peter.babic
/
ansible-role-nginx
Archived
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

now woking on kubevirt molecule (#2)

Browse Source
pull/217/head
Joel Seguillon 3 years ago committed by GitHub
parent 3e0b830f84
commit fdd86b29ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 322 additions and 22 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 333
      .github/workflows/ci.yml
  2. 1
      molecule/default/converge.yml
  3. 10
      molecule/default/molecule.yml

333
.github/workflows/ci.yml
Unescape View File

@ -41,11 +41,16 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- centos8
- ubuntu2004
- ubuntu1804
- debian10
include:
- name: Centos 7
distro: quay.io/jseguillon/kubevirt-images:centos-7-x86_64-genericcloud-2009
# - ubuntu2004
# - ubuntu1804
# - debian10
env:
KUBERNETES_VERSION: v1.20.0
PYTHON_BASE_IMAGE: python:3.9
steps:
- name: Check out the codebase.
@ -53,17 +58,315 @@ jobs:
with:
path: 'geerlingguy.nginx'
- name: Set up Python 3.
uses: actions/setup-python@v2
- name: Update packages index
run: |
sudo apt-get update
- name: Install docker
uses: nick-invision/retry@v2
with:
python-version: '3.x'
timeout_minutes: 5
max_attempts: 3
command: |
. /etc/os-release
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- name: Install test dependencies.
run: pip3 install ansible molecule[docker] docker
- name: Install kubectl
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 3
command: |
curl -LO https://storage.googleapis.com/kubernetes-release/release/${KUBERNETES_VERSION}/bin/linux/amd64/kubectl; chmod +x ./kubectl
sudo install kubectl /usr/local/bin
- name: Install kind
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 3
command: |
curl -Lo ./kind "https://kind.sigs.k8s.io/dl/v0.9.0/kind-$(uname)-amd64" && chmod +x ./kind
sudo install kind /usr/local/bin
- name: Create single node Cluster
run: |
cat <<EOF | sudo kind create cluster -v7 --wait 1m --retain --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
ipFamily: ipv4
EOF
- name: Wait and get Cluster status
run: |
# wait network is ready
sudo kubectl wait --for=condition=ready pods --namespace=kube-system -l k8s-app=kube-dns
sudo kubectl get nodes -o wide
sudo kubectl get pods -A
- name: Install kubevirt packages requirements
run: |
sudo apt install -y qemu qemu-kvm libvirt-daemon libvirt-clients bridge-utils virt-manager libvirt-daemon-system
sudo systemctl restart libvirtd
- name: Tweak ubuntu apparmor for Kubevirt
run: |
# See : https://github.com/kubevirt/kubevirt/issues/4303
# Add one magic line and reload service
tweak_qemu_apprarmor="$(head -n -1 /etc/apparmor.d/usr.sbin.libvirtd; echo " /usr/libexec/qemu-kvm rmix,"; tail -1 /etc/apparmor.d/usr.sbin.libvirtd)"
echo "$tweak_qemu_apprarmor" | sudo dd of=/etc/apparmor.d/usr.sbin.libvirtd
sudo systemctl reload apparmor.service
- name: Install kubevirt
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 3
command: |
sudo kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/kubevirt-operator.yaml
sudo kubectl create configmap kubevirt-config -n kubevirt --from-literal debug.useEmulation=true
sudo kubectl create -f https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/kubevirt-cr.yaml
- name: Install virtcl
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 3
command: |
export ARCH=linux-amd64
curl -L -o virtctl https://github.com/kubevirt/kubevirt/releases/download/v0.36.0/virtctl-v0.36.0-linux-amd64
chmod +x virtctl
sudo install virtctl /usr/local/bin
- name: Build molecule test container
run: |
#FIXME neeed copy geerlingu in home
cat <<EOF > Dockerfile
ARG PYTHON_BASE_IMAGE
FROM \${PYTHON_BASE_IMAGE}
ARG KUBERNETES_VERSION
RUN python3 -m pip install ansible molecule molecule-kubevirt && \
ansible-galaxy collection install community.crypto && \
ansible-galaxy collection install git+https://github.com/ansible-collections/community.kubernetes.git
RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/\${KUBERNETES_VERSION}/bin/linux/amd64/kubectl && \
chmod +x kubectl && mv kubectl /usr/bin
COPY molecule /molecule
COPY . /molecule/default/roles/geerlingguy.nginx
EOF
docker build --build-arg PYTHON_BASE_IMAGE="${PYTHON_BASE_IMAGE}" --build-arg KUBERNETES_VERSION="${KUBERNETES_VERSION}" . -t molecule_kubevirt_runner:latest
# TODO : kind load is slow : set a private registry, as described here https://kind.sigs.k8s.io/docs/user/local-registry/
sudo kind load docker-image molecule_kubevirt_runner:latest
- name: Run Molecule tests.
run: molecule test
- name: Push molecule test image to Kind
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 3
command: |
sudo kind load docker-image molecule_kubevirt_runner:latest
- name: Install kail
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
max_attempts: 3
command: |
curl -SL https://github.com/boz/kail/releases/download/v0.15.0/kail_0.15.0_linux_amd64.tar.gz -o kail.tar.gz
tar xf kail.tar.gz
sudo install kail /usr/local/bin
- name: Wait and get kubevirt status
run: |
# wait network is ready
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-operator
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-api || true
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-controller || true
sudo kubectl wait --for=condition=ready pods --namespace=kubevirt -l kubevirt.io=virt-handler || true
sudo kubectl get nodes -o wide
sudo kubectl get pods -A
- name: Prepare Job
run: |
# Service Account for Job
cat <<EOF | sudo kubectl apply -f -
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: molecule-kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: molecule-kubevirt
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt.io:edit
subjects:
- kind: ServiceAccount
name: molecule-kubevirt
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: molecule-cdi
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cdi.kubevirt.io:edit
subjects:
- kind: ServiceAccount
name: molecule-kubevirt
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: molecule-kubevirt-sec
rules:
- apiGroups:
- ""
resources:
- secrets
- services
- persistentvolumeclaims
- pods
- pods/log
- events
- configmaps
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: molecule-kubevirt-sec
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: molecule-kubevirt-sec
subjects:
- kind: ServiceAccount
name: molecule-kubevirt
namespace: default
EOF
echo "Service account created"
- name: Launch background log scripts
run: |
# Kail monitors any logs from default namespace
sudo kail -n default 2>&1 > /tmp/kail.log || true &
# Infinite script waits for new VMs up and fetch logs from console
(
while true; do
until sudo kubectl wait --for=condition=Ready pod -l kubevirt.io=virt-launcher --namespace default;
do echo "Still Waiting Pod to start..."; sleep 5;
done
LOGFILE="virtcl-console-$(date '+%Y-%m-%d-%H-%M-%S').log"
echo "Starting virtctl console" >> /tmp/${LOGFILE}
sudo script -e -c "virtctl console instance" >> /tmp/${LOGFILE}
done
) &
# Event router reports any event as log, a great help for troubleshooting since Kind exports all running Pods logs
sudo kubectl create -f https://raw.githubusercontent.com/heptiolabs/eventrouter/master/yaml/eventrouter.yaml
- name: Launch test
uses: nick-invision/retry@v2
with:
timeout_minutes: 25
max_attempts: 3
on_retry_command: |
sudo kubectl delete pods --all || true
sudo kubectl delete configmaps --all || true
sudo kubectl delete job --all || true
command: |
# Configmap will be waitinig untill it is deleted, telling one Pod ended the Job
sudo kubectl create configmap molecule-job-running --from-literal status=Started
# Create Job
cat <<EOF | sudo kubectl apply -f -
---
apiVersion: batch/v1
kind: Job
metadata:
name: molecule
spec:
template:
spec:
serviceAccountName: molecule-kubevirt
containers:
- name: molecule
image: molecule_kubevirt_runner
imagePullPolicy: IfNotPresent
command: [ "/bin/bash", "-c", "--" ]
args: ["(molecule test; kubectl create configmap molecule-result --from-literal exitCode=\$?); kubectl delete configmap molecule-job-running"]
env:
- name: PY_COLORS
value: '1'
- name: ANSIBLE_FORCE_COLOR
value: '1'
- name: MOLECULE_DISTRO
value: ${{ matrix.distro }}
restartPolicy: Never
backoffLimit: 0
EOF
echo "Job launched"
# Wait for molecule Job Pod to start
until (sudo kubectl get pods -l job-name=molecule | grep molecule); do echo "Wait molecule pod to start"; sleep 5; done
sudo kubectl wait --for=condition=ready pods -l job-name=molecule --namespace default
echo "Molecule pod is now running, waiting..."
# Wait for molecule Job to delete configmap, notifying one Job Pod ran till the end, whatever the result
sudo kubectl wait --for delete --timeout=20m configmap/molecule-job-running
# Get molecule tests results and exit accordingly
MOLECULE_RESULT=$(sudo kubectl get configmap molecule-result -o "jsonpath={.data['exitCode']}")
if [ ! "${MOLECULE_RESULT}" == "0" ]; then echo "Test non ok : ${MOLECULE_RESULT}"; exit 1; fi
- name: Dump and export logs
if: always()
run: |
mkdir -p ${LOG_DIR} || true
echo "** Events"
sudo kubectl get events | tee ${LOG_DIR}/events.txt || true
echo "** Jobs"
sudo kubectl describe jobs | tee ${LOG_DIR}/jobs.txt || true
echo "** Configmap"
sudo kubectl describe cm | tee ${LOG_DIR}/cm.txt || true
echo "** Console log"
sudo cat /tmp/virtcl-console*.log || true
sudo cp /tmp/kail.log ${LOG_DIR} || true
sudo cp /tmp/virtcl-console*.log ${LOG_DIR} || true
sudo dmesg > ${LOG_DIR}/dmesg.txt || true
sudo kind export logs ${LOG_DIR} || true
sudo journalctl | cat > ${LOG_DIR}/journalctl.txt || true
sudo chown -R $USER:$USER ${LOG_DIR} || true
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}
LOG_DIR: /tmp/molecule-kubevirt/logs
- name: Upload logs
if: always()
uses: actions/upload-artifact@v2
with:
name: molecule-kubevirt-${{ matrix.name }}-${{ github.run_id }}
path: /tmp/molecule-kubevirt/logs

1
molecule/default/converge.yml
Unescape View File

@ -1,6 +1,7 @@
---
- name: Converge
hosts: all
become: yes
vars:
nginx_use_ppa: true

10
molecule/default/molecule.yml
Unescape View File

@ -2,15 +2,11 @@
dependency:
name: galaxy
driver:
name: docker
name: kubevirt
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
image: "${MOLECULE_DISTRO:-quay.io/jseguillon/kubevirt-images:centos-7-x86_64-genericcloud-2009}"
provisioner:
name: ansible
playbooks: