From a3a54faa9a42b6dabe45ff2511de13a4c94ccaf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=ABl=20S=C3=A9guillon?= <joel.seguillon@gmail.com>
Date: Thu, 21 Jan 2021 19:57:31 +0100
Subject: [PATCH] 1st attemp for kubevirt molecule

---
 .github/workflows/ci.yml      | 318 ++++++++++++++++++++++++++++++++--
 molecule/default/molecule.yml |  10 +-
 2 files changed, 307 insertions(+), 21 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8ef6e7a..e4c9374 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -42,10 +42,14 @@ jobs:
     strategy:
       matrix:
         distro:
-          - centos8
-          - ubuntu2004
-          - ubuntu1804
-          - debian10
+          - quay.io/jseguillon/kubevirt-images:centos-7-x86_64-genericcloud-2009
+          # - ubuntu2004
+          # - ubuntu1804
+          # - debian10
+
+    env:
+      KUBERNETES_VERSION: v1.20.0
+      PYTHON_BASE_IMAGE: python:3.9
 
     steps:
       - name: Check out the codebase.
@@ -53,17 +57,303 @@ jobs:
         with:
           path: 'geerlingguy.nginx'
 
-      - name: Set up Python 3.
-        uses: actions/setup-python@v2
+      - name: Update packages index
+        run: |
+          sudo apt-get update
+
+      - name: Install docker
+        uses: nick-invision/retry@v2
         with:
-          python-version: '3.x'
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            . /etc/os-release
+            curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+            sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
+            sudo apt-get update
+            sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
 
-      - name: Install test dependencies.
-        run: pip3 install ansible molecule[docker] docker
+      - name: Install kubectl
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl; chmod +x ./kubectl
+            sudo install kubectl /usr/local/bin
+
+      - name: Install kind
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.9.0/kind-$(uname)-amd64" && chmod +x ./kind
+            sudo install kind /usr/local/bin
+
+      - name: Create single node Cluster
+        run: |
+          cat <<EOF | sudo kind create cluster -v7 --wait 1m --retain --config=-
+          kind: Cluster
+          apiVersion: kind.x-k8s.io/v1alpha4
+          networking:
+            ipFamily: ipv4
+          EOF
+
+      - name: Wait and get Cluster status
+        run: |
+          # wait network is ready
+          sudo kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns
+          sudo kubectl get nodes -o wide
+          sudo kubectl get pods -A
+
+      - name: Install kubevirt packages requirements
+        run: |
+          sudo apt install -y qemu qemu-kvm libvirt-daemon libvirt-clients bridge-utils virt-manager libvirt-daemon-system
+          sudo systemctl restart libvirtd
+
+      - name: Tweak ubuntu apparmor for Kubevirt
+        run: |
+          # See : https://github.com/kubevirt/kubevirt/issues/4303
+          # Add one magic line and reload service
+          tweak_qemu_apprarmor="$(head -n -1 /etc/apparmor.d/usr.sbin.libvirtd; echo "  /usr/libexec/qemu-kvm rmix,"; tail -1 /etc/apparmor.d/usr.sbin.libvirtd)"
+          echo "$tweak_qemu_apprarmor" | sudo dd of=/etc/apparmor.d/usr.sbin.libvirtd
+          sudo systemctl reload apparmor.service
+
+      - name: Install kubevirt
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            sudo kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/kubevirt-operator.yaml
+            sudo kubectl create configmap kubevirt-config -n kubevirt --from-literal debug.useEmulation=true
+            sudo kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/kubevirt-cr.yaml
+
+      - name: Install virtcl
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            export ARCH=linux-amd64
+            curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/virtctl-v0.36.0-linux-amd64
+            chmod +x virtctl
+            sudo install virtctl /usr/local/bin
+
+      - name: Build molecule test container
+        run: |
+          #FIXME neeed copy geerlingu in home
+          cat <<EOF > Dockerfile
+          ARG PYTHON_BASE_IMAGE
+
+          FROM \${PYTHON_BASE_IMAGE}
+          ARG KUBERNETES_VERSION
+
+          RUN python3 -m pip install ansible molecule molecule-kubevirt && \
+                ansible-galaxy collection install community.crypto && \
+                ansible-galaxy collection install git+https://github.com/ansible-collections/community.kubernetes.git
+
+          RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/\${KUBERNETES_VERSION}/bin/linux/amd64/kubectl && \
+                chmod +x kubectl && mv kubectl /usr/bin
+
+          COPY . /
+          EOF
 
-      - name: Run Molecule tests.
-        run: molecule test
+          docker build --build-arg PYTHON_BASE_IMAGE="${PYTHON_BASE_IMAGE}" --build-arg KUBERNETES_VERSION="${KUBERNETES_VERSION}" .  -t molecule_kubevirt_runner:latest
+          # TODO : kind load is slow : set a private registry, as described here https://kind.sigs.k8s.io/docs/user/local-registry/
+          sudo kind load docker-image molecule_kubevirt_runner:latest
+
+      - name: Push molecule test image to Kind
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            sudo kind load docker-image molecule_kubevirt_runner:latest
+
+      - name: Install kail
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 5
+          max_attempts: 3
+          command: |
+            curl -SL https://github.com/boz/kail/releases/download/v0.15.0/kail_0.15.0_linux_amd64.tar.gz -o kail.tar.gz
+            tar xf kail.tar.gz
+            sudo install kail /usr/local/bin
+
+      - name: Wait and get kubevirt status
+        run: |
+          # wait network is ready
+          sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-operator
+          sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-api || true
+          sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-controller || true
+          sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-handler || true
+          sudo kubectl get nodes -o wide
+          sudo kubectl get pods -A
+
+      - name: Prepare Job
+        run: |
+          # Service Account for Job
+          cat <<EOF | sudo kubectl apply -f
+          ---
+          apiVersion: v1
+          kind: ServiceAccount
+          metadata:
+            name: molecule-kubevirt
+
+          ---
+          apiVersion: rbac.authorization.k8s.io/v1
+          kind: ClusterRoleBinding
+          metadata:
+            name: molecule-kubevirt
+          roleRef:
+            apiGroup: rbac.authorization.k8s.io
+            kind: ClusterRole
+            name: kubevirt.io:edit
+          subjects:
+            - kind: ServiceAccount
+              name: molecule-kubevirt
+              namespace: default
+
+          ---
+          apiVersion: rbac.authorization.k8s.io/v1
+          kind: ClusterRoleBinding
+          metadata:
+            name: molecule-cdi
+          roleRef:
+            apiGroup: rbac.authorization.k8s.io
+            kind: ClusterRole
+            name: cdi.kubevirt.io:edit
+          subjects:
+            - kind: ServiceAccount
+              name: molecule-kubevirt
+              namespace: default
+
+          ---
+          apiVersion: rbac.authorization.k8s.io/v1
+          kind: ClusterRole
+          metadata:
+            name: molecule-kubevirt-sec
+          rules:
+            - apiGroups:
+                - ""
+              resources:
+                - secrets
+                - services
+                - persistentvolumeclaims
+                - pods
+                - pods/log
+                - events
+                - configmaps
+              verbs: ["*"]
+
+          ---
+          apiVersion: rbac.authorization.k8s.io/v1
+          kind: ClusterRoleBinding
+          metadata:
+            name: molecule-kubevirt-sec
+          roleRef:
+            apiGroup: rbac.authorization.k8s.io
+            kind: ClusterRole
+            name: molecule-kubevirt-sec
+          subjects:
+            - kind: ServiceAccount
+              name: molecule-kubevirt
+              namespace: default
+
+          echo "Service account created"
+
+      - name: Launch background log scripts
+        run: |
+          # Kail monitors any logs from default namespace
+          sudo kail -n default 2>&1 > /tmp/kail.log || true &
+          # Infinite script waits for new VMs up and fetch logs from console
+          (sudo tools/log_console.sh || true ) &
+          # Event router reports any event as log, a great help for troubleshooting since Kind exports all running Pods logs
+          sudo kubectl create -f https://raw.githubusercontent.com/heptiolabs/eventrouter/master/yaml/eventrouter.yaml
+
+      - name: Launch test
+        uses: nick-invision/retry@v2
+        with:
+          timeout_minutes: 25
+          max_attempts: 3
+          on_retry_command: |
+            sudo kubectl delete pods --all || true
+            sudo kubectl delete configmaps --all || true
+            sudo kubectl delete job --all || true
+          command: |
+            # Configmap will be waitinig untill it is deleted, telling one Pod ended the Job
+            sudo kubectl create configmap molecule-job-running --from-literal status=Started
+            # Create Job
+            cat <<EOF | sudo kubectl apply -f -
+            ---
+            apiVersion: batch/v1
+            kind: Job
+            metadata:
+              name: molecule
+            spec:
+              template:
+                spec:
+                  serviceAccountName: molecule-kubevirt
+                  containers:
+                  - name: molecule
+                    image: molecule_kubevirt_runner
+                    imagePullPolicy: IfNotPresent
+                    command: [ "/bin/bash", "-c", "--" ]
+                    args: ["molecule test; kubectl create configmap molecule-result --from-literal exitCode=\$?); kubectl delete configmap molecule-job-running"]
+                    env:
+                      - name: PY_COLORS
+                        value: '1'
+                      - name: ANSIBLE_FORCE_COLOR
+                        value: '1'
+                      - name: MOLECULE_DISTRO
+                        value: ${{ matrix.distro }}
+                  restartPolicy: Never
+              backoffLimit: 0
+            EOF
+
+            echo "Job launched"
+
+            # Wait for molecule Job Pod to start
+            until (sudo kubectl get pods -l job-name=molecule | grep molecule); do echo "Wait molecule pod to start"; sleep 5; done
+
+            sudo kubectl wait --for=condition=ready pods -l job-name=molecule --namespace default
+            echo "Molecule pod is now running, waiting..."
+
+            # Wait for molecule Job to delete configmap, notifying one Job Pod ran till the end, whatever the result
+            sudo kubectl wait --for delete --timeout=20m  configmap/molecule-job-running
+
+            # Get molecule tests results and exit accordingly
+            MOLECULE_RESULT=$(sudo kubectl get configmap molecule-result -o "jsonpath={.data['exitCode']}")
+            if [ ! "${MOLECULE_RESULT}" == "0" ]; then echo "Test non ok : ${MOLECULE_RESULT}"; exit 1; fi
+
+
+      - name: Dump and export logs
+        if: always()
+        run: |
+          mkdir -p ${LOG_DIR} || true
+          echo "** Events"
+          sudo kubectl get events | tee ${LOG_DIR}/events.txt || true
+          echo "** Jobs"
+          sudo kubectl describe jobs | tee  ${LOG_DIR}/jobs.txt || true
+          echo "** Configmap"
+          sudo kubectl describe cm | tee ${LOG_DIR}/cm.txt || true
+          echo "** Console log"
+          sudo cat /tmp/virtcl-console*.log || true
+
+          sudo cp /tmp/kail.log ${LOG_DIR} || true
+          sudo cp /tmp/virtcl-console*.log ${LOG_DIR} || true
+          sudo dmesg > ${LOG_DIR}/dmesg.txt || true
+          sudo kind export logs ${LOG_DIR} || true
+          sudo journalctl | cat > ${LOG_DIR}/journalctl.txt || true
+          sudo chown -R $USER:$USER ${LOG_DIR} || true
         env:
-          PY_COLORS: '1'
-          ANSIBLE_FORCE_COLOR: '1'
-          MOLECULE_DISTRO: ${{ matrix.distro }}
+          LOG_DIR: /tmp/molecule-kubevirt/logs
+
+      - name: Upload logs
+        if: always()
+        uses: actions/upload-artifact@v2
+        with:
+          name: molecule-kubevirt-${{ matrix.distro }}-${{ github.run_id }}
+          path: /tmp/molecule-kubevirt/logs
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 7490710..fa60cc0 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -2,15 +2,11 @@
 dependency:
   name: galaxy
 driver:
-  name: docker
+  name: kubevirt
 platforms:
   - name: instance
-    image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
-    command: ${MOLECULE_DOCKER_COMMAND:-""}
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    privileged: true
-    pre_build_image: true
+    image: "${MOLECULE_DISTRO:-quay.io/jseguillon/kubevirt-images:centos-7-x86_64-genericcloud-2009}"
+
 provisioner:
   name: ansible
   playbooks: