From 119fa5b0c08f31d4bc46f77e6d9b16d5dfe4470b Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 10 Mar 2025 20:54:03 +0100 Subject: [PATCH 01/12] CI: Remove cruft Remove unused variables, and intermediary ones. --- .gitlab-ci.yml | 1 + tests/Makefile | 12 ++++-------- .../roles/packet-ci/defaults/main.yml | 6 ------ tests/cloud_playbooks/roles/packet-ci/tasks/main.yml | 2 +- tests/scripts/testcases_run.sh | 3 +-- 5 files changed, 7 insertions(+), 17 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index eb7321dce..54717e8a4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,6 +18,7 @@ variables: GCE_PREEMPTIBLE: "false" ANSIBLE_KEEP_REMOTE_FILES: "1" ANSIBLE_CONFIG: ./tests/ansible.cfg + ANSIBLE_INVENTORY: /tmp/inventory RESET_CHECK: "false" REMOVE_NODE_CHECK: "false" UPGRADE_TEST: "false" diff --git a/tests/Makefile b/tests/Makefile index b05d5be63..70ad9a0f6 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -9,20 +9,16 @@ create-tf: delete-tf: ./scripts/delete-tf.sh -$(INVENTORY_DIR): +$(ANSIBLE_INVENTORY): mkdir $@ -create-packet: init-packet | $(INVENTORY_DIR) +create-packet: init-packet | $(ANSIBLE_INVENTORY) ansible-playbook cloud_playbooks/create-packet.yml -c local \ - -e @"files/${CI_JOB_NAME}.yml" \ - -e test_name="$(subst .,-,$(CI_PIPELINE_ID)-$(CI_JOB_ID))" \ - -e branch="$(CI_COMMIT_BRANCH)" \ - -e pipeline_id="$(CI_PIPELINE_ID)" \ - -e inventory_path=$| + -e @"files/${CI_JOB_NAME}.yml" delete-packet: ; -create-vagrant: | $(INVENTORY_DIR) +create-vagrant: | $(ANSIBLE_INVENTORY) vagrant up cp $(CI_PROJECT_DIR)/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory $| diff --git a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml index 5ec7ce046..b936deb25 100644 --- a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml @@ -6,16 +6,10 @@ vm_cpu_sockets: 1 vm_cpu_threads: 2 vm_memory: 2048 -# Replace invalid characters so that we can use the branch name in kubernetes labels -branch_name_sane: "{{ branch | regex_replace('/', '-') }}" - # Request/Limit allocation settings cpu_allocation_ratio: 0.25 memory_allocation_ratio: 1 -# Default path for inventory -inventory_path: "/tmp/{{ test_name }}/inventory" - # Deployment mode mode: all-in-one diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml index b360e3944..26658580b 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml @@ -45,5 +45,5 @@ - name: Create inventory for CI tests copy: content: "{{ ci_inventory | to_yaml }}" - dest: "{{ inventory_path }}/ci_inventory.yml" + dest: "{{ ansible_inventory_sources[0] }}/ci_inventory.yml" mode: "0644" diff --git a/tests/scripts/testcases_run.sh b/tests/scripts/testcases_run.sh index 89a8d641a..387641d6d 100755 --- a/tests/scripts/testcases_run.sh +++ b/tests/scripts/testcases_run.sh @@ -26,9 +26,8 @@ fi export ANSIBLE_REMOTE_USER=$SSH_USER export ANSIBLE_BECOME=true export ANSIBLE_BECOME_USER=root -export ANSIBLE_INVENTORY=/tmp/inventory/ -make -C tests INVENTORY_DIR=${ANSIBLE_INVENTORY} create-${CI_PLATFORM} -s +make -C tests create-${CI_PLATFORM} -s # Test collection build and install by installing our collection, emptying our repository, adding # cluster.yml, reset.yml, and remote-node.yml files that simply point to our collection's playbooks, and then From a8d494fb959ed013203532a5d094d840d8a79afe Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Thu, 6 Mar 2025 17:34:47 +0100 Subject: [PATCH 02/12] CI/kubevirt: allow every vars in kubevirt template to be overriden The current templating of kubevirt VirtualMachine relies on global ansible variables, except for the group the nodes are meant to be in. In order to have more flexibility (in particular, mixed OS cluster for instances), expect now an abitrary dict to be passed to the template ; this allows to embed directly in the nodes definition any variable used by the template. --- .../roles/packet-ci/tasks/main.yml | 5 +-- .../roles/packet-ci/templates/vm.yml.j2 | 2 +- .../roles/packet-ci/vars/main.yml | 38 +++++++++---------- 3 files changed, 21 insertions(+), 24 deletions(-) diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml index 26658580b..2c018b1e7 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml @@ -3,11 +3,8 @@ include_vars: "../files/{{ ci_job_name }}.yml" - name: Start vms for CI job - vars: - tvars: - kubespray_groups: "{{ item }}" kubernetes.core.k8s: - definition: "{{ lookup('template', 'vm.yml.j2', template_vars=tvars) }}" + definition: "{{ lookup('template', 'vm.yml.j2', template_vars=item) }}" loop: "{{ scenarios[mode | d('default')] }}" - name: Wait for vms to have IP addresses diff --git a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 index 920944963..8b5367dd9 100644 --- a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 +++ b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 @@ -6,7 +6,7 @@ metadata: namespace: {{ pod_namespace }} annotations: kubespray.com/ci.template-path: "tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2" - ansible_groups: "{{ kubespray_groups | join(',') }}" + ansible_groups: "{{ node_groups | join(',') }}" # This does not use a dns prefix because dots are hard to escape with map(attribute=) in Jinja labels: kubevirt.io/os: {{ cloud_image }} diff --git a/tests/cloud_playbooks/roles/packet-ci/vars/main.yml b/tests/cloud_playbooks/roles/packet-ci/vars/main.yml index 8eb9c7dbe..6a34bb1a8 100644 --- a/tests/cloud_playbooks/roles/packet-ci/vars/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/vars/main.yml @@ -2,31 +2,31 @@ # This is a list of nodes with groups for each scenario/cluster layouts scenarios: separate: - - ['kube_control_plane'] - - ['kube_node'] - - ['etcd'] + - node_groups: ['kube_control_plane'] + - node_groups: ['kube_node'] + - node_groups: ['etcd'] ha: - - ['kube_control_plane', 'etcd'] - - ['kube_control_plane', 'etcd'] - - ['kube_node', 'etcd'] + - node_groups: ['kube_control_plane', 'etcd'] + - node_groups: ['kube_control_plane', 'etcd'] + - node_groups: ['kube_node', 'etcd'] default: - - ['kube_control_plane', 'etcd'] - - ['kube_node'] + - node_groups: ['kube_control_plane', 'etcd'] + - node_groups: ['kube_node'] all-in-one: - - ['kube_control_plane', 'etcd', 'kube_node'] + - node_groups: ['kube_control_plane', 'etcd', 'kube_node'] ha-recover: - - ['kube_control_plane', 'etcd'] - - ['kube_control_plane', 'etcd', 'broken_kube_control_plane', 'broken_etcd'] - - ['kube_node', 'etcd'] + - node_groups: ['kube_control_plane', 'etcd'] + - node_groups: ['kube_control_plane', 'etcd', 'broken_kube_control_plane', 'broken_etcd'] + - node_groups: ['kube_node', 'etcd'] ha-recover-noquorum: - - ['kube_control_plane', 'etcd', 'broken_kube_control_plane', 'broken_etcd'] - - ['kube_control_plane', 'etcd', 'broken_kube_control_plane', 'broken_etcd'] - - ['kube_node', 'etcd'] + - node_groups: ['kube_control_plane', 'etcd', 'broken_kube_control_plane', 'broken_etcd'] + - node_groups: ['kube_control_plane', 'etcd', 'broken_kube_control_plane', 'broken_etcd'] + - node_groups: ['kube_node', 'etcd'] node-etcd-client: - - ['kube_node', 'kube_control_plane', 'etcd'] - - ['kube_node', 'etcd'] - - ['kube_node', 'etcd'] - - ['kube_node'] + - node_groups: ['kube_node', 'kube_control_plane', 'etcd'] + - node_groups: ['kube_node', 'etcd'] + - node_groups: ['kube_node', 'etcd'] + - node_groups: ['kube_node'] # Get pod metadata / CI vars from environment From d0f91adde4ccbf5b53063d23f166f15dd33acfbf Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Thu, 6 Mar 2025 17:44:24 +0100 Subject: [PATCH 03/12] CI: allow cluster layout to be fully defined by individual test --- tests/cloud_playbooks/roles/packet-ci/defaults/main.yml | 2 ++ tests/cloud_playbooks/roles/packet-ci/tasks/main.yml | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml index b936deb25..265019ed9 100644 --- a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml @@ -13,6 +13,8 @@ memory_allocation_ratio: 1 # Deployment mode mode: all-in-one +cluster_layout: "{{ scenarios[mode] }}" + # Cloud init config for each os type # distro: fedora -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU= # distro: rhel: -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo= diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml index 2c018b1e7..33ad2aa93 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml @@ -5,7 +5,7 @@ - name: Start vms for CI job kubernetes.core.k8s: definition: "{{ lookup('template', 'vm.yml.j2', template_vars=item) }}" - loop: "{{ scenarios[mode | d('default')] }}" + loop: "{{ cluster_layout }}" - name: Wait for vms to have IP addresses kubernetes.core.k8s_info: From e62bbe0c76bf890a98cb7f0ce22c0feb4cc86da9 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 10 Mar 2025 16:52:25 +0100 Subject: [PATCH 04/12] CI: adapt packet-ci role to act as a molecule provisioner To work with molecule, we need to use the name provided by molecule_yml in inventory. Inject the name in the VirtualMachineInstance (with a default to handle non-molecule scenario) and get it back as part of inventory). Account for no ansible groups --- tests/cloud_playbooks/create-packet.yml | 9 ++++++--- .../cloud_playbooks/roles/packet-ci/defaults/main.yml | 4 +++- tests/cloud_playbooks/roles/packet-ci/tasks/main.yml | 11 +++++++---- .../roles/packet-ci/templates/vm.yml.j2 | 2 +- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/tests/cloud_playbooks/create-packet.yml b/tests/cloud_playbooks/create-packet.yml index 26c39217f..bca137a0d 100644 --- a/tests/cloud_playbooks/create-packet.yml +++ b/tests/cloud_playbooks/create-packet.yml @@ -1,8 +1,11 @@ --- - - name: Provision Packet VMs hosts: localhost gather_facts: false become: true - roles: - - { role: packet-ci, vm_cleanup: false } + tasks: + - name: Create Kubevirt VMs + import_role: + name: packet-ci + - name: Update inventory for Molecule + meta: refresh_inventory diff --git a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml index 265019ed9..3f5bbec0b 100644 --- a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml @@ -13,7 +13,9 @@ memory_allocation_ratio: 1 # Deployment mode mode: all-in-one -cluster_layout: "{{ scenarios[mode] }}" +node_groups: +- 'all' +cluster_layout: "{{ molecule_yml.platforms | d(scenarios[mode]) }}" # Cloud init config for each os type # distro: fedora -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU= diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml index 33ad2aa93..925434c07 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml @@ -1,11 +1,14 @@ --- - name: Include custom vars for ci job include_vars: "../files/{{ ci_job_name }}.yml" + when: molecule_yml is not defined - name: Start vms for CI job kubernetes.core.k8s: definition: "{{ lookup('template', 'vm.yml.j2', template_vars=item) }}" loop: "{{ cluster_layout }}" + loop_control: + index_var: index - name: Wait for vms to have IP addresses kubernetes.core.k8s_info: @@ -24,17 +27,17 @@ - name: Massage VirtualMachineInstance data into an Ansible inventory structure vars: ips: "{{ vmis.resources | map(attribute='status.interfaces.0.ipAddress') }}" - names: "{{ vmis.resources | map(attribute='metadata.name') }}" - _groups: "{{ vmis.resources | map(attribute='metadata.annotations.ansible_groups') | map('split', ',') }}" + names: "{{ vmis.resources | map(attribute='metadata.annotations.inventory_name') }}" + _groups: "{{ (vmis.resources | map(attribute='metadata.annotations.ansible_groups') | map('split', ','))}}" hosts: "{{ ips | zip(_groups, names) - | map('zip', ['ansible_host', 'ansible_groups', 'k8s_vmi_name']) + | map('zip', ['ansible_host', 'ansible_groups', 'inventory_name']) | map('map', 'reverse') | map('community.general.dict') }}" loop: "{{ hosts | map(attribute='ansible_groups') | flatten | unique }}" set_fact: ci_inventory: "{{ ci_inventory|d({}) | combine({ item: { 'hosts': hosts | selectattr('ansible_groups', 'contains', item) - | rekey_on_member('k8s_vmi_name') + | rekey_on_member('inventory_name') } }) }}" diff --git a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 index 8b5367dd9..f5c3d3bd6 100644 --- a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 +++ b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 @@ -7,11 +7,11 @@ metadata: annotations: kubespray.com/ci.template-path: "tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2" ansible_groups: "{{ node_groups | join(',') }}" + inventory_name: "{{ name | d(cloud_image ~ '-' ~ index) }}" # This does not use a dns prefix because dots are hard to escape with map(attribute=) in Jinja labels: kubevirt.io/os: {{ cloud_image }} kubevirt.io/size: small - kubevirt.io/domain: "{{ test_name }}" ci_job_id: "{{ ci_job_id }}" ci_job_name: "{{ ci_job_name }}" # leverage the Kubernetes GC for resources cleanup From acc843a5fafc4e36f70d8032e5e3bee29ce95700 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 10 Mar 2025 16:53:05 +0100 Subject: [PATCH 05/12] CI: convert containerd molecule to use kubevirt provisionning --- .../containerd/molecule/default/molecule.yml | 42 ++++++++----------- 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/roles/container-engine/containerd/molecule/default/molecule.yml b/roles/container-engine/containerd/molecule/default/molecule.yml index 3ea60dc95..e34edf86c 100644 --- a/roles/container-engine/containerd/molecule/default/molecule.yml +++ b/roles/container-engine/containerd/molecule/default/molecule.yml @@ -1,40 +1,30 @@ --- role_name_check: 1 -driver: - name: vagrant - provider: - name: libvirt platforms: - - name: ubuntu20 - box: generic/ubuntu2004 - cpus: 1 - memory: 1024 - groups: + - cloud_image: ubuntu-2004 + name: ubuntu20 + vm_cpu_cores: 1 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm - - name: debian11 - box: generic/debian11 - cpus: 1 - memory: 1024 - groups: + - cloud_image: debian-11 + name: debian11 + vm_cpu_cores: 1 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm - - name: almalinux9 - box: almalinux/9 - cpus: 1 - memory: 1024 - groups: + - cloud_image: almalinux-9 + name: almalinux9 + vm_cpu_cores: 1 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm provisioner: name: ansible env: @@ -43,5 +33,7 @@ provisioner: defaults: callbacks_enabled: profile_tasks timeout: 120 + playbooks: + create: ../../../../../tests/cloud_playbooks/create-packet.yml verifier: name: testinfra From e4905f1d1d394267e662c242f2e3ac503af26366 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 10 Mar 2025 16:54:30 +0100 Subject: [PATCH 06/12] CI: convert molecule jobs to kubevirt --- .gitlab-ci/molecule.yml | 28 ++++------------------------ 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/.gitlab-ci/molecule.yml b/.gitlab-ci/molecule.yml index b37cd03ba..119c2ba22 100644 --- a/.gitlab-ci/molecule.yml +++ b/.gitlab-ci/molecule.yml @@ -1,29 +1,15 @@ --- .molecule: - tags: [ffci-vm-med] + tags: [ffci] only: [/^pr-.*$/] except: ['triggers'] - image: quay.io/kubespray/vm-kubespray-ci:v13 - services: [] stage: deploy-part1 - needs: [] + image: $PIPELINE_IMAGE + needs: + - pipeline-image # - ci-not-authorized - variables: - VAGRANT_DEFAULT_PROVIDER: "libvirt" - VAGRANT_HOME: "$CI_PROJECT_DIR/.vagrant.d" - PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip" before_script: - - mkdir -p $VAGRANT_HOME - - groups - - python3 -m venv citest - - source citest/bin/activate - - vagrant plugin expunge --reinstall --force --no-tty - - vagrant plugin install vagrant-libvirt - - pip install --no-compile --no-cache-dir pip -U - - pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/requirements.txt - - pip install --no-compile --no-cache-dir -r $CI_PROJECT_DIR/tests/requirements.txt - ./tests/scripts/rebase.sh - - ./tests/scripts/vagrant_clean.sh script: - ./tests/scripts/molecule_run.sh after_script: @@ -32,12 +18,6 @@ when: always paths: - molecule_logs/ - cache: - key: $CI_JOB_NAME_SLUG - paths: - - .vagrant.d/boxes - - .cache/pip - policy: pull-push # TODO: change to "pull" when not on main # CI template for periodic CI jobs # Enabled when PERIODIC_CI_ENABLED var is set From 611f645907caab0a4dfeff1d6251bee6be4e758e Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 10 Mar 2025 22:05:34 +0100 Subject: [PATCH 07/12] CI: Generate ssh key pair on the fly There is litte reason to share an ssh key common to all CI jobs, so generate one for each on the fly. Also use plain-text cloud-init config instead of base64 for readability --- .gitlab-ci.yml | 3 ++- tests/Makefile | 7 +---- .../roles/packet-ci/defaults/main.yml | 26 ------------------- .../roles/packet-ci/tasks/main.yml | 7 +++++ .../roles/packet-ci/templates/vm.yml.j2 | 10 ++++++- tests/scripts/testcases_run.sh | 1 - 6 files changed, 19 insertions(+), 35 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 54717e8a4..cf4c017b8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -14,10 +14,11 @@ variables: GS_ACCESS_KEY_ID: $GS_KEY GS_SECRET_ACCESS_KEY: $GS_SECRET CONTAINER_ENGINE: docker - SSH_USER: root GCE_PREEMPTIBLE: "false" ANSIBLE_KEEP_REMOTE_FILES: "1" ANSIBLE_CONFIG: ./tests/ansible.cfg + ANSIBLE_REMOTE_USER: kubespray + ANSIBLE_PRIVATE_KEY_FILE: /tmp/id_rsa ANSIBLE_INVENTORY: /tmp/inventory RESET_CHECK: "false" REMOVE_NODE_CHECK: "false" diff --git a/tests/Makefile b/tests/Makefile index 70ad9a0f6..db66e340c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -1,8 +1,3 @@ -init-packet: - mkdir -p $(HOME)/.ssh - echo $(PACKET_VM_SSH_PRIVATE_KEY) | base64 -d > $(HOME)/.ssh/id_rsa - chmod 400 $(HOME)/.ssh/id_rsa - create-tf: ./scripts/create-tf.sh @@ -12,7 +7,7 @@ delete-tf: $(ANSIBLE_INVENTORY): mkdir $@ -create-packet: init-packet | $(ANSIBLE_INVENTORY) +create-packet: | $(ANSIBLE_INVENTORY) ansible-playbook cloud_playbooks/create-packet.yml -c local \ -e @"files/${CI_JOB_NAME}.yml" diff --git a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml index 3f5bbec0b..f01384822 100644 --- a/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/defaults/main.yml @@ -16,29 +16,3 @@ mode: all-in-one node_groups: - 'all' cluster_layout: "{{ molecule_yml.platforms | d(scenarios[mode]) }}" - -# Cloud init config for each os type -# distro: fedora -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU= -# distro: rhel: -> I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo= -# distro: rhel (+ sudo and hostname packages): -> I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo= -# generic one -> I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1 -cloud_init: - centos-8: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - almalinux-8: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - almalinux-9: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - rockylinux-8: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - rockylinux-9: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - debian-11: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1" - debian-12: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1" - fedora-37: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU=" - fedora-38: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU=" - fedora-39: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU=" - fedora-40: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IGZlZG9yYQp1c2VyczoKIC0gbmFtZToga3ViZXNwcmF5CiAgIGdyb3Vwczogd2hlZWwKICAgc3VkbzogJ0FMTD0oQUxMKSBOT1BBU1NXRDpBTEwnCiAgIHNoZWxsOiAvYmluL2Jhc2gKICAgbG9ja19wYXNzd2Q6IEZhbHNlCiAgIGhvbWU6IC9ob21lL2t1YmVzcHJheQogICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgIC0gc3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDYW5UaS9lS3gwK3RIWUpBZURocStzRlMyT2JVUDEvSTY5ZjdpVjNVdGtLbFQyMEpmVzFmNkZlWHQvMDRWZjI3V1FxK05xczZ2R0JxRDlRWFNZdWYrdDAvczdFUExqVGVpOW1lMW1wcXIrdVRlK0tEdFRQMzlwZkQzL2VWQ2FlQjcyNkdQMkZrYUQwRnpwbUViNjZPM05xaHhPUTk2R3gvOVhUdXcvSzNsbGo0T1ZENkdyalIzQjdjNFh0RUJzWmNacHBNSi9vSDFtR3lHWGRoMzFtV1FTcUFSTy9QOFU4R3d0MCtIR3BVd2gvaGR5M3QrU1lvVEIyR3dWYjB6b3lWd3RWdmZEUXpzbThmcTNhdjRLdmV6OGtZdU5ESnYwNXg0bHZVWmdSMTVaRFJYc0FuZGhReXFvWGRDTEFlMCtlYUtYcTlCa1d4S0ZiOWhQZTBBVWpqYTU=" - opensuse-leap-15: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1" - rhel-server-7: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - amazon-linux-2: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - ubuntu-2004: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1" - ubuntu-2204: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1" - ubuntu-2404: "I2Nsb3VkLWNvbmZpZwogdXNlcnM6CiAgLSBuYW1lOiBrdWJlc3ByYXkKICAgIHN1ZG86IEFMTD0oQUxMKSBOT1BBU1NXRDpBTEwKICAgIHNoZWxsOiAvYmluL2Jhc2gKICAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICAgaG9tZTogL2hvbWUva3ViZXNwcmF5CiAgICBzc2hfYXV0aG9yaXplZF9rZXlzOgogICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1" - oracle-7: "I2Nsb3VkLWNvbmZpZwpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" - openeuler-2403: "I2Nsb3VkLWNvbmZpZwpwYWNrYWdlczoKIC0gc3VkbwogLSBob3N0bmFtZQpzeXN0ZW1faW5mbzoKICBkaXN0cm86IHJoZWwKdXNlcnM6CiAtIG5hbWU6IGt1YmVzcHJheQogICBncm91cHM6IHdoZWVsCiAgIHN1ZG86ICdBTEw9KEFMTCkgTk9QQVNTV0Q6QUxMJwogICBzaGVsbDogL2Jpbi9iYXNoCiAgIGxvY2tfcGFzc3dkOiBGYWxzZQogICBob21lOiAvaG9tZS9rdWJlc3ByYXkKICAgc3NoX2F1dGhvcml6ZWRfa2V5czoKICAgICAtIHNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ2FuVGkvZUt4MCt0SFlKQWVEaHErc0ZTMk9iVVAxL0k2OWY3aVYzVXRrS2xUMjBKZlcxZjZGZVh0LzA0VmYyN1dRcStOcXM2dkdCcUQ5UVhTWXVmK3QwL3M3RVBMalRlaTltZTFtcHFyK3VUZStLRHRUUDM5cGZEMy9lVkNhZUI3MjZHUDJGa2FEMEZ6cG1FYjY2TzNOcWh4T1E5Nkd4LzlYVHV3L0szbGxqNE9WRDZHcmpSM0I3YzRYdEVCc1pjWnBwTUovb0gxbUd5R1hkaDMxbVdRU3FBUk8vUDhVOEd3dDArSEdwVXdoL2hkeTN0K1NZb1RCMkd3VmIwem95Vnd0VnZmRFF6c204ZnEzYXY0S3ZlejhrWXVOREp2MDV4NGx2VVpnUjE1WkRSWHNBbmRoUXlxb1hkQ0xBZTArZWFLWHE5QmtXeEtGYjloUGUwQVVqamE1Cgo=" diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml index 925434c07..56ed0a414 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml @@ -3,6 +3,13 @@ include_vars: "../files/{{ ci_job_name }}.yml" when: molecule_yml is not defined +- name: Generate SSH keypair + community.crypto.openssh_keypair: + size: 2048 + path: "{{ lookup('env', 'ANSIBLE_PRIVATE_KEY_FILE') }}" + mode: '400' + register: ssh_key + - name: Start vms for CI job kubernetes.core.k8s: definition: "{{ lookup('template', 'vm.yml.j2', template_vars=item) }}" diff --git a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 index f5c3d3bd6..7819b9e1e 100644 --- a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 +++ b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 @@ -56,4 +56,12 @@ spec: image: quay.io/kubespray/vm-{{ cloud_image }} - name: cloudinitvolume cloudInitNoCloud: - userDataBase64: {{ cloud_init[cloud_image] }} + userData: | + #cloud-config + users: + - name: {{ lookup('env', 'ANSIBLE_REMOTE_USER') }} + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + lock_passwd: False + ssh_authorized_keys: + - {{ ssh_key.public_key }} diff --git a/tests/scripts/testcases_run.sh b/tests/scripts/testcases_run.sh index 387641d6d..f3d868117 100755 --- a/tests/scripts/testcases_run.sh +++ b/tests/scripts/testcases_run.sh @@ -23,7 +23,6 @@ if [ "${UPGRADE_TEST}" != "false" ]; then git checkout "${CI_COMMIT_SHA}" -- tests/ fi -export ANSIBLE_REMOTE_USER=$SSH_USER export ANSIBLE_BECOME=true export ANSIBLE_BECOME_USER=root From ac4c41e4e6f9889050fd48b13d01fc3bb921de19 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Mon, 10 Mar 2025 22:09:02 +0100 Subject: [PATCH 08/12] CI: use OS name in VMs Allows an easier log reading on multi-OS test runs (such as molecule tests) --- tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 index 7819b9e1e..bbe67f26d 100644 --- a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 +++ b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 @@ -2,7 +2,7 @@ apiVersion: kubevirt.io/v1 kind: VirtualMachineInstance metadata: - generateName: test-vm- + generateName: {{ cloud_image }}- namespace: {{ pod_namespace }} annotations: kubespray.com/ci.template-path: "tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2" From f70c33d71a61418706adf754e58898e0fe256e09 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Tue, 11 Mar 2025 11:45:55 +0100 Subject: [PATCH 09/12] CI: convert molecule provisioning to kubevirt Includes some change of OS version when the vagrant boxes were old ones (Debian 10) --- roles/adduser/molecule/default/molecule.yml | 16 +++---- .../molecule/default/molecule.yml | 16 +++---- .../molecule/default/molecule.yml | 40 ++++++---------- .../cri-dockerd/molecule/default/molecule.yml | 28 ++++------- .../cri-o/molecule/default/molecule.yml | 48 ++++++++----------- 5 files changed, 56 insertions(+), 92 deletions(-) diff --git a/roles/adduser/molecule/default/molecule.yml b/roles/adduser/molecule/default/molecule.yml index 0fb4997df..eba7f2a42 100644 --- a/roles/adduser/molecule/default/molecule.yml +++ b/roles/adduser/molecule/default/molecule.yml @@ -2,22 +2,18 @@ role_name_check: 1 dependency: name: galaxy -driver: - name: vagrant - provider: - name: libvirt platforms: - - name: adduser-01 - box: generic/ubuntu2004 - cpus: 1 - memory: 512 - provider_options: - driver: kvm + - name: ubuntu20 + cloud_image: ubuntu-2004 + vm_cpu_cores: 1 + vm_memory: 512 provisioner: name: ansible config_options: defaults: callbacks_enabled: profile_tasks timeout: 120 + playbooks: + create: ../../../../tests/cloud_playbooks/create-packet.yml verifier: name: testinfra diff --git a/roles/bastion-ssh-config/molecule/default/molecule.yml b/roles/bastion-ssh-config/molecule/default/molecule.yml index 11cf91ce5..68626edce 100644 --- a/roles/bastion-ssh-config/molecule/default/molecule.yml +++ b/roles/bastion-ssh-config/molecule/default/molecule.yml @@ -2,17 +2,11 @@ role_name_check: 1 dependency: name: galaxy -driver: - name: vagrant - provider: - name: libvirt platforms: - - name: bastion-01 - box: generic/ubuntu2004 - cpus: 1 - memory: 512 - provider_options: - driver: kvm + - name: ubuntu20 + cloud_image: ubuntu-2004 + vm_cpu_cores: 1 + vm_memory: 512 provisioner: name: ansible config_options: @@ -27,5 +21,7 @@ provisioner: bastion: hosts: bastion-01: + playbooks: + create: ../../../../tests/cloud_playbooks/create-packet.yml verifier: name: testinfra diff --git a/roles/bootstrap-os/molecule/default/molecule.yml b/roles/bootstrap-os/molecule/default/molecule.yml index ba5d6e602..dff5d1e83 100644 --- a/roles/bootstrap-os/molecule/default/molecule.yml +++ b/roles/bootstrap-os/molecule/default/molecule.yml @@ -2,35 +2,23 @@ role_name_check: 1 dependency: name: galaxy -driver: - name: vagrant - provider: - name: libvirt platforms: - name: ubuntu20 - box: generic/ubuntu2004 - cpus: 1 - memory: 512 - provider_options: - driver: kvm + cloud_image: ubuntu-2004 + vm_cpu_cores: 1 + vm_memory: 512 - name: ubuntu22 - box: generic/ubuntu2204 - cpus: 1 - memory: 1024 - provider_options: - driver: kvm + cloud_image: ubuntu-2204 + vm_cpu_cores: 1 + vm_memory: 512 - name: almalinux9 - box: almalinux/9 - cpus: 1 - memory: 512 - provider_options: - driver: kvm - - name: debian10 - box: generic/debian10 - cpus: 1 - memory: 512 - provider_options: - driver: kvm + cloud_image: almalinux-9 + vm_cpu_cores: 1 + vm_memory: 512 + - name: debian12 + cloud_image: debian-12 + vm_cpu_cores: 1 + vm_memory: 512 provisioner: name: ansible config_options: @@ -43,5 +31,7 @@ provisioner: user: name: foo comment: My test comment + playbooks: + create: ../../../../tests/cloud_playbooks/create-packet.yml verifier: name: testinfra diff --git a/roles/container-engine/cri-dockerd/molecule/default/molecule.yml b/roles/container-engine/cri-dockerd/molecule/default/molecule.yml index b526c64c0..21c4c0595 100644 --- a/roles/container-engine/cri-dockerd/molecule/default/molecule.yml +++ b/roles/container-engine/cri-dockerd/molecule/default/molecule.yml @@ -1,28 +1,18 @@ --- role_name_check: 1 -driver: - name: vagrant - provider: - name: libvirt platforms: - name: almalinux9 - box: almalinux/9 - cpus: 1 - memory: 1024 - nested: true - groups: + cloud_image: almalinux-9 + vm_cpu_cores: 1 + vm_memory: 1024 + node_groups: - kube_control_plane - provider_options: - driver: kvm - name: ubuntu20 - box: generic/ubuntu2004 - cpus: 1 - memory: 1024 - nested: true - groups: + cloud_image: ubuntu-2004 + vm_cpu_cores: 1 + vm_memory: 1024 + node_groups: - kube_control_plane - provider_options: - driver: kvm provisioner: name: ansible env: @@ -35,5 +25,7 @@ provisioner: group_vars: all: become: true + playbooks: + create: ../../../../../tests/cloud_playbooks/create-packet.yml verifier: name: testinfra diff --git a/roles/container-engine/cri-o/molecule/default/molecule.yml b/roles/container-engine/cri-o/molecule/default/molecule.yml index f19bd123b..449d5807a 100644 --- a/roles/container-engine/cri-o/molecule/default/molecule.yml +++ b/roles/container-engine/cri-o/molecule/default/molecule.yml @@ -1,50 +1,38 @@ --- role_name_check: 1 -driver: - name: vagrant - provider: - name: libvirt platforms: - name: ubuntu20 - box: generic/ubuntu2004 - cpus: 2 - memory: 1024 - groups: + cloud_image: ubuntu-2004 + vm_cpu_cores: 2 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm - name: almalinux9 - box: almalinux/9 - cpus: 2 - memory: 1024 - groups: + cloud_image: almalinux-9 + vm_cpu_cores: 2 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm - name: fedora - box: fedora/38-cloud-base - cpus: 2 - memory: 2048 - groups: + cloud_image: fedora-39 + vm_cpu_cores: 2 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm - - name: debian10 - box: generic/debian10 - cpus: 2 - memory: 1024 - groups: + - name: debian12 + cloud_image: debian-12 + vm_cpu_cores: 2 + vm_memory: 1024 + node_groups: - kube_control_plane - kube_node - k8s_cluster - provider_options: - driver: kvm provisioner: name: ansible env: @@ -53,5 +41,7 @@ provisioner: defaults: callbacks_enabled: profile_tasks timeout: 120 + playbooks: + create: ../../../../../tests/cloud_playbooks/create-packet.yml verifier: name: testinfra From 315313dd10cc234ce20562372000b5d18e2e5461 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Tue, 11 Mar 2025 11:47:17 +0100 Subject: [PATCH 10/12] CI: convert molecule jobs to parallel:matrix With the new provisionning using kubevirt this should be faster. --- .gitlab-ci/molecule.yml | 85 +++++++------------ .../roles/packet-ci/tasks/main.yml | 2 +- .../roles/packet-ci/templates/vm.yml.j2 | 2 +- .../roles/packet-ci/vars/main.yml | 1 - 4 files changed, 31 insertions(+), 59 deletions(-) diff --git a/.gitlab-ci/molecule.yml b/.gitlab-ci/molecule.yml index 119c2ba22..2dd93af00 100644 --- a/.gitlab-ci/molecule.yml +++ b/.gitlab-ci/molecule.yml @@ -19,65 +19,38 @@ paths: - molecule_logs/ +molecule: + extends: .molecule + script: + - ./tests/scripts/molecule_run.sh -i $ROLE + parallel: + matrix: + - ROLE: + - container-engine/cri-dockerd + - container-engine/containerd + - container-engine/cri-o + - adduser + - bastion-ssh-config + - bootstrap-os + # CI template for periodic CI jobs # Enabled when PERIODIC_CI_ENABLED var is set -.molecule_periodic: +molecule_full: only: variables: - $PERIODIC_CI_ENABLED allow_failure: true - extends: .molecule - -molecule_full: - extends: .molecule_periodic - -molecule_no_container_engines: - extends: .molecule - script: - - ./tests/scripts/molecule_run.sh -e container-engine - when: on_success - -molecule_docker: - extends: .molecule - script: - - ./tests/scripts/molecule_run.sh -i container-engine/cri-dockerd - when: on_success - -molecule_containerd: - extends: .molecule - script: - - ./tests/scripts/molecule_run.sh -i container-engine/containerd - when: on_success - -molecule_cri-o: - extends: .molecule - stage: deploy-part1 - script: - - ./tests/scripts/molecule_run.sh -i container-engine/cri-o - allow_failure: true - when: on_success - -# # Stage 3 container engines don't get as much attention so allow them to fail -# molecule_kata: -# extends: .molecule -# stage: deploy-extended -# script: -# - ./tests/scripts/molecule_run.sh -i container-engine/kata-containers -# when: manual -# # FIXME: this test is broken (perma-failing) - -molecule_gvisor: - extends: .molecule - stage: deploy-extended - script: - - ./tests/scripts/molecule_run.sh -i container-engine/gvisor - when: manual -# FIXME: this test is broken (perma-failing) - -molecule_youki: - extends: .molecule - stage: deploy-extended - script: - - ./tests/scripts/molecule_run.sh -i container-engine/youki - when: manual -# FIXME: this test is broken (perma-failing) + extends: molecule + parallel: + matrix: + - ROLE: + - container-engine/cri-dockerd + - container-engine/containerd + - container-engine/cri-o + - adduser + - bastion-ssh-config + - bootstrap-os + # FIXME : tests below are perma-failing + - container-engine/kata-containers + - container-engine/gvisor + - container-engine/youki diff --git a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml index 56ed0a414..5f620e7d5 100644 --- a/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/tasks/main.yml @@ -1,6 +1,6 @@ --- - name: Include custom vars for ci job - include_vars: "../files/{{ ci_job_name }}.yml" + include_vars: "../files/{{ lookup('ansible.builtin.env', 'CI_JOB_NAME') }}.yml" when: molecule_yml is not defined - name: Generate SSH keypair diff --git a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 index bbe67f26d..db80155fd 100644 --- a/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 +++ b/tests/cloud_playbooks/roles/packet-ci/templates/vm.yml.j2 @@ -13,7 +13,7 @@ metadata: kubevirt.io/os: {{ cloud_image }} kubevirt.io/size: small ci_job_id: "{{ ci_job_id }}" - ci_job_name: "{{ ci_job_name }}" + ci_job_name: "{{ lookup('ansible.builtin.env', 'CI_JOB_NAME_SLUG') }}" # leverage the Kubernetes GC for resources cleanup ownerReferences: - apiVersion: v1 diff --git a/tests/cloud_playbooks/roles/packet-ci/vars/main.yml b/tests/cloud_playbooks/roles/packet-ci/vars/main.yml index 6a34bb1a8..e8bac22e9 100644 --- a/tests/cloud_playbooks/roles/packet-ci/vars/main.yml +++ b/tests/cloud_playbooks/roles/packet-ci/vars/main.yml @@ -31,7 +31,6 @@ scenarios: # Get pod metadata / CI vars from environment ci_job_id: "{{ lookup('ansible.builtin.env', 'CI_JOB_ID', default=undefined) }}" -ci_job_name: "{{ lookup('ansible.builtin.env', 'CI_JOB_NAME', default=undefined) }}" pod_name: "{{ lookup('ansible.builtin.env', 'POD_NAME', default=undefined) }}" pod_uid: "{{ lookup('ansible.builtin.env', 'POD_UID', default=undefined) }}" pod_namespace: "{{ lookup('ansible.builtin.env', 'POD_NAMESPACE', default=undefined) }}" From 71ae3c78e2826b6eb45e9d0d2ad16476c5e8412b Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Tue, 11 Mar 2025 14:12:55 +0100 Subject: [PATCH 11/12] CI: ensure kubevirt VMs are available as part of provisionning Allow to use the provisionning playbook from multiples users without duplicating the ssh check. --- tests/cloud_playbooks/create-packet.yml | 13 +++++++++++++ tests/cloud_playbooks/wait-for-ssh.yml | 13 ------------- tests/scripts/testcases_run.sh | 2 -- 3 files changed, 13 insertions(+), 15 deletions(-) delete mode 100644 tests/cloud_playbooks/wait-for-ssh.yml diff --git a/tests/cloud_playbooks/create-packet.yml b/tests/cloud_playbooks/create-packet.yml index bca137a0d..e373cbda2 100644 --- a/tests/cloud_playbooks/create-packet.yml +++ b/tests/cloud_playbooks/create-packet.yml @@ -9,3 +9,16 @@ name: packet-ci - name: Update inventory for Molecule meta: refresh_inventory + +- name: Wait until SSH is available + hosts: all + become: false + gather_facts: false + + tasks: + - name: Wait until SSH is available + wait_for: + host: "{{ ansible_host }}" + port: 22 + timeout: 240 + delegate_to: localhost diff --git a/tests/cloud_playbooks/wait-for-ssh.yml b/tests/cloud_playbooks/wait-for-ssh.yml deleted file mode 100644 index 54b268273..000000000 --- a/tests/cloud_playbooks/wait-for-ssh.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- name: Wait until SSH is available - hosts: all - become: false - gather_facts: false - - tasks: - - name: Wait until SSH is available - wait_for: - host: "{{ ansible_host }}" - port: 22 - timeout: 240 - delegate_to: localhost diff --git a/tests/scripts/testcases_run.sh b/tests/scripts/testcases_run.sh index f3d868117..1d97bbf4c 100755 --- a/tests/scripts/testcases_run.sh +++ b/tests/scripts/testcases_run.sh @@ -63,8 +63,6 @@ EOF fi -ansible-playbook tests/cloud_playbooks/wait-for-ssh.yml - run_playbook () { playbook=$1 shift From 0efb415ec6a44501a7b26030a9b0a4a0a1a09361 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Wed, 12 Mar 2025 16:08:59 +0100 Subject: [PATCH 12/12] CI: molecule fixes - use become: true when running bootstrap-os in molecule - match host name in bastion-ssh-config to not confuse the provisionner --- roles/bastion-ssh-config/molecule/default/molecule.yml | 2 +- roles/bootstrap-os/molecule/default/converge.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/bastion-ssh-config/molecule/default/molecule.yml b/roles/bastion-ssh-config/molecule/default/molecule.yml index 68626edce..4c8485313 100644 --- a/roles/bastion-ssh-config/molecule/default/molecule.yml +++ b/roles/bastion-ssh-config/molecule/default/molecule.yml @@ -3,7 +3,7 @@ role_name_check: 1 dependency: name: galaxy platforms: - - name: ubuntu20 + - name: bastion-01 cloud_image: ubuntu-2004 vm_cpu_cores: 1 vm_memory: 512 diff --git a/roles/bootstrap-os/molecule/default/converge.yml b/roles/bootstrap-os/molecule/default/converge.yml index 89a832559..0463f64db 100644 --- a/roles/bootstrap-os/molecule/default/converge.yml +++ b/roles/bootstrap-os/molecule/default/converge.yml @@ -2,5 +2,6 @@ - name: Converge hosts: all gather_facts: false + become: true roles: - role: bootstrap-os