WIP: openshift speculative containers

Change-Id: I81f7be6065a74f45386ea735a5291d48b7e042ce
2019-12-02 09:56:28 -08:00 · 2019-12-02 09:56:28 -08:00 · 596e9d196e
parent 8b079956ec
commit 596e9d196e
7 changed files with 84 additions and 8 deletions
--- a/roles/deploy-openshift/tasks/main.yaml
+++ b/roles/deploy-openshift/tasks/main.yaml
@ -30,3 +30,26 @@

 - name: Who am i
  command: oc whoami -c
+
+- name: Ensure "docker" group exists
+  become: true
+  group:
+    name: "{{ docker_group }}"
+    state: present
+
+- name: Add user to docker group
+  become: true
+  user:
+    name: "{{ ansible_user }}"
+    groups:
+      - "{{ docker_group }}"
+    append: yes
+
+- name: Set group ownership of docker socket
+  become: true
+  file:
+    path: /var/run/docker.sock
+    group: docker
+
+- name: Reset ssh connection to pick up docker group
+  meta: reset_connection
--- a/roles/use-buildset-registry/tasks/main.yaml
+++ b/roles/use-buildset-registry/tasks/main.yaml
@ -1,3 +1,12 @@
+- name: Include OS-specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+    - "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+    - "default.yaml"
+
 # Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
 # so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
 - name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
@ -27,9 +36,9 @@
  become: true
  copy:
    content: "{{ buildset_registry.cert }}"
-    dest: "/usr/local/share/ca-certificates/buildset-registry.crt"
+    dest: "{{ ca_dir }}/buildset-registry.crt"
 - name: Update CA certs
-  command: update-ca-certificates
+  command: "{{ ca_command }}"
  become: true

 # Update daemon config
--- a/roles/use-buildset-registry/vars/CentOS.yaml
+++ b/roles/use-buildset-registry/vars/CentOS.yaml
@ -0,0 +1,2 @@
+ca_dir: /etc/pki/ca-trust/source/anchors
+ca_command: update-ca-trust
--- a/roles/use-buildset-registry/vars/default.yaml
+++ b/roles/use-buildset-registry/vars/default.yaml
@ -0,0 +1,2 @@
+ca_dir: /usr/local/share/ca-certificates
+ca_command: update-ca-certificates
--- a/test-playbooks/registry/buildset-registry-openshift-crio.yaml
+++ b/test-playbooks/registry/buildset-registry-openshift-crio.yaml
@ -0,0 +1,10 @@
+- hosts: all
+  roles:
+    - role: clear-firewall
+    - role: install-openshift
+    - role: deploy-openshift
+    - role: use-buildset-registry
+      buildset_registry_docker_user: root
+  tasks:
+    - fail:
+        msg: Fail for testing
--- a/test-playbooks/registry/test-registry-post.yaml
+++ b/test-playbooks/registry/test-registry-post.yaml
@ -22,3 +22,5 @@
        dest: "{{ ansible_user_dir }}/zuul-output/logs/{{ container_command }}"
        mode: u=rwX,g=rX,o=rX
        recurse: yes
+    - fail:
+        msg: Fail for testing
--- a/zuul-tests.d/container-roles-jobs.yaml
+++ b/zuul-tests.d/container-roles-jobs.yaml
@ -111,6 +111,33 @@
    vars:
      container_command: docker

+- job:
+    name: zuul-jobs-test-registry-buildset-registry-openshift-crio
+    dependencies: zuul-jobs-test-registry-buildset-registry
+    description: |
+      Test a buildset registry with kubernetes and docker
+
+      It is not meant to be used directly but rather run on changes
+      to roles in the zuul-jobs repo.
+    files:
+      - roles/pull-from-intermediate-registry/.*
+      - roles/push-to-intermediate-registry/.*
+      - roles/install-docker/.*
+      - roles/install-openshift/.*
+      - roles/build-docker-image/.*
+      - roles/run-buildset-registry/.*
+      - roles/use-buildset-registry/.*
+      - test-playbooks/registry/.*
+    run: test-playbooks/registry/buildset-registry-openshift-crio.yaml
+    post-run:
+      - test-playbooks/registry/test-registry-post.yaml
+    vars:
+      container_command: docker
+    nodeset:
+      nodes:
+        - name: controller
+          label: centos-7
+
 - job:
    name: zuul-jobs-test-install-kubernetes-docker
    description: |
@ -191,12 +218,13 @@
 - project:
    check:
      jobs: &id001
-        - zuul-jobs-test-registry-docker
-        - zuul-jobs-test-registry-podman
+        # - zuul-jobs-test-registry-docker
+        # - zuul-jobs-test-registry-podman
        - zuul-jobs-test-registry-buildset-registry
-        - zuul-jobs-test-registry-buildset-registry-k8s-docker
-        - zuul-jobs-test-install-kubernetes-docker
-        - zuul-jobs-test-install-kubernetes-crio
-        - zuul-jobs-test-install-podman
+        # - zuul-jobs-test-registry-buildset-registry-k8s-docker
+        - zuul-jobs-test-registry-buildset-registry-openshift-crio
+        # - zuul-jobs-test-install-kubernetes-docker
+        # - zuul-jobs-test-install-kubernetes-crio
+        # - zuul-jobs-test-install-podman
    gate:
      jobs: *id001