Add the post-reboot-tasks role

This role will do basic checks to confirm that the node is sufficiently up to continue afer a reboot. Change-Id: Iebf474c9351e4246d7ab2072b48a50e93dbf0b94
2022-06-04 12:30:59 -04:00 · 2022-06-04 12:30:59 -04:00 · 25caf7ef5e
commit 25caf7ef5e
parent 423a7d6044
6 changed files with 32 additions and 2 deletions
--- a/doc/source/general-roles.rst
+++ b/doc/source/general-roles.rst
@ -36,6 +36,7 @@ General Purpose Roles
 .. zuul:autorole:: prepare-workspace
 .. zuul:autorole:: prepare-workspace-git
 .. zuul:autorole:: prepare-workspace-openshift
+.. zuul:autorole:: post-reboot-tasks
 .. zuul:autorole:: remove-build-sshkey
 .. zuul:autorole:: remove-build-winrm-cert
 .. zuul:autorole:: remove-gpgkey
--- a/roles/enable-fips/README.rst
+++ b/roles/enable-fips/README.rst
@ -2,3 +2,7 @@ Enable FIPS on a node.

 Set a node into FIPS mode, to test functionality when crypto
 policies are set to FIPS in RHEL 8/Centos 8.
+
+The role will set the node into FIPS mode, reboot the node, and
+then call the post-reboot-tasks role.  This role requires a role
+parameter - nslookup_target.
--- a/roles/enable-fips/tasks/main.yaml
+++ b/roles/enable-fips/tasks/main.yaml
@ -50,9 +50,9 @@
  reboot:
    reboot_timeout: 1800

- name: Run start-zuul-console role
+- name: Run post-boot tasks
  include_role:
-    name: start-zuul-console
+    name: post-reboot-tasks

 - name: Ensure FIPS mode is enabled
  become: true
--- a/roles/post-reboot-tasks/README.rst
+++ b/roles/post-reboot-tasks/README.rst
@ -0,0 +1,14 @@
+Ensure that processes are running after a node reboot.
+
+Some roles (like the enable-fips role) need to reboot the node
+in order to complete their operations.
+
+This role can be invoked to ensure that the node is sufficiently
+up again before continuing by doing some basic checks for
+connectivity (ssh), restarting the zuul-console and making sure
+DNS is up.
+
+A role parameter nslookup_target is required to specify the DNS name
+to ensure DNS is working. If working in a mirrored environment, it
+is a good idea to use $zuul_site_mirror_fqdn, because this is what
+will be needed for package installs in any case.
--- a/roles/post-reboot-tasks/tasks/main.yaml
+++ b/roles/post-reboot-tasks/tasks/main.yaml
@ -0,0 +1,10 @@
+---
+- name: check if node is available for ssh
+  wait_for_connection:
+
+- name: Run start-zuul-console role
+  include_role:
+    name: start-zuul-console
+
+- name: confirm that dns is up
+  command: "nslookup -retry=60 {{ nslookup_target }}"
--- a/zuul-tests.d/general-roles-jobs.yaml
+++ b/zuul-tests.d/general-roles-jobs.yaml
@ -342,6 +342,7 @@
    run: test-playbooks/simple-role-test.yaml
    vars:
      role_name: enable-fips
+      nslookup_target: opendev.org
    nodeset:
      nodes:
        - name: centos-8-stream