This role will hit the overcloud API for nova and cinder, retrieve the
services and will trig a failure if one of these services are either
down or deprecated. The original intent was to validate that
nova-consoleauth was deleted after an update to RHOSP16.
Related: https://bugzilla.redhat.com/1921115
Change-Id: I057349fdac90a093c67aeb0b2f0a825c4c915e0b
This validation is deprecated since the Train cycle and it's now time to
retire it.
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
Change-Id: I3202f16858b270a729dfd0665ed197969e643e9c
Since the deprecation of Mistral in THT, we can't get the path of this
file by using hiera anymore. This patch will get it directly in its
original place ($HOME/undercloud.conf) by using *ansible_env.HOME* fact.
Impacted Validations:
playbooks/ceilometerdb-size.yaml
playbooks/check-network-gateway.yaml
playbooks/check-undercloud-conf.yaml
playbooks/container-status.yaml
playbooks/ctlplane-ip-range.yaml
playbooks/dhcp-provisioning.yaml
playbooks/neutron-sanity-check.yaml
playbooks/tls-everywhere-pre-deployment.yaml
playbooks/tls-everywhere-prep.yaml
playbooks/undercloud-heat-purge-deleted.yaml
playbooks/undercloud-process-count.yaml
playbooks/undercloud-tokenflush.yaml
This patch also fixes every molecule tests accordingly.
NB: check_network_gateway molecule test is now voting in the CI.
Closes-Bug: 1907553
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
Change-Id: Iafc38c6cd99edee89ae0305f09fe7080df148331
This patch fixes a leftover of the zuulv3 migration done recently.
This patch also puts temporarily the image_serve role molecule tests as
a non-voting job and this latter will be fixed in a following up patch.
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
Change-Id: I03335693e9da91283bd4656af914fdce555635b2
This validation checks the correctness of the undercloud.conf
file. The checks run as part of the verification are:
- All parameters assigned to a file path point to an existing
file location in the system.
- No deprecated parameters are included in undercloud.conf
- All required parameters are present in undercloud.conf
- No deprecated hw types are included in the enabled_hw_types
parameters.
Change-Id: Ic543e21c4aa60b05991f0c4866a6408b924304fd
One of the requirements in the upgrade/update to certain versions
is that the RHSM version configure in the node matches the version
OSP works with. If there is a mismatch on the RHSM version, we would
end up getting wrong packages and finish in an unrecoverable situation.
This validation uses the subscription-manager command to get the
configured release and then checks if it matches the one configured
in check_rhsm_version_expected parameter.
Change-Id: I950395ff8387b01d102fee3a53ad269bb73f16fd
This is a new validation to verify the kernel has been upgraded by
checking the kernel version (uname -r) and making sure "el8" appears in it.
Instead of running 'uname -r' - this validation uses the "kernel"
variable from ansible_facts - and checks to see if "el8" is contained
in it.
Change-Id: I3a3c98788a2dfff16412eecaff09f28f7cdef0a6
This reverts commit c899d97120.
It merged too early, we need a promotion before.
Closes-Bug: #1895507
Change-Id: I0f6b7a6353fd8f99744c3b3be08d5f71c6ab1a39
The latest changes to tls-e require certain permissions and ACIs
to be added to the IPA server in order to successfully add DNS entries
and to issue certs with IP SANs (for cinder A/A).
These changes cannot be automated as they require IPA admin or DS
credentials. This adds a validation to make sure the required
permissions and ACLs are present before starting an install.
Change-Id: I03575a5717456ad647cb10825b8d5646a55a6378
This validation takes a list of dict describing the packages we want to
verify.
The main goal is to ensure we are avoiding issues at some point with
particularly sensitive packages, such as podman.
We can't use the "package_facts" ansible module, since we're allowing to
check available packages - i.e. versions that aren't installed on the
system.
With the current default, we ensure we get podman 1.6.4 on every nodes
(overcloud and undercloud).
This can be used during an upgrade in order to ensure we're not using
the wrong podman version - either as an inflight validation, or as a
manual step.
Also, it supports the full version number, with the release itself.
This means you can pass "1.6.4-15" for podman, in order to ensure you
get the precise version you want.
Please check the molecule tests in order to see how this validation can
be used.
Please note, the "yum list" part is slow since it will check on the
remote repositories for the available versions!
Last note, we're using "yum" here since the validation might be needed
on pre-dnf releases (namely, centos-7 or rhel-7).
Change-Id: I021a7ad03902ca506885769c1cadc4a449bebbfb
I don't know how to explain how it happens, but we have had several
customers case[1], for example, different local for writing to the database
and reading. What causes an error during minor update, the keystone
client calls the command to list the openstack projects. So we have a
python unicode error. For rabbitmq we force the utf-8 local, so we
decided that we assume that we must be in utf-8 everywhere. Add this
validation to ensure the local system is configure with the good local.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1824513
Change-Id: I8b8f2a17a4963af46dd2c5407fb089414a804247
This patch also removes duplicates nova_status line in jobs queue.
Change-Id: Ifa4287f5dabb340065059aec93b1d0a0722f2abb
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
This change moves all of the fedora28 container images to centos8 to ensure
we're maximizing coverage in all of our roles with OS images that represent
real deployments. While fedora28 was useful to exercise RHEL8 code path's
while there was no RHEL/CentOS8 container image, we can now use the upstream
CentOS8 image ensuring we're getting a true, representative, environment.
The following molecule test has been moved to non-voting as it is
facing some issues. A follow up patch will try to fix them ASAP.
- check_network_gateway (facing an issue when Ansible is trying to
discover the python interpreter used in CentOS8 Docker Image)
Change-Id: I02f68b78fdf73a60443d8ea5d2dcb46e5ad67e25
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
- Ensure we have docker installed
- Don't run molecule tests for uncovered roles
Depends-On: Ic76cad76ebdd7cc9adf64866a4fd2ed16477166a
Change-Id: I77c7e928f301b255bf92439f88e7393dde6e3511
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
This patch adds basic molecule tests which fail until developers create
real ones. The molecule jobs are, of course, non-voting on the check and
not present on the gate. This way, the reminder will be haunting the
damned developers who prefer doing new things, sexier than doing important
molecule tests!
Change-Id: I7ff9506fed0fe4f00e80ff476189f9ea103d81d7
Signed-off-by: Gael Chamoulaud (Strider) <gchamoul@redhat.com>
Firewalls have been removed from nova. No need to keep this around any
longer.
Change-Id: I98ffa9b34b22e03bac6b1633e7886cc70504c77f
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-On: https://review.opendev.org/#/c/700511/
This change replaces all of the roles references in our various files with the
new role name. This is being done because Ansible no longer allows hyphens in
role names.
TODO: (gchamoul) Remove healthcheck-service-status once this patch is
merged. Tripleo Jobs are RED due to THT trying to execute this
validation as inflight one but it has been renamed healthcheck_service_status.
Co-Authored-by: Gael Chamoulaud <gchamoul@redhat.com>
Change-Id: I19bb587ece403f86ddd0bbe174c282326500cfd3
This validation ensures we don't have any untracked AVCs in system
audit.log.
Such SELinux issues might lead to a broken deploy/user experience at
some point, so we probably better want to ensure we're on a clean
system.
This validation will also be used within the CI job in order to ensure a
green job doesn't have any AVC - for now, it's not checked at all...
Change-Id: I4b6b151a89f3fcf0a1ed94390175d2f8230b90d7
We can't easily add host variables, meaning we have to modify the
validation in order to accept external variable.
The Molecule test validate it's still working as expected.
Change-Id: I81edce1f949c0ad38d4ccef2a94a45f455cd9a9c
This patch does two things:
- ensure we don't rely on systemd within the validation itself
- adds molecule tests
Since molecule tests are running in docker containers, we can't easily
use the "systemd" helpers.
This patch makes sure the validation checks if the port is opened, and
if we get a proper answer from the server.
Change-Id: Id9a1a62e0cfff0b5300af41ec6c7a08f05ddf012
This patch also transforms the Nova configuration file path into an
Ansible variable.
Change-Id: I0bbbe16fbb21acef79a5f66fbea963ce3fd0f57d
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
This change implements a native zuul runner for all role tests.
The change will now run role tests, executing molecule, in the
same was as tripleo-ansible.
To ensure we're passing lint checks, several files have been
updated to resolve lint issues which are now more strict due
to the pre-commit changes.
Scripts have been added to allow developers to run molecule tests
on local environments. These tools will allow developers to mimic
the upstream test process locally.
Change-Id: I07bbcc0b331aa89dafdae5978ea2bb4859a59143
Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
Gael Chamoulaud (Strider)
David Vallee Delisle
Carlos Goncalves
Jose Luis Franco Arza
OpenStack Release Bot
Wes Hayutin
Owen McGonagle
Jesse Pretorius (odyssey4me)
mathieu bultel
Cédric Jeanneret (Tengu)
Ade Lee
Daniel Bengtsson
Stephen Finucane