- name: Prepare for TripleO deployment hosts: controller gather_facts: false vars: dpa_dir: "{{ dpa_dir_override | default('/home/zuul/src/github.com/openstack-k8s-operators/data-plane-adoption') }}" rdo_dir: "/home/zuul/src/review.rdoproject.org/rdo-jobs/playbooks/data_plane_adoption" framework_dir: "/home/zuul/src/github.com/openstack-k8s-operators/ci-framework" cifmw_datadir: "/home/zuul/ci-framework-data" pre_adoption_tempest_dir: "/home/zuul/ci-framework-data/tests/pre-adoption-tempest/" tasks: - name: Create inventory for logs collection on the undercloud ansible.builtin.template: src: "{{ playbook_dir }}/files/standalone_vm_inventory.yaml.j2" dest: "/home/zuul/tripleo_ci_inventory" vars: tripleo_name: 'undercloud' - name: Install collections to use nmcli and libvirt ansible modules ansible.builtin.command: ansible-galaxy collection install community.general community.libvirt - name: Prepare nodes to deploy ceph when: use_ceph | default('false') | bool block: - name: Copy ci-framework to undercloud to use when deploying ceph delegate_to: undercloud ansible.posix.synchronize: src: "{{ framework_dir }}/" dest: "/home/zuul/ci-framework" mode: pull rsync_opts: - "--exclude=.git" - "--exclude=tests" - "--exclude=zuul.d" - "--exclude=docs" - "-q" # make rsync less verbose - name: Enable ceph repository become: true delegate_to: overcloud-controller-0 ansible.builtin.command: cmd: subscription-manager repos --enable=rhceph-7-tools-for-rhel-9-x86_64-rpms - name: Install cephadm become: true delegate_to: overcloud-controller-0 ansible.builtin.package: name: cephadm state: present - name: Install packages needed for ceph deployment on the overcloud nodes become: true delegate_to: "{{ item }}" when: item != 'undercloud' ansible.builtin.package: name: - lvm2 - jq state: present loop: "{{ groups['rh-subscription'] }}" - name: Setup overcloud nodes for free-ipa when enable_tls true when: enable_tls|default('false')|bool vars: overcloud_hosts: "{{ groups['rh-subscription'] | reject('search', 'undercloud') | list }}" block: - name: Install ipa-client on all nodes delegate_to: "{{ item }}" become: true ansible.builtin.package: name: ipa-client state: present loop: "{{ groups['rh-subscription'] }}" - name: Template etc resolv.conf on tripleo overcloud nodes when enable_tls delegate_to: "{{ item }}" become: true ansible.builtin.template: src: "{{ playbook_dir }}/files/ipa_resolv_conf.j2" dest: "/etc/resolv.conf" owner: root group: root mode: 0644 loop: "{{ overcloud_hosts }}" - name: Add ip route via ctlplane for overcloud nodes to reach the ipaserver dns delegate_to: "{{ item }}" become: true ansible.builtin.shell: "ip route add {{ ipa_container_ip | default('10.255.255.25') }} via 192.168.122.100 dev br-ex" loop: "{{ overcloud_hosts }}" - name: Create expected /etc/pki/CA directory on overcloud nodes delegate_to: "{{ item }}" become: true ansible.builtin.file: path: /etc/pki/CA state: directory mode: '0755' loop: "{{ overcloud_hosts }}" - name: Write repo commands and deploy undercloud with install_yamls block: - name: Write out the repo setup commands to file for undercloud to use ansible.builtin.lineinfile: create: true path: "/home/zuul/cdn_subscription_repos.sh" value: "subscription-manager repos --enable {{ osp_17_repos | join(' --enable ') }}" - name: Write ceph repo commands when use_ceph is set when: use_ceph is defined and use_ceph ansible.builtin.lineinfile: create: true path: "/home/zuul/cdn_subscription_repos.sh" value: "subscription-manager repos --enable {{ osp_17_ceph_repos | join(' --enable ') }}" - name: Deploy the tripleo source environment ansible.builtin.shell: > ansible-playbook {{ rdo_dir }}/install_yamls_deploy_tripleo.yaml -e "job_name={{ zuul.job }}" {% if dpa_standalone_ntp_server is defined %} -e ntp_override={{ dpa_standalone_ntp_server }} {% endif %} -e repo_setup_commands=/home/zuul/cdn_subscription_repos.sh -e "standalone_ip={{ standalone_ip }}" -e "standalone_gateway={{ standalone_gateway }}" -e "undercloud_dns={{ undercloud_dns | default(standalone_gateway) }}" -e 'manage_default_route={{ tripleo_network.manage_default_route | default('false') }}' -e 'configure_networking={{ tripleo_network.configure_networking | default('false') }}' -e 'attach_external_net={{ tripleo_network.attach_external_net | default('true') }}' -e "use_ceph={{ use_ceph | default('false') }}" -e "multi_cell={{ multi_cell | default('false') }}" -e "enable_telemetry={{ enable_telemetry | default('false') }}" -e "cloud_domain={{ cloud_domain | default('localdomain') }}" -e "enable_tls={{ enable_tls | default('false') }}" -e "enable_octavia={{ enable_octavia | default('true') }}" -e "swift_replicated={{ swift_replicated | default('false') }}" args: chdir: "{{ framework_dir }}" - name: Wait for undercloud vm to be available ansible.builtin.wait_for: port: 22 host: "{{ standalone_ip }}" delay: 10 timeout: 300 - name: Allow ssh connection to overcloud nodes ansible.builtin.shell: > ansible-playbook -i {{ cifmw_datadir }}/artifacts/zuul_inventory.yml {{rdo_dir}}/allow_zuul_connect_tripleo.yaml - name: Accept undercloud ssh host keys to avoid prompt connecting for the first time connection: local ansible.builtin.shell: | ssh-keygen -F {{ standalone_ip }} || ssh-keyscan -H {{ standalone_ip }} >> ~/.ssh/known_hosts register: known_hosts_script changed_when: "'found' not in known_hosts_script.stdout" - name: Run test preparation in undercloud vm ansible.builtin.shell: ansible-playbook {{ rdo_dir }}/undercloud_prepare_tests.yaml -e multi_cell={{ multi_cell|default(false) }} -i /home/zuul/tripleo_ci_inventory - name: Read the ssh key downloaded from undercloud ansible.builtin.slurp: path: "{{ standalone_private_key | default('/home/zuul/src/github.com/openstack-k8s-operators/install_yamls/out/edpm/ansibleee-ssh-key-id_rsa') }}" register: undercloud_key - name: Place undercloud key into secrets.yaml ansible.builtin.lineinfile: path: "{{ rdo_dir }}/secrets.yaml" regexp: '^edpm_encoded_privatekey:' value: "edpm_encoded_privatekey: \"{{ undercloud_key['content'] }}\"" - name: Install required packages become: true ansible.builtin.package: name: - python3 - python3-pip - crudini - name: pip install openstackclient for keystone adoption on crc become: true ansible.builtin.pip: name: python-openstackclient executable: pip3 # NOTE: source of trurh is adoption-multinode-* jobs, first try to # inline via adoption_extra_vars directly instead of templating here! - name: Insert edpm_bootstrap_command var into dataplane tests vars ansible.builtin.blockinfile: path: "{{ rdo_dir }}/vars.yaml" marker_begin: "BEGIN edpm_bootstrap_command vars" marker_end: "END edpm_bootstrap_command vars" block: | edpm_bootstrap_command: | {{ edpm_bootstrap_command | indent(2) }} when: edpm_bootstrap_command is defined - name: Store node-exporter image in vars.yaml if defined when: edpm_telemetry_node_exporter_image is defined ansible.builtin.lineinfile: path: "{{ rdo_dir }}/vars.yaml" line: "edpm_telemetry_node_exporter_image: {{ edpm_telemetry_node_exporter_image }}" - name: Fetch and use token file if exists when: registry_token_dest_path is defined block: - name: Check if the secret file exists ansible.builtin.stat: path: "{{ registry_token_dest_path }}" register: remote_file_check - name: Slurp the secret if defined and available when: - remote_file_check.stat.exists ansible.builtin.slurp: src: "{{ registry_token_dest_path }}" register: remote_content - name: Flatten variables into global scope ansible.builtin.set_fact: "{{ item.key }}": "{{ item.value }}" loop: "{{ (remote_content.content | b64decode | from_yaml) | dict2items }}" when: - remote_file_check.stat.exists - remote_content.content is defined no_log: true - name: Insert edpm_container_registry_logins var into dataplane tests vars ansible.builtin.blockinfile: path: "{{ rdo_dir }}/vars.yaml" marker_begin: "BEGIN edpm_container_registry_logins vars" marker_end: "END edpm_container_registry_logins vars" block: | edpm_container_registry_logins: {% for login, value in edpm_container_registry_logins.items() -%} {{ login | indent(2) }}: {{ value | to_nice_yaml | trim }} {% endfor -%} when: - edpm_container_registry_logins is defined - edpm_container_registry_logins is mapping - name: Insert ping test related variables when: ping_test | default(false) | bool ansible.builtin.blockinfile: marker_begin: "BEGIN ping test related vars" marker_end: "END ping test related vars" path: "{{ rdo_dir }}/vars.yaml" block: | ping_test: true prelaunch_test_instance: true ping_test_loss_threshold: {{ ping_test_loss_threshold | default(0) }} ping_test_loss_threshold_percent: {{ ping_test_loss_threshold_percent | default(0) }} - name: Fetch hash and set ci_testing_hash fact for periodic when: "'periodic' in zuul.job or (force_periodic|default(false)|bool)" block: - name: Fetch latest c9 or rhel9 antelope tag from dlrn when: dlrn_hash_tag is not defined ansible.builtin.uri: url: "https://{{ dpa_dlrn_server | default('trunk.rdoproject.org') }}/{{ dpa_dlrn_namespace | default('centos9-antelope') }}/{{ dpa_dlrn_tag | default('podified-ci-testing') }}/delorean.repo.md5" return_content: true register: latest_dlrn_tag until: latest_dlrn_tag.status == 200 retries: 6 delay: 5 - name: Insert vars needed for periodic job into test vars.yaml ansible.builtin.blockinfile: marker_begin: "BEGIN periodic container vars" marker_end: "END periodic container vars" path: "{{ rdo_dir }}/vars.yaml" block: | periodic: true container_registry: "{{ dpa_container_registry | default('quay.rdoproject.org') }}" container_namespace: "{{ dpa_container_namespace | default('podified-antelope-centos9') }}" container_tag: {{ dlrn_hash_tag | default(latest_dlrn_tag.content) }} - name: Set timesync_ntp_servers if dpa_standalone_ntp_server set ansible.builtin.blockinfile: path: "{{ rdo_dir }}/vars.yaml" block: | timesync_ntp_servers: - hostname: {{ dpa_standalone_ntp_server }} when: dpa_standalone_ntp_server is defined - name: Insert vars needed to override edpm images into test vars.yaml when: - dpa_container_registry is defined - dpa_container_namespace is defined ansible.builtin.blockinfile: marker_begin: "BEGIN dataplane container vars" marker_end: "END dataplane container vars" path: "{{ rdo_dir }}/vars.yaml" block: | registry_name: "{{ dpa_container_registry }}" registry_namespace: "{{ dpa_container_namespace }}" image_tag: "{{ dlrn_hash_tag | default(latest_dlrn_tag.content) }}" - name: Insert edpm_container_registry_insecure_registries into dataplane test vars ansible.builtin.blockinfile: path: "{{ rdo_dir }}/vars.yaml" marker_begin: "BEGIN edpm_container_registry_insecure_registries vars" marker_end: "END edpm_container_registry_insecure_registries vars" block: | edpm_container_registry_insecure_registries: {{ edpm_container_registry_insecure_registries | to_nice_yaml }} when: - edpm_container_registry_insecure_registries is defined - name: Store upstream dns server in vars.yaml if defined # we need to expose this so that the tests can then point the dnsmasq in # the controlplane to a working dns server to resolve names outside of # openstack when: (upstream_control_plane_dns is defined or upstream_dns is defined) ansible.builtin.lineinfile: path: "{{ rdo_dir }}/vars.yaml" line: "upstream_dns: {{ upstream_control_plane_dns|default(upstream_dns) }}" - name: Set var to skip ansibleee csv patching when: dpa_skip_patch_csv| default(false) | bool ansible.builtin.lineinfile: path: "{{ rdo_dir }}/vars.yaml" line: "skip_patching_ansibleee_csv: {{ dpa_skip_patch_csv | string | lower }}" - name: Check if edpm-ansible.yml file was created ansible.builtin.stat: path: "/home/zuul/ci-framework-data/artifacts/edpm-ansible.yml" register: edpm_ansible_file - name: Read edpm_ansible file and extract ansibleee_runner img when: edpm_ansible_file.stat.exists block: - name: Read file ansible.builtin.slurp: path: "/home/zuul/ci-framework-data/artifacts/edpm-ansible.yml" register: edpm_ansible_output - name: Extract ansiblee_runner img vars: edpm_ansible_dict: "{{ edpm_ansible_output['content'] | b64decode | from_yaml }}" ansible.builtin.set_fact: ansibleee_runner_img: "{{ edpm_ansible_dict['cifmw_update_containers_ansibleee_image_url'] }}" - name: Insert ansibleee_runner_img var into vars.yaml ansible.builtin.lineinfile: path: "{{ rdo_dir }}/vars.yaml" line: "ansibleee_runner_img: {{ ansibleee_runner_img }}" - name: Workaround systemd-container # Note: This WA applies to version <= 17.1.3 become: true delegate_to: "{{ item }}" when: item != 'undercloud' ansible.builtin.dnf: name: - systemd-container state: present loop: "{{ groups['rh-subscription'] }}" - name: Update sos-reports package to use it with must-gather delegate_to: "{{ item }}" become: true when: item != 'undercloud' ansible.builtin.dnf: name: sos state: latest loop: "{{ groups['rh-subscription'] }}" - name: Disable OSP17.1 repos before running OSP 18 setup and adoption delegate_to: "{{ item }}" become: true ansible.builtin.shell: "subscription-manager repos --disable {{ osp_17_repos | join(' --disable ') }}" loop: "{{ groups['rh-subscription'] }}" - name: Disable OSP17.1 ceph repos before running OSP 18 setup and adoption when: use_ceph | default('false') | bool delegate_to: "{{ item }}" become: true ansible.builtin.shell: "subscription-manager repos --disable {{ osp_17_ceph_repos | join(' --disable ') }}" loop: "{{ groups['rh-subscription'] }}" - name: Insert adoption extra vars when defined when: adoption_extra_vars is defined ansible.builtin.blockinfile: marker_begin: "BEGIN adoption extra vars" marker_end: "END adoption extra vars" path: "{{ rdo_dir }}/vars.yaml" block: | {{ adoption_extra_vars }} - name: Insert edpm_bootstrap_command var into dataplane tests vars ansible.builtin.blockinfile: path: "{{ rdo_dir }}/vars.yaml" marker_begin: "BEGIN edpm_bootstrap_command vars" marker_end: "END edpm_bootstrap_command vars" block: | edpm_bootstrap_command: | {{ edpm_bootstrap_command | indent(2) }} when: edpm_bootstrap_command is defined - name: Read the tripleo passwords downloaded from undercloud ansible.builtin.slurp: path: "{{ tripleo_passwords_file }}" register: tripleo_passwords_result - name: Set tripleo passwords in secrets.yaml ansible.builtin.lineinfile: path: "{{ rdo_dir }}/secrets.yaml" regexp: "{{ item.key }}:" line: "{{ item.key }}: {{ tripleo_passwords_result['content'] | b64decode | regex_search(item.regex + ': (.+)', '\\1') | first }}" loop: - key: 'aodh_password' regex: 'AodhPassword' - key: 'barbican_password' regex: 'BarbicanPassword' - key: 'ceilometer_password' regex: 'CeilometerPassword' - key: 'glance_password' regex: 'GlancePassword' - key: 'placement_password' regex: 'PlacementPassword' - key: 'cinder_password' regex: 'CinderPassword' - key: 'neutron_password' regex: 'NeutronPassword' - key: 'heat_password' regex: 'HeatPassword' - key: 'heat_stack_domain_admin_password' regex: 'HeatStackDomainAdminPassword' - key: 'heat_auth_encryption_key' regex: 'HeatAuthEncryptionKey' - key: 'manila_password' regex: 'ManilaPassword' - key: 'ironic_password' regex: 'IronicPassword' - key: 'nova_password' regex: 'NovaPassword' - key: 'octavia_password' regex: 'OctaviaPassword' - key: 'swift_password' regex: 'SwiftPassword' - key: 'libvirt_password' regex: 'LibvirtTLSPassword'