diff --git a/ci_framework/playbooks/02-infra.yml b/ci_framework/playbooks/02-infra.yml index 8497d6cb8e..1238ce525d 100644 --- a/ci_framework/playbooks/02-infra.yml +++ b/ci_framework/playbooks/02-infra.yml @@ -47,6 +47,13 @@ ansible.builtin.import_role: name: rhol_crc + - name: Deploy OpenShift cluster using dev-scripts + when: + - cifmw_use_devscripts is defined + - cifmw_use_devscripts | bool + ansible.builtin.import_role: + name: devscripts + - name: Login into Openshift cluster vars: cifmw_openshift_login_force_refresh: true diff --git a/ci_framework/roles/ci_network/README.md b/ci_framework/roles/ci_network/README.md index 22957baf72..6c42908219 100644 --- a/ci_framework/roles/ci_network/README.md +++ b/ci_framework/roles/ci_network/README.md @@ -1,18 +1,23 @@ # ci_network + Apply and manage connection in NetworkManager. This role is especially important for CI and CI Job reproducer, since we have to prepare most of the network beforehand. ## Privilege escalation + It needs sudo access to edit Network Manager connections. ## Parameters + * `cifmw_network_generated_layout`: (Str) Path to the generated layout you want to apply. Defaults to `/etc/ci/env/network-layout.yml`. * `cifmw_network_pre_cleanup`: (Bool) Clean existing ethernet connections before applying configuration. Defaults to `true`. * `cifmw_network_layout`: (Dict) Network layout you want to apply. * `cifmw_network_nm_config_file`: (Str) Path to NetworkManager configuration file. Defaults to `/etc/NetworkManager/NetworkManager.conf`. * `cifmw_network_nm_config`: (List(dict)) List of editions to do in the NetworkManager.conf. Defaults to `[]` +* `cifmw_network_local_dns`: (Dict) DNS configuration to be applied on the KVM host. ## NetworkManager configuration layout + The list must be as follow: ```YAML @@ -24,6 +29,7 @@ cifmw_network_nm_config: ``` ## Network configuration layout + This dict has to represent all of the networks as follow: ```YAML @@ -43,5 +49,22 @@ cifmw_network_layout: ``` ## Bootstrap CI + It will also look for a specific parameter from the CI Bootstrap steps: `crc_ci_bootstrap_networks_out`. If it finds it, it will consume it instead of `cifmw_network_layout`. + +## DNS configuration + +The configuration is represented by + +```YAML +cifmw_network_local_dns: + listen_addresses: # Optional. list, IP address for the daemon to listen on. Default: 127.0.0.1 + interfaces: # Optional. list, names of network interfaces to listen on. + domains: # Optional. list, local domains to be configured + addresses: # Optional. list, of dictionaries + - fqdn: # str, Fully Qualified Domain Name + address: # str, a valid IP address + forwarders: + - 8.8.8.8 # Optional. list, of DNS forwarders to be applied. +``` diff --git a/ci_framework/roles/ci_network/tasks/apply-dns.yml b/ci_framework/roles/ci_network/tasks/apply-dns.yml new file mode 100644 index 0000000000..fd88260f97 --- /dev/null +++ b/ci_framework/roles/ci_network/tasks/apply-dns.yml @@ -0,0 +1,87 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Ensure the package is installed + become: true + ansible.builtin.package: + name: "dnsmasq" + state: "present" + +- name: Enable local DNS resolution. + become: true + ansible.builtin.copy: + dest: "/etc/NetworkManager/conf.d/00-use-dnsmasq.conf" + owner: root + group: root + mode: '0644' + content: | + [main] + dns = dnsmasq + +- name: Ensure existing nameservers are DNS forwarders. + become: true + when: > + "'127.0.0.1' not in ansible_dns.nameservers" or + "'forwarders' in cifmw_network_local_dns" + vars: + dns_servers: >- + {{ + cifmw_network_local_dns.forwarders | + default(ansible_dns.nameservers) + }} + servers: "server={{ dns_servers | join('\nserver=') }}" + ansible.builtin.copy: + dest: "/etc/NetworkManager/dnsmasq.d/99-dns-forwarders.conf" + owner: root + group: root + mode: "0644" + content: "{{ servers }}" + +- name: Prepare the dns configuration + ansible.builtin.set_fact: + _dns_config: "{{ cifmw_network_local_dns }}" + +- name: Ensure dnsmasq listens on default IPv4 address + when: "'listen_addresses' not in cifmw_network_local_dns" + vars: + data: + listen_addresses: + - "127.0.0.1" + - "{{ ansible_default_ipv4.address }}" + ansible.builtin.set_fact: + _dns_config: >- + {{ + _dns_config | + combine(data, recursive=true) + }} + +- name: Copy the local dns configuration + become: true + vars: + config: "{{ _dns_config }}" + ansible.builtin.template: + src: "templates/local_domain.conf.j2" + dest: "/etc/NetworkManager/dnsmasq.d/cifmw_local_domain.conf" + owner: root + group: root + mode: "0644" + +- name: Reload the NetworkManager to pick the changes + become: true + ansible.builtin.service: + name: NetworkManager + state: "reloaded" diff --git a/ci_framework/roles/ci_network/tasks/cleanup-dns.yml b/ci_framework/roles/ci_network/tasks/cleanup-dns.yml new file mode 100644 index 0000000000..541844b5a5 --- /dev/null +++ b/ci_framework/roles/ci_network/tasks/cleanup-dns.yml @@ -0,0 +1,33 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Remove the local dns configuration + become: true + ansible.builtin.file: + path: "{{ item }}" + state: absent + force: true + loop: + - "/etc/NetworkManager/conf.d/00-use-dnsmasq.conf" + - "/etc/NetworkManager/dnsmasq.d/cifmw_local_domain.conf" + - "/etc/NetworkManager/dnsmasq.d/99-dns-forwarders.conf" + +- name: Reload the NetworkManager to pick the changes + become: true + ansible.builtin.service: + name: NetworkManager + state: "reloaded" diff --git a/ci_framework/roles/ci_network/templates/local_domain.conf.j2 b/ci_framework/roles/ci_network/templates/local_domain.conf.j2 new file mode 100644 index 0000000000..4522ad3120 --- /dev/null +++ b/ci_framework/roles/ci_network/templates/local_domain.conf.j2 @@ -0,0 +1,22 @@ +# This file is generated by ci-framework tool +listen-address={{ config.listen_addresses | join(',') }} + +{% if 'interfaces' in config %} +{% for interface in config.interfaces %} +interface={{ interface }} +{% endfor %} +{% endif %} + +addn-hosts=/etc/hosts + +{% if 'domains' in config %} +{% for domain in config.domains %} +local=/{{ domain }}/ +{% endfor %} +{% endif %} + +{% if 'addresses' in config %} +{% for address in config.addresses %} +address=/{{ address.fqdn }}/{{ address.address }} +{% endfor %} +{% endif %} diff --git a/ci_framework/roles/devscripts/README.md b/ci_framework/roles/devscripts/README.md new file mode 100644 index 0000000000..16c12a5825 --- /dev/null +++ b/ci_framework/roles/devscripts/README.md @@ -0,0 +1,207 @@ +# devscripts + +This role is a wrapper around the set of scripts provided by metal3 CI team +that automates deploying of OpenShift Container Platform on baremetal like +libvirt/kvm virtual machines. + +## Privilege escalation + +Yes, requires privilege escalation to install dependant packages on the system. Along with performing +network configuration, repository setup and libvirt networks. + +## Parameters + +* `cifmw_devscripts_artifacts_dir` (str) path to the directory to store the role artifacts. +* `cifmw_devscripts_ci_token` (str) oAuth token required for accessing console.redhat.com. +* `cifmw_devscripts_config_overrides` (dict) key/value pairs to be used for overriding the default + configuration. Refer [section](#supported-keys-in-cifmw_devscripts_config_overrides) for more information. +* `cifmw_devscripts_crb_repo` (str) Repo URL of code ready builder. +* `cifmw_devscripts_dry_run` (bool) If enabled, the workflow is evaluated. +* `cifmw_devscripts_make_target` (str) Optional, the target to be used with dev-scripts. +* `cifmw_devscripts_ocp_version` (str) The version of OpenShift to be deployed. +* `cifmw_devscripts_osp_compute_nodes` (list) A list of nodes which has key/value pairs + containing details about OpenStack compute nodes. Refer + [section](#supported-keys-in-cifmw_devscripts_osp_compute_nodes) for more information. +* `cifmw_devscripts_pull_secret` (str) Access secret for pulling OCP component images. +* `cifmw_devscripts_src_dir` (str) The parent folder of dev-scripts repository. + +### Supported keys in cifmw_devscripts_config_overrides + +| Key | Default Value | Description | +| --- | ------------- | ----------- | +| working_dir | `/home/dev-scripts` | Path to the directory to store script artifacts. | +| openshift_version | | The version of OpenShift to be deployed. | +| openshift_release_type | | Type of OpenShift release. Supported values are `nightly\|ga\|okd` | + +#### General settings + +| Key | Default Value | Description | +| --- | ------------- | ----------- | +| cluster_name | `ocp` | Name for the ocp cluster. | +| base_domain | `openstack.lab` | Base domain to be used for the cluster. | +| ssh_pub_key | | SSH public key to enable access to the nodes part of OCP cluster. | +| ntp_servers | `clock.corp.redhat.com` | NTP servers to be configured in the cluster. | + +#### OpenShift networking + +| Key | Default Value | Description | +| --- | ------------- | ----------- | +| ip_stack | `v4` | IP stack for the cluster. Supported values are `v4\|v6\|v6v4`. | +| network_type | `OpenShiftSDN` | Sets the network type for the OpenShift cluster. Supported values are `OpenShiftSDN\|OVNKubernetes`. | +| provisioning_network_profile | `Managed` | Allow the script to manage the provisioning network. Supported values are `Disabled\|Managed`. | +| manage_pro_bridge | `y` | Allow dev-scripts to manage the provisioning bridge. Supported values are `y\|n`. | +| provisioning_network | | The subnet CIDR to be used for the provisioning network. | +| pro_if | | The network interface to be attached to the provisioning bridge. | +| manage_int_bridge | `y` | Allow dev-scripts to manage the internal bridge. Supported values are `y\n`. | +| int_if | | The network interface to be attached to the internal cluster bridge. | +| manage_br_bridge | `y` | Allow dev-scripts to manage the external bridge. Supported values are `y\|n`. | +| ext_if | | The network interface to be attached to the external bridge. | +| external_subnet_v4 | | The external subnet CIDR part of IPv4 family. Includes checks before default is set. | +| external_subnet_v6 | | The external subnet CIDR belonging to IPv6 family required when IP stack is other than `v4`. | +| cluster_subnet_v4 | `192.168.16.0/20` | The cluster network cidr for the OpenShift cluster. | +| cluster_subnet_v6 | | The cluster network cidr belonging to IPv6 family. Required when IP stack is other than `v4`. | +| service_subnet_v4 | `172.30.0.0/16` | The service network cidr for the OpenShift cluster. | +| service_subnet_v6 | | The service network cidr from the IPv6 family. Required when IP stack is other than `v4`. | +| network_config_folder | | Absolute path to the folder containing custom network configuration to be applied for the nodes participating in the cluster. | +| bond_primary_interface | | The primary bond interface to be configured. Used when bond interface configuration is enabled. | + +#### Virtual Machine + +| Key | Default Value | Description | +| --- | ------------- | ----------- | +| num_masters | `3` | The number of VMs that would have OpenShift controller role. | +| master_memory | `32768` | The amount of memory to be set for each controller node. | +| master_disk | `100` | The disk size to be set for each controller node. | +| master_vcpu | `10` | The number of vCPUs to be configured for each controller node. | +| num_workers | `0` | The number of VMs that would have OpenShift worker role. | +| worker_memory_mb | | The amount of memory to be set for each worker node. | +| worker_disk | | The disk size to be set for each worker node. | +| worker_vcpu | | The number of vCPUs to be configured for each worker node. | +| num_extra_workers | | The number of additional VMs to be created that would act as OpenStack computes. | +| extra_worker_memory_mb | | The amount of memory to be set for the extra nodes. | +| extra_worker_disk | | The disk size to be set for each extra nodes. | +| extra_worker_vcpu | | The number of vCPUs to be configured for each extra nodes. | + +### Supported keys in cifmw_devscripts_osp_compute_nodes + +| Key | Description | +| --- | ----------- | +| name | Name of the physical server. | +| bmc | Management board details Refer [section](#supported-keys-in-bmc) | +| boot_mac_addr | MAC address of physical system connected to provisioning network. | +| boot_mode | The mode to be used for booting. Choices are `legacy \| UEFI \| UEFISecureBoot`. | +| extra_spec | Key/value pairs as supported by [baremetal-operator](https://github.com/metal3-io/baremetal-operator/blob/main/docs/api.md) | + +#### Supported keys in bmc + +The keys supported in `cifmw_devscripts_osp_compute_nodes.bmc` are + +| Key | Description | +| --- | ----------- | +| address | URL to the servers BMC. Refer notes for additional information. | +| username | Name of the BMC user encoded with base64. | +| password | Password for the above user encoded with base64. | + +##### Notes + +The BMC address format is `://[:port]/[redfish-system-id]`. Some of the examples are + +* `redfish-virtualmedia://compute-bmc.foo.bar/redfish/v1/Systems/` +* `idrac://compute-bmc.subdomain.domain` +* `idrac-virtualmedia://compute-bmc.foo.bar/redfish/v1/Systems/` +* `redfish://compute-bmc.foo.bar/redfish/v1/Systems/` + +Additional information can be found [here](https://github.com/metal3-io/baremetal-operator/blob/main/docs/api.md#bmc) + +## Examples + +* Sample config for deploying a compact OpenShift platform with extra nodes, existing external network, + separate NIC for RH-OSP networks and with OpenShift provisioning network disabled. + + ```yaml + --- + ... + cifmw_use_devscripts: True + + cifmw_devscripts_ci_token: REDACTED + cifmw_devscripts_pull_secret: | + REDACTED + cifmw_devscripts_dns_entries: + api: REDACTED + ingress: REDACTED + + cifmw_devscripts_src_dir: "/home/ciuser/src/dev-scripts" + + cifmw_devscripts_ocp_version: '4.13.13' + cifmw_devscripts_crb_repo: 'https://mirror.stream.centos.org/9-stream/CRB/x86_64/os/' + ... + ``` + +* Sample config for deploying a HA OpenShift platform with additional networks, OpenShift provisioning network + is enabled and separate RH OSP networks. + + ```YAML + cifmw_use_devscripts: True + + cifmw_devscripts_ci_token: REDACTED + cifmw_devscripts_pull_secret: | + REDACTED + cifmw_devscripts_dns_entries: + api: REDACTED + ingress: REDACTED + + cifmw_devscripts_ocp_version: '4.13.13' + + cifmw_devscripts_config_overrides: + provisioning_network_profile: "Managed" + provisioning_network: "172.22.0.0/16" + num_workers: 3 + worker_memory: 16384 + worker_disk: 100 + worker_vcpu: 10 + ``` + +* Sample vars for a hybrid test environment (virtual OpenShift with physical servers for OpenStack compute). + + ```YAML + cifmw_use_devscripts: True + + cifmw_devscripts_ci_token: REDACTED + cifmw_devscripts_pull_secret: | + REDACTED + cifmw_devscripts_dns_entries: + api: REDACTED + ingress: REDACTED + + cifmw_devscripts_ocp_version: '4.13.13' + + cifmw_devscripts_config_overrides: + provisioning_network_profile: "Managed" + provisioning_network: "172.22.0.0/16" + num_workers: 3 + worker_memory: 16384 + worker_disk: 100 + worker_vcpu: 10 + + cifmw_devscripts_osp_compute_nodes: + - name: osp-compute-0 + bmc: + address: "idrac://osp-compute-0.bmc.foo.bar" + username: "Zm9v" + password: "YmFy" + boot_mac_addr: "00:00:00:00:00:00" + boot_mode: UEFI + - name: osp-compute-1 + bmc: + address: "redfish://osp-compute-1.bmc.foo.bar/redfish/v1/Systems/1" + username: "Zm9v" + password: "YmFy" + boot_mac_addr: "00:00:00:00:00:01" + boot_mode: "legacy" + ``` + +## References + +* [dev-scripts](https://github.com/openshift-metal3/dev-scripts) +* [Additional overrides](https://github.com/openshift-metal3/dev-scripts/blob/master/config_example.sh) +* [Baremetal-operator](https://github.com/metal3-io/baremetal-operator/blob/main/docs/api.md) diff --git a/ci_framework/roles/devscripts/defaults/main.yml b/ci_framework/roles/devscripts/defaults/main.yml new file mode 100644 index 0000000000..fa5fb54a24 --- /dev/null +++ b/ci_framework/roles/devscripts/defaults/main.yml @@ -0,0 +1,59 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# All variables intended for modification should be placed in this file. +# All variables within this role should have a prefix of "cifmw_devscripts" + +cifmw_devscripts_dry_run: false +cifmw_devscripts_debug: false + +cifmw_devscripts_data_dir: "{{ cifmw_basedir | default(ansible_user_dir ~ '/ci-framework-data') }}" +cifmw_devscripts_artifacts_dir: "{{ (cifmw_devscripts_data_dir, 'artifacts') | path_join }}" +cifmw_devscripts_logs_dir: "{{ (cifmw_devscripts_data_dir, 'devscripts', 'logs') | path_join }}" +cifmw_devscripts_output_dir: "{{ (cifmw_devscripts_data_dir, 'devscripts', 'output') | path_join }}" +cifmw_devscripts_repo_dir: "{{ (ansible_user_dir, 'src/github.com/openshift-metal3/dev-scripts') | path_join }}" + +cifmw_devscripts_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" + +cifmw_devscripts_osp_compute_nodes: [] + +cifmw_devscripts_config_defaults: + working_dir: "/home/dev-scripts" + openshift_release_type: "ga" + openshift_version: "{{ cifmw_devscripts_ocp_version | default('4.13.15') }}" + cluster_name: "ocp" + base_domain: "openstack.lab" + ntp_servers: "clock.corp.redhat.com" + ip_stack: "v4" + network_type: "OpenShiftSDN" + provisioning_network_profile: "Managed" + provisioning_network: "172.22.0.0/24" + num_masters: 3 + master_memory: 32768 + master_disk: 100 + master_vcpu: 10 + num_workers: 0 + num_extra_workers: 3 + extra_worker_memory: 16384 + extra_worker_disk: 80 + extra_worker_vcpu: 10 + extra_workers_online_status: "false" + cluster_subnet_v4: "192.168.16.0/20" + cluster_host_prefix_v4: "22" + service_subnet_v4: "172.30.0.0/16" + +cifmw_devscripts_config_overrides: {} diff --git a/ci_framework/roles/devscripts/files/add_bridge_port.sh b/ci_framework/roles/devscripts/files/add_bridge_port.sh new file mode 100644 index 0000000000..d1eb63a7cd --- /dev/null +++ b/ci_framework/roles/devscripts/files/add_bridge_port.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Usage: +# bash add_bridge_port.sh +# +# Name of the bridge +# network device name +set -euo pipefail + +BRIDGE_NAME=${1} +IFACE_NAME=${2} + +CONN_NAME=$(nmcli -t -f GENERAL.CONNECTION dev show ${IFACE_NAME} | cut -d ':' -f 2) +PORT_NAME=${BRIDGE_NAME}-p0 + +check_port=$(nmcli con show | grep -c ${PORT_NAME}) || true + +if [ ${check_port} -ne 0 ]; then + echo "Bridge port available. Nothing to do" + exit 0 +fi + +check_iface=$(nmcli dev status | grep -c ${IFACE_NAME}) || true + +if [ ${check_iface} -eq 0 ]; then + echo "Invalid device name" + exit 1 +fi + +# There are interference when there is a another connection for the same interface. +dummy_con=$(nmcli -t con show | grep ${IFACE_NAME} | grep -v -e "${IFACE_NAME}$" | cut -d ':' -f 1) || true +if [ -n "${dummy_con}" ]; then + echo "There exists a connection that could interfer" + nmcli con delete "${dummy_con}" +fi + +nohup bash -c " + nmcli con down \"${CONN_NAME}\" + nmcli con delete \"${CONN_NAME}\" + nmcli con add connection.type 802-3-ethernet \ + connection.id ${PORT_NAME} \ + connection.interface-name ${IFACE_NAME} \ + connection.master ${BRIDGE_NAME} \ + connection.slave-type bridge +" + +echo "${IFACE_NAME} is added as a port to ${BRIDGE_NAME} successfully." diff --git a/ci_framework/roles/devscripts/meta/main.yml b/ci_framework/roles/devscripts/meta/main.yml new file mode 100644 index 0000000000..ae424ab461 --- /dev/null +++ b/ci_framework/roles/devscripts/meta/main.yml @@ -0,0 +1,41 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +galaxy_info: + author: CI Framework + description: CI Framework Role -- devscripts + company: Red Hat + license: Apache-2.0 + min_ansible_version: 2.14 + namespace: edpm + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + platforms: + - name: CentOS + versions: + - 9 + + galaxy_tags: + - edpm + +# List your role dependencies here, one per line. Be sure to remove the '[]' above, +# if you add dependencies to this list. +dependencies: [] diff --git a/ci_framework/roles/devscripts/molecule/default/converge.yml b/ci_framework/roles/devscripts/molecule/default/converge.yml new file mode 100644 index 0000000000..a6533c612a --- /dev/null +++ b/ci_framework/roles/devscripts/molecule/default/converge.yml @@ -0,0 +1,107 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Converge + hosts: all + + vars: + ansible_user_dir: "{{ lookup('env', 'HOME') }}" + cifmw_path: "{{ ansible_user_dir }}/.crc/bin:{{ ansible_user_dir }}/.crc/bin/oc:{{ ansible_user_dir }}/bin:{{ ansible_env.PATH }}" + cifmw_use_devscripts: true + cifmw_network_local_dns: + domains: + - "ocp.openstack.lab" + cifmw_devscripts_dry_run: true + cifmw_devscripts_ci_token: "random value" + cifmw_devscripts_pull_secret: "should be a json" + cifmw_devscripts_ocp_version: "4.13.12" + cifmw_devscripts_crb_repo: "https://mirror.stream.centos.org/9-stream/CRB/x86_64/os/" + cifmw_devscripts_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" + cifmw_devscripts_repo_dir: "{{ (ansible_user_dir, 'src', 'dev-scripts') | path_join }}" + cifmw_devscripts_data_dir: "{{ (ansible_user_dir, 'ci-framework-data') | path_join }}" + cifmw_devscripts_artifacts_dir: "{{ (cifmw_devscripts_data_dir, 'devscripts', 'artifacts') | path_join }}" + cifmw_devscripts_logs_dir: "{{ (cifmw_devscripts_data_dir, 'devscripts', 'logs') | path_join }}" + cifmw_devscripts_output_dir: "{{ (cifmw_devscripts_data_dir, 'devscripts', 'output') | path_join }}" + cifmw_devscripts_config_overrides: + num_extra_workers: 2 + extra_worker_memory: 16384 + extra_worker_disk: 80 + extra_worker_vcpu: 10 + osp_trunk_network_subnet_v4: "192.168.122.0/24" + extra_network_names: "osp_trunk" + + tasks: + - name: Apply devscripts role + ansible.builtin.include_role: + name: devscripts + + - name: Testing the default values + ansible.builtin.assert: + that: + - cifmw_devscripts_config.cluster_name == 'ocp' + - cifmw_devscripts_config.base_domain == 'openstack.lab' + - cifmw_devscripts_config.openshift_release_type == 'ga' + - cifmw_devscripts_config.ip_stack == 'v4' + - cifmw_devscripts_config.ntp_servers == 'clock.corp.redhat.com' + - cifmw_devscripts_config.network_type == 'OpenShiftSDN' + - cifmw_devscripts_config.provisioning_network_profile == 'Managed' + - cifmw_devscripts_config.num_masters == 3 + - cifmw_devscripts_config.num_workers == 0 + + - name: Collect stat information + ansible.builtin.stat: + path: "{{ item }}" + loop: + - "{{ cifmw_devscripts_data_dir }}" + - "{{ cifmw_devscripts_artifacts_dir }}" + - "{{ cifmw_devscripts_repo_dir }}" + - "{{ cifmw_devscripts_logs_dir }}" + - "{{ cifmw_devscripts_output_dir }}" + register: stat_results + + - name: Test directory exists + ansible.builtin.assert: + that: + - item.stat is defined + - item.stat.isdir + loop: "{{ stat_results.results }}" + + - name: Collect stat of pull secret file + ansible.builtin.stat: + path: "{{ item }}" + loop: + - "{{ cifmw_devscripts_repo_dir }}/pull_secret.json" + - "{{ cifmw_devscripts_repo_dir }}/config_{{ cifmw_devscripts_user }}.sh" + register: file_stat_results + + - name: Test pull secret file stat information + ansible.builtin.assert: + that: + - item.stat is defined + - item.stat.exists + loop: "{{ file_stat_results.results }}" + + - name: Test override dev-scripts configuration. + ansible.builtin.assert: + that: + - cifmw_devscripts_config.extra_network_names == 'osp_trunk' + - cifmw_devscripts_config.num_extra_workers | int == 2 + + - name: Perform cleanup + ansible.builtin.include_role: + name: devscripts + tasks_from: cleanup.yml diff --git a/ci_framework/roles/devscripts/molecule/default/molecule.yml b/ci_framework/roles/devscripts/molecule/default/molecule.yml new file mode 100644 index 0000000000..dc03b4f508 --- /dev/null +++ b/ci_framework/roles/devscripts/molecule/default/molecule.yml @@ -0,0 +1,11 @@ +--- +# Mainly used to override the defaults set in .config/molecule/ +# By default, it uses the "config_podman.yml" - in CI, it will use +# "config_local.yml". + + +log: true + +provisioner: + name: ansible + log: true diff --git a/ci_framework/roles/devscripts/molecule/default/prepare.yml b/ci_framework/roles/devscripts/molecule/default/prepare.yml new file mode 100644 index 0000000000..683c54952f --- /dev/null +++ b/ci_framework/roles/devscripts/molecule/default/prepare.yml @@ -0,0 +1,29 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Prepare + hosts: all + + vars: + ansible_user_dir: "{{ lookup('env', 'HOME') }}" + cifmw_path: "{{ ansible_user_dir }}/.crc/bin:{{ ansible_user_dir }}/.crc/bin/oc:{{ ansible_user_dir }}/bin:{{ ansible_env.PATH }}" + cifmw_use_libvirt: true + + roles: + - role: test_deps + - role: ci_setup + - role: libvirt_manager diff --git a/ci_framework/roles/devscripts/tasks/01_prepare_host.yml b/ci_framework/roles/devscripts/tasks/01_prepare_host.yml new file mode 100644 index 0000000000..f6be8fbc1b --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/01_prepare_host.yml @@ -0,0 +1,52 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# Prepares the host for executing the role. + +- name: Ensure the required repositories and packages are present. + tags: + - bootstrap + - packages + block: + - name: Attempt repository enablement using Subscription Manager. + ansible.builtin.import_tasks: sub_tasks/11_rhsm.yml + + - name: Attempt repository enablement using yum repo. + when: not cifmw_devscripts_rhsm_enabled_repos + ansible.builtin.import_tasks: sub_tasks/12_yum_repo.yml + + - name: Install the required packages + ansible.builtin.import_tasks: sub_tasks/13_packages.yml + +- name: Performing storage tasks. + tags: + - bootstrap + ansible.builtin.import_tasks: sub_tasks/14_storage.yml + +- name: Performing network tasks. + tags: + - bootstrap + ansible.builtin.import_tasks: sub_tasks/15_network.yml + +- name: Performing user tasks. + tags: + - bootstrap + ansible.builtin.import_tasks: sub_tasks/16_user.yml + +- name: Performing application tasks. + tags: + - bootstrap + ansible.builtin.import_tasks: sub_tasks/17_virt_net.yml diff --git a/ci_framework/roles/devscripts/tasks/02_gather_env_details.yml b/ci_framework/roles/devscripts/tasks/02_gather_env_details.yml new file mode 100644 index 0000000000..9f0ff469a2 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/02_gather_env_details.yml @@ -0,0 +1,85 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Gather default IPv4 network notation. + tags: + - bootstrap + when: + - "'manage_br_bridge' in cifmw_devscripts_config" + - cifmw_devscripts_config['manage_br_bridge'] == 'n' + - cifmw_devscripts_config['ip_stack'] != 'v6' + - cifmw_devscripts_ext_net_cidr is not defined + vars: + subnet: >- + {{ ansible_default_ipv4.network}}/{{ ansible_default_ipv4.netmask }} + ext_net_v4: + external_subnet_v4: >- + {{ + subnet | ansible.utils.ipaddr('network/prefix') + }} + ansible.builtin.set_fact: + cifmw_devscripts_config: >- + {{ + cifmw_devscripts_config | combine(ext_net_v4, recursive=true) + }} + +- name: Gather default IPv6 network notation. + tags: + - bootstrap + when: + - "'manage_br_bridge' in cifmw_devscripts_config" + - cifmw_devscripts_config['manage_br_bridge'] == 'n' + - cifmw_devscripts_config['ip_stack'] != 'v4' + - cifmw_devscripts_ext_net_cidr_6 is not defined + vars: + subnet: >- + {{ ansible_default_ipv6.network}}/{{ ansible_default_ipv6.netmask }} + ext_net_v6: + external_subnet_v6: >- + {{ + subnet | ansible.utils.ipaddr('network/prefix') + }} + ansible.builtin.set_fact: + cifmw_devscripts_config: >- + {{ + cifmw_devscripts_config | combine(ext_net_v6, recursive=true) + }} + +- name: Add external network IPv4 address + tags: + - bootstrap + vars: + data: + provisioning_host_external_ip: "{{ ansible_default_ipv4.address}}" + provisioning_url_host: "{{ ansible_default_ipv4.address}}" + ansible.builtin.set_fact: + cifmw_devscripts_config: >- + {{ + cifmw_devscripts_config | combine(data, recursive=true) + }} + +- name: Gather the SSH public key for enabling cluster access. + tags: + - bootstrap + when: cifmw_devscripts_ssh_pub_key is not defined + vars: + pub_key: + ssh_pub_key: "{{ cifmw_devscripts_ssh_key.public_key }}" + ansible.builtin.set_fact: + cifmw_devscripts_config: >- + {{ + cifmw_devscripts_config | combine(pub_key, recursive=true) + }} diff --git a/ci_framework/roles/devscripts/tasks/03_install.yml b/ci_framework/roles/devscripts/tasks/03_install.yml new file mode 100644 index 0000000000..08801e5c1c --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/03_install.yml @@ -0,0 +1,71 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Clone the dev-scripts repository. + tags: + - bootstrap + ansible.builtin.git: + repo: "{{ cifmw_devscripts_repo }}" + dest: "{{ cifmw_devscripts_repo_dir }}" + depth: 1 + single_branch: true + force: true + version: HEAD # noqa: latest[git] + register: clone_out + retries: 3 + delay: 15 + until: "clone_out is not failed" + +# Note: Override When external network is being reused. +- name: Verify dev-scripts vm_setup_vars to reflects external network address + tags: + - bootstrap + when: + - "'manage_br_bridge' in cifmw_devscripts_config" + - cifmw_devscripts_config['manage_br_bridge'] == 'n' + ansible.builtin.replace: + path: "{{ cifmw_devscripts_repo_dir }}/vm_setup_vars.yml" + after: "external_network:" + regexp: "^ address_v4(.+)$" + replace: " address_v4: {{ ansible_default_ipv4.address }}" + +- name: Copy the OCP config file. + tags: + - bootstrap + ansible.builtin.template: + src: templates/conf_ciuser.sh.j2 + dest: >- + {{ cifmw_devscripts_repo_dir }}/config_{{ cifmw_devscripts_user }}.sh + +- name: Copy the user pull secret + tags: + - bootstrap + ansible.builtin.copy: + dest: "{{ cifmw_devscripts_repo_dir }}/pull_secret.json" + content: "{{ cifmw_devscripts_pull_secret }}" + owner: "{{ cifmw_devscripts_user }}" + group: "{{ cifmw_devscripts_user }}" + mode: "0644" + +- name: Deploying the OpenShift platform + tags: + - bootstrap + ci_make: + chdir: "{{ cifmw_devscripts_repo_dir }}" + output_dir: "{{ cifmw_devscripts_output_dir }}" + dry_run: "{{ cifmw_devscripts_dry_run | bool }}" + target: "{{ cifmw_devscripts_make_target | default(omit) }}" diff --git a/ci_framework/roles/devscripts/tasks/04_post.yml b/ci_framework/roles/devscripts/tasks/04_post.yml new file mode 100644 index 0000000000..74cc6ef987 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/04_post.yml @@ -0,0 +1,24 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Set the facts about the platform access. + when: not cifmw_devscripts_dry_run | bool + ansible.builtin.import_tasks: sub_tasks/41_set_facts.yml + +- name: Add OpenStack compute nodes + when: not cifmw_devscripts_dry_run | bool + ansible.builtin.import_tasks: sub_tasks/42_add_bmh.yml diff --git a/ci_framework/roles/devscripts/tasks/cleanup.yml b/ci_framework/roles/devscripts/tasks/cleanup.yml new file mode 100644 index 0000000000..9e439b81fa --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/cleanup.yml @@ -0,0 +1,49 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Remove the deployed OpenShift platform. + when: not cifmw_devscripts_dry_run | bool + ci_make: + chdir: "{{ cifmw_devscripts_repo_dir }}" + output_dir: "{{ cifmw_devscripts_output_dir }}" + target: clean + +- name: Cleanup the devscripts repo directory. + become: true + ansible.builtin.file: + path: "{{ cifmw_devscripts_repo_dir }}" + state: absent + force: true + +- name: Cleanup the devscripts working directory. + become: true + ansible.builtin.file: + path: "{{ cifmw_devscripts_config.working_dir }}" + state: absent + force: true + +- name: Cleanup DNS resolution artifacts. + when: cifmw_network_local_dns is defined + ansible.builtin.include_role: + name: ci_network + tasks_from: cleanup-dns.yml + +- name: Cleanup the crb repo + become: true + when: cifmw_devscripts_crb_repo is defined + ansible.builtin.yum_repository: + name: "crb" + state: absent diff --git a/ci_framework/roles/devscripts/tasks/main.yml b/ci_framework/roles/devscripts/tasks/main.yml new file mode 100644 index 0000000000..4d0ee75b47 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/main.yml @@ -0,0 +1,48 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Gather the configurations to be passed to dev-scripts. + ansible.builtin.set_fact: + cifmw_devscripts_config: >- + {{ + cifmw_devscripts_config_defaults | + combine(cifmw_devscripts_config_overrides, recursive=true) + }} + cacheable: true + +- name: Ensure the required folders are present. + ansible.builtin.file: + path: "{{ item }}" + state: directory + loop: + - "{{ cifmw_devscripts_data_dir }}" + - "{{ cifmw_devscripts_artifacts_dir }}" + - "{{ cifmw_devscripts_logs_dir }}" + - "{{ cifmw_devscripts_output_dir }}" + +- name: Prepare the host for execution of dev-scripts. + ansible.builtin.import_tasks: 01_prepare_host.yml + +- name: Gather the host and dev-scripts required information. + ansible.builtin.import_tasks: 02_gather_env_details.yml + +- name: Running dev-scripts. + ansible.builtin.import_tasks: 03_install.yml + +- name: Executing dev-scripts post-install tasks. + when: not cifmw_devscripts_dry_run | bool + ansible.builtin.import_tasks: 04_post.yml diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/11_rhsm.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/11_rhsm.yml new file mode 100644 index 0000000000..0bd0dc9b2e --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/11_rhsm.yml @@ -0,0 +1,51 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# If the system has a valid subscription, then enable BaseOS, AppStreams and +# codeready-builder repositories. + +# ToDo: Move these tasks to repo-setup +- name: Gathering Red Hat Subscription Manager status. + become: true + tags: + - bootstrap + - packages + when: ansible_distribution == 'RedHat' + ansible.builtin.command: "subscription-manager status" + register: rhsm_output + failed_when: rhsm_output.rc > 1 + +- name: Enabling the required repositories. + become: true + tags: + - bootstrap + - packages + when: + - "'rc' in rhsm_output" + - rhsm_output.rc == 0 + block: + - name: Enabling the required repositories. + become: true + community.general.rhsm_repository: + name: + - 'rhel-*-baseos-rpms' + - 'rhel-*-appstream-rpms' + - 'codeready-builder-*-x86_64-rpms' + state: enabled + + - name: Set RHSM repos enabled flag + ansible.builtin.set_fact: + cifmw_devscripts_rhsm_enabled_repos: true diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/12_yum_repo.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/12_yum_repo.yml new file mode 100644 index 0000000000..f91244e9b9 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/12_yum_repo.yml @@ -0,0 +1,35 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# codeready-builder repo is required for executing dev-scripts. This is the +# final attempt in adding the repository + +# ToDo: Move these tasks to repo-setup +- name: Enabling CRB repository + become: true + tags: + - bootstrap + - packages + when: + - cifmw_devscripts_crb_repo is defined + - not cifmw_devscripts_rhsm_enabled_repos + ansible.builtin.yum_repository: + name: crb + description: Code Ready Builder + baseurl: "{{ cifmw_devscripts_crb_repo }}" + gpgcheck: false + enabled: true + state: present diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/13_packages.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/13_packages.yml new file mode 100644 index 0000000000..7e4f17754d --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/13_packages.yml @@ -0,0 +1,21 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Ensure the required packages for executing dev-scripts exists. + become: true + ansible.builtin.package: + name: "{{ cifmw_devscripts_packages }}" + state: present diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/14_storage.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/14_storage.yml new file mode 100644 index 0000000000..3cca7e3f1f --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/14_storage.yml @@ -0,0 +1,49 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Collect lvm information + become: true + ansible.builtin.setup: + gather_subset: + - '!all' + - '!min' + - hardware + filter: + - ansible_lvm + +# ToDo: Identify why ansible-lint rule is violated. +- name: Gathering root mount details + ansible.builtin.set_fact: + root_mount_data: "{{ ansible_mounts | community.general.json_query(query_str) | first }}" # noqa: jinja[invalid] + vars: + query_str: "[?mount=='/']" + +- name: Extending root logical volume + become: true + vars: + device_name: "{{ root_mount_data['device'] | split('/') | last }}" + lv_name: "{{ device_name | split('-') | last }}" + when: + - ansible_lvm + - root_mount_data + - ansible_lvm != 'N/A' + - "lv_name in ansible_lvm.lvs" + community.general.lvol: + lv: "{{ lv_name }}" + vg: "{{ ansible_lvm['lvs'][lv_name]['vg'] }}" + size: +100%FREE + resizefs: true diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/15_network.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/15_network.yml new file mode 100644 index 0000000000..a9f4891cb4 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/15_network.yml @@ -0,0 +1,54 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Gather external interface name. + ansible.builtin.set_fact: + iface_name: "{{ ansible_default_ipv4.interface }}" + +- name: Configure local DNS + when: cifmw_network_local_dns is defined + ansible.builtin.include_role: + name: ci_network + tasks_from: apply-dns.yml + +- name: Ensure the baremetal bridge is configured. + become: true + when: + - "'manage_br_bridge' in cifmw_devscripts_config" + - cifmw_devscripts_config['manage_br_bridge'] == 'n' + - ansible_default_ipv4['type'] != 'bridge' + block: + - name: "Ensure no ifcfg script for interface {{ iface_name }}" + ci_script: + script: "rm -f /etc/sysconfig/network-scripts/ifcfg-{{ iface_name }}" + output_dir: "{{ cifmw_devscripts_output_dir }}" + + - name: Ensure external bridge exists + community.general.nmcli: + conn_name: "{{ cifmw_devscripts_config['cluster_name'] }}bm" + ifname: "{{ cifmw_devscripts_config['cluster_name'] }}bm" + state: present + stp: false + type: "bridge" + + - name: Add the external interface to the bridge + become: true + ansible.builtin.script: + cmd: >- + files/add_bridge_port.sh + "{{ cifmw_devscripts_config['cluster_name'] }}bm" + "{{ iface_name }}" diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/16_user.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/16_user.yml new file mode 100644 index 0000000000..96b9f85583 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/16_user.yml @@ -0,0 +1,57 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Create the specified user. + become: true + ansible.builtin.user: + name: "{{ cifmw_devscripts_user }}" + state: present + +- name: Ensure the devscripts required directories exists. + become: true + ansible.builtin.file: + path: "{{ item }}" + state: "directory" + owner: "{{ cifmw_devscripts_user }}" + group: "{{ cifmw_devscripts_user }}" + mode: "0755" + loop: + - "{{ cifmw_devscripts_repo_dir }}" + - "{{ cifmw_devscripts_config['working_dir'] }}" + +- name: Generate SSH keys for accessing OCP cluster + community.crypto.openssh_keypair: + path: >- + {{ cifmw_devscripts_artifacts_dir }}/{{ cifmw_devscripts_user }}_ed25519 + type: "ed25519" + register: cifmw_devscripts_ssh_key + +- name: Enable password-less access + become: true + ansible.posix.authorized_key: + user: "{{ cifmw_devscripts_user }}" + key: "{{ cifmw_devscripts_ssh_key.public_key }}" + state: present + +- name: Verify sudoers privileges + become: true + ansible.builtin.copy: + dest: "/etc/sudoers.d/{{ cifmw_devscripts_user }}" + owner: root + group: root + mode: "0640" + content: | + {{ cifmw_devscripts_user }} ALL=(ALL) NOPASSWD: ALL diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/17_virt_net.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/17_virt_net.yml new file mode 100644 index 0000000000..35a28e4119 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/17_virt_net.yml @@ -0,0 +1,23 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Ensure the default network is removed. + vars: + net_name: "default" + ansible.builtin.include_role: + name: libvirt_manager + tasks_from: delete_network.yml diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/41_set_facts.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/41_set_facts.yml new file mode 100644 index 0000000000..ef67e7a853 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/41_set_facts.yml @@ -0,0 +1,56 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Gather the kubeadmin password + vars: + kube_pass_file: >- + {{ + ( + cifmw_devscripts_repo_dir, + 'ocp', + cifmw_devscripts_config['cluster_name'], + 'auth', + 'kubeadmin-password' + ) | path_join + }} + ansible.builtin.slurp: + src: "{{ kube_pass_file }}" + register: kubeadmin_password + +- name: Loading the kubeconfig information + vars: + kube_file: >- + {{ + ( + cifmw_devscripts_repo_dir, + 'ocp', + cifmw_devscripts_config['cluster_name'], + 'auth', + 'kubeconfig' + ) | path_join + }} + ansible.builtin.set_fact: + kubeconfig: "{{ kube_file }}" + kubeconf: "{{ lookup('ansible.builtin.file', kube_file) | from_yaml }}" + +- name: Set the OpenShift platform access information. + ansible.builtin.set_fact: + cifmw_openshift_api: "{{ kubeconf.clusters[0].cluster.server }}" + cifmw_openshift_user: "kubeadmin" + cifmw_openshift_password: "{{ kubeadmin_password.content | b64decode }}" + cifmw_openshift_kubeconfig: "{{ kubeconfig }}" + cacheable: true diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/42_add_bmh.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/42_add_bmh.yml new file mode 100644 index 0000000000..e34e816845 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/42_add_bmh.yml @@ -0,0 +1,58 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Collect extra nodes created via dev-scripts + when: + - "'num_extra_workers' in cifmw_devscripts_config" + - cifmw_devscripts_config.num_extra_workers | int > 0 + block: + - name: Collecting the extra baremetal hosts information. + vars: + nodes_file: "{{ cifmw_devscripts_repo_dir }}/ocp/{{ cifmw_devscripts_config.cluster_name }}/extra_baremetalhosts.json" + ansible.builtin.set_fact: + nodes: "{{ lookup('ansible.builtin.file', nodes_file) | from_json }}" + + - name: Add devscripts extra nodes + ansible.builtin.include_tasks: _get_node.yml + loop: "{{ nodes }}" + loop_control: + loop_var: node + +- name: Ensure the bmh artifacts exists + ansible.builtin.file: + path: "{{ cifmw_devscripts_artifacts_dir }}/bmh" + state: "directory" + owner: "{{ cifmw_devscripts_user }}" + group: "{{ cifmw_devscripts_user }}" + mode: "0755" + +- name: Create baremetal host object + vars: + node: "{{ item }}" + ansible.builtin.template: + src: templates/bmh.yaml.j2 + dest: "{{ cifmw_devscripts_artifacts_dir }}/bmh/{{ item.name }}.yaml" + owner: "{{ cifmw_devscripts_user }}" + group: "{{ cifmw_devscripts_user }}" + mode: "0644" + loop: "{{ cifmw_devscripts_osp_compute_nodes }}" + +- name: Apply the baremetal host definitions + environment: + KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" + ansible.builtin.command: + cmd: "oc apply -f {{ cifmw_devscripts_artifacts_dir }}/bmh/" diff --git a/ci_framework/roles/devscripts/tasks/sub_tasks/_get_node.yml b/ci_framework/roles/devscripts/tasks/sub_tasks/_get_node.yml new file mode 100644 index 0000000000..18ecadf897 --- /dev/null +++ b/ci_framework/roles/devscripts/tasks/sub_tasks/_get_node.yml @@ -0,0 +1,52 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Gather MAC address of port connected to baremetal bridge + become: true + vars: + bridge_suffix: >- + {{ + 'bm' + if ( + cifmw_devscripts_config.provisioning_network_profile == 'Disabled' + ) + else 'pr' + }} + vm_name: "{{ node.name | replace('-', '_') }}" + ci_script: + output_dir: "{{ cifmw_devscripts_output_dir }}" + script: >- + virsh -q domiflist {{ vm_name }} | + grep {{ cifmw_devscripts_config.cluster_name }}{{ bridge_suffix }} + register: boot_mac_out + +- name: Add node information to openstack compute nodes + vars: + mac_addr: "{{ boot_mac_out.stdout | split(' ') | last }}" + bmh: + name: "{{ node.name }}" + bmc: + address: "{{ node.driver_info.address }}" + username: "{{ node.driver_info.username | b64encode }}" + password: "{{ node.driver_info.password | b64encode }}" + boot_mode: "UEFI" + boot_mac_addr: "{{ mac_addr | trim }}" + ansible.builtin.set_fact: + cifmw_devscripts_osp_compute_nodes: >- + {{ + cifmw_devscripts_osp_compute_nodes + [bmh] + }} diff --git a/ci_framework/roles/devscripts/templates/bmh.yaml.j2 b/ci_framework/roles/devscripts/templates/bmh.yaml.j2 new file mode 100644 index 0000000000..dac61e0161 --- /dev/null +++ b/ci_framework/roles/devscripts/templates/bmh.yaml.j2 @@ -0,0 +1,31 @@ +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ node.name }}-bmc-creds + namespace: openshift-machine-api +data: + username: {{ node.bmc.username }} + password: {{ node.bmc.password }} +--- +apiVersion: metal3.io/v1alpha1 +kind: BareMetalHost +metadata: + name: {{ node.name }} + namespace: openshift-machine-api + annotations: + inspect.metal3.io: disabled + labels: + app: openstack +spec: + bmc: + address: "{{ node.bmc.address }}" + credentialsName: {{ node.name }}-bmc-creds + disableCertificateVerification: true + bootMACAddress: {{ node.boot_mac_addr }} + bootMode: {{ node.boot_mode }} + online: false +{% if extra_spec is defined %} + {{ extra_spec }} +{% endif %} diff --git a/ci_framework/roles/devscripts/templates/conf_ciuser.sh.j2 b/ci_framework/roles/devscripts/templates/conf_ciuser.sh.j2 new file mode 100644 index 0000000000..6448597661 --- /dev/null +++ b/ci_framework/roles/devscripts/templates/conf_ciuser.sh.j2 @@ -0,0 +1,12 @@ +#!/bin/bash + +# OpenShift Container Platform configuration template +# Refer https://github.com/openshift-metal3/dev-scripts/blob/master/config_example.sh +# +set +x +export CI_TOKEN="{{ cifmw_devscripts_ci_token }}" +set -x + +{% for item in cifmw_devscripts_config %} +export {{ item.upper() }}="{{ cifmw_devscripts_config[item] }}" +{% endfor %} diff --git a/ci_framework/roles/devscripts/vars/main.yml b/ci_framework/roles/devscripts/vars/main.yml new file mode 100644 index 0000000000..af24afe859 --- /dev/null +++ b/ci_framework/roles/devscripts/vars/main.yml @@ -0,0 +1,31 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# While options found within the vars/ path can be overridden using extra +# vars, items within this path are considered part of the role and not +# intended to be modified. + +# All variables within this role should have a prefix of "cifmw_devscripts" + +cifmw_devscripts_packages: + - ipmitool + - NetworkManager-initscripts-updown + - python3-jmespath + +cifmw_devscripts_repo: "https://github.com/openshift-metal3/dev-scripts.git" + +cifmw_devscripts_rhsm_enabled_repos: false diff --git a/ci_framework/roles/edpm_deploy_baremetal/README.md b/ci_framework/roles/edpm_deploy_baremetal/README.md index 9c581a46a0..d2088fa559 100644 --- a/ci_framework/roles/edpm_deploy_baremetal/README.md +++ b/ci_framework/roles/edpm_deploy_baremetal/README.md @@ -1,12 +1,15 @@ # edpm_deploy_baremetal + This Ansible role deploys compute nodes with BMAAS, installs the OpenStack operator and services, and provision the compute nodes for further deployment by toggling the deploy:true flag in the openstackdataplane CR, and waits for the necessary components to be available. ## Privilege escalation + This role doesn't need privilege escalation. ## Parameters + * `cifmw_edpm_deploy_baremetal_manifests_dir`: (string) The directory path where the manifests will be stored. Default: `{{ cifmw_manifests | default(cifmw_edpm_deploy_baremetal_basedir ~ '/artifacts/manifests') }}` * `cifmw_edpm_deploy_baremetal_dry_run`: (boolean) Whether to perform a dry run of the deployment. Default: `false` * `cifmw_install_yamls_defaults`: (dictionary) Default values for installation. Default: `{'NAMESPACE': 'openstack'}` @@ -16,9 +19,12 @@ This role doesn't need privilege escalation. * `cifmw_edpm_deploy_baremetal_wait_dataplane_timeout_mins`: (integer) Timeout for waiting for the OpenStackDataPlane. Default: `30` * `cifmw_edpm_deploy_baremetal_update_os_containers`: (Boolean) Update the uefi image. Default: `false` * `cifmw_edpm_deploy_baremetal_repo_setup_override`: (Boolean) Override the repo-setup service in OpenStackDataPlane with repo-setup-downstream. Default: `false` +* `cifmw_edpm_deploy_baremetal_create_vms`: (Boolean) If enabled, compute nodes are pre-provisioned using Ironic else OpenStackProvisioner. Default: `true` ## Examples + ### 1 - Perform edpm baremetal deployment + ```yaml - hosts: all tasks: diff --git a/ci_framework/roles/edpm_deploy_baremetal/defaults/main.yml b/ci_framework/roles/edpm_deploy_baremetal/defaults/main.yml index 623012ab56..221a54dfc1 100644 --- a/ci_framework/roles/edpm_deploy_baremetal/defaults/main.yml +++ b/ci_framework/roles/edpm_deploy_baremetal/defaults/main.yml @@ -27,3 +27,4 @@ cifmw_edpm_deploy_baremetal_wait_bmh_timeout_mins: 20 cifmw_edpm_deploy_baremetal_wait_dataplane_timeout_mins: 30 cifmw_edpm_deploy_baremetal_update_os_containers: false cifmw_edpm_deploy_baremetal_repo_setup_override: false +cifmw_edpm_deploy_baremetal_create_vms: true diff --git a/ci_framework/roles/edpm_deploy_baremetal/tasks/main.yml b/ci_framework/roles/edpm_deploy_baremetal/tasks/main.yml index a38478b2cd..d4c440405c 100644 --- a/ci_framework/roles/edpm_deploy_baremetal/tasks/main.yml +++ b/ci_framework/roles/edpm_deploy_baremetal/tasks/main.yml @@ -45,6 +45,7 @@ name: set_openstack_containers - name: Create virtual baremetal + when: cifmw_edpm_deploy_baremetal_create_vms | bool vars: make_edpm_baremetal_compute_env: "{{ cifmw_edpm_deploy_baremetal_common_env | combine(cifmw_edpm_deploy_baremetal_make_openstack_env | from_yaml)}}" @@ -62,71 +63,71 @@ name: 'install_yamls_makes' tasks_from: 'make_edpm_deploy_baremetal' -- name: Wait for Ironic to be ready - when: not cifmw_edpm_deploy_baremetal_dry_run - environment: - KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" - PATH: "{{ cifmw_path }}" - ansible.builtin.command: - cmd: >- - oc wait pod -l name=ironic -n baremetal-operator-system --for=condition=Ready - --timeout={{ cifmw_edpm_deploy_baremetal_wait_ironic_timeout_mins }}m +- name: Wait for virtual computes to be ready + when: + - cifmw_edpm_deploy_baremetal_create_vms | bool + - not cifmw_edpm_deploy_baremetal_dry_run + block: + - name: Wait for Ironic to be ready + environment: + KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" + PATH: "{{ cifmw_path }}" + ansible.builtin.command: + cmd: >- + oc wait pod -l name=ironic -n baremetal-operator-system --for=condition=Ready + --timeout={{ cifmw_edpm_deploy_baremetal_wait_ironic_timeout_mins }}m -- name: Wait for OpenStack Provision Server pod to be created - when: not cifmw_edpm_deploy_baremetal_dry_run - environment: - KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" - PATH: "{{ cifmw_path }}" - ansible.builtin.command: - cmd: >- - oc get po -l osp-provisionserver/name=openstack-edpm-ipam-provisionserver - -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} -o name - register: cifmw_edpm_deploy_baremetal_provisionserver_pod_output - retries: "{{ cifmw_edpm_deploy_baremetal_wait_provisionserver_retries }}" - delay: 10 - until: cifmw_edpm_deploy_baremetal_provisionserver_pod_output.stdout != '' - -- name: Wait for OpenStack Provision Server deployment to be available - when: not cifmw_edpm_deploy_baremetal_dry_run - environment: - KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" - PATH: "{{ cifmw_path }}" - ansible.builtin.command: - cmd: >- - oc wait deployment openstack-edpm-ipam-provisionserver-openstackprovisionserver - -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} - --for condition=Available - --timeout={{ cifmw_edpm_deploy_baremetal_wait_provisionserver_timeout_mins }}m + - name: Wait for OpenStack Provision Server pod to be created + environment: + KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" + PATH: "{{ cifmw_path }}" + ansible.builtin.command: + cmd: >- + oc get po -l osp-provisionserver/name=openstack-edpm-ipam-provisionserver + -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} -o name + register: cifmw_edpm_deploy_baremetal_provisionserver_pod_output + retries: "{{ cifmw_edpm_deploy_baremetal_wait_provisionserver_retries }}" + delay: 10 + until: cifmw_edpm_deploy_baremetal_provisionserver_pod_output.stdout != '' + + - name: Wait for OpenStack Provision Server deployment to be available + environment: + KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" + PATH: "{{ cifmw_path }}" + ansible.builtin.command: + cmd: >- + oc wait deployment openstack-edpm-ipam-provisionserver-openstackprovisionserver + -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} + --for condition=Available + --timeout={{ cifmw_edpm_deploy_baremetal_wait_provisionserver_timeout_mins }}m -- name: Wait for baremetal nodes to reach 'provisioned' state - when: not cifmw_edpm_deploy_baremetal_dry_run - environment: - KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" - PATH: "{{ cifmw_path }}" - ansible.builtin.command: - cmd: >- - oc wait bmh --all - -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} - --for=jsonpath='{.status.provisioning.state}'=provisioned - --timeout={{ cifmw_edpm_deploy_baremetal_wait_bmh_timeout_mins }}m + - name: Wait for baremetal nodes to reach 'provisioned' state + environment: + KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" + PATH: "{{ cifmw_path }}" + ansible.builtin.command: + cmd: >- + oc wait bmh --all + -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} + --for=jsonpath='{.status.provisioning.state}'=provisioned + --timeout={{ cifmw_edpm_deploy_baremetal_wait_bmh_timeout_mins }}m -- name: Register the list of compute nodes - when: not cifmw_edpm_deploy_baremetal_dry_run - environment: - KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" - PATH: "{{ cifmw_path }}" - ansible.builtin.command: - cmd: oc get bmh -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} - register: compute_nodes_output + - name: Register the list of compute nodes + environment: + KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}" + PATH: "{{ cifmw_path }}" + ansible.builtin.command: + cmd: oc get bmh -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} + register: compute_nodes_output -- name: Print the list of compute nodes - when: not cifmw_edpm_deploy_baremetal_dry_run - ansible.builtin.debug: - var: compute_nodes_output.stdout_lines + - name: Print the list of compute nodes + ansible.builtin.debug: + var: compute_nodes_output.stdout_lines - name: Patch OpenStackDataPlaneNodeSet to add repo-setup-downstream service when: - cifmw_edpm_deploy_baremetal_repo_setup_override + - cifmw_edpm_deploy_baremetal_create_vms | bool - not cifmw_edpm_deploy_baremetal_dry_run block: # This file will be created in downstream job's pre-playbook @@ -139,7 +140,7 @@ oc apply -n {{ cifmw_install_yamls_defaults['NAMESPACE'] }} -f "{{ cifmw_installyamls_repos }}/devsetup/edpm/services/dataplane_v1beta1_openstackdataplaneservice_reposetup_downstream.yaml" - # We can drop this step once we drop dev-preview#1 jobs in downstream + # to-do: We can drop this step once we drop dev-preview#1 jobs in downstream # This is added because install_yamls is tagged and we don't # have repo-setup service in OpenStackDataPlane in v0.1.0 tag - name: Get list of services defined under OpenStackDataPlaneNodeSet resource diff --git a/ci_framework/roles/libvirt_manager/tasks/attach_interface.yml b/ci_framework/roles/libvirt_manager/tasks/attach_interface.yml new file mode 100644 index 0000000000..dc2b96fe70 --- /dev/null +++ b/ci_framework/roles/libvirt_manager/tasks/attach_interface.yml @@ -0,0 +1,34 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +# This task requires +# vm_name Domain name to which the interface needs to be attached. +# interface_name source of the device +# interface_type bridge or network + +- name: Attach interface to the virtual machine. + ci_script: + output_dir: "{{ cifmw_libvirt_manager_basedir }}/artifacts" + script: >- + virsh -c qemu:///system + attach-interface "{{ vm_name }}" + --source "{{ interface_name }}" + --type "{{ interface_type }}" + --mac "{{ '0A:02' | community.general.random_mac }}" + --model virtio + --config + --persistent diff --git a/ci_framework/roles/libvirt_manager/tasks/delete_network.yml b/ci_framework/roles/libvirt_manager/tasks/delete_network.yml new file mode 100644 index 0000000000..20470ba2b9 --- /dev/null +++ b/ci_framework/roles/libvirt_manager/tasks/delete_network.yml @@ -0,0 +1,34 @@ +--- +# Copyright Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + + +- name: Deactivate and remove the virtual network. + block: + - name: "Deactivate {{ net_name }}" + community.libvirt.virt_net: + command: destroy + name: "{{ net_name }}" + uri: "qemu:///system" + + - name: "Removing {{ net_name}}" + community.libvirt.virt_net: + command: undefine + name: "{{ net_name }}" + uri: "qemu:///system" + rescue: + - name: Encountered an error during virt-net removal. + ansible.builtin.debug: + msg: "Looks like the provided virtual network does not exist." diff --git a/docs/dictionary/en-custom.txt b/docs/dictionary/en-custom.txt index 4a50a9a372..5ceee2715f 100644 --- a/docs/dictionary/en-custom.txt +++ b/docs/dictionary/en-custom.txt @@ -15,6 +15,7 @@ autostart awk backends baremetal +baremetalhosts basedir basedomain baseimg @@ -46,12 +47,14 @@ chronyc ci cidr cifmw +ciuser ckcg cli clusterimageset clusterpool cmd codeql +codeready conf config containerfile @@ -60,6 +63,7 @@ coreos cpus cr crashloopbackoff +crb crc crd crds @@ -78,6 +82,7 @@ deployer deps dest dev +devscripts devsetup dfb dfg @@ -113,6 +118,7 @@ flbxutz fmw freefonts frmo +fqdn fsid fultonj fwcybtb @@ -148,6 +154,7 @@ img ingressvips ini installyamls +internalapi ipaddr ipi ips @@ -228,12 +235,16 @@ nodeset nodetemplate noop nopasswd +noqa +num nsawvudc ntp nwy +oauth oc ocp odkvmf +okd opendev openrc openshift @@ -242,11 +253,13 @@ openssl openstack openstackdataplane openstackdataplanenodeset +openstackprovisioner opn orchestrator os osd osp +ovnkubernetes param params passwd @@ -283,6 +296,7 @@ rdoproject readme readmes readthedocs +redfish redhat repo repos @@ -308,6 +322,7 @@ str subnet sudo sudoers +svc svg svgrepo svm @@ -325,6 +340,7 @@ todo tripleo txt uefi +uefisecureboot unclaim undefine unittest @@ -334,6 +350,7 @@ utils uuid vbibob vcgvuc +vcpu vcpus vda venv @@ -341,7 +358,9 @@ vexxhost virsh virt virthosts +virtio virtualized +virtualmedia virtuser visudo vlan @@ -363,11 +382,13 @@ xvzy xz yaml yamls +ymfy yml ytm yxivcnvul yyoje zlcbwcm +zm zpbgugcmjkihbvb ztd zuul diff --git a/docs/source/usage/01_usage.md b/docs/source/usage/01_usage.md index 0d54018ff2..5c150f19a8 100644 --- a/docs/source/usage/01_usage.md +++ b/docs/source/usage/01_usage.md @@ -1,4 +1,5 @@ # Usage guide + The Framework leverages [install_yamls](https://github.com/openstack-k8s-operators/install_yamls) content and generate the needed bits in order to deploy EDPM on the selected infrastructure. @@ -6,13 +7,17 @@ The Framework will also ensure we're able to reproduce the exact same run we got in CI with a series of artifacts one may download locally, and re-run. ## Parameters + There are two levels of parameters we may provide: -- top level -- role level + +* top level +* role level ### Top level parameters + The following parameters allow to set a common value for parameters that are shared among multiple roles: + * `cifmw_basedir`: The base directory for all of the artifacts. Defaults to `~/ci-framework-data` * `cifmw_crc_hostname`: Allow to set the actual CRC inventory hostname. Mostly used in the fetch_compute_facts hook @@ -33,10 +38,12 @@ provisioned with virtual baremetal vs pre-provisioned VM. * `cifmw_openshift_skip_tls_verify`: (Boolean) Skip TLS verification to login. Defaults to `false`. * `cifmw_use_opn`: (Bool) toggle openshift provisioner node support. * `cifmw_use_hive`: (Bool) toggle OpenShift deployment using hive operator. +* `cifmw_use_devscripts`: (Bool) toggle OpenShift deploying using devscripts role. * `cifmw_openshift_crio_stats`: (Bool) toggle collecting cri-o stats in CRC deployment * `cifmw_deploy_edpm`: (Bool) toggle deploying EDPM. Default to false. #### Words of caution + If you want to output the content in another location than `~/ci-framework-data` (namely set the `cifmw_basedir` to some other location), you will have to update the `ansible.cfg`, updating the value of `roles_path` so that it includes @@ -45,19 +52,23 @@ this new location. We cannot do this change runtime unfortunately. ### Role level parameters + Please refer to the README located within the various roles. ## Provided playbooks and scenarios + The provided playbooks and scenarios allow to deploy a full stack with various options. Please refer to the provided examples and roles if you need to know more. ## Hooks + The framework is able to leverage hooks located in various locations. Using proper parameter name, you may run arbitrary playbook or load custom CRDs at specific points in the standard run. Allowed parameter names are: + * `pre_infra`: before bootstrapping the infrastructure * `post_infra`: after bootstrapping the infrastructure * `pre_package_build`: before building packages against sources @@ -78,6 +89,7 @@ Since steps may be skipped, we must ensure proper post/pre exists for specific steps. In order to provide a hook, please pass the following as an environment file: + ```YAML pre_infra: - name: My glorious hook name @@ -92,6 +104,7 @@ pre_infra: type: pod source: /path/to/my/glorious.crd ``` + In the above example, the `foo.yml` is located in [ci_framework/hooks/playbooks](https://github.com/openstack-k8s-operators/ci-framework/tree/main/ci_framework/hooks/playbooks) while `glorious.crd` is located in some external path. @@ -103,6 +116,7 @@ Note that you really should avoid pointing to external resources, in order to ensure everything is available for job reproducer. ## Ansible tags + In order to allow user to run only a subset of tasks while still consuming the entry playbook, the Framework exposes tags one may leverage with either `--tags` or `--skip-tags`: @@ -113,6 +127,7 @@ or `--skip-tags`: For instance, if you want to bootstrap a hypervisor, and reuse it over and over, you'll run the following commands: + ```Bash $ ansible-playbook deploy-edpm.yml -K --tags bootstrap,packages [-e @scenarios/centos-9/some-environment -e <...>] $ ansible-playbook deploy-edpm.yml -K --skip-tags bootstrap,packages [-e @scenarios/centos-9/some-environment -e <...>] diff --git a/zuul.d/molecule.yaml b/zuul.d/molecule.yaml index 32ec410315..e708c51337 100644 --- a/zuul.d/molecule.yaml +++ b/zuul.d/molecule.yaml @@ -108,6 +108,16 @@ parent: cifmw-molecule-base vars: TEST_RUN: copy_container +- job: + files: + - ^ansible-requirements.txt + - ^molecule-requirements.txt + - ^ci_framework/roles/devscripts/(?!meta|README).* + - ^ci/playbooks/molecule.* + name: cifmw-molecule-devscripts + parent: cifmw-molecule-base + vars: + TEST_RUN: devscripts - job: files: - ^ansible-requirements.txt diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 92d4d5ff92..46993fd73f 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -20,6 +20,7 @@ - cifmw-molecule-cifmw_cephadm - cifmw-molecule-cifmw_create_admin - cifmw-molecule-copy_container + - cifmw-molecule-devscripts - cifmw-molecule-discover_latest_image - cifmw-molecule-dlrn_promote - cifmw-molecule-dlrn_report