Add overcloud admin authorize role

Adds tripleo_overcloud_admin_authorize role. Change-Id: I3fe0ac743a785525a56f82aec09575a930ce23d4
2020-02-28 10:52:28 -07:00 · 2020-02-28 10:52:28 -07:00 · 3cf26040be
commit 3cf26040be
parent 631bf0b4b6
10 changed files with 303 additions and 0 deletions
--- a/roles/tripleo_overcloud_admin_authorize/README.md
+++ b/roles/tripleo_overcloud_admin_authorize/README.md
@ -0,0 +1,59 @@
+tripleo_overcloud_admin_authorize
+=================================
+
+A role to run the overcloud admin authorize action.
+
+Requirements
+------------
+
+None.
+
+Role Variables
+--------------
+
+* `tripleo_overcloud_admin_authorize_debug`: (Boolean) Flag used to enable the debug version of commands. Default: false
+* `tripleo_overcloud_admin_authorize_os_cloud`: (String) OS_CLOUD value to use when running the command. If tripleo_os_cloud is defined, it will be the default. Otherwise the default is ''. This variable takes precedence over `tripleo_overcloud_admin_authorize_rc_file`.
+* `tripleo_overcloud_admin_authorize_output_dir`: (String) Directory to output ansible.cfg and ansible.log files. Default: "{{ ansible_env.HOME }}"
+* `tripleo_overcloud_admin_authorize_poll`: (Integer) Number of seconds to wait between each checks to see if the deployment command has completed. Default: 10
+* `tripleo_overcloud_admin_authorize_rc_file`: (String) Path to the credential file to use. If tripleo_rc_file is defined, it will be the default. Default: "{{ ansible_env.HOME }}/overcloudrc"
+* `tripleo_overcloud_admin_authorize_ssh_enable_timeout`: (Integer) Timeout for the ssh enable process to finish (Train version only)
+* `tripleo_overcloud_admin_authorize_ssh_key`: (String) Path to ssh key for the overcloud nodes.
+* `tripleo_overcloud_admin_authorize_ssh_network`: (String) Network name to use for ssh access to the overcloud nodes.
+* `tripleo_overcloud_admin_authorize_ssh_port_timeout`: (Integer) Timeout for teh ssh port to become active.
+* `tripleo_overcloud_admin_authorize_ssh_user`: (String) User for ssh access to overcloud nodes
+* `tripleo_overcloud_admin_authorize_stack`: (String) Name or ID of the heat stack
+* `tripleo_overcloud_admin_authorize_timeout`: (Integer) Number in seconds to wait for the ansible execution of the deployment command to finish. Default: 3600
+
+Output Variables
+----------------
+
+* `tripleo_overcloud_admin_authorize_output`: (String) The command standard output.
+* `tripleo_overcloud_admin_authorize_result`: Ansible shell execution results
+
+Dependencies
+------------
+
+None.
+
+Example Playbook
+----------------
+
+Example execution playbook
+
+```yaml
+- hosts: undercloud
+  gather_facts: true
+  tasks:
+    - name: Deploy the ssh key for the overcloud
+      import_role:
+        name: tripleo_overcloud_admin_authorize
+      vars:
+        tripleo_overcloud_admin_authorize_stack: overcloud
+        tripleo_overcloud_admin_authorize_ssh_user: admin
+        tripleo_overcloud_admin_authorize_ssh_key: "/home/stack/my_key.pub"
+```
+
+License
+-------
+
+Apache-2.0
--- a/roles/tripleo_overcloud_admin_authorize/defaults/main.yml
+++ b/roles/tripleo_overcloud_admin_authorize/defaults/main.yml
@ -0,0 +1,15 @@
+---
+# defaults file for tripleo_overcloud_admin_authorize
+openstack_bin: openstack
+tripleo_overcloud_admin_authorize_debug: false
+tripleo_overcloud_admin_authorize_os_cloud: "{{ tripleo_os_cloud | default('') }}"
+tripleo_overcloud_admin_authorize_output_dir: "{{ ansible_env.HOME }}"
+tripleo_overcloud_admin_authorize_poll: 10
+tripleo_overcloud_admin_authorize_rc_file: "{{ tripleo_rc_file | default(ansible_env.HOME ~ '/overcloudrc') }}"
+tripleo_overcloud_admin_authorize_ssh_enable_timeout:
+tripleo_overcloud_admin_authorize_ssh_key:
+tripleo_overcloud_admin_authorize_ssh_network:
+tripleo_overcloud_admin_authorize_ssh_port_timeout:
+tripleo_overcloud_admin_authorize_ssh_user:
+tripleo_overcloud_admin_authorize_timeout: 3600
+tripleo_overcloud_admin_authorize_stack:
--- a/roles/tripleo_overcloud_admin_authorize/meta/main.yml
+++ b/roles/tripleo_overcloud_admin_authorize/meta/main.yml
@ -0,0 +1,42 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+
+galaxy_info:
+  author: OpenStack
+  description: TripleO Operator Role -- tripleo_overcloud_admin_authorize
+  company: Red Hat
+  license: Apache-2.0
+  min_ansible_version: 2.8
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  platforms:
+    - name: CentOS
+      versions:
+        - 7
+        - 8
+
+  galaxy_tags:
+    - tripleo
+
+
+# List your role dependencies here, one per line. Be sure to remove the '[]' above,
+# if you add dependencies to this list.
+dependencies: []
--- a/roles/tripleo_overcloud_admin_authorize/molecule/default/converge.yml
+++ b/roles/tripleo_overcloud_admin_authorize/molecule/default/converge.yml
@ -0,0 +1,92 @@
+---
+- name: Converge
+  hosts: all
+  collections:
+    - tripleo.operator
+  vars:
+    openstack_bin: echo
+    tripleo_os_cloud: undercloud
+    tripleo_overcloud_admin_authorize_debug: true
+    tripleo_overcloud_admin_authorize_output_dir:
+  tasks:
+
+    - name: "Include tripleo_overcloud_admin_authorize"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+
+    - name: Check role
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output == "overcloud admin authorize"
+
+    - name: Check parameter "tripleo_overcloud_admin_authorize_stack"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+      vars:
+        tripleo_overcloud_admin_authorize_stack: foo
+
+    - name: Assert "tripleo_overcloud_admin_authorize_stack"
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output ==
+            "overcloud admin authorize --stack foo"
+
+    - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_user"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+      vars:
+        tripleo_overcloud_admin_authorize_ssh_user: foo
+
+    - name: Assert "tripleo_overcloud_admin_authorize_ssh_user"
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output ==
+            "overcloud admin authorize --overcloud-ssh-user foo"
+
+    - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_key"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+      vars:
+        tripleo_overcloud_admin_authorize_ssh_key: /home/stack/foo.pub
+
+    - name: Assert "tripleo_overcloud_admin_authorize_ssh_key"
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output ==
+            "overcloud admin authorize --overcloud-ssh-key /home/stack/foo.pub"
+
+    - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_network"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+      vars:
+        tripleo_overcloud_admin_authorize_ssh_network: internal
+
+    - name: Assert "tripleo_overcloud_admin_authorize_ssh_network"
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output ==
+            "overcloud admin authorize --overcloud-ssh-network internal"
+
+    - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_enable_timeout"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+      vars:
+        tripleo_overcloud_admin_authorize_ssh_enable_timeout: 10
+
+    - name: Assert "tripleo_overcloud_admin_authorize_ssh_enable_timeout"
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output ==
+            "overcloud admin authorize --overcloud-ssh-enable-timeout 10"
+
+    - name: Check parameter "tripleo_overcloud_admin_authorize_ssh_port_timeout"
+      include_role:
+        name: "tripleo_overcloud_admin_authorize"
+      vars:
+        tripleo_overcloud_admin_authorize_ssh_port_timeout: 10
+
+    - name: Assert "tripleo_overcloud_admin_authorize_ssh_port_timeout"
+      assert:
+        that:
+          - tripleo_overcloud_admin_authorize_output ==
+            "overcloud admin authorize --overcloud-ssh-port-timeout 10"
--- a/roles/tripleo_overcloud_admin_authorize/molecule/default/molecule.yml
+++ b/roles/tripleo_overcloud_admin_authorize/molecule/default/molecule.yml
@ -0,0 +1,19 @@
+---
+driver:
+  name: delegated
+  options:
+    managed: false
+    ansible_connection_options:
+      ansible_connection: local
+log: true
+platforms:
+  - name: instance
+provisioner:
+  name: ansible
+scenario:
+  name: default
+  test_sequence:
+    - prepare
+    - syntax
+    - converge
+    - verify
--- a/roles/tripleo_overcloud_admin_authorize/molecule/default/prepare.yml
+++ b/roles/tripleo_overcloud_admin_authorize/molecule/default/prepare.yml
@ -0,0 +1,8 @@
+---
+- name: Prepare
+  hosts: all
+  tasks:
+
+    - name: Include molecule prep
+      include_role:
+        name: test_molecule_prep
--- a/roles/tripleo_overcloud_admin_authorize/tasks/main.yml
+++ b/roles/tripleo_overcloud_admin_authorize/tasks/main.yml
@ -0,0 +1,46 @@
+---
+- name: Setup config overcloud admin authorize ansible facts
+  set_fact:
+    _authorize_cmd: >-
+      {{ tripleo_overcloud_admin_authorize_os_cloud | ternary('', "source " ~ tripleo_overcloud_admin_authorize_rc_file ~ "; ") }}
+      {{ openstack_bin }} overcloud admin authorize
+      {{ tripleo_overcloud_admin_authorize_stack | ternary("--stack $AUTHORIZE_STACK", '') }}
+      {{ tripleo_overcloud_admin_authorize_ssh_user | ternary("--overcloud-ssh-user $AUTHORIZE_SSH_USER", '') }}
+      {{ tripleo_overcloud_admin_authorize_ssh_key | ternary("--overcloud-ssh-key $AUTHORIZE_SSH_KEY", '') }}
+      {{ tripleo_overcloud_admin_authorize_ssh_network | ternary("--overcloud-ssh-network $AUTHORIZE_SSH_NETWORK", '') }}
+      {{ tripleo_overcloud_admin_authorize_ssh_enable_timeout | ternary("--overcloud-ssh-enable-timeout $AUTHORIZE_SSH_ENABLE_TIMEOUT", '') }}
+      {{ tripleo_overcloud_admin_authorize_ssh_port_timeout | ternary("--overcloud-ssh-port-timeout $AUTHORIZE_SSH_PORT_TIMEOUT", '') }}
+      {{ tripleo_overcloud_admin_authorize_output_dir | ternary("--output-dir $AUTHORIZE_OUTPUT_DIR", '') }}
+    _authorize_env:
+      AUTHORIZE_STACK: "{{ tripleo_overcloud_admin_authorize_stack }}"
+      AUTHORIZE_SSH_USER: "{{ tripleo_overcloud_admin_authorize_ssh_user }}"
+      AUTHORIZE_SSH_KEY: "{{ tripleo_overcloud_admin_authorize_ssh_key }}"
+      AUTHORIZE_SSH_NETWORK: "{{ tripleo_overcloud_admin_authorize_ssh_network }}"
+      AUTHORIZE_SSH_ENABLE_TIMEOUT: "{{ tripleo_overcloud_admin_authorize_ssh_enable_timeout }}"
+      AUTHORIZE_SSH_PORT_TIMEOUT: "{{ tripleo_overcloud_admin_authorize_ssh_port_timeout }}"
+      AUTHORIZE_OUTPUT_DIR: "{{ tripleo_overcloud_admin_authorize_output_dir }}"
+      OS_CLOUD: "{{ tripleo_overcloud_admin_authorize_os_cloud }}"
+
+- name: Show debug information
+  when: tripleo_overcloud_admin_authorize_debug|bool
+  block:
+    - name: Show the overcloud admin authorize command
+      debug:
+        var: _authorize_cmd
+    - name: Show the overcloud admin authorize ansible environment
+      debug:
+        var: _authorize_env
+
+- name: overcloud admin authorize
+  shell: "{{ _authorize_cmd }}"  # noqa 305
+  args:
+    warn: false
+  environment: "{{ _authorize_env }}"
+  async: "{{ tripleo_overcloud_admin_authorize_timeout }}"
+  poll: "{{ tripleo_overcloud_admin_authorize_poll }}"
+  register: tripleo_overcloud_admin_authorize_result
+  changed_when: true
+
+- name: Set output fact
+  set_fact:
+    tripleo_overcloud_admin_authorize_output: "{{ tripleo_overcloud_admin_authorize_result.stdout }}"
--- a/roles/tripleo_overcloud_admin_authorize/tests/inventory
+++ b/roles/tripleo_overcloud_admin_authorize/tests/inventory
@ -0,0 +1 @@
+localhost
--- a/roles/tripleo_overcloud_admin_authorize/tests/test.yml
+++ b/roles/tripleo_overcloud_admin_authorize/tests/test.yml
@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - tripleo_overcloud_admin_authorize
--- a/zuul.d/molecule.yaml
+++ b/zuul.d/molecule.yaml
@ -12,6 +12,7 @@
      - tripleo-operator-molecule-tripleo_container_image_show
      - tripleo-operator-molecule-tripleo_overcloud_image_upload
      - tripleo-operator-molecule-tripleo_deploy
+      - tripleo-operator-molecule-tripleo_overcloud_admin_authorize
      - tripleo-operator-molecule-tripleo_overcloud_deploy
      - tripleo-operator-molecule-tripleo_overcloud_export
      - tripleo-operator-molecule-tripleo_overcloud_failures
@ -44,6 +45,7 @@
      - tripleo-operator-molecule-tripleo_container_image_show
      - tripleo-operator-molecule-tripleo_overcloud_image_upload
      - tripleo-operator-molecule-tripleo_deploy
+      - tripleo-operator-molecule-tripleo_overcloud_admin_authorize
      - tripleo-operator-molecule-tripleo_overcloud_deploy
      - tripleo-operator-molecule-tripleo_overcloud_export
      - tripleo-operator-molecule-tripleo_overcloud_failures
@ -185,6 +187,20 @@
    vars:
      tox_extra_args: tripleo_deploy

+- job:
+    files:
+      - ^roles/tripleo_overcloud_admin_authorize/.*
+      - ^bindep.txt
+      - ^galaxy.yml
+      - ^requirements.txt
+      - ^setup.cfg
+      - ^test-requirements.txt
+      - ^tox.ini
+    name: tripleo-operator-molecule-tripleo_overcloud_admin_authorize
+    parent: tripleo-operator-molecule-base
+    vars:
+      tox_extra_args: tripleo_overcloud_admin_authorize
+
 - job:
    files:
      - ^roles/tripleo_overcloud_deploy/.*