From 61ddb2d87a3375bf5aa34a9c9813bc347e915481 Mon Sep 17 00:00:00 2001
From: Steve Wilkerson <wilkers.steve@gmail.com>
Date: Tue, 22 Jan 2019 15:24:45 -0600
Subject: [PATCH] Add Armada job for testing update of chart passwords

This adds both a periodic and experimental job for deploying Ceph
and the OSH components via Armada. This job will then generate new
passphrases for the OSH components, render an updated manifest for
the OSH components including the new passphrases, then applies the
updated OSH manifest to validate the ability for all deployed
charts to update those passphrases successfully
Change-Id: I42d19bbf8161b60311c4b8101217cdcfbdf6b568
---
 .../armada/040-armada-update-passwords.sh     | 54 ++++++++++++
 .../armada/generate-osh-passwords.sh          |  1 +
 .../armada/manifests/armada-osh.yaml          |  5 ++
 .../playbooks/armada-update-uuid-deploy.yaml  | 84 -------------------
 .../playbooks/gather-armada-manifests.yaml    |  1 +
 zuul.d/jobs-openstack-helm.yaml               | 28 +++++++
 zuul.d/project.yaml                           |  2 +
 7 files changed, 91 insertions(+), 84 deletions(-)
 create mode 100755 tools/deployment/armada/040-armada-update-passwords.sh
 delete mode 100644 tools/gate/playbooks/armada-update-uuid-deploy.yaml

diff --git a/tools/deployment/armada/040-armada-update-passwords.sh b/tools/deployment/armada/040-armada-update-passwords.sh
new file mode 100755
index 0000000000..c04ece3212
--- /dev/null
+++ b/tools/deployment/armada/040-armada-update-passwords.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Copyright 2017 The Openstack-Helm Authors.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+# Empty previous password file contents
+> /tmp/osh-passwords.env
+
+source ./tools/deployment/armada/generate-passwords.sh
+: ${OSH_INFRA_PATH:="../openstack-helm-infra"}
+: ${OSH_PATH:="./"}
+
+[ -s /tmp/ceph-fs-uuid.txt ] || uuidgen > /tmp/ceph-fs-uuid.txt
+#NOTE(portdirect): to use RBD devices with Ubuntu kernels < 4.5 this
+# should be set to 'hammer'
+. /etc/os-release
+if [ "x${ID}" == "xubuntu" ] && \
+   [ "$(uname -r | awk -F "." '{ print $2 }')" -lt "5" ]; then
+  export CRUSH_TUNABLES=hammer
+else
+  export CRUSH_TUNABLES=null
+fi
+
+export CEPH_NETWORK=$(./tools/deployment/multinode/kube-node-subnet.sh)
+export CEPH_FS_ID="$(cat /tmp/ceph-fs-uuid.txt)"
+export TUNNEL_DEVICE=$(ip -4 route list 0/0 | awk '{ print $5; exit }')
+export OSH_INFRA_PATH
+export OSH_PATH
+
+# NOTE(srwilkers): We add this here due to envsubst expanding the ${tag} placeholder in
+# fluentd's configuration. This ensures the placeholder value gets rendered appropriately
+export tag='${tag}'
+
+echo "Rendering new osh manifest"
+envsubst < ./tools/deployment/armada/manifests/armada-osh.yaml > /tmp/updated-password-armada-osh.yaml
+
+echo "Validating new osh manifest"
+armada validate /tmp/updated-password-armada-osh.yaml
+
+echo "Applying new osh manifest"
+armada apply /tmp/updated-password-armada-osh.yaml
diff --git a/tools/deployment/armada/generate-osh-passwords.sh b/tools/deployment/armada/generate-osh-passwords.sh
index 73ee217073..a09ea82a8a 100755
--- a/tools/deployment/armada/generate-osh-passwords.sh
+++ b/tools/deployment/armada/generate-osh-passwords.sh
@@ -34,6 +34,7 @@ passwords="BARBICAN_DB_PASSWORD \
     KEYSTONE_AUTHTOKEN_MEMCACHED_SECRET_KEY \
     KEYSTONE_DB_PASSWORD \
     KEYSTONE_RABBITMQ_USER_PASSWORD \
+    METADATA_PROXY_SHARED_SECRET \
     NEUTRON_DB_PASSWORD \
     NEUTRON_RABBITMQ_USER_PASSWORD \
     NEUTRON_USER_PASSWORD \
diff --git a/tools/deployment/armada/manifests/armada-osh.yaml b/tools/deployment/armada/manifests/armada-osh.yaml
index 7011e7050c..91d21a9d7d 100644
--- a/tools/deployment/armada/manifests/armada-osh.yaml
+++ b/tools/deployment/armada/manifests/armada-osh.yaml
@@ -1021,6 +1021,8 @@ data:
         formatter_default:
           format: "%(message)s"
       nova:
+        neutron:
+          metadata_proxy_shared_secret: ${METADATA_PROXY_SHARED_SECRET}
         libvirt:
           virt_type: qemu
           cpu_mode: none
@@ -1206,6 +1208,9 @@ data:
           max_l3_agents_per_router: 5
           l3_ha_network_type: vxlan
           dhcp_agents_per_network: 2
+      metadata_agent:
+        DEFAULT:
+          metadata_proxy_shared_secret: ${METADATA_PROXY_SHARED_SECRET}
       plugins:
         ml2_conf:
           ml2_type_flat:
diff --git a/tools/gate/playbooks/armada-update-uuid-deploy.yaml b/tools/gate/playbooks/armada-update-uuid-deploy.yaml
deleted file mode 100644
index 3a73603591..0000000000
--- a/tools/gate/playbooks/armada-update-uuid-deploy.yaml
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright 2017 The Openstack-Helm Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- hosts: primary
-  gather_facts: True
-  tasks:
-    - name: installing ipcalc on Ubuntu
-      become: true
-      become_user: root
-      when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
-      apt:
-        name: ipcalc
-        state: present
-    - name: Install python3-pip for armada
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set xe;
-        ./tools/deployment/armada/010-armada-host-setup.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Build armada
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set xe;
-        ./tools/deployment/armada/015-armada-build.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Render all Armada manifests
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/020-armada-render-manifests.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Validate all Armada manifests
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/025-armada-validate-manifests.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Apply all Armada manifests
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/030-armada-apply-manifests.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
-    - name: Updated release uuid for all manifests and reapply
-      environment:
-        OSH_EXTRA_HELM_ARGS: "{{ zuul_osh_extra_helm_args_relative_path | default('') }}"
-        OSH_INFRA_PATH: "{{ zuul_osh_infra_relative_path | default('') }}"
-        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
-      shell: |
-        set -xe;
-        ./tools/deployment/armada/035-armada-update-uuid.sh
-      args:
-        chdir: "{{ zuul_osh_relative_path | default(zuul.project.src_dir) }}"
diff --git a/tools/gate/playbooks/gather-armada-manifests.yaml b/tools/gate/playbooks/gather-armada-manifests.yaml
index 46da1ff959..a4da80c10a 100644
--- a/tools/gate/playbooks/gather-armada-manifests.yaml
+++ b/tools/gate/playbooks/gather-armada-manifests.yaml
@@ -30,6 +30,7 @@
         - updated-armada-ceph
         - updated-armada-lma
         - updated-armada-osh
+        - updated-password-armada-osh
       args:
         executable: /bin/bash
       ignore_errors: True
diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml
index 6144659ae4..23303cf347 100644
--- a/zuul.d/jobs-openstack-helm.yaml
+++ b/zuul.d/jobs-openstack-helm.yaml
@@ -229,6 +229,34 @@
         - ./tools/deployment/armada/030-armada-apply-manifests.sh
         - ./tools/deployment/armada/035-armada-update-uuid.sh
 
+- job:
+    timeout: 10800
+    name: openstack-helm-armada-update-passwords
+    parent: openstack-helm-functional-temp
+    nodeset: openstack-helm-five-node-ubuntu
+    roles:
+      - zuul: openstack/openstack-helm-infra
+    pre-run:
+      - tools/gate/playbooks/osh-infra-upgrade-host.yaml
+      - tools/gate/playbooks/osh-infra-deploy-docker.yaml
+      - tools/gate/playbooks/osh-infra-build.yaml
+      - tools/gate/playbooks/osh-infra-deploy-k8s.yaml
+    run: tools/gate/playbooks/osh-gate-runner.yaml
+    post-run:
+      - tools/gate/playbooks/osh-infra-collect-logs.yaml
+      - tools/gate/playbooks/gather-armada-manifests.yaml
+    required-projects:
+      - openstack/openstack-helm-infra
+    vars:
+      zuul_osh_infra_relative_path: ../openstack-helm-infra/
+      gate_scripts:
+        - ./tools/deployment/armada/010-armada-host-setup.sh
+        - ./tools/deployment/armada/015-armada-build.sh
+        - ./tools/deployment/armada/020-armada-render-manifests.sh
+        - ./tools/deployment/armada/025-armada-validate-manifests.sh
+        - ./tools/deployment/armada/030-armada-apply-manifests.sh
+        - ./tools/deployment/armada/040-armada-update-passwords.sh
+
 - job:
     name: openstack-helm-multinode-temp-ubuntu
     parent: openstack-helm-multinode-temp
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 4124faa71d..aa6c9a20ed 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -46,6 +46,7 @@
         - openstack-helm-ironic-ubuntu
         - openstack-helm-armada-deploy
         - openstack-helm-armada-update-uuid
+        - openstack-helm-armada-update-passwords
     experimental:
       jobs:
         # - openstack-helm-multinode-temp-centos
@@ -54,3 +55,4 @@
         # - openstack-helm-multinode-temp-tempest
         - openstack-helm-armada-deploy
         - openstack-helm-armada-update-uuid
+        - openstack-helm-armada-update-passwords