zuul/nodepool
Code Issues Proposed changes
e097731339
nodepool/playbooks/nodepool-functional-container-openstack/run.yaml
Clark Boylan 5702331087 Move nodepool functests to podman 
Now that nodepool images are on quay.io we don't get speculative
container image testing with docker. The reason for this is docker only
knows how to lookup images hosted by docker.io in mirrors which
specualtive container image testing relies on. Since the images are
hosted on quay.io instead of docker.io we lose this functionality.

Address this by switching to podman and podman-compose which does
understand how to fetch images with mirrors from any location.

Depends-On: https://review.opendev.org/c/zuul/zuul/+/687135
Change-Id: I1a510a9b68a2f01098f3c099a129d6d268b422d9
2023-05-30 15:35:47 -07:00

122 lines
5.0 KiB
YAML
Raw Blame History

- hosts: all
vars:
nodepool_config_dir: "/etc/nodepool"
nodepool_log_dir: "/var/log/nodepool"
NODEPOOL_KEY: "$HOME/.ssh/id_nodepool"
NODEPOOL_KEY_NAME: "root"
NODEPOOL_PUBKEY: "$HOME/.ssh/id_nodepool.pub"
NODEPOOL_INSTALL: "$HOME/nodepool-venv"
NODEPOOL_CACHE_GET_PIP: "/opt/stack/cache/files/get-pip.py"
NODEPOOL_CONFIG: "{{ nodepool_config_dir }}/nodepool.yaml"
NODEPOOL_DIB_BASE_PATH: "/opt/dib"
tasks:
- name: Write clouds.yaml
include_tasks: write_clouds_yaml.yaml
- name: Create nodepool flavors
args:
executable: /bin/bash
shell: |
openstack --os-cloud=devstack-admin flavor create --ram=512 --disk=5 --vcpus=1 --id=64 nodepool-512
openstack --os-cloud=devstack-admin flavor create --ram=1024 --disk=5 --vcpus=1 --id=128 nodepool-1024
- name: Create security groups
args:
executable: /bin/bash
shell: |
openstack --os-cloud=devstack security group rule create --ingress --protocol tcp --dst-port 1:65535 --remote-ip 0.0.0.0/0 default
openstack --os-cloud=devstack security group rule create --ingress --protocol udp --dst-port 1:65535 --remote-ip 0.0.0.0/0 default
- name: Create unmanaged VM
args:
executable: /bin/bash
shell: |
openstack --os-cloud=devstack-admin network list
cirros_image=$(openstack --os-cloud=devstack image list -f value -c Name | grep cirros | head -n1)
openstack --os-cloud=devstack server create --flavor=cirros256 --image="$cirros_image" --network=public unmanaged-vm
- name: Create nodepool SSH keypair
args:
executable: /bin/bash
shell: |
ssh-keygen -f {{ NODEPOOL_KEY }} -P ""
openstack --os-cloud=devstack keypair create --public-key="{{ NODEPOOL_PUBKEY }}" "{{ NODEPOOL_KEY_NAME }}"
- name: Write nodepool elements
args:
executable: /bin/bash
shell:
cmd: |
sudo mkdir -p $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/install.d
sudo mkdir -p $(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/root.d
cat > /tmp/40-nodepool-setup <<EOF
sudo mkdir -p /etc/nodepool
# Make it world writeable so nodepool can write here later.
sudo chmod 777 /etc/nodepool
EOF
cat > /tmp/50-apt-allow-unauthenticated <<EOF
if [ -d "\$TARGET_ROOT/etc/apt/apt.conf.d" ]; then
echo "APT::Get::AllowUnauthenticated \"true\";" | sudo tee \$TARGET_ROOT/etc/apt/apt.conf.d/95allow-unauthenticated
echo "Acquire::AllowInsecureRepositories \"true\";" | sudo tee -a \$TARGET_ROOT/etc/apt/apt.conf.d/95allow-unauthenticated
fi
EOF
sudo mv /tmp/40-nodepool-setup \
$(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/install.d/40-nodepool-setup
sudo chmod a+x \
$(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/install.d/40-nodepool-setup
sudo mv /tmp/50-apt-allow-unauthenticated \
$(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/root.d/50-apt-allow-unauthenticated
sudo chmod a+x \
$(dirname {{ NODEPOOL_CONFIG }})/elements/nodepool-setup/root.d/50-apt-allow-unauthenticated
sudo mkdir -p {{ NODEPOOL_DIB_BASE_PATH }}/images
sudo mkdir -p {{ NODEPOOL_DIB_BASE_PATH }}/tmp
sudo mkdir -p {{ NODEPOOL_DIB_BASE_PATH }}/cache
sudo chown -R nodepool:nodepool {{ NODEPOOL_DIB_BASE_PATH }}
- name: Write nodepool config
become: true
template:
src: nodepool.yaml.j2
dest: "{{ NODEPOOL_CONFIG }}"
- name: Create nodepool runtime dirs
become: true
file:
path: '{{ item }}'
state: directory
owner: 'nodepool'
group: 'nodepool'
loop:
- '{{ nodepool_log_dir }}'
- name: Write docker-compose.yaml
template:
src: docker-compose.yaml.j2
dest: /etc/nodepool/docker-compose.yaml
mode: 0600
- name: Run podman compose pull
shell:
cmd: podman-compose pull
chdir: /etc/nodepool
# We run as root to allow us to move nodepool processes into a new
# process cgroup which enables podman to run nested in docker.
become: yes
- name: Run podman compose up
shell:
cmd: podman-compose up -d --timeout 60
chdir: /etc/nodepool
# We run as root to allow us to move nodepool processes into a new
# process cgroup which enables podman to run nested in docker.
become: yes
- name: Cleanup unused images
shell:
cmd: podman image prune -f
# We run as root to allow us to move nodepool processes into a new
# process cgroup which enables podman to run nested in docker.
become: yes
- name: Check nodepool functionality
command: "{{ zuul.projects['opendev.org/zuul/nodepool'].src_dir }}/tools/functional-test-check.sh"
environment:
NODEPOOL_FUNCTIONAL_CHECK: 'containers'
View Git Blame Copy Permalink