8c4ab41ffa
Typically, non-executable files should have 660 or 600 and executable files and directories should have 770. All should be owned by the 'config_owner_user' and 'config_owner_group' variables. This change adds a script to check the owner and permissions of config files under /etc/kolla, and runs it at the end of CI jobs. Change-Id: Icdbabf36e284b9030017a0dc07b9dc81a37758ab Related-Bug: #1821579
304 lines
11 KiB
YAML
304 lines
11 KiB
YAML
---
|
|
- hosts: all
|
|
vars:
|
|
kolla_ansible_local_src_dir: "{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
|
|
tasks:
|
|
- name: Prepare disks for Ceph or LVM
|
|
script: "setup_disks.sh {{ disk_type }}"
|
|
when: scenario in ["ceph", "cinder-lvm"]
|
|
become: true
|
|
vars:
|
|
disk_type: "{{ ceph_storetype if scenario == 'ceph' else 'cinder-lvm' }}"
|
|
ceph_storetype: "{{ hostvars[inventory_hostname].get('ceph_osd_storetype') }}"
|
|
|
|
- hosts: primary
|
|
vars:
|
|
kolla_inventory_path: "/etc/kolla/inventory"
|
|
logs_dir: "/tmp/logs"
|
|
kolla_ansible_src_dir: "{{ ansible_env.PWD }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
|
|
kolla_ansible_local_src_dir: "{{ zuul.executor.work_root }}/src/{{ zuul.project.canonical_hostname }}/openstack/kolla-ansible"
|
|
need_build_image: false
|
|
tasks:
|
|
# FIXME: in multi node env, api_interface may be different on each node.
|
|
- name: detect api_interface_name variable
|
|
vars:
|
|
ansible_interface_name: "ansible_{{ item.replace('-', '_') }}"
|
|
api_interface_address: "{{ hostvars[inventory_hostname]['nodepool']['private_ipv4'] }}"
|
|
set_fact:
|
|
api_interface_name: "{{ item }}"
|
|
api_interface_address: "{{ api_interface_address }}"
|
|
when:
|
|
- hostvars[inventory_hostname][ansible_interface_name]['ipv4'] is defined
|
|
- hostvars[inventory_hostname][ansible_interface_name]['ipv4']['address'] == api_interface_address
|
|
with_items: "{{ ansible_interfaces }}"
|
|
|
|
- name: detect whether need build images
|
|
set_fact:
|
|
need_build_image: true
|
|
when:
|
|
- item.project.short_name == "kolla"
|
|
- item.branch == zuul.branch
|
|
with_items: "{{ zuul['items'] }}"
|
|
|
|
# NOTE(mgoddard): This only affects the remote copy of the repo, not the
|
|
# one on the executor.
|
|
- name: checkout the previous kolla-ansible branch
|
|
command:
|
|
cmd: "git checkout stable/{{ previous_release | lower }}"
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
when: scenario == "upgrade"
|
|
|
|
- name: ensure /etc/kolla exists
|
|
file:
|
|
path: "/etc/kolla"
|
|
state: "directory"
|
|
mode: 0777
|
|
become: true
|
|
|
|
# Use the initial repo to generate config files. For upgrade jobs, this
|
|
# repo is only available on the remote node, so use the remote-template
|
|
# role.
|
|
- name: generate configuration files
|
|
include_role:
|
|
role: remote-template
|
|
vars:
|
|
is_previous_release: "{{ scenario == 'upgrade' }}"
|
|
infra_dockerhub_mirror: "http://{{ zuul_site_mirror_fqdn }}:8082/"
|
|
# Role variables.
|
|
remote_template_src: "{{ kolla_ansible_src_dir }}/{{ item.src }}"
|
|
remote_template_dest: "{{ item.dest }}"
|
|
remote_template_become: "{{ item.become | default(false) }}"
|
|
with_items:
|
|
# Docker daemon.json
|
|
- src: "tests/templates/docker_daemon.json.j2"
|
|
dest: "/etc/docker/daemon.json"
|
|
become: true
|
|
# Ansible inventory
|
|
- src: "tests/templates/inventory.j2"
|
|
dest: "{{ kolla_inventory_path }}"
|
|
# globals.yml
|
|
- src: "tests/templates/globals-default.j2"
|
|
dest: /etc/kolla/globals.yml
|
|
# nova-compute.conf
|
|
- src: "tests/templates/nova-compute-overrides.j2"
|
|
dest: /etc/kolla/config/nova/nova-compute.conf
|
|
when: scenario != "bifrost"
|
|
# ceph.conf
|
|
- src: "tests/templates/ceph-overrides.j2"
|
|
dest: /etc/kolla/config/ceph.conf
|
|
when: scenario == "ceph"
|
|
# bifrost/dib.yml
|
|
- src: "tests/templates/bifrost-dib-overrides.j2"
|
|
dest: /etc/kolla/config/bifrost/dib.yml
|
|
when: scenario == "bifrost"
|
|
when: item.when | default(true)
|
|
|
|
- name: install kolla-ansible requirements
|
|
pip:
|
|
requirements: "{{ kolla_ansible_src_dir }}/requirements.txt"
|
|
become: true
|
|
|
|
- name: copy passwords.yml file
|
|
copy:
|
|
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
|
|
dest: /etc/kolla/passwords.yml
|
|
remote_src: true
|
|
|
|
- name: generate passwords
|
|
shell: "{{ kolla_ansible_src_dir }}/tools/generate_passwords.py"
|
|
|
|
- name: slurp kolla passwords
|
|
slurp:
|
|
src: /etc/kolla/passwords.yml
|
|
register: passwords_yml
|
|
|
|
- name: write out kolla SSH private key
|
|
copy:
|
|
content: "{{ (passwords_yml.content | b64decode | from_yaml).kolla_ssh_key.private_key }}"
|
|
dest: ~/.ssh/id_rsa_kolla
|
|
mode: 0600
|
|
|
|
- name: authorise kolla public key for zuul user
|
|
authorized_key:
|
|
user: "{{ ansible_env.USER }}"
|
|
key: "{{ (passwords_yml.content | b64decode | from_yaml).kolla_ssh_key.public_key }}"
|
|
# Delegate to each host in turn. If more tasks require execution on all
|
|
# hosts in future, break out into a separate play.
|
|
with_inventory_hostnames:
|
|
- all
|
|
delegate_to: "{{ item }}"
|
|
|
|
# NOTE(mgoddard): We are using the script module here and later to ensure
|
|
# we use the local copy of these scripts, rather than the one on the remote
|
|
# host, which could be checked out to a previous release (in an upgrade
|
|
# job).
|
|
- name: Run setup_gate.sh script
|
|
script:
|
|
cmd: ../tools/setup_gate.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
BASE_DISTRO: "{{ base_distro }}"
|
|
INSTALL_TYPE: "{{ install_type }}"
|
|
BUILD_IMAGE: "{{ need_build_image }}"
|
|
TAG: "change_{{ zuul.change }}"
|
|
KOLLA_SRC_DIR: "{{ ansible_env.HOME }}/src/git.openstack.org/openstack/kolla"
|
|
ACTION: "{{ scenario }}"
|
|
|
|
# At this point we have generated all necessary configuration, and are
|
|
# ready to deploy the control plane services. Control flow now depends on
|
|
# the scenario being exercised.
|
|
|
|
# Deploy control plane. For upgrade jobs this is the previous release.
|
|
- block:
|
|
- name: Run deploy.sh script
|
|
script:
|
|
cmd: deploy.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
ACTION: "{{ scenario }}"
|
|
|
|
- name: Run test-openstack.sh script
|
|
script:
|
|
cmd: test-openstack.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
ACTION: "{{ scenario }}"
|
|
when: scenario not in ['scenario_nfv']
|
|
|
|
- name: Run test-scenario-nfv.sh script
|
|
script:
|
|
cmd: test-scenario-nfv.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
when: scenario == "scenario_nfv"
|
|
|
|
- name: Run reconfigure.sh script
|
|
script:
|
|
cmd: reconfigure.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
ACTION: "{{ scenario }}"
|
|
when: scenario != "upgrade"
|
|
when: scenario != "bifrost"
|
|
|
|
# Upgrade: update config.
|
|
- block:
|
|
- name: Run check-failure.sh script
|
|
script:
|
|
cmd: check-failure.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
|
|
# NOTE(mgoddard): This only affects the remote copy of the repo, not the
|
|
# one on the executor.
|
|
- name: checkout the current kolla-ansible branch
|
|
command:
|
|
cmd: "git checkout {{ zuul.branch }}"
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
|
|
# Use the new kolla-ansible repo to generate config files.
|
|
# This is the branch checked out on the executor, so we can use
|
|
# template directly rather than the remote-template role.
|
|
- name: Generate configuration files
|
|
template:
|
|
src: "{{ kolla_ansible_local_src_dir }}/{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
vars:
|
|
is_previous_release: false
|
|
with_items:
|
|
# Ansible inventory
|
|
- src: "tests/templates/inventory.j2"
|
|
dest: "{{ kolla_inventory_path }}"
|
|
# globals.yml
|
|
- src: "tests/templates/globals-default.j2"
|
|
dest: /etc/kolla/globals.yml
|
|
# nova-compute.conf
|
|
- src: "tests/templates/nova-compute-overrides.j2"
|
|
dest: /etc/kolla/config/nova/nova-compute.conf
|
|
# ceph.conf
|
|
- src: "tests/templates/ceph-overrides.j2"
|
|
dest: /etc/kolla/config/ceph.conf
|
|
when: "'ceph' in scenario"
|
|
when: item.when | default(true)
|
|
|
|
- name: upgrade kolla-ansible requirements
|
|
pip:
|
|
requirements: "{{ kolla_ansible_src_dir }}/requirements.txt"
|
|
become: true
|
|
|
|
# Update passwords.yml to include any new passwords added in this
|
|
# release.
|
|
- name: move passwords.yml to passwords.yml.old
|
|
command: mv /etc/kolla/passwords.yml /etc/kolla/passwords.yml.old
|
|
|
|
- name: copy passwords.yml file
|
|
copy:
|
|
src: "{{ kolla_ansible_src_dir }}/etc/kolla/passwords.yml"
|
|
dest: /etc/kolla/passwords.yml
|
|
remote_src: true
|
|
|
|
- name: generate new passwords
|
|
shell: "{{ kolla_ansible_src_dir }}/tools/generate_passwords.py"
|
|
|
|
- name: merge old and new passwords
|
|
shell: >-
|
|
{{ kolla_ansible_src_dir }}/tools/merge_passwords.py
|
|
--old /etc/kolla/passwords.yml.old
|
|
--new /etc/kolla/passwords.yml
|
|
--final /etc/kolla/passwords.yml
|
|
|
|
# Perform an upgrade to the in-development code.
|
|
- name: Run upgrade.sh script
|
|
shell:
|
|
cmd: tests/upgrade.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
ACTION: "{{ scenario }}"
|
|
|
|
- name: Run test-openstack.sh script
|
|
shell:
|
|
cmd: tests/test-openstack.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
environment:
|
|
ACTION: "{{ scenario }}"
|
|
when: scenario == "upgrade"
|
|
|
|
# Bifrost testing.
|
|
- block:
|
|
- name: Run deploy-bifrost.sh script
|
|
shell:
|
|
cmd: tests/deploy-bifrost.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
|
|
- name: Run test-bifrost.sh script
|
|
shell:
|
|
cmd: tests/test-bifrost.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
|
|
- name: Run upgrade-bifrost.sh script
|
|
shell:
|
|
cmd: tests/upgrade-bifrost.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
when: scenario == "bifrost"
|
|
|
|
- name: Run check-failure.sh script
|
|
shell:
|
|
cmd: tests/check-failure.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|
|
|
|
- name: Run check-config.sh script
|
|
shell:
|
|
cmd: tests/check-config.sh
|
|
executable: /bin/bash
|
|
chdir: "{{ kolla_ansible_src_dir }}"
|