openstack
/
tripleo-ci
Code Issues Proposed changes
tripleo-ci/roles/build-containers/tasks/main.yaml

310 lines
10 KiB
YAML
Raw Blame History

---
- name: Ensure logs directory exists
file:
path: '{{ workspace }}/logs'
state: directory
- name: Set ci_branch for building containers check jobs
include_tasks: set_ci_branch.yml
- name: Set facts for kolla-build.conf
set_fact:
push_registry: "{{ push_registry | default('127.0.0.1:8787') }}"
push_containers: "{{ push_containers | default(false) | bool }}"
container_config: ""
- name: Set arch_tag fact
set_fact:
# NOTE(mjturek): Push old style tag for x86_64 first to maintain compatibility.
arch_tag: "{{ '_' + ansible_architecture if ansible_architecture != 'x86_64' else ''}}"
- name: Check the contents of the openstack_repo_name repo
become: true
shell: >
set -o pipefail &&
cat /etc/yum.repos.d/{{ openstack_repo_name }}.repo |grep -o 'baseurl=' |wc -l
register: number_baseurl_lines
when: buildcontainers_version_hash is not defined
- name: Use baseurl if there is only one
when:
- buildcontainers_version_hash is not defined
- number_baseurl_lines.stdout|int == 1
block:
- name: Get contents of openstack repo baseurl for the version hash
become: true
shell: >
set -o pipefail &&
cat /etc/yum.repos.d/{{ openstack_repo_name }}.repo |awk -F= '/baseurl/ {print $2}'
register: baseurl
- name: Set version_hash fact
set_fact:
version_hash: "{{ baseurl.stdout.split('/')[-1] }}"
- name: Use the md5sum if there is more than one baseurl line
when:
- buildcontainers_version_hash is not defined
- number_baseurl_lines.stdout|int > 1
block:
- name: Get contents of openstack repo baseurl for the version hash
become: true
shell: md5sum /etc/yum.repos.d/{{ openstack_repo_name }}.repo | awk '{print $1}'
register: md5sum_repo
- name: Set version_hash fact
set_fact:
version_hash: "{{ md5sum_repo.stdout }}"
- name: Set version_hash fact if buildcontainers_version_hash is defined
set_fact:
version_hash: "{{ buildcontainers_version_hash }}"
when: buildcontainers_version_hash is defined
# collectd tries to disable epel and epel-modular repository, which doesn't
# exist, and so fail, this is just a dummy repository so the container won't
# fail.
- name: Add dummy epel and epel-module repository
become: true
when:
- ansible_pkg_mgr == "dnf"
- ansible_distribution|lower == "redhat"
yum_repository:
name: "{{ item }}"
description: Dummy epel repository
file: delorean_epel_dummy
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
enabled: false
with_items:
- epel
- epel-modular
- name: grab kolla patch rhel8
when:
- ansible_pkg_mgr == "dnf"
- ansible_distribution|lower == "redhat"
- zuul_internal is undefined
shell: |
set -euxo pipefail
git config --global user.email "zuul@openstack.org"
git config --global user.name "Zuul"
git remote add upstream https://review.opendev.org/openstack/kolla
git ls-remote https://review.opendev.org/openstack/kolla | \
grep -E refs/changes/[[:digit:]]+/{{ kolla_rhel8_patch[branch_override|default('master')] }}/ | \
awk '{print $2}' | \
sort -t / -k 5 -g -r | \
head -1 | \
xargs -I{} git fetch https://review.opendev.org/openstack/kolla {} && \
git checkout -b rhel8 FETCH_HEAD
# Look for Kolla changes running in check queue and if present then
# set the git_rebase branch as kolla change as are already clonned and
# can be grabbed from zuul.ref var otherwise use master.
git_rebase_branch={{ branch_override|default('master') }}
{% if zuul.ref is defined and zuul.ref and zuul.pipeline in ['check', 'openstack-check'] %}
found=$(git ls-remote https://review.opendev.org/openstack/kolla | grep {{ zuul.ref }} || true);
echo $found;
if [[ -n "$found" ]] ; then
git_rebase_branch={{ zuul.ref }}
fi
{% endif %}
git pull --rebase upstream $git_rebase_branch
args:
chdir: "{{ openstack_git_root }}/kolla"
warn: false
register: result
changed_when: "'nothing to commit, working directory clean' not in result.stdout_lines"
- include_tasks: venv_setup.yml
when: buildcontainers_venv is defined and buildcontainers_venv
- include_tasks: package_setup.yml
when: buildcontainers_venv is defined and not buildcontainers_venv
# TODO(aschultz): make the kolla-build branch aware
- name: Generate kolla-build.conf
template:
src: templates/kolla-build.conf.j2
dest: "{{ workspace }}/kolla-build.conf"
mode: 0644
force: true
- name: Set container cli
set_fact:
container_cli: "{% if use_buildah|bool %}buildah{% else %}docker{% endif %}"
cacheable: true
- name: Set --config-file for component-ci if component_ci_containers is specified
set_fact:
container_config: "--config-file {{ component_ci_configs[component_ci_containers] }}"
when: component_ci_containers != ""
- name: build base rhel container
block:
- name: create docker-build dir
file:
path: /tmp/base-build
state: directory
- name: create docker-build repos dir
file:
path: /tmp/base-build/repos
state: directory
- name: Move delorean repos to base build
become: true
shell:
cmd: |
{% if zuul_internal is defined %}
cp /etc/yum.repos.d/* /tmp/base-build/repos/
{% else %}
cp /etc/yum.repos.d/delorean* /tmp/base-build/repos/
{% endif %}
chown -R {{ ansible_user }}: /tmp/base-build/repos/*
- name: render dockerfile zuul_internal
when: zuul_internal is defined
template:
src: templates/Dockerfile_redhat.j2
dest: /tmp/base-build/Dockerfile
- name: create base container with repos from rhel container
shell:
cmd: |
set -x
sudo buildah --debug bud -t {{ kolla_base_image }}:{{ kolla_base_tag }} . \
2>&1 {{ timestamper_cmd }} > {{ workspace }}/build-rhel-base.log
args:
chdir: /tmp/base-build
when:
- ansible_distribution|lower == "redhat"
- kolla_base_image is defined
- kolla_base_tag is defined
- name: Make sure authfile exists
when: buildcontainers_authfile_path is defined
block:
- name: Check for authfile
stat:
path: '{{ buildcontainers_authfile_path }}'
register: authfile_exist
- name: Make sure autfile exists
assert:
that:
- authfile_exist.stat.exists | bool
- name: Generate tcib extra config file
copy:
dest: "{{ workspace }}/extra_config.yaml"
content: |
{{ tcib_extra_config | to_nice_yaml }}
- name: Generate kolla building script
template:
src: templates/kolla-build.sh.j2
dest: "{{ workspace }}/build_containers.sh"
mode: 0777
force: true
when: use_kolla | default(true)
- name: Generate tripleo building script
template:
src: templates/tripleo-build.sh.j2
dest: "{{ workspace }}/build_containers.sh"
mode: 0777
force: true
when: not use_kolla | default(true)
- name: "Run image build as ansible user > {{ workspace }}/logs/build.log"
args:
chdir: '{{ workspace }}'
shell: set -o pipefail && bash build_containers.sh 2>&1 {{ timestamper_cmd }} > {{ workspace }}/logs/build.log
when:
- ansible_distribution|lower != "redhat"
- name: "Run image build as root > {{ workspace }}/logs/build.log"
args:
chdir: '{{ workspace }}'
shell: set -o pipefail && bash build_containers.sh 2>&1 {{ timestamper_cmd }} > {{ workspace }}/logs/build.log
when:
- ansible_distribution|lower == "redhat"
become: true
# Workaround for https://bugs.launchpad.net/tripleo/+bug/1916742 as buildah is throwing warnings
- name: Check if "/usr/share/containers/libpod.conf" exists.
become: true
stat: path=/usr/share/containers/libpod.conf
register: libpod_conf_file_stat
- name: "Move /usr/share/containers/libpod.conf to /usr/share/containers/libpod.conf_backup"
become: true
command: mv /usr/share/containers/libpod.conf /usr/share/containers/libpod.conf_backup
when: libpod_conf_file_stat.stat.exists
- name: Retrieve built images # noqa risky-shell-pipe
shell: "{{ container_cli }} images | grep {{ container_name_prefix }} | awk '{ print $1 }'"
register: built_images
become: true
changed_when: false
- name: Retag and push x86_64 images
when:
- ansible_architecture == "x86_64"
- push_containers | bool
- not push_containers_podman | default(false) | bool
block:
- name: Disable HTTPS and certificates to access registry (buildah)
set_fact:
container_cli_opt: '--tls-verify=false'
when: use_buildah | bool
- name: Tag images
vars:
image: "{{ item }}"
include: tag.yaml
static: false
with_items: "{{ built_images.stdout_lines }}"
become: true
- name: Run registry
when:
- job.provider_job|default(false)|bool
block:
- name: Run registry
shell: >-
$(command -v docker || command -v podman) run -d \
-e REGISTRY_HTTP_ADDR=0.0.0.0:{{ provider_registry_port }} \
-p {{ provider_registry_port }}:{{ provider_registry_port }} \
--name registry {{ container_registry_image }}
changed_when: true
rescue:
- name: Run registry (rescue)
shell: >-
$(command -v docker || command -v podman) run -d \
-e REGISTRY_HTTP_ADDR=0.0.0.0:{{ provider_registry_port }} \
-p {{ provider_registry_port }}:{{ provider_registry_port }} \
--name registry quay.rdoproject.org/ceph/registry:2
changed_when: true
become: true
- name: Populate provider registry
when:
- job.provider_job|default(false)|bool
block:
- name: Open ports
command: iptables -I INPUT -p tcp --dport 5001 -j ACCEPT
changed_when: true
- name: Disable HTTPS and certificates to access registry (buildah)
set_fact:
container_cli_opt: '--tls-verify=false'
when: use_buildah | bool
- name: Retag and push images to provider registry
vars:
image: "{{ item }}"
include: provider_push.yaml
static: false
with_items: "{{ built_images.stdout_lines }}"
become: true
View Git Blame Copy Permalink