During system setup, setup managed contexts for
specific files based on platform (ansible_distribution) name.
If no mapping for that platform is available, choose a default
item if one is present. Failing both, don't do anything.
For now this only includes /usr/local/bin/crio and sets the same
type on all platforms. However this is easily expanded by
updating the mapping in ``vars.yml`` to include additional
files and/or ansible_distribution names (or "default") and types.
Signed-off-by: Chris Evich <cevich@redhat.com>
* When installing low-level dependencies, ignore any errors as
consequences will be revealed in the subsequent task.
* Rename dir_stat -> crio_stat to better match usage.
* Add comment regarding ControlPersist in ansible.cfg.
* Simplify extra_storage_opts variable usage, consolidate definition.
* Reduce duplication of base-paths in golang.yml directory-setup loop.
* Clarify a few points and add a wrapper example to README.md
Signed-off-by: Chris Evich <cevich@redhat.com>
When running from a central host, where multiple other playbooks may
also be executing, CPU time quickly becomes the scaleability bottleneck.
* Reduce the vars compression level at the cost of network utilization.
This assumes the number of vars being transfered back/forth remains
reasonably low, where there wouldn't be much advantage from higher
compression anyway.
Another enhancement ``ControlPersist`` (for ssh) is apt to fall
back to opening new connections (slow) for every request under some
conditions. This happens if the socket filename is too large (108
characters, including path) - a kernel limitation.
Unfortunately, in cloud environments, auto-assigned VM hostnames tend to
be rather large to avoid clashes. Worse, in a CI environment, the default
home-directory path also tends to be lengthy for the same reason.
* Address this by sticking persistent-connection, background socket files
in '/tmp/cri-o' (avoid %d). Also remove the username (%r) designation,
since this will almost always be the same user anyway. The tradeoff
here is clashes between jobs against the same host (unlikely) and
weakened security on the control host (less important for CI jobs).
Signed-off-by: Chris Evich <cevich@redhat.com>
Simplify use of play-level tagging on three separate plays (with one
task). Instead, make them all the same play, and apply the tags at
the task level instead.
Signed-off-by: Chris Evich <cevich@redhat.com>
There are so many ways/places they can change values on the host from
one moment to the next. Yet as written, the value of ansible_env.GOPATH
is really only fixed at "fact gathering" time. In other words, the
environment variable can change (even during a play), but won't be
noticed until possibly much later. This can cause very strange things
to happen which aren't easy to debug.
Fix this by using established facts (variables), and continuously
establishing them as environment variables. This way, if/when a task
fails, the value of the environment will be present w/in the failure
message instead of obscrured by the shell.
Signed-off-by: Chris Evich <cevich@redhat.com>
It's a severe anti-pattern for a playbook to assume execution always
on a specific host. The normal/expected pattern is to execute from a
"control host", against an inventory of (possibly-remote) subjects.
This doesn't preclude the inventory from only ever containing
'localhost', it simply means the plays and tasks should not assume
the inventory contents.
This concept is one of the central design-pillars of Ansible's,
and tantamount to it's usefulness and flexibility. However, in
practice (and by ``integration/readme.md``), plays
specify ``- hosts: all`` but assume inventory_hostname == 'localhost'
(always).
Fix both the playbooks and ``readme.md`` to remove this anti-pattern,
while also allowing the control-host to be the subject-host as needed.
This is accomplished by ensuring low-level Ansible dependencies are
always installed, and writing tasks for steps previously performed
externally (in the CI/automation machinery).
Also update ``readme.md`` to recommend execution occurs through
the ``venv-ansible-playbook.sh`` wrapper to ensure consistent, stable,
version-locked execution dependencies on the control-host.
Remove ``remote_user: root`` from main, since this is better left
to the inventory and command-line.
Signed-off-by: Chris Evich <cevich@redhat.com>
Every now and again, a host will be in an initial state that prevents
installing new packages due to existing packages having some script or
obsoletes problem. Avoid this by first updating all packages, then
installing new ones.
Signed-off-by: Chris Evich <cevich@redhat.com>
Add a pair of variables to control whether or not SELinux
is enabled during particular tests. In all cases, make
sure it's re-enabled afterwards.
Signed-off-by: Chris Evich <cevich@redhat.com>
This puts back the better qualified Idempotent Swapping, but
adds two variables which control whether or not swapping is
enabled during testing. This addresses a short-term issue of
occasionally failing integration tests under some scenarios,
but not others.
The integration OOM-test isn't properly failing because
the cgroup memory control doesn't account for swap usage
(by design) in ``limit_in_bytes``.
Fixing this for the long-term requires repairing the
test to also set ``memory.memsw.limit_in_bytes=0``
(in addition to memory.limit_in_bytes=5m).
N/B: Normally these things are passed down from k8s,
which is why the same fix isn't currently needed
for the e2e tests - hence the new variable is ``True`` by
default.
Signed-off-by: Chris Evich <cevich@redhat.com>
Tests for kpod create and run were failing because the conmon
binary was being hardcoded. We added a --conmon global optioni
for kpod so we could pass in the conmon path from the helpers
file during tests
Signed-off-by: baude <bbaude@redhat.com>
Add the ability to run create a container with kpod. Also, be able to run
(create and start) a container. If the user asks for -it, be able to
attach a terminal to the container.
Signed-off-by: baude <bbaude@redhat.com>
