openstack
/
ansible-role-k8s-mariadb
Code Issues Proposed changes

Retire ansible-role-k8s-mariadb 

Depends-On: https://review.opendev.org/#/c/660436/
Depends-On: https://review.opendev.org/#/c/660440/
Depends-On: https://review.opendev.org/#/c/660437/
Change-Id: I11f24fe31e0e1e86c7c129d69fbc8e5c89f2af31
This commit is contained in:
Alex Schultz 2019-05-21 09:50:27 -06:00
parent 539122ce3d
commit f052db5f00
27 changed files with 8 additions and 1083 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.zuul.yaml
View File

@ -1,43 +0,0 @@
- project:
check:
jobs:
- ansible-role-k8s-mariadb-kubernetes-centos
- ansible-role-k8s-mariadb-openshift-centos
- nodeset:
name: ansible-role-k8s-centos
nodes:
- name: primary
label: centos-7
- job:
name: ansible-role-k8s-base
pre-run: tests/pre.yml
run: tests/run.yml
post-run: tests/post.yml
attempts: 1
timeout: 10800
required-projects:
- openstack/ansible-role-k8s-tripleo
- job:
name: ansible-role-k8s-mariadb-kubernetes-centos
parent: ansible-role-k8s-base
nodeset: ansible-role-k8s-centos
voting: false
vars:
coe: kubernetes
project_name: ansible-role-k8s-mariadb
required-projects:
- openstack/ansible-role-k8s-mariadb
- job:
name: ansible-role-k8s-mariadb-openshift-centos
parent: ansible-role-k8s-base
nodeset: ansible-role-k8s-centos
voting: false
vars:
coe: openshift
project_name: ansible-role-k8s-mariadb
required-projects:
- openstack/ansible-role-k8s-mariadb

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

40
README.md
View File

@ -1,34 +1,10 @@
K8S MariaDB
=========
[![Galaxy](https://img.shields.io/badge/galaxy-tripleo.k8s--mariadb-blue.svg?style=flat)](https://galaxy.ansible.com/tripleo/k8s-mariadb)
[![Build Status](https://travis-ci.org/tripleo/ansible-role-k8s-mariadb.svg?branch=master)](https://travis-ci.org/tripleo/ansible-role-k8s-mariadb)
This project is no longer maintained.
Install MariaDB in a Kubernetes cluster.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
Requirements
------------
Access to Kubernetes cluster
Role Variables
--------------
| Name | Default Value | Description |
|-------------------|---------------------|----------------------|
| `action` | `provision` | List of tasks to run. |
| `coe_host` | `https://localhost:8443` | |
| `coe_config_context` | | |
| `coe_config_file` | | |
Dependencies
------------
- `ansible.kubernetes-modules`
Example Playbook
----------------
- hosts: all
roles:
- tripleo.k8s-mariadb
For any further questions, please email
openstack-discuss@lists.openstack.org or join #openstack-dev on
Freenode.

11
defaults/main.yml
View File

@ -1,11 +0,0 @@
coe_host:
coe_config_context:
coe_config_file:
action: provision
service_name: mariadb
namespace: openstack
mariadb_config:
host: '{{service_name}}'
root_password: weakpassword

24
meta/main.yml
View File

@ -1,24 +0,0 @@
galaxy_info:
author: Sam Doran, Flavio Percoco
description:
company: Red Hat
license: MIT
min_ansible_version: 2.3
platforms:
- name: EL
versions:
- 7
galaxy_tags:
- openstack
- kubernetes
- mysql
- database
- mariadb
dependencies:
- role: ansible.kubernetes-modules
install_python_requirements: no
- role: ansible-role-k8s-tripleo

2
requirements.txt
View File

@ -1,2 +0,0 @@
ansible>=2,<2.4
openshift

25
tasks/deprovision.yml
View File

@ -1,25 +0,0 @@
- name: Delete mariadb deployment
k8s_v1beta1_stateful_set:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb
namespace: "{{namespace}}"
state: absent
- name: Delete mariadb service
k8s_v1_service:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb
namespace: "{{namespace}}"
state: absent
- name: Delete mariadb configmap
k8s_v1_namespace:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb
state: absent

26
tasks/hiera.yml
View File

@ -1,26 +0,0 @@
- name: Translate hieradata
parse_tripleo_hiera:
hieradata_file: '{{ hieradata_file }}'
hieradata: '{{ hieradata }}'
schema:
tripleo::profile::base::database::mysql::bind_address: bind_address
tripleo::profile::base::database::mysql::mysql_server_options: mysql_server_options
mysql::server::root_password: root_password
mysql_clustercheck_password: clustercheck_password
mysql_max_connections: mysql_max_connections
default: '{{mariadb_config}}'
when:
- hieradata or hieradata_file
- schema
register: result
- name: Set facts
set_fact:
mariadb_config: '{{result.conf_dict}}'
when:
- result.conf_dict is defined
- fact_variable != ''
- debug:
var: mariadb_config
verbosity: 2

1
tasks/main.yml
View File

@ -1 +0,0 @@
- include: "{{ action }}.yml"

170
tasks/provision.yml
View File

@ -1,170 +0,0 @@
- name: Create mariadb configmaps
ignore_errors: yes
k8s_v1_config_map:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb
namespace: "{{namespace}}"
state: present
debug: yes
labels:
service: mariadb
data:
kolla-config: |
{
"command": "/usr/bin/mysqld_safe",
"config_files": []
}
server-cnf: |
[mysqld]
pid-file=/var/lib/mysql/mariadb.pid
- include: hiera.yml
- name: Create mariadb service
k8s_v1_service:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb
namespace: "{{namespace}}"
state: present
ports:
- port: 3306
name: db
selector:
app: mariadb
labels:
app: mariadb
debug: yes
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "false"
register: create_service
- name: Create mariadb deployment
k8s_v1beta1_stateful_set:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb
namespace: "{{namespace}}"
state: present
debug: yes
spec_service_name: mariadb
spec_template_metadata_name: mariadb
spec_template_metadata_labels:
app: mariadb
galera: enabled
spec_template_spec_init_containers:
- name: bootstrap
image: tripleoupstream/centos-binary-mariadb
env:
- name: KOLLA_KUBERNETES
value: ""
- name: KOLLA_BOOTSTRAP
value: ""
- name: KOLLA_CONFIG_STRATEGY
value: "COPY_ALWAYS"
- name: DB_ROOT_PASSWORD
value: "{{mariadb_config.root_password}}"
volumeMounts:
- name: kolla-config
mountPath: /var/lib/kolla/config_files/
- name: mariadb-config
mountPath: /etc/my.cnf.d
- name: mariadb-pvc
mountPath: /var/lib/mysql
volumes:
- name: mariadb-pvc
- name: kolla-config
config_map:
name: mariadb
items:
- key: kolla-config
path: config.json
- name: mariadb-config
config_map:
name: mariadb
items:
- key: server-cnf
path: server.cnf
containers:
- name: mariadb
image: tripleoupstream/centos-binary-mariadb
ports:
- container_port: 3306
- container_port: 4567
- container_port: 4444
env:
- name: KOLLA_CONFIG_STRATEGY
value: COPY_ALWAYS
- name: KOLLA_KUBERNETES
value: ""
- name: DB_ROOT_PASSWORD
value: '{{mariadb_config.root_password}}'
volume_mounts:
- name: kolla-config
mountPath: /var/lib/kolla/config_files/
- name: mariadb-config
mountPath: /etc/my.cnf.d
- name: mariadb-pvc
mountPath: /var/lib/mysql
replicas: 1
volumes:
- name: mariadb-pvc
- name: kolla-config
config_map:
name: mariadb
items:
- key: kolla-config
path: config.json
- name: mariadb-config
config_map:
name: mariadb
items:
- key: server-cnf
path: server.cnf
register: create_deployment
tags:
- statefulset
- set_fact:
my_cnf: |
[mysql]
user=root
host={{mariadb_config.host}}
password='{{mariadb_config.root_password}}'
[client]
user=root
host={{mariadb_config.host}}
password='{{mariadb_config.root_password}}'
[mysqldump]
user=root
host={{mariadb_config.host}}
password='{{mariadb_config.root_password}}'
[mysqladmin]
user=root
host={{mariadb_config.host}}
password='{{mariadb_config.root_password}}'
[mysqlcheck]
user=root
host={{mariadb_config.host}}
password='{{mariadb_config.root_password}}'
- name: Create mariadb root secret
k8s_v1_secret:
host: "{{coe_host}}"
context: "{{coe_config_context}}"
kubeconfig: "{{coe_config_file}}"
name: mariadb-root
namespace: "{{namespace}}"
state: present
data:
my.cnf: "{{ my_cnf | b64encode }}"

97
tests/get_logs.sh
View File

@ -1,97 +0,0 @@
#!/bin/bash
set +o errexit
check_failure() {
# All docker container's status are created, restarting, running, removing,
# paused, exited and dead. Containers without running status are treated as
# failure. removing is added in docker 1.13, just ignore it now.
failed_containers=$(docker ps -a --format "{{.Names}}" \
--filter status=created \
--filter status=restarting \
--filter status=paused \
--filter status=exited \
--filter status=dead)
if [[ -n "$failed_containers" ]]; then
exit 1;
fi
}
copy_logs() {
LOG_DIR=/tmp/logs
SYSTEM_LOGS=$LOG_DIR/logs/
if [[ -d "$HOME/.ansible" ]]; then
cp -rvnL $HOME/.ansible/* ${LOG_DIR}/ansible/
fi
# Backup etc
cp -rvnL /etc ${LOG_DIR}/
cp /etc/sudoers ${LOG_DIR}/etc/sudoers.txt
cp -rvnL /var/log/* ${SYSTEM_LOGS}
cp -rvnL /tmp/kubespray ${LOG_DIR}/
cp -rvnL /tmp/test-volume ${LOG_DIR}/
if [[ -x "$(command -v journalctl)" ]]; then
journalctl --no-pager > ${SYSTEM_LOGS}/syslog.txt
journalctl --no-pager -u docker.service > ${SYSTEM_LOGS}/docker.log
else
cp /var/log/upstart/docker.log ${SYSTEM_LOGS}/docker.log
fi
iptables-save > ${SYSTEM_LOGS}/iptables.txt
df -h > ${SYSTEM_LOGS}/df.txt
free > ${SYSTEM_LOGS}/free.txt
parted -l > ${SYSTEM_LOGS}/parted-l.txt
mount > ${SYSTEM_LOGS}/mount.txt
env > ${SYSTEM_LOGS}/env.txt
if [ `command -v dpkg` ]; then
dpkg -l > ${SYSTEM_LOGS}/dpkg-l.txt
fi
if [ `command -v rpm` ]; then
rpm -qa > ${SYSTEM_LOGS}/rpm-qa.txt
fi
# final memory usage and process list
ps -eo user,pid,ppid,lwp,%cpu,%mem,size,rss,cmd > ${SYSTEM_LOGS}/ps.txt
if [ `command -v docker` ]; then
# docker related information
(docker info && docker images && docker ps -a) > ${SYSTEM_LOGS}/docker-info.txt
for container in $(docker ps -a --format "{{.Names}}"); do
docker logs --tail all ${container} > ${SYSTEM_LOGS}/containers/${container}.txt
done
fi
if [ `command -v kubectl` ]; then
if [ `command -v oc` ]; then
oc login -u system:admin
fi
(kubectl version && kubectl cluster-info dump && kubectl config view) > ${SYSTEM_LOGS}/k8s-info.txt 2>&1
(kubectl get pods --all-namespaces && kubectl describe all --all-namespaces) > ${SYSTEM_LOGS}/k8s-describe-all.txt 2>&1
fi
# Rename files to .txt; this is so that when displayed via
# logs.openstack.org clicking results in the browser shows the
# files, rather than trying to send it to another app or make you
# download it, etc.
# Rename all .log files to .txt files
for f in $(find ${SYSTEM_LOGS} -name "*.log"); do
mv $f ${f/.log/.txt}
done
chmod -R 777 ${LOG_DIR}
find $SYSTEM_LOGS -iname '*.txt' -execdir gzip -f -9 {} \+
find $SYSTEM_LOGS -iname '*.json' -execdir gzip -f -9 {} \+
}
copy_logs
check_failure

28
tests/post.yml
View File

@ -1,28 +0,0 @@
---
- hosts: all
vars:
logs_dir: "/tmp/logs"
tasks:
- name: Run diagnostics script
script: get_logs.sh
register: get_logs_result
become: true
failed_when: false
- name: Print get_logs output
debug:
msg: "{{ get_logs_result.stdout }}"
- name: Download logs to executor
synchronize:
dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
mode: pull
src: "{{ logs_dir }}/"
ignore_errors: yes
- name: Download /etc/hosts file to executor
synchronize:
src: "/etc/hosts"
dest: "{{ zuul.executor.log_root }}/{{inventory_hostname }}/"
mode: pull
ignore_errors: yes

44
tests/pre.yml
View File

@ -1,44 +0,0 @@
---
- hosts: all
vars:
logs_dir: "/tmp/logs"
tasks:
- name: "Ensure {{item}} dir exists"
file:
path: "{{item}}"
state: "directory"
with_items:
- "{{ logs_dir }}"
- name: Ensure node directories
file:
path: "{{ logs_dir }}/{{ item }}"
state: "directory"
mode: 0777
with_items:
- "logs"
- "logs/containers"
- name: "iptables: don't jump straight to openstack-INPUT"
become: true
iptables:
chain: "INPUT"
jump: "openstack-INPUT"
state: absent
- include: pre_rhel.yml
when: ansible_os_family == 'RedHat'
- include: pre_debian.yml
when: ansible_os_family == 'Debian'
- include: 'roles/{{coe}}/tasks/pre.yml'
- name: Create symlink for all required projects
become: true
file:
src: "{{ ansible_env.HOME }}/{{ item.value.src_dir }}"
dest: "/etc/ansible/roles/{{ item.value.short_name }}"
state: link
delegate_to: primary
with_dict: "{{zuul.projects}}"

1
tests/pre_debian.yml
View File

@ -1 +0,0 @@
---

33
tests/pre_rhel.yml
View File

@ -1,33 +0,0 @@
---
- name: Enable/Install epel-release
become: true
yum:
name: "{{item}}"
state: present
with_items:
- epel-release
- name: Enable/Install delorean
become: true
get_url:
url: "{{item.url}}"
dest: "/etc/yum.repos.d/{{item.dest}}"
with_items:
- dest: delorean-deps.repo
url: "https://trunk.rdoproject.org/centos7-master/delorean-deps.repo"
- dest: delorean.repo
url: "https://trunk.rdoproject.org/centos7-master/current-tripleo-rdo/delorean.repo"
- name: Upgrade all packages
become: true
yum:
name: '*'
state: latest
- name: Install required packages
become: true
yum:
name: "{{item}}"
state: latest
with_items:
- openstack-tempest

12
tests/roles/kubernetes/tasks/pre.yml
View File

@ -1,12 +0,0 @@
---
- include: pre_rhel.yml
when: ansible_os_family == 'RedHat'
- include: pre_debian.yml
when: ansible_os_family == 'Debian'
- name: Clone kubespray
git:
repo: https://github.com/kubernetes-incubator/kubespray/
dest: "/tmp/kubespray"
delegate_to: primary

1
tests/roles/kubernetes/tasks/pre_debian.yml
View File

@ -1 +0,0 @@
---

53
tests/roles/kubernetes/tasks/pre_rhel.yml
View File

@ -1,53 +0,0 @@
---
- name: Add ASB repo for ansible-kubernetes-modules
become: true
yum_repository:
name: asb
description: Copr repo for ansible-service-broker-latest owned by @ansible-service-broker
file: asb
baseurl: https://copr-be.cloud.fedoraproject.org/results/@ansible-service-broker/ansible-service-broker-latest/epel-7-$basearch/
gpgkey: https://copr-be.cloud.fedoraproject.org/results/@ansible-service-broker/ansible-service-broker-latest/pubkey.gpg
gpgcheck: true
enabled: true
skip_if_unavailable: true
repo_gpgcheck: false
- name: Enable/Install centos-release-openshift-origin
become: true
yum:
name: "{{item}}"
state: present
with_items:
- centos-release-openshift-origin
# NOTE(flaper87): python-openshift requires a specific version of
# python-requests. We need to update it to the version in the asb repo, hence
# this step. We have to enable epel so we can meet the python2-pysocks
# dependency, which is a python-requests requirement.
- name: Force update for requests/urllib3
become: true
yum:
name: "{{item}}"
state: latest
update_cache: true
enablerepo: asb,epel
disablerepo: delorean
with_items:
- python-requests
- name: Install required packages
become: true
yum:
name: "{{item}}"
state: latest
with_items:
- ansible
- python-netaddr
- name: Install required packages from asb
become: true
yum:
name: "{{item}}"
state: latest
with_items:
- ansible-kubernetes-modules

65
tests/roles/kubernetes/tasks/run.yml
View File

@ -1,65 +0,0 @@
---
- name: Build inventory
template:
src: "roles/kubernetes/templates/inventory.j2"
dest: "/tmp/kubespray/ci_inventory"
delegate_to: "primary"
- shell:
cmd: |
set -e
set -x
ansible-playbook -i ci_inventory --skip-tags bastion-ssh-config -e skip_downloads=true -e docker_dns_servers_strict=no -e deploy_netchecker=true cluster.yml
kubectl create namespace openstack
sudo mkdir /tmp/test-volume
sudo chmod 777 /tmp/test-volume
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: openstack-test-volume
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
storageClassName: slow
hostPath:
path: /tmp/test-volume
EOF
cat <<EOF | kubectl create -f -
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: openstack
name: pod-reader
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["secrets"]
verbs: ["get", "watch", "update", "delete", "list"]
EOF
cat <<EOF | kubectl create -f -
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: read-pods
namespace: openstack
subjects:
- kind: ServiceAccount
name: default
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
EOF
executable: /bin/bash
chdir: "/tmp/kubespray"
delegate_to: "primary"
environment: '{{ zuul | zuul_legacy_vars }}'
register: kubespray_output

12
tests/roles/kubernetes/templates/inventory.j2
View File

@ -1,12 +0,0 @@
[kube-master]
{{nodes}}
[kube-node]
{{nodes}}
[etcd:children]
kube-master
[k8s-cluster:children]
kube-master
kube-node

6
tests/roles/openshift/tasks/pre.yml
View File

@ -1,6 +0,0 @@
---
- include: pre_rhel.yml
when: ansible_os_family == 'RedHat'
- include: pre_debian.yml
when: ansible_os_family == 'Debian'

1
tests/roles/openshift/tasks/pre_debian.yml
View File

@ -1 +0,0 @@
---

71
tests/roles/openshift/tasks/pre_rhel.yml
View File

@ -1,71 +0,0 @@
---
- name: Add ASB repo for ansible-kubernetes-modules
become: true
yum_repository:
name: asb
description: Copr repo for ansible-service-broker-latest owned by @ansible-service-broker
file: asb
baseurl: https://copr-be.cloud.fedoraproject.org/results/@ansible-service-broker/ansible-service-broker-latest/epel-7-$basearch/
gpgkey: https://copr-be.cloud.fedoraproject.org/results/@ansible-service-broker/ansible-service-broker-latest/pubkey.gpg
gpgcheck: true
enabled: true
skip_if_unavailable: true
repo_gpgcheck: false
- name: Enable/Install centos-release-openshift-origin
become: true
yum:
name: "{{item}}"
state: present
with_items:
- centos-release-openshift-origin
# NOTE(flaper87): python-openshift requires a specific version of
# python-requests. We need to update it to the version in the asb repo, hence
# this step. We have to enable epel so we can meet the python2-pysocks
# dependency, which is a python-requests requirement.
- name: Force update for requests/urllib3
become: true
yum:
name: "{{item}}"
state: latest
update_cache: true
enablerepo: asb,epel
disablerepo: delorean
with_items:
- python-requests
- name: Install required packages
become: true
yum:
name: "{{item}}"
state: latest
with_items:
- ansible
- python-netaddr
- origin-clients
- docker
- docker-distribution
- name: Install required packages from asb
become: true
yum:
name: "{{item}}"
state: latest
with_items:
- ansible-kubernetes-modules
- name: Set docker registry options for OpenShift
become: true
lineinfile:
path: /etc/sysconfig/docker
state: present
regexp: "^OPTIONS='(.*)'"
line: "OPTIONS='\\1 --insecure-registry 172.30.0.0/16'"
backrefs: yes
- name: Start docker
become: true
service:
name: docker
state: restarted

73
tests/roles/openshift/tasks/run.yml
View File

@ -1,73 +0,0 @@
---
- shell:
cmd: |
set -e
set -x
oc cluster up --version=v3.6.1
oc login -u system:admin
oc delete scc anyuid hostaccess hostmount-anyuid hostnetwork privileged nonroot restricted
cat <<EOF | oc create -f -
kind: SecurityContextConstraints
apiVersion: v1
metadata:
name: permissive
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- '*'
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
groups:
- system:authenticated
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
EOF
sudo mkdir /tmp/test-volume
cat <<EOF | oc create -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: openstack-test-volume
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Recycle
storageClassName: slow
hostPath:
path: /tmp/test-volume
EOF
sudo chown zuul:zuul -R /tmp/test-volume
sudo chmod 777 /tmp/test-volume
sudo chcon -t svirt_sandbox_file_t /tmp/test-volume
executable: /bin/bash
become: true
delegate_to: "primary"
environment: '{{ zuul | zuul_legacy_vars }}'
register: oc_output
- name: Login to OpenShift
shell:
cmd: |
set -e
set -x
oc login https://127.0.0.1:8443 --insecure-skip-tls-verify=true -u developer -p developer
oc new-project openstack
executable: /bin/bash
delegate_to: "primary"
environment: '{{ zuul | zuul_legacy_vars }}'

28
tests/run.yml
View File

@ -1,28 +0,0 @@
---
- hosts: all
tasks:
- set_fact:
nodes: |
{% for host in hostvars %}
{{ host }} ansible_host={{ hostvars[host]['ansible_host'] }} ansible_become=true ansible_user={{ hostvars[host]['ansible_user'] }}
{% endfor %}
- name: Build playbook
template:
src: "templates/playbook.j2"
dest: "{{ ansible_env.HOME }}/{{ zuul.project.src_dir }}/playbook.yml"
delegate_to: "primary"
- include: 'roles/{{coe}}/tasks/run.yml'
- shell:
cmd: |
set -e
set -x
ansible-playbook -vvvvvv playbook.yml
executable: /bin/bash
chdir: "{{ ansible_env.HOME }}/{{ zuul.project.src_dir }}"
delegate_to: "primary"
environment: '{{ zuul | zuul_legacy_vars }}'
register: "{{project_name}}-output"

34
tests/templates/playbook.j2
View File

@ -1,34 +0,0 @@
- name: Provision {{project_name}}
hosts: localhost
gather_facts: false
connection: local
vars:
namespace: openstack
{% if coe == 'kubernetes' %}
coe_host: "http://localhost:8080"
{% endif %}
roles:
{% for dep in ansible_role_k8s_required|default('', true) %}
- role: {{dep}}
playbook_debug: false
{% endfor %}
- role: {{project_name}}
playbook_debug: false
tasks:
- name: Call netchecker
shell:
cmd: |
set -eux
curl http://localhost:31081/api/v1/connectivity_check
executable: /bin/bash
register: netchecker
ignore_errors: yes
- include: "{% raw %}{{ item }}{% endraw %}"
with_first_found:
- files:
- '{{ ansible_env.HOME }}/{{ zuul.project.src_dir }}/tests/tests.yml'
skip: true

14
tests/tests.yml
View File

@ -1,14 +0,0 @@
---
- name: Get mariadb cluster ip
shell:
cmd: |
kubectl get service mariadb --namespace {{namespace}} --template={%raw%}{{.spec.clusterIP}}{%endraw%}
executable: /bin/bash
register: mariadb_ip
- name: Wait for mariadb to become available
wait_for:
host={{mariadb_ip.stdout}}
port=3306
delay=1
timeout=300