Merge branch 'master' into mgirgisf/STF-1580/fix_log_commands

.zuul.yaml

@@ -12,11 +12,11 @@
     required-projects:
       - name: openstack-k8s-operators/ci-framework
         override-checkout: main
+      - name: github.com/infrawatch/service-telemetry-operator
       - name: github.com/infrawatch/smart-gateway-operator
       - name: github.com/infrawatch/sg-bridge
       - name: github.com/infrawatch/sg-core
       - name: github.com/infrawatch/prometheus-webhook-snmp
-
     pre-run:
       - ci/prepare.yml
     run:
@@ -32,24 +32,67 @@
       crc_parameters: '--memory 16000 --disk-size 80 --cpus 6'  # Increase from 14336
 
 - job:
-    name: stf-crc-latest-nightly_bundles
+    name: stf-crc-nightly_bundles
     parent: stf-base
-    description:
-      Deploy STF nightly bundles
+    abstract: true
+    description: |
+      Deploy STF using the nightly bundles
     vars:
       scenario: "nightly_bundles"
 
 - job:
-    name: stf-crc-latest-local_build
+    name: stf-crc-local_build
     parent: stf-base
+    abstract: true
     description: |
       Build images locally and deploy STF
     vars:
       scenario: "local_build"
 
-- project:
-    name: infrawatch/service-telemetry-operator
+- job:
+    name: stf-crc-ocp_412-nightly_bundles
+    parent: stf-crc-nightly_bundles
+    description: |
+      Deploy STF using the nightly bundles on OCP 4.12
+    vars:
+      crc_ocp_bundle: 'https://mirror.openshift.com/pub/openshift-v4/clients/crc/bundles/openshift/4.12.13/crc_libvirt_4.12.13_amd64.crcbundle'
+
+- job:
+    name: stf-crc-ocp_413-nightly_bundles
+    parent: stf-crc-nightly_bundles
+    description: |
+      Deploy STF using the nightly bundles on OCP 4.13
+    vars:
+      crc_ocp_bundle: 'https://mirror.openshift.com/pub/openshift-v4/clients/crc/bundles/openshift/4.13.14/crc_libvirt_4.13.14_amd64.crcbundle'
+
+- job:
+    name: stf-crc-ocp_412-local_build
+    parent: stf-crc-local_build
+    description: |
+      Build images locally and deploy STF on OCP 4.12
+    vars:
+      crc_ocp_bundle: 'https://mirror.openshift.com/pub/openshift-v4/clients/crc/bundles/openshift/4.12.13/crc_libvirt_4.12.13_amd64.crcbundle'
+
+- job:
+    name: stf-crc-ocp_413-local_build
+    parent: stf-crc-local_build
+    description: |
+      Build images locally and deploy STF on OCP 4.13
+    vars:
+      crc_ocp_bundle: 'https://mirror.openshift.com/pub/openshift-v4/clients/crc/bundles/openshift/4.13.14/crc_libvirt_4.13.14_amd64.crcbundle'
+
+- project-template:
+    name: stf-crc-jobs
+    description: |
+      STF CRC jobs that build and deploy STF
     github-check:
       jobs:
-        - stf-crc-latest-nightly_bundles
-        - stf-crc-latest-local_build
+        - stf-crc-ocp_412-nightly_bundles
+        - stf-crc-ocp_412-local_build
+        - stf-crc-ocp_413-nightly_bundles
+        - stf-crc-ocp_413-local_build
+
+- project:
+    name: infrawatch/service-telemetry-operator
+    templates:
+      - stf-crc-jobs

Jenkinsfile

@@ -36,7 +36,6 @@ spec:
           strategy: ephemeral
   transports:
     qdr:
-      auth: none
       enabled: true
       deploymentSize: 1
       web:

ci/post-collect_logs.yml

@@ -46,7 +46,7 @@
       ansible.builtin.shell: |
         cp {{ ansible_env.HOME }}/*.log .
       args:
-        chdir: "{{ ansible_user_dir }}/zuul-output/logs/controller"
+        chdir: "{{ logfile_dir }}"
       changed_when: true
       ignore_errors: true
 

ci/vars-zuul-common.yml

@@ -2,7 +2,6 @@
 namespace: "service-telemetry"
 setup_bundle_registry_tls_ca: false
 setup_bundle_registry_auth: false
-__service_telemetry_transports_qdr_auth: none
 base_dir: "{{ sto_dir }}/build"
 logfile_dir: "{{ ansible_user_dir }}/zuul-output/logs/controller"
 clone_repos: false

roles/servicetelemetry/tasks/component_qdr.yml

@@ -160,21 +160,41 @@
         namespace: "{{ ansible_operator_meta.namespace }}"
       register: _qdr_basicauth_object
 
-    # Because https://github.com/interconnectedcloud/qdr-operator/blob/576d2b33dac71437ea2b165caaaf6413220767fe/pkg/controller/interconnect/interconnect_controller.go#L634
-    - name: Perform a one-time upgrade to the default generated password for QDR BasicAuth
-      k8s:
-        definition:
-          kind: Secret
-          apiVersion: v1
-          metadata:
-            name: "{{ ansible_operator_meta.name }}-interconnect-users"
+    - when:
+      - _qdr_basicauth_object.resources[0] is defined and _qdr_basicauth_object.resources[0].metadata.labels.stf_one_time_upgrade is not defined
+      block:
+        # Because https://github.com/interconnectedcloud/qdr-operator/blob/576d2b33dac71437ea2b165caaaf6413220767fe/pkg/controller/interconnect/interconnect_controller.go#L634
+        - name: Perform a one-time upgrade to the default generated password for QDR BasicAuth
+          k8s:
+            definition:
+              kind: Secret
+              apiVersion: v1
+              metadata:
+                name: "{{ ansible_operator_meta.name }}-interconnect-users"
+                namespace: "{{ ansible_operator_meta.namespace }}"
+                labels:
+                  stf_one_time_upgrade: "{{ lookup('pipe', 'date +%s') }}"
+              stringData:
+                guest: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=32') }}"
+
+        # label_selectors on the k8s object need kubernetes.core>=2.2.0
+        - name: Get the list of QDR pods
+          k8s_info:
+            api_version: v1
+            kind: Pod
+            namespace: "{{ ansible_operator_meta.namespace }}"
+            label_selectors:
+              - application={{ ansible_operator_meta.name }}-interconnect
+          register: _qdr_pod
+
+        - name: Restart QDR pods to pick up new password
+          k8s:
+            state: absent
+            api_version: v1
+            kind: Pod
             namespace: "{{ ansible_operator_meta.namespace }}"
-            labels:
-              stf_one_time_upgrade: "{{ lookup('pipe', 'date +%s') }}"
-          stringData:
-            guest: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=32') }}"
-      when:
-        - _qdr_basicauth_object.resources[0] is defined and _qdr_basicauth_object.resources[0].metadata.labels.stf_one_time_upgrade is not defined
+            name: "{{ item.metadata.name }}"
+          loop: "{{ _qdr_pod.resources }}"
 
 - name: Set default Interconnect manifest
   set_fact:

tests/infrared/17.1/README.md

@@ -2,15 +2,64 @@
 
 ## Basic deployment
 
-```bash
-OCP_ROUTE_IP="10.0.100.50" \
-CA_CERT_FILE_CONTENT="$(oc get secret/default-interconnect-selfsigned -o jsonpath='{.data.ca\.crt}' | base64 -d)" \
-AMQP_HOST="$(oc get route default-interconnect-5671 -ojsonpath='{.spec.host}')" \
-ENABLE_STF_CONNECTORS=true \
-ENABLE_GNOCCHI_CONNECTORS=false \
-CONTROLLER_MEMORY="24000" \
-COMPUTE_CPU="6" \
-COMPUTE_MEMORY="24000" \
-LIBVIRT_DISKPOOL="/home/libvirt/images" \
-./infrared-openstack.sh
-```
+A basic deployment can be deployed and connected to an existing STF deployment automatically after logging into the OpenShift cluster hosting STF from the host system.
+
+### Prequisites
+
+* Logged into the host system where you'll deploy the virtualized OpenStack infrastructure.
+* Installed infrared and cloned the infrawatch/service-telemetry-operator repository.
+* DNS resolution (or `/etc/hosts` entry) of the OpenShift cluster API endpoint.
+* Downloaded the `oc` binary, made it executable, and placed in $PATH.
+* Logged into the OpenShift hosting STF and changed to the `service-telemetry` project from the host system.
+
+### Procedure
+
+* Deploy the overcloud using the infrawatch-openstack.sh script:
+  ```bash
+  OCP_ROUTE_IP="10.0.111.41" \
+  CA_CERT_FILE_CONTENT="$(oc get secret/default-interconnect-selfsigned -o jsonpath='{.data.ca\.crt}' | base64 -d)" \
+  AMQP_HOST="$(oc get route default-interconnect-5671 -ojsonpath='{.spec.host}')" \
+  AMQP_PASS="$(oc get secret default-interconnect-users -o json | jq -r .data.guest | base64 -d)" \
+  ENABLE_STF_CONNECTORS=true \
+  ENABLE_GNOCCHI_CONNECTORS=false \
+  CONTROLLER_MEMORY="24000" \
+  COMPUTE_CPU="6" \
+  COMPUTE_MEMORY="24000" \
+  LIBVIRT_DISKPOOL="/home/libvirt/images" \
+  ./infrared-openstack.sh
+  ```
+
+## Running a test workload
+
+You can run a test workload on the deployed overcloud by logging into the undercloud and completing some additional setup to allow for virtual machine workloads to run.
+
+### Procedure
+
+* Login to the undercloud from the host system:
+  ```bash
+  ir ssh undercloud-0
+  ```
+* Complete the deployment of a private network, router, and other aspects to allow the virtual machine to be deployed:
+  ```bash
+  source overcloudrc
+  export PRIVATE_NETWORK_CIDR=192.168.100.0/24
+  openstack flavor create --ram 512 --disk 1 --vcpu 1 --public tiny
+  curl -L -O https://download.cirros-cloud.net/0.5.0/cirros-0.5.0-x86_64-disk.img
+  openstack image create cirros --container-format bare --disk-format qcow2 --public --file cirros-0.5.0-x86_64-disk.img
+  openstack keypair create --public-key ~/.ssh/id_rsa.pub default
+  openstack security group create basic
+  openstack security group rule create basic --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
+  openstack security group rule create --protocol icmp basic
+  openstack security group rule create --protocol udp --dst-port 53:53 basic
+  openstack network create --internal private
+  openstack subnet create private-net \
+    --subnet-range $PRIVATE_NETWORK_CIDR \
+    --network private
+  openstack router create vrouter
+  openstack router set vrouter --external-gateway public
+  openstack router add subnet vrouter private-net
+  openstack server create --flavor tiny --image cirros --key-name default --security-group basic --network private myserver
+  until [ "$(openstack server list --name myserver --column Status --format value)" = "ACTIVE" ]; do echo "Waiting for server to be ACTIVE..."; sleep 10; done
+  openstack server add floating ip myserver $(openstack floating ip create public --format json | jq .floating_ip_address | tr -d '"')
+  openstack server list
+  ```

tests/infrared/17.1/infrared-openstack.sh

@@ -1,12 +1,11 @@
 #!/usr/bin/env bash
 set -e
 
-# Usage:
-#  VIRTHOST=my.big.hypervisor.net
-#  ./infrared-openstack.sh
+# Usage: See README.md
 VIRTHOST=${VIRTHOST:-localhost}
 AMQP_HOST=${AMQP_HOST:-stf-default-interconnect-5671-service-telemetry.apps-crc.testing}
 AMQP_PORT=${AMQP_PORT:-443}
+AMQP_PASS=${AMQP_PASS:-}
 SSH_KEY="${SSH_KEY:-${HOME}/.ssh/id_rsa}"
 NTP_SERVER="${NTP_SERVER:-clock.redhat.com,10.5.27.10,10.11.160.238}"
 CLOUD_NAME="${CLOUD_NAME:-cloud1}"
@@ -97,7 +96,7 @@ ir_create_undercloud() {
 }
 
 stf_create_config() {
-  sed -r "s/<<AMQP_HOST>>/${AMQP_HOST}/;s/<<AMQP_PORT>>/${AMQP_PORT}/;s/<<CLOUD_NAME>>/${CLOUD_NAME}/;s%<<CA_CERT_FILE_CONTENT>>%${CA_CERT_FILE_CONTENT//$'\n'/<@@@>}%;s/<@@@>/\n                /g" ${STF_ENVIRONMENT_TEMPLATE} > outputs/stf-connectors.yaml
+  sed -r "s/<<AMQP_HOST>>/${AMQP_HOST}/;s/<<AMQP_PORT>>/${AMQP_PORT}/;s/<<AMQP_PASS>>/${AMQP_PASS}/;s/<<CLOUD_NAME>>/${CLOUD_NAME}/;s%<<CA_CERT_FILE_CONTENT>>%${CA_CERT_FILE_CONTENT//$'\n'/<@@@>}%;s/<@@@>/\n                /g" ${STF_ENVIRONMENT_TEMPLATE} > outputs/stf-connectors.yaml
 }
 
 gnocchi_create_config() {
@@ -167,6 +166,11 @@ if [ -z "${CA_CERT_FILE_CONTENT}" ]; then
     exit 1
 fi
 
+if [ -z "${AMQP_PASS}" ]; then
+    echo "AMQP_PASS must be set and passed to the deployment, or QDR will fail to connect."
+    exit 1
+fi
+
 time if ${TEMPEST_ONLY}; then
   echo "-- Running tempest tests"
   ir_run_tempest

tests/infrared/17.1/stf-connectors.yaml.template

@@ -16,6 +16,8 @@ custom_templates:
               role: edge
               verifyHostname: false
               sslProfile: sslProfile
+              saslUsername: guest@default-interconnect
+              saslPassword: pass:<<AMQP_PASS>>
 
         MetricsQdrSSLProfiles:
             - name: sslProfile

tests/smoketest/collectd-sensubility.conf

@@ -10,7 +10,7 @@ worker_count=2
 checks={"check-container-health":{"command":"cat /healthcheck.log","handlers":[],"interval":3,"occurrences":3,"refresh":90,"standalone":true}}
 
 [amqp1]
-connection=amqp://default-interconnect.<<NAMESPACE>>.svc:5671
+connection=amqp://qdr-test:5672
 results_channel=sensubility/cloud1-telemetry
 client_name=smoketest.redhat.com
 results_format=smartgateway

tests/smoketest/minimal-collectd.conf.template

@@ -11,8 +11,8 @@ LoadPlugin cpu
 LoadPlugin amqp1
 <Plugin "amqp1">
   <Transport "name">
-    Host "default-interconnect"
-    Port "5671"
+    Host "qdr-test"
+    Port "5672"
     Address "collectd"
     <Instance "cloud1-telemetry">
         Format JSON

tests/smoketest/qdr-test.conf.yaml.template

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+    name: qdr-test-config
+data:
+    qdrouterd.conf: |
+        router {
+            mode: edge
+            id: qdr-test.smoketest
+            workerThreads: 2
+            saslConfigDir: /etc/sasl2
+            saslConfigName: qdrouterd
+        }
+
+        sslProfile {
+            name: sslProfile
+            caCertFile: /etc/pki/tls/certs/ca.crt
+        }
+
+        listener {
+            host: 0.0.0.0
+            port: 5672
+            authenticatePeer: false
+            saslMechanisms: ANONYMOUS
+        }
+
+        connector {
+            host: default-interconnect
+            port: 5671
+            role: edge
+            saslPassword: pass:<<AMQP_PASS>>
+            saslUsername: guest@default-interconnect
+            sslProfile: sslProfile
+            verifyHostname: false
+        }
+
+        address {
+            prefix: unicast
+            distribution: closest
+        }
+
+        address {
+            prefix: exclusive
+            distribution: closest
+        }
+
+        address {
+            prefix: broadcast
+            distribution: multicast
+        }
+
+        address {
+            distribution: multicast
+            prefix: collectd
+        }
+
+        address {
+            distribution: multicast
+            prefix: anycast/ceilometer
+        }
+
+        log {
+            module: DEFAULT
+            enable: info+
+            includeTimestamp: true
+        }