summaryrefslogtreecommitdiffstats
path: root/ansible
AgeCommit message (Collapse)AuthorFilesLines
2019-06-03Add etcd group support to rke roleMichal Zegan4-1/+17
Etcd cluster is now placed in members of kubernetes-etcd group instead of kubernetes-node. Due to defaults, it means infra is the only etcd by default. Change-Id: Iae05a42442849e4a248d73c2d78f5e2b0eae7255 Issue-ID: OOM-1778 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-06-03Add kubernetes-etcd groupMichal Zegan1-0/+6
This group will contain kubernetes etcd cluster. It is separated from kubernetes control plane and, especially, nodes. There are of course no restrictions as to which machines can be etcd. Default is infrastructure-server. Change-Id: I8d3ab9b9e4680f57ea8f595d7be3ed6e2d32764c Issue-ID: OOM-1778 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-06-03Make rke to use new group structureMichal Zegan5-13/+10
Rke playbook/role is modified to take advantage of the new group structure. Namely, all members of kubernetes group are treated as cluster members independent of their role. The role itself is selected in cluster.yml.j2 template based on actual membership in either kubernetes-node or kubernetes-control-plane group. Change-Id: I9a5bbfd090aff17018a610a01d6f88d848fc26c4 Issue-ID: OOM-1778 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-06-03Add kubernetes-node group for workersMichal Zegan2-14/+17
Moved all kubernetes nodes from the kubernetes to kubernetes-node group, and made the kubernetes group a parent of both kubernetes-node and kubernetes-control-plane. The reason is that we still need to have separate groups for control planes and for nodes, but some operations are performed equally on any kind of kubernetes cluster member, and currently one would need to separately include all related groups one by one. Example of such common operation is installation of docker, that was not performed for kubernetes-control-plane group, so that docker was not installed on control planes that were neither infra nor nodes. The side effect of this change is that if infrastructure server is also a cluster member, it lands in a kubernetes group by default, and node specific setup would be performed on it. For that reason, playbook is modified to perform this setup on all kubernetes cluster members except the infra server. Change-Id: Ic827002d28e535334dbab7e5ad4aed8aa95c97a9 Issue-ID: OOM-1778 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-06-03Add molecule tests for rke roleMichal Zegan14-0/+290
This change adds molecule tests for the rke role, and modifies the rke role itself to be more idempotent/to pass linter. Note that this molecule test case uses a separate role to install docker in containers, that runs docker daemon inside of them instead of using host docker. Issue-ID: OOM-1778 Change-Id: I875f3ff2ab961e5428acee5a02287a8d2d6e9969 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-30Merge "Add Molecule tests for 'dns' role"Samuli Silvius7-2/+64
2019-05-30Merge "Make molecule tests for certificates independent from docker role"Samuli Silvius2-8/+6
2019-05-30Merge "Modify docker role to use dind"Samuli Silvius2-3/+7
2019-05-30Merge "prepare-docker-dind: make docker start optional"Samuli Silvius2-0/+4
2019-05-30Add Molecule tests for 'dns' roleBartek Grzybowski7-2/+64
This commit supplements 'Molecule test for infrastructure playbook' with role level tests. Change-Id: I14cdeedf1c80c0ee06bacf0a391ee1d7ccd6df55 Issue-ID: OOM-1841 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-30Modify rancher molecule tests to use dindMichal Zegan6-53/+12
This change modifies molecule tests of rancher role to use prepare-docker-dind. Also: - it modifies prepare-common role to retrieve cluster_ip of the actual node in question, - it fixes the rancher role itself to work at all by removing auto_remove. It has been tested by running molecule converge. Change-Id: I7af4e9998feedd5f8fc3df8215e03c1b0485529c Issue-ID: OOM-1864 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-30Merge "Add prepare-docker-dind role"Samuli Silvius3-0/+31
2019-05-29Merge changes from topic "OOM-1816"Michal Ptacek17-4/+342
* changes: Molecule test for infrastructure playbook. Add the prepare-package-repository role Add prepare-nexus role Add prepare-nginx role Add the prepare-dns role Add prepare-vncserver role Allow unsafe writes when modifying resolv.conf Add nexus_come_up_wait_retries variable to nexus role Remove docker restart condition from docker role
2019-05-29Merge "Add support for extra helm install arguments"Michal Ptacek3-1/+5
2019-05-29Molecule test for infrastructure playbook.Samuli Silvius6-0/+155
These tests execute the whole infrastructure playbook. Issue-ID: OOM-1816 Change-Id: I793191e05cb0b527c3da6d820c1916231e69d865 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add the prepare-package-repository roleMichal Zegan2-0/+38
This role may be used by infra playbook tests. It downloads docker rpm packages and their dependencies to disk and creates a simulated offline rpm repository that can then be used to test installation of packages. Change-Id: Ia1a1bed1b124e036219ccc12c4650ce446955f01 Issue-ID: OOM-1816 Signed-off-by: Michal Zegan <m.zegan@samsung.com> Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-05-29Add prepare-nexus roleMichal Zegan2-0/+75
This role can be used by nexus role/infra playbook tests. It downloads and archives the nexus image used by these tests. It also archives some example docker images that can be used to test runtime image pushing. Change-Id: I027dd5dda60ab0abba7701cb038f6552a72e3599 Issue-ID: OOM-1816 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add prepare-nginx roleMichal Zegan1-0/+28
This role can be used by nginx role/infra playbook tests. It builds and archives the nginx docker image used by these tests. Change-Id: I51052f4d587926be0331203fffd0bbd69a7dc58d Issue-ID: OOM-1816 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add the prepare-dns roleMichal Zegan1-0/+22
This role can be used by infra playbook or dns role tests to download the dnsmasq docker images used during test. Change-Id: I05d9ccd1f2ac3d635c032b43078ca9a2179cb547 Issue-ID: OOM-1818 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add prepare-vncserver roleMichal Zegan1-0/+21
This role is used by infra playbook tests introduced in a follow up commit and it downloads the docker vncserver image used during testing. This role may also be useful for vncserver role tests. Change-Id: Ib9fc8041519d716207f2c1887f68fb29faab911f Issue-ID: OOM-1816 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Allow unsafe writes when modifying resolv.confMichal Zegan1-0/+1
The package-repository role edits /etc/resolv.conf. Ansible modifies files atomically to prevent data loss on crash, but that does not work in docker containers because /etc/resolv.conf is bind-mounted. Allow ansible to fall back to non atomic writes in such cases. This makes it unnecessary to hack around this. Change-Id: I066205322de5cc06569e6ea3aa38885d3834f9cd Issue-ID: OOM-1816 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add nexus_come_up_wait_retries variable to nexus roleMichal Zegan2-1/+2
This variable is used to set the number of retries when waiting for nexus to be running. It may occassionally be useful to increase it on slower test environments. Change-Id: Id34106dd8f9a8b2b1949b80adb22fbec3df71e23 Issue-ID: OOM-1816 Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Remove docker restart condition from docker roleMichal Zegan1-3/+0
Docker role doesn't trigger docker restart when run in docker container (e.g. molecule). Remove the condition, as in dind case docker in container works same way as docker out of container. Change-Id: I8c80a09baccd76c78f2cbb8e474044351fd9b3d3 Issue-ID: OOM-1816 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-29Add support for extra helm install argumentsPetr Ospalý3-1/+5
Change-Id: Ie0b4e812acf6fba4e4b8f082533ab2f998456095 Issue-ID: OOM-1877 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com>
2019-05-24Modify docker role to use dindMichal Zegan3-6/+7
This modifies the docker role to use dind. Note that it now uses pepare-docker-dind role, but *disables* start of docker. Change-Id: I55ac8d1f69531ba7496c34f990818b894a7d02a5 Issue-ID: OOM-1864 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-24prepare-docker-dind: make docker start optionalMichal Zegan2-0/+4
This change makes it possible to disable docker start after prepare-docker-dind role executes. Needed for docker role that wants to start docker by itself. Note that the docker role also tries to install docker by itself, and prepare-docker-dind does the same. The reason is that it makes it possible to fix the version of installed docker. Change-Id: I7487bc46b316c0e6c782b22d8e24afea35c3c2d5 Issue-ID: OOM-1863 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-22Make molecule tests for certificates independent from docker roleMichal Zegan2-8/+6
Currently molecule tests for certificates role call the docker role just to make one handler available. It actually breaks best practices of unit testing, the docker role shouldn't be called nor tested in unit test of certificates role. This commit makes certificates role independent by just creating fake handlers. Change-Id: Iec7934c7c1f4e9b37ff523e1d86a3beaaa88bdcf Issue-ID: OOM-1864 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-22Make RKE the default cluster deployment toolBartek Grzybowski2-4/+17
This change substitutes rancher_kubernetes.yml for rke.yml in site.yml making the RKE default deployment mechanism for kubernetes cluster. Change-Id: Ie1a0cb1eb94a3c5e8efd5c2c7e682c0292bc9152 Issue-ID: OOM-1873 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-21Add prepare-docker-dind roleMichal Zegan3-0/+31
This change adds the prepare-docker-dind role intended to be used in tests to install docker on test containers. Contrary to the prepare-docker role it arranges for docker daemon to be launched inside of the test containers instead of using/polluting a test host. It is a prerequisite to the rke role molecule tests. Change-Id: I6be270758b01f7e9c4fa09aebcc32930c0977ea3 Issue-ID: OOM-1778 Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-21Fixing dnsmasq container not starting bugMichal Ptacek2-1/+4
Two problems are fixed in this commit. Firstly handler is not triggered so dnsmasq is not started. Secondly dns is not working due to loop in dns settings. Change-Id: If6874c99dcc42ef63da167abe8d1f7cdd8e0fcb1 Issue-ID: OOM-1866 Signed-off-by: Michal Ptacek <m.ptacek@partner.samsung.com>
2019-05-21Merge changes from topic "RHEL"Michal Ptacek6-27/+9
* changes: Upgrade docker version to 18.09.5 Update of docker for RHEL
2019-05-20Merge "Adding new simulated domains"Michal Ptacek1-0/+2
2019-05-20Add kubernetes dashboardPetr Ospalý6-1/+213
Either run kubectl proxy, but you must setup routes or kubectl on some node (only infra has kubectl by default). Another option is connecting onto the node where the dashboard is exposed via NodePort. Instructions are here: https://github.com/kubernetes/dashboard/wiki/Accessing-dashboard (1.7.X and above) Change-Id: I5a28f458c0ae949278b1e6eaf6eb063d09f93fc0 Issue-ID: OOM-1778 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-20Merge changes from topic "rke-support"Michal Ptacek13-13/+305
* changes: Add setup for kubectl and helm Add support for RKE kubernetes implementation
2019-05-17Upgrade docker version to 18.09.5Bartek Grzybowski6-27/+9
This patch upgrades docker version for Molecule tests to 18.09.5; it also sanitizes tasks in 'docker' role to supplement this change: https://gerrit.onap.org/r/c/87761/ Change-Id: I14beffafb129b24e7c15f8da45f1a25e27ccae9c Issue-ID: OOM-1852 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-17Add setup for kubectl and helmMichal Zegan8-13/+28
the kubeconfig is copied from the cluster config directory to ~/.kube/config. Also, the playbook runs kubectl and helm roles to install tools. Change-Id: I29ee98f6502bbb7923b1ae6812dd642ca206dbce Issue-ID: OOM-1778 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-17Add support for RKE kubernetes implementationPetr Ospalý8-0/+277
Added a new playbook rke.yml and role rke which uses rancher RKE: https://github.com/rancher/rke It's an implementation of the kubernetes from rancher.com folks and it is an alternative to the official kubernetes tool: kubeadm. NOTE: Rancher has a notion of a 'control plane' which cannot run with etcd on all nodes in a multi-node setup. Control-plane node is the first kubernetes node from the inventory (as of now). Change-Id: I0bf669442a5183efa20d44fb1cac823e7ce54348 Issue-ID: OOM-1778 Signed-off-by: Petr Ospalý <p.ospaly@partner.samsung.com> Signed-off-by: Michal Zegan <m.zegan@samsung.com>
2019-05-16Adding new simulated domainsTomáš Levora1-0/+3
Because of some new images in Dublin and RKE there need to be simulated additional following domains: k8s.gcr.io pndareg.ctao6.net quay.io Issue-ID: OOM-1859 Change-Id: Ib6a0f50722a2d6f37acaef114f2d496a6c9d9028 Signed-off-by: Tomáš Levora <t.levora@partner.samsung.com>
2019-05-16Molecule tests for application role.Samuli Silvius10-8/+184
Issue-ID: OOM-1812 Change-Id: Ifb6f5a10afb4014b20be77a4141371e561d346ce Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-05-15Merge "Fix idempotence issue in dns role"Samuli Silvius2-19/+12
2019-05-15Fix idempotence issue in dns roleBartek Grzybowski2-19/+12
Docker_container module was called twice: in a taks 'Start dns server container' and then as a handler but there was a divergent set o parameters for the module in them. This had the efect of the container being started by the means of the task itself but immediately after it was killed and started again by the handler because it had different set of arguments for the module. The fix is to include the handler itself as a task so the whole run is idempotent. Change-Id: I9078f9dfe5894d94d4b6a9e44411f034508992e7 Issue-ID: OOM-1845 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-14Fix idempotency issue in 'prepare-docker' roleBartek Grzybowski1-0/+2
This adds 'creates' arg to 'command' module used in the role scope. Change-Id: Ib500680114fb267cc08ab52f09fa691738ea4a1a Issue-ID: OOM-1850 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-10Merge "Don't set 'container' env in Molecule containers"Samuli Silvius5-12/+2
2019-05-10Molecule test for resources playbook.Samuli Silvius10-0/+162
Issue-ID: OOM-1813 Change-Id: I5c070f1ed20bf29b432c91e9de5d861267802b6d Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
2019-05-10Fix 'cleanup' stage in 'nfs' role testBartek Grzybowski1-0/+1
This commit reverts removal of 'ignore_unreachable' option in 'cleanup.yml' for 'nfs' role tests in 96a4baf. It's needed for cleanup stage to succeed if called prior to 'create' stage (default 'test' matrix behaviour) Change-Id: I9177fb950786f05a55c45a0089fb3632503f14f5 Issue-ID: OOM-1809 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-09Extending molecule test to playbooksMateusz Pilat3-3/+3
Review should also execute molecule tests for ansible/test/play-xxx when anything in /ansible/test has been changed Change-Id: I9a106a1c141b1053db6ac892e2dcecd4e646fd5b Issue-ID: OOM-1801 Signed-off-by: Mateusz Pilat <m.pilat@partner.samsung.com>
2019-05-09Don't set 'container' env in Molecule containersBartek Grzybowski5-12/+2
Molecule role tests that use pre build images had superfluous 'container' env variable declaration. It's not needed as this env is already set in Dockerfiles, for both: pre-built and custom built images. Change-Id: Iee9cc38919da894ee6cc6a2a5f1acc60d76865de Issue-ID: OOM-1841 Signed-off-by: Bartek Grzybowski <b.grzybowski@partner.samsung.com>
2019-05-06Add script to start review for offline installer in community JenkinsMateusz Pilat1-2/+4
script to detect what tests are supposed to be executed for a given change Change-Id: I8e392e5d67bb56ab7653d4a5176a3b8df1dc72c9 Issue-ID: OOM-1801 Signed-off-by: Mateusz Pilat <m.pilat@partner.samsung.com>
2019-05-06Merge "Fix for Molecule images build-all.sh"Michal Ptacek1-2/+2
2019-05-02Merge "Make 'prepare-docker' install proper docker-ce version"Michal Ptacek5-33/+27