summaryrefslogtreecommitdiffstats
path: root/ansible/roles
AgeCommit message (Collapse)AuthorFilesLines
2019-05-29Merge changes from topic "OOM-1816"Michal Ptacek4-4/+3
* changes: Molecule test for infrastructure playbook. Add the prepare-package-repository role Add prepare-nexus role Add prepare-nginx role Add the prepare-dns role Add prepare-vncserver role Allow unsafe writes when modifying resolv.conf Add nexus_come_up_wait_retries variable to nexus role Remove docker restart condition from docker role
2019-05-29Allow unsafe writes when modifying resolv.confMichal Zegan1-0/+1
The package-repository role edits /etc/resolv.conf. Ansible modifies files atomically to prevent data loss on crash, but that does not work in docker containers because /etc/resolv.conf is bind-mounted. Allow ansible to fall back to non atomic writes in such cases. This makes it unnecessary to hack around this. Change-Id: I066205322de5cc06569e6ea3aa38885d3834f9cd Issue-ID: OOM-1816 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add nexus_come_up_wait_retries variable to nexus roleMichal Zegan2-1/+2
This variable is used to set the number of retries when waiting for nexus to be running. It may occassionally be useful to increase it on slower test environments. Change-Id: Id34106dd8f9a8b2b1949b80adb22fbec3df71e23 Issue-ID: OOM-1816 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Remove docker restart condition from docker roleMichal Zegan1-3/+0
Docker role doesn't trigger docker restart when run in docker container (e.g. molecule). Remove the condition, as in dind case docker in container works same way as docker out of container. Change-Id: I8c80a09baccd76c78f2cbb8e474044351fd9b3d3 Issue-ID: OOM-1816 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add support for extra helm install argumentsPetr Ospalý3-1/+5
Change-Id: Ie0b4e812acf6fba4e4b8f082533ab2f998456095 Issue-ID: OOM-1877 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
2019-05-21Fixing dnsmasq container not starting bugMichal Ptacek2-1/+4
Two problems are fixed in this commit. Firstly handler is not triggered so dnsmasq is not started. Secondly dns is not working due to loop in dns settings. Change-Id: If6874c99dcc42ef63da167abe8d1f7cdd8e0fcb1 Issue-ID: OOM-1866 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-05-21Merge changes from topic "RHEL"Michal Ptacek2-1/+5
* changes: Upgrade docker version to 18.09.5 Update of docker for RHEL
2019-05-20Add kubernetes dashboardPetr Ospalý5-1/+212
Either run kubectl proxy, but you must setup routes or kubectl on some node (only infra has kubectl by default). Another option is connecting onto the node where the dashboard is exposed via NodePort. Instructions are here: https://github.com/kubernetes/dashboard/wiki/Accessing-dashboard (1.7.X and above) Change-Id: I5a28f458c0ae949278b1e6eaf6eb063d09f93fc0 Issue-ID: OOM-1778 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-20Merge changes from topic "rke-support"Michal Ptacek11-13/+268
* changes: Add setup for kubectl and helm Add support for RKE kubernetes implementation
2019-05-17Upgrade docker version to 18.09.5Bartek Grzybowski2-1/+5
This patch upgrades docker version for Molecule tests to 18.09.5; it also sanitizes tasks in 'docker' role to supplement this change: https://gerrit.onap.org/r/c/87761/ Change-Id: I14beffafb129b24e7c15f8da45f1a25e27ccae9c Issue-ID: OOM-1852 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-17Add setup for kubectl and helmMichal Zegan7-13/+26
the kubeconfig is copied from the cluster config directory to ~/.kube/config. Also, the playbook runs kubectl and helm roles to install tools. Change-Id: I29ee98f6502bbb7923b1ae6812dd642ca206dbce Issue-ID: OOM-1778 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-17Add support for RKE kubernetes implementationPetr Ospalý6-0/+242
Added a new playbook rke.yml and role rke which uses rancher RKE: https://github.com/rancher/rke It's an implementation of the kubernetes from rancher.com folks and it is an alternative to the official kubernetes tool: kubeadm. NOTE: Rancher has a notion of a 'control plane' which cannot run with etcd on all nodes in a multi-node setup. Control-plane node is the first kubernetes node from the inventory (as of now). Change-Id: I0bf669442a5183efa20d44fb1cac823e7ce54348 Issue-ID: OOM-1778 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-16Molecule tests for application role.Samuli Silvius8-8/+133
Issue-ID: OOM-1812 Change-Id: Ifb6f5a10afb4014b20be77a4141371e561d346ce Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-05-15Fix idempotence issue in dns roleBartek Grzybowski2-19/+12
Docker_container module was called twice: in a taks 'Start dns server container' and then as a handler but there was a divergent set o parameters for the module in them. This had the efect of the container being started by the means of the task itself but immediately after it was killed and started again by the handler because it had different set of arguments for the module. The fix is to include the handler itself as a task so the whole run is idempotent. Change-Id: I9078f9dfe5894d94d4b6a9e44411f034508992e7 Issue-ID: OOM-1845 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-10Merge "Don't set 'container' env in Molecule containers"Samuli Silvius5-12/+2
2019-05-10Fix 'cleanup' stage in 'nfs' role testBartek Grzybowski1-0/+1
This commit reverts removal of 'ignore_unreachable' option in 'cleanup.yml' for 'nfs' role tests in 96a4baf. It's needed for cleanup stage to succeed if called prior to 'create' stage (default 'test' matrix behaviour) Change-Id: I9177fb950786f05a55c45a0089fb3632503f14f5 Issue-ID: OOM-1809 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-09Don't set 'container' env in Molecule containersBartek Grzybowski5-12/+2
Molecule role tests that use pre build images had superfluous 'container' env variable declaration. It's not needed as this env is already set in Dockerfiles, for both: pre-built and custom built images. Change-Id: Iee9cc38919da894ee6cc6a2a5f1acc60d76865de Issue-ID: OOM-1841 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-26Cleanup Rancher containers after Molecule convergeBartek Grzybowski2-6/+6
Rancher role test do remove rancher/agent and rancher/server containers at 'cleanup' stage but Rancher Agent spawned containers are left orphaned. This patch adds tasks to remove them. This patch also adds custom ansible module for listing docker containers (as of ansible 2.7.10 no upstream module provides that feature, even new docker_container_info info module in ansible's devel branch doesn't have it) Change-Id: I6325dc81063b55b70136280273f8f6138c7a0375 Issue-ID: OOM-1811 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-24Merge changes from topic 'rancher_api'Michal Ptacek2-0/+81
* changes: Add support for resetting the admin password Add support for rancher authentication Refactor rancher1_api module Add support for rancher 1.6 API
2019-04-24Add support for resetting the admin passwordPetr Ospalý2-0/+9
The module rancher1_api can now reset an admin password of the default admin account (account_id: '1a1') and keep local authentication enabled. By default the authentication is not enabled, because the ansible module rancher_k8s_environment.py is not idempotent and it would need to be rewritten. Change-Id: Ib432537651b91216c32438ec1233dba3602e3faf Issue-ID: OOM-1734 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
2019-04-24Add support for rancher authenticationPetr Ospalý2-0/+20
This commit adds a new mode to the rancher1_api module, which enables the rancher local authentication (username/password). There is an already predefined rancher admin user called 'admin' and that is the account, which this mode modifies. Due to the complex API and the fact that rancher 1.6 is soon to be obsoleted, this module is going the simpler route and it is just editing this default admin account instead of creating a completely arbitrary username/password credentials. For that reason is using the 'account_id', which is unique for all accounts and the default admin account of rancher has '1a1'. As of now this module cannot handle changed password once the auth. is enabled. Change-Id: Iea8923c71bdb82267c966a00d62f0f43eb5adb76 Issue-ID: OOM-1734 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
2019-04-19Merge "Optimize test for 'resource-data' role"Samuli Silvius1-1/+1
2019-04-18Optimize test for 'resource-data' roleBartek Grzybowski1-1/+1
Moved 'file' package installation from Molecule's 'prepare' stage to Dockerfile to shorten the test invocation. Change-Id: Icbb805c54a4fd42003d0cde037fa56208bd6008a Issue-ID: OOM-1809 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-17Sanitize Molecule code for 'nfs' roleBartek Grzybowski2-4/+1
Cleaning up of nfs mounts should only happen on clients, not on server itself. Explicit declaration of 'cleanup' stage playbook not needed as it's in the default location. Change-Id: I54e00220048f01160c15fc9631ae62586596114c Issue-ID: OOM-1809 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-17Refactor rancher1_api modulePetr Ospalý1-8/+20
This rewrite enables to add easier more features supported by the rancher API. The initial idea of a simple get and set through the JSON REST API is not feasible. To achieve something with the API one may have to setup more options on different URLs and in a particular order. For this reason the module comes with the mechanism of "modes", which is a wrapper around some feature in the rancher and which can require multiple steps to do. Rancher1_api module could also support "raw" mode where the user will not be limited by a few implemented modes in the module, but he can craft all requests by hand - but due to the fact that such thing can be done easily with just curl command and ansible shell module, there is no benefit in doing so. Especially when rancher 1.6 is already obsoleted within the ONAP. The useful value of this module is to give the user a simple means to set something in the rancher and hide all the boilerplate from him via a mode. - Original logic was rewritten to utilize the "mode" mechanism. - New module structure is also easier to test outside of ansible. Issue-ID: OOM-1681 Change-Id: I0e7932199df9ec1acd80af545060199867ad17fa Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
2019-04-17Add support for rancher 1.6 APIPetr Ospalý2-0/+40
- New ansible module to handle rancher API - Setting up of the cattle db and log related options to achieve lower space usage. As of this moment it does what was intended: - it setups new values for db and log related options - it can be used for any other setting options Change-Id: I25048469df0cb035cc6eac39740210cdfa175ada Issue-ID: OOM-1681 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
2019-04-17Merge "Molecule tests for chrony role"Samuli Silvius6-4/+108
2019-04-17Improve nfs roleMichal Zegan8-8/+31
This commit improves the nfs role by using cluster_ip variable instead of ansible_host for getting nfs client/server address, and using /etc/exports.d instead of /etc/exports for exporting nfs filesystem. Also, this commit fixes other issues in molecule found along the way. Change-Id: Ibd4ea5d4fd937116e2dc9e1b6f85c3e019f62e17 Issue-ID: OOM-1770 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-04-17Molecule tests for rancher roleSamuli Silvius8-2/+155
Issue-ID: OOM-1775 Change-Id: I6ea11db932cd77e03909e4c72acc4b92a544eb4b Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-16Molecule tests for chrony roleBartek Grzybowski6-4/+108
Change-Id: I2cfee4ef44b1aa0ddff0b5d93712390988846c90 Issue-ID: OOM-1710 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-16Fix for running Molecule on Centos hostBartek Grzybowski1-0/+1
On Centos7.6 /dev/loop* device nodes are created dynamically upon alocation (by default there is no /dev/loop<N> device nodes) - this has effect of failing to allocate those in Docker container, even when run in privileged mode. Change-Id: If2c852de3a74ea7fe1df9f5c863f184b9bc13acb Issue-ID: OOM-1774 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-16Molecule tests for certificates roleSamuli Silvius11-2/+169
Issue-ID: OOM-1762 Change-Id: Ic13d7ec775a52ad95fc0388e8b84ea8ab7367666 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-16Molecule tests for docker roleSamuli Silvius6-2/+96
Issue-ID: OOM-1759 Change-Id: I9e1ee7f248147b3f7229625c7a20fa84e8e67aac Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-16Merge "Molecule tests for resource-data role"Michal Ptacek8-2/+134
2019-04-16Merge "Molecule tests for firewall role"Michal Ptacek6-0/+86
2019-04-16Merge "Molecule role tests for setup role"Michal Ptacek7-2/+83
2019-04-16Molecule role tests for setup roleSamuli Silvius7-2/+83
Issue-ID: OOM-1742 Change-Id: I3087952f3d4e5de20af83e714c0d5444999a5ee2 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-16Molecule tests for firewall roleSamuli Silvius6-0/+86
Issue-ID: OOM-1757 Change-Id: I48639bd0fb67383a58f736aa1c12c38e3ddc9ab0 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-16Molecule tests for package-repository roleSamuli Silvius8-4/+122
Issue-ID: OOM-1755 Change-Id: Iac20072200f24a3102c9ed2edf5c5aa8054dd9c2 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-16Molecule tests for resource-data roleSamuli Silvius8-2/+134
Initial molecule tests. Tests now ssh transfer but test files fully supports also testing nfs transfer. Creating nfs transfer as separate scenario later when find out better ways to share common code. Issue-ID: OOM-1754 Change-Id: Ia728ecfed4378c01f7e305d5a4446b0172fe42d9 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-04-09Update image name for MoleculeBartek Grzybowski1-2/+2
Sanitizing image name for Molecule testing with new updated naming pattern. Change-Id: I1565242f0ddd88b0df758ebb3519f2e059f22c02 Issue-ID: OOM-1774 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-05Changing version control for rancherTomáš Levora1-2/+2
Changing the way of version control for rancher in accordance with patchset #83634 Issue-ID: OOM-1767 Change-Id: I67f08dcf47f469c35da9a62ff435e187fae07724 Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
2019-04-05Adding versions for infra related docker imagesTomáš Levora9-26/+36
1. latest tag replaced by version number for vnc server 2. added specific version for own_nginx image 3. version control improved in ansible roles accordingly Solves OOM-1766 Issue-ID: OOM-1767 Change-Id: I147c56b46a419188099d8ed3e78fed68810893e2 Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
2019-04-05Merge changes I2e1aef32,Ib93e9d2aMichal Ptacek9-8/+130
* changes: Molecule test for nfs role Fix nfs role issues based on molecule testing
2019-04-03Merge "Improving docker restart handler"Michal Ptacek2-4/+19
2019-04-03Verify offline app repo is workingBartek Grzybowski2-0/+32
A patch for failing fast if configured offline application repository is not working properly. Just adding repo to repolist doesn't guarantee it's really operational. Change-Id: I65372b9b1ea5f5dcb797548b14e3ae1295668592 Issue-ID: OOM-1689 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-04-03Merge "Support time synchronization on hosts"Michal Ptacek4-0/+69
2019-04-03Merge "Improve kubectl role testability."Samuli Silvius1-1/+1
2019-04-03Merge "Improve rancher role testability"Samuli Silvius8-15/+32
2019-04-02Support time synchronization on hostsBartek Grzybowski4-0/+69
This change introduces functionality to synchronize infra/kube nodes' clock with external NTP authority. Configuring external time source is optional, however default behaviour will be to setup NTP time source on infra-node and sync kube-nodes clock with it. It's also possible to setup custom time zone. Change-Id: I725ce9a306da1977628b6c03d5ff10fca77fb3b0 Issue-ID: OOM-1710 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>