Revert "Remove objects migrated to validations-common"

This reverts commit c899d97120.

It merged too early, we need a promotion before.

Closes-Bug: #1895507
Change-Id: I0f6b7a6353fd8f99744c3b3be08d5f71c6ab1a39
This commit is contained in:
Cédric Jeanneret (Tengu) 2020-09-14 11:37:17 +00:00
parent c899d97120
commit 9ed7ce4f96
130 changed files with 4204 additions and 0 deletions

View File

@ -0,0 +1,15 @@
========================
Module - advanced_format
========================
This module provides for the following ansible plugin:
* advanced_format
.. ansibleautoplugin::
:module: library/advanced_format.py
:documentation: true
:examples: true

View File

@ -0,0 +1,15 @@
=============================
Module - check_package_update
=============================
This module provides for the following ansible plugin:
* check_package_update
.. ansibleautoplugin::
:module: library/check_package_update.py
:documentation: true
:examples: true

View File

@ -0,0 +1,15 @@
=====================
Module - haproxy_conf
=====================
This module provides for the following ansible plugin:
* haproxy_conf
.. ansibleautoplugin::
:module: library/haproxy_conf.py
:documentation: true
:examples: true

View File

@ -0,0 +1,15 @@
==============
Module - hiera
==============
This module provides for the following ansible plugin:
* hiera
.. ansibleautoplugin::
:module: library/hiera.py
:documentation: true
:examples: true

View File

@ -0,0 +1,14 @@
====================
Module - reportentry
====================
This module provides for the following ansible plugin:
* reportentry
.. ansibleautoplugin::
:module: library/reportentry.py
:documentation: true
:examples: true

View File

@ -0,0 +1,15 @@
=============================
Module - validations_read_ini
=============================
This module provides for the following ansible plugin:
* validations_read_ini
.. ansibleautoplugin::
:module: library/validations_read_ini.py
:documentation: true
:examples: true

View File

@ -0,0 +1,15 @@
=============
Module - warn
=============
This module provides for the following ansible plugin:
* warn
.. ansibleautoplugin::
:module: library/warn.py
:documentation: true
:examples: true

View File

@ -0,0 +1,7 @@
============================
advanced_format_512e_support
============================
.. ansibleautoplugin::
:role: roles/advanced_format_512e_support

View File

@ -0,0 +1,6 @@
=============================
check_latest_packages_version
=============================
.. ansibleautoplugin::
:role: roles/check_latest_packages_version

View File

@ -0,0 +1,7 @@
===
dns
===
.. ansibleautoplugin::
:role: roles/dns

View File

@ -0,0 +1,7 @@
=======
haproxy
=======
.. ansibleautoplugin::
:role: roles/haproxy

View File

@ -0,0 +1,7 @@
=====
no_op
=====
.. ansibleautoplugin::
:role: roles/no_op

View File

@ -0,0 +1,7 @@
===
ntp
===
.. ansibleautoplugin::
:role: roles/ntp

View File

@ -0,0 +1,7 @@
==============
service_status
==============
.. ansibleautoplugin::
:role: roles/service_status

View File

@ -0,0 +1,7 @@
==============
undercloud_cpu
==============
.. ansibleautoplugin::
:role: roles/undercloud_cpu

View File

@ -0,0 +1,7 @@
==============
undercloud_ram
==============
.. ansibleautoplugin::
:role: roles/undercloud_ram

View File

@ -0,0 +1,7 @@
=======================
undercloud_selinux_mode
=======================
.. ansibleautoplugin::
:role: roles/undercloud_selinux_mode

View File

@ -0,0 +1,6 @@
================
validate_selinux
================
.. ansibleautoplugin::
:role: roles/validate_selinux

View File

@ -0,0 +1,8 @@
===============
xfs_check_ftype
===============
.. ansibleautoplugin::
:role: roles/xfs_check_ftype

View File

@ -0,0 +1,97 @@
#!/usr/bin/env python
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from os import path
from yaml import safe_load as yaml_safe_load
from ansible.module_utils.basic import AnsibleModule
DOCUMENTATION = '''
---
module: advanced_format
short_description: Check for advanced disk format
description:
- Check whether a drive uses advanced format
options:
drive:
required: true
description:
- drive name
type: str
author: "Martin Andre (@mandre)"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Detect whether the drive uses Advanced Format
advanced_format: drive=vda
'''
def read_int(module, file_path):
'''Read a file and convert its value to int.
Raise ansible failure otherwise.
'''
try:
with open(file_path) as f:
file_contents = f.read()
return int(file_contents)
except IOError:
module.fail_json(msg="Cannot open '%s'" % file_path)
except ValueError:
module.fail_json(msg="The '%s' file doesn't contain an integer value" %
file_path)
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
drive = module.params.get('drive')
queue_path = path.join('/sys/class/block', drive, 'queue')
physical_block_size_path = path.join(queue_path, 'physical_block_size')
logical_block_size_path = path.join(queue_path, 'logical_block_size')
physical_block_size = read_int(module, physical_block_size_path)
logical_block_size = read_int(module, logical_block_size_path)
if physical_block_size == logical_block_size:
module.exit_json(
changed=False,
msg="The disk %s probably doesn't use Advance Format." % drive,
)
else:
module.exit_json(
# NOTE(shadower): we're marking this as `changed`, to make it
# visually stand out when running via Ansible directly instead of
# using the API.
#
# The API & UI is planned to look for the `warnings` field and
# display it differently.
changed=True,
warnings=["Physical and logical block sizes of drive %s differ "
"(%s vs. %s). This can mean the disk uses Advance "
"Format." %
(drive, physical_block_size, logical_block_size)],
)
if __name__ == '__main__':
main()

145
library/check_package_update.py Executable file
View File

@ -0,0 +1,145 @@
#!/usr/bin/env python
# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
""" Check for available updates for a given package."""
import collections
import subprocess
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
DOCUMENTATION = '''
---
module: check_package_update
short_description: Check for available updates for a given package
description:
- Check for available updates for a given package
options:
package:
required: true
description:
- The name of the package you want to check
type: str
pkg_mgr:
required: true
description:
- Supported Package Manager, DNF or YUM
type: str
author: "Florian Fuchs"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Get available updates for packages
check_package_update:
package: python-tripleoclient
pkg_mgr: "{{ ansible_pkg_mgr}}"
'''
SUPPORTED_PKG_MGRS = (
'yum',
'dnf',
)
PackageDetails = collections.namedtuple('PackageDetails',
['name', 'version', 'release', 'arch'])
def get_package_details(output):
if output:
return PackageDetails(
output.split('|')[0],
output.split('|')[1],
output.split('|')[2],
output.split('|')[3],
)
def _command(command):
# Return the result of a subprocess call
# as [stdout, stderr]
process = subprocess.Popen(command,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
return process.communicate()
def check_update(module, package, pkg_mgr):
if pkg_mgr not in SUPPORTED_PKG_MGRS:
module.fail_json(
msg='Package manager "{}" is not supported.'.format(pkg_mgr))
return
installed_stdout, installed_stderr = _command(
['rpm', '-qa', '--qf',
'%{NAME}|%{VERSION}|%{RELEASE}|%{ARCH}',
package])
# Fail the module if for some reason we can't lookup the current package.
if installed_stderr != '':
module.fail_json(msg=installed_stderr)
return
elif not installed_stdout:
module.fail_json(
msg='"{}" is not an installed package.'.format(package))
return
installed = get_package_details(installed_stdout)
pkg_mgr_option = 'available'
if pkg_mgr == 'dnf':
pkg_mgr_option = '--available'
available_stdout, available_stderr = _command(
[pkg_mgr, '-q', 'list', pkg_mgr_option, installed.name])
if available_stdout:
new_pkg_info = available_stdout.split('\n')[1].rstrip().split()[:2]
new_ver, new_rel = new_pkg_info[1].split('-')
module.exit_json(
changed=False,
name=installed.name,
current_version=installed.version,
current_release=installed.release,
new_version=new_ver,
new_release=new_rel)
else:
module.exit_json(
changed=False,
name=installed.name,
current_version=installed.version,
current_release=installed.release,
new_version=None,
new_release=None)
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
check_update(module,
module.params.get('package'),
module.params.get('pkg_mgr'))
if __name__ == '__main__':
main()

89
library/haproxy_conf.py Normal file
View File

@ -0,0 +1,89 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import re
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
DOCUMENTATION = '''
---
module: haproxy_conf
short_description: Gather the HAProxy config
description:
- Gather the HAProxy config
options:
path:
required: true
description:
- file path to the config file
type: str
author: "Tomas Sedovic"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Gather the HAProxy config
haproxy_conf: path=/etc/haproxy/haproxy.cfg
'''
# ConfigParser chokes on both mariadb and haproxy files. Luckily They have
# a syntax approaching ini config file so they are relatively easy to parse.
# This generic ini style config parser is not perfect -- it can ignore some
# valid options -- but good enough for our use case.
def generic_ini_style_conf_parser(file_path, section_regex, option_regex):
config = {}
current_section = None
with open(file_path) as config_file:
for line in config_file:
match_section = re.match(section_regex, line)
if match_section:
current_section = match_section.group(1)
config[current_section] = {}
match_option = re.match(option_regex, line)
if match_option and current_section:
option = re.sub(r'\s+', ' ', match_option.group(1))
config[current_section][option] = match_option.group(2)
return config
def parse_haproxy_conf(file_path):
section_regex = r'^(\w+)'
option_regex = r'^(?:\s+)(\w+(?:\s+\w+)*?)\s+([\w/]*)$'
return generic_ini_style_conf_parser(file_path, section_regex,
option_regex)
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
haproxy_conf_path = module.params.get('path')
try:
config = parse_haproxy_conf(haproxy_conf_path)
except IOError:
module.fail_json(msg="Could not open the haproxy conf file at: '%s'" %
haproxy_conf_path)
module.exit_json(changed=False, ansible_facts={u'haproxy_conf': config})
if __name__ == '__main__':
main()

64
library/hiera.py Normal file
View File

@ -0,0 +1,64 @@
#!/usr/bin/env python
# Copyright 2016 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import subprocess
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
DOCUMENTATION = '''
---
module: hiera
short_description: Get data from hiera
description:
- Get data from hiera
options:
name:
required: true
description:
- Name to lookup
type: str
author: "Martin Andre (@mandre)"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Lookup foo
hiera: name=foo
'''
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
name = module.params.get('name')
cmd = ['/usr/bin/hiera', '-c', '/etc/puppet/hiera.yaml', name]
result = subprocess.check_output(cmd, universal_newlines=True).rstrip()
if result == 'nil':
module.fail_json(msg="Failed to retrieve hiera data for {}"
.format(name))
module.exit_json(changed=False,
ansible_facts={name: result})
if __name__ == '__main__':
main()

89
library/reportentry.py Normal file
View File

@ -0,0 +1,89 @@
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
DOCUMENTATION = '''
---
module: reportentry
short_description: Print a custom report
description:
- Print a custom report
options:
report_status:
required: true
description:
- The report status. Should be 'OK', 'ERROR' or 'SKIPPED'.
choices:
- 'OK'
- 'ERROR'
- 'SKIPPED'
type: str
report_reason:
required: true
description:
- The reason of the report
type: str
report_recommendations:
required: true
description:
- A list of recommendations to do.
type: list
author: "Gael Chamoulaud"
'''
EXAMPLES = '''
- hosts: undercloud
tasks:
- name: Report DNS setup in undercloud.conf
reportentry:
report_status: "ERROR"
report_reason: "DNS is not setup correctly in undercloud.conf"
report_recommendations:
- "Please set the 'undercloud_nameservers' param in undercloud.conf"
'''
def format_msg_report(status, reason, recommendations):
msg = ("[{}] '{}'\n".format(status, reason))
if recommendations:
for rec in recommendations:
msg += " - RECOMMENDATION: {}\n".format(rec)
return msg
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
status = module.params.get('report_status')
msg = format_msg_report(module.params.get('report_status'),
module.params.get('report_reason'),
module.params.get('report_recommendations'))
if status == 'ERROR':
module.fail_json(msg=msg)
elif status == "SKIPPED":
module.exit_json(changed=False,
warnings=msg)
else:
module.exit_json(changed=False,
msg=msg)
if __name__ == '__main__':
main()

View File

@ -0,0 +1,166 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Ansible module to read a value from an Ini file.
# Usage:
# - validations_read_ini: path=/path/to/file.ini section=default key=something
# register: my_ini
#
# This will read the `path/to/file.ini` file and read the `Hello!` value under:
# [default]
# something = Hello!
#
# You can register the result and use it later with `{{ my_ini.value }}`
try:
import configparser as ConfigParser
except ImportError:
import ConfigParser
from enum import Enum
import os
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
# Possible return values
class ReturnValue(Enum):
OK = 0
INVALID_FORMAT = 1
KEY_NOT_FOUND = 2
def check_file(path, ignore_missing):
'''Validate entered path'''
if not (os.path.exists(path) and os.path.isfile(path)):
return "Could not open the ini file: '{}'".format(path)
else:
return ''
def get_result(path, section, key, default=None):
'''Get value based on section and key'''
msg = ''
value = None
config = ConfigParser.SafeConfigParser()
try:
config.read(path)
except Exception:
msg = "The file '{}' is not in a valid INI format.".format(path)
ret = ReturnValue.INVALID_FORMAT
return (ret, msg, value)
try:
value = config.get(section, key)
msg = ("The key '{}' under the section '{}' in file {} "
"has the value: '{}'").format(key, section, path, value)
ret = ReturnValue.OK
return (ret, msg, value)
except ConfigParser.Error:
if default:
msg = ("There is no key '{}' under section '{}' in file {}. Using"
" default value '{}'".format(key, section, path, default))
ret = ReturnValue.OK
value = default
else:
value = None
msg = "There is no key '{}' under the section '{}' in file {}.".format(
key, section, path)
ret = ReturnValue.KEY_NOT_FOUND
return (ret, msg, value)
DOCUMENTATION = '''
---
module: validations_read_ini
short_description: Get data from an ini file
description:
- Get data from an ini file
options:
path:
required: true
description:
- File path
type: str
section:
required: true
description:
- Section to look up
type: str
key:
required: true
description:
- Section key to look up
type: str
default:
required: false
description:
- Default value if key isn't found
ignore_missing_file:
required: false
description:
- Flag if a missing file should be ignored
type: bool
author: "Tomas Sedovic"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Lookup bar value
validations_read_ini: path=config.ini section=foo key=bar ignore_missing_file=True
'''
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
ini_file_path = module.params.get('path')
ignore_missing = module.params.get('ignore_missing_file')
# Check that file exists
msg = check_file(ini_file_path, ignore_missing)
if msg != '':
# Opening file failed
if ignore_missing:
module.exit_json(msg=msg, changed=False, value=None)
else:
module.fail_json(msg=msg)
else:
# Try to parse the result from ini file
section = module.params.get('section')
key = module.params.get('key')
default = module.params.get('default')
ret, msg, value = get_result(ini_file_path, section, key, default)
if ret == ReturnValue.INVALID_FORMAT:
module.fail_json(msg=msg)
elif ret == ReturnValue.KEY_NOT_FOUND:
module.exit_json(msg=msg, changed=False, value=None)
elif ret == ReturnValue.OK:
module.exit_json(msg=msg, changed=False, value=value)
if __name__ == '__main__':
main()

55
library/warn.py Normal file
View File

@ -0,0 +1,55 @@
#!/usr/bin/env python
# Copyright 2017 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from ansible.module_utils.basic import AnsibleModule
from yaml import safe_load as yaml_safe_load
DOCUMENTATION = '''
---
module: warn
short_description: Add warning to playbook output
description:
- Add warning to playbook output
options:
msg:
required: true
description:
- The warning text
type: str
author: "Martin Andre (@mandre)"
'''
EXAMPLES = '''
- hosts: webservers
tasks:
- name: Output warning message
warn: msg="Warning!"
'''
def main():
module = AnsibleModule(
argument_spec=yaml_safe_load(DOCUMENTATION)['options']
)
msg = module.params.get('msg')
module.exit_json(changed=False,
warnings=[msg])
if __name__ == '__main__':
main()

13
playbooks/512e.yaml Normal file
View File

@ -0,0 +1,13 @@
---
- hosts: undercloud
vars:
metadata:
name: Advanced Format 512e Support
description: >
Detect whether the undercloud disks use Advanced Format. If they do,
the overcloud images may fail to upload to Glance.
groups:
- prep
- pre-deployment
roles:
- advanced_format_512e_support

View File

@ -0,0 +1,12 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: XFS ftype check
description: >
Check if there is at least 1 XFS volume
with ftype=0 in any deployed node.
groups:
- pre-upgrade
roles:
- xfs_check_ftype

View File

@ -0,0 +1,13 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Check if latest version of packages is installed
description: >
Makes sure python-tripleoclient is at its latest version
before starting an upgrade.
groups:
- pre-upgrade
roles:
- check_latest_packages_version

12
playbooks/dns.yaml Normal file
View File

@ -0,0 +1,12 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: Verify DNS
description: >
Verify that the DNS resolution works
groups:
- pre-deployment
server_to_lookup: example.com
roles:
- dns

17
playbooks/haproxy.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- hosts: "{{ controller_rolename | default('Controller') }}"
vars:
metadata:
name: HAProxy configuration
description: Verify the HAProxy configuration has recommended values.
groups:
- post-deployment
config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
global_maxconn_min: 20480
defaults_maxconn_min: 4096
defaults_timeout_queue: '2m'
defaults_timeout_client: '2m'
defaults_timeout_server: '2m'
defaults_timeout_check: '10s'
roles:
- haproxy

12
playbooks/no-op.yaml Normal file
View File

@ -0,0 +1,12 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: NO-OP validation
description: >
A simple validation doing nothing in order to test that
the validations framework works.
groups:
- no-op
roles:
- no_op

14
playbooks/ntp.yaml Normal file
View File

@ -0,0 +1,14 @@
---
- hosts: allovercloud
vars:
metadata:
name: Verify all deployed nodes have their clock synchronised
description: >
Each overcloud node should have their clocks synchronised.
The deployment should configure and run chronyd. This validation verifies
that it is indeed running and connected to an NTP server on all nodes.
groups:
- post-deployment
roles:
- ntp

View File

@ -0,0 +1,16 @@
---
- hosts: undercloud, allovercloud
vars:
metadata:
name: Ensure services state
description: >
Detect services status on the target host and fails if we find
a failed service.
groups:
- prep
- pre-deployment
- pre-upgrade
- post-deployment
- post-upgrade
roles:
- service_status

View File

@ -0,0 +1,16 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Verify undercloud fits the CPU core requirements
description: >
Make sure that the undercloud has enough CPU cores.
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale
groups:
- prep
- pre-introspection
min_undercloud_cpu_count: 8
roles:
- undercloud_cpu

View File

@ -0,0 +1,17 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Verify the undercloud fits the RAM requirements
description: >
Verify that the undercloud has enough RAM.
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/15/html/director_installation_and_usage/planning-your-undercloud#determining-environment-scale
groups:
- prep
- pre-introspection
- pre-upgrade
min_undercloud_ram_gb: 24
roles:
- undercloud_ram

View File

@ -0,0 +1,13 @@
---
- hosts: undercloud
gather_facts: true
vars:
metadata:
name: Undercloud SELinux Enforcing Mode Check
description: >
Check if the Undercloud is running SELinux in Enforcing mode.
groups:
- prep
- pre-introspection
roles:
- undercloud_selinux_mode

View File

@ -0,0 +1,21 @@
---
- hosts: all
vars:
metadata:
name: validate-selinux
description: >-
Ensures we don't have any SELinux denials on the system
groups:
- pre-deployment
- post-deployment
- pre-upgrade
- post-upgrade
validate_selinux_working_dir: /tmp
validate_selinux_audit_source: /var/log/audit/audit.log
validate_selinux_skip_list_dest: "{{ validate_selinux_working_dir }}/denials-skip-list.txt"
validate_selinux_filtered_denials_dest: "{{ validate_selinux_working_dir }}/denials-filtered.log"
validate_selinux_strict: false
validate_selinux_filter: "None"
validate_selinux_skip_list: {}
roles:
- validate_selinux

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,26 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: Warn developers about the lack of molecule testing
fail:
msg: >-
This role needs molecule tests!

View File

@ -0,0 +1,46 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,10 @@
---
- name: List the available drives
register: drive_list
command: "ls /sys/class/block/"
changed_when: false
- name: Detect whether the drive uses Advanced Format
advanced_format: drive={{ item }}
when: item is match("^sd.$")
with_items: "{{ drive_list.stdout_lines }}"

View File

@ -0,0 +1,9 @@
---
metadata:
name: Advanced Format 512e Support
description: >
Detect whether the undercloud disks use Advanced Format. If they do,
the overcloud images may fail to upload to Glance.
groups:
- prep
- pre-deployment

View File

@ -0,0 +1,10 @@
---
tripleoclient: >-
{%- if ansible_distribution == 'RedHat' and ansible_distribution_major_version == '8' -%}
python3-tripleoclient
{%- else -%}
python2-tripleoclient
{%- endif -%}
packages:
- "{{ tripleoclient }}"

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,51 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Validate No Available Update for patch rpm
include_role:
name: check_latest_packages_version
vars:
packages:
- patch
- name: Working Detection of Update for Pam package
block:
- include_role:
name: check_latest_packages_version
vars:
packages:
- pam
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The check_latest_packages_version role should have detected
that packages have available updates.

View File

@ -0,0 +1,46 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools PyYAML
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,25 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: install patch rpm
package:
name: patch

View File

@ -0,0 +1,16 @@
---
- name: Get available updates for packages
check_package_update:
package: "{{ item }}"
pkg_mgr: "{{ ansible_pkg_mgr }}"
with_items: "{{ packages }}"
register: updates
- name: Check if current version is the latest one
fail:
msg: >-
A newer version of the {{ item.name }} package is
available: {{ item.new_version }}-{{ item.new_release }}
(currently {{ item.current_version }}-{{ item.current_release }})
with_items: "{{ updates.results }}"
when: item.new_version

View File

@ -0,0 +1,8 @@
---
metadata:
name: Check if latest version of packages is installed
description: >
Makes sure python-tripleoclient is at its latest version
before starting an upgrade.
groups:
- pre-upgrade

View File

@ -0,0 +1,2 @@
---
server_to_lookup: example.com

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,47 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
tasks:
- name: Should get a success
include_role:
name: dns
vars:
server_to_lookup: www.redhat.com
- name: Should properly fail
block:
- include_role:
name: dns
vars:
server_to_lookup: role.dns.domain.do-not.exists
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The dns role should have detected a faulty DNS configuration

View File

@ -0,0 +1,45 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools
easy_install:
- pip
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

4
roles/dns/tasks/main.yml Normal file
View File

@ -0,0 +1,4 @@
---
- name: Ensure DNS resolution works
command: "getent hosts {{ server_to_lookup }}"
changed_when: false

7
roles/dns/vars/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
metadata:
name: Verify DNS
description: >
Verify that the DNS resolution works
groups:
- pre-deployment

42
roles/haproxy/README.md Normal file
View File

@ -0,0 +1,42 @@
haproxy
=======
An Ansible role to check if the HAProxy configuration has recommended values.
Requirements
------------
This role requires an Up and Running Overcloud
Role Variables
--------------
- config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
- global_maxconn_min: 20480
- defaults_maxconn_min: 4096
- defaults_timeout_queue: '2m'
- defaults_timeout_client: '2m'
- defaults_timeout_server: '2m'
- defaults_timeout_check: '10s'
Dependencies
------------
No dependencies
Example Playbook
----------------
- hosts: undercloud
roles:
- { role: haproxy }
License
-------
Apache
Author Information
------------------
Red Hat TripleO Validations Team.

View File

@ -0,0 +1,8 @@
---
haproxy_config_file: '/var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg'
global_maxconn_min: 20480
defaults_maxconn_min: 4096
defaults_timeout_queue: '2m'
defaults_timeout_client: '2m'
defaults_timeout_server: '2m'
defaults_timeout_check: '10s'

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,71 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
vars:
haproxy_config_file: /haproxy.cfg
tasks:
- name: create haproxy config file
copy:
dest: /haproxy.cfg
content: |
# This file managed by Puppet
global
daemon
group haproxy
log /dev/log local0
maxconn 100
pidfile /var/run/haproxy.pid
ssl-default-bind-ciphers !SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
ssl-default-bind-options no-sslv3 no-tlsv10
stats socket /var/lib/haproxy/stats mode 600 level user
stats timeout 1s
user haproxy
defaults
log global
maxconn 100
mode tcp
retries 1
timeout http-request 1s
timeout queue 1s
timeout connect 1s
timeout client 1s
timeout server 1s
timeout check 1s
- block:
- include_role:
name: haproxy
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The haproxy role should have detected issues within haproxy
configuration file!

View File

@ -0,0 +1,48 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
dockerfile: Dockerfile
pkg_extras: python-setuptools haproxy PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
dockerfile: Dockerfile
pkg_extras: python*-setuptools haproxy python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,51 @@
---
- name: Gather the HAProxy config
become: true
haproxy_conf:
path: "{{ haproxy_config_file }}"
- name: Verify global maxconn
fail:
msg: >-
The 'global maxconn' value '{{ haproxy_conf.global.maxconn }}'
must be greater than {{ global_maxconn_min }}
failed_when: haproxy_conf.global.maxconn|int < global_maxconn_min
- name: Verify defaults maxconn
fail:
msg: >-
The 'defaults maxconn' value '{{ haproxy_conf.defaults.maxconn }}'
must be greater than {{ defaults_maxconn_min }}
failed_when: haproxy_conf.defaults.maxconn|int < defaults_maxconn_min
- name: Verify defaults timeout queue
fail:
msg: >-
The 'timeout queue' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout queue'] }}',
but must be set to {{ defaults_timeout_queue }}
failed_when: "haproxy_conf.defaults['timeout queue'] != defaults_timeout_queue"
- name: Verify defaults timeout client
fail:
msg: >-
The 'timeout client' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout client'] }}',
but must be set to {{ defaults_timeout_client }}
failed_when: "haproxy_conf.defaults['timeout client'] != defaults_timeout_client"
- name: Verify defaults timeout server
fail:
msg: >-
The 'timeout server' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout server'] }}',
but must be set to {{ defaults_timeout_server }}
failed_when: "haproxy_conf.defaults['timeout server'] != defaults_timeout_server"
- name: Verify defaults timeout check
fail:
msg: >-
The 'timeout check' option in 'defaults' is
'{{ haproxy_conf.defaults['timeout check'] }}',
but must be set to {{ defaults_timeout_check }}
failed_when: "haproxy_conf.defaults['timeout check'] != defaults_timeout_check"

View File

@ -0,0 +1,6 @@
---
metadata:
name: HAProxy configuration
description: Verify the HAProxy configuration has recommended values.
groups:
- post-deployment

View File

@ -0,0 +1,4 @@
---
- name: Run a no-op validation everywhere
debug:
msg: "This is a no-op action for testing that the validations framework runs"

View File

@ -0,0 +1,8 @@
---
metadata:
name: NO-OP validation
description: >
A simple validation doing nothing in order to test that
the validations framework works.
groups:
- no-op

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,26 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: Warn developers about the lack of molecule testing
fail:
msg: >-
This role needs molecule tests!

View File

@ -0,0 +1,46 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

26
roles/ntp/tasks/main.yml Normal file
View File

@ -0,0 +1,26 @@
---
- name: Get if chrony is enabled
become: true
hiera:
name: "chrony_enabled"
- when: chrony_enabled|bool
block:
- name: Populate service facts
service_facts: # needed to make yaml happy
- name: Fail if chronyd service is not running
fail:
msg: "Chronyd service is not running"
when: "ansible_facts.services['chronyd.service'].state != 'running'"
- name: Run chronyc
become: true
command: chronyc -a 'burst 4/4'
changed_when: false
# ntpstat returns 0 if synchronised and non-zero otherwise:
- name: Run ntpstat
command: ntpstat
changed_when: false
when: not chrony_enabled|bool

10
roles/ntp/vars/main.yml Normal file
View File

@ -0,0 +1,10 @@
---
metadata:
name: Verify all deployed nodes have their clock synchronised
description: >
Each overcloud node should have their clocks synchronised.
The deployment should configure and run chronyd. This validation verifies
that it is indeed running and connected to an NTP server on all nodes.
groups:
- post-deployment

View File

@ -0,0 +1,2 @@
---
service_status_podman_opt: ''

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,25 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: Full check with defaults
include_role:
name: service_status

View File

@ -0,0 +1,48 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
command: /sbin/init
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
command: /sbin/init
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,59 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
become: true
tasks:
- name: "Check containers - docker version, no service"
include_role:
name: service_status
tasks_from: containers.yaml
- name: "Check containers - docker version, with service"
block:
- name: Activate docker service
service:
name: docker
state: started
enabled: true
- name: Catch failure
block:
- name: Run check
include_role:
name: service_status
tasks_from: containers.yaml
rescue:
- name: Clear host errors
meta: clear_host_errors
- name: Test output
debug:
msg: |
Success finding broken containers
- name: End play
meta: end_play
- name: Fail if this point is reached
fail:
msg: |
Did not find broken containers

View File

@ -0,0 +1,56 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
easy_install:
- pip
command: /sbin/init
capabilities:
- SYS_ADMIN
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /sys/fs/cgroup:/sys/fs/cgroup:ro
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
command: /sbin/init
capabilities:
- SYS_ADMIN
privileged: true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /sys/fs/cgroup:/sys/fs/cgroup:ro
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML python*-libselinux
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,65 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: install docker
package:
name: docker
- name: fake docker exe
copy:
dest: /usr/bin/docker
mode: 0755
content: |
#!/bin/sh
echo 'thirsty_goldwasser Exited (0) 12 seconds ago'
echo 'fedora28 Exited (255) 7 hours ago'
echo 'centos7 Exited (255) 7 hours ago'
- name: docker unit override basedir
file:
path: /etc/systemd/system/docker.service.d
state: directory
- name: fake docker unit
copy:
dest: /etc/systemd/system/docker.service.d/override.conf
content: |
[Unit]
After=network.target
Wants=
Requires=
[Service]
Type=simple
ExecStart=
ExecStart=/usr/bin/fake
Restart=
- name: fake docker exec for unit
copy:
dest: /usr/bin/fake
mode: 0755
content: |
#!/bin/sh
while true; do
sleep 5;
done

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

Binary file not shown.

View File

@ -0,0 +1,46 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
vars:
service_status_podman_opt: '--storage-driver=vfs'
tasks:
- name: Check podman container state
block:
- name: Detect failed podman containers
include_role:
name: service_status
tasks_from: containers.yaml
rescue:
- name: Clear host errors
meta: clear_host_errors
- name: Test output
debug:
msg: |
Properly detected failed container
- name: End play now
meta: end_play
- name: Fail if we get to this point
fail:
msg: |
Did not detect failed container

View File

@ -0,0 +1,48 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
command: /sbin/init
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
command: /sbin/init
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,39 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: install podman
package:
name: podman
- name: Create libpod arbo
file:
path: '/var/lib/containers/{{ item }}'
state: directory
loop:
- storage
- storage/libpod
- name: Insert failed container DB
copy:
src: ./bolt_state.db
dest: /var/lib/containers/storage/libpod/bolt_state.db
setype: container_var_lib_t

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,44 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
gather_facts: false
tasks:
- name: Check service
block:
- name: Run validation
include_role:
name: service_status
tasks_from: systemd.yaml
rescue:
- name: Clear errors
meta: clear_host_errors
- name: Test output
debug:
msg: |
Successfully detected failed unit
- name: End play
meta: end_play
- name: Fail if this point is reached
fail:
msg: |
Did not detect failed unit

View File

@ -0,0 +1,48 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools python-enum34 python-netaddr ruby epel-release PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
command: /sbin/init
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
command: /sbin/init
pkg_extras: python*-setuptools python*-enum34 python*-netaddr ruby python*-PyYAML
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
ANSIBLE_LIBRARY: "../../../../library"
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,39 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Prepare
hosts: all
gather_facts: false
tasks:
- name: Create fake, failing unit
copy:
dest: /etc/systemd/system/tripleo_failed-unit.service
content: |
[Unit]
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/false
- name: Enable and start broken thing
ignore_errors: true
service:
name: tripleo_failed-unit
state: started
enabled: true

View File

@ -0,0 +1,59 @@
---
- name: Gather package facts
package_facts:
manager: auto
- name: Is docker running
systemd:
name: docker
register: docker_svc
when: ansible_facts.packages['docker'] is defined
- name: Do we have podman
stat:
path: /usr/bin/podman
register: podman_stat
- name: Podman related block
when: podman_stat.stat.exists
block:
- name: Get failed containers for podman
become: true
shell: |
podman {{ service_status_podman_opt }} ps -a --filter 'status=exited' --format {{ "'{{ .Names }} {{ .Status }}'" }}
register: failed_podman
- name: Fail if we detect failed podman container
fail:
msg: |
Failed container detected.
On CI, please check the following locations
/var/log/extras/failed_containers.log
/var/log/extras/podman
when: item is not match(".* Exited \(0\) .* ago")
loop: "{{ failed_podman.stdout_lines }}"
- name: Docker related block
when:
- ansible_facts.packages['docker'] is defined
- docker_svc.status['SubState'] == 'running'
block:
- name: Get failed containers from docker
become: true
shell: >
{% raw %}
docker ps -a --filter 'status=exited' --format '{{ .Names }} {{ .Status }}'
{% endraw %}
register: failed_docker
- name: Fail if we detect failed docker container
fail:
msg: |
Failed container detected.
On CI, please check the following locations
/var/log/extras/failed_containers.log
/var/log/extras/docker
when:
- failed_docker is defined
- item is not match(".* Exited \(0\) .* ago")
loop: "{{ failed_docker.stdout_lines }}"

View File

@ -0,0 +1,3 @@
---
- include_tasks: containers.yaml
- include_tasks: systemd.yaml

View File

@ -0,0 +1,13 @@
---
- name: Get failed services from Systemd
shell: >
systemctl list-units --failed --plain --no-legend --no-pager "tripleo_*"
register: systemd_state
changed_when: false
- name: Fails if we find failed systemd units
assert:
that:
- systemd_state.stdout_lines|length == 0
fail_msg: "The following services failed {{ systemd_state.stdout_lines }}"
success_msg: "All tripleo units are working fine"

View File

@ -0,0 +1,36 @@
Undercloud-cpu
==============
An Ansible role to check if the Undercloud fits the CPU core requirements
Requirements
------------
This role could be used before or/and after the Undercloud installation.
Role Variables
--------------
- min_undercloud_cpu_count: <8> -- Minimal number of CPU core
Dependencies
------------
No dependencies.
Example Playbook
----------------
- hosts: undercloud
roles:
- { role: undercloud-cpu, min_undercloud_cpu_count: 42 }
License
-------
Apache 2.0
Author Information
------------------
Red Hat TripleO Validations Team

View File

@ -0,0 +1,3 @@
---
min_undercloud_cpu_count: 8

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

View File

@ -0,0 +1,42 @@
---
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
hosts: all
vars:
min_undercloud_cpu_count: 100
tasks:
- block:
- include_role:
name: undercloud_cpu
rescue:
- name: Clear host errors
meta: clear_host_errors
- debug:
msg: The validation works! End the playbook run
- name: End play
meta: end_play
- name: Fail the test
fail:
msg: |
The undercloud_cpu role should have detected that there is not
enough CPU

View File

@ -0,0 +1,45 @@
---
driver:
name: docker
log: true
platforms:
- name: centos7
hostname: centos7
image: centos:7
pkg_extras: python-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
easy_install:
- pip
environment: &env
http_proxy: "{{ lookup('env', 'http_proxy') }}"
https_proxy: "{{ lookup('env', 'https_proxy') }}"
- name: centos8
hostname: centos8
image: centos:8
pkg_extras: python*-setuptools
volumes:
- /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
environment:
<<: *env
provisioner:
name: ansible
log: true
env:
ANSIBLE_STDOUT_CALLBACK: yaml
scenario:
test_sequence:
- destroy
- create
- prepare
- converge
- verify
- destroy
verifier:
name: testinfra

View File

@ -0,0 +1,7 @@
---
- name: Verify the number of CPU cores
fail:
msg: >-
There are {{ ansible_processor_vcpus }} cores in the system,
but there should be at least {{ min_undercloud_cpu_count }}
failed_when: "ansible_processor_vcpus|int < min_undercloud_cpu_count|int"

View File

@ -0,0 +1,10 @@
---
metadata:
name: Verify undercloud fits the CPU core requirements
description: >
Make sure that the undercloud has enough CPU cores.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux_OpenStack_Platform/7/html/Director_Installation_and_Usage/sect-Undercloud_Requirements.html
groups:
- prep
- pre-introspection

View File

@ -0,0 +1,36 @@
Undercloud-ram
==============
An Ansible role to check if the Undercloud fits the RAM requirements
Requirements
------------
This role could be used before or/and after the Undercloud installation
Role Variables
--------------
- min_undercloud_ram_gb: <24> -- Minimal amount of RAM in GB
Dependencies
------------
No dependencies.
Example Playbook
----------------
- hosts: undercloud
roles:
- { role: undercloud-ram, min_undercloud_ram_gb: 24 }
License
-------
Apache
Author Information
------------------
Red Hat TripleO Validations Team

View File

@ -0,0 +1,3 @@
---
min_undercloud_ram_gb: 24

View File

@ -0,0 +1,37 @@
# Molecule managed
# Copyright 2019 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install sudo python*-devel python*-dnf bash {{ item.pkg_extras | default('') }} && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl python-setuptools bash {{ item.pkg_extras | default('') }} && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml {{ item.pkg_extras | default('') }} && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates {{ item.pkg_extras | default('') }}; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates {{ item.pkg_extras | default('') }} && xbps-remove -O; fi
{% for pkg in item.easy_install | default([]) %}
# install pip for centos where there is no python-pip rpm in default repos
RUN easy_install {{ pkg }}
{% endfor %}
CMD ["sh", "-c", "while true; do sleep 10000; done"]

Some files were not shown because too many files have changed in this diff Show More