adding ansible playbook pieces

Signed-off-by: greg pereira <grpereir@redhat.com>
redhat-et · Jun 13, 2024 · 531028d · 531028d
1 parent 9e16418
commit 531028d
Show file tree

Hide file tree

Showing 3 changed files with 165 additions and 9 deletions.
diff --git a/.github/workflows/ai-lab-remote-rhel-build.yaml b/.github/workflows/ai-lab-remote-rhel-build.yaml
@@ -18,10 +18,17 @@ env:
   TF_VAR_rh_access: ${{ secrets.RH_ACCESS }}
   TF_VAR_rh_org: ${{ secrets.RH_ORG }}
   TF_VAR_ami_id: ${{ secrets.AMI_ID }}
+  REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+  REGISTRY_PASS: ${{ secrets.REGISTRY_PASS }}
+  SUBMAN_USER: ${{ secrets.SUBMAN_USER }}
+  SUBMAN_PASS: ${{ secrets.SUBMAN_PASS }}
 
 jobs:
-  ai-lab-podman-remote:
+  rhel9-milvus:
     runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      max-parallel: 1
     steps:
         - name: Setup Terraform
           uses: hashicorp/setup-terraform@v3.1.1
@@ -39,19 +46,49 @@ jobs:
 
         - name: Terraform Apply
           run: terraform apply -auto-approve
+
+        - name: Set up Python
+          uses: actions/setup-python@v5.1.0
+          with:
+            python-version: '3.11'
 
-        - name: Terraform Output
-          id: terraform-output
+        - name: Install Ansible
           run: |
-            echo "id=$(terraform output id | xargs)" >> $GITHUB_OUTPUT
-            echo "url=$(terraform output host | xargs)" >> $GITHUB_OUTPUT
-            echo "ssh_public_key=$(terraform output ssh_public_key | xargs)" >> $GITHUB_OUTPUT
-            echo "pem_filename=$(terraform output pem_filename | xargs)" >> $GITHUB_OUTPUT
+            python3 -m pip install --upgrade pip
+            pip install ansible
+
+        - name: Ansible Collections
+          working-directory: build/ci/rhel-ansible
+          run: ansible-galaxy install -r requirements.yaml
 
-        - name: Install podman remote
+        - name: Install jq and build inventory
+          working-directory: build/ci/rhel-ansible
           run: |
-            sudo apt-get install -y podman podman-remote
             sudo apt-get install -y jq
+            PUBLIC_IP=$(terraform output -json | jq -r '.public_ip.value')
+            echo "[test_environment]" > inventory.ini
+            echo "$PUBLIC_IP" >> inventory.ini
+            cat inventory.ini
+
+        - name: Setup tmate session
+          uses: mxschmitt/action-tmate@v3.18
+          timeout-minutes: 10
+          with:
+            detached: false
+            limit-access-to-actor: true
+
+        - name: Provision
+          working-directory: build/ci/rhel-ansible
+          run: |
+            ansible-playbook playbook.yaml \
+              -i inventory.ini \
+              --extra-vars "image_name=${{ matrix.image_name }}" \
+              --extra-vars "ssh_public_key='${{ steps.terraform-output.outputs.ssh_public_key }}'" \
+              --extra-vars "registry_user=${{ secrets.REGISTRY_USER }}" \
+              --extra-vars "registry_pass=${{ secrets.REGISTRY_PASS }}" \
+              --extra-vars "subman_user=${{ secrets.SUBMAN_USER }} \
+              --extra-vars "subman_pass=${{ secrets.SUBMAN_PASS }}
+
 
         - name: Terraform Destroy
           if: always()

diff --git a/build/ci/rhel-ansible/playbook.yaml b/build/ci/rhel-ansible/playbook.yaml
@@ -0,0 +1,116 @@
+---
+- name: Test Environment Provisioning
+  hosts: test_environments
+  remote_user: ec2-user
+  become: true
+  gather_facts: false
+
+  tasks:
+
+  - name: Wait until the instance is ready
+    ansible.builtin.wait_for_connection:
+    delay: 15
+    timeout: 180
+
+  - name: Gather facts for first time
+    ansible.builtin.setup:
+
+  - name: Required packages
+    ansible.builtin.dnf:
+      name:
+      - docker
+      state: present
+      disable_gpg_check: true
+
+  - name: Derived Image Containerfile
+    ansible.builtin.template:
+      src: ./templates/Containerfile.j2
+      dest: /tmp/Containerfile
+
+  - name: Login to default registry
+    containers.podman.podman_login:
+      username: "{{ registry_user }}"
+      password: "{{ registry_password }}"
+      registry: quay.io
+      authfile: /etc/containers/auth.json
+
+  - name: Pull the Parent Image
+    async: 1000
+    poll: 0
+    register: pull_result
+    ansible.builtin.shell: |
+      podman pull "quay.io/ai-lab/{{ image_name }}:latest" \
+        --authfile=/etc/containers/auth.json \
+        --arch amd64
+
+        # --retry=3 \
+        # --retry-delay=15 \
+
+  - name: Check on Pulling the parent image
+    async_status:
+      jid: "{{ pull_result.ansible_job_id }}"
+    register: job_result
+    until: job_result.finished
+    retries: 100
+    delay: 10
+
+  - name: Build the Bootc Image
+    async: 1000
+    poll: 0
+    register: build_result
+    ansible.builtin.shell: |
+      podman build . \
+        -f /tmp/Containerfile \
+        -t quay.io/ai-lab/derived_image:latest \
+        --build-arg "sshpubkey={{ ssh_public_key }}" \
+        --authfile=/etc/containers/auth.json \
+        --pull=never > /tmp/build.log 2>&1
+
+        # --retry=5 \
+        # --retry-delay=15
+
+  - name: Check on Build Bootc Image
+    async_status:
+      jid: "{{ build_result.ansible_job_id }}"
+    register: job_result
+    until: job_result.finished
+    retries: 100
+    delay: 10
+
+  - name: Install the Bootc Image
+    async: 1000
+    poll: 0
+    register: install_result
+    ansible.builtin.shell: |
+      podman run \
+        --authfile=/etc/containers/auth.json \
+        --privileged \
+        --pid=host \
+        --pull=never \
+        --rm \
+        --security-opt label=type:unconfined_t \
+        -v /:/target \
+        -v /var/lib/containers:/var/lib/containers quay.io/ai-lab/derived_image:latest \
+        bootc install to-existing-root --karg=console=ttyS0,115200n8 --karg=systemd.journald.forward_to_console=1
+
+        # --retry=5 \
+        # --retry-delay=15 \
+
+  - name: Check on Install Bootc Image
+    async_status:
+      jid: "{{ install_result.ansible_job_id }}"
+    register: job_result
+    until: job_result.finished
+    retries: 100
+    delay: 10
+
+  - name: Remove the host from the known_host file
+    ansible.builtin.known_hosts:
+      name: "{{ inventory_hostname }}"
+      state: absent
+    delegate_to: localhost
+
+  - name: Reboot
+    ansible.builtin.shell: systemctl reboot
+    ignore_errors: true
+    ignore_unreachable: true
diff --git a/build/ci/rhel-ansible/requirements.yaml b/build/ci/rhel-ansible/requirements.yaml
@@ -0,0 +1,3 @@
+---
+collections:
+  - name: community.docker