check_uc_hostname

About the role

Ansible role to check DockerInsecureRegistryAddress matches the UC hostname.

The purpose of this validation is mostly target for the FFWD 13 to 16.X procedure.

Customer is expected to follow the step 9.3. Configuring access to the undercloud registry

The customer needs to retrieve the control plane host name on the undercloud and add it into the DockerInsecureRegistryAddress.

It might happen that the user misses this step or doesn’t really add the right control plan host name and then podman fails to retrieve the containers.

To summarize what customer is expected to do:

  • Run sudo hiera container_image_prepare_node_names to get host name(s)

  • Edit the containers-prepare-parameter.yaml file and the DockerInsecureRegistryAddress parameter with host name and IP of the undercloud.

This validation will:

  • Pull DockerInsecureRegistryAddress (list) from the Openstack environment

  • Run sudo hiera container_image_prepare_node_names

  • Verify the container_image_prepare_node_names returned from hiera is contained in the DockerInsecureRegistryAddress list.

Requirements

This role will be executed pre Overcloud Update.

Dependencies

No Dependencies

Example Playbook

- hosts: servers
  vars:
    check_uc_hostname_debug: true
  roles:
    - check_uc_hostname

License

Apache

Author Information

Red Hat TripleO DFG:Upgrades

Full Description

Role Documentation

Welcome to the “check_uc_hostname” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “check_uc_hostname” role.

check_uc_hostname_debug: false
check_uc_hostname_inventory_host: undercloud

Molecule Scenarios

Molecule is being used to test the “check_uc_hostname” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default
Example default configuration
provisioner:
  env:
    ANSIBLE_LIBRARY: ${ANSIBLE_LIBRARY:-/usr/share/ansible/plugins/modules}
    ANSIBLE_ROLES_PATH: ${ANSIBLE_ROLES_PATH}:${HOME}/zuul-jobs/roles
    ANSIBLE_STDOUT_CALLBACK: yaml
  inventory:
    hosts:
      all:
        hosts:
          centos:
            ansible_python_interpreter: /usr/bin/python3
        vars:
          plan: qe-Cloud-0
          plans:
          - qe-Cloud-0
  log: true
  name: ansible
  options:
    vvv: true
Molecule Inventory
hosts:
  all:
    hosts:
      centos:
        ansible_python_interpreter: /usr/bin/python3
    vars:
      plan: qe-Cloud-0
      plans:
      - qe-Cloud-0
Example default playbook
- hosts: all
  name: Converge
  tasks:
  - copy:
      content: '#!/bin/bash

        echo "{"

        echo "  \"parameters\": {},"

        echo "  \"parameter_defaults\": {"

        echo "    \"DockerInsecureRegistryAddress\": ["

        echo "      \"undercloud-0.ctlplane.redhat.local:8787\""

        echo "    ]"

        echo "  }"

        echo "}"

        '
      dest: /usr/bin/openstack
      mode: 493
    name: Working 1 - openstack one entry in list
  - copy:
      content: '#!/bin/bash

        echo [\"undercloud-0.ctlplane.redhat.local\"]

        exit 0

        '
      dest: /usr/bin/hiera
      mode: 493
    name: Working 1 - hiera one entry in list
  - include_role:
      name: check_uc_hostname
    name: Test Working 1
    vars:
      check_uc_hostname_inventory_host: centos
  - copy:
      content: '#!/bin/bash

        echo "{"

        echo "  \"parameters\": {},"

        echo "  \"parameter_defaults\": {"

        echo "    \"DockerInsecureRegistryAddress\": ["

        echo "      \"undercloud-0.ctlplane.redhat.local:8787\","

        echo "      \"undercloud-1.ctlplane.redhat.local:8787\","

        echo "      \"undercloud-2.ctlplane.redhat.local:8787\""

        echo "    ]"

        echo "  }"

        echo "}"

        '
      dest: /usr/bin/openstack
      mode: 493
    name: Working 2 - openstack multiple entry in list
  - copy:
      content: '#!/bin/bash

        echo "["

        echo "  \"undercloud-0.ctlplane.redhat.local\","

        echo "  \"undercloud-1.ctlplane.redhat.local\","

        echo "  \"undercloud-2.ctlplane.redhat.local\""

        echo "]"

        exit 0

        '
      dest: /usr/bin/hiera
      mode: 493
    name: Working 2 - hiera multiple entry in list
  - include_role:
      name: check_uc_hostname
    name: Test Working 2
    vars:
      check_uc_hostname_inventory_host: centos
  - copy:
      content: '#!/bin/bash

        echo "{"

        echo "  \"parameters\": {},"

        echo "  \"parameter_defaults\": {"

        echo "    \"DockerInsecureRegistryAddress\": ["

        echo "      \"undercloud-0.ctlplane.redhat.local:8787\","

        echo "      \"redhat.registry.io:8787\","

        echo "      \"mysuper-registry.io\","

        echo "    ]"

        echo "  }"

        echo "}"

        '
      dest: /usr/bin/openstack
      mode: 493
    name: Working 3 - openstack multiple entry in list
  - copy:
      content: '#!/bin/bash

        echo "["

        echo "  \"undercloud-0.ctlplane.redhat.local\","

        echo "]"

        exit 0

        '
      dest: /usr/bin/hiera
      mode: 493
    name: Working 3 - hiera single entry in list
  - include_role:
      name: check_uc_hostname
    name: Test Working 3
    vars:
      check_uc_hostname_inventory_host: centos
  - copy:
      content: '#!/bin/bash

        echo "{"

        echo "  \"parameters\": {},"

        echo "  \"parameter_defaults\": {"

        echo "    \"DockerInsecureRegistryAddress\": ["

        echo "      \"BROKENCLOUD-0.ctlplane.redhat.local:8787\","

        echo "      \"redhat.registry.io:8787\","

        echo "      \"mysuper-registry.io\","

        echo "    ]"

        echo "  }"

        echo "}"

        '
      dest: /usr/bin/openstack
      mode: 493
    name: Working 4 - openstack multiple entry in list
  - copy:
      content: '#!/bin/bash

        echo "[]"

        exit 0

        '
      dest: /usr/bin/hiera
      mode: 493
    name: Working 4 - we do not fail if hiera returns empty list
  - include_role:
      name: check_uc_hostname
    name: Test Working 4
    vars:
      check_uc_hostname_inventory_host: centos
  - copy:
      content: '#!/bin/bash

        echo "{"

        echo "  \"parameters\": {},"

        echo "  \"parameter_defaults\": {"

        echo "  }"

        echo "}"

        '
      dest: /usr/bin/openstack
      mode: 493
    name: Failing 1 - we fail if DockerInsecureRegistryAddress is not found
  - copy:
      content: '#!/bin/bash

        exit 0

        '
      dest: /usr/bin/hiera
      mode: 493
    name: Failing 1 - hiera no entry found
  - block:
    - include_role:
        name: check_uc_hostname
      vars:
        check_uc_hostname_inventory_host: centos
    name: Failing 1
    rescue:
    - meta: clear_host_errors
      name: Clear host errors
    - debug:
        msg: The validation Case Failing 1 works! Continuing playbook run...
  - copy:
      content: '#!/bin/bash

        echo "{"

        echo "  \"parameters\": {},"

        echo "  \"parameter_defaults\": {"

        echo "    \"DockerInsecureRegistryAddress\": ["

        echo "      \"BROKENCLOUD-0.ctlplane.redhat.local:8787\","

        echo "      \"redhat.registry.io:8787\","

        echo "      \"mysuper-registry.io\","

        echo "    ]"

        echo "  }"

        echo "}"

        '
      dest: /usr/bin/openstack
      mode: 493
    name: Failing 2 - openstack multiple entry in list
  - copy:
      content: '#!/bin/bash

        echo "["

        echo "  \"undercloud-0.ctlplane.redhat.local\","

        echo "]"

        exit 0

        '
      dest: /usr/bin/hiera
      mode: 493
    name: Failing 2 - hiera single entry in list
  - block:
    - include_role:
        name: check_uc_hostname
      vars:
        check_uc_hostname_inventory_host: centos
    name: Failing 2
    rescue:
    - meta: clear_host_errors
      name: Clear host errors
    - debug:
        msg: The validation Case Failing 2 works! Ending playbook run
    - meta: end_play
      name: End play
  - fail:
      msg: 'The check-uc-hostname validation failed to check that the hostnames

        did not match.

        '
    name: Fail the test