diff --git a/doc/source/roles/role-check_uc_hostname.rst b/doc/source/roles/role-check_uc_hostname.rst index bb80924b8..2feca2cb3 100644 --- a/doc/source/roles/role-check_uc_hostname.rst +++ b/doc/source/roles/role-check_uc_hostname.rst @@ -2,7 +2,71 @@ check_uc_hostname ================= -.. literalinclude:: ../../../roles/check_uc_hostname/README.md +-------------- +About the role +-------------- + +Ansible role to check ``DockerInsecureRegistryAddress`` matches the UC hostname. + +The purpose of this validation is mostly target for the FFWD 13 to 16.X procedure. + +Customer is expected to follow the step `9.3. Configuring access to the +undercloud registry +`_ + +The customer needs to retrieve the control plane host name on the +undercloud and add it into the ``DockerInsecureRegistryAddress``. + +It might happen that the user misses this step or doesn't really add +the right control plan host name and then ``podman`` fails to retrieve the +containers. + +To summarize what customer is expected to do: + +- Run ``sudo hiera container_image_prepare_node_names`` to get host name(s) +- Edit the containers-prepare-parameter.yaml file and the ``DockerInsecureRegistryAddress`` parameter with + host name and IP of the undercloud. + +This validation will: + +- Pull ``DockerInsecureRegistryAddress`` (list) from the Openstack environment +- Run ``sudo hiera container_image_prepare_node_names`` +- Verify the container_image_prepare_node_names returned from ``hiera`` is contained in the ``DockerInsecureRegistryAddress`` list. + +Requirements +============ + +This role will be executed pre Overcloud Update. + +Dependencies +============ + +No Dependencies + +Example Playbook +================ + +.. code-block:: yaml + + - hosts: servers + vars: + check_uc_hostname_debug: true + roles: + - check_uc_hostname + +License +======= + +Apache + +Author Information +================== + +**Red Hat TripleO DFG:Upgrades** + +---------------- +Full Description +---------------- .. ansibleautoplugin:: :role: roles/check_uc_hostname diff --git a/roles/check_uc_hostname/README.md b/roles/check_uc_hostname/README.md deleted file mode 100644 index b4d3ee955..000000000 --- a/roles/check_uc_hostname/README.md +++ /dev/null @@ -1,39 +0,0 @@ -Check-uc-hostname -================= - -Add Ansible role to check DockerInsecureRegistryAddress matches the UC hostname. - -Requirements ------------- - -This role will be executed pre Overcloud Update, and post Update - - -Role Variables --------------- - -* `check_uc_hostname_debug`: <'false'> -- debugging mode. -* `check_uc_hostname_containers`: <'{{ansible_env.HOME}}/containers-prepare-parameter.yaml'> -- Sets the default path to the `containers-prepare-parameters.yaml` file on the Undercloud. -* `check_uc_hostname_undercloud`: <'{{ ansible_env.HOME }}/undercloud.conf'> -- Sets the default path to the `undercloud.conf` file on the Undercloud. - -Dependencies ------------- - -No Dependencies - -Example Playbook ----------------- - - - hosts: servers - roles: - - { role: check_uc_hostname, check_uc_hostname_debug: true } - -License -------- - -Apache - -Author Information ------------------- - -Red Hat TripleO DFG:Upgrades diff --git a/roles/check_uc_hostname/defaults/main.yml b/roles/check_uc_hostname/defaults/main.yml index 606490410..afde89b5b 100644 --- a/roles/check_uc_hostname/defaults/main.yml +++ b/roles/check_uc_hostname/defaults/main.yml @@ -18,6 +18,10 @@ # All variables intended for modification should place placed in this file. # All variables within this role should have a prefix of "check_uc_hostname" + +# Debugging mode check_uc_hostname_debug: false -check_uc_hostname_containers: "{{ ansible_env.HOME }}/containers-prepare-parameter.yaml" -check_uc_hostname_undercloud: "{{ ansible_env.HOME }}/undercloud.conf" + +# Contains the ansible inventory hosts variable, +# which is used to get the hostvars stack (plan) name +check_uc_hostname_inventory_host: undercloud diff --git a/roles/check_uc_hostname/molecule/default/converge.yml b/roles/check_uc_hostname/molecule/default/converge.yml index c94da37c0..837446eb6 100644 --- a/roles/check_uc_hostname/molecule/default/converge.yml +++ b/roles/check_uc_hostname/molecule/default/converge.yml @@ -18,35 +18,215 @@ - name: Converge hosts: all tasks: - - name: Test working + - name: Working 1 - openstack one entry in list + copy: + dest: /usr/bin/openstack + mode: 0755 + content: | + #!/bin/bash + echo "{" + echo " \"parameters\": {}," + echo " \"parameter_defaults\": {" + echo " \"DockerInsecureRegistryAddress\": [" + echo " \"undercloud-0.ctlplane.redhat.local:8787\"" + echo " ]" + echo " }" + echo "}" + + - name: Working 1 - hiera one entry in list + copy: + dest: /usr/bin/hiera + mode: 0755 + content: | + #!/bin/bash + echo [\"undercloud-0.ctlplane.redhat.local\"] + exit 0 + + - name: Test Working 1 + include_role: + name: check_uc_hostname + vars: + check_uc_hostname_inventory_host: ubi8 + + - name: Working 2 - openstack multiple entry in list + copy: + dest: /usr/bin/openstack + mode: 0755 + content: | + #!/bin/bash + echo "{" + echo " \"parameters\": {}," + echo " \"parameter_defaults\": {" + echo " \"DockerInsecureRegistryAddress\": [" + echo " \"undercloud-0.ctlplane.redhat.local:8787\"," + echo " \"undercloud-1.ctlplane.redhat.local:8787\"," + echo " \"undercloud-2.ctlplane.redhat.local:8787\"" + echo " ]" + echo " }" + echo "}" + + + - name: Working 2 - hiera multiple entry in list + copy: + dest: /usr/bin/hiera + mode: 0755 + content: | + #!/bin/bash + echo "[" + echo " \"undercloud-0.ctlplane.redhat.local\"," + echo " \"undercloud-1.ctlplane.redhat.local\"," + echo " \"undercloud-2.ctlplane.redhat.local\"" + echo "]" + exit 0 + + - name: Test Working 2 + include_role: + name: check_uc_hostname + vars: + check_uc_hostname_inventory_host: ubi8 + + - name: Working 3 - openstack multiple entry in list + copy: + dest: /usr/bin/openstack + mode: 0755 + content: | + #!/bin/bash + echo "{" + echo " \"parameters\": {}," + echo " \"parameter_defaults\": {" + echo " \"DockerInsecureRegistryAddress\": [" + echo " \"undercloud-0.ctlplane.redhat.local:8787\"," + echo " \"redhat.registry.io:8787\"," + echo " \"mysuper-registry.io\"," + echo " ]" + echo " }" + echo "}" + + - name: Working 3 - hiera single entry in list + copy: + dest: /usr/bin/hiera + mode: 0755 + content: | + #!/bin/bash + echo "[" + echo " \"undercloud-0.ctlplane.redhat.local\"," + echo "]" + exit 0 + + - name: Test Working 3 + include_role: + name: check_uc_hostname + vars: + check_uc_hostname_inventory_host: ubi8 + + - name: Working 4 - openstack multiple entry in list + copy: + dest: /usr/bin/openstack + mode: 0755 + content: | + #!/bin/bash + echo "{" + echo " \"parameters\": {}," + echo " \"parameter_defaults\": {" + echo " \"DockerInsecureRegistryAddress\": [" + echo " \"BROKENCLOUD-0.ctlplane.redhat.local:8787\"," + echo " \"redhat.registry.io:8787\"," + echo " \"mysuper-registry.io\"," + echo " ]" + echo " }" + echo "}" + + - name: Working 4 - we do not fail if hiera returns empty list + copy: + dest: /usr/bin/hiera + mode: 0755 + content: | + #!/bin/bash + echo "[]" + exit 0 + + - name: Test Working 4 + include_role: + name: check_uc_hostname + vars: + check_uc_hostname_inventory_host: ubi8 + + - name: Failing 1 - we fail if DockerInsecureRegistryAddress is not found + copy: + dest: /usr/bin/openstack + mode: 0755 + content: | + #!/bin/bash + echo "{" + echo " \"parameters\": {}," + echo " \"parameter_defaults\": {" + echo " }" + echo "}" + + - name: Failing 1 - hiera no entry found + copy: + dest: /usr/bin/hiera + mode: 0755 + content: | + #!/bin/bash + exit 0 + + - name: Failing 1 block: - include_role: name: check_uc_hostname vars: - check_uc_hostname_undercloud: "/tmp/undercloud.conf" - check_uc_hostname_containers: "/tmp/containers-prepare-parameter.yaml" - - - name: Test failing - block: - - name: populate undercloud.conf - copy: - dest: "/tmp/undercloud.conf" - content: | - [DEFAULT] - undercloud_public_host = 192.168.24.2 - - - include_role: - name: check_uc_hostname - vars: - check_uc_hostname_undercloud: "/tmp/undercloud.conf" - check_uc_hostname_containers: "/tmp/containers-prepare-parameter.yaml" + check_uc_hostname_inventory_host: ubi8 rescue: - name: Clear host errors meta: clear_host_errors - debug: - msg: The validation works! End the playbook run + msg: The validation Case Failing 1 works! Continuing playbook run... + + - name: Failing 2 - openstack multiple entry in list + copy: + dest: /usr/bin/openstack + mode: 0755 + content: | + #!/bin/bash + echo "{" + echo " \"parameters\": {}," + echo " \"parameter_defaults\": {" + echo " \"DockerInsecureRegistryAddress\": [" + echo " \"BROKENCLOUD-0.ctlplane.redhat.local:8787\"," + echo " \"redhat.registry.io:8787\"," + echo " \"mysuper-registry.io\"," + echo " ]" + echo " }" + echo "}" + + + - name: Failing 2 - hiera single entry in list + copy: + dest: /usr/bin/hiera + mode: 0755 + content: | + #!/bin/bash + echo "[" + echo " \"undercloud-0.ctlplane.redhat.local\"," + echo "]" + exit 0 + + - name: Failing 2 + block: + - include_role: + name: check_uc_hostname + vars: + check_uc_hostname_inventory_host: ubi8 + + rescue: + - name: Clear host errors + meta: clear_host_errors + + - debug: + msg: The validation Case Failing 2 works! Ending playbook run - name: End play meta: end_play diff --git a/roles/check_uc_hostname/molecule/default/molecule.yml b/roles/check_uc_hostname/molecule/default/molecule.yml index ba05cf07d..b718ecfd0 100644 --- a/roles/check_uc_hostname/molecule/default/molecule.yml +++ b/roles/check_uc_hostname/molecule/default/molecule.yml @@ -1,3 +1,22 @@ --- # inherits tripleo-validations/.config/molecule/config.yml # To override default values, please take a look at the config.yml. + +provisioner: + name: ansible + inventory: + hosts: + all: + hosts: + ubi8: + ansible_python_interpreter: /usr/bin/python3 + vars: + plan: qe-Cloud-0 + plans: [qe-Cloud-0] + log: true + options: + vvv: true + env: + ANSIBLE_STDOUT_CALLBACK: yaml + ANSIBLE_ROLES_PATH: "${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles" + ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}" diff --git a/roles/check_uc_hostname/molecule/default/prepare.yml b/roles/check_uc_hostname/molecule/default/prepare.yml deleted file mode 100644 index cb40dd2bf..000000000 --- a/roles/check_uc_hostname/molecule/default/prepare.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -# Copyright 2021 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -- name: Prepare - hosts: all - gather_facts: false - tasks: - - name: populate undercloud.conf - copy: - dest: "/tmp/undercloud.conf" - content: | - [DEFAULT] - undercloud_public_host = 192.168.24.1 - - - name: populate containers-prepare-parameter.yaml - copy: - dest: "/tmp/containers-prepare-parameter.yaml" - content: | - parameter_defaults: - DockerInsecureRegistryAddress: - - 192.168.24.1:8787 - - docker.io - ContainerImagePrepare: - - push_destination: "192.168.24.1:8787" - set: - tag: "current-tripleo" - namespace: "docker.io/tripleomaster" - name_prefix: "openstack" - name_suffix: "" - rhel_containers: "false" - ceph_namespace: "quay.ceph.io/ceph-ci" - ceph_image: "daemon" - ceph_tag: "v5.0.7-stable-5.0-octopus-centos-8-x86_64" - openshift_tag: "v3.11.0" - -- name: Prepare localhost - hosts: localhost - gather_facts: false - tasks: - - name: populate containers-prepare-parameter.yaml - copy: - dest: "/tmp/containers-prepare-parameter.yaml" - content: | - parameter_defaults: - DockerInsecureRegistryAddress: - - 192.168.24.1:8787 - - docker.io - ContainerImagePrepare: - - push_destination: "192.168.24.1:8787" - set: - tag: "current-tripleo" - namespace: "docker.io/tripleomaster" - name_prefix: "openstack" - name_suffix: "" - rhel_containers: "false" - ceph_namespace: "quay.ceph.io/ceph-ci" - ceph_image: "daemon" - ceph_tag: "v5.0.7-stable-5.0-octopus-centos-8-x86_64" - openshift_tag: "v3.11.0" diff --git a/roles/check_uc_hostname/tasks/main.yml b/roles/check_uc_hostname/tasks/main.yml index 6ada64344..4fd55e247 100644 --- a/roles/check_uc_hostname/tasks/main.yml +++ b/roles/check_uc_hostname/tasks/main.yml @@ -14,59 +14,57 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Ensure we get needed facts - setup: - gather_subset: - - '!all' - - '!any' - - '!min' - - env - -- name: Check undercloud.conf - stat: - path: "{{ check_uc_hostname_undercloud }}" - register: stat_result_uc_hostname_undercloud - -- name: Check containers-prepare-parameter - stat: - path: "{{ check_uc_hostname_containers }}" - register: stat_result_uc_hostname_containers - -- name: Fail if one of those files is missing +- name: Make sure stack plan is in the inventory fail: msg: | - The following configuration file(s) is/are missing: - {% if not stat_result_uc_hostname_undercloud.stat.exists %} - - "{{ check_uc_hostname_undercloud }}" - {% endif %} - {% if not stat_result_uc_hostname_containers.stat.exists %} - - "{{ check_uc_hostname_containers }}" - {% endif %} - when: not stat_result_uc_hostname_undercloud.stat.exists or not stat_result_uc_hostname_containers.stat.exists + Stack plan not found + Check your ansible inventory to make sure your plan attribute is defined + when: hostvars[ check_uc_hostname_inventory_host ].plan is not defined + +- name: Get stack plan from inventory + set_fact: + plan: "{{ hostvars[ check_uc_hostname_inventory_host ].plan }}" + +- name: Retrieve stack environment + command: "openstack stack environment show -f yaml {{ plan }}" + register: stack_env + +- name: Fail if we can't find DockerInsecureRegistryAddress + fail: + msg: | + DockerInsecureRegistryAddress not defined + when: stack_env.stdout.find("DockerInsecureRegistryAddress") == -1 - when: - - stat_result_uc_hostname_undercloud.stat.exists - - stat_result_uc_hostname_containers.stat.exists + - stack_env.stdout.find("DockerInsecureRegistryAddress") != -1 block: - - name: Get undercloud_public_host value from undercloud.conf file - validations_read_ini: - path: "{{ check_uc_hostname_undercloud }}" - section: DEFAULT - key: undercloud_public_host - register: uc_hostname_undercloud + - name: Query stack for DockerInsecureRegistryAddress + become: true + hiera: + name: container_image_prepare_node_names - - name: Get DockerInsecureRegistryAddress value from containers file + - name: Get DockerInsecureRegistryAddress value from stack's environment set_fact: - uc_hostname_containers: "{{ item.split(':')[0] }}" - with_items: "{{ (lookup('template', '{{ check_uc_hostname_containers }}') - | from_yaml).parameter_defaults.DockerInsecureRegistryAddress - | list - | first }}" + uc_hostname_parameter_defaults: "{{ dict(stack_env.get('stdout', default_stdout) + | from_yaml).parameter_defaults.DockerInsecureRegistryAddress + | regex_replace(':\\w+', '') }}" + + - name: Get UC hostname (DockerInsecureRegistryAddress) from hiera + set_fact: + uc_hostname_stack: "{{ ansible_facts.container_image_prepare_node_names }}" + + - name: Get Intersect between UC hostname from stack and parameter_defaults + set_fact: + intersect: "{{ uc_hostname_stack | intersect(uc_hostname_parameter_defaults) }}" + + - name: An Intersect match means parameter_defaults was updated by customer correctly + set_fact: + mismatch: "{{ uc_hostname_stack | difference(intersect) }}" - name: Verify UC hostnames match fail: msg: | - The UC hostnames from undercloud.conf and containers-prepare-parameter.yaml must match - UC hostname from undercloud.conf is {{ uc_hostname_undercloud.value }} - UC hostname from containers-prepare-parameter.yaml is {{ uc_hostname_containers }} - failed_when: uc_hostname_undercloud.value != uc_hostname_containers + The UC hostnames from stack and containers-prepare-parameter.yaml must match + UC hostname from parameter_defaults is {{ uc_hostname_parameter_defaults }} + UC hostname from stack (hiera) is {{ uc_hostname_stack }} + failed_when: mismatch != []