New validation: ensure we have access to the right package version

This validation takes a list of dict describing the packages we want to
verify.
The main goal is to ensure we are avoiding issues at some point with
particularly sensitive packages, such as podman.

We can't use the "package_facts" ansible module, since we're allowing to
check available packages - i.e. versions that aren't installed on the
system.

With the current default, we ensure we get podman 1.6.4 on every nodes
(overcloud and undercloud).
This can be used during an upgrade in order to ensure we're not using
the wrong podman version - either as an inflight validation, or as a
manual step.

Also, it supports the full version number, with the release itself.

This means you can pass "1.6.4-15" for podman, in order to ensure you
get the precise version you want.

Please check the molecule tests in order to see how this validation can
be used.

Please note, the "yum list" part is slow since it will check on the
remote repositories for the available versions!

Last note, we're using "yum" here since the validation might be needed
on pre-dnf releases (namely, centos-7 or rhel-7).

Change-Id: I021a7ad03902ca506885769c1cadc4a449bebbfb
(cherry picked from commit 1c03c9fc56)
This commit is contained in:
Cédric Jeanneret 2020-07-30 08:37:09 +02:00
parent cebe0b4a2b
commit a947d7ecb4
11 changed files with 267 additions and 7 deletions

View File

@ -0,0 +1,6 @@
======================
Role - package_version
======================
.. ansibleautoplugin::
:role: roles/package_version

View File

@ -0,0 +1,18 @@
---
- hosts: all
vars:
metadata:
name: The Validation name goes here
description: >-
Write a description of your validations
groups:
- prep
- pre-deployment
- post-deployment
- pre-upgrade
- post-upgrade
- pre-ceph
- post-ceph
package_version_debug: false
roles:
- package_version

View File

@ -0,0 +1,2 @@
---
package_version_packages: []

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,58 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: Check a simple existing package
vars:
package_version_packages:
- name: bash
version: 1.0
comparison: '>='
state: installed
include_role:
name: package_version
- name: Ensure we fail if something is wrong
vars:
package_version_packages:
- name: bash
version: 1.0
comparison: '<'
state: available
block:
- name: Run check
include_role:
name: package_version
rescue:
- name: Clear host errors
meta: clear_host_errors
- name: Test output
debug:
msg: The validation works! End play
- name: End play
meta: end_play
- name: Fail playbook if reached
fail:
msg: |
The package_version validation didn't properly detect the failure!

View File

@ -0,0 +1,46 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,16 @@
---
- name: Get wanted package
set_fact:
wanted: "{{ (package_version_packages|selectattr('name', 'equalto', item)|list)[0] }}"
ok_versions: "{{ ok_versions |combine({item: []}) }}"
- name: Do the comparison
when:
- (pkg.version ~ '-' ~ pkg.release) is version(wanted.version, wanted.comparison)
- (wanted.state == 'any' or wanted.state == pkg.yumstate)
set_fact:
ok_versions: "{{ ok_versions |combine({pkg.name: [ pkg.version ]}) }}"
loop: "{{ (repo_packages.results|selectattr('item', 'equalto', item)|map(attribute='results')|list)[0] }}"
loop_control:
label: "{{ pkg.name }}"
loop_var: 'pkg'

View File

@ -0,0 +1,67 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Ensure we get needed facts
setup:
gather_subset:
- '!all'
- '!any'
- '!min'
- distribution
- os_family
# find within the "vars/" path. If no OS files are found the task will skip.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- skip: true
files:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Get repositories packages versions
yum:
list: "{{ item }}"
register: repo_packages
loop: "{{ package_version_packages|map(attribute='name')|list }}"
- name: Initialiaze ok_versions
set_fact:
ok_versions: {}
- name: Compare versions
include_tasks: compare.yaml
loop: "{{ package_version_packages|map(attribute='name')|list }}"
loop_control:
label: "{{ item }}"
- name: Fail if we lack a version for any package
fail:
msg: >-
Unable to find a matching version for {{ item.key }}.
Should get {{ (package_version_packages|selectattr('name', 'equalto', item.key)|list)[0].version }}
as {{ (package_version_packages|selectattr('name', 'equalto', item.key)|list)[0].state }}.
when:
- item.value|length == 0
loop: "{{ ok_versions | dict2items }}"
loop_control:
label: "{{ item.key }}"

View File

@ -0,0 +1,2 @@
---
package_version_packages: []

View File

@ -0,0 +1,6 @@
---
package_version_packages:
- name: podman
version: 1.6.4-15.module+el8.2.0+7290+954fb593
comparison: '=='
state: installed

View File

@ -13,6 +13,7 @@
- tripleo-validations-centos-8-molecule-image_serve
- tripleo-validations-centos-8-molecule-nova_status
- tripleo-validations-centos-8-molecule-nova_svirt
- tripleo-validations-centos-8-molecule-package_version
- tripleo-validations-centos-8-molecule-rabbitmq_limits
- tripleo-validations-centos-8-molecule-repos
- tripleo-validations-centos-8-molecule-stonith_exists
@ -37,6 +38,7 @@
- tripleo-validations-centos-8-molecule-image_serve
- tripleo-validations-centos-8-molecule-nova_status
- tripleo-validations-centos-8-molecule-nova_svirt
- tripleo-validations-centos-8-molecule-package_version
- tripleo-validations-centos-8-molecule-rabbitmq_limits
- tripleo-validations-centos-8-molecule-repos
- tripleo-validations-centos-8-molecule-stonith_exists
@ -390,13 +392,6 @@
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: ceph
- job:
files:
- ^roles/system_encoding/.*
name: tripleo-validations-centos-8-molecule-system_encoding
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: system_encoding
- job:
files:
- ^roles/nova_svirt/.*
@ -404,3 +399,10 @@
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: nova_svirt
- job:
files:
- ^roles/package_version/.*
name: tripleo-validations-centos-8-molecule-package_version
parent: tripleo-validations-centos-8-base
vars:
tripleo_validations_role_name: package_version