From bd082acd3a7b707c2f2d445ee66f3e2358157cd8 Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Fri, 21 Mar 2025 16:53:12 +0100 Subject: [PATCH 1/4] Add verification steps that look at OpenStackControlPlane CR status --- .../modules/proc_adopting-the-identity-service.adoc | 8 ++++++++ .../modules/proc_deploying-backend-services.adoc | 9 ++++++++- tests/roles/backend_services/tasks/main.yaml | 11 +++++++++++ tests/roles/keystone_adoption/tasks/main.yaml | 11 +++++++++++ 4 files changed, 38 insertions(+), 1 deletion(-) diff --git a/docs_user/modules/proc_adopting-the-identity-service.adoc b/docs_user/modules/proc_adopting-the-identity-service.adoc index b305f4128..2749b92d8 100644 --- a/docs_user/modules/proc_adopting-the-identity-service.adoc +++ b/docs_user/modules/proc_adopting-the-identity-service.adoc @@ -72,6 +72,14 @@ done .Verification +. Verify that the setup of the `OpenStackControlPlane` CR is now complete: ++ +---- +$ oc get OpenStackControlPlane openstack +NAME STATUS MESSAGE +openstack True Setup complete +---- + . Verify that you can access the `OpenStackClient` pod. For more information, see link:{defaultURL}/maintaining_the_red_hat_openstack_services_on_openshift_deployment/assembly_accessing-the-rhoso-cloud#proc_accessing-the-OpenStackClient-pod_cloud-access-admin[Accessing the OpenStackClient pod] in _Maintaining the {rhos_long_noacro} deployment_. . Confirm that the {identity_service} endpoints are defined and are pointing to the control plane FQDNs: diff --git a/docs_user/modules/proc_deploying-backend-services.adoc b/docs_user/modules/proc_deploying-backend-services.adoc index de56bf577..43248e0ce 100644 --- a/docs_user/modules/proc_deploying-backend-services.adoc +++ b/docs_user/modules/proc_deploying-backend-services.adoc @@ -429,4 +429,11 @@ done + The given cells names are later referred to by using the environment variable `RENAMED_CELLS`. -* Verify that you can access the `OpenStackClient` pod. For more information, see link:{defaultURL}/maintaining_the_red_hat_openstack_services_on_openshift_deployment/assembly_accessing-the-rhoso-cloud#proc_accessing-the-OpenStackClient-pod_cloud-access-admin[Accessing the OpenStackClient pod] in _Maintaining the {rhos_long_noacro} deployment_. +* Verify that the `OpenStackControlPlane` CR is waiting for deployment + of the `openstackclient` pod: ++ +---- +$ oc get OpenStackControlPlane openstack +NAME STATUS MESSAGE +openstack Unknown OpenStackControlPlane Client not started +---- diff --git a/tests/roles/backend_services/tasks/main.yaml b/tests/roles/backend_services/tasks/main.yaml index d1010f602..d6c12e684 100644 --- a/tests/roles/backend_services/tasks/main.yaml +++ b/tests/roles/backend_services/tasks/main.yaml @@ -151,3 +151,14 @@ -p='[{"op": "replace", "path": "/spec/rabbitmq/templates/rabbitmq-cell1/resources/requests/cpu", "value": 500m}]' oc patch ${crname} --type json \ -p='[{"op": "replace", "path": "/spec/rabbitmq/templates/rabbitmq-cell1/resources/requests/memory", "value": 500Mi}]' + +- name: Verify that OpenStackControlPlane is waiting for openstackclient + ansible.builtin.shell: | + {{ shell_header }} + {{ oc_header }} + + oc get openstackcontrolplane openstack -o jsonpath='{.status.conditions[?(@.type=="Ready")].message}{"\n"}' | grep 'OpenStackControlPlane Client not started' + register: openstack_control_plane_cr_result + until: openstack_control_plane_cr_result is success + retries: 60 + delay: 2 diff --git a/tests/roles/keystone_adoption/tasks/main.yaml b/tests/roles/keystone_adoption/tasks/main.yaml index 9d0b81cb5..f96ee866e 100644 --- a/tests/roles/keystone_adoption/tasks/main.yaml +++ b/tests/roles/keystone_adoption/tasks/main.yaml @@ -56,6 +56,17 @@ retries: 60 delay: 2 +- name: verify that OpenStackControlPlane setup is complete + ansible.builtin.shell: | + {{ shell_header }} + {{ oc_header }} + + oc get openstackcontrolplane openstack -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}{"\n"}' | grep True + register: openstack_control_plane_cr_result + until: openstack_control_plane_cr_result is success + retries: 60 + delay: 2 + - name: clean up services and endpoints ansible.builtin.shell: | {{ shell_header }} From fbb10ac91568f3d215d2bc16730b6e681684405f Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Fri, 21 Mar 2025 16:54:44 +0100 Subject: [PATCH 2/4] Use MariaDB/Rabbit verification commands that will make issues visible The previous version with '| grep Running' may be useful in tests to force a non-zero return code and abort a block of code, but in docs the grepping will hide anything that is not "Running", so we actually do not see if there are any issues. Therefore in the docs the 'grep' is now removed and the admin is told to check if all status commands print "Running". --- .../modules/proc_deploying-backend-services.adoc | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs_user/modules/proc_deploying-backend-services.adoc b/docs_user/modules/proc_deploying-backend-services.adoc index 43248e0ce..7bf3be7f1 100644 --- a/docs_user/modules/proc_deploying-backend-services.adoc +++ b/docs_user/modules/proc_deploying-backend-services.adoc @@ -415,16 +415,17 @@ spec: .Verification -* Verify that MariaDB and RabbitMQ are running for all defined cells: +* Verify that the MariaDB and RabbitMQ status is `Running` for all defined cells: + +[source,yaml] ---- $ RENAMED_CELLS="cell1 cell2 cell3" -$ oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}' | grep Running -$ oc get pod rabbitmq-server-0 -o jsonpath='{.status.phase}{"\n"}' | grep Running +$ oc get pod openstack-galera-0 -o jsonpath='{.status.phase}{"\n"}' +$ oc get pod rabbitmq-server-0 -o jsonpath='{.status.phase}{"\n"}' $ for CELL in $(echo $RENAMED_CELLS); do - oc get pod openstack-$CELL-galera-0 -o jsonpath='{.status.phase}{"\n"}' | grep Running - oc get pod rabbitmq-$CELL-server-0 -o jsonpath='{.status.phase}{"\n"}' | grep Running -done +> oc get pod openstack-$CELL-galera-0 -o jsonpath='{.status.phase}{"\n"}' +> oc get pod rabbitmq-$CELL-server-0 -o jsonpath='{.status.phase}{"\n"}' +> done ---- + The given cells names are later referred to by using the environment variable `RENAMED_CELLS`. From 0f95f56bb5d1c10a22fc0340ec9d2e969dc1095b Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Wed, 9 Apr 2025 17:49:13 +0200 Subject: [PATCH 3/4] Use oc wait for checking that OpenStackControlPlane is Ready --- .../proc_adopting-the-identity-service.adoc | 14 ++++++-------- tests/roles/keystone_adoption/tasks/main.yaml | 7 +------ 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/docs_user/modules/proc_adopting-the-identity-service.adoc b/docs_user/modules/proc_adopting-the-identity-service.adoc index 2749b92d8..8af680c42 100644 --- a/docs_user/modules/proc_adopting-the-identity-service.adoc +++ b/docs_user/modules/proc_adopting-the-identity-service.adoc @@ -72,14 +72,6 @@ done .Verification -. Verify that the setup of the `OpenStackControlPlane` CR is now complete: -+ ----- -$ oc get OpenStackControlPlane openstack -NAME STATUS MESSAGE -openstack True Setup complete ----- - . Verify that you can access the `OpenStackClient` pod. For more information, see link:{defaultURL}/maintaining_the_red_hat_openstack_services_on_openshift_deployment/assembly_accessing-the-rhoso-cloud#proc_accessing-the-OpenStackClient-pod_cloud-access-admin[Accessing the OpenStackClient pod] in _Maintaining the {rhos_long_noacro} deployment_. . Confirm that the {identity_service} endpoints are defined and are pointing to the control plane FQDNs: @@ -87,3 +79,9 @@ openstack True Setup complete ---- $ openstack endpoint list | grep keystone ---- + +. Wait for the `OpenStackControlPlane` resource to become `Ready`: ++ +---- +$ oc wait --for=condition=Ready --timeout=1m OpenStackControlPlane openstack +---- diff --git a/tests/roles/keystone_adoption/tasks/main.yaml b/tests/roles/keystone_adoption/tasks/main.yaml index f96ee866e..665701968 100644 --- a/tests/roles/keystone_adoption/tasks/main.yaml +++ b/tests/roles/keystone_adoption/tasks/main.yaml @@ -60,12 +60,7 @@ ansible.builtin.shell: | {{ shell_header }} {{ oc_header }} - - oc get openstackcontrolplane openstack -o jsonpath='{.status.conditions[?(@.type=="Ready")].status}{"\n"}' | grep True - register: openstack_control_plane_cr_result - until: openstack_control_plane_cr_result is success - retries: 60 - delay: 2 + oc wait --for=condition=Ready --timeout=1m OpenStackControlPlane openstack - name: clean up services and endpoints ansible.builtin.shell: | From 7d969346d78f05ca72cec30f50edfa2b6a460b23 Mon Sep 17 00:00:00 2001 From: Jiri Stransky Date: Thu, 10 Apr 2025 11:23:54 +0200 Subject: [PATCH 4/4] Use Galera service name in 'deploying backend services' doc --- docs_user/modules/proc_deploying-backend-services.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs_user/modules/proc_deploying-backend-services.adoc b/docs_user/modules/proc_deploying-backend-services.adoc index 7bf3be7f1..39756e360 100644 --- a/docs_user/modules/proc_deploying-backend-services.adoc +++ b/docs_user/modules/proc_deploying-backend-services.adoc @@ -26,7 +26,7 @@ endif::[] * If you enabled TLS everywhere (TLS-e) on the {OpenStackShort} environment, you must copy the `tls` root CA from the {OpenStackShort} environment to the `rootca-internal` issuer. -* There are free PVs available for MariaDB and RabbitMQ. +* There are free PVs available for Galera and RabbitMQ. ifeval::["{build}" != "downstream"] + For developer/CI environments driven by install_yamls, make sure @@ -415,7 +415,7 @@ spec: .Verification -* Verify that the MariaDB and RabbitMQ status is `Running` for all defined cells: +* Verify that the Galera and RabbitMQ status is `Running` for all defined cells: + [source,yaml] ----