Merge pull request #582 from gmarcy/gitlab-ci

Gitlab CI updates

.gitlab-ci.yml

@@ -25,3 +25,13 @@ run-multinode:
   only:
     variables:
       - $CLUSTER_TYPE == "multinode"
+
+merge-request:
+  stage: test
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+  tags:
+    - kubeinit-merge-request
+  script:
+    - echo "bash -x ./ci/gitlab_merge_request.sh"
+    - bash -x ./ci/gitlab_merge_request.sh

Dockerfile

@@ -14,9 +14,10 @@ RUN set -x && \
     \
     echo "==> Setting up ssh options..."  && \
     mkdir /root/.ssh && \
+    chmod 0700 /root/.ssh && \
     echo "Host *" >> /root/.ssh/config && \
-    echo "  StrictHostKeyChecking no" >> /root/.ssh/config && \
-    echo "  IdentityFile /root/.ssh/id_rsa" >> /root/.ssh/config && \
+    echo "  UserKnownHostsFile=/dev/null" >> /root/.ssh/config && \
+    echo "  StrictHostKeyChecking accept-new" >> /root/.ssh/config && \
     \
     echo "==> Adding Python runtime and deps..." && \
     python3 -m pip install --upgrade --ignore-installed PyYAML && \

ci/ansible/group_vars/all.yml

@@ -0,0 +1,11 @@
+---
+# Docker hub login variables
+kubeinit_common_docker_username: "{{ lookup('env','KUBEINIT_COMMON_DOCKER_USERNAME') | default ('') }}"
+kubeinit_common_docker_password: "{{ lookup('env','KUBEINIT_COMMON_DOCKER_PASSWORD') | default ('') }}"
+
+kubeinit_common_dns_public: "{{ lookup('env','KUBEINIT_COMMON_DNS_PUBLIC') or '1.1.1.1' }}"
+
+kubeinit_common_ssh_keytype: "{{ lookup('env','KUBEINIT_COMMON_SSH_KEYTYPE') or 'rsa' }}"
+
+kubeinit_common_gitlab_runner_registration_token: "{{ lookup('env','KUBEINIT_COMMON_GITLAB_RUNNER_REGISTRATION_TOKEN') | default ('') }}"
+kubeinit_common_gitlab_runner_access_token: "{{ lookup('env','KUBEINIT_COMMON_GITLAB_RUNNER_ACCESS_TOKEN') | default ('') }}"

ci/ansible/inventory

@@ -0,0 +1,48 @@
+#
+# Common variables for the inventory
+#
+
+[all:vars]
+
+#
+# Internal variables
+#
+
+ansible_python_interpreter=/usr/bin/python3
+ansible_ssh_pipelining=True
+ansible_ssh_common_args='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=accept-new'
+
+#
+# Inventory variables
+#
+
+kubeinit_inventory_ci_gitlab_name=homelab
+kubeinit_inventory_ci_gitlab_url=http://192.168.222.222:7080
+
+kubeinit_inventory_remote_user=root
+kubeinit_inventory_ci_domain=kubeinit.local
+
+#
+# Hypervisor host definitions
+#
+
+[hypervisor_hosts]
+nyctea ansible_host=192.168.222.201
+tyto ansible_host=192.168.222.202
+strix ansible_host=192.168.222.203
+otus ansible_host=192.168.222.204
+
+#
+# CI host definition
+#
+
+# This inventory will have one host identified as the ci host. By default, this function will
+# be assumed by the first hypervisor host, which is the same behavior as the first commented
+# out line. The second commented out line would set the second hypervisor to be the ci host.
+# The final commented out line would set the ci host to be a different host that is not being
+# used as a hypervisor in this inventory.
+
+[ci_host]
+# kubeinit-ci target=nyctea
+# kubeinit-ci target=tyto
+# kubeinit-ci ansible_host=192.168.222.214

ci/ansible/playbook.yml

@@ -0,0 +1,65 @@
+---
+# Copyright kubeinit contributors
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Setup KubeInit CI environment
+  hosts: localhost
+  become: false
+  remote_user: root
+  gather_subset: "!all,network"
+  pre_tasks:
+    - name: Check if Ansible meets version requirements.
+      tags: task_gather_facts
+      vars:
+        kubeinit_ansible_min_version: 2.9
+      ansible.builtin.assert:
+        that: "ansible_version.full is version_compare('{{ kubeinit_ansible_min_version }}', '>=')"
+        msg: >
+          "You must update Ansible to at least {{ kubeinit_ansible_min_version }} to use KubeInit."
+  tasks:
+    - name: Gather facts about the deployment environment
+      tags: task_gather_facts
+      block:
+        - name: task-gather-facts
+          ansible.builtin.include_role:
+            name: "kubeinit_ci"
+            tasks_from: gather_ci_facts.yml
+            public: true
+
+    - name: Prepare the environment
+      tags: task_prepare_environment
+      block:
+        - name: task-prepare-environment
+          ansible.builtin.include_role:
+            name: "kubeinit_ci"
+            tasks_from: prepare_environment.yml
+            public: true
+
+    - name: Cleanup any remnants of previous CI deployments
+      tags: task_cleanup_deployment
+      block:
+        - name: task-cleanup-deployment
+          ansible.builtin.include_role:
+            name: "kubeinit_ci"
+            tasks_from: cleanup_deployment.yml
+            public: true
+
+    - name: Deploy the CI
+      tags: task_deploy_ci
+      block:
+        - name: task-deploy-ci
+          ansible.builtin.include_role:
+            name: "kubeinit_ci"
+            public: true

ci/ansible/roles/kubeinit_ci/tasks/cleanup_deployment.yml

@@ -0,0 +1,206 @@
+---
+# Copyright kubeinit contributors
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- block:
+    - name: Prepare environment if needed
+      ansible.builtin.include_tasks: prepare_environment.yml
+      vars:
+        environment_prepared: "{{ kubeinit_facts_name is defined }}"
+      when: not environment_prepared
+
+    - block:
+        - name: "Stop before 'task-cleanup-deployment' when requested"
+          ansible.builtin.add_host: name="{{ kubeinit_facts_name }}" playbook_terminated=true
+        - name: End play
+          ansible.builtin.meta: end_play
+      when: kubeinit_stop_before_task is defined and kubeinit_stop_before_task == 'task-cleanup-deployment'
+  tags: omit_from_grapher
+
+#
+# Cleanup all resources left over from previous CI deployment
+#
+
+- name: Get list of existing remote system connection definitions
+  ansible.builtin.shell: |
+    set -eo pipefail
+    podman --remote system connection list | sed -e 1d -e 's/[* ].*//'
+  args:
+    executable: /bin/bash
+  register: _result_connections
+  changed_when: "_result_connections.rc == 0"
+
+# - name: Remove any existing remote system connection definition for ci host
+#   ansible.builtin.command: |
+#     podman --remote system connection remove {{ item }}
+#   loop: "{{ _result_connections.stdout_lines | list }}"
+#   register: _result
+#   changed_when: "_result.rc == 0"
+
+# - name: Reset local ssh keys
+#   ansible.builtin.known_hosts:
+#     name: "{{ item[1] }}"
+#     state: absent
+#   loop: "{{ kubeinit_facts_hostvars.node_aliases }}"
+
+# - name: Reset ssh keys in hypervisors
+#   ansible.builtin.known_hosts:
+#     name: "{{ node_alias }}"
+#     state: absent
+#   loop: "{{ groups['all_hosts'] | product(kubeinit_facts_hostvars.node_aliases | flatten | unique) }}"
+#   vars:
+#     kubeinit_deployment_node_name: "{{ item[0] }}"
+#     node_alias: "{{ item[1] }}"
+#   delegate_to: "{{ kubeinit_ci_host_name }}"
+
+- name: Find any CI pods from previous deployments
+  containers.podman.podman_pod_info:
+  register: _result_podinfo
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Set facts about those pods
+  ansible.builtin.set_fact:
+    orphaned_pod: "{{ pod }}"
+  loop: "{{ _result_podinfo.pods | default([]) }}"
+  loop_control:
+    loop_var: pod
+  when: pod.Name == kubeinit_ci_pod_name
+
+- name: Get container info from orphaned CI pod infra container
+  containers.podman.podman_container_info:
+    name: "{{ orphaned_pod.InfraContainerID }}"
+  register: _result_containerinfo
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: orphaned_pod is defined
+
+- name: Set facts about container netns
+  ansible.builtin.set_fact:
+    sandbox_key: "{{ _result_containerinfo.containers[0].NetworkSettings.SandboxKey | basename }}"
+  when: orphaned_pod is defined
+
+- name: Find any CI pod networks from previous deployments
+  containers.podman.podman_network_info:
+  register: _result_netinfo
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Set facts about those networks
+  ansible.builtin.set_fact:
+    orphaned_network: "{{ network }}"
+  loop: "{{ _result_netinfo.networks | default([]) }}"
+  loop_control:
+    loop_var: network
+  when: network.name == kubeinit_ci_bridge_name
+
+- name: Run gitlab-runner unregister in runner container
+  ansible.builtin.shell: |
+    set -eo pipefail
+    podman --remote exec kubeinit-merge-request-runner gitlab-runner unregister --all-runners || true
+  args:
+    executable: /bin/bash
+  register: _result_connections
+  changed_when: "_result_connections.rc == 0"
+  when: orphaned_pod is defined
+
+- name: Stop and disable user services
+  ansible.builtin.service:
+    name: "{{ service_name }}"
+    scope: user
+    state: stopped
+    enabled: false
+  register: _result_stop_service
+  failed_when: _result_stop_service is not defined
+  loop: ["kubeinit-merge-request-runner", "kubeinit-ara-output", "kubeinit-ara-api"]
+  loop_control:
+    loop_var: service_name
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+
+- name: Remove previous CI podman pod
+  containers.podman.podman_pod:
+    name: "{{ kubeinit_ci_pod_name }}"
+    state: absent
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Remove any previous kubeinit CI podman network
+  containers.podman.podman_network:
+    name: "{{ kubeinit_ci_bridge_name }}"
+    state: absent
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Remove netns for CI pods
+  community.general.ip_netns:
+    name: "{{ sandbox_key }}"
+    state: absent
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: sandbox_key is defined
+
+- name: Find any podman volumes from previous deployments
+  containers.podman.podman_volume_info:
+  register: _result_volinfo
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Remove any previous kubeinit podman volumes
+  containers.podman.podman_volume:
+    name: "{{ volume_name }}"
+    state: absent
+  loop: ["kubeinit-ara-config", "kubeinit-ara-output", "kubeinit-merge-request-runner-config", "kubeinit-runner-builds"]
+  loop_control:
+    loop_var: volume_name
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Remove any previous kubeinit buildah containers
+  ansible.builtin.shell: |
+    set -eo pipefail
+    buildah rm --all || true
+  args:
+    executable: /bin/bash
+  register: _result
+  changed_when: "_result.rc == 0"
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- name: Prune container images created for the CI
+  ansible.builtin.shell: |
+    set -eo pipefail
+    podman image prune --filter label=kubeinit-ci-host-name={{ kubeinit_ci_host_name }} --all --force || true
+  args:
+    executable: /bin/bash
+  register: _result
+  changed_when: "_result.rc == 0"
+  delegate_to: "{{ kubeinit_ci_host_name }}"
+  when: hostvars[kubeinit_ci_host_name].podman_is_installed is defined and hostvars[kubeinit_ci_host_name].podman_is_installed
+
+- block:
+    - name: Add task-cleanup-deployment to tasks_completed
+      ansible.builtin.add_host:
+        name: "{{ kubeinit_facts_name }}"
+        tasks_completed: "{{ kubeinit_facts_hostvars.tasks_completed | union(['task-cleanup-deployment']) }}"
+
+    - name: Update kubeinit_facts_hostvars
+      ansible.builtin.set_fact:
+        kubeinit_facts_hostvars: "{{ hostvars[kubeinit_facts_name] }}"
+
+    - block:
+        - name: Stop after 'task-cleanup-deployment' when requested
+          ansible.builtin.add_host: name="{{ kubeinit_facts_name }}" playbook_terminated=true
+        - name: End play
+          ansible.builtin.meta: end_play
+      when: kubeinit_stop_after_task is defined and kubeinit_stop_after_task in kubeinit_facts_hostvars.tasks_completed
+  tags: omit_from_grapher