Use podman for testing with molecule

Change-Id: I9950d2eedb94abfd478456211800b4f8b5f78411 (cherry picked from commit d670474d36)
2021-10-18 12:32:38 +03:00 · 2021-10-18 12:32:38 +03:00 · 7646c08755
parent 6b0ed82861
commit 7646c08755
13 changed files with 57 additions and 60 deletions
--- a/ansible-collections-requirements.yml
+++ b/ansible-collections-requirements.yml
@ -5,7 +5,6 @@ collections:
  - name: https://github.com/ansible-collections/community.general
    type: git
    version: main
-  - community.docker
  - ansible.posix
  - ansible.netcommon
  - openstack.cloud
--- a/molecule-requirements.txt
+++ b/molecule-requirements.txt
@ -1,5 +1,5 @@
 ansible-core>=2.11,<2.12.0
 docker
 molecule
-molecule-docker
+molecule-podman
 testinfra
--- a/tox.ini
+++ b/tox.ini
@ -21,6 +21,7 @@ whitelist_externals =
  tox

 [testenv:molecule]
+install_command = pip install {opts} {packages}
 setenv =
  ANSIBLE_FILTER_PLUGINS={toxinidir}/tripleo_ipa/ansible_plugins/filter
  ANSIBLE_LIBRARY={toxinidir}/tripleo_ipa/roles.galaxy/config_template/library:{toxinidir}/tripleo_ipa/ansible_plugins/modules
--- a/tripleo_ipa/molecule/default/INSTALL.rst
+++ b/tripleo_ipa/molecule/default/INSTALL.rst
@ -1,11 +1,11 @@
 *******
-Docker driver installation guide
+Podman driver installation guide
 *******

 Requirements
 ============

-* Docker Engine
+* Podman

 Install
 =======
@ -19,4 +19,4 @@ widely recommended `'--user' flag`_ when invoking ``pip``.

 .. code-block:: bash

-    $ pip install 'molecule[docker]'
+    $ pip install 'molecule[podman]'
--- a/tripleo_ipa/molecule/default/converge.yml
+++ b/tripleo_ipa/molecule/default/converge.yml
@ -18,7 +18,7 @@
  hosts: all
  vars:
    ipa_domain: example.test
-    ipa_server_ip: 172.18.0.22
+    ipa_server_ip: 10.88.0.22
    ipa_server_user: admin
    ipa_server_password: password123
    ipa_server_hostname: ipa.example.test
--- a/tripleo_ipa/molecule/default/molecule.yml
+++ b/tripleo_ipa/molecule/default/molecule.yml
@ -1,6 +1,6 @@
 ---
 driver:
-  name: docker
+  name: podman
 log: true

 platforms:
@ -9,8 +9,6 @@ platforms:
    image: centos/centos:stream8
    registry:
      url: quay.io
-    security_opts:
-      - seccomp=unconfined
    command: /sbin/init
    tmpfs:
      - /run
--- a/tripleo_ipa/molecule/default/prepare.yml
+++ b/tripleo_ipa/molecule/default/prepare.yml
@ -23,9 +23,10 @@
        ipa_password: password123

    - name: Download FreeIPA Container
-      community.docker.docker_image:
+      containers.podman.podman_image:
        name: freeipa/freeipa-server:fedora-28
-        source: pull
+        pull: true
+      become: true

    - name: Make IPA data dir
      ansible.builtin.file:
@ -40,22 +41,17 @@
      become: true

    - name: Remove any old IPA container
-      community.docker.docker_container:
+      containers.podman.podman_container:
        name: freeipa-server-container
        state: absent
-
-    - name: Create network
-      community.docker.docker_network:
-        name: ipa_network
-        ipam_config:
-          - subnet: 172.18.0.0/16
+      become: true

    - name: Configure FreeIPA
      shell: >
-        docker run --name freeipa-server-container
+        sudo podman run -d --name freeipa-server-container
        --sysctl net.ipv6.conf.lo.disable_ipv6=0
        --security-opt seccomp=unconfined
-        --net ipa_network --ip 172.18.0.22
+        --ip 10.88.0.22
        -e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }}
        -e PASSWORD={{ ipa_password }}
        -h ipa.{{ domain }}
@ -64,25 +60,39 @@
        -v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 no-exit
        -U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
        --forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
-        --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} &
+        --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }}

-    - name: Wait for FreeIPA server install
-      wait_for:
-        path: "/tmp/ipa-data/var/log/ipaserver-install.log"
-        search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
-        timeout: 900
-      become: true
+    - block:
+        - name: Wait for FreeIPA server install
+          wait_for:
+            path: "/tmp/ipa-data/var/log/ipaserver-install.log"
+            search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
+            timeout: 900
+          become: true
+      rescue:
+        - name: Get the last lines from IPA install
+          command: tail -50 /tmp/ipa-data/var/log/ipaserver-install.log
+          become: true
+          register: file_log
+
+        - name: Print info
+          debug:
+            msg: "{{ file_log.stdout }}"
+
+        - name: Fail task if timeout reached
+          fail:
+            msg: "Timeout of IPA server installation has been reached"

    - name: Wait for FreeIPA LDAP port to open
      wait_for:
-        host=172.18.0.22
+        host=10.88.0.22
        port=389
        delay=1
        timeout=300
      ignore_errors: true

    - name: Check the status of ipactl to make sure all services are started
-      command: "docker exec freeipa-server-container ipactl status"
+      command: "sudo podman exec freeipa-server-container ipactl status"
      retries: 10
      delay: 3
      register: result
--- a/tripleo_ipa/molecule/default/tests/test_default.py
+++ b/tripleo_ipa/molecule/default/tests/test_default.py
@ -47,7 +47,7 @@ def test_svc(host, svc):
@pytest.mark.parametrize('file, content', [
    ("/etc/ipa/default.conf", "ipa.example.test"),
    ("/etc/hosts", "test-0.example.test"),
-    ("/etc/resolv.conf", "172.18.0.22"),
+    ("/etc/resolv.conf", "10.88.0.22"),
    ("/etc/novajoin/krb5.keytab", "test-0.example.test"),
 ])
 def test_files(host, file, content):
--- a/tripleo_ipa/molecule/deregister/converge.yml
+++ b/tripleo_ipa/molecule/deregister/converge.yml
@ -18,7 +18,7 @@
  hosts: all
  vars:
    ipa_domain: example.test
-    ipa_server_ip: 172.18.0.22
+    ipa_server_ip: 10.88.0.22
    ipa_server_user: admin
    ipa_server_password: password123
    ipa_server_hostname: ipa.example.test
--- a/tripleo_ipa/molecule/deregister/molecule.yml
+++ b/tripleo_ipa/molecule/deregister/molecule.yml
@ -1,6 +1,6 @@
 ---
 driver:
-  name: docker
+  name: podman

 log: true

@ -10,8 +10,6 @@ platforms:
    image: centos/centos:stream8
    registry:
      url: quay.io
-    security_opts:
-      - seccomp=unconfined
    command: /sbin/init
    tmpfs:
      - /run
--- a/tripleo_ipa/molecule/deregister/prepare.yml
+++ b/tripleo_ipa/molecule/deregister/prepare.yml
@ -23,9 +23,10 @@
        ipa_password: password123

    - name: Download FreeIPA Container
-      community.docker.docker_image:
+      containers.podman.podman_image:
        name: freeipa/freeipa-server:fedora-28
-        source: pull
+        pull: true
+      become: true

    - name: Make IPA data dir
      ansible.builtin.file:
@ -40,22 +41,17 @@
      become: true

    - name: Remove any old IPA container
-      community.docker.docker_container:
+      containers.podman.podman_container:
        name: freeipa-server-container
        state: absent
-
-    - name: Create network
-      community.docker.docker_network:
-        name: ipa_network
-        ipam_config:
-          - subnet: 172.18.0.0/16
+      become: true

    - name: Configure FreeIPA
      shell: >
-        docker run --name freeipa-server-container
+        sudo podman run -d --name freeipa-server-container
        --sysctl net.ipv6.conf.lo.disable_ipv6=0
        --security-opt seccomp=unconfined
-        --net ipa_network --ip 172.18.0.22
+        --ip 10.88.0.22
        -e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }}
        -e PASSWORD={{ ipa_password }}
        -h ipa.{{ domain }}
@ -64,7 +60,7 @@
        -v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-28 exit-on-finished
        -U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
        --forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
-        --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }} &
+        --forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }}

    - name: Wait for FreeIPA server install
      wait_for:
--- a/zuul.d/base.yaml
+++ b/zuul.d/base.yaml
@ -12,5 +12,5 @@
      - zuul.d/playbooks/run.yml
    post-run:
      - zuul.d/playbooks/post.yml
-    timeout: 3600
+    timeout: 5400
    voting: true
--- a/zuul.d/playbooks/pre.yml
+++ b/zuul.d/playbooks/pre.yml
@ -38,20 +38,15 @@
        . {{ ansible_user_dir }}/test-python/bin/activate
        pip freeze

-    # NOTE(cloudnull): This is being done because docker is not supported on RHEL-8
-    #                  and tests within this repo still require docker.
-    - name: Install gpg/container.io rpm
+    - name: Set containers module to 3.0
      become: true
-      block:
-        - name: Import GPG key from docker.com
-          rpm_key:
-            state: present
-            key: https://download.docker.com/linux/centos/gpg
-        - name: Manually install containerd.io
-          package:
-            name: https://download.docker.com/linux/centos/7/x86_64/stable/Packages/containerd.io-1.2.6-3.3.el7.x86_64.rpm
+      shell: |
+        dnf module disable container-tools:rhel8 -y
+        dnf module enable container-tools:3.0 -y
+        dnf clean metadata
      when:
-        - (ansible_distribution_major_version | int) >= 8
+        - (ansible_distribution_major_version | int) == 8
+
  roles:
    # docker is needed by multiple molecule scenarios
-    - role: ensure-docker
+    - role: ensure-podman