Add Armada job for testing update of chart passwords

This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate new
passphrases for the OSH components, render an updated manifest for
the OSH components including the new passphrases, then applies the
updated OSH manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I42d19bbf8161b60311c4b8101217cdcfbdf6b568

tools/deployment/armada/040-armada-update-passwords.sh

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+# Empty previous password file contents
+> /tmp/osh-passwords.env
+
+source ./tools/deployment/armada/generate-passwords.sh
+: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
+: ${OSH_PATH:="./"}
+
+[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
+#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this
+# should be set to 'hammer'
+. /etc/os-release
+if [ "x${ID}" == "xubuntu" ] && \
+   [ "$(uname -r | awk -F "." '{ print $2 }')" -lt "5" ]; then
+  export CRUSH_TUNABLES=hammer
+else
+  export CRUSH_TUNABLES=null
+fi
+
+export CEPH_NETWORK=$(./tools/deployment/multinode/kube-node-subnet.sh)
+export CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
+export TUNNEL_DEVICE=$(ip -4 route list 0/0 | awk '{ print $5; exit }')
+export OSH_INFRA_PATH
+export OSH_PATH
+
+# NOTE(srwilkers): We add this here due to envsubst expanding the ${tag} placeholder in
+# fluentd's configuration. This ensures the placeholder value gets rendered appropriately
+export tag='${tag}'
+
+echo "Rendering new osh manifest"
+envsubst < ./tools/deployment/armada/manifests/armada-osh.yaml > /tmp/updated-password-armada-osh.yaml
+
+echo "Validating new osh manifest"
+armada validate /tmp/updated-password-armada-osh.yaml
+
+echo "Applying new osh manifest"
+armada apply /tmp/updated-password-armada-osh.yaml

tools/deployment/armada/generate-osh-passwords.sh

@@ -34,6 +34,7 @@ passwords="BARBICAN_DB_PASSWORD \
     KEYSTONE_AUTHTOKEN_MEMCACHED_SECRET_KEY \
     KEYSTONE_DB_PASSWORD \
     KEYSTONE_RABBITMQ_USER_PASSWORD \
+    METADATA_PROXY_SHARED_SECRET \
     NEUTRON_DB_PASSWORD \
     NEUTRON_RABBITMQ_USER_PASSWORD \
     NEUTRON_USER_PASSWORD \

tools/deployment/armada/manifests/armada-osh.yaml

@@ -1021,6 +1021,8 @@ data:
         formatter_default:
           format: "%(message)s"
       nova:
+        neutron:
+          metadata_proxy_shared_secret: ${METADATA_PROXY_SHARED_SECRET}
         libvirt:
           virt_type: qemu
           cpu_mode: none
@@ -1206,6 +1208,9 @@ data:
           max_l3_agents_per_router: 5
           l3_ha_network_type: vxlan
           dhcp_agents_per_network: 2
+      metadata_agent:
+        DEFAULT:
+          metadata_proxy_shared_secret: ${METADATA_PROXY_SHARED_SECRET}
       plugins:
         ml2_conf:
           ml2_type_flat:

tools/gate/playbooks/armada-update-uuid-deploy.yaml

@@ -1,84 +0,0 @@
-# Copyright 2017 The Openstack-Helm Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: primary
-  gather_facts: True
-  tasks:
-    - name: installing ipcalc on Ubuntu
-      become: true
-      become_user: root
-      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
-      apt:
-        name: ipcalc
-        state: present
-    - name: Install python3-pip for armada
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set xe;
-        ./tools/deployment/armada/010-armada-host-setup.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Build armada
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set xe;
-        ./tools/deployment/armada/015-armada-build.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Render all Armada manifests
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/020-armada-render-manifests.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Validate all Armada manifests
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/025-armada-validate-manifests.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Apply all Armada manifests
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/030-armada-apply-manifests.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Updated release uuid for all manifests and reapply
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/035-armada-update-uuid.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"

tools/gate/playbooks/gather-armada-manifests.yaml

@@ -30,6 +30,7 @@
         - updated-armada-ceph
         - updated-armada-lma
         - updated-armada-osh
+        - updated-password-armada-osh
       args:
         executable: /bin/bash
       ignore_errors: True

zuul.d/jobs-openstack-helm.yaml

@@ -229,6 +229,34 @@
         - ./tools/deployment/armada/030-armada-apply-manifests.sh
         - ./tools/deployment/armada/035-armada-update-uuid.sh
 
+- job:
+    timeout: 10800
+    name: openstack-helm-armada-update-passwords
+    parent: openstack-helm-functional-temp
+    nodeset: openstack-helm-five-node-ubuntu
+    roles:
+      - zuul: openstack/openstack-helm-infra
+    pre-run:
+      - tools/gate/playbooks/osh-infra-upgrade-host.yaml
+      - tools/gate/playbooks/osh-infra-deploy-docker.yaml
+      - tools/gate/playbooks/osh-infra-build.yaml
+      - tools/gate/playbooks/osh-infra-deploy-k8s.yaml
+    run: tools/gate/playbooks/osh-gate-runner.yaml
+    post-run:
+      - tools/gate/playbooks/osh-infra-collect-logs.yaml
+      - tools/gate/playbooks/gather-armada-manifests.yaml
+    required-projects:
+      - openstack/openstack-helm-infra
+    vars:
+      zuul_osh_infra_relative_path: ../openstack-helm-infra/
+      gate_scripts:
+        - ./tools/deployment/armada/010-armada-host-setup.sh
+        - ./tools/deployment/armada/015-armada-build.sh
+        - ./tools/deployment/armada/020-armada-render-manifests.sh
+        - ./tools/deployment/armada/025-armada-validate-manifests.sh
+        - ./tools/deployment/armada/030-armada-apply-manifests.sh
+        - ./tools/deployment/armada/040-armada-update-passwords.sh
+
 - job:
     name: openstack-helm-multinode-temp-ubuntu
     parent: openstack-helm-multinode-temp

zuul.d/project.yaml

@@ -46,6 +46,7 @@
         - openstack-helm-ironic-ubuntu
         - openstack-helm-armada-deploy
         - openstack-helm-armada-update-uuid
+        - openstack-helm-armada-update-passwords
     experimental:
       jobs:
         # - openstack-helm-multinode-temp-centos
@@ -54,3 +55,4 @@
         # - openstack-helm-multinode-temp-tempest
         - openstack-helm-armada-deploy
         - openstack-helm-armada-update-uuid
+        - openstack-helm-armada-update-passwords