Add the post-reboot-tasks role

This role will do basic checks to confirm that the node is
sufficiently up to continue afer a reboot.

Change-Id: Iebf474c9351e4246d7ab2072b48a50e93dbf0b94
This commit is contained in:
Ade Lee 2022-06-04 12:30:59 -04:00 committed by Clark Boylan
parent 423a7d6044
commit 25caf7ef5e
6 changed files with 32 additions and 2 deletions

View File

@ -36,6 +36,7 @@ General Purpose Roles
.. zuul:autorole:: prepare-workspace .. zuul:autorole:: prepare-workspace
.. zuul:autorole:: prepare-workspace-git .. zuul:autorole:: prepare-workspace-git
.. zuul:autorole:: prepare-workspace-openshift .. zuul:autorole:: prepare-workspace-openshift
.. zuul:autorole:: post-reboot-tasks
.. zuul:autorole:: remove-build-sshkey .. zuul:autorole:: remove-build-sshkey
.. zuul:autorole:: remove-build-winrm-cert .. zuul:autorole:: remove-build-winrm-cert
.. zuul:autorole:: remove-gpgkey .. zuul:autorole:: remove-gpgkey

View File

@ -2,3 +2,7 @@ Enable FIPS on a node.
Set a node into FIPS mode, to test functionality when crypto Set a node into FIPS mode, to test functionality when crypto
policies are set to FIPS in RHEL 8/Centos 8. policies are set to FIPS in RHEL 8/Centos 8.
The role will set the node into FIPS mode, reboot the node, and
then call the post-reboot-tasks role. This role requires a role
parameter - nslookup_target.

View File

@ -50,9 +50,9 @@
reboot: reboot:
reboot_timeout: 1800 reboot_timeout: 1800
- name: Run start-zuul-console role - name: Run post-boot tasks
include_role: include_role:
name: start-zuul-console name: post-reboot-tasks
- name: Ensure FIPS mode is enabled - name: Ensure FIPS mode is enabled
become: true become: true

View File

@ -0,0 +1,14 @@
Ensure that processes are running after a node reboot.
Some roles (like the enable-fips role) need to reboot the node
in order to complete their operations.
This role can be invoked to ensure that the node is sufficiently
up again before continuing by doing some basic checks for
connectivity (ssh), restarting the zuul-console and making sure
DNS is up.
A role parameter nslookup_target is required to specify the DNS name
to ensure DNS is working. If working in a mirrored environment, it
is a good idea to use $zuul_site_mirror_fqdn, because this is what
will be needed for package installs in any case.

View File

@ -0,0 +1,10 @@
---
- name: check if node is available for ssh
wait_for_connection:
- name: Run start-zuul-console role
include_role:
name: start-zuul-console
- name: confirm that dns is up
command: "nslookup -retry=60 {{ nslookup_target }}"

View File

@ -342,6 +342,7 @@
run: test-playbooks/simple-role-test.yaml run: test-playbooks/simple-role-test.yaml
vars: vars:
role_name: enable-fips role_name: enable-fips
nslookup_target: opendev.org
nodeset: nodeset:
nodes: nodes:
- name: centos-8-stream - name: centos-8-stream