From 96a780c4d2547bd17dfa3cf8fd7f86e10311f6f7 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Mon, 2 Dec 2019 09:56:28 -0800
Subject: [PATCH] WIP: openshift speculative containers

Change-Id: I81f7be6065a74f45386ea735a5291d48b7e042ce
---
 roles/deploy-openshift/tasks/main.yaml        | 23 ++++++
 roles/use-buildset-registry/tasks/main.yaml   | 71 +++++++++++--------
 roles/use-buildset-registry/vars/CentOS.yaml  |  2 +
 roles/use-buildset-registry/vars/default.yaml |  2 +
 .../buildset-registry-openshift-crio.yaml     | 27 +++++++
 .../registry/test-registry-post.yaml          |  2 +
 zuul-tests.d/container-roles-jobs.yaml        | 40 +++++++++--
 7 files changed, 130 insertions(+), 37 deletions(-)
 create mode 100644 roles/use-buildset-registry/vars/CentOS.yaml
 create mode 100644 roles/use-buildset-registry/vars/default.yaml
 create mode 100644 test-playbooks/registry/buildset-registry-openshift-crio.yaml

diff --git a/roles/deploy-openshift/tasks/main.yaml b/roles/deploy-openshift/tasks/main.yaml
index 5506c880e..8322cec7b 100644
--- a/roles/deploy-openshift/tasks/main.yaml
+++ b/roles/deploy-openshift/tasks/main.yaml
@@ -30,3 +30,26 @@
 
 - name: Who am i
   command: oc whoami -c
+
+# - name: Ensure "docker" group exists
+#   become: true
+#   group:
+#     name: docker
+#     state: present
+#
+# - name: Add user to docker group
+#   become: true
+#   user:
+#     name: "{{ ansible_user }}"
+#     groups:
+#       - docker
+#     append: yes
+#
+# - name: Set group ownership of docker socket
+#   become: true
+#   file:
+#     path: /var/run/docker.sock
+#     group: docker
+#
+# - name: Reset ssh connection to pick up docker group
+#   meta: reset_connection
diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml
index 1117bb82b..c7e511ac3 100644
--- a/roles/use-buildset-registry/tasks/main.yaml
+++ b/roles/use-buildset-registry/tasks/main.yaml
@@ -1,3 +1,12 @@
+- name: Include OS-specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yaml"
+    - "{{ ansible_distribution }}.{{ ansible_architecture }}.yaml"
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+    - "default.yaml"
+
 # Docker doesn't understand docker push [1234:5678::]:5000/image/path:tag
 # so we set up /etc/hosts with a registry alias name to support ipv6 and 4.
 - name: Configure /etc/hosts for buildset_registry to workaround docker not understanding ipv6 addresses
@@ -27,10 +36,10 @@
   become: true
   copy:
     content: "{{ buildset_registry.cert }}"
-    dest: "/usr/local/share/ca-certificates/buildset-registry.crt"
-- name: Update CA certs
-  command: update-ca-certificates
-  become: true
+    dest: "{{ ca_dir }}/buildset-registry.crt"
+# - name: Update CA certs
+#   command: "{{ ca_command }}"
+#   become: true
 
 # Update daemon config
 - name: Check if docker daemon configuration exists
@@ -51,17 +60,17 @@
   set_fact:
     docker_config:
       registry-mirrors: []
-- name: Add registry to docker daemon configuration
-  vars:
-    new_config:
-      registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port }}/']"
-  set_fact:
-    docker_config: "{{ docker_config | combine(new_config) }}"
-- name: Save docker daemon configuration
-  copy:
-    content: "{{ docker_config | to_nice_json }}"
-    dest: /etc/docker/daemon.json
-  become: true
+# - name: Add registry to docker daemon configuration
+#   vars:
+#     new_config:
+#       registry-mirrors: "['https://{{ buildset_registry_alias }}:{{ buildset_registry.port }}/']"
+#   set_fact:
+#     docker_config: "{{ docker_config | combine(new_config) }}"
+# - name: Save docker daemon configuration
+#   copy:
+#     content: "{{ docker_config | to_nice_json }}"
+#     dest: /etc/docker/daemon.json
+#   become: true
 
 - name: Restart docker daemon
   service:
@@ -76,22 +85,22 @@
   file:
     state: directory
     path: /etc/containers
-- name: Modify registries.conf
-  become: yes
-  modify_registries_conf:
-    path: /etc/containers/registries.conf
-    buildset_registry: "{{ buildset_registry }}"
-    namespaces: "{{ buildset_registry_namespaces }}"
+# - name: Modify registries.conf
+#   become: yes
+#   modify_registries_conf:
+#     path: /etc/containers/registries.conf
+#     buildset_registry: "{{ buildset_registry }}"
+#     namespaces: "{{ buildset_registry_namespaces }}"
 
 # We use 'block' here to cause the become to apply to all the tasks
 # (which does not automatically happen with include_tasks).
-- name: Update docker user config to use buildset registry
-  become: true
-  become_user: "{{ buildset_registry_docker_user }}"
-  when: buildset_registry_docker_user is defined
-  block:
-    - include_tasks: user-config.yaml
-- name: Update docker user config to use buildset registry
-  when: buildset_registry_docker_user is not defined
-  block:
-    - include_tasks: user-config.yaml
+# - name: Update docker user config to use buildset registry
+#   become: true
+#   become_user: "{{ buildset_registry_docker_user }}"
+#   when: buildset_registry_docker_user is defined
+#   block:
+#     - include_tasks: user-config.yaml
+# - name: Update docker user config to use buildset registry
+#   when: buildset_registry_docker_user is not defined
+#   block:
+#     - include_tasks: user-config.yaml
diff --git a/roles/use-buildset-registry/vars/CentOS.yaml b/roles/use-buildset-registry/vars/CentOS.yaml
new file mode 100644
index 000000000..c2b260ab2
--- /dev/null
+++ b/roles/use-buildset-registry/vars/CentOS.yaml
@@ -0,0 +1,2 @@
+ca_dir: /etc/pki/ca-trust/source/anchors
+ca_command: update-ca-trust
diff --git a/roles/use-buildset-registry/vars/default.yaml b/roles/use-buildset-registry/vars/default.yaml
new file mode 100644
index 000000000..7bea1b23b
--- /dev/null
+++ b/roles/use-buildset-registry/vars/default.yaml
@@ -0,0 +1,2 @@
+ca_dir: /usr/local/share/ca-certificates
+ca_command: update-ca-certificates
diff --git a/test-playbooks/registry/buildset-registry-openshift-crio.yaml b/test-playbooks/registry/buildset-registry-openshift-crio.yaml
new file mode 100644
index 000000000..cf9dc6d4d
--- /dev/null
+++ b/test-playbooks/registry/buildset-registry-openshift-crio.yaml
@@ -0,0 +1,27 @@
+- hosts: all
+  roles:
+    - role: clear-firewall
+    - role: install-openshift
+    - role: deploy-openshift
+    - role: use-buildset-registry
+      buildset_registry_docker_user: root
+  tasks:
+    - name: Wait for cluster to come up
+      command: kubectl cluster-info
+      register: result
+      until: result.rc == 0
+      retries: 5
+      delay: 30
+    - name: Run a local test pod
+      command: oc run --generator=run-pod/v1 --image=zuul/docker-testimage dockertest
+    - name: Wait for the pod to be ready
+      command: oc wait --for=condition=Ready pod/dockertest --timeout=60s
+    - name: Check the output of the pod
+      shell: "oc logs pod/dockertest | grep 'Zuul container test'"
+
+    - name: Run a remote test pod
+      command: oc run --generator=run-pod/v1 --image=debian:testing upstream-dockertest --command -- /bin/bash -c 'echo Upstream; sleep infinity'
+    - name: Wait for the pod to be ready
+      command: oc wait --for=condition=Ready pod/upstream-dockertest --timeout=60s
+    - name: Check the output of the pod
+      shell: "oc logs pod/upstream-dockertest | grep 'Upstream'"
diff --git a/test-playbooks/registry/test-registry-post.yaml b/test-playbooks/registry/test-registry-post.yaml
index 2fda35820..55101a584 100644
--- a/test-playbooks/registry/test-registry-post.yaml
+++ b/test-playbooks/registry/test-registry-post.yaml
@@ -22,3 +22,5 @@
         dest: "{{ ansible_user_dir }}/zuul-output/logs/{{ container_command }}"
         mode: u=rwX,g=rX,o=rX
         recurse: yes
+    - fail:
+        msg: Fail for testing
diff --git a/zuul-tests.d/container-roles-jobs.yaml b/zuul-tests.d/container-roles-jobs.yaml
index 46a291619..804c55480 100644
--- a/zuul-tests.d/container-roles-jobs.yaml
+++ b/zuul-tests.d/container-roles-jobs.yaml
@@ -111,6 +111,33 @@
     vars:
       container_command: docker
 
+- job:
+    name: zuul-jobs-test-registry-buildset-registry-openshift-crio
+    dependencies: zuul-jobs-test-registry-buildset-registry
+    description: |
+      Test a buildset registry with kubernetes and docker
+
+      It is not meant to be used directly but rather run on changes
+      to roles in the zuul-jobs repo.
+    files:
+      - roles/pull-from-intermediate-registry/.*
+      - roles/push-to-intermediate-registry/.*
+      - roles/install-docker/.*
+      - roles/install-openshift/.*
+      - roles/build-docker-image/.*
+      - roles/run-buildset-registry/.*
+      - roles/use-buildset-registry/.*
+      - test-playbooks/registry/.*
+    run: test-playbooks/registry/buildset-registry-openshift-crio.yaml
+    post-run:
+      - test-playbooks/registry/test-registry-post.yaml
+    vars:
+      container_command: docker
+    nodeset:
+      nodes:
+        - name: controller
+          label: centos-7
+
 - job:
     name: zuul-jobs-test-install-kubernetes-docker
     description: |
@@ -162,12 +189,13 @@
 - project:
     check:
       jobs: &id001
-        - zuul-jobs-test-registry-docker
-        - zuul-jobs-test-registry-podman
+        # - zuul-jobs-test-registry-docker
+        # - zuul-jobs-test-registry-podman
         - zuul-jobs-test-registry-buildset-registry
-        - zuul-jobs-test-registry-buildset-registry-k8s-docker
-        - zuul-jobs-test-install-kubernetes-docker
-        - zuul-jobs-test-install-kubernetes-crio
-        - zuul-jobs-test-install-podman
+        # - zuul-jobs-test-registry-buildset-registry-k8s-docker
+        - zuul-jobs-test-registry-buildset-registry-openshift-crio
+        # - zuul-jobs-test-install-kubernetes-docker
+        # - zuul-jobs-test-install-kubernetes-crio
+        # - zuul-jobs-test-install-podman
     gate:
       jobs: *id001