kolla-ansible/tests/run.yml
Maksim Malchuk 5fd8117098 Fix passwords.yml permissions
The kolla-genpwd, kolla-mergepwd, kolla-readpwd and kolla-writepwd
commands now creates or updates passwords.yml with correct
permissions. Also they display warning message about incorrect
permissions.

Closes-Bug: #2018338
Change-Id: I4b50053ced9150499d1d09fd4a0ec2e243cf938b
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2023-05-31 14:22:34 +03:00

838 lines
31 KiB
YAML

---
- hosts: all
any_errors_fatal: true
tasks:
# NOTE(yoctozepto): ensure we pick up fact changes from pre
- name: Refresh facts
setup:
# NOTE(yoctozepto): setting vars as facts for all to have them around in all the plays
- name: set facts for commonly used variables
vars:
# NOTE(yoctozepto): needed here to use in other facts too
openstack_core_enabled: "{{ scenario not in ['bifrost', 'mariadb', 'prometheus-opensearch', 'venus'] }}"
set_fact:
kolla_inventory_path: "/etc/kolla/inventory"
logs_dir: "/tmp/logs"
ansible_collection_kolla_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/ansible-collection-kolla"
kolla_ansible_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
kolla_ansible_local_src_dir: "{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
infra_dockerhub_mirror: "http://{{ zuul_site_mirror_fqdn }}:8082/"
need_build_image: "{{ kolla_build_images | default(false) }}"
build_image_tag: "change_{{ zuul.change | default('none') }}"
openstack_core_enabled: "{{ openstack_core_enabled }}"
openstack_core_tested: "{{ scenario in ['core', 'cephadm', 'zun', 'cells', 'swift', 'ovn'] }}"
dashboard_enabled: "{{ openstack_core_enabled }}"
upper_constraints_file: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/upper-constraints.txt"
docker_image_tag_suffix: "{{ '-aarch64' if ansible_architecture == 'aarch64' else '' }}"
kolla_ansible_venv_path: "{{ ansible_env.HOME }}/kolla-ansible-venv"
- name: Install dig for Designate testing
become: true
package:
name: "{{ 'bind-utils' if ansible_os_family == 'RedHat' else 'dnsutils' }}"
when: scenario == 'magnum'
- name: Install xfsprogs package for Swift filesystems
become: true
package:
name: xfsprogs
when: scenario == 'swift'
- name: Prepare disks for a storage service
script: "setup_disks.sh {{ disk_type }}"
when: scenario in ['cephadm', 'zun', 'swift']
become: true
vars:
disk_type: "{{ 'ceph-lvm' if scenario in ['cephadm'] else scenario }}"
- hosts: primary
any_errors_fatal: true
vars:
kolla_build_config:
DEFAULT:
profile: gate
logs_dir: /tmp/logs/build
quiet: true
# NOTE(yoctozepto): we cannot build and push at the same time on debian
# buster see https://github.com/docker/for-linux/issues/711.
push: "{{ base_distro != 'debian' }}"
base: "{{ base_distro }}"
registry: "127.0.0.1:4000"
namespace: lokolla
tag: "{{ build_image_tag }}"
template_override: /etc/kolla/template_overrides.j2
# NOTE(yoctozepto): to avoid issues with IPv6 not enabled in the docker daemon
# and since we don't need isolated networks here, use host networking
network_mode: host
tasks:
- name: detect whether need build images
set_fact:
need_build_image: true
when:
# NOTE(yoctozepto): build container images if there is any tested
# change that impacts them.
- item.project.short_name not in ["ansible-collection-kolla", "kayobe", "kolla-ansible", "tenks"]
with_items: "{{ zuul['items'] }}"
# NOTE(yoctozepto): required to template template_overrides.j2 for Zuul
- name: Include kolla Zuul vars if building new images
include_vars:
file: "{{ zuul.executor.work_root }}/src/opendev.org/openstack/kolla/tests/vars/zuul.yml"
when: need_build_image
- block:
# NOTE(mgoddard): This only affects the remote copy of the repo, not the
# one on the executor.
- name: checkout the previous ansible-collection-kolla branch
shell:
cmd: |
git checkout stable/{{ previous_release | lower }}
echo "ansible-collection-kolla checked out to:"
git log --pretty=oneline -1
chdir: "{{ ansible_collection_kolla_src_dir }}"
- name: checkout the previous kolla-ansible branch
shell:
cmd: |
git checkout stable/{{ previous_release | lower }}
echo "kolla-ansible checked out to:"
git log --pretty=oneline -1
chdir: "{{ kolla_ansible_src_dir }}"
- name: checkout the previous requirements branch
shell:
cmd: |
git checkout stable/{{ previous_release | lower }}
echo "requirements checked out to:"
git log --pretty=oneline -1
chdir: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/"
when: is_upgrade
- name: ensure /etc/kolla exists
file:
path: "/etc/kolla"
state: "directory"
mode: 0777
become: true
- import_role:
name: kolla-build-config
when: need_build_image
# NOTE(yoctozepto): required to customize kolla to use local mirrors
- name: Template template_overrides.j2
template:
src: "{{ zuul.executor.work_root }}/src/opendev.org/openstack/kolla/tests/templates/template_overrides.j2"
dest: /etc/kolla/template_overrides.j2
when: need_build_image
- name: Ensure /etc/docker exists
file:
path: "/etc/docker"
state: directory
become: true
when: container_engine == 'docker'
- name: Ensure configuration directories exist
file:
path: "/etc/kolla/config/{{ item }}"
state: directory
loop:
- neutron
- nova
- bifrost
- swift
- name: generate configuration files
template:
src: "{{ kolla_ansible_local_src_dir }}/{{ item.src }}"
dest: "{{ item.dest }}"
become: "{{ item.become | default(false) }}"
vars:
is_previous_release: "{{ is_upgrade }}"
with_items:
# Ansible inventory
- src: "tests/templates/inventory.j2"
dest: "{{ kolla_inventory_path }}"
# globals.yml
- src: "tests/templates/globals-default.j2"
dest: /etc/kolla/globals.yml
# global.conf
- src: "tests/templates/global.conf.j2"
dest: /etc/kolla/config/global.conf
when: "{{ openstack_core_enabled }}"
# nova-compute.conf
- src: "tests/templates/nova-compute-overrides.j2"
dest: /etc/kolla/config/nova/nova-compute.conf
when: "{{ openstack_core_enabled }}"
# neutron.conf
- src: "tests/templates/neutron-server-overrides.j2"
dest: /etc/kolla/config/neutron.conf
when: "{{ openstack_core_enabled }}"
# bifrost/dib.yml
- src: "tests/templates/bifrost-dib-overrides.j2"
dest: /etc/kolla/config/bifrost/dib.yml
when: "{{ scenario == 'bifrost' }}"
# ironic.conf
- src: "tests/templates/ironic-overrides.j2"
dest: /etc/kolla/config/ironic.conf
when: "{{ scenario == 'ironic' }}"
- src: "tests/templates/tenks-deploy-config.yml.j2"
dest: "{{ ansible_env.HOME }}/tenks.yml"
when: "{{ scenario == 'ironic' }}"
when: item.when | default(true)
- block:
- name: ensure ironic config directory exists
file:
path: /etc/kolla/config/ironic
state: directory
mode: 0777
- name: download Ironic Python Agent (IPA) images
get_url:
url: "https://tarballs.opendev.org/openstack/ironic-python-agent/tinyipa/files/{{ item.src }}"
dest: "/etc/kolla/config/ironic/{{ item.dest }}"
with_items:
- src: "tinyipa-{{ zuul.branch | replace('/', '-') }}.gz"
dest: ironic-agent.initramfs
- src: "tinyipa-{{ zuul.branch | replace('/', '-') }}.vmlinuz"
dest: ironic-agent.kernel
when: scenario == "ironic"
- block:
- name: slurp requirements.yml
slurp:
src: "{{ kolla_ansible_src_dir }}/requirements.yml"
register: requirements_yml
- name: write requirements.yml
copy:
content: "{{ new_requirements | to_nice_yaml }}"
dest: "{{ kolla_ansible_src_dir }}/requirements.yml"
vars:
old_requirements: "{{ requirements_yml.content | b64decode | from_yaml }}"
new_requirement:
name: "{{ ansible_collection_kolla_src_dir }}"
type: dir
new_requirements:
collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}"
- name: ensure /etc/ansible exists
file:
path: /etc/ansible
state: directory
become: true
- name: Create Kolla Ansible venv
command:
cmd: "python3 -m venv {{ kolla_ansible_venv_path }}"
creates: "{{ kolla_ansible_venv_path }}"
- name: Ensure the latest tested pip
pip:
name: "pip==23.*"
state: latest
virtualenv: "{{ kolla_ansible_venv_path }}"
- name: Ensure the latest tested setuptools
pip:
name: "setuptools==67.2.0"
state: latest
virtualenv: "{{ kolla_ansible_venv_path }}"
- name: install kolla-ansible and dependencies
vars:
ansible_core_version_min: "==2.13.*"
ansible_core_version_max: "==2.14.2"
# Test latest ansible version on Ubuntu, minimum supported on others.
ansible_core_version_constraint: >-
{{ ansible_core_version_min if is_upgrade or base_distro != 'ubuntu' else ansible_core_version_max }}
ansible_version_min: "==6.*"
ansible_version_max: "==7.*"
# Test latest ansible version on Ubuntu, minimum supported on others.
ansible_version_constraint: >-
{{ ansible_version_min if is_upgrade or base_distro != 'ubuntu' else ansible_version_max }}
pip:
extra_args: "-c {{ upper_constraints_file }}"
name:
- "{{ kolla_ansible_src_dir }}"
- "ansible-core{{ ansible_core_version_constraint }}"
- "ansible{{ ansible_version_constraint }}"
- "ara<1.0.0"
virtualenv: "{{ kolla_ansible_venv_path }}"
- name: install Ansible collections
shell: |
source {{ kolla_ansible_venv_path }}/bin/activate
kolla-ansible install-deps
args:
executable: /bin/bash
- name: get ARA callback plugin path
command: "{{ kolla_ansible_venv_path }}/bin/python3 -m ara.setup.callback_plugins"
changed_when: false
register: ara_callback_plugins
- name: template ansible.cfg
template:
src: "{{ kolla_ansible_local_src_dir }}/tests/templates/ansible.cfg.j2"
dest: /etc/ansible/ansible.cfg
become: true
- name: copy passwords.yml file
copy:
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
dest: /etc/kolla/passwords.yml
mode: "0640"
remote_src: true
- name: generate passwords
command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd"
- name: Record the running state of the environment as seen by the setup module
shell:
cmd: "{{ kolla_ansible_venv_path }}/bin/ansible all -i {{ kolla_inventory_path }} -m setup > /tmp/logs/ansible/initial-setup"
- name: Set facts for Swift initialisation
set_fact:
# NOTE(yoctozepto): no support for upgrades for now
docker_image_tag: "{{ build_image_tag if need_build_image else (zuul.branch | basename) ~ '-' ~ base_distro ~ '-' ~ base_distro_version ~ docker_image_tag_suffix }}"
docker_image_prefix: "{{ 'primary:4000/lokolla/' if need_build_image else '{{ zuul_site_mirror_fqdn }}:4447/openstack.kolla/' }}"
when: scenario in ['swift']
# NOTE(yoctozepto): k-a octavia-certificates should run before k-a bootstrap-servers
# because the latter hijacks /etc/kolla permissions (due to same directory on the
# same host being used by both)
- name: create TLS certificates for octavia
shell: |
source {{ kolla_ansible_venv_path }}/bin/activate
kolla-ansible octavia-certificates
when: scenario in ['octavia']
args:
executable: /bin/bash
# NOTE(mgoddard): We are using the script module here and later to ensure
# we use the local copy of these scripts, rather than the one on the remote
# host, which could be checked out to a previous release (in an upgrade
# job).
- name: Run setup_gate.sh script
script:
cmd: setup_gate.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
BASE_DISTRO: "{{ base_distro }}"
BUILD_IMAGE: "{{ need_build_image }}"
KOLLA_SRC_DIR: "{{ ansible_env.HOME }}/src/opendev.org/openstack/kolla"
SCENARIO: "{{ scenario }}"
UPPER_CONSTRAINTS: "{{ upper_constraints_file }}"
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run init-swift.sh script
script:
cmd: init-swift.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
KOLLA_SWIFT_BASE_IMAGE: "{{ docker_image_prefix }}swift-base:{{ docker_image_tag }}"
# NOTE(yoctozepto): no IPv6 for now
STORAGE_NODES: "{{ groups['all'] | map('extract', hostvars,
['ansible_'+api_interface_name, 'ipv4', 'address'])
| join(' ') }}"
CONTAINER_ENGINE: "{{ container_engine }}"
when: scenario == 'swift'
# At this point we have generated all necessary configuration, and are
# ready to deploy the control plane services. Control flow now depends on
# the scenario being exercised.
# Deploy cephadm on cephadm scenarios
- block:
- import_role:
name: cephadm
- name: Show free space
command:
cmd: df -h
- name: Ensure required kolla config directories exist
file:
state: directory
name: "/etc/kolla/config/{{ item.name }}"
mode: 0755
with_items: "{{ cephadm_kolla_ceph_services }}"
- name: copy ceph.conf to enabled services
copy:
remote_src: True
src: "/etc/ceph/ceph.conf.fixed"
dest: "/etc/kolla/config/{{ item.name }}/ceph.conf"
with_items: "{{ cephadm_kolla_ceph_services }}"
- name: copy keyrings to enabled services
copy:
remote_src: True
src: "/var/run/ceph/{{ ceph_fsid }}/{{ item.keyring }}"
dest: "/etc/kolla/config/{{ item.name }}/{{ item.keyring }}"
with_items: "{{ cephadm_kolla_ceph_services }}"
become: True
vars:
cephadm_kolla_ceph_services:
- { name: "cinder/cinder-volume", keyring: "ceph.client.cinder.keyring" }
- { name: "cinder/cinder-backup", keyring: "ceph.client.cinder.keyring" }
- { name: "cinder/cinder-backup", keyring: "ceph.client.cinder-backup.keyring" }
- { name: "glance", keyring: "ceph.client.glance.keyring" }
- { name: "nova", keyring: "ceph.client.cinder.keyring" }
when: scenario == "cephadm"
# Deploy control plane. For upgrade jobs this is the previous release.
- block:
- name: Run deploy.sh script
script:
cmd: deploy.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
TLS_ENABLED: "{{ tls_enabled }}"
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
HAS_UPGRADE: "{{ is_upgrade | bool | ternary('yes', 'no') }}"
# NOTE(yoctozepto): this is nice as the first step after the deployment
# because it waits for the services to stabilize well enough so that
# the dashboard is able to show the login prompt
- name: Run test-dashboard.sh script
script:
cmd: test-dashboard.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
TLS_ENABLED: "{{ tls_enabled }}"
when: dashboard_enabled
- name: Run init-core-openstack.sh script
script:
cmd: init-core-openstack.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
IP_VERSION: "{{ 6 if address_family == 'ipv6' else 4 }}"
DEMO_NET_CIDR: "{{ neutron_tenant_network_prefix }}0/{{ neutron_tenant_network_prefix_length }}"
DEMO_NET_GATEWAY: "{{ neutron_tenant_network_prefix }}1"
DEMO_NET_DNS: "{{ neutron_tenant_network_dns_server }}"
EXT_NET_CIDR: "{{ neutron_external_network_prefix }}0/{{ neutron_external_network_prefix_length }}"
EXT_NET_RANGE: "start={{ neutron_external_network_prefix }}150,end={{ neutron_external_network_prefix }}199"
EXT_NET_GATEWAY: "{{ neutron_external_network_prefix }}1"
EXT_NET_DEMO_ROUTER_ADDR: "{{ neutron_external_network_prefix }}10"
SCENARIO: "{{ scenario }}"
when: openstack_core_tested or scenario in ['ironic', 'magnum', 'scenario_nfv', 'zun', 'octavia']
- name: Run test-core-openstack.sh script
script:
cmd: test-core-openstack.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
SCENARIO: "{{ scenario }}"
HAS_UPGRADE: "{{ is_upgrade | bool | ternary('yes', 'no') }}"
PHASE: deploy
IP_VERSION: "{{ 6 if address_family == 'ipv6' else 4 }}"
when: openstack_core_tested
- name: Run test-zun.sh script
script:
cmd: test-zun.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == 'zun'
environment:
BASE_DISTRO: "{{ base_distro }}"
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run test-swift.sh script
script:
cmd: test-swift.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == 'swift'
- name: Run test-scenario-nfv.sh script
script:
cmd: test-scenario-nfv.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "scenario_nfv"
- block:
- name: Run deploy-tenks.sh script
script:
cmd: deploy-tenks.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
# NOTE(yoctozepto): This is kolla-ansible-tenks-venv to avoid
# a conflict with the venv that Tenks creates by itself
# by default to ~/tenks-venv
TENKS_VENV_PATH: "{{ ansible_env.HOME }}/kolla-ansible-tenks-venv"
TENKS_SRC_PATH: "{{ ansible_env.HOME }}/src/opendev.org/openstack/tenks"
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run test-ironic.sh script
script:
cmd: test-ironic.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
TLS_ENABLED: "{{ tls_enabled }}"
when: scenario == "ironic"
- name: Run test-magnum.sh script
script:
cmd: test-magnum.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "magnum"
environment:
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
- name: Run test-octavia.sh script
script:
cmd: test-octavia.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "octavia"
- name: Run test-masakari.sh script
script:
cmd: test-masakari.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "masakari"
environment:
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run test-ovn.sh script
script:
cmd: test-ovn.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "ovn"
environment:
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run test-mariadb.sh script
script:
cmd: test-mariadb.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "mariadb"
environment:
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run test-prometheus-opensearch.sh script
script:
cmd: test-prometheus-opensearch.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
TLS_ENABLED: "{{ tls_enabled }}"
when:
- scenario == "prometheus-opensearch"
- name: Run test-venus.sh script
script:
cmd: test-venus.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == "venus"
when: scenario != "bifrost"
# NOTE(yoctozepto): each host checks itself
- hosts: all
any_errors_fatal: true
tasks:
- name: Pre-upgrade sanity checks
block:
- name: Run pre-upgrade check-failure.sh script
shell:
cmd: tests/check-failure.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run pre-upgrade check-config.sh script
shell:
cmd: tests/check-config.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
# Using script rather than shell here because check-logs.sh does not
# exist in Stein branch.
- name: Run check-logs.sh script
script:
cmd: check-logs.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when: is_upgrade
- hosts: primary
any_errors_fatal: true
tasks:
# Upgrade: update config.
- block:
# NOTE(mgoddard): This only affects the remote copy of the repo, not the
# one on the executor.
- name: checkout the current ansible-collection-kolla branch
shell:
cmd: |
git checkout {{ zuul.branch }}
echo "ansible-collection-kolla checked out to:"
git log --pretty=oneline -1
chdir: "{{ ansible_collection_kolla_src_dir }}"
# NOTE(frickler): We modified requirements.yml, need to revert the
# changes in order for the branch checkout to succeed
- name: checkout the current kolla-ansible branch
shell:
cmd: |
git checkout requirements.yml
git checkout {{ zuul.branch }}
echo "kolla-ansible checked out to:"
git log --pretty=oneline -1
chdir: "{{ kolla_ansible_src_dir }}"
- name: checkout the current requirements branch
shell:
cmd: |
git checkout {{ zuul.projects["opendev.org/openstack/requirements"].checkout }}
echo "requirements checked out to:"
git log --pretty=oneline -1
chdir: "{{ ansible_env.HOME }}/src/opendev.org/openstack/requirements/"
- name: Generate configuration files
template:
src: "{{ kolla_ansible_local_src_dir }}/{{ item.src }}"
dest: "{{ item.dest }}"
vars:
is_previous_release: false
with_items:
# Ansible inventory
- src: "tests/templates/inventory.j2"
dest: "{{ kolla_inventory_path }}"
# globals.yml
- src: "tests/templates/globals-default.j2"
dest: /etc/kolla/globals.yml
# nova-compute.conf
- src: "tests/templates/nova-compute-overrides.j2"
dest: /etc/kolla/config/nova/nova-compute.conf
when: item.when | default(true)
- name: slurp requirements.yml
slurp:
src: "{{ kolla_ansible_src_dir }}/requirements.yml"
register: requirements_yml
- name: write requirements.yml
copy:
content: "{{ new_requirements | to_nice_yaml }}"
dest: "{{ kolla_ansible_src_dir }}/requirements.yml"
vars:
old_requirements: "{{ requirements_yml.content | b64decode | from_yaml }}"
new_requirement:
name: "{{ ansible_collection_kolla_src_dir }}"
type: dir
new_requirements:
collections: "{{ (old_requirements.collections | rejectattr('name', 'search', 'ansible-collection-kolla') | list) + [new_requirement] }}"
- name: upgrade kolla-ansible
pip:
extra_args: "-c {{ upper_constraints_file }}"
name:
- "{{ kolla_ansible_src_dir }}"
virtualenv: "{{ kolla_ansible_venv_path }}"
- name: install Ansible collections
shell: |
source {{ kolla_ansible_venv_path }}/bin/activate
kolla-ansible install-deps
args:
executable: /bin/bash
# Update passwords.yml to include any new passwords added in this
# release.
- name: move passwords.yml to passwords.yml.old
command: mv /etc/kolla/passwords.yml /etc/kolla/passwords.yml.old
- name: copy passwords.yml file
copy:
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
dest: /etc/kolla/passwords.yml
mode: "0640"
remote_src: true
- name: generate new passwords
command: "{{ kolla_ansible_venv_path }}/bin/kolla-genpwd"
- name: merge old and new passwords
command: >-
{{ kolla_ansible_venv_path }}/bin/kolla-mergepwd
--old /etc/kolla/passwords.yml.old
--new /etc/kolla/passwords.yml
--final /etc/kolla/passwords.yml
# Perform an upgrade to the in-development code.
- name: Run upgrade.sh script
shell:
cmd: tests/upgrade.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
# NOTE(yoctozepto): this is nice as the first step after the upgrade
# because it waits for the services to stabilize well enough so that
# the dashboard is able to show the login prompt
- name: Run test-dashboard.sh script
shell:
cmd: tests/test-dashboard.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
TLS_ENABLED: "{{ tls_enabled }}"
when: dashboard_enabled
# NOTE(yoctozepto): We need the script module here to avoid
# a bug in Glance OSC [1][2] which results in a failure when a volume
# is given as a source. The stdin works differently in shell/command
# than script.
# [1] https://opendev.org/openstack/python-openstackclient/src/commit/6810414e45a32dd44263dff47fec161989508ef0/openstackclient/image/v2/image.py#L114-L120
# [2] https://opendev.org/openstack/python-openstackclient/src/commit/6810414e45a32dd44263dff47fec161989508ef0/openstackclient/image/v2/image.py#L414
- name: Run test-core-openstack.sh script
script:
cmd: test-core-openstack.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
SCENARIO: "{{ scenario }}"
HAS_UPGRADE: 'yes'
PHASE: upgrade
IP_VERSION: "{{ 6 if address_family == 'ipv6' else 4 }}"
when: openstack_core_tested
- name: Run test-swift.sh script
command:
cmd: tests/test-swift.sh
chdir: "{{ kolla_ansible_src_dir }}"
when: scenario == 'swift'
- name: Run test-prometheus-opensearch.sh script
script:
cmd: test-prometheus-opensearch.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
TLS_ENABLED: "{{ tls_enabled }}"
when: scenario == "prometheus-opensearch"
when: is_upgrade
# Bifrost testing.
- block:
- name: Run deploy-bifrost.sh script
shell:
cmd: tests/deploy-bifrost.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
- name: Run test-bifrost.sh script
shell:
cmd: tests/test-bifrost.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run upgrade-bifrost.sh script
shell:
cmd: tests/upgrade-bifrost.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
when: scenario == "bifrost"
# NOTE(yoctozepto): each host checks itself
- hosts: all
any_errors_fatal: true
tasks:
- name: Post-deploy/upgrade sanity checks
block:
- name: Run check-failure.sh script
shell:
cmd: tests/check-failure.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run check-config.sh script
shell:
cmd: tests/check-config.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
- name: Run check-logs.sh script
shell:
cmd: tests/check-logs.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
- hosts: primary
any_errors_fatal: true
tasks:
- name: Run reconfigure.sh script
script:
cmd: reconfigure.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
KOLLA_ANSIBLE_VENV_PATH: "{{ kolla_ansible_venv_path }}"
when:
- not is_upgrade
- scenario != "bifrost"
# NOTE(yoctozepto): each host checks itself
- hosts: all
any_errors_fatal: true
tasks:
- name: Post-reconfigure sanity checks
block:
- name: Run check-failure.sh script
shell:
cmd: tests/check-failure.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
environment:
CONTAINER_ENGINE: "{{ container_engine }}"
- name: Run check-config.sh script
shell:
cmd: tests/check-config.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
- name: Run check-logs.sh script
shell:
cmd: tests/check-logs.sh
executable: /bin/bash
chdir: "{{ kolla_ansible_src_dir }}"
when:
- not is_upgrade
- scenario != "bifrost"