-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add scs-0210-v2 and scs-0214-v1 zuul checks (#714)
* Add scs-0210-v2 and scs-0214-v1 zuul checks Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Add k8s node labels workaround The SCS node distribution standard, scs-0214-v1, aims to verify the distribution of k8s nodes across regions, zones, and physical nodes. While information regarding regions and zones is readily available in node labels, identifying physical node IDs is not. This commit introduces a workaround for labeling k8s nodes with their corresponding physical node IDs. For more details, refer to the following issue: SovereignCloudStack/issues#540. Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Apply suggestions from code review Co-authored-by: Matthias Büchse <github@mbue.de> Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Drop unnecessary config task The updated version of the SCS standard scripts handles configuration management better. Therefore, this config task marked with TODO comment is removed. Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Set the k8s node label key and link the related issue Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Adjust the default settings of the e2e pipeline to spin up a cluster with 3 control plane nodes If we want to perform end-to-end testing on an SCS-compliant Kubernetes cluster, we need 3 control plane nodes Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Remove debug code and stabilize .zuul.yaml config Signed-off-by: Matej Feder <matej.feder@dnation.cloud> * Move tasks to the always block This commit introduces the always block in the sonobuoy.yaml as well as in the scs_compliance.yaml and moves the "parse" tasks and "Insert ... results to the warning message..." tasks there. This should ensure that results from failed checks will be returned by Zuul. Signed-off-by: Matej Feder <matej.feder@dnation.cloud> --------- Signed-off-by: Matej Feder <matej.feder@dnation.cloud> Co-authored-by: Matthias Büchse <github@mbue.de>
- Loading branch information
Showing
6 changed files
with
191 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
--- | ||
- name: Label k8s nodes based on OpenStack host IDs | ||
vars: | ||
# Note (@mfeder): The following label key serves as a temporary label until upstream | ||
# proposes and implements an alternative label key/solution for indicating a physical machine | ||
# within the Kubernetes cluster. | ||
# refer to: https://github.com/SovereignCloudStack/issues/issues/540 | ||
label_key: "topology.scs.community/host-id" | ||
openstackclient_version: "6.5.0" | ||
jq_version: "1.7.1" | ||
kubectl_version: "1.28.7" | ||
install_dir: "{{ ansible_user_dir }}/.local/bin" | ||
block: | ||
- name: Check if `os_cloud` variable is defined | ||
ansible.builtin.fail: | ||
msg: "os_cloud is not defined or empty" | ||
when: os_cloud is not defined or os_cloud == '' | ||
- name: Check if `kubeconfig_path` variable is defined | ||
ansible.builtin.fail: | ||
msg: "kubeconfig_path is not defined or empty" | ||
when: kubeconfig_path is not defined or kubeconfig_path == '' | ||
- name: Install jq | ||
ansible.builtin.get_url: | ||
url: "https://github.com/jqlang/jq/releases/download/jq-{{ jq_version }}/jq-linux64" | ||
dest: "{{ install_dir }}/jq" | ||
mode: "+x" | ||
# TODO: use `checksum` attr here to verify the digest of the destination file, if available | ||
- name: Install kubectl | ||
ansible.builtin.get_url: | ||
url: "https://dl.k8s.io/release/v{{ kubectl_version }}/bin/linux/amd64/kubectl" | ||
dest: "{{ install_dir }}/kubectl" | ||
mode: "+x" | ||
# TODO: use `checksum` attr here to verify the digest of the destination file, if available | ||
- name: Install openstack cli | ||
ansible.builtin.pip: | ||
name: | ||
- "python-openstackclient=={{ openstackclient_version }}" | ||
extra_args: --user | ||
- name: Get list of OpenStack server details | ||
ansible.builtin.shell: | ||
cmd: | | ||
set -o pipefail | ||
openstack server list -f json | jq -r '.[].ID' | while read id; do openstack server show $id -f json; done | jq -s '.' | ||
executable: /bin/bash | ||
register: openstack_server_list | ||
changed_when: false | ||
environment: | ||
OS_CLOUD: "{{ os_cloud }}" | ||
- name: Populate openstack_hosts dict with hostname=host_id pairs | ||
ansible.builtin.set_fact: | ||
openstack_hosts: "{{ openstack_hosts | default({}) | combine({item.name: item.hostId}) }}" | ||
with_items: "{{ openstack_server_list.stdout | from_json }}" | ||
- name: Get a list of nodes | ||
ansible.builtin.command: kubectl get nodes -o json | ||
register: kubernetes_node_list | ||
changed_when: false | ||
environment: | ||
KUBECONFIG: "{{ kubeconfig_path }}" | ||
- name: Add node label | ||
ansible.builtin.command: "kubectl label nodes {{ item.metadata.name }} {{ label_key }}={{ openstack_hosts[item.metadata.name] }}" | ||
with_items: "{{ (kubernetes_node_list.stdout | from_json)['items'] }}" | ||
changed_when: false | ||
environment: | ||
KUBECONFIG: "{{ kubeconfig_path }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
--- | ||
- name: Download, install, configure, and execute SCS KaaS compliance check | ||
vars: | ||
check_dir: "{{ ansible_user_dir }}/scs-compliance" | ||
python_venv_dir: "{{ ansible_user_dir }}/scs-compliance/venv" | ||
block: | ||
- name: Check if `kubeconfig_path` variable is defined | ||
ansible.builtin.fail: | ||
msg: "kubeconfig_path is not defined or empty" | ||
when: kubeconfig_path is not defined or kubeconfig_path == '' | ||
- name: Ensure check directory | ||
ansible.builtin.file: | ||
path: "{{ check_dir }}" | ||
state: directory | ||
mode: 0755 | ||
- name: Get SCS KaaS compliance check assets | ||
ansible.builtin.git: | ||
repo: https://github.com/SovereignCloudStack/standards.git | ||
dest: "{{ check_dir }}" | ||
single_branch: true | ||
version: main | ||
- name: Install virtualenv | ||
ansible.builtin.package: | ||
name: virtualenv | ||
become: true | ||
- name: Install check requirements | ||
ansible.builtin.pip: | ||
requirements: "{{ check_dir }}/Tests/requirements.txt" | ||
virtualenv: "{{ python_venv_dir }}" | ||
- name: Execute SCS KaaS compliance check | ||
ansible.builtin.shell: | ||
cmd: | ||
". {{ python_venv_dir }}/bin/activate && | ||
python3 {{ check_dir }}/Tests/scs-compliance-check.py {{ check_dir }}/Tests/scs-compatible-kaas.yaml -v -s KaaS_V1 -a kubeconfig={{ kubeconfig_path }}" | ||
changed_when: false | ||
register: scs_compliance_results | ||
always: | ||
- name: Parse SCS KaaS compliance results # noqa: ignore-errors | ||
ansible.builtin.set_fact: | ||
scs_compliance_results_parsed: "{{ scs_compliance_results.stdout }}" | ||
when: scs_compliance_results is defined | ||
ignore_errors: true | ||
- name: Insert SCS compliance results to the warning message that will be appended to the comment zuul leaves on the PR # noqa: ignore-errors | ||
zuul_return: | ||
data: | ||
zuul: | ||
warnings: | ||
- "<details>\n <summary><b>SCS Compliance results</b></summary>\n{{ scs_compliance_results_parsed }}\n</details>" | ||
when: scs_compliance_results_parsed is defined and scs_compliance_results_parsed | length > 0 | ||
ignore_errors: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
--- | ||
- name: Execute sonobouy check mode {{ sonobouy.mode }} | ||
block: | ||
- name: Execute sonobouy | ||
ansible.builtin.command: "make check-{{ sonobouy.mode }}" | ||
register: sonobouy_results | ||
args: | ||
chdir: "{{ project_tf_dir }}" | ||
changed_when: true | ||
always: | ||
- name: Parse sonobouy results # noqa: ignore-errors | ||
ansible.builtin.set_fact: | ||
sonobouy_results_parsed: "{{ sonobouy_results.stdout | regex_search('=== Collecting results ===[\\S\\s]*') }}" | ||
when: sonobouy_results is defined | ||
ignore_errors: true | ||
- name: Insert sonobouy results to the warning message that will be appended to the comment zuul leaves on the PR # noqa: ignore-errors | ||
zuul_return: | ||
data: | ||
zuul: | ||
warnings: | ||
- "<details>\n <summary><b>Sonobouy results</b></summary>\n{{ sonobouy_results_parsed }}\n</details>" | ||
when: sonobouy_results_parsed is defined and sonobouy_results_parsed | length > 0 | ||
ignore_errors: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters