Browse Source

Add validation to check DockerInsecureRegistryAddress matches the UC hostname

One of the issues identified in the FFU testing was that the
configured DockerInsecureRegistryAddress parameter was not pointing at
the right UC hostname.

Causing issues when retrieving the containers.

This validation retrieve the value for DockerInsecureRegistryAddress
configured in containers-prepare-parameter.yaml file and matches it to
the UC hostname configured in the undercloud.conf.

Co-Authored-By: Daniel Bengtsson <dbengt@redhat.com>
Co-Authored-By: Gaël Chamoulaud <gchamoul@redhat.com>
Change-Id: Iab2e8823996d305d6d8807bb93f4d2f6e1c96906
(cherry picked from commit ea453ca45e)
changes/09/790709/6
omcgonag 2 months ago
committed by Gael Chamoulaud
parent
commit
dad3e9f171
10 changed files with 384 additions and 1 deletions
  1. +8
    -0
      doc/source/roles/role-check_uc_hostname.rst
  2. +15
    -0
      playbooks/check-uc-hostname.yaml
  3. +39
    -0
      roles/check_uc_hostname/README.md
  4. +23
    -0
      roles/check_uc_hostname/defaults/main.yml
  5. +35
    -0
      roles/check_uc_hostname/molecule/default/Dockerfile
  6. +58
    -0
      roles/check_uc_hostname/molecule/default/converge.yml
  7. +49
    -0
      roles/check_uc_hostname/molecule/default/molecule.yml
  8. +72
    -0
      roles/check_uc_hostname/molecule/default/prepare.yml
  9. +72
    -0
      roles/check_uc_hostname/tasks/main.yml
  10. +13
    -1
      zuul.d/molecule.yaml

+ 8
- 0
doc/source/roles/role-check_uc_hostname.rst View File

@ -0,0 +1,8 @@
========================
Role - check_uc_hostname
========================
.. include:: ../../../roles/check_uc_hostname/README.md
.. ansibleautoplugin::
:role: roles/check_uc_hostname

+ 15
- 0
playbooks/check-uc-hostname.yaml View File

@ -0,0 +1,15 @@
---
- hosts: undercloud
gather_facts: false
vars:
metadata:
name: Check DockerInsecureRegistryAddress parameter points to correct UC hostname
description: |
This validation checks the DockerInsecureRegistryAddress parameter
points to the right UC hostname
groups:
- pre-overcloud-upgrade
- post-update
check_uc_hostname_debug: false
roles:
- check_uc_hostname

+ 39
- 0
roles/check_uc_hostname/README.md View File

@ -0,0 +1,39 @@
Check-uc-hostname
=================
Add Ansible role to check DockerInsecureRegistryAddress matches the UC hostname.
Requirements
------------
This role will be executed pre Overcloud Update, and post Update
Role Variables
--------------
* `check_uc_hostname_debug`: <'false'> -- debugging mode.
* `check_uc_hostname_containers`: <'{{ansible_env.HOME}}/containers-prepare-parameter.yaml'> -- Sets the default path to the `containers-prepare-parameters.yaml` file on the Undercloud.
* `check_uc_hostname_undercloud`: <'{{ ansible_env.HOME }}/undercloud.conf'> -- Sets the default path to the `undercloud.conf` file on the Undercloud.
Dependencies
------------
No Dependencies
Example Playbook
----------------
- hosts: servers
roles:
- { role: check_uc_hostname, check_uc_hostname_debug: true }
License
-------
Apache
Author Information
------------------
Red Hat TripleO DFG:Upgrades

+ 23
- 0
roles/check_uc_hostname/defaults/main.yml View File

@ -0,0 +1,23 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# All variables intended for modification should place placed in this file.
# All variables within this role should have a prefix of "check_uc_hostname"
check_uc_hostname_debug: false
check_uc_hostname_containers: "{{ ansible_env.HOME }}/containers-prepare-parameter.yaml"
check_uc_hostname_undercloud: "{{ ansible_env.HOME }}/undercloud.conf"

+ 35
- 0
roles/check_uc_hostname/molecule/default/Dockerfile View File

@ -0,0 +1,35 @@
# Molecule managed
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

+ 58
- 0
roles/check_uc_hostname/molecule/default/converge.yml View File

@ -0,0 +1,58 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Test working
block:
- include_role:
name: check_uc_hostname
vars:
check_uc_hostname_undercloud: "/tmp/undercloud.conf"
check_uc_hostname_containers: "/tmp/containers-prepare-parameter.yaml"
- name: Test failing
block:
- name: populate undercloud.conf
copy:
dest: "/tmp/undercloud.conf"
content: |
[DEFAULT]
undercloud_public_host = 192.168.24.2
- include_role:
name: check_uc_hostname
vars:
check_uc_hostname_undercloud: "/tmp/undercloud.conf"
check_uc_hostname_containers: "/tmp/containers-prepare-parameter.yaml"
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The check-uc-hostname validation failed to check that the hostnames
did not match.

+ 49
- 0
roles/check_uc_hostname/molecule/default/molecule.yml View File

@ -0,0 +1,49 @@
---
driver:
name: podman
log: true
platforms:
- name: ubi8
hostname: ubi8
image: ubi8/ubi-init
registry:
url: registry.access.redhat.com
dockerfile: Dockerfile
pkg_extras: python*-setuptools python*-pyyaml
privileged: true
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
- /etc/pki/rpm-gpg:/etc/pki/rpm-gpg
- /opt/yum.repos.d:/etc/yum.repos.d:rw
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
ulimits: &ulimit
- host
provisioner:
name: ansible
inventory:
hosts:
all:
hosts:
ubi8:
ansible_python_interpreter: /usr/bin/python3
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

+ 72
- 0
roles/check_uc_hostname/molecule/default/prepare.yml View File

@ -0,0 +1,72 @@
---
# Copyright 2021 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: populate undercloud.conf
copy:
dest: "/tmp/undercloud.conf"
content: |
[DEFAULT]
undercloud_public_host = 192.168.24.1
- name: populate containers-prepare-parameter.yaml
copy:
dest: "/tmp/containers-prepare-parameter.yaml"
content: |
parameter_defaults:
DockerInsecureRegistryAddress:
- 192.168.24.1:8787
- docker.io
ContainerImagePrepare:
- push_destination: "192.168.24.1:8787"
set:
tag: "current-tripleo"
namespace: "docker.io/tripleomaster"
name_prefix: "openstack"
name_suffix: ""
rhel_containers: "false"
ceph_namespace: "quay.ceph.io/ceph-ci"
ceph_image: "daemon"
ceph_tag: "v5.0.7-stable-5.0-octopus-centos-8-x86_64"
openshift_tag: "v3.11.0"
- name: Prepare localhost
hosts: localhost
gather_facts: false
tasks:
- name: populate containers-prepare-parameter.yaml
copy:
dest: "/tmp/containers-prepare-parameter.yaml"
content: |
parameter_defaults:
DockerInsecureRegistryAddress:
- 192.168.24.1:8787
- docker.io
ContainerImagePrepare:
- push_destination: "192.168.24.1:8787"
set:
tag: "current-tripleo"
namespace: "docker.io/tripleomaster"
name_prefix: "openstack"
name_suffix: ""
rhel_containers: "false"
ceph_namespace: "quay.ceph.io/ceph-ci"
ceph_image: "daemon"
ceph_tag: "v5.0.7-stable-5.0-octopus-centos-8-x86_64"
openshift_tag: "v3.11.0"

+ 72
- 0
roles/check_uc_hostname/tasks/main.yml View File

@ -0,0 +1,72 @@
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Ensure we get needed facts
setup:
gather_subset:
- '!all'
- '!any'
- '!min'
- env
- name: Check undercloud.conf
stat:
path: "{{ check_uc_hostname_undercloud }}"
register: stat_result_uc_hostname_undercloud
- name: Check containers-prepare-parameter
stat:
path: "{{ check_uc_hostname_containers }}"
register: stat_result_uc_hostname_containers
- name: Fail if one of those files is missing
fail:
msg: |
The following configuration file(s) is/are missing:
{% if not stat_result_uc_hostname_undercloud.stat.exists %}
- "{{ check_uc_hostname_undercloud }}"
{% endif %}
{% if not stat_result_uc_hostname_containers.stat.exists %}
- "{{ check_uc_hostname_containers }}"
{% endif %}
when: not stat_result_uc_hostname_undercloud.stat.exists or not stat_result_uc_hostname_containers.stat.exists
- when:
- stat_result_uc_hostname_undercloud.stat.exists
- stat_result_uc_hostname_containers.stat.exists
block:
- name: Get undercloud_public_host value from undercloud.conf file
validations_read_ini:
path: "{{ check_uc_hostname_undercloud }}"
section: DEFAULT
key: undercloud_public_host
register: uc_hostname_undercloud
- name: Get DockerInsecureRegistryAddress value from containers file
set_fact:
uc_hostname_containers: "{{ item.split(':')[0] }}"
with_items: "{{ (lookup('template', '{{ check_uc_hostname_containers }}')
| from_yaml).parameter_defaults.DockerInsecureRegistryAddress
| list
| first }}"
- name: Verify UC hostnames match
fail:
msg: |
The UC hostnames from undercloud.conf and containers-prepare-parameter.yaml must match
UC hostname from undercloud.conf is {{ uc_hostname_undercloud.value }}
UC hostname from containers-prepare-parameter.yaml is {{ uc_hostname_containers }}
failed_when: uc_hostname_undercloud.value != uc_hostname_containers

+ 13
- 1
zuul.d/molecule.yaml View File

@ -6,6 +6,7 @@
- tripleo-validations-centos-8-molecule-check_network_gateway
- tripleo-validations-centos-8-molecule-check_rhsm_version
- tripleo-validations-centos-8-molecule-check_undercloud_conf
- tripleo-validations-centos-8-molecule-check_uc_hostname
- tripleo-validations-centos-8-molecule-controller_token
- tripleo-validations-centos-8-molecule-controller_ulimits
- tripleo-validations-centos-8-molecule-ctlplane_ip_range
@ -25,8 +26,10 @@
gate:
jobs:
- tripleo-validations-centos-8-molecule-ceph
- tripleo-validations-centos-8-molecule-check_kernel_version
- tripleo-validations-centos-8-molecule-check_network_gateway
- tripleo-validations-centos-8-molecule-check_rhsm_version
- tripleo-validations-centos-8-molecule-check_uc_hostname
- tripleo-validations-centos-8-molecule-check_undercloud_conf
- tripleo-validations-centos-8-molecule-controller_token
- tripleo-validations-centos-8-molecule-controller_ulimits
@ -42,7 +45,6 @@
- tripleo-validations-centos-8-molecule-undercloud_debug
- tripleo-validations-centos-8-molecule-undercloud_heat_purge_deleted
- tripleo-validations-centos-8-molecule-undercloud_tokenflush
- tripleo-validations-centos-8-molecule-check_kernel_version
name: tripleo-validations-molecule-jobs
- job:
files:
@ -345,3 +347,13 @@
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: overcloud_service_status
- job:
files:
- ^roles/check_uc_hostname/.*
- ^tests/prepare-test-host.yml
- ^ci/playbooks/pre.yml
- ^ci/playbooks/run.yml
name: tripleo-validations-centos-8-molecule-check_uc_hostname
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: check_uc_hostname

Loading…
Cancel
Save