Merge changes from topic "OOM-1816"

* changes:
  Molecule test for infrastructure playbook.
  Add the prepare-package-repository role
  Add prepare-nexus role
  Add prepare-nginx role
  Add the prepare-dns role
  Add prepare-vncserver role
  Allow unsafe writes when modifying resolv.conf
  Add nexus_come_up_wait_retries variable to nexus role
  Remove docker restart condition from docker role

17 files changed, 342 insertions, 4 deletions

diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml
index 9916a81b..de4a52ac 100644
--- a/ansible/roles/docker/handlers/main.yml
+++ b/ansible/roles/docker/handlers/main.yml
@@ -1,6 +1,3 @@
 ---
 - name: Restart Docker
   import_tasks: docker_restart.yml
-  when:
-    - ansible_env.container is defined
-    - ansible_env.container != 'docker'
diff --git a/ansible/roles/nexus/defaults/main.yml b/ansible/roles/nexus/defaults/main.yml
index 92089e9a..8f636979 100644
--- a/ansible/roles/nexus/defaults/main.yml
+++ b/ansible/roles/nexus/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+nexus_come_up_wait_retries: 30
 # By default prepopulated nexus binary blob used.
 populate_nexus: false
 # By dafault no additional docker images pushed to nexus at runtime
diff --git a/ansible/roles/nexus/tasks/install.yml b/ansible/roles/nexus/tasks/install.yml
index f8de5e95..c88e5855 100644
--- a/ansible/roles/nexus/tasks/install.yml
+++ b/ansible/roles/nexus/tasks/install.yml
@@ -36,7 +36,7 @@
     password: admin123
     force_basic_auth: true
     method: GET
-  retries: 30
+  retries: "{{ nexus_come_up_wait_retries }}"
   delay: 10
   register: nexus_wait
   until: not nexus_wait.failed
diff --git a/ansible/roles/package-repository/tasks/main.yml b/ansible/roles/package-repository/tasks/main.yml
index 599e1052..7dc2e76f 100644
--- a/ansible/roles/package-repository/tasks/main.yml
+++ b/ansible/roles/package-repository/tasks/main.yml
@@ -5,6 +5,7 @@
     path: /etc/resolv.conf
     state: present
     insertbefore: BOF
+    unsafe_writes: true
 
 - name: Disable all OS default repositories
   block:
diff --git a/ansible/test/play-infrastructure/.yamllint b/ansible/test/play-infrastructure/.yamllint
new file mode 100644
index 00000000..ad0be760
--- /dev/null
+++ b/ansible/test/play-infrastructure/.yamllint
@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable
diff --git a/ansible/test/play-infrastructure/molecule/default/molecule.yml b/ansible/test/play-infrastructure/molecule/default/molecule.yml
new file mode 100644
index 00000000..894ab804
--- /dev/null
+++ b/ansible/test/play-infrastructure/molecule/default/molecule.yml
@@ -0,0 +1,73 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: infrastructure-server
+    image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+    pre_build_image: true
+    privileged: true
+    override_command: false
+    restart_policy: unless-stopped
+    volumes:
+      - /var/lib/docker
+      - /opt/onap
+    groups:
+      - infrastructure
+    networks:
+      - name: infrastructure-net
+    purge_networks: true
+
+  - name: kubernetes-node-1
+    image: molecule-${PREBUILD_PLATFORM_DISTRO:-centos}:${PREBUILD_DISTRO_VERSION:-centos7.6}
+    pre_build_image: true
+    privileged: true
+    override_command: false
+    restart_policy: unless-stopped
+    env:
+      container: docker
+    volumes:
+      - /var/lib/docker
+    groups:
+      - kubernetes
+    networks:
+      - name: infrastructure-net
+    purge_networks: true
+
+provisioner:
+  name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: ../../../roles:../../../../roles/
+    ANSIBLE_LIBRARY: ../../../../library
+  inventory:
+    links:
+      group_vars: ../../../../group_vars
+  lint:
+    name: ansible-lint
+scenario:
+  name: default
+  test_sequence:
+    - lint
+    - cleanup
+    - destroy
+    - dependency
+    - syntax
+    - create
+    - prepare
+    - converge
+    # - idempotence
+    # --> Action: 'idempotence'
+    # ERROR: Idempotence test failed because of the following tasks:
+    # * [infrastructure-server -> 10.0.2.15] => certificates : Generate an OpenSSL CSR.
+    # * [infrastructure-server -> 10.0.2.15] => certificates : Generate root CA certificate
+    - side_effect
+    - verify
+    - cleanup
+    - destroy
+verifier:
+  name: testinfra
+  lint:
+    name: flake8
diff --git a/ansible/test/play-infrastructure/molecule/default/playbook.yml b/ansible/test/play-infrastructure/molecule/default/playbook.yml
new file mode 100644
index 00000000..26b3c15d
--- /dev/null
+++ b/ansible/test/play-infrastructure/molecule/default/playbook.yml
@@ -0,0 +1,11 @@
+---
+- name: Common setup for all hosts
+  hosts: all
+  tasks:
+    - name: Set cluster_ip variable
+      set_fact:
+        cluster_ip: "{{ ansible_default_ipv4.address }}"
+    - name: Include variables
+      include_vars: vars.yml
+
+- import_playbook: ../../../../infrastructure.yml
diff --git a/ansible/test/play-infrastructure/molecule/default/prepare.yml b/ansible/test/play-infrastructure/molecule/default/prepare.yml
new file mode 100644
index 00000000..86e25b48
--- /dev/null
+++ b/ansible/test/play-infrastructure/molecule/default/prepare.yml
@@ -0,0 +1,25 @@
+---
+- name: Prepare infra
+  hosts: infrastructure
+  roles:
+    - prepare-package-repository
+    - prepare-chrony
+    - prepare-vncserver
+    - prepare-nginx
+    - prepare-nexus
+    - prepare-dns
+    - prepare-firewall
+  vars_files:
+    - vars.yml
+    - ../../../../roles/nginx/defaults/main.yml
+    - ../../../../roles/vncserver/defaults/main.yml
+    - ../../../../roles/nexus/defaults/main.yml
+    - ../../../../roles/dns/defaults/main.yml
+
+- name: Prepare kubernetes
+  hosts: kubernetes
+  roles:
+    - prepare-chrony
+    - prepare-firewall
+  vars_files:
+    - vars.yml
diff --git a/ansible/test/play-infrastructure/molecule/default/tests/test_nodes.py b/ansible/test/play-infrastructure/molecule/default/tests/test_nodes.py
new file mode 100644
index 00000000..c0ce64f2
--- /dev/null
+++ b/ansible/test/play-infrastructure/molecule/default/tests/test_nodes.py
@@ -0,0 +1,11 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('kubernetes')
+
+
+def test_registry_access(host):
+    assert host.run(
+      'docker login -u admin -p admin123 nexus3.onap.org:10001').rc == 0
diff --git a/ansible/test/play-infrastructure/molecule/default/vars.yml b/ansible/test/play-infrastructure/molecule/default/vars.yml
new file mode 100644
index 00000000..e91eadb2
--- /dev/null
+++ b/ansible/test/play-infrastructure/molecule/default/vars.yml
@@ -0,0 +1,24 @@
+---
+vnc_passwd: molecule
+certificates:
+  organization_name: Molecule Testers
+  state_or_province_name: Finland
+  country_name: FI
+  locality_name: Tampere
+app_name: onap
+app_data_path: "/opt/{{ app_name }}"
+
+nexus_come_up_wait_retries: 60
+populate_nexus: true  # Different from default, molecule tests also nexus's configure.yml
+
+molecule_test_registry: nexus3.onap.org:10001
+# Different from default i.e. also additional images population is tested with molecule
+runtime_images:
+  busybox:
+    registry: "{{ molecule_test_registry }}"
+    path: "/onap/components/busybox"
+    tag: "latest"
+  aaionap-haproxy:
+    registry: "{{ molecule_test_registry }}"
+    path: "/onap/components/aaionap/haproxy"
+    tag: "1.2.4"
diff --git a/ansible/test/roles/prepare-dns/tasks/main.yml b/ansible/test/roles/prepare-dns/tasks/main.yml
new file mode 100644
index 00000000..7907f868
--- /dev/null
+++ b/ansible/test/roles/prepare-dns/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: "Create needed dirs for dns role"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "u+rw,g+wx,o+rwx"
+    recurse: true
+  loop:
+    - "{{ app_data_path }}/cfg"
+    - "{{ infra_images_path }}"
+
+- name: Download and archive dnsmasq docker image for the dns role to use
+  delegate_to: localhost
+  docker_image:
+    name: andyshinn/dnsmasq
+    tag: 2.76
+    archive_path: /tmp/dnsmasq.tar
+
+- name: Copy dnsmasq image to node
+  copy:
+    src: /tmp/dnsmasq.tar
+    dest: "{{ infra_images_path }}/{{ dns_server_image_tar }}"
diff --git a/ansible/test/roles/prepare-nexus/tasks/main.yml b/ansible/test/roles/prepare-nexus/tasks/main.yml
new file mode 100644
index 00000000..4ef40f5e
--- /dev/null
+++ b/ansible/test/roles/prepare-nexus/tasks/main.yml
@@ -0,0 +1,70 @@
+---
+- name: Add nexus simulation hosts to /etc/hosts
+  lineinfile:
+    regexp: "^{{ ansible_default_ipv4.address | regex_escape() }} {{ etc_hosts | join(' ') | regex_escape() }}$"
+    line: "{{ ansible_default_ipv4.address }} {{ etc_hosts | join(' ') }}"
+    insertafter: EOF
+    path: /etc/hosts
+    unsafe_writes: true
+
+- name: "Create needed dirs for nexus role"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "u+rw,g+wx,o+rwx"
+    recurse: true
+  loop:
+    - "{{ app_data_path }}/nexus_data"
+    - "{{ infra_images_path }}"
+    - "{{ aux_data_path }}"
+
+- name: Download and archive nexus docker image for the nexus role to use
+  delegate_to: localhost
+  docker_image:
+    name: "{{ nexus3_image }}"
+    archive_path: /tmp/nexus.tar
+
+- name: Download and tag additional (busybox) docker image for the nexus role to populate into
+  delegate_to: localhost
+  docker_image:
+    name: busybox
+    tag: latest
+    repository: nexus3.onap.org:10001/onap/components/busybox
+
+- name: Save busybox image
+  delegate_to: localhost
+  docker_image:
+    name: nexus3.onap.org:10001/onap/components/busybox
+    tag: latest
+    pull: false
+    archive_path: /tmp/busybox.tar
+
+- name: Download and tag additional (aaionap/haproxy) docker image for the nexus role to populate into nexus
+  delegate_to: localhost
+  docker_image:
+    name: aaionap/haproxy
+    tag: 1.2.4
+    repository: nexus3.onap.org:10001/onap/components/aaionap/haproxy
+
+- name: Save haproxy image
+  delegate_to: localhost
+  docker_image:
+    name: nexus3.onap.org:10001/onap/components/aaionap/haproxy
+    tag: 1.2.4
+    pull: false
+    archive_path: /tmp/haproxy.tar
+
+- name: Copy nexus image to node
+  copy:
+    src: /tmp/nexus.tar
+    dest: "{{ infra_images_path }}/{{ nexus3_image_tar }}"
+
+- name: Copy busybox image to node
+  copy:
+    src: /tmp/busybox.tar
+    dest: "{{ aux_data_path }}/busybox.tar"
+
+- name: Copy haproxy image to node
+  copy:
+    src: /tmp/haproxy.tar
+    dest: "{{ aux_data_path }}/aaionap-haproxy.tar"
diff --git a/ansible/test/roles/prepare-nexus/vars/main.yml b/ansible/test/roles/prepare-nexus/vars/main.yml
new file mode 100644
index 00000000..d2ee3548
--- /dev/null
+++ b/ansible/test/roles/prepare-nexus/vars/main.yml
@@ -0,0 +1,5 @@
+---
+# Hosts to be added to /etc/hosts file.
+etc_hosts:
+  - nexus.infrastructure-server
+  - nexus3.onap.org
diff --git a/ansible/test/roles/prepare-nginx/tasks/main.yml b/ansible/test/roles/prepare-nginx/tasks/main.yml
new file mode 100644
index 00000000..3cd93990
--- /dev/null
+++ b/ansible/test/roles/prepare-nginx/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: "Create needed dirs for nginx role"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "u+rw,g+wx,o+rwx"
+    recurse: true
+  loop:
+    - "{{ infra_images_path }}"
+
+- name: Build nginx docker image
+  delegate_to: localhost
+  docker_image:
+    path: ../../../../../build/creating_data/create_nginx_image/
+    name: own_nginx
+    tag: 2.0.0
+
+- name: Archive nginx docker image for the nginx role to use
+  delegate_to: localhost
+  docker_image:
+    name: own_nginx
+    tag: 2.0.0
+    archive_path: /tmp/nginx.tar
+
+- name: Copy nginx image to node
+  copy:
+    src: /tmp/nginx.tar
+    dest: "{{ infra_images_path }}/{{ nginx_server_image_tar }}"
diff --git a/ansible/test/roles/prepare-package-repository/tasks/main.yml b/ansible/test/roles/prepare-package-repository/tasks/main.yml
new file mode 100644
index 00000000..66f81d6d
--- /dev/null
+++ b/ansible/test/roles/prepare-package-repository/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: Add Docker-CE repo
+  yum_repository:
+    name: docker-ce
+    description: Docker-ce YUM repo
+    baseurl: https://download.docker.com/linux/centos/7/x86_64/stable/
+    gpgcheck: true
+    gpgkey: https://download.docker.com/linux/centos/gpg
+
+- name: Install createrepo
+  yum:
+    name: createrepo
+    state: present
+
+- name: "Ensure {{ rhel_pkg_dir }} exists"
+  file:
+    path: "{{ rhel_pkg_dir }}"
+    state: directory
+
+- name: Download rpm packages
+  command: "yumdownloader --destdir={{ rhel_pkg_dir }} --resolve {{ packages | join(' ') }}"
+
+- name: Index repository
+  command: "createrepo {{ rhel_pkg_dir }}"
+  args:
+    creates: "{{ rhel_pkg_dir }}/repodata"
diff --git a/ansible/test/roles/prepare-package-repository/vars/main.yml b/ansible/test/roles/prepare-package-repository/vars/main.yml
new file mode 100644
index 00000000..80944284
--- /dev/null
+++ b/ansible/test/roles/prepare-package-repository/vars/main.yml
@@ -0,0 +1,12 @@
+---
+rhel_pkg_dir: "{{ app_data_path }}/pkg/rhel"
+packages:
+- "docker-ce-18.09.5"
+- container-selinux
+- docker-ce-cli
+- containerd.io
+- python-jsonpointer
+- python-docker-py
+- python-docker-pycreds
+- python-ipaddress
+- python-websocket-client
diff --git a/ansible/test/roles/prepare-vncserver/tasks/main.yml b/ansible/test/roles/prepare-vncserver/tasks/main.yml
new file mode 100644
index 00000000..cb7a5f8a
--- /dev/null
+++ b/ansible/test/roles/prepare-vncserver/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: "Create needed dirs for vncserver role"
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "u+rw,g+wx,o+rwx"
+    recurse: true
+  loop:
+    - "{{ infra_images_path }}"
+
+- name: Download and archive vncserver docker image for the vncserver role to use
+  delegate_to: localhost
+  docker_image:
+    name: "{{ vnc_server_image }}"
+    state: present
+    archive_path: /tmp/vncserver.tar
+
+- name: Copy vnc server image to node
+  copy:
+    src: /tmp/vncserver.tar
+    dest: "{{ infra_images_path }}/{{ vnc_server_image_tar }}"