From 6250c2675aa1e25871e69c4e0c4819fdaa669f46 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Mon, 2 Dec 2019 09:56:28 -0800
Subject: [PATCH] WIP: openshift speculative containers

Change-Id: I81f7be6065a74f45386ea735a5291d48b7e042ce
---
 roles/deploy-openshift/tasks/main.yaml        | 23 +++++++++++
 roles/use-buildset-registry/tasks/main.yaml   | 13 +++++-
 roles/use-buildset-registry/vars/CentOS.yaml  |  2 +
 roles/use-buildset-registry/vars/default.yaml |  2 +
 .../buildset-registry-openshift-crio.yaml     | 27 +++++++++++++
 .../registry/test-registry-post.yaml          |  2 +
 zuul-tests.d/container-roles-jobs.yaml        | 40 ++++++++++++++++---
 7 files changed, 101 insertions(+), 8 deletions(-)
 create mode 100644 roles/use-buildset-registry/vars/CentOS.yaml
 create mode 100644 roles/use-buildset-registry/vars/default.yaml
 create mode 100644 test-playbooks/registry/buildset-registry-openshift-crio.yaml

diff --git a/roles/deploy-openshift/tasks/main.yaml b/roles/deploy-openshift/tasks/main.yaml
index 5506c880e..ae5a1891d 100644
--- a/roles/deploy-openshift/tasks/main.yaml
+++ b/roles/deploy-openshift/tasks/main.yaml
@@ -30,3 +30,26 @@
 
 - name: Who am i
   command: oc whoami -c
+
+- name: Ensure "docker" group exists
+  become: true
+  group:
+    name: docker
+    state: present
+
+- name: Add user to docker group
+  become: true
+  user:
+    name: "{{ ansible_user }}"
+    groups:
+      - docker
+    append: yes
+
+- name: Set group ownership of docker socket
+  become: true
+  file:
+    path: /var/run/docker.sock
+    group: docker
+
+- name: Reset ssh connection to pick up docker group
+  meta: reset_connection
diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml
index 74719a1ab..8a91f3ed8 100644
--- a/roles/use-buildset-registry/tasks/main.yaml
+++ b/roles/use-buildset-registry/tasks/main.yaml
@@ -1,3 +1,12 @@
+- name: Include OS-specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+    - "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+    - "default.yaml"
+
 # Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
 # so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
 - name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
@@ -27,9 +36,9 @@
   become: true
   copy:
     content: "{{ buildset_registry.cert }}"
-    dest: "/usr/local/share/ca-certificates/buildset-registry.crt"
+    dest: "{{ ca_dir }}/buildset-registry.crt"
 - name: Update CA certs
-  command: update-ca-certificates
+  command: "{{ ca_command }}"
   become: true
 
 # Update daemon config
diff --git a/roles/use-buildset-registry/vars/CentOS.yaml b/roles/use-buildset-registry/vars/CentOS.yaml
new file mode 100644
index 000000000..c2b260ab2
--- /dev/null
+++ b/roles/use-buildset-registry/vars/CentOS.yaml
@@ -0,0 +1,2 @@
+ca_dir: /etc/pki/ca-trust/source/anchors
+ca_command: update-ca-trust
diff --git a/roles/use-buildset-registry/vars/default.yaml b/roles/use-buildset-registry/vars/default.yaml
new file mode 100644
index 000000000..7bea1b23b
--- /dev/null
+++ b/roles/use-buildset-registry/vars/default.yaml
@@ -0,0 +1,2 @@
+ca_dir: /usr/local/share/ca-certificates
+ca_command: update-ca-certificates
diff --git a/test-playbooks/registry/buildset-registry-openshift-crio.yaml b/test-playbooks/registry/buildset-registry-openshift-crio.yaml
new file mode 100644
index 000000000..cf9dc6d4d
--- /dev/null
+++ b/test-playbooks/registry/buildset-registry-openshift-crio.yaml
@@ -0,0 +1,27 @@
+- hosts: all
+  roles:
+    - role: clear-firewall
+    - role: install-openshift
+    - role: deploy-openshift
+    - role: use-buildset-registry
+      buildset_registry_docker_user: root
+  tasks:
+    - name: Wait for cluster to come up
+      command: kubectl cluster-info
+      register: result
+      until: result.rc == 0
+      retries: 5
+      delay: 30
+    - name: Run a local test pod
+      command: oc run --generator=run-pod/v1 --image=zuul/docker-testimage dockertest
+    - name: Wait for the pod to be ready
+      command: oc wait --for=condition=Ready pod/dockertest --timeout=60s
+    - name: Check the output of the pod
+      shell: "oc logs pod/dockertest | grep 'Zuul container test'"
+
+    - name: Run a remote test pod
+      command: oc run --generator=run-pod/v1 --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity'
+    - name: Wait for the pod to be ready
+      command: oc wait --for=condition=Ready pod/upstream-dockertest --timeout=60s
+    - name: Check the output of the pod
+      shell: "oc logs pod/upstream-dockertest | grep 'Upstream'"
diff --git a/test-playbooks/registry/test-registry-post.yaml b/test-playbooks/registry/test-registry-post.yaml
index 2fda35820..55101a584 100644
--- a/test-playbooks/registry/test-registry-post.yaml
+++ b/test-playbooks/registry/test-registry-post.yaml
@@ -22,3 +22,5 @@
         dest: "{{ ansible_user_dir }}/zuul-output/logs/{{ container_command }}"
         mode: u=rwX,g=rX,o=rX
         recurse: yes
+    - fail:
+        msg: Fail for testing
diff --git a/zuul-tests.d/container-roles-jobs.yaml b/zuul-tests.d/container-roles-jobs.yaml
index 0f03682f7..4f4f10e6b 100644
--- a/zuul-tests.d/container-roles-jobs.yaml
+++ b/zuul-tests.d/container-roles-jobs.yaml
@@ -111,6 +111,33 @@
     vars:
       container_command: docker
 
+- job:
+    name: zuul-jobs-test-registry-buildset-registry-openshift-crio
+    dependencies: zuul-jobs-test-registry-buildset-registry
+    description: |
+      Test a buildset registry with kubernetes and docker
+
+      It is not meant to be used directly but rather run on changes
+      to roles in the zuul-jobs repo.
+    files:
+      - roles/pull-from-intermediate-registry/.*
+      - roles/push-to-intermediate-registry/.*
+      - roles/install-docker/.*
+      - roles/install-openshift/.*
+      - roles/build-docker-image/.*
+      - roles/run-buildset-registry/.*
+      - roles/use-buildset-registry/.*
+      - test-playbooks/registry/.*
+    run: test-playbooks/registry/buildset-registry-openshift-crio.yaml
+    post-run:
+      - test-playbooks/registry/test-registry-post.yaml
+    vars:
+      container_command: docker
+    nodeset:
+      nodes:
+        - name: controller
+          label: centos-7
+
 - job:
     name: zuul-jobs-test-install-kubernetes-docker
     description: |
@@ -191,12 +218,13 @@
 - project:
     check:
       jobs: &id001
-        - zuul-jobs-test-registry-docker
-        - zuul-jobs-test-registry-podman
+        # - zuul-jobs-test-registry-docker
+        # - zuul-jobs-test-registry-podman
         - zuul-jobs-test-registry-buildset-registry
-        - zuul-jobs-test-registry-buildset-registry-k8s-docker
-        - zuul-jobs-test-install-kubernetes-docker
-        - zuul-jobs-test-install-kubernetes-crio
-        - zuul-jobs-test-install-podman
+        # - zuul-jobs-test-registry-buildset-registry-k8s-docker
+        - zuul-jobs-test-registry-buildset-registry-openshift-crio
+        # - zuul-jobs-test-install-kubernetes-docker
+        # - zuul-jobs-test-install-kubernetes-crio
+        # - zuul-jobs-test-install-podman
     gate:
       jobs: *id001