Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nuage_master] Adding module calls instead of command for idempotency. #3905

Merged
merged 2 commits into from
Aug 11, 2017
Merged

[nuage_master] Adding module calls instead of command for idempotency. #3905

merged 2 commits into from
Aug 11, 2017

Conversation

kwoodson
Copy link
Contributor

No description provided.

@kwoodson kwoodson self-assigned this Apr 10, 2017
@kwoodson
Copy link
Contributor Author

I'm unsure how to test these changes as I'm not familiar with nuage. Please test or let me know how so I can test. Thanks.

https://trello.com/c/ZPIwuaDr/373-2-idempotency-configure-role-user-permissions

@mtnbikenc mtnbikenc changed the title Adding module calls instead of command for idempotency. [nuage_master] Adding module calls instead of command for idempotency. Apr 11, 2017
@tbielawa
Copy link
Contributor

testing now

@mtnbikenc
Copy link
Member

Testing byo/config.yml with openshift_use_nuage=true

@kwoodson
Copy link
Contributor Author

@vishpat, would you remind reviewing/testing these changes?

@kwoodson
Copy link
Contributor Author

aos-ci-test

@openshift-bot
Copy link

error: aos-ci-jenkins/OS_3.6_containerized for 098581f (logs)

@openshift-bot
Copy link

success: "aos-ci-jenkins/OS_3.5_NOT_containerized, aos-ci-jenkins/OS_3.5_NOT_containerized_e2e_tests" for 098581f (logs)

@openshift-bot
Copy link

success: "aos-ci-jenkins/OS_3.5_containerized, aos-ci-jenkins/OS_3.5_containerized_e2e_tests" for 098581f (logs)

@openshift-bot
Copy link

success: "aos-ci-jenkins/OS_3.6_NOT_containerized, aos-ci-jenkins/OS_3.6_NOT_containerized_e2e_tests" for 098581f (logs)

@mtnbikenc
Copy link
Member

Testing nuage has turned out to be a bit more complicated. I'll try to get this tested tomorrow.

@mtnbikenc
Copy link
Member

@sdodson after reviewing the docs for Nuage, I'm not sure where to find RPMs for running the install. Ideas on where I could find those, or is there a contact for someone more familiar with testing this component?

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/installation_and_configuration/install-config-configuring-nuage-sdn

@sdodson
Copy link
Member

sdodson commented Apr 17, 2017

@mtnbikenc @kwoodson -- @vishpat would know best. I'm fine with leaving this open until they're able to test.

ingvagabund
ingvagabund reviewed Apr 18, 2017
View reviewed changes
roles/nuage_master/tasks/serviceaccount.yml Outdated
command: >
{{ openshift.common.client_binary }} adm {{item}}
--config={{ nuage_tmp_conf }}
delegate_to: "{{ nuage_ca_master }}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe put this at the end of the Configure role/user permissions so it aligns with the remaining tasks.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can move it if it is aesthetically pleasing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker, just a nit.

roles/nuage_master/tasks/serviceaccount.yml Outdated
namespace: default
resource_name: "{{ item.resource_name }}"
resource_kind: "{{ item.resource_kind }}"
user: "{{ item.user }}"
with_items: "{{nuage_tasks}}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/"{{nuage_tasks}}"/"{{ nuage_tasks }}"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can change this but was not in my original PR.

roles/nuage_master/vars/main.yaml
@@ -23,4 +23,6 @@ nuage_master_crt_dir: /usr/share/nuage-openshift-monitor
nuage_service_account: system:serviceaccount:default:nuage

nuage_tasks:
- policy add-cluster-role-to-user cluster-reader {{ nuage_service_account }}
- resource_kind: cluster-role
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Valid value based on [1]:

  resource_kind:
    description:
    - The kind of policy to affect
    required: true
    default: None
    choices: ["role", "cluster-role", "scc"]
    aliases: []

[1] https://github.com/openshift/openshift-ansible/blob/master/roles/lib_openshift/src/doc/policy_user

mtnbikenc
mtnbikenc approved these changes Aug 11, 2017
View reviewed changes
Copy link
Member

@mtnbikenc mtnbikenc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These changes look good, however, we are unable to test effectively. I think we should move forward with this PR to standardize to oc_ module usage since we've already tested this functionality with other roles.

@kwoodson
Copy link
Contributor Author

@sdodson, what do you think about merging this so we don't lose the effort? Do the tests run against nuage?

@sdodson sdodson merged commit 57d7984 into openshift:master Aug 11, 2017
@kwoodson kwoodson deleted the nuage_idempotency branch September 18, 2017 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ingvagabund ingvagabund ingvagabund left review comments

@mtnbikenc mtnbikenc mtnbikenc approved these changes

@tbielawa tbielawa Awaiting requested review from tbielawa

Assignees

@kwoodson kwoodson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kwoodson @tbielawa @mtnbikenc @openshift-bot @sdodson @ingvagabund