diff --git a/doc/source/modules/modules-advanced_format.rst b/doc/source/modules/modules-advanced_format.rst deleted file mode 100644 index cf900ba13..000000000 --- a/doc/source/modules/modules-advanced_format.rst +++ /dev/null @@ -1,15 +0,0 @@ -======================== -Module - advanced_format -======================== - - -This module provides for the following ansible plugin: - - * advanced_format - - -.. ansibleautoplugin:: - :module: library/advanced_format.py - :documentation: true - :examples: true - diff --git a/doc/source/modules/modules-check_package_update.rst b/doc/source/modules/modules-check_package_update.rst deleted file mode 100644 index 1d7994394..000000000 --- a/doc/source/modules/modules-check_package_update.rst +++ /dev/null @@ -1,15 +0,0 @@ -============================= -Module - check_package_update -============================= - - -This module provides for the following ansible plugin: - - * check_package_update - - -.. ansibleautoplugin:: - :module: library/check_package_update.py - :documentation: true - :examples: true - diff --git a/doc/source/modules/modules-haproxy_conf.rst b/doc/source/modules/modules-haproxy_conf.rst deleted file mode 100644 index 8f2bab36e..000000000 --- a/doc/source/modules/modules-haproxy_conf.rst +++ /dev/null @@ -1,15 +0,0 @@ -===================== -Module - haproxy_conf -===================== - - -This module provides for the following ansible plugin: - - * haproxy_conf - - -.. ansibleautoplugin:: - :module: library/haproxy_conf.py - :documentation: true - :examples: true - diff --git a/doc/source/modules/modules-hiera.rst b/doc/source/modules/modules-hiera.rst deleted file mode 100644 index f9acdf83e..000000000 --- a/doc/source/modules/modules-hiera.rst +++ /dev/null @@ -1,15 +0,0 @@ -============== -Module - hiera -============== - - -This module provides for the following ansible plugin: - - * hiera - - -.. ansibleautoplugin:: - :module: library/hiera.py - :documentation: true - :examples: true - diff --git a/doc/source/modules/modules-reportentry.rst b/doc/source/modules/modules-reportentry.rst deleted file mode 100644 index 8c611bae0..000000000 --- a/doc/source/modules/modules-reportentry.rst +++ /dev/null @@ -1,14 +0,0 @@ -==================== -Module - reportentry -==================== - - -This module provides for the following ansible plugin: - - * reportentry - - -.. ansibleautoplugin:: - :module: library/reportentry.py - :documentation: true - :examples: true diff --git a/doc/source/modules/modules-validations_read_ini.rst b/doc/source/modules/modules-validations_read_ini.rst deleted file mode 100644 index 0265395cd..000000000 --- a/doc/source/modules/modules-validations_read_ini.rst +++ /dev/null @@ -1,15 +0,0 @@ -============================= -Module - validations_read_ini -============================= - - -This module provides for the following ansible plugin: - - * validations_read_ini - - -.. ansibleautoplugin:: - :module: library/validations_read_ini.py - :documentation: true - :examples: true - diff --git a/doc/source/modules/modules-warn.rst b/doc/source/modules/modules-warn.rst deleted file mode 100644 index 4ad6391b9..000000000 --- a/doc/source/modules/modules-warn.rst +++ /dev/null @@ -1,15 +0,0 @@ -============= -Module - warn -============= - - -This module provides for the following ansible plugin: - - * warn - - -.. ansibleautoplugin:: - :module: library/warn.py - :documentation: true - :examples: true - diff --git a/doc/source/roles/role-advanced_format_512e_support.rst b/doc/source/roles/role-advanced_format_512e_support.rst deleted file mode 100644 index a67dfb249..000000000 --- a/doc/source/roles/role-advanced_format_512e_support.rst +++ /dev/null @@ -1,7 +0,0 @@ -============================ -advanced_format_512e_support -============================ - -.. ansibleautoplugin:: - :role: roles/advanced_format_512e_support - diff --git a/doc/source/roles/role-check_latest_packages_version.rst b/doc/source/roles/role-check_latest_packages_version.rst deleted file mode 100644 index ab8d5d91b..000000000 --- a/doc/source/roles/role-check_latest_packages_version.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================= -check_latest_packages_version -============================= - -.. ansibleautoplugin:: - :role: roles/check_latest_packages_version diff --git a/doc/source/roles/role-dns.rst b/doc/source/roles/role-dns.rst deleted file mode 100644 index 2d01ff0b0..000000000 --- a/doc/source/roles/role-dns.rst +++ /dev/null @@ -1,7 +0,0 @@ -=== -dns -=== - -.. ansibleautoplugin:: - :role: roles/dns - diff --git a/doc/source/roles/role-haproxy.rst b/doc/source/roles/role-haproxy.rst deleted file mode 100644 index 322fb3c86..000000000 --- a/doc/source/roles/role-haproxy.rst +++ /dev/null @@ -1,7 +0,0 @@ -======= -haproxy -======= - -.. ansibleautoplugin:: - :role: roles/haproxy - diff --git a/doc/source/roles/role-no_op.rst b/doc/source/roles/role-no_op.rst deleted file mode 100644 index 5e5be517e..000000000 --- a/doc/source/roles/role-no_op.rst +++ /dev/null @@ -1,7 +0,0 @@ -===== -no_op -===== - -.. ansibleautoplugin:: - :role: roles/no_op - diff --git a/doc/source/roles/role-ntp.rst b/doc/source/roles/role-ntp.rst deleted file mode 100644 index 701811f95..000000000 --- a/doc/source/roles/role-ntp.rst +++ /dev/null @@ -1,7 +0,0 @@ -=== -ntp -=== - -.. ansibleautoplugin:: - :role: roles/ntp - diff --git a/doc/source/roles/role-service_status.rst b/doc/source/roles/role-service_status.rst deleted file mode 100644 index 5e2bdf4e4..000000000 --- a/doc/source/roles/role-service_status.rst +++ /dev/null @@ -1,7 +0,0 @@ -============== -service_status -============== - -.. ansibleautoplugin:: - :role: roles/service_status - diff --git a/doc/source/roles/role-undercloud_cpu.rst b/doc/source/roles/role-undercloud_cpu.rst deleted file mode 100644 index ec404226a..000000000 --- a/doc/source/roles/role-undercloud_cpu.rst +++ /dev/null @@ -1,7 +0,0 @@ -============== -undercloud_cpu -============== - -.. ansibleautoplugin:: - :role: roles/undercloud_cpu - diff --git a/doc/source/roles/role-undercloud_ram.rst b/doc/source/roles/role-undercloud_ram.rst deleted file mode 100644 index bf8ff89aa..000000000 --- a/doc/source/roles/role-undercloud_ram.rst +++ /dev/null @@ -1,7 +0,0 @@ -============== -undercloud_ram -============== - -.. ansibleautoplugin:: - :role: roles/undercloud_ram - diff --git a/doc/source/roles/role-undercloud_selinux_mode.rst b/doc/source/roles/role-undercloud_selinux_mode.rst deleted file mode 100644 index 1d5a52163..000000000 --- a/doc/source/roles/role-undercloud_selinux_mode.rst +++ /dev/null @@ -1,7 +0,0 @@ -======================= -undercloud_selinux_mode -======================= - -.. ansibleautoplugin:: - :role: roles/undercloud_selinux_mode - diff --git a/doc/source/roles/role-validate_selinux.rst b/doc/source/roles/role-validate_selinux.rst deleted file mode 100644 index 6bc324250..000000000 --- a/doc/source/roles/role-validate_selinux.rst +++ /dev/null @@ -1,6 +0,0 @@ -================ -validate_selinux -================ - -.. ansibleautoplugin:: - :role: roles/validate_selinux diff --git a/doc/source/roles/role-xfs_check_ftype.rst b/doc/source/roles/role-xfs_check_ftype.rst deleted file mode 100644 index 841c0a8d4..000000000 --- a/doc/source/roles/role-xfs_check_ftype.rst +++ /dev/null @@ -1,8 +0,0 @@ -=============== -xfs_check_ftype -=============== - -.. ansibleautoplugin:: - :role: roles/xfs_check_ftype - - diff --git a/library/advanced_format.py b/library/advanced_format.py deleted file mode 100644 index 84b1c99d1..000000000 --- a/library/advanced_format.py +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/env python -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from os import path -from yaml import safe_load as yaml_safe_load - -from ansible.module_utils.basic import AnsibleModule - -DOCUMENTATION = ''' ---- -module: advanced_format -short_description: Check for advanced disk format -description: - - Check whether a drive uses advanced format -options: - drive: - required: true - description: - - drive name - type: str -author: "Martin Andre (@mandre)" -''' - -EXAMPLES = ''' -- hosts: webservers - tasks: - - name: Detect whether the drive uses Advanced Format - advanced_format: drive=vda -''' - - -def read_int(module, file_path): - '''Read a file and convert its value to int. - - Raise ansible failure otherwise. - ''' - try: - with open(file_path) as f: - file_contents = f.read() - return int(file_contents) - except IOError: - module.fail_json(msg="Cannot open '%s'" % file_path) - except ValueError: - module.fail_json(msg="The '%s' file doesn't contain an integer value" % - file_path) - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - drive = module.params.get('drive') - queue_path = path.join('/sys/class/block', drive, 'queue') - - physical_block_size_path = path.join(queue_path, 'physical_block_size') - logical_block_size_path = path.join(queue_path, 'logical_block_size') - - physical_block_size = read_int(module, physical_block_size_path) - logical_block_size = read_int(module, logical_block_size_path) - - if physical_block_size == logical_block_size: - module.exit_json( - changed=False, - msg="The disk %s probably doesn't use Advance Format." % drive, - ) - else: - module.exit_json( - # NOTE(shadower): we're marking this as `changed`, to make it - # visually stand out when running via Ansible directly instead of - # using the API. - # - # The API & UI is planned to look for the `warnings` field and - # display it differently. - changed=True, - warnings=["Physical and logical block sizes of drive %s differ " - "(%s vs. %s). This can mean the disk uses Advance " - "Format." % - (drive, physical_block_size, logical_block_size)], - ) - - -if __name__ == '__main__': - main() diff --git a/library/check_package_update.py b/library/check_package_update.py deleted file mode 100755 index fcf42fb6d..000000000 --- a/library/check_package_update.py +++ /dev/null @@ -1,145 +0,0 @@ -#!/usr/bin/env python -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -""" Check for available updates for a given package.""" - -import collections -import subprocess - -from ansible.module_utils.basic import AnsibleModule -from yaml import safe_load as yaml_safe_load - -DOCUMENTATION = ''' ---- -module: check_package_update -short_description: Check for available updates for a given package -description: - - Check for available updates for a given package -options: - package: - required: true - description: - - The name of the package you want to check - type: str - pkg_mgr: - required: true - description: - - Supported Package Manager, DNF or YUM - type: str -author: "Florian Fuchs" -''' - -EXAMPLES = ''' -- hosts: webservers - tasks: - - name: Get available updates for packages - check_package_update: - package: python-tripleoclient - pkg_mgr: "{{ ansible_pkg_mgr}}" -''' - -SUPPORTED_PKG_MGRS = ( - 'yum', - 'dnf', -) - - -PackageDetails = collections.namedtuple('PackageDetails', - ['name', 'version', 'release', 'arch']) - - -def get_package_details(output): - if output: - return PackageDetails( - output.split('|')[0], - output.split('|')[1], - output.split('|')[2], - output.split('|')[3], - ) - - -def _command(command): - # Return the result of a subprocess call - # as [stdout, stderr] - process = subprocess.Popen(command, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - universal_newlines=True) - return process.communicate() - - -def check_update(module, package, pkg_mgr): - if pkg_mgr not in SUPPORTED_PKG_MGRS: - module.fail_json( - msg='Package manager "{}" is not supported.'.format(pkg_mgr)) - return - - installed_stdout, installed_stderr = _command( - ['rpm', '-qa', '--qf', - '%{NAME}|%{VERSION}|%{RELEASE}|%{ARCH}', - package]) - - # Fail the module if for some reason we can't lookup the current package. - if installed_stderr != '': - module.fail_json(msg=installed_stderr) - return - elif not installed_stdout: - module.fail_json( - msg='"{}" is not an installed package.'.format(package)) - return - - installed = get_package_details(installed_stdout) - - pkg_mgr_option = 'available' - if pkg_mgr == 'dnf': - pkg_mgr_option = '--available' - - available_stdout, available_stderr = _command( - [pkg_mgr, '-q', 'list', pkg_mgr_option, installed.name]) - - if available_stdout: - new_pkg_info = available_stdout.split('\n')[1].rstrip().split()[:2] - new_ver, new_rel = new_pkg_info[1].split('-') - - module.exit_json( - changed=False, - name=installed.name, - current_version=installed.version, - current_release=installed.release, - new_version=new_ver, - new_release=new_rel) - else: - module.exit_json( - changed=False, - name=installed.name, - current_version=installed.version, - current_release=installed.release, - new_version=None, - new_release=None) - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - check_update(module, - module.params.get('package'), - module.params.get('pkg_mgr')) - - -if __name__ == '__main__': - main() diff --git a/library/haproxy_conf.py b/library/haproxy_conf.py deleted file mode 100644 index de2e45261..000000000 --- a/library/haproxy_conf.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env python - -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import re - -from ansible.module_utils.basic import AnsibleModule -from yaml import safe_load as yaml_safe_load - -DOCUMENTATION = ''' ---- -module: haproxy_conf -short_description: Gather the HAProxy config -description: - - Gather the HAProxy config -options: - path: - required: true - description: - - file path to the config file - type: str -author: "Tomas Sedovic" -''' - -EXAMPLES = ''' -- hosts: webservers - tasks: - - name: Gather the HAProxy config - haproxy_conf: path=/etc/haproxy/haproxy.cfg -''' - - -# ConfigParser chokes on both mariadb and haproxy files. Luckily They have -# a syntax approaching ini config file so they are relatively easy to parse. -# This generic ini style config parser is not perfect -- it can ignore some -# valid options -- but good enough for our use case. -def generic_ini_style_conf_parser(file_path, section_regex, option_regex): - config = {} - current_section = None - with open(file_path) as config_file: - for line in config_file: - match_section = re.match(section_regex, line) - if match_section: - current_section = match_section.group(1) - config[current_section] = {} - match_option = re.match(option_regex, line) - if match_option and current_section: - option = re.sub(r'\s+', ' ', match_option.group(1)) - config[current_section][option] = match_option.group(2) - return config - - -def parse_haproxy_conf(file_path): - section_regex = r'^(\w+)' - option_regex = r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$' - return generic_ini_style_conf_parser(file_path, section_regex, - option_regex) - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - haproxy_conf_path = module.params.get('path') - - try: - config = parse_haproxy_conf(haproxy_conf_path) - except IOError: - module.fail_json(msg="Could not open the haproxy conf file at: '%s'" % - haproxy_conf_path) - - module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config}) - - -if __name__ == '__main__': - main() diff --git a/library/hiera.py b/library/hiera.py deleted file mode 100644 index c5edd02ec..000000000 --- a/library/hiera.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import subprocess - -from ansible.module_utils.basic import AnsibleModule -from yaml import safe_load as yaml_safe_load - -DOCUMENTATION = ''' ---- -module: hiera -short_description: Get data from hiera -description: - - Get data from hiera -options: - name: - required: true - description: - - Name to lookup - type: str -author: "Martin Andre (@mandre)" -''' - -EXAMPLES = ''' -- hosts: webservers - tasks: - - name: Lookup foo - hiera: name=foo -''' - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - name = module.params.get('name') - - cmd = ['/usr/bin/hiera', '-c', '/etc/puppet/hiera.yaml', name] - result = subprocess.check_output(cmd, universal_newlines=True).rstrip() - - if result == 'nil': - module.fail_json(msg="Failed to retrieve hiera data for {}" - .format(name)) - - module.exit_json(changed=False, - ansible_facts={name: result}) - - -if __name__ == '__main__': - main() diff --git a/library/reportentry.py b/library/reportentry.py deleted file mode 100644 index 090db4ec0..000000000 --- a/library/reportentry.py +++ /dev/null @@ -1,89 +0,0 @@ -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -from ansible.module_utils.basic import AnsibleModule -from yaml import safe_load as yaml_safe_load - -DOCUMENTATION = ''' ---- -module: reportentry -short_description: Print a custom report -description: - - Print a custom report -options: - report_status: - required: true - description: - - The report status. Should be 'OK', 'ERROR' or 'SKIPPED'. - choices: - - 'OK' - - 'ERROR' - - 'SKIPPED' - type: str - report_reason: - required: true - description: - - The reason of the report - type: str - report_recommendations: - required: true - description: - - A list of recommendations to do. - type: list -author: "Gael Chamoulaud" -''' - -EXAMPLES = ''' -- hosts: undercloud - tasks: - - name: Report DNS setup in undercloud.conf - reportentry: - report_status: "ERROR" - report_reason: "DNS is not setup correctly in undercloud.conf" - report_recommendations: - - "Please set the 'undercloud_nameservers' param in undercloud.conf" -''' - - -def format_msg_report(status, reason, recommendations): - msg = ("[{}] '{}'\n".format(status, reason)) - if recommendations: - for rec in recommendations: - msg += " - RECOMMENDATION: {}\n".format(rec) - - return msg - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - status = module.params.get('report_status') - msg = format_msg_report(module.params.get('report_status'), - module.params.get('report_reason'), - module.params.get('report_recommendations')) - - if status == 'ERROR': - module.fail_json(msg=msg) - elif status == "SKIPPED": - module.exit_json(changed=False, - warnings=msg) - else: - module.exit_json(changed=False, - msg=msg) - - -if __name__ == '__main__': - main() diff --git a/library/validations_read_ini.py b/library/validations_read_ini.py deleted file mode 100644 index 63cc4afbd..000000000 --- a/library/validations_read_ini.py +++ /dev/null @@ -1,166 +0,0 @@ -#!/usr/bin/env python - -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Ansible module to read a value from an Ini file. -# Usage: -# - validations_read_ini: path=/path/to/file.ini section=default key=something -# register: my_ini -# -# This will read the `path/to/file.ini` file and read the `Hello!` value under: -# [default] -# something = Hello! -# -# You can register the result and use it later with `{{ my_ini.value }}` - -try: - import configparser as ConfigParser -except ImportError: - import ConfigParser - -from enum import Enum -import os - -from ansible.module_utils.basic import AnsibleModule -from yaml import safe_load as yaml_safe_load - - -# Possible return values -class ReturnValue(Enum): - OK = 0 - INVALID_FORMAT = 1 - KEY_NOT_FOUND = 2 - - -def check_file(path, ignore_missing): - '''Validate entered path''' - - if not (os.path.exists(path) and os.path.isfile(path)): - return "Could not open the ini file: '{}'".format(path) - else: - return '' - - -def get_result(path, section, key, default=None): - '''Get value based on section and key''' - - msg = '' - value = None - config = ConfigParser.SafeConfigParser() - - try: - config.read(path) - except Exception: - msg = "The file '{}' is not in a valid INI format.".format(path) - ret = ReturnValue.INVALID_FORMAT - return (ret, msg, value) - - try: - value = config.get(section, key) - msg = ("The key '{}' under the section '{}' in file {} " - "has the value: '{}'").format(key, section, path, value) - ret = ReturnValue.OK - return (ret, msg, value) - except ConfigParser.Error: - if default: - msg = ("There is no key '{}' under section '{}' in file {}. Using" - " default value '{}'".format(key, section, path, default)) - ret = ReturnValue.OK - value = default - else: - value = None - msg = "There is no key '{}' under the section '{}' in file {}.".format( - key, section, path) - ret = ReturnValue.KEY_NOT_FOUND - return (ret, msg, value) - - -DOCUMENTATION = ''' ---- -module: validations_read_ini -short_description: Get data from an ini file -description: - - Get data from an ini file -options: - path: - required: true - description: - - File path - type: str - section: - required: true - description: - - Section to look up - type: str - key: - required: true - description: - - Section key to look up - type: str - default: - required: false - description: - - Default value if key isn't found - ignore_missing_file: - required: false - description: - - Flag if a missing file should be ignored - type: bool -author: "Tomas Sedovic" -''' - -EXAMPLES = ''' -- hosts: webservers - tasks: - - name: Lookup bar value - validations_read_ini: path=config.ini section=foo key=bar ignore_missing_file=True -''' - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - ini_file_path = module.params.get('path') - ignore_missing = module.params.get('ignore_missing_file') - - # Check that file exists - msg = check_file(ini_file_path, ignore_missing) - - if msg != '': - # Opening file failed - if ignore_missing: - module.exit_json(msg=msg, changed=False, value=None) - else: - module.fail_json(msg=msg) - else: - # Try to parse the result from ini file - section = module.params.get('section') - key = module.params.get('key') - default = module.params.get('default') - - ret, msg, value = get_result(ini_file_path, section, key, default) - - if ret == ReturnValue.INVALID_FORMAT: - module.fail_json(msg=msg) - elif ret == ReturnValue.KEY_NOT_FOUND: - module.exit_json(msg=msg, changed=False, value=None) - elif ret == ReturnValue.OK: - module.exit_json(msg=msg, changed=False, value=value) - - -if __name__ == '__main__': - main() diff --git a/library/warn.py b/library/warn.py deleted file mode 100644 index 61852f3ff..000000000 --- a/library/warn.py +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env python -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from ansible.module_utils.basic import AnsibleModule -from yaml import safe_load as yaml_safe_load - -DOCUMENTATION = ''' ---- -module: warn -short_description: Add warning to playbook output -description: - - Add warning to playbook output -options: - msg: - required: true - description: - - The warning text - type: str -author: "Martin Andre (@mandre)" -''' - -EXAMPLES = ''' -- hosts: webservers - tasks: - - name: Output warning message - warn: msg="Warning!" -''' - - -def main(): - module = AnsibleModule( - argument_spec=yaml_safe_load(DOCUMENTATION)['options'] - ) - - msg = module.params.get('msg') - - module.exit_json(changed=False, - warnings=[msg]) - - -if __name__ == '__main__': - main() diff --git a/playbooks/512e.yaml b/playbooks/512e.yaml deleted file mode 100644 index e71094d4e..000000000 --- a/playbooks/512e.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: undercloud - vars: - metadata: - name: Advanced Format 512e Support - description: > - Detect whether the undercloud disks use Advanced Format. If they do, - the overcloud images may fail to upload to Glance. - groups: - - prep - - pre-deployment - roles: - - advanced_format_512e_support diff --git a/playbooks/check-ftype.yaml b/playbooks/check-ftype.yaml deleted file mode 100644 index c1bfd8341..000000000 --- a/playbooks/check-ftype.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: undercloud, allovercloud - vars: - metadata: - name: XFS ftype check - description: > - Check if there is at least 1 XFS volume - with ftype=0 in any deployed node. - groups: - - pre-upgrade - roles: - - xfs_check_ftype diff --git a/playbooks/check-latest-packages-version.yaml b/playbooks/check-latest-packages-version.yaml deleted file mode 100644 index e14499442..000000000 --- a/playbooks/check-latest-packages-version.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: undercloud - gather_facts: true - vars: - metadata: - name: Check if latest version of packages is installed - description: > - Makes sure python-tripleoclient is at its latest version - before starting an upgrade. - groups: - - pre-upgrade - roles: - - check_latest_packages_version diff --git a/playbooks/dns.yaml b/playbooks/dns.yaml deleted file mode 100644 index 232103084..000000000 --- a/playbooks/dns.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: undercloud, allovercloud - vars: - metadata: - name: Verify DNS - description: > - Verify that the DNS resolution works - groups: - - pre-deployment - server_to_lookup: example.com - roles: - - dns diff --git a/playbooks/haproxy.yaml b/playbooks/haproxy.yaml deleted file mode 100644 index 08b008927..000000000 --- a/playbooks/haproxy.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- hosts: "{{ controller_rolename | default('Controller') }}" - vars: - metadata: - name: HAProxy configuration - description: Verify the HAProxy configuration has recommended values. - groups: - - post-deployment - config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg' - global_maxconn_min: 20480 - defaults_maxconn_min: 4096 - defaults_timeout_queue: '2m' - defaults_timeout_client: '2m' - defaults_timeout_server: '2m' - defaults_timeout_check: '10s' - roles: - - haproxy diff --git a/playbooks/no-op.yaml b/playbooks/no-op.yaml deleted file mode 100644 index d360d5b9a..000000000 --- a/playbooks/no-op.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: undercloud, allovercloud - vars: - metadata: - name: NO-OP validation - description: > - A simple validation doing nothing in order to test that - the validations framework works. - groups: - - no-op - roles: - - no_op diff --git a/playbooks/ntp.yaml b/playbooks/ntp.yaml deleted file mode 100644 index 9accb8251..000000000 --- a/playbooks/ntp.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- hosts: allovercloud - vars: - metadata: - name: Verify all deployed nodes have their clock synchronised - description: > - Each overcloud node should have their clocks synchronised. - - The deployment should configure and run chronyd. This validation verifies - that it is indeed running and connected to an NTP server on all nodes. - groups: - - post-deployment - roles: - - ntp diff --git a/playbooks/service-status.yaml b/playbooks/service-status.yaml deleted file mode 100644 index 78e4c4c55..000000000 --- a/playbooks/service-status.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: undercloud, allovercloud - vars: - metadata: - name: Ensure services state - description: > - Detect services status on the target host and fails if we find - a failed service. - groups: - - prep - - pre-deployment - - pre-upgrade - - post-deployment - - post-upgrade - roles: - - service_status diff --git a/playbooks/undercloud-cpu.yaml b/playbooks/undercloud-cpu.yaml deleted file mode 100644 index d945274cc..000000000 --- a/playbooks/undercloud-cpu.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: undercloud - gather_facts: true - vars: - metadata: - name: Verify undercloud fits the CPU core requirements - description: > - Make sure that the undercloud has enough CPU cores. - - https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale - groups: - - prep - - pre-introspection - min_undercloud_cpu_count: 8 - roles: - - undercloud_cpu diff --git a/playbooks/undercloud-ram.yaml b/playbooks/undercloud-ram.yaml deleted file mode 100644 index b5145cc3e..000000000 --- a/playbooks/undercloud-ram.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- hosts: undercloud - gather_facts: true - vars: - metadata: - name: Verify the undercloud fits the RAM requirements - description: > - Verify that the undercloud has enough RAM. - - https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale - groups: - - prep - - pre-introspection - - pre-upgrade - min_undercloud_ram_gb: 24 - roles: - - undercloud_ram diff --git a/playbooks/undercloud-selinux-mode.yaml b/playbooks/undercloud-selinux-mode.yaml deleted file mode 100644 index 9702334ae..000000000 --- a/playbooks/undercloud-selinux-mode.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: undercloud - gather_facts: true - vars: - metadata: - name: Undercloud SELinux Enforcing Mode Check - description: > - Check if the Undercloud is running SELinux in Enforcing mode. - groups: - - prep - - pre-introspection - roles: - - undercloud_selinux_mode diff --git a/playbooks/validate-selinux.yaml b/playbooks/validate-selinux.yaml deleted file mode 100644 index f433cb41b..000000000 --- a/playbooks/validate-selinux.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: all - vars: - metadata: - name: validate-selinux - description: >- - Ensures we don't have any SELinux denials on the system - groups: - - pre-deployment - - post-deployment - - pre-upgrade - - post-upgrade - validate_selinux_working_dir: /tmp - validate_selinux_audit_source: /var/log/audit/audit.log - validate_selinux_skip_list_dest: "{{ validate_selinux_working_dir }}/denials-skip-list.txt" - validate_selinux_filtered_denials_dest: "{{ validate_selinux_working_dir }}/denials-filtered.log" - validate_selinux_strict: false - validate_selinux_filter: "None" - validate_selinux_skip_list: {} - roles: - - validate_selinux diff --git a/roles/advanced_format_512e_support/molecule/default/Dockerfile.j2 b/roles/advanced_format_512e_support/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/advanced_format_512e_support/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/advanced_format_512e_support/molecule/default/converge.yml b/roles/advanced_format_512e_support/molecule/default/converge.yml deleted file mode 100644 index 6c61a39a2..000000000 --- a/roles/advanced_format_512e_support/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - - tasks: - - name: Warn developers about the lack of molecule testing - fail: - msg: >- - This role needs molecule tests! diff --git a/roles/advanced_format_512e_support/molecule/default/molecule.yml b/roles/advanced_format_512e_support/molecule/default/molecule.yml deleted file mode 100644 index 51f993bf4..000000000 --- a/roles/advanced_format_512e_support/molecule/default/molecule.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - easy_install: - - pip - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/advanced_format_512e_support/tasks/main.yml b/roles/advanced_format_512e_support/tasks/main.yml deleted file mode 100644 index 0d507e0f9..000000000 --- a/roles/advanced_format_512e_support/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: List the available drives - register: drive_list - command: "ls /sys/class/block/" - changed_when: false - -- name: Detect whether the drive uses Advanced Format - advanced_format: drive={{ item }} - when: item is match("^sd.$") - with_items: "{{ drive_list.stdout_lines }}" diff --git a/roles/advanced_format_512e_support/vars/main.yml b/roles/advanced_format_512e_support/vars/main.yml deleted file mode 100644 index 6ed23ac02..000000000 --- a/roles/advanced_format_512e_support/vars/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -metadata: - name: Advanced Format 512e Support - description: > - Detect whether the undercloud disks use Advanced Format. If they do, - the overcloud images may fail to upload to Glance. - groups: - - prep - - pre-deployment diff --git a/roles/check_latest_packages_version/defaults/main.yml b/roles/check_latest_packages_version/defaults/main.yml deleted file mode 100644 index e8e9d2ed4..000000000 --- a/roles/check_latest_packages_version/defaults/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -tripleoclient: >- - {%- if ansible_distribution == 'RedHat' and ansible_distribution_major_version == '8' -%} - python3-tripleoclient - {%- else -%} - python2-tripleoclient - {%- endif -%} - -packages: - - "{{ tripleoclient }}" diff --git a/roles/check_latest_packages_version/molecule/default/Dockerfile.j2 b/roles/check_latest_packages_version/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/check_latest_packages_version/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/check_latest_packages_version/molecule/default/converge.yml b/roles/check_latest_packages_version/molecule/default/converge.yml deleted file mode 100644 index db4a659fb..000000000 --- a/roles/check_latest_packages_version/molecule/default/converge.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - - tasks: - - name: Validate No Available Update for patch rpm - include_role: - name: check_latest_packages_version - vars: - packages: - - patch - - - name: Working Detection of Update for Pam package - block: - - include_role: - name: check_latest_packages_version - vars: - packages: - - pam - - rescue: - - name: Clear host errors - meta: clear_host_errors - - - debug: - msg: The validation works! End the playbook run - - - name: End play - meta: end_play - - - name: Fail the test - fail: - msg: | - The check_latest_packages_version role should have detected - that packages have available updates. diff --git a/roles/check_latest_packages_version/molecule/default/molecule.yml b/roles/check_latest_packages_version/molecule/default/molecule.yml deleted file mode 100644 index fbba6b6f0..000000000 --- a/roles/check_latest_packages_version/molecule/default/molecule.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools PyYAML - easy_install: - - pip - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/check_latest_packages_version/molecule/default/prepare.yml b/roles/check_latest_packages_version/molecule/default/prepare.yml deleted file mode 100644 index c55cfc709..000000000 --- a/roles/check_latest_packages_version/molecule/default/prepare.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - gather_facts: false - - tasks: - - name: install patch rpm - package: - name: patch diff --git a/roles/check_latest_packages_version/tasks/main.yml b/roles/check_latest_packages_version/tasks/main.yml deleted file mode 100644 index dd782ea6b..000000000 --- a/roles/check_latest_packages_version/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Get available updates for packages - check_package_update: - package: "{{ item }}" - pkg_mgr: "{{ ansible_pkg_mgr }}" - with_items: "{{ packages }}" - register: updates - -- name: Check if current version is the latest one - fail: - msg: >- - A newer version of the {{ item.name }} package is - available: {{ item.new_version }}-{{ item.new_release }} - (currently {{ item.current_version }}-{{ item.current_release }}) - with_items: "{{ updates.results }}" - when: item.new_version diff --git a/roles/check_latest_packages_version/vars/main.yml b/roles/check_latest_packages_version/vars/main.yml deleted file mode 100644 index fa8403955..000000000 --- a/roles/check_latest_packages_version/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -metadata: - name: Check if latest version of packages is installed - description: > - Makes sure python-tripleoclient is at its latest version - before starting an upgrade. - groups: - - pre-upgrade diff --git a/roles/dns/defaults/main.yml b/roles/dns/defaults/main.yml deleted file mode 100644 index bb0cae8fe..000000000 --- a/roles/dns/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -server_to_lookup: example.com diff --git a/roles/dns/molecule/default/Dockerfile.j2 b/roles/dns/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/dns/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/dns/molecule/default/converge.yml b/roles/dns/molecule/default/converge.yml deleted file mode 100644 index 1a6d6bd97..000000000 --- a/roles/dns/molecule/default/converge.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - - tasks: - - name: Should get a success - include_role: - name: dns - vars: - server_to_lookup: www.redhat.com - - name: Should properly fail - block: - - include_role: - name: dns - vars: - server_to_lookup: role.dns.domain.do-not.exists - - rescue: - - name: Clear host errors - meta: clear_host_errors - - - debug: - msg: The validation works! End the playbook run - - - name: End play - meta: end_play - - - name: Fail the test - fail: - msg: | - The dns role should have detected a faulty DNS configuration diff --git a/roles/dns/molecule/default/molecule.yml b/roles/dns/molecule/default/molecule.yml deleted file mode 100644 index 1ec8a62d7..000000000 --- a/roles/dns/molecule/default/molecule.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools - easy_install: - - pip - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/dns/tasks/main.yml b/roles/dns/tasks/main.yml deleted file mode 100644 index aefea0804..000000000 --- a/roles/dns/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Ensure DNS resolution works - command: "getent hosts {{ server_to_lookup }}" - changed_when: false diff --git a/roles/dns/vars/main.yml b/roles/dns/vars/main.yml deleted file mode 100644 index e3e6f3859..000000000 --- a/roles/dns/vars/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -metadata: - name: Verify DNS - description: > - Verify that the DNS resolution works - groups: - - pre-deployment diff --git a/roles/haproxy/README.md b/roles/haproxy/README.md deleted file mode 100644 index 8c101805a..000000000 --- a/roles/haproxy/README.md +++ /dev/null @@ -1,42 +0,0 @@ -haproxy -======= - -An Ansible role to check if the HAProxy configuration has recommended values. - -Requirements ------------- - -This role requires an Up and Running Overcloud - -Role Variables --------------- - -- config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg' -- global_maxconn_min: 20480 -- defaults_maxconn_min: 4096 -- defaults_timeout_queue: '2m' -- defaults_timeout_client: '2m' -- defaults_timeout_server: '2m' -- defaults_timeout_check: '10s' - -Dependencies ------------- - -No dependencies - -Example Playbook ----------------- - - - hosts: undercloud - roles: - - { role: haproxy } - -License -------- - -Apache - -Author Information ------------------- - -Red Hat TripleO Validations Team. diff --git a/roles/haproxy/defaults/main.yml b/roles/haproxy/defaults/main.yml deleted file mode 100644 index 4cd0eb21b..000000000 --- a/roles/haproxy/defaults/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -haproxy_config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg' -global_maxconn_min: 20480 -defaults_maxconn_min: 4096 -defaults_timeout_queue: '2m' -defaults_timeout_client: '2m' -defaults_timeout_server: '2m' -defaults_timeout_check: '10s' diff --git a/roles/haproxy/molecule/default/Dockerfile b/roles/haproxy/molecule/default/Dockerfile deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/haproxy/molecule/default/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/haproxy/molecule/default/converge.yml b/roles/haproxy/molecule/default/converge.yml deleted file mode 100644 index 9960f9788..000000000 --- a/roles/haproxy/molecule/default/converge.yml +++ /dev/null @@ -1,71 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - - vars: - haproxy_config_file: /haproxy.cfg - - tasks: - - name: create haproxy config file - copy: - dest: /haproxy.cfg - content: | - # This file managed by Puppet - global - daemon - group haproxy - log /dev/log local0 - maxconn 100 - pidfile /var/run/haproxy.pid - ssl-default-bind-ciphers !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES - ssl-default-bind-options no-sslv3 no-tlsv10 - stats socket /var/lib/haproxy/stats mode 600 level user - stats timeout 1s - user haproxy - - defaults - log global - maxconn 100 - mode tcp - retries 1 - timeout http-request 1s - timeout queue 1s - timeout connect 1s - timeout client 1s - timeout server 1s - timeout check 1s - - block: - - include_role: - name: haproxy - rescue: - - name: Clear host errors - meta: clear_host_errors - - - debug: - msg: The validation works! End the playbook run - - - name: End play - meta: end_play - - - name: Fail the test - fail: - msg: | - The haproxy role should have detected issues within haproxy - configuration file! diff --git a/roles/haproxy/molecule/default/molecule.yml b/roles/haproxy/molecule/default/molecule.yml deleted file mode 100644 index 97741ee39..000000000 --- a/roles/haproxy/molecule/default/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - dockerfile: Dockerfile - pkg_extras: python-setuptools haproxy PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - dockerfile: Dockerfile - pkg_extras: python*-setuptools haproxy python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml deleted file mode 100644 index 6ed7b804d..000000000 --- a/roles/haproxy/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: Gather the HAProxy config - become: true - haproxy_conf: - path: "{{ haproxy_config_file }}" - -- name: Verify global maxconn - fail: - msg: >- - The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}' - must be greater than {{ global_maxconn_min }} - failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min - -- name: Verify defaults maxconn - fail: - msg: >- - The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}' - must be greater than {{ defaults_maxconn_min }} - failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min - -- name: Verify defaults timeout queue - fail: - msg: >- - The 'timeout queue' option in 'defaults' is - '{{ haproxy_conf.defaults['timeout queue'] }}', - but must be set to {{ defaults_timeout_queue }} - failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue" - -- name: Verify defaults timeout client - fail: - msg: >- - The 'timeout client' option in 'defaults' is - '{{ haproxy_conf.defaults['timeout client'] }}', - but must be set to {{ defaults_timeout_client }} - failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client" - -- name: Verify defaults timeout server - fail: - msg: >- - The 'timeout server' option in 'defaults' is - '{{ haproxy_conf.defaults['timeout server'] }}', - but must be set to {{ defaults_timeout_server }} - failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server" - -- name: Verify defaults timeout check - fail: - msg: >- - The 'timeout check' option in 'defaults' is - '{{ haproxy_conf.defaults['timeout check'] }}', - but must be set to {{ defaults_timeout_check }} - failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check" diff --git a/roles/haproxy/vars/main.yml b/roles/haproxy/vars/main.yml deleted file mode 100644 index a04d0e81a..000000000 --- a/roles/haproxy/vars/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -metadata: - name: HAProxy configuration - description: Verify the HAProxy configuration has recommended values. - groups: - - post-deployment diff --git a/roles/no_op/tasks/main.yml b/roles/no_op/tasks/main.yml deleted file mode 100644 index 904ba2099..000000000 --- a/roles/no_op/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- name: Run a no-op validation everywhere - debug: - msg: "This is a no-op action for testing that the validations framework runs" diff --git a/roles/no_op/vars/main.yml b/roles/no_op/vars/main.yml deleted file mode 100644 index 4202d355f..000000000 --- a/roles/no_op/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -metadata: - name: NO-OP validation - description: > - A simple validation doing nothing in order to test that - the validations framework works. - groups: - - no-op diff --git a/roles/ntp/molecule/default/Dockerfile.j2 b/roles/ntp/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/ntp/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/ntp/molecule/default/converge.yml b/roles/ntp/molecule/default/converge.yml deleted file mode 100644 index 6c61a39a2..000000000 --- a/roles/ntp/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - - tasks: - - name: Warn developers about the lack of molecule testing - fail: - msg: >- - This role needs molecule tests! diff --git a/roles/ntp/molecule/default/molecule.yml b/roles/ntp/molecule/default/molecule.yml deleted file mode 100644 index 980916aef..000000000 --- a/roles/ntp/molecule/default/molecule.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/ntp/tasks/main.yml b/roles/ntp/tasks/main.yml deleted file mode 100644 index 36c67faec..000000000 --- a/roles/ntp/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Get if chrony is enabled - become: true - hiera: - name: "chrony_enabled" - -- when: chrony_enabled|bool - block: - - name: Populate service facts - service_facts: # needed to make yaml happy - - - name: Fail if chronyd service is not running - fail: - msg: "Chronyd service is not running" - when: "ansible_facts.services['chronyd.service'].state != 'running'" - - - name: Run chronyc - become: true - command: chronyc -a 'burst 4/4' - changed_when: false - -# ntpstat returns 0 if synchronised and non-zero otherwise: -- name: Run ntpstat - command: ntpstat - changed_when: false - when: not chrony_enabled|bool diff --git a/roles/ntp/vars/main.yml b/roles/ntp/vars/main.yml deleted file mode 100644 index 992ea6f9b..000000000 --- a/roles/ntp/vars/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -metadata: - name: Verify all deployed nodes have their clock synchronised - description: > - Each overcloud node should have their clocks synchronised. - - The deployment should configure and run chronyd. This validation verifies - that it is indeed running and connected to an NTP server on all nodes. - groups: - - post-deployment diff --git a/roles/service_status/defaults/main.yaml b/roles/service_status/defaults/main.yaml deleted file mode 100644 index 87e9c20fc..000000000 --- a/roles/service_status/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -service_status_podman_opt: '' diff --git a/roles/service_status/molecule/default/Dockerfile.j2 b/roles/service_status/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/service_status/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/service_status/molecule/default/converge.yml b/roles/service_status/molecule/default/converge.yml deleted file mode 100644 index 39290cdfe..000000000 --- a/roles/service_status/molecule/default/converge.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - - tasks: - - name: Full check with defaults - include_role: - name: service_status diff --git a/roles/service_status/molecule/default/molecule.yml b/roles/service_status/molecule/default/molecule.yml deleted file mode 100644 index 929fbafc4..000000000 --- a/roles/service_status/molecule/default/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - command: /sbin/init - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - command: /sbin/init - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/service_status/molecule/docker/Dockerfile.j2 b/roles/service_status/molecule/docker/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/service_status/molecule/docker/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/service_status/molecule/docker/converge.yml b/roles/service_status/molecule/docker/converge.yml deleted file mode 100644 index b3db61a7f..000000000 --- a/roles/service_status/molecule/docker/converge.yml +++ /dev/null @@ -1,59 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - become: true - - tasks: - - name: "Check containers - docker version, no service" - include_role: - name: service_status - tasks_from: containers.yaml - - - name: "Check containers - docker version, with service" - block: - - name: Activate docker service - service: - name: docker - state: started - enabled: true - - - name: Catch failure - block: - - name: Run check - include_role: - name: service_status - tasks_from: containers.yaml - - rescue: - - name: Clear host errors - meta: clear_host_errors - - - name: Test output - debug: - msg: | - Success finding broken containers - - - name: End play - meta: end_play - - - name: Fail if this point is reached - fail: - msg: | - Did not find broken containers diff --git a/roles/service_status/molecule/docker/molecule.yml b/roles/service_status/molecule/docker/molecule.yml deleted file mode 100644 index 71210c0b2..000000000 --- a/roles/service_status/molecule/docker/molecule.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - easy_install: - - pip - command: /sbin/init - capabilities: - - SYS_ADMIN - privileged: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /sys/fs/cgroup:/sys/fs/cgroup:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - command: /sbin/init - capabilities: - - SYS_ADMIN - privileged: true - volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /sys/fs/cgroup:/sys/fs/cgroup:ro - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML python*-libselinux - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/service_status/molecule/docker/prepare.yml b/roles/service_status/molecule/docker/prepare.yml deleted file mode 100644 index eb96fe08d..000000000 --- a/roles/service_status/molecule/docker/prepare.yml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - gather_facts: false - - tasks: - - name: install docker - package: - name: docker - - - name: fake docker exe - copy: - dest: /usr/bin/docker - mode: 0755 - content: | - #!/bin/sh - echo 'thirsty_goldwasser Exited (0) 12 seconds ago' - echo 'fedora28 Exited (255) 7 hours ago' - echo 'centos7 Exited (255) 7 hours ago' - - - name: docker unit override basedir - file: - path: /etc/systemd/system/docker.service.d - state: directory - - - name: fake docker unit - copy: - dest: /etc/systemd/system/docker.service.d/override.conf - content: | - [Unit] - After=network.target - Wants= - Requires= - - [Service] - Type=simple - ExecStart= - ExecStart=/usr/bin/fake - Restart= - - - name: fake docker exec for unit - copy: - dest: /usr/bin/fake - mode: 0755 - content: | - #!/bin/sh - while true; do - sleep 5; - done diff --git a/roles/service_status/molecule/podman/Dockerfile.j2 b/roles/service_status/molecule/podman/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/service_status/molecule/podman/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/service_status/molecule/podman/bolt_state.db b/roles/service_status/molecule/podman/bolt_state.db deleted file mode 100644 index bab3585b9..000000000 Binary files a/roles/service_status/molecule/podman/bolt_state.db and /dev/null differ diff --git a/roles/service_status/molecule/podman/converge.yml b/roles/service_status/molecule/podman/converge.yml deleted file mode 100644 index 9bef3a2d4..000000000 --- a/roles/service_status/molecule/podman/converge.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - vars: - service_status_podman_opt: '--storage-driver=vfs' - - tasks: - - name: Check podman container state - block: - - name: Detect failed podman containers - include_role: - name: service_status - tasks_from: containers.yaml - rescue: - - name: Clear host errors - meta: clear_host_errors - - - name: Test output - debug: - msg: | - Properly detected failed container - - - name: End play now - meta: end_play - - - name: Fail if we get to this point - fail: - msg: | - Did not detect failed container diff --git a/roles/service_status/molecule/podman/molecule.yml b/roles/service_status/molecule/podman/molecule.yml deleted file mode 100644 index 929fbafc4..000000000 --- a/roles/service_status/molecule/podman/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - command: /sbin/init - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - command: /sbin/init - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/service_status/molecule/podman/prepare.yml b/roles/service_status/molecule/podman/prepare.yml deleted file mode 100644 index ee46fa0b0..000000000 --- a/roles/service_status/molecule/podman/prepare.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - gather_facts: false - - tasks: - - name: install podman - package: - name: podman - - - name: Create libpod arbo - file: - path: '/var/lib/containers/{{ item }}' - state: directory - loop: - - storage - - storage/libpod - - - name: Insert failed container DB - copy: - src: ./bolt_state.db - dest: /var/lib/containers/storage/libpod/bolt_state.db - setype: container_var_lib_t diff --git a/roles/service_status/molecule/systemd/Dockerfile.j2 b/roles/service_status/molecule/systemd/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/service_status/molecule/systemd/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/service_status/molecule/systemd/converge.yml b/roles/service_status/molecule/systemd/converge.yml deleted file mode 100644 index 0f2cd0bdd..000000000 --- a/roles/service_status/molecule/systemd/converge.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - - tasks: - - name: Check service - block: - - name: Run validation - include_role: - name: service_status - tasks_from: systemd.yaml - rescue: - - name: Clear errors - meta: clear_host_errors - - - name: Test output - debug: - msg: | - Successfully detected failed unit - - - name: End play - meta: end_play - - - name: Fail if this point is reached - fail: - msg: | - Did not detect failed unit diff --git a/roles/service_status/molecule/systemd/molecule.yml b/roles/service_status/molecule/systemd/molecule.yml deleted file mode 100644 index 929fbafc4..000000000 --- a/roles/service_status/molecule/systemd/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - command: /sbin/init - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - command: /sbin/init - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/service_status/molecule/systemd/prepare.yml b/roles/service_status/molecule/systemd/prepare.yml deleted file mode 100644 index 4e1cc89ad..000000000 --- a/roles/service_status/molecule/systemd/prepare.yml +++ /dev/null @@ -1,39 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - gather_facts: false - - tasks: - - name: Create fake, failing unit - copy: - dest: /etc/systemd/system/tripleo_failed-unit.service - content: | - [Unit] - After=network.target - - [Service] - Type=simple - ExecStart=/usr/bin/false - - - name: Enable and start broken thing - ignore_errors: true - service: - name: tripleo_failed-unit - state: started - enabled: true diff --git a/roles/service_status/tasks/containers.yaml b/roles/service_status/tasks/containers.yaml deleted file mode 100644 index 38179437d..000000000 --- a/roles/service_status/tasks/containers.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -- name: Gather package facts - package_facts: - manager: auto - -- name: Is docker running - systemd: - name: docker - register: docker_svc - when: ansible_facts.packages['docker'] is defined - -- name: Do we have podman - stat: - path: /usr/bin/podman - register: podman_stat - -- name: Podman related block - when: podman_stat.stat.exists - block: - - name: Get failed containers for podman - become: true - shell: | - podman {{ service_status_podman_opt }} ps -a --filter 'status=exited' --format {{ "'{{ .Names }} {{ .Status }}'" }} - register: failed_podman - - - name: Fail if we detect failed podman container - fail: - msg: | - Failed container detected. - On CI, please check the following locations - /var/log/extras/failed_containers.log - /var/log/extras/podman - when: item is not match(".* Exited \(0\) .* ago") - loop: "{{ failed_podman.stdout_lines }}" - -- name: Docker related block - when: - - ansible_facts.packages['docker'] is defined - - docker_svc.status['SubState'] == 'running' - block: - - name: Get failed containers from docker - become: true - shell: > - {% raw %} - docker ps -a --filter 'status=exited' --format '{{ .Names }} {{ .Status }}' - {% endraw %} - register: failed_docker - - - name: Fail if we detect failed docker container - fail: - msg: | - Failed container detected. - On CI, please check the following locations - /var/log/extras/failed_containers.log - /var/log/extras/docker - when: - - failed_docker is defined - - item is not match(".* Exited \(0\) .* ago") - loop: "{{ failed_docker.stdout_lines }}" diff --git a/roles/service_status/tasks/main.yaml b/roles/service_status/tasks/main.yaml deleted file mode 100644 index 8e232512a..000000000 --- a/roles/service_status/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- include_tasks: containers.yaml -- include_tasks: systemd.yaml diff --git a/roles/service_status/tasks/systemd.yaml b/roles/service_status/tasks/systemd.yaml deleted file mode 100644 index a7b726b02..000000000 --- a/roles/service_status/tasks/systemd.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Get failed services from Systemd - shell: > - systemctl list-units --failed --plain --no-legend --no-pager "tripleo_*" - register: systemd_state - changed_when: false - -- name: Fails if we find failed systemd units - assert: - that: - - systemd_state.stdout_lines|length == 0 - fail_msg: "The following services failed {{ systemd_state.stdout_lines }}" - success_msg: "All tripleo units are working fine" diff --git a/roles/undercloud_cpu/README.md b/roles/undercloud_cpu/README.md deleted file mode 100644 index 3b7728ac8..000000000 --- a/roles/undercloud_cpu/README.md +++ /dev/null @@ -1,36 +0,0 @@ -Undercloud-cpu -============== - -An Ansible role to check if the Undercloud fits the CPU core requirements - -Requirements ------------- - -This role could be used before or/and after the Undercloud installation. - -Role Variables --------------- - -- min_undercloud_cpu_count: <8> -- Minimal number of CPU core - -Dependencies ------------- - -No dependencies. - -Example Playbook ----------------- - - - hosts: undercloud - roles: - - { role: undercloud-cpu, min_undercloud_cpu_count: 42 } - -License -------- - -Apache 2.0 - -Author Information ------------------- - -Red Hat TripleO Validations Team diff --git a/roles/undercloud_cpu/defaults/main.yml b/roles/undercloud_cpu/defaults/main.yml deleted file mode 100644 index 5a15292c6..000000000 --- a/roles/undercloud_cpu/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -min_undercloud_cpu_count: 8 diff --git a/roles/undercloud_cpu/molecule/default/Dockerfile.j2 b/roles/undercloud_cpu/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/undercloud_cpu/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/undercloud_cpu/molecule/default/converge.yml b/roles/undercloud_cpu/molecule/default/converge.yml deleted file mode 100644 index f6802bfe8..000000000 --- a/roles/undercloud_cpu/molecule/default/converge.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - - vars: - min_undercloud_cpu_count: 100 - - tasks: - - block: - - include_role: - name: undercloud_cpu - rescue: - - name: Clear host errors - meta: clear_host_errors - - - debug: - msg: The validation works! End the playbook run - - - name: End play - meta: end_play - - - name: Fail the test - fail: - msg: | - The undercloud_cpu role should have detected that there is not - enough CPU diff --git a/roles/undercloud_cpu/molecule/default/molecule.yml b/roles/undercloud_cpu/molecule/default/molecule.yml deleted file mode 100644 index 0ce6f867a..000000000 --- a/roles/undercloud_cpu/molecule/default/molecule.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/undercloud_cpu/tasks/main.yml b/roles/undercloud_cpu/tasks/main.yml deleted file mode 100644 index eeb0031ea..000000000 --- a/roles/undercloud_cpu/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: Verify the number of CPU cores - fail: - msg: >- - There are {{ ansible_processor_vcpus }} cores in the system, - but there should be at least {{ min_undercloud_cpu_count }} - failed_when: "ansible_processor_vcpus|int < min_undercloud_cpu_count|int" diff --git a/roles/undercloud_cpu/vars/main.yaml b/roles/undercloud_cpu/vars/main.yaml deleted file mode 100644 index 2766e828d..000000000 --- a/roles/undercloud_cpu/vars/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -metadata: - name: Verify undercloud fits the CPU core requirements - description: > - Make sure that the undercloud has enough CPU cores. - - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/7/html/Director_Installation_and_Usage/sect-Undercloud_Requirements.html - groups: - - prep - - pre-introspection diff --git a/roles/undercloud_ram/README.md b/roles/undercloud_ram/README.md deleted file mode 100644 index 53224d1d4..000000000 --- a/roles/undercloud_ram/README.md +++ /dev/null @@ -1,36 +0,0 @@ -Undercloud-ram -============== - -An Ansible role to check if the Undercloud fits the RAM requirements - -Requirements ------------- - -This role could be used before or/and after the Undercloud installation - -Role Variables --------------- - -- min_undercloud_ram_gb: <24> -- Minimal amount of RAM in GB - -Dependencies ------------- - -No dependencies. - -Example Playbook ----------------- - - - hosts: undercloud - roles: - - { role: undercloud-ram, min_undercloud_ram_gb: 24 } - -License -------- - -Apache - -Author Information ------------------- - -Red Hat TripleO Validations Team diff --git a/roles/undercloud_ram/defaults/main.yml b/roles/undercloud_ram/defaults/main.yml deleted file mode 100644 index c9dbb34ef..000000000 --- a/roles/undercloud_ram/defaults/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -min_undercloud_ram_gb: 24 diff --git a/roles/undercloud_ram/molecule/default/Dockerfile.j2 b/roles/undercloud_ram/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/undercloud_ram/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/undercloud_ram/molecule/default/converge.yml b/roles/undercloud_ram/molecule/default/converge.yml deleted file mode 100644 index 22e52b994..000000000 --- a/roles/undercloud_ram/molecule/default/converge.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - - vars: - min_undercloud_ram_gb: 1000000 - - tasks: - - block: - - include_role: - name: undercloud_ram - rescue: - - name: Clear host errors - meta: clear_host_errors - - - debug: - msg: The validation works! End the playbook run - - - name: End play - meta: end_play - - - name: Fail the test - fail: - msg: | - The undercloud_ram role should have detected that there is not - enough RAM diff --git a/roles/undercloud_ram/molecule/default/molecule.yml b/roles/undercloud_ram/molecule/default/molecule.yml deleted file mode 100644 index 1ec8a62d7..000000000 --- a/roles/undercloud_ram/molecule/default/molecule.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools - easy_install: - - pip - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/undercloud_ram/tasks/main.yml b/roles/undercloud_ram/tasks/main.yml deleted file mode 100644 index bd2c4e9c7..000000000 --- a/roles/undercloud_ram/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Verify the RAM requirements - fail: - msg: >- - The RAM on the undercloud node is {{ ansible_memtotal_mb }} MB, - the minimal recommended value is - {{ min_undercloud_ram_gb|int * 1024 }} MB. - # NOTE(shadower): converting GB to MB - failed_when: "(ansible_memtotal_mb) < min_undercloud_ram_gb|int * 1024" diff --git a/roles/undercloud_ram/vars/main.yaml b/roles/undercloud_ram/vars/main.yaml deleted file mode 100644 index 3bde5eddb..000000000 --- a/roles/undercloud_ram/vars/main.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -metadata: - name: Verify the undercloud fits the RAM requirements - description: > - Verify that the undercloud has enough RAM. - - https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/14/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale - groups: - - prep - - pre-introspection - - pre-upgrade diff --git a/roles/undercloud_selinux_mode/README.md b/roles/undercloud_selinux_mode/README.md deleted file mode 100644 index eee51efa2..000000000 --- a/roles/undercloud_selinux_mode/README.md +++ /dev/null @@ -1,37 +0,0 @@ -Undercloud-selinux-mode -======================= - -An Ansible role to check the Undercloud SELinux Enforcing mode - - -Requirements ------------- - -This role could be used before or/and after the Undercloud installation - -Role Variables --------------- - -None - -Dependencies ------------- - -No dependencies. - -Example Playbook ----------------- - - - hosts: undercloud - roles: - - { role: undercloud-selinux-mode } - -License -------- - -Apache - -Author Information ------------------- - -Red Hat TripleO Validations Team diff --git a/roles/undercloud_selinux_mode/molecule/default/Dockerfile.j2 b/roles/undercloud_selinux_mode/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/undercloud_selinux_mode/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/undercloud_selinux_mode/molecule/default/converge.yml b/roles/undercloud_selinux_mode/molecule/default/converge.yml deleted file mode 100644 index 6c61a39a2..000000000 --- a/roles/undercloud_selinux_mode/molecule/default/converge.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - - tasks: - - name: Warn developers about the lack of molecule testing - fail: - msg: >- - This role needs molecule tests! diff --git a/roles/undercloud_selinux_mode/molecule/default/molecule.yml b/roles/undercloud_selinux_mode/molecule/default/molecule.yml deleted file mode 100644 index 51f993bf4..000000000 --- a/roles/undercloud_selinux_mode/molecule/default/molecule.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML - easy_install: - - pip - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/undercloud_selinux_mode/tasks/main.yml b/roles/undercloud_selinux_mode/tasks/main.yml deleted file mode 100644 index 1cd8733ef..000000000 --- a/roles/undercloud_selinux_mode/tasks/main.yml +++ /dev/null @@ -1,24 +0,0 @@ ---- -- name: Get current SELinux mode - command: getenforce - become: true - register: sestatus - changed_when: false - -- name: Fail if SELinux is not in Enforced mode (RHEL) - fail: - msg: >- - SELinux is running in {{ sestatus.stdout }} mode on the Undercloud. - Ensure that SELinux is enabled and running in Enforcing mode. - when: - - "sestatus.stdout != 'Enforcing'" - - "ansible_distribution == 'RedHat'" - -- name: Warn if SELinux is not in Enforced mode (CentOS) - warn: - msg: >- - SELinux is running in {{ sestatus.stdout }} mode on the Undercloud. - Ensure that SELinux is enabled and running in Enforcing mode. - when: - - "sestatus.stdout != 'Enforcing'" - - "ansible_distribution == 'CentOS'" diff --git a/roles/undercloud_selinux_mode/vars/main.yml b/roles/undercloud_selinux_mode/vars/main.yml deleted file mode 100644 index 60e95154e..000000000 --- a/roles/undercloud_selinux_mode/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -metadata: - name: Undercloud SELinux Enforcing Mode Check - description: > - Check if the Undercloud is running SELinux in Enforcing mode. - groups: - - prep - - pre-introspection diff --git a/roles/validate_selinux/defaults/main.yml b/roles/validate_selinux/defaults/main.yml deleted file mode 100644 index c7f0a32e5..000000000 --- a/roles/validate_selinux/defaults/main.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# All variables intended for modification should place placed in this file. - -# All variables within this role should have a prefix of "validate_selinux" -validate_selinux_working_dir: /var/log/validations -validate_selinux_audit_source: /var/log/audit/audit.log -validate_selinux_skip_list_dest: "{{ validate_selinux_working_dir }}/denials-skip-list.txt" -validate_selinux_filtered_denials_dest: "{{ validate_selinux_working_dir }}/denials-filtered.log" -validate_selinux_strict: false -validate_selinux_filter: "None" -validate_selinux_skip_list: {} diff --git a/roles/validate_selinux/handlers/main.yml b/roles/validate_selinux/handlers/main.yml deleted file mode 100644 index dfd4c7352..000000000 --- a/roles/validate_selinux/handlers/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/roles/validate_selinux/molecule/default/Dockerfile b/roles/validate_selinux/molecule/default/Dockerfile deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/validate_selinux/molecule/default/Dockerfile +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/validate_selinux/molecule/default/converge.yml b/roles/validate_selinux/molecule/default/converge.yml deleted file mode 100644 index 00c31d70e..000000000 --- a/roles/validate_selinux/molecule/default/converge.yml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - gather_facts: false - vars: - validate_selinux_working_dir: '/tmp' - - tasks: - - name: Simple run without filter against clean auditlog - include_role: - name: validate_selinux - vars: - validate_selinux_audit_source: '/var/log/audit-clean.log' - - - name: Run with filter against unclean auditlog - include_role: - name: validate_selinux - vars: - validate_selinux_audit_source: '/var/log/audit-unclean.log' - validate_selinux_skip_list: - - entry: 'tcontext=system_u:system_r:init_t' - comment: 'This one is a real-life entry' - - entry: 'tcontext=system_u:system_r:system_dbusd_t' - comment: 'This one is another real-life entry' - - - name: Run without filter against unclean auditlog - block: - - name: Run role - include_role: - name: validate_selinux - vars: - validate_selinux_audit_source: '/var/log/audit-unclean.log' - validate_selinux_strict: true - rescue: - - name: Clear host error - meta: clear_host_errors - - - name: Status message - debug: - msg: 'Successfully detected denials issue!' - - - name: End play - meta: end_play - - - name: Fail if we get to this place - fail: - msg: 'Unit test failed: did not detect untracked denials!' diff --git a/roles/validate_selinux/molecule/default/molecule.yml b/roles/validate_selinux/molecule/default/molecule.yml deleted file mode 100644 index bddc2140a..000000000 --- a/roles/validate_selinux/molecule/default/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - dockerfile: Dockerfile - pkg_extras: python-setuptools - easy_install: - - pip - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - dockerfile: Dockerfile - pkg_extras: python*-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - ANSIBLE_LIBRARY: "../../../../library" - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/validate_selinux/molecule/default/prepare.yml b/roles/validate_selinux/molecule/default/prepare.yml deleted file mode 100644 index 6d8f478ad..000000000 --- a/roles/validate_selinux/molecule/default/prepare.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - gather_facts: false - - tasks: - - name: Populate fake clean auditlog - copy: - dest: /var/log/audit-clean.log - owner: root - mode: 0600 - group: root - # yamllint disable rule:line-length - content: | - type=SERVICE_START msg=audit(1575877870.934:286): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - type=SERVICE_STOP msg=audit(1575878320.981:287): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=sssd-kcm comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - type=USER_ACCT msg=audit(1575878471.739:288): pid=4430 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - type=USER_CMD msg=audit(1575878471.740:289): pid=4430 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=626F7267202D2D696E666F20637265617465202D2D636F6D7072657373696F6E206C7A34202D2D6578636C7564652D636163686573202D2D6578636C756465202A2F2A2E6C6F636B202D2D6578636C756465202A2F2E746F78202D2D6578636C756465202A2F2E737465737472202D2D6578636C756465202A2F727562792D76656E646F72202D2D6578636C756465202A2F7A75756C2F202D2D6578636C756465202A2F73736866732F202D2D6578636C756465202A2F2E6C6F63616C2F7368617265202F6D656469612F6261636B7570732F7268656C3A3A31306130393963382D316135612D313165612D613663622D386331363435366466626265202F686F6D652F636A65616E6E6572 exe="/usr/bin/sudo" terminal=? res=success'UID="root" AUID="unset" - type=USER_ACCT msg=audit(1575878554.296:294): pid=4445 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - type=USER_CMD msg=audit(1575878554.296:295): pid=4445 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=626F7267206C697374202F6D656469612F6261636B7570732F7268656C exe="/usr/bin/sudo" terminal=? res=success'UID="root" AUID="unset" - type=USER_ACCT msg=audit(1575878555.032:300): pid=4449 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - type=USER_CMD msg=audit(1575878555.032:301): pid=4449 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_cronjob_t:s0-s0:c0.c1023 msg='cwd="/root" cmd=626F7267207072756E65202D70202D2D6B6565702D77697468696E203277202D2D7374617473202F6D656469612F6261636B7570732F7268656C exe="/usr/bin/sudo" terminal=? res=success'UID="root" AUID="unset" - type=SERVICE_START msg=audit(1575878869.915:306): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - type=SERVICE_STOP msg=audit(1575878900.615:312): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset" - - # yamllint enable rule:line-length - - name: Populate unclean auditlog - copy: - dest: /var/log/audit-unclean.log - owner: root - mode: 0600 - group: root - # yamllint disable rule:line-length - content: | - type=AVC msg=audit(1575534183.234:4933): avc: denied { write } for pid=11266 comm="iptables" path="pipe:[231496]" dev="pipefs" ino=231496 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:certmonger_t:s0 tclass=fifo_file permissive=1 - type=AVC msg=audit(1575534183.342:4934): avc: denied { write } for pid=11284 comm="iptables" path="pipe:[231496]" dev="pipefs" ino=231496 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:certmonger_t:s0 tclass=fifo_file permissive=1 - type=USER_AVC msg=audit(1575535009.861:5275): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=38869 scontext=system_u:system_r:container_t:s0:c313,c573 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535009.861:5276): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.systemd1.Manager member=GetDynamicUsers dest=org.freedesktop.systemd1 spid=38869 tpid=1 scontext=system_u:system_r:container_t:s0:c313,c573 tcontext=system_u:system_r:init_t:s0 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535009.862:5277): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.1198 spid=1 tpid=38869 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:container_t:s0:c313,c573 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535013.340:5290): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=39132 scontext=system_u:system_r:container_t:s0:c192,c917 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535013.341:5291): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.systemd1.Manager member=GetDynamicUsers dest=org.freedesktop.systemd1 spid=39132 tpid=1 scontext=system_u:system_r:container_t:s0:c192,c917 tcontext=system_u:system_r:init_t:s0 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535013.342:5292): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.1209 spid=1 tpid=39132 scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:container_t:s0:c192,c917 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535028.912:5307): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=39430 scontext=system_u:system_r:container_t:s0:c776,c848 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" - type=USER_AVC msg=audit(1575535028.913:5308): pid=1397 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.systemd1.Manager member=GetDynamicUsers dest=org.freedesktop.systemd1 spid=39430 tpid=1 scontext=system_u:system_r:container_t:s0:c776,c848 tcontext=system_u:system_r:init_t:s0 tclass=dbus permissive=1 exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus" diff --git a/roles/validate_selinux/molecule/default/verify.yml b/roles/validate_selinux/molecule/default/verify.yml deleted file mode 100644 index dfd4c7352..000000000 --- a/roles/validate_selinux/molecule/default/verify.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/roles/validate_selinux/tasks/main.yml b/roles/validate_selinux/tasks/main.yml deleted file mode 100644 index d0ef3a050..000000000 --- a/roles/validate_selinux/tasks/main.yml +++ /dev/null @@ -1,123 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# "validate-selinux" tasks - -- name: "Ensure {{ validate_selinux_audit_source }} does exist" - become: true - stat: - path: "{{ validate_selinux_audit_source }}" - register: auditlog_stat - -- name: "Fail if {{ validate_selinux_audit_source }} does not exit" - when: not auditlog_stat.stat.exists - fail: - msg: "ERROR: {{ validate_selinux_audit_source }} does not exist!" - -- name: Load skip list from provided file - when: - - validate_selinux_filter != 'None' - - validate_selinux_skip_list is not defined - include_vars: "{{ validate_selinux_filter }}" - -- name: Gather subset of facts - setup: - gather_subset: "!min,distribution_major_version" - when: - - validate_selinux_filter == 'None' - - validate_selinux_skip_list is not defined - - ansible_distribution_major_version is not defined - -- name: Load skip list variables (undercloud or overcloud) - when: - - validate_selinux_skip_list is not defined - include_vars: "{{ lookup('first_found', lookhere, errors='ignore') }}" - vars: - lookhere: - - "selinux_skip_{{ release }}_on_{{ ansible_distribution_major_version }}.yml" - - "selinux_skip_{{ release }}.yml" - -- name: Fetch denials from auditlog - become: true - ignore_errors: true - changed_when: false - shell: | - set -o pipefail - grep denied {{ validate_selinux_audit_source }} > /tmp/denials.log - -- name: Get stat for denials.log - stat: - path: /tmp/denials.log - register: denials_log - -- name: Everything is fine - when: denials_log.stat.size == 0 - debug: - msg: "No untracked SELinux AVC detected, congratulations!" - -- name: Next steps only if we have denials - when: denials_log.stat.size > 0 - block: - - name: Create skip list - when: validate_selinux_skip_list != {} - template: - src: skip-list.j2 - dest: "{{ validate_selinux_skip_list_dest }}" - mode: 0644 - - - name: Filter out denials - when: validate_selinux_skip_list != {} - ignore_errors: true - changed_when: false - shell: | - set -o pipefail - grep -v -f {{ validate_selinux_skip_list_dest }} /tmp/denials.log > {{ validate_selinux_filtered_denials_dest }} - - - name: No skip_list - when: validate_selinux_skip_list == {} - copy: - remote_src: true - src: /tmp/denials.log - dest: "{{ validate_selinux_filtered_denials_dest }}" - - - name: Get stat for filtered denials - stat: - path: "{{ validate_selinux_filtered_denials_dest }}" - register: denials_stat - - - name: debug - debug: - var: denials_stat - - - name: Fail if we found untracked denials - when: - - validate_selinux_strict|bool - - denials_stat.stat.size != 0 - fail: - msg: "Untracked SELinux AVCs found, please refer to {{ validate_selinux_filtered_denials_dest }}" - - - name: Output information in case we do not fail - when: - - not validate_selinux_strict|bool - - denials_stat.stat.size != 0 - debug: - msg: "Untracked SELinux AVCs found, please refer to {{ validate_selinux_filtered_denials_dest }}" - - - name: Output information if everything is fine - when: denials_stat.stat.size == 0 - debug: - msg: "No untracked SELinux AVC detected, congratulations!" diff --git a/roles/validate_selinux/templates/skip-list.j2 b/roles/validate_selinux/templates/skip-list.j2 deleted file mode 100644 index 4409f3eaf..000000000 --- a/roles/validate_selinux/templates/skip-list.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{% for entry in validate_selinux_skip_list %} -{{ entry.entry }} -{% endfor %} diff --git a/roles/validate_selinux/vars/main.yml b/roles/validate_selinux/vars/main.yml deleted file mode 100644 index d826fe191..000000000 --- a/roles/validate_selinux/vars/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# While options found within the vars/ path can be overridden using extra -# vars, items within this path are considered part of the role and not -# intended to be modified. - -# All variables within this role should have a prefix of "validate_selinux" diff --git a/roles/xfs_check_ftype/molecule/default/Dockerfile.j2 b/roles/xfs_check_ftype/molecule/default/Dockerfile.j2 deleted file mode 100644 index e0534b4d1..000000000 --- a/roles/xfs_check_ftype/molecule/default/Dockerfile.j2 +++ /dev/null @@ -1,37 +0,0 @@ -# Molecule managed -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -{% if item.registry is defined %} -FROM {{ item.registry.url }}/{{ item.image }} -{% else %} -FROM {{ item.image }} -{% endif %} - -RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ - elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \ - elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ - elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \ - elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \ - elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi - -{% for pkg in item.easy_install | default([]) %} -# install pip for centos where there is no python-pip rpm in default repos -RUN easy_install {{ pkg }} -{% endfor %} - - -CMD ["sh", "-c", "while true; do sleep 10000; done"] diff --git a/roles/xfs_check_ftype/molecule/default/converge.yml b/roles/xfs_check_ftype/molecule/default/converge.yml deleted file mode 100644 index 4c7f8536e..000000000 --- a/roles/xfs_check_ftype/molecule/default/converge.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Converge - hosts: all - roles: - - role: xfs_check_ftype diff --git a/roles/xfs_check_ftype/molecule/default/molecule.yml b/roles/xfs_check_ftype/molecule/default/molecule.yml deleted file mode 100644 index 410f44992..000000000 --- a/roles/xfs_check_ftype/molecule/default/molecule.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -driver: - name: docker - -log: true - -platforms: - - name: centos7 - hostname: centos7 - image: centos:7 - privileged: true - pkg_extras: python-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - easy_install: - - pip - environment: &env - http_proxy: "{{ lookup('env', 'http_proxy') }}" - https_proxy: "{{ lookup('env', 'https_proxy') }}" - - - name: centos8 - hostname: centos8 - image: centos:8 - privileged: true - pkg_extras: python*-setuptools - volumes: - - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro - environment: - <<: *env - -provisioner: - name: ansible - log: true - env: - ANSIBLE_STDOUT_CALLBACK: yaml - -scenario: - test_sequence: - - destroy - - create - - prepare - - converge - - verify - - destroy - -verifier: - name: testinfra diff --git a/roles/xfs_check_ftype/molecule/default/prepare.yml b/roles/xfs_check_ftype/molecule/default/prepare.yml deleted file mode 100644 index 822f32b8b..000000000 --- a/roles/xfs_check_ftype/molecule/default/prepare.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -- name: Prepare - hosts: all - - vars: - xfs_image_file: "/root/xfs_{{ ansible_distribution|lower }}.img" - - post_tasks: - - name: Create a blank image - command: "dd if=/dev/zero of={{ xfs_image_file }} bs=1M count=50" - tags: - - skip_ansible_lint - - - name: Install tools for managing XFS partitions - package: - name: "{{ item }}" - state: present - loop: - - parted - - xfsprogs - - - name: Map the partition file to the loop device - command: "losetup --find --show {{ xfs_image_file }}" - register: losetup - tags: - - skip_ansible_lint - - - name: Format the partition with XFS with ftype=1 - filesystem: - fstype: xfs - dev: "{{ losetup.stdout }}" - opts: -n ftype=1 - - - name: Create a directory for the partition to mount onto - file: - path: /xfs - state: directory - - - name: Mount the XFS partition - mount: - path: /xfs - src: "{{ losetup.stdout }}p1" - fstype: xfs - state: present diff --git a/roles/xfs_check_ftype/molecule/default/verify.yml b/roles/xfs_check_ftype/molecule/default/verify.yml deleted file mode 100644 index dfd4c7352..000000000 --- a/roles/xfs_check_ftype/molecule/default/verify.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Copyright 2019 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. diff --git a/roles/xfs_check_ftype/tasks/main.yml b/roles/xfs_check_ftype/tasks/main.yml deleted file mode 100644 index 4775676a4..000000000 --- a/roles/xfs_check_ftype/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Check if there are XFS volumes with ftype=0 - become: true - shell: | - for dev in $(df -h | grep '/dev/' | grep -v 'tmp' | cut -d' ' -f1) - do - parseftype=$(xfs_info $dev | grep ftype=0); - if [[ ! -z "$parseftype" ]]; then - ftype="ftype=0"; - break; - fi - done - echo $ftype; - register: ftype - changed_when: false - -- name: Check ftype - fail: - msg: > - XFS volumes formatted using ftype=0 are incompatible - with the docker overlayfs driver. - Run xfs_info on {{ ansible_fqdn }} and fix those volumes - before proceeding with the upgrade. - when: - - ftype.stdout == 'ftype=0' diff --git a/roles/xfs_check_ftype/vars/main.yml b/roles/xfs_check_ftype/vars/main.yml deleted file mode 100644 index 79d8c7f86..000000000 --- a/roles/xfs_check_ftype/vars/main.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -metadata: - name: XFS ftype check - description: > - Check if there is at least 1 XFS volume - with ftype=0 in any deployed node. - groups: - - pre-upgrade diff --git a/tripleo_validations/tests/library/test_check_package_update.py b/tripleo_validations/tests/library/test_check_package_update.py deleted file mode 100644 index 77b9a453a..000000000 --- a/tripleo_validations/tests/library/test_check_package_update.py +++ /dev/null @@ -1,99 +0,0 @@ -# -*- coding: utf-8 -*- - -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -try: - from unittest.mock import MagicMock - from unittest.mock import patch -except ImportError: - from mock import MagicMock - from mock import patch - -from library.check_package_update import check_update -from library.check_package_update import get_package_details -from tripleo_validations.tests import base - - -PKG_INSTALLED = "foo-package|6.1.5|1|x86_64" - -PKG_AVAILABLE = """\ -Available Packages -foo-package.x86_64 8.0.0-1 foo-stable -""" - - -class TestGetPackageDetails(base.TestCase): - def setUp(self): - super(TestGetPackageDetails, self).setUp() - self.entry = get_package_details("foo-package|6.2.0|1|x86_64") - - def test_name(self): - self.assertEqual(self.entry.name, 'foo-package') - - def test_arch(self): - self.assertEqual(self.entry.arch, 'x86_64') - - def test_version(self): - self.assertEqual(self.entry.version, '6.2.0') - - def test_release(self): - self.assertEqual(self.entry.release, '1') - - -class TestCheckUpdate(base.TestCase): - def setUp(self): - super(TestCheckUpdate, self).setUp() - self.module = MagicMock() - - def test_unsupported_pkg_mgr_fails(self): - check_update(self.module, 'foo-package', 'apt') - self.module.fail_json.assert_called_with( - msg='Package manager "apt" is not supported.') - - @patch('library.check_package_update._command') - def test_fails_if_installed_package_not_found(self, mock_command): - mock_command.side_effect = [ - ['', 'No package found.'], - ] - check_update(self.module, 'foo-package', 'yum') - self.module.fail_json.assert_called_with( - msg='No package found.') - - @patch('library.check_package_update._command') - def test_returns_current_and_available_versions(self, mock_command): - mock_command.side_effect = [ - [PKG_INSTALLED, ''], - [PKG_AVAILABLE, ''], - ] - - check_update(self.module, 'foo-package', 'yum') - self.module.exit_json.assert_called_with(changed=False, - name='foo-package', - current_version='6.1.5', - current_release='1', - new_version='8.0.0', - new_release='1') - - @patch('library.check_package_update._command') - def test_returns_current_version_if_no_updates(self, mock_command): - mock_command.side_effect = [ - [PKG_INSTALLED, ''], - ['', 'No packages found'], - ] - check_update(self.module, 'foo-package', 'yum') - self.module.exit_json.assert_called_with(changed=False, - name='foo-package', - current_version='6.1.5', - current_release='1', - new_version=None, - new_release=None) diff --git a/tripleo_validations/tests/library/test_validations_read_ini.py b/tripleo_validations/tests/library/test_validations_read_ini.py deleted file mode 100644 index ea6637015..000000000 --- a/tripleo_validations/tests/library/test_validations_read_ini.py +++ /dev/null @@ -1,144 +0,0 @@ -# -*- coding: utf-8 -*- - -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -""" -test_validations_read_ini ----------------------------------- - -Tests for `validations_read_ini` module. -""" - - -import os -import tempfile - -import library.validations_read_ini as validation -from tripleo_validations.tests import base - - -invalid_content = ''' -[DEFAULT# - hello = -''' - -valid_content = ''' -[DEFAULT] -debug=True - -[dhcp] -dhcp_start=192.168.0.1 -dhcp_end=192.168.0.254 - -[secrets] -password=1234 -''' - - -class TestValidationsReadIni(base.TestCase): - - def test_check_file_invalid_path(self): - '''Test validations_read_ini when path is invalid''' - - msg = validation.check_file('non/existing/path', False) - self.assertEqual("Could not open the ini file: 'non/existing/path'", - msg) - - def test_check_file_ignore_missing(self): - '''Test validations_read_ini when ignoring missing files''' - - msg = validation.check_file('non/existing/path', True) - self.assertEqual("Could not open the ini file: 'non/existing/path'", - msg) - - def test_check_file_valid_path(self): - '''Test validations_read_ini when path is valid''' - - tmpfile = self.create_tmp_ini() - tmp_name = os.path.relpath(tmpfile.name) - msg = validation.check_file(tmp_name, False) - tmpfile.close() - - self.assertEqual('', msg) - - def test_get_result_invalid_format(self): - '''Test validations_read_ini when file format is valid''' - - tmpfile = self.create_tmp_ini() - tmp_name = os.path.relpath(tmpfile.name) - tmpfile.write(invalid_content.encode('utf-8')) - tmpfile.seek(0) - ret, msg, value = validation.get_result(tmp_name, 'section', 'key') - tmpfile.close() - - self.assertEqual(validation.ReturnValue.INVALID_FORMAT, ret) - self.assertEqual("The file '{}' is not in a valid INI format.".format( - tmp_name), msg) - self.assertIsNone(value) - - def test_get_result_key_not_found(self): - '''Test validations_read_ini when key is not found''' - - tmpfile = self.create_tmp_ini() - tmp_name = os.path.relpath(tmpfile.name) - tmpfile.write(valid_content.encode('utf-8')) - tmpfile.seek(0) - ret, msg, value = validation.get_result(tmp_name, 'section', 'key') - tmpfile.close() - - self.assertEqual(validation.ReturnValue.KEY_NOT_FOUND, ret) - self.assertEqual(("There is no key 'key' under the section 'section' " - "in file {}.").format(tmp_name), msg) - self.assertIsNone(value) - - def test_get_result_key_not_found_with_default(self): - '''Test validations_read_ini when key is not found but has a default''' - - tmpfile = self.create_tmp_ini() - tmp_name = os.path.relpath(tmpfile.name) - tmpfile.write(valid_content.encode('utf-8')) - tmpfile.seek(0) - ret, msg, value = validation.get_result(tmp_name, 'section', 'key', - 'foo') - tmpfile.close() - - self.assertEqual(validation.ReturnValue.OK, ret) - self.assertEqual(("There is no key 'key' under section 'section' " - "in file {}. Using default value '{}'" - ).format(tmp_name, 'foo'), msg) - self.assertEqual(value, 'foo') - - def test_get_result_ok(self): - '''Test validations_read_ini when key is not found''' - - tmpfile = self.create_tmp_ini() - tmp_name = os.path.relpath(tmpfile.name) - tmpfile.write(valid_content.encode('utf-8')) - tmpfile.seek(0) - ret, msg, value = validation.get_result(tmp_name, 'secrets', - 'password') - tmpfile.close() - - self.assertEqual(validation.ReturnValue.OK, ret) - self.assertEqual(("The key 'password' under the section 'secrets'" - " in file {} has the value: '1234'").format( - tmp_name), msg) - self.assertEqual('1234', value) - - def create_tmp_ini(self): - '''Create temporary tmp.ini file, return its full name''' - - path = 'tripleo_validations/tests' - tmpfile = tempfile.NamedTemporaryFile(suffix='.ini', prefix='tmp', - dir=path) - return tmpfile diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 715225cc7..9850aaf32 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -3,13 +3,10 @@ check: jobs: - tripleo-validations-centos-8-molecule-ceph - - tripleo-validations-centos-8-molecule-check_latest_packages_version - tripleo-validations-centos-8-molecule-check_network_gateway - tripleo-validations-centos-8-molecule-controller_token - tripleo-validations-centos-8-molecule-controller_ulimits - tripleo-validations-centos-8-molecule-ctlplane_ip_range - - tripleo-validations-centos-8-molecule-dns - - tripleo-validations-centos-8-molecule-haproxy - tripleo-validations-centos-8-molecule-image_serve - tripleo-validations-centos-8-molecule-nova_status - tripleo-validations-centos-8-molecule-nova_svirt @@ -21,21 +18,15 @@ - tripleo-validations-centos-8-molecule-tls_everywhere - tripleo-validations-centos-8-molecule-undercloud_cpu - tripleo-validations-centos-8-molecule-undercloud_debug - - tripleo-validations-centos-8-molecule-undercloud_disk_space - tripleo-validations-centos-8-molecule-undercloud_heat_purge_deleted - - tripleo-validations-centos-8-molecule-undercloud_ram - tripleo-validations-centos-8-molecule-undercloud_tokenflush - - tripleo-validations-centos-8-molecule-validate_selinux gate: jobs: - tripleo-validations-centos-8-molecule-ceph - - tripleo-validations-centos-8-molecule-check_latest_packages_version - tripleo-validations-centos-8-molecule-check_network_gateway - tripleo-validations-centos-8-molecule-controller_token - tripleo-validations-centos-8-molecule-controller_ulimits - tripleo-validations-centos-8-molecule-ctlplane_ip_range - - tripleo-validations-centos-8-molecule-dns - - tripleo-validations-centos-8-molecule-haproxy - tripleo-validations-centos-8-molecule-image_serve - tripleo-validations-centos-8-molecule-image_serve - tripleo-validations-centos-8-molecule-nova_status @@ -49,11 +40,8 @@ - tripleo-validations-centos-8-molecule-tls_everywhere - tripleo-validations-centos-8-molecule-undercloud_cpu - tripleo-validations-centos-8-molecule-undercloud_debug - - tripleo-validations-centos-8-molecule-undercloud_disk_space - tripleo-validations-centos-8-molecule-undercloud_heat_purge_deleted - - tripleo-validations-centos-8-molecule-undercloud_ram - tripleo-validations-centos-8-molecule-undercloud_tokenflush - - tripleo-validations-centos-8-molecule-validate_selinux name: tripleo-validations-molecule-jobs - job: files: @@ -143,14 +131,6 @@ vars: tripleo_validations_role_name: undercloud_process_count voting: false -- job: - files: - - ^roles/undercloud_selinux_mode/.* - name: tripleo-validations-centos-8-molecule-undercloud_selinux_mode - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: undercloud_selinux_mode - voting: false - job: files: - ^roles/openstack_endpoints/.* @@ -159,22 +139,6 @@ vars: tripleo_validations_role_name: openstack_endpoints voting: false -- job: - files: - - ^roles/ntp/.* - name: tripleo-validations-centos-8-molecule-ntp - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: ntp - voting: false -- job: - files: - - ^roles/service_status/.* - name: tripleo-validations-centos-8-molecule-service_status - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: service_status - voting: false - job: files: - ^roles/openshift_on_openstack/.* @@ -231,14 +195,6 @@ vars: tripleo_validations_role_name: network_environment voting: false -- job: - files: - - ^roles/advanced_format_512e_support/.* - name: tripleo-validations-centos-8-molecule-advanced_format_512e_support - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: advanced_format_512e_support - voting: false - job: files: - ^roles/dhcp_validations/.* @@ -268,20 +224,6 @@ parent: tripleo-validations-centos-8-base vars: tripleo_validations_role_name: ctlplane_ip_range -- job: - files: - - ^roles/dns/.* - name: tripleo-validations-centos-8-molecule-dns - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: dns -- job: - files: - - ^roles/haproxy/.* - name: tripleo-validations-centos-8-molecule-haproxy - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: haproxy - job: files: - ^roles/repos/.* @@ -289,20 +231,6 @@ parent: tripleo-validations-centos-8-base vars: tripleo_validations_role_name: repos -- job: - files: - - ^roles/undercloud_cpu/.* - name: tripleo-validations-centos-8-molecule-undercloud_cpu - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: undercloud_cpu -- job: - files: - - ^roles/undercloud_ram/.* - name: tripleo-validations-centos-8-molecule-undercloud_ram - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: undercloud_ram - job: files: - ^roles/undercloud_debug/.* @@ -310,21 +238,6 @@ parent: tripleo-validations-centos-8-base vars: tripleo_validations_role_name: undercloud_debug -- job: - files: - - ^roles/undercloud_disk_space/.* - name: tripleo-validations-centos-8-molecule-undercloud_disk_space - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: undercloud_disk_space -- job: - files: - - ^roles/xfs_check_ftype/.* - name: tripleo-validations-centos-8-molecule-xfs_check_ftype - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: xfs_check_ftype - voting: false - job: files: - ^roles/nova_status/.* @@ -375,20 +288,6 @@ parent: tripleo-validations-centos-8-base vars: tripleo_validations_role_name: stonith_exists -- job: - files: - - ^roles/check_latest_packages_version/.* - name: tripleo-validations-centos-8-molecule-check_latest_packages_version - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: check_latest_packages_version -- job: - files: - - ^roles/validate_selinux/.* - name: tripleo-validations-centos-8-molecule-validate_selinux - parent: tripleo-validations-centos-8-base - vars: - tripleo_validations_role_name: validate_selinux - job: files: - ^roles/ceph/.*