check_uc_hostname

About the role

Ansible role to check DockerInsecureRegistryAddress matches the UC hostname.

The purpose of this validation is mostly target for the FFWD 13 to 16.X procedure.

Customer is expected to follow the step 9.3. Configuring access to the undercloud registry

The customer needs to retrieve the control plane host name on the undercloud and add it into the DockerInsecureRegistryAddress.

It might happen that the user misses this step or doesn’t really add the right control plan host name and then podman fails to retrieve the containers.

To summarize what customer is expected to do:

  • Run sudo hiera container_image_prepare_node_names to get host name(s)

  • Edit the containers-prepare-parameter.yaml file and the DockerInsecureRegistryAddress parameter with host name and IP of the undercloud.

This validation will:

  • Pull DockerInsecureRegistryAddress (list) from the Openstack environment

  • Run sudo hiera container_image_prepare_node_names

  • Verify the container_image_prepare_node_names returned from hiera is contained in the DockerInsecureRegistryAddress list.

Requirements

This role will be executed pre Overcloud Update.

Dependencies

No Dependencies

Example Playbook

- hosts: servers
  vars:
    check_uc_hostname_debug: true
  roles:
    - check_uc_hostname

License

Apache

Author Information

Red Hat TripleO DFG:Upgrades

Full Description

Role Documentation

Welcome to the “check_uc_hostname” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “check_uc_hostname” role.

# All variables intended for modification should place placed in this file.

# All variables within this role should have a prefix of "check_uc_hostname"

# Debugging mode
check_uc_hostname_debug: false

# Contains the ansible inventory hosts variable,
# which is used to get the hostvars stack (plan) name
check_uc_hostname_inventory_host: undercloud

Molecule Scenarios

Molecule is being used to test the “check_uc_hostname” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default
Driver: podman
Molecule Platform(s)
- name: centos
  hostname: centos
  image: centos/centos:stream8
  registry:
    url: quay.io
  dockerfile: ../../../../.config/molecule/Dockerfile
  pkg_extras: python*-setuptools python*-pyyaml
  volumes:
  - /etc/ci/mirror_info.sh:/etc/ci/mirror_info.sh:ro
  privileged: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') }}"
    https_proxy: "{{ lookup('env', 'https_proxy') }}"
  ulimits:
  - host
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
    vars:
      plan: qe-Cloud-0
      plans: [qe-Cloud-0]
Example default playbook
- name: Converge
  hosts: all
  tasks:
  - name: Working 1 - openstack one entry in list
    copy:
      dest: /usr/bin/openstack
      mode: 0755
      content: |
        #!/bin/bash
        echo "{"
        echo "  \"parameters\": {},"
        echo "  \"parameter_defaults\": {"
        echo "    \"DockerInsecureRegistryAddress\": ["
        echo "      \"undercloud-0.ctlplane.redhat.local:8787\""
        echo "    ]"
        echo "  }"
        echo "}"

  - name: Working 1 - hiera one entry in list
    copy:
      dest: /usr/bin/hiera
      mode: 0755
      content: |
        #!/bin/bash
        echo [\"undercloud-0.ctlplane.redhat.local\"]
        exit 0

  - name: Test Working 1
    include_role:
      name: check_uc_hostname
    vars:
      check_uc_hostname_inventory_host: centos

  - name: Working 2 - openstack multiple entry in list
    copy:
      dest: /usr/bin/openstack
      mode: 0755
      content: |
        #!/bin/bash
        echo "{"
        echo "  \"parameters\": {},"
        echo "  \"parameter_defaults\": {"
        echo "    \"DockerInsecureRegistryAddress\": ["
        echo "      \"undercloud-0.ctlplane.redhat.local:8787\","
        echo "      \"undercloud-1.ctlplane.redhat.local:8787\","
        echo "      \"undercloud-2.ctlplane.redhat.local:8787\""
        echo "    ]"
        echo "  }"
        echo "}"


  - name: Working 2 - hiera multiple entry in list
    copy:
      dest: /usr/bin/hiera
      mode: 0755
      content: |
        #!/bin/bash
        echo "["
        echo "  \"undercloud-0.ctlplane.redhat.local\","
        echo "  \"undercloud-1.ctlplane.redhat.local\","
        echo "  \"undercloud-2.ctlplane.redhat.local\""
        echo "]"
        exit 0

  - name: Test Working 2
    include_role:
      name: check_uc_hostname
    vars:
      check_uc_hostname_inventory_host: centos

  - name: Working 3 - openstack multiple entry in list
    copy:
      dest: /usr/bin/openstack
      mode: 0755
      content: |
        #!/bin/bash
        echo "{"
        echo "  \"parameters\": {},"
        echo "  \"parameter_defaults\": {"
        echo "    \"DockerInsecureRegistryAddress\": ["
        echo "      \"undercloud-0.ctlplane.redhat.local:8787\","
        echo "      \"redhat.registry.io:8787\","
        echo "      \"mysuper-registry.io\","
        echo "    ]"
        echo "  }"
        echo "}"

  - name: Working 3 - hiera single entry in list
    copy:
      dest: /usr/bin/hiera
      mode: 0755
      content: |
        #!/bin/bash
        echo "["
        echo "  \"undercloud-0.ctlplane.redhat.local\","
        echo "]"
        exit 0

  - name: Test Working 3
    include_role:
      name: check_uc_hostname
    vars:
      check_uc_hostname_inventory_host: centos

  - name: Working 4 - openstack multiple entry in list
    copy:
      dest: /usr/bin/openstack
      mode: 0755
      content: |
        #!/bin/bash
        echo "{"
        echo "  \"parameters\": {},"
        echo "  \"parameter_defaults\": {"
        echo "    \"DockerInsecureRegistryAddress\": ["
        echo "      \"BROKENCLOUD-0.ctlplane.redhat.local:8787\","
        echo "      \"redhat.registry.io:8787\","
        echo "      \"mysuper-registry.io\","
        echo "    ]"
        echo "  }"
        echo "}"

  - name: Working 4 - we do not fail if hiera returns empty list
    copy:
      dest: /usr/bin/hiera
      mode: 0755
      content: |
        #!/bin/bash
        echo "[]"
        exit 0

  - name: Test Working 4
    include_role:
      name: check_uc_hostname
    vars:
      check_uc_hostname_inventory_host: centos

  - name: Failing 1 - we fail if DockerInsecureRegistryAddress is not found
    copy:
      dest: /usr/bin/openstack
      mode: 0755
      content: |
        #!/bin/bash
        echo "{"
        echo "  \"parameters\": {},"
        echo "  \"parameter_defaults\": {"
        echo "  }"
        echo "}"

  - name: Failing 1 - hiera no entry found
    copy:
      dest: /usr/bin/hiera
      mode: 0755
      content: |
        #!/bin/bash
        exit 0

  - name: Failing 1
    block:
    - include_role:
        name: check_uc_hostname
      vars:
        check_uc_hostname_inventory_host: centos

    rescue:
    - name: Clear host errors
      meta: clear_host_errors

    - debug:
        msg: The validation Case Failing 1 works! Continuing playbook run...

  - name: Failing 2 - openstack multiple entry in list
    copy:
      dest: /usr/bin/openstack
      mode: 0755
      content: |
        #!/bin/bash
        echo "{"
        echo "  \"parameters\": {},"
        echo "  \"parameter_defaults\": {"
        echo "    \"DockerInsecureRegistryAddress\": ["
        echo "      \"BROKENCLOUD-0.ctlplane.redhat.local:8787\","
        echo "      \"redhat.registry.io:8787\","
        echo "      \"mysuper-registry.io\","
        echo "    ]"
        echo "  }"
        echo "}"


  - name: Failing 2 - hiera single entry in list
    copy:
      dest: /usr/bin/hiera
      mode: 0755
      content: |
        #!/bin/bash
        echo "["
        echo "  \"undercloud-0.ctlplane.redhat.local\","
        echo "]"
        exit 0

  - name: Failing 2
    block:
    - include_role:
        name: check_uc_hostname
      vars:
        check_uc_hostname_inventory_host: centos

    rescue:
    - name: Clear host errors
      meta: clear_host_errors

    - debug:
        msg: The validation Case Failing 2 works! Ending playbook run

    - name: End play
      meta: end_play

  - name: Fail the test
    fail:
      msg: |
        The check-uc-hostname validation failed to check that the hostnames
        did not match.