diff --git a/common-tasks/test-set-nodepool-vars.yml b/common-tasks/test-set-nodepool-vars.yml index 429f5ee3..8ca665c7 100644 --- a/common-tasks/test-set-nodepool-vars.yml +++ b/common-tasks/test-set-nodepool-vars.yml @@ -20,6 +20,7 @@ delegate_to: localhost - name: Set nodepool vars + when: ci_mirror_info.stat.exists block: - name: Discover variables from OpenStack's CI environment when in nodepool shell: | @@ -66,4 +67,3 @@ pip_links: - name: "infra_wheel_mirror" link: "{{ pip_wheel_mirror }}" - when: ci_mirror_info.stat.exists diff --git a/destroy_containers.yml b/destroy_containers.yml index ce6fdae4..bf7088e0 100644 --- a/destroy_containers.yml +++ b/destroy_containers.yml @@ -40,7 +40,7 @@ - "/openstack/backup/{{ container_name }}" - "/openstack/log/{{ container_name }}" - "/var/lib/lxc/{{ container_name }}" - - "{{ lxc_container_directory|default('/var/lib/lxc') }}/{{ container_name }}" + - "{{ lxc_container_directory | default('/var/lib/lxc') }}/{{ container_name }}" - "/var/log/lxc/lxc-{{ container_name }}" delegate_to: "{{ physical_host }}" tags: diff --git a/listening-port-report.yml b/listening-port-report.yml index 0994ec6b..0b6b8033 100644 --- a/listening-port-report.yml +++ b/listening-port-report.yml @@ -17,7 +17,7 @@ become: true gather_facts: no tasks: - - name: netstat package is installed + - name: Netstat package is installed package: name: net-tools state: present @@ -27,7 +27,7 @@ register: listening_ports changed_when: false - - name: create report + - name: Create report copy: content: | {% for host in ansible_play_hosts %} @@ -39,6 +39,6 @@ {% endfor %} dest: /tmp/listening_port_report.txt - mode: 0644 + mode: "0644" delegate_to: localhost - run_once: true + run_once: true # noqa: run-once[task] diff --git a/test-ansible-collection-requirements.yml b/test-ansible-collection-requirements.yml index 0fea1def..90ddc103 100644 --- a/test-ansible-collection-requirements.yml +++ b/test-ansible-collection-requirements.yml @@ -1,34 +1,34 @@ collections: - name: https://opendev.org/openstack/ansible-collections-openstack - version: 2.1.0 + version: 2.2.0 type: git - name: https://opendev.org/openstack/ansible-config_template - version: 1.2.1 + version: 2.1.0 type: git - name: https://github.com/ansible-collections/community.general - version: 4.0.1 + version: 8.2.0 type: git - name: https://github.com/ansible-collections/community.rabbitmq - version: 1.1.0 + version: 1.2.3 type: git - name: https://github.com/ansible-collections/community.mysql - version: 2.3.1 + version: 3.8.0 type: git - name: https://github.com/ansible-collections/community.crypto - version: 2.11.1 + version: 2.16.2 type: git - name: https://github.com/ansible-collections/ansible.posix - version: 1.3.0 + version: 1.5.4 type: git # NOTE(noonedeadpunk): needs version in galaxy.yml to pull from git - name: openvswitch.openvswitch - version: 2.0.2 + version: 2.1.1 source: https://galaxy.ansible.com - name: ansible.netcommon - version: 2.5.1 + version: 6.0.0 source: https://galaxy.ansible.com - name: ansible.utils - version: 2.5.2 + version: 3.0.0 source: https://galaxy.ansible.com - name: https://opendev.org/openstack/openstack-ansible-plugins version: master diff --git a/test-ansible-deps.txt b/test-ansible-deps.txt index a5e2de7a..88ea7a1a 100644 --- a/test-ansible-deps.txt +++ b/test-ansible-deps.txt @@ -8,7 +8,7 @@ # target configuration in each role. # The Ansible version used for testing -ansible-core==2.12.8 +ansible-core==2.15.9 # Used for the ip filter within ansible netaddr diff --git a/test-ansible-lint.sh b/test-ansible-lint.sh index 8b11742b..975dfe4f 100755 --- a/test-ansible-lint.sh +++ b/test-ansible-lint.sh @@ -45,5 +45,5 @@ source "${COMMON_TESTS_PATH}/test-ansible-env-prep.sh" # Execute ansible-lint. We do not want to test dependent roles located # in $HOME/.ansible/roles since we only care about the role we are currently # testing. -ANSIBLE_LINT_WARNINGS="-w 208 -w 306 -w 502 -w 503 -w var-naming -w role-name -w metadata" +ANSIBLE_LINT_WARNINGS="-w 208 -w 306 -w 502 -w 503 -w var-naming -w role-name -w metadata -w fqcn -w yaml[truthy]" ansible-lint ${ANSIBLE_LINT_PARAMS} ${ANSIBLE_LINT_WARNINGS} --exclude=$HOME/.ansible/roles ${TEST_PLAYBOOK} diff --git a/test-ansible.cfg b/test-ansible.cfg index e16cc238..be78bb95 100644 --- a/test-ansible.cfg +++ b/test-ansible.cfg @@ -21,11 +21,11 @@ # This is a set of configuration options for Ansible. [defaults] -transport = ssh +transport = openstack.osa.ssh host_key_checking = False control_path = /tmp/%%h-%%r ssh_args = -o ControlMaster=no -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ServerAliveInterval=64 -o ServerAliveCountMax=1024 -o Compression=no -o TCPKeepAlive=yes -o VerifyHostKeyDNS=no -o ForwardX11=no -o ForwardAgent=yes -library = $HOME/.ansible/roles/config_template/library:$HOME/.ansible/plugins/library:$HOME/.ansible/roles/ceph-ansible/library +library = $HOME/.ansible/plugins/library:$HOME/.ansible/roles/ceph-ansible/library callback_plugins = $HOME/.ansible/plugins/callback:$HOME/.ansible/roles/ceph-ansible/plugins/callback -action_plugins = $HOME/.ansible/roles/config_template/action:$HOME/.ansible/roles/ceph-ansible/plugins/actions +action_plugins = $HOME/.ansible/roles/ceph-ansible/plugins/actions roles_path = $HOME/.ansible/roles:$HOME/.ansible/testing-role diff --git a/test-install-infra.yml b/test-install-infra.yml index 8710f0bf..df8c0b86 100644 --- a/test-install-infra.yml +++ b/test-install-infra.yml @@ -13,8 +13,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: test-install-memcached.yml +- name: Importing test-install-memcached + import_playbook: test-install-memcached.yml -- import_playbook: test-install-rabbitmq.yml +- name: Importing test-install-rabbitmq + import_playbook: test-install-rabbitmq.yml -- import_playbook: test-install-galera.yml +- name: Importing test-install-galera + import_playbook: test-install-galera.yml diff --git a/test-log-collect.sh b/test-log-collect.sh index 069167b1..bd52011d 100755 --- a/test-log-collect.sh +++ b/test-log-collect.sh @@ -82,6 +82,7 @@ COMMON_ETC_LOG_NAMES="almanach \ searchlight \ sasl2 \ swift \ + ssh \ sysconfig/network-scripts \ sysconfig/network \ systemd/network \ diff --git a/test-prepare-containers.yml b/test-prepare-containers.yml index 76798d4e..d2716333 100644 --- a/test-prepare-containers.yml +++ b/test-prepare-containers.yml @@ -25,7 +25,8 @@ tasks: - include_tasks: "common-tasks/test-set-nodepool-vars.yml" -- import_playbook: destroy_containers.yml +- name: Importing destroy_containers + import_playbook: destroy_containers.yml when: destroy_first | default(True) | bool - name: Playbook for creating containers diff --git a/test-prepare-host.yml b/test-prepare-host.yml index 40f3b2b4..26305a37 100644 --- a/test-prepare-host.yml +++ b/test-prepare-host.yml @@ -13,7 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -- import_playbook: test-repo-setup.yml +- name: Importing test-repo-setup + import_playbook: test-repo-setup.yml - name: Playbook for configuring hosts hosts: localhost @@ -34,16 +35,6 @@ tags: - skip_ansible_lint - - name: Set ssh key fact - set_fact: - lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}" - - - name: Ensure roots new public ssh key is in authorized_keys - authorized_key: - user: root - key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}" - manage_dir: no - # This is a very dirty hack due to images.linuxcontainers.org # constantly failing to resolve in openstack-infra. - name: Implement hard-coded hosts entries for consistently failing name @@ -82,7 +73,8 @@ openrc_openstack_client_config_dir_owner: "root" openrc_clouds_yml_file_owner: "root" -- import_playbook: test-install-openstack-hosts.yml +- name: Importing test-install-openstack-hosts + import_playbook: test-install-openstack-hosts.yml - name: Playbook for configuring the LXC host hosts: localhost @@ -104,7 +96,7 @@ - (lxc_net_manage_iptables is defined) and (lxc_net_manage_iptables | bool) - (iptables_clear is defined) and (iptables_clear is changed) notify: - - Restart dnsmasq + - Restart dnsmasq - name: Playbook for configuring test host networking hosts: localhost @@ -127,14 +119,14 @@ vars: systemd_interface_cleanup: true systemd_run_networkd: true - systemd_netdevs: |- # noqa var-spacing + systemd_netdevs: |- # noqa jinja[spacing] {% set systemd_network_devices = [] %} {% for interface in (bridges | default([])) %} {% if interface is string %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': 'dummy-' + interface, 'Kind': 'dummy'}}) %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': interface, 'Kind': 'bridge'}}) %} {% else %} - {% set interface_name = (interface.name | default('br-mgmt')) %} + {% set interface_name = interface.name | default('br-mgmt') %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': 'dummy-' + interface_name, 'Kind': 'dummy'}}) %} {% set _ = systemd_network_devices.append({'NetDev': {'Name': interface_name, 'Kind': 'bridge'}}) %} {% if interface.veth_peer is defined %} @@ -228,9 +220,9 @@ {% if interface is string %} {% set interface_name = interface %} {% else %} - {% set interface_name = (interface.name | default('br-mgmt')) %} + {% set interface_name = interface.name | default('br-mgmt') %} {% endif %} - {% set _ = interfaces.append(hostvars[inventory_hostname][('ansible_' + (interface_name | replace('-', '_')))]['active'] | bool ) %} + {% set _ = interfaces.append(hostvars[inventory_hostname][('ansible_' + (interface_name | replace('-', '_')))]['active'] | bool) %} {% endfor %} {{ interfaces }} diff --git a/test-prepare-keys.yml b/test-prepare-keys.yml index 53ec914a..cad7a181 100644 --- a/test-prepare-keys.yml +++ b/test-prepare-keys.yml @@ -33,11 +33,9 @@ mode: "0700" - name: Create ssh key pair for root - user: - name: root - generate_ssh_key: yes - ssh_key_bits: 2048 - ssh_key_file: /root/.ssh/id_rsa + community.crypto.openssh_keypair: + path: /root/.ssh/id_rsa + comment: "openstack-ansible-tests generated" - name: Get root private key slurp: @@ -55,14 +53,12 @@ set_fact: root_public_key: "{{ public_key_get.content | b64decode }}" root_private_key: "{{ private_key_get.content | b64decode }}" - lxc_container_ssh_key: "{{ public_key_get.content | b64decode }}" - - name: Ensure root can ssh to localhost + - name: Add root ssh key to authorized_keys authorized_key: user: "root" key: "{{ root_public_key }}" - # Note(hwoarang): # This uses local connection for the initial key setup # as no key is setup to allow a connection to localhost @@ -72,53 +68,55 @@ connection: local become: no any_errors_fatal: true + vars: + _user_id: "{{ lookup('env', 'USER') }}" tasks: - # Shell used because facts may not be ready yet - - name: Get user home directory - shell: | - set -o pipefail - getent passwd '{{ ansible_user_id }}' | cut -d':' -f6 - args: - executable: /bin/bash - register: user_home - changed_when: false + - name: Run following tasks only when current user is not root + when: + - _user_id != 'root' + block: + # Shell used because facts may not be ready yet + - name: Get user home directory + shell: | + set -o pipefail + getent passwd '{{ _user_id }}' | cut -d':' -f6 + args: + executable: /bin/bash + register: user_home + changed_when: false - - name: Set local user home fact - set_fact: - calling_user_home: "{{ user_home.stdout }}" + - name: Set local user home fact + set_fact: + calling_user_home: "{{ user_home.stdout }}" - - name: Ensure user has a .ssh directory - file: - path: "{{ calling_user_home }}/.ssh" - state: directory - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_gid }}" - mode: "0700" - when: ansible_user_id != 'root' + - name: Ensure user has a .ssh directory + file: + path: "{{ calling_user_home }}/.ssh" + state: directory + owner: "{{ _user_id }}" + group: "{{ _user_id }}" + mode: "0700" - - name: Ensure user has the known private key - copy: - content: "{{ root_private_key }}" - dest: "{{ calling_user_home }}/.ssh/id_rsa" - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_gid }}" - mode: "0600" - when: ansible_user_id != 'root' + - name: Ensure user has the known private key + copy: + content: "{{ root_private_key }}" + dest: "{{ calling_user_home }}/.ssh/id_rsa" + owner: "{{ _user_id }}" + group: "{{ _user_id }}" + mode: "0600" - - name: Ensure user has the known public key - copy: - content: "{{ root_public_key }}" - dest: "{{ calling_user_home }}/.ssh/id_rsa.pub" - owner: "{{ ansible_user_id }}" - group: "{{ ansible_user_gid }}" - mode: "0600" - when: ansible_user_id != 'root' + - name: Ensure user has the known public key + copy: + content: "{{ root_public_key }}" + dest: "{{ calling_user_home }}/.ssh/id_rsa.pub" + owner: "{{ _user_id }}" + group: "{{ _user_id }}" + mode: "0600" - - name: Ensure local user can ssh to localhost - authorized_key: - user: "{{ ansible_user_id }}" - key: "{{ root_public_key }}" - when: ansible_user_id != 'root' + - name: Ensure local user can ssh to localhost + authorized_key: + user: "{{ _user_id }}" + key: "{{ root_public_key }}" - name: Create SSHD CA hosts: "{{ openstack_ssh_keypairs_setup_host | default('localhost') }}" @@ -139,7 +137,7 @@ - name: Create CA certificates hosts: "{{ openstack_pki_setup_host | default('localhost') }}" - gather_facts: "false" + gather_facts: false become: true tasks: - name: "Create CA certificates" diff --git a/test-repo-setup.yml b/test-repo-setup.yml index 9667c98c..dad251f9 100644 --- a/test-repo-setup.yml +++ b/test-repo-setup.yml @@ -24,7 +24,7 @@ file: state: directory path: "{{ development_repo_directory }}" - mode: 0755 + mode: "0755" # Git clones for developer testing are expected to be in the # following structure, which mirrors how zuul v3 implements @@ -45,13 +45,13 @@ # matches the repo folder name. - name: Set var for git install branch copy: - dest: "{{ development_repo_directory }}/local-package-constraints-{{ test_branch | replace('/','_') }}.txt" + dest: "{{ development_repo_directory }}/local-package-constraints-{{ test_branch | replace('/', '_') }}.txt" content: | ## Ansible Managed {% for folder_path in projects_directory_find.stdout_lines %} file://{{ folder_path }}#egg={{ folder_path.split("/")[-1] }} {% endfor %} - mode: 0755 + mode: "0755" vars_files: - test-vars.yml diff --git a/test-requirements.txt b/test-requirements.txt index d118a6da..2efedd45 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -19,7 +19,7 @@ # Used for lint tests bashate>=0.5.1 # Apache-2.0 flake8==3.8.3 # MIT -ansible-lint==5.3.2 # MIT +ansible-lint==6.22.1 # MIT # Used to help make SNI connections work from python # if python itself does not support it properly (<2.7.9). diff --git a/tests/inventory b/tests/inventory index 28af82de..6f330092 100644 --- a/tests/inventory +++ b/tests/inventory @@ -1,7 +1,7 @@ [all] -localhost -infra1 ansible_host=10.1.0.2 ansible_become=True ansible_user=root container_name=infra1 -keystone1 ansible_host=10.1.0.3 ansible_become=True ansible_user=root container_name=keystone1 +localhost ansible_connection=local ansible_become=True is_metal=true physical_host=aio1 +infra1 ansible_host=10.1.0.2 ansible_become=True ansible_user=root container_name=infra1 container_tech=lxc +keystone1 ansible_host=10.1.0.3 ansible_become=True ansible_user=root container_name=keystone1 container_tech=lxc [all_containers] infra1 diff --git a/tests/test.yml b/tests/test.yml index 65bc4778..bc0321d2 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -14,22 +14,29 @@ # limitations under the License. # Prepare the user ssh keys -- import_playbook: common/test-prepare-keys.yml +- name: Importing test-prepare-keys + import_playbook: common/test-prepare-keys.yml # Prepare the host -- import_playbook: common/test-prepare-host.yml +- name: Importing test-prepare-host + import_playbook: common/test-prepare-host.yml # Prepare the containers -- import_playbook: common/test-prepare-containers.yml +- name: Importing test-prepare-containers + import_playbook: common/test-prepare-containers.yml # Install RabbitMQ/MariaDB/Memcached -- import_playbook: common/test-install-infra.yml +- name: Importing test-install-infra + import_playbook: common/test-install-infra.yml # Install Keystone -- import_playbook: common/test-install-keystone.yml +- name: Importing test-install-keystone + import_playbook: common/test-install-keystone.yml # Install Tempest -- import_playbook: common/test-install-tempest.yml +- name: Importing test-install-tempest + import_playbook: common/test-install-tempest.yml # Gather port status -- import_playbook: common/listening-port-report.yml +- name: Importing listening-port-report + import_playbook: common/listening-port-report.yml diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml index 59080744..9eb1c5de 100644 --- a/zuul.d/jobs.yaml +++ b/zuul.d/jobs.yaml @@ -75,7 +75,6 @@ - name: openstack/openstack-ansible-nspawn_container_create - name: openstack/openstack-ansible-nspawn_hosts - name: openstack/requirements - override-checkout: stable/2023.2 pre-run: zuul.d/playbooks/pre-gate-cleanup.yml run: zuul.d/playbooks/run.yml post-run: zuul.d/playbooks/post.yml @@ -99,7 +98,6 @@ timeout: 5400 # 90 mins vars: tox_env: functional - services_branch: stable/2023.2 - job: name: openstack-ansible-linters @@ -108,7 +106,7 @@ Run lint tests for an OpenStack-Ansible project. Uses tox with the ``linters`` environment. timeout: 1800 # 30 mins - nodeset: ubuntu-focal + nodeset: ubuntu-jammy vars: tox_env: linters