Move roles and playbooks to top level

This proposes moving the playbooks and roles to the top level of
osh-infra to be consumed by osh

Change-Id: I7e3516da8e516060f94b8b9c8875918504de7446

.zuul.yaml

@@ -165,20 +165,20 @@
 
 - job:
     name: openstack-helm-infra-linter
-    run: tools/gate/playbooks/zuul-linter.yaml
+    run: playbooks/zuul-linter.yaml
     nodeset: openstack-helm-single-node
 
 - job:
     name: openstack-helm-infra
     timeout: 3600
     pre-run:
-      - tools/gate/playbooks/osh-infra-upgrade-host.yaml
+      - playbooks/osh-infra-upgrade-host.yaml
-      - tools/gate/playbooks/osh-infra-deploy-docker.yaml
+      - playbooks/osh-infra-deploy-docker.yaml
-      - tools/gate/playbooks/osh-infra-build.yaml
+      - playbooks/osh-infra-build.yaml
-      - tools/gate/playbooks/osh-infra-pull-images.yaml
+      - playbooks/osh-infra-pull-images.yaml
-      - tools/gate/playbooks/osh-infra-deploy-k8s.yaml
+      - playbooks/osh-infra-deploy-k8s.yaml
-    run: tools/gate/playbooks/osh-infra-deploy-charts.yaml
+    run: playbooks/osh-infra-deploy-charts.yaml
-    post-run: tools/gate/playbooks/osh-infra-collect-logs.yaml
+    post-run: playbooks/osh-infra-collect-logs.yaml
 
 - job:
     name: openstack-helm-infra-ubuntu

Makefile

@@ -18,7 +18,7 @@ SHELL := /bin/bash
 HELM := helm
 TASK := build
 
-EXCLUDES := helm-toolkit doc tests tools logs tmp
+EXCLUDES := helm-toolkit doc tests tools logs tmp roles playbooks
 CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
 
 .PHONY: $(EXCLUDES) $(CHARTS)

playbooks/osh-infra-build.retry

@@ -0,0 +1 @@
+local

playbooks/osh-infra-deploy-charts.retry

@@ -0,0 +1 @@
+local

playbooks/osh-infra-deploy-charts.yaml

@@ -26,7 +26,7 @@
 - hosts: primary
   vars_files:
     - vars.yaml
-    - ../chart-deploys/default.yaml
+    - ../tools/gate/chart-deploys/default.yaml
   vars:
     work_dir: "{{ zuul.project.src_dir }}/{{ zuul_osh_infra_relative_path | default('') }}"
     logs_dir: "/tmp/logs"

playbooks/osh-infra-deploy-k8s.retry

@@ -0,0 +1 @@
+local

roles/build-helm-packages/tasks/main.yaml

@@ -0,0 +1,18 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- include: setup-helm-serve.yaml
+
+- name: build all charts in repo
+  make:
+    chdir: "{{ work_dir }}"
+    target: all

roles/build-helm-packages/tasks/setup-helm-serve.yaml

@@ -0,0 +1,87 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- block:
+    - name: check if correct version of helm client already installed
+      shell: "set -e; [ \"x$($(type -p helm) version --client --short | awk '{ print $NF }' | awk -F '+' '{ print $1 }')\" == \"x${HELM_VERSION}\" ] || exit 1"
+      environment:
+        HELM_VERSION: "{{ version.helm }}"
+      args:
+        executable: /bin/bash
+      register: need_helm
+      ignore_errors: True
+    - name: install helm client
+      when: need_helm | failed
+      become_user: root
+      shell: |
+              TMP_DIR=$(mktemp -d)
+              curl -sSL https://storage.googleapis.com/kubernetes-helm/helm-${HELM_VERSION}-linux-amd64.tar.gz | tar -zxv --strip-components=1 -C ${TMP_DIR}
+              sudo mv ${TMP_DIR}/helm /usr/bin/helm
+              rm -rf ${TMP_DIR}
+      environment:
+        HELM_VERSION: "{{ version.helm }}"
+      args:
+        executable: /bin/bash
+    - name: setting up helm client
+      command: helm init --client-only
+
+- block:
+    - name: checking if local helm server is running
+      shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
+      args:
+        executable: /bin/bash
+      register: helm_server_running
+      ignore_errors: True
+    - name: getting current host user name
+      when: helm_server_running | failed
+      shell: id -un
+      args:
+        executable: /bin/bash
+      register: helm_server_user
+    - name: moving systemd unit into place for helm server
+      when: helm_server_running | failed
+      become: yes
+      become_user: root
+      template:
+        src: helm-serve.service.j2
+        dest: /etc/systemd/system/helm-serve.service
+        mode: 0640
+    - name: starting helm serve service
+      when: helm_server_running | failed
+      become: yes
+      become_user: root
+      systemd:
+        state: restarted
+        daemon_reload: yes
+        name: helm-serve
+    - name: wait for helm server to be ready
+      shell: curl -s 127.0.0.1:8879 | grep -q 'Helm Repository'
+      args:
+        executable: /bin/bash
+      register: wait_for_helm_server
+      until: wait_for_helm_server.rc == 0
+      retries: 120
+      delay: 5
+
+- block:
+    - name: checking if helm 'stable' repo is present
+      shell: helm repo list | grep -q "^stable"
+      args:
+        executable: /bin/bash
+      register: helm_stable_repo_present
+      ignore_errors: True
+    - name: checking if helm 'stable' repo is present
+      when: helm_stable_repo_present | succeeded
+      command: helm repo remove stable
+
+- name: adding helm local repo
+  command: helm repo add local http://localhost:8879/charts

roles/build-helm-packages/templates/helm-serve.service.j2

@@ -0,0 +1,11 @@
+[Unit]
+Description=Helm Server
+After=network.target
+
+[Service]
+User={{ helm_server_user.stdout }}
+Restart=always
+ExecStart=/usr/bin/helm serve
+
+[Install]
+WantedBy=multi-user.target

roles/build-images/tasks/kubeadm-aio.yaml

@@ -0,0 +1,74 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#NOTE(portdirect): Untill https://github.com/ansible/ansible/issues/21433 is
+# reolved, we build with a shell script to make use of the host network.
+- name: Kubeadm-AIO build
+  block:
+    #NOTE(portdirect): we do this to ensure we are feeding the docker build
+    # a clean path to work with.
+    - name: Kubeadm-AIO image build path
+      shell: cd "{{ work_dir }}"; pwd
+      register: kubeadm_aio_path
+    # - name: build the Kubeadm-AIO image
+    #   docker_image:
+    #      path: "{{ kubeadm_aio_path.stdout }}/"
+    #      name: "{{ images.kubernetes.kubeadm_aio }}"
+    #      dockerfile: "tools/images/kubeadm-aio/Dockerfile"
+    #      force: yes
+    #      pull: yes
+    #      state: present
+    #      rm: yes
+    #      buildargs:
+    #        KUBE_VERSION: "{{ version.kubernetes }}"
+    #        CNI_VERSION: "{{ version.cni }}"
+    #        HELM_VERSION: "{{ version.helm }}"
+    #        CHARTS: "calico,flannel,tiller,kube-dns"
+    - name: Kubeadm-AIO image build path with proxy
+      when: proxy.http is defined and (proxy.http | trim != "")
+      shell: |-
+              set -e
+              docker build \
+                --network host \
+                --force-rm \
+                --tag "{{ images.kubernetes.kubeadm_aio }}" \
+                --file tools/images/kubeadm-aio/Dockerfile \
+                --build-arg KUBE_VERSION="{{ version.kubernetes }}" \
+                --build-arg CNI_VERSION="{{ version.cni }}" \
+                --build-arg HELM_VERSION="{{ version.helm }}" \
+                --build-arg CHARTS="calico,flannel,tiller,kube-dns" \
+                --build-arg HTTP_PROXY="{{ proxy.http }}" \
+                --build-arg HTTPS_PROXY="{{ proxy.https }}" \
+                --build-arg NO_PROXY="{{ proxy.noproxy }}" \
+                .
+      args:
+        chdir: "{{ kubeadm_aio_path.stdout }}/"
+        executable: /bin/bash
+    - name: Kubeadm-AIO image build path
+      when: proxy.http is undefined or (proxy.http | trim == "")
+      shell: |-
+              set -e
+              docker build \
+                --network host \
+                --force-rm \
+                --tag "{{ images.kubernetes.kubeadm_aio }}" \
+                --file tools/images/kubeadm-aio/Dockerfile \
+                --build-arg KUBE_VERSION="{{ version.kubernetes }}" \
+                --build-arg CNI_VERSION="{{ version.cni }}" \
+                --build-arg HELM_VERSION="{{ version.helm }}" \
+                --build-arg CHARTS="calico,flannel,tiller,kube-dns" \
+                .
+      args:
+        chdir: "{{ kubeadm_aio_path.stdout }}/"
+        executable: /bin/bash

roles/build-images/tasks/main.yaml

@@ -0,0 +1,15 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- include: kubeadm-aio.yaml

roles/clean-host/tasks/main.yaml

@@ -0,0 +1,22 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: remove osh directory
+  become: yes
+  become_user: root
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - /var/lib/openstack-helm

roles/deploy-docker/tasks/deploy-ansible-docker-support.yaml

@@ -0,0 +1,68 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: ensuring SELinux is disabled on centos & fedora
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' or ansible_distribution == 'Fedora'
+  become: true
+  become_user: root
+  command: setenforce 0
+  ignore_errors: True
+
+#NOTE(portdirect): See https://ask.openstack.org/en/question/110437/importerror-cannot-import-name-unrewindablebodyerror/
+- name: fix docker removal issue with ansible's docker_container on centos
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+  block:
+    - name: remove requests and urllib3 pip packages to fix docker removal issue with ansible's docker_container on centos
+      become: true
+      become_user: root
+      include_role:
+        name: deploy-package
+        tasks_from: pip
+      vars:
+        state: absent
+        packages:
+          - requests
+          - urllib3
+    - name: remove requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
+      become: true
+      become_user: root
+      include_role:
+        name: deploy-package
+        tasks_from: dist
+      vars:
+        state: absent
+        packages:
+          rpm:
+            - python-urllib3
+            - python-requests
+    - name: restore requests and urllib3 distro packages to fix docker removal issue with ansible's docker_container on centos
+      become: true
+      become_user: root
+      include_role:
+        name: deploy-package
+        tasks_from: dist
+      vars:
+        state: present
+        packages:
+          rpm:
+            - python-urllib3
+            - python-requests
+
+- name: Ensure docker python packages deployed
+  include_role:
+    name: deploy-package
+    tasks_from: pip
+  vars:
+    packages:
+      - docker-py

roles/deploy-docker/tasks/main.yaml

@@ -0,0 +1,85 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: check if docker deploy is needed
+  raw: which docker
+  register: need_docker
+  ignore_errors: True
+
+- name: centos | moving systemd unit into place
+  when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
+  template:
+    src: centos-docker.service.j2
+    dest: /etc/systemd/system/docker.service
+    mode: 0640
+
+- name: fedora | moving systemd unit into place
+  when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
+  template:
+    src: fedora-docker.service.j2
+    dest: /etc/systemd/system/docker.service
+    mode: 0640
+
+- name: ubuntu | moving systemd unit into place
+  when: ( ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' ) and ( need_docker | failed )
+  template:
+    src: ubuntu-docker.service.j2
+    dest: /etc/systemd/system/docker.service
+    mode: 0640
+
+# NOTE: (lamt) Setting up the proxy before installing docker
+- name: ensure docker.service.d directory exists
+  when: proxy.http is defined and (proxy.http | trim != "")
+  file:
+    path: /etc/systemd/system/docker.service.d
+    state: directory
+
+- name: proxy | moving proxy systemd unit into place
+  when: ( need_docker | failed ) and ( proxy.http is defined and (proxy.http | trim != "") )
+  template:
+    src: http-proxy.conf.j2
+    dest: /etc/systemd/system/docker.service.d/http-proxy.conf
+    mode: 0640
+
+- name: centos | add docker-ce repository
+  when: ( ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' ) and ( need_docker | failed )
+  get_url:
+    url: https://download.docker.com/linux/centos/docker-ce.repo
+    dest: /etc/yum.repos.d/docker-ce.repo
+
+- name: fedora | add docker-ce repository
+  when: ( ansible_distribution == 'Fedora' ) and ( need_docker | failed )
+  get_url:
+    url: https://download.docker.com/linux/fedora/docker-ce.repo
+    dest: /etc/yum.repos.d/docker-ce.repo
+
+- name: deploy docker packages
+  when: need_docker | failed
+  include_role:
+    name: deploy-package
+    tasks_from: dist
+  vars:
+    packages:
+      deb:
+        - docker.io
+      rpm:
+        - docker-ce
+
+- name: restarting docker
+  systemd:
+    state: restarted
+    daemon_reload: yes
+    name: docker
+
+- include: deploy-ansible-docker-support.yaml

roles/deploy-docker/templates/centos-docker.service.j2

@@ -0,0 +1,30 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target firewalld.service
+Wants=network-online.target
+
+[Service]
+Type=notify
+NotifyAccess=all
+Environment=GOTRACEBACK=crash
+Environment=DOCKER_HTTP_HOST_COMPAT=1
+Environment=PATH=/usr/libexec/docker:/usr/bin:/usr/sbin
+ExecStart=/usr/bin/dockerd \
+          --exec-opt native.cgroupdriver=systemd \
+          --userland-proxy-path=/usr/libexec/docker/docker-proxy \
+          --data-root=/var/lib/docker \
+          --storage-driver=overlay2 \
+          --log-driver=json-file \
+          --iptables=false
+ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+TimeoutStartSec=0
+Restart=on-abnormal
+MountFlags=share
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

roles/deploy-docker/templates/fedora-docker.service.j2

@@ -0,0 +1,29 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network-online.target firewalld.service
+Wants=network-online.target
+
+[Service]
+Type=notify
+Environment=GOTRACEBACK=crash
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+ExecStart=/usr/bin/dockerd \
+          --exec-opt native.cgroupdriver=systemd \
+          --userland-proxy-path=/usr/libexec/docker/docker-proxy \
+          --data-root=/var/lib/docker \
+          --storage-driver=overlay2 \
+          --log-driver=json-file \
+          --iptables=false
+ExecReload=/bin/kill -s HUP $MAINPID
+TasksMax=8192
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+TimeoutStartSec=0
+Restart=on-abnormal
+
+[Install]
+WantedBy=multi-user.target

roles/deploy-docker/templates/http-proxy.conf.j2

@@ -0,0 +1,4 @@
+[Service]
+Environment="HTTP_PROXY={{ proxy.http }}"
+Environment="HTTPS_PROXY={{ proxy.https }}"
+Environment="NO_PROXY={{ proxy.noproxy }}"

roles/deploy-docker/templates/ubuntu-docker.service.j2

@@ -0,0 +1,30 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=https://docs.docker.com
+After=network.target docker.socket firewalld.service
+Requires=docker.socket
+
+[Service]
+Type=notify
+# the default is not to use systemd for cgroups because the delegate issues still
+# exists and systemd currently does not support the cgroup feature set required
+# for containers run by docker
+EnvironmentFile=-/etc/default/docker
+ExecStart=/usr/bin/dockerd --iptables=false -H fd:// $DOCKER_OPTS
+ExecReload=/bin/kill -s HUP $MAINPID
+LimitNOFILE=1048576
+# Having non-zero Limit*s causes performance problems due to accounting overhead
+# in the kernel. We recommend using cgroups to do container-local accounting.
+LimitNPROC=infinity
+LimitCORE=infinity
+# Uncomment TasksMax if your systemd version supports it.
+# Only systemd 226 and above support this version.
+TasksMax=infinity
+TimeoutStartSec=0
+# set delegate yes so that systemd does not reset the cgroups of docker containers
+Delegate=yes
+# kill only the docker process, not all processes in the cgroup
+KillMode=process
+
+[Install]
+WantedBy=multi-user.target

roles/deploy-helm-packages/tasks/generate-dynamic-over-rides.yaml

@@ -0,0 +1,19 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This set of tasks creates over-rides that need to be generated dyamicly and
+# injected at runtime.
+
+- name: setup directorys on host
+  file:
+    path: "{{ work_dir }}/tools/gate/local-overrides/"
+    state: directory

roles/deploy-helm-packages/tasks/helm-setup-dev-environment.yaml

@@ -0,0 +1,39 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- block:
+    - name: installing OS-H dev tools
+      include_role:
+        name: deploy-package
+        tasks_from: dist
+      vars:
+        packages:
+          deb:
+            - git
+            - make
+            - curl
+            - ca-certificates
+          rpm:
+            - git
+            - make
+            - curl
+    - name: installing jq
+      include_role:
+        name: deploy-jq
+        tasks_from: main
+
+- name: assemble charts
+  make:
+    chdir: "{{ work_dir }}"
+  register: out
+
+- include: util-setup-dev-environment.yaml

roles/deploy-helm-packages/tasks/main.yaml

@@ -0,0 +1,27 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- include: generate-dynamic-over-rides.yaml
+
+- name: "creating directory for helm test logs"
+  file:
+    path: "{{ logs_dir }}/helm-tests"
+    state: directory
+
+- name: "iterating through Helm chart groups"
+  vars:
+    chart_group_name: "{{ helm_chart_group.name }}"
+    chart_group_items: "{{ helm_chart_group.charts }}"
+  include: util-chart-group.yaml
+  loop_control:
+    loop_var: helm_chart_group
+  with_items: "{{ chart_groups }}"

roles/deploy-helm-packages/tasks/util-chart-group.yaml

@@ -0,0 +1,29 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "{{ helm_chart_group.name }}"
+  vars:
+    chart_def: "{{ charts[helm_chart] }}"
+  loop_control:
+    loop_var: helm_chart
+  include: util-common-helm-chart.yaml
+  with_items: "{{ helm_chart_group.charts }}"
+
+- name: "Running wait for pods for the charts in the {{ helm_chart_group.name }} group"
+  when: ('timeout' in helm_chart_group)
+  include: util-common-wait-for-pods.yaml
+  vars:
+    namespace: "{{ charts[helm_chart].namespace }}"
+    timeout: "{{ helm_chart_group.timeout }}"
+  loop_control:
+    loop_var: helm_chart
+  with_items: "{{ helm_chart_group.charts }}"

roles/deploy-helm-packages/tasks/util-common-helm-chart.yaml

@@ -0,0 +1,92 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Helm management common block
+  vars:
+    check_deployed_result: null
+    chart_values_file: null
+    upgrade:
+      pre:
+        delete: null
+
+  block:
+    - name: "create temporary file for {{ chart_def['release'] }}'s values .yaml"
+      tempfile:
+        state: file
+        suffix: .yaml
+      register: chart_values_file
+    - name: "write out values.yaml for {{ chart_def['release'] }}"
+      copy:
+        dest: "{{ chart_values_file.path }}"
+        content: "{% if 'values' in chart_def %}{{ chart_def['values'] | to_nice_yaml }}{% else %}{% endif %}"
+
+    - name: "check if {{ chart_def['release'] }} is deployed"
+      command: helm status "{{ chart_def['release'] }}"
+      register: check_deployed_result
+      ignore_errors: True
+
+    - name: "check if local overrides are present in {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
+      stat:
+        path: "{{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml"
+      register: local_overrides
+
+    - name: "try to deploy release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
+      when: check_deployed_result | failed
+      command: "helm install {{ work_dir }}/{{ chart_def['chart_name'] }} --namespace {{ chart_def['namespace'] }} --name {{ chart_def['release'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
+      register: out
+    - name: "display info for the helm {{ chart_def['release'] }} release deploy"
+      when: check_deployed_result | failed
+      debug:
+        var: out.stdout_lines
+
+    - name: "pre-upgrade, delete jobs for {{ chart_def['release'] }} release"
+      when:
+        - check_deployed_result | succeeded
+        - "'upgrade' in chart_def"
+        - "'pre' in chart_def['upgrade']"
+        - "'delete' in chart_def['upgrade']['pre']"
+        - "chart_def.upgrade.pre.delete is not none"
+      with_items: "{{ chart_def.upgrade.pre.delete }}"
+      loop_control:
+        loop_var: helm_upgrade_delete_job
+      command: "kubectl delete --namespace {{ chart_def['namespace'] }} job -l application={{ helm_upgrade_delete_job.labels.application }},component={{ helm_upgrade_delete_job.labels.component }} --ignore-not-found=true"
+    - name: "try to upgrade release {{ chart_def['release'] }} in {{ chart_def['namespace'] }} namespace with {{ chart_def['chart_name'] }} chart"
+      when: check_deployed_result | succeeded
+      command: "helm upgrade {{ chart_def['release'] }} {{ work_dir }}/{{ chart_def['chart_name'] }} --values={{ chart_values_file.path }}{% if local_overrides.stat.exists %} --values {{ work_dir }}/tools/gate/local-overrides/{{ chart_def['release'] }}.yaml{% endif %}"
+      register: out
+    - name: "display info for the helm {{ chart_def['release'] }} release upgrade"
+      when: check_deployed_result | succeeded
+      debug:
+        var: out.stdout_lines
+
+    - include: util-common-wait-for-pods.yaml
+      when: ('timeout' in chart_def)
+      vars:
+        namespace: "{{ chart_def['namespace'] }}"
+        timeout: "{{ chart_def['timeout'] }}"
+
+    - include: util-common-helm-test.yaml
+      when:
+        - "'test' in chart_def"
+        - "chart_def.test is not none"
+        - "'enabled' in chart_def['test']"
+        - "chart_def.test.enabled|bool == true"
+      vars:
+        release: "{{ chart_def['release'] }}"
+        namespace: "{{ chart_def['namespace'] }}"
+        test_settings: "{{ chart_def.test }}"
+
+  always:
+    - name: "remove values.yaml for {{ chart_def['release'] }}"
+      file:
+        path: "{{ chart_values_file.path }}"
+        state: absent

roles/deploy-helm-packages/tasks/util-common-helm-test.yaml

@@ -0,0 +1,67 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Helm test common block
+  vars:
+    release: null
+    namespace: null
+    test_settings: null
+
+  block:
+    - name: "remove any expired helm test pods for {{ release }}"
+      command: "kubectl delete pod {{ release }}-test -n {{ namespace }}"
+      ignore_errors: True
+
+    - name: "run helm tests for the {{ release }} release"
+      when:
+        - "'timeout' in test_settings"
+        - "'timeout' is none"
+      command: "helm test {{ release }}"
+      register: test_result
+
+    - name: "run helm tests for the {{ release }} release with timeout"
+      when:
+        - "'timeout' in test_settings"
+        - "'timeout' is not none"
+      command: " helm test --timeout {{ test_settings.timeout }} {{ release }}"
+      register: test_result
+
+    - name: "display status for {{ release }} helm tests"
+      debug:
+        var: test_result.stdout_lines
+
+    - name: "gathering logs for helm tests for {{ release }}"
+      when:
+        - test_result | succeeded
+      shell: |-
+              set -e
+              kubectl logs {{ release }}-test -n {{ namespace }} >> {{ logs_dir }}/helm-tests/{{ release }}.txt
+      args:
+        executable: /bin/bash
+      register: test_logs
+
+    - name: "displaying logs for successful helm tests for {{ release }}"
+      when:
+        - test_result | succeeded
+        - "'output' in test_settings"
+        - "test_settings.output|bool == true"
+      debug:
+        var: test_logs.stdout_lines
+  rescue:
+    - name: "gathering logs for failed helm tests for {{ release }}"
+      command: "kubectl logs {{ release }}-test -n {{ namespace }}"
+      register: out
+    - name: "displaying logs for failed helm tests for {{ release }}"
+      debug:
+        var: out.stdout_lines
+    - name: "helm tests for {{ release }} failed, stopping execution"
+      command: exit 1

roles/deploy-helm-packages/tasks/util-common-wait-for-pods.yaml

@@ -0,0 +1,50 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: wait for pods in namespace
+  vars:
+    namespace: null
+    timeout: 600
+    wait_return_code:
+      rc: 1
+  block:
+    - name: "wait for pods in {{ namespace }} namespace to be ready"
+      shell: |-
+              set -e
+              kubectl get pods --namespace="{{ namespace }}" -o json | jq -r \
+                  '.items[].status.phase' | grep Pending > /dev/null && \
+                  PENDING=True || PENDING=False
+
+              query='.items[]|select(.status.phase=="Running")'
+              query="$query|.status.containerStatuses[].ready"
+              kubectl get pods --namespace="{{ namespace }}" -o json | jq -r "$query" | \
+                  grep false > /dev/null && READY="False" || READY="True"
+
+              kubectl get jobs -o json --namespace="{{ namespace }}" | jq -r \
+                  '.items[] | .spec.completions == .status.succeeded' | \
+                  grep false > /dev/null && JOBR="False" || JOBR="True"
+              [ $PENDING == "False" -a $READY == "True" -a $JOBR == "True" ] && \
+                  exit 0 || exit 1
+      args:
+        executable: /bin/bash
+      register: wait_return_code
+      until: wait_return_code.rc == 0
+      retries: "{{ timeout }}"
+      delay: 1
+  rescue:
+    - name: "pods failed to come up in time, getting kubernetes objects status"
+      command: kubectl get --all-namespaces  all -o wide --show-all
+      register: out
+    - name: "pods failed to come up in time, displaying kubernetes objects status"
+      debug: var=out.stdout_lines
+    - name: "pods failed to come up in time, stopping execution"
+      command: exit 1

roles/deploy-kubeadm-aio-common/tasks/clean-node.yaml

@@ -0,0 +1,69 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: master
+  vars:
+    kubeadm_aio_action: clean-host
+  block:
+    - name: "kubeadm-aio performing action: {{ kubeadm_aio_action }}"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kubeadm_aio_action }}"
+        image: "{{ images.kubernetes.kubeadm_aio }}"
+        state: started
+        detach: false
+        recreate: yes
+        pid_mode: host
+        network_mode: host
+        capabilities: SYS_ADMIN
+        volumes:
+          - /sys:/sys:rw
+          - /run:/run:rw
+          - /:/mnt/rootfs:rw
+          - /etc:/etc:rw
+        env:
+          CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
+          ACTION="{{ kubeadm_aio_action }}"
+          KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
+          USER_UID="{{ playbook_user_id }}"
+          USER_GID="{{ playbook_group_id }}"
+          USER_HOME="{{ playbook_user_dir }}"
+          CNI_ENABLED="{{ kubernetes.cluster.cni }}"
+          PVC_SUPPORT_CEPH=true
+          PVC_SUPPORT_NFS=true
+          NET_SUPPORT_LINUXBRIDGE=true
+          KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
+          KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
+          CONTAINER_RUNTIME=docker
+      register: kubeadm_master_deploy
+      ignore_errors: True
+  rescue:
+    - name: getting logs from kubeadm-aio container
+      command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
+      become: true
+      become_user: root
+      register: out
+    - name: dumping logs from kubeadm-aio container
+      debug:
+        var: out.stdout_lines
+    - name: exiting if the kubeadm deploy failed
+      command: exit 1
+  always:
+    - name: removing kubeadm-aio container
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kubeadm_aio_action }}"
+        state: absent

roles/deploy-kubeadm-aio-common/tasks/deploy-kubelet.yaml

@@ -0,0 +1,27 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+- name: setting node labels
+  vars:
+    kubeadm_kubelet_labels_node:
+      - "{% if nodes.labels.all is defined %}{% set comma = joiner(\",\") %}{% for item in nodes.labels.all %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}"
+      - "{% set comma = joiner(\",\") %}{% for group in group_names %}{% if nodes.labels[group] is defined %}{% for item in nodes.labels[group] %}{{ comma() }}{{ item.name }}={{ item.value }}{% endfor %}{% else %}\"\"{% endif %}{% endfor %}"
+  set_fact:
+    kubeadm_kubelet_labels: "{% set comma = joiner(\",\") %}{% for item in kubeadm_kubelet_labels_node %}{{ comma() }}{{ item }}{% endfor %}"
+
+- name: deploy-kubelet
+  vars:
+    kubeadm_aio_action: deploy-kubelet
+  include: util-kubeadm-aio-run.yaml

roles/deploy-kubeadm-aio-common/tasks/main.yaml

@@ -0,0 +1,35 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: setting playbook facts
+  set_fact:
+    playbook_user_id: "{{ ansible_user_uid }}"
+    playbook_group_id: "{{ ansible_user_gid }}"
+    playbook_user_dir: "{{ ansible_user_dir }}"
+    kubernetes_default_device: "{{ ansible_default_ipv4.alias }}"
+    kubernetes_default_address: null
+
+- name: if we have defined a custom interface for kubernetes use that
+  when: kubernetes.network.default_device is defined and kubernetes.network.default_device
+  set_fact:
+    kubernetes_default_device: "{{ kubernetes.network.default_device }}"
+
+- name: if we are in openstack infra use the private IP for kubernetes
+  when: (nodepool is defined) and (nodepool.private_ipv4 is defined)
+  set_fact:
+    kubernetes_default_address: "{{ nodepool.private_ipv4 }}"
+
+- include: clean-node.yaml
+
+- include: deploy-kubelet.yaml

roles/deploy-kubeadm-aio-common/tasks/util-kubeadm-aio-run.yaml

@@ -0,0 +1,71 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Run Kubeadm-AIO container
+  vars:
+    kubeadm_aio_action: null
+    kubeadm_kubelet_labels: ""
+  block:
+    - name: "performing {{ kubeadm_aio_action }} action"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kubeadm_aio_action }}"
+        image: "{{ images.kubernetes.kubeadm_aio }}"
+        state: started
+        detach: false
+        recreate: yes
+        pid_mode: host
+        network_mode: host
+        capabilities: SYS_ADMIN
+        volumes:
+          - /sys:/sys:rw
+          - /run:/run:rw
+          - /:/mnt/rootfs:rw
+          - /etc:/etc:rw
+        env:
+          CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
+          ACTION="{{ kubeadm_aio_action }}"
+          KUBE_BIND_DEVICE="{{ kubernetes_default_device }}"
+          KUBE_BIND_ADDR="{{ kubernetes_default_address }}"
+          USER_UID="{{ playbook_user_id }}"
+          USER_GID="{{ playbook_group_id }}"
+          USER_HOME="{{ playbook_user_dir }}"
+          CNI_ENABLED="{{ kubernetes.cluster.cni }}"
+          PVC_SUPPORT_CEPH=true
+          PVC_SUPPORT_NFS=true
+          NET_SUPPORT_LINUXBRIDGE=true
+          KUBE_NET_POD_SUBNET="{{ kubernetes.cluster.pod_subnet }}"
+          KUBE_NET_DNS_DOMAIN="{{ kubernetes.cluster.domain }}"
+          CONTAINER_RUNTIME=docker
+          KUBELET_NODE_LABELS="{{ kubeadm_kubelet_labels }}"
+      register: kubeadm_master_deploy
+  rescue:
+    - name: "getting logs for {{ kubeadm_aio_action }} action"
+      command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
+      become: true
+      become_user: root
+      register: out
+    - name: "dumping logs for {{ kubeadm_aio_action }} action"
+      debug:
+        var: out.stdout_lines
+    - name: "exiting if {{ kubeadm_aio_action }} action failed"
+      command: exit 1
+  always:
+    - name: "removing container for {{ kubeadm_aio_action }} action"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kubeadm_aio_action }}"
+        state: absent

roles/deploy-kubeadm-aio-master/tasks/main.yaml

@@ -0,0 +1,31 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: setting playbook user info facts before escalating privileges
+  set_fact:
+    playbook_user_id: "{{ ansible_user_uid }}"
+    playbook_group_id: "{{ ansible_user_gid }}"
+    playbook_user_dir: "{{ ansible_user_dir }}"
+
+- name: deploying kubelet and support assets to node
+  include_role:
+    name: deploy-kubeadm-aio-common
+    tasks_from: main
+
+- name: deploying kubernetes on master node
+  vars:
+    kubeadm_aio_action: deploy-kube
+  include_role:
+    name: deploy-kubeadm-aio-common
+    tasks_from: util-kubeadm-aio-run

roles/deploy-kubeadm-aio-node/tasks/main.yaml

@@ -0,0 +1,44 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: setting playbook user info facts before escalating privileges
+  set_fact:
+    playbook_user_id: "{{ ansible_user_uid }}"
+    playbook_group_id: "{{ ansible_user_gid }}"
+    playbook_user_dir: "{{ ansible_user_dir }}"
+    kube_master: "{{ groups['primary'][0] }}"
+    kube_worker: "{{ inventory_hostname }}"
+
+- name: deploying kubelet and support assets to node
+  include_role:
+    name: deploy-kubeadm-aio-common
+    tasks_from: main
+
+- name: generating the kubeadm join command for the node
+  include: util-generate-join-command.yaml
+  delegate_to: "{{ kube_master }}"
+
+- name: joining node to kubernetes cluster
+  vars:
+    kubeadm_aio_action: join-kube
+    kubeadm_aio_join_command: "{{ kubeadm_cluster_join_command }}"
+  include: util-run-join-command.yaml
+
+- name: waiting for node to be ready
+  delegate_to: "{{ kube_master }}"
+  command: kubectl get node "{{ ansible_fqdn }}" -o jsonpath="{$.status.conditions[?(@.reason=='KubeletReady')]['type']}"
+  register: task_result
+  until: task_result.stdout == 'Ready'
+  retries: 120
+  delay: 5

roles/deploy-kubeadm-aio-node/tasks/util-generate-join-command.yaml

@@ -0,0 +1,56 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: generate the kubeadm join command for nodes
+  vars:
+    kubeadm_aio_action: generate-join-cmd
+    kubeadm_cluster_join_ttl: 30m
+    kube_worker: null
+  block:
+    - name: "deploying kubeadm {{ kubeadm_aio_action }} container"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
+        image: "{{ images.kubernetes.kubeadm_aio }}"
+        state: started
+        detach: false
+        recreate: yes
+        network_mode: host
+        volumes:
+          - /etc/kubernetes:/etc/kubernetes:ro
+        env:
+          ACTION=generate-join-cmd
+          TTL="{{ kubeadm_cluster_join_ttl }}"
+      register: kubeadm_generate_join_command
+    - name: "getting logs for {{ kubeadm_aio_action }} action"
+      command: "docker logs kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
+      become: true
+      become_user: root
+      register: kubeadm_aio_action_logs
+    - name: storing cluster join command
+      set_fact: kubeadm_cluster_join_command="{{ kubeadm_aio_action_logs.stdout }}"
+  rescue:
+    - name: "dumping logs for {{ kubeadm_aio_action }} action"
+      debug:
+        var: kubeadm_aio_action_logs.stdout_lines
+    - name: "exiting if {{ kubeadm_aio_action }} action failed"
+      command: exit 1
+  always:
+    - name: "removing container for {{ kubeadm_aio_action }} action"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kube_worker }}-{{ kubeadm_aio_action }}"
+        state: absent

roles/deploy-kubeadm-aio-node/tasks/util-run-join-command.yaml

@@ -0,0 +1,59 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: master
+  vars:
+    kubeadm_aio_action: join-kube
+    kubeadm_aio_join_command: null
+  block:
+    - name: "deploying kubeadm {{ kubeadm_aio_action }} container"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kubeadm_aio_action }}"
+        image: "{{ images.kubernetes.kubeadm_aio }}"
+        state: started
+        detach: false
+        recreate: yes
+        pid_mode: host
+        network_mode: host
+        capabilities: SYS_ADMIN
+        volumes:
+          - /sys:/sys:rw
+          - /run:/run:rw
+          - /:/mnt/rootfs:rw
+          - /etc:/etc:rw
+        env:
+          CONTAINER_NAME="kubeadm-{{ kubeadm_aio_action }}"
+          ACTION="{{ kubeadm_aio_action }}"
+          KUBEADM_JOIN_COMMAND="{{ kubeadm_aio_join_command }}"
+      register: kubeadm_aio_join_container
+  rescue:
+    - name: "getting logs for {{ kubeadm_aio_action }} action"
+      command: "docker logs kubeadm-{{ kubeadm_aio_action }}"
+      become: true
+      become_user: root
+      register: kubeadm_aio_join_container_output
+    - name: "dumping logs for {{ kubeadm_aio_action }} action"
+      debug:
+        msg: "{{ kubeadm_aio_join_container_output.stdout_lines }}"
+    - name: "exiting if {{ kubeadm_aio_action }} action failed"
+      command: exit 1
+  always:
+    - name: "removing container for {{ kubeadm_aio_action }} action"
+      become: true
+      become_user: root
+      docker_container:
+        name: "kubeadm-{{ kubeadm_aio_action }}"
+        state: absent

roles/deploy-package/tasks/dist.yaml

@@ -0,0 +1,46 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: managing distro packages for ubuntu
+  become: true
+  become_user: root
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+  vars:
+    state: present
+  apt:
+    name: "{{ item }}"
+    state: "{{ state }}"
+  with_items: "{{ packages.deb }}"
+
+- name: managing distro packages for centos
+  become: true
+  become_user: root
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+  vars:
+    state: present
+  yum:
+    name: "{{ item }}"
+    state: "{{ state }}"
+  with_items: "{{ packages.rpm }}"
+
+- name: managing distro packages for fedora
+  become: true
+  become_user: root
+  when: ansible_distribution == 'Fedora'
+  vars:
+    state: present
+  dnf:
+    name: "{{ item }}"
+    state: "{{ state }}"
+  with_items: "{{ packages.rpm }}"

roles/deploy-package/tasks/pip.yaml

@@ -0,0 +1,27 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: managing pip packages
+  become: true
+  become_user: root
+  environment:
+    http_proxy: "{{ proxy.http }}"
+    https_proxy: "{{ proxy.https }}"
+    no_proxy: "{{ proxy.noproxy }}"
+  vars:
+    state: present
+  pip:
+    name: "{{ item }}"
+    state: "{{ state }}"
+  with_items: "{{ packages }}"

roles/deploy-python-pip/tasks/main.yaml

@@ -0,0 +1,48 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: ensuring python pip package is present for ubuntu
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+  apt:
+    name: python-pip
+    state: present
+
+- name: ensuring python pip package is present for centos
+  when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+  block:
+    - name: ensuring epel-release package is present for centos as python-pip is in the epel repo
+      yum:
+        name: epel-release
+        state: present
+    - name: ensuring python pip package is present for centos
+      yum:
+        name: python-devel
+        state: present
+
+- name: ensuring python pip package is present for fedora via the python-devel rpm
+  when: ansible_distribution == 'Fedora'
+  dnf:
+    name: python2-pip
+    state: present
+
+- name: ensuring pip is the latest version
+  become: true
+  become_user: root
+  environment:
+    http_proxy: "{{ proxy.http }}"
+    https_proxy: "{{ proxy.https }}"
+    no_proxy: "{{ proxy.noproxy }}"
+  pip:
+    name: pip
+    state: latest

roles/deploy-python/tasks/main.yaml

@@ -0,0 +1,16 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: ensuring python2 is present on all hosts
+  raw: test -e /usr/bin/python || (sudo apt -y update && sudo apt install -y python-minimal) || (sudo yum install -y python) || (sudo dnf install -y python2)

roles/deploy-yq/tasks/main.yaml

@@ -0,0 +1,43 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- block:
+    - name: ensuring jq is deployed on host
+      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' or ansible_distribution == 'Fedora'
+      include_role:
+        name: deploy-package
+        tasks_from: dist
+      vars:
+        packages:
+          deb:
+            - jq
+          rpm:
+            - jq
+    - name: removing jq binary on centos
+      become: true
+      become_user: root
+      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+      file:
+        path: "{{ item }}"
+        state: absent
+      with_items:
+        - /usr/bin/jq
+    - name: installing jq 1.5 binary for centos
+      become: true
+      become_user: root
+      when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux'
+      get_url:
+        url: https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64
+        dest: /usr/bin/jq
+        mode: 0555

roles/describe-kubernetes-objects/tasks/main.yaml

@@ -0,0 +1,108 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "creating directory for cluster scoped objects"
+  file:
+    path: "{{ logs_dir }}/objects/cluster"
+    state: directory
+
+- name: "Gathering descriptions for cluster scoped objects"
+  shell: |-
+          set -e
+          export OBJECT_TYPE=node,clusterrole,clusterrolebinding,storageclass,namespace
+          export PARALLELISM_FACTOR=2
+
+          function list_objects () {
+            printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "$@"' _ {}
+          }
+          export -f list_objects
+
+          function name_objects () {
+            export OBJECT=$1
+            kubectl get ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${OBJECT} ${1#*/}"' _ {}
+          }
+          export -f name_objects
+
+          function get_objects () {
+            input=($1)
+            export OBJECT=${input[0]}
+            export NAME=${input[1]#*/}
+            echo "${OBJECT}/${NAME}"
+            DIR="{{ logs_dir }}/objects/cluster/${OBJECT}"
+            mkdir -p ${DIR}
+            kubectl get ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
+            kubectl describe ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
+          }
+          export -f get_objects
+
+          list_objects | \
+            xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
+            xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
+  args:
+    executable: /bin/bash
+  ignore_errors: True
+
+- name: "creating directory for namespace scoped objects"
+  file:
+    path: "{{ logs_dir }}/objects/namespaced"
+    state: directory
+
+- name: "Gathering descriptions for namespace scoped objects"
+  shell: |-
+          set -e
+          export OBJECT_TYPE=configmaps,cronjobs,daemonsets,deployment,endpoints,ingresses,jobs,networkpolicies,pods,podsecuritypolicies,persistentvolumeclaims,rolebindings,roles,secrets,serviceaccounts,services,statefulsets
+          export PARALLELISM_FACTOR=2
+          function get_namespaces () {
+            kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
+          }
+
+          function list_namespaced_objects () {
+            export NAMESPACE=$1
+            printf ${OBJECT_TYPE} | xargs -d ',' -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} $@"' _ {}
+          }
+          export -f list_namespaced_objects
+
+          function name_objects () {
+            input=($1)
+            export NAMESPACE=${input[0]}
+            export OBJECT=${input[1]}
+            kubectl get -n ${NAMESPACE} ${OBJECT} -o name | xargs -L1 -I {} -P1 -n1 bash -c 'echo "${NAMESPACE} ${OBJECT} $@"' _ {}
+          }
+          export -f name_objects
+
+          function get_objects () {
+            input=($1)
+            export NAMESPACE=${input[0]}
+            export OBJECT=${input[1]}
+            export NAME=${input[2]#*/}
+            echo "${NAMESPACE}/${OBJECT}/${NAME}"
+            DIR="{{ logs_dir }}/objects/namespaced/${NAMESPACE}/${OBJECT}"
+            mkdir -p ${DIR}
+            kubectl get -n ${NAMESPACE} ${OBJECT} ${NAME} -o yaml > "${DIR}/${NAME}.yaml"
+            kubectl describe -n ${NAMESPACE} ${OBJECT} ${NAME} > "${DIR}/${NAME}.txt"
+          }
+          export -f get_objects
+
+          get_namespaces | \
+            xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'list_namespaced_objects "$@"' _ {} | \
+            xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'name_objects "$@"' _ {} | \
+            xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_objects "$@"' _ {}
+  args:
+    executable: /bin/bash
+  ignore_errors: True
+
+- name: "Downloads logs to executor"
+  synchronize:
+    src: "{{ logs_dir }}/objects"
+    dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
+    mode: pull
+  ignore_errors: yes

roles/gather-host-logs/tasks/main.yaml

@@ -0,0 +1,39 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "creating directory for system status"
+  file:
+    path: "{{ logs_dir }}/system"
+    state: directory
+
+- name: "Get logs for each host"
+  become: yes
+  shell: |-
+          set -x
+          systemd-cgls --full --all --no-pager > {{ logs_dir }}/system/systemd-cgls.txt
+          ip addr > {{ logs_dir }}/system/ip-addr.txt
+          ip route > {{ logs_dir }}/system/ip-route.txt
+          lsblk > {{ logs_dir }}/system/lsblk.txt
+          mount > {{ logs_dir }}/system/mount.txt
+          docker images > {{ logs_dir }}/system/docker-images.txt
+          brctl show > {{ logs_dir }}/system/brctl-show.txt
+          ps aux --sort=-%mem > {{ logs_dir }}/system/ps.txt
+  args:
+    executable: /bin/bash
+  ignore_errors: True
+
+- name: "Downloads logs to executor"
+  synchronize:
+    src: "{{ logs_dir }}/system"
+    dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
+    mode: pull
+  ignore_errors: True

roles/gather-pod-logs/tasks/main.yaml

@@ -0,0 +1,54 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "creating directory for pod logs"
+  file:
+    path: "{{ logs_dir }}/pod-logs"
+    state: directory
+
+- name: "retrieve all container logs"
+  shell: |-
+          set -e
+          PARALLELISM_FACTOR=2
+          function get_namespaces () {
+            kubectl get namespaces -o name | awk -F '/' '{ print $NF }'
+          }
+          function get_pods () {
+            NAMESPACE=$1
+            kubectl get pods -n ${NAMESPACE} -o name --show-all | awk -F '/' '{ print $NF }' | xargs -L1 -P 1 -I {} echo ${NAMESPACE} {}
+          }
+          export -f get_pods
+          function get_pod_logs () {
+            NAMESPACE=${1% *}
+            POD=${1#* }
+            INIT_CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.initContainers[]?.name')
+            CONTAINERS=$(kubectl get pod $POD -n ${NAMESPACE} -o json | jq -r '.spec.containers[].name')
+            for CONTAINER in ${INIT_CONTAINERS} ${CONTAINERS}; do
+              echo "${NAMESPACE}/${POD}/${CONTAINER}"
+              mkdir -p "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}"
+              kubectl logs ${POD} -n ${NAMESPACE} -c ${CONTAINER} > "{{ logs_dir }}/pod-logs/${NAMESPACE}/${POD}/${CONTAINER}.txt"
+            done
+          }
+          export -f get_pod_logs
+          get_namespaces | \
+            xargs -r -n 1 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pods "$@"' _ {} | \
+            xargs -r -n 2 -P ${PARALLELISM_FACTOR} -I {} bash -c 'get_pod_logs "$@"' _ {}
+  args:
+    executable: /bin/bash
+  ignore_errors: True
+
+- name: "Downloads logs to executor"
+  synchronize:
+    src: "{{ logs_dir }}/pod-logs"
+    dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
+    mode: pull
+  ignore_errors: True

roles/gather-prom-metrics/tasks/main.yaml

@@ -0,0 +1,44 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "creating directory for helm release descriptions"
+  file:
+    path: "{{ logs_dir }}/prometheus"
+    state: directory
+
+- name: "Get prometheus metrics from exporters in all namespaces"
+  shell: |-
+          set -e
+          NAMESPACES=$(kubectl get namespaces -o json | jq -r '.items[].metadata.name')
+          for NS in $NAMESPACES; do
+            SERVICES=$(kubectl get svc -l component=metrics -n $NS -o json | jq -r '.items[].metadata.name')
+            for SVC in $SERVICES; do
+              PORT=$(kubectl get svc $SVC -n $NS -o json | jq -r '.spec.ports[].port')
+              curl "$SVC.$NS:$PORT/metrics" >> "{{ logs_dir }}"/prometheus/$NS-$SVC.txt
+            done
+          done
+  args:
+    executable: /bin/bash
+
+- name: "Get prometheus metrics from tiller-deploy"
+  shell: |-
+          set -e
+          curl tiller-deploy.kube-system:44135/metrics >> "{{ logs_dir }}"/prometheus/kube-system-tiller-deploy.txt
+  args:
+    executable: /bin/bash
+
+- name: "Downloads logs to executor"
+  synchronize:
+    src: "{{ logs_dir }}/prometheus"
+    dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
+    mode: pull
+  ignore_errors: True

roles/helm-release-status/tasks/main.yaml

@@ -0,0 +1,44 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: "creating directory for helm release status"
+  file:
+    path: "{{ logs_dir }}/helm"
+    state: directory
+
+- name: "retrieve all deployed charts"
+  shell: |-
+          set -e
+          helm ls --short
+  args:
+    executable: /bin/bash
+  register: helm_releases
+
+- name: "Gather get release status for helm charts"
+  shell: |-
+          set -e
+          helm status {{ helm_released }}  >> {{ logs_dir }}/helm/{{ helm_release }}.txt
+  args:
+    executable: /bin/bash
+  ignore_errors: True
+  vars:
+    helm_release: "{{ helm_released }}"
+  loop_control:
+    loop_var: helm_released
+  with_items: "{{ helm_releases.stdout_lines }}"
+
+- name: "Downloads logs to executor"
+  synchronize:
+    src: "{{ logs_dir }}/helm"
+    dest: "{{ zuul.executor.log_root }}/{{ inventory_hostname }}"
+    mode: pull
+  ignore_errors: True

roles/pull-images/tasks/main.yaml

@@ -0,0 +1,26 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Ensure docker python packages deployed
+  include_role:
+    name: deploy-package
+    tasks_from: pip
+  vars:
+    packages:
+      - yq
+
+- name: pull all images used in repo
+  make:
+    chdir: "{{ work_dir }}"
+    target: pull-all-images

roles/setup-firewall/tasks/main.yaml

@@ -0,0 +1,29 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#NOTE(portdirect): This needs refinement but drops the firewall on zuul nodes
+- name: deploy iptables packages
+  include_role:
+    name: deploy-package
+    tasks_from: dist
+  vars:
+    packages:
+      deb:
+        - iptables
+      rpm:
+        - iptables
+- command: iptables -S
+- command: iptables -F
+- command: iptables -P INPUT ACCEPT
+- command: iptables -S

roles/upgrade-host/tasks/main.yaml

@@ -0,0 +1,42 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Upgrade to HWE kernel on Ubuntu Hosts
+  when: ansible_distribution == 'Ubuntu'
+  block:
+    - name: Deploy HWE kernel on Ubuntu Hosts
+      include_role:
+        name: deploy-package
+        tasks_from: dist
+      vars:
+        packages:
+          deb:
+            - linux-generic-hwe-16.04
+    - name: Reboot Host following kernel upgrade
+      shell: sleep 2 && reboot
+      sudo: yes
+      async: 30
+      poll: 0
+      ignore_errors: true
+      args:
+        executable: /bin/bash
+    - name: Wait for hosts to come up following reboot
+      wait_for:
+        host: '{{ hostvars[item].ansible_host }}'
+        port: 22
+        state: started
+        delay: 60
+        timeout: 240
+      with_items: '{{ play_hosts }}'
+      connection: local

tools/gate/devel/start.sh

@@ -94,7 +94,7 @@ function dump_logs () {
 trap 'dump_logs "$?"' ERR
 
 for PLAYBOOK in ${PLAYBOOKS}; do
-  ansible-playbook ${WORK_DIR}/tools/gate/playbooks/${PLAYBOOK}.yaml \
+  ansible-playbook ${WORK_DIR}/playbooks/${PLAYBOOK}.yaml \
     -i ${INVENTORY} \
     --extra-vars=@${VARS} \
     --extra-vars "work_dir=${WORK_DIR}"