Skip to content

Support CPMS test role in shiftstack-qa automation #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tusharjadhav3302 wants to merge 14 commits into
base: main
Choose a base branch
from
Open

Support CPMS test role in shiftstack-qa automation #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
921e734
Increase verification pod health check timeout for OCP 4.22+
tusharjadhav3302 May 28, 2026
3a815f9
Add CPMS e2e test stage role and cpms_replace_attrs day2ops procedure
tusharjadhav3302 May 20, 2026
34cd493
Simplify cpms_test role to use shared prepare/post tasks and remove b…
tusharjadhav3302 May 20, 2026
e8657d9
Address review: remove cpms_test from Jenkins job and drop redundant …
tusharjadhav3302 May 25, 2026
cce04e6
Move post-processing outside block/rescue so results are reported eve…
tusharjadhav3302 May 28, 2026
da7c3df
Fix Jinja2 operator precedence in when condition for JUnit file check
tusharjadhav3302 Jun 4, 2026
581c970
Increase ShiftStack master RAM to 24GB to reduce bootstrap timeout race
tusharjadhav3302 Jun 17, 2026
bda356e
Use oc adm release extract --tools instead of unreliable file-cache f…
tusharjadhav3302 Jun 18, 2026
7756aed
Add pull secret extraction fallback and diagnostics for CI debugging
tusharjadhav3302 Jun 22, 2026
35985b8
Use curl + kubeconfig certs for pull secret and bootstrap oc from mir…
tusharjadhav3302 Jun 23, 2026
6c996c3
Fix pull secret extraction to use shell heredoc instead of script module
tusharjadhav3302 Jun 23, 2026
8548bec
Use tempfile for certs, add auth type check, skip bootstrap if oc exi…
tusharjadhav3302 Jun 25, 2026
ce47c49
Merge branch 'use-oc-adm-release-extract-for-binaries' into support_c…
tusharjadhav3302 Jun 25, 2026
c18853c
Merge branch 'increase-verification-pod-check-timeout-tj' into suppor…
tusharjadhav3302 Jun 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions collection/stages/roles/cpms_test/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
# defaults file for cpms_test
cpms_test_name: cluster-control-plane-machine-set-operator
cpms_test_dir: "{{ artifacts_dir }}/{{ cpms_test_name }}"
cpms_test_results_dir: "{{ artifacts_dir }}/cpms_test-results"
cpms_test_testsuite_name: cpms
cpms_tests_go_version: "{{ tests.default_go_version_target }}"
cpms_test_junit_filename: junit_control_plane_machine_set_operator.xml
3 changes: 3 additions & 0 deletions collection/stages/roles/cpms_test/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
collections:
- shiftstack.tools
25 changes: 25 additions & 0 deletions collection/stages/roles/cpms_test/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
# tasks file for cpms_test
- name: Prepare CPMS test
ansible.builtin.include_role:
name: tools_openshift_tests
tasks_from: prepare_openshift_tests.yml
vars:
repo_name: "{{ cpms_test_name }}"
results_dir: "{{ cpms_test_results_dir }}"
go_version_target: "{{ cpms_tests_go_version }}"

- name: Run CPMS e2e-presubmit tests
ansible.builtin.include_tasks: run_cpms_test.yml
vars:
cpms_tests_type: e2e-presubmit

- name: Run CPMS e2e-periodic tests
ansible.builtin.include_tasks: run_cpms_test.yml
vars:
cpms_tests_type: e2e-periodic

- name: Remove the source directory after tests complete
ansible.builtin.file:
path: "{{ cpms_test_dir }}"
state: absent
59 changes: 59 additions & 0 deletions collection/stages/roles/cpms_test/tasks/run_cpms_test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
- name: Set result paths for {{ cpms_tests_type }}
ansible.builtin.set_fact:
cpms_results_subdir: "{{ cpms_test_results_dir }}/{{ cpms_tests_type }}"

- name: Create results directory for {{ cpms_tests_type }}
ansible.builtin.file:
path: "{{ cpms_results_subdir }}"
state: directory
mode: u=rwx,g=rw,o=r

- name: Run {{ cpms_test_name }} {{ cpms_tests_type }} tests
block:
- name: Run make {{ cpms_tests_type }}
ansible.builtin.shell: |
source {{ home_dir }}/.bashrc
make {{ cpms_tests_type }}
args:
chdir: "{{ cpms_test_dir }}"
environment:
KUBECONFIG: "{{ kubeconfig }}"
OS_CLOUD: "{{ user_cloud }}"
OPENSHIFT_CI: "true"
ARTIFACT_DIR: "{{ cpms_results_subdir }}"
changed_when: true

rescue:
- name: Mark the CPMS {{ cpms_tests_type }} tests as UNSTABLE
ansible.builtin.include_role:
name: tools_stage_results
tasks_from: mark_stage_unstable.yml
vars:
unstable_msg: >-
The {{ cpms_test_name }} {{ cpms_tests_type }} test suite failed.

- name: Run must-gather
ansible.builtin.include_role:
name: tools_must-gather
vars:
must_gather_suffix: "cpms-{{ cpms_tests_type }}"

- name: Rename JUnit XML to match expected prefix
ansible.builtin.copy:
src: "{{ cpms_results_subdir }}/{{ cpms_test_junit_filename }}"
dest: "{{ cpms_results_subdir }}/junit_e2e_{{ cpms_tests_type }}.xml"
remote_src: yes
mode: u=rw,g=rw,o=r
when: (cpms_results_subdir + '/' + cpms_test_junit_filename) is file

@imatza-rh imatza-rh Jun 25, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The is file Jinja2 test evaluates on the Ansible controller, not the remote host where the test ran. The codebase uses ansible.builtin.stat for remote file checks (e.g., prepare_rhcos_image.yml:47). This works today because deploy_installer_host: false (controller = target), but would silently skip post-processing on environments with a remote installer host.

Consider:

- name: Check if JUnit file exists
  ansible.builtin.stat:
    path: "{{ cpms_results_subdir }}/{{ cpms_test_junit_filename }}"
  register: _cpms_junit_file

Then use when: _cpms_junit_file.stat.exists below.


- name: Post openshift-test
ansible.builtin.include_role:
name: tools_openshift_tests
tasks_from: post_openshift_tests.yml
vars:
testsuite_name: "{{ cpms_test_testsuite_name }}_{{ cpms_tests_type }}"
key_for_filtering_results: "cpms"
test_name: "{{ cpms_test_name }}-{{ cpms_tests_type }}"
results_dir: "{{ cpms_results_subdir }}"
when: (cpms_results_subdir + '/' + cpms_test_junit_filename) is file

@imatza-rh imatza-rh Jun 25, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same is file concern as line 48 - would use the same _cpms_junit_file.stat.exists check.

217 changes: 217 additions & 0 deletions collection/stages/roles/day2ops/tasks/procedures/cpms_replace_attrs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,217 @@
---
# Procedure that updates the CPMS object by adding a fake extra network/subnet and SG to the
# masters and replacing failureDomain params on master-0 to have the same attributes as master-1.
# After reconciliation, master-0 and master-1 will have same nova AZ, cinderAZ, and volumeType.
- name: Set log directory for cpms_replace_attrs procedure
ansible.builtin.set_fact:
cpms_log_directory: "{{ artifacts_dir }}/cpms_replace_attrs"

- name: Run cpms_replace_attrs procedure
block:
- name: Create {{ cpms_log_directory }} directory
ansible.builtin.file:
path: "{{ cpms_log_directory }}"
state: directory
mode: u=rwx,g=rw,o=r

- name: Set artifact paths
ansible.builtin.set_fact:
cpms_orig_path: "{{ cpms_log_directory }}/orig_cpms.yaml"
cpms_patch_to_apply_path: "{{ cpms_log_directory }}/cpms_patch_to_apply.yaml"
cpms_applied_path: "{{ cpms_log_directory }}/applied_cpms.yaml"
cpms_patch_to_restore_path: "{{ cpms_log_directory }}/cpms_patch_to_restore_NOTAPPLIED.yaml"

- name: Get original CPMS definition
kubernetes.core.k8s_info:
kubeconfig: "{{ kubeconfig }}"
api_version: machine.openshift.io/v1
kind: ControlPlaneMachineSet
namespace: openshift-machine-api
register: original_cpms

- name: Save the original CPMS definition
ansible.builtin.copy:
content: "{{ original_cpms.resources[0] | to_nice_yaml(indent=2) }}"
dest: "{{ cpms_orig_path }}"
mode: u=rw,g=rw,o=r

- name: Create network {{ cpms_replacements.network_name }}
openstack.cloud.network:
cloud: "{{ user_cloud }}"
name: "{{ cpms_replacements.network_name }}"
state: present
register: network_to_add

- name: Create subnet {{ cpms_replacements.subnet_name }}
openstack.cloud.subnet:
cloud: "{{ user_cloud }}"
name: "{{ cpms_replacements.subnet_name }}"
cidr: "{{ cpms_replacements.cidr }}"
network_name: "{{ cpms_replacements.network_name }}"
enable_dhcp: false
state: present

- name: Create security group {{ cpms_replacements.sg_name }}
openstack.cloud.security_group:
cloud: "{{ user_cloud }}"
name: "{{ cpms_replacements.sg_name }}"
state: present
register: sg_to_add

- name: Store original CPMS attributes that will be updated
ansible.builtin.set_fact:
orig_failuredomains: >-
{{ original_cpms.resources[0].spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack | list }}
orig_networks: >-
{{ original_cpms.resources[0].spec.template.machines_v1beta1_machine_openshift_io.spec.providerSpec.value.networks | list }}
orig_sgs: >-
{{ original_cpms.resources[0].spec.template.machines_v1beta1_machine_openshift_io.spec.providerSpec.value.securityGroups | list }}

- name: Create patch for CPMS
ansible.builtin.template:
src: control-plane-machine-set-patch.yaml.j2
dest: "{{ cpms_patch_to_apply_path }}"
mode: u=rw,g=rw,o=r
vars:
cpms_failuredomains: >-
{{ orig_failuredomains |
replace(orig_failuredomains[0].availabilityZone, orig_failuredomains[1].availabilityZone) |
replace(orig_failuredomains[0].rootVolume.availabilityZone, orig_failuredomains[1].rootVolume.availabilityZone) |
replace(orig_failuredomains[0].rootVolume.volumeType, orig_failuredomains[1].rootVolume.volumeType) }}
cpms_networks: "{{ orig_networks + [{'filter': {}, 'uuid': network_to_add.id}] }}"
cpms_sgs: "{{ orig_sgs + [{'filter': {}, 'name': cpms_replacements.sg_name}] }}"

- name: Apply patch for CPMS
kubernetes.core.k8s:
kubeconfig: "{{ kubeconfig }}"
state: present
apply: true
src: "{{ cpms_patch_to_apply_path }}"

- name: Wait for CPMS reconciliation to complete
ansible.builtin.include_role:
name: tools_cluster_checks
tasks_from: wait_cpms_updated.yml
vars:
wait_retries: 180
wait_delay: 60

- name: Check cluster health after CPMS patch application
block:
- name: Check the Control Plane MachineSet is healthy
ansible.builtin.include_role:
name: tools_cluster_checks
tasks_from: check_controlplane_machinesets.yml

- name: Wait until OCP cluster is healthy
ansible.builtin.include_role:
name: tools_cluster_checks
tasks_from: wait_until_cluster_is_healthy.yml

- name: Get resulting CPMS definition after application
kubernetes.core.k8s_info:
kubeconfig: "{{ kubeconfig }}"
api_version: machine.openshift.io/v1
kind: ControlPlaneMachineSet
namespace: openshift-machine-api
register: applied_cpms

- name: Save the resulting CPMS after application
ansible.builtin.copy:
content: "{{ applied_cpms.resources[0] | to_nice_yaml(indent=2) }}"
dest: "{{ cpms_applied_path }}"
mode: u=rw,g=rw,o=r

- name: Get all the master VMs after procedure
openstack.cloud.server_info:
cloud: "{{ user_cloud }}"
server: "*master*"
register: result

- name: Store the master VMs after procedure
ansible.builtin.set_fact:
master_after: "{{ result.servers | sort(attribute='name') | list }}"

- name: Get root volumes info
ansible.builtin.shell: >
openstack volume show {{ item }} -c type -c availability_zone -f shell
environment:
OS_CLOUD: "{{ user_cloud }}"
register: root_volumes_after
changed_when: false
with_items:
- "{{ master_after[0].volumes[0].id }}"
- "{{ master_after[1].volumes[0].id }}"
- "{{ master_after[2].volumes[0].id }}"

- name: Confirm that master VMs reflect FailureDomain changes after procedure
ansible.builtin.assert:
that:
- master_after | length == 3
- master_after | selectattr('location.zone', 'eq', expected_fd_az) | list | length == 2
- root_volumes_after.results | selectattr('stdout', 'eq',
'availability_zone="' + expected_fd_cinderaz + '"\ntype="' + expected_fd_volumeType + '"') | list | length == 2
vars:
expected_fd_az: "{{ orig_failuredomains[1].availabilityZone }}"
expected_fd_cinderaz: "{{ orig_failuredomains[1].rootVolume.availabilityZone }}"
expected_fd_volumeType: "{{ orig_failuredomains[1].rootVolume.volumeType }}"

- name: Confirm that the VMs include the added network and SG
ansible.builtin.assert:
that:
- cpms_replacements.network_name in item.addresses.keys()
- cpms_replacements.sg_name in item.security_groups | json_query('[*].name')
with_items: "{{ master_after }}"

always:
- name: Create restore patch for CPMS
ansible.builtin.template:
src: control-plane-machine-set-patch.yaml.j2
dest: "{{ cpms_patch_to_restore_path }}"
mode: u=rw,g=rw,o=r
vars:
cpms_failuredomains: "{{ orig_failuredomains }}"
cpms_networks: "{{ orig_networks }}"
cpms_sgs: "{{ orig_sgs }}"

- name: Apply restore patch for CPMS
kubernetes.core.k8s:
kubeconfig: "{{ kubeconfig }}"
state: present
apply: true
src: "{{ cpms_patch_to_restore_path }}"

- name: Wait for CPMS restore reconciliation to complete
ansible.builtin.include_role:
name: tools_cluster_checks
tasks_from: wait_cpms_updated.yml
vars:
wait_retries: 180
wait_delay: 60

- name: Check cluster health after restore
block:
- name: Check the Control Plane MachineSet is healthy
ansible.builtin.include_role:
name: tools_cluster_checks
tasks_from: check_controlplane_machinesets.yml

- name: Wait until OCP cluster is healthy
ansible.builtin.include_role:
name: tools_cluster_checks
tasks_from: wait_until_cluster_is_healthy.yml

- name: Clean up test OpenStack resources
block:
- name: Delete test network
openstack.cloud.network:
cloud: "{{ user_cloud }}"
name: "{{ cpms_replacements.network_name }}"
state: absent

- name: Delete test security group
openstack.cloud.security_group:
cloud: "{{ user_cloud }}"
name: "{{ cpms_replacements.sg_name }}"
state: absent
ignore_errors: true
19 changes: 19 additions & 0 deletions collection/stages/roles/day2ops/templates/control-plane-machine-set-patch.yaml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: machine.openshift.io/v1
metadata:
name: cluster
namespace: openshift-machine-api
kind: ControlPlaneMachineSet
spec:
template:
machines_v1beta1_machine_openshift_io:
failureDomains:
openstack:
{{cpms_failuredomains| to_nice_yaml| indent(8, false)}}
spec:
providerSpec:
value:
networks:
{{cpms_networks| to_nice_yaml| indent(12, false)}}
securityGroups:
{{cpms_sgs| to_nice_yaml| indent(12, false)}}
status: {}
4 changes: 2 additions & 2 deletions collection/stages/roles/verification/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@
name: tools_cluster_checks
tasks_from: check_pods.yml
vars:
wait_retries: 20
wait_delay: 10
wait_retries: 30
wait_delay: 30

- name: Check cluster alerts
ansible.builtin.include_role:
Expand Down
1 change: 0 additions & 1 deletion collection/tools/roles/tools_get_openshift_release/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,5 @@
# defaults file for tools_get_openshift_release
openshift_releasestream_url: "https://openshift-release.apps.ci.l2s4.p1.openshiftapps.com/api/v1/releasestream"
release_name: "{{ openshift_release_build_name | default('') }}"
openshift_download_url: "{{ 'https://openshift-release-artifacts.apps.ci.l2s4.p1.openshiftapps.com' + '/' + release_name }}"
openshift_mirror_url: "https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp"
ocp_build_info_file: "{{ controller_home_dir }}/latest_build.json"
Loading