|
|
|
---
|
|
|
|
name: CI
|
|
|
|
'on':
|
|
|
|
pull_request:
|
|
|
|
push:
|
|
|
|
branches:
|
|
|
|
- master
|
|
|
|
schedule:
|
|
|
|
- cron: "0 6 * * 3"
|
|
|
|
|
|
|
|
defaults:
|
|
|
|
run:
|
|
|
|
working-directory: 'geerlingguy.nginx'
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
|
|
|
lint:
|
|
|
|
name: Lint
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Check out the codebase.
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
with:
|
|
|
|
path: 'geerlingguy.nginx'
|
|
|
|
|
|
|
|
- name: Set up Python 3.
|
|
|
|
uses: actions/setup-python@v2
|
|
|
|
with:
|
|
|
|
python-version: '3.x'
|
|
|
|
|
|
|
|
- name: Install test dependencies.
|
|
|
|
run: pip3 install yamllint ansible-lint
|
|
|
|
|
|
|
|
- name: Lint code.
|
|
|
|
run: |
|
|
|
|
yamllint .
|
|
|
|
ansible-lint
|
|
|
|
|
|
|
|
molecule:
|
|
|
|
name: Molecule
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
|
|
matrix:
|
|
|
|
include:
|
|
|
|
- name: Centos 7
|
|
|
|
distro: quay.io/jseguillon/kubevirt-images:centos-7-x86_64-genericcloud-2009
|
|
|
|
# - ubuntu2004
|
|
|
|
# - ubuntu1804
|
|
|
|
# - debian10
|
|
|
|
|
|
|
|
env:
|
|
|
|
KUBERNETES_VERSION: v1.20.0
|
|
|
|
PYTHON_BASE_IMAGE: python:3.9
|
|
|
|
|
|
|
|
steps:
|
|
|
|
- name: Check out the codebase.
|
|
|
|
uses: actions/checkout@v2
|
|
|
|
with:
|
|
|
|
path: 'geerlingguy.nginx'
|
|
|
|
|
|
|
|
- name: Update packages index
|
|
|
|
run: |
|
|
|
|
sudo apt-get update
|
|
|
|
|
|
|
|
- name: Install docker
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
. /etc/os-release
|
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
|
|
|
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
|
|
|
sudo apt-get update
|
|
|
|
sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
|
|
|
|
|
|
|
|
- name: Install kubectl
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl; chmod +x ./kubectl
|
|
|
|
sudo install kubectl /usr/local/bin
|
|
|
|
|
|
|
|
- name: Install kind
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.9.0/kind-$(uname)-amd64" && chmod +x ./kind
|
|
|
|
sudo install kind /usr/local/bin
|
|
|
|
|
|
|
|
- name: Create single node Cluster
|
|
|
|
run: |
|
|
|
|
cat <<EOF | sudo kind create cluster -v7 --wait 1m --retain --config=-
|
|
|
|
kind: Cluster
|
|
|
|
apiVersion: kind.x-k8s.io/v1alpha4
|
|
|
|
networking:
|
|
|
|
ipFamily: ipv4
|
|
|
|
EOF
|
|
|
|
|
|
|
|
- name: Wait and get Cluster status
|
|
|
|
run: |
|
|
|
|
# wait network is ready
|
|
|
|
sudo kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns
|
|
|
|
sudo kubectl get nodes -o wide
|
|
|
|
sudo kubectl get pods -A
|
|
|
|
|
|
|
|
- name: Install kubevirt packages requirements
|
|
|
|
run: |
|
|
|
|
sudo apt install -y qemu qemu-kvm libvirt-daemon libvirt-clients bridge-utils virt-manager libvirt-daemon-system
|
|
|
|
sudo systemctl restart libvirtd
|
|
|
|
|
|
|
|
- name: Tweak ubuntu apparmor for Kubevirt
|
|
|
|
run: |
|
|
|
|
# See : https://github.com/kubevirt/kubevirt/issues/4303
|
|
|
|
# Add one magic line and reload service
|
|
|
|
tweak_qemu_apprarmor="$(head -n -1 /etc/apparmor.d/usr.sbin.libvirtd; echo " /usr/libexec/qemu-kvm rmix,"; tail -1 /etc/apparmor.d/usr.sbin.libvirtd)"
|
|
|
|
echo "$tweak_qemu_apprarmor" | sudo dd of=/etc/apparmor.d/usr.sbin.libvirtd
|
|
|
|
sudo systemctl reload apparmor.service
|
|
|
|
|
|
|
|
- name: Install kubevirt
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
sudo kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/kubevirt-operator.yaml
|
|
|
|
sudo kubectl create configmap kubevirt-config -n kubevirt --from-literal debug.useEmulation=true
|
|
|
|
sudo kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/kubevirt-cr.yaml
|
|
|
|
|
|
|
|
- name: Install virtcl
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
export ARCH=linux-amd64
|
|
|
|
curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/virtctl-v0.36.0-linux-amd64
|
|
|
|
chmod +x virtctl
|
|
|
|
sudo install virtctl /usr/local/bin
|
|
|
|
|
|
|
|
- name: Build molecule test container
|
|
|
|
run: |
|
|
|
|
#FIXME neeed copy geerlingu in home
|
|
|
|
cat <<EOF > Dockerfile
|
|
|
|
ARG PYTHON_BASE_IMAGE
|
|
|
|
|
|
|
|
FROM \${PYTHON_BASE_IMAGE}
|
|
|
|
ARG KUBERNETES_VERSION
|
|
|
|
|
|
|
|
RUN python3 -m pip install ansible molecule molecule-kubevirt && \
|
|
|
|
ansible-galaxy collection install community.crypto && \
|
|
|
|
ansible-galaxy collection install git+https://github.com/ansible-collections/community.kubernetes.git
|
|
|
|
|
|
|
|
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/\${KUBERNETES_VERSION}/bin/linux/amd64/kubectl && \
|
|
|
|
chmod +x kubectl && mv kubectl /usr/bin
|
|
|
|
|
|
|
|
COPY molecule /molecule
|
|
|
|
COPY . /molecule/default/roles/geerlingguy.nginx
|
|
|
|
EOF
|
|
|
|
|
|
|
|
docker build --build-arg PYTHON_BASE_IMAGE="${PYTHON_BASE_IMAGE}" --build-arg KUBERNETES_VERSION="${KUBERNETES_VERSION}" . -t molecule_kubevirt_runner:latest
|
|
|
|
# TODO : kind load is slow : set a private registry, as described here https://kind.sigs.k8s.io/docs/user/local-registry/
|
|
|
|
sudo kind load docker-image molecule_kubevirt_runner:latest
|
|
|
|
|
|
|
|
- name: Push molecule test image to Kind
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
sudo kind load docker-image molecule_kubevirt_runner:latest
|
|
|
|
|
|
|
|
- name: Install kail
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 5
|
|
|
|
max_attempts: 3
|
|
|
|
command: |
|
|
|
|
curl -SL https://github.com/boz/kail/releases/download/v0.15.0/kail_0.15.0_linux_amd64.tar.gz -o kail.tar.gz
|
|
|
|
tar xf kail.tar.gz
|
|
|
|
sudo install kail /usr/local/bin
|
|
|
|
|
|
|
|
- name: Wait and get kubevirt status
|
|
|
|
run: |
|
|
|
|
# wait network is ready
|
|
|
|
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-operator
|
|
|
|
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-api || true
|
|
|
|
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-controller || true
|
|
|
|
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-handler || true
|
|
|
|
sudo kubectl get nodes -o wide
|
|
|
|
sudo kubectl get pods -A
|
|
|
|
|
|
|
|
- name: Prepare Job
|
|
|
|
run: |
|
|
|
|
# Service Account for Job
|
|
|
|
cat <<EOF | sudo kubectl apply -f -
|
|
|
|
---
|
|
|
|
apiVersion: v1
|
|
|
|
kind: ServiceAccount
|
|
|
|
metadata:
|
|
|
|
name: molecule-kubevirt
|
|
|
|
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
metadata:
|
|
|
|
name: molecule-kubevirt
|
|
|
|
roleRef:
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
kind: ClusterRole
|
|
|
|
name: kubevirt.io:edit
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: molecule-kubevirt
|
|
|
|
namespace: default
|
|
|
|
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
metadata:
|
|
|
|
name: molecule-cdi
|
|
|
|
roleRef:
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
kind: ClusterRole
|
|
|
|
name: cdi.kubevirt.io:edit
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: molecule-kubevirt
|
|
|
|
namespace: default
|
|
|
|
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: ClusterRole
|
|
|
|
metadata:
|
|
|
|
name: molecule-kubevirt-sec
|
|
|
|
rules:
|
|
|
|
- apiGroups:
|
|
|
|
- ""
|
|
|
|
resources:
|
|
|
|
- secrets
|
|
|
|
- services
|
|
|
|
- persistentvolumeclaims
|
|
|
|
- pods
|
|
|
|
- pods/log
|
|
|
|
- events
|
|
|
|
- configmaps
|
|
|
|
verbs: ["*"]
|
|
|
|
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: ClusterRoleBinding
|
|
|
|
metadata:
|
|
|
|
name: molecule-kubevirt-sec
|
|
|
|
roleRef:
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|
|
|
|
kind: ClusterRole
|
|
|
|
name: molecule-kubevirt-sec
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: molecule-kubevirt
|
|
|
|
namespace: default
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo "Service account created"
|
|
|
|
|
|
|
|
- name: Launch background log scripts
|
|
|
|
run: |
|
|
|
|
# Kail monitors any logs from default namespace
|
|
|
|
sudo kail -n default 2>&1 > /tmp/kail.log || true &
|
|
|
|
# Infinite script waits for new VMs up and fetch logs from console
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
until sudo kubectl wait --for=condition=Ready pod -l kubevirt.io=virt-launcher --namespace default;
|
|
|
|
do echo "Still Waiting Pod to start..."; sleep 5;
|
|
|
|
done
|
|
|
|
|
|
|
|
LOGFILE="virtcl-console-$(date '+%Y-%m-%d-%H-%M-%S').log"
|
|
|
|
echo "Starting virtctl console" >> /tmp/${LOGFILE}
|
|
|
|
sudo script -e -c "virtctl console instance" >> /tmp/${LOGFILE}
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
# Event router reports any event as log, a great help for troubleshooting since Kind exports all running Pods logs
|
|
|
|
sudo kubectl create -f https://raw.githubusercontent.com/heptiolabs/eventrouter/master/yaml/eventrouter.yaml
|
|
|
|
|
|
|
|
- name: Launch test
|
|
|
|
uses: nick-invision/retry@v2
|
|
|
|
with:
|
|
|
|
timeout_minutes: 25
|
|
|
|
max_attempts: 3
|
|
|
|
on_retry_command: |
|
|
|
|
sudo kubectl delete pods --all || true
|
|
|
|
sudo kubectl delete configmaps --all || true
|
|
|
|
sudo kubectl delete job --all || true
|
|
|
|
command: |
|
|
|
|
# Configmap will be waitinig untill it is deleted, telling one Pod ended the Job
|
|
|
|
sudo kubectl create configmap molecule-job-running --from-literal status=Started
|
|
|
|
# Create Job
|
|
|
|
cat <<EOF | sudo kubectl apply -f -
|
|
|
|
---
|
|
|
|
apiVersion: batch/v1
|
|
|
|
kind: Job
|
|
|
|
metadata:
|
|
|
|
name: molecule
|
|
|
|
spec:
|
|
|
|
template:
|
|
|
|
spec:
|
|
|
|
serviceAccountName: molecule-kubevirt
|
|
|
|
containers:
|
|
|
|
- name: molecule
|
|
|
|
image: molecule_kubevirt_runner
|
|
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
command: [ "/bin/bash", "-c", "--" ]
|
|
|
|
args: ["(molecule test; kubectl create configmap molecule-result --from-literal exitCode=\$?); kubectl delete configmap molecule-job-running"]
|
|
|
|
env:
|
|
|
|
- name: PY_COLORS
|
|
|
|
value: '1'
|
|
|
|
- name: ANSIBLE_FORCE_COLOR
|
|
|
|
value: '1'
|
|
|
|
- name: MOLECULE_DISTRO
|
|
|
|
value: ${{ matrix.distro }}
|
|
|
|
restartPolicy: Never
|
|
|
|
backoffLimit: 0
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo "Job launched"
|
|
|
|
|
|
|
|
# Wait for molecule Job Pod to start
|
|
|
|
until (sudo kubectl get pods -l job-name=molecule | grep molecule); do echo "Wait molecule pod to start"; sleep 5; done
|
|
|
|
|
|
|
|
sudo kubectl wait --for=condition=ready pods -l job-name=molecule --namespace default
|
|
|
|
echo "Molecule pod is now running, waiting..."
|
|
|
|
|
|
|
|
# Wait for molecule Job to delete configmap, notifying one Job Pod ran till the end, whatever the result
|
|
|
|
sudo kubectl wait --for delete --timeout=20m configmap/molecule-job-running
|
|
|
|
|
|
|
|
# Get molecule tests results and exit accordingly
|
|
|
|
MOLECULE_RESULT=$(sudo kubectl get configmap molecule-result -o "jsonpath={.data['exitCode']}")
|
|
|
|
if [ ! "${MOLECULE_RESULT}" == "0" ]; then echo "Test non ok : ${MOLECULE_RESULT}"; exit 1; fi
|
|
|
|
|
|
|
|
|
|
|
|
- name: Dump and export logs
|
|
|
|
if: always()
|
|
|
|
run: |
|
|
|
|
mkdir -p ${LOG_DIR} || true
|
|
|
|
echo "** Events"
|
|
|
|
sudo kubectl get events | tee ${LOG_DIR}/events.txt || true
|
|
|
|
echo "** Jobs"
|
|
|
|
sudo kubectl describe jobs | tee ${LOG_DIR}/jobs.txt || true
|
|
|
|
echo "** Configmap"
|
|
|
|
sudo kubectl describe cm | tee ${LOG_DIR}/cm.txt || true
|
|
|
|
echo "** Console log"
|
|
|
|
sudo cat /tmp/virtcl-console*.log || true
|
|
|
|
|
|
|
|
sudo cp /tmp/kail.log ${LOG_DIR} || true
|
|
|
|
sudo cp /tmp/virtcl-console*.log ${LOG_DIR} || true
|
|
|
|
sudo dmesg > ${LOG_DIR}/dmesg.txt || true
|
|
|
|
sudo kind export logs ${LOG_DIR} || true
|
|
|
|
sudo journalctl | cat > ${LOG_DIR}/journalctl.txt || true
|
|
|
|
sudo chown -R $USER:$USER ${LOG_DIR} || true
|
|
|
|
env:
|
|
|
|
LOG_DIR: /tmp/molecule-kubevirt/logs
|
|
|
|
|
|
|
|
- name: Upload logs
|
|
|
|
if: always()
|
|
|
|
uses: actions/upload-artifact@v2
|
|
|
|
with:
|
|
|
|
name: molecule-kubevirt-${{ matrix.name }}-${{ github.run_id }}
|
|
|
|
path: /tmp/molecule-kubevirt/logs
|