Merge branch 'main' into efoley-test-operator-fix-var-names

ci/config/molecule.yaml

@@ -32,6 +32,12 @@
 - job:
     name: cifmw-molecule-ci_metallb
     parent: cifmw-molecule-base-crc
+- job:
+    name: cifmw-molecule-kustomize_deploy
+    parent: cifmw-molecule-base-crc
+    nodeset: centos-9-crc-3xl
+    extra-vars:
+      crc_parameters: "--memory 24576 --disk-size 100 --cpus 8"
 - job:
     name: cifmw-molecule-reproducer
     nodeset: centos-9-crc-xxl
@@ -51,17 +57,17 @@
 - job:
     name: cifmw-molecule-networking_mapper
     nodeset:
-        nodes:
-            - name: controller
-              label: cloud-centos-9-stream-tripleo-vexxhost-medium
-            - name: compute-0
-              label: cloud-centos-9-stream-tripleo-vexxhost-medium
-            - name: compute-1
-              label: cloud-centos-9-stream-tripleo-vexxhost-medium
-            - name: crc
-              label: cloud-centos-9-stream-tripleo-vexxhost-medium
-        groups:
-            - name: computes
-              nodes:
-                  - compute-0
-                  - compute-1
+      nodes:
+        - name: controller
+          label: cloud-centos-9-stream-tripleo-vexxhost-medium
+        - name: compute-0
+          label: cloud-centos-9-stream-tripleo-vexxhost-medium
+        - name: compute-1
+          label: cloud-centos-9-stream-tripleo-vexxhost-medium
+        - name: crc
+          label: cloud-centos-9-stream-tripleo-vexxhost-medium
+      groups:
+        - name: computes
+          nodes:
+            - compute-0
+            - compute-1

docs/source/files/multinode-params.yml

@@ -1,12 +1,4 @@
 ---
-# Since we don't have zuul data, we have to provide some
-# networking information to the libvirt_manager so that it will be able to
-# generate the needed content for later usage
-_networks:
-  public:
-    range: "192.168.111.0/24"
-    mtu: 1500
-
 # HERE, we have to manually segment the network.
 # computesb1 will run on hypervisor-1,
 # while computesb2 will run on hypervisor-2.
@@ -22,14 +14,11 @@ cifmw_libvirt_manager_configuration:
         <forward mode='nat'/>
         <bridge name='public' stp='on' delay='0'/>
         <mac address='52:54:00:6a:f2:dc'/>
-        <mtu size='{{ _networks.public.mtu }}'/>
-        <ip family='ipv4'
-        address='{{ _networks.public.range | ansible.utils.nthhost(1) }}'
-        prefix='24'>
+        <mtu size='1500'/>
+        <ip family='ipv4' address='192.168.111.1' prefix='24'>
           <dhcp>
             <range
-            start='{{ _networks.public.range | ansible.utils.nthhost(10) }}'
-            end='{{ _networks.public.range | ansible.utils.nthhost(100) }}'/>
+            start='192.168.111.10' end='192.168.111.99'/>
           </dhcp>
         </ip>
       </network>

docs/source/usage/01_usage.md

@@ -5,43 +5,48 @@
 The following parameters allow to set a common value for parameters that
 are shared among multiple roles:
 
-* `cifmw_basedir`: The base directory for all of the artifacts. Defaults to
-`~/ci-framework-data`.
-* `cifmw_crc_hostname`: Allow to set the actual CRC inventory hostname. Mostly used in the fetch_compute_facts hook.
-in the multinode layout, especially for the reproducer case.
-* `cifmw_edpm_deploy_baremetal`: (Bool) Toggle whether to deploy edpm on compute nodes.
-provisioned with virtual baremetal vs pre-provisioned VM.
-* `cifmw_installyamls_repos`: install_yamls repository location. Defaults to `../..`.
-* `cifmw_manifests`: Directory where k8s related manifests will be places. Defaults to
-`{{ cifmw_basedir }}/manifests`.
-* `cifmw_path`: customized PATH. Defaults to `~/.crc/bin:~/.crc/bin/oc:~/bin:${PATH}`.
-* `cifmw_use_libvirt`: (Bool) toggle libvirt support.
-* `cifmw_use_crc`: (Bool) toggle rhol/crc usage.
-* `cifmw_use_devscripts`: (Bool) toggle devscripts usage.
-* `cifmw_openshift_kubeconfig`: (String) Path to the kubeconfig file if externally provided. If provided will be the kubeconfig to use and update after login.
-* `cifmw_openshift_api`: (String) Path to the kubeconfig file. If provided will be the API to authenticate against.
-* `cifmw_openshift_user`: (String) Login user. If provided, the user that logins.
-* `cifmw_openshift_provided_token`: (String) Initial login token. If provided, that token will be used to authenticate into OpenShift.
-* `cifmw_openshift_password`: (String) Login password. If provided is the password used for login in.
-* `cifmw_openshift_password_file`: (String) Path to a file that contains the plain login password. If provided is the password used for login in.
-* `cifmw_openshift_skip_tls_verify`: (Boolean) Skip TLS verification to login. Defaults to `false`.
-* `cifmw_use_opn`: (Bool) toggle openshift provisioner node support.
-* `cifmw_use_hive`: (Bool) toggle OpenShift deployment using hive operator.
-* `cifmw_use_devscripts`: (Bool) toggle OpenShift deploying using devscripts role.
-* `cifmw_openshift_crio_stats`: (Bool) toggle collecting cri-o stats in CRC deployment.
-* `cifmw_deploy_edpm`: (Bool) toggle deploying EDPM. Default to false.
-* `cifmw_config_nmstate`: (Bool) toggle NMstate networking deployment. Default to false.
-* `cifmw_config_certmanager`: (Bool) toggle cert-manager deployment. Default to false.
-
-~~~{admonition} Words of caution
+- `cifmw_basedir`: The base directory for all of the artifacts. Defaults to
+  `~/ci-framework-data`.
+- `cifmw_crc_hostname`: Allow to set the actual CRC inventory hostname. Mostly used in the fetch_compute_facts hook.
+  in the multinode layout, especially for the reproducer case.
+- `cifmw_edpm_deploy_baremetal`: (Bool) Toggle whether to deploy edpm on compute nodes.
+  provisioned with virtual baremetal vs pre-provisioned VM.
+- `cifmw_installyamls_repos`: install_yamls repository location. Defaults to `../..`.
+- `cifmw_manifests`: Directory where k8s related manifests will be places. Defaults to
+  `{{ cifmw_basedir }}/manifests`.
+- `cifmw_path`: customized PATH. Defaults to `~/.crc/bin:~/.crc/bin/oc:~/bin:${PATH}`.
+- `cifmw_use_libvirt`: (Bool) toggle libvirt support.
+- `cifmw_use_crc`: (Bool) toggle rhol/crc usage.
+- `cifmw_use_devscripts`: (Bool) toggle devscripts usage.
+- `cifmw_openshift_kubeconfig`: (String) Path to the kubeconfig file if externally provided. If provided will be the kubeconfig to use and update after login.
+- `cifmw_openshift_api`: (String) Path to the kubeconfig file. If provided will be the API to authenticate against.
+- `cifmw_openshift_user`: (String) Login user. If provided, the user that logins.
+- `cifmw_openshift_provided_token`: (String) Initial login token. If provided, that token will be used to authenticate into OpenShift.
+- `cifmw_openshift_password`: (String) Login password. If provided is the password used for login in.
+- `cifmw_openshift_password_file`: (String) Path to a file that contains the plain login password. If provided is the password used for login in.
+- `cifmw_openshift_skip_tls_verify`: (Boolean) Skip TLS verification to login. Defaults to `false`.
+- `cifmw_use_opn`: (Bool) toggle openshift provisioner node support.
+- `cifmw_use_hive`: (Bool) toggle OpenShift deployment using hive operator.
+- `cifmw_use_devscripts`: (Bool) toggle OpenShift deploying using devscripts role.
+- `cifmw_openshift_crio_stats`: (Bool) toggle collecting cri-o stats in CRC deployment.
+- `cifmw_deploy_edpm`: (Bool) toggle deploying EDPM. Default to false.
+- `cifmw_config_nmstate`: (Bool) toggle NMstate networking deployment. Default to false.
+- `cifmw_config_certmanager`: (Bool) toggle cert-manager deployment. Default to false.
+- `cifmw_ssh_keytype`: (String) Type of ssh keys that will be injected into the controller in order to connect to the rest of the nodes. Defaults to `ecdsa`.
+- `cifmw_ssh_keysize`: (Integer) Size of ssh keys that will be injected into the controller in order to connect to the rest of the nodes. Defaults to 521.
+- `cifmw_architecture_repo`: (String) Path of the architecture repository on the controller node.
+  Defaults to `~/src/github.com/openstack-k8s-operators/architecture`
+- `cifmw_architecture_va_scenario`: (String) The selected VA scenario to deploy.
+
+```{admonition} Words of caution
 :class: danger
 If you want to output the content in another location than `~/ci-framework-data`
 (namely set the `cifmw_basedir` to some other location), you will have to update
 the `ansible.cfg`, updating the value of `roles_path` so that it includes
 this new location.
 
 We cannot do this change runtime unfortunately.
-~~~
+```
 
 ## Role level parameters
 
@@ -61,28 +66,28 @@ specific points in the standard run.
 
 Allowed parameter names are:
 
-* `pre_infra`: before bootstrapping the infrastructure
-* `post_infra`: after bootstrapping the infrastructure
-* `pre_package_build`: before building packages against sources
-* `post_package_build`: after building packages against sources
-* `pre_container_build`: before building container images
-* `post_container_build`: after building container images
-* `pre_deploy`: before deploying EDPM
-* `post_deploy`: after deploying EDPM
-* `post_ctlplane_deploy`: after Control Plane deployment
-* `pre_tests`: before running tests
-* `post_tests`: after running tests
-* `pre_admin_setup`: before admin setup
-* `post_admin_setup`: before admin setup
-* `pre_reporting`: before running reporting
-* `post_reporting`: after running reporting
+- `pre_infra`: before bootstrapping the infrastructure
+- `post_infra`: after bootstrapping the infrastructure
+- `pre_package_build`: before building packages against sources
+- `post_package_build`: after building packages against sources
+- `pre_container_build`: before building container images
+- `post_container_build`: after building container images
+- `pre_deploy`: before deploying EDPM
+- `post_deploy`: after deploying EDPM
+- `post_ctlplane_deploy`: after Control Plane deployment
+- `pre_tests`: before running tests
+- `post_tests`: after running tests
+- `pre_admin_setup`: before admin setup
+- `post_admin_setup`: before admin setup
+- `pre_reporting`: before running reporting
+- `post_reporting`: after running reporting
 
 Since steps may be skipped, we must ensure proper post/pre exists for specific
 steps.
 
 In order to provide a hook, please pass the following as an environment file:
 
-~~~{code-block} YAML
+```{code-block} YAML
 :caption: custom/my-hook.yml
 :linenos:
 pre_infra:
@@ -97,7 +102,7 @@ pre_infra:
       wait_condition:
         type: pod
       source: /path/to/my/glorious.crd
-~~~
+```
 
 In the above example, the `foo.yml` is located in
 [hooks/playbooks](https://github.com/openstack-k8s-operators/ci-framework/tree/main/hooks/playbooks) while
@@ -115,20 +120,20 @@ In order to allow user to run only a subset of tasks while still consuming the
 entry playbook, the Framework exposes tags one may leverage with either `--tags`
 or `--skip-tags`:
 
-* `bootstrap`: Run all of the package installation tasks as well as the potential system configuration depending on the options you set.
-* `packages`: Run all package installation tasks associated to the options you set.
-* `bootstrap_layout`: Run the [reproducer](../reproducers/01-considerations.md) bootstrap steps only.
-* `bootstrap_libvirt`: Run the [reproducer](../reproducers/01-considerations.md) libvirt bootstrap only.
-* `bootstrap_repositories`: Run the [reproducer](../reproducers/01-considerations.md) repositories bootstrap steps only.
-* `infra`: Denotes tasks to prepare host virtualization and Openshift Container Platform when deploy-edpm.yml playbook is run.
-* `build-packages`: Denotes tasks to call the role [pkg_build](../roles/pkg_build.md) when deploy-edpm.yml playbook is run.
-* `build-containers`: Denotes tasks to call the role [build_containers](../roles/build_containers.md) when deploy-edpm.yml playbook is run.
-* `build-operators`: Denotes tasks to call the role [operator_build](../roles/operator_build.md) when deploy-edpm.yml playbook is run.
-* `control-plane`: Deploys the control-plane on OpenShift by creating `OpenStackControlPlane` CRs when deploy-edpm.yml playbook is run.
-* `edpm`: Deploys the data-plane (External Data Plane Management) on RHEL nodes by creating `OpenStackDataPlane` CRs when deploy-edpm.yml playbook is run.
-* `admin-setup`: Denotes tasks to call the role [os_net_setup](../roles/os_net_setup.md) when deploy-edpm.yml playbook is run.
-* `run-tests`: Denotes tasks to call the roles [tempest](../roles/tempest.md) and/or [tobiko](../roles/tobiko.md) when deploy-edpm.yml playbook is run.
-* `logs`: Denotes tasks which generate artifacts via the role [artifacts](../roles/artifacts.md) and when collect logs when deploy-edpm.yml playbook is run.
+- `bootstrap`: Run all of the package installation tasks as well as the potential system configuration depending on the options you set.
+- `packages`: Run all package installation tasks associated to the options you set.
+- `bootstrap_layout`: Run the [reproducer](../reproducers/01-considerations.md) bootstrap steps only.
+- `bootstrap_libvirt`: Run the [reproducer](../reproducers/01-considerations.md) libvirt bootstrap only.
+- `bootstrap_repositories`: Run the [reproducer](../reproducers/01-considerations.md) repositories bootstrap steps only.
+- `infra`: Denotes tasks to prepare host virtualization and Openshift Container Platform when deploy-edpm.yml playbook is run.
+- `build-packages`: Denotes tasks to call the role [pkg_build](../roles/pkg_build.md) when deploy-edpm.yml playbook is run.
+- `build-containers`: Denotes tasks to call the role [build_containers](../roles/build_containers.md) when deploy-edpm.yml playbook is run.
+- `build-operators`: Denotes tasks to call the role [operator_build](../roles/operator_build.md) when deploy-edpm.yml playbook is run.
+- `control-plane`: Deploys the control-plane on OpenShift by creating `OpenStackControlPlane` CRs when deploy-edpm.yml playbook is run.
+- `edpm`: Deploys the data-plane (External Data Plane Management) on RHEL nodes by creating `OpenStackDataPlane` CRs when deploy-edpm.yml playbook is run.
+- `admin-setup`: Denotes tasks to call the role [os_net_setup](../roles/os_net_setup.md) when deploy-edpm.yml playbook is run.
+- `run-tests`: Denotes tasks to call the roles [tempest](../roles/tempest.md) and/or [tobiko](../roles/tobiko.md) when deploy-edpm.yml playbook is run.
+- `logs`: Denotes tasks which generate artifacts via the role [artifacts](../roles/artifacts.md) and when collect logs when deploy-edpm.yml playbook is run.
 
 For instance, if you want to bootstrap a hypervisor, and reuse it over and
 over, you'll run the following commands:
@@ -142,6 +147,7 @@ $
     -K --skip-tags bootstrap,packages \
     [-e @scenarios/centos-9/some-environment -e <...>]
 ```
+
 Running the command twice, with `--tags` and `--skip-tags` as only difference,
 will ensure your environment has the needed directories, packages and
 configurations with the first run, while skip all of those tasks in the
@@ -151,6 +157,7 @@ If you've already deployed OpenStack but it failed
 during [os_net_setup](../roles/os_net_setup.md) and you've taken steps
 to correct the problem and want to test if they resolved the issue,
 then use:
+
 ```Bash
 [controller-0]$ ansible-playbook deploy-edpm.yml -K --tags admin-setup
 ```

plugins/filter/reproducer_refspec.py

@@ -65,6 +65,8 @@ def __map_repo_refspec(cls, repo):
             patchset = repo["patchset"]
             # changes coming from gerrit
             return f"refs/changes/{change[-2:]}/{change}/{patchset}"
+        elif "gitlab" in hostname:
+            return f"merge-requests/{change}/head"
         else:
             # changes coming from github
             return f"pull/{change}/head"

roles/devscripts/README.md

@@ -32,6 +32,7 @@ managed services.
 * `cifmw_devscripts_use_layers` (bool) Toggle overlay support. Specifically, this boolean will instruct the role to
   shutdown the whole OCP cluster, dump the XML, undefine the nodes, and prevents running the "post" tasks. Defaults to `false`.
 * `cifmw_devscripts_remove_default_net` (bool) Remove the default virtual network. Defaults to `false`.
+* `cifmw_devscripts_host_routing` (bool) Enable routing via host for OCP nodes in case of OVNKubernetes. Defaults to `false`.
 
 ### Secrets management
 

roles/devscripts/defaults/main.yml

@@ -31,6 +31,7 @@ cifmw_devscripts_user: "{{ ansible_user_id }}"
 cifmw_devscripts_restart_virtproxyd: true
 cifmw_devscripts_use_layers: false
 cifmw_devscripts_remove_default_net: false
+cifmw_devscripts_host_routing: false
 
 cifmw_devscripts_osp_compute_nodes: []
 

roles/devscripts/molecule/default/converge.yml

@@ -88,7 +88,7 @@
       loop:
         - "{{ cifmw_devscripts_repo_dir }}/pull_secret.json"
         - "{{ cifmw_devscripts_repo_dir }}/config_{{ cifmw_devscripts_user }}.sh"
-        - "{{ cifmw_devscripts_config.assets_extra_folder }}/forwarding.yaml"
+        - "{{ cifmw_devscripts_config.assets_extra_folder }}/ovn_k8s_config.yaml"
       register: file_stat_results
 
     - name: Test pull secret file stat information

roles/devscripts/tasks/sub_tasks/14_user.yml

@@ -49,10 +49,20 @@
 - name: Enable IP forwarding in the Network Operator.
   when:
     - cifmw_devscripts_config['network_type'] == 'OVNKubernetes'
-    - "cifmw_devscripts_config.openshift_version is ansible.builtin.version('4.14.0', '>=')"
-  ansible.builtin.copy:
-    src: "files/forwarding.yaml"
-    dest: "{{ cifmw_devscripts_config['assets_extra_folder'] }}/forwarding.yaml"
+    - ("cifmw_devscripts_config.openshift_version is ansible.builtin.version('4.14.0', '>=')") or
+      (cifmw_devscripts_host_routing | bool)
+  vars:
+    ip_forward: "{{ cifmw_devscripts_config.openshift_version is ansible.builtin.version('4.14.0', '>=') }}"
+    host_routing: "{{ cifmw_devscripts_host_routing | bool }}"
+  ansible.builtin.template:
+    src: "templates/ovn_config.j2"
+    dest: >-
+      {{
+        [
+          cifmw_devscripts_config['assets_extra_folder'],
+          'ovn_k8s_config.yaml'
+        ] | ansible.builtin.path_join
+      }}
     owner: "{{ cifmw_devscripts_user }}"
     group: "{{ cifmw_devscripts_user }}"
     mode: "0644"

roles/devscripts/tasks/sub_tasks/_521_gather.yml

@@ -35,14 +35,6 @@
       vars:
         _nets_data:
           name: "{{ item }}"
-          mtu: "{{ ansible_facts[item]['mtu'] }}"
-          cidr: >-
-            {{
-              ansible_facts[item]['ipv4']['network'] +
-              '/' +
-              ansible_facts[item]['ipv4']['prefix']
-            }}
-          static_ip: false
       when:
         - _bridges is defined
         - "not item.endswith('bm')"

roles/devscripts/files/forwarding.yaml → roles/devscripts/templates/ovn_config.j2

@@ -7,4 +7,9 @@ spec:
   defaultNetwork:
     ovnKubernetesConfig:
       gatewayConfig:
+{% if ip_forward %}
         ipForwarding: Global
+{% endif %}
+{% if host_routing %}
+        routingViaHost: true
+{% endif %}

roles/edpm_deploy_baremetal/defaults/main.yml

@@ -24,7 +24,7 @@ cifmw_edpm_deploy_baremetal_wait_provisionserver_retries: 60
 cifmw_edpm_deploy_baremetal_wait_provisionserver_timeout_mins: 20
 cifmw_edpm_deploy_baremetal_wait_ironic_timeout_mins: 20
 cifmw_edpm_deploy_baremetal_wait_bmh_timeout_mins: 20
-cifmw_edpm_deploy_baremetal_wait_dataplane_timeout_mins: 30
+cifmw_edpm_deploy_baremetal_wait_dataplane_timeout_mins: 40
 cifmw_edpm_deploy_baremetal_update_os_containers: false
 cifmw_edpm_deploy_baremetal_repo_setup_override: false
 cifmw_edpm_deploy_baremetal_create_vms: true

roles/hci_prepare/tasks/phase1.yml

@@ -61,6 +61,7 @@
             path: /spec/services
             value:
               - repo-setup
+              - bootstrap
               - download-cache
               - configure-network
               - validate-network