openstack/openstack-zuul-jobs
Code Issues Proposed changes

Merge "Migrate ansible-hardening to zuulv3"

Browse Source
This commit is contained in:
Zuul 2017-10-10 14:52:36 +00:00 committed by Gerrit Code Review
commit c08a19fb8d
9 changed files with 0 additions and 558 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
playbooks/legacy/ansible-hardening-announce-release/post.yaml
View File

@ -1,67 +0,0 @@
- hosts: primary
tasks:
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=**/*nose_results.html
- --include=*/
- --exclude=*
- --prune-empty-dirs
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=**/*testr_results.html.gz
- --include=*/
- --exclude=*
- --prune-empty-dirs
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=/.testrepository/tmp*
- --include=*/
- --exclude=*
- --prune-empty-dirs
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=**/*testrepository.subunit.gz
- --include=*/
- --exclude=*
- --prune-empty-dirs
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}/tox'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=/.tox/*/log/*
- --include=*/
- --exclude=*
- --prune-empty-dirs

106
playbooks/legacy/ansible-hardening-announce-release/run.yaml
View File

@ -1,106 +0,0 @@
- hosts: all
name: Autoconverted job legacy-ansible-hardening-announce-release from old job ansible-hardening-announce-release
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
function cleanup {
# In cases where zuul-cloner is aborted during a git
# clone operation, git will remove the git work tree in
# its cleanup. The work tree in these jobs is the
# workspace directory, which means that subsequent
# jenkins post-build actions can not run because the
# workspace has been removed.
# To reduce the likelihood of this having an impact,
# recreate the workspace directory if needed
mkdir -p $WORKSPACE
rm -f $CLONEMAP
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: $ZUUL_PROJECT
dest: .
EOF
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org $ZUUL_PROJECT
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
TOOLS_TMP=$HOME/release-tools
mkdir -p $TOOLS_TMP
# Report on the ZUUL settings.
env | grep '^ZUUL_'
# Check out the release-tools, ignoring any other ZUUL
# variables that might confuse the cloner and cause it to
# try to check out anything like the commit that was just
# tagged or to look for a branch (we always want the master
# version of the tools).
for v in $(env | grep '^ZUUL_' | cut -f1 -d=); do
unset $v
done
/usr/zuul-env/bin/zuul-cloner \
--cache-dir /opt/git \
--workspace $TOOLS_TMP \
git://git.openstack.org \
openstack-infra/release-tools
TOOLS_DIR=$TOOLS_TMP/openstack-infra/release-tools
# Install the distro packages needed by the release
# tools. These will not necessarily be included in the set
# installed by the builder step above, so we have to do it
# explicitly by changing to the tools directory and then
# running the same script.
(cd $TOOLS_DIR &&
/usr/local/jenkins/slave_scripts/install-distro-packages.sh)
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
sudo rm -f /etc/sudoers.d/zuul
# Prove that general sudo access is actually revoked
! sudo -n true
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
TOOLS_TMP=$HOME/release-tools
TOOLS_DIR=$TOOLS_TMP/openstack-infra/release-tools
# Save the version that was just tagged by parsing
# ref/tags/VALUE to get VALUE.
VERSION=$(echo $ZUUL_REF | cut -f3 -d/)
# Run the announce script.
$TOOLS_DIR/announce.sh $WORKSPACE $VERSION
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'

15
playbooks/legacy/ansible-hardening-ansible-func-debian-jessie/post.yaml
View File

@ -1,15 +0,0 @@
- hosts: primary
tasks:
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=/logs/**
- --include=*/
- --exclude=*
- --prune-empty-dirs

101
playbooks/legacy/ansible-hardening-ansible-func-debian-jessie/run.yaml
View File

@ -1,101 +0,0 @@
- hosts: all
name: Autoconverted job legacy-ansible-hardening-ansible-func-debian-jessie from
old job gate-ansible-hardening-ansible-func-debian-jessie
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
REQS_DIR=`mktemp -d`
function cleanup {
mkdir -p $WORKSPACE
rm -rf $CLONEMAP $REQS_DIR
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: 'openstack/$ZUUL_SHORT_PROJECT_NAME'
dest: .
EOF
# zuul cloner works poorly if there are 2 names that are the
# same in here.
if [[ "openstack/$ZUUL_SHORT_PROJECT_NAME" != "openstack/requirements" ]]; then
cat >> $CLONEMAP << EOF
- name: openstack/requirements
dest: $REQS_DIR
EOF
fi
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org openstack/$ZUUL_SHORT_PROJECT_NAME openstack/requirements
# REQS_DIR is not set for openstack/requirements and there is also
# no need to copy in this case.
if [[ "openstack/$ZUUL_SHORT_PROJECT_NAME" != "openstack/requirements" ]]; then
cp $REQS_DIR/upper-constraints.txt ./
fi
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# NOTE(mhayden): The CentOS CI image has many repositories enabled by
# default that can cause package conflicts. We must disable all of
# them here and only enable base, updates, and epel.
# We also do not want to run this on Fedora.
if [[ -x /usr/bin/yum-config-manager ]] && [[ -e /etc/centos-release ]]; then
sudo yum-config-manager --disable \* >/dev/null
sudo yum-config-manager --enable base >/dev/null
sudo yum-config-manager --enable epel >/dev/null
sudo yum-config-manager --enable updates >/dev/null
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# NOTE(mhayden): EPEL is no longer required after installing distro
# packages with bindep. Individual roles may re-enable EPEL if they
# need it for their package installation tasks.
# We also do not want to run this on Fedora.
if [[ -x /usr/bin/yum-config-manager ]] && [[ -e /etc/centos-release ]]; then
sudo yum-config-manager --disable epel >/dev/null
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# Allow Jenkins user to ssh into localhost
ssh-keygen -f ~/.ssh/id_rsa -N ""
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh-keyscan localhost >> ~/.ssh/known_hosts
ssh-keyscan 127.0.0.1 >> ~/.ssh/known_hosts
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# Many of the Ansible roles have a tox environment
# called 'functional', so we implement a mapping
# of the scenario 'func' to 'functional' so reduce
# the need for code churn in those repositories
# immediately.
if [ "func" == "func" ]; then
/usr/local/jenkins/slave_scripts/run-tox.sh functional
else
/usr/local/jenkins/slave_scripts/run-tox.sh func
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'

15
playbooks/legacy/ansible-hardening-ansible-func-fedora-26/post.yaml
View File

@ -1,15 +0,0 @@
- hosts: primary
tasks:
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=/logs/**
- --include=*/
- --exclude=*
- --prune-empty-dirs

101
playbooks/legacy/ansible-hardening-ansible-func-fedora-26/run.yaml
View File

@ -1,101 +0,0 @@
- hosts: all
name: Autoconverted job legacy-ansible-hardening-ansible-func-fedora-26 from old
job gate-ansible-hardening-ansible-func-fedora-26
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
REQS_DIR=`mktemp -d`
function cleanup {
mkdir -p $WORKSPACE
rm -rf $CLONEMAP $REQS_DIR
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: 'openstack/$ZUUL_SHORT_PROJECT_NAME'
dest: .
EOF
# zuul cloner works poorly if there are 2 names that are the
# same in here.
if [[ "openstack/$ZUUL_SHORT_PROJECT_NAME" != "openstack/requirements" ]]; then
cat >> $CLONEMAP << EOF
- name: openstack/requirements
dest: $REQS_DIR
EOF
fi
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org openstack/$ZUUL_SHORT_PROJECT_NAME openstack/requirements
# REQS_DIR is not set for openstack/requirements and there is also
# no need to copy in this case.
if [[ "openstack/$ZUUL_SHORT_PROJECT_NAME" != "openstack/requirements" ]]; then
cp $REQS_DIR/upper-constraints.txt ./
fi
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# NOTE(mhayden): The CentOS CI image has many repositories enabled by
# default that can cause package conflicts. We must disable all of
# them here and only enable base, updates, and epel.
# We also do not want to run this on Fedora.
if [[ -x /usr/bin/yum-config-manager ]] && [[ -e /etc/centos-release ]]; then
sudo yum-config-manager --disable \* >/dev/null
sudo yum-config-manager --enable base >/dev/null
sudo yum-config-manager --enable epel >/dev/null
sudo yum-config-manager --enable updates >/dev/null
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# NOTE(mhayden): EPEL is no longer required after installing distro
# packages with bindep. Individual roles may re-enable EPEL if they
# need it for their package installation tasks.
# We also do not want to run this on Fedora.
if [[ -x /usr/bin/yum-config-manager ]] && [[ -e /etc/centos-release ]]; then
sudo yum-config-manager --disable epel >/dev/null
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# Allow Jenkins user to ssh into localhost
ssh-keygen -f ~/.ssh/id_rsa -N ""
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh-keyscan localhost >> ~/.ssh/known_hosts
ssh-keyscan 127.0.0.1 >> ~/.ssh/known_hosts
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# Many of the Ansible roles have a tox environment
# called 'functional', so we implement a mapping
# of the scenario 'func' to 'functional' so reduce
# the need for code churn in those repositories
# immediately.
if [ "func" == "func" ]; then
/usr/local/jenkins/slave_scripts/run-tox.sh functional
else
/usr/local/jenkins/slave_scripts/run-tox.sh func
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'

15
playbooks/legacy/ansible-hardening-ansible-func_rhel6-ubuntu-trusty/post.yaml
View File

@ -1,15 +0,0 @@
- hosts: primary
tasks:
- name: Copy files from {{ ansible_user_dir }}/workspace/ on node
synchronize:
src: '{{ ansible_user_dir }}/workspace/'
dest: '{{ zuul.executor.log_root }}'
mode: pull
copy_links: true
verify_host: true
rsync_opts:
- --include=/logs/**
- --include=*/
- --exclude=*
- --prune-empty-dirs

101
playbooks/legacy/ansible-hardening-ansible-func_rhel6-ubuntu-trusty/run.yaml
View File

@ -1,101 +0,0 @@
- hosts: all
name: Autoconverted job legacy-ansible-hardening-ansible-func_rhel6-ubuntu-trusty
from old job gate-ansible-hardening-ansible-func_rhel6-ubuntu-trusty
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
REQS_DIR=`mktemp -d`
function cleanup {
mkdir -p $WORKSPACE
rm -rf $CLONEMAP $REQS_DIR
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: 'openstack/$ZUUL_SHORT_PROJECT_NAME'
dest: .
EOF
# zuul cloner works poorly if there are 2 names that are the
# same in here.
if [[ "openstack/$ZUUL_SHORT_PROJECT_NAME" != "openstack/requirements" ]]; then
cat >> $CLONEMAP << EOF
- name: openstack/requirements
dest: $REQS_DIR
EOF
fi
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org openstack/$ZUUL_SHORT_PROJECT_NAME openstack/requirements
# REQS_DIR is not set for openstack/requirements and there is also
# no need to copy in this case.
if [[ "openstack/$ZUUL_SHORT_PROJECT_NAME" != "openstack/requirements" ]]; then
cp $REQS_DIR/upper-constraints.txt ./
fi
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# NOTE(mhayden): The CentOS CI image has many repositories enabled by
# default that can cause package conflicts. We must disable all of
# them here and only enable base, updates, and epel.
# We also do not want to run this on Fedora.
if [[ -x /usr/bin/yum-config-manager ]] && [[ -e /etc/centos-release ]]; then
sudo yum-config-manager --disable \* >/dev/null
sudo yum-config-manager --enable base >/dev/null
sudo yum-config-manager --enable epel >/dev/null
sudo yum-config-manager --enable updates >/dev/null
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# NOTE(mhayden): EPEL is no longer required after installing distro
# packages with bindep. Individual roles may re-enable EPEL if they
# need it for their package installation tasks.
# We also do not want to run this on Fedora.
if [[ -x /usr/bin/yum-config-manager ]] && [[ -e /etc/centos-release ]]; then
sudo yum-config-manager --disable epel >/dev/null
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# Allow Jenkins user to ssh into localhost
ssh-keygen -f ~/.ssh/id_rsa -N ""
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh-keyscan localhost >> ~/.ssh/known_hosts
ssh-keyscan 127.0.0.1 >> ~/.ssh/known_hosts
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
# Many of the Ansible roles have a tox environment
# called 'functional', so we implement a mapping
# of the scenario 'func' to 'functional' so reduce
# the need for code churn in those repositories
# immediately.
if [ "func_rhel6" == "func" ]; then
/usr/local/jenkins/slave_scripts/run-tox.sh functional
else
/usr/local/jenkins/slave_scripts/run-tox.sh func_rhel6
fi
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'

37
zuul.d/zuul-legacy-jobs.yaml
View File

@ -47,43 +47,6 @@
nodeset: legacy-ubuntu-trusty
branches: ^stable/newton$
- job:
name: legacy-ansible-hardening-announce-release
parent: legacy-base
run: playbooks/legacy/ansible-hardening-announce-release/run
post-run: playbooks/legacy/ansible-hardening-announce-release/post
timeout: 1800
- job:
name: legacy-ansible-hardening-ansible-func-debian-jessie
parent: legacy-base
run: playbooks/legacy/ansible-hardening-ansible-func-debian-jessie/run
post-run: playbooks/legacy/ansible-hardening-ansible-func-debian-jessie/post
timeout: 5400
nodeset: legacy-debian-jessie
required-projects:
- openstack/ansible-hardening
- job:
name: legacy-ansible-hardening-ansible-func-fedora-26
parent: legacy-base
run: playbooks/legacy/ansible-hardening-ansible-func-fedora-26/run
post-run: playbooks/legacy/ansible-hardening-ansible-func-fedora-26/post
timeout: 5400
nodeset: legacy-fedora-26
required-projects:
- openstack/ansible-hardening
- job:
name: legacy-ansible-hardening-ansible-func_rhel6-ubuntu-trusty
parent: legacy-base
run: playbooks/legacy/ansible-hardening-ansible-func_rhel6-ubuntu-trusty/run
post-run: playbooks/legacy/ansible-hardening-ansible-func_rhel6-ubuntu-trusty/post
timeout: 5400
nodeset: legacy-ubuntu-trusty
required-projects:
- openstack/ansible-hardening
- job:
name: legacy-ansible-lint
parent: legacy-base