zuul/zuul-jobs
Code Issues Proposed changes

Simplify testing of some upload roles

Browse Source 
These two roles no longer need the delegation variable used in
testing, so it is removed.  Role execution now happens on the
executor.

Since the remote servers are still on the worker node, we open
the firewall on the remote node in both cases.

In the artifactory role, the ensure-docker role is moved to a
"roles" section for simplicity.  Additionally, one of the
artifactory API calls is wrapped in retries as a precaution
since I saw that fail in local testing.

Change-Id: Ia4409edc217e1935775a5aece2e7d9bcfd935762
This commit is contained in:
James E. Blair
2025-08-28 13:33:05 -07:00
parent 251693f4a8
commit 15828c7a85
4 changed files with 35 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/upload-artifactory/tasks/upload.yaml
View File

@@ -5,18 +5,16 @@
- name: Make sure artifact exists on the executor
stat:
path: "{{ _undocumented_test_work_dir_ | default(zuul.executor.work_root) }}\
/artifacts/{{ zj_artifact.src }}"
path: "{{ zuul.executor.work_root }}/artifacts/{{ zj_artifact.src }}"
register: artifact
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
delegate_to: "localhost"
failed_when: not artifact.stat.exists
- name: Get sha256 checksum
stat:
path: "{{ _undocumented_test_work_dir_ | default(zuul.executor.work_root) }}\
/artifacts/{{ zj_artifact.src }}"
path: "{{ zuul.executor.work_root }}/artifacts/{{ zj_artifact.src }}"
checksum_algorithm: sha256
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
delegate_to: "localhost"
register: artifact_sha256_checksum
- name: Set request header fact
@@ -82,15 +80,14 @@
user: "{{ upload_artifactory_instances[zj_artifact.instance].user }}"
password: "{{ _artifactory_password | default(omit) }}"
url: "{{ _artifactory_upload_url }}"
src: "{{ _undocumented_test_work_dir_ | default(zuul.executor.work_root) }}/\
artifacts/{{ zj_artifact.src }}"
src: "{{ zuul.executor.work_root }}/artifacts/{{ zj_artifact.src }}"
headers: "{{ request_header }}"
status_code: 201
method: PUT
force_basic_auth: "{{ upload_artifactory_instances[zj_artifact.instance].force_basic_auth |
default(false) | bool }}"
remote_src: yes # To not unecessarily copy artifact to a tempfile
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
delegate_to: "localhost"
- name: Add artifact link to build page
zuul_return:

4
roles/upload-logs-s3/tasks/main.yaml
View File

@@ -15,14 +15,14 @@
msg: "log_root {{ zuul.executor.log_root }}"
- name: Ensure logs are readable before uploading
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
delegate_to: "localhost"
command: "chmod -R u=rwX,g=rX,o=rX {{ zuul.executor.log_root }}/"
# ANSIBLE0007 chmod used in place of argument mode to file
tags:
- skip_ansible_lint
- name: Upload logs to S3
delegate_to: "{{ _undocumented_test_worker_node_ | default('localhost') }}"
delegate_to: "localhost"
no_log: true
zuul_s3_upload:
endpoint: "{{ upload_logs_s3_endpoint | default(omit) }}"

37
test-playbooks/artifactory/run.yaml
View File

@@ -1,9 +1,8 @@
- hosts: all
roles:
- clear-firewall
- ensure-docker
tasks:
- name: Ensure docker is installed
include_role:
name: ensure-docker
- name: Start artifactory in a container
command: >-
docker run -d
@@ -33,6 +32,9 @@
type: generic
headers:
Content-Type: application/yaml
until: artifactory_status.status == 200
retries: 12
delay: 20
- name: Create an api key for the admin user
uri:
@@ -49,36 +51,35 @@
cacheable: true
upload_artifactory_instances:
localhost_password:
fqdn: localhost:8081
fqdn: "{{ ansible_host }}:8081"
transport: http
user: admin
password: password
force_basic_auth: true
localhost_api_key:
fqdn: localhost:8081
fqdn: "{{ ansible_host }}:8081"
transport: http
user: admin
api_key: "{{ (artifactory_api_key.content | from_json)['apiKey'] }}"
localhost_properties:
fqdn: localhost:8081
fqdn: "{{ ansible_host }}:8081"
transport: http
user: admin
api_key: "{{ (artifactory_api_key.content | from_json)['apiKey'] }}"
- hosts: all
vars:
# Since we're testing a role that normally requires a
# trusted context flip the delegate_to so we execute on the
# remote instead. Also set the working directory to something
# that is known to exist on the remote.
_undocumented_test_worker_node_: "{{ inventory_hostname }}"
_undocumented_test_work_dir_: "{{ ansible_user_dir }}/zuul-output"
pre_tasks:
- name: Create artifacts directory
delegate_to: "localhost"
file:
path: "{{ zuul.executor.work_root }}/artifacts"
state: directory
- name: Write a file with some content to artifacts directory
delegate_to: "localhost"
copy:
content: |
First file
dest: "{{ ansible_user_dir }}/zuul-output/artifacts/test-file.txt"
dest: "{{ zuul.executor.work_root }}/artifacts/test-file.txt"
- name: Set upload_artifactory_manifest_basic fact
set_fact:
upload_artifactory_manifest:
@@ -111,11 +112,11 @@
set_fact:
expected_artifacts:
- name: test-properties.txt
url: http://localhost:8081/artifactory/generic-repository/path/to/dest/test-properties.txt
url: "http://{{ ansible_host }}:8081/artifactory/generic-repository/path/to/dest/test-properties.txt"
- name: test-api-key.txt
url: http://localhost:8081/artifactory/generic-repository/path/to/dest/test-api-key.txt
url: "http://{{ ansible_host }}:8081/artifactory/generic-repository/path/to/dest/test-api-key.txt"
- name: test-password.txt
url: http://localhost:8081/artifactory/generic-repository/path/to/dest/test-password.txt
url: "http://{{ ansible_host }}:8081/artifactory/generic-repository/path/to/dest/test-password.txt"
- name: Assert artifact
assert:
that:

25
test-playbooks/upload-logs-s3.yaml
View File

@@ -4,8 +4,8 @@
zuul_log_aws_secret_key: minioadmin
zuul_log_bucket: zuul
test_content: "123abc"
_undocumented_test_worker_node_: "{{ inventory_hostname }}"
roles:
- clear-firewall
- ensure-docker
- ensure-pip
tasks:
@@ -31,38 +31,29 @@
aws_access_key: "{{ zuul_log_aws_access_key }}"
aws_secret_key: "{{ zuul_log_aws_secret_key }}"
- name: Create Logdir
become: true
file:
state: directory
path: "{{ zuul.executor.log_root }}"
mode: "0755"
group: "zuul"
owner: "zuul"
register: fake_zuul_logdir
- name: Add content to tempfile
delegate_to: localhost
copy:
content: "{{ test_content }}"
dest: "{{ fake_zuul_logdir.path }}/testfile"
dest: "{{ zuul.executor.log_root }}/testfile"
- name: Upload file to s3
include_role:
name: upload-logs-s3
vars:
upload_logs_s3_endpoint: 'http://localhost:9000'
upload_logs_s3_endpoint: 'http://{{ ansible_host }}:9000'
- name: Download mc
get_url:
url: https://dl.min.io/client/mc/release/linux-amd64/mc
dest: "{{ fake_zuul_logdir.path }}/mc"
dest: "{{ ansible_user_dir }}/mc"
mode: 0755
- name: Add localhost minio host
command: "{{ fake_zuul_logdir.path }}/mc alias set local http://localhost:9000 {{ zuul_log_aws_access_key }} {{ zuul_log_aws_secret_key }}"
command: "{{ ansible_user_dir }}/mc alias set local http://localhost:9000 {{ zuul_log_aws_access_key }} {{ zuul_log_aws_secret_key }}"
- name: List files in minio bucket
command: "{{ fake_zuul_logdir.path }}/mc find local/zuul"
command: "{{ ansible_user_dir }}/mc find local/zuul"
- name: Check for testfile in minio bucket
command: "{{ fake_zuul_logdir.path }}/mc find local/zuul/{{ zuul_log_path }}/testfile"
command: "{{ ansible_user_dir }}/mc find local/zuul/{{ zuul_log_path }}/testfile"