Move CLI validation to bifrost-keystone-client-config

Validate configuration right after we write it and do it for production
installations as well, not only in the CI.

Change-Id: I73c995a2918522d94f3569aed8b790ca6cbabe2a
This commit is contained in:
Dmitry Tantsur 2020-09-17 14:56:48 +02:00
parent 0c242face7
commit 90a98d03bf
5 changed files with 73 additions and 16 deletions

View File

@ -5,6 +5,9 @@ ans_network_interface: "{{ network_interface | replace('-', '_') }}"
internal_ip: "{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}" internal_ip: "{{ hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'] }}"
enable_tls: false enable_tls: false
enable_inspector: true
enable_keystone: false
skip_validation: false
# Service URLs used for communication with them. # Service URLs used for communication with them.
api_protocol: "{{ 'https' if enable_tls | bool else 'http' }}" api_protocol: "{{ 'https' if enable_tls | bool else 'http' }}"

View File

@ -63,3 +63,7 @@
dest: "~{{ user | default('root') }}/openrc" dest: "~{{ user | default('root') }}/openrc"
owner: "{{ user | default('root') }}" owner: "{{ user | default('root') }}"
mode: 0600 mode: 0600
- name: "Validate generated configuration"
import_tasks: validate.yml
when: not skip_validation | bool

View File

@ -0,0 +1,60 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: "Determine the testing cloud name"
set_fact:
testing_cloud_name: "{{ (clouds | dict2items)[0].key }}"
- block:
- name: "List bare metal nodes using CLI and clouds.yaml"
command: baremetal --debug node list
environment:
OS_CLOUD: "{{ testing_cloud_name }}"
- name: "List introspection rules using CLI and clouds.yaml"
command: baremetal --debug introspection rule list
environment:
OS_CLOUD: "{{ testing_cloud_name }}"
when: enable_inspector | bool
- name: "List services using CLI and clouds.yaml"
command: openstack --debug service list
environment:
OS_CLOUD: bifrost-admin
when:
- enable_keystone | bool
- "'bifrost-admin' in clouds"
- name: "List bare metal nodes using CLI and openrc"
shell: |
set -e
. ~/openrc {{ testing_cloud_name }}
baremetal --debug node list
args:
executable: /bin/bash
# FIXME(dtantsur): openrc provides no overrides for ironic-inspector, so we
# cannot test it.
- name: "List services using CLI and openrc"
shell: |
set -e
. ~/openrc bifrost-admin
openstack --debug service list
args:
executable: /bin/bash
when:
- enable_keystone | bool
- "'bifrost-admin' in clouds"
become: yes
become_user: "{{ user | default('root') }}"

View File

@ -34,22 +34,6 @@
- role: bifrost-test-inspection - role: bifrost-test-inspection
when: inspect_nodes | default(false) | bool when: inspect_nodes | default(false) | bool
- hosts: localhost
name: "Tests the use of openstack clients"
connection: local
tasks:
- name: "List bare metal nodes using openstack client"
command: baremetal --debug node list
environment:
OS_CLOUD: bifrost
PATH: /usr/local/bin:{{ ansible_env.PATH }}
- name: "List introspection rules using openstack client"
command: baremetal --debug introspection rule list
environment:
OS_CLOUD: bifrost
PATH: /usr/local/bin:{{ ansible_env.PATH }}
when: enable_inspector is defined and enable_inspector | bool
- import_playbook: deploy-dynamic.yaml - import_playbook: deploy-dynamic.yaml
- hosts: baremetal - hosts: baremetal

View File

@ -0,0 +1,6 @@
---
features:
- |
The ``bifrost-keystone-client-config`` role now validates that CLI
access actually works with the generated configuration, use
``skip_validation=false`` to disable.