Fetch non tripleo containers in provider job and consume it

When provider_job is set to true, it will pull the container
images from quay.io and will push it to local
registry using non_tripleo_containers.yml.

When consumer_job is set to true in child job, then
custom_ceph_parameters will be setted to true and ceph containers
related namespace will be changed to local registry
to pull the ceph containers so that container built and pushed
to local registry in provider job, will be consumed here.

It also adds standalone job which depends on content provider
job and updates the ceph tag.

Setting +standalone_container_ceph_updates to false as with in
tasks it is setted default to false.

Moved local registry host and port to extra-commons role
to easily share between roles.

It also fix the non_tripleo_containers playbook to exclude kolla
containers for train release.

Note to self:
tripleo-standalone-scenarios-pipeline will be added later
once standalone-upgrade job is ported to centent provider.

Change-Id: Ie3f7bafe3b6ee8a7879ebb3d1d5b47b20181b452
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Co-authored-by: Alex Schultz <aschultz@redhat.com>

roles/container-build/defaults/main.yaml

@@ -14,10 +14,11 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-local_registry_ip: 127.0.0.1
-local_registry_port: 5001
+content_provider_registry_ip: 127.0.0.1
+content_provider_registry_port: 5001
 container_registry_namespace: tripleomaster
 container_tag: current-tripleo
+container_file: /usr/share/openstack-tripleo-common/container-images/tripleo_containers.yaml
 # Notes(chandankumar): openstack- prefix is used from victoria release onwards
 docker_prep_prefix: >-
   {% if (job.build_container_images|default(false)|bool and

roles/container-build/tasks/main.yaml

@@ -14,22 +14,22 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- name: Deploy the local registry
+- name: Deploy the content provider registry
   become: true
   podman_container:
     name: docker_registry
     image: quay.io/tripleoci/registry:2
     publish:
-      - "{{ local_registry_port }}:{{ local_registry_port }}"
+      - "{{ content_provider_registry_port }}:{{ content_provider_registry_port }}"
     env:
-      REGISTRY_HTTP_ADDR: "0.0.0.0:{{ local_registry_port }}"
+      REGISTRY_HTTP_ADDR: "0.0.0.0:{{ content_provider_registry_port }}"
   tags:
     - skip_ansible_lint
 
-- name: Open port for local registry
+- name: Open port for content provider registry
   become: true
   command: >-
-    iptables -I INPUT -p tcp --dport {{ local_registry_port }} -j ACCEPT
+    iptables -I INPUT -p tcp --dport {{ content_provider_registry_port }} -j ACCEPT
   changed_when: true
 
 - name: Set container_image_build_volumes fact
@@ -60,8 +60,12 @@
     tripleo_container_image_build_namespace: "{{ container_registry_namespace }}"
     tripleo_container_image_build_tag: "{{ container_tag }}"
     tripleo_container_image_build_push: true
-    tripleo_container_image_build_registry: "{{ local_registry_ip }}:{{ local_registry_port }}"
+    tripleo_container_image_build_registry: "{{ content_provider_registry_ip }}:{{ content_provider_registry_port }}"
     tripleo_container_image_build_rhel_modules: "{{ rhel_modules|default('') }}"
     tripleo_container_image_build_volumes: "{{ container_image_build_volumes }}"
     tripleo_container_image_build_work_dir: "{{ working_dir }}/container-builds"
     tripleo_container_image_build_prefix: "{{ docker_prep_prefix }}"
+
+- name: Pull and push non *tripleo* container images to local registry
+  import_tasks: non_tripleo_containers.yml
+  when: job.provider_job|default(false)|bool

roles/container-build/tasks/non_tripleo_containers.yml

@@ -0,0 +1,55 @@
+---
+- name: Fetch tripleo containers
+  command: cat "{{ container_file }}"
+  register: all_containers
+  changed_when: false
+
+- name: Store tripleo containers
+  set_fact:
+    containers: "{{ all_containers.stdout | from_yaml }}"
+
+- name: Filter out non-tripleo containers
+  set_fact:
+    non_tripleo_containers: "{{ containers.container_images | json_query('[?image_source != `tripleo`]') }}"
+
+- name: Filter out non-tripleo containers excluding kolla image_source
+  set_fact:
+    non_tripleo_containers: "{{ non_tripleo_containers.container_images | json_query('[?image_source != `kolla`]') }}"
+  when: release in ["train"]
+
+- name: Store non-tripleo containers
+  set_fact:
+    non_tripleo_containers: "{{ non_tripleo_containers | map(attribute='imagename') | list }}"
+
+- name: Print non-tripleo containers
+  debug:
+    msg: "{{ non_tripleo_containers }}"
+
+- name: Pull non-tripleo containers to the content provider registry
+  become: true
+  block:
+
+    - name: Make sure buildah is installed
+      package:
+        name: "buildah"
+        state: present
+
+    # NOTE(mwhahaha): use buildah because --format can only be specified with buildah push.
+    # Additionally we could switch to oci, but v2v2 is what we convert on the undercloud.
+    - name: Pull non-tripleo containers (ceph, alertmanager, prometheus) to the content provider registry
+      shell: >
+        buildah images;
+        buildah pull {{ item }};
+        buildah push --format=v2s2 --tls-verify=False --log-level debug {{ item }} \
+          docker://{{ content_provider_registry_ip }}:{{ content_provider_registry_port }}/{{ docker_registry_namespace }}/{{ item.split('/')[-1] }};
+      with_items: "{{ non_tripleo_containers }}"
+      register: non_tripleo
+      changed_when: false
+      tags:
+        - skip_ansible_lint
+
+- name: Dump non-tripleo containers output to file
+  copy:
+    content: "{{ non_tripleo }}"
+    dest: "{{ ansible_user_dir }}/non_tripleo_containers.log"
+  when: non_tripleo is defined

roles/extras-common/defaults/main.yml

@@ -1,4 +1,7 @@
 ---
+# vars related to content provider job
+local_registry_ip: 127.0.0.1
+local_registry_port: 5001
 
 overcloud_ipv6: false
 containerized_overcloud: >-
@@ -51,7 +54,14 @@ docker_prep_prefix: >-
   {%- endif -%}
 # docker suffix
 docker_prep_suffix: ""
-docker_ceph_namespace: docker.io/ceph
+docker_ceph_namespace: >-
+  {% if job.consumer_job|default(false)|bool -%}
+  {{ job.registry_ip_address }}:{{ local_registry_port }}/{{ docker_registry_namespace }}
+  {%- elif release not in ['queens', 'rocky', 'pike'] -%}
+  quay.ceph.io/ceph-ci
+  {%- else -%}
+  docker.io/ceph
+  {%- endif -%}
 docker_ceph_image: daemon
 docker_ceph_tag: >-
   {% if release in ['pike'] -%}
@@ -59,7 +69,7 @@ docker_ceph_tag: >-
   {%- elif release in ['queens','rocky'] -%}
   v3.2.14-stable-3.2-luminous-centos-7-x86_64
   {%- else -%}
-  v4.0.10-stable-4.0-nautilus-centos-7-x86_64
+  v4.0.13-stable-4.0-nautilus-centos-7-x86_64
   {%- endif -%}
 rhel_containers: >-
    {% if ansible_distribution == 'RedHat' -%}

roles/standalone/defaults/main.yml

@@ -41,9 +41,16 @@ standalone_container_cli: docker
 
 standalone_custom_env_files: []
 
-standalone_container_ceph_updates: true
+standalone_container_ceph_updates: false
 
 standalone_tripleo_deploy_debug_arg: false
 
 local_registry_ip: 127.0.0.1
 local_registry_port: 5001
+
+# containers related params
+custom_ceph_parameters: "{{ job.consumer_job|default(false)|bool }}"
+custom_ceph_alertmanager_namespace: quay.io/prometheus
+custom_ceph_grafana_namespace: quay.io/app-sre
+custom_ceph_node_exporter_namespace: quay.io/prometheus
+custom_ceph_prometheus_namespace: quay.io/prometheus

roles/standalone/tasks/containers.yml

@@ -122,7 +122,7 @@
 # ceph parameters
 - name: update container ceph parameters
   when:
-    - standalone_container_ceph_updates|default(false)|bool
+    - standalone_container_ceph_updates|bool or job.consumer_job|default(false)|bool
   replace:
     path: "{{ working_dir }}/containers-prepare-parameters.yaml"
     regexp: " {{ item.original }}: (.*)"
@@ -135,8 +135,8 @@
 
 - name: update container custom ceph parameters, if required
   when:
-    - standalone_container_ceph_updates|default(false)|bool
-    - custom_ceph_parameters|default(false)|bool
+    - custom_ceph_parameters|bool
+    - standalone_container_ceph_updates|bool
   replace:
     path: "{{ working_dir }}/containers-prepare-parameters.yaml"
     regexp: " {{ item.original }}: (.*)"
@@ -156,6 +156,28 @@
     - {original: "ceph_prometheus_namespace", replace: "ceph_prometheus_namespace: {{ custom_ceph_prometheus_namespace }}"}
     - {original: "ceph_prometheus_tag", replace: "ceph_prometheus_tag: {{ custom_ceph_prometheus_tag }}"}
 
+# By using non_tripleo_containers.yml playbook in provider job, ceph related containers
+# will be pulled from quay.io and pushed to local registry in content provider job.
+# in order to consume it during deployment in consumer job, ceph containers namespaces
+# needs to be updated in consumer job pointing to content provider job registry
+# to pull respective containers.
+# docker_ceph_namespace will point to local registry in consumer job, is setted in
+# extra-common role.
+- name: update container custom ceph parameters for consumer job
+  when:
+    - custom_ceph_parameters|bool
+    - job.consumer_job|default(false)|bool
+  replace:
+    path: "{{ working_dir }}/containers-prepare-parameters.yaml"
+    regexp: " {{ item.original }}: (.*)"
+    replace: " {{ item.replace }}"
+    backup: true
+  with_items:
+    - {original: "ceph_alertmanager_namespace", replace: "ceph_alertmanager_namespace: {{ docker_ceph_namespace }}"}
+    - {original: "ceph_grafana_namespace", replace: "ceph_grafana_namespace: {{ docker_ceph_namespace }}"}
+    - {original: "ceph_node_exporter_namespace", replace: "ceph_node_exporter_namespace: {{ docker_ceph_namespace }}"}
+    - {original: "ceph_prometheus_namespace", replace: "ceph_prometheus_namespace: {{ docker_ceph_namespace }}"}
+
 - name: Set repos defined in the job to update
   when:
     - job.add_repos is defined

zuul.d/layout.yaml

@@ -10,7 +10,6 @@
       - tripleo-standalone-multinode-ipa
     check:
       jobs:
-        - tripleo-ci-centos-8-standalone
         - openstack-tox-linters
         - openstack-tox-molecule:
             required-projects: