zuul: add manager-less deployment

Signed-off-by: Christian Berendt <[email protected]>

.zuul.yaml

@@ -1,5 +1,5 @@
 ---
-# Betacloud
+# Regiocloud
 - nodeset:
     name: testbed-orchestrator
     nodes:
@@ -27,6 +27,16 @@
       - name: orchestrator
         label: testbed-orchestrator-wavecon
 
+- job:
+    name: testbed-deploy-managerless
+    parent: base-extra-logs
+    nodeset: ubuntu-jammy-large
+    pre-run: playbooks/managerless/pre.yml
+    run: playbooks/managerless/deploy.yml
+    post-run: playbooks/managerless/post.yml
+    cleanup-run: playbooks/managerless/cleanup.yml
+    timeout: 10800
+
 - job:
     name: testbed-deploy
     parent: base-extra-logs
@@ -148,13 +158,14 @@
         - ansible-lint
         - yamllint
         - flake8
-        - testbed-deploy
-        - testbed-deploy-ceph
-        - testbed-deploy-stable
-        - testbed-update-stable
-        - testbed-upgrade
-        - testbed-upgrade-ceph
-        - testbed-upgrade-stable
+        - testbed-deploy-managerless
+        # - testbed-deploy
+        # - testbed-deploy-ceph
+        # - testbed-deploy-stable
+        # - testbed-update-stable
+        # - testbed-upgrade
+        # - testbed-upgrade-ceph
+        # - testbed-upgrade-stable
     gate:
       jobs:
         - ansible-lint

playbooks/managerless/cleanup.yml

@@ -0,0 +1,15 @@
+---
+- name: Cleanup play
+  hosts: all
+
+  vars:
+    cloud_env: managerless
+
+    terraform_path: "{{ zuul.project.src_dir }}/terraform"
+
+  tasks:
+    - name: Make clean
+      ansible.builtin.shell:
+        chdir: "{{ terraform_path }}"
+        cmd: make ENVIRONMENT={{ cloud_env }} clean 2>&1
+      changed_when: true

playbooks/managerless/deploy.yml

@@ -0,0 +1,70 @@
+---
+- name: Create infrastructure
+  hosts: all
+
+  vars:
+    cloud_env: managerless
+
+    terraform_path: "{{ zuul.project.src_dir }}/terraform"
+
+    node_0_address_file: "{{ terraform_path }}/.NODE_0_ADDRESS.{{ cloud_env }}"
+    node_1_address_file: "{{ terraform_path }}/.NODE_1_ADDRESS.{{ cloud_env }}"
+    node_2_address_file: "{{ terraform_path }}/.NODE_2_ADDRESS.{{ cloud_env }}"
+
+  tasks:
+    - name: Create infrastructure
+      ansible.builtin.command:
+        chdir: "{{ terraform_path }}"
+        cmd: make ENVIRONMENT={{ cloud_env }} create
+      changed_when: true
+
+    - name: Fetch node_0_host address
+      ansible.builtin.command: cat "{{ node_0_address_file }}"
+      register: node_0_address
+      changed_when: true
+
+    - name: Fetch node_1_host address
+      ansible.builtin.command: cat "{{ node_1_address_file }}"
+      register: node_1_address
+      changed_when: true
+
+    - name: Fetch node_2_host address
+      ansible.builtin.command: cat "{{ node_2_address_file }}"
+      register: node_2_address
+      changed_when: true
+
+    - name: Set node_0_host address
+      ansible.builtin.set_fact:
+        node_0_host: "{{ node_0_address.stdout | split('=') | last }}"
+
+    - name: Set node_1_host address
+      ansible.builtin.set_fact:
+        node_1_host: "{{ node_1_address.stdout | split('=') | last }}"
+
+    - name: Set node_2_host address
+      ansible.builtin.set_fact:
+        node_2_host: "{{ node_2_address.stdout | split('=') | last }}"
+
+    - name: Fetch ssh hostkeys
+      ansible.builtin.shell: "ssh-keyscan {{ item }} >> {{ ansible_user_dir }}/.ssh/known_hosts"
+      changed_when: true
+      loop:
+        - "{{ node_0_host }}"
+        - "{{ node_1_host }}"
+        - "{{ node_2_host }}"
+
+    - name: Get ssh keypair from terraform environment
+      ansible.builtin.shell:
+        chdir: "{{ zuul.project.src_dir }}/ansible"
+        cmd: cp {{ terraform_path }}/.id* .
+      changed_when: true
+
+- name: Prepare deployment
+  hosts: all
+
+  tasks:
+    - name: Copy local-deploy play
+      ansible.builtin.copy:
+        src: local-deploy.yml
+        dest: /home/zuul/local-deploy.yml
+        mode: 0644

playbooks/managerless/files/local-deploy.yml

@@ -0,0 +1,18 @@
+---
+- name: Create operator user
+  hosts: all
+
+  roles:
+    - osism.commons.operator
+
+- name: Deploy manager service
+  hosts: all
+
+  vars:
+    # The parameterisation comes later from a central place.
+    version_ceph: quincy
+    version_manager: latest
+    version_openstack: zed
+
+  roles:
+    - osism.services.manager

playbooks/managerless/post.yml

@@ -0,0 +1,9 @@
+---
+- name: Post output play
+  hosts: all
+
+  vars:
+    stage_dir: "{{ ansible_user_dir }}/zuul-output"
+
+  roles:
+    - stage-output

playbooks/managerless/pre.yml

@@ -0,0 +1,82 @@
+---
+- name: Pre play
+  hosts: all
+
+  vars:
+    cloud_env: managerless
+    terraform_path: "{{ zuul.project.src_dir }}/terraform"
+    terraform_version: "1.5.4"
+
+  tasks:
+    - name: Install python
+      ansible.builtin.include_role:
+        name: "{{ item }}"
+      loop:
+        - ensure-python
+        - ensure-pip
+
+    - name: Install docker
+      ansible.builtin.include_role:
+        name: ensure-docker
+
+    - name: Install required packages
+      become: true
+      ansible.builtin.package:
+        name: "{{ item }}"
+      loop:
+        - ansible
+        - unzip
+        - docker-compose-plugin
+
+    - name: Install terraform
+      ansible.builtin.include_role:
+        name: ensure-terraform
+
+    - name: Copy terraform binary
+      become: true
+      ansible.builtin.copy:
+        src: "{{ ansible_user_dir }}/.local/bin/terraform"
+        dest: "/usr/bin/terraform"
+        mode: 0755
+        remote_src: true
+
+    - name: Install python requirements
+      become: true
+      ansible.builtin.pip:
+        name: "{{ item }}"
+      loop:
+        - openstacksdk
+
+    - name: Install ansible collections
+      ansible.builtin.command: |
+        ansible-galaxy collection install {{ item }}
+      loop:
+        - osism.commons
+        - osism.services
+      changed_when: true
+
+    # NOTE: In future, an app credential valid for only a few minutes will
+    #       be generated in advance and made available on a share. The URL
+    #       to the share itself is also generated in advance, but is valid
+    #       indefinitely. The URL itself comes from a central vault service.
+    #       share.regio.digital will also be replaced by the Vault service.
+    - name: Get clouds.yaml file  # noqa command-instead-of-module
+      ansible.builtin.shell: |
+        curl -L https://share.regio.digital/f/1335857e9317474094ca/?dl=1 > {{ terraform_path }}/clouds.yaml
+      no_log: true
+      changed_when: true
+
+    - name: Clean the cloud environment
+      ansible.builtin.shell:
+        cmd: |
+          OS_CLOUD={{ cloud_env }} python3 scripts/cleanup.py
+        chdir: "{{ terraform_path }}"
+      failed_when: false
+      changed_when: true
+
+    - name: Remove manager.tf file
+      ansible.builtin.file:
+        path: "{{ terraform_path }}/manager.tf"
+        state: absent
+
+    # TODO: enable terraform state backend

terraform/customisations/access_floatingip_nodes_custom.tf

@@ -0,0 +1,42 @@
+output "node_0_address" {
+  value     = openstack_networking_floatingip_v2.node_floating_ip[0].address
+  sensitive = true
+}
+
+output "node_1_address" {
+  value     = openstack_networking_floatingip_v2.node_floating_ip[1].address
+  sensitive = true
+}
+
+output "node_2_address" {
+  value     = openstack_networking_floatingip_v2.node_floating_ip[2].address
+  sensitive = true
+}
+
+resource "local_file" "NODE_0_ADDRESS" {
+  filename        = ".NODE_0_ADDRESS.${var.cloud_provider}"
+  file_permission = "0644"
+  content         = "NODE_0_ADDRESS=${openstack_networking_floatingip_v2.node_floating_ip[0].address}\n"
+}
+
+resource "local_file" "NODE_1_ADDRESS" {
+  filename        = ".NODE_1_ADDRESS.${var.cloud_provider}"
+  file_permission = "0644"
+  content         = "NODE_1_ADDRESS=${openstack_networking_floatingip_v2.node_floating_ip[1].address}\n"
+}
+
+resource "local_file" "NODE_2_ADDRESS" {
+  filename        = ".NODE_2_ADDRESS.${var.cloud_provider}"
+  file_permission = "0644"
+  content         = "NODE_2_ADDRESS=${openstack_networking_floatingip_v2.node_floating_ip[2].address}\n"
+}
+
+resource "local_file" "inventory" {
+  filename        = "inventory.${var.cloud_provider}"
+  file_permission = "0644"
+  content         = <<-EOT
+testbed-node-0.testbed.osism.xyz ansible_host=${openstack_networking_floatingip_v2.node_floating_ip[0].address} ansible_user=ubuntu
+testbed-node-1.testbed.osism.xyz ansible_host=${openstack_networking_floatingip_v2.node_floating_ip[1].address} ansible_user=ubuntu
+testbed-node-2.testbed.osism.xyz ansible_host=${openstack_networking_floatingip_v2.node_floating_ip[2].address} ansible_user=ubuntu
+EOT
+}

terraform/customisations/neutron_floatingip_nodes_custom.tf

@@ -0,0 +1,21 @@
+resource "openstack_networking_floatingip_v2" "node_floating_ip" {
+  count      = var.number_of_nodes
+  pool       = var.public
+  depends_on = [openstack_networking_router_interface_v2.router_interface]
+}
+
+resource "openstack_networking_floatingip_associate_v2" "node_floating_ip_association" {
+  count       = var.number_of_nodes
+  floating_ip = openstack_networking_floatingip_v2.node_floating_ip[count.index].address
+  port_id     = openstack_networking_port_v2.node_port_management[count.index].id
+}
+
+resource "openstack_networking_router_v2" "router" {
+  name                = var.prefix
+  external_network_id = data.openstack_networking_network_v2.public.id
+}
+
+resource "openstack_networking_router_interface_v2" "router_interface" {
+  router_id = openstack_networking_router_v2.router.id
+  subnet_id = openstack_networking_subnet_v2.subnet_management.id
+}

terraform/environments/managerless.tfvars

@@ -0,0 +1,12 @@
+# customisation:access_floatingip_nodes
+# customisation:default
+# customisation:neutron_floatingip_nodes
+# override:neutron_availability_zone_hints_network
+# override:neutron_availability_zone_hints_router
+# override:nodes_boot_from_image
+flavor_node               = "SCS-8V-32-100s"
+image_node                = "Ubuntu 22.04"
+public                    = "public"
+availability_zone         = "nova"
+volume_availability_zone  = "nova"
+network_availability_zone = "nova"