From 003fdfaa5bf1f574731a55910b443df8be2ee220 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Thu, 6 Jun 2024 12:26:54 +0200 Subject: [PATCH] Bump Ansible version for tests repo Current Ansible version for tests repo, which is used for functional tests can not deal with some more modern logic, causing CI to fail for Ubuntu Jammy on apt_package_pinning for Galera role. Updating Ansible version fixes the issue. Change-Id: I70838dc4fb1cadfcf579b5e9af5769a8f48108da --- common-tasks/test-set-nodepool-vars.yml | 2 +- destroy_containers.yml | 2 +- listening-port-report.yml | 8 +- test-ansible-collection-requirements.yml | 20 ++--- test-ansible-deps.txt | 2 +- test-ansible-lint.sh | 2 +- test-ansible.cfg | 6 +- test-install-infra.yml | 9 ++- test-log-collect.sh | 1 + test-prepare-containers.yml | 3 +- test-prepare-host.yml | 26 +++---- test-prepare-keys.yml | 98 ++++++++++++------------ test-repo-setup.yml | 6 +- test-requirements.txt | 2 +- tests/inventory | 6 +- tests/test.yml | 21 +++-- zuul.d/jobs.yaml | 4 +- 17 files changed, 109 insertions(+), 109 deletions(-) diff --git a/common-tasks/test-set-nodepool-vars.yml b/common-tasks/test-set-nodepool-vars.yml index 429f5ee3..8ca665c7 100644 --- a/common-tasks/test-set-nodepool-vars.yml +++ b/common-tasks/test-set-nodepool-vars.yml @@ -20,6 +20,7 @@ delegate_to: localhost - name: Set nodepool vars + when: ci_mirror_info.stat.exists block: - name: Discover variables from OpenStack's CI environment when in nodepool shell: | @@ -66,4 +67,3 @@ pip_links: - name: "infra_wheel_mirror" link: "{{ pip_wheel_mirror }}" - when: ci_mirror_info.stat.exists diff --git a/destroy_containers.yml b/destroy_containers.yml index ce6fdae4..bf7088e0 100644 --- a/destroy_containers.yml +++ b/destroy_containers.yml @@ -40,7 +40,7 @@ - "/openstack/backup/{{ container_name }}" - "/openstack/log/{{ container_name }}" - "/var/lib/lxc/{{ container_name }}" - - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" + - "{{ lxc_container_directory | default('/var/lib/lxc') }}/{{ container_name }}" - "/var/log/lxc/lxc-{{ container_name }}" delegate_to: "{{ physical_host }}" tags: diff --git a/listening-port-report.yml b/listening-port-report.yml index 0994ec6b..0b6b8033 100644 --- a/listening-port-report.yml +++ b/listening-port-report.yml @@ -17,7 +17,7 @@ become: true gather_facts: no tasks: - - name: netstat package is installed + - name: Netstat package is installed package: name: net-tools state: present @@ -27,7 +27,7 @@ register: listening_ports changed_when: false - - name: create report + - name: Create report copy: content: | {% for host in ansible_play_hosts %} @@ -39,6 +39,6 @@ {% endfor %} dest: /tmp/listening_port_report.txt - mode: 0644 + mode: "0644" delegate_to: localhost - run_once: true + run_once: true # noqa: run-once[task] diff --git a/test-ansible-collection-requirements.yml b/test-ansible-collection-requirements.yml index 0fea1def..90ddc103 100644 --- a/test-ansible-collection-requirements.yml +++ b/test-ansible-collection-requirements.yml @@ -1,34 +1,34 @@ collections: - name: https://opendev.org/openstack/ansible-collections-openstack - version: 2.1.0 + version: 2.2.0 type: git - name: https://opendev.org/openstack/ansible-config_template - version: 1.2.1 + version: 2.1.0 type: git - name: https://github.com/ansible-collections/community.general - version: 4.0.1 + version: 8.2.0 type: git - name: https://github.com/ansible-collections/community.rabbitmq - version: 1.1.0 + version: 1.2.3 type: git - name: https://github.com/ansible-collections/community.mysql - version: 2.3.1 + version: 3.8.0 type: git - name: https://github.com/ansible-collections/community.crypto - version: 2.11.1 + version: 2.16.2 type: git - name: https://github.com/ansible-collections/ansible.posix - version: 1.3.0 + version: 1.5.4 type: git # NOTE(noonedeadpunk): needs version in galaxy.yml to pull from git - name: openvswitch.openvswitch - version: 2.0.2 + version: 2.1.1 source: https://galaxy.ansible.com - name: ansible.netcommon - version: 2.5.1 + version: 6.0.0 source: https://galaxy.ansible.com - name: ansible.utils - version: 2.5.2 + version: 3.0.0 source: https://galaxy.ansible.com - name: https://opendev.org/openstack/openstack-ansible-plugins version: master diff --git a/test-ansible-deps.txt b/test-ansible-deps.txt index a5e2de7a..88ea7a1a 100644 --- a/test-ansible-deps.txt +++ b/test-ansible-deps.txt @@ -8,7 +8,7 @@ # target configuration in each role. # The Ansible version used for testing -ansible-core==2.12.8 +ansible-core==2.15.9 # Used for the ip filter within ansible netaddr diff --git a/test-ansible-lint.sh b/test-ansible-lint.sh index 8b11742b..975dfe4f 100755 --- a/test-ansible-lint.sh +++ b/test-ansible-lint.sh @@ -45,5 +45,5 @@ source "${COMMON_TESTS_PATH}/test-ansible-env-prep.sh" # Execute ansible-lint. We do not want to test dependent roles located # in $HOME/.ansible/roles since we only care about the role we are currently # testing. -ANSIBLE_LINT_WARNINGS="-w 208 -w 306 -w 502 -w 503 -w var-naming -w role-name -w metadata" +ANSIBLE_LINT_WARNINGS="-w 208 -w 306 -w 502 -w 503 -w var-naming -w role-name -w metadata -w fqcn -w yaml[truthy]" ansible-lint ${ANSIBLE_LINT_PARAMS} ${ANSIBLE_LINT_WARNINGS} --exclude=$HOME/.ansible/roles ${TEST_PLAYBOOK} diff --git a/test-ansible.cfg b/test-ansible.cfg index e16cc238..be78bb95 100644 --- a/test-ansible.cfg +++ b/test-ansible.cfg @@ -21,11 +21,11 @@ # This is a set of configuration options for Ansible. [defaults] -transport = ssh +transport = openstack.osa.ssh host_key_checking = False control_path = /tmp/%%h-%%r ssh_args = -o ControlMaster=no -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -library = $HOME/.ansible/roles/config_template/library:$HOME/.ansible/plugins/library:$HOME/.ansible/roles/ceph-ansible/library +library = $HOME/.ansible/plugins/library:$HOME/.ansible/roles/ceph-ansible/library callback_plugins = $HOME/.ansible/plugins/callback:$HOME/.ansible/roles/ceph-ansible/plugins/callback -action_plugins = $HOME/.ansible/roles/config_template/action:$HOME/.ansible/roles/ceph-ansible/plugins/actions +action_plugins = $HOME/.ansible/roles/ceph-ansible/plugins/actions roles_path = $HOME/.ansible/roles:$HOME/.ansible/testing-role diff --git a/test-install-infra.yml b/test-install-infra.yml index 8710f0bf..df8c0b86 100644 --- a/test-install-infra.yml +++ b/test-install-infra.yml @@ -13,8 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: test-install-memcached.yml +- name: Importing test-install-memcached + import_playbook: test-install-memcached.yml -- import_playbook: test-install-rabbitmq.yml +- name: Importing test-install-rabbitmq + import_playbook: test-install-rabbitmq.yml -- import_playbook: test-install-galera.yml +- name: Importing test-install-galera + import_playbook: test-install-galera.yml diff --git a/test-log-collect.sh b/test-log-collect.sh index 069167b1..bd52011d 100755 --- a/test-log-collect.sh +++ b/test-log-collect.sh @@ -82,6 +82,7 @@ COMMON_ETC_LOG_NAMES="almanach \ searchlight \ sasl2 \ swift \ + ssh \ sysconfig/network-scripts \ sysconfig/network \ systemd/network \ diff --git a/test-prepare-containers.yml b/test-prepare-containers.yml index 76798d4e..d2716333 100644 --- a/test-prepare-containers.yml +++ b/test-prepare-containers.yml @@ -25,7 +25,8 @@ tasks: - include_tasks: "common-tasks/test-set-nodepool-vars.yml" -- import_playbook: destroy_containers.yml +- name: Importing destroy_containers + import_playbook: destroy_containers.yml when: destroy_first | default(True) | bool - name: Playbook for creating containers diff --git a/test-prepare-host.yml b/test-prepare-host.yml index 40f3b2b4..26305a37 100644 --- a/test-prepare-host.yml +++ b/test-prepare-host.yml @@ -13,7 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: test-repo-setup.yml +- name: Importing test-repo-setup + import_playbook: test-repo-setup.yml - name: Playbook for configuring hosts hosts: localhost @@ -34,16 +35,6 @@ tags: - skip_ansible_lint - - name: Set ssh key fact - set_fact: - lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}" - - - name: Ensure roots new public ssh key is in authorized_keys - authorized_key: - user: root - key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}" - manage_dir: no - # This is a very dirty hack due to images.linuxcontainers.org # constantly failing to resolve in openstack-infra. - name: Implement hard-coded hosts entries for consistently failing name @@ -82,7 +73,8 @@ openrc_openstack_client_config_dir_owner: "root" openrc_clouds_yml_file_owner: "root" -- import_playbook: test-install-openstack-hosts.yml +- name: Importing test-install-openstack-hosts + import_playbook: test-install-openstack-hosts.yml - name: Playbook for configuring the LXC host hosts: localhost @@ -104,7 +96,7 @@ - (lxc_net_manage_iptables is defined) and (lxc_net_manage_iptables | bool) - (iptables_clear is defined) and (iptables_clear is changed) notify: - - Restart dnsmasq + - Restart dnsmasq - name: Playbook for configuring test host networking hosts: localhost @@ -127,14 +119,14 @@ vars: systemd_interface_cleanup: true systemd_run_networkd: true - systemd_netdevs: |- # noqa var-spacing + systemd_netdevs: |- # noqa jinja[spacing] {% set systemd_network_devices = [] %} {% for interface in (bridges | default([])) %} {% if interface is string %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': 'dummy-' + interface, 'Kind': 'dummy'}}) %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': interface, 'Kind': 'bridge'}}) %} {% else %} - {% set interface_name = (interface.name | default('br-mgmt')) %} + {% set interface_name = interface.name | default('br-mgmt') %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': 'dummy-' + interface_name, 'Kind': 'dummy'}}) %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': interface_name, 'Kind': 'bridge'}}) %} {% if interface.veth_peer is defined %} @@ -228,9 +220,9 @@ {% if interface is string %} {% set interface_name = interface %} {% else %} - {% set interface_name = (interface.name | default('br-mgmt')) %} + {% set interface_name = interface.name | default('br-mgmt') %} {% endif %} - {% set _ = interfaces.append(hostvars[inventory_hostname][('ansible_' + (interface_name | replace('-', '_')))]['active'] | bool ) %} + {% set _ = interfaces.append(hostvars[inventory_hostname][('ansible_' + (interface_name | replace('-', '_')))]['active'] | bool) %} {% endfor %} {{ interfaces }} diff --git a/test-prepare-keys.yml b/test-prepare-keys.yml index 53ec914a..cad7a181 100644 --- a/test-prepare-keys.yml +++ b/test-prepare-keys.yml @@ -33,11 +33,9 @@ mode: "0700" - name: Create ssh key pair for root - user: - name: root - generate_ssh_key: yes - ssh_key_bits: 2048 - ssh_key_file: /root/.ssh/id_rsa + community.crypto.openssh_keypair: + path: /root/.ssh/id_rsa + comment: "openstack-ansible-tests generated" - name: Get root private key slurp: @@ -55,14 +53,12 @@ set_fact: root_public_key: "{{ public_key_get.content | b64decode }}" root_private_key: "{{ private_key_get.content | b64decode }}" - lxc_container_ssh_key: "{{ public_key_get.content | b64decode }}" - - name: Ensure root can ssh to localhost + - name: Add root ssh key to authorized_keys authorized_key: user: "root" key: "{{ root_public_key }}" - # Note(hwoarang): # This uses local connection for the initial key setup # as no key is setup to allow a connection to localhost @@ -72,53 +68,55 @@ connection: local become: no any_errors_fatal: true + vars: + _user_id: "{{ lookup('env', 'USER') }}" tasks: - # Shell used because facts may not be ready yet - - name: Get user home directory - shell: | - set -o pipefail - getent passwd '{{ ansible_user_id }}' | cut -d':' -f6 - args: - executable: /bin/bash - register: user_home - changed_when: false + - name: Run following tasks only when current user is not root + when: + - _user_id != 'root' + block: + # Shell used because facts may not be ready yet + - name: Get user home directory + shell: | + set -o pipefail + getent passwd '{{ _user_id }}' | cut -d':' -f6 + args: + executable: /bin/bash + register: user_home + changed_when: false - - name: Set local user home fact - set_fact: - calling_user_home: "{{ user_home.stdout }}" + - name: Set local user home fact + set_fact: + calling_user_home: "{{ user_home.stdout }}" - - name: Ensure user has a .ssh directory - file: - path: "{{ calling_user_home }}/.ssh" - state: directory - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_gid }}" - mode: "0700" - when: ansible_user_id != 'root' + - name: Ensure user has a .ssh directory + file: + path: "{{ calling_user_home }}/.ssh" + state: directory + owner: "{{ _user_id }}" + group: "{{ _user_id }}" + mode: "0700" - - name: Ensure user has the known private key - copy: - content: "{{ root_private_key }}" - dest: "{{ calling_user_home }}/.ssh/id_rsa" - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_gid }}" - mode: "0600" - when: ansible_user_id != 'root' + - name: Ensure user has the known private key + copy: + content: "{{ root_private_key }}" + dest: "{{ calling_user_home }}/.ssh/id_rsa" + owner: "{{ _user_id }}" + group: "{{ _user_id }}" + mode: "0600" - - name: Ensure user has the known public key - copy: - content: "{{ root_public_key }}" - dest: "{{ calling_user_home }}/.ssh/id_rsa.pub" - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_gid }}" - mode: "0600" - when: ansible_user_id != 'root' + - name: Ensure user has the known public key + copy: + content: "{{ root_public_key }}" + dest: "{{ calling_user_home }}/.ssh/id_rsa.pub" + owner: "{{ _user_id }}" + group: "{{ _user_id }}" + mode: "0600" - - name: Ensure local user can ssh to localhost - authorized_key: - user: "{{ ansible_user_id }}" - key: "{{ root_public_key }}" - when: ansible_user_id != 'root' + - name: Ensure local user can ssh to localhost + authorized_key: + user: "{{ _user_id }}" + key: "{{ root_public_key }}" - name: Create SSHD CA hosts: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}" @@ -139,7 +137,7 @@ - name: Create CA certificates hosts: "{{ openstack_pki_setup_host | default('localhost') }}" - gather_facts: "false" + gather_facts: false become: true tasks: - name: "Create CA certificates" diff --git a/test-repo-setup.yml b/test-repo-setup.yml index 9667c98c..dad251f9 100644 --- a/test-repo-setup.yml +++ b/test-repo-setup.yml @@ -24,7 +24,7 @@ file: state: directory path: "{{ development_repo_directory }}" - mode: 0755 + mode: "0755" # Git clones for developer testing are expected to be in the # following structure, which mirrors how zuul v3 implements @@ -45,13 +45,13 @@ # matches the repo folder name. - name: Set var for git install branch copy: - dest: "{{ development_repo_directory }}/local-package-constraints-{{ test_branch | replace('/','_') }}.txt" + dest: "{{ development_repo_directory }}/local-package-constraints-{{ test_branch | replace('/', '_') }}.txt" content: | ## Ansible Managed {% for folder_path in projects_directory_find.stdout_lines %} file://{{ folder_path }}#egg={{ folder_path.split("/")[-1] }} {% endfor %} - mode: 0755 + mode: "0755" vars_files: - test-vars.yml diff --git a/test-requirements.txt b/test-requirements.txt index d118a6da..2efedd45 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -19,7 +19,7 @@ # Used for lint tests bashate>=0.5.1 # Apache-2.0 flake8==3.8.3 # MIT -ansible-lint==5.3.2 # MIT +ansible-lint==6.22.1 # MIT # Used to help make SNI connections work from python # if python itself does not support it properly (<2.7.9). diff --git a/tests/inventory b/tests/inventory index 28af82de..6f330092 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,7 +1,7 @@ [all] -localhost -infra1 ansible_host=10.1.0.2 ansible_become=True ansible_user=root container_name=infra1 -keystone1 ansible_host=10.1.0.3 ansible_become=True ansible_user=root container_name=keystone1 +localhost ansible_connection=local ansible_become=True is_metal=true physical_host=aio1 +infra1 ansible_host=10.1.0.2 ansible_become=True ansible_user=root container_name=infra1 container_tech=lxc +keystone1 ansible_host=10.1.0.3 ansible_become=True ansible_user=root container_name=keystone1 container_tech=lxc [all_containers] infra1 diff --git a/tests/test.yml b/tests/test.yml index 65bc4778..bc0321d2 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -14,22 +14,29 @@ # limitations under the License. # Prepare the user ssh keys -- import_playbook: common/test-prepare-keys.yml +- name: Importing test-prepare-keys + import_playbook: common/test-prepare-keys.yml # Prepare the host -- import_playbook: common/test-prepare-host.yml +- name: Importing test-prepare-host + import_playbook: common/test-prepare-host.yml # Prepare the containers -- import_playbook: common/test-prepare-containers.yml +- name: Importing test-prepare-containers + import_playbook: common/test-prepare-containers.yml # Install RabbitMQ/MariaDB/Memcached -- import_playbook: common/test-install-infra.yml +- name: Importing test-install-infra + import_playbook: common/test-install-infra.yml # Install Keystone -- import_playbook: common/test-install-keystone.yml +- name: Importing test-install-keystone + import_playbook: common/test-install-keystone.yml # Install Tempest -- import_playbook: common/test-install-tempest.yml +- name: Importing test-install-tempest + import_playbook: common/test-install-tempest.yml # Gather port status -- import_playbook: common/listening-port-report.yml +- name: Importing listening-port-report + import_playbook: common/listening-port-report.yml diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 59080744..9eb1c5de 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -75,7 +75,6 @@ - name: openstack/openstack-ansible-nspawn_container_create - name: openstack/openstack-ansible-nspawn_hosts - name: openstack/requirements - override-checkout: stable/2023.2 pre-run: zuul.d/playbooks/pre-gate-cleanup.yml run: zuul.d/playbooks/run.yml post-run: zuul.d/playbooks/post.yml @@ -99,7 +98,6 @@ timeout: 5400 # 90 mins vars: tox_env: functional - services_branch: stable/2023.2 - job: name: openstack-ansible-linters @@ -108,7 +106,7 @@ Run lint tests for an OpenStack-Ansible project. Uses tox with the ``linters`` environment. timeout: 1800 # 30 mins - nodeset: ubuntu-focal + nodeset: ubuntu-jammy vars: tox_env: linters