under:
# [default]
# something = Hello!
#
# You can register the result and use it later with `{{ my_ini.value }}`

try:
import configparser as ConfigParser
except ImportError:
import ConfigParser

from enum import Enum
import os

from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load


# Possible return values
class ReturnValue(Enum):
OK = 0
INVALID_FORMAT = 1
KEY_NOT_FOUND = 2


def check_file(path, ignore_missing):
'''Validate entered path'''

if not (os.path.exists(path) and os.path.isfile(path)):
return "Could not open the ini file: '{}'".format(path)
else:
return ''


def get_result(path, section, key, default=None):
'''Get value based on section and key'''

msg = ''
value = None
config = ConfigParser.SafeConfigParser()

try:
config.read(path)
except Exception:
msg = "The file '{}' is not in a valid INI format.".format(path)
ret = ReturnValue.INVALID_FORMAT
return (ret, msg, value)

try:
value = config.get(section, key)
msg = ("The key '{}' under the section '{}' in file {} "
"has the value: '{}'").format(key, section, path, value)
ret = ReturnValue.OK
return (ret, msg, value)
except ConfigParser.Error:
if default:
msg = ("There is no key '{}' under section '{}' in file {}. Using"
" default value '{}'".format(key, section, path, default))
ret = ReturnValue.OK
value = default
else:
value = None
msg = "There is no key '{}' under the section '{}' in file {}.".format(
key, section, path)
ret = ReturnValue.KEY_NOT_FOUND
return (ret, msg, value)


DOCUMENTATION = '''
---
module: validations_read_ini
short_description: Get data from an ini file
description:
- Get data from an ini file
options:
path:
required: true
description:
- File path
type: str
section:
required: true
description:
- Section to look up
type: str
key:
required: true
description:
- Section key to look up
type: str
default:
required: false
description:
- Default value if key isn't found
ignore_missing_file:
required: false
description:
- Flag if a missing file should be ignored
type: bool
author: "Tomas Sedovic"
'''

EXAMPLES = '''
- hosts: webservers
tasks:
- name: Lookup bar value
validations_read_ini: path=config.ini section=foo key=bar ignore_missing_file=True
'''


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

ini_file_path = module.params.get('path')
ignore_missing = module.params.get('ignore_missing_file')

# Check that file exists
msg = check_file(ini_file_path, ignore_missing)

if msg != '':
# Opening file failed
if ignore_missing:
module.exit_json(msg=msg, changed=False, value=None)
else:
module.fail_json(msg=msg)
else:
# Try to parse the result from ini file
section = module.params.get('section')
key = module.params.get('key')
default = module.params.get('default')

ret, msg, value = get_result(ini_file_path, section, key, default)

if ret == ReturnValue.INVALID_FORMAT:
module.fail_json(msg=msg)
elif ret == ReturnValue.KEY_NOT_FOUND:
module.exit_json(msg=msg, changed=False, value=None)
elif ret == ReturnValue.OK:
module.exit_json(msg=msg, changed=False, value=value)


if __name__ == '__main__':
main()

+ 0
- 55
library/warn.py View File

@@ -1,55 +0,0 @@
#!/usr/bin/env python
# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load

DOCUMENTATION = '''
---
module: warn
short_description: Add warning to playbook output
description:
- Add warning to playbook output
options:
msg:
required: true
description:
- The warning text
type: str
author: "Martin Andre (@mandre)"
'''

EXAMPLES = '''
- hosts: webservers
tasks:
- name: Output warning message
warn: msg="Warning!"
'''


def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)

msg = module.params.get('msg')

module.exit_json(changed=False,
warnings=[msg])


if __name__ == '__main__':
main()

+ 0
- 13
playbooks/512e.yaml View File

@@ -1,13 +0,0 @@
---
- hosts: undercloud
vars:
metadata:
name: Advanced Format 512e Support
description: >
Detect whether the undercloud disks use Advanced Format. If they do,
the overcloud images may fail to upload to Glance.
groups:
- prep
- pre-deployment
roles:
- advanced_format_512e_support

+ 0
- 12
playbooks/check-ftype.yaml View File

@@ -1,12 +0,0 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: XFS ftype check
description: >
Check if there is at least 1 XFS volume
with ftype=0 in any deployed node.
groups:
- pre-upgrade
roles:
- xfs_check_ftype

+ 0
- 13
playbooks/check-latest-packages-version.yaml View File

@@ -1,13 +0,0 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Check if latest version of packages is installed
description: >
Makes sure python-tripleoclient is at its latest version
before starting an upgrade.
groups:
- pre-upgrade
roles:
- check_latest_packages_version

+ 0
- 12
playbooks/dns.yaml View File

@@ -1,12 +0,0 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: Verify DNS
description: >
Verify that the DNS resolution works
groups:
- pre-deployment
server_to_lookup: example.com
roles:
- dns

+ 0
- 17
playbooks/haproxy.yaml View File

@@ -1,17 +0,0 @@
---
- hosts: "{{ controller_rolename | default('Controller') }}"
vars:
metadata:
name: HAProxy configuration
description: Verify the HAProxy configuration has recommended values.
groups:
- post-deployment
config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
global_maxconn_min: 20480
defaults_maxconn_min: 4096
defaults_timeout_queue: '2m'
defaults_timeout_client: '2m'
defaults_timeout_server: '2m'
defaults_timeout_check: '10s'
roles:
- haproxy

+ 0
- 12
playbooks/no-op.yaml View File

@@ -1,12 +0,0 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: NO-OP validation
description: >
A simple validation doing nothing in order to test that
the validations framework works.
groups:
- no-op
roles:
- no_op

+ 0
- 14
playbooks/ntp.yaml View File

@@ -1,14 +0,0 @@
---
- hosts: allovercloud
vars:
metadata:
name: Verify all deployed nodes have their clock synchronised
description: >
Each overcloud node should have their clocks synchronised.

The deployment should configure and run chronyd. This validation verifies
that it is indeed running and connected to an NTP server on all nodes.
groups:
- post-deployment
roles:
- ntp

+ 0
- 16
playbooks/service-status.yaml View File

@@ -1,16 +0,0 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: Ensure services state
description: >
Detect services status on the target host and fails if we find
a failed service.
groups:
- prep
- pre-deployment
- pre-upgrade
- post-deployment
- post-upgrade
roles:
- service_status

+ 0
- 16
playbooks/undercloud-cpu.yaml View File

@@ -1,16 +0,0 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Verify undercloud fits the CPU core requirements
description: >
Make sure that the undercloud has enough CPU cores.

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale
groups:
- prep
- pre-introspection
min_undercloud_cpu_count: 8
roles:
- undercloud_cpu

+ 0
- 17
playbooks/undercloud-ram.yaml View File

@@ -1,17 +0,0 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Verify the undercloud fits the RAM requirements
description: >
Verify that the undercloud has enough RAM.

https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale
groups:
- prep
- pre-introspection
- pre-upgrade
min_undercloud_ram_gb: 24
roles:
- undercloud_ram

+ 0
- 13
playbooks/undercloud-selinux-mode.yaml View File

@@ -1,13 +0,0 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Undercloud SELinux Enforcing Mode Check
description: >
Check if the Undercloud is running SELinux in Enforcing mode.
groups:
- prep
- pre-introspection
roles:
- undercloud_selinux_mode

+ 0
- 21
playbooks/validate-selinux.yaml View File

@@ -1,21 +0,0 @@
---
- hosts: all
vars:
metadata:
name: validate-selinux
description: >-
Ensures we don't have any SELinux denials on the system
groups:
- pre-deployment
- post-deployment
- pre-upgrade
- post-upgrade
validate_selinux_working_dir: /tmp
validate_selinux_audit_source: /var/log/audit/audit.log
validate_selinux_skip_list_dest: "{{ validate_selinux_working_dir }}/denials-skip-list.txt"
validate_selinux_filtered_denials_dest: "{{ validate_selinux_working_dir }}/denials-filtered.log"
validate_selinux_strict: false
validate_selinux_filter: "None"
validate_selinux_skip_list: {}
roles:
- validate_selinux

+ 0
- 37
roles/advanced_format_512e_support/molecule/default/Dockerfile.j2 View File

@@ -1,37 +0,0 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 0
- 26
roles/advanced_format_512e_support/molecule/default/converge.yml View File

@@ -1,26 +0,0 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Converge
hosts: all
gather_facts: false

tasks:
- name: Warn developers about the lack of molecule testing
fail:
msg: >-
This role needs molecule tests!

+ 0
- 46
roles/advanced_format_512e_support/molecule/default/molecule.yml View File

@@ -1,46 +0,0 @@
---
driver:
name: docker

log: true

platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"

- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env

provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"

scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy

verifier:
name: testinfra

+ 0
- 10
roles/advanced_format_512e_support/tasks/main.yml View File

@@ -1,10 +0,0 @@
---
- name: List the available drives
register: drive_list
command: "ls /sys/class/block/"
changed_when: false

- name: Detect whether the drive uses Advanced Format
advanced_format: drive={{ item }}
when: item is match("^sd.$")
with_items: "{{ drive_list.stdout_lines }}"

+ 0
- 9
roles/advanced_format_512e_support/vars/main.yml View File

@@ -1,9 +0,0 @@
---
metadata:
name: Advanced Format 512e Support
description: >
Detect whether the undercloud disks use Advanced Format. If they do,
the overcloud images may fail to upload to Glance.
groups:
- prep
- pre-deployment

+ 0
- 10
roles/check_latest_packages_version/defaults/main.yml View File

@@ -1,10 +0,0 @@
---
tripleoclient: >-
{%- if ansible_distribution == 'RedHat' and ansible_distribution_major_version == '8' -%}
python3-tripleoclient
{%- else -%}
python2-tripleoclient
{%- endif -%}

packages:
- "{{ tripleoclient }}"

+ 0
- 37
roles/check_latest_packages_version/molecule/default/Dockerfile.j2 View File

@@ -1,37 +0,0 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 0
- 51
roles/check_latest_packages_version/molecule/default/converge.yml View File

@@ -1,51 +0,0 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Converge
hosts: all

tasks:
- name: Validate No Available Update for patch rpm
include_role:
name: check_latest_packages_version
vars:
packages:
- patch

- name: Working Detection of Update for Pam package
block:
- include_role:
name: check_latest_packages_version
vars:
packages:
- pam

rescue:
- name: Clear host errors
meta: clear_host_errors

- debug:
msg: The validation works! End the playbook run

- name: End play
meta: end_play

- name: Fail the test
fail:
msg: |
The check_latest_packages_version role should have detected
that packages have available updates.

+ 0
- 46
roles/check_latest_packages_version/molecule/default/molecule.yml View File

@@ -1,46 +0,0 @@
---
driver:
name: docker

log: true

platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools PyYAML
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"

- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env

provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"

scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy

verifier:
name: testinfra

+ 0
- 25
roles/check_latest_packages_version/molecule/default/prepare.yml View File

@@ -1,25 +0,0 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Prepare
hosts: all
gather_facts: false

tasks:
- name: install patch rpm
package:
name: patch

+ 0
- 16
roles/check_latest_packages_version/tasks/main.yml View File

@@ -1,16 +0,0 @@
---
- name: Get available updates for packages
check_package_update:
package: "{{ item }}"
pkg_mgr: "{{ ansible_pkg_mgr }}"
with_items: "{{ packages }}"
register: updates

- name: Check if current version is the latest one
fail:
msg: >-
A newer version of the {{ item.name }} package is
available: {{ item.new_version }}-{{ item.new_release }}
(currently {{ item.current_version }}-{{ item.current_release }})
with_items: "{{ updates.results }}"
when: item.new_version

+ 0
- 8
roles/check_latest_packages_version/vars/main.yml View File

@@ -1,8 +0,0 @@
---
metadata:
name: Check if latest version of packages is installed
description: >
Makes sure python-tripleoclient is at its latest version
before starting an upgrade.
groups:
- pre-upgrade

+ 0
- 2
roles/dns/defaults/main.yml View File

@@ -1,2 +0,0 @@
---
server_to_lookup: example.com

+ 0
- 37
roles/dns/molecule/default/Dockerfile.j2 View File

@@ -1,37 +0,0 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 0
- 47
roles/dns/molecule/default/converge.yml View File

@@ -1,47 +0,0 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Converge
hosts: all

tasks:
- name: Should get a success
include_role:
name: dns
vars:
server_to_lookup: www.redhat.com
- name: Should properly fail
block:
- include_role:
name: dns
vars:
server_to_lookup: role.dns.domain.do-not.exists

rescue:
- name: Clear host errors
meta: clear_host_errors

- debug:
msg: The validation works! End the playbook run

- name: End play
meta: end_play

- name: Fail the test
fail:
msg: |
The dns role should have detected a faulty DNS configuration

+ 0
- 45
roles/dns/molecule/default/molecule.yml View File

@@ -1,45 +0,0 @@
---
driver:
name: docker

log: true

platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"

- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env

provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml

scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy

verifier:
name: testinfra

+ 0
- 4
roles/dns/tasks/main.yml View File

@@ -1,4 +0,0 @@
---
- name: Ensure DNS resolution works
command: "getent hosts {{ server_to_lookup }}"
changed_when: false

+ 0
- 7
roles/dns/vars/main.yml View File

@@ -1,7 +0,0 @@
---
metadata:
name: Verify DNS
description: >
Verify that the DNS resolution works
groups:
- pre-deployment

+ 0
- 42
roles/haproxy/README.md View File

@@ -1,42 +0,0 @@
haproxy
=======

An Ansible role to check if the HAProxy configuration has recommended values.

Requirements
------------

This role requires an Up and Running Overcloud

Role Variables
--------------

- config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
- global_maxconn_min: 20480
- defaults_maxconn_min: 4096
- defaults_timeout_queue: '2m'
- defaults_timeout_client: '2m'
- defaults_timeout_server: '2m'
- defaults_timeout_check: '10s'

Dependencies
------------

No dependencies

Example Playbook
----------------

- hosts: undercloud
roles:
- { role: haproxy }

License
-------

Apache

Author Information
------------------

Red Hat TripleO Validations Team.

+ 0
- 8
roles/haproxy/defaults/main.yml View File

@@ -1,8 +0,0 @@
---
haproxy_config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
global_maxconn_min: 20480
defaults_maxconn_min: 4096
defaults_timeout_queue: '2m'
defaults_timeout_client: '2m'
defaults_timeout_server: '2m'
defaults_timeout_check: '10s'

+ 0
- 37
roles/haproxy/molecule/default/Dockerfile View File

@@ -1,37 +0,0 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 0
- 71
roles/haproxy/molecule/default/converge.yml View File

@@ -1,71 +0,0 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


- name: Converge
hosts: all
gather_facts: false

vars:
haproxy_config_file: /haproxy.cfg

tasks:
- name: create haproxy config file
copy:
dest: /haproxy.cfg
content: |
# This file managed by Puppet
global
daemon
group haproxy
log /dev/log local0
maxconn 100
pidfile /var/run/haproxy.pid
ssl-default-bind-ciphers !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
ssl-default-bind-options no-sslv3 no-tlsv10
stats socket /var/lib/haproxy/stats mode 600 level user
stats timeout 1s
user haproxy

defaults
log global
maxconn 100
mode tcp
retries 1
timeout http-request 1s
timeout queue 1s
timeout connect 1s
timeout client 1s
timeout server 1s
timeout check 1s
- block:
- include_role:
name: haproxy
rescue:
- name: Clear host errors
meta: clear_host_errors

- debug:
msg: The validation works! End the playbook run

- name: End play
meta: end_play

- name: Fail the test
fail:
msg: |
The haproxy role should have detected issues within haproxy
configuration file!

+ 0
- 48
roles/haproxy/molecule/default/molecule.yml View File

@@ -1,48 +0,0 @@
---
driver:
name: docker

log: true

platforms:
- name: centos7
hostname: centos7
image: centos:7
dockerfile: Dockerfile
pkg_extras: python-setuptools haproxy PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"

- name: centos8
hostname: centos8
image: centos:8
dockerfile: Dockerfile
pkg_extras: python*-setuptools haproxy python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env

provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"

scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy

verifier:
name: testinfra

+ 0
- 51
roles/haproxy/tasks/main.yml View File

@@ -1,51 +0,0 @@
---
- name: Gather the HAProxy config
become: true
haproxy_conf:
path: "{{ haproxy_config_file }}"

- name: Verify global maxconn
fail:
msg: >-
The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}'
must be greater than {{ global_maxconn_min }}
failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min

- name: Verify defaults maxconn
fail:
msg: >-
The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}'
must be greater than {{ defaults_maxconn_min }}
failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min

- name: Verify defaults timeout queue
fail:
msg: >-
The 'timeout queue' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout queue'] }}',
but must be set to {{ defaults_timeout_queue }}
failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue"

- name: Verify defaults timeout client
fail:
msg: >-
The 'timeout client' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout client'] }}',
but must be set to {{ defaults_timeout_client }}
failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client"

- name: Verify defaults timeout server
fail:
msg: >-
The 'timeout server' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout server'] }}',
but must be set to {{ defaults_timeout_server }}
failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server"

- name: Verify defaults timeout check
fail:
msg: >-
The 'timeout check' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout check'] }}',
but must be set to {{ defaults_timeout_check }}
failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check"

+ 0
- 6
roles/haproxy/vars/main.yml View File

@@ -1,6 +0,0 @@
---
metadata:
name: HAProxy configuration
description: Verify the HAProxy configuration has recommended values.
groups:
- post-deployment

+ 0
- 4
roles/no_op/tasks/main.yml View File

@@ -1,4 +0,0 @@
---
- name: Run a no-op validation everywhere
debug:
msg: "This is a no-op action for testing that the validations framework runs"

+ 0
- 8
roles/no_op/vars/main.yml View File

@@ -1,8 +0,0 @@
---
metadata:
name: NO-OP validation
description: >
A simple validation doing nothing in order to test that
the validations framework works.
groups:
- no-op

+ 0
- 37
roles/ntp/molecule/default/Dockerfile.j2 View File

@@ -1,37 +0,0 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}

RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi

{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}


CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 0
- 26
roles/ntp/molecule/default/converge.yml View File