Skip to content

Commit 2f3e6a7

Browse files
committed
Add Cyborg deployment job in zuul when modifying cyborg controller
This patch is adding a new job to deploy cyborg in the controlplane and dataplane when any change in the content related to cyborg is detected. Signed-off-by: Alfredo Moralejo <amoralej@redhat.com>
1 parent bbf4610 commit 2f3e6a7

4 files changed

Lines changed: 319 additions & 4 deletions

File tree

.zuul.yaml

Lines changed: 41 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,23 @@
110110
[libvirt]
111111
cpu_mode = custom
112112
cpu_models = Nehalem
113+
- job:
114+
name: nova-operator-cyborg-tempest-multinode
115+
parent: nova-operator-tempest-multinode
116+
vars:
117+
cifmw_extras:
118+
- "@scenarios/centos-9/multinode-ci.yml"
119+
- "@{{ ansible_user_dir }}/{{ zuul.projects['github.com/openstack-k8s-operators/nova-operator'].src_dir }}/ci/nova-operator-cyborg-tempest-multinode/ci_fw_vars.yaml"
120+
cifmw_update_containers_registry: quay.rdoproject.org
121+
cifmw_update_containers_org: podified-master-centos10
122+
cifmw_update_containers_tag: current-tested
123+
cifmw_test_operator_tempest_registry: "{{ cifmw_update_containers_registry }}"
124+
cifmw_test_operator_tempest_namespace: "{{ cifmw_update_containers_org }}"
125+
cifmw_test_operator_tempest_image_tag: "{{ cifmw_update_containers_tag }}"
126+
cifmw_test_operator_tempest_external_plugin:
127+
- repository: https://opendev.org/openstack/cyborg-tempest-plugin.git
128+
cifmw_test_operator_tempest_include_list: |
129+
cyborg_tempest_plugin
113130
- job:
114131
name: nova-operator-tempest-multinode-ceph
115132
parent: podified-multinode-hci-deployment-crc-3comp
@@ -190,11 +207,31 @@
190207
- openstack-meta-content-provider:
191208
vars:
192209
cifmw_install_yamls_sdk_version: v1.41.1
193-
- nova-operator-kuttl
194-
- nova-operator-tempest-multinode:
195-
nodeset: centos-9-medium-3x-centos-9-crc-cloud-ocp-4-18-1-3xl
196-
- nova-operator-tempest-multinode-ceph:
210+
# Disable tests to save resources while testing cyborg deployment job
211+
#- nova-operator-kuttl
212+
#- nova-operator-tempest-multinode:
213+
# nodeset: centos-9-medium-3x-centos-9-crc-cloud-ocp-4-18-1-3xl
214+
- nova-operator-cyborg-tempest-multinode:
197215
nodeset: centos-9-medium-3x-centos-9-crc-cloud-ocp-4-18-1-3xl
216+
voting: false
217+
files:
218+
- ^api/cyborg/
219+
- ^internal/cyborg/
220+
- ^internal/controller/cyborg/
221+
- ^internal/webhook/cyborg/
222+
- ^templates/cyborg/
223+
- ^config/samples/cyborg.*
224+
- ^api/bases/cyborg\.openstack\.org.*
225+
- ^test/functional/cyborg/
226+
- ^test/kuttl/test-suites/default/cyborg-tests/
227+
- ^ci/nova-operator-cyborg-tempest-multinode/
228+
- ^go\.mod$
229+
- ^go\.sum$
230+
- ^go\.work.*
231+
- ^api/go\.mod$
232+
- ^api/go\.sum$
233+
#- nova-operator-tempest-multinode-ceph:
234+
# nodeset: centos-9-medium-3x-centos-9-crc-cloud-ocp-4-18-1-3xl
198235

199236
- pragma:
200237
implied-branch-matchers: True
Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
---
2+
cifmw_install_yamls_vars:
3+
BMO_SETUP: false
4+
INSTALL_CERT_MANAGER: false
5+
6+
cifmw_edpm_prepare_skip_crc_storage_creation: true
7+
# as we scale the openstack services to 3 replicas we need more PVs
8+
cifmw_cls_pv_count: 20
9+
10+
cifmw_services_swift_enabled: false
11+
12+
13+
# note by default the source for the playbook specified
14+
# in the hooks is relative to
15+
# https://github.com/openstack-k8s-operators/ci-framework/tree/main/hooks/playbooks
16+
# if you want to use a different source you can use the full path on the ansible controller
17+
post_ctlplane_deploy:
18+
- name: 71 Kustomize control plane to scale openstack services
19+
type: playbook
20+
source: "{{ ansible_user_dir }}/{{ zuul.projects['github.com/openstack-k8s-operators/nova-operator'].src_dir }}/ci/nova-operator-tempest-multinode/control_plane_hook.yaml"
21+
- name: 82 Kustomize and update Control Plane
22+
type: playbook
23+
source: control_plane_kustomize_deploy.yml
24+
- name: 85 Create neutron-metadata-custom
25+
type: playbook
26+
source: "{{ ansible_user_dir }}/{{ zuul.projects['github.com/openstack-k8s-operators/nova-operator'].src_dir }}/ci/nova-operator-cyborg-tempest-multinode/pre_deploy_hook.yml"
27+
- name: 90 Deploy Cyborg service
28+
type: playbook
29+
source: "{{ ansible_user_dir }}/{{ zuul.projects['github.com/openstack-k8s-operators/nova-operator'].src_dir }}/ci/nova-operator-cyborg-tempest-multinode/deploy_cyborg_service.yaml"
30+
31+
32+
33+
cifmw_run_tests: true
34+
cifmw_tempest_container: openstack-tempest-extras
35+
# we do not want the ci framework trying to enable any
36+
# tempest groups by default we will manage all tempest execution
37+
# via the job definition.
38+
cifmw_tempest_default_groups: []
Lines changed: 165 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,165 @@
1+
---
2+
- name: Deploy Cyborg service
3+
hosts: "{{ cifmw_target_hook_host | default('localhost') }}"
4+
gather_facts: false
5+
environment:
6+
KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
7+
PATH: "{{ cifmw_path }}"
8+
tasks:
9+
# NOTE(amoralej): Cyborg controllers and webhooks in the nova-operator
10+
# are gated behind the ENABLE_CYBORG=true env var (cmd/main.go).
11+
# The nova-operator deployment is owned and reconciled by the
12+
# openstack-operator, which rebuilds its env vars from scratch on
13+
# every reconcile loop (it Owns the Deployment). The OpenStack CRD
14+
# does not expose a way to inject custom env vars into sub-operator
15+
# deployments, so we must:
16+
# 1. Scale down the openstack-operator via its CSV to stop it
17+
# from reconciling (OLM manages the deployment, so we patch
18+
# the CSV replicas rather than scaling the deployment directly).
19+
# 2. Patch the nova-operator deployment directly to add ENABLE_CYBORG.
20+
# 3. Wait for the nova-operator to roll out with Cyborg enabled.
21+
- name: Get the openstack-operator CSV name
22+
ansible.builtin.command:
23+
cmd: >-
24+
oc get csv -n openstack-operators
25+
-l operators.coreos.com/openstack-operator.openstack-operators
26+
-o name
27+
register: csv_name
28+
29+
- name: Patch CSV to scale down openstack-operator
30+
ansible.builtin.shell: |
31+
oc patch -n openstack-operators {{ csv_name.stdout }} --type json -p='[
32+
{"op": "replace",
33+
"path": "/spec/install/spec/deployments/0/spec/replicas",
34+
"value": 0}
35+
]'
36+
37+
- name: Wait for openstack-operator to scale down
38+
ansible.builtin.command:
39+
cmd: >-
40+
oc rollout status deployment/openstack-operator-controller-init
41+
-n openstack-operators --timeout=120s
42+
43+
- name: Patch nova-operator deployment to enable Cyborg
44+
ansible.builtin.command:
45+
cmd: >-
46+
oc set env deployment/nova-operator-controller-manager
47+
-n openstack-operators ENABLE_CYBORG=true
48+
49+
- name: Wait for nova-operator rollout
50+
ansible.builtin.command:
51+
cmd: >-
52+
oc rollout status deployment/nova-operator-controller-manager
53+
-n openstack-operators --timeout=300s
54+
55+
- name: Add CyborgPassword to osp-secret
56+
ansible.builtin.shell: |
57+
oc patch secret osp-secret \
58+
--namespace={{ cifmw_install_yamls_defaults['NAMESPACE'] }} \
59+
--type merge -p '{"data":{"CyborgPassword":"'"$(oc get secret osp-secret --namespace={{ cifmw_install_yamls_defaults['NAMESPACE'] }} -o jsonpath='{.data.AdminPassword}')"'"}}'
60+
61+
- name: Create Cyborg TLS certificates
62+
ansible.builtin.shell: |
63+
oc apply -f - <<EOF
64+
apiVersion: cert-manager.io/v1
65+
kind: Certificate
66+
metadata:
67+
name: cyborg-internal-svc
68+
namespace: {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
69+
spec:
70+
dnsNames:
71+
- cyborg-internal.{{ cifmw_install_yamls_defaults['NAMESPACE'] }}.svc
72+
- cyborg-internal.{{ cifmw_install_yamls_defaults['NAMESPACE'] }}.svc.cluster.local
73+
duration: 43800h0m0s
74+
issuerRef:
75+
group: cert-manager.io
76+
kind: Issuer
77+
name: rootca-internal
78+
secretName: cert-cyborg-internal-svc
79+
usages:
80+
- key encipherment
81+
- digital signature
82+
- server auth
83+
---
84+
apiVersion: cert-manager.io/v1
85+
kind: Certificate
86+
metadata:
87+
name: cyborg-public-svc
88+
namespace: {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
89+
spec:
90+
dnsNames:
91+
- cyborg-public.{{ cifmw_install_yamls_defaults['NAMESPACE'] }}.svc
92+
- cyborg-public.{{ cifmw_install_yamls_defaults['NAMESPACE'] }}.svc.cluster.local
93+
duration: 43800h0m0s
94+
issuerRef:
95+
group: cert-manager.io
96+
kind: Issuer
97+
name: rootca-public
98+
secretName: cert-cyborg-public-svc
99+
usages:
100+
- key encipherment
101+
- digital signature
102+
- server auth
103+
EOF
104+
105+
- name: Wait for Cyborg certificate secrets to be created
106+
ansible.builtin.command:
107+
cmd: >-
108+
oc wait certificate {{ item }}
109+
--namespace={{ cifmw_install_yamls_defaults['NAMESPACE'] }}
110+
--for=condition=Ready --timeout=300s
111+
loop:
112+
- cyborg-internal-svc
113+
- cyborg-public-svc
114+
115+
- name: Create Cyborg CR
116+
ansible.builtin.shell: |
117+
oc apply -f - <<EOF
118+
apiVersion: cyborg.openstack.org/v1beta1
119+
kind: Cyborg
120+
metadata:
121+
name: cyborg
122+
namespace: {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
123+
spec:
124+
apiContainerImageURL: quay.io/amoralej/openstack-cyborg:master-latest
125+
conductorContainerImageURL: quay.io/amoralej/openstack-cyborg:master-latest
126+
agentContainerImageURL: quay.io/amoralej/openstack-cyborg-agent:master-latest
127+
secret: osp-secret
128+
messagingBus:
129+
cluster: rabbitmq
130+
apiServiceTemplate:
131+
tls:
132+
caBundleSecretName: combined-ca-bundle
133+
api:
134+
internal:
135+
secretName: cert-cyborg-internal-svc
136+
public:
137+
secretName: cert-cyborg-public-svc
138+
EOF
139+
140+
- name: Wait for Cyborg CR to be ready
141+
ansible.builtin.command:
142+
cmd: >-
143+
oc wait cyborg cyborg
144+
--namespace={{ cifmw_install_yamls_defaults['NAMESPACE'] }}
145+
--for=condition=Ready --timeout=600s
146+
147+
- name: Create OpenStackDataPlaneService for cyborg
148+
ansible.builtin.shell: |
149+
oc apply -f - <<EOF
150+
apiVersion: dataplane.openstack.org/v1beta1
151+
kind: OpenStackDataPlaneService
152+
metadata:
153+
name: cyborg
154+
namespace: {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
155+
spec:
156+
dataSources:
157+
- secretRef:
158+
name: cyborg-agent-config
159+
- configMapRef:
160+
name: cyborg-extra-config
161+
optional: true
162+
playbook: osp.edpm.cyborg
163+
caCerts: combined-ca-bundle
164+
edpmServiceType: cyborg
165+
EOF
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
- name: Create custom service
2+
hosts: "{{ cifmw_target_hook_host | default('localhost') }}"
3+
gather_facts: false
4+
tasks:
5+
- name: Create kustomization
6+
ansible.builtin.copy:
7+
dest: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/dataplane/98-kustomization.yaml"
8+
content: |-
9+
apiVersion: kustomize.config.k8s.io/v1beta1
10+
kind: Kustomization
11+
resources:
12+
namespace: {{ cifmw_install_yamls_defaults.NAMESPACE }}
13+
patches:
14+
- target:
15+
kind: OpenStackDataPlaneNodeSet
16+
patch: |-
17+
- op: replace
18+
path: /spec/services
19+
value:
20+
- repo-setup
21+
- bootstrap
22+
- download-cache
23+
- configure-network
24+
- validate-network
25+
- install-os
26+
- configure-os
27+
- ssh-known-hosts
28+
- run-os
29+
- reboot-os
30+
- install-certs
31+
- ovn
32+
- neutron-metadata-custom
33+
- libvirt
34+
- nova
35+
- cyborg
36+
- telemetry
37+
- op: add
38+
path: /spec/nodeTemplate/ansible/ansibleVars/edpm_cyborg_agent_image
39+
value: quay.io/amoralej/openstack-cyborg-agent:master-latest
40+
- name: Create neutron-metadata-custom service
41+
environment:
42+
KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
43+
PATH: "{{ cifmw_path }}"
44+
ansible.builtin.shell: |
45+
oc apply -f - <<EOF
46+
apiVersion: dataplane.openstack.org/v1beta1
47+
kind: OpenStackDataPlaneService
48+
metadata:
49+
name: neutron-metadata-custom
50+
namespace: {{ cifmw_install_yamls_defaults['NAMESPACE'] }}
51+
spec:
52+
addCertMounts: false
53+
caCerts: combined-ca-bundle
54+
containerImageFields:
55+
- EdpmNeutronMetadataAgentImage
56+
dataSources:
57+
- secretRef:
58+
name: neutron-ovn-metadata-agent-neutron-config
59+
- secretRef:
60+
name: nova-cell1-metadata-neutron-config
61+
edpmServiceType: neutron-metadata
62+
playbook: osp.edpm.neutron_metadata
63+
tlsCerts:
64+
default:
65+
contents:
66+
- dnsnames
67+
- ips
68+
issuer: osp-rootca-issuer-ovn
69+
keyUsages:
70+
- digital signature
71+
- key encipherment
72+
- client auth
73+
networks:
74+
- ctlplane
75+
EOF

0 commit comments

Comments
 (0)