nodepool/playbooks/nodepool-functional-container-openstack/run.yaml

- hosts: all
  vars:
    nodepool_config_dir: "/etc/nodepool"
    nodepool_log_dir: "/var/log/nodepool"
    NODEPOOL_KEY: "$HOME/.ssh/id_nodepool"
    NODEPOOL_KEY_NAME: "root"
    NODEPOOL_PUBKEY: "$HOME/.ssh/id_nodepool.pub"
    NODEPOOL_INSTALL: "$HOME/nodepool-venv"
    NODEPOOL_CACHE_GET_PIP: "/opt/stack/cache/files/get-pip.py"
    NODEPOOL_CONFIG: "{{ nodepool_config_dir }}/nodepool.yaml"
    NODEPOOL_DIB_BASE_PATH: "/opt/dib"
  tasks:
    - name: Write clouds.yaml
      include_tasks: write_clouds_yaml.yaml
    - name: Create nodepool flavors
      args:
        executable: /bin/bash
      shell: |
        openstack --os-cloud=devstack-admin flavor create --ram=512 --disk=5 --vcpus=1 --id=64 nodepool-512
        openstack --os-cloud=devstack-admin flavor create --ram=1024 --disk=5 --vcpus=1 --id=128 nodepool-1024        
    - name: Create security groups
      args:
        executable: /bin/bash
      shell: |
        openstack --os-cloud=devstack security group rule create --ingress --protocol tcp --dst-port 1:65535 --remote-ip 0.0.0.0/0 default
        openstack --os-cloud=devstack security group rule create --ingress --protocol udp --dst-port 1:65535 --remote-ip 0.0.0.0/0 default        
    - name: Create unmanaged VM
      args:
        executable: /bin/bash
      shell: |
        openstack --os-cloud=devstack-admin network list
        cirros_image=$(openstack --os-cloud=devstack image list -f value -c Name | grep cirros | head -n1)
        openstack --os-cloud=devstack server create --flavor=cirros256 --image="$cirros_image" --network=public unmanaged-vm        

    - name: Create nodepool SSH keypair
      args:
        executable: /bin/bash
      shell: |
        ssh-keygen -f {{ NODEPOOL_KEY }} -P ""
        openstack --os-cloud=devstack keypair create --public-key="{{ NODEPOOL_PUBKEY }}" "{{ NODEPOOL_KEY_NAME }}"        

    - name: Write nodepool elements
      args:
        executable: /bin/bash
      shell:
        cmd: |
          sudo mkdir -p $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/install.d
          sudo mkdir -p $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/root.d
          cat > /tmp/40-nodepool-setup <<EOF
          sudo mkdir -p /etc/nodepool
          # Make it world writeable so nodepool can write here later.
          sudo chmod 777 /etc/nodepool
          EOF
          cat > /tmp/50-apt-allow-unauthenticated <<EOF
          if [ -d "\$TARGET_ROOT/etc/apt/apt.conf.d" ]; then
              echo "APT::Get::AllowUnauthenticated \"true\";" | sudo tee \$TARGET_ROOT/etc/apt/apt.conf.d/95allow-unauthenticated
              echo "Acquire::AllowInsecureRepositories \"true\";" | sudo tee -a \$TARGET_ROOT/etc/apt/apt.conf.d/95allow-unauthenticated
          fi
          EOF
          sudo mv /tmp/40-nodepool-setup \
              $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/install.d/40-nodepool-setup
          sudo chmod a+x \
              $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/install.d/40-nodepool-setup
          sudo mv /tmp/50-apt-allow-unauthenticated \
              $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/root.d/50-apt-allow-unauthenticated
          sudo chmod a+x \
              $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/root.d/50-apt-allow-unauthenticated
          sudo mkdir -p {{ NODEPOOL_DIB_BASE_PATH }}/images
          sudo mkdir -p {{ NODEPOOL_DIB_BASE_PATH }}/tmp
          sudo mkdir -p {{ NODEPOOL_DIB_BASE_PATH }}/cache
          sudo chown -R nodepool:nodepool {{ NODEPOOL_DIB_BASE_PATH }}          

    - name: Write nodepool config
      become: true
      template:
        src: nodepool.yaml.j2
        dest: "{{ NODEPOOL_CONFIG }}"

    - name: Create nodepool runtime dirs
      become: true
      file:
        path: '{{ item }}'
        state: directory
        owner: 'nodepool'
        group: 'nodepool'
      loop:
        - '{{ nodepool_log_dir }}'

    - name: Write docker-compose.yaml
      template:
        src: docker-compose.yaml.j2
        dest: /etc/nodepool/docker-compose.yaml
        mode: 0600

    - name: Change git repo ownership
      # Git doesn't want to perform actions against local git repos owned
      # by a user other than the one invoking the git commands for security
      # reasons. We run podman-compose below as root which should run the
      # builder as root. Therefore we need to chown the git repos to root
      # so that we can use them as the source of information for the builds.
      file:
        path: /home/zuul/src/
        state: directory
        owner: 'root'
        group: 'root'
        recurse: true
      become: yes

    - name: Run podman compose pull
      shell:
        cmd: podman-compose pull
        chdir: /etc/nodepool
      # We run as root to allow us to move nodepool processes into a new
      # process cgroup which enables podman to run nested in docker.
      become: yes

    - name: Run podman compose up
      shell:
        cmd: podman-compose up -d --timeout 60
        chdir: /etc/nodepool
      # We run as root to allow us to move nodepool processes into a new
      # process cgroup which enables podman to run nested in docker.
      become: yes

    - name: Cleanup unused images
      shell:
        cmd: podman image prune -f
      # We run as root to allow us to move nodepool processes into a new
      # process cgroup which enables podman to run nested in docker.
      become: yes

    - name: Check nodepool functionality
      command: "{{ zuul.projects['opendev.org/zuul/nodepool'].src_dir }}/tools/functional-test-check.sh"
      environment:
        NODEPOOL_FUNCTIONAL_CHECK: 'containers'